OnlyOffice Community Server is a great self-hosted open source alternative to Google Docs or Microsoft Office 365.
It can be easily installed with Docker (https://helpcenter.onlyoffice.com/server/docker/community/docker-installation.aspx#AlternativeInstallation).
However, you might want to add a valid certificate to enable HTTPS connections on your OnlyOffice instance, and you might want to use a LetsEncrypt certificate.
In that case, here is a tutorial to do so.

How to configure HTTPS with a LetsEncrypt Certificate on OnlyOffice Community Server for Docker

  1. Install OnlyOffice (if you have not already done that)

    Follow the steps here https://helpcenter.onlyoffice.com/server/docker/community/docker-installation.aspx

  2. Connect to your machine with SSH

  3. Switch to the super-user with the command:

    sudo -i

  4. Create your OnlyOffice certificate folder with the command:

    mkdir -p /app/onlyoffice/CommunityServer/data/certs

  5. Create your Diffie-Hellman params with the command:

    openssl dhparam -out /app/onlyoffice/CommunityServer/data/certs/dhparam.pem 2048

  6. Now, install Certbot with the command (for Ubuntu/Debian):

    apt-get install certbot python-certbot-nginx

  7. We will use the « standalone » mode of Certbot, which will use the 80 port of your machine. In order to avoid any conflict with OnlyOffice, we need to stop your OnlyOffice instances. The easiest way is to stop Docker with the command:

    systemctl stop docker

  8. Now we will generate the Let’s Encrypt certificate with CertBot and this command (replace the <YOUR_DOMAIN> parameter by your domain name):

    certbot certonly --standalone -d <YOUR_DOMAIN>

  9. Complete the LetsEncrypt procedure

  10. Restart Docker

    systemctl start docker

  11. Find the ID of your OnlyOffice Community Server container

    onlyofficecs_container_id=$(docker ps -f name=onlyoffice-community-server -q)

  12. Copy your certificate to the OnlyOffice certificate folder with the command (replace the <YOUR_DOMAIN> parameter by your domain name):

    cp /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key &&
    cp /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.crt

  13. Restart your OnlyOffice Community Server container with the command:

    docker restart "$onlyofficecs_container_id" #it reuses the ID found at step 11

You should now be able to access to your OnlyOffice Community server over HTTPS at https://<YOUR_DOMAIN> (replace the <YOUR_DOMAIN> parameter by your domain name).

For your certificate renewal, it is way easier as it can be fully automated. You can use the script below for this, just set properly the YOURDOMAIN variable to your domain name.

#!/bin/bash

YOURDOMAIN="TYPE_YOUR_DOMAIN_NAME_HERE"

echo "Stopping Docker..." &&
systemctl stop docker &&
echo "Registering / Renewing certificate" &&
certbot certonly --standalone -d $YOURDOMAIN &&
echo "Starting Docker..." &&
systemctl start docker &&
onlyofficecs_container_id=$(docker ps -f name=onlyoffice-community-server -q) &&
if [ -z "$onlyofficecs_container_id" ]
then
    echo "ERROR: Cannot find a valid OnlyOffice Community Server container. Please check that OnlyOffice is running."
    exit 1
else
    echo "Copying certificates files in the OnlyOffice folder" &&
    cp /etc/letsencrypt/live/$YOURDOMAIN/privkey.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key &&
    cp /etc/letsencrypt/live/$YOURDOMAIN/fullchain.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.crt &&
    docker restart "$onlyofficecs_container_id"
    echo "Certificate configured successfully for OnlyOffice Community Server!"
fi

Publié par Maxime

Consultant en sécurité informatique — Co-fondateur de @cyberwatch — #ARCSI #Infosec #FrenchTech #CivicTech

Laisser un commentaire

Laisser un commentaire

%d blogueurs aiment cette page :