From 43010e1bd2f306f9f11b298205ada59024816f82 Mon Sep 17 00:00:00 2001 From: NorseGaud Date: Sat, 22 Feb 2020 19:15:48 -0500 Subject: [PATCH 1/8] fix for create_postgresql_tbl grep so it stops throwing a failure --- run-document-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-document-server.sh b/run-document-server.sh index 67d26f4..a18be8c 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -242,7 +242,7 @@ create_postgresql_tbl(){ CREATEDB="createdb $CONNECTION_PARAMS" # Create db on remote server - if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then + if $PSQL -lt | cut -d\| -f 1 | grep -qw $POSTGRESQL_SERVER_DB_NAME | grep 0; then $CREATEDB $POSTGRESQL_SERVER_DB_NAME fi From a21313bb39f73a1f911b1519e8298817591b54e1 Mon Sep 17 00:00:00 2001 From: Hugo Herter Date: Sun, 23 Feb 2020 14:07:27 +0100 Subject: [PATCH 2/8] Fix insecure http:// urls in README Many links in the README are using `http://` instead of `https://`, including the link to download the `Community Edition Docker script file`, which is then meant to be executed using bash and could allows an adversary to make the user execute arbitrary code. --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c921efb..12956b6 100644 --- a/README.md +++ b/README.md @@ -167,7 +167,7 @@ Below is the complete list of parameters that can be set using environment varia - **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup. - **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account. - **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account. -- **AMQP_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server. +- **AMQP_SERVER_URL**: The [AMQP URL](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server. - **AMQP_SERVER_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`. - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running. - **REDIS_SERVER_PORT**: The Redis server port number. @@ -259,7 +259,7 @@ Alternatively, you can use an automatic installation script to install the whole **STEP 1**: Download the Community Edition Docker script file ```bash -wget http://download.onlyoffice.com/install/opensource-install.sh +wget https://download.onlyoffice.com/install/opensource-install.sh ``` **STEP 2**: Install ONLYOFFICE Community Edition executing the following command: @@ -311,5 +311,5 @@ SaaS version: [https://www.onlyoffice.com/cloud-office.aspx](https://www.onlyoff If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [dev.onlyoffice.org][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2]. - [1]: http://dev.onlyoffice.org - [2]: http://stackoverflow.com/questions/tagged/onlyoffice + [1]: https://dev.onlyoffice.org + [2]: https://stackoverflow.com/questions/tagged/onlyoffice From e361537d326a7471cf3dd1649b76afffefce3b31 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Thu, 12 Mar 2020 14:07:20 +0300 Subject: [PATCH 3/8] Fix postgres test See details: https://github.com/docker-library/postgres/issues/681 --- tests/defaults.env | 1 + tests/postgres-old.yml | 1 + tests/postgres.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/tests/defaults.env b/tests/defaults.env index cb8a2aa..070f769 100644 --- a/tests/defaults.env +++ b/tests/defaults.env @@ -32,6 +32,7 @@ ACTIVEMQ_GROUPS_owners=guest # Postgres Container POSTGRES_DB=onlyoffice POSTGRES_USER=onlyoffice +POSTGRES_HOST_AUTH_METHOD=trust # MySQL Container MYSQL_DATABASE=onlyoffice diff --git a/tests/postgres-old.yml b/tests/postgres-old.yml index 4385562..f795107 100644 --- a/tests/postgres-old.yml +++ b/tests/postgres-old.yml @@ -22,6 +22,7 @@ services: environment: - POSTGRES_DB - POSTGRES_USER + - POSTGRES_HOST_AUTH_METHOD restart: always expose: - '5432' diff --git a/tests/postgres.yml b/tests/postgres.yml index 0c5c39d..ed16e43 100644 --- a/tests/postgres.yml +++ b/tests/postgres.yml @@ -23,6 +23,7 @@ services: environment: - POSTGRES_DB - POSTGRES_USER + - POSTGRES_HOST_AUTH_METHOD restart: always expose: - '5432' From 37c058d2810fcf0007fc8785a4ffea9667e9b892 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Mon, 16 Mar 2020 16:20:36 +0300 Subject: [PATCH 4/8] Add mariadb test --- .travis.yml | 6 ++++++ tests/mariadb.yml | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 tests/mariadb.yml diff --git a/.travis.yml b/.travis.yml index