diff --git a/Dockerfile b/Dockerfile index 8d8b2c2..69e2e2a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,9 @@ ARG ONLYOFFICE_VALUE=onlyoffice RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ apt-get -y update && \ apt-get -yq install wget apt-transport-https gnupg locales && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \ + mkdir -p $HOME/.gnupg && \ + gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \ + chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \ locale-gen en_US.UTF-8 && \ echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \ apt-get -yq install \ diff --git a/run-document-server.sh b/run-document-server.sh index 2bcdcc2..c8dcf39 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -38,13 +38,13 @@ if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then fi SSL_CERTIFICATES_DIR="${DATA_DIR}/certs" -if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.crt ]]; then - SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.crt +if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then + SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt else SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt} fi -if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.key ]]; then - SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.key +if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then + SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key else SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key} fi @@ -67,6 +67,14 @@ NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1} NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)} JWT_ENABLED=${JWT_ENABLED:-false} + +# validate user's vars before usinig in json +if [ "${JWT_ENABLED}" == "true" ]; then + JWT_ENABLED="true" +else + JWT_ENABLED="false" +fi + JWT_SECRET=${JWT_SECRET:-secret} JWT_HEADER=${JWT_HEADER:-Authorization} JWT_IN_BODY=${JWT_IN_BODY:-false} @@ -284,33 +292,32 @@ update_rabbitmq_setting(){ } update_redis_settings(){ + ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};" ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'" ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" } update_ds_settings(){ - if [ "${JWT_ENABLED}" == "true" ]; then - ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" - ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" - ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}" + ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" + ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" + ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}" - ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'" - ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'" - ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'" + ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'" + ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'" + ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'" - ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" - ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" + ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" + ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" - ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}" - ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}" + ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}" + ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}" - if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then - ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}" - ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'" - ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'" - fi + if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then + ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}" + ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'" + ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'" fi - + if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}" ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false" @@ -403,11 +410,13 @@ update_welcome_page() { WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html" if [[ -e $WELCOME_PAGE ]]; then DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset)) - if [[ -x $(command -v docker) ]]; then - DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID) - sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE - else - sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE + if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then + if [[ -x $(command -v docker) ]]; then + DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID) + sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE + else + sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE + fi fi fi }