ONLYOFFICE: instalación debian 10

ONLYOFFICE: instalación debian 9

Instalación de Mono

  • Instalamos dependencias
sudo apt install apt-transport-https dirmngr gnupg ca-certificates
  • Incluimos la llave
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
  • Agregamos el repositorio
echo "deb https://download.mono-project.com/repo/debian stable-buster main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list
  • Actualizamos
apt update
  • Instalamos
apt install mono-devel

Instalación de NGINX

  • Instalamos
apt-get install nginx

Instalación de NODEJS

  • Instalamos dependencias
apt install curl
  • Ejecutamos
curl -sL https://deb.nodesource.com/setup_14.x | bash -
  • Instalamos
apt-get install -y nodejs
  • Agregamos
apt-get install -y build-essential

Instalación de MYSQL

  • Obtenemos
wget repo.mysql.com/mysql-apt-config_0.8.15-1_all.deb
  • Instalamos
dpkg -i mysql-apt-config_0.8.15-1_all.deb
  • Aceptamos
  • Actualizamos
apt update
  • Instalamos
apt install mysql-server
  • Contraseña root
undefined
  • Lo configuramos
mysql_secure_installation
  • RESULTADO
Securing the MySQL server deployment.

Enter password for user root:

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1
Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : n

... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.

- Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!
  • Probamos conexión
mysql -u root -p

Instalar onlyoffice community server

  • LLave
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
  • Agregamos
echo "deb http://download.onlyoffice.com/repo/debian squeeze main" | tee /etc/apt/sources.list.d/onlyoffice.list
  • Actualizamos
apt-get update
  • Instalamos
apt-get install onlyoffice-communityserver
  • Nos pide la contraseña de MYSQL
  • Ingresamos el navegador
http://10.20.200.48/
  • Ingresamos los datos
  • Pas:AC2
  • Si nos da problemas de codificación:
locale-gen en_US en_US.UTF-8
dpkg-reconfigure locales 
reboot

mysql -u root -p
USE onlyoffice
select textValue from res_data where cultureTitle='ru' limit 1;
delete from res_data;
source /var/www/onlyoffice/Sql/onlyoffice.resources.sql
exit


service monoserve restart

Instalar certificados

DNS

  • Agregamos el dominio office.siua.ac.cr -> 10.20.200.48 / 181.193.87.6

PROXY

  • Creamos el archivo
nano /etc/apache2/sites-available/office.siua.ac.cr.conf
  • Contenido:
NameVirtualHost 181.193.87.6:80

<VirtualHost 181.193.87.6:80>

#************************************************************************
#******************* DATOS DEL SITIO WEB ********************************
#************************************************************************
ServerName office.siua.ac.cr
ServerAlias www.office.siua.ac.cr
ErrorLog /var/log/apache2/office_80.siua.ac.cr-error.log
CustomLog /var/log/apache2/office_80.siua.ac.cr-access.log common

#************************************************************************
#********************** DATOS DEL WEBMASTER *****************************
#************************************************************************
ServerAdmin interuniversitariadealajuela@gmail.com
Header add Author "Unidad de Gestion e Innovacion Tecnologica"

#************************************************************************
#************************** DATOS DEL REDIRECCIONAMIENTO ****************
#************************************************************************

</VirtualHost>
  • Habilitamos el sitios
a2ensite office.siua.ac.cr.conf
  • Recargamos
systemctl reload apache2
  • Ejecutamos el cerbot
certbot --installer apache
  • Editamos el archivo
nano /etc/apache2/sites-available/office.siua.ac.cr-le-ssl.conf
  • Contenido
<IfModule mod_ssl.c>
<VirtualHost 181.193.87.6:443>

#************************************************************************
#******************* DATOS DEL SITIO WEB ********************************
#************************************************************************
ServerName office.siua.ac.cr
ServerAlias www.office.siua.ac.cr
ErrorLog /var/log/apache2/office_443.siua.ac.cr-error.log
CustomLog /var/log/apache2/office_443.siua.ac.cr-access.log common

#************************************************************************
#********************** DATOS DEL WEBMASTER *****************************
#************************************************************************
ServerAdmin interuniversitariadealajuela@gmail.com
Header add Author "Unidad de Gestion e Innovacion Tecnologica"

#************************************************************************
#********************* DATOS DEL REDIRECCIONAMIENTO *********************
#************************************************************************
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine on
ProxyPass / https://10.20.200.48/
ProxyPassReverse / https://10.20.200.48/


