ONLYOFFICE: instalación debian 9

Instalación de Mono

  • Instalamos dependencias
apt install apt-transport-https dirmngr
  • Incluimos la llave
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
  • Agregamos el repositorio
echo "deb https://download.mono-project.com/repo/debian stable-stretch main" | tee /etc/apt/sources.list.d/mono-official-stable.list
  • Actualizamos
apt update
  • Instalamos
apt install mono-devel

Instalación de NGINX

  • Instalamos
apt-get install nginx

Instalación de NODEJS

  • Instalamos dependencias
apt install curl
  • Ejecutamos
curl -sL https://deb.nodesource.com/setup_10.x | bash -
  • Instalamos
apt-get install -y nodejs
  • Agregamos
apt-get install -y build-essential

Instalación de MYSQL

  • Obtenemos
wget repo.mysql.com/mysql-apt-config_0.8.9-1_all.deb
  • Instalamos
dpkg -i mysql-apt-config_0.8.9-1_all.deb
  • Aceptamos
  • Actualizamos
apt update 
  • Instalamos
apt install mysql-server
  • Contraseña root
undefined
  • Lo configuramos
mysql_secure_installation
  • RESULTADO
Securing the MySQL server deployment.

Enter password for user root:

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1
Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : n

... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.

- Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!
  • Probamos conexión
mysql -u root -p

Instalar onlyoffice community server

  • LLave
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
  • Agregamos
echo "deb http://download.onlyoffice.com/repo/debian squeeze main" | tee /etc/apt/sources.list.d/onlyoffice.list
  • Actualizamos
apt-get update
  • Instalamos
apt-get install onlyoffice-communityserver
  • Nos pide la contraseña de MYSQL
  • Ingresamos el navegador
http://10.20.200.48/
  • Ingresamos los datos
  • Pas:AC2
  • Si nos da problemas de codificación:
locale-gen en_US en_US.UTF-8
dpkg-reconfigure locales 
reboot

mysql -u root -p
USE onlyoffice
select textValue from res_data where cultureTitle='ru' limit 1;
delete from res_data;
source /var/www/onlyoffice/Sql/onlyoffice.resources.sql
exit


service monoserve restart

Instalar certificados

DNS

  • Agregamos el dominio office.siua.ac.cr -> 10.20.200.48 / 181.193.87.6

PROXY

  • Creamos el archivo
nano /etc/apache2/sites-available/office.siua.ac.cr.conf
  • Contenido:
NameVirtualHost 181.193.87.6:80

<VirtualHost 181.193.87.6:80>

#************************************************************************
#******************* DATOS DEL SITIO WEB ********************************
#************************************************************************
ServerName office.siua.ac.cr
ServerAlias www.office.siua.ac.cr
ErrorLog /var/log/apache2/office_80.siua.ac.cr-error.log
CustomLog /var/log/apache2/office_80.siua.ac.cr-access.log common

#************************************************************************
#********************** DATOS DEL WEBMASTER *****************************
#************************************************************************
ServerAdmin interuniversitariadealajuela@gmail.com
Header add Author "Unidad de Gestion e Innovacion Tecnologica"

#************************************************************************
#************************** DATOS DEL REDIRECCIONAMIENTO ****************
#************************************************************************

</VirtualHost>
  • Habilitamos el sitios
a2ensite office.siua.ac.cr.conf
  • Recargamos
systemctl reload apache2
  • Ejecutamos el cerbot
certbot --installer apache
  • Editamos el archivo
nano /etc/apache2/sites-available/office.siua.ac.cr-le-ssl.conf
  • Contenido
<IfModule mod_ssl.c>
<VirtualHost 181.193.87.6:443>

#************************************************************************
#******************* DATOS DEL SITIO WEB ********************************
#************************************************************************
ServerName office.siua.ac.cr
ServerAlias www.office.siua.ac.cr
ErrorLog /var/log/apache2/office_443.siua.ac.cr-error.log
CustomLog /var/log/apache2/office_443.siua.ac.cr-access.log common

#************************************************************************
#********************** DATOS DEL WEBMASTER *****************************
#************************************************************************
ServerAdmin interuniversitariadealajuela@gmail.com
Header add Author "Unidad de Gestion e Innovacion Tecnologica"

#************************************************************************
#********************* DATOS DEL REDIRECCIONAMIENTO *********************
#************************************************************************
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine on
ProxyPass / https://10.20.200.48/
ProxyPassReverse / https://10.20.200.48/


#************************************************************************
#********************** DATOS DEL CERTIFICADO ***************************
#************************************************************************
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/office.siua.ac.cr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/office.siua.ac.cr/privkey.pem
</VirtualHost>
</IfModule>
  • Recargamos apache
systemctl reload apache2

ONLYOFFICE

  • Creamos la carpeta donde se guardan los certificados
mkdir -p /var/www/onlyoffice/Data/certs
  • Le damos permisos
chmod 777 -R /var/www/onlyoffice/Data/certs

PROXY

  • Le pasamos los certificados
scp -P 44 -r /etc/letsencrypt/live/office.siua.ac.cr/privkey.pem root@10.20.200.48:/var/www/onlyoffice/Data/certs/privkey.pem
scp -P 44 -r /etc/letsencrypt/live/office.siua.ac.cr/fullchain.pem root@10.20.200.48:/var/www/onlyoffice/Data/certs/fullchain.pem 

ONLYOFFICE

  • Abrimos el archivo de configuración:
nano /etc/nginx/sites-available/onlyoffice
  • Modificamos el servidor 80 para que diriga a 443
server {
        listen 80;
        server_name  office.siua.ac.cr;
        rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
        # Enables or disables emitting nginx version on error pages and in the "Server" response header field.
        server_tokens off;

}
  • Agregamos el servidor 443
server {

        listen 443;
        server_name  office.siua.ac.cr;
        server_tokens off;
        charset utf-8;
        ssl on;
        ssl_certificate /var/www/onlyoffice/Data/certs/fullchain.pem; # managed by Certbot
        ssl_certificate_key /var/www/onlyoffice/Data/certs/privkey.pem; # managed by Certbot


        add_header Access-Control-Allow-Origin *;

        large_client_header_buffers 4 16k;

        set $X_REWRITER_URL $the_scheme://$the_host;

        if ($http_x_rewriter_url != '') {
                set $X_REWRITER_URL $http_x_rewriter_url ;
        }

        include /etc/nginx/includes/onlyoffice-communityserver-*.conf;

}

 Instalación de Document-Server

  • Instalamos dependencias
apt-get install build-essential apt-transport-https dirmngr libstdc++6

Instalamos NGINX

apt-get install nginx

Instalamos NODEJS

  • Instalamos dependencias
apt install curl
  • Ejecutamos
curl -sL https://deb.nodesource.com/setup_10.x | bash -
  • Instalamos
apt-get install -y nodejs
  • Agregamos
apt-get install -y build-essential

 Instalamos PostgreSQL

  • Instalamos
apt-get install postgresql
  • Le indicamos que inicie
systemctl start postgresql
  • Vemos el estado
systemctl status postgresql
  • Para logearnos
su - postgres
  • Ingresamos a la consola
psql
  • Modificamos la contraseña de administrador
ALTER USER postgres PASSWORD 'HB3';
  • Salimos
CTRL+D
  • Abrimos un nuevo cliente
 psql -U postgres -h localhost -W 

(HB3)
  • Creamos la base de datos
CREATE DATABASE onlyoffice;
  • Creamos el usuario
CREATE USER onlyoffice PASSWORD 'HB0';




  •  Le damos permisos
GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;
  • Salimos
CTRL+D

Instalamos REDIS

apt-get install redis-server

Instalamos Rabbitmq

apt-get install rabbitmq-server

Instalamos NPM y NGINX-EXTRAS

apt-get install npm nginx-extras

Instalar Document Server

  • Llave
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
  • Agregar el repositorio
echo "deb http://download.onlyoffice.com/repo/debian squeeze main" | tee /etc/apt/sources.list.d/onlyoffice.list
  • Actualizar
apt-get update
  • Instalar
apt-get install onlyoffice-documentserver
  • Solicita la contraseña de usuario de base de datos onlyoffice (HB3)
  • Si nos da error al instalar
psql: FATAL:  password authentication failed for user "onlyoffice"
  • Correguimos con:
echo RESET onlyoffice/db-user | debconf-communicate onlyoffice-documentserver
echo RESET onlyoffice/db-pwd | debconf-communicate onlyoffice-documentserver
dpkg --configure onlyoffice-documentserver
  • Ya podemos ir al navegador
http://10.20.200.49/welcome/

Creación de certificado Letsencrypt

PROXY

  • Creamos en los DNS el dominio: document.siua.ac.cr -> 10.20.200.49/181.193.87.6
  • Creamos el archivo
nano /etc/apache2/sites-available/document.siua.ac.cr.conf
  • Contenido
NameVirtualHost 181.193.87.6:80

