Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

App Submission: ONLYOFFICE Document Server for Nextcloud #1288

Merged
merged 7 commits into from
Aug 6, 2024
Merged

App Submission: ONLYOFFICE Document Server for Nextcloud #1288

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
df17d65
added onlyoffice document server app
a4004 Jul 29, 2024
fca674f
updated submission url
a4004 Jul 29, 2024
564a590
made releaseNotes empty
a4004 Jul 29, 2024
a270829
updated submission url
a4004 Jul 29, 2024
952043b
added onlyoffice to this branch
a4004 Aug 5, 2024
af600c7
Change NEXTCLOUD_INTERNAL_ADDRESS to nextcloud web container
nmfretz Aug 6, 2024
eebfbb4
Change tagline and app description
nmfretz Aug 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Empty file added onlyoffice-nextcloud/data/cache/.gitkeep
View file
Open in desktop
Empty file.
Empty file added onlyoffice-nextcloud/data/certs/.gitkeep
View file
Open in desktop
Empty file.
Empty file added onlyoffice-nextcloud/data/db/.gitkeep
View file
Open in desktop
Empty file.
Empty file added onlyoffice-nextcloud/data/logs/.gitkeep
View file
Open in desktop
Empty file.
33 changes: 33 additions & 0 deletions onlyoffice-nextcloud/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
version: '3.9'

Check notice on line 1 in onlyoffice-nextcloud/docker-compose.yml

View workflow job for this annotation

GitHub Actions / Lint apps

Potentially using unsafe user in service "web" 

The default container user "root" can lead to security vulnerabilities. If you are using the root user, please try to specify a different user (e.g. "1000:1000") in the compose file or try to set the UID/PUID and GID/PGID environment variables to 1000.

Check notice on line 1 in onlyoffice-nextcloud/docker-compose.yml

View workflow job for this annotation

GitHub Actions / Lint apps

Potentially using unsafe user in service "documentserver" 

The default container user "root" can lead to security vulnerabilities. If you are using the root user, please try to specify a different user (e.g. "1000:1000") in the compose file or try to set the UID/PUID and GID/PGID environment variables to 1000.
services:
app_proxy:
environment:
APP_HOST: onlyoffice-nextcloud_web_1
APP_PORT: 3000

web:
image: a4004/onlyoffice-nextcloud-web:1.0.4@sha256:774bd9bda641e6be49286921637840efba050fdfd022934dfd9ee9b6ec8d0a63
restart: on-failure
environment:
- DOCS_ADDRESS=http://$DEFAULT_INTERFACE_IP:$DOCSERVER_PORT
- DOCS_INTERNAL_ADDRESS=http://$DEFAULT_INTERFACE_IP:$DOCSERVER_PORT
- NEXTCLOUD_INTERNAL_ADDRESS=http://$DOCKER_INTERFACE_IP:$APP_NEXTCLOUD_PORT
Copy link
Contributor

@nmfretz nmfretz Aug 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can simplify this a bit and avoid needing to run ip-related commands in the exports.sh. I'm not very familiar with the Nextcloud/ONLYOFFICE ecosystem, so please let me know if anything I suggest here doesn't make sense or has unintended consequences:

  1. DOCS_ADDRESS=http://$DEFAULT_INTERFACE_IP:$DOCSERVER_PORT
    I'm thinking that most users will be accessing Nextcloud via umbrel.local not their IP address, so if they are using their local IP address in the nextcloud/onlyoffice config they will get hit with cors errors when clicking on a document in Nextcloud from http://umbrel.local:8081 and it tries to make a request to $DEFAULT_INTERFACE_IP:5672.

Shall we change this to DOCS_ADDRESS=http://$DEVICE_DOMAIN_NAME:$DOCSERVER_PORT (which will be http://umbrel.local:5672) and then include instructions saying that if a user is accessing Nextcloud from a different hostname/ip, they should change make the appropriate change to ONLYOFFICE Docs address in their Nextcloud settings?

