elDoc All-in-One (AIO) Container Guide

Introduction

This document explains how to set up and run the elDoc application in a single "all-in-one" container (AIO) using Podman (or Docker). The AIO image bundles elDoc together with its required dependencies.

Requirements

• Podman (or Docker) installed. If using Docker, simply replace podman with docker in the examples below.

• A domain name (internal or external) for hosting elDoc.

• Persistent storage for:

  • data (application data)
  • conf (configuration files)
  • logs (application logs — initial login details are stored there)

Container Overview

• Exposed Ports

  • 443 – HTTPS via nginx reverse proxy
  • 8080 – HTTP direct access to elDoc (do not publish unless required or for diagnostic purposes)
  • 27017 – MongoDB (do not publish unless required or for diagnostic purposes)

• Mounted Volumes

  • /data – application data (required)
  • /conf – configuration (required)
  • /logs – logs (optional, strongly recommended)

• Environment Variables

  • ELDOC_HOST – domain name used to access elDoc (default: eldoc.lan)
  • DISABLE_EMBEDDED_MONGODB – set to true to disable the embedded MongoDB server (see External MongoDB database section below)
  • DISABLE_EMBEDDED_NGINX – set to true to disable the embedded nginx service
  • DISABLE_EMBEDDED_JMC – set to true to disable the embedded elDoc JMC sync service
  • DISABLE_EMBEDDED_SOLR – set to true to disable the embedded Apache Solr service (also sets DISABLE_EMBEDDED_JMC=true)
  • DISABLE_EMBEDDED_COOLWSD – set to true to disable the embedded Collabora Online service
  • COLLABORA_URL – URL of an external Collabora Online service (see External Collabora Online service section for details). If unset, the embedded Collabora service will start instead (also sets DISABLE_EMBEDDED_COOLWSD=true)

• Self-Signed SSL Certificates On first startup, the container generates self-signed certificates at:

  • .../conf/nginx/cert/eldoc.crt
  • .../conf/nginx/cert/eldoc.key

  To use your own certificates (for example, from a trusted CA), overwrite those files before starting the container, or replace them after the first launch.

Installing & Running

1. Pull the elDoc AIO Image

podman pull registry.eldoc.online/eldoc/eldoc-aio:latest

If authentication is required, execute the following commands instead (request USERNAME and PASSWORD from elDoc Support):

podman login registry.eldoc.online -u USERNAME
podman pull registry.eldoc.online/eldoc/eldoc-aio:latest
podman logout registry.eldoc.online

2. Start the Container

2.1. As a systemd Quadlet (auto-start on boot)

1. Create /etc/containers/systemd/eldoc.container service file with the following content (assuming mapping to /opt/eldoc/*):

[Unit]
Description=elDoc All-in-One (AIO) Container
#RequiresMountsFor=/opt/eldoc

[Container]
Image=registry.eldoc.online/eldoc/eldoc-aio:latest
ContainerName=eldoc
PublishPort=443:443
Environment=ELDOC_HOST=eldoc.domain.com
Volume=/opt/eldoc/data:/local/data:Z
Volume=/opt/eldoc/conf:/local/conf:Z
Volume=/opt/eldoc/logs:/local/logs:Z
StopTimeout=30

[Service]
Restart=always
RestartSec=5
TimeoutStartSec=180
TimeoutStopSec=35

[Install]
WantedBy=multi-user.target default.target

Notes:

1. Replace eldoc.domain.com with your actual domain name used for accessing the elDoc system.
2. When using some elDoc components deployed as external containers, it is recommended to add the following configuration parameters:

Network=eldoc-net
NetworkAlias=eldoc.domain.com

Create the respective network:

podman network create eldoc-net

1. Reload systemd and start:

systemctl daemon-reload && systemctl start eldoc

1. (Optional) For diagnostics, you can also start the container manually (assuming mapping to /opt/eldoc/*):

podman run --rm \
  --name eldoc \
  -p 443:443 \
  -v /opt/eldoc/data:/local/data:Z \
  -v /opt/eldoc/conf:/local/conf:Z \
  -v /opt/eldoc/logs:/local/logs:Z \
  -e ELDOC_HOST=eldoc.domain.com \
  registry.eldoc.online/eldoc/eldoc-aio:latest

2.2. Container Parameters

• --rm – automatically removes the container after it stops
• -d – runs the application in background mode
• -p 443:443 – maps port 443/TCP for accessing elDoc
• -v /opt/eldoc/data:/local/data – mounts /opt/eldoc/data for elDoc data
• -v /opt/eldoc/conf:/local/conf – mounts /opt/eldoc/conf for elDoc and dependency configuration files
• -v /opt/eldoc/logs:/local/logs – mounts /opt/eldoc/logs for logs (optional)
• -e ELDOC_HOST=eldoc.domain.com – configures elDoc to be accessed using eldoc.domain.com

IMPORTANT! While mounting /local/logs is optional, it is strongly recommended for troubleshooting.

IMPORTANT! During first start, the container enables Maintenance Mode for initial setup. Credentials for accessing elDoc in Maintenance Mode are printed to the container logs (console output and init.log file in the logs directory).

It is strongly recommended to disable Maintenance Mode after initial system configuration. For more details, please refer to elDoc documentation

3. Verifying Container Is Running

systemctl status eldoc

or:

podman ps

These commands should show:

• Active: active (running) when using systemctl
• Up X minutes in the STATUS column when using podman ps

4. Access Logs

To access general container logs:

journalctl -xeu eldoc

or

podman logs eldoc

Where eldoc is the container name specified during launch.

