elDoc deployment steps on CentOS 8 Linux / RedHat 8 Linux

Contents:

General assumptions

It is assumed that installation will be performed in the directory /local.

The folder structure is the following:

\local
|–-elDoc
|–-mongo
|–-mongoData
|–-java
|--tessData
|–-solr
|–-solrData
|–-jmc
|--ooDocServer

1. Java installation

Steps below assume that you have downloaded Azul Zulu Java archive named zulu11.52.13-ca-jre11.0.13-linux_x64.tar.gz

1) Create directory and un-tar archive

mkdir /local/java && tar -xvzf zulu11.52.13-ca-jre11.0.13-linux_x64.tar.gz -C /local/java

2) Create symlink

ln -sfn /local/java/zulu11.52.13-ca-jre11.0.13-linux_x64/ /local/java/java_active

3) Set as default java runtime

alternatives --install /usr/bin/java java /local/java/java_active/bin/java 1

4) Configure Environment Variables

nano /etc/profile.d/java.sh

export JRE_HOME=/local/java/java_active
export PATH=$PATH:/local/java/java_active/bin

5) Verify successful Java deployment

Re-login into shell and execute: java -version

Output should be like shown below:

[root@eldoc.server.local /]# java -version
openjdk version "11.0.13" 2021-10-19 LTS
OpenJDK Runtime Environment Zulu11.52+13-CA (build 11.0.13+8-LTS)
OpenJDK 64-Bit Server VM Zulu11.52+13-CA (build 11.0.13+8-LTS, mixed mode)

2. MongoDB installation

The steps below are shown based on the latest available version 4.4 of MongoDB at time of writing this guide.

2.1. Installation using yum repository manager (recommended)

Reference to the MongoDB website: https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/

1) Create a repository config

nano /etc/yum.repos.d/mongodb-org-4.4.repo

[mongodb-org-4.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc

2) Install MongoDB packages

dnf install -y mongodb-org

3) Start MongoDB

IMPORTANT: before launching MongoDB process - make sure you have crated & configured mongodb via configuration file first (see below)

In order to enable and launch MongoDB service - execute the following command:

systemctl enable mongod && systemctl start mongod

2.2. Installation using tarball

1) Obtain the MongoDB tarball and extract it contents

tar -xvf mongodb-linux-x86_64-rhel80-4.4.2.tgz -C /local/

mv /local/mongodb-linux-x86_64-rhel80-4.4.2/ /local/mongo

2) Adjust limits after manual installation

Please review the MongoDB recommendations on adjusting the limits: https://docs.mongodb.com/manual/reference/ulimit/

3) Start MongoDB

IMPORTANT: before launching MongoDB process - make sure you have crated & configured mongodb via configuration file first (see below)

In order to launch MongoDB process manually - launch the following executable file:

/local/mongo/bin/mongod

2.3. Create & edit MongoDB configuration file

MongoDB configuration file should look similar to the one provided below.

nano /local/mongo/mongod.conf

systemLog:
  destination: file
  path: \local\mongo\mongod.log
  logAppend: true

storage:
  dbPath: \local\mongoData
  journal:
    enabled: true

processManagement:
  fork: true

net:
  bindIp: 0.0.0.0
  port: 27017

#security:
#  authorization: enabled  

2.4. Post-installation steps

• If SELinux is in enforcing mode, you must customize your SELinux policy for MongoDB:
  https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/#configure-selinux
  
  
• Disable Transparent Huge Pages (THP):
  https://docs.mongodb.com/manual/tutorial/transparent-huge-pages/

2.5. Users creation

1) Launch MongoDB shell

To launch MongoDB shell execute the following command:

mongo

In case of manually deployed MongoDB - you may need to download and extract MongoDB Database Tools. Assuming that Database Tools were extracted to the MongoDB bin directory, you may launch MongoDB Shell manually executing the following command:

/local/mongo/bin/mongo

2) Create root user in MongoDB

use admin

db.createUser( {user: "root", pwd: "XXXXXXX", roles: [{role: "root", db: "admin"}]} )

3) Create elDoc application user (follow the pattern of the db-name as shown below)

use eldoc_cidXXX 

db.createUser( {user: "cidXXX", pwd: "ZZZZZZZ", roles: [{role: "dbOwner", db: "eldoc_cidXXX"}]} )

Where cidXXX is an id of the elDoc DB user. Make sure that cidXXX used during DB creation is the same as the one stated in the elDoc config file (eldoc.conf)

4) Securely write down logins, db-names and passwords

5) Enable MongoDB authentication

Open MongoDB configuration file and uncomment the following lines:

security:
  authorization: enabled  

6) Restart MongoDB service

systemctl restart mongod

3. elDoc dependencies installation & configuration

3.1. Installation of the IDP dependencies

1) Download and install TessData

mkdir /local/tessData && cd /local/tessData

wget -O tessdata_best-4.1.0.zip https://github.com/tesseract-ocr/tessdata_best/archive/4.1.0.zip

unzip tessdata_best-4.1.0.zip

rm -f tessdata_best-4.1.0.zip

Variable idp.tessdata.path in the eldoc.conf file to be populated with the value /local/tessData/tessdata_best-4.1.0

idp.tessdata.path=/local/tessData/tessdata_best-4.1.0

3.2. Installation of the full-text search service

NOTE: This component provides full-text search functionality and is optional for deployment

1) Install prerequisites

dnf install lsof

2) Download and extract Apache Solr software

mkdir /local/solr && mkdir /local/solrData && mkdir /local/solrData/data
tar -zxvf solr-8.11.1.tgz -C /local/solr
ln -sfn /local/solr/solr-8.11.1/ /local/solr/solr
cp /local/solr/solr/server/solr/solr.xml /local/solrData/data/ && cp /local/solr/solr/server/solr/zoo.cfg /local/solrData/data/

3) Deploy provided Solr Core configuration

cd /local/_distr && wget https://dms-solutions.co/downloads/configset_elDoc-v5.4.2_Solr-v8.9.0.zip

unzip configset_elDoc-v5.4.2_Solr-v8.9.0.zip

mv solrData/data/configsets /local/solrData/data/configsets

rm -rf configset_elDoc-v5.4.2_Solr-v8.9.0

4) Create user for Solr service

groupadd solr
useradd -gsolr -s/bin/bash -M solr
chown -R solr:solr /local/solrData

5) Install Solr service

nano /etc/systemd/system/solr.service

[Unit]
Description=Apache Solr
After=syslog.target network.target

[Service]
Type=forking
User=solr
Restart=on-failure
LimitNOFILE=65000
LimitNPROC=65000
Environment="SOLR_INSTALL_DIR=/local/solr/solr"
Environment="SOLR_PID_DIR=/local/solrData"
Environment="SOLR_HOME=/local/solrData/data"
Environment="LOG4J_PROPS=/local/solrData/log4j.properties"
Environment="SOLR_LOGS_DIR=/local/solrData/logs"
Environment="SOLR_PORT=8983"
PIDFile=/local/solrData/solr-8983.pid
WorkingDirectory=/local/solrData
ExecStart=/local/solr/solr/bin/solr start
ExecReload=/local/solr/solr/bin/solr restart
ExecStop=/local/solr/solr/bin/solr stop

[Install]
WantedBy=multi-user.target

6) Enable and launch Solr service

systemctl daemon-reload && systemctl enable solr.service && systemctl start solr.service

3.3. Installation of the sync-service

NOTE: This component provides data synchronization capabilities between MongoDB and full-text search service and required to be installed only in case full-text search service was installed.

1) Download elDoc Java Mongo Connector

cd /local/_distr && wget https://dms-solutions.co/downloads/eldoc-jmc-1.3-service-distr.zip

2) Unzip and deploy required files

unzip eldoc-jmc-1.3-service-distr.zip

mv jmc /local/jmc && mv jmc.service /etc/systemd/system

mkdir /local/jmc/logs

chmod +x /local/jmc/jmc-service.sh

3) Create user and group for running synch service

groupadd jmc

useradd -gjmc -s/bin/bash -M jmc

4) Enable MongoDB replication

nano /etc/mongod.conf

replication
  replSetName: rs0

Restart MongoDB after adjusting configuration, then login to the MongoDB shell and initialize replication and create user for synch service:

mongo

use admin

db.auth("root")

rs.initiate()

db.createUser( {user: "jmc", pwd: passwordPrompt(), roles: ["backup"]} )

Securely write down created user credentials

5) Adjust config and access reghts for the config file as required

nano /local/jmc/config-eldoc.json

Adjust access rights for the sync service configuration

chmod 600 /local/jmc/config-eldoc.json

chown -R jmc:jmc /local/jmc/

6) Install and enable sync system service

Make necessary adjustments where required

nano /etc/systemd/system/jmc.service

[Unit]
Description=elDoc Java Mongo Connector Service
After=syslog.target network.target mongod.service solr.service
Requires=mongod.service solr.service

[Service]
User=jmc
Type=forking
ExecStart=/local/jmc/jmc-service.sh
ExecStop=/bin/kill -s TERM $MAINPID
WorkingDirectory=/local/jmc
SuccessExitStatus=143

[Install]
WantedBy=multi-user.target

Once sync service configured you may launch it by executing the following command:

systemctl daemon-reload && systemctl enable jmc.service && systemctl start jmc

3.4. Installation of the online editing service

NOTE: This component is optional and provides online editing capabilities for the office documents.

1) Installation of prerequisites

Online editing service is installed using container image. For this you need to install container manager software

dnf install podman

2) Create folders for the online editing service and environment settings file

mkdir /local/ooDocServer && mkdir /local/ooDocServer/cache && mkdir /local/ooDocServer/logs && mkdir /local/ooDocServer/data

nano /local/ooDocServer/ooDocServer.env

JWT_ENABLED=true
JWT_SECRET=[256bit key to be placed here, can be retrieved from: Administration -> Configuration -> Cipher keys generator -> Random 256bit cipher key (Hex-encoded)]

NOTE: Write down JWT_SECRET key value and add it to the elDoc configuration file (eldoc.conf) in the respective parameters.

3) Create self-signed cert to be used by online editing service container

mkdir /local/ooDocServer/data/certs/ && cd /local/ooDocServer/data/certs/

openssl genrsa -out onlyoffice.key 2048


openssl req -new -key onlyoffice.key -out onlyoffice.csr


openssl x509 -req -days 3650 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt

openssl dhparam -out dhparam.pem 2048

4) Install and launch online editing service container

podman run -i -t -d -p 18443:443 --name=ooDocServer --env-file /local/ooDocServer/ooDocServer.env \
    -v /local/ooDocServer/cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files \
    -v /local/ooDocServer/logs:/var/log/onlyoffice -v /local/ooDocServer/data:/var/www/onlyoffice/Data \
    onlyoffice/documentserver

After command successfully executed - stop the online editing service by executing command:

podman stop ooDocServer

5) Install online editing service as system service

nano /etc/systemd/system/ooDocServer.service

[Unit]
Description=Document Server (for elDoc)
After=eldoc.service mongod.service

[Service]
Restart=always
ExecStart=/bin/podman start -a ooDocServer
ExecStop=/bin/podman stop ooDocServer

[Install]
WantedBy=default.target

Once service configuration is created - execute the following command:

systemctl enable ooDocServer && systemctl start ooDocServer

3.5. Installation of the office conversion service

NOTE: This component is optional and provides online preview and document auto-filling functionality.

1) Office conversion service installed using standard Linux package manager

dnf install libreoffice-base libreoffice-writer libreoffice-math libreoffice-calc libreoffice-core libreoffice-draw libreoffice-emailmerge libreoffice-graphicfilter libreoffice-impress libreoffice-opensymbol-fonts libreoffice-data libreoffice-ure libreoffice-ure-common libreoffice-pyuno libreoffice-filters libreoffice-ogltrans libreoffice-pdfimport libreoffice-xsltfilter libreoffice-langpack-en libreoffice-langpack-ru libreoffice-langpack-uk libreofficekit libreoffice-headless

After executing the command above required packages will be installed in the system and automatically picked-up by the elDoc system.

3.6. Installation of the reverse-proxy service

NOTE: This component is optional for the deployment according to the "Scenario 1B".

1) Reverse-proxy (based on Nginx) is installed using standard Linux package manager. First check available versions

dnf module list nginx

2) Switch to the latest available version

dnf module enable nginx:1.20

In case of errors related to switching to the latest version - execute the command: dnf module reset nginx and try again

3) Install nginx reverse-proxy

dnf install nginx

4) Remove default configuration file

rm -f /etc/nginx/conf.d/default.conf

5) Create configuration for elDoc server by pasting the following content into the /etc/nginx/conf.d/eldoc.conf configuration file

nano /etc/nginx/conf.d/eldoc.conf

IMPORTANT: adjust parameters like (server_name, ssl_certificate, ssl_certificate_key) as required according to your environment.

upstream eldoc {
  server localhost:8080;
}

upstream officeservice {
  server localhost:18443;
}

map $http_upgrade $proxy_connection {
  default   upgrade;
  ""        close;
}

map $cache $expires {
  1         30d;
  default   off;
}

map $cache $control {
  1         "public, no-transform";
}

map $uri $cache {
  ~*\.(ico|css|js|gif|jpe?g|png|tif?f|woff|ttf|otf|svg|woff2|eot)$    1;
}

server {
  listen                     443 ssl http2;
  server_tokens              off;
  server_name                eldoc.domain.com;
  ssl_certificate            /etc/nginx/ssl/XXXXXX.crt;
  ssl_certificate_key        /etc/nginx/ssl/XXXXXX.key;
  ssl_protocols              TLSv1.2 TLSv1.3;
  ssl_ciphers                HIGH:!aNULL:!MD5;
  client_max_body_size       100M;
  error_page                 404                 /404.xhtml;
  expires                    $expires;
  add_header                 Cache-Control       $control;

  location / {
    proxy_pass             http://eldoc/;
    proxy_connect_timeout  600;
    proxy_send_timeout     600;
    proxy_read_timeout     600;
    send_timeout           600;
    proxy_http_version     1.1;
    proxy_set_header       Upgrade             $http_upgrade;
    proxy_set_header       Connection          $proxy_connection;
    proxy_set_header       Host                $host:$server_port;
    proxy_set_header       X-Real-IP           $remote_addr;
    proxy_set_header       X-Remote-IP         $remote_addr;
    proxy_set_header       X-Forwarded-Host    $host;
    proxy_set_header       X-Forwarded-Server  $host;
    proxy_set_header       X-Forwarded-Proto   $scheme;
    proxy_set_header       X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header       Proxy-IP            $remote_addr;
    proxy_set_header       Proxy-keysize       256;
  }

  # Not required in case online editing service is not installed
  location /officeservice {
    proxy_pass             https://officeservice/;
    proxy_connect_timeout  600;
    proxy_send_timeout     600;
    proxy_read_timeout     600;
    send_timeout           600;
    proxy_http_version     1.1;
    proxy_set_header       Upgrade             $http_upgrade;
    proxy_set_header       Connection          $proxy_connection;
    proxy_set_header       Host                $host;
    proxy_set_header       X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header       X-Remote-IP         $remote_addr;
    proxy_set_header       X-Real-IP           $remote_addr;
    proxy_set_header       X-Forwarded-Host    $host/officeservice;
    proxy_set_header       X-Forwarded-Server  $host;
    proxy_set_header       X-Forwarded-Proto   $scheme;
  }
}

6) Adjust firewall rules in case required

firewall-cmd --permanent --add-service=https && firewall-cmd --reload

7) Enable and start reverse-proxy service

systemctl enable nginx && systemctl start nginx

4. elDoc installation & configuration

1) Extract obtained elDoc distribution archive

Extract elDoc archive into /local/elDoc folder

2) Create user for running elDoc server (replace user name cidXXX with the provided name, if any)

groupadd eldoc

useradd -geldoc -s/bin/bash -M cidXXX

chown -R cidXXX:eldoc /local/elDoc

3) Edit elDoc configuration file in order to configure the elDoc system

nano /local/elDoc/eldoc.conf

chmod 600 /local/elDoc/eldoc.conf

4) Edit elDoc system service file and replace respective parameters (e.g.: User=cidXXX) where required

nano /local/elDoc/eldoc.service 

5) Install elDoc as a linux service

mv /local/elDoc/eldoc.service /etc/systemd/system/

systemctl enable eldoc

6) Start elDoc server

systemctl start eldoc

6) Initial login to the elDoc system and administrator user creation

In order to perform initial login to the elDoc system you need to enable "elDoc maintenance mode" via making the necessary adjustments in the eldoc.conf file. Once admin user is created in the elDoc system you need to disable the "elDoc maintenance mode".