OnlyOffice is a web-based office suite, similar to Google Docs or Office Online – that integrates with NextCloud. In fact, as of NextCloud 18, OnlyOffice is available as the Community Document Server in the official NextCloud app store.
Prior to version 18, OnlyOffice was a Node.js application that had to be installed on a separate server that also has a reverse proxy such as Nginx. Whether you use the Community Document Server (on the same server as NextCloud) or a standalone OnlyOffice server, you have to install the OnlyOffice Connector app so that files ending with .docx, .xlsx, .pptx, and related extensions can be viewed and edited using the OnlyOffice Document Server.
In an earlier article, we covered how to use the OnlyOffice Document Server Docker image to deploy an OnlyOffice server on a separate VPS, and integrate it with NextCloud. However, installing OnlyOffice in these ways comes with a major limitation. After 20 simultaneous open documents are reached, a pop-up message will prevent any further users from using the OnlyOffice Document Server. Any official build of OnlyOffice Community has this limitation, whether it is the Community Document Server installed from the app store, or the Docker image from Docker Hub.
However, the limitation to 20 concurrent active users does not necessarily apply to unofficial builds of OnlyOffice – which are within your legal right to create because OnlyOffice is open source software licensed under the AGPL. The 4 freedoms of open source software entitle users to use, modify, and redistribute open source software – including OnlyOffice – as they wish.
If you don’t have the technical expertise to build OnlyOffice yourself, you can download it above.
Although OnlyOffice’s developers encourage you to purchase a license that entitles you to paid support from their company, you are under no obligation to do so in order to use OnlyOffice without the 20 connection limit. OnlyOffice actually defines “concurrent users” as the number of connections (one user with 3 documents open = 3 connections), which means even a fairly small organization can easily exceed the default limit.
OnlyOffice is one of the best, if not the best online office integrations for NextCloud, because the rendering of the document editor is done client-side, meaning as a rule of thumb, a server can support 75 connections per gigabyte of RAM. This is impressive compared to Collabora Office, which begins to struggle with connections far before this threshold, with the same level of connections. Also, OnlyOffice provides full compatibility with Microsoft Office document formats, compared to Collabora Office, which is based on LibreOffice Online.
Based on OnlyOffice’s recommendations for the paid version of their software (which is identical to the open source version running in single node mode), a server with 4 GB of RAM and 4 CPU cores can easily support 200 to 400 concurrent users. If you need to scale OnlyOffice horizontally beyond two nodes using a load balancer and shared database backend, we provide custom consulting for more than 400 users with the OnlyOffice Community edition.
Compile OnlyOffice Document Server from the Source
Here are the instructions how you can exercise your freedom to modify and use OnlyOffice as open source software by compiling it from source, and deploying it on a separate node.
We used a DigitalOcean droplet with 8GB RAM and 4 vCPUs running Ubuntu 16.04 x64 to compile OnlyOffice Document Server. OnlyOffice’s documentation is outdated, as Node 8.x is deprecated and the compilation requires Node 10.x to succeed.
Install build dependencies.
sudo apt-get install -yq curl apt-transport-https ca-certificates
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install -y nodejs
sudo npm install -g npm
sudo npm install -g grunt-cli
sudo apt-get install --force-yes -yq \
wget \
build-essential \
libcurl4-gnutls-dev \
libglib2.0-dev \
libgdk-pixbuf2.0-dev \
libgtkglext1-dev \
libatk1.0-dev \
libcairo2-dev \
libxml2-dev \
libxss-dev \
libgconf2-dev \
default-jre \
qt5-qmake \
qt5-default \
p7zip-full \
git \
subversion
Pull the OnlyOffice source code from the repo.
git clone --recursive https://github.com/ONLYOFFICE/DocumentServer.git
cd DocumentServer
Change the max connections for OnlyOffice to any value =< 999999.
In server/Common/sources/constants.js, modify this line from
exports.LICENSE_CONNECTIONS = 20;
to
exports.LICENSE_CONNECTIONS = 99999;
After compiling and installing OnlyOffice, you can test that the max number of simultaneous connections to the Document Server has been increased by open > 20 office documents from NextCloud in separate browser tabs.
Build the dependencies and the Document Server components.
Allow 2 to 3 hours to build all of the components, even on a sufficiently powered server. If you don’t want to build OnlyOffice yourself, we provide an OnlyOffice installation service with integration to NextCloud.
cd core/Common/3dParty && ./make.sh
cd ../.. && make
cd ../sdkjs && make
cd ../server && make
Install OnlyOffice locally on the server.
Install runtime dependencies.
sudo apt-get update
sudo apt-get install adduser redis-server rabbitmq-server nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2
Remove non-essential core fonts.
Before installing, you need to remove some of the non-essential fonts contained in the DocumentServer/server/build/core-fonts folder. Otherwise you will encounter a segmentation fault (SegFault) error message when attempting to make install.
for font in \
lohit-assamese \
lohit-bengali \
lohit-devanagari \
lohit-gujarati \
lohit-kannada \
lohit-malayalam \
lohit-oriya \
lohit-punjabi \
lohit-tamil \
lohit-tamil-classical \
lohit-telugu \
nanum \
noto \
opensans \
padauk \
samyak \
samyak-fonts \
tibetan-machine \
ttf-khmeros-core \
ubuntu-font-family \
wqy-zenhei; \
do rm -rf build/core-fonts/${font}; done
Install OnlyOffice Document Server on the system.
cd ../server && sudo make install
If you completed all of the steps above, you will have managed to build & install OnlyOffice Document Server from the source code.
Benefits of Compiling Applications from Source Code
In general, compiling applications from source is an important skill for any system administrator to have, because the binaries that are provided from public repositories are not always up-to-date. If you are a developer, building software from source code means you have the opportunity to review the code for any major bugs or vulnerabilities – prior to installing it on your system.
It also reduces the chance that software can be tampered with by malicious actors at any point in the distribution process, in a so-called “software supply chain attack.” As you can verify any code against the signatures (hashes) published by the developers before compiling and running it, you increase the overall security of your system.
Running OnlyOffice Built from Source
Normally, the OnlyOffice Docker container is an all-in-one solution that integrates a web server and PostgreSQL with the services of the OnlyOffice Document Server (FileConverter, SpellChecker, DocService), but for a copy of OnlyOffice that is built from source, each of these services must be started and enabled separately.
Install PostgreSQL, create the OnlyOffice database, user, and tables.
PostgreSQL is the database backend used by Document Server to store sessions, user preferences, and facilitate real-time collaboration on documents. The Postgres DB is required to be running prior to starting the Document Server services.
sudo apt-get install postgresql
sudo systemctl enable postgresql
sudo systemctl start postgresql
sudo -i -u postgres psql -c "CREATE DATABASE onlyoffice;"
sudo -i -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
sudo -i -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
psql -hlocalhost -Uonlyoffice -d onlyoffice -f /var/www/onlyoffice/documentserver/server/schema/postgresql/createdb.sql
Install web server, and secure the OnlyOffice Document Server.
You can refer back to the Installing and configuring NGINX documentation for an example Nginx config for proxying web requests through to the Express.js gateway that the OnlyOffice Document Server’s DocService relies upon.
Then, follow the steps in the Certbot documentation to automatically obtain a free SSL certificate from Let’s Encrypt for your Nginx web server. We recommend the Force redirect option, so that all requests are served over HTTPS.
If your NextCloud instance is served over HTTPS (this should always be the case), your OnlyOffice instance must also be served over HTTPS. Certbot will automatically modify your Nginx config to install the obtained certificate, and if you configure a cron job (and renewal hook) to automatically renew and reload Nginx, you should never need to manually replace the certificate.
Another piece of security advice is to change the OnlyOffice secret to something other than the default “secret”, so that only your NextCloud instance can connect to the Document Server. This is equivalent to setting the JWT_ENABLED=true and JWT_SECRET=secret environment variables for the OnlyOffice Docker container.
Open /etc/onlyoffice/documentserver/default.json in a text editor and refer to this documentation.
In the services.CoAuthoring.secret block, for browser.string, inbox.string, outbox.string, and session.string, change “secret” to a secure, random alphanumeric string of your choice. In the services.CoAuthoring.token block, for enable.browser, enable.request.inbox, enable.request.outbox, and browser.secretFromInbox change the values from false to true.
...
"secret": {
"browser": {"string": "secret", "file": "", "tenants": {}},
"inbox": {"string": "secret", "file": "", "tenants": {}},
"outbox": {"string": "secret", "file": ""},
"session": {"string": "secret", "file": ""}
},
"token": {
"enable": {
"browser": true,
"request": {
"inbox": true,
"outbox": true
}
},
"browser": {
"secretFromInbox": true
},
...
},
In this file, you can also change the Postgres credentials in the services.CoAuthoring.sql section if you don’t want to use the default username and password of onlyoffice. If your PostgreSQL server is only listening on a local interface (with port blocked from outside world), using the default credentials is not necessarily insecure.
After making these changes, be sure to restart the OnlyOffice Document Server services if you have already previously started them on the server. Then, specify the secret value when configuring the OnlyOffice connector app in the NextCloud admin panel – to prevent an authorization error when loading documents with OnlyOffice.
Start the OnlyOffice services (FileConverter, SpellChecker, DocService).
The simplest way to run the OnlyOffice services in the background is to use the GNU utility screen, so that the processes survive a SSH disconnect. A more sophisticated way to restart the services is by writing a systemd service file, for which you can find examples online.
Document Server FileConverter service
cd /var/www/onlyoffice/documentserver/server/FileConverter/sources/ && export NODE_ENV=production-linux NODE_CONFIG_DIR=/etc/onlyoffice/documentserver && sudo -u onlyoffice -E node /var/www/onlyoffice/documentserver/server/FileConverter/sources/convertermaster.js
Document Server SpellChecker service
export NODE_ENV=production-linux NODE_CONFIG_DIR=/etc/onlyoffice/documentserver && sudo -u onlyoffice -E node /var/www/onlyoffice/documentserver/server/SpellChecker/sources/server.js
Document Server DocService service
export NODE_ENV=production-linux NODE_CONFIG_DIR=/etc/onlyoffice/documentserver && sudo -u onlyoffice -E node /var/www/onlyoffice/documentserver/server/DocService/sources/server.js
