Self-Hosting ONLYOFFICE Document Server with Docker

Why Self-Host a Document Editor?

Google Docs works until your company policy says “no third-party data processors.” ONLYOFFICE Document Server gives you a full office suite — documents, spreadsheets, presentations — running entirely on your hardware. It integrates with Nextcloud, Seafile, and other file platforms via WOPI or the ONLYOFFICE connector, so your users get real-time collaborative editing without sending a single byte to Google.

ONLYOFFICE is open-source (AGPL-3.0), has strong Microsoft Office format compatibility (.docx, .xlsx, .pptx), and supports co-editing with tracked changes and comments.

Prerequisites

A Linux server (Ubuntu 22.04+ recommended)
Docker and Docker Compose installed (guide)
4 GB RAM minimum (8 GB recommended)
10 GB free disk space
A domain name for reverse proxy access

Resource Requirements

Resource	Minimum	Recommended
RAM	4 GB	8 GB
CPU	2 cores	4 cores
Disk (app)	2 GB	10 GB
Disk (cache)	5 GB	20 GB

ONLYOFFICE is heavier than most self-hosted apps. Document conversions (PDF export, format changes) are the main resource consumer. Plan for 4 GB as a hard floor — under that, conversions will fail or timeout.

Docker Compose Configuration

ONLYOFFICE needs PostgreSQL for metadata and RabbitMQ for async document conversion jobs. The compose file below includes both.

Create a docker-compose.yml:

services:
  onlyoffice:
    image: onlyoffice/documentserver:9.3.1
    container_name: onlyoffice
    depends_on:
      onlyoffice-db:
        condition: service_healthy
      onlyoffice-rabbitmq:
        condition: service_healthy
    environment:
      - DB_TYPE=postgres
      - DB_HOST=onlyoffice-db
      - DB_PORT=5432
      - DB_NAME=onlyoffice
      - DB_USER=onlyoffice
      - DB_PWD=${DB_PASSWORD}
      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq:5672
      - JWT_ENABLED=true
      - JWT_SECRET=${JWT_SECRET}    # MUST match your integration app's config
    ports:
      - "8080:80"
    volumes:
      - onlyoffice_data:/var/www/onlyoffice/Data
      - onlyoffice_logs:/var/log/onlyoffice
      - onlyoffice_cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
    restart: unless-stopped
    stop_grace_period: 60s
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"]
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 120s

  onlyoffice-db:
    image: postgres:15
    container_name: onlyoffice-db
    environment:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
      - POSTGRES_PASSWORD=${DB_PASSWORD}
    volumes:
      - onlyoffice_db:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U onlyoffice"]
      interval: 10s
      timeout: 5s
      retries: 5

  onlyoffice-rabbitmq:
    image: rabbitmq:3.13
    container_name: onlyoffice-rabbitmq
    volumes:
      - onlyoffice_rabbitmq:/var/lib/rabbitmq
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "rabbitmq-diagnostics", "status"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s

volumes:
  onlyoffice_data:
  onlyoffice_logs:
  onlyoffice_cache:
  onlyoffice_db:
  onlyoffice_rabbitmq:

Create a .env file alongside it:

# Database password — change this
DB_PASSWORD=change_me_to_a_strong_password

# JWT secret — MUST match the secret in your Nextcloud/Seafile ONLYOFFICE connector config
# Generate with: openssl rand -base64 32
JWT_SECRET=change_me_to_a_random_string

Start the stack:

docker compose up -d

First startup takes 60–120 seconds while ONLYOFFICE initializes the database schema and generates the font cache.

Verifying the Installation

Once the health check passes, open http://your-server:8080 in a browser. You should see the ONLYOFFICE welcome page confirming the Document Server is running.

Test the API endpoint:

curl http://localhost:8080/info/info.json

You should get a JSON response with version information and "status": "ok".

Connecting to Nextcloud

The most common integration is Nextcloud + ONLYOFFICE. In Nextcloud:

Install the ONLYOFFICE app from the Nextcloud App Store
Go to Settings → ONLYOFFICE
Set Document Editing Service address to http://onlyoffice:80 (if on the same Docker network) or your public ONLYOFFICE URL
Enter the same JWT Secret you set in your .env file
Click Save

Now opening any .docx, .xlsx, or .pptx file in Nextcloud launches the ONLYOFFICE editor inline.

Integration Platform	Connector	Notes
Nextcloud	Built-in ONLYOFFICE app	Most popular combo
Seafile	Built-in ONLYOFFICE integration	Pro and CE editions
ownCloud	ONLYOFFICE connector app	Similar to Nextcloud setup
Moodle	ONLYOFFICE plugin	For LMS document editing
WordPress	ONLYOFFICE plugin	Embed editors in posts

Configuration

JWT Authentication

JWT is enabled by default since v7.2. Every integration app must send a valid JWT token signed with your JWT_SECRET. If tokens don’t match, editing requests are rejected with a 403.

If you’re running ONLYOFFICE on a private network with no external access, you can disable JWT:

- JWT_ENABLED=false

Don’t do this on a public-facing server.

Allowing Private Network Access

By default, ONLYOFFICE blocks requests from private IP ranges. If your Nextcloud and ONLYOFFICE are on the same LAN:

- ALLOW_PRIVATE_IP_ADDRESS=true

Custom Fonts

Mount a fonts directory to add corporate or custom fonts:

volumes:
  - ./custom-fonts:/usr/share/fonts/custom:ro
environment:
  - GENERATE_FONTS=true    # Regenerates font index on startup

Reverse Proxy

ONLYOFFICE works behind any reverse proxy. Key requirement: WebSocket support for real-time co-editing.

