diff --git a/12_euro_office_deployment.md b/12_euro_office_deployment.md index 9624e54..ad913c0 100644 --- a/12_euro_office_deployment.md +++ b/12_euro_office_deployment.md @@ -1,279 +1,4 @@ -# 12 — Euro-Office Deployment (CT 114) +# 12 — Euro-Office Deployment -> Status: **Planned** -> Last updated: 2026-06-12 - ---- - -## Overview - -Euro-Office is an open-source, self-hosted online office suite (compatible with .docx, .xlsx, .pptx). -Docker image: `ghcr.io/euro-office/documentserver:latest` -Released: June 9, 2026. - -Deployed in CT 114 as a privileged Docker LXC, following the standard homelab pattern. -Exposed via nginx (CT 101) at `office.spendlik.sk`, protected by Authelia (CT 102). - ---- - -## Container Spec - -| Property | Value | -|---|---| -| **CT ID** | 114 | -| **Hostname** | euro-office | -| **IP** | 192.168.1.114 | -| **Gateway** | 192.168.1.1 | -| **CPU** | 2 cores | -| **RAM** | 2 GB | -| **Disk** | 20 GB | -| **OS Template** | `debian-13-standard_13.1-2_amd64.tar.zst` | -| **Privileged** | Yes (Docker requirement) | -| **Domain** | office.spendlik.sk | - ---- - -## Phase 1 — Create the LXC Container - -In Proxmox web UI or via `pct` on the Proxmox host: - -```bash -pct create 114 local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst \ - --hostname euro-office \ - --cores 2 \ - --memory 2048 \ - --swap 512 \ - --net0 name=eth0,bridge=vmbr0,ip=192.168.1.114/24,gw=192.168.1.1 \ - --rootfs local-lvm:20 \ - --unprivileged 0 \ - --features nesting=1 \ - --start 1 \ - --onboot 1 -``` - -> `nesting=1` is required for Docker inside LXC. -> `unprivileged 0` = privileged container. - ---- - -## Phase 2 — Base System Setup - -Enter the container: - -```bash -pct enter 114 -``` - -Update and install essentials: - -```bash -apt update && apt upgrade -y -apt install -y curl nano ca-certificates gnupg lsb-release -``` - ---- - -## Phase 3 — Install Docker - -```bash -install -m 0755 -d /etc/apt/keyrings -curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg -chmod a+r /etc/apt/keyrings/docker.gpg - -echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \ - https://download.docker.com/linux/debian \ - $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - -apt update -apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin -``` - -Verify: - -```bash -docker run hello-world -``` - ---- - -## Phase 4 — Deploy Euro-Office - -Create the service directory: - -```bash -mkdir -p /opt/euro-office -cd /opt/euro-office -``` - -Create `docker-compose.yml`: - -```yaml -services: - euro-office: - image: ghcr.io/euro-office/documentserver:latest - container_name: euro-office - restart: unless-stopped - ports: - - "80:80" - environment: - - JWT_ENABLED=true - - JWT_SECRET=CHANGE_ME_STRONG_SECRET - volumes: - - ./data:/var/lib/euro-office - - ./logs:/var/log/euro-office -``` - -> ⚠️ Replace `CHANGE_ME_STRONG_SECRET` with a strong random secret before starting. -> Generate one with: `openssl rand -hex 32` - -Start the service: - -```bash -docker compose up -d -docker compose logs -f -``` - -Verify it responds locally: - -```bash -curl -s http://localhost/healthcheck -``` - -Expected: HTTP 200 or a JSON health response (check Euro-Office docs for exact endpoint). - ---- - -## Phase 5 — nginx Reverse Proxy (CT 101) - -On CT 101 (`192.168.1.10`), create `/etc/nginx/sites-available/office.spendlik.sk`: - -```nginx -server { - listen 80; - server_name office.spendlik.sk; - - location / { - proxy_pass http://192.168.1.114:80; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Euro-Office requires WebSocket support - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Large file uploads (documents) - client_max_body_size 100m; - proxy_read_timeout 300s; - proxy_send_timeout 300s; - } -} -``` - -Enable