From 1125fc0900488e9e8f5d208fd489e3e6d672b91d Mon Sep 17 00:00:00 2001
From: "Alexey.Golubev" <alexey.golubev@onlyoffice.com>
Date: Thu, 30 Jun 2016 12:41:52 +0300
Subject: [PATCH] updated for onlyoffice-documentserver v4.0

---
 Dockerfile                                    |  36 ++--
 .../nginx/onlyoffice-documentserver-ssl.conf  |  71 +++++++
 config/nginx/onlyoffice-documentserver.conf   |   8 +
 config/nginx/onlyoffice-ssl                   | 114 ------------
 config/supervisor/supervisor                  | 176 ++++++++++++++++++
 config/supervisor/supervisord.conf            |  27 +++
 run-document-server.sh                        | 155 ++++++++++-----
 7 files changed, 412 insertions(+), 175 deletions(-)
 create mode 100644 config/nginx/onlyoffice-documentserver-ssl.conf
 create mode 100644 config/nginx/onlyoffice-documentserver.conf
 delete mode 100644 config/nginx/onlyoffice-ssl
 create mode 100644 config/supervisor/supervisor
 create mode 100644 config/supervisor/supervisord.conf

diff --git a/Dockerfile b/Dockerfile
index 667b3d8..d23b6e6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,36 +1,42 @@
 FROM ubuntu:14.04
 MAINTAINER Ascensio System SIA <support@onlyoffice.com>
 
-ENV LANG en_US.UTF-8  
-ENV LANGUAGE en_US:en  
-ENV LC_ALL en_US.UTF-8 
-
-RUN apt-get update && apt-get -y -q install libreoffice 
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
 
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
-    echo "deb http://static.teamlab.com.s3.amazonaws.com/repo/debian/ squeeze main" >>  /etc/apt/sources.list && \
+    apt-get -y update && \
+    apt-get --force-yes -yq install apt-transport-https && \
     apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D9D0BF019CC8AC0D && \
-    echo "deb http://download.mono-project.com/repo/debian wheezy/snapshots/3.12.0  main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1655A0AB68576280 && \
     echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" >> /etc/apt/sources.list && \
-    DEBIAN_FRONTEND=noninteractive  && \
+    echo "deb https://deb.nodesource.com/node_4.x trusty main" | tee /etc/apt/sources.list.d/nodesource.list && \
     locale-gen en_US.UTF-8 && \
     apt-get -y update && \
     echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
     apt-get install --force-yes -yq software-properties-common && \
     add-apt-repository ppa:ubuntu-toolchain-r/test && \
     apt-get -y update && \
-    apt-get --force-yes -yq install gcc-4.9 onlyoffice-documentserver nano htop && \
+    apt-get --force-yes -yq install software-properties-common adduser mysql-server redis-server rabbitmq-server nginx-extras nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g supervisor fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libgtkglext1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2 bomstrip libnspr4 libnss3 libnss3-nssdb nano htop && \
+    service mysql stop && \
+    service redis-server stop && \
+    service rabbitmq-server stop && \
+    service supervisor stop && \
+    service nginx stop && \
     rm -rf /var/lib/apt/lists/*
 
 ADD config /app/onlyoffice/setup/config/
 ADD run-document-server.sh /app/onlyoffice/run-document-server.sh
-RUN chmod 755 /app/onlyoffice/*.sh
 
-VOLUME ["/var/log/onlyoffice"]
-VOLUME ["/var/www/onlyoffice/Data"]
+EXPOSE 80 443
 
-EXPOSE 80
-EXPOSE 443
+RUN echo "deb http://static.teamlab.com/repo/debian/ squeeze main" | tee /etc/apt/sources.list.d/onlyoffice.list && \
+    apt-get -y update && \
+    service mysql start && \
+    apt-get --force-yes -yq install onlyoffice-documentserver && \
+    service mysql stop && \
+    chmod 755 /app/onlyoffice/*.sh && \
+    rm -rf /var/lib/apt/lists/*
+
+VOLUME /etc/onlyoffice /var/log/onlyoffice /var/lib/onlyoffice /var/www/onlyoffice/Data
 
 CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'
diff --git a/config/nginx/onlyoffice-documentserver-ssl.conf b/config/nginx/onlyoffice-documentserver-ssl.conf
new file mode 100644
index 0000000..78b6753
--- /dev/null
+++ b/config/nginx/onlyoffice-documentserver-ssl.conf
@@ -0,0 +1,71 @@
+include /etc/nginx/includes/onlyoffice-http.conf;
+
+## Normal HTTP host
+server {
+  listen 0.0.0.0:80;
+  listen [::]:80 default_server;
+  server_name _;
+  server_tokens off;
+
+  ## Redirects all traffic to the HTTPS host
+  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
+  rewrite ^ https://$host$request_uri? permanent;
+}
+
+#HTTP host for internal services
+server {
+  listen 127.0.0.1:80;
+  listen [::1]:80;
+  server_name localhost;
+  server_tokens off;
+  
+  include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
+  include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
+}
+
+## HTTPS host
+server {
+  listen 0.0.0.0:443 ssl spdy;
+  listen [::]:443 ssl spdy default_server;
+  server_tokens off;
+  root /usr/share/nginx/html;
+
+  ## Strong SSL Security
+  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+  ssl on;
+  ssl_certificate {{SSL_CERTIFICATE_PATH}};
+  ssl_certificate_key {{SSL_KEY_PATH}};
+  ssl_verify_client {{SSL_VERIFY_CLIENT}};
+  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
+
+  ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+
+  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+  ssl_session_cache  builtin:1000  shared:SSL:10m;
+
+  ssl_prefer_server_ciphers   on;
+
+  add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
+  # add_header X-Frame-Options SAMEORIGIN;
+  add_header X-Content-Type-Options nosniff;
+
+  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
+  ## Replace with your ssl_trusted_certificate. For more info see:
+  ## - https://medium.com/devops-programming/4445f4862461
+  ## - https://www.ruby-forum.com/topic/4419319
+  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+  # ssl_stapling on;
+  # ssl_stapling_verify on;
+  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
+  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
+  # resolver_timeout 10s;
+
+  ## [Optional] Generate a stronger DHE parameter:
+  ##   cd /etc/ssl/certs
+  ##   sudo openssl dhparam -out dhparam.pem 4096
+  ##
+  ssl_dhparam {{SSL_DHPARAM_PATH}};
+
+  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
+
+}
diff --git a/config/nginx/onlyoffice-documentserver.conf b/config/nginx/onlyoffice-documentserver.conf
new file mode 100644
index 0000000..0572fa8
--- /dev/null
+++ b/config/nginx/onlyoffice-documentserver.conf
@@ -0,0 +1,8 @@
+include /etc/nginx/includes/onlyoffice-http.conf;
+server {
+  listen 0.0.0.0:80;
+  listen [::]:80 default_server;
+  server_tokens off;
+  
+  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
+}
\ No newline at end of file
diff --git a/config/nginx/onlyoffice-ssl b/config/nginx/onlyoffice-ssl
deleted file mode 100644
index 87cd77e..0000000
--- a/config/nginx/onlyoffice-ssl
+++ /dev/null
@@ -1,114 +0,0 @@
-## Normal HTTP host
-server {
-  listen 0.0.0.0:80;
-  listen [::]:80 default_server;
-  server_name _;
-  server_tokens off;
-
-  ## Redirects all traffic to the HTTPS host
-  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
-  rewrite ^ https://$host$request_uri? permanent;
-}
-
-upstream fastcgi_backend {
-    server 127.0.0.1:9001;
-    keepalive 32;
-}
-
-## HTTPS host
-server {
-  listen 0.0.0.0:443 ssl spdy;
-  listen [::]:443 ssl spdy default_server;
-  server_tokens off;
-  root /usr/share/nginx/html;
-
-  ## Increase this if you want to upload large attachments
-  client_max_body_size 100m;
-
-  ## Strong SSL Security
-  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-  ssl on;
-  ssl_certificate {{SSL_CERTIFICATE_PATH}};
-  ssl_certificate_key {{SSL_KEY_PATH}};
-  ssl_verify_client {{SSL_VERIFY_CLIENT}};
-  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
-
-  ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
-  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
-  ssl_session_cache  builtin:1000  shared:SSL:10m;
-
-  ssl_prefer_server_ciphers   on;
-
-  add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
-  # add_header X-Frame-Options SAMEORIGIN;
-  add_header X-Content-Type-Options nosniff;
-
-  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
-  ## Replace with your ssl_trusted_certificate. For more info see:
-  ## - https://medium.com/devops-programming/4445f4862461
-  ## - https://www.ruby-forum.com/topic/4419319
-  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
-  # ssl_stapling on;
-  # ssl_stapling_verify on;
-  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
-  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
-  # resolver_timeout 10s;
-
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   cd /etc/ssl/certs
-  ##   sudo openssl dhparam -out dhparam.pem 4096
-  ##
-  ssl_dhparam {{SSL_DHPARAM_PATH}};
-
-        gzip on;
-        gzip_types      text/plain
-                                text/xml
-                                text/css
-                                text/csv
-                                application/xml
-                                application/javascript
-                                application/x-javascript
-                                application/json
-                                application/octet-stream
-                                application/pdf
-                                application/rtf
-                                application/msword
-                                application/vnd.ms-excel
-                                application/vnd.ms-powerpoint;
-                                #application/vnd.oasis.opendocument.text
-                                #application/vnd.oasis.opendocument.spreadsheet
-                                #application/vnd.oasis.opendocument.presentation
-                                #application/vnd.openxmlformats-officedocument.wordprocessingml.document
-                                #application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
-                                #application/vnd.openxmlformats-officedocument.presentationml.presentation;
-
-
-        location / {
-                root /var/www/onlyoffice/documentserver/DocService/;
-                index index.html index.htm default.aspx Default.aspx;
-                fastcgi_index Default.aspx;
-                fastcgi_keep_conn on;
-                fastcgi_pass fastcgi_backend;
-                include /etc/onlyoffice/documentserver/fastcgi_params;
-        }
-
-        location ~ \/OfficeWeb\/(?!sdk\/Fonts\/) {
-                root /var/www/onlyoffice/documentserver/DocService;
-        }
-
-        location /coauthoring/ {
-                proxy_pass http://localhost:8000/;
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-        }
-
-        location /spellchecker/ {
-                proxy_pass http://localhost:8080/;
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-        }
-}
-
diff --git a/config/supervisor/supervisor b/config/supervisor/supervisor
new file mode 100644
index 0000000..1e612e0
--- /dev/null
+++ b/config/supervisor/supervisor
@@ -0,0 +1,176 @@
+#! /bin/sh
+#
+# skeleton	example file to build /etc/init.d/ scripts.
+#		This file should be used to construct scripts for /etc/init.d.
+#
+#		Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+#		Modified for Debian
+#		by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+#               Further changes by Javier Fernandez-Sanguino <jfs@debian.org>
+#
+# Version:	@(#)skeleton  1.9  26-Feb-2001  miquels@cistron.nl
+#
+### BEGIN INIT INFO
+# Provides:          supervisor
+# Required-Start:    $remote_fs $network $named
+# Required-Stop:     $remote_fs $network $named
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start/stop supervisor
+# Description:       Start/stop supervisor daemon and its configured
+#                    subprocesses.
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/supervisord
+NAME=supervisord
+DESC=supervisor
+
+test -x $DAEMON || exit 0
+
+LOGDIR=/var/log/supervisor
+PIDFILE=/var/run/$NAME.pid
+PS_COUNT=0
+DODTIME=5                   # Time to wait for the server to die, in seconds
+                            # If this value is set too low you might not
+                            # let some servers to die gracefully and
+                            # 'restart' will not work
+
+# Include supervisor defaults if available
+if [ -f /etc/default/supervisor ] ; then
+	. /etc/default/supervisor
+fi
+DAEMON_OPTS="-c /etc/supervisor/supervisord.conf $DAEMON_OPTS"
+
+set -e
+
+running_pid()
+{
+    # Check if a given process pid's cmdline matches a given name
+    pid=$1
+    name=$2
+    [ -z "$pid" ] && return 1
+    [ ! -d /proc/$pid ] &&  return 1
+    (cat /proc/$pid/cmdline | tr "\000" "\n"|grep -q $name) || return 1
+    return 0
+}
+
+running()
+{
+# Check if the process is running looking at /proc
+# (works for all users)
+
+    # No pidfile, probably no daemon present
+    [ ! -f "$PIDFILE" ] && return 1
+    # Obtain the pid and check it against the binary name
+    pid=`cat $PIDFILE`
+    running_pid $pid $DAEMON || return 1
+    return 0
+}
+
+force_stop() {
+# Forcefully kill the process
+    [ ! -f "$PIDFILE" ] && return
+    if running ; then
+        kill -15 $pid
+        # Is it really dead?
+        [ -n "$DODTIME" ] && sleep "$DODTIME"s
+        if running ; then
+            kill -9 $pid
+            [ -n "$DODTIME" ] && sleep "$DODTIME"s
+            if running ; then
+                echo "Cannot kill $LABEL (pid=$pid)!"
+                exit 1
+            fi
+        fi
+    fi
+    rm -f $PIDFILE
+    return 0
+}
+
+get_pid() {
+    PS_COUNT=$(pgrep -fc $DAEMON || true)
+}
+
+case "$1" in
+  start)
+        get_pid
+        if [ $PS_COUNT -eq 0 ]; then
+            rm -f "$PIDFILE"
+        fi
+	echo -n "Starting $DESC: "
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+		--startas $DAEMON -- $DAEMON_OPTS
+	test -f $PIDFILE || sleep 1
+        if running ; then
+            echo "$NAME."
+        else
+            echo " ERROR."
+        fi
+	;;
+  stop)
+	echo -n "Stopping $DESC: "
+	start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE 
+	echo "$NAME."
+	;;
+  force-stop)
+	echo -n "Forcefully stopping $DESC: "
+        force_stop
+        if ! running ; then
+            echo "$NAME."
+        else
+            echo " ERROR."
+        fi
+	;;
+  #reload)
+	#
+	#	If the daemon can reload its config files on the fly
+	#	for example by sending it SIGHUP, do it here.
+	#
+	#	If the daemon responds to changes in its config file
+	#	directly anyway, make this a do-nothing entry.
+	#
+	# echo "Reloading $DESC configuration files."
+	# start-stop-daemon --stop --signal 1 --quiet --pidfile \
+	#	/var/run/$NAME.pid --exec $DAEMON
+  #;;
+  force-reload)
+	#
+	#	If the "reload" option is implemented, move the "force-reload"
+	#	option to the "reload" entry above. If not, "force-reload" is
+	#	just the same as "restart" except that it does nothing if the
+	#   daemon isn't already running.
+	# check wether $DAEMON is running. If so, restart
+	start-stop-daemon --stop --test --quiet --pidfile $PIDFILE \
+        --startas $DAEMON \
+	&& $0 restart \
+	|| exit 0
+	;;
+  restart)
+    echo -n "Restarting $DESC: "
+    start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
+	[ -n "$DODTIME" ] && sleep $DODTIME
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+		--startas $DAEMON -- $DAEMON_OPTS
+	echo "$NAME."
+	;;
+  status)
+    echo -n "$LABEL is "
+    if running ;  then
+        echo "running"
+    else
+        echo " not running."
+        exit 1
+    fi
+    ;;
+  *)
+	N=/etc/init.d/$NAME
+	# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+	echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2
+	exit 1
+	;;
+esac
+
+exit 0
diff --git a/config/supervisor/supervisord.conf b/config/supervisor/supervisord.conf
new file mode 100644
index 0000000..27ef634
--- /dev/null
+++ b/config/supervisor/supervisord.conf
@@ -0,0 +1,27 @@
+; supervisor config file
+
+[inet_http_server]
+port = 127.0.0.1:9001
+
+[supervisord]
+logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = http://localhost:9001 ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf
diff --git a/run-document-server.sh b/run-document-server.sh
index 6134cf8..89a0bcc 100644
--- a/run-document-server.sh
+++ b/run-document-server.sh
@@ -1,76 +1,139 @@
 #!/bin/bash
 
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/CoAuthoringService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/DocService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/FileConverterService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/LibreOfficeService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/SpellCheckerService.conf
-
-sed "/sudo /s/-u onlyoffice//" -i /var/www/onlyoffice/documentserver/Tools/CheckDocService.sh
-sed "/sudo /s/-u onlyoffice//" -i /var/www/onlyoffice/documentserver/Tools/GenerateAllFonts.sh
-
-chown root /var/www/onlyoffice
-chown root /var/lib/onlyoffice
-
-adduser --quiet www-data root
-
+APP_DIR="/var/www/onlyoffice/documentserver"
 DATA_DIR="/var/www/onlyoffice/Data"
-LOG_DIR="/var/log/onlyoffice"
+LOG_DIR="/var/log/onlyoffice/documentserver"
 
 ONLYOFFICE_HTTPS=${ONLYOFFICE_HTTPS:-false}
 
 SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
 SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
 SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
+CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
 ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
 ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
 SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
 
-NGINX_ONLYOFFICE_PATH="/etc/nginx/sites-enabled/onlyoffice-documentserver";
+NGINX_ONLYOFFICE_PATH="/etc/nginx/conf.d/onlyoffice-documentserver.conf";
+
+NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
+NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)}
+NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
+
+ONLYOFFICE_DEFAULT_CONFIG=/etc/onlyoffice/documentserver/default.json
+
+MYSQL_SERVER_HOST=${MYSQL_SERVER_HOST:-"localhost"}
+MYSQL_SERVER_PORT=${MYSQL_SERVER_PORT:-"3306"}
+MYSQL_SERVER_DB_NAME=${MYSQL_SERVER_DB_NAME:-"onlyoffice"}
+MYSQL_SERVER_USER=${MYSQL_SERVER_USER:-"root"}
+MYSQL_SERVER_PASS=${MYSQL_SERVER_PASS:-""}
+
+RABBITMQ_SERVER_HOST=${RABBITMQ_SERVER_HOST:-"localhost"}
+RABBITMQ_SERVER_USER=${RABBITMQ_SERVER_USER:-"guest"}
+RABBITMQ_SERVER_PASS=${RABBITMQ_SERVER_PASS:-"guest"}
+
+REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-"localhost"}
+REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-"6379"}
 
 # create base folders
-mkdir -p /var/log/onlyoffice/documentserver/FileConverterService/
-mkdir -p /var/log/onlyoffice/documentserver/CoAuthoringService/
-mkdir -p /var/log/onlyoffice/documentserver/DocService/
-mkdir -p /var/log/onlyoffice/documentserver/SpellCheckerService/
-mkdir -p /var/log/onlyoffice/documentserver/LibreOfficeService/
-mkdir -p /var/log/onlyoffice/documentserver/WatchDogService/
+for i in converter docservice spellchecker metrics gc; do
+	mkdir -p "${LOG_DIR}/$i"
+done
+
+mkdir -p ${LOG_DIR}-example
+
+# Set up nginx
+sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH}
+sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_CONFIG_PATH}
+sed 's/access_log.*/'"access_log off;"'/' -i ${NGINX_CONFIG_PATH}
 
 # setup HTTPS
 if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
-        cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-ssl ${NGINX_ONLYOFFICE_PATH}
+  cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver-ssl.conf ${NGINX_ONLYOFFICE_PATH}
 
-        mkdir ${DATA_DIR}
-        mkdir ${LOG_DIR}/nginx
+  mkdir ${DATA_DIR}
 
-        # configure nginx
-        sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+  # configure nginx
+  sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+  sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
 
-        # if dhparam path is valid, add to the config, otherwise remove the option
-        if [ -r "${SSL_DHPARAM_PATH}" ]; then
-          sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
+  # if dhparam path is valid, add to the config, otherwise remove the option
+  if [ -r "${SSL_DHPARAM_PATH}" ]; then
+    sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+  else
+    sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i ${NGINX_ONLYOFFICE_PATH}
+  fi
 
-        sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
+  sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
 
-        if [ -f /usr/local/share/ca-certificates/ca.crt ]; then
-          sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
+  if [ -f "${CA_CERTIFICATES_PATH}" ]; then
+    sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+  else
+    sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
+  fi
 
-        if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
-          sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/'"${ONLYOFFICE_HTTPS_HSTS_MAXAGE}"'/' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
+  if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
+    sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/'"${ONLYOFFICE_HTTPS_HSTS_MAXAGE}"'/' -i ${NGINX_ONLYOFFICE_PATH}
+  else
+    sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
+  fi
+else
+  cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver.conf ${NGINX_ONLYOFFICE_PATH}
 fi
 
-service mysql start
+JSON="json -I -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
+
+if [ ${MYSQL_SERVER_HOST} != "localhost" ]; then
+
+  # Change mysql settings
+  ${JSON} -e "this.services.CoAuthoring.sql.dbHost = '${MYSQL_SERVER_HOST}'"
+  ${JSON} -e "this.services.CoAuthoring.sql.dbPort = '${MYSQL_SERVER_PORT}'"
+  ${JSON} -e "this.services.CoAuthoring.sql.dbName = '${MYSQL_SERVER_DB_NAME}'"
+  ${JSON} -e "this.services.CoAuthoring.sql.dbUser = '${MYSQL_SERVER_USER}'"
+  ${JSON} -e "this.services.CoAuthoring.sql.dbPass = '${MYSQL_SERVER_PASS}'"
+
+  MYSQL="mysql -s -h${MYSQL_SERVER_HOST} -u${MYSQL_SERVER_USER}"
+  if [ -n "${MYSQL_SERVER_PASS}" ]; then
+    MYSQL="$MYSQL -p${MYSQL_SERVER_PASS}"
+  fi
+
+  # Create  db on remote server
+  ${MYSQL} -e "CREATE DATABASE IF NOT EXISTS ${MYSQL_SERVER_DB_NAME} CHARACTER SET utf8 COLLATE 'utf8_general_ci';"
+  ${MYSQL} "${MYSQL_SERVER_DB_NAME}" < "${APP_DIR}/server/schema/createdb.sql"
+else
+  service mysql start
+fi
+
+if [ ${RABBITMQ_SERVER_HOST} != "localhost" ]; then
+
+  # Change rabbitmq settings
+  ${JSON} -e "this.rabbitmq.url = 'amqp://${RABBITMQ_SERVER_HOST}'"
+  ${JSON} -e "this.rabbitmq.login = '${RABBITMQ_SERVER_USER}'"
+  ${JSON} -e "this.rabbitmq.password = '${RABBITMQ_SERVER_PASS}'"
+  
+else
+  service redis-server start
+fi
+
+if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
+
+  # Change redis settings
+  ${JSON} -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
+  ${JSON} -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
+  
+else
+  service rabbitmq-server start
+fi
+
+# Copy modified supervisor start script
+cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
+# Copy modified supervisor config
+cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
+
 service nginx start
 service supervisor start
+
+# Regenerate the fonts list and the fonts thumbnails
+documentserver-generate-allfonts.sh