diff --git a/.github/workflows/4testing-build.yml b/.github/workflows/4testing-build.yml index 683bb80..def1e2c 100644 --- a/.github/workflows/4testing-build.yml +++ b/.github/workflows/4testing-build.yml @@ -61,7 +61,7 @@ jobs: echo "None of the editions are selected." exit 1 fi - echo "::set-output name=editions::$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" + echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT outputs: editions: ${{ steps.matrix.outputs.editions }} @@ -124,8 +124,8 @@ jobs: BUILD_NUMBER=${{ github.event.inputs.build }} export PRODUCT_EDITION - export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}~stretch - export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/${BUILD_CHANNEL} + export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER} + export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }} export BUILD_CHANNEL export PLATFORM export DOCKERFILE=Dockerfile diff --git a/.github/workflows/stable-build.yml b/.github/workflows/stable-build.yml index d0cc970..9a19768 100644 --- a/.github/workflows/stable-build.yml +++ b/.github/workflows/stable-build.yml @@ -8,6 +8,11 @@ on: description: 'Tag for release (ex. 1.2.3.45)' type: string required: true + release_number: + description: 'Sequence number of the release (ex. x.x.x.)' + type: string + required: true + default: '1' env: COMPANY_NAME: "onlyoffice" @@ -42,10 +47,12 @@ jobs: run: | set -eux VERSION=${{ github.event.inputs.tag }} + RELEASE_NUMBER=${{ github.event.inputs.release_number }} PRODUCT_EDITION=${{ matrix.edition }} TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION} export PRODUCT_EDITION - export TAG=${VERSION} + export PULL_TAG=${VERSION} + export TAG=${VERSION%.*}.${RELEASE_NUMBER} export SHORTER_TAG=${VERSION%.*} export SHORTEST_TAG=${VERSION%.*.*} docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push @@ -82,8 +89,11 @@ jobs: - name: build image run: | set -eux + VERSION=${{ github.event.inputs.tag }} + RELEASE_NUMBER=${{ github.event.inputs.release_number }} + export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER} export PRODUCT_EDITION=${{ matrix.edition }} - export TAG=${{ github.event.inputs.tag }} + export TAG=${VERSION%.*}.${RELEASE_NUMBER} docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push shell: bash @@ -113,12 +123,14 @@ jobs: - name: build UCS run: | set -eux + VERSION=${{ github.event.inputs.tag }} + RELEASE_NUMBER=${{ github.event.inputs.release_number }} export PRODUCT_EDITION=${{ matrix.edition }} - export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/test + export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }} export DOCKERFILE=Dockerfile export BASE_IMAGE=ubuntu:20.04 export PG_VERSION=12 - export TAG=${{ github.event.inputs.tag }} - export PACKAGE_VERSION=$( echo ${TAG} | sed -E 's/(.*)\./\1-/')~stretch + export TAG=${VERSION%.*}.${RELEASE_NUMBER} + export PACKAGE_VERSION=$( echo ${VERSION} | sed -E 's/(.*)\./\1-/') docker buildx bake -f docker-bake.hcl documentserver-ucs --push shell: bash diff --git a/Makefile b/Makefile index 99b749b..546e5cc 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ COMPANY_NAME_ESC = $(subst -,,$(COMPANY_NAME_LOW)) PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION) PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch -PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian/$(BUILD_CHANNEL) +PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test)) DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER) diff --git a/README.md b/README.md index 1364ab9..cfa9e46 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,8 @@ Below is the complete list of parameters that can be set using environment varia - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`. +- **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`. +- **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`. - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false` - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true` - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`. diff --git a/config/supervisor/supervisord.conf b/config/supervisor/supervisord.conf deleted file mode 100644 index 7a6f00b..0000000 --- a/config/supervisor/supervisord.conf +++ /dev/null @@ -1,31 +0,0 @@ -; supervisor config file - -[inet_http_server] -port = 127.0.0.1:9001 -username = ds -password = supervisorpassword - -[supervisord] -logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log) -pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) -childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP) - -; the below section must remain in the config file for RPC -; (supervisorctl/web interface) to work, additional interfaces may be -; added by defining them in separate rpcinterface: sections -[rpcinterface:supervisor] -supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface - -[supervisorctl] -serverurl = http://localhost:9001 ; use a unix:// URL for a unix socket -username = ds -password = supervisorpassword - -; The [include] section can just contain the "files" setting. This -; setting can list multiple files (separated by whitespace or -; newlines). It can also contain wildcards. The filenames are -; interpreted as relative to this file. Included files *cannot* -; include files themselves. - -[include] -files = /etc/supervisor/conf.d/*.conf diff --git a/docker-bake.hcl b/docker-bake.hcl index 28396a6..4082f4a 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -10,6 +10,10 @@ variable "SHORTEST_TAG" { default = "" } +variable "PULL_TAG" { + default = "" +} + variable "COMPANY_NAME" { default = "" } @@ -90,7 +94,7 @@ target "documentserver-stable" { equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",] platforms = ["linux/amd64", "linux/arm64"] args = { - "TAG": "${TAG}" + "PULL_TAG": "${PULL_TAG}" "COMPANY_NAME": "${COMPANY_NAME}" "PRODUCT_NAME": "${PRODUCT_NAME}" "PRODUCT_EDITION": "${PRODUCT_EDITION}" @@ -121,7 +125,7 @@ target "documentserver-nonexample" { tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ] platforms = ["linux/amd64", "linux/arm64"] args = { - "TAG": "${TAG}" + "PULL_TAG": "${PULL_TAG}" "COMPANY_NAME": "${COMPANY_NAME}" "PRODUCT_NAME": "${PRODUCT_NAME}" "PRODUCT_EDITION": "${PRODUCT_EDITION}" diff --git a/production.dockerfile b/production.dockerfile index 3c7b3bd..0706a58 100644 --- a/production.dockerfile +++ b/production.dockerfile @@ -1,15 +1,15 @@ ### Arguments avavlivable only for FROM instruction ### -ARG TAG=latest +ARG PULL_TAG=latest ARG COMPANY_NAME=onlyoffice ARG PRODUCT_EDITION= ### Build main-release ### -FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable +FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable ### Build nonexample ### -FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample +FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample ARG COMPANY_NAME=onlyoffice ARG PRODUCT_NAME=documentserver diff --git a/run-document-server.sh b/run-document-server.sh old mode 100755 new mode 100644 index c075f2d..9a4d174 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -92,6 +92,8 @@ JWT_HEADER=${JWT_HEADER:-Authorization} JWT_IN_BODY=${JWT_IN_BODY:-false} WOPI_ENABLED=${WOPI_ENABLED:-false} +ALLOW_META_IP_ADDRESS=${ALLOW_META_IP_ADDRESS:-false} +ALLOW_PRIVATE_IP_ADDRESS=${ALLOW_PRIVATE_IP_ADDRESS:-false} GENERATE_FONTS=${GENERATE_FONTS:-true} @@ -344,6 +346,12 @@ update_ds_settings(){ ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}" ${JSON} -I -e "this.wopi.enable = true" fi + + if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then + ${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}" + [ "${ALLOW_META_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true" + [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true" + fi } create_postgresql_cluster(){ @@ -494,9 +502,6 @@ update_nginx_settings(){ update_supervisor_settings(){ # Copy modified supervisor start script cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/ - # Copy modified supervisor config - cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf - sed "s_\(password =\).*_\1 $(pwgen -s 20)_" -i /etc/supervisor/supervisord.conf sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf /etc/supervisor/conf.d/ } @@ -601,7 +606,7 @@ else update_welcome_page fi -find /etc/${COMPANY_NAME} -exec chown ds:ds {} \; +find /etc/${COMPANY_NAME} ! -path '*logrotate*' -exec chown ds:ds {} \; #start needed local services for i in ${LOCAL_SERVICES[@]}; do