Docker-DocumentServer/run-document-server.sh

340 lines
11 KiB
Bash
Raw Permalink Normal View History

2015-04-17 15:25:41 +00:00
#!/bin/bash
APP_DIR="/var/www/onlyoffice/documentserver"
2015-04-17 15:25:41 +00:00
DATA_DIR="/var/www/onlyoffice/Data"
2017-11-10 15:10:52 +03:00
LOG_DIR="/var/log/onlyoffice"
DS_LOG_DIR="${LOG_DIR}/documentserver"
LIB_DIR="/var/lib/onlyoffice"
CONF_DIR="/etc/onlyoffice/documentserver"
2015-04-17 15:25:41 +00:00
ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
ONLYOFFICE_DATA_CONTAINER_PORT=80
2015-04-17 15:25:41 +00:00
SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
2015-04-17 15:25:41 +00:00
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
2017-05-12 16:51:22 +03:00
ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
2015-04-17 15:25:41 +00:00
SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
2017-01-24 19:34:20 +03:00
NGINX_CONFD_PATH="/etc/nginx/conf.d";
2017-11-29 12:52:57 +03:00
NGINX_ONLYOFFICE_CONF="${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf"
NGINX_ONLYOFFICE_PATH="${CONF_DIR}/nginx"
2017-11-29 14:37:21 +03:00
NGINX_ONLYOFFICE_EXAMPLE_PATH="${CONF_DIR}-example/nginx"
NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/onlyoffice-documentserver-example.conf"
2017-11-29 12:52:57 +03:00
NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
2017-09-01 16:59:34 +03:00
JWT_ENABLED=${JWT_ENABLED:-false}
JWT_SECRET=${JWT_SECRET:-secret}
JWT_HEADER=${JWT_HEADER:-Authorization}
ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/default.json
ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
2017-09-06 17:21:52 +03:00
ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/default.json
JSON="json -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
JSON_LOG="json -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
2017-09-06 17:21:52 +03:00
JSON_EXAMPLE="json -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
LOCAL_SERVICES=()
2017-12-12 17:02:14 +03:00
PG_VERSION=9.5
2017-04-24 20:02:01 +03:00
PG_NAME=main
PGDATA=/var/lib/postgresql/${PG_VERSION}/${PG_NAME}
PG_NEW_CLUSTER=false
read_setting(){
2016-08-25 19:52:14 +03:00
POSTGRESQL_SERVER_HOST=${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}
POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}
POSTGRESQL_SERVER_DB_NAME=${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}
POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}
2016-12-09 15:50:07 +03:00
RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
parse_rabbitmq_url
REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-$(${JSON} services.CoAuthoring.redis.port)}
DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} levels.nodeJS)}
}
2016-12-09 15:50:07 +03:00
parse_rabbitmq_url(){
local amqp=${RABBITMQ_SERVER_URL}
# extract the protocol
local proto="$(echo $amqp | grep :// | sed -e's,^\(.*://\).*,\1,g')"
# remove the protocol
local url="$(echo ${amqp/$proto/})"
# extract the user and password (if any)
local userpass="`echo $url | grep @ | cut -d@ -f1`"
local pass=`echo $userpass | grep : | cut -d: -f2`
local user
if [ -n "$pass" ]; then
user=`echo $userpass | grep : | cut -d: -f1`
else
user=$userpass
fi
# extract the host
local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
# by request - try to extract the port
local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
local host
if [ -n "$port" ]; then
host=`echo $hostport | grep : | cut -d: -f1`
else
host=$hostport
port="5672"
fi
# extract the path (if any)
local path="$(echo $url | grep / | cut -d/ -f2-)"
RABBITMQ_SERVER_HOST=$host
RABBITMQ_SERVER_USER=$user
RABBITMQ_SERVER_PASS=$pass
