OnlyOffice Community Server is a great self-hosted open source alternative to Google Docs or Microsoft Office 365.
It can be easily installed with Docker (https://helpcenter.onlyoffice.com/server/docker/community/docker-installation.aspx#AlternativeInstallation).
However, you might want to add a valid certificate to enable HTTPS connections on your OnlyOffice instance, and you might want to use a LetsEncrypt certificate.
In that case, here is a tutorial to do so.
How to configure HTTPS with a LetsEncrypt Certificate on OnlyOffice Community Server for Docker
- Install OnlyOffice (if you have not already done that)
Follow the steps here https://helpcenter.onlyoffice.com/server/docker/community/docker-installation.aspx
- Connect to your machine with SSH
- Switch to the super-user with the command:
sudo -i - Create your OnlyOffice certificate folder with the command:
mkdir -p /app/onlyoffice/CommunityServer/data/certs - Create your Diffie-Hellman params with the command:
openssl dhparam -out//app/onlyoffice/CommunityServer/data/certsdhparam.pem 2048 - Now, install Certbot with the command (for Ubuntu/Debian):
apt-get install certbot python-certbot-nginx - We will use the « standalone » mode of Certbot, which will use the 80 port of your machine. In order to avoid any conflict with OnlyOffice, we need to stop your OnlyOffice instances. The easiest way is to stop Docker with the command:
systemctl stop docker - Now we will generate the Let’s Encrypt certificate with CertBot and this command (replace the
<YOUR_DOMAIN>parameter by your domain name):certbot certonly --standalone -d <YOUR_DOMAIN> - Complete the LetsEncrypt procedure
- Restart Docker
systemctl start docker - Find the ID of your OnlyOffice Community Server container
onlyofficecs_container_id=$(docker ps -f name=onlyoffice-community-server -q) - Copy your certificate to the OnlyOffice certificate folder with the command (replace the
<YOUR_DOMAIN>parameter by your domain name):cp /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key &&
cp /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.crt - Restart your OnlyOffice Community Server container with the command:
docker restart "$onlyofficecs_container_id" #it reuses the ID found at step 11
You should now be able to access to your OnlyOffice Community server over HTTPS at https://<YOUR_DOMAIN> (replace the <YOUR_DOMAIN> parameter by your domain name).
For your certificate renewal, it is way easier as it can be fully automated. You can use the script below for this, just set properly the YOURDOMAIN variable to your domain name.
#!/bin/bash
YOURDOMAIN="TYPE_YOUR_DOMAIN_NAME_HERE"
echo "Stopping Docker..." &&
systemctl stop docker &&
echo "Registering / Renewing certificate" &&
certbot certonly --standalone -d $YOURDOMAIN &&
echo "Starting Docker..." &&
systemctl start docker &&
onlyofficecs_container_id=$(docker ps -f name=onlyoffice-community-server -q) &&
if [ -z "$onlyofficecs_container_id" ]
then
echo "ERROR: Cannot find a valid OnlyOffice Community Server container. Please check that OnlyOffice is running."
exit 1
else
echo "Copying certificates files in the OnlyOffice folder" &&
cp /etc/letsencrypt/live/$YOURDOMAIN/privkey.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key &&
cp /etc/letsencrypt/live/$YOURDOMAIN/fullchain.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.crt &&
docker restart "$onlyofficecs_container_id"
echo "Certificate configured successfully for OnlyOffice Community Server!"
fi