OnlyOffice

From version 6.1.0+ on (including CE), Seafile supports OnlyOffice to view/edit office files online. In order to use OnlyOffice, you must first deploy an OnlyOffice server.

Info for clusters

In a cluster setup we recommend a dedicated DocumentServer host or a DocumentServer Cluster on a different subdomain.
Technically it works also via subfolder if the loadbalancer can handle folder for loadbalancing.

For most users we recommend to deploy the documentserver in a docker image locally and provide it via a subfolder.

Benefits:

  • no additional server required
  • no additional subdomain required
  • no additional SSL certificate required
  • easy and quick deployment
  • easy management

Summary

Deployment of DocumentServer via SUBDOMAIN

URL example: https://onlyoffice.domain.com

  • Subdomain
  • DNS record for subdomain
  • SSL certificate (LE works also)

For a quick and easy installation, we suggest you use ONLYOFFICE/Docker-DocumentServer for a subdomain installation. Just follow the guide in the OnlyOffice documentation.

Test that DocumentServer is running via SUBDOMAIN

After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: http{s}://{your Seafile Server's domain or IP}/welcome, you will get Document Server is running info at this page.

Configure Seafile Server for SUBDOMAIN

Add the following config option to seahub_settings.py.

  1. # Enable Only Office
  2. ENABLE_ONLYOFFICE = True
  3. VERIFY_ONLYOFFICE_CERTIFICATE = False
  4. ONLYOFFICE_APIJS_URL = 'http{s}://{your OnlyOffice server's domain or IP}/web-apps/apps/api/documents/api.js'
  5. ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods')
  6. ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx')

Then restart the Seafile Server

  1. ./seafile.sh restart
  2. ./seahub.sh restart
  4. # or
  5. service seafile-server restart

When you click on a document you should see the new preview page.

Deployment of DocumentServer via SUBFOLDER

URL example: https://seafile.domain.com/onlyofficeds

  • Local proxy to subfolder on already existing Seafile Server (sub)domain.
  • SSL via Seafile Server domain, no additional certificate required !

Do NOT CHANGE the SUBFOLDER if not absolutely required for some reason!

The subfolder page is only important for communication between Seafile and the DocumentServer, there is nothing except the welcome page (e.g. no overview or settings). Users will need access to it though for the OnlyOffice document server editor to work properly.

/onlyoffice/ cannot be used as subfolder as this path is used for communication between Seafile and Document Server !

The following guide shows how to deploy the OnlyOffice Document server locally.
It is based on the “ONLYOFFICE/Docker-DocumentServer” documentation.

Requirements for OnlyOffice DocumentServer via Docker
https://github.com/ONLYOFFICE/Docker-DocumentServer#recommended-system-requirements

Install Docker

Ubuntu, Debian, CentOS

Deploy OnlyOffice DocumentServer Docker image

This downloads and deploys the DocumentServer on the local port 88.

Debian 8

  1. docker run -i -t -d -p 88:80 --restart=always --name oods onlyoffice/documentserver

Ubuntu 16.04

  1. docker run -dit -p 88:80 --restart always --name oods onlyoffice/documentserver

Nothing yet confirmed on CentOS 7, you may try any of the above commands, they may work also.

EXAMPLE: Debian Docker container with MEMORY LIMITS

In Debian 8 you first have to change some settings in the grub config to support memory limits for docker. 

  1. # Edit /etc/default/grub
  2. # Add the following options
  3. GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"
  5. # Update Grub2 and reboot
  6. update-grub2 && reboot

Now you can start the docker image with memory limits.
docker run -i -t -d -p 88:80 --restart=always --memory "6g" --memory-swap="6g" --name oods onlyoffice/documentserver

These limits are above the minimum recommendation (4G RAM/2GB SWAP) so the DocumentServer’s performance keeps up, while multiple users edit documents. Docker SWAP works different from machine SWAP, check the docker documentation.

Docker documentation

If you have any issues please check the docker documentation.

