diff --git a/.github/workflows/4testing-build.yml b/.github/workflows/4testing-build.yml new file mode 100644 index 0000000..683bb80 --- /dev/null +++ b/.github/workflows/4testing-build.yml @@ -0,0 +1,139 @@ +### This workflow setup instance then build and push images ### +name: 4testing multiarch-build + +on: + workflow_dispatch: + inputs: + build: + description: 'Build number (ex. 45)' + type: string + required: true + amd64: + type: boolean + description: 'Build AMD64' + default: true + arm64: + type: boolean + description: 'Build ARM64' + default: true + community: + type: boolean + description: 'Build Community Edition' + default: true + enterprise: + type: boolean + description: 'Build Enterprise Edition' + default: true + developer: + type: boolean + description: 'Build Developer Edition' + default: true + +env: + COMPANY_NAME: "onlyoffice" + PRODUCT_NAME: "documentserver" + +jobs: + prepare: + runs-on: ubuntu-latest + steps: + - id: matrix + run: | + set -ex + + BRANCH_NAME=${GITHUB_REF#refs/heads/} + if ! [[ $BRANCH_NAME == develop || $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then + echo "Wrong branch." + exit 1 + fi + + [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64") + [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64") + if [ -z ${PLATFORMS} ]; then + echo "None of the platforms are selected." + exit 1 + fi + + [ ${{ github.event.inputs.community }} = true ] && EDITIONS+=("community") + [ ${{ github.event.inputs.enterprise }} = true ] && EDITIONS+=("enterprise") + [ ${{ github.event.inputs.developer }} = true ] && EDITIONS+=("developer") + if [ -z ${EDITIONS} ]; then + echo "None of the editions are selected." + exit 1 + fi + echo "::set-output name=editions::$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" + outputs: + editions: ${{ steps.matrix.outputs.editions }} + + build: + name: "Build ${{ matrix.image }}-${{ matrix.edition }}" + runs-on: ubuntu-latest + needs: prepare + strategy: + fail-fast: false + matrix: + image: ["documentserver"] + edition: ${{ fromJSON(needs.prepare.outputs.editions) }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Build 4testing + run: | + set -eux + + ### ==>> At this step build variable declaration ### + + case ${{ matrix.edition }} in + community) + PRODUCT_EDITION="" + ;; + enterprise) + PRODUCT_EDITION="-ee" + ;; + developer) + PRODUCT_EDITION="-de" + ;; + esac + + [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64") + [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64") + PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',') + + BRANCH_NAME=${GITHUB_REF#refs/heads/} + if [ $BRANCH_NAME = develop ]; then + BUILD_CHANNEL=nightly + PRODUCT_VERSION=99.99.99 + elif [[ $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then + BUILD_CHANNEL=test + PRODUCT_VERSION=${BRANCH_NAME#*/v} + fi + BUILD_NUMBER=${{ github.event.inputs.build }} + + export PRODUCT_EDITION + export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}~stretch + export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/${BUILD_CHANNEL} + export BUILD_CHANNEL + export PLATFORM + export DOCKERFILE=Dockerfile + export PREFIX_NAME=4testing- + export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER} + + ### ==>> Build and push images at this step ### + + docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push + echo "DONE: Build success" + shell: bash diff --git a/.github/workflows/stable-build.yml b/.github/workflows/stable-build.yml new file mode 100644 index 0000000..d0cc970 --- /dev/null +++ b/.github/workflows/stable-build.yml @@ -0,0 +1,124 @@ +### This workflow setup instance then build and push images ### +name: Multi-arch build stable + +on: + workflow_dispatch: + inputs: + tag: + description: 'Tag for release (ex. 1.2.3.45)' + type: string + required: true + +env: + COMPANY_NAME: "onlyoffice" + PRODUCT_NAME: "documentserver" + +jobs: + build: + name: "Release image: DocumentServer${{ matrix.edition }}" + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + images: ["documentserver-stable"] + edition: ["", "-ee", "-de"] + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: Build documentserver-release + run: | + set -eux + VERSION=${{ github.event.inputs.tag }} + PRODUCT_EDITION=${{ matrix.edition }} + TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION} + export PRODUCT_EDITION + export TAG=${VERSION} + export SHORTER_TAG=${VERSION%.