and reload: - -```bash -ln -s /etc/nginx/sites-available/office.spendlik.sk /etc/nginx/sites-enabled/ -nginx -t && nginx -s reload -``` - -Test HTTP before adding SSL: - -```bash -curl -I http://office.spendlik.sk # from mobile data only (hairpin NAT limitation) -``` - ---- - -## Phase 6 — SSL Certificate (CT 101) - -```bash -certbot --nginx -d office.spendlik.sk -``` - -⚠️ **Always manually inspect the config after certbot runs:** - -```bash -nano /etc/nginx/sites-available/office.spendlik.sk -``` - -Check for: -- Duplicate `server_name` directives -- Missing closing braces -- Correct `proxy_pass` still pointing to `192.168.1.114:80` -- WebSocket headers (`Upgrade`, `Connection`) preserved in both HTTP and HTTPS blocks - -Reload after any manual fix: - -```bash -nginx -t && nginx -s reload -``` - ---- - -## Phase 7 — Authelia Protection (CT 102) - -Add `office.spendlik.sk` to Authelia's access control rules in CT 102. - -In `/etc/authelia/configuration.yml` on CT 102, add under `access_control.rules`: - -```yaml -- domain: office.spendlik.sk - policy: two_factor -``` - -Restart Authelia: - -```bash -systemctl restart authelia -``` - -Add the Authelia middleware to the nginx vhost in CT 101. -Refer to the existing pattern used for `automation.spendlik.sk` (CT 100) or `email.spendlik.sk` (CT 104) as the template. - ---- - -## Phase 8 — DNS Record (WebSupport) - -Add an A record for `office.spendlik.sk` pointing to the public IP (`178.41.205.8`) via the WebSupport DNS panel. - -⚠️ WebSupport has **two separate DNS management pages** — update both to avoid a repeat of the previous outage. - -Service ID for API operations: `15056760` - ---- - -## Post-Deployment Checklist - -- [ ] Container starts on boot (`onboot=1` confirmed in Proxmox) -- [ ] Docker service starts on container boot (`restart: unless-stopped`) -- [ ] `office.spendlik.sk` loads over HTTPS from mobile data -- [ ] Authelia 2FA prompt appears before reaching the office suite -- [ ] Document open/edit/save works end-to-end -- [ ] JWT secret changed from placeholder value -- [ ] nginx config inspected post-certbot (no duplicates, no missing braces) -- [ ] `homelab-overview.md` updated with CT 114 entry -- [ ] `00_index.md` updated — CT 114 row and next available ID bumped - ---- - -## Troubleshooting - -| Symptom | Likely Cause | Fix | -|---|---|---| -| WebSocket errors / real-time editing broken | Missing `Upgrade`/`Connection` headers in nginx | Re-add WebSocket proxy headers, reload nginx | -| 502 Bad Gateway | Euro-Office container not responding | `docker compose logs` in CT 114; check if container is up | -| Large file upload fails | `client_max_body_size` too small | Increase to `200m` or higher in nginx vhost | -| Slow document loading | Insufficient RAM | Increase CT 114 RAM allocation in Proxmox | -| certbot breaks config | Known issue on this setup | Manually restore WebSocket headers and proxy_pass after cert issuance | - ---- - -## Notes - -- Euro-Office is a relatively new project (released June 2026) — check the [GitHub repo](https://github.com/euro-office/documentserver) for breaking changes before upgrading the Docker image. -- The JWT secret must match if you integrate Euro-Office with other tools (e.g., Nextcloud or a future document portal). Keep the secret backed up. -- Docker image tag: always pull `latest` for now; consider pinning to a specific version tag once the project stabilises. +> Status: **Abandoned** — 2026-06-18 +> Euro-Office Docs is a document editing backend/API, not a standalone office suite. It requires integration with a frontend app (Nextcloud, Seafile, etc.) to be usable. Deleted CT 114 after evaluation. CryptPad identified as the better alternative for a self-contained online office suite.