elDoc All-in-One (AIO) Container Guide

Introduction

This document explains how to set up and run the elDoc application in a single "all-in-one" container (AIO) using Podman (or Docker). The AIO image bundles elDoc plus all its dependencies.

Requirements

Podman (or Docker) installed. If using Docker, simply replace podman with docker in the examples below.
A domain name (internal or external) for hosting elDoc.
Persistent storage for:
- data (application data)
- conf (configuration files)
- Optionally logs (application logs — strongly recommended).

Container Overview

Exposed Ports
- 443 – HTTPS
Mounted Volumes
- /data – application data (required)
- /conf – configuration (required)
- /logs – logs (optional but recommended)
Environment Variables
- ELDOC_BASE_URL – domain name used to access elDoc (default: eldoc.local)
- COLLABORA_HOST_URL – URL of an external Collabora service (see External Collabora Online service section for details). If unset, the embedded Collabora service will start instead of using external one.
- DISABLE_EMBEDDED_MONGODB – set to true to disable the embedded MongoDB server (see External MongoDB database section below).
Self-Signed SSL Certificates
On first startup, the container generates self-signed certs at:
- /conf/nginx/cert/eldoc.crt
- /conf/nginx/cert/eldoc.key
To use your own certificates (e.g. from a trusted CA), simply overwrite those files before starting the container.

Installing & Running

1. Pull the elDoc AIO Image

podman pull registry.eldoc.online/eldoc/eldoc-aio:latest

In case authentication is required, execute the following commands instead (request USERNAME and PASSWORD from elDoc Support):

podman login registry.eldoc.online -u USERNAME
podman pull registry.eldoc.online/eldoc/eldoc-aio:latest
podman logout registry.eldoc.online

2. Start the Container

2.1. As a systemd quadlet (auto-start on boot)

Create /etc/containers/systemd/eldoc.container service file with the following content:

[Unit]
Description=elDoc All-in-One (AIO) Container

[Container]
Image=registry.example.com/eldoc/eldoc-aio:latest
ContainerName=eldoc
PublishPort=443:443
Environment=ELDOC_BASE_URL="eldoc.domain.com"
Volume=/path/to/data:/local/data
Volume=/path/to/conf:/local/conf
Volume=/path/to/logs:/local/logs

[Service]
Restart=always

[Install]
WantedBy=multi-user.target default.target

Notes:

Replace eldoc.domain.com with your actual domain name used for accessing elDoc system.
When using some of the components of the elDoc system deployed as external containers recommended to add the following configuration parameters:
```
Network=eldoc-net
NetworkAlias=eldoc.domain.com
```
Execute command podman network create eldoc-net to create a respective network

Reload systemd and start:

systemctl daemon-reload && systemctl enable --now eldoc

(Optional) For diagnostics, you can also start it manually:

podman run -d \
  --name eldoc \
  -p 443:443 \
  -v /path/to/data:/local/data \
  -v /path/to/conf:/local/conf \
  -v /path/to/logs:/local/logs \
  -e ELDOC_BASE_URL="eldoc.domain.com" \
  eldoc/eldoc-aio:latest

2.2. Container parameters

-d - runs application in background
-p 443:443 - maps port 443/TCP to be used accessing elDoc
-v /path/to/data:/local/data - mounts /path/to/data directory into container to store elDoc data
-v /path/to/conf:/local/conf - mounts /path/to/conf directory into container to store elDoc and its dependencies configuration files
-v /path/to/data:/local/logs - mounts /path/to/logs directory into container to store elDoc and its dependencies logs (Optional)
-e ELDOC_BASE_URL="eldoc.domain.com" - configures elDoc to be accessed using eldoc.domain.com domain name
-e COLLABORA_HOST_URL="http://coolwsd.domain.com:9980" - configures elDoc to use Collabora service, available at http://coolwsd.domain.com:9980 url-address (Optional). See External Collabora Online service section for details.

IMPORTANT! While mounting /local/logs directory is optional, for troubleshooting elDoc system it is recommended to have it mounted to host system to have access to elDoc logs.

IMPORTANT! During first start, container will enable Maintenance Mode for elDoc for initial setup. Credentials for accessing elDoc in Maintenance Mode are printed to the container logs (both console and init.log file in logs directory).

It is strongly recommended to disable Maintenance Mode after initial system configuration! For more details, please refer to elDoc documentation

3. Verifying container is running

systemctl status eldoc
# or
podman ps

Given commands should show container Status as Active: active(running) in case of systemctl or Up X minutes in Status column, if using podman ps

4. Access Logs

To access general container logs, use following command:

journalctl -xeu eldoc
# or
podman logs eldoc

Where eldoc is the name of the container, specified during launch. This will provide generic container logs, describing startup process of the elDoc system, similar to:

...
2025-03-27 09:29:22,877 INFO success: supervisord-watchdog entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2025-03-27 09:29:23,884 INFO success: jmc entered RUNNING state, process has stayed up for > than 2 seconds (startsecs)
2025-03-27 09:29:23,884 INFO success: nginx entered RUNNING state, process has stayed up for > than 2 seconds (startsecs)
2025-03-27 09:29:27,141 INFO success: mongodb entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2025-03-27 09:29:27,142 INFO success: solr entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2025-03-27 09:29:27,142 INFO success: coolwsd entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2025-03-27 09:29:52,639 INFO success: eldoc entered RUNNING state, process has stayed up for > than 30 seconds (startsecs)

To access more detailed logs, navigate to the folder that was mounted to /local/logs directory (see start container command).

5. Stop & Restart

systemctl start eldoc       # Start container
systemctl stop eldoc        # Stop container
systemctl restart eldoc     # Restart container

Updating elDoc system

Please refer to Update Guide and Release Notes to ensure valid upgrade path in case of breaking changes

1. Backup elDoc data

To perform backup, it is enough to stop container with podman stop eldoc and copy data and conf directories, that was mounted to container during startup. It is also recommended to backup logs directory to maintain consistent elDoc logs history.

2. Stop and remove elDoc container

Use the following command to stop and remove elDoc AIO container:

systemctl stop eldoc

3. Pull new elDoc AIO image

podman pull registry.eldoc.online/eldoc/eldoc-aio:latest

4. Migrations

Perform additional upgrade/migration steps, if mentioned in release noted/upgrade guide

5. Start new elDoc AIO container

systemctl start eldoc

Resources management

To restrict container CPU or Memory usage, please adjust [Container] section of elDoc AIO container file in /etc/containers/systemd/, adding required resources restrictions:

[Container]
...
PodmanArgs=--cpus=12 --memory=32g

This will add resources limits of 8 CPU cores and 32 GB memory for elDoc AIO container. Please, refer to System requirements documentation page for minimal elDoc application requirements.

By default, elDoc AIO container will dynamically manage resources limits inside container for each running service. To set explicit limits, please use following environment variables:

ELDOC_MEMORY_MAX - maximum amount of memory, that can be used by elDoc application. Size should be specified with units, i.e. ELDOC_MEMORY_MAX=4g to allocate 4 GB memory;
JMC_MEMORY_MAX - maximum amount of memory, that can be used by JMC application. Size should be specified with units, i.e. JMC_MEMORY_MAX=512m to allocate 512 MB memory;
SOLR_MEMORY_MAX - maximum amount of memory, that can be used by Solr application. Size should be specified with units, i.e. SOLR_MEMORY_MAX=1g to allocate 1 GB memory;

IMPORTANT: Provided memory limits are applied only if all of them are set. If some of values are missing - elDoc AIO container will automatically calculate limits, depending on available memory and ignore provided parameters.

Using external services

1. External Collabora Online service

To use an external Collabora Online service, provide the environment variable COLLABORA_HOST_URL to the eldoc-aio container. The value should point to the Collabora Online service, for example: "http://coolwsd.domain.com:9980" or "http://IP:9980".

Important: use protocol "http", since by default the eldoc-aio container acts as a reverse proxy — it terminates HTTPS connections from end-users and communicates with the external Collabora Online service over plain HTTP.

When COLLABORA_HOST_URL is set, the embedded Collabora Online (CODE) service is disabled and will not start with the container. To switch back to the embedded Collabora Online (CODE), simply remove this environment variable.

Connectivity requirements:

The external Collabora Online service must be accessible from the server where the eldoc-aio container runs.
The eldoc-aio container must also be accessible from the external Collabora Online container via the elDoc URL (bidirectional communication).

To make the external Collabora Online service work properly, you must apply the configuration parameters provided in the elDoc documentation. These parameters are required for correct integration.

2. External MongoDB database

To use external MongoDB database server, it is required to provide proper connection parameters for elDoc and JMC components, according to the guide elDoc documentation.

elDoc configuration file may be found in mapped conf folder under conf/elDoc/eldoc.conf path.

JMC configuration file may be found in mapped conf folder under conf/jmc/config-eldoc.json path.

IMPORTANT: After switching database from internal to external make sure to remove oplog.timestamp file (can be found in the mounted conf folder under conf/jmc/oplog.timestamp path) and Solr core data files (can be found in the mounted data folder under data/solrData/data/prd1 path) to ensure JMC properly updates full-text index. After this, JMC should perform initial dump. Initial dump progress and JMC status can be monitored in the mounted logs folder.

When using external MongoDB server it is highly recommended to disable embedded MongoDB by setting DISABLE_EMBEDDED_MONGODB container environment variable to true. This can be done by deleting existing elDoc container, if present, and starting new container with additional Environment=DISABLE_EMBEDDED_MONGODB=true or -e DISABLE_EMBEDDED_MONGODB=true parameter.

Securing elDoc system

For security purposes, we recommend using valid signed SSL certificates. To replace initial self-signed certificates with new ones, replace existing certificate (nginx/cert/eldoc.crt) and key (nginx/cert/eldoc.key) files with new ones in the mounted conf directory.

It is not recommended to expose MongoDB port 27017, unless strongly required. In case of exposing port, ensure secure access to it configured via firewall or other access policies.

Troubleshooting elDoc system

IMPORTANT! For troubleshooting elDoc system it is recommended to have /local/logs directory mounted to host system to have access to the elDoc logs.

Refer to the Container status check and elDoc logs to ensure container is up and running. This will provide generic overview of the system and give details about whether it is running or some of the services are failing.

To investigate further, check logs in the mounted logs directory (see Starting elDoc for details). In case container was initially started without logs directory mounted, stop container and restart it with mounted logs directory. This will allow to easily access elDoc AIO system logs, but only since the first start with mounted logs folder. If you don't have logs directory mounted and need to get access to previous logs, please refer to Copying files from container or Accessing running container documentation

Using elDoc system

For documentation on using elDoc system, please refer to the Official Documentation.