*} + export SHORTEST_TAG=${VERSION%.*.*} + docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push + echo "DONE: Build success >> exit with 0" + exit 0 + shell: bash + + build-nonexample: + name: "Release image: DocumentServer${{ matrix.edition }}-nonExample" + runs-on: ubuntu-latest + needs: [build] + if: ${{ false }} + strategy: + fail-fast: false + matrix: + images: ["documentserver-nonexample"] + edition: ["", "-ee", "-de"] + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: build image + run: | + set -eux + export PRODUCT_EDITION=${{ matrix.edition }} + export TAG=${{ github.event.inputs.tag }} + docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push + shell: bash + + build-ucs-ubuntu20: + name: "Release image: DocumentServer${{ matrix.edition }}-ucs" + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + edition: ["", "-ee"] + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_HUB_USERNAME }} + password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + + - name: build UCS + run: | + set -eux + export PRODUCT_EDITION=${{ matrix.edition }} + export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/test + export DOCKERFILE=Dockerfile + export BASE_IMAGE=ubuntu:20.04 + export PG_VERSION=12 + export TAG=${{ github.event.inputs.tag }} + export PACKAGE_VERSION=$( echo ${TAG} | sed -E 's/(.*)\./\1-/')~stretch + docker buildx bake -f docker-bake.hcl documentserver-ucs --push + shell: bash diff --git a/Dockerfile b/Dockerfile index 8c2b265..9744e93 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,17 @@ -ARG ARCH= -FROM ${ARCH}debian:bullseye -LABEL maintainer jiriks74 +ARG BASE_IMAGE=ubuntu:22.04 -RUN echo "deb http://deb.debian.org/debian bullseye main contrib non-free\ndeb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free\ndeb http://deb.debian.org/debian bullseye-updates main contrib non-free\ndeb http://deb.debian.org/debian bullseye-backports main" > /etc/apt/sources.list +FROM ${BASE_IMAGE} as documentserver +LABEL maintainer Jiří Štefka -ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=13 +ARG PG_VERSION=14 + +ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION} ARG ONLYOFFICE_VALUE=onlyoffice -RUN /bin/sh -c "while [ ! nc -z localhost 5432 ]; do sleep 0.1; done" - RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ apt-get -y update && \ - apt-get -yq install wget apt-transport-https gnupg locales && \ - mkdir -p $HOME/.gnupg && \ - gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \ - chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \ + apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \ locale-gen en_US.UTF-8 && \ echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \ apt-get -yq install \ @@ -38,7 +34,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ libxml2 \ libxss1 \ libxtst6 \ - mariadb-client \ + mysql-client \ nano \ net-tools \ netcat-openbsd \ @@ -71,33 +67,35 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ service nginx stop && \ rm -rf /var/lib/apt/lists/* +COPY config /app/ds/setup/config/ +COPY run-document-server.sh /app/ds/run-document-server.sh + EXPOSE 80 443 ARG COMPANY_NAME=onlyoffice ARG PRODUCT_NAME=documentserver +ARG PRODUCT_EDITION= +ARG PACKAGE_VERSION= +ARG TARGETARCH +ARG PACKAGE_BASEURL="http://download.onlyoffice.com/install/documentserver/linux" ENV COMPANY_NAME=$COMPANY_NAME \ - PRODUCT_NAME=$PRODUCT_NAME + PRODUCT_NAME=$PRODUCT_NAME \ + PRODUCT_EDITION=$PRODUCT_EDITION \ + DS_DOCKER_INSTALLATION=true -RUN /bin/sh -c "while [ ! nc -z localhost 5432 ]; do sleep 0.1; done" - -RUN arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) && \ - wget -q -P /tmp "http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}_${arch}.deb" && \ +RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VERSION:+_$PACKAGE_VERSION}_${TARGETARCH:-$(dpkg --print-architecture)}.deb" && \ + wget -q -P /tmp "$PACKAGE_BASEURL/$PACKAGE_FILE" && \ apt-get -y update && \ service postgresql start && \ - apt-get -yq install /tmp/$(basename "${COMPANY_NAME}-${PRODUCT_NAME}_${arch}.deb") && \ + apt-get -yq install /tmp/$PACKAGE_FILE && \ service postgresql stop && \ service supervisor stop && \ - rm -f /tmp/"${COMPANY_NAME}-${PRODUCT_NAME}_${arch}.deb" && \ + chmod 755 /app/ds/*.sh && \ + rm -f /tmp/$PACKAGE_FILE && \ rm -rf /var/log/$COMPANY_NAME && \ rm -rf /var/lib/apt/lists/* -COPY config /app/ds/setup/config/ -COPY run-document-server.sh /app/ds/run-document-server.sh - - -RUN chmod 755 /app/ds/*.sh - VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom ENTRYPOINT ["/app/ds/run-document-server.sh"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..99b749b --- /dev/null +++ b/Makefile @@ -0,0 +1,66 @@ +COMPANY_NAME ?= ONLYOFFICE +GIT_BRANCH ?= develop +PRODUCT_NAME ?= documentserver +PRODUCT_EDITION ?= +PRODUCT_VERSION ?= 0.0.0 +BUILD_NUMBER ?= 0 +BUILD_CHANNEL ?= nightly +ONLYOFFICE_VALUE ?= onlyoffice + +COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z) +COMPANY_NAME_ESC = $(subst -,,$(COMPANY_NAME_LOW)) + +PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION) +PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch +PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian/$(BUILD_CHANNEL) + +ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test)) + DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER) +else + DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)-$(subst /,-,$(GIT_BRANCH)) +endif + +DOCKER_IMAGE := $(COMPANY_NAME_ESC)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION) +DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy +DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)_$(DOCKER_TAG).tar.gz + +.PHONY: all clean clean-docker image deploy docker + +$(DOCKER_DUMMY): + docker pull ubuntu:22.04 + docker build \ + --build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \ + --build-arg PRODUCT_NAME=$(PRODUCT_NAME) \ + --build-arg PRODUCT_EDITION=$(PRODUCT_EDITION) \ + --build-arg PACKAGE_VERSION=$(PACKAGE_VERSION) \ + --build-arg PACKAGE_BASEURL=$(PACKAGE_BASEURL) \ + --build-arg TARGETARCH=amd64 \ + --build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \ + -t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \ + mkdir -p $$(dirname $@) && \ + echo "Done" > $@ + +$(DOCKER_ARCH): $(DOCKER_DUMMY) + docker save $(DOCKER_IMAGE):$(DOCKER_TAG) | \ + gzip > $@ + +all: image + +clean: + rm -rfv *.dummy *.tar.gz + +clean-docker: + docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0 + +image: $(DOCKER_DUMMY) + +deploy: $(DOCKER_DUMMY) + for i in {1..3}; do \ + docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \ + done +ifeq ($(BUILD_CHANNEL),nightly) + docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest + for i in {1..3}; do \ + docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \ + done +endif diff --git a/README.md b/README.md index 853432f..66330c6 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ #### This repository is based on the official `Dockerfile` and `docker-compose.yml` files with all the needed files as well # Table of contents + - [Usage](#usage) - [Setting up secret key with nextcloud](#setting-up-secret-key-with-nextcloud) - [Larger file limits](#setting-up-larger-file-limits) @@ -21,11 +22,17 @@ - [Updating the image yourself](#updating-the-image-yourself) ## Usage + #### docker-compose with prebuilt image (recommended) + - Docker will pull the correct architecture automatically -- Below in `Details` you'll find a `docker-compose.yml` templete. To use it, make a directory where data from the container will be saved, create `docker-compose.yml` file in it and put the template from below in it. Then modify the template to your needs. +- Below in `Details` you'll find a `docker-compose.yml` templete. +To use it, make a directory where data from the container will be saved, create +`docker-compose.yml` file in it and put the template from below in it. +Then modify the template to your needs. +
- + ```yml version: '2' services: @@ -88,14 +95,16 @@ services: volumes: postgresql_data: ``` - +