RABBITMQ_SERVER_PORT=$port
}
waiting_for_connection(){
until nc -z -w 3 "$1" "$2"; do
>&2 echo "Waiting for connection to the $1 host on port $2"
sleep 1
done
}
2016-08-25 19:52:14 +03:00
waiting_for_postgresql(){
waiting_for_connection ${POSTGRESQL_SERVER_HOST} ${POSTGRESQL_SERVER_PORT}
}
waiting_for_rabbitmq(){
waiting_for_connection ${RABBITMQ_SERVER_HOST} ${RABBITMQ_SERVER_PORT}
}
waiting_for_redis(){
waiting_for_connection ${REDIS_SERVER_HOST} ${REDIS_SERVER_PORT}
}
waiting_for_datacontainer(){
waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT}
}
2016-08-25 19:52:14 +03:00
update_postgresql_settings(){
${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${POSTGRESQL_SERVER_HOST}'"
${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${POSTGRESQL_SERVER_PORT}'"
${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${POSTGRESQL_SERVER_DB_NAME}'"
${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${POSTGRESQL_SERVER_USER}'"
${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${POSTGRESQL_SERVER_PASS}'"
}
update_rabbitmq_setting(){
2016-12-09 15:50:07 +03:00
${JSON} -I -e "this.rabbitmq.url = '${RABBITMQ_SERVER_URL}'"
}
update_redis_settings(){
${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
}
2017-09-01 16:59:34 +03:00
update_jwt_settings(){
if [ "${JWT_ENABLED}" == "true" ]; then
${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = '${JWT_ENABLED}'"
${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = '${JWT_ENABLED}'"
${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = '${JWT_ENABLED}'"
${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
2017-09-06 17:21:52 +03:00
if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
${JSON_EXAMPLE} -I -e "this.server.token.enable = '${JWT_ENABLED}'"
${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
fi
2017-09-01 16:59:34 +03:00
fi
}
2017-04-24 20:02:01 +03:00
create_postgresql_cluster(){
local pg_conf_dir=/etc/postgresql/${PG_VERSION}/${PG_NAME}
local postgresql_conf=$pg_conf_dir/postgresql.conf
local hba_conf=$pg_conf_dir/pg_hba.conf
mv $postgresql_conf $postgresql_conf.backup
mv $hba_conf $hba_conf.backup
2017-05-17 16:35:54 +03:00
2017-04-24 20:02:01 +03:00
pg_createcluster ${PG_VERSION} ${PG_NAME}
}
2016-08-25 19:52:14 +03:00
create_postgresql_db(){
2017-04-24 20:02:01 +03:00
sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
}
create_postgresql_tbl(){
2016-08-25 19:52:14 +03:00
CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -U${POSTGRESQL_SERVER_USER} -w"
if [ -n "${POSTGRESQL_SERVER_PASS}" ]; then
export PGPASSWORD=${POSTGRESQL_SERVER_PASS}
fi
2016-08-25 19:52:14 +03:00
PSQL="psql -q $CONNECTION_PARAMS"
CREATEDB="createdb $CONNECTION_PARAMS"
# Create db on remote server
if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then
$CREATEDB $DB_NAME
fi
$PSQL -d "${POSTGRESQL_SERVER_DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql"
}
update_nginx_settings(){
# Set up nginx
sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH}
sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_CONFIG_PATH}
sed 's/access_log.*/'"access_log off;"'/' -i ${NGINX_CONFIG_PATH}
# setup HTTPS
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
2017-11-29 12:52:57 +03:00
ln -sf ${NGINX_ONLYOFFICE_PATH}/onlyoffice-documentserver-ssl.conf.template ${NGINX_ONLYOFFICE_CONF}
# configure nginx
2017-11-29 12:52:57 +03:00
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
2017-12-12 17:02:14 +03:00
# turn on http2
sed 's,\(443 ssl\),\1 http2,' -i ${NGINX_ONLYOFFICE_CONF}
# if dhparam path is valid, add to the config, otherwise remove the option
if [ -r "${SSL_DHPARAM_PATH}" ]; then
2017-11-29 12:52:57 +03:00
sed 's,\(\#* *\)\?\(ssl_dhparam \).*\(;\)$,'"\2${SSL_DHPARAM_PATH}\3"',' -i ${NGINX_ONLYOFFICE_CONF}
else
2017-11-29 12:52:57 +03:00
sed '/ssl_dhparam/d' -i ${NGINX_ONLYOFFICE_CONF}
fi
2017-11-29 12:52:57 +03:00
sed 's,\(ssl_verify_client \).*\(;\)$,'"\1${SSL_VERIFY_CLIENT}\2"',' -i ${NGINX_ONLYOFFICE_CONF}
if [ -f "${CA_CERTIFICATES_PATH}" ]; then
2017-11-29 12:52:57 +03:00
sed '/ssl_verify_client/a '"ssl_client_certificate ${CA_CERTIFICATES_PATH}"';' -i ${NGINX_ONLYOFFICE_CONF}
fi
if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
2017-11-29 12:52:57 +03:00
sed 's,\(max-age=\).*\(;\)$,'"\1${ONLYOFFICE_HTTPS_HSTS_MAXAGE}\2"',' -i ${NGINX_ONLYOFFICE_CONF}
else
2017-11-29 12:52:57 +03:00
sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF}
fi
else
2017-11-29 12:52:57 +03:00
ln -sf ${NGINX_ONLYOFFICE_PATH}/onlyoffice-documentserver.conf.template ${NGINX_ONLYOFFICE_CONF}
fi
2017-05-12 16:51:22 +03:00
2017-11-29 14:37:21 +03:00
if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
2017-01-17 16:15:54 +03:00
fi
}
update_supervisor_settings(){
# Copy modified supervisor start script
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
# Copy modified supervisor config
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
}
2015-04-17 15:25:41 +00:00
update_log_settings(){
${JSON_LOG} -I -e "this.levels.nodeJS = '${DS_LOG_LEVEL}'"
}
2015-05-25 06:47:54 -04:00
# create base folders
for i in converter docservice spellchecker metrics gc; do
2017-11-10 15:10:52 +03:00
mkdir -p "${DS_LOG_DIR}/$i"
done
2017-11-10 15:10:52 +03:00
mkdir -p ${DS_LOG_DIR}-example
# change folder rights
for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
chown -R onlyoffice:onlyoffice "$i"
chmod -R 755 "$i"
done
if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
read_setting
update_log_settings
2017-09-01 16:59:34 +03:00
update_jwt_settings
# update settings by env variables
2016-08-25 19:52:14 +03:00
if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then
update_postgresql_settings
waiting_for_postgresql
2017-04-24 20:02:01 +03:00
create_postgresql_tbl
else
2017-04-24 20:02:01 +03:00
if [ ! -d ${PGDATA} ]; then
create_postgresql_cluster
PG_NEW_CLUSTER=true
fi
2016-08-25 19:52:14 +03:00
LOCAL_SERVICES+=("postgresql")
fi
if [ ${RABBITMQ_SERVER_HOST} != "localhost" ]; then
update_rabbitmq_setting
else
2017-04-12 14:46:06 +03:00
LOCAL_SERVICES+=("rabbitmq-server")
fi
if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
update_redis_settings
else
2017-04-12 14:46:06 +03:00
LOCAL_SERVICES+=("redis-server")
fi
else
# no need to update settings just wait for remote data
waiting_for_datacontainer
# read settings after the data container in ready state
# to prevent get unconfigureted data
read_setting
fi
#start needed local services
for i in ${LOCAL_SERVICES[@]}; do
service $i start
done
2017-04-24 20:02:01 +03:00
if [ ${PG_NEW_CLUSTER} = "true" ]; then
2017-04-25 14:29:24 +03:00
create_postgresql_db
2017-04-24 20:02:01 +03:00
create_postgresql_tbl
fi
if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
2016-08-25 19:52:14 +03:00
waiting_for_postgresql
waiting_for_rabbitmq
waiting_for_redis
update_nginx_settings
update_supervisor_settings
service supervisor start
fi
# nginx used as a proxy, and as data container status service.
# it run in all cases.
service nginx start
# Regenerate the fonts list and the fonts thumbnails
2016-07-12 17:27:04 +03:00
documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
2018-01-29 11:56:51 +03:00
documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}