Installing LAMP Server on Localhost on Ubuntu

Installing LAMP Server on Localhost on Ubuntu

When you start learning Linux sysadmin, one of the common tasks you’ll come across is installing the LAMP server.

LAMP is a tech stack that refers to the collection of the following software required to run a web application: Linux, Apache, MySQL, and PHP.

While these days, you can deploy servers preconfigured with a web service or run services in containers, installing the LAMP stack is classic.

It may seem complicated at the beginning but it gives you a good way to test and practice your Linux knowledge.

The best thing is that you don’t need a cloud server for that. You can install LAMP on your own computer to create a local development environment.

In this guide, you’ll get a LAMP stack up and running on an Ubuntu 22.04 machine. At the end of this process, you will have a web server running with a MySQL database backend and the PHP programming language to write dynamic content.

Setting up LAMP stack on Ubuntu

🚧
You need to have an Ubuntu system with root or sudo access.

Which also means that you have taken care of L in LAMP. Let’s move to the A (Apache)

Step 1: Installing Apache

Apache is a popular open-source web server. It is known for its stability, rich feature set, and flexibility.

To install Apache, update your local package index and then install the apache2 package using apt:

sudo apt update

sudo apt install apache2 -y
Installing LAMP Server on Localhost on Ubuntu

After the installation completes, the Apache service should start automatically. You can check whether the service is running by running the below command.

sudo systemctl status apache2.service

The output will look something like this.

Installing LAMP Server on Localhost on Ubuntu

You can also check the status of the service by visiting localhost in your web browser. If Apache is running, you will see the default Ubuntu Apache web page as shown.

Installing LAMP Server on Localhost on Ubuntu

Great! L and A are done. Let’s move to M in LAMP.

Step 2: Installing MySQL

MySQL, a database management system, is a necessary component of a LAMP stack because it is used by PHP to store information persistently.

Installing MySQL on Ubuntu is pretty straightforward.

sudo apt install mysql-server -y
Installing LAMP Server on Localhost on Ubuntu

To start and enable the MySQL service, run the following commands.

sudo systemctl start mysql

sudo systemctl enable mysql

Verify that the MySQL service is running by checking its status.

sudo systemctl status mysql

You will see output similar to this:

Installing LAMP Server on Localhost on Ubuntu

Hardening MySQL (optional if you are testing)

The default configuration of MySQL leaves your installation insecure. To secure it, you need to run a pre-installed security script that comes with MySQL. It changes some of the less secure default options for things like remote root logins and sample user databases.

Now you may not need to do this if you are just testing LAMP stack deployment on local server. But if you are going to use it in real-world scenarios, you should harden the MySQL install.

Run the mysql_secure_installation command to improve the security of your MySQL installation:

sudo mysql_secure_installation

You will be presented with a series of questions.

The first question asks if you want to enable the VALIDATE PASSWORD PLUGIN. This plugin tests passwords for strength and allows you to set only strong passwords for MySQL users.

Installing LAMP Server on Localhost on Ubuntu

Next, you will be asked to select a level of password validation policy.

There are three levels of password validation policy: low, medium, and strong. Type the number that corresponds to the password policy you want to implement and press Enter.

Installing LAMP Server on Localhost on Ubuntu

You will be asked to provide a strong password for the MySQL user. A strong password should be at least eight characters long and contain a mix of uppercase letters, lowercase letters, numbers, and special characters.

Type the new strong password for the MySQL user and press Enter. Next, retype the password to confirm it and press Enter again.

Installing LAMP Server on Localhost on Ubuntu

For the rest of the questions, you just press Y and hit Enter. This will remove the anonymous user accounts, disable root logins outside of localhost, remove the test databases, and reload the privilege tables.

Installing LAMP Server on Localhost on Ubuntu

You have now completed the basic MySQL installation and configuration. You can now move on to installing PHP.

Step 3: Installing PHP

PHP is a server-side scripting language that is used to process dynamic content requests. It can be embedded into HTML code or used as a standalone programming language. This is the last component of the LAMP stack.

To install PHP and the necessary modules, run the following command.

sudo apt install php libapache2-mod-php php-mysql -y
Installing LAMP Server on Localhost on Ubuntu

The php-mysql module allows PHP to communicate with MySQL databases. The libapache2-mod-php module lets Apache process PHP code.

Once the installation completes, you can check the version of PHP that was installed by typing:

php --version

Step 4: Test your LAMP stack by creating a PHP file

Now you have all of the components of the LAMP stack installed on your Ubuntu system.

But is it working? Let’s create a PHP file and test it out.

PHP files usually have the extension .php. Create a file called info.php in the /var/www/html directory. This is the default Apache document root directory.

Open the file in Nano or any other terminal based text editor.

sudo nano /var/www/html/info.php

Add the following line of code to the file and save it. This line will output the text “PHP is working” if the file is accessed through a web browser.

<?php echo "PHP is working"; ?>

Restart the Apache web server to make sure the changes take effect.

sudo systemctl restart apache2

Now, visit your localhost address in a web browser, and you will see the text “PHP is working,” as shown below.

Installing LAMP Server on Localhost on Ubuntu

You have now successfully set up a LAMP stack on your Ubuntu machine.

Conclusion

Apache is not the only web server. Lately, OpenLiteSpeed has also gotten quite popular. If you want to try it, you can replace the LAMP stack with LOMP stack.

The LOMP stack installation on Ubuntu is similar to this tutorial. In case you feel experimental, you can test your hands on it.

With this basic LAMP installation complete, you can now install a content management system like WordPress or Drupal, or even start coding your own PHP application.

Connect to SSH Server on Alternate Port

Connect to SSH Server on Alternate Port

By default, SSH utilizes port number 22 and many sysadmins change it to avoid the influx of bot attacks trying to brute-force their way in.

If you have to connect to a server via SSH but to a port other than the default one, use:

ssh -p port_number username@ServerIP

Of course, you have to replace the variables like port_number, username and server’s IP.

Let me go into detail and show how to add an alternate port of SSH and connect to it.

How to connect to SSH Server using an alternate port

The first step will be to connect to the SSH server and check whether the port you desire to use is already being utilized or not.

ssh user@serverIP

Now, let’s check whether port no 2222 is being used or not using the ss command:

sudo ss -tulpn | grep ':2222'
Connect to SSH Server on Alternate Port

As you can clearly see, port no 22 is being used by process ID 889 while port no 2222 is not being utilized making it perfect for our use case.

Now, let’s begin with changing firewall rules.

Configure Firewall to access SSH via alternate port

It is always advised to change firewall rules before changing the SSH port especially if you’re dealing with a remote server.

As I’ll be adding port no. 2222 as an alternate port for SSH, I’m required to use the given command:

sudo ufw allow 2222/tcp
Connect to SSH Server on Alternate Port

If you are utilizing SELinux, make sure to allow SSH to run on configured alternate port:

sudo semanage port -a -t ssh_port_t -p tcp 2222

Add alternate port to SSH config file

I will keep port 22 and add another port so you can access SSH through both of them.

First, open the SSH config file by the given command:

sudo nano /etc/ssh/sshd_config

Then remove the comment from Port 22 line and add your desired port just below that:

Connect to SSH Server on Alternate Port

To make those changes, you will have to restart the ssh service:

sudo systemctl restart sshd

Connect to SSH using an alternate port

As I mentioned earlier, I have kept port no 22 as it is so if you find any error, you can always troubleshoot VM via the default port.

You will have to specify the alternate port with -p option as shown:

ssh -p 2222 user@ServerIP
Connect to SSH Server on Alternate Port

And you can always use the old default way (with port 22). For example, I have used multiple terminal windows with default and alternate ports:

Connect to SSH Server on Alternate Port

Wrapping Up

This was my take on how you can add an alternate port to access SSH while keeping the default port as it is.

I hope this helps you and if you find any difficulties, make sure to SSH them the comments.

Microsoft Latest Patch Fixes New Windows Zero-Day With No Patch for Exchange Server Bugs

Recent news reports show that Microsoft’s Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild.

It appears that out of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server.

Notably, the patches come alongside updates to resolve 12 other flaws in the Chromium-based Edge browser that have been released since the beginning of the month.

Microsoft’s latest patch has topped the list of this month’s patches is CVE-2022-41033 (CVSS score: 7.8), a privilege escalation vulnerability in Windows COM+ Event System Service. An anonymous researcher has been credited with reporting the issue.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” the company said in an advisory, cautioning that the shortcoming is being actively weaponized in real-world attacks.

Observations show the nature of the flaw also means that the issue is likely chained with other flaws to escalate privilege and carry out malicious actions on the infected host.

“This specific vulnerability is a local privilege escalation, which means that an attacker would already need to have code execution on a host to use this exploit,” Kev Breen, director of cyber threat research at Immersive Labs, said.

In addition, three other elevation of privilege vulnerabilities of note relate to Windows Hyper-V (CVE-2022-37979, CVSS score: 7.8), Active Directory Certificate Services (CVE-2022-37976, CVSS score: 8.8), and Azure Arc-enabled Kubernetes cluster Connect (CVE-2022-37968, CVSS score: 10.0).

Even with the “Exploitation Less Likely” tag for CVE-2022-37968, Microsoft noted that a successful exploitation of the flaw could permit an “unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster.”

