Non-Docker ownCloud Infinite Scale with OnlyOffice

oCIS had its first production-ready release in december 7 of 2022 and is written in Go. Most tutorials expect things like Docker which is not always practical or wanted. This writeup tries to interpret their WOPI-example for a userland setup.

Screenshot of the ownCloud Webinterface with the OnlyOffice Document editor open

This tutorial is WIP. It will help you creating a basic ownCloud Infinite Scale environment with a local Wopiserver instance to connect to an existing OnlyOffice server. It is based on my documentation of my first attempts with this software so take it with a grain of salt. Don't just copypaste everything and expect a perfect bulletprove production setup. I will however update it according to my future findings and plan on continuing my journey with this software.

Index

Expectations

Install WOPIserver

Here is a quick script that hopefully works. For future updates, note that because we are trying to run Wopiserver in its own homedirectory, this script modifies the src/wopiserver.py which might result in conflicts when updating from git.

#!/bin/bash

mkdir -vp $HOME/{config/wopi,log/wopi,spool/wopirecovery}

wopiconf=$HOME/config/wopi/wopiserver.conf
wopidomain=wopi.owncloud.xyz

echo ">>> installing WOPI"
git clone https://github.com/cs3org/wopiserver
cd wopiserver
git checkout v9.4.0
virtualenv -p /usr/bin/python3 .
source ./bin/activate
pip3 install --no-cache-dir --upgrade -r requirements.txt

echo "* modifying wopi locations"
sed -i 's/etc/var\/opt\/ocis\/config/g' src/wopiserver.py
sed -i 's/var\/log/var\/opt\/ocis\/log/g' src/wopiserver.py
sed -i 's/var\/spool/var\/opt\/ocis\/spool/g' src/wopiserver.py

echo "* copying configs over"
cp wopiserver.conf $HOME/config/wopi/wopiserver.defaults.conf
curl "https://raw.githubusercontent.com/owncloud/ocis/v2.0.0/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist" > $wopiconf

echo "* adjusting config and setting secretfiles"
rand=$(openssl rand -hex 32)
rand2=$(openssl rand -hex 32)
echo $rand > $HOME/config/wopi/wopisecret
echo $rand2 > $HOME/config/wopi/iopsecret
sed -i 's/etc\/wopi/var\/opt\/ocis\/config\/wopi/g' $wopiconf
sed -i 's/wopi_local_storage/opt\/ocis\/.wopi_local_storage/g' $wopiconf
sed -i "s/wopiserver.owncloud.test/$wopidomain/g" $wopiconf
sed -i 's/ocis:9/localhost:9' $wopiconf
sed -i 's/#iopsecret/iopsecret/g' $wopiconf

Now doublecheck the config at config/wopi/wopiserver.conf and then move on to the systemd entry.

systemd

Create the directory for the servicefile(s): mkdir -vp .config/systemd/user

In this new directory, create and edit the wopiserver.service using the following contents:

[Unit]
Description=WOPI Server
After=syslog.target

[Service]
Type=simple
WorkingDirectory=/var/opt/ocis/wopiserver
ExecStart=/bin/bash -lc "source ./bin/activate; python3 ./src/wopiserver.py"
# for more logging, comment that line or configure a logfile:
StandardOutput=null
StandardError=syslog

[Install]
WantedBy=default.target

Make the Wopiserver autostart and start it right now systemctl enable --now --user wopiserver

OnlyOffice

Now that the Wopiserver is ready, we should do some adjustments to our OnlyOffice-Setup:

Enable WOPI Support

Edit your local.json and add the following contents:

  1. (first sublevel):

      "wopi": {
        "enable": true
      }
    
  2. in "ipfilter":, add the domain of the Wopiserver – NOT the oCIS instance like you would with a Nextcloud or ownCloud. Here you can also define some IP rules for the new WOPI capability. Read more

oCIS

Considerations before running the ocis init command:

if you don't want to go with the default structure, that expects the configfiles in ~/.config for example, define the locations yourself using for example:

OCIS_CONFIG_DIR=/var/opt/ocis/config/ocis
OCIS_BASE_DATA_PATH=/var/opt/ocis/data

Read more on options for the init command here. You can now run ocis init with those variables and other options – if any – you have settled on.

