Multitenant server

Configuring the multitenant server

  1. Install Developer Edition server

    A valid multi-tenancy license is required to enable multi-tenancy mode.

    Please contact your sales assistant to request this license.

    Please register the product following the provided instructions.

  2. Open the local.json config file and set the baseDir field to the path of the folder that contains the tenant settings. We recommend using the /var/www/onlyoffice/Data/tenants value.
  3. In local.json, set the baseDomain field to the second-level domain that will serve as the base domain for all your tenants.
  4. Statistics on the main license are collected in a default tenant.
    • The name of the default tenant is specified in the defaultTenant field within defaultTenant.

      You cannot create another tenant with this name.

    • Requests to the baseDomain that do not specify a tenant are automatically routed to the default tenant.
    • The default tenant does not require extra configuration. However, requests to this tenant are signed using a secret defined in the local.json file.
    • View the statistics on the info page of the default tenant.

Adding a new tenant

  1. To add a new tenant:
    • Create a new folder within the baseDir directory on the server.
    • The tenant’s name will be formed using the folder name and the baseDomain (e.g., if the folder is named tenant1 and the baseDomain is example.com, the tenant name becomes tenant1.example.com).

      Ensure that this folder is created under the file system where default.json resides.

    Inside each tenant folder, include the following two mandatory files:

    default.json:

    "tenants": {
                    "baseDir": "/var/www/onlyoffice/Data/tenants",
                    "baseDomain": "mydomain.example",
                    "filenameConfig": "config.json",
                    "filenameSecret": "secret.key",
                    "filenameLicense": "license.lic",
                    "defaultTenant": "localhost",
                    "cache": {
                            "stdTTL": 300,
                            "checkperiod": 60,
                            "useClones": false
                }

    Implement a secret.key file for each tenant to ensure isolation and security. If absent, the main tenant’s secret will be used. If a JWT secret is specified, the one in config.json takes precedence.

    file system:

    root@3694c287928a:/var/www/onlyoffice/Data/tenants# 1s -a
                . .. tenant1 tenant2
                root@3694c287928a:/var/www/onlyoffice/Data/tenants#
  2. root@3694c287928a:~# 1s /var/www/onlyoffice/Data/tenants/tenant1
                config.json license.lic
                root@3694c287928a:~#
    • license.lic – mandatory file with tenant's license
    • config.json – is a mandatory configuration file that overrides the main server config

    It is obligatory to fill in the jwt secret.

  3. The license.lic file overrides specific fields of the main license for the tenant. Its rules are:
    • Signature: License signature is not required.
    • Field Inheritance: You may include some or all fields from the main license. Fields not specified will default to the values in the main license and will be validated accordingly.
    • Limit Adjustments: You cannot increase values compared to the main license, but you can decrease them. Applicable fields include: connections, connections_view, users_count, users_expire, users_view_count, end_date, timelimited, advanced_api, branding, customization.

      Example: You might remove branding and customization or set a trial mode.

      Increasing values is ineffective because the main license is re-checked each time.

    • Caching: Once read, the license values are cached for 5 minutes.

    For example, license.lic may have the following content:

    {"branding":false,"connections":100,"users_count":0}
  4. The config.json file allows you to override certain server settings. The rules are:
    • Non-overridable Settings: Settings used during server startup (such as addresses of external services, log paths, licenses, and file cache) cannot be overridden.
    • Overridable Settings: You can override settings that affect runtime operations, including WOPI configuration, IP filtering, JWT secret, anonymous access disablement, and file size limits.
    • Caching: Once read, the configuration values are cached for 5 minutes.

    For example, the config.json file may have the following contents:

    {
 "wopi": {
  "enable": true
 },
 "services": {
  "CoAuthoring": {
   "secret": {
    "inbox": {"string": "secret", "file": ""},
    "outbox": {"string": "secret", "file": ""},
    "session": {"string": "secret", "file": ""}
   },
   "token": {
    "enable": {
     "browser": true,
     "request": {
      "inbox": true,
      "outbox": true
     }
    }
   }
  }
 }
}

Host ONLYOFFICE Docs on your own server or use it in the cloud

Get it nowUse in the cloud
Article with the tag:
Browse all tags