From ef8826aca47720339081df36eab88b3a3f9602a9 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Fri, 1 Sep 2017 16:59:34 +0300 Subject: [PATCH 1/3] Added jwt params --- run-document-server.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/run-document-server.sh b/run-document-server.sh index 7a7c9c1..da40e9a 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -28,6 +28,10 @@ NGINX_CONFIG_PATH="/etc/nginx/nginx.conf" NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)} NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)} +JWT_ENABLED=${JWT_ENABLED:-false} +JWT_SECRET=${JWT_SECRET:-secret} +JWT_HEADER=${JWT_HEADER:-Authorization} + ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/default.json ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json @@ -136,6 +140,21 @@ update_redis_settings(){ ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" } +update_jwt_settings(){ + if [ "${JWT_ENABLED}" == "true" ]; then + ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = '${JWT_ENABLED}'" + ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = '${JWT_ENABLED}'" + ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = '${JWT_ENABLED}'" + + ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'" + ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'" + ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'" + + ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" + ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" + fi +} + create_postgresql_cluster(){ local pg_conf_dir=/etc/postgresql/${PG_VERSION}/${PG_NAME} local postgresql_conf=$pg_conf_dir/postgresql.conf @@ -235,6 +254,8 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then update_log_settings + update_jwt_settings + # update settings by env variables if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then update_postgresql_settings From 6cf41fa955f6ecc1b559af9a46a55aea4b79a277 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 6 Sep 2017 17:21:52 +0300 Subject: [PATCH 2/3] Added jwt setup to example --- run-document-server.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/run-document-server.sh b/run-document-server.sh index da40e9a..5763d70 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -34,9 +34,11 @@ JWT_HEADER=${JWT_HEADER:-Authorization} ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/default.json ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json +ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/default.json JSON="json -q -f ${ONLYOFFICE_DEFAULT_CONFIG}" JSON_LOG="json -q -f ${ONLYOFFICE_LOG4JS_CONFIG}" +JSON_EXAMPLE="json -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}" LOCAL_SERVICES=() @@ -152,6 +154,12 @@ update_jwt_settings(){ ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" + + if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then + ${JSON_EXAMPLE} -I -e "this.server.token.enable = '${JWT_ENABLED}'" + ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'" + ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'" + fi fi } From 9559beeddf0996e5b3c6faabbfaf2cecf7eb6223 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Mon, 11 Sep 2017 19:02:19 +0300 Subject: [PATCH 3/3] Added description to jwt params --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index a0f6cbc..1511132 100644 --- a/README.md +++ b/README.md @@ -172,6 +172,9 @@ Below is the complete list of parameters that can be set using environment varia - **REDIS_SERVER_PORT**: The Redis server port number. - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. +- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`. +- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. +- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers