Requirements Docker: Debian Stretch/Buster
Recommended System Requirements for OnlyOffice DocumentServer
RAM: 4 GB or more
CPU: dual-core 2 GHz or higher
Swap: at least 2 GB
HDD: at least 2 GB of free space
Distribution: 64-bit Red Hat, CentOS or other compatible distributive with kernel version 3.8 or later, 64-bit Debian, Ubuntu or other compatible distributive with kernel version 3.8 or later
Docker: version 1.9.0 or later

Install docker source: https://docs.docker.com/install/linux/docker-ce/debian/#install-using-the-repository
sudo apt-get update

sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg2 \
software-properties-common

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add –

sudo add-apt-repository \
“deb [arch=amd64] https://download.docker.com/linux/debian \
$(lsb_release -cs) \
stable”

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io

Install OODocumentServer source: https://github.com/ONLYOFFICE/Docker-DocumentServer#installation-of-the-ssl-certificates

Running ONLYOFFICE Document Server on Different Port
To change the port, use the -p command. E.g.: to make your portal accessible via port 8080 execute the following command:
sudo docker run -i -t -d -p 8080:80 onlyoffice/documentserver

Running ONLYOFFICE Document Server using HTTPS
sudo docker run -i -t -d -p 443:443 \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver

Access to the onlyoffice application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. Below the instructions on achieving this are provided.
To secure the application via SSL basically two things are needed:
Private key (.key)
SSL certificate (.crt)
So you need to create and install the following files:
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
/app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt

When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are have CA certified SSL certificates.

Generation of Self Signed Certificates
Generation of self-signed SSL certificates involves a simple 3 step procedure.
STEP 1: Create the server private key
openssl genrsa -out onlyoffice.key 2048
STEP 2: Create the certificate signing request (CSR)
openssl req -new -key onlyoffice.key -out onlyoffice.csr
STEP 3: Sign the certificate using the private key and CSR
openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
You have now generated an SSL certificate that’s valid for 365 days.

To have Nextcloud ignore the selfsigned certificate add following to /var/www/nextcloud/config/config.php just before the last );

‘onlyoffice’ =>
array (
‘verify_peer_off’ =>TRUE,
),

You can now enable and configure the ONLYOFFICE app in Nextcloud and set it to the local server IP using https

Instead you can also run certbot to obtain a letsencrypt certificate, and copy/rename the obtained:

/etc/letsencrypt/archive/oo.domain.tld/cert_key.pem to /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key

and the:

/etc/letsencrypt/archive/oo.domain.tld/cert.pem to /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt

Note: If the PATH /app/onlyoffice/DocumentServer/data/certs/ doesn’t exist, use mkdir -p to create it.