Patch update CVE-2022-41043 (CVSS score: 3.3) – an information disclosure vulnerability in Microsoft Office – is listed as publicly known at the time of release. It could be exploited to leak user tokens and other potentially sensitive information, Microsoft said.

Additionally fixed by Redmond are eight privilege escalation flaws in Windows Kernel, 11 remote code execution bugs in Windows Point-to-Point Tunneling Protocol and SharePoint Server, and yet another elevation of privilege vulnerability in the Print Spooler module (CVE-2022-38028, CVSS score: 7.8).

In conclusion, the Patch Tuesday update further addresses two more privilege escalation flaws in Windows Workstation Service (CVE-2022-38034, CVSS score: 4.3) and Server Service Remote Protocol (CVE-2022-38045, CVSS score: 8.8).

Lastly, web security company Akamai, which discovered the two shortcomings, said they “take advantage of a design flaw that allows the bypass of [Microsoft Remote Procedure Call] security callbacks through caching.”

Software Patches from Other Vendors

As well as Microsoft, security updates have also been released by several vendors to rectify dozens of vulnerabilities, including —

The post Microsoft Latest Patch Fixes New Windows Zero-Day With No Patch for Exchange Server Bugs appeared first on IT Security Guru.

How to Setup OpenVPN Server in Ubuntu 22.04 [The Easy Way]

This simple tutorial shows how to easily setup OpenVPN in your Ubuntu 20.04 | 22.04 server and connect remotely in Windows or Linux with GNOME.

My PPTP and IKEv2 VPN server refused to work recently due to the Great Firewall (maybe). So I decided to setup OpenVPN in my Ubuntu VPS as a workaround.

DigitalOcean has a step by step setup guide, but it’s really long and complicated for beginners. Thankfully, there’s a free open-source script make things as easy as few commands.

Step 1: Install OpenVPN

As mentioned, there’s a script in the github to make things easy. It automatically detects your system, environment variable, IP address, and setup OpenVPN and firewall.

The script is totally safe in my own opinion, and you can view the code by yourself. Though, there’s always disclaimer that use it as your own risk!

1. First, connect to your Ubuntu/Debian server either via SSH or other method that you favorite. Then grab the script by wget:

wget https://git.io/vpn -O openvpn-install.sh

In case wget command does not exist, install via sudo apt install wget.

2. After downloaded the script, add executable permission via command:

chmod u+x openvpn-install.sh

3. Finally, run the script:

sudo bash openvpn-install.sh

It will ask you a few questions to confirm IP address if your server is running behind NAT, choose UDP or TCP, set which port to listen to, and select a NDS server. For lazy men, it’s OK hit Enter to use default for all previous questions.

But, you need to finally type a name for the client. It will create a .ovpn file with the name you just typed.

Default options are usually OK except the client name

After answering all the questions, hit any key to get start. It will do all the remained things, and generate a .ovpn file.

Step 2: Copy & paste the .ovpn to client machine

As the screenshot above shows you, it generates the .opvn file in /root directory in my case. In case you logged in via non-root user, copy the file to user’s home via:

sudo mv /root/*.ovpn ~/ && sudo chown $USER:$USER *.ovpn

Finally, you need to send the file to client machine, such as running the scp command below in your client PC (run this command in client/local machine):

scp -P 22 username@server-ip:~/*.ovpn ./

Replace * with the filename, though it works if there no other .ovpn files. And, change port number 22 if non-default SSH listening port in use.

Step 3: Connect to OpenVPN server in Ubuntu/Fedora

GNOME desktop has built-in client support for OpenVPN connection. Simply open Gnome Control Center (aka Settings) via the top-right corner system status menu.

Then, go to ‘network’ in left pane, and click on ‘+’ after VPN section. Finally, click ‘Import from file…’

In the pop-up file selection dialog, choose the .ovpn file you got from the server side. It will generate the VPN network automatically once you click open (see the screenshot below).

It automatically create the VPN network after selected the .ovpn file

The default configurations are OK, though you may click editing advanced options as you need. After clicking on ‘Add’ button, you can finally start connecting to the OpenVPN server either within Gnome Control Center or system status menu:

Connect from Windows & macOS:

OpenVPN website provides a client application for Windows and macOS users, simply download and install the app. Then, drop the .ovpn file into app window to create VPN connection.

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

In customer guidance released Thursday, Microsoft said it is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability that can enable an authenticated attacker to remotely trigger the second zero-day vulnerability — CVE-2022-41082 — which allows remote code execution (RCE) when PowerShell is accessible to the attacker.

Microsoft said Exchange Online has detections and mitigation in place to protect customers. Customers using on-premises Microsoft Exchange servers are urged to review the mitigations suggested in the security advisory, which Microsoft says should block the known attack patterns.

Vietnamese security firm GTSC on Thursday published a writeup on the two Exchange zero-day flaws, saying it first observed the attacks in early August being used to drop “webshells.” These web-based backdoors offer attackers an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser.

“We detected webshells, mostly obfuscated, being dropped to Exchange servers,” GTSC wrote. “Using the user-agent, we detected that the attacker uses Antsword, an active Chinese-based opensource cross-platform website administration tool that supports webshell management. We suspect that these come from a Chinese attack group because the webshell codepage is 936, which is a Microsoft character encoding for simplified Chinese.”

GTSC’s advisory includes details about post-compromise activity and related malware, as well as steps it took to help customers respond to active compromises of their Exchange Server environment. But the company said it would withhold more technical details of the vulnerabilities for now.

In March 2021, hundreds of thousands of organizations worldwide had their email stolen and multiple backdoor webshells installed, all thanks to four zero-day vulnerabilities in Exchange Server.

Granted, the zero-day flaws that powered that debacle were far more critical than the two detailed this week, and there are no signs yet that exploit code has been publicly released (that will likely change soon). But part of what made last year’s Exchange Server mass hack so pervasive was that vulnerable organizations had little or no advance notice on what to look for before their Exchange Server environments were completely owned by multiple attackers.

Microsoft is quick to point out that these zero-day flaws require an attacker to have a valid username and password for an Exchange user, but this may not be such a tall order for the hackers behind these latest exploits against Exchange Server.

Steven Adair is president of Volexity, the Virginia-based cybersecurity firm that was among the first to sound the alarm about the Exchange zero-days targeted in the 2021 mass hack. Adair said GTSC’s writeup includes an Internet address used by the attackers that Volexity has tied with high confidence to a China-based hacking group that has recently been observed phishing Exchange users for their credentials.

In February 2022, Volexity warned that this same Chinese hacking group was behind the mass exploitation of a zero-day vulnerability in the Zimbra Collaboration Suite, which is a competitor to Microsoft Exchange that many enterprises use to manage email and other forms of messaging.

If your organization runs Exchange Server, please consider reviewing the Microsoft mitigations and the GTSC post-mortem on their investigations.

How to Deploy ONLYOFFICE Docs Server on RHEL/CentOS

How to Deploy ONLYOFFICE Docs Server on RHEL/CentOS

ONLYOFFICE Docs is a web-based office package that is designed for local deployment and comes with a free desktop client for Linux, Windows and macOS. The suite is open-source and combines collaborative editors for text documents, spreadsheets, presentations and fillable forms that are highly compatible with the OOXNL formats (DOCX, XLSX and PPTX). ONLYOFFICE Docs is also equipped with a viewer for PDF and DjVu files and can convert such files to other formats.

ONLYOFFICE Docs offers a set of standard editing tools and features for collaborative work, including, Fast and Strict co-editing modes, Track Changes, Version History, comment and user mentions, document comparison and real-time communication.

With ONLYOFFICE Docs, it’s possible to create a collaborative environment on a Linux server by integrating the suite with a file-sharing platform or a DMS service. The most popular integration examples include Nextcloud, Seafile, ownCloud, Redmine, WordPress, Confluence, SharePoint, Alfresco, Chamilo, Liferay, Moodle, etc.

This detailed guide will help you install and configure the most recent version of ONLYOFFICE Docs (Community Edition) on CENTOS/RHEL.

Prerequisites:

  • CPU: a dual-core processor with 2 GHz or higher;
  • RAM: at least 2 GB;
  • HDD: at least 40 GB of free disc space;
  • Swap space: at least 4 GB;
  • OS: RHEL 7/CentOS 7 minumum

Additional requirements:

  • PostgreSQL: v12.9+
  • NGINX: v1.3.13+
  • RabbitMQ

To start the installation process of ONLYOFFICE Docs, you need to install and set up NGINX, PostgreSQL and RabbitMQ in your  RHEL /CentOS server.

Version 7.2: what’s new

At the moment, the latest version of ONLYOFFICE Docs is the recently released v7.2 that comes with a lot of new features, UI improvements and new languages.

For example, v7.2 offers new interface themes (Dark Contrast and Same as System), ligatures support, new types of interactive fields (Phone Number, Email Address and Complex Field) and new field parameters in fillable forms, Paste Special hotkeys, support for OLE spreadsheets and a brand-new plugin manager that allows you to install and delete third-party plugins for ONLYOFFICE Docs with a few clicks.

Step 1: Install the required dependencies

Let’s go ahead and install the dependencies.

