diff --git a/.env b/.env
new file mode 100644
index 0000000000000000000000000000000000000000..98825d172dc690041583b78d491bb13d11abe252
--- /dev/null
+++ b/.env
@@ -0,0 +1,72 @@
+# docker compose
+COMPOSE_BAKE=true
+COMPOSE_FILE=docker-compose.yml:docker-compose.local.yml
+
+# Server
+DOMAIN=localhost
+SHARED_STORAGE_PATH=/mnt/shared_storage/nextcloud
+
+# mail
+SMTP_SECURE=tls
+SMTP_PORT=587
+SMTP_NAME=username
+SMTP_PASSWORD=123456
+SMTP_HOST=smtp.domain.com
+MAIL_FROM_ADDRESS=no-reply
+MAIL_DOMAIN=domain.com
+
+# database
+DB_HOST=db
+DB_USER=nextcloud
+DB_PASSWORD=123456
+DB_NAME=nextcloud
+
+# New: OnlyOffice
+# ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
+# ONLYOFFICE_JWT_SECRET=your_jwt_secret_here  # Generate: openssl rand -hex 32
+# ONLYOFFICE_JWT_HEADER=AuthorizationJwt
+# ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
+# ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
+# ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+
+ONLYOFFICE_WOPI_URL=http://onlyoffice-document-server/
+ONLYOFFICE_JWT_ENABLED=false
+ONLYOFFICE_JWT_SECRET=your_jwt_secret_here
+
+
+# redis
+REDIS_HOST=redis
+REDIS_HOST_PASSWORD=12456
+
+# nextcloud
+NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
+NEXTCLOUD_ADMIN_USER=admin
+NEXTCLOUD_ADMIN_PASSWORD=@dm1n
+NEXTCLOUD_TRUSTED_DOMAINS=nginx
+TRUSTED_PROXIES=
+OVERWRITEPROTOCOL=
+SENTRY_DSN=
+SENTRY_PUBLIC_DSN=
+
+# nginx
+NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
+
+# syslog
+SYSLOG_HOST=syslog
+
+# S3 Bucket Configuration
+OBJECTSTORE_S3_BUCKET=
+OBJECTSTORE_S3_REGION=main
+OBJECTSTORE_S3_HOST=fsn1.your-objectstorage.com
+OBJECTSTORE_S3_PORT=443
+
+# S3 Credentials (sensitive - keep secure)
+OBJECTSTORE_S3_KEY=your_access_key_here
+OBJECTSTORE_S3_SECRET=your_secret_key_here
+
+# S3 Connection Settings
+OBJECTSTORE_S3_SSL=true
+OBJECTSTORE_S3_USEPATH_STYLE=true
+
+OBJECTSTORE_S3_AUTOCREATE=
+OBJECTSTORE_S3_OBJECT_PREFIX=
diff --git a/.env.example b/.env.example
index a57ec8013081be68cd38174734c6ac576a6f4082..bc26481c6a679c4e73825f9008c0a7d8c5859b8f 100644
--- a/.env.example
+++ b/.env.example
@@ -20,7 +20,13 @@ DB_HOST=db
 DB_USER=nextcloud
 DB_PASSWORD=123456
 DB_NAME=nextcloud
-
+# New: OnlyOffice
+ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
+ONLYOFFICE_JWT_SECRET=your_jwt_secret_here  # Generate: openssl rand -hex 32
+ONLYOFFICE_JWT_HEADER=AuthorizationJwt
+ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
+ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
+ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
 # redis
 REDIS_HOST=redis
 REDIS_HOST_PASSWORD=12456
diff --git a/config/nextcloud/onlyoffice_env_config.php b/config/nextcloud/onlyoffice_env_config.php
new file mode 100644
index 0000000000000000000000000000000000000000..f274a705e163cbb1338722187b76c25852b9e77e
--- /dev/null
+++ b/config/nextcloud/onlyoffice_env_config.php
@@ -0,0 +1,24 @@
+<?php
+if (!isset($CONFIG)) $CONFIG = [];
+
+$map = [
+    'ONLYOFFICE_WOPI_URL' => 'DocumentServerUrl',
+    'ONLYOFFICE_JWT_ENABLED' => 'jwt_enabled',
+    'ONLYOFFICE_JWT_SECRET' => 'jwt_secret',
+];
+
+foreach ($map as $env => $key) {
+    $val = getenv($env);
+    if ($val !== false && $val !== '') {
+        if ($key === 'jwt_enabled') {
+            $CONFIG['onlyoffice'][$key] = filter_var($val, FILTER_VALIDATE_BOOLEAN);
+        } else {
+            $CONFIG['onlyoffice'][$key] = $val;
+        }
+    }
+}
+
+# Default for local runs
+if (empty($CONFIG['onlyoffice']['DocumentServerUrl'])) {
+    $CONFIG['onlyoffice']['DocumentServerUrl'] = 'http://onlyoffice-document-server/';
+}
diff --git a/custom_entrypoint.sh b/custom_entrypoint.sh
index 76a1b266ac1174200a83e5a307129152dc2c5bd7..ac2feef624b8ba5a6dcbc26439838848d1887f29 100755
--- a/custom_entrypoint.sh
+++ b/custom_entrypoint.sh
@@ -44,4 +44,33 @@ else
     sh -c "php $DST_DIR/occ config:system:set profile.enabled --value=false --type=boolean"
 fi
 
