Deployment (container)
elDoc All-in-One (AIO) Container Guide
Introduction
This document explains how to set up and run the elDoc application in a single "all-in-one" container (AIO) using Podman (or Docker). The AIO image bundles elDoc plus all its dependencies.
Requirements
- Podman (or Docker) installed. If using Docker, simply replace
podman
withdocker
in the examples below. - A domain name (internal or external) for hosting elDoc.
- Persistent storage for:
data
(application data)conf
(configuration files)- Optionally
logs
(application logs — strongly recommended).
Container Overview
Exposed Ports
443
– HTTPS
Mounted Volumes
/data
– application data (required)/conf
– configuration (required)/logs
– logs (optional but recommended)
Environment Variables
ELDOC_BASE_URL
– domain name used to access elDoc (default:eldoc.local
)COLLABORA_HOST_URL
– URL of an external Collabora service (see External Collabora Online service section for details). If unset, the embedded Collabora service will start instead of using external one.DISABLE_EMBEDDED_MONGODB
– set totrue
to disable the embedded MongoDB server (see External MongoDB database section below).
Self-Signed SSL Certificates
On first startup, the container generates self-signed certs at:/conf/nginx/cert/eldoc.crt
/conf/nginx/cert/eldoc.key
To use your own certificates (e.g. from a trusted CA), simply overwrite those files before starting the container.
Installing & Running
1. Pull the elDoc AIO Image
podman pull registry.eldoc.online/eldoc/eldoc-aio:latest
In case authentication is required, execute the following commands instead (request USERNAME and PASSWORD from elDoc Support):
podman login registry.eldoc.online -u USERNAME podman pull registry.eldoc.online/eldoc/eldoc-aio:latest podman logout registry.eldoc.online
2. Start the Container
2.1. As a systemd quadlet (auto-start on boot)
Create
/etc/containers/systemd/eldoc.container
service file with the following content:[Unit] Description=elDoc All-in-One (AIO) Container [Container] Image=registry.example.com/eldoc/eldoc-aio:latest ContainerName=eldoc PublishPort=443:443 Environment=ELDOC_BASE_URL="eldoc.domain.com" Volume=/path/to/data:/local/data Volume=/path/to/conf:/local/conf Volume=/path/to/logs:/local/logs [Service] Restart=always [Install] WantedBy=multi-user.target default.target
Notes:
- Replace
eldoc.domain.com
with your actual domain name used for accessing elDoc system. - When using some of the components of the elDoc system deployed as external containers recommended to add the following configuration parameters:
Execute commandNetwork=eldoc-net NetworkAlias=eldoc.domain.com
podman network create eldoc-net
to create a respective network
- Replace
Reload systemd and start:
systemctl daemon-reload && systemctl enable --now eldoc
(Optional) For diagnostics, you can also start it manually:
podman run -d \ --name eldoc \ -p 443:443 \ -v /path/to/data:/local/data \ -v /path/to/conf:/local/conf \ -v /path/to/logs:/local/logs \ -e ELDOC_BASE_URL="eldoc.domain.com" \ eldoc/eldoc-aio:latest
2.2. Container parameters
-d
- runs application in background-p 443:443
- maps port 443/TCP to be used accessing elDoc-v /path/to/data:/local/data
- mounts/path/to/data
directory into container to store elDoc data-v /path/to/conf:/local/conf
- mounts/path/to/conf
directory into container to store elDoc and its dependencies configuration files-v /path/to/data:/local/logs
- mounts/path/to/logs
directory into container to store elDoc and its dependencies logs (Optional)-e ELDOC_BASE_URL="eldoc.domain.com"
- configures elDoc to be accessed usingeldoc.domain.com
domain name-e COLLABORA_HOST_URL="http://coolwsd.domain.com:9980"
- configures elDoc to use Collabora service, available athttp://coolwsd.domain.com:9980
url-address (Optional). See External Collabora Online service section for details.
IMPORTANT! While mounting /local/logs directory is optional, for troubleshooting elDoc system it is recommended to have it mounted to host system to have access to elDoc logs.
IMPORTANT! During first start, container will enable Maintenance Mode for elDoc for initial setup. Credentials for accessing elDoc in Maintenance Mode are printed to the container logs (both console and init.log file in logs directory).
It is strongly recommended to disable Maintenance Mode after initial system configuration! For more details, please refer to elDoc documentation
3. Verifying container is running
systemctl status eldoc # or podman ps
Given commands should show container Status as Active: active(running)
in case of systemctl
or Up X minutes
in Status column, if using podman ps
4. Access Logs
To access general container logs, use following command:
journalctl -xeu eldoc # or podman logs eldoc
Where eldoc
is the name of the container, specified during launch. This will provide generic container logs, describing startup process of the elDoc system, similar to:
... 2025-03-27 09:29:22,877 INFO success: supervisord-watchdog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2025-03-27 09:29:23,884 INFO success: jmc entered RUNNING state, process has stayed up for > than 2 seconds (startsecs) 2025-03-27 09:29:23,884 INFO success: nginx entered RUNNING state, process has stayed up for > than 2 seconds (startsecs) 2025-03-27 09:29:27,141 INFO success: mongodb entered RUNNING state, process has stayed up for > than 5 seconds (startsecs) 2025-03-27 09:29:27,142 INFO success: solr entered RUNNING state, process has stayed up for > than 5 seconds (startsecs) 2025-03-27 09:29:27,142 INFO success: coolwsd entered RUNNING state, process has stayed up for > than 5 seconds (startsecs) 2025-03-27 09:29:52,639 INFO success: eldoc entered RUNNING state, process has stayed up for > than 30 seconds (startsecs)
To access more detailed logs, navigate to the folder that was mounted to /local/logs
directory (see start container command).
5. Stop & Restart
systemctl start eldoc # Start container systemctl stop eldoc # Stop container systemctl restart eldoc # Restart container
Updating elDoc system
Please refer to Update Guide and Release Notes to ensure valid upgrade path in case of breaking changes
1. Backup elDoc data
To perform backup, it is enough to stop container with podman stop eldoc
and copy data
and conf
directories, that was mounted to container during startup. It is also recommended to backup logs
directory to maintain consistent elDoc logs history.
2. Stop and remove elDoc container
Use the following command to stop and remove elDoc AIO container:
systemctl stop eldoc
3. Pull new elDoc AIO image
podman pull registry.eldoc.online/eldoc/eldoc-aio:latest
4. Migrations
Perform additional upgrade/migration steps, if mentioned in release noted/upgrade guide
5. Start new elDoc AIO container
systemctl start eldoc
Resources management
To restrict container CPU or Memory usage, please adjust [Container]
section of elDoc AIO container file in /etc/containers/systemd/
, adding required resources restrictions:
[Container] ... PodmanArgs=--cpus=12 --memory=32g
This will add resources limits of 8 CPU cores and 32 GB memory for elDoc AIO container. Please, refer to System requirements documentation page for minimal elDoc application requirements.
By default, elDoc AIO container will dynamically manage resources limits inside container for each running service. To set explicit limits, please use following environment variables:
ELDOC_MEMORY_MAX
- maximum amount of memory, that can be used by elDoc application. Size should be specified with units, i.e.ELDOC_MEMORY_MAX=4g
to allocate 4 GB memory;JMC_MEMORY_MAX
- maximum amount of memory, that can be used by JMC application. Size should be specified with units, i.e.JMC_MEMORY_MAX=512m
to allocate 512 MB memory;SOLR_MEMORY_MAX
- maximum amount of memory, that can be used by Solr application. Size should be specified with units, i.e.SOLR_MEMORY_MAX=1g
to allocate 1 GB memory;
IMPORTANT: Provided memory limits are applied only if all of them are set. If some of values are missing - elDoc AIO container will automatically calculate limits, depending on available memory and ignore provided parameters.
Using external services
1. External Collabora Online service
To use an external Collabora Online service, provide the environment variable COLLABORA_HOST_URL to the eldoc-aio container. The value should point to the Collabora Online service, for example: "http://coolwsd.domain.com:9980" or "http://IP:9980".
Important: use protocol "http", since by default the eldoc-aio container acts as a reverse proxy — it terminates HTTPS connections from end-users and communicates with the external Collabora Online service over plain HTTP.
When COLLABORA_HOST_URL is set, the embedded Collabora Online (CODE) service is disabled and will not start with the container. To switch back to the embedded Collabora Online (CODE), simply remove this environment variable.
Connectivity requirements:
- The external Collabora Online service must be accessible from the server where the eldoc-aio container runs.
- The eldoc-aio container must also be accessible from the external Collabora Online container via the elDoc URL (bidirectional communication).
To make the external Collabora Online service work properly, you must apply the configuration parameters provided in the elDoc documentation. These parameters are required for correct integration.
2. External MongoDB database
To use external MongoDB database server, it is required to provide proper connection parameters for elDoc and JMC components, according to the guide elDoc documentation.
elDoc configuration file may be found in mapped conf
folder under conf/elDoc/eldoc.conf
path.
JMC configuration file may be found in mapped conf
folder under conf/jmc/config-eldoc.json
path.
IMPORTANT: After switching database from internal to external make sure to remove oplog.timestamp
file (can be found in the mounted conf
folder under conf/jmc/oplog.timestamp
path) and Solr core data files (can be found in the mounted data
folder under data/solrData/data/prd1
path) to ensure JMC properly updates full-text index. After this, JMC should perform initial dump. Initial dump progress and JMC status can be monitored in the mounted logs
folder.
When using external MongoDB server it is highly recommended to disable embedded MongoDB by setting DISABLE_EMBEDDED_MONGODB
container environment variable to true
. This can be done by deleting existing elDoc container, if present, and starting new container with additional Environment=DISABLE_EMBEDDED_MONGODB=true
or -e DISABLE_EMBEDDED_MONGODB=true
parameter.
Securing elDoc system
For security purposes, we recommend using valid signed SSL certificates. To replace initial self-signed certificates with new ones, replace existing certificate (nginx/cert/eldoc.crt
) and key (nginx/cert/eldoc.key
) files with new ones in the mounted conf
directory.
It is not recommended to expose MongoDB port 27017, unless strongly required. In case of exposing port, ensure secure access to it configured via firewall or other access policies.
Troubleshooting elDoc system
IMPORTANT! For troubleshooting elDoc system it is recommended to have /local/logs directory mounted to host system to have access to the elDoc logs.
Refer to the Container status check and elDoc logs to ensure container is up and running. This will provide generic overview of the system and give details about whether it is running or some of the services are failing.
To investigate further, check logs in the mounted logs
directory (see Starting elDoc for details). In case container was initially started without logs directory mounted, stop container and restart it with mounted logs
directory. This will allow to easily access elDoc AIO system logs, but only since the first start with mounted logs
folder. If you don't have logs
directory mounted and need to get access to previous logs, please refer to Copying files from container or Accessing running container documentation
Using elDoc system
For documentation on using elDoc system, please refer to the Official Documentation.
Last modified: September 09, 2025