Nginx Proxy Manager: Set your proxy host to forward to port 8080 with WebSocket support enabled.

Caddy snippet:

docs.example.com {
    reverse_proxy onlyoffice:80
}

For more reverse proxy options, see Reverse Proxy Setup.

Backup

Back up three things:

PostgreSQL database — contains document metadata and conversion history
Data volume (onlyoffice_data) — SSL certs, custom config
Cache volume (onlyoffice_cache) — not critical but avoids reconversion

# Database backup
docker exec onlyoffice-db pg_dump -U onlyoffice onlyoffice > onlyoffice-backup.sql

# Volume backup
docker run --rm -v onlyoffice_data:/data -v $(pwd):/backup alpine \
  tar czf /backup/onlyoffice-data.tar.gz /data

For a complete backup strategy, see Backup Strategy.

Troubleshooting

Document editing shows “Download failed”

Symptom: Opening a document from Nextcloud shows “Download failed” or a blank editor.

Fix: The Document Server can’t reach your Nextcloud instance. If both are on Docker, ensure they share a network. If using hostnames, verify DNS resolution from inside the ONLYOFFICE container:

docker exec onlyoffice curl -I http://nextcloud

JWT token validation failed

Symptom: 403 errors when trying to edit documents.

Fix: The JWT_SECRET in ONLYOFFICE must exactly match the secret in your Nextcloud ONLYOFFICE settings. Check both. Restart ONLYOFFICE after any secret change.

Container takes forever to start

Symptom: Health checks fail for 2+ minutes after startup.

Fix: Normal on first boot — ONLYOFFICE generates a font cache and initializes the database. Subsequent starts are faster (30–60s). If it exceeds 5 minutes, check logs:

docker logs onlyoffice

PostgreSQL permission denied on startup

Symptom: ERROR: permission denied to create extension "uuid-ossp"

Fix: ONLYOFFICE needs superuser-level permissions on first run to create PostgreSQL extensions. Ensure your DB_USER has SUPERUSER privileges, or pre-create the extensions:

CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE EXTENSION IF NOT EXISTS "unaccent";

Cache disk fills up

Symptom: Document conversions fail with “No space left on device.”

Fix: The conversion cache grows unbounded. Set up a cron job to clean old cache files:

find /var/lib/onlyoffice/documentserver/App_Data/cache/files -mtime +7 -delete

Verdict

ONLYOFFICE is the best self-hosted option if you need Microsoft Office format compatibility. The .docx/.xlsx/.pptx rendering is noticeably better than CryptPad or Collabora. The trade-off is resource usage — 4 GB RAM minimum is steep compared to lighter alternatives.

Use ONLYOFFICE if: You integrate with Nextcloud or Seafile, your team works heavily with Office formats, or you need real-time co-editing with tracked changes.

Look elsewhere if: You want end-to-end encryption (CryptPad is better), you’re on a low-RAM server (under 4 GB), or you don’t need Office format compatibility.

Frequently Asked Questions

How does ONLYOFFICE compare to Collabora Online?

ONLYOFFICE has better Microsoft Office format compatibility (.docx, .xlsx, .pptx rendering is more accurate). Collabora Online is based on LibreOffice and handles ODF formats better. ONLYOFFICE uses more RAM (4 GB minimum vs ~1-2 GB for Collabora). For teams working primarily with Office formats, ONLYOFFICE is the better choice. For mixed format environments or lower-resource servers, Collabora is more practical.

Can I use ONLYOFFICE without Nextcloud?

Yes. ONLYOFFICE Document Server is a standalone editing engine that integrates with many platforms — Nextcloud, Seafile, ownCloud, Moodle, WordPress, and custom applications via its JavaScript API. It also has a standalone document manager (ONLYOFFICE Workspace) that includes file storage, email, CRM, and project management. The Document Server alone provides the editing engine; you need a file storage platform to manage documents.

Why does ONLYOFFICE require 4 GB of RAM?

Document conversions (PDF export, format changes) are the main resource consumer. ONLYOFFICE uses LibreOffice-based converters internally, and each concurrent conversion spawns a process that can use 500 MB-1 GB. With less than 4 GB, conversions timeout or fail. Idle RAM usage is lower (~1-2 GB), but the 4 GB floor ensures conversions work reliably.

How many concurrent editors can ONLYOFFICE handle?

The free Community Edition supports up to 20 simultaneous connections (editors + viewers). Each open document counts as one connection per user. For more concurrent users, you need the Enterprise or Developer Edition (paid license). The 20-connection limit is the most common reason teams outgrow the free version.

Does ONLYOFFICE support real-time collaboration?

Yes. Multiple users can edit the same document simultaneously with real-time cursor tracking, tracked changes, and comments. ONLYOFFICE uses a “fast” co-editing mode where changes appear instantly, and a “strict” mode where users lock paragraphs they’re editing. WebSocket support in your reverse proxy is required for real-time features to work.

How do I update ONLYOFFICE in Docker?

Pull the new image and recreate the container: docker compose pull onlyoffice && docker compose up -d. The database schema is migrated automatically on startup. Always back up the PostgreSQL database before upgrading major versions. The JWT_SECRET must remain the same — changing it breaks all existing integrations.