From 67bda4f479bcf8f579bccd5d40a76eb1a486a3d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ji=C5=99=C3=AD=20=C5=A0tefka?= Date: Sun, 15 May 2022 18:22:11 +0200 Subject: [PATCH] Setting larger file limits now works --- run-document-server.sh | 764 ++++++++++++++++++++--------------------- 1 file changed, 381 insertions(+), 383 deletions(-) diff --git a/run-document-server.sh b/run-document-server.sh index af4ac87..7b1f5fd 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -1,7 +1,7 @@ #!/bin/bash function clean_exit { - /usr/bin/documentserver-prepare4shutdown.sh +/usr/bin/documentserver-prepare4shutdown.sh } trap clean_exit SIGTERM @@ -9,6 +9,27 @@ trap clean_exit SIGTERM # Define '**' behavior explicitly shopt -s globstar +# Check if lager file limits should be set +if [ "$LARGER_FILE_LIMITS" = "true" ]; then +if [ -e /app/ds/file_limits_set ]; then +echo "" +else +touch /app/ds/file_limits_set + +sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver-example/production-linux.json + +sed -i '9iclient_max_body_size 1000M;' /etc/onlyoffice/documentserver-example/nginx/includes/ds-example.conf +sed -i '16iclient_max_body_size 1000M;' /etc/nginx/nginx.conf + +sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver/default.json +sed -i -e 's/50MB/5000MB/g' /etc/onlyoffice/documentserver/default.json +sed -i -e 's/300MB/3000MB/g' /etc/onlyoffice/documentserver/default.json + +sed -i 's/^client_max_body_size 100m;$/client_max_body_size 1000m;/' /etc/onlyoffice/documentserver/nginx/includes/ds-common.conf + +fi +fi + APP_DIR="/var/www/${COMPANY_NAME}/documentserver" DATA_DIR="/var/www/${COMPANY_NAME}/Data" PRIVATE_DATA_DIR="${DATA_DIR}/.private" @@ -26,27 +47,27 @@ ONLYOFFICE_DATA_CONTAINER_PORT=80 RELEASE_DATE="$(stat -c="%y" ${APP_DIR}/server/DocService/docservice | sed -r 's/=([0-9]+)-([0-9]+)-([0-9]+) ([0-9:.+ ]+)/\1-\2-\3/')"; if [ -f ${DS_RELEASE_DATE} ]; then - PREV_RELEASE_DATE=$(head -n 1 ${DS_RELEASE_DATE}) +PREV_RELEASE_DATE=$(head -n 1 ${DS_RELEASE_DATE}) else - PREV_RELEASE_DATE="0" +PREV_RELEASE_DATE="0" fi if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then - if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then - IS_UPGRADE="true"; - fi +if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then +IS_UPGRADE="true"; +fi fi SSL_CERTIFICATES_DIR="${DATA_DIR}/certs" if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then - SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt +SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt else - SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt} +SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt} fi if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then - SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key +SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key else - SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key} +SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key} fi CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem} SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem} @@ -70,9 +91,9 @@ JWT_ENABLED=${JWT_ENABLED:-false} # validate user's vars before usinig in json if [ "${JWT_ENABLED}" == "true" ]; then - JWT_ENABLED="true" +JWT_ENABLED="true" else - JWT_ENABLED="false" +JWT_ENABLED="false" fi JWT_SECRET=${JWT_SECRET:-secret} @@ -84,9 +105,9 @@ WOPI_ENABLED=${WOPI_ENABLED:-false} GENERATE_FONTS=${GENERATE_FONTS:-true} if [[ ${PRODUCT_NAME} == "documentserver" ]]; then - REDIS_ENABLED=false +REDIS_ENABLED=false else - REDIS_ENABLED=true +REDIS_ENABLED=true fi ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json @@ -108,543 +129,520 @@ RABBITMQ_DATA=/var/lib/rabbitmq REDIS_DATA=/var/lib/redis if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then - LETSENCRYPT_ROOT_DIR="/etc/letsencrypt/live" - SSL_CERTIFICATE_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/fullchain.pem - SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem +LETSENCRYPT_ROOT_DIR="/etc/letsencrypt/live" +SSL_CERTIFICATE_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/fullchain.pem +SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem fi read_setting(){ - deprecated_var POSTGRESQL_SERVER_HOST DB_HOST - deprecated_var POSTGRESQL_SERVER_PORT DB_PORT - deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME - deprecated_var POSTGRESQL_SERVER_USER DB_USER - deprecated_var POSTGRESQL_SERVER_PASS DB_PWD - deprecated_var RABBITMQ_SERVER_URL AMQP_URI - deprecated_var