How to Install OnlyOffice on Debian 12

In the last article, I showed you how to install OnlyOffice on Ubuntu 22.04 and connect it to your Nextcloud instance. Now, let’s go through how to install OnlyOffice on Debian 12 (Bookworm). You may ask, what is the difference between the two, as both use the apt package manager? Mostly, they are the same, but there are a few differences which will be covered here.

Let’s get started.

1- Prepare the server

Update the system first.

apt update && apt upgrade

If you installed the OS from a DVD drive and encountered:

E: The repository ‘cdrom://[Debian GNU/Linux 12.5.0 Bookworm – Official amd64 DVD Binary-1 with firmware 20240210-11:28] bookworm Release’ does not have a Release file.

Open the sources file, comment out the cdrom line, and add the following lines.

nano /etc/apt/sources.list

deb http://deb.debian.org/debian bookworm main non-free-firmware
deb-src http://deb.debian.org/debian bookworm main non-free-firmware

deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware

deb http://deb.debian.org/debian bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware

Save and run the update command again.

apt install apt-transport-https ca-certificates curl software-properties-common

Install Apache for a proxy and vim:

apt install apache2 vim

In the recent release, the PATH for /usr/sbin, etc, has been removed, so let’s add them back.

vim ~/.bashrc

Add the following to it:

export PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin

Save and run source ~/.bashrc.

2- Add docker repository

Let’s add the Docker repository for the Debian system.

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Update the package metadata and install the Docker package.

apt update

apt install docker-ce

This will pull all the required dependencies including docker-ce-cli containerd.io.

3- Start services

Enable Apache modules:

a2enmod ssl rewrite headers proxy proxy_http deflate cache proxy_wstunnel

We have taken care of the PATH above. You can also use /usr/sbin/a2enmod if you want.

systemctl enable apache2
systemctl restart apache2

4- Create a virtual host

Create a virtual host file for the OnlyOffice domain.

cd /etc/apache2/sites-available/
vim oo.conf

Add the following to it, making changes where needed.

<VirtualHost *:80>

	ServerName DOMAIN.COM
    DocumentRoot /var/www/html

    <Directory "/var/www/html">
       AllowOverride All
       Options -Indexes +FollowSymLinks
    </Directory>

	ErrorLog ${APACHE_LOG_DIR}/onlyoffice_error.log

</VirtualHost>

Enable this configuration and restart Apache.

a2ensite oo.conf
a2dissite 000-default.conf

apachectl -t
systemctl restart apache2

5- Install OnlyOffice

We will now install OnlyOffice via Docker. Change the JWT_SECRET to a secret of your choice.

docker run -i -t -d -p 127.0.0.1:9981:80 --restart=always \
    -e JWT_ENABLED=true \
    -e JWT_SECRET=f343nf27gdg4543vf341k9 \
    -e JWT_HEADER=Authorization \
    -e JWT_IN_BODY=true \
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver

You can check Docker containers with docker ps.

To enter a docker container:

docker exec -it CONTAINER_ID bash

6- Install Certbot and get an SSL

apt install certbot

Get an SSL for your domain.

certbot certonly --webroot -w /var/www/html -d DOMAIN.COM

Note down the certificate paths.

7- Update virtual host

We are almost there now, with OnlyOffice Docker up and running, SSL certificates at hand. It’s now time to update our virtual host file with the 443 block.

vim /etc/apache2/sites-available/oo.conf

The only thing you may need to change is DOMAIN.COM.

<VirtualHost *:443>

   ServerName DOMAIN.COM

   ErrorLog ${APACHE_LOG_DIR}/onlyoffice_error.log

   # SSL configuration
   SSLEngine on
   SSLCertificateFile /etc/letsencrypt/live/DOMAIN.COM/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/DOMAIN.COM/privkey.pem
   
   SSLProtocol all -SSLv2 -SSLv3
   SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
   SSLHonorCipherOrder on
   SSLCompression off

   SetEnvIf Host "^(.*)$" THE_HOST=$1
   RequestHeader setifempty X-Forwarded-Proto https
   RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
   ProxyAddHeaders Off

   ProxyPassMatch (.*)(\/websocket)$ "ws://127.0.0.1:9981/$1$2"
   ProxyPass / "http://127.0.0.1:9981/"
   ProxyPassReverse / "http://127.0.0.1:9981/"

</VirtualHost>

Restart Apache and browse the URL with HTTPS.

apachectl -t
systemctl restart apache2

8- Connect to Nextcloud

Go to your Nextcloud instance and install OnlyOffice app from the store.

After that, go to Administration. Click on ONLYOFFICE on the left-hand side menu. Enter the URL with https in the Address field and the secret in the Secret field.

Save, and you’re all set.