securing the OnlyOffice installation of our Non-Profit Organization

Issues during installation, usage and configuring
Post Reply
rlcberlin
Posts: 1
Joined: Tue Jun 23, 2020 4:17 pm

securing the OnlyOffice installation of our Non-Profit Organization

Post by rlcberlin » Wed Jun 24, 2020 10:51 am

Dear OnlyOffice community,

we would kindly ask for your help with configuring our OnlyOffice installation in a secure way.
We are a registered non-profit organization from Germany, called "Refugee Law Clinic Berlin e.V.". We would like to use OnlyOffice integrated in Nextcloud to process confidential data of our clients.
Therefore we booked a new Webhosting Package at our hoster "dogado".
It is a shared hosting package with 5GB RAM, 300 GB SSD, running on a Linux server. You can find more system info here: https://office.ihaverights-cloud.eu/phpinfo.php

Our webhoster kindly installed a new nextcloud instance on this system and he also installed the OnlyOffice Nextcloud plugin as well as the OnlyOffice Service. Unfortunately we don't know which edition (community server / document server / etc.?) and which installation variant (DEB, RPM, DOCKER, SNAP, ...) our hoster used. Most likely he got the install files from here: https://www.onlyoffice.com/de/download.aspx
Unfortunately our hoster refuses to help us further and he won't provide any information on how to configure the OnlyOffice Service in a secure way.

What we saw is that in the ONLYOFFICE Nextcloud settings, the Field for "Secret key" has been left empty (see attached Screenshot).

So our questions are:
1. Is the current installation already securely configured?
2. Should we add a secret key and if yes, how do we create and assign one?
3. Are there any other steps should be take to make the installation as secure as possible?
The address of the Nextcloud installation is:
https://office.ihaverights-cloud.eu/

The Document Editing Service address is:
https://office.ihaverights-cloud.eu/ind ... community/
We possess the following access types:
- Admin access to Nextcloud Webinterface
- FTP access
- MySQL (PHPmyAdmin) access
- SSH access (but we do not have admin rights / sudo privileges)


Thank you very much for your assistance.

Kind regards,
Greta
Attachments
delnhpfeeompmbog.png
delnhpfeeompmbog.png (141.48 KiB) Viewed 242 times

Carl
Posts: 424
Joined: Thu Apr 12, 2018 10:00 am

Re: securing the OnlyOffice installation of our Non-Profit Organization

Post by Carl » Thu Jun 25, 2020 3:40 pm

Hello Greta,

The address indicated in the ONLYOFFICE connector in your Nextcloud means you are using the Community Document Server app developed by Nextcloud. Unfortunately, we cannot assist with any of its features as it was developed without our participation.

Once you install a dedicated Document Server following our guides, we will be able to assist you further:
https://helpcenter.onlyoffice.com/server/document.aspx

Post Reply