AMQP_SERVER_URL AMQP_URI - deprecated_var AMQP_SERVER_TYPE AMQP_TYPE +deprecated_var POSTGRESQL_SERVER_HOST DB_HOST +deprecated_var POSTGRESQL_SERVER_PORT DB_PORT +deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME +deprecated_var POSTGRESQL_SERVER_USER DB_USER +deprecated_var POSTGRESQL_SERVER_PASS DB_PWD +deprecated_var RABBITMQ_SERVER_URL AMQP_URI +deprecated_var AMQP_SERVER_URL AMQP_URI +deprecated_var AMQP_SERVER_TYPE AMQP_TYPE - METRICS_ENABLED="${METRICS_ENABLED:-false}" - METRICS_HOST="${METRICS_HOST:-localhost}" - METRICS_PORT="${METRICS_PORT:-8125}" - METRICS_PREFIX="${METRICS_PREFIX:-.ds}" +METRICS_ENABLED="${METRICS_ENABLED:-false}" +METRICS_HOST="${METRICS_HOST:-localhost}" +METRICS_PORT="${METRICS_PORT:-8125}" +METRICS_PREFIX="${METRICS_PREFIX:-.ds}" - DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}} - DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)} - case $DB_TYPE in - "postgres") - DB_PORT=${DB_PORT:-"5432"} - ;; - "mariadb"|"mysql") - DB_PORT=${DB_PORT:-"3306"} - ;; - "") - DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}} - ;; - *) - echo "ERROR: unknown database type" - exit 1 - ;; - esac - DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}} - DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}} - DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}} +DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}} +DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)} +case $DB_TYPE in +"postgres") +DB_PORT=${DB_PORT:-"5432"} +;; +"mariadb"|"mysql") +DB_PORT=${DB_PORT:-"3306"} +;; +"") +DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}} +;; +*) +echo "ERROR: unknown database type" +exit 1 +;; +esac +DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}} +DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}} +DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}} - RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)} - AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}} - AMQP_TYPE=${AMQP_TYPE:-${AMQP_SERVER_TYPE:-rabbitmq}} - parse_rabbitmq_url ${AMQP_URI} +RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)} +AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}} +AMQP_TYPE=${AMQP_TYPE:-${AMQP_SERVER_TYPE:-rabbitmq}} +parse_rabbitmq_url ${AMQP_URI} - REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)} - REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379} +REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)} +REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379} - DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)} +DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)} } deprecated_var() { - if [[ -n ${!1} ]]; then - echo "Variable $1 is deprecated. Use $2 instead." - fi +if [[ -n ${!1} ]]; then +echo "Variable $1 is deprecated. Use $2 instead." +fi } parse_rabbitmq_url(){ - local amqp=$1 +local amqp=$1 - # extract the protocol - local proto="$(echo $amqp | grep :// | sed -e's,^\(.*://\).*,\1,g')" - # remove the protocol - local url="$(echo ${amqp/$proto/})" +# extract the protocol +local proto="$(echo $amqp | grep :// | sed -e's,^\(.*://\).*,\1,g')" +# remove the protocol +local url="$(echo ${amqp/$proto/})" - # extract the user and password (if any) - local userpass="`echo $url | grep @ | cut -d@ -f1`" - local pass=`echo $userpass | grep : | cut -d: -f2` +# extract the user and password (if any) +local userpass="`echo $url | grep @ | cut -d@ -f1`" +local pass=`echo $userpass | grep : | cut -d: -f2` - local user - if [ -n "$pass" ]; then - user=`echo $userpass | grep : | cut -d: -f1` - else - user=$userpass - fi +local user +if [ -n "$pass" ]; then +user=`echo $userpass | grep : | cut -d: -f1` +else +user=$userpass +fi - # extract the host - local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)" - # by request - try to extract the port - local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" +# extract the host +local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)" +# by request - try to extract the port +local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')" - local host - if [ -n "$port" ]; then - host=`echo $hostport | grep : | cut -d: -f1` - else - host=$hostport - port="5672" - fi +local host +if [ -n "$port" ]; then +host=`echo $hostport | grep : | cut -d: -f1` +else +host=$hostport +port="5672" +fi - # extract the path (if any) - local path="$(echo $url | grep / | cut -d/ -f2-)" +# extract the path (if any) +local path="$(echo $url | grep / | cut -d/ -f2-)" - AMQP_SERVER_PROTO=${proto:0:-3} - AMQP_SERVER_HOST=$host - AMQP_SERVER_USER=$user - AMQP_SERVER_PASS=$pass - AMQP_SERVER_PORT=$port +AMQP_SERVER_PROTO=${proto:0:-3} +AMQP_SERVER_HOST=$host +AMQP_SERVER_USER=$user +AMQP_SERVER_PASS=$pass +AMQP_SERVER_PORT=$port } waiting_for_connection(){ - until nc -z -w 3 "$1" "$2"; do - >&2 echo "Waiting for connection to the $1 host on port $2" - sleep 1 - done +until nc -z -w 3 "$1" "$2"; do +>&2 echo "Waiting for connection to the $1 host on port $2" +sleep 1 +done } waiting_for_db(){ - waiting_for_connection $DB_HOST $DB_PORT +waiting_for_connection $DB_HOST $DB_PORT } waiting_for_amqp(){ - waiting_for_connection ${AMQP_SERVER_HOST} ${AMQP_SERVER_PORT} +waiting_for_connection ${AMQP_SERVER_HOST} ${AMQP_SERVER_PORT} } waiting_for_redis(){ - waiting_for_connection ${REDIS_SERVER_HOST} ${REDIS_SERVER_PORT} +waiting_for_connection ${REDIS_SERVER_HOST} ${REDIS_SERVER_PORT} } waiting_for_datacontainer(){ - waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT} +waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT} } update_statsd_settings(){ - ${JSON} -I -e "if(this.statsd===undefined)this.statsd={};" - ${JSON} -I -e "this.statsd.useMetrics = '${METRICS_ENABLED}'" - ${JSON} -I -e "this.statsd.host = '${METRICS_HOST}'" - ${JSON} -I -e "this.statsd.port = '${METRICS_PORT}'" - ${JSON} -I -e "this.statsd.prefix = '${METRICS_PREFIX}'" +${JSON} -I -e "if(this.statsd===undefined)this.statsd={};" +${JSON} -I -e "this.statsd.useMetrics = '${METRICS_ENABLED}'" +${JSON} -I -e "this.statsd.host = '${METRICS_HOST}'" +${JSON} -I -e "this.statsd.port = '${METRICS_PORT}'" +${JSON} -I -e "this.statsd.prefix = '${METRICS_PREFIX}'" } update_db_settings(){ - ${JSON} -I -e "this.services.CoAuthoring.sql.type = '${DB_TYPE}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'" +${JSON} -I -e "this.services.CoAuthoring.sql.type = '${DB_TYPE}'" +${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'" +${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'" +${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'" +${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'" +${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'" } update_rabbitmq_setting(){ - if [ "${AMQP_TYPE}" == "rabbitmq" ]; then - ${JSON} -I -e "if(this.queue===undefined)this.queue={};" - ${JSON} -I -e "this.queue.type = 'rabbitmq'" - ${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'" - fi - - if [ "${AMQP_TYPE}" == "activemq" ]; then - ${JSON} -I -e "if(this.queue===undefined)this.queue={};" - ${JSON} -I -e "this.queue.type = 'activemq'" - ${JSON} -I -e "if(this.activemq===undefined)this.activemq={};" - ${JSON} -I -e "if(this.activemq.connectOptions===undefined)this.activemq.connectOptions={};" +if [ "${AMQP_TYPE}" == "rabbitmq" ]; then +${JSON} -I -e "if(this.queue===undefined)this.queue={};" +${JSON} -I -e "this.queue.type = 'rabbitmq'" +${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'" +fi - ${JSON} -I -e "this.activemq.connectOptions.host = '${AMQP_SERVER_HOST}'" +if [ "${AMQP_TYPE}" == "activemq" ]; then +${JSON} -I -e "if(this.queue===undefined)this.queue={};" +${JSON} -I -e "this.queue.type = 'activemq'" +${JSON} -I -e "if(this.activemq===undefined)this.activemq={};" +${JSON} -I -e "if(this.activemq.connectOptions===undefined)this.activemq.connectOptions={};" - if [ ! "${AMQP_SERVER_PORT}" == "" ]; then - ${JSON} -I -e "this.activemq.connectOptions.port = '${AMQP_SERVER_PORT}'" - else - ${JSON} -I -e "delete this.activemq.connectOptions.port" - fi +${JSON} -I -e "this.activemq.connectOptions.host = '${AMQP_SERVER_HOST}'" - if [ ! "${AMQP_SERVER_USER}" == "" ]; then - ${JSON} -I -e "this.activemq.connectOptions.username = '${AMQP_SERVER_USER}'" - else - ${JSON} -I -e "delete this.activemq.connectOptions.username" - fi +if [ ! "${AMQP_SERVER_PORT}" == "" ]; then +${JSON} -I -e "this.activemq.connectOptions.port = '${AMQP_SERVER_PORT}'" +else +${JSON} -I -e "delete this.activemq.connectOptions.port" +fi - if [ ! "${AMQP_SERVER_PASS}" == "" ]; then - ${JSON} -I -e "this.activemq.connectOptions.password = '${AMQP_SERVER_PASS}'" - else - ${JSON} -I -e "delete this.activemq.connectOptions.password" - fi +if [ ! "${AMQP_SERVER_USER}" == "" ]; then +${JSON} -I -e "this.activemq.connectOptions.username = '${AMQP_SERVER_USER}'" +else +${JSON} -I -e "delete this.activemq.connectOptions.username" +fi - case "${AMQP_SERVER_PROTO}" in - amqp+ssl|amqps) - ${JSON} -I -e "this.activemq.connectOptions.transport = 'tls'" - ;; - *) - ${JSON} -I -e "delete this.activemq.connectOptions.transport" - ;; - esac - fi +if [ ! "${AMQP_SERVER_PASS}" == "" ]; then +${JSON} -I -e "this.activemq.connectOptions.password = '${AMQP_SERVER_PASS}'" +else +${JSON} -I -e "delete this.activemq.connectOptions.password" +fi + +case "${AMQP_SERVER_PROTO}" in +amqp+ssl|amqps) +${JSON} -I -e "this.activemq.connectOptions.transport = 'tls'" +;; +*) +${JSON} -I -e "delete this.activemq.connectOptions.transport" +;; +esac +fi } update_redis_settings(){ - ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};" - ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'" - ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" +${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};" +${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'" +${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" } update_ds_settings(){ - ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" - ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" - ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}" +${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" +${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" +${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}" - ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'" - ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'" - ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'" +${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'" +${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'" +${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'" - ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" - ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" +${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" +${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" - ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}" - ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}" +${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}" +${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}" - if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then - ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}" - ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'" - ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'" - fi - - if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then - ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}" - ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false" - fi +if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then +${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}" +${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'" +${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'" +fi - if [ "${WOPI_ENABLED}" == "true" ]; then - ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}" - ${JSON} -I -e "this.wopi.enable = true" - fi +if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then +${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}" +${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false" +fi + +if [ "${WOPI_ENABLED}" == "true" ]; then +${JSON} -I -e "if(this.wopi===undefined)this.wopi={}" +${JSON} -I -e "this.wopi.enable = true" +fi } create_postgresql_cluster(){ - local pg_conf_dir=/etc/postgresql/${PG_VERSION}/${PG_NAME} - local postgresql_conf=$pg_conf_dir/postgresql.conf - local hba_conf=$pg_conf_dir/pg_hba.conf +local pg_conf_dir=/etc/postgresql/${PG_VERSION}/${PG_NAME} +local postgresql_conf=$pg_conf_dir/postgresql.conf +local hba_conf=$pg_conf_dir/pg_hba.conf - mv $postgresql_conf $postgresql_conf.backup - mv $hba_conf $hba_conf.backup +mv $postgresql_conf $postgresql_conf.backup +mv $hba_conf $hba_conf.backup - pg_createcluster ${PG_VERSION} ${PG_NAME} +pg_createcluster ${PG_VERSION} ${PG_NAME} } create_postgresql_db(){ - sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" - sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';" - sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;" +sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" +sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';" +sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;" } create_db_tbl() { - case $DB_TYPE in - "postgres") - create_postgresql_tbl - ;; - "mariadb"|"mysql") - create_mysql_tbl - ;; - esac +case $DB_TYPE in +"postgres") +create_postgresql_tbl +;; +"mariadb"|"mysql") +create_mysql_tbl +;; +esac } upgrade_db_tbl() { - case $DB_TYPE in - "postgres") - upgrade_postgresql_tbl - ;; - "mariadb"|"mysql") - upgrade_mysql_tbl - ;; - esac +case $DB_TYPE in +"postgres") +upgrade_postgresql_tbl +;; +"mariadb"|"mysql") +upgrade_mysql_tbl +;; +esac } upgrade_postgresql_tbl() { - if [ -n "$DB_PWD" ]; then - export PGPASSWORD=$DB_PWD - fi +if [ -n "$DB_PWD" ]; then +export PGPASSWORD=$DB_PWD +fi - PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w" +PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w" - $PSQL -f "$APP_DIR/server/schema/postgresql/removetbl.sql" - $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql" +$PSQL -f "$APP_DIR/server/schema/postgresql/removetbl.sql" +$PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql" } upgrade_mysql_tbl() { - CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w" - MYSQL="mysql -q $CONNECTION_PARAMS" +CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w" +MYSQL="mysql -q $CONNECTION_PARAMS" - $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/removetbl.sql" >/dev/null 2>&1 - $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1 +$MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/removetbl.sql" >/dev/null 2>&1 +$MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1 } create_postgresql_tbl() { - if [ -n "$DB_PWD" ]; then - export PGPASSWORD=$DB_PWD - fi +if [ -n "$DB_PWD" ]; then +export PGPASSWORD=$DB_PWD +fi - PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w" - $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql" +PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w" +$PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql" } create_mysql_tbl() { - CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w" - MYSQL="mysql -q $CONNECTION_PARAMS" +CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w" +MYSQL="mysql -q $CONNECTION_PARAMS" - # Create db on remote server - $MYSQL -e "CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" >/dev/null 2>&1 +# Create db on remote server +$MYSQL -e "CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" >/dev/null 2>&1 - $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1 +$MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1 } update_welcome_page() { - WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html" - if [[ -e $WELCOME_PAGE ]]; then - DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset)) - if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then - if [[ -x $(command -v docker) ]]; then - DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID) - sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE - else - sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE - fi - fi - fi +WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html" +if [[ -e $WELCOME_PAGE ]]; then +DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset)) +if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then +if [[ -x $(command -v docker) ]]; then +DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID) +sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE +else +sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE +fi +fi +fi } update_nginx_settings(){ - # Set up nginx - sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH} - sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_CONFIG_PATH} - sed 's/access_log.*/'"access_log off;"'/' -i ${NGINX_CONFIG_PATH} +# Set up nginx +sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH} +sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_CONFIG_PATH} +sed 's/access_log.*/'"access_log off;"'/' -i ${NGINX_CONFIG_PATH} - # setup HTTPS - if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then - cp -f ${NGINX_ONLYOFFICE_PATH}/ds-ssl.conf.tmpl ${NGINX_ONLYOFFICE_CONF} +# setup HTTPS +if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then +cp -f ${NGINX_ONLYOFFICE_PATH}/ds-ssl.conf.tmpl ${NGINX_ONLYOFFICE_CONF} - # configure nginx - sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF} - sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF} +# configure nginx +sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF} +sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF} - # turn on http2 - sed 's,\(443 ssl\),\1 http2,' -i ${NGINX_ONLYOFFICE_CONF} +# turn on http2 +sed 's,\(443 ssl\),\1 http2,' -i ${NGINX_ONLYOFFICE_CONF} - # if dhparam path is valid, add to the config, otherwise remove the option - if [ -r "${SSL_DHPARAM_PATH}" ]; then - sed 's,\(\#* *\)\?\(ssl_dhparam \).