OnlyOffice Document Server是一个开源的在线办公套件,支持文档、电子表格和演示文稿的协作编辑。使用Docker Compose可以快速部署和管理整个服务。
version: '3.8'
services:
onlyoffice-document-server:
image: onlyoffice/documentserver:latest
container_name: onlyoffice-document-server
restart: unless-stopped
environment:
# JWT配置(用于安全通信)
JWT_ENABLED: "true"
JWT_SECRET: "your-secret-jwt-token-change-this"
JWT_HEADER: "Authorization"
JWT_IN_BODY: "false"
# 数据库配置
DB_TYPE: "postgres"
DB_HOST: "onlyoffice-postgres"
DB_PORT: "5432"
DB_NAME: "onlyoffice"
DB_USER: "onlyoffice"
DB_PWD: "onlyoffice_pass"
# Redis配置
REDIS_SERVER_HOST: "onlyoffice-redis"
REDIS_SERVER_PORT: "6379"
# RabbitMQ配置
AMQP_SERVER_URL: "amqp://guest:guest@onlyoffice-rabbitmq:5672"
# 其他配置
WOPI_ENABLED: "true"
SERVICE_OFFICE_PORT: "8000"
ports:
- "8080:80" # 主服务端口
- "8443:443" # HTTPS端口(如果配置SSL)
volumes:
- onlyoffice_data:/var/www/onlyoffice/Data
- onlyoffice_logs:/var/log/onlyoffice
- onlyoffice_fonts:/usr/share/fonts/truetype/custom
- onlyoffice_postgres_data:/var/lib/postgresql/data
# 挂载自定义字体(可选)
# - ./fonts:/usr/share/fonts/truetype/custom
depends_on:
- onlyoffice-postgres
- onlyoffice-redis
- onlyoffice-rabbitmq
networks:
- onlyoffice-network
onlyoffice-postgres:
image: postgres:13
container_name: onlyoffice-postgres
restart: unless-stopped
environment:
POSTGRES_DB: "onlyoffice"
POSTGRES_USER: "onlyoffice"
POSTGRES_PASSWORD: "onlyoffice_pass"
volumes:
- onlyoffice_postgres_data:/var/lib/postgresql/data
networks:
- onlyoffice-network
healthcheck:
test: ["CMD-SHELL", "pg_isready -U onlyoffice"]
interval: 10s
timeout: 5s
retries: 5
onlyoffice-redis:
image: redis:6-alpine
container_name: onlyoffice-redis
restart: unless-stopped
command: redis-server --requirepass redis_pass
volumes:
- onlyoffice_redis_data:/data
networks:
- onlyoffice-network
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
onlyoffice-rabbitmq:
image: rabbitmq:3-management-alpine
container_name: onlyoffice-rabbitmq
restart: unless-stopped
environment:
RABBITMQ_DEFAULT_USER: "guest"
RABBITMQ_DEFAULT_PASS: "guest"
volumes:
- onlyoffice_rabbitmq_data:/var/lib/rabbitmq
networks:
- onlyoffice-network
healthcheck:
test: ["CMD", "rabbitmq-diagnostics", "ping"]
interval: 30s
timeout: 10s
retries: 5
networks:
onlyoffice-network:
driver: bridge
volumes:
onlyoffice_data:
onlyoffice_logs:
onlyoffice_fonts:
onlyoffice_postgres_data:
onlyoffice_redis_data:
onlyoffice_rabbitmq_data:# 创建项目目录
mkdir onlyoffice-docker && cd onlyoffice-docker
# 创建docker-compose.yml文件
nano docker-compose.yml
# 将上述配置粘贴并保存创建.env文件管理敏感信息:
# .env 文件
JWT_SECRET=your-strong-secret-key-here
DB_PASSWORD=onlyoffice_pass
REDIS_PASSWORD=redis_pass# 启动所有服务
docker-compose up -d
# 查看服务状态
docker-compose ps
# 查看日志
docker-compose logs -f onlyoffice-document-server# 检查服务是否正常运行
curl http://localhost:8080/welcome
# 或者访问浏览器
# http://localhost:8080# 在onlyoffice-document-server服务中添加
volumes:
- ./ssl/certs:/var/www/onlyoffice/Data/certs
environment:
SSL_CERTIFICATE_PATH: "/var/www/onlyoffice/Data/certs/onlyoffice.crt"
SSL_KEY_PATH: "/var/www/onlyoffice/Data/certs/onlyoffice.key"生成自签名证书:
mkdir ssl && cd ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout onlyoffice.key -out onlyoffice.crt \
-subj "/C=CN/ST=Beijing/L=Beijing/O=YourCompany/CN=onlyoffice.local"# 使用nginx-proxy和letsencrypt-nginx-proxy-companion
version: '3.8'
services:
nginx-proxy:
image: nginxproxy/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./proxy/certs:/etc/nginx/certs:ro
- ./proxy/vhost:/etc/nginx/vhost.d
- ./proxy/html:/usr/share/nginx/html
restart: unless-stopped
letsencrypt:
image: nginxproxy/acme-companion
container_name: letsencrypt
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./proxy/certs:/etc/nginx/certs:rw
- ./proxy/vhost:/etc/nginx/vhost.d
- ./proxy/html:/usr/share/nginx/html
environment:
- DEFAULT_EMAIL=admin@yourdomain.com
depends_on:
- nginx-proxy
restart: unless-stopped
onlyoffice-document-server:
# ... 其他配置保持不变 ...
environment:
- VIRTUAL_HOST=onlyoffice.yourdomain.com
- LETSENCRYPT_HOST=onlyoffice.yourdomain.com
- LETSENCRYPT_EMAIL=admin@yourdomain.com
expose:
- "80"
# 移除ports映射,由nginx-proxy处理
# ports:
# - "8080:80"services:
onlyoffice-document-server:
deploy:
resources:
limits:
memory: 4G
cpus: '2'
reservations:
memory: 2G
cpus: '1'# 创建字体目录
mkdir fonts
# 将.ttf字体文件放入fonts目录
# 然后修改docker-compose.yml:
volumes:
- ./fonts:/usr/share/fonts/truetype/custom创建nginx.conf:
upstream onlyoffice_backend {
server onlyoffice-document-server:80;
}
server {
listen 80;
server_name onlyoffice.yourdomain.com;
# 重定向到HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name onlyoffice.yourdomain.com;
ssl_certificate /etc/nginx/ssl/onlyoffice.crt;
ssl_certificate_key /etc/nginx/ssl/onlyoffice.key;
# SSL优化配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
ssl_prefer_server_ciphers off;
# 代理设置
location / {
proxy_pass http://onlyoffice_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 增加超时时间
proxy_connect_timeout 300s;
proxy_send_timeout 300s;
proxy_read_timeout 300s;
# 禁用缓存
proxy_buffering off;
}
# 静态文件缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
proxy_pass http://onlyoffice_backend;
expires 30d;
add_header Cache-Control "public, immutable";
}
}# 启动服务
docker-compose up -d
# 停止服务
docker-compose down
# 停止并删除数据(慎用)
docker-compose down -v
# 重启服务
docker-compose restart
# 查看日志
docker-compose logs -f
docker-compose logs onlyoffice-document-server
# 查看服务状态
docker-compose ps
# 进入容器
docker-compose exec onlyoffice-document-server bash
# 更新服务
docker-compose pull
docker-compose up -d
# 备份数据
docker run --rm -v onlyoffice_postgres_data:/source -v $(pwd)/backup:/backup alpine \
tar czf /backup/postgres_backup_$(date +%Y%m%d_%H%M%S).tar.gz -C /source .
# 检查错误日志
docker-compose logs --tail=100sudo netstat -tulpn | grep :8080
2. **数据库连接问题**
```bash
# 检查PostgreSQL健康状态
docker-compose exec onlyoffice-postgres pg_isready -U onlyoffice
# 重置数据库(慎用)
docker-compose down -v
docker-compose up -d
# 查看容器资源使用
docker stats
4. **JWT配置错误**
```bash
# 验证JWT配置
curl -H "Authorization: Bearer your-jwt-token" http://localhost:8080/healthcheck创建healthcheck.sh:
#!/bin/bash
SERVICE_URL="http://localhost:8080/healthcheck"
EXPECTED="true"
response=$(curl -s -o /dev/null -w "%{http_code}" $SERVICE_URL)
if [ "$response" = "200" ]; then
echo "OnlyOffice is healthy"
exit 0
else
echo "OnlyOffice is not responding"
exit 1
fi创建backup.sh:
#!/bin/bash
BACKUP_DIR="/backup/onlyoffice"
DATE=$(date +%Y%m%d_%H%M%S)
# 备份PostgreSQL
docker-compose exec -T onlyoffice-postgres pg_dump -U onlyoffice onlyoffice > \
$BACKUP_DIR/db_backup_$DATE.sql
# 备份数据文件
docker run --rm -v onlyoffice_data:/source -v $BACKUP_DIR:/backup alpine \
tar czf /backup/data_backup_$DATE.tar.gz -C /source .
# 保留最近7天的备份
find $BACKUP_DIR -name "*.sql" -mtime +7 -delete
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete修改默认密码
启用防火墙
# 只开放必要端口
sudo ufw allow 443/tcp
sudo ufw allow 80/tcp
sudo ufw enable定期更新
# 定期更新镜像
docker-compose pull
docker-compose up -d --force-recreate启用访问控制
调整数据库参数
-- 在PostgreSQL中执行
ALTER SYSTEM SET shared_buffers = '1GB';
ALTER SYSTEM SET effective_cache_size = '3GB';
ALTER SYSTEM SET maintenance_work_mem = '256MB';调整Redis配置
onlyoffice-redis:
command: >
redis-server
--maxmemory 1gb
--maxmemory-policy allkeys-lru
--requirepass ${REDIS_PASSWORD}启用缓存
environment:
CACHE_EXPIRE_TIME: "3600"
CACHE_SIZE: "1000"这个配置提供了一个完整的、生产就绪的OnlyOffice Document Server部署方案。根据实际需求,你可以调整资源配置、安全设置和网络配置。建议在生产环境中使用SSL证书、配置定期备份,并设置适当的监控告警。
部署完成后,可以通过访问 http://your-server:8080 来验证安装,并使用OnlyOffice的API集成到你的应用程序中。