This provides generic startup logs similar to:

...
2025-03-27 09:29:22,877 INFO success: supervisord-watchdog entered RUNNING state
2025-03-27 09:29:23,884 INFO success: jmc entered RUNNING state
2025-03-27 09:29:23,884 INFO success: nginx entered RUNNING state
2025-03-27 09:29:27,141 INFO success: mongodb entered RUNNING state
2025-03-27 09:29:27,142 INFO success: solr entered RUNNING state
2025-03-27 09:29:27,142 INFO success: coolwsd entered RUNNING state
2025-03-27 09:29:52,639 INFO success: eldoc entered RUNNING state

For more detailed logs, navigate to the host folder mounted to /local/logs.

5. Start, Stop & Restart

systemctl start eldoc
systemctl stop eldoc
systemctl restart eldoc

6. Access elDoc Web UI

During initial container initialization, an elDoc Maintenance Admin user account is created. Its credentials are logged in console output and in the initialization log file init.log, located in the mounted logs directory.

The same credentials are also written into the eldoc.conf file located in the mounted conf directory.

The Maintenance Admin account is intended only for initial login and creation of users in the system, and has limited access.

Disable the Maintenance Admin account by commenting out the respective configuration in eldoc.conf.

Updating elDoc System

Please refer to:

• Update Guide
• Release Notes

to ensure a valid upgrade path in case of breaking changes.

1. Backup elDoc Data

To perform backup, stop the container:

podman stop eldoc

Then copy the mounted data and conf directories. It is also recommended to back up the logs directory.

2. Stop and Remove elDoc Container

systemctl stop eldoc

3. Pull New elDoc AIO Image

podman pull registry.eldoc.online/eldoc/eldoc-aio:latest

4. Migrations

Perform any additional upgrade or migration steps mentioned in the release notes or upgrade guide.

5. Start New elDoc AIO Container

systemctl start eldoc

6. elDoc Configuration Update

After starting a new version of the elDoc AIO container, a manual update of the main elDoc configuration file eldoc.conf may be required.

During startup, the elDoc AIO container checks the version of the existing eldoc.conf file. If it detects that the file is outdated, a new version of the configuration file is created next to the existing one as eldoc.conf.new.

In most cases, the new configuration file should remain backward compatible with the existing configuration. However, if startup fails or configuration-related errors appear in the logs, compare both files and manually transfer the relevant settings from the existing eldoc.conf into eldoc.conf.new.

After review, rename the files as follows:

• eldoc.conf → eldoc.conf.old
• eldoc.conf.new → eldoc.conf

System Account UIDs Used in the elDoc-AIO Container

Resource Management

To restrict container CPU or memory usage, adjust the [Container] section of /etc/containers/systemd/eldoc.container:

[Container]
...
PodmanArgs=--cpus=12 --memory=32g

This sets limits of 12 CPU cores and 32 GB RAM for the elDoc AIO container.

Please refer to System requirements.

By default, elDoc AIO dynamically manages internal service memory limits.

To set explicit limits:

• ELDOC_MEMORY_MAX – memory for elDoc (example: 4g)
• JMC_MEMORY_MAX – memory for JMC (example: 512m)
• SOLR_MEMORY_MAX – memory for Solr (example: 1g)

IMPORTANT: Provided memory limits are applied only if all values are set. If some are missing, automatic calculation is used instead.

Using External Services

1. External Collabora Online Service

To use an external Collabora Online service, provide:

COLLABORA_URL=http://coolwsd.domain.com:9980

or:

COLLABORA_URL=http://IP:9980

Use protocol http, because the eldoc-aio container acts as a reverse proxy: it terminates HTTPS from end-users and communicates with Collabora over plain HTTP.

When COLLABORA_URL is set, the embedded Collabora Online (CODE) service is disabled.

Connectivity requirements:

• The external Collabora service must be reachable from the server running eldoc-aio
• The eldoc-aio container must also be reachable from the external Collabora container via the elDoc URL

Apply the integration parameters described in the elDoc documentation.

2. External MongoDB Database

To use an external MongoDB server, provide proper connection parameters for elDoc and JMC components according to the guide in elDoc documentation.

Configuration files:

• elDoc: conf/elDoc/eldoc.conf
• JMC: conf/jmc/config-eldoc.json

IMPORTANT: After switching from internal to external MongoDB:

• remove conf/jmc/oplog.timestamp
• remove Solr core data files under data/solrData/data/prd1

This ensures JMC properly rebuilds the full-text index.

After this, JMC should perform an initial dump. Progress can be monitored in the mounted logs directory.

When using an external MongoDB server, it is highly recommended to disable embedded MongoDB:

DISABLE_EMBEDDED_MONGODB=true

Securing elDoc System

For security purposes, use valid signed SSL certificates.

To replace the initial self-signed certificates, replace:

• nginx/cert/eldoc.crt
• nginx/cert/eldoc.key

inside the mounted conf directory.

It is not recommended to expose MongoDB port 27017 unless strongly required. If exposed, secure it using firewall rules or other access controls.

Additionally, disable the Maintenance Admin account after initial configuration is completed and a regular administrator account/group has been created.

Troubleshooting elDoc System

IMPORTANT! For troubleshooting, it is strongly recommended to mount /local/logs to the host system.

Refer to the Container status check and elDoc logs sections to verify whether the container is running and whether any internal services are failing.

To investigate further, inspect logs in the mounted logs directory.

If the container was initially started without a mounted logs directory, stop it and restart it with logs mounted.

If you need access to previous logs without a mounted directory, refer to:

• Copying files from container
• Accessing running container

Using elDoc System

For documentation on using elDoc, please refer to the Official Documentation.