第 17.11 节 OnlyOffice（基于 PostgreSQL）

# pkg install onlyoffice-documentserver

# cd /usr/ports/www/onlyoffice-documentserver/ 
# make install clean

root@ykla:~ # pkg info -D onlyoffice-documentserver
onlyoffice-documentserver-8.2.0.143_4:
On install:
CONFIGURATION:
-------------
# 配置：
# 以下是有关如何配置 OnlyOffice 文档服务器的详细说明。

The configuration file can be found (or created) at the following path:
  /usr/local/etc/onlyoffice/documentserver/local.json
# 配置文件位于以下路径（或创建）：
# /usr/local/etc/onlyoffice/documentserver/local.json

The default values are available in the default.json configuration file,
which is available in the folders above. Please do not edit the contents of the
default.json file directly. The default values will be restored each time you
upgrade Document Server to a new version and all your changes will be lost.
# 默认值可以在 default.json 配置文件中找到，该文件位于上述文件夹中。
# 请不要直接编辑 default.json 文件的内容，因为每次升级文档服务器时，所有更改都会丢失，恢复默认值。

1. Enable services at startup in the /etc/rc.conf file:
  nginx_enable="YES"
  rabbitmq_enable="YES"
  supervisord_enable="YES"
# 1. 在 /etc/rc.conf 文件中启用启动时的服务：
#   设置 nginx_enable="YES"
#   设置 rabbitmq_enable="YES"
#   设置 supervisord_enable="YES"

  Optionally in case of a jail with local IP and no internet access:
    update /etc/hosts in order to resolve your nextcloud server to its local IP
# 如果在没有互联网访问的 jail 环境中运行（本地 IP），可以选择：
# 更新 /etc/hosts 文件，以将 Nextcloud 服务器解析到其本地 IP。

2. Install a database server and set up the database (either PostgreSQL or MySQL):
  For PostgreSQL (don't forget to change the password):
    # service postgresql initdb
    # service postgresql start
    # psql -U postgres -c "CREATE DATABASE onlyoffice;"
    # psql -U postgres -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
    # psql -U postgres -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
    # psql -U postgres -c "ALTER DATABASE onlyoffice OWNER to onlyoffice;"
    # psql -hlocalhost -Uonlyoffice -d onlyoffice -f /usr/local/www/onlyoffice/documentserver/server/schema/postgresql/createdb.sql
# 2. 安装数据库服务器并设置数据库（可选 PostgreSQL 或 MySQL）：
# 对于 PostgreSQL（别忘了更改密码）：
#   初始化数据库、启动 PostgreSQL 服务并创建所需数据库和用户。

    Optionally in case of a jail with local IP:
      update /var/db/postgres/data13/pg_hba.conf accordingly
# 如果是在本地 IP 的 jail 环境中运行，还可以选择更新 /var/db/postgres/data13/pg_hba.conf 文件。

  For MySQL don't forget to change the password):
    # service mysql-server start
    # mysql -u root -p -e "CREATE DATABASE onlyoffice DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;"
    # mysql -u root -p -e "CREATE USER 'onlyoffice'@'localhost' IDENTIFIED BY 'onlyoffice';"
    # mysql -u root -p -e "GRANT ALL privileges ON  onlyoffice.* TO 'onlyoffice'@'localhost';"
    # mysql -u onlyoffice -D onlyoffice -p < /usr/local/www/onlyoffice/documentserver/server/schema/mysql/createdb.sql
# 对于 MySQL（别忘了更改密码）：
#   启动 MySQL 服务并创建所需数据库、用户及权限。

3. Create a new rabbitmq user for the ONLYOFFICE Document Server configuration (don't forget to change the password):
  # service rabbitmq start
  # rabbitmqctl --erlang-cookie `cat /var/db/rabbitmq/.erlang.cookie` add_user onlyoffice password
  # rabbitmqctl --erlang-cookie `cat /var/db/rabbitmq/.erlang.cookie` set_user_tags onlyoffice administrator
  # rabbitmqctl --erlang-cookie `cat /var/db/rabbitmq/.erlang.cookie` set_permissions -p / onlyoffice ".*" ".*" ".*"
  and change it in /usr/local/etc/onlyoffice/documentserver/local.json accordingly.
# 3. 为 ONLYOFFICE 文档服务器配置创建新的 rabbitmq 用户（别忘了更改密码）：
#   启动 rabbitmq 服务并添加新用户并设置权限，确保在配置文件 `/usr/local/etc/onlyoffice/documentserver/local.json` 中做相应更改。

4. Set up supervisord in order to execute documentserver services:
  - let supervisord.conf load files contained in this directory by adding to
    /usr/local/etc/supervisord.conf:
[include]
files = /usr/local/etc/onlyoffice/documentserver/supervisor/*.conf

  - start supervisord:
    # service supervisord start
# 4. 设置 supervisord 来执行文档服务器服务：
#   配置 supervisord 加载文件，并启动 supervisord 服务。

5. Set up nginx:
  - For HTTP include the following in your /usr/local/etc/nginx/nginx.conf file:
      include /usr/local/etc/onlyoffice/documentserver/nginx/ds.conf;
# 5. 设置 nginx：
#   为 HTTP 设置 Nginx 配置，确保在 nginx.conf 文件中包含 ds.conf 配置。

NOTE: documentserver-update-securelink.sh will only update ./nginx/ds.conf and local.json under /usr/local/etc/onlyoffice/documentserver/!
  - run documentserver-update-securelink.sh once for creationg a verysecretstring

  - start nginx:
    # service nginx start
# 注意：documentserver-update-securelink.sh 仅会更新 ./nginx/ds.conf 和 /usr/local/etc/onlyoffice/documentserver/ 下的 local.json 文件！
#   运行该脚本一次以生成一个 secret 字符串，并启动 nginx 服务。

6. Follow the following doc If you want to use Onlyoffice with Nextcloud:
  - https://api.onlyoffice.com/editors/nextcloud
# 6. 如果你想将 OnlyOffice 与 Nextcloud 配合使用，请参考以下文档：
#   https://api.onlyoffice.com/editors/nextcloud

7. Install OnlyOffice plugins (you'll need internet):
  # /usr/local/bin/documentserver-pluginsmanager.sh --update=/usr/local/www/onlyoffice/documentserver/sdkjs-plugins/plugin-list-default.json
# 7. 安装 OnlyOffice 插件（需要互联网连接）：
#   使用插件管理器更新插件列表。

8. Enjoy.
# 8. 完成安装，享受使用 OnlyOffice 的体验。

On upgrade from onlyoffice-documentserver<7.1.0.215:
If you are upgrading onlyoffice-documentserver from a version prior to 7.1.0.215,
you need to update the database schema:
  For PostgreSQL:
    psql -U postgres -d onlyoffice -f /usr/local/www/onlyoffice/documentserver/server/schema/postgresql/upgrade/upgradev710.sql
  For MySQL:
    mysql -u onlyoffice -D onlyoffice -p < /usr/local/www/onlyoffice/documentserver/server/schema/mysql/upgrade/upgradev710.sql
# 从 onlyoffice-documentserver<7.1.0.215 升级：
#   如果是从较旧版本（7.1.0.215 之前）升级，需要更新数据库模式：
#   PostgreSQL 和 MySQL 的更新命令。

On upgrade from onlyoffice-documentserver>7.1.0.215<7.2.1.34:
If you are upgrading onlyoffice-documentserver from a version prior to 7.2.1.34,
you need to update the database schema:
  For PostgreSQL:
    psql -U postgres -d onlyoffice -f /usr/local/www/onlyoffice/documentserver/server/schema/postgresql/upgrade/upgradev720.sql
  For MySQL:
    mysql -u onlyoffice -D onlyoffice -p < /usr/local/www/onlyoffice/documentserver/server/schema/mysql/upgrade/upgradev720.sql
# 从 onlyoffice-documentserver>7.1.0.215<7.2.1.34 升级：
#   如果是从 7.2.1.34 之前的版本升级，需要更新数据库模式：
#   PostgreSQL 和 MySQL 的更新命令。

# service nginx enable
# service rabbitmq enable
# service supervisord enable

# pkg install postgresql16-server
# service postgresql enable
# service postgresql initdb
# service postgresql start
# psql -U postgres -c "CREATE DATABASE onlyoffice;"
# psql -U postgres -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
# psql -U postgres -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
# psql -U postgres -c "ALTER DATABASE onlyoffice OWNER to onlyoffice;"
# psql -hlocalhost -Uonlyoffice -d onlyoffice -f /usr/local/www/onlyoffice/documentserver/server/schema/postgresql/createdb.sql

# service rabbitmq start

# rabbitmqctl --erlang-cookie `cat /var/db/rabbitmq/.erlang.cookie` add_user onlyoffice password  # 注意：会卡几分钟，下同

Error: unable to perform an operation on node 'rabbit@ykla'. Please see diagnostics information and suggestions below.

Most common reasons for this are:

 * Target node is unreachable (e.g. due to hostname resolution, TCP connection or firewall issues)
 * CLI tool fails to authenticate with the server (e.g. due to CLI tool's Erlang cookie not matching that of the server)
 * Target node is not running

In addition to the diagnostics info below:

 * See the CLI, clustering and networking guides on https://rabbitmq.com/documentation.html to learn more
 * Consult server logs on node rabbit@ykla
 * If target node is configured to use long node names, don't forget to use --longnames with CLI tools

DIAGNOSTICS
===========

attempted to contact: [rabbit@ykla]

rabbit@ykla:
  * connected to epmd (port 4369) on ykla
  * epmd reports node 'rabbit' uses port 25672 for inter-node and CLI tool traffic
  * can't establish TCP connection to the target node, reason: timeout (timed out)
  * suggestion: check if host 'ykla' resolves, is reachable and ports 25672, 4369 are not blocked by firewall

Current node details:
 * node name: 'rabbitmqcli-719-rabbit@ykla'
 * effective user's home directory: /root
 * Erlang cookie hash: mmhdcv/DKEfjrCrCEaZMvQ==

# rabbitmqctl --erlang-cookie `cat /var/db/rabbitmq/.erlang.cookie` set_user_tags onlyoffice administrator
Error: unable to perform an operation on node 'rabbit@ykla'. Please see diagnostics information and suggestions below.

Most common reasons for this are:

 * Target node is unreachable (e.g. due to hostname resolution, TCP connection or firewall issues)
 * CLI tool fails to authenticate with the server (e.g. due to CLI tool's Erlang cookie not matching that of the server)
 * Target node is not running

In addition to the diagnostics info below:

 * See the CLI, clustering and networking guides on https://rabbitmq.com/documentation.html to learn more
 * Consult server logs on node rabbit@ykla
 * If target node is configured to use long node names, don't forget to use --longnames with CLI tools

DIAGNOSTICS
===========

attempted to contact: [rabbit@ykla]

rabbit@ykla:
  * connected to epmd (port 4369) on ykla
  * epmd reports node 'rabbit' uses port 25672 for inter-node and CLI tool traffic
  * can't establish TCP connection to the target node, reason: timeout (timed out)
  * suggestion: check if host 'ykla' resolves, is reachable and ports 25672, 4369 are not blocked by firewall

Current node details:
 * node name: 'rabbitmqcli-882-rabbit@ykla'
 * effective user's home directory: /root
 * Erlang cookie hash: mmhdcv/DKEfjrCrCEaZMvQ==

root@ykla:~ #  rabbitmqctl --erlang-cookie `cat /var/db/rabbitmq/.erlang.cookie` set_permissions -p / onlyoffice ".*" ".*" ".*"
Error: unable to perform an operation on node 'rabbit@ykla'. Please see diagnostics information and suggestions below.

Most common reasons for this are:

 * Target node is unreachable (e.g. due to hostname resolution, TCP connection or firewall issues)
 * CLI tool fails to authenticate with the server (e.g. due to CLI tool's Erlang cookie not matching that of the server)
 * Target node is not running

In addition to the diagnostics info below:

 * See the CLI, clustering and networking guides on https://rabbitmq.com/documentation.html to learn more
 * Consult server logs on node rabbit@ykla
 * If target node is configured to use long node names, don't forget to use --longnames with CLI tools

DIAGNOSTICS
===========

attempted to contact: [rabbit@ykla]

rabbit@ykla:
  * connected to epmd (port 4369) on ykla
  * epmd reports node 'rabbit' uses port 25672 for inter-node and CLI tool traffic
  * can't establish TCP connection to the target node, reason: timeout (timed out)
  * suggestion: check if host 'ykla' resolves, is reachable and ports 25672, 4369 are not blocked by firewall

Current node details:
 * node name: 'rabbitmqcli-636-rabbit@ykla'
 * effective user's home directory: /root
 * Erlang cookie hash: mmhdcv/DKEfjrCrCEaZMvQ==

  "request-filtering-agent" : {
				"allowPrivateIPAddress": true,
				"allowMetaIPAddress": true
			},

{
  "services": {
    "CoAuthoring": {
      "sql": {
        "type": "postgres",
        "dbHost": "localhost",
        "dbPort": "5432",
        "dbName": "onlyoffice",
        "dbUser": "onlyoffice",
        "dbPass": "onlyoffice"
      },
  "request-filtering-agent" : {
				"allowPrivateIPAddress": true,
				"allowMetaIPAddress": true
			},
      "token": {
        "enable": {
          "request": {
            "inbox": false,
            "outbox": false
          },
          "browser": false

……省略……

include /usr/local/etc/onlyoffice/documentserver/nginx/ds.conf;

……省略……
http {
    include       mime.types;
    default_type  application/octet-stream;
    include /usr/local/etc/onlyoffice/documentserver/nginx/ds.conf;

……省略……

[include]
;files = relative/directory/*.ini
files = /usr/local/etc/onlyoffice/documentserver/supervisor/*.conf

# service supervisord start

root@ykla:~ # documentserver-update-securelink.sh
ds:docservice: stopped
ds:docservice: started
ds:converter: stopped
ds:converter: started
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful