Docker安装OnlyOffice

拉取镜像

镜像地址：onlyoffice镜像
我用的onlyoffice版本是6.4版本

docker pull onlyoffice/documentserver:6.4

启动容器

如果不用https访问，运行以下命令启动onlyoffice容器

#创建挂载目录
#onlyoffice日志挂载目录
mkdir /opt/dockerfile/onlyoffice/log
#onlyoffice数据目录
mkdir /opt/dockerfile/onlyoffice/data
#onlyoffice配置文件目录
mkdir /opt/dockerfile/onlyoffice/lib
#onlyoffice数据库目录
mkdir /opt/dockerfile/onlyoffice/db
#onlyoffice nginx配置文件目录
mkdir /opt/dockerfile/onlyoffice/nginx

docker run -i -t -d -p 8013:80 --name onlyoffice --restart=always 
-v /opt/dockerfile/onlyoffice/log:/var/log/onlyoffice 
-v /opt/dockerfile/onlyoffice/data:/var/www/onlyoffice/Data 
-v /opt/dockerfile/onlyoffice/lib:/var/lib/onlyoffice 
-v /opt/dockerfile/onlyoffice/db:/var/lib/postgresql 
-v /opt/dockerfile/onlyoffice/nginx:/etc/onlyoffice/documentserver/nginx 
onlyoffice/documentserver:6.4

注：挂载nginx配置文件目录是为了方便后续更改nginx配置，不知道什么原因，用以上命令启动，容器内nginx配置文件会消失，或者说被宿主机空的nginx文件夹覆盖，我的做法是第一次启动容器先不挂载nginx目录，然后把容器内nginx配置文件复制到宿主机的挂载目录，然后删除容器后再次启动挂载nginx目录，具体如下

#第一次启动
docker run -i -t -d -p 8013:80 --name onlyoffice --restart=always 
-v /opt/dockerfile/onlyoffice/log:/var/log/onlyoffice 
-v /opt/dockerfile/onlyoffice/data:/var/www/onlyoffice/Data 
-v /opt/dockerfile/onlyoffice/lib:/var/lib/onlyoffice 
-v /opt/dockerfile/onlyoffice/db:/var/lib/postgresql 
onlyoffice/documentserver:6.4

#复制nginx配置文件到宿主机
docker cp onlyoffice:/etc/onlyoffice/documentserver/nginx /opt/dockerfile/onlyoffice

#停止容器并删除
docker stop onlyoffice
docker rm onlyoffice

#重新启动容器（挂载nginx）
docker run -i -t -d -p 8013:80 --name onlyoffice --restart=always 
-v /opt/dockerfile/onlyoffice/log:/var/log/onlyoffice 
-v /opt/dockerfile/onlyoffice/data:/var/www/onlyoffice/Data 
-v /opt/dockerfile/onlyoffice/lib:/var/lib/onlyoffice 
-v /opt/dockerfile/onlyoffice/db:/var/lib/postgresql 
-v /opt/dockerfile/onlyoffice/nginx:/etc/onlyoffice/documentserver/nginx 
onlyoffice/documentserver:6.4

至此容器启动成功，浏览器输入地址localhost:8013

按照命令可以启动演示页面

sudo docker exec f8f17ec4aa3f sudo supervisorctl start ds:example

然后点击GO TO TEST EXAMPLE进入演示页面，可以上传文件演示在线预览和编辑的效果

Https访问OnlyOffice

因为公司生产环境必须https访问，否则出现跨域问题，刚开始我是直接在宿主机nginx配置8013端口号映射的，如下

location /onlyoffice/ {
  	proxy_pass http://192.168.0.183:8013/; 
}

这种方式可以通过https://我的域名/onlyoffice访问到onlyoffice主页，但是当预览文件的时候会报unknown error，查看接口调用，发现Edit.bin接口报错，原因是该接口调用形式还是http

http://192.168.0.183:8013/cache/files/7f8268a6c914b496ea63/Editor.bin/Editor.bin?md5=zk5o68w3kpMTY_pVaEt0hQ&expires=1670380981&filename=Editor.bin

443端口映射

删除容器，映射443端口重新启动容器，命令如下

#重新启动容器（挂载nginx）
docker run -i -t -d -p 8013:80 -p 8443:443 --name onlyoffice --restart=always 
-v /opt/dockerfile/onlyoffice/log:/var/log/onlyoffice 
-v /opt/dockerfile/onlyoffice/data:/var/www/onlyoffice/Data 
-v /opt/dockerfile/onlyoffice/lib:/var/lib/onlyoffice 
-v /opt/dockerfile/onlyoffice/db:/var/lib/postgresql 
-v /opt/dockerfile/onlyoffice/nginx:/etc/onlyoffice/documentserver/nginx 
onlyoffice/documentserver:6.4

因为我宿主机的443端口被占用，所以用宿主机8443端口映射容器443端口，然后防火墙开放端口

#开放8443端口
firewall-cmd --zone=public --add-port=8443/tcp --permanent
#刷新
firewall-cmd --reload

配置SSL证书

首先进入数据挂载目录/opt/dockerfile/onlyoffice/data，创建certs目录mkdir certs，然后将我们的SSL文件pem和key文件放到该目录下，使用openssl命令把pem转为crt文件

openssl x509 -in onlyoffice.pem -out onlyoffice.crt

onlyoffice容器内已经把nginx配置文件挂载出来，所以进入nginx挂载目录，找到ds.conf文件，修改ssl配置

## HTTPS host
server {
  listen 0.0.0.0:443 ssl http2;
  listen [::]:443 ssl http2 default_server;
  server_tokens off;
  root /usr/share/nginx/html;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  ssl on;
  ssl_certificate /var/www/onlyoffice/Data/certs/onlyoffice.crt;
  ssl_certificate_key /var/www/onlyoffice/Data/certs/onlyoffice.key;
  # Uncomment string below and specify the path to the file with the password if you use encrypted certificate key
  # ssl_password_file {{SSL_PASSWORD_PATH}};
  ssl_verify_client off;

  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_cache  builtin:1000  shared:SSL:10m;

  ssl_prefer_server_ciphers   on;

  add_header Strict-Transport-Security max-age=31536000;
  # add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 10s;

  ## [Optional] Generate a stronger DHE parameter:
  ##   cd /etc/ssl/certs
  ##   sudo openssl dhparam -out dhparam.pem 4096
  ##

  include /etc/nginx/includes/ds-*.conf;

}

注：ssl_certificate证书配置的路径是/var/www/onlyoffice/Data/certs（挂载至宿主机了）

重启容器

重启容器访问https://我的域名:8443/可以访问到onlyoffice主页，进入演示页面上传文件进行预览会报Download failed Press “OK” return to document list，问题产生的原因是Document Server默认拒绝未认证的请求（签名认证的HTTPS请求）
解决方案：进入容器修改default.json配置

#进入容器
docker exec -it onlyoffice /bin/bash
#修改default.json配置
vim /etc/onlyoffice/documentserver/default.json

将rejectUnauthorized属性设置为false，如下

"requestDefaults": {
                                "headers": {
                                        "User-Agent": "Node.js/6.13",
                                        "Connection": "Keep-Alive"
                                },
                                "gzip": true,
                                "rejectUnauthorized": false
                        },

再次重启容器后正常预览文件，至此onlyoffice跨域问题解决

参考文章：
https://www.cnblogs.com/Magiclala/p/15497267.html

https://blog.csdn.net/weixin_44048054/article/details/126057999