Self-Hosting ONLYOFFICE Document Server with Docker

Why Self-Host a Document Editor?

Google Docs works until your company policy says “no third-party data processors.” ONLYOFFICE Document Server gives you a full office suite — documents, spreadsheets, presentations — running entirely on your hardware. It integrates with Nextcloud, Seafile, and other file platforms via WOPI or the ONLYOFFICE connector, so your users get real-time collaborative editing without sending a single byte to Google.

ONLYOFFICE is open-source (AGPL-3.0), has strong Microsoft Office format compatibility (.docx, .xlsx, .pptx), and supports co-editing with tracked changes and comments.

Prerequisites

• A Linux server (Ubuntu 22.04+ recommended)
• Docker and Docker Compose installed (guide)
• 4 GB RAM minimum (8 GB recommended)
• 10 GB free disk space
• A domain name for reverse proxy access

Resource Requirements

Resource	Minimum	Recommended
RAM	4 GB	8 GB
CPU	2 cores	4 cores
Disk (app)	2 GB	10 GB
Disk (cache)	5 GB	20 GB

ONLYOFFICE is heavier than most self-hosted apps. Document conversions (PDF export, format changes) are the main resource consumer. Plan for 4 GB as a hard floor — under that, conversions will fail or timeout.

Docker Compose Configuration

ONLYOFFICE needs PostgreSQL for metadata and RabbitMQ for async document conversion jobs. The compose file below includes both.

Create a docker-compose.yml:

services:
  onlyoffice:
    image: onlyoffice/documentserver:9.2.1.1
    container_name: onlyoffice
    depends_on:
      onlyoffice-db:
        condition: service_healthy
      onlyoffice-rabbitmq:
        condition: service_healthy
    environment:
      - DB_TYPE=postgres
      - DB_HOST=onlyoffice-db
      - DB_PORT=5432
      - DB_NAME=onlyoffice
      - DB_USER=onlyoffice
      - DB_PWD=${DB_PASSWORD}
      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq:5672
      - JWT_ENABLED=true
      - JWT_SECRET=${JWT_SECRET}    # MUST match your integration app's config
    ports:
      - "8080:80"
    volumes:
      - onlyoffice_data:/var/www/onlyoffice/Data
      - onlyoffice_logs:/var/log/onlyoffice
      - onlyoffice_cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
    restart: unless-stopped
    stop_grace_period: 60s
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 120s

  onlyoffice-db:
    image: postgres:15
    container_name: onlyoffice-db
    environment:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
      - POSTGRES_PASSWORD=${DB_PASSWORD}
    volumes:
      - onlyoffice_db:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U onlyoffice"]
      interval: 10s
      timeout: 5s
      retries: 5

  onlyoffice-rabbitmq:
    image: rabbitmq:3.13
    container_name: onlyoffice-rabbitmq
    volumes:
      - onlyoffice_rabbitmq:/var/lib/rabbitmq
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "rabbitmq-diagnostics", "status"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s

volumes:
  onlyoffice_data:
  onlyoffice_logs:
  onlyoffice_cache:
  onlyoffice_db:
  onlyoffice_rabbitmq:

Create a .env file alongside it:

# Database password — change this
DB_PASSWORD=change_me_to_a_strong_password

# JWT secret — MUST match the secret in your Nextcloud/Seafile ONLYOFFICE connector config
# Generate with: openssl rand -base64 32
JWT_SECRET=change_me_to_a_random_string

Start the stack:

docker compose up -d

First startup takes 60–120 seconds while ONLYOFFICE initializes the database schema and generates the font cache.

Verifying the Installation

Once the health check passes, open http://your-server:8080 in a browser. You should see the ONLYOFFICE welcome page confirming the Document Server is running.

Test the API endpoint:

curl http://localhost:8080/info/info.json

You should get a JSON response with version information and "status": "ok".

Connecting to Nextcloud

The most common integration is Nextcloud + ONLYOFFICE. In Nextcloud:

1. Install the ONLYOFFICE app from the Nextcloud App Store
2. Go to Settings → ONLYOFFICE
3. Set Document Editing Service address to http://onlyoffice:80 (if on the same Docker network) or your public ONLYOFFICE URL
4. Enter the same JWT Secret you set in your .env file
5. Click Save

Now opening any .docx, .xlsx, or .pptx file in Nextcloud launches the ONLYOFFICE editor inline.

Integration Platform	Connector	Notes
Nextcloud	Built-in ONLYOFFICE app	Most popular combo
Seafile	Built-in ONLYOFFICE integration	Pro and CE editions
ownCloud	ONLYOFFICE connector app	Similar to Nextcloud setup
Moodle	ONLYOFFICE plugin	For LMS document editing
WordPress	ONLYOFFICE plugin	Embed editors in posts

Configuration

JWT Authentication

JWT is enabled by default since v7.2. Every integration app must send a valid JWT token signed with your JWT_SECRET. If tokens don’t match, editing requests are rejected with a 403.

If you’re running ONLYOFFICE on a private network with no external access, you can disable JWT:

- JWT_ENABLED=false

Don’t do this on a public-facing server.

Allowing Private Network Access

By default, ONLYOFFICE blocks requests from private IP ranges. If your Nextcloud and ONLYOFFICE are on the same LAN:

- ALLOW_PRIVATE_IP_ADDRESS=true

Custom Fonts

Mount a fonts directory to add corporate or custom fonts:

volumes:
  - ./custom-fonts:/usr/share/fonts/custom:ro
environment:
  - GENERATE_FONTS=true    # Regenerates font index on startup

Reverse Proxy

ONLYOFFICE works behind any reverse proxy. Key requirement: WebSocket support for real-time co-editing.

Nginx Proxy Manager: Set your proxy host to forward to port 8080 with WebSocket support enabled.

Caddy snippet:

docs.example.com {
    reverse_proxy onlyoffice:80
}

For more reverse proxy options, see Reverse Proxy Setup.

Backup

Back up three things:

1. PostgreSQL database — contains document metadata and conversion history
2. Data volume (onlyoffice_data) — SSL certs, custom config
3. Cache volume (onlyoffice_cache) — not critical but avoids reconversion

# Database backup
docker exec onlyoffice-db pg_dump -U onlyoffice onlyoffice > onlyoffice-backup.sql

# Volume backup
docker run --rm -v onlyoffice_data:/data -v $(pwd):/backup alpine \
  tar czf /backup/onlyoffice-data.tar.gz /data

For a complete backup strategy, see Backup Strategy.

Troubleshooting

Document editing shows “Download failed”

Symptom: Opening a document from Nextcloud shows “Download failed” or a blank editor.

Fix: The Document Server can’t reach your Nextcloud instance. If both are on Docker, ensure they share a network. If using hostnames, verify DNS resolution from inside the ONLYOFFICE container:

docker exec onlyoffice curl -I http://nextcloud

JWT token validation failed

Symptom: 403 errors when trying to edit documents.

Fix: The JWT_SECRET in ONLYOFFICE must exactly match the secret in your Nextcloud ONLYOFFICE settings. Check both. Restart ONLYOFFICE after any secret change.

Container takes forever to start

Symptom: Health checks fail for 2+ minutes after startup.

Fix: Normal on first boot — ONLYOFFICE generates a font cache and initializes the database. Subsequent starts are faster (30–60s). If it exceeds 5 minutes, check logs:

docker logs onlyoffice

PostgreSQL permission denied on startup

Symptom: ERROR: permission denied to create extension "uuid-ossp"

Fix: ONLYOFFICE needs superuser-level permissions on first run to create PostgreSQL extensions. Ensure your DB_USER has SUPERUSER privileges, or pre-create the extensions:

CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE EXTENSION IF NOT EXISTS "unaccent";

Cache disk fills up

Symptom: Document conversions fail with “No space left on device.”

Fix: The conversion cache grows unbounded. Set up a cron job to clean old cache files:

find /var/lib/onlyoffice/documentserver/App_Data/cache/files -mtime +7 -delete

Verdict

ONLYOFFICE is the best self-hosted option if you need Microsoft Office format compatibility. The .docx/.xlsx/.pptx rendering is noticeably better than CryptPad or Collabora. The trade-off is resource usage — 4 GB RAM minimum is steep compared to lighter alternatives.

Use ONLYOFFICE if: You integrate with Nextcloud or Seafile, your team works heavily with Office formats, or you need real-time co-editing with tracked changes.

Look elsewhere if: You want end-to-end encryption (CryptPad is better), you’re on a low-RAM server (under 4 GB), or you don’t need Office format compatibility.

Related

• How to Self-Host CryptPad
• How to Self-Host Nextcloud
• Best Self-Hosted Office Suites
• Self-Hosted Alternatives to Google Docs
• Docker Compose Basics
• Reverse Proxy Setup
• Backup Strategy