Create your own online office with Nextcloud
TL;DR
Nextcloud is the opensource solution that allows you to turn many devices into your own online storage solution (like Dropbox). But not only that because thanks to many apps you can expand functionality and create your own online office solution, such as Microsoft’s Office 365 or Google’s Drive.
In this quick guide I have attempted to describe the steps to obtain a basic instance of Nextcloud and take advantage of ONLYOFFICE to be able to edit documents online. This is all made available via Traefik reverse proxy, so as to ensure a secure connection via https.
All necessary files are available on my GitHub repository.
Requirements
It is not possible in a single article to show all the details related to the various systems; some basic knowledge is required.
- Linux system with Docker and administrative rights
- basic configuration of Traefik (guide)
- two subdomains pointing to the Traefik instance, for example drive.example.com and office.example.com. If Nextcloud is to be reachable from the Internet, both domains must be reachable.
Nextcloud
WARNING: follow the steps as they are given. If the configuration file is created the docker variables are no longer processed.
The first step after configuring Traefik with access to the network
net_nextcloudBefore creating the Nextcloud container and its database, you must complete all the variables in the
.env
...
NEXTCLOUD_TRUSTED_DOMAINS="drive.example.com drive.example2.com"
NEXTCLOUD_TRUSTED_PROXIES=172.20.0.3/32
NEXTCLOUD_DB_PASSWORD=Super$ecretPassword12345
...
- The value of the
NEXTCLOUD_TRUSTED_PROXIESfield can be found with the following command. In the result of the executed command, look for the ip address of the networkxyz_net_nextcloudand add/32
sudo docker inspect reverse-proxy
- Now you can create the Nextcloud container and its database with the command
sudo docker-compose up -d nextcloud
- By accessing the domain
https://drive.example.comyou can check whether Nextcloud is working properly
Steps to perform after creating the Nextcloud container
Assuming your Nextcloud is reachable you can proceed with the next steps. The following steps are not required, but recommended by Nextcloud.
Phone area code
Under the settings in the Summary menu appears a warning asking you to add the default condice for your region, this step (cannot be done via docker-compose) and requires a manual addition to the config.php configuration file.
You can add the code with the following command, or add the key default_phone_region and its value to the configuration file.
sudo docker-compose exec --user www-data nextcloud php occ config:system:set default_phone_region --value="CH"
Install php-imagick
Also in the Summary menu under settings a message appears for missing php-imagick library. Run the following commands to resolve the message.
sudo docker-compose exec nextcloud apt -y update
sudo docker-compose exec nextcloud apt -y install libmagickcore-6.q16-6-extra
Add an email server
The last message that appears in the Summary menu requires a server to be entered in order to send notifications to administrators or password reset for users.
Activate cron jobs with uptime-kuma
This is perhaps the only useful setting to perform, but I cannot fully describe the solution here. I have taken advantage of a service already available in my docker: uptime-kuma (see guide).
ONLYOFFICE
- Now that Nexcloud is running you can proceed with the creation of the ONLYOFFICE server , with the command:
sudo docker-compose up -d onlyoffice
- Check that the ONLYOFFICE server is working, try connecting to the address:
https://office.example.com. If a page of ONLYOFFICE appears, everything is okay.
Connect Nextcloud to the ONLYOFFICE server
In Nextcloud one has to install an app from the store to be able to open office documents directly in Nextcloud. To do this you have to open the store by clicking on the top right and click on + Applications and then search for ONLYOFFICE. Click on download and install and then go to settings.
In the ONLYOFFICE tab on the left and enter the values in these fields:
- ONLYOFFICE DOCS address: https://office.example.com
- open advanced settings
- address for internal requests: https://office.example.com
- save
In the file screen you can open a .docx document or others to test whether ONLYOFFICE is working properly.
WARNING: the ONLYOFFICE server must also be reachable through the Internet if you want to use Nextcloud and ONLYOFFICE outside your home network.
Update (23.9.2022)
With the latest update of ONLYOFFICE server it is necessary to configure a token with the variable JWT_SECRET. The same value must be configured in Nextcloud in the ONLYOFFICE settings.
docker-compose
nextcloud:
image: nextcloud:latest
container_name: nextcloud
networks:
- net_nextcloud
- net_nextcloud_db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.nextcloud.rule=Host(`drive.${DOMAIN}`)'
- 'traefik.http.routers.nextcloud.entrypoints=web-secure'
- 'traefik.http.routers.nextcloud.tls=true'
- "traefik.http.routers.nextcloud.tls.certresolver=certificato"
- "traefik.http.routers.nextcloud.tls.domains[0].main=*.${DOMAIN}"
- "traefik.http.routers.nextcloud.service=nextclouddService"
- "traefik.http.services.nextclouddService.loadBalancer.server.port=80"
- "traefik.http.routers.nextcloud.middlewares=nc-rep,nc-header"
- "traefik.http.middlewares.nc-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nc-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
- "traefik.http.middlewares.nc-rep.redirectregex.permanent=true"
- "traefik.http.middlewares.nc-header.headers.frameDeny=true"
- "traefik.http.middlewares.nc-header.headers.sslRedirect=true"
- "traefik.http.middlewares.nc-header.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.nc-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.nc-header.headers.stsPreload=true"
- "traefik.http.middlewares.nc-header.headers.stsSeconds=31536000"
- "traefik.http.middlewares.nc-header.headers.referrerPolicy=same-origin"
- "traefik.http.middlewares.nc-header.headers.browserXssFilter=true"
- "traefik.http.middlewares.nc-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.nc-header.headers.customResponseHeaders.X-Robots-Tag=none"
- "traefik.http.middlewares.nc-header.headers.customFrameOptionsValue=SAMEORIGIN"
- "traefik.docker.network=net_nextcloud"
volumes:
- /path/to/docker/nextcloud/data:/var/www/html
environment:
- NEXTCLOUD_TRUSTED_DOMAINS=${NEXTCLOUD_TRUSTED_DOMAINS}
- APACHE_DISABLE_REWRITE_IP=1
- TRUSTED_PROXIES=${NEXTCLOUD_TRUSTED_PROXIES}
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
- MYSQL_HOST=nextcloud-db
- OVERWRITEPROTOCOL=https
#- DEFAULT_PHONE_REGION=CH not working see: https://github.com/nextcloud/docker/issues/1465
depends_on:
- nextcloud-db
restart: unless-stopped
nextcloud-db:
container_name: nextcloud-db
image: mariadb
networks:
- net_nextcloud_db
environment:
MYSQL_DATABASE: nextcloud
MYSQL_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
MYSQL_USER: nextcloud
MYSQL_ROOT_PASSWORD: ${NEXTCLOUD_DB_PASSWORD}
TZ: ${TIME_ZONE_ZUERICH}
logging:
driver: "none"
restart: unless-stopped
volumes:
- /path/to/docker/nextcloud/db/:/var/lib/mysql
onlyoffice:
image: onlyoffice/documentserver
container_name: onlyoffice
networks:
- net_nextcloud
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.onlyoffice.rule=Host(`office.${DOMAIN}`)'
- 'traefik.http.routers.onlyoffice.entrypoints=web-secure'
- 'traefik.http.routers.onlyoffice.tls=true'
- "traefik.http.routers.onlyoffice.tls.certresolver=certificato"
- "traefik.http.routers.onlyoffice.tls.domains[0].main=*.${DOMAIN}"
- "traefik.http.routers.onlyoffice.service=onlyofficeService"
- "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers"
- "traefik.http.services.onlyofficeService.loadBalancer.server.port=80"
- "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist=*"
- "traefik.docker.network=net_nextcloud"
environment:
- JWT_SECRET=${ONLYOFFICE_SECRET}
restart: unless-stopped
Crediti foto: Pix4free