My current environenmt variables

Try not to confuse your domains or ports. Edit with care. Been there. In config/ocis/env we add:

OCIS_INSECURE=true
PROXY_TLS=true
OCIS_URL=https://my.owncloud.xyz
OCIS_LOG_LEVEL=warn
PROXY_HTTP_ADDR=0.0.0.0:9200
OCIS_CONFIG_DIR=/var/opt/ocis/config/ocis
OCIS_BASE_DATA_PATH=/var/opt/ocis/data
GATEWAY_GRPC_ADDR=127.0.0.1:9142
REVA_GATEWAY=127.0.0.1:9142
APP_PROVIDER_GRPC_ADDR=0.0.0.0:9164 # 127. is probably fine as well.
APP_PROVIDER_EXTERNAL_ADDR=0.0.0.0:9164 # 127. is probably fine as well.
APP_PROVIDER_DRIVER=wopi
APP_PROVIDER_WOPI_APP_NAME=OnlyOffice
APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL=https://my.owncloud.xyz
APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL=https://wopi.my.owncloud.xyz
APP_PROVIDER_WOPI_APP_URL=https://office.owncloud.xyz
APP_PROVIDER_WOPI_APP_ICON_URI=https://office.owncloud.xyz/web-apps/apps/documenteditor/main/resources/img/favicon.ico
APP_PROVIDER_WOPI_INSECURE=false # i currently have this one active, not sure if needed

The ocis.yaml

This file can hold many of upon options, but since i have tried to use their Docker examples to make this work, i have not yet tried to translate those options into yaml. I will however use it for additional settings i add to this tutorial over time:

Email configuration

It doesn't look like password reset is possible though the login form as of v2.0.0 – or an option is missing in my setup. However, for example link shares via email require additional configuration. Add SMTP: to the notifications: section, so it looks like:

notifications:
  notifications:
    SMTP:
      smtp_host: "mail.example.com"
      smtp_port: 587
      smtp_sender: ownCloud <ocis@example.com>
      smtp_username: "ocis@example.com"
      smtp_password: "iamsosecurelookatme"
      insecure: false
      smtp_authentication: login
      smtp_encryption: starttls
    events:
      tls_insecure: true

More informations/options are available in the ownCloud documentation.

The app-registry.yaml

However there still is one thing missing: telling the appprovider which minetypes should be opened using OnlyOffice.

To do that, you need to adapt this file. It belongs into your ocis config directory and is preconfigured for a setup with multiple editors for multiple mimetypes. You possibly want to change some of those definitions to OnlyOffice.

The frontend.yaml

Suggested options:

enable_favorites: true # not 100% implemented, see below
enable_federated_sharing_incoming: true
enable_federated_sharing_outgoing: true

It belongs into your ocis config directory as well.

Favorite limitations: as of right now the frontend can't show a list of favorites. It works tho, and you can verify on at least rightclick on the favorited file, also for example mobile apps show favs correctly. If the file is currently opened in OnlyOffice, a fav will throw an 403 error.

systemd

Back in .config/systemd/user, we create the ocis.service with the following contents:

[Unit]
Description=oCIS server
After=syslog.target

[Service]
Type=simple
EnvironmentFile=-/var/opt/ocis/config/ocis/env
#WorkingDirectory=/var/opt/ocis/
ExecStart=/usr/local/bin/ocis server
StandardOutput=null
StandardError=syslog

[Install]
WantedBy=default.target

And kick it on: systemctl enable --now ocis --user

nginx

This is pretty easy. It appears in both cases (WOPI and oCIS), adding a simple block into the usual configfile is sufficient:

    location / {
        proxy_pass https://127.0.0.1:9200/; # and 8880 for wopi – mind that https in the case of ocis at the current state of this tutorial
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

Don't however forget to tell nginx how big your uploads can get, otherwise the webinterface may throw a confusing error.

Join the discussion

Discuss this topic on Mastodon: https://social.tchncs.de/@milan/109853064593430899


Update log:

#owncloud #ocis #onlyoffice

Signature (thanks for reading):
Follow me on Mastdodon