最後更新: 2019-08-26
介紹
fully compatible with Office Open XML formats
enabling collaborative editing in real time
Edit: .docx, .xlsx, .pptx
HomePage: https://github.com/ONLYOFFICE/Docker-DocumentServer
System Requirement Specification
- RAM: 4 GB or more
- HDD: 20 GB of free space
-
Swap: at least 2 GB
原理
Document Server includes the
document editor
document editing service
document command service
document conversion service
The document manager and document storage service are either included to Community Server
or must be implemented by the software integrators
The client side includes:
Document manager - the list of the documents displayed in the user browser
Document editor - the document viewing and editing interface with all the most known document editing features available,
used as a medium between the user and the document editing service.
Document storage service - the server service which stores all the documents available to the users
The server side includes:
Document editing service
allows to perform the document viewing and editing
(document editor --> document editing service)
Document command service
allows to perfom additional commands with document editing service
Document conversion service
convert the document file into the appropriate Office Open XML format for their editing or downloading
Install
Docker IMage OS: Ubuntu 16.04.6 LTS@20190823 (IMAGE ID: 7d85705b29d8)
docker run -dit -p 88:80 --restart always --name oods onlyoffice/documentserver
docker run -dit --restart unless-stopped oods
Storing Data
/var/log/onlyoffice # for ONLYOFFICE Document Server logs
/var/www/onlyoffice/Data # for certificates
/var/lib/onlyoffice # for file cache
/var/lib/postgresql # for database
mkdir -p /data/onlyoffice
cd /data/onlyoffice
mkdir logs data lib db
docker run --name=oods -i -t -d -p 80:80 \
-v /data/onlyoffice/logs:/var/log/onlyoffice \
-v /data/onlyoffice/data:/var/www/onlyoffice/Data \
-v /data/onlyoffice/lib:/var/lib/onlyoffice \
-v /data/onlyoffice/db:/var/lib/postgresql \
onlyoffice/documentserver
startup.sh
docker run --name=oods -i -t -d -p 443:443 \ -v /data/onlyoffice/logs:/var/log/onlyoffice \ -v /data/onlyoffice/data:/var/www/onlyoffice/Data \ -v /data/onlyoffice/lib:/var/lib/onlyoffice \ -v /data/onlyoffice/db:/var/lib/postgresql \ onlyoffice/documentserver
Cert. & Key 位置
# be changed using the SSL_KEY_PATH, SSL_CERTIFICATE_PATH and SSL_DHPARAM_PATH configuration options.
/data/onlyoffice/data/certs/onlyoffice.key
/data/onlyoffice/data/certs/onlyoffice.crt
/data/onlyoffice/data/certs/dhparam.pem # openssl dhparam -out dhparam.pem 2048
Docker Environment Variables
它們是修改 /etc/onlyoffice/documentserver/local.json
ONLYOFFICE_HTTPS_HSTS_ENABLED:
Applicable only when SSL is in use. Defaults to true.
Advanced configuration option for turning off the HSTS configuration.
ONLYOFFICE_HTTPS_HSTS_MAXAGE:
Advanced configuration option for setting the HSTS max-age in the onlyoffice nginx vHost configuration.
Applicable only when SSL is in use. Defaults to 31536000.
JWT_ENABLED:
Defaults: false
Specifies the enabling the JSON Web Token(RFC 7519) validation by the ONLYOFFICE Document Server.
JWT_SECRET:
Defaults to "secret"
Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server.
JWT_HEADER:
Defaults: "Authorization"
Defines the http header that will be used to send the JSON Web Token.
Reboot
Document Server saves a document only after the document has been closed by all the users who edited it.
To avoid data loss, you must forcefully disconnect the Document Server users
when you need to stop Document Server in cases of the application update, server reboot etc.
sudo docker exec <CONTAINER> documentserver-prepare4shutdown.sh
Restrict access to the ONLYOFFICE editors
* Default: publicly accessible
設定方式
- JWT token
- IP Filter
# Configure File
/etc/onlyoffice/documentserver/default.json
OR
/etc/onlyoffice/documentserver/local.json
IP Filter
/etc/onlyoffice/documentserver/local.json
"ipfilter": { "rules": [ { "address": "ip_address", "allowed": true }, { "address": "*", "allowed": false } ], "useforrequest": true, "errorcode": 403 }
supervisorctl restart all
JWT token
/etc/onlyoffice/documentserver/local.json
{ "services": { "CoAuthoring": { "secret": { "inbox": { "string": "secret" }, "outbox": { "string": "secret" }, }, "token": { "enable": { "browser": true, "request": { "inbox": true, "outbox": true } } } } } }
supervisorctl restart all
enable.browser
document editor opening and calling the methods
enable.request.outbox:
document editing service -> document storage service
enable.request.inbox
in the requests to the document command service and document conversion service.
secret.inbox.string
browser -> document command service and document conversion service
secret.outbox.string
document editing service -> "callbackUrl" address
Security
To prevent the substitution of important parameters in ONLYOFFICE Document Server
requests an encrypted signature is added to it in the form of token.
The token is added in the configuration when initializing Document Editor
and during the exchange of commands between document storage service and document editing service,
document command service and document conversion service.
The token is generated using the JWT (JSON Web Tokens) standard.
The tokens are signed by the server's key, so the client is able to verify that the token is legitimate.