From cac79dea01b64793909ed505d28c9cc5667aac9b Mon Sep 17 00:00:00 2001 From: Danil Titarenko <77471369+danilapog@users.noreply.github.com> Date: Thu, 2 Feb 2023 18:41:49 +0300 Subject: [PATCH 1/4] Install rabbitmq-server from default ubuntu repo, fixed bug closes #575 (#578) --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index a0e2156..8bba423 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,8 +17,6 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \ locale-gen en_US.UTF-8 && \ echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \ - wget -O - https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.deb.sh | bash && \ - if [ $(lsb_release -cs) = focal ]; then RABBITMQ_VERSION=3.8.11-1; else RABBITMQ_VERSION=3.9 ; fi && \ apt-get -yq install \ adduser \ apt-utils \ @@ -47,7 +45,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ postgresql \ postgresql-client \ pwgen \ - rabbitmq-server=${RABBITMQ_VERSION}* \ + rabbitmq-server \ redis-server \ software-properties-common \ sudo \ From 83825d26e903a940aa8c0fc36aaa2da666fe8135 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 7 Feb 2023 07:02:40 +0100 Subject: [PATCH 2/4] Generated JWT secret is too small for HMAC SHA256 (#582) The key that is automatically generated weaken the security strength. As noted in RFC7518 section 3.2 [0]: ``` A key of the same size as the hash output (for instance, 256 bits for "HS256") or larger MUST be used with this algorithm. (This requirement is based on Section 5.3.4 (Security Effect of the HMAC Key) of NIST SP 800-117 [NIST.800-107], which states that the effective security strength is the minimum of the security strength of the key and two times the size of the internal hash value.) ``` Some JWT libraries are rejecting by default keys that are too small in a attempt to prevent misusages so generating a key that does not respect the minimal length can be problematic for OO integrations. [0] https://www.rfc-editor.org/rfc/rfc7518.html#section-3.2 --- run-document-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-document-server.sh b/run-document-server.sh index 91a96b5..0472299 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -87,7 +87,7 @@ fi [ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.' -JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)} +JWT_SECRET=${JWT_SECRET:-$(pwgen -s 32)} JWT_HEADER=${JWT_HEADER:-Authorization} JWT_IN_BODY=${JWT_IN_BODY:-false} From 985bc4020aa7644e64c2076dd3768beb4a763634 Mon Sep 17 00:00:00 2001 From: evgeniy-antonyuk Date: Tue, 7 Feb 2023 16:08:40 +0300 Subject: [PATCH 3/4] Fix database creation without onlyoffice owner --- Dockerfile | 3 +-- run-document-server.sh | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8bba423..24cb240 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,9 +60,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types && \ pg_conftool $PG_VERSION main set listen_addresses 'localhost' && \ service postgresql restart && \ - sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \ sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \ - sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ + sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE OWNER $ONLYOFFICE_VALUE;" && \ service postgresql stop && \ service redis-server stop && \ service rabbitmq-server stop && \ diff --git a/run-document-server.sh b/run-document-server.sh index 91a96b5..1eb86e0 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -358,9 +358,8 @@ create_postgresql_cluster(){ } create_postgresql_db(){ - sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';" - sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;" + sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;" } create_db_tbl() { From 6f716134dd6a2c6e0de44e0c830d7cc4d0f73354 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 22 Feb 2023 17:41:59 +0500 Subject: [PATCH 4/4] Fix misprint Instead https://github.com/ONLYOFFICE/Docker-DocumentServer/pull/579 --- run-document-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-document-server.sh b/run-document-server.sh index ebe554f..964e850 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -497,7 +497,7 @@ update_supervisor_settings(){ # Copy modified supervisor config cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf - cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf etc/supervisor/conf.d/ + cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf /etc/supervisor/conf.d/ } update_log_settings(){