aad8a55..ef4bcd9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,6 +28,12 @@ env: DB_HOST: onlyoffice-mysql DB_PORT: 3306 + # mariadb + - config: mariadb.yml + DB_TYPE: mysql + DB_HOST: db + DB_PORT: 3306 + # activemq - config: activemq.yml AMQP_TYPE: activemq diff --git a/tests/mariadb.yml b/tests/mariadb.yml new file mode 100644 index 0000000..c243fb2 --- /dev/null +++ b/tests/mariadb.yml @@ -0,0 +1,35 @@ +version: '2' +services: + ds: + container_name: ds + image: onlyoffice/4testing-documentserver-ie:latest + depends_on: + - db + environment: + - DB_TYPE + - DB_HOST + - DB_PORT + - DB_NAME + - DB_USER + - DB_PWD + stdin_open: true + restart: always + ports: + - '80:80' + + db: + container_name: db + image: mariadb:10.5 + environment: + - MYSQL_DATABASE + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ALLOW_EMPTY_PASSWORD + restart: always + volumes: + - mysql_data:/var/lib/mysql + expose: + - '3306' + +volumes: + mysql_data: From b72b401e67aaf7fffa97d81ecfac5838fa9a28ec Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 25 Mar 2020 12:19:47 +0300 Subject: [PATCH 5/8] Fix #234 (#235) --- docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose.yml b/docker-compose.yml index 3ae25f0..032c5de 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -103,6 +103,7 @@ services: environment: - POSTGRES_DB=onlyoffice - POSTGRES_USER=onlyoffice + - POSTGRES_HOST_AUTH_METHOD=trust networks: - onlyoffice restart: always From 95c59ed2cdd5b157befe728b686a409398fc98da Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Fri, 27 Mar 2020 18:44:56 +0300 Subject: [PATCH 6/8] Remake docker-compose file --- docker-compose.yml | 85 ++++++---------------------------------------- 1 file changed, 10 insertions(+), 75 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 032c5de..0c93a9f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,99 +1,40 @@ version: '2' services: - onlyoffice-documentserver-data: - container_name: onlyoffice-documentserver-data - image: onlyoffice/documentserver:latest + onlyoffice-documentserver: + build: + context: . + container_name: onlyoffice-documentserver + depends_on: + - onlyoffice-postgresql + - onlyoffice-rabbitmq environment: - - ONLYOFFICE_DATA_CONTAINER=true - DB_TYPE=postgres - DB_HOST=onlyoffice-postgresql - DB_PORT=5432 - DB_NAME=onlyoffice - DB_USER=onlyoffice - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq - - REDIS_SERVER_HOST=onlyoffice-redis - - REDIS_SERVER_PORT=6379 # Uncomment strings below to enable the JSON Web Token validation. #- JWT_ENABLED=true #- JWT_SECRET=secret #- JWT_HEADER=Authorization #- JWT_IN_BODY=true + ports: + - '80:80' + - '443:443' stdin_open: true restart: always - networks: - - onlyoffice volumes: - - /etc/onlyoffice - /var/www/onlyoffice/Data - /var/log/onlyoffice - /var/lib/onlyoffice/documentserver/App_Data/cache/files - /var/www/onlyoffice/documentserver-example/public/files - /usr/share/fonts - onlyoffice-documentserver: - image: onlyoffice/documentserver:latest - depends_on: - - onlyoffice-documentserver-data - - onlyoffice-postgresql - - onlyoffice-redis - - onlyoffice-rabbitmq - environment: - - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data - - BALANCE=uri depth 3 - - EXCLUDE_PORTS=443 - - HTTP_CHECK=GET /healthcheck - - EXTRA_SETTINGS=http-check expect string true - # Uncomment the string below to redirect HTTP request to HTTPS request. - #- FORCE_SSL=true - stdin_open: true - restart: always - networks: - - onlyoffice - expose: - - '80' - volumes_from: - - onlyoffice-documentserver-data - - onlyoffice-haproxy: - container_name: onlyoffice-haproxy - image: dockercloud/haproxy:1.5.1 - depends_on: - - onlyoffice-documentserver - environment: - - MODE=http - # Uncomment the string below to specify the path of ssl certificates - #- CERT_FOLDER=/certs/ - stdin_open: true - links: - - onlyoffice-documentserver - volumes: - - /var/run/docker.sock:/var/run/docker.sock - # Uncomment the string below to map a ssl certificate from host - # to the proxy container - #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem - restart: always - networks: - - onlyoffice - ports: - - '80:80' - - '443:443' - - '1936:1936' - - onlyoffice-redis: - container_name: onlyoffice-redis - image: redis - restart: always - networks: - - onlyoffice - expose: - - '6379' - onlyoffice-rabbitmq: container_name: onlyoffice-rabbitmq image: rabbitmq restart: always - networks: - - onlyoffice expose: - '5672' @@ -104,17 +45,11 @@ services: - POSTGRES_DB=onlyoffice - POSTGRES_USER=onlyoffice - POSTGRES_HOST_AUTH_METHOD=trust - networks: - - onlyoffice restart: always expose: - '5432' volumes: - postgresql_data:/var/lib/postgresql -networks: - onlyoffice: - driver: 'bridge' - volumes: postgresql_data: From a51dc612765c38e95f56ffeae62f2f9a8c3486c0 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 1 Apr 2020 12:11:57 +0300 Subject: [PATCH 7/8] Fix db folder mapping for custom build --- run-document-server.