#************************************************************************
#********************** DATOS DEL CERTIFICADO ***************************
#************************************************************************
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/office.siua.ac.cr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/office.siua.ac.cr/privkey.pem
</VirtualHost>
</IfModule>
  • Recargamos apache
systemctl reload apache2

ONLYOFFICE

  • Creamos la carpeta donde se guardan los certificados
mkdir -p /var/www/onlyoffice/Data/certs
  • Le damos permisos
chmod 777 -R /var/www/onlyoffice/Data/certs

PROXY

  • Le pasamos los certificados
scp -P 44 -r /etc/letsencrypt/live/office.siua.ac.cr/privkey.pem root@10.20.200.48:/var/www/onlyoffice/Data/certs/privkey.pem
scp -P 44 -r /etc/letsencrypt/live/office.siua.ac.cr/fullchain.pem root@10.20.200.48:/var/www/onlyoffice/Data/certs/fullchain.pem

ONLYOFFICE

  • Abrimos el archivo de configuración:
nano /etc/nginx/sites-available/onlyoffice
  • Modificamos el servidor 80 para que diriga a 443
server {
        listen 80;
        server_name  office.siua.ac.cr;
        rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
        # Enables or disables emitting nginx version on error pages and in the "Server" response header field.
        server_tokens off;

}
  • Agregamos el servidor 443
server {

        listen 443;
        server_name  office.siua.ac.cr;
        server_tokens off;
        charset utf-8;
        ssl on;
        ssl_certificate /var/www/onlyoffice/Data/certs/fullchain.pem; # managed by Certbot
        ssl_certificate_key /var/www/onlyoffice/Data/certs/privkey.pem; # managed by Certbot


        add_header Access-Control-Allow-Origin *;

        large_client_header_buffers 4 16k;

        set $X_REWRITER_URL $the_scheme://$the_host;

        if ($http_x_rewriter_url != '') {
                set $X_REWRITER_URL $http_x_rewriter_url ;
        }

        include /etc/nginx/includes/onlyoffice-communityserver-*.conf;

}

 Instalación de Document-Server

  • Instalamos dependencias
apt-get install build-essential apt-transport-https dirmngr libstdc++6

Instalamos NGINX

apt-get install nginx

Instalamos NODEJS

  • Instalamos dependencias
apt install curl
  • Ejecutamos
curl -sL https://deb.nodesource.com/setup_10.x | bash -
  • Instalamos
apt-get install -y nodejs
  • Agregamos
apt-get install -y build-essential

 Instalamos PostgreSQL

  • Instalamos
apt-get install postgresql
  • Le indicamos que inicie
systemctl start postgresql
  • Vemos el estado
systemctl status postgresql
  • Para logearnos
su - postgres
  • Ingresamos a la consola
psql
  • Modificamos la contraseña de administrador
ALTER USER postgres PASSWORD 'HB3';
  • Salimos
CTRL+D
  • Abrimos un nuevo cliente
 psql -U postgres -h localhost -W 

(HB3)
  • Creamos la base de datos
CREATE DATABASE onlyoffice;
  • Creamos el usuario
CREATE USER onlyoffice PASSWORD 'HB0';





  •  Le damos permisos





GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;





  • Salimos





CTRL+D





Instalamos REDIS





apt-get install redis-server





Instalamos Rabbitmq





apt-get install rabbitmq-server





Instalamos NPM y NGINX-EXTRAS





apt-get install npm nginx-extras





Instalar Document Server





  • Llave





apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5





  • Agregar el repositorio





echo "deb http://download.onlyoffice.com/repo/debian squeeze main" | tee /etc/apt/sources.list.d/onlyoffice.list





  • Actualizar





apt-get update





  • Instalar





apt-get install onlyoffice-documentserver





  • Solicita la contraseña de usuario de base de datos onlyoffice (HB3)










  • Si nos da error al instalar





psql: FATAL:  password authentication failed for user "onlyoffice"





  • Correguimos con:





echo RESET onlyoffice/db-user | debconf-communicate onlyoffice-documentserver
echo RESET onlyoffice/db-pwd | debconf-communicate onlyoffice-documentserver
dpkg --configure onlyoffice-documentserver





  • Ya podemos ir al navegador





http://10.20.200.49/welcome/










Creación de certificado Letsencrypt





PROXY





  • Creamos en los DNS el dominio: document.siua.ac.cr -> 10.20.200.49/181.193.87.6
  • Creamos el archivo





nano /etc/apache2/sites-available/document.siua.ac.cr.conf





  • Contenido





NameVirtualHost 181.193.87.6:80

<VirtualHost 181.193.87.6:80>

        #************************************************************************
        #******************* DATOS DEL SITIO WEB ********************************
        #************************************************************************
        ServerName document.siua.ac.cr
        ServerAlias www.document.siua.ac.cr
        ErrorLog /var/log/apache2/document_80.siua.ac.cr-error.log
        CustomLog /var/log/apache2/document_80.siua.ac.cr-access.log common

