[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ca39a0b425bb onlyoffice/documentserver:7.0.1.37 "/app/ds/run-documen…" 2 weeks ago Up 14 seconds 443/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp pedantic_taussig
[root@localhost ~]#
[root@localhost ~]# docker run -i -t -d -p 8080:80 -p 9000:443 onlyoffice/documentserver
818a8d84f8516b36664286aa2db83153c6ef929c1103009b29d9d2b7ebdd83c1
docker: Error response from daemon: driver failed programming external connectivity on endpoint objective_margulis (c776e03e6e7eec5c7a9687014f57addf84d977e4bd1a2c905e3fae73964126fd): Bind for 0.0.0.0:8080 failed: port is already allocated.
[root@localhost ~]#
[root@localhost ~]# docker run -i -t -d -p 9000:443 onlyoffice/documentserver
67b4ab8e469f3ca4fb9847b8ec5a49c49b11a6c36aea05f8c8592720c4003a06
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
67b4ab8e469f onlyoffice/documentserver "/app/ds/run-documen…" 27 seconds ago Up 26 seconds 80/tcp, 0.0.0.0:9000->443/tcp, :::9000->443/tcp nice_carson
ca39a0b425bb onlyoffice/documentserver:7.0.1.37 "/app/ds/run-documen…" 2 weeks ago Up About a minute 443/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp pedantic_taussig
[root@localhost ~]# systemctl restart httpd
Enter TLS private key passphrase for localhost:443 (RSA) : ******
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
67b4ab8e469f onlyoffice/documentserver "/app/ds/run-documen…" About a minute ago Up About a minute 80/tcp, 0.0.0.0:9000->443/tcp, :::9000->443/tcp nice_carson
ca39a0b425bb onlyoffice/documentserver:7.0.1.37 "/app/ds/run-documen…" 2 weeks ago Up 3 minutes 443/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp pedantic_taussig
[root@localhost ~]# docker restart 67b4ab8e469f
67b4ab8e469f
[root@localhost ~]# docker exec -it 67b4ab8e469f /bin/bash
root@67b4ab8e469f:/# cd /var/www/onlyoffice/Data/
root@67b4ab8e469f:/var/www/onlyoffice/Data# ll
total 0
drwxr-xr-x. 3 ds ds 22 Apr 19 01:24 ./
drwxr-xr-x. 1 root root 58 Feb 18 16:49 ../
drwxr-xr-x. 2 ds ds 29 Apr 19 01:24 .private/
root@67b4ab8e469f:/var/www/onlyoffice/Data# mkdir certs
root@67b4ab8e469f:/var/www/onlyoffice/Data# cd certs/
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# cp ca39a0b425bb:/var/www/onlyoffice/Data/certs/*.* ./
cp: cannot stat 'ca39a0b425bb:/var/www/onlyoffice/Data/certs/*.*': No such file or directory
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# cp ca39a0b425bb:/var/www/onlyoffice/Data/certs/
cp: missing destination file operand after 'ca39a0b425bb:/var/www/onlyoffice/Data/certs/'
Try 'cp --help' for more information.
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# cp ca39a0b425bb:/var/www/onlyoffice/Data/certs/. ./ cp: cannot stat 'ca39a0b425bb:/var/www/onlyoffice/Data/certs/.': No such file or directory
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# docker cp ca39a0b425bb:/var/www/onlyoffice/Data/certs/.
bash: docker: command not found
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# openssl genrsa -out onlyoffice.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
............................................................................+++++
.............................+++++
e is 65537 (0x010001)
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs#
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# openssl req -new -key onlyoffice.key -out onlyoffice.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:hb
Locality Name (eg, city) []:xg
Organization Name (eg, company) [Internet Widgits Pty Ltd]:zf
Organizational Unit Name (eg, section) []:wqb
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs#
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
Signature ok
subject=C = AU, ST = hb, L = xg, O = zf, OU = wqb
Getting Private key
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# openssl dhparam -out dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.....+........................................................................................................................+..........................................+........................................+......+...................................................................................................................................................................................................................................+.............................................................................................................+.................................................................................+................................................+...................................................................................................................................+.............................+............................................................................................+.........................................................................................................................................................................................+...............................................................................................................................................................................................................................................................................................................+.....................................................................................................................................+............................................................................................................................................................................................................+......+....................................+........................................................................................................+...................................................................................................+................+.......................................................................................................................................................................................................................................................................................................+....................................+........................................................................................+..................................+...............................................................................................................................................................+..........................................+......................................................................................................+............................................................+........................................................+..........................................................+.....+............................................................................................................................................................................................................................................................................................................+...............................................................+......................................................................................+................................+..............................................................................+....................................................................................................................+...........................................................................+...+.............................................................+.........................................+...........................................................................................................................................................................................+.......................................................................................+..............................................................................................................................................................+.........................................+................................................................................................................................................+............+.........................................................................+................+........................................................+................................................................+..................................................................................................................................................+.....................................................................................................................................................................+...............................+.......................................................................................................................................................................................+......................................................................................................................................................................................................+.................................+.....+.....................................+.............................................................................................................................................................................................................................................+.......................................................................+.................................................................................................................................................+..+..............................+....................................................................................+...........................+....................................................................................+.........+..+....................................................+..................+............+.............................+......................................................................................................................+.......................................+..........................................................................................................................................................+..............................................................................................................................................................................................................+....................+............................+........++*++*++*++*
root@67b4ab8e469f:/var/www/onlyoffice/Data/certs# exit
exit
[root@localhost ~]# docker restart 67b4ab8e469f
67b4ab8e469f
[root@localhost ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Tue 2022-04-19 09:09:19 CST; 22min ago
Docs: man:firewalld(1)
Process: 1047 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0>
Main PID: 1047 (code=exited, status=0/SUCCESS)
4月 19 09:00:06 localhost.localdomain firewalld[1047]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables ->
4月 19 09:00:06 localhost.localdomain firewalld[1047]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables ->
4月 19 09:00:06 localhost.localdomain firewalld[1047]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables ->
4月 19 09:07:52 localhost.localdomain firewalld[1047]: WARNING: ALREADY_ENABLED: https
4月 19 09:08:01 localhost.localdomain firewalld[1047]: WARNING: AllowZoneDrifting is enabled. This is>
4月 19 09:08:02 localhost.localdomain firewalld[1047]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables ->
4月 19 09:08:02 localhost.localdomain firewalld[1047]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables ->
4月 19 09:09:17 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...
4月 19 09:09:19 localhost.localdomain systemd[1]: firewalld.service: Succeeded.
4月 19 09:09:19 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
67b4ab8e469f onlyoffice/documentserver "/app/ds/run-documen…" 9 minutes ago Up 58 seconds 80/tcp, 0.0.0.0:9000->443/tcp, :::9000->443/tcp nice_carson
ca39a0b425bb onlyoffice/documentserver:7.0.1.37 "/app/ds/run-documen…" 2 weeks ago Up 10 minutes 443/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp pedantic_taussig
[root@localhost ~]#
启动Docker容器
启动Document Server镜像,并映射80端口至本地。
sudo docker run -i -t -d -p 80:80 onlyoffice/documentserver
启动后,访问http://服务器地址:80,就可以看到如下的页面:
刚开始看到的可能是是502 Bad Gateway,稍等一会,刷新浏览器页面即可。
将Document Server映射至其它端口
80端口上往往会运行像Apache、Nginx之类的HTTP服务,为了避免端口冲突,我们可以将Document Server映射至其它端口。
例如映射至9000端口:
sudo docker run -i -t -d -p 9000:80 onlyoffice/documentserver
一些说明……
Document Server的数据在容器中的储存位置如下:
/var/log/onlyoffice 存放ONLYOFFICE Document Server日志
/var/www/onlyoffice/Data 存放证书文件
你可以用
sudo docker -exec -it onlyoffice/documentserver /bin/bash
[root@localhost data]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ca39a0b425bb onlyoffice/documentserver:7.0.1.37 "/app/ds/run-documen…" 2 weeks ago Up 25 minutes 443/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp pedantic_taussig
[root@localhost data]# docker restart ca39a0b425bb
ca39a0b425bb
[root@localhost data]# docker exec -it ca39a0b425bb /bin/bash
登入容器,也可以将以上两个目录映射到本地,这样更方便。
创建目录:
mkdir -p /app/onlyoffice/DocumentServer/logs
mkdir -p /app/onlyoffice/DocumentServer/data
[root@localhost nextcloud]# mkdir -p /app/onlyoffice/DocumentServer/logs
[root@localhost nextcloud]# mkdir -p /app/onlyoffice/DocumentServer/data
使用
docker -v
将目录映射至本地:
sudo docker run -i -t -d -p 80:80
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
[root@localhost data]# docker run -i -t -d -p 8081:81 -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
408216bb8944d47437c56ff1fdd35032dee7512866c14c57b75ff77deae87cda
这样,直接访问本地的
/app/onlyoffice/DocumentServer/
下的两个文件夹就可以了。
[root@localhost DocumentServer]# ls
data logs
[root@localhost DocumentServer]# pwd
/app/onlyoffice/DocumentServer
[root@localhost DocumentServer]#
启用HTTPS
HTTPS需要使用SSL证书,可以自己签发也可以用ca机构签发的,加密效果相同。
生成证书:
创建私钥
openssl genrsa -out onlyoffice.key 2048
创建CSR
openssl req -new -key onlyoffice.key -out onlyoffice.csr
用私枂和CSR签发证书
openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
用dhparam加密服务器密钥
openssl dhparam -out dhparam.pem 2048
完成证书的生成后,将生成的证书拷贝到
/app/onlyoffice/DocumentServer/data/certs
目录下。
创建相应目录:
mkdir -p /app/onlyoffice/DocumentServer/data/certs
复制证书到
/app/onlyoffice/DocumentServer/data/certs
目录并设置权限:
cp onlyoffice.key /app/onlyoffice/DocumentServer/data/certs/
cp onlyoffice.crt /app/onlyoffice/DocumentServer/data/certs/
cp dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
运行容器,映射容器的443端口和Data目录至本地
[root@localhost data]# docker run -i -t -d -p 8443:443 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver
49e49aff68e0ec2b7d8932e0da698eb0b1172f8c2abdb7725b97a9284733bc51
[root@localhost data]#
但是仍然是要用HTTPS协议访问,比如:https://服务器地址:9000/
CentOS/RHEL/Fedora无法访问
这是由于SELinux的阻止。
暂时关闭SELinux(重启后失效):
setenforce 0