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run-document-server.sh b/run-document-server.sh index f8fe346..5359467 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -270,9 +270,9 @@ create_postgresql_cluster(){ } create_postgresql_db(){ - sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" - sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" - sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" + sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;" + sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';" + sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;" } create_db_tbl() { From 048a8888362559ce72a927db07e8363778ca8c34 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 1 Apr 2020 18:54:11 +0300 Subject: [PATCH 8/8] Add docker-compose cluster example --- cluster.yml | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 cluster.yml diff --git a/cluster.yml b/cluster.yml new file mode 100644 index 0000000..0cb07c1 --- /dev/null +++ b/cluster.yml @@ -0,0 +1,108 @@ +version: '2.1' + +x-ds-image: + &ds-image + ${COMPANY_NAME:-onlyoffice}/${PRODUCT_NAME:-documentserver-de}:${PRODUCT_VERSION:-latest} + +services: + onlyoffice-documentserver-data: + container_name: onlyoffice-documentserver-data + image: *ds-image + environment: + - ONLYOFFICE_DATA_CONTAINER=true + - DB_HOST=onlyoffice-postgresql + - DB_PORT=5432 + - DB_NAME=onlyoffice + - DB_USER=onlyoffice + - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq + - REDIS_SERVER_HOST=onlyoffice-redis + - REDIS_SERVER_PORT=6379 + # Uncomment strings below to enable the JSON Web Token validation. + #- JWT_ENABLED=true + #- JWT_SECRET=secret + #- JWT_HEADER=Authorization + #- JWT_IN_BODY=true + stdin_open: true + restart: always + volumes: + - /etc/onlyoffice + - /var/www/onlyoffice/Data + - /var/log/onlyoffice + - /var/lib/onlyoffice/documentserver/App_Data/cache/files + - /var/www/onlyoffice/documentserver-example/public/files + - /usr/share/fonts + + onlyoffice-documentserver: + image: *ds-image + depends_on: + - onlyoffice-documentserver-data + - onlyoffice-postgresql + - onlyoffice-redis + - onlyoffice-rabbitmq + environment: + - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data + - BALANCE=uri depth 3 + - EXCLUDE_PORTS=443 + - HTTP_CHECK=GET /healthcheck + - EXTRA_SETTINGS=http-check expect string true + # Uncomment the string below to redirect HTTP request to HTTPS request. + #- FORCE_SSL=true + stdin_open: true + restart: always + expose: + - '80' + volumes_from: + - onlyoffice-documentserver-data + + onlyoffice-haproxy: + container_name: onlyoffice-haproxy + image: dockercloud/haproxy:1.5.1 + depends_on: + - onlyoffice-documentserver + environment: + - MODE=http + # Uncomment the string below to specify the path of ssl certificates + #- CERT_FOLDER=/certs/ + stdin_open: true + links: + - onlyoffice-documentserver + volumes: + - /var/run/docker.sock:/var/run/docker.sock + # Uncomment the string below to map a ssl certificate from host + # to the proxy container + #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem + restart: always + ports: + - '80:80' + - '443:443' + - '1936:1936' + + onlyoffice-redis: + container_name: onlyoffice-redis + image: redis + restart: always + expose: + - '6379' + + onlyoffice-rabbitmq: + container_name: onlyoffice-rabbitmq + image: rabbitmq + restart: always + expose: + - '5672' + + onlyoffice-postgresql: + container_name: onlyoffice-postgresql + image: postgres:9.5 + environment: + - POSTGRES_DB=onlyoffice + - POSTGRES_USER=onlyoffice + - POSTGRES_HOST_AUTH_METHOD=trust + restart: always + expose: + - '5432' + volumes: + - postgresql_data:/var/lib/postgresql + +volumes: + postgresql_data: