Skip to content

OnlyOffice

Seafile supports OnlyOffice to view/edit office files online. In order to use OnlyOffice, you must first deploy an OnlyOffice server.

Deployment Tips

You can deploy OnlyOffice to the same machine as Seafile (only support deploying with Docker with sufficient cores and RAM) using the onlyoffice.yml provided by Seafile according to this document, or you can deploy it to a different machine according to OnlyOffice official document.

Generate JWT-Token (shared secret)

From Seafile 12.0, OnlyOffice's JWT verification will be forced to enable

Secure communication between Seafile and OnlyOffice is granted by a shared secret. You can get the JWT secret by following command

pwgen -s 40 1

Deployment of OnlyOffice

Download the onlyoffice.yml

wget https://manual.seafile.com/12.0/docker/onlyoffice.yml

insert onlyoffice.yml into COMPOSE_FILE list (i.e., COMPOSE_FILE='...,onlyoffice.yml'), and add the following configurations of onlyoffice in .env file.

# OnlyOffice image
ONLYOFFICE_IMAGE=onlyoffice/documentserver:8.1.0.1

# Persistent storage directory of OnlyOffice
ONLYOFFICE_VOLUME=/opt/onlyoffice

# OnlyOffice document server port
ONLYOFFICE_PORT=6233

# jwt secret, generated by `pwgen -s 40 1` 
ONLYOFFICE_JWT_SECRET=<your jwt secret>

Also modify seahub_settings.py

ENABLE_ONLYOFFICE = True
ONLYOFFICE_APIJS_URL = 'https://seafile.example.com:6233/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')
ONLYOFFICE_JWT_SECRET = '<your jwt secret>'

By default OnlyOffice will use port 6233 used for communication between Seafile and Document Server, You can modify the bound port by specifying ONLYOFFICE_PORT, and port in the term ONLYOFFICE_APIJS_URL in seahub_settings.py has been modified together.

Advanced: Custom settings of OnlyOffice

The following configuration options are only for OnlyOffice experts. You can create and mount a custom configuration file called local-production-linux.json to force some settings.

nano local-production-linux.json

For example, you can configure OnlyOffice to automatically save by copying the following code block in this file:

{
  "services": {
    "CoAuthoring": {
      "autoAssembly": {
        "enable": true,
        "interval": "5m"
      }
    }
  },
  "FileConverter": {
    "converter": {
      "downloadAttemptMaxCount": 3
    }
  }
}

Mount this config file into your onlyoffice block in onlyoffice.yml:

service:
  ...
  onlyoffice:
    ...
    volumes:
      ...
      - <Your path to local-production-linux.json>:/etc/onlyoffice/documentserver/local-production-linux.json
...

For more information you can check the official documentation: https://api.onlyoffice.com/editors/signature/ and https://github.com/ONLYOFFICE/Docker-DocumentServer#available-configuration-parameters

Restart Seafile-docker instance and test that OnlyOffice is running

docker-compose down
docker-compose up -d

After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: http{s}://{your Seafile server's domain or IP}:6233/welcome, you will get Document Server is running info at this page.

FAQ

Download failed

Firstly, run docker logs -f seafile-onlyoffice, then open an office file. After the "Download failed." error appears on the page, observe the logs for the following error:

==> /var/log/onlyoffice/documentserver/converter/out.log <==
...
Error: DNS lookup {local IP} (family:undefined, host:undefined) is not allowed. Because, It is a private IP address.
...

If it shows this error message and you haven't enabled JWT while using a local network, then it's likely due to an error triggered proactively by OnlyOffice server for enhanced security. (https://github.com/ONLYOFFICE/DocumentServer/issues/2268#issuecomment-1600787905)

So, as mentioned in the post, we highly recommend you enabling JWT in your integrations to fix this problem.

The document security token is not correctly formed

Starting from OnlyOffice Docker-DocumentServer version 7.2, JWT is enabled by default on OnlyOffice server.

So, for security reason, please Configure OnlyOffice to use JWT Secret.

OnlyOffice on a separate host and URL

In general, you only need to specify the values ​​of the following fields in seahub_settings.py and then restart the service.

ENABLE_ONLYOFFICE = True
ONLYOFFICE_APIJS_URL = 'http{s}://<Your OnlyOffice host url>/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')
ONLYOFFICE_JWT_SECRET = '<your jwt secret>'

About SSL

For deployments using the onlyoffice.yml file in this document, SSL is primarily handled by the Caddy. If the OnlyOffice document server and Seafile server are not on the same machine, please refer to the official document to configure SSL for OnlyOffice.