Auto-starting the docker image.

If you wish to limit the resources that docker uses check the docker documentation.

Configure Webserver

Configure Nginx

Variable mapping

Add the following configuration to your seafile nginx .conf file (e.g. /etc/ngnix/conf.d/seafile.conf) out of the server directive. These variables are to be defined for the DocumentServer to work in a subfolder.

  1. # Required for only office document server
  2. map $http_x_forwarded_proto $the_scheme {
  3.         default $http_x_forwarded_proto;
  4.         "" $scheme;
  5.     }
  7. map $http_x_forwarded_host $the_host {
  8.         default $http_x_forwarded_host;
  9.         "" $host;
  10.     }
  12. map $http_upgrade $proxy_connection {
  13.         default upgrade;
  14.         "" close;
  15.     }

Proxy server settings subfolder

Add the following configuration to your seafile nginx .conf file (e.g. /etc/ngnix/conf.d/seafile.conf) within the server directive.

  2. ...   
  3. location /onlyofficeds/ {
  5.         # THIS ONE IS IMPORTANT ! - Trailing slash !
  6.         proxy_pass http://{your Seafile server's domain or IP}:88/;
  8.         proxy_http_version 1.1;
  9.         client_max_body_size 100M; # Limit Document size to 100MB
  10.         proxy_read_timeout 3600s;
  11.         proxy_connect_timeout 3600s;
  12.         proxy_set_header Upgrade $http_upgrade;
  13.         proxy_set_header Connection $proxy_connection;
  15.         # THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
  16.         proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
  18.         proxy_set_header X-Forwarded-Proto $the_scheme;
  19.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  20.     }
  21. ...

Configure Apache

BETA - Requires further testing!

Add the following configuration to your seafile apache config file (e.g. sites-enabled/seafile.conf) outside the <VirtualHost > directive.

  1. ...
  3. LoadModule authn_core_module modules/mod_authn_core.so
  4. LoadModule authz_core_module modules/mod_authz_core.so
  5. LoadModule unixd_module modules/mod_unixd.so
  6. LoadModule proxy_module modules/mod_proxy.so
  7. LoadModule proxy_http_module modules/mod_proxy_http.so
  8. LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
  9. LoadModule headers_module modules/mod_headers.so
  10. LoadModule setenvif_module modules/mod_setenvif.so
  12. <IfModule unixd_module>
  13.   User daemon
  14.   Group daemon
  15. </IfModule>
  17. ...

Add the following configuration to your seafile apache config file (e.g. sites-enabled/seafile.conf) inside the <VirtualHost > directive at the end.

  1. ...
  3. Define VPATH /onlyofficeds
  4. Define DS_ADDRESS {your Seafile server's domain or IP}:88
  6. ...
  8. <Location ${VPATH}>
  9.   Require all granted
  10.   SetEnvIf Host "^(.*)$" THE_HOST=$1
  11.   RequestHeader setifempty X-Forwarded-Proto http
  12.   RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
  13.   RequestHeader edit X-Forwarded-Host (.*) $1${VPATH}
  14.   ProxyAddHeaders Off
  15.   ProxyPass "http://${DS_ADDRESS}/"
  16.   ProxyPassReverse "http://${DS_ADDRESS}/"
  17. </Location>
  19. ...

Test that DocumentServer is running via SUBFOLDER

After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: http{s}://{your Seafile Server's domain or IP}/{your subdolder}/welcome, you will get Document Server is running info at this page.

Configure Seafile Server for SUBFOLDER

Add the following config option to seahub_settings.py:

  1. # Enable Only Office
  2. ENABLE_ONLYOFFICE = True
  3. VERIFY_ONLYOFFICE_CERTIFICATE = True
  4. ONLYOFFICE_APIJS_URL = 'http{s}://{your Seafile server's domain or IP}/{your subdolder}/web-apps/apps/api/documents/api.js'
  5. ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods')
  6. ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx')

Then restart the Seafile Server

  1. ./seafile.sh restart
  2. ./seahub.sh restart
  4. # or
  5. service seafile-server restart

When you click on a document you should see the new preview page.