<VirtualHost 181.193.87.6:80>

        #************************************************************************
        #******************* DATOS DEL SITIO WEB ********************************
        #************************************************************************
        ServerName document.siua.ac.cr
        ServerAlias www.document.siua.ac.cr
        ErrorLog /var/log/apache2/document_80.siua.ac.cr-error.log
        CustomLog /var/log/apache2/document_80.siua.ac.cr-access.log common

        #************************************************************************
        #********************** DATOS DEL WEBMASTER *****************************
        #************************************************************************
        ServerAdmin interuniversitariadealajuela@gmail.com
        Header add Author "Unidad de Gestion e Innovacion Tecnologica"

        #************************************************************************
        #************************** DATOS DEL REDIRECCIONAMIENTO ****************
        #************************************************************************

</VirtualHost>
  • Lo habilitamos
a2ensite document.siua.ac.cr.conf 




  • Reiniciamos apache
systemctl reload apache2
  • Mandamos a crear el certificado
certbot --installer apache
  • Editamos el archivo
nano /etc/apache2/sites-available/document.siua.ac.cr-le-ssl.conf
  • Remplazamos todo el contenido por:
<IfModule mod_ssl.c>
<VirtualHost 181.193.87.6:443>

#************************************************************************
#******************* DATOS DEL SITIO WEB ********************************
#************************************************************************
ServerName document.siua.ac.cr
ServerAlias www.document.siua.ac.cr
ErrorLog /var/log/apache2/document_443.siua.ac.cr-error.log
CustomLog /var/log/apache2/document_443.siua.ac.cr-access.log common

#************************************************************************
#********************** DATOS DEL WEBMASTER *****************************
#************************************************************************
ServerAdmin interuniversitariadealajuela@gmail.com
Header add Author "Unidad de Gestion e Innovacion Tecnologica"

#************************************************************************
#********************* DATOS DEL REDIRECCIONAMIENTO *********************
#************************************************************************
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine on
ProxyPass / https://10.20.200.49/
ProxyPassReverse / https://10.20.200.49/


#************************************************************************
#********************** DATOS DEL CERTIFICADO ***************************
#************************************************************************
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/document.siua.ac.cr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/document.siua.ac.cr/privkey.pem
</VirtualHost>
</IfModule>
  • Reiniciamos apache
systemctl reload apache2

Servidor DOCUMENT

  • Creamos una carpeta para almacenar los certificados
mkdir /var/www/onlyoffice/Data/certs
  • Le damos permisos
chmod 777 -R /var/www/onlyoffice/Data/certs

PROXY

  • Le pasamos los certificados
scp -P 44 -r /etc/letsencrypt/live/document.siua.ac.cr/fullchain.pem root@10.20.200.49:/var/www/onlyoffice/Data/certs/fullchain.pem 

scp -P 44 -r /etc/letsencrypt/live/document.siua.ac.cr/privkey.pem root@10.20.200.49:/var/www/onlyoffice/Data/certs/privkey.pem

DOCUMENT

  • Detenemos el servicio
service nginx stop
  • Copiamos la plantilla
cp -f /etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver-ssl.conf.template /etc/nginx/conf.d/onlyoffice-documentserver.conf
  • Abrimos
nano /etc/nginx/conf.d/onlyoffice-documentserver.conf
  • Editamos
include /etc/nginx/includes/onlyoffice-http.conf;

## Normal HTTP host
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
server_name _;
server_tokens off;

## Redirects all traffic to the HTTPS host
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
rewrite ^ https://$host$request_uri? permanent;
}

#HTTP host for internal services
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name localhost;
server_tokens off;

include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
}

## HTTPS host
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
server_tokens off;
root /usr/share/nginx/html;

## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /var/www/onlyoffice/Data/certs/fullchain.pem;
ssl_certificate_key /var/www/onlyoffice/Data/certs/privkey.pem;
ssl_verify_client off;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

include /etc/nginx/includes/onlyoffice-documentserver-*.conf;

}
  • Iniciamos el servicio
service nginx start

 Integrar a NEXTCLOUD

  • Ingresamos por ssh a nuestro servidor NEXTCLOUD
  • Instalamos si no lo tenemos la app
cd /var/www/html/SIUA/apps/
git clone https://github.com/ONLYOFFICE/onlyoffice-owncloud.git onlyoffice
  • Ingresamos a la aplicación como administrador y habilitamos la apps
  • Ingresamos a Configuración->Administración->ONLYOFFICE
  • Si nos da error de javascript «Allfonts.js» not Found
nano /var/log/onlyoffice/documentserver/nginx.error.log
  • Instalamos
apt install sudo
  • Ejecutamos
documentserver-generate-allfonts.sh
  • Verificamos que ya exista el archivo
ls /var/www/onlyoffice/documentserver/sdkjs/common