diff --git a/README.md b/README.md index 66157cb..1511132 100644 --- a/README.md +++ b/README.md @@ -58,15 +58,21 @@ Use this command if you wish to install ONLYOFFICE Document Server separately. T All the data are stored in the specially-designated directories, **data volumes**, at the following location: * **/var/log/onlyoffice** for ONLYOFFICE Document Server logs * **/var/www/onlyoffice/Data** for certificates +* **/var/lib/onlyoffice** for file cache +* **/var/lib/postgresql** for database To get access to your data from outside the container, you need to mount the volumes. It can be done by specifying the '-v' option in the docker run command. sudo docker run -i -t -d -p 80:80 \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ - -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice onlyoffice/documentserver + -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ + -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver -Storing the data on the host machine allows you to easily update ONLYOFFICE once the new version is released without losing your data. +Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful: +* For easy access to container data, such as logs +* To remove the limit on the size of the data inside the container +* When using services launched outside the container such as PostgreSQL, Redis, RabbitMQ ### Running ONLYOFFICE Document Server on Different Port @@ -166,56 +172,85 @@ Below is the complete list of parameters that can be set using environment varia - **REDIS_SERVER_PORT**: The Redis server port number. - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. +- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`. +- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. +- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers ONLYOFFICE Document Server is a part of ONLYOFFICE Community Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps: -**STEP 1**: Create the 'onlyoffice' network. +**STEP 1**: Create the `onlyoffice` network. ```bash docker network create --driver bridge onlyoffice ``` -Than launch containers on it using the 'docker run --net onlyoffice' option: +Then launch containers on it using the 'docker run --net onlyoffice' option: -**STEP 1**: Install ONLYOFFICE Document Server. +**STEP 2**: Install MySQL. + +Follow [these steps](#installing-mysql) to install MySQL server. + +**STEP 3**: Install ONLYOFFICE Document Server. ```bash sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \ - -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ - -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ + -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ + -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ + -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \ onlyoffice/documentserver ``` -**STEP 2**: Install ONLYOFFICE Mail Server. +**STEP 4**: Install ONLYOFFICE Mail Server. For the mail server correct work you need to specify its hostname 'yourdomain.com'. -To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation"). ```bash -sudo docker run --net onlyoffice --privileged -i -t -d --restart=always --name onlyoffice-mail-server \ - -p 25:25 -p 143:143 -p 587:587 \ - -v /app/onlyoffice/MailServer/data:/var/vmail \ - -v /app/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver \ - -v /app/onlyoffice/MailServer/logs:/var/log \ - -v /app/onlyoffice/MailServer/mysql:/var/lib/mysql \ - -h yourdomain.com \ - onlyoffice/mailserver +sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always --name onlyoffice-mail-server -p 25:25 -p 143:143 -p 587:587 \ + -e MYSQL_SERVER=onlyoffice-mysql-server \ + -e MYSQL_SERVER_PORT=3306 \ + -e MYSQL_ROOT_USER=root \ + -e MYSQL_ROOT_PASSWD=my-secret-pw \ + -e MYSQL_SERVER_DB_NAME=onlyoffice_mailserver \ + -v /app/onlyoffice/MailServer/data:/var/vmail \ + -v /app/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver \ + -v /app/onlyoffice/MailServer/logs:/var/log \ + -h yourdomain.com \ + onlyoffice/mailserver ``` -**STEP 3**: Install ONLYOFFICE Community Server +The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75). + +To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation"). + +**STEP 5**: Install ONLYOFFICE Community Server ```bash -sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server \ - -p 80:80 -p 5222:5222 -p 443:443 \ - -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \ - -v /app/onlyoffice/CommunityServer/mysql:/var/lib/mysql \ - -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \ - -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/DocumentServerData \ - -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \ - -e MAIL_SERVER_DB_HOST=onlyoffice-mail-server \ - onlyoffice/communityserver +sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \ + -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \ + -e MYSQL_SERVER_DB_NAME=onlyoffice \ + -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \ + -e MYSQL_SERVER_USER=onlyoffice_user \ + -e MYSQL_SERVER_PASS=onlyoffice_pass \ + + -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \ + + -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \ + -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \ + -e MAIL_SERVER_DB_NAME=onlyoffice_mailserver \ + -e MAIL_SERVER_DB_PORT=3306 \ + -e MAIL_SERVER_DB_USER=root \ + -e MAIL_SERVER_DB_PASS=my-secret-pw \ + + -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \ + -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \ + onlyoffice/communityserver +``` + +Where `${MAIL_SERVER_IP}` is the IP address for **ONLYOFFICE Mail Server**. You can easily get it using the command: +``` +docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server ``` Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'. diff --git a/run-document-server.sh b/run-document-server.sh index 7a7c9c1..5763d70 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -28,11 +28,17 @@ NGINX_CONFIG_PATH="/etc/nginx/nginx.conf" NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)} NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)} +JWT_ENABLED=${JWT_ENABLED:-false} +JWT_SECRET=${JWT_SECRET:-secret} +JWT_HEADER=${JWT_HEADER:-Authorization} + ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/default.json ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json +ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/default.json JSON="json -q -f ${ONLYOFFICE_DEFAULT_CONFIG}" JSON_LOG="json -q -f ${ONLYOFFICE_LOG4JS_CONFIG}" +JSON_EXAMPLE="json -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}" LOCAL_SERVICES=() @@ -136,6 +142,27 @@ update_redis_settings(){ ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" } +update_jwt_settings(){ + if [ "${JWT_ENABLED}" == "true" ]; then + ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = '${JWT_ENABLED}'" + ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = '${JWT_ENABLED}'" + ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = '${JWT_ENABLED}'" + + ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'" + ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'" + ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'" + + ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" + ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" + + if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then + ${JSON_EXAMPLE} -I -e "this.server.token.enable = '${JWT_ENABLED}'" + ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'" + ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'" + fi + fi +} + create_postgresql_cluster(){ local pg_conf_dir=/etc/postgresql/${PG_VERSION}/${PG_NAME} local postgresql_conf=$pg_conf_dir/postgresql.conf @@ -235,6 +262,8 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then update_log_settings + update_jwt_settings + # update settings by env variables if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then update_postgresql_settings