Complete Nginx config EXAMPLE

Complete nginx config file (e.g. /etc/nginx/conf.d/seafile.conf) based on Seafile Server V6.1 including OnlyOffice DocumentServer via subfolder.

  1. # Required for OnlyOffice DocumentServer
  2. map $http_x_forwarded_proto $the_scheme {
  3.     default $http_x_forwarded_proto;
  4.     "" $scheme;
  5. }
  7. map $http_x_forwarded_host $the_host {
  8.     default $http_x_forwarded_host;
  9.     "" $host;
  10. }
  12. map $http_upgrade $proxy_connection {
  13.     default upgrade;
  14.     "" close;
  15. }
  17. server {
  18.         listen       80;
  19.         server_name  seafile.domain.com;
  20.         rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
  21.         server_tokens off;
  22. }
  24. server {
  25.         listen 443 http2;
  26.         ssl on;
  27.         ssl_certificate /etc/ssl/cacert.pem;        # path to your cacert.pem
  28.         ssl_certificate_key /etc/ssl/privkey.pem;    # path to your privkey.pem
  29.         server_name seafile.domain.com;
  30.         proxy_set_header X-Forwarded-For $remote_addr;
  31.         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
  32.         server_tokens off;
  34.     #
  35.     # seahub
  36.     #
  37.     location / {
  38.         fastcgi_pass    127.0.0.1:8000;
  39.         fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
  40.         fastcgi_param   PATH_INFO           $fastcgi_script_name;
  42.         fastcgi_param   SERVER_PROTOCOL        $server_protocol;
  43.         fastcgi_param   QUERY_STRING        $query_string;
  44.         fastcgi_param   REQUEST_METHOD      $request_method;
  45.         fastcgi_param   CONTENT_TYPE        $content_type;
  46.         fastcgi_param   CONTENT_LENGTH      $content_length;
  47.         fastcgi_param   SERVER_ADDR         $server_addr;
  48.         fastcgi_param   SERVER_PORT         $server_port;
  49.         fastcgi_param   SERVER_NAME         $server_name;
  50.         fastcgi_param   REMOTE_ADDR         $remote_addr;
  51.         fastcgi_param   HTTPS               on;
  52.         fastcgi_param   HTTP_SCHEME         https;
  54.         access_log      /var/log/nginx/seahub.access.log;
  55.         error_log       /var/log/nginx/seahub.error.log;
  56.         fastcgi_read_timeout 36000;
  57.         client_max_body_size 0;
  58.     }
  60.     #
  61.     # seafile
  62.     #
  63.     location /seafhttp {
  64.         rewrite ^/seafhttp(.*)$ $1 break;
  65.         proxy_pass http://127.0.0.1:8082;
  66.         client_max_body_size 0;
  67.         proxy_connect_timeout  36000s;
  68.         proxy_read_timeout  36000s;
  69.         proxy_send_timeout  36000s;
  70.         send_timeout  36000s;
  71.     }
  73.     location /media {
  74.         root /home/user/haiwen/seafile-server-latest/seahub;
  75.     }
  77.     #
  78.     # seafdav (webdav)
  79.     #
  80.     location /seafdav {
  81.         fastcgi_pass    127.0.0.1:8080;
  82.         fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
  83.         fastcgi_param   PATH_INFO           $fastcgi_script_name;
  84.         fastcgi_param   SERVER_PROTOCOL     $server_protocol;
  85.         fastcgi_param   QUERY_STRING        $query_string;
  86.         fastcgi_param   REQUEST_METHOD      $request_method;
  87.         fastcgi_param   CONTENT_TYPE        $content_type;
  88.         fastcgi_param   CONTENT_LENGTH      $content_length;
  89.         fastcgi_param   SERVER_ADDR         $server_addr;
  90.         fastcgi_param   SERVER_PORT         $server_port;
  91.         fastcgi_param   SERVER_NAME         $server_name;
  92.         fastcgi_param   HTTPS               on;
  93.         client_max_body_size 0;
  94.         access_log      /var/log/nginx/seafdav.access.log;
  95.         error_log       /var/log/nginx/seafdav.error.log;
  96.     }
  98.     #
  99.     # onlyofficeds
  100.     #
  101.     location /onlyofficeds/ {
  102.         # IMPORTANT ! - Trailing slash !
  103.         proxy_pass http://127.0.0.1:88/;
  105.         proxy_http_version 1.1;
  106.         client_max_body_size 100M; # Limit Document size to 100MB
  107.         proxy_read_timeout 3600s;
  108.         proxy_connect_timeout 3600s;
  109.         proxy_set_header Upgrade $http_upgrade;
  110.         proxy_set_header Connection $proxy_connection;
  112.         # IMPORTANT ! - Subfolder and NO trailing slash !
  113.         proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
  115.         proxy_set_header X-Forwarded-Proto $the_scheme;
  116.         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  117.     }
  118. }