*\(;\)$,'"\2${SSL_DHPARAM_PATH}\3"',' -i ${NGINX_ONLYOFFICE_CONF} - else - sed '/ssl_dhparam/d' -i ${NGINX_ONLYOFFICE_CONF} - fi +# if dhparam path is valid, add to the config, otherwise remove the option +if [ -r "${SSL_DHPARAM_PATH}" ]; then +sed 's,\(\#* *\)\?\(ssl_dhparam \).*\(;\)$,'"\2${SSL_DHPARAM_PATH}\3"',' -i ${NGINX_ONLYOFFICE_CONF} +else +sed '/ssl_dhparam/d' -i ${NGINX_ONLYOFFICE_CONF} +fi - sed 's,\(ssl_verify_client \).*\(;\)$,'"\1${SSL_VERIFY_CLIENT}\2"',' -i ${NGINX_ONLYOFFICE_CONF} +sed 's,\(ssl_verify_client \).*\(;\)$,'"\1${SSL_VERIFY_CLIENT}\2"',' -i ${NGINX_ONLYOFFICE_CONF} - if [ -f "${CA_CERTIFICATES_PATH}" ]; then - sed '/ssl_verify_client/a '"ssl_client_certificate ${CA_CERTIFICATES_PATH}"';' -i ${NGINX_ONLYOFFICE_CONF} - fi +if [ -f "${CA_CERTIFICATES_PATH}" ]; then +sed '/ssl_verify_client/a '"ssl_client_certificate ${CA_CERTIFICATES_PATH}"';' -i ${NGINX_ONLYOFFICE_CONF} +fi - if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then - sed 's,\(max-age=\).*\(;\)$,'"\1${ONLYOFFICE_HTTPS_HSTS_MAXAGE}\2"',' -i ${NGINX_ONLYOFFICE_CONF} - else - sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF} - fi - else - ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF} - fi +if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then +sed 's,\(max-age=\).*\(;\)$,'"\1${ONLYOFFICE_HTTPS_HSTS_MAXAGE}\2"',' -i ${NGINX_ONLYOFFICE_CONF} +else +sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF} +fi +else +ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF} +fi - # check if ipv6 supported otherwise remove it from nginx config - if [ ! -f /proc/net/if_inet6 ]; then - sed '/listen\s\+\[::[0-9]*\].\+/d' -i $NGINX_ONLYOFFICE_CONF - fi +# check if ipv6 supported otherwise remove it from nginx config +if [ ! -f /proc/net/if_inet6 ]; then +sed '/listen\s\+\[::[0-9]*\].\+/d' -i $NGINX_ONLYOFFICE_CONF +fi - if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then - sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF} - fi +if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then +sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF} +fi } update_supervisor_settings(){ - # Copy modified supervisor start script - cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/ - # Copy modified supervisor config - cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf +# Copy modified supervisor start script +cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/ +# Copy modified supervisor config +cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf } update_log_settings(){ - ${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'" +${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'" } update_logrotate_settings(){ - sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf +sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf } update_release_date(){ - mkdir -p ${PRIVATE_DATA_DIR} - echo ${RELEASE_DATE} > ${DS_RELEASE_DATE} +mkdir -p ${PRIVATE_DATA_DIR} +echo ${RELEASE_DATE} > ${DS_RELEASE_DATE} } # create base folders for i in converter docservice metrics; do - mkdir -p "${DS_LOG_DIR}/$i" +mkdir -p "${DS_LOG_DIR}/$i" done mkdir -p ${DS_LOG_DIR}-example # create app folders for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do - mkdir -p "$i" +mkdir -p "$i" done # change folder rights for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do - chown -R ds:ds "$i" - chmod -R 755 "$i" +chown -R ds:ds "$i" +chmod -R 755 "$i" done if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then - read_setting +read_setting - if [ $METRICS_ENABLED = "true" ]; then - update_statsd_settings - fi +if [ $METRICS_ENABLED = "true" ]; then +update_statsd_settings +fi - update_welcome_page +update_welcome_page - update_log_settings +update_log_settings - update_ds_settings +update_ds_settings - # update settings by env variables - if [ $DB_HOST != "localhost" ]; then - update_db_settings - waiting_for_db - create_db_tbl - else - # change rights for postgres directory - chown -R postgres:postgres ${PG_ROOT} - chmod -R 700 ${PG_ROOT} - - # create new db if it isn't exist - if [ ! -d ${PGDATA} ]; then - create_postgresql_cluster - PG_NEW_CLUSTER=true - fi - LOCAL_SERVICES+=("postgresql") - fi - - if [ ${AMQP_SERVER_HOST} != "localhost" ]; then - update_rabbitmq_setting - else - # change rights for rabbitmq directory - chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA} - chmod -R go=rX,u=rwX ${RABBITMQ_DATA} - if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then - chmod 400 ${RABBITMQ_DATA}/.erlang.cookie - fi - - LOCAL_SERVICES+=("rabbitmq-server") - # allow Rabbitmq startup after container kill - rm -rf /var/run/rabbitmq - fi - - if [ ${REDIS_ENABLED} = "true" ]; then - if [ ${REDIS_SERVER_HOST} != "localhost" ]; then - update_redis_settings - else - # change rights for redis directory - chown -R redis:redis ${REDIS_DATA} - chmod -R 750 ${REDIS_DATA} - - LOCAL_SERVICES+=("redis-server") - fi - fi +# update settings by env variables +if [ $DB_HOST != "localhost" ]; then +update_db_settings +waiting_for_db +create_db_tbl else - # no need to update settings just wait for remote data - waiting_for_datacontainer +# change rights for postgres directory +chown -R postgres:postgres ${PG_ROOT} +chmod -R 700 ${PG_ROOT} - # read settings after the data container in ready state - # to prevent get unconfigureted data - read_setting - - update_welcome_page +# create new db if it isn't exist +if [ ! -d ${PGDATA} ]; then +create_postgresql_cluster +PG_NEW_CLUSTER=true +fi +LOCAL_SERVICES+=("postgresql") +fi + +if [ ${AMQP_SERVER_HOST} != "localhost" ]; then +update_rabbitmq_setting +else +# change rights for rabbitmq directory +chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA} +chmod -R go=rX,u=rwX ${RABBITMQ_DATA} +if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then +chmod 400 ${RABBITMQ_DATA}/.erlang.cookie +fi + +LOCAL_SERVICES+=("rabbitmq-server") +# allow Rabbitmq startup after container kill +rm -rf /var/run/rabbitmq +fi + +if [ ${REDIS_ENABLED} = "true" ]; then +if [ ${REDIS_SERVER_HOST} != "localhost" ]; then +update_redis_settings +else +# change rights for redis directory +chown -R redis:redis ${REDIS_DATA} +chmod -R 750 ${REDIS_DATA} + +LOCAL_SERVICES+=("redis-server") +fi +fi +else +# no need to update settings just wait for remote data +waiting_for_datacontainer + +# read settings after the data container in ready state +# to prevent get unconfigureted data +read_setting + +update_welcome_page fi #start needed local services for i in ${LOCAL_SERVICES[@]}; do - service $i start +service $i start done if [ ${PG_NEW_CLUSTER} = "true" ]; then - create_postgresql_db - create_postgresql_tbl +create_postgresql_db +create_postgresql_tbl fi if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then - waiting_for_db - waiting_for_amqp - if [ ${REDIS_ENABLED} = "true" ]; then - waiting_for_redis - fi +waiting_for_db +waiting_for_amqp +if [ ${REDIS_ENABLED} = "true" ]; then +waiting_for_redis +fi - if [ "${IS_UPGRADE}" = "true" ]; then - upgrade_db_tbl - update_release_date - fi +if [ "${IS_UPGRADE}" = "true" ]; then +upgrade_db_tbl +update_release_date +fi - update_nginx_settings +update_nginx_settings - update_supervisor_settings - service supervisor start - - # start cron to enable log rotating - update_logrotate_settings - service cron start +update_supervisor_settings +service supervisor start + +# start cron to enable log rotating +update_logrotate_settings +service cron start fi # nginx used as a proxy, and as data container status service. # it run in all cases. service nginx start -# Check if lager file limits should be set -if [ "$LARGER_FILE_LIMITS" = "true" ]; then - if [ -e /app/ds/file_limits_set ]; then - echo "" - else - touch /app/ds/file_limits_set - - sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver-example/production-linux.json - - sed -i '9iclient_max_body_size 1000M;' /etc/onlyoffice/documentserver-example/nginx/includes/ds-example.conf - sed -i '16iclient_max_body_size 1000M;' /etc/nginx/nginx.conf - - sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver/default.json - sed -i -e 's/50MB/5000MB/g' /etc/onlyoffice/documentserver/default.json - sed -i -e 's/300MB/3000MB/g' /etc/onlyoffice/documentserver/default.json - - sed -i 's/^client_max_body_size 100m;$/client_max_body_size 1000m;/' /etc/onlyoffice/documentserver/nginx/includes/ds-common.conf - - service nginx restart - supervisorctl restart all - fi -fi - if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then - if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then - documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN} - fi +if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then +documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN} +fi fi # Regenerate the fonts list and the fonts thumbnails if [ "${GENERATE_FONTS}" == "true" ]; then - documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER} +documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER} fi documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}