**Edit: sorry @a4004 I sent you down the wrong path by accidently including :$DOCSERVER_PORT after the container name below **

  1. DOCS_INTERNAL_ADDRESS=http://$DEFAULT_INTERFACE_IP:$DOCSERVER_PORT
    This is for internal requests to the documentserver container, so we can just use the container name here and Docker's internal DNS will resolve it to the correct IP address. So I think we can change this to DOCS_INTERNAL_ADDRESS=http://onlyoffice-nextcloud_documentserver_1.
    The user will then copy-paste http://onlyoffice-nextcloud_documentserver_1 into the ONLYOFFICE settings in Nextcloud.

  2. NEXTCLOUD_INTERNAL_ADDRESS=http://$DOCKER_INTERFACE_IP:$APP_NEXTCLOUD_PORT
    I think we can get away without the export.sh ip command here as well. We actually have access to the gateway IP for the umbrel docker network as an env var. Check it out: https://github.com/getumbrel/umbrel/blob/570acdabcab13ac237fba992f491d126fff30810/packages/umbreld/source/modules/apps/legacy-compat/app-script#L10
    So we should be able to use NEXTCLOUD_INTERNAL_ADDRESS=http://$GATEWAY_IP:$APP_NEXTCLOUD_PORT which will yield http://10.21.0.1:8081/ for the user to copy-paste into the ONLYOFFICE settings in Nextcloud.

So a user would end up with this:

image

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nmfretz Is it not better to use something like http://nextcloud_web_1:8081? We are using container hostname reference on torrenting apps like Prowlarr, Radarr and Sonarr.

image

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's actually a good point.

I have tested both http://nextcloud_web_1/ and http://nextcloud_web_1:8081/ but it doesn't appear to work for some reason. Nextcloud is throwing an error Error when trying to connect (Error occurred in the document service: Error while downloading the document file to be converted.) (version 8.1.1.26).

Perhaps I'm doing something wrong here or it's not set up for this type of communication, not too sure but I agree with the idea of using container hostnames over IPs for sure.

Copy link
Contributor

@nmfretz nmfretz Aug 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joaovictor-local @a4004, ya the issue here is that the Nextcloud app doesn't have the web container name as a trusted proxy in its config.php, so instead we are using an IP that it does trust (e.g., 10.21.0.1 or 172.17.0.1).

umbrel-apps/nextcloud/docker-compose.yml

Line 47 in 49580db

- NEXTCLOUD_TRUSTED_DOMAINS=${APP_DOMAIN}:${APP_NEXTCLOUD_PORT} ${APP_HIDDEN_SERVICE} ${DEVICE_HOSTNAME}:${APP_NEXTCLOUD_PORT} ${APP_NEXTCLOUD_LOCAL_IPS}

umbrel-apps/nextcloud/exports.sh

Lines 3 to 4 in 49580db

local_ips=$(hostname --all-ip-addresses 2> /dev/null) || local_ips=""
export APP_NEXTCLOUD_LOCAL_IPS="${local_ips}"

For this to work, the Nextcloud config.php would have to include nextcloud_web_1 under trusted_domains. Then in the field for Server address for internal requests from ONLYOFFICE Docs a user would use http://nextcloud_web_1, without a port specified since we want the default port 80 inside the web container (not 8081).

I do really like the simplicity of using container names @joaovictor-local, so we could consider the following:

  • Update the Nextcloud app to include nextcloud_web_1 in the config.php
  • Change the env var in ONLYOFFICE Docs to NEXTCLOUD_INTERNAL_ADDRESS=http://nextcloud_web_1
  • Include a note in the a4004/onlyoffice-nextcloud-web UI (or maybe just the app description) telling users to update Nextcloud if they haven't.

What do you guys think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update: I have updated Nextcloud to allow connection via nextcloud_web_1 #1297

- NEXTCLOUD_WEB_URL=http://$DEVICE_DOMAIN_NAME:$APP_NEXTCLOUD_PORT

documentserver:
image: onlyoffice/documentserver:8.1@sha256:9b74cb0e05580bced87f9af69de68d5f4c9e5b3340448ddc94333f5f7f4eba85
restart: on-failure
stop_grace_period: 1m
ports:

Check notice on line 21 in onlyoffice-nextcloud/docker-compose.yml

View workflow job for this annotation

GitHub Actions / Lint apps

External port mapping "5672:80" 

Port mappings may be unnecessary for the app to function correctly. Docker's internal DNS resolves container names to IP addresses within the same network. External access to the web interface is handled by the app_proxy container. Port mappings are only needed if external access is required to a port not proxied by the app_proxy, or if an app needs to expose multiple ports for its functionality (e.g., DHCP, DNS, P2P, etc.).
- 5672:80
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

might as well use - "${DOCSERVER_PORT}:80" from exports.sh

environment:
- JWT_ENABLED=false
- ONLYOFFICE_HTTPS_HSTS_ENABLED=false
- USE_UNAUTHORIZED_STORAGE=true
- ALLOW_PRIVATE_IP_ADDRESS=true
- ALLOW_META_IP_ADDRESS=true
volumes:
- ${APP_DATA_DIR}/data/logs:/var/log/onlyoffice
- ${APP_DATA_DIR}/data/certs:/var/www/onlyoffice/Data
- ${APP_DATA_DIR}/data/cache:/var/lib/onlyoffice
- ${APP_DATA_DIR}/data/db:/var/lib/postgresql
7 changes: 7 additions & 0 deletions onlyoffice-nextcloud/exports.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/usr/bin/env bash

export DOCSERVER_PORT=5672
export APP_DOCSERVER_PORT=3014
Copy link
Contributor

@nmfretz nmfretz Aug 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is export APP_DOCSERVER_PORT=3014 still needed, or can it be removed?


export DEFAULT_INTERFACE_IP=$(ip addr show $(ip route | grep default | awk '{print $5}') | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)
export DOCKER_INTERFACE_IP=$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)
Copy link
Contributor

@nmfretz nmfretz Aug 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we end up going with the simplifications here #1288 (comment), then we can remove these exports.

40 changes: 40 additions & 0 deletions onlyoffice-nextcloud/umbrel-app.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
manifestVersion: 1
id: onlyoffice-nextcloud
category: files
name: ONLYOFFICE Document Server
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like they call themselves ONLYOFFICE Docs: https://github.com/ONLYOFFICE/DocumentServer

I'm not familiar with ONLYOFFICE, so I'll defer to you here. But an added benefit to shortening the name is that it will show up without an ellipses on the homescreen:

image

vs

image

version: "8.1"
tagline: Run your private office with the ONLYOFFICE
description: >-
ONLYOFFICE Document Server for Nextcloud


Create and edit text docs, spreadsheets and presentations. Operate
complex objects and calculations. View images, videos and PDFs. Work
on device or choose your cloud.


ONLYOFFICE by Ascensio System SIA offers a powerful office suite that
comprises online editors for text documents, spreadsheets and presentations
highly compatible with Microsoft Office and OpenDocument file formats.
ONLYOFFICE provides users with multiple editing tools and collaborative features
ensuring greater team workflow, and seamless work with complex formatting and
objects within your web solution.
releaseNotes: ""
developer: Ascensio System SIA
website: https://www.onlyoffice.com/
dependencies:
- nextcloud
repo: https://github.com/ONLYOFFICE/DocumentServer
support: https://forum.onlyoffice.com/
port: 3014
gallery:
- 1.jpg
- 2.jpg
- 3.jpg
- 4.jpg
- 5.jpg
path: ""
defaultUsername: ""
defaultPassword: ""
submitter: a4004
submission: https://github.com/getumbrel/umbrel-apps/pull/1288