From 1957d38907f8aba9da7a9ddf4213c3213d8e4f02 Mon Sep 17 00:00:00 2001 From: Pavel Lobashov Date: Mon, 31 Oct 2022 16:38:53 +0200 Subject: [PATCH 1/8] Actualize state of JWT variables (#535) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4c384e3..39e3a71 100644 --- a/README.md +++ b/README.md @@ -191,8 +191,8 @@ Below is the complete list of parameters that can be set using environment varia - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. - **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`. -- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`. -- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. +- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`. +- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value. - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`. From 730dd71ac572d523bd93e1ef423f15fa907f5206 Mon Sep 17 00:00:00 2001 From: Danil Titarenko <77471369+danilapog@users.noreply.github.com> Date: Mon, 31 Oct 2022 11:53:24 +0300 Subject: [PATCH 2/8] Add ucs build on older image version (#531) (cherry picked from commit 92dd2833d1479ebe25afe3da85a78d308e6e06ff) --- .github/workflows/stable-build.yml | 36 ++++++++++++++++++++++++++++++ docker-bake.hcl | 30 +++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/.github/workflows/stable-build.yml b/.github/workflows/stable-build.yml index a15f551..d8278f2 100644 --- a/.github/workflows/stable-build.yml +++ b/.github/workflows/stable-build.yml @@ -92,3 +92,39 @@ jobs: export TAG=${{ github.event.inputs.tag }} docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push shell: bash + + build-ucs-ubuntu20: + name: "Release image: DocumentServer${{ matrix.edition }}-ucs" + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + edition: ["", "-ee"] + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: build UCS + run: | + set -eux + export PRODUCT_EDITION=${{ matrix.edition }} + export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/testing/ubuntu + export DOCKERFILE=Dockerfile + export BASE_IMAGE=ubuntu:20.04 + export PG_VERSION=12 + export TAG=${{ github.event.inputs.tag }} + export PACKAGE_VERSION=$( echo ${TAG} | sed -E 's/(.*)\./\1-/') + docker buildx bake -f docker-bake.hcl documentserver-ucs --push + shell: bash diff --git a/docker-bake.hcl b/docker-bake.hcl index ee9175e..529a8fd 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -50,6 +50,18 @@ variable "RELEASE_BRANCH" { default = "" } +### ↓ Variables for UCS build ↓ + +variable "BASE_IMAGE" { + default = "" +} + +variable "PG_VERSION" { + default = "" +} + +### ↑ Variables for UCS build ↑ + target "documentserver" { target = "documentserver" dockerfile = "${DOCKERFILE}" @@ -85,6 +97,24 @@ target "documentserver-stable" { } } +target "documentserver-ucs" { + target = "documentserver" + dockerfile = "${DOCKERFILE}" + tags = [ + "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}" + ] + platforms = ["linux/amd64", "linux/arm64"] + args = { + "PRODUCT_EDITION": "${PRODUCT_EDITION}" + "PRODUCT_NAME": "${PRODUCT_NAME}" + "COMPANY_NAME": "${COMPANY_NAME}" + "PACKAGE_VERSION": "${PACKAGE_VERSION}" + "PACKAGE_BASEURL": "${PACKAGE_BASEURL}" + "BASE_IMAGE": "${BASE_IMAGE}" + "PG_VERSION": "${PG_VERSION}" + } +} + target "documentserver-nonexample" { target = "documentserver-nonexample" dockerfile = "production.dockerfile" From c7090252ff6470a57fd0ed4881bd70ff3df0b4f9 Mon Sep 17 00:00:00 2001 From: Danil Titarenko <77471369+danilapog@users.noreply.github.com> Date: Mon, 31 Oct 2022 15:24:17 +0300 Subject: [PATCH 3/8] Add base image and postgresql version build arguments (#524) (cherry picked from commit e1d7cfd5e86bf143d25b019fd72ec2849df15a03) --- Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7aa158a..5ebd56d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,11 @@ -FROM ubuntu:22.04 as documentserver +ARG BASE_IMAGE=ubuntu:22.04 + +FROM ${BASE_IMAGE} as documentserver LABEL maintainer Ascensio System SIA -ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=14 +ARG PG_VERSION=14 + +ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION} ARG ONLYOFFICE_VALUE=onlyoffice From b0745353666d0f4e17254f302b47de5f76362b76 Mon Sep 17 00:00:00 2001 From: Semyon Bezrukov Date: Thu, 15 Dec 2022 17:45:33 +0300 Subject: [PATCH 4/8] Fix makefile (#554) --- Makefile | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/Makefile b/Makefile index 5ef925e..99b749b 100644 --- a/Makefile +++ b/Makefile @@ -1,21 +1,18 @@ COMPANY_NAME ?= ONLYOFFICE GIT_BRANCH ?= develop -PRODUCT_NAME ?= DocumentServer +PRODUCT_NAME ?= documentserver PRODUCT_EDITION ?= PRODUCT_VERSION ?= 0.0.0 BUILD_NUMBER ?= 0 BUILD_CHANNEL ?= nightly ONLYOFFICE_VALUE ?= onlyoffice -S3_BUCKET ?= repo-doc-onlyoffice-com -S3_REGION ?= eu-west-1 COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z) -PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z) -COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW)) +COMPANY_NAME_ESC = $(subst -,,$(COMPANY_NAME_LOW)) -PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION) -PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch -PACKAGE_BASEURL := https://s3.$(S3_REGION).amazonaws.com/$(S3_BUCKET)/server/linux/debian/$(BUILD_CHANNEL) +PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION) +PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch +PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian/$(BUILD_CHANNEL) ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test)) DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER) @@ -23,18 +20,17 @@ else DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)-$(subst /,-,$(GIT_BRANCH)) endif -DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION) -DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy -DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(DOCKER_TAG).tar.gz -DOCKER_ARCH_URI := server/linux/docker/$(BUILD_CHANNEL)/$(notdir $(DOCKER_ARCH)) +DOCKER_IMAGE := $(COMPANY_NAME_ESC)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION) +DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy +DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)_$(DOCKER_TAG).tar.gz -.PHONY: all clean clean-docker image deploy docker publish +.PHONY: all clean clean-docker image deploy docker $(DOCKER_DUMMY): - docker pull ubuntu:20.04 + docker pull ubuntu:22.04 docker build \ --build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \ - --build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \ + --build-arg PRODUCT_NAME=$(PRODUCT_NAME) \ --build-arg PRODUCT_EDITION=$(PRODUCT_EDITION) \ --build-arg PACKAGE_VERSION=$(PACKAGE_VERSION) \ --build-arg PACKAGE_BASEURL=$(PACKAGE_BASEURL) \ @@ -68,7 +64,3 @@ ifeq ($(BUILD_CHANNEL),nightly) docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \ done endif - -publish: $(DOCKER_ARCH) - aws s3 cp --no-progress --acl public-read \ - $(DOCKER_ARCH) s3://$(S3_BUCKET)/$(DOCKER_ARCH_URI) From 7fa2f598a19a56d06b234c46f94748a81b7e4313 Mon Sep 17 00:00:00 2001 From: Danil Titarenko <77471369+danilapog@users.noreply.github.com> Date: Tue, 20 Dec 2022 14:54:23 +0300 Subject: [PATCH 5/8] Fix ucs build (#537) * Fix ucs build * Change rabbitmq version on lower * Remove rabbimq version argument * Rename variable --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 55e4b6e..eeab60d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,13 +11,14 @@ ARG ONLYOFFICE_VALUE=onlyoffice RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ apt-get -y update && \ - apt-get -yq install wget apt-transport-https gnupg locales && \ + apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \ mkdir -p $HOME/.gnupg && \ gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \ chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \ locale-gen en_US.UTF-8 && \ echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \ wget -O - https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.deb.sh | bash && \ + if [ $(lsb_release -cs) = focal ]; then RABBITMQ_VERSION=3.8.11-1; else RABBITMQ_VERSION=3.10 ; fi && \ apt-get -yq install \ adduser \ apt-utils \ @@ -46,7 +47,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ postgresql \ postgresql-client \ pwgen \ - rabbitmq-server=3.10* \ + rabbitmq-server=${RABBITMQ_VERSION}* \ redis-server \ software-properties-common \ sudo \ From 759bed5c14ed97a32a2790091bac6e918216c423 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 30 Dec 2022 12:40:54 +0300 Subject: [PATCH 6/8] Add obligatory use of JWT parameters (#562) --- README.md | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4c384e3..9e40e91 100644 --- a/README.md +++ b/README.md @@ -220,10 +220,20 @@ Then launch containers on it using the 'docker run --net onlyoffice' option: Follow [these steps](#installing-mysql) to install MySQL server. -**STEP 3**: Install ONLYOFFICE Document Server. +**STEP 3**: Generate JWT Secret + +JWT secret defines the secret key to validate the JSON Web Token in the request to the **ONLYOFFICE Document Server**. You can specify it yourself or easily get it using the command: +``` +JWT_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12); +``` + +**STEP 4**: Install ONLYOFFICE Document Server. ```bash sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \ + -e JWT_ENABLED=true \ + -e JWT_SECRET=${JWT_SECRET} \ + -e JWT_HEADER=AuthorizationJwt \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ @@ -231,7 +241,7 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-doc onlyoffice/documentserver ``` -**STEP 4**: Install ONLYOFFICE Mail Server. +**STEP 5**: Install ONLYOFFICE Mail Server. For the mail server correct work you need to specify its hostname 'yourdomain.com'. @@ -253,7 +263,7 @@ The additional parameters for mail server are available [here](https://github.co To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation"). -**STEP 5**: Install ONLYOFFICE Community Server +**STEP 6**: Install ONLYOFFICE Community Server ```bash sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \ @@ -264,6 +274,9 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-com -e MYSQL_SERVER_PASS=onlyoffice_pass \ -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \ + -e DOCUMENT_SERVER_JWT_ENABLED=true \ + -e DOCUMENT_SERVER_JWT_SECRET=${JWT_SECRET} \ + -e DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt \ -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \ -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \ From 26f3d34ac3cdb048623caac54d494b74aeb3ea79 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 30 Dec 2022 12:50:18 +0300 Subject: [PATCH 7/8] Cosmetic changes README.md (#563) --- README.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 9e40e91..9797860 100644 --- a/README.md +++ b/README.md @@ -231,14 +231,14 @@ JWT_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12); ```bash sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \ - -e JWT_ENABLED=true \ - -e JWT_SECRET=${JWT_SECRET} \ - -e JWT_HEADER=AuthorizationJwt \ - -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ - -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ - -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ - -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \ - onlyoffice/documentserver + -e JWT_ENABLED=true \ + -e JWT_SECRET=${JWT_SECRET} \ + -e JWT_HEADER=AuthorizationJwt \ + -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ + -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ + -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ + -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \ + onlyoffice/documentserver ``` **STEP 5**: Install ONLYOFFICE Mail Server. @@ -266,7 +266,7 @@ To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://githu **STEP 6**: Install ONLYOFFICE Community Server ```bash -sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \ +sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 --cgroupns=host \ -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \ -e MYSQL_SERVER_DB_NAME=onlyoffice \ -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \ @@ -287,12 +287,14 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-com -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \ + -v /app/onlyoffice/CommunityServer/letsencrypt:/etc/letsencrypt \ + -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ onlyoffice/communityserver ``` Where `${MAIL_SERVER_IP}` is the IP address for **ONLYOFFICE Mail Server**. You can easily get it using the command: ``` -docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server +MAIL_SERVER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server) ``` Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'. From 611db1f4a9a8b13ce1f1c456b7cb06e2eac03795 Mon Sep 17 00:00:00 2001 From: Danil Titarenko <77471369+danilapog@users.noreply.github.com> Date: Wed, 18 Jan 2023 17:58:48 +0300 Subject: [PATCH 8/8] Fix docker build by downgrading rabbit from 3.10 to 3.9 (#569) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c4fb454..a0e2156 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ locale-gen en_US.UTF-8 && \ echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \ wget -O - https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.deb.sh | bash && \ - if [ $(lsb_release -cs) = focal ]; then RABBITMQ_VERSION=3.8.11-1; else RABBITMQ_VERSION=3.10 ; fi && \ + if [ $(lsb_release -cs) = focal ]; then RABBITMQ_VERSION=3.8.11-1; else RABBITMQ_VERSION=3.9 ; fi && \ apt-get -yq install \ adduser \ apt-utils \