1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
|
#!/bin/bash
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
# shellcheck disable=2034,2059
true
SCRIPT_NAME="OnlyOffice (Docker)"
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Nextcloud 13 is required.
lowest_compatible_nc 13
# Test RAM size (2GB min) + CPUs (min 2)
ram_check 2 OnlyOffice
cpu_check 2 OnlyOffice
# Check if Nextcloud is installed with TLS
check_nextcloud_https "OnlyOffice (Docker)"
# Remove OnlyOffice-documentserver if activated
if is_app_enabled documentserver_community
then
any_key "The integrated OnlyOffice Documentserver will get uninstalled. Press any key to continue. Press CTRL+C to abort"
occ_command app:remove documentserver_community
fi
# Check if collabora is already installed
print_text_in_color "$ICyan" "Checking if Onlyoffice Docker is already installed..."
if does_this_docker_exist 'onlyoffice/documentserver'
then
choice=$(whiptail --title "$TITLE" --menu "It seems like 'Onlyoffice Docker' is already installed.\nChoose what you want to do." "$WT_HEIGHT" "$WT_WIDTH" 4 \
"Reinstall Onlyoffice Docker" "" \
"Uninstall Onlyoffice Docker" "" 3>&1 1>&2 2>&3)
case "$choice" in
"Uninstall Onlyoffice Docker")
print_text_in_color "$ICyan" "Uninstalling Onlyoffice Docker..."
# Check if Collabora is previously installed
# If yes, then stop and prune the docker container
docker_prune_this 'onlyoffice/documentserver'
# Revoke LE
SUBDOMAIN=$(input_box "Please enter the subdomain you are using for Onlyoffice Docker, e.g: office.yourdomain.com")
if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ]
then
yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem"
REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")"
for remove in $REMOVE_OLD
do rm -rf "$remove"
done
fi
# Remove Apache2 config
if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ]
then
a2dissite "$SUBDOMAIN".conf
restart_webserver
rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf"
fi
# Disable RichDocuments (Collabora App) if activated
if is_app_installed onlyoffice
then
occ_command app:remove onlyoffice
fi
# Remove trusted domain
count=0
while [ "$count" -lt 10 ]
do
if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ]
then
occ_command_no_check config:system:delete trusted_domains "$count"
break
else
count=$((count+1))
fi
done
msg_box "Onlyoffice Docker was successfully uninstalled."
exit
;;
"Reinstall Onlyoffice Docker")
print_text_in_color "$ICyan" "Reinstalling Onlyoffice Docker..."
# Check if Collabora is previously installed
# If yes, then stop and prune the docker container
docker_prune_this 'onlyoffice/documentserver'
;;
*)
;;
esac
else
print_text_in_color "$ICyan" "Installing Onlyoffice Docker..."
fi
# Check if collabora is installed and remove every trace of it
if does_this_docker_exist 'collabora/code'
then
msg_box "You can't run both Collabora and OnlyOffice on the same VM. We will now remove Collabora from the server."
# Remove docker image
docker_prune_this 'collabora/code'
# Revoke LE
SUBDOMAIN=$(input_box "Please enter the subdomain you are using for Collabora, e.g: office.yourdomain.com")
if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ]
then
yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem"
REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")"
for remove in $REMOVE_OLD
do rm -rf "$remove"
done
fi
# Remove Apache2 config
if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ]
then
a2dissite "$SUBDOMAIN".conf
restart_webserver
rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf"
fi
# Disable Collabora App if activated
if is_app_installed richdocuments
then
occ_command app:remove richdocuments
fi
# Remove trusted domain
count=0
while [ "$count" -lt 10 ]
do
if [ "$(occ_command_no_check config:system:get trusted_domains "$count")" == "$SUBDOMAIN" ]
then
occ_command_no_check config:system:delete trusted_domains "$count"
break
else
count=$((count+1))
fi
done
fi
# Check if apache2 evasive-mod is enabled and disable it because of compatibility issues
if [ "$(apache2ctl -M | grep evasive)" != "" ]
then
msg_box "We noticed that 'mod_evasive' is installed which is the DDOS protection for webservices. It has comptibility issues with OnlyOffice and you can now choose to disable it."
if ! yesno_box_yes "Do you want to disable DDOS protection?"
then
print_text_in_color "$ICyan" "Keeping mod_evasive active."
else
a2dismod evasive
# a2dismod mod-evasive # not needed, but existing in the Extra Security script.
apt-get purge libapache2-mod-evasive -y
systemctl restart apache2
fi
fi
# OnlyOffice URL (onlyoffice.sh)
SUBDOMAIN=$(input_box "OnlyOffice subdomain e.g: office.yourdomain.com\n\nNOTE: This domain must be different than your Nextcloud domain. They can however be hosted on the same server, but would require seperate DNS entries.")
# Nextcloud Main Domain (onlyoffice.sh)
NCDOMAIN=$(occ_command_no_check config:system:get overwrite.cli.url | sed 's|https://||;s|/||')
# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
NC_UPDATE=1 . <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
unset NC_UPDATE
# Notification
msg_box "Before you start, please make sure that port 80+443 is directly forwarded to this machine!"
# Get the latest packages
apt update -q4 & spinner_loading
# Check if Nextcloud is installed
print_text_in_color "$ICyan" "Checking if Nextcloud is installed..."
if ! curl -s https://"$NCDOMAIN"/status.php | grep -q 'installed":true'
then
msg_box "It seems like Nextcloud is not installed or that you don't use https on:
$NCDOMAIN.
Please install Nextcloud and make sure your domain is reachable, or activate TLS
on your domain to be able to run this script.
If you use the Nextcloud VM you can use the Let's Encrypt script to get TLS and activate your Nextcloud domain.
When TLS is activated, run these commands from your terminal:
sudo curl -sLO $APP/onlyoffice_docker.sh
sudo bash onlyoffice_docker.sh"
exit 1
fi
# Check if $SUBDOMAIN exists and is reachable
print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..."
domain_check_200 "$SUBDOMAIN"
# Check open ports with NMAP
check_open_port 80 "$SUBDOMAIN"
check_open_port 443 "$SUBDOMAIN"
# Install Docker
install_docker
# Install Onlyoffice docker
docker pull onlyoffice/documentserver:latest
docker run -i -t -d -p 127.0.0.3:9090:80 --restart always --name onlyoffice onlyoffice/documentserver
# Licensed version
# https://helpcenter.onlyoffice.com/server/integration-edition/docker/docker-installation.aspx
# docker run -i -t -d -p 127.0.0.3:9090:80 --restart=always --name onlyoffice \
# -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver-ie
# Install apache2
install_if_not apache2
# Enable Apache2 module's
a2enmod proxy
a2enmod proxy_wstunnel
a2enmod proxy_http
a2enmod ssl
a2enmod headers
if [ -f "$HTTPS_CONF" ]
then
a2dissite "$SUBDOMAIN.conf"
rm -f "$HTTPS_CONF"
fi
# Create Vhost for OnlyOffice Docker online in Apache2
if [ ! -f "$HTTPS_CONF" ];
then
cat << HTTPS_CREATE > "$HTTPS_CONF"
<VirtualHost *:443>
ServerName $SUBDOMAIN:443
SSLEngine on
ServerSignature On
SSLHonorCipherOrder on
SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem
SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem
SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem
SSLOpenSSLConfCmd DHParameters $DHPARAMS_SUB
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
# Just in case - see below
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# Improve security settings
Header set X-XSS-Protection "1; mode=block"
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header set X-Content-Type-Options nosniff
Header set Content-Security-Policy "frame-ancestors 'self' $NCDOMAIN"
# contra mixed content warnings
RequestHeader set X-Forwarded-Proto "https"
# basic proxy settings
ProxyRequests off
ProxyPassMatch (.*)(\/websocket)$ "ws://127.0.0.3:9090/$1$2"
ProxyPass / "http://127.0.0.3:9090/"
ProxyPassReverse / "http://127.0.0.3:9090/"
<Location />
ProxyPassReverse /
</Location>
</VirtualHost>
HTTPS_CREATE
if [ -f "$HTTPS_CONF" ];
then
print_text_in_color "$IGreen" "$HTTPS_CONF was successfully created."
sleep 1
else
print_text_in_color "$IRed" "Unable to create vhost, exiting..."
print_text_in_color "$IRed" "Please report this issue here $ISSUES"
exit 1
fi
fi
# Install certbot (Let's Encrypt)
install_certbot
# Generate certs
if generate_cert "$SUBDOMAIN"
then
# Generate DHparams chifer
if [ ! -f "$DHPARAMS_SUB" ]
then
openssl dhparam -dsaparam -out "$DHPARAMS_SUB" 4096
fi
print_text_in_color "$IGreen" "Certs are generated!"
a2ensite "$SUBDOMAIN.conf"
restart_webserver
# Install OnlyOffice
install_and_enable_app onlyoffice
else
print_text_in_color "$IRed" "It seems like no certs were generated, please report this issue here: $ISSUES"
any_key "Press any key to continue... "
restart_webserver
fi
# Set config for OnlyOffice
if [ -d "$NC_APPS_PATH"/onlyoffice ]
then
occ_command config:app:set onlyoffice DocumentServerUrl --value=https://"$SUBDOMAIN/"
chown -R www-data:www-data "$NC_APPS_PATH"
occ_command config:system:set trusted_domains 3 --value="$SUBDOMAIN"
# Add prune command
add_dockerprune
# Restart Docker
systemctl restart docker.service
docker restart onlyoffice
print_text_in_color "$IGreen" "OnlyOffice Docker is now successfully installed."
any_key "Press any key to continue... "
fi
exit
|