Complete Apache config EXAMPLE

BETA - Requires further testing!

  1. LoadModule authn_core_module modules/mod_authn_core.so
  2. LoadModule authz_core_module modules/mod_authz_core.so
  3. LoadModule unixd_module modules/mod_unixd.so
  4. LoadModule proxy_module modules/mod_proxy.so
  5. LoadModule proxy_http_module modules/mod_proxy_http.so
  6. LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
  7. LoadModule headers_module modules/mod_headers.so
  8. LoadModule setenvif_module modules/mod_setenvif.so
  9. LoadModule ssl_module modules/mod_ssl.so
  11. <IfModule unixd_module>
  12.   User daemon
  13.   Group daemon
  14. </IfModule>
  16. <VirtualHost *:80>
  17.     ServerName seafile.domain.com
  18.     ServerAlias domain.com
  19.     Redirect permanent / https://seafile.domain.com
  20. </VirtualHost>
  22. <VirtualHost *:443>
  23.   ServerName seafile.domain.com
  24.   DocumentRoot /var/www
  26.   SSLEngine On
  27.   SSLCertificateFile /etc/ssl/cacert.pem
  28.   SSLCertificateKeyFile /etc/ssl/privkey.pem
  30.   ## Strong SSL Security
  31.   ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
  33.   SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
  34.   SSLProtocol All -SSLv2 -SSLv3
  35.   SSLCompression off
  36.   SSLHonorCipherOrder on
  38.   Alias /media  /home/user/haiwen/seafile-server-latest/seahub/media
  40.   <Location /media>
  41.     Require all granted
  42.   </Location>
  44.   RewriteEngine On
  46.   #
  47.   # seafile fileserver
  48.   #
  49.   ProxyPass /seafhttp http://127.0.0.1:8082
  50.   ProxyPassReverse /seafhttp http://127.0.0.1:8082
  51.   RewriteRule ^/seafhttp - [QSA,L]
  53.   #
  54.   # seahub
  55.   #
  56.   SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
  57.   SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
  58.   ProxyPass / fcgi://127.0.0.1:8000/
  60.   #
  61.   # onlyofficeds
  62.   #
  63.   Define VPATH /onlyofficeds
  64.   Define DS_ADDRESS {your Seafile server's domain or IP}:88
  66.   <Location ${VPATH}>
  67.   Require all granted
  68.   SetEnvIf Host "^(.*)$" THE_HOST=$1
  69.   RequestHeader setifempty X-Forwarded-Proto http
  70.   RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
  71.   RequestHeader edit X-Forwarded-Host (.*) $1${VPATH}
  72.   ProxyAddHeaders Off
  73.   ProxyPass "http://${DS_ADDRESS}/"
  74.   ProxyPassReverse "http://${DS_ADDRESS}/"
  75.   </Location>
  77. </VirtualHost>