Installing NGINX

The first component you need to install is the latest version of the NGINX package. To set up the corresponding yum repository on RHEL 7/CentOS 7, let’s create a file named /etc/yum.repos.d/nginx.repo. The file should have the following contents:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key

After that, you need to install NGINX. This can be done with this command:

sudo yum install nginx
How to Deploy ONLYOFFICE Docs Server on RHEL/CentOS

Now you need to make some edits to the /etc/nginx/nginx.conf configuration file as follows:

user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main  '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

Now you can proceed with installing other components.

Installing the EPEL repository

To install the EPEL repository, you need to launch the following command:

sudo yum install epel-release

Installing and configuring PostgreSQL

Let’s install the PostgreSQL version that is included in your version of RHEL/CentOS:

sudo yum install postgresql postgresql-server

Next you need to Initialize the PostgreSQL database. This can be done the following way:

sudo service postgresql initdb
sudo chkconfig postgresql on

After that, it’s time to turn on the “trust” authentication method for the IPv4 and IPv6 internet protocols. For this purpose, you need to open the /var/lib/pgsql/data/pg_hba.conf file with a text editor. You need to find host all all 127.0.0.1/32 ident and replace it with the following string:

host all             all             127.0.0.1/32	           trust

Also, you need to find host all all ::1/128 ident and replace it with this:

host all             all             ::1/128	                trust

Once this is done, you need to save the changes and close the text editor. Let’s restart the PostgreSQL service with this command:

sudo service postgresql restart

Now you can create a PostgreSQL database and user but you need to run the following command first:

cd /tmp

This is required to prevent warning messages if running from the root. Let’s create a database and user:

sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"

Of course, it’s possible to use any name and password.

Installing RabbitMQ

Another component to be installed is RabbitMQ. This can be done with this command:

sudo yum install rabbitmq-server

Next you need to start this service:

sudo service rabbitmq-server start
sudo systemctl enable rabbitmq-server

Installing mscorefonts

Finally, you need to install the cabextract and xorg-x11-font-utils packages:

sudo yum install cabextract xorg-x11-font-utils

If you are running CentOS 7.8, the fontconfig component is also required. Let’s install it with this command:

sudo yum install fontconfig

Now you can install the msttcore fonts package:

sudo rpm -i https://deac-ams.dl.sourceforge.net/project/mscorefonts2/rpms/msttcore-fonts-installer-2.6-1.noarch.rpm

When all the required components are installed, you can proceed with the installation of ONLYOFFICE Docs.

Step 2: Install ONLYOFFICE Docs

Adding the ONLYOFFICE Docs repository

Before you start the installation process, you need to add the ONLYOFFICE Docs repository. This can be done with the following command:

sudo yum install https://download.onlyoffice.com/repo/centos/main/noarch/onlyoffice-repo.noarch.rpm

Installing ONLYOFFICE Docs

To install ONLYOFFICE Docs, you need to run this command:

sudo yum install onlyoffice-documentserver
How to Deploy ONLYOFFICE Docs Server on RHEL/CentOS

After that, you need to run the required dependent services:

sudo service supervisord start
sudo systemctl enable supervisord
sudo service nginx start
sudo systemctl enable nginx

After installation, ONLYOFFICE Docs will run as a process. Its package will be updated like any other RPM package.

Step 3: Change the default port for ONLYOFFICE Docs

By default, ONLYOFFICE Docs uses port 80 for incoming connections. To change the default port, you need to specify the required port number the DS_PORT environment variable with this command:

export DS_PORT=<PORT_NUMBER>

After that, you can proceed with the configuration of ONLYOFFICE Docs.

Step 4: Configure ONLYOFFICE Docs

Running the configuration script

To configure ONLYOFFICE Docs, you need to run the following script:

bash documentserver-configure.sh
How to Deploy ONLYOFFICE Docs Server on RHEL/CentOS

After that, you need to specify the PostgreSQL and RabbitMQ connection parameters. Let’s use the following data for this purpose:

PostgreSQL parameters:

  • Host: localhost
  • Database: onlyoffice
  • User: onlyoffice
  • Password: onlyoffice

RabbitMQ parameters:

  • Host: localhost
  • User: guest
  • Password: guest

Adding a firewall exception

To avoid problems with your firewall, let’s add the corresponding exception with these commands:

sudo firewall-cmd --zone=public--add-port=80/tcp --permanent
sudo firewall-cmd --reload

Step 5: Launch ONLYOFFICE Docs

When yo are done with the configuration of ONLYOFFICE Docs, you need to open your web browser and type http://localhost in the browser address bar. You will see the ONLYOFFICE Docs welcome page where you can find further information on how to enable document examples or integrate ONLYOFFICE Docs with your web application using the API.