### Setting up `Secret key` with Nextcloud + 1. Uncomment four lines starting with `JWT` in `docker-compose` 2. Set your secret on line `JWT_SECRET=yourSecret` 3. Open Nexcloud's `config.php` (by default `/var/www/nextcloud/config/config.php`) 4. Add this to the 2nd last line (before the line with `);`) and paste in your secret (3rd last line) + ```php 'onlyoffice' => array ( @@ -103,23 +112,30 @@ volumes: "jwt_header" => "AuthorizationJwt" ) ``` + 5. Go to your Nextcloud settings, navigate to Onlyoffice settings 6. Add your server Address and Secret key 7. Save ### Setting up larger file limits + - Uncomment the `- LARGER_FILE_LIMITS=true` line in `docker-compose.yml` ### Generating custom presentation themes -1. Uncomment the `- ./slideThemes:/var/www/onlyoffice/documentserver/sdkjs/slide/themes/src` line in `docker-compose.yml` + +1. Uncomment the +`- ./slideThemes:/var/www/onlyoffice/documentserver/sdkjs/slide/themes/src` +line in `docker-compose.yml` 2. Put your themes into the `slideThemes` directory -3. Run `docker exec -it /usr/bin/documentserver-generate-allfonts.sh` +3. Run `docker exec -it /usr/bin/documentserver-generate-allfonts.sh` - (This will take some time. I have totally 35 themes and it took about 30 minutes to generate them on a Raspberry Pi 4 4GB on an external HDD - SSD may be faster) 4. If you want to add more themes later, repeat step 2 and 3. ## Tags used on DockerHub + - `latest` - the latest version of the Documentserver -- Version tags (eg. `7.0.1-37`) - these tags are equal to the Documentserver version of the `onlyoffice-documentserver` debian package used in the image +- Version tags (eg. `7.0.1-37`) - these tags are equal to the Documentserver +version of the `onlyoffice-documentserver` debian package used in the image ## Building the image yourself (not recommended - may take a lot of time) @@ -128,33 +144,43 @@ volumes: `git clone https://github.com/jiriks74/Docker-DocumentServer.git && cd Docker-DocumentServer` #### 2. Build the docker image + ##### Building only for the architecture you are building the image on (when building on Raspberry Pi result will be `arm64`, when on pc result will be `amd64`) + `docker-compose build` - + ##### Building for all supported architectures (you have to have your environment setup for emulation of arm64 with `qemu` and build it on `amd64`) - you have to push to DockerHub + `docker buildx build --push --platform linux/arm64,linux/amd64,linux/386 .` #### 3. Create and start the container - `docker-compose up -d` + + `docker-compose up -d` + - This will start the server. It is set to be automatically started/restarted so as long you have docker running on startup this will start automatically ### Updating the image yourself + #### 1. Stop and delete the old container `docker-compose down` - + #### 2. (optional) Clear the docker cache + #### - ! This will remove all unused cache images ! (good for saving space, bad if you develop with and need cache, but you understand it at that point) `docker rmi $(docker images -f "dangling=true" -q)` #### 4. Rebuild the image without cache -##### Building only for the architecture you are building the image on (when building on Raspberry Pi result will be `arm64`, when on pc result will be `amd64`) - `docker-compose build` - + +##### Building only for the architecture you are building the image on (when building on Raspberry Pi result will be `arm64`, when on pc result will be `amd64`) + + `docker-compose build` + ##### Building for all supported architectures (you have to have your environment setup for emulation of arm64 with `qemu`) - you'll have to push to DockerHub, multiplatform images cannot be saved locally (for whatever reason) + `docker buildx build --push --platform linux/arm64,linux/amd64,linux/386 .` - + #### 3. Create and start the new container `docker-compose up -d` @@ -193,6 +219,8 @@ Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface. +***Important*** Please update `docker-enginge` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it + ## Functionality ## * ONLYOFFICE Document Editor * ONLYOFFICE Spreadsheet Editor @@ -353,10 +381,12 @@ Below is the complete list of parameters that can be set using environment varia - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`. - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running. - **REDIS_SERVER_PORT**: The Redis server port number. +- **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default. - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. -- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`. -- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. +- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`. +- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`. +- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value. - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`. @@ -384,18 +414,28 @@ Then launch containers on it using the 'docker run --net onlyoffice' option: Follow [these steps](#installing-mysql) to install MySQL server. -**STEP 3**: Install ONLYOFFICE Document Server. +**STEP 3**: Generate JWT Secret + +JWT secret defines the secret key to validate the JSON Web Token in the request to the **ONLYOFFICE Document Server**. You can specify it yourself or easily get it using the command: +``` +JWT_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12); +``` + +**STEP 4**: Install ONLYOFFICE Document Server. ```bash sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \ - -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ - -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ - -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ - -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \ - onlyoffice/documentserver + -e JWT_ENABLED=true \ + -e JWT_SECRET=${JWT_SECRET} \ + -e JWT_HEADER=AuthorizationJwt \ + -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ + -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ + -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ + -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \ + onlyoffice/documentserver ``` -**STEP 4**: Install ONLYOFFICE Mail Server. +**STEP 5**: Install ONLYOFFICE Mail Server. For the mail server correct work you need to specify its hostname 'yourdomain.com'. @@ -417,10 +457,10 @@ The additional parameters for mail server are available [here](https://github.co To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation"). -**STEP 5**: Install ONLYOFFICE Community Server +**STEP 6**: Install ONLYOFFICE Community Server ```bash -sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \ +sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 --cgroupns=host \ -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \ -e MYSQL_SERVER_DB_NAME=onlyoffice \ -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \ @@ -428,6 +468,9 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-com -e MYSQL_SERVER_PASS=onlyoffice_pass \ -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \ + -e DOCUMENT_SERVER_JWT_ENABLED=true \ + -e DOCUMENT_SERVER_JWT_SECRET=${JWT_SECRET} \ + -e DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt \ -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \ -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \ @@ -438,12 +481,14 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-com -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \ + -v /app/onlyoffice/CommunityServer/letsencrypt:/etc/letsencrypt \ + -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ onlyoffice/communityserver ``` Where `${MAIL_SERVER_IP}` is the IP address for **ONLYOFFICE Mail Server**. You can easily get it using the command: ``` -docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server +MAIL_SERVER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server) ``` Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'. @@ -505,6 +550,5 @@ If you have any problems with or questions about this image, please visit our of [1]: https://forum.onlyoffice.com [2]: https://stackoverflow.com/questions/tagged/onlyoffice - diff --git a/config/supervisor/ds/ds-converter.conf b/config/supervisor/ds/ds-converter.conf new file mode 100644 index 0000000..69285cd --- /dev/null +++ b/config/supervisor/ds/ds-converter.conf @@ -0,0 +1,13 @@ +[program:converter] +command=/var/www/COMPANY_NAME/documentserver/server/FileConverter/converter +directory=/var/www/COMPANY_NAME/documentserver/server/FileConverter +user=ds +environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME +stdout_logfile=/var/log/COMPANY_NAME/documentserver/converter/out.log +stdout_logfile_backups=0 +stdout_logfile_maxbytes=0 +stderr_logfile=/var/log/COMPANY_NAME/documentserver/converter/err.log +stderr_logfile_backups=0 +stderr_logfile_maxbytes=0 +autostart=true +autorestart=true diff --git a/config/supervisor/ds/ds-docservice.conf b/config/supervisor/ds/ds-docservice.conf new file mode 100644 index 0000000..4afbc1b --- /dev/null +++ b/config/supervisor/ds/ds-docservice.conf @@ -0,0 +1,13 @@ +[program:docservice] +command=/var/www/COMPANY_NAME/documentserver/server/DocService/docservice +directory=/var/www/COMPANY_NAME/documentserver/server/DocService +user=ds +environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1 +stdout_logfile=/var/log/COMPANY_NAME/documentserver/docservice/out.log +stdout_logfile_backups=0 +stdout_logfile_maxbytes=0 +stderr_logfile=/var/log/COMPANY_NAME/documentserver/docservice/err.log +stderr_logfile_backups=0 +stderr_logfile_maxbytes=0 +autostart=true +autorestart=true diff --git a/config/supervisor/ds/ds-example.conf b/config/supervisor/ds/ds-example.conf new file mode 100644 index 0000000..44fa688 --- /dev/null +++ b/config/supervisor/ds/ds-example.conf @@ -0,0 +1,14 @@ +[program:example] +command=/var/www/COMPANY_NAME/documentserver-example/example +directory=/var/www/COMPANY_NAME/documentserver-example/ +user=ds +environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver-example,NODE_DISABLE_COLORS=1 +stdout_logfile=/var/log/COMPANY_NAME/documentserver-example/out.log +stdout_logfile_backups=0 +stdout_logfile_maxbytes=0 +stderr_logfile=/var/log/COMPANY_NAME/documentserver-example/err.log +stderr_logfile_backups=0 +stderr_logfile_maxbytes=0 +autostart=false +autorestart=true +redirect_stderr=true diff --git a/config/supervisor/ds/ds-metrics.conf b/config/supervisor/ds/ds-metrics.conf new file mode 100644 index 0000000..1eb858a --- /dev/null +++ b/config/supervisor/ds/ds-metrics.conf @@ -0,0 +1,13 @@ +[program:metrics] +command=/var/www/COMPANY_NAME/documentserver/server/Metrics/metrics ./config/config.js +directory=/var/www/COMPANY_NAME/documentserver/server/Metrics +user=ds +environment=NODE_DISABLE_COLORS=1 +stdout_logfile=/var/log/COMPANY_NAME/documentserver/metrics/out.log +stdout_logfile_backups=0 +stdout_logfile_maxbytes=0 +stderr_logfile=/var/log/COMPANY_NAME/documentserver/metrics/err.log +stderr_logfile_backups=0 +stderr_logfile_maxbytes=0 +autostart=true +autorestart=true diff --git a/config/supervisor/ds/ds.conf b/config/supervisor/ds/ds.conf new file mode 100644 index 0000000..c9179df --- /dev/null +++ b/config/supervisor/ds/ds.conf @@ -0,0 +1,2 @@ +[group:ds] +programs=docservice,converter,metrics,example diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 0000000..28396a6 --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,129 @@ +variable "TAG" { + default = "" +} + +variable "SHORTER_TAG" { + default = "" +} + +variable "SHORTEST_TAG" { + default = "" +} + +variable "COMPANY_NAME" { + default = "" +} + +variable "PREFIX_NAME" { + default = "" +} + +variable "PRODUCT_EDITION" { + default = "" +} + +variable "PRODUCT_NAME" { + default = "" +} + +variable "PACKAGE_VERSION" { + default = "" +} + +variable "DOCKERFILE" { + default = "" +} + +variable "PLATFORM" { + default = "" +} + +variable "PACKAGE_BASEURL" { + default = "" +} + +variable "PACKAGE_FILE" { + default = "" +} + +variable "BUILD_CHANNEL" { + default = "" +} + +### ↓ Variables for UCS build ↓ + +variable "BASE_IMAGE" { + default = "" +} + +variable "PG_VERSION" { + default = "" +} + +### ↑ Variables for UCS build ↑ + +target "documentserver" { + target = "documentserver" + dockerfile = "${DOCKERFILE}" + tags = [ + "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}", + equal("nightly",BUILD_CHANNEL) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "", + ] + platforms = ["${PLATFORM}"] + args = { + "COMPANY_NAME": "${COMPANY_NAME}" + "PRODUCT_NAME": "${PRODUCT_NAME}" + "PRODUCT_EDITION": "${PRODUCT_EDITION}" + "PACKAGE_VERSION": "${PACKAGE_VERSION}" + "PACKAGE_BASEURL": "${PACKAGE_BASEURL}" + "PLATFORM": "${PLATFORM}" + } +} + +target "documentserver-stable" { + target = "documentserver-stable" + dockerfile = "production.dockerfile" + tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}", + "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}", + "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}", + "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest", + equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",] + platforms = ["linux/amd64", "linux/arm64"] + args = { + "TAG": "${TAG}" + "COMPANY_NAME": "${COMPANY_NAME}" + "PRODUCT_NAME": "${PRODUCT_NAME}" + "PRODUCT_EDITION": "${PRODUCT_EDITION}" + } +} + +target "documentserver-ucs" { + target = "documentserver" + dockerfile = "${DOCKERFILE}" + tags = [ + "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}" + ] + platforms = ["linux/amd64", "linux/arm64"] + args = { + "PRODUCT_EDITION": "${PRODUCT_EDITION}" + "PRODUCT_NAME": "${PRODUCT_NAME}" + "COMPANY_NAME": "${COMPANY_NAME}" + "PACKAGE_VERSION": "${PACKAGE_VERSION}" + "PACKAGE_BASEURL": "${PACKAGE_BASEURL}" + "BASE_IMAGE": "${BASE_IMAGE}" + "PG_VERSION": "${PG_VERSION}" + } +} + +target "documentserver-nonexample" { + target = "documentserver-nonexample" + dockerfile = "production.dockerfile" + tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ] + platforms = ["linux/amd64", "linux/arm64"] + args = { + "TAG": "${TAG}" + "COMPANY_NAME": "${COMPANY_NAME}" + "PRODUCT_NAME": "${PRODUCT_NAME}" + "PRODUCT_EDITION": "${PRODUCT_EDITION}" + } +} diff --git a/production.dockerfile b/production.dockerfile new file mode 100644 index 0000000..3c7b3bd --- /dev/null +++ b/production.dockerfile @@ -0,0 +1,24 @@ +### Arguments avavlivable only for FROM instruction ### +ARG TAG=latest +ARG COMPANY_NAME=onlyoffice +ARG PRODUCT_EDITION= + +### Build main-release ### + +FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable + +### Build nonexample ### + +FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample + +ARG COMPANY_NAME=onlyoffice +ARG PRODUCT_NAME=documentserver +ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf + +### Remove all documentserver-example data ### + +RUN rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \ + && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \ + && rm -f $DS_SUPERVISOR_CONF \ + && rm -f /etc/nginx/includes/ds-example.conf \ + && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf $DS_SUPERVISOR_CONF diff --git a/run-document-server.sh b/run-document-server.sh index 5423256..a8326a3 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -1,5 +1,7 @@ #!/bin/bash +umask 0022 + function clean_exit { /usr/bin/documentserver-prepare4shutdown.sh } @@ -37,7 +39,14 @@ if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then fi fi -SSL_CERTIFICATES_DIR="${DATA_DIR}/certs" +SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds" +mkdir -p ${SSL_CERTIFICATES_DIR} +if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then + cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR} + chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem + chmod 400 ${SSL_CERTIFICATES_DIR}/*.key +fi + if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt else @@ -64,9 +73,10 @@ NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-exam NGINX_CONFIG_PATH="/etc/nginx/nginx.conf" NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1} -NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)} +# Limiting the maximum number of simultaneous connections due to possible memory shortage +[ $(ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1048576} || NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)} -JWT_ENABLED=${JWT_ENABLED:-false} +JWT_ENABLED=${JWT_ENABLED:-true} # validate user's vars before usinig in json if [ "${JWT_ENABLED}" == "true" ]; then @@ -75,7 +85,9 @@ else JWT_ENABLED="false" fi -JWT_SECRET=${JWT_SECRET:-secret} +[ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.' + +JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)} JWT_HEADER=${JWT_HEADER:-Authorization} JWT_IN_BODY=${JWT_IN_BODY:-false} @@ -83,7 +95,7 @@ WOPI_ENABLED=${WOPI_ENABLED:-false} GENERATE_FONTS=${GENERATE_FONTS:-true} -if [[ ${PRODUCT_NAME} == "documentserver" ]]; then +if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then REDIS_ENABLED=false else REDIS_ENABLED=true @@ -188,7 +200,7 @@ parse_rabbitmq_url(){ # extract the host local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)" # by request - try to extract the port - local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" + local port="$(echo $hostport | grep : | sed -r 's_^.*:+|/.*$__g')" local host if [ -n "$port" ]; then @@ -295,6 +307,11 @@ update_redis_settings(){ ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};" ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'" ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" + + if [ -n "${REDIS_SERVER_PASS}" ]; then + ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}" + fi + } update_ds_settings(){ @@ -410,12 +427,15 @@ update_welcome_page() { WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html" if [[ -e $WELCOME_PAGE ]]; then DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset)) + (( ${#DOCKER_CONTAINER_ID} < 12 )) && DOCKER_CONTAINER_ID=$(hostname) if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then if [[ -x $(command -v docker) ]]; then DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID) sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE + JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/') else sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE + JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/') fi fi fi @@ -468,6 +488,8 @@ update_nginx_settings(){ if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF} fi + + documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false } update_supervisor_settings(){ @@ -475,6 +497,8 @@ update_supervisor_settings(){ cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/ # Copy modified supervisor config cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf + sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf + cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf etc/supervisor/conf.d/ } update_log_settings(){ @@ -503,7 +527,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${ done # change folder rights -for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do +for i in ${LOG_DIR} ${LIB_DIR}; do chown -R ds:ds "$i" chmod -R 755 "$i" done @@ -577,6 +601,8 @@ else update_welcome_page fi +find /etc/${COMPANY_NAME} -exec chown ds:ds {} \; + #start needed local services for i in ${LOCAL_SERVICES[@]}; do service $i start @@ -625,29 +651,32 @@ if [ "${GENERATE_FONTS}" == "true" ]; then fi documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER} +echo "${JWT_MESSAGE}" + # Check if lager file limits should be set if [ "$LARGER_FILE_LIMITS" = "true" ]; then if [ -e /app/ds/file_limits_set ]; then - echo "" + echo "" else - touch /app/ds/file_limits_set + touch /app/ds/file_limits_set - sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver-example/production-linux.json - - sed -i '9iclient_max_body_size 1000M;' /etc/onlyoffice/documentserver-example/nginx/includes/ds-example.conf - sed -i '16iclient_max_body_size 1000M;' /etc/nginx/nginx.conf - - sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver/default.json - sed -i -e 's/50MB/5000MB/g' /etc/onlyoffice/documentserver/default.json - sed -i -e 's/300MB/3000MB/g' /etc/onlyoffice/documentserver/default.json - - sed -i 's/^client_max_body_size 100m;$/client_max_body_size 1000m;/' /etc/onlyoffice/documentserver/nginx/includes/ds-common.conf + sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver-example/production-linux.json + + sed -i '9iclient_max_body_size 1000M;' /etc/onlyoffice/documentserver-example/nginx/includes/ds-example.conf + sed -i '16iclient_max_body_size 1000M;' /etc/nginx/nginx.conf + + sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver/default.json + sed -i -e 's/50MB/5000MB/g' /etc/onlyoffice/documentserver/default.json + sed -i -e 's/300MB/3000MB/g' /etc/onlyoffice/documentserver/default.json + + sed -i 's/^client_max_body_size 100m;$/client_max_body_size 1000m;/' /etc/onlyoffice/documentserver/nginx/includes/ds-common.conf - service nginx restart - supervisorctl restart all - + service nginx restart + supervisorctl restart all + fi fi tail -f /var/log/${COMPANY_NAME}/**/*.log & wait $! +