Spendlik/Claude_Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dd269b3659
Claude_Homelab/12_euro_office_deployment.md

7.0 KiB
Raw Blame History

12 — Euro-Office Deployment (CT 114)

Status: Planned Last updated: 2026-06-12

Overview

Euro-Office is an open-source, self-hosted online office suite (compatible with .docx, .xlsx, .pptx). Docker image: ghcr.io/euro-office/documentserver:latest Released: June 9, 2026.

Deployed in CT 114 as a privileged Docker LXC, following the standard homelab pattern. Exposed via nginx (CT 101) at office.spendlik.sk, protected by Authelia (CT 102).

Container Spec

Property Value
CT ID 114
Hostname euro-office
IP 192.168.1.114
Gateway 192.168.1.1
CPU 2 cores
RAM 2 GB
Disk 20 GB
OS Template debian-13-standard_13.1-2_amd64.tar.zst
Privileged Yes (Docker requirement)
Domain office.spendlik.sk

Phase 1 — Create the LXC Container

In Proxmox web UI or via pct on the Proxmox host:

pct create 114 local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst \
  --hostname euro-office \
  --cores 2 \
  --memory 2048 \
  --swap 512 \
  --net0 name=eth0,bridge=vmbr0,ip=192.168.1.114/24,gw=192.168.1.1 \
  --rootfs local-lvm:20 \
  --unprivileged 0 \
  --features nesting=1 \
  --start 1 \
  --onboot 1

nesting=1 is required for Docker inside LXC. unprivileged 0 = privileged container.

Phase 2 — Base System Setup

Enter the container:

pct enter 114

Update and install essentials:

apt update && apt upgrade -y
apt install -y curl nano ca-certificates gnupg lsb-release

Phase 3 — Install Docker

install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
  https://download.docker.com/linux/debian \
  $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null

apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

Verify:

docker run hello-world

Phase 4 — Deploy Euro-Office

Create the service directory:

mkdir -p /opt/euro-office
cd /opt/euro-office

Create docker-compose.yml:

services:
  euro-office:
    image: ghcr.io/euro-office/documentserver:latest
    container_name: euro-office
    restart: unless-stopped
    ports:
      - "80:80"
    environment:
      - JWT_ENABLED=true
      - JWT_SECRET=CHANGE_ME_STRONG_SECRET
    volumes:
      - ./data:/var/lib/euro-office
      - ./logs:/var/log/euro-office

⚠️ Replace CHANGE_ME_STRONG_SECRET with a strong random secret before starting. Generate one with: openssl rand -hex 32

Start the service:

docker compose up -d
docker compose logs -f

Verify it responds locally:

curl -s http://localhost/healthcheck

Expected: HTTP 200 or a JSON health response (check Euro-Office docs for exact endpoint).

Phase 5 — nginx Reverse Proxy (CT 101)

On CT 101 (192.168.1.10), create /etc/nginx/sites-available/office.spendlik.sk:

server {
    listen 80;
    server_name office.spendlik.sk;

    location / {
        proxy_pass http://192.168.1.114:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Euro-Office requires WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Large file uploads (documents)
        client_max_body_size 100m;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
    }
}

Enable and reload:

ln -s /etc/nginx/sites-available/office.spendlik.sk /etc/nginx/sites-enabled/
nginx -t && nginx -s reload

Test HTTP before adding SSL:

curl -I http://office.spendlik.sk  # from mobile data only (hairpin NAT limitation)

Phase 6 — SSL Certificate (CT 101)

certbot --nginx -d office.spendlik.sk

⚠️ Always manually inspect the config after certbot runs:

nano /etc/nginx/sites-available/office.spendlik.sk

Check for:

  • Duplicate server_name directives
  • Missing closing braces
  • Correct proxy_pass still pointing to 192.168.1.114:80
  • WebSocket headers (Upgrade, Connection) preserved in both HTTP and HTTPS blocks

Reload after any manual fix:

nginx -t && nginx -s reload

Phase 7 — Authelia Protection (CT 102)

Add office.spendlik.sk to Authelia's access control rules in CT 102.

In /etc/authelia/configuration.yml on CT 102, add under access_control.rules:

- domain: office.spendlik.sk
  policy: two_factor

Restart Authelia:

systemctl restart authelia

Add the Authelia middleware to the nginx vhost in CT 101. Refer to the existing pattern used for automation.spendlik.sk (CT 100) or email.spendlik.sk (CT 104) as the template.

Phase 8 — DNS Record (WebSupport)

Add an A record for office.spendlik.sk pointing to the public IP (178.41.205.8) via the WebSupport DNS panel.

⚠️ WebSupport has two separate DNS management pages — update both to avoid a repeat of the previous outage.

Service ID for API operations: 15056760

Post-Deployment Checklist

  • Container starts on boot (onboot=1 confirmed in Proxmox)
  • Docker service starts on container boot (restart: unless-stopped)
  • office.spendlik.sk loads over HTTPS from mobile data
  • Authelia 2FA prompt appears before reaching the office suite
  • Document open/edit/save works end-to-end
  • JWT secret changed from placeholder value
  • nginx config inspected post-certbot (no duplicates, no missing braces)
  • homelab-overview.md updated with CT 114 entry
  • 00_index.md updated — CT 114 row and next available ID bumped

Troubleshooting

Symptom Likely Cause Fix
WebSocket errors / real-time editing broken Missing Upgrade/Connection headers in nginx Re-add WebSocket proxy headers, reload nginx
502 Bad Gateway Euro-Office container not responding docker compose logs in CT 114; check if container is up
Large file upload fails client_max_body_size too small Increase to 200m or higher in nginx vhost
Slow document loading Insufficient RAM Increase CT 114 RAM allocation in Proxmox
certbot breaks config Known issue on this setup Manually restore WebSocket headers and proxy_pass after cert issuance

Notes

  • Euro-Office is a relatively new project (released June 2026) — check the GitHub repo for breaking changes before upgrading the Docker image.
  • The JWT secret must match if you integrate Euro-Office with other tools (e.g., Nextcloud or a future document portal). Keep the secret backed up.
  • Docker image tag: always pull latest for now; consider pinning to a specific version tag once the project stabilises.