+
+# --- AUTO INSTALL & ENABLE ONLYOFFICE APP ---
+DST_DIR="/var/www/html"
+OCC="php $DST_DIR/occ"
+
+echo "Checking OnlyOffice app installation..."
+if [ "$(id -u)" = 0 ]; then
+    su -p www-data -s /bin/sh -c "$OCC app:install onlyoffice || true"
+    su -p www-data -s /bin/sh -c "$OCC app:enable onlyoffice || true"
+else
+    $OCC app:install onlyoffice || true
+    $OCC app:enable onlyoffice || true
+fi
+
+echo "OnlyOffice app installed and enabled."
+# --- ADD SAMPLE FILES TO ADMIN ACCOUNT ---
+ADMIN_USER="${NEXTCLOUD_ADMIN_USER:-admin}"
+ADMIN_PASS="${NEXTCLOUD_ADMIN_PASSWORD:-admin}"
+SAMPLES_DIR="/config/onlyoffice/samples"
+
+if [ -d "$SAMPLES_DIR" ]; then
+    echo "Importing OnlyOffice sample files..."
+    for f in "$SAMPLES_DIR"/*; do
+        fname=$(basename "$f")
+        curl -u "${ADMIN_USER}:${ADMIN_PASS}" -T "$f" \
+          "http://localhost:8080/remote.php/webdav/Samples/${fname}" || true
+    done
+fi
+
 /entrypoint.sh "$@"
diff --git a/db/init/01-create-onlyoffice.sql b/db/init/01-create-onlyoffice.sql
new file mode 100644
index 0000000000000000000000000000000000000000..5b8919fca5b23713cf93a3aaf4d0cc6cb4f9408b
--- /dev/null
+++ b/db/init/01-create-onlyoffice.sql
@@ -0,0 +1,3 @@
+CREATE USER onlyoffice WITH PASSWORD 'onlyoffice_password';
+CREATE DATABASE onlyoffice OWNER onlyoffice;
+GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;
\ No newline at end of file
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index cc75125451f951dca1eee394a93b7a18bbb08687..b55cce3d567fbef711c43d8e91170444c540aa84 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -8,6 +8,7 @@ services:
       - POSTGRES_PASSWORD=${DB_PASSWORD}
     volumes:
       - db:/var/lib/postgresql/data
+      - ./db/init:/docker-entrypoint-initdb.d:ro
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
       interval: 10s
@@ -54,15 +55,40 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nginx
+    environment:
+      NEXTCLOUD_ADDR: nextcloud:9000
+      DOMAIN: ${DOMAIN}
     ports:
       - "8000:80"
     depends_on:
       - nextcloud
 
+  onlyoffice-document-server:
+    image: onlyoffice/documentserver:7.4.1
+    restart: unless-stopped
+    environment:
+      - JWT_ENABLED=${ONLYOFFICE_JWT_ENABLED:-false}
+      - JWT_SECRET=${ONLYOFFICE_JWT_SECRET:-change-me}
+    ports:
+      - "8082:80"
+    networks:
+      - proxy-network
+      - worker-network
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/healthcheck"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    volumes:
+      - onlyoffice-data:/var/www/onlyoffice/Data
+      - onlyoffice-logs:/var/log/onlyoffice
+
 volumes: !override
   db:
   nextcloud-config:
   nextcloud-data:
+  onlyoffice-data:
+  onlyoffice-logs:
 
 networks:
   proxy-network:
diff --git a/docker/entrypoint/enable-onlyoffice.sh b/docker/entrypoint/enable-onlyoffice.sh
new file mode 100644
index 0000000000000000000000000000000000000000..05a9b2f9b5b0b47186c527725ea2e3264bceedbf
--- /dev/null
+++ b/docker/entrypoint/enable-onlyoffice.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -e
+
+NEXTCLOUD_DIR="/var/www/html"
+OCC="${NEXTCLOUD_DIR}/occ"
+APPS_DIR="${NEXTCLOUD_DIR}/apps"
+
+# wait for DB to be ready — basic check (you may already have a wait logic)
+# we assume DB env vars used by Nextcloud are set
+until php -r "try { new PDO('pgsql:host=${DB_HOST};dbname=${DB_NAME}', '${DB_USER}', '${DB_PASSWORD}'); echo 'ok'; } catch (Exception \$e) { exit(1);}"; do
+  echo "Waiting for postgres..."
+  sleep 2
+done
+
+# install onlyoffice app if not present
+if [ ! -d "${APPS_DIR}/onlyoffice" ]; then
+  echo "Installing onlyoffice app..."
+  sudo -u www-data php ${OCC} app:install onlyoffice || true
+fi
+
+# enable onlyoffice app
+sudo -u www-data php ${OCC} app:enable onlyoffice || true
+
+# If ONLYOFFICE_* env vars provided, inject them into config.php by creating a small PHP file in config/autoconfig.php
+# We'll call a small script that writes config/onlyoffice.php or modifies config.php
+php /usr/local/bin/nextcloud-onlyoffice-config.php || true
+
+# Delay return to allow main entrypoint to continue
+sleep 2
\ No newline at end of file
diff --git a/slim.Dockerfile b/slim.Dockerfile
index db04d1f6bd45f2e8931b32aa536430ebe1a52920..341aa12640d0bf89e9ff108ff1552058f9261789 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -51,6 +51,10 @@ RUN curl -sL ${THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes
 RUN curl -sL ${SNAPPY_THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes/Murena/
 
 COPY config/nextcloud/ /usr/src/nextcloud/config/
+# Copy OnlyOffice auto-config scripts
+COPY config/nextcloud/onlyoffice_env_config.php /usr/src/nextcloud/config/
+COPY docker/entrypoint/enable-onlyoffice.sh /usr/local/bin/enable-onlyoffice.sh
+RUN chmod +x /usr/local/bin/enable-onlyoffice.sh
 
 # Apply patches
 COPY patches/ ${TMP_PATCH_DIR}/
@@ -63,6 +67,8 @@ RUN rsync -rLDog --chown www-data:www-data --delete --exclude-from=/upgrade.excl
 
 COPY config/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 
+# Run enable-onlyoffice.sh during startup
+RUN echo "/usr/local/bin/enable-onlyoffice.sh || true" >> /start.sh
 ENTRYPOINT ["/custom_entrypoint-slim.sh"]
 CMD ["php-fpm"]