        #************************************************************************
        #********************** DATOS DEL WEBMASTER *****************************
        #************************************************************************
        ServerAdmin interuniversitariadealajuela@gmail.com
        Header add Author "Unidad de Gestion e Innovacion Tecnologica"

        #************************************************************************
        #************************** DATOS DEL REDIRECCIONAMIENTO ****************
        #************************************************************************

</VirtualHost>





  • Lo habilitamos





a2ensite document.siua.ac.cr.conf 










  • Reiniciamos apache





systemctl reload apache2





  • Mandamos a crear el certificado





certbot --installer apache





  • Editamos el archivo





nano /etc/apache2/sites-available/document.siua.ac.cr-le-ssl.conf





  • Remplazamos todo el contenido por:





<IfModule mod_ssl.c>
<VirtualHost 181.193.87.6:443>

#************************************************************************
#******************* DATOS DEL SITIO WEB ********************************
#************************************************************************
ServerName document.siua.ac.cr
ServerAlias www.document.siua.ac.cr
ErrorLog /var/log/apache2/document_443.siua.ac.cr-error.log
CustomLog /var/log/apache2/document_443.siua.ac.cr-access.log common

#************************************************************************
#********************** DATOS DEL WEBMASTER *****************************
#************************************************************************
ServerAdmin interuniversitariadealajuela@gmail.com
Header add Author "Unidad de Gestion e Innovacion Tecnologica"

#************************************************************************
#********************* DATOS DEL REDIRECCIONAMIENTO *********************
#************************************************************************
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine on
ProxyPass / https://10.20.200.49/
ProxyPassReverse / https://10.20.200.49/


#************************************************************************
#********************** DATOS DEL CERTIFICADO ***************************
#************************************************************************
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/document.siua.ac.cr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/document.siua.ac.cr/privkey.pem
</VirtualHost>
</IfModule>





  • Reiniciamos apache





systemctl reload apache2





Servidor DOCUMENT





  • Creamos una carpeta para almacenar los certificados





mkdir /var/www/onlyoffice/Data/certs





  • Le damos permisos





chmod 777 -R /var/www/onlyoffice/Data/certs





PROXY





  • Le pasamos los certificados





scp -P 44 -r /etc/letsencrypt/live/document.siua.ac.cr/fullchain.pem root@10.20.200.49:/var/www/onlyoffice/Data/certs/fullchain.pem 

scp -P 44 -r /etc/letsencrypt/live/document.siua.ac.cr/privkey.pem root@10.20.200.49:/var/www/onlyoffice/Data/certs/privkey.pem





DOCUMENT





  • Detenemos el servicio





service nginx stop





  • Copiamos la plantilla





cp -f /etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver-ssl.conf.template /etc/nginx/conf.d/onlyoffice-documentserver.conf





  • Abrimos





nano /etc/nginx/conf.d/onlyoffice-documentserver.conf





  • Editamos





include /etc/nginx/includes/onlyoffice-http.conf;

## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name _;
server_tokens off;

## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}

#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;

include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}

## HTTPS host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_tokens off;
root /usr/share/nginx/html;

## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /var/www/onlyoffice/Data/certs/fullchain.pem;
ssl_certificate_key /var/www/onlyoffice/Data/certs/privkey.pem;
ssl_verify_client off;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

include /etc/nginx/includes/onlyoffice-documentserver-*.conf;

}






  • Iniciamos el servicio





service nginx start





 Integrar a NEXTCLOUD





  • Ingresamos por ssh a nuestro servidor NEXTCLOUD
  • Instalamos si no lo tenemos la app





cd /var/www/html/SIUA/apps/
git clone https://github.com/ONLYOFFICE/onlyoffice-owncloud.git onlyoffice





  • Ingresamos a la aplicación como administrador y habilitamos la apps










  • Ingresamos a Configuración->Administración->ONLYOFFICE





  • Si nos da error de javascript «Allfonts.js» not Found





nano /var/log/onlyoffice/documentserver/nginx.error.log





  • Instalamos





apt install sudo





  • Ejecutamos





documentserver-generate-allfonts.sh





  • Verificamos que ya exista el archivo





ls /var/www/onlyoffice/documentserver/sdkjs/common