How to Deploy ONLYOFFICE Docs Server on RHEL/CentOS

Conclusion

Congratulations! You have just successfully installed ONLYOFFICE Docs on RHEL/CentOS. You hope this article will help you to set up the ONLYOFFICE online office suite on your server and enjoy all the benefits of real-time document collaboration.

🐧LHB Linux Digest #22.10: Linux Server Security, Know Your System and More

🐧LHB Linux Digest #22.10: Linux Server Security, Know Your System and More

Unfortunately, I’ll have to start this month’s newsletter with sad news. The co-creator of Let’s Encrypt, Peter Eckersley, lost his battle with cancer at the age of 43. He was also the director of computer science at the Electronic Frontier Foundation and has worked on Certbot, Privacy Badger, HTTPS Everywhere and many other privacy-related projects. RIP, Peter.

💬 In this month’s issue:

  • Linux tips: A few tips on knowing your system
  • A few resources on securing Linux servers
  • And the usual newsletter elements like memes, deals and nifty tool

Integrate Nextcloud with ONLYOFFICE Docs on Your Linux Server

Integrate Nextcloud with ONLYOFFICE Docs on Your Linux Server

It’s common knowledge that Nextcloud is an ideal self-hosted replacement for Google Drive, OneDrive, Dropbox and other proprietary cloud storage software. It allows you to create a secure Sync&Share environment on your local server where you can keep files without putting your privacy under threat.

However, Nextcloud is not only about file-sharing and file storage. This platform can become much more powerful if you integrate it with third-party services. For example, you can easily enable real-time document editing and collaboration within your Nextcloud instance by connecting ONLYOFFICE Docs, an open-source office suite.

In this tutorial, you will learn the basics of deploying ONLYOFFICE Docs on your Linux server, integrating it with Nextcloud and properly configuring the official integration app for maximum performance.

Why ONLYOFFICE Docs?

Among all available office suites for Nextcloud, ONLYOFFICE Docs seems to be the perfect choice for a number of reasons. Firstly, it’s an open-source office package the source code of which is available on GitHubas ONLYOFFICE Document Server. Secondly, ONLYOFFICE Docs not only works with standard office files (text documents, spreadsheets and presentations) but also supports fillable forms. Thirdly, ONLYOFFICE Docs is natively compatible with the OOXML formats, so it flawlessly opens and saves Word, Excel and PowerPoint files.

In a nutshell, the integrated ONLYOFFICE and Netxlcoud solution offers the following advantages:

  • Creating and editing text documents, spreadsheets and presentations right from the Nextcloud interface;
  • Creating fillable forms with the ability to fill them out online;
  • Viewing PDF files;
  • Sharing office files using the advanced access permissions;
  • Adding watermarks for better document protection;
  • Real-time document collaboration with the Fast and Strict co-editing modes, Track Changes, Version History, comments, user mentions and communication via the built-in chat;
  • Real-time co-editing within various federated Nextcloud instances;
  • JWT to prevent unauthorized document access.

Prerequisites

Before proceeding with the installation process, you need to take care of some important requirements. Here’s a brief overview of what you need:

  • CPU: dual-core processor, 2 GHz or higher;
  • RAM: minimum 2 GB;
  • HDD: minimum 40 GB of free space;
  • Swap space: minimum 4 GB;
  • OS: 64-bit Linux-based distribution with kernel v3.10+;
  • Docker v1.10+

Docker is needed because it provides the easiest installation way. If your OS is not equipped with this tool, you can get its latest version from the official website.

When it comes to Nextcloud, you can take a look at this detailed guide in order to install it with the proper configuration.

If you have all the required components installed, and your system fully complies with the mentioned-above requirements, you can start the installation process. Let’s dive into it!

Installation of ONLYOFFICE Docs via Docker

To get started, you simply need to run Docker and launch this command:

sudo docker run -i -t -d -p 80:80 --restart=always onlyoffice/documentserver

It’s important to highlight that ONLYOFFICE Docs uses port 80 for incoming connections. If you prefer another port instead of the default port, run this command:

sudo docker run -i -t -d -p <PORT_NUMBER>:80 --restart=always onlyoffice/documentserver

In this command, <PORT_NUMBER> is the port number for ONLYOFFICE Docs.

After that, ONLYOFFICE Docs and all the essential dependencies will be installed automatically.

Configuration of data storage

ONLYOFFICE stores data in special directories, also known as data volumes. For example, all ONLYOFFICE Docs logs are stored at /var/log/onlyoffice, the certificates can be found at /var/lib/onlyoffice and the database is located at /var/lib/postgresql.

It’s a good practice to store your data outside the Docker container. This way you can easily upgrade to a new version of ONLYOFFICE Docs when it’s available without losing anything.

