diff --git a/docs/admin/configuration/euro-office/_category_.json b/docs/admin/configuration/euro-office/_category_.json new file mode 100644 index 00000000..fd7b5664 --- /dev/null +++ b/docs/admin/configuration/euro-office/_category_.json @@ -0,0 +1,4 @@ +{ + "label": "Euro Office", + "position": 31 +} diff --git a/docs/admin/configuration/euro-office/index.md b/docs/admin/configuration/euro-office/index.md new file mode 100644 index 00000000..a42d4efb --- /dev/null +++ b/docs/admin/configuration/euro-office/index.md @@ -0,0 +1,84 @@ +--- +sidebar_position: 1 +id: euro-office +title: Euro Office +description: Configuration guides for Euro Office integration in OpenCloud +draft: false +--- + +# Euro Office + +[Euro Office](https://github.com/EURO-office/DocumentServer) is a sovereign document editing suite based on ONLYOFFICE that integrates with OpenCloud via the WOPI protocol. + +:::warning +The Euro Office project is currently in its early stages and may have stability issues. +::: + +## What you will find here + +- Set up Euro Office with OpenCloud using Docker Compose. +- Configure Euro Office behind an external Nginx reverse proxy. + +## Docker Compose Setup + +Euro Office is available as a compose module in the [opencloud-compose](https://github.com/opencloud-eu/opencloud-compose) project. + +### With Traefik (built-in reverse proxy) + +Set the following in your `.env` file: + +```env +COMPOSE_FILE=docker-compose.yml:weboffice/euroffice.yml:traefik/opencloud.yml:traefik/euroffice.yml + +EURO_OFFICE_DOMAIN=euro-office.YOUR.DOMAIN +WOPISERVER_DOMAIN=wopiserver.YOUR.DOMAIN +EURO_OFFICE_JWT_SECRET=YOUR.SECRET +``` + +### With an external proxy (Nginx, Caddy, etc.) + +Set the following in your `.env` file: + +```env +COMPOSE_FILE=docker-compose.yml:weboffice/euroffice.yml:external-proxy/opencloud.yml:external-proxy/euroffice.yml + +EURO_OFFICE_DOMAIN=euro-office.YOUR.DOMAIN +WOPISERVER_DOMAIN=wopiserver.YOUR.DOMAIN +EURO_OFFICE_JWT_SECRET=YOUR.SECRET +``` + +For the full Nginx configuration guide, see [Behind External Proxy](../../getting-started/container/docker-compose/external-proxy). + + + +## Environment Variables + +| Variable | Default | Description | +|---|---|---| +| `EURO_OFFICE_DOMAIN` | `euro-office.opencloud.test` | Domain of the Euro Office document server | +| `EURO_OFFICE_JWT_SECRET` | `changeme` | JWT secret for Euro Office. **Change this for production!** | +| `EURO_OFFICE_DOCKER_IMAGE` | `ghcr.io/euro-office/documentserver` | Docker image for the document server | +| `EURO_OFFICE_DOCKER_TAG` | `latest` | Docker image tag | + +## Exposed Ports (External Proxy) + +When using an external reverse proxy, the following ports are exposed on the host: + +| Service | Host Port | Description | +|---|---|---| +| Euro Office Document Server | `9900` | The document editing interface | +| Euro Office WOPI Server | `9300` | WOPI protocol endpoint (collaboration service) | + +## DNS Entries + +When deploying with custom domains, make sure DNS records point to your server for: + +- `euro-office.YOUR.DOMAIN` +- `wopiserver.YOUR.DOMAIN` + +For local testing with `.test` domains, add to `/etc/hosts`: + +```text +127.0.0.1 euro-office.opencloud.test +127.0.0.1 wopiserver.opencloud.test +``` diff --git a/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md b/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md index 598b5463..84e36b01 100644 --- a/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md +++ b/docs/admin/getting-started/container/docker-compose/docker-external-proxy.md @@ -5,7 +5,6 @@ title: Behind External Proxy description: How to run OpenCloud behind an external Nginx proxy with Certbot (manual setup). draft: false --- - # Running OpenCloud Behind an External Proxy (Nginx + Certbot Setup) This guide walks you through setting up OpenCloud behind an external Nginx reverse proxy with Let's Encrypt certificates using `certbot certonly --webroot`. @@ -19,13 +18,18 @@ If you don't have an existing reverse proxy or prefer to let Traefik manage cert - A public server with a static IP - Proper DNS records for your domain: - `cloud.YOUR.DOMAIN` - - `collabora.YOUR.DOMAIN` - - `wopiserver.YOUR.DOMAIN` + - `collabora.YOUR.DOMAIN` (if using Collabora) + - `wopiserver.YOUR.DOMAIN` (if using Collabora) + - `euro-office.YOUR.DOMAIN` (if using Euro Office) - Installed software: - [Docker & Docker Compose](https://docs.docker.com/engine/install/) - `nginx` - `certbot` +:::tip Office Suite Choice +OpenCloud supports [Collabora](../../../configuration/collabora) and [Euro Office](../../../configuration/euro-office) as web office editors. You can use one or both. Adjust the DNS entries, certificates, and Nginx configuration below based on your choice. +::: + ## Connect to Your Server Log into your server via SSH: @@ -57,9 +61,10 @@ Create a temporary config to allow HTTP validation: sudo nano /etc/nginx/sites-available/certbot-challenge ``` -Paste the following config and adjust the URLs: +Paste the following config and adjust the URLs. Include the domains for the office suite(s) you are using: ```nginx +# Collabora only: server { listen 80; server_name cloud.YOUR.DOMAIN collabora.YOUR.DOMAIN wopiserver.YOUR.DOMAIN; @@ -73,6 +78,17 @@ server { } ``` +If using Euro Office (alone or alongside Collabora), add the Euro Office domains to `server_name`: + +```nginx +# Euro Office only: +server { + listen 80; + server_name cloud.YOUR.DOMAIN euro-office.YOUR.DOMAIN wopiserver.YOUR.DOMAIN; + # ...same location block as above... +} +``` + Enable and reload Nginx: ```bash @@ -82,9 +98,10 @@ sudo nginx -t && sudo systemctl reload nginx ## Obtain SSL Certificates -Use `certbot` to get your TLS certificates with adjusted URLs: +Use `certbot` to get your TLS certificates with adjusted URLs. Include all domains you need: ```bash +# Collabora only: sudo certbot certonly --webroot \ -w /var/www/certbot \ -d cloud.YOUR.DOMAIN \ @@ -95,6 +112,20 @@ sudo certbot certonly --webroot \ --no-eff-email ``` +If using Euro Office, add the Euro Office domains: + +```bash +# Euro Office only: +sudo certbot certonly --webroot \ + -w /var/www/certbot \ + -d cloud.YOUR.DOMAIN \ + -d euro-office.YOUR.DOMAIN \ + -d wopiserver.YOUR.DOMAIN \ + --email your@email.com \ + --agree-tos \ + --no-eff-email +``` + Your certificates will be saved under: - `/etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem` @@ -111,7 +142,9 @@ cp .env.example .env nano .env ``` -Set the following environment variables: +Set the following environment variables based on your office suite choice: + +**Collabora only:** ```env # INSECURE=true @@ -127,6 +160,24 @@ COLLABORA_DOMAIN=collabora.YOUR.DOMAIN WOPISERVER_DOMAIN=wopiserver.YOUR.DOMAIN ``` +**Euro Office only:** + +```env +# INSECURE=true + +COMPOSE_FILE=docker-compose.yml:weboffice/euroffice.yml:external-proxy/opencloud.yml:external-proxy/euroffice.yml + +OC_DOMAIN=cloud.YOUR.DOMAIN + +INITIAL_ADMIN_PASSWORD=YOUR.SECRET.PASSWORD + +EURO_OFFICE_DOMAIN=euro-office.YOUR.DOMAIN + +WOPISERVER_DOMAIN=wopiserver.YOUR.DOMAIN + +EURO_OFFICE_JWT_SECRET=YOUR.EURO.OFFICE.SECRET +``` + The initial Admin password is mandatory for security reasons. Start the docker compose setup @@ -157,13 +208,15 @@ sudo rm /etc/nginx/sites-enabled/certbot-challenge sudo nano /etc/nginx/sites-available/opencloud ``` -Paste the following configuration and adjust the URLs: +Paste the full configuration that matches your deployment choice. Do not mix them. + +### Configuration 1: OpenCloud Only ```nginx # Redirect HTTP to HTTPS server { listen 80; - server_name cloud.YOUR.DOMAIN collabora.YOUR.DOMAIN wopiserver.YOUR.DOMAIN; + server_name cloud.YOUR.DOMAIN; location /.well-known/acme-challenge/ { root /var/www/certbot; @@ -182,21 +235,62 @@ server { ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - # Increase max upload size (required for Tus — without this, uploads over 1 MB fail) + + # Increase max upload size client_max_body_size 10M; - - # Disable buffering - essential for SSE proxy_buffering off; proxy_request_buffering off; - - # Extend timeouts for long connections proxy_read_timeout 3600s; proxy_send_timeout 3600s; keepalive_requests 100000; keepalive_timeout 5m; http2_max_concurrent_streams 512; + proxy_next_upstream off; + + location / { + proxy_pass http://127.0.0.1:9200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +``` + +### Configuration 2: OpenCloud + Collabora + +```nginx +# Redirect HTTP to HTTPS +server { + listen 80; + server_name cloud.YOUR.DOMAIN collabora.YOUR.DOMAIN wopiserver.YOUR.DOMAIN; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } +} + +# OpenCloud +server { + listen 443 ssl http2; + server_name cloud.YOUR.DOMAIN; - # Prevent nginx from trying other upstreams + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + client_max_body_size 10M; + proxy_buffering off; + proxy_request_buffering off; + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + keepalive_requests 100000; + keepalive_timeout 5m; + http2_max_concurrent_streams 512; proxy_next_upstream off; location / { @@ -210,45 +304,134 @@ server { # Collabora server { - listen 443 ssl http2; - server_name collabora.YOUR.DOMAIN; - - ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - # Increase max upload size to collabora editor - client_max_body_size 10M; - - location / { - proxy_pass http://127.0.0.1:9980; - proxy_set_header Host $host; - } - - location ~ ^/cool/(.*)/ws$ { - proxy_pass http://127.0.0.1:9980; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - } + listen 443 ssl http2; + server_name collabora.YOUR.DOMAIN; + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + client_max_body_size 10M; + + location / { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Host $host; + } + + location ~ ^/cool/(.*)/ws$ { + proxy_pass http://127.0.0.1:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } +} + +# Collabora WOPI Server +server { + listen 443 ssl http2; + server_name wopiserver.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + location / { + proxy_pass http://127.0.0.1:9300; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +``` + +### Configuration 3: OpenCloud + Euro Office + +```nginx +# Redirect HTTP to HTTPS +server { + listen 80; + server_name cloud.YOUR.DOMAIN euro-office.YOUR.DOMAIN wopiserver.YOUR.DOMAIN; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + location / { + return 301 https://$host$request_uri; + } } -# WOPI Server +# OpenCloud server { - listen 443 ssl http2; - server_name wopiserver.YOUR.DOMAIN; - - ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - - location / { - proxy_pass http://127.0.0.1:9300; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } + listen 443 ssl http2; + server_name cloud.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + client_max_body_size 10M; + proxy_buffering off; + proxy_request_buffering off; + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + keepalive_requests 100000; + keepalive_timeout 5m; + http2_max_concurrent_streams 512; + proxy_next_upstream off; + + location / { + proxy_pass http://127.0.0.1:9200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} + +# Euro Office Document Server +server { + listen 443 ssl http2; + server_name euro-office.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + client_max_body_size 100M; + + location / { + proxy_pass http://127.0.0.1:9900; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } + + location ~ ^/(web-apps/apps/.*/(main|mobile|embed)/.*\.json|doc/.*/(c|s)/.*) { + proxy_pass http://127.0.0.1:9900; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto https; + } +} + +# Euro Office WOPI Server +server { + listen 443 ssl http2; + server_name wopiserver.YOUR.DOMAIN; + + ssl_certificate /etc/letsencrypt/live/cloud.YOUR.DOMAIN/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.YOUR.DOMAIN/privkey.pem; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + location / { + proxy_pass http://127.0.0.1:9300; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } } ```