After installing and configuring the community version of this package, I was faced with the fact that there are no official recommendations on how to generate and run this complex over a secure Protocol using a certificate from Letsencrypt. This short tutorial will help you get a certificate in 5-10 minutes without any complicated body movements.
So, let’s go through the steps.
I did everything on an Ubuntu 18.04 system running in VM mode on a Proxmox host machine. This VM was not the only one in the pool of this host, so if someone needs it, I can give my config of a working solution for the reverse proxy HAPROXY
Stop all containers with a single command
docker stop $(docker ps -a -q)
We will remove certbot from the system (if you have one, although if you put Onlyoffice on a clean system, it should not be there in principle)
Go to the official website https://certbot.eff.org/ and in the drop-down menu, set the necessary parameters as shown in the screenshot:
3.1 If someone is too lazy or hasn’t figured it out go straight to the ready link https://certbot.eff.org/lets-encrypt/ubuntubionic-other Follow the instructions from step 1 to step 7 on this page. Let me remind you that in the process, follow the link – you will need to install the snapd package.it won’t work without it. Just do it and everything will work without further ADO.
Let’s run certbot certonly –standalone in the console from root sitename.ru (instead of sitename.ru specify the domain where your office server will be visible from the Internet)
4.1 If everything goes OK , you will receive a message that the certificates have been generated and are located on your server at:
4.2 next, rename and move the received certificates to the appropriate folder
cp /etc/letsencrypt/live/sitename.ru/fullchain.pem app/onlyoffice/CommunityServer/data/certs/onlyoffice.crt
cp /etc/letsencrypt/live/sitename.ru/privkey.pem /app/onlyoffice/CommunityServer/data/certs/onlyoffice.key
Restart the server with the office command shutdown-r now So it will be more reliable and for sure all the services will start themselves, because the package itself is very large and tied to related services, it is better to restart it entirely and not start Docker containers one at a time, so there is less chance that some did not start.
Basically everything. Now by going to sitename.ru you should get to the correct document management portal.
Finally, it is highly advisable to go to the office admin panel and check:
The system picked up your domain:
You have registered a domain name in the settings sitename.ru -otherwise, messages from this package will contain an invalid address of the following type: https://iuyhgi8798ygiknqwq – such an address is either fictitious or assigned by the name of the Docker container – so neither go to the site, nor download documents-nothing. Here is such a whimsical package.
From the problems that have not yet been resolved: how do I actually renew my certificates? I know how to renew them – a lot of material has been written on this topic on the Internet – but I haven’t figured out how to automate their renaming and transfer to the depths of directories on the server yet. If the community will help with practical advice, then please write in the comments or in the personal account, I will add it to the text of the main article.
That’s all, let me take my leave.