To be able to access your data, it’s necessary to mount the mentioned-above data volumes. For this purpose, simply specify the -v option when running Docker:

sudo docker run -i -t -d -p 80:80 --restart=always 
    -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  
    -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  
    -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice 
    -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver

If the folders that you are trying to mount don’t exist, they will be created anyway. However, your access will be restricted. With that being said, you will have to change the access rights on your own.

Generally, there is no need to store container data. However, it might be a wise idea to save such data in order to easily access logs or remove the data size limit within the Docker container. Also, it is very helpful if you use services (for example, PostgreSQL, RabbitMQ or Redis) that are not launched via Docker.

Enabling HTTPS

Let’s run ONLYOFFICE Docs via HTTPS:

sudo docker run -i -t -d -p 443:443 --restart=always 
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver

It is also possible to use Secure Sockets Layer (SSL) to prevent unauthorized access. SSL certificates can be issued by a certificate authority (CA) or you can use self-signed certificates. The latter option is not very safe and requires some additional steps. That’s why it’s advisable to resort to the services of a trusted certificate authority (CA).

To enable SSL, you need to have two files:

  • Private key (.key)
  • SSL certificate (.crt)

These files need to be placed in the following locations:

/app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt

Running ONLYOFFICE Docs via HTTPS using certbot

The most effortless way to run ONLYOFFICE Docs via HTTPS is to automatically get SSL certificates by Let’s Encrypt, a non-profit certificate authority, using certbot. This free software tool makes it possible to use Let’s Encrypt certificates.

To do so, you need to run ONLYOFFICE Docs via Docker. Don’t forget to specify ports 80 and 443 and enter your own values:

sudo docker run -i -t -d -p 80:80 -p 443:443 
-e LETS_ENCRYPT_DOMAIN=yourdomain.com -e LETS_ENCRYPT_MAIL=email@example.com  onlyoffice/documentserver

In this command:

LETS_ENCRYPT_DOMAIN is the domain name used for SSL certificates;

LETS_ENCRYPT_MAIL is the email address used upon registration.

The SSL certificate by Let’s Encrypt will be automatically generated and installed. Open your browser and access your ONLYOFFICE Docs instance. It should be available at https://yourdomain.com.

Integration of ONLYOFFICE and Nextcloud via an official connector

Now that you have working instances of ONLYOFFICE Docs and Nextcloud, it’s time to integrate them. For this purpose, you will need an official integration application developed by the ONLYOFFICE team. You can download it from the built-in application marketplace in Nexcloud or from GitHub. The former option is much easier:

  • Log into Nextcloud with administrator rights;
  • Find your user name in the upper right corner of the Nextcloud interface;
  • Click your user name and select Apps;
  • Enter the Tools category;
  • Find ONLYOFFICE and click Download and enable.

If done correctly, the ONLYOFFICE integration application will be downloaded automatically.

Alternatively, you can download the app from GitHub with this command:

wget https://github.com/ONLYOFFICE/onlyoffice-nextcloud/archive/refs/tags/vX.X.X.tar.gz

In this command, vX.X.Xshows the version of the ONLYOFFICE integration app. Always use the latest one to avoid problems. After that, unzip the downloaded archive:

tar -xvzf vX.X.X.tar.gz

Now you need to change the folder name. It must be onlyoffice:

mv onlyoffice-nextcloud-X.X.X onlyoffice

Then clone the source code and compile it by launching these commands one by one:

git clone https://github.com/ONLYOFFICE/onlyoffice-nextcloud.git onlyoffice
cd onlyoffice
git submodule update --init --recursive

Now move the folder to the Nextcloud apps directory:

cp -r /root/onlyoffice/ /var/www/html/apps/

Enter the Nextcloud apps directory:

cd /var/www/html/apps

Don’t forget to change the owner:

chown -R www-data:www-data onlyoffice

Get back to your Nextcloud instance and go to Settings. Find the Apps section and select Disabled apps. Find ONLYOFFICE and click Enable. That’s it. Now the integration app requires configuration.

Configuration of the integration app

Open the Settings page. There you will see the Administration section. Find ONLYOFFICE and configure these options:

  • In the ONLYOFFICE Docs address field, enter the URL address of your ONLYOFFICE Docs instance (ONLYOFFICE Document Server). If you installed the office suite on a custom port, you need to specify it. For example, http://127.0. 0.1:8081/.
  • The Disable certificate verification (insecure) box is designed for disabling certificate verification to allow Nextcloud to establish a connection with the ONLYOFFICE Document Server in case you use self-signed SSL certificates. This option is not recommended.
  • The Secret key field is meant for signing data. We will get back to this option later when enabling JWT protection.

Sometimes network configurations don’t allow for internal requests between Nextcloud and the ONLYOFFICE Document Server via public addresses. If this is the case, you have to specify the following addresses in Advanced server settings:

  • ONLYOFFICE Docs address for internal requests from the server is the URL address that allows Nextcloud to access ONLYOFFICE Docs;
  • Server address for internal requests from ONLYOFFICE Docs is the URL address that allows the ONLYOFFICE Document Server to access Nextcloud.
Integrate Nextcloud with ONLYOFFICE Docs on Your Linux Server

Enter the required addresses and click Save. You will see some other available options. For example, the common and customization settings. Configure the ONLYOFFICE editors the way you like and click Save again.

Integrate Nextcloud with ONLYOFFICE Docs on Your Linux Server

Enabling JWT protection

To protect your documents with JSON Web Token (JWT), you need to enable the token validation option and enter your secret key on the ONLYOFFICE settings page.

Find the local.json file and open it using a text editor. For that to happen, enter the ONLYOFFICE Docs container by launching the docker exec -it <containerID> bashcommand and open the /etc/onlyoffice/documentserver/local.jsonfile.

To enable token validation, you need to set the false values to true in these three sections:

  • services.CoAuthoring.token.enable.browser
  • services.CoAuthoring.token.enable.request.inbox
  • services.CoAuthoring.token.enable.request.outbox

Specify your secret key. It must be the same in all three sections:

services.CoAuthoring.secret.inbox.string
services.CoAuthoring.secret.outbox.string
services.CoAuthoring.secret.session.string
{
  "services": {
    "CoAuthoring": {
      "token": {
        "enable": {
          "request": {
            "inbox": true,
            "outbox": true
          },
          "browser": true
        }
      },
      "secret": {
        "inbox": {
          "string": "yoursecret"
        },
        "outbox": {
          "string": "yoursecret"
        },
        "session": {
          "string": "yoursecret"
        }
      }
    }
  }
}

Save the file and restart the services:

supervisorctl restart all

Finally, don’t forget to specify the same secret key in the ONLYOFFICE settings.

Now you have done it! You have just built a collaborative environment on your local server. From now on, you can keep all your documents in Nextcloud and open them for editing and collaboration with ONLYOFFICE Docs.

Integrate Nextcloud with ONLYOFFICE Docs on Your Linux Server

We hope this tutorial helps you to integrate Nextcloud and ONLYOFFICE Docs. If you have any questions or suggestions, don’t hesitate to let us know in the comment section below.

How To Install Nextcloud On An Ubuntu Server

How To Install Nextcloud On An Ubuntu Server

Introduction, and Getting Started

Nextcloud is a powerful productivity platform that gives you access to some amazing features, such as collaborative editing, cloud file sync, private audio/video chat, email, calendar, and more! Best of all, Nextcloud is under your control and is completely customizable. In this article, we’re going to be setting up our very own Nextcloud server on Linode. Alternatively, you can also spin up a Nextcloud server by utilizing the Linode marketplace, which you can use to set up Nextcloud in a single click. However, this article will walk you through the manual installation method. While this method has more steps, by the end you’d have built your very own Nextcloud server from scratch, which will be not only a valuable learning experience – you’ll become intimately familiar with the process of setting up Nextcloud. Let’s get started!

In order to install Nextcloud, we’ll need a Linux instance to install it onto. That’s the easy part – there’s no shortage of Linux on Linode, so what we’ll do in order to get started, is create a brand-new Ubuntu 20.04 Linode instance to serve as our base. Many of the commands we’ll be using have changed since Ubuntu 20.04, so while you might be tempted to start with a newer instance, these commands were all tested on Ubuntu 20.04. And considering that Ubuntu 20.04 is supported until April of 2025, it’s not a bad choice at all.

Creating your instance

During the process of creating your new Linode instance, choose a region that’s closest to you geographically (or close to your target audience). For the instance type, be sure to choose a plan with 2GB of RAM (preferably 4GB). You can always increase the plan later, should you need to do so. You can save some additional money by choosing an instance from the Shared CPU section. For the label, give it a label that matches the designated purpose for the instance. A good name might be something like “nextcloud”, but if you have a domain for you instance, you an use that as the name as well.

Continuing, you can consider using tags, which are basically basically a name value pair you can add to your instance. This is completely optional, but you could create whatever tags for your instance if you have a need to do so. For example, you could have a “production” tag, or maybe a “development” tag depending on whether or not you intend to use the instance for production. Again, this is optional, and there’s no right or wrong way to tag an instance. If in doubt, you can just leave this blank.

Next, the root password should be unique, and preferably, randomly-generated. This password in particular is going to be the password we will use to log into our instance so make sure you remember it. SSH keys are preferred, and if you have one set up within your profile, you can check a box on this page to add it to your instance.