From daa1850ed8ce07650a9ca0378ac0e16898d716e8 Mon Sep 17 00:00:00 2001
From: Alexey Golubev <alexey.golubev@onlyoffice.com>
Date: Fri, 9 Dec 2016 13:10:37 +0300
Subject: [PATCH 1/7] Adde to install postgresql-client

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c9bc7fd..0fdba37 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
     apt-get -y update && \
     echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
-    apt-get --force-yes -yq install software-properties-common adduser postgresql redis-server rabbitmq-server nginx-extras nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g supervisor fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libgtkglext1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2 bomstrip libnspr4 libnss3 libnss3-nssdb nano htop && \
+    apt-get --force-yes -yq install software-properties-common adduser postgresql postgresql-client redis-server rabbitmq-server nginx-extras nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g supervisor fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libgtkglext1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2 bomstrip libnspr4 libnss3 libnss3-nssdb nano htop && \
     sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" && \
     sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" && \
     sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" && \ 

From be3f76835821e85c8cd1e6f30b9f5e73adf3955f Mon Sep 17 00:00:00 2001
From: Alexey Golubev <Alexey.Golubev@onlyoffice.com>
Date: Fri, 9 Dec 2016 15:50:07 +0300
Subject: [PATCH 2/7] Changed rabbitmq settings

---
 README.md              |  4 +---
 docker-compose.yml     |  4 +---
 run-document-server.sh | 53 +++++++++++++++++++++++++++++++++++-------
 3 files changed, 47 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index d367c2b..62b34af 100644
--- a/README.md
+++ b/README.md
@@ -153,9 +153,7 @@ Below is the complete list of parameters that can be set using environment varia
 - **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup.
 - **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account.
 - **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account.
-- **RABBITMQ_SERVER_HOST**: The IP address or the name of the host where the RabbitMQ server is running.
-- **RABBITMQ_SERVER_USER**: The RabbitMQ server user name.
-- **RABBITMQ_SERVER_PASS**: The password set for the RabbitMQ account.
+- **RABBITMQ_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to RabbitMQ server.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 3a86dff..dadc486 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,9 +9,7 @@ services:
       - POSTGRESQL_SERVER_PORT=5432
       - POSTGRESQL_SERVER_DB_NAME=onlyoffice
       - POSTGRESQL_SERVER_USER=onlyoffice
-      - RABBITMQ_SERVER_HOST=onlyoffice-rabbitmq
-      - RABBITMQ_SERVER_USER=guest
-      - RABBITMQ_SERVER_PASS=guest
+      - RABBITMQ_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq
       - REDIS_SERVER_HOST=onlyoffice-redis
       - REDIS_SERVER_PORT=6379
     stdin_open: true
diff --git a/run-document-server.sh b/run-document-server.sh
index 6f2d058..e573031 100644
--- a/run-document-server.sh
+++ b/run-document-server.sh
@@ -37,16 +37,55 @@ read_setting(){
   POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
   POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}
 
-  RABBITMQ_SERVER_URL=$(${JSON} rabbitmq.url)
-  RABBITMQ_SERVER_HOST=${RABBITMQ_SERVER_HOST:-${RABBITMQ_SERVER_URL#'amqp://'}}
-  RABBITMQ_SERVER_USER=${RABBITMQ_SERVER_USER:-$(${JSON} rabbitmq.login)}
-  RABBITMQ_SERVER_PASS=${RABBITMQ_SERVER_PASS:-$(${JSON} rabbitmq.password)}
-  RABBITMQ_SERVER_PORT=${RABBITMQ_SERVER_PORT:-"5672"}
+  RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
+  parse_rabbitmq_url
 
   REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
   REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-$(${JSON} services.CoAuthoring.redis.port)}
 }
 
+parse_rabbitmq_url(){
+  local amqp=${RABBITMQ_SERVER_URL}
+
+  # extract the protocol
+  local proto="$(echo $amqp | grep :// | sed -e's,^\(.*://\).*,\1,g')"
+  # remove the protocol
+  local url="$(echo ${amqp/$proto/})"
+
+  # extract the user and password (if any)
+  local userpass="`echo $url | grep @ | cut -d@ -f1`"
+  local pass=`echo $userpass | grep : | cut -d: -f2`
+
+  local user
+  if [ -n "$pass" ]; then
+    user=`echo $userpass | grep : | cut -d: -f1`
+  else
+    user=$userpass
+  fi
+  echo $user
+
+  # extract the host
+  local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
+  # by request - try to extract the port
+  local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
+
+  local host
+  if [ -n "$port" ]; then
+    host=`echo $hostport | grep : | cut -d: -f1`
+  else
+    host=$hostport
+    port="5672"
+  fi
+
+  # extract the path (if any)
+  local path="$(echo $url | grep / | cut -d/ -f2-)"
+
+  RABBITMQ_SERVER_HOST=$host
+  RABBITMQ_SERVER_USER=$user
+  RABBITMQ_SERVER_PASS=$pass
+  RABBITMQ_SERVER_PORT=$port
+}
+
 waiting_for_connection(){
   until nc -z -w 3 "$1" "$2"; do
     >&2 echo "Waiting for connection to the $1 host on port $2"
@@ -77,9 +116,7 @@ update_postgresql_settings(){
 }
 
 update_rabbitmq_setting(){
-  ${JSON} -I -e "this.rabbitmq.url = 'amqp://${RABBITMQ_SERVER_HOST}'"
-  ${JSON} -I -e "this.rabbitmq.login = '${RABBITMQ_SERVER_USER}'"
-  ${JSON} -I -e "this.rabbitmq.password = '${RABBITMQ_SERVER_PASS}'"
+  ${JSON} -I -e "this.rabbitmq.url = '${RABBITMQ_SERVER_URL}'"
 }
 
 update_redis_settings(){

From 43806526d57bd365a72265796de0f53ec6757380 Mon Sep 17 00:00:00 2001
From: Alexey Golubev <Alexey.Golubev@onlyoffice.com>
Date: Mon, 26 Dec 2016 19:23:14 +0300
Subject: [PATCH 3/7] Changed GPG key for the onlyoffice repo

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 0fdba37..8bc3858 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=nonint
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     apt-get -y update && \
     apt-get --force-yes -yq install wget apt-transport-https curl && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D9D0BF019CC8AC0D && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CB2DE8E5 && \
     echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" >> /etc/apt/sources.list && \
     locale-gen en_US.UTF-8 && \
     curl -sL https://deb.nodesource.com/setup_6.x | bash - && \

From dd08a39bedd6b7fad2bd9322d99d2524f8bb9256 Mon Sep 17 00:00:00 2001
From: "Alexey.Golubev" <alexey.golubev@onlyoffice.com>
Date: Fri, 13 Jan 2017 12:50:24 +0300
Subject: [PATCH 4/7] Added "How to run DS on different port"

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 62b34af..bde3e75 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@
 * [Running Docker Image](#running-docker-image)
 * [Configuring Docker Image](#configuring-docker-image)
     - [Storing Data](#storing-data)
+    - [Running ONLYOFFICE Document Server on Different Port](#running-onlyoffice-document-server-on-different-port)
     - [Running ONLYOFFICE Document Server using HTTPS](#running-onlyoffice-document-server-using-https)
         + [Generation of Self Signed Certificates](#generation-of-self-signed-certificates)
         + [Strengthening the Server Security](#strengthening-the-server-security)
@@ -66,6 +67,12 @@ To get access to your data from outside the container, you need to mount the vol
 
 Storing the data on the host machine allows you to easily update ONLYOFFICE once the new version is released without losing your data.
 
+### Running ONLYOFFICE Document Server on Different Port
+
+To change the port, use the -p command. E.g.: to make your portal accessible via port 8080 execute the following command:
+
+    sudo docker run -i -t -d -p 8080:80 onlyoffice/documentserver
+
 ### Running ONLYOFFICE Document Server using HTTPS
 
         sudo docker run -i -t -d -p 443:443 \

From 3f8c314da0e5fecf66aa863c964a1fd1286500c7 Mon Sep 17 00:00:00 2001
From: "Alexey.Golubev" <alexey.golubev@onlyoffice.com>
Date: Tue, 17 Jan 2017 16:15:54 +0300
Subject: [PATCH 5/7] tune welcome page

---
 run-document-server.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/run-document-server.sh b/run-document-server.sh
index e573031..c151be3 100644
--- a/run-document-server.sh
+++ b/run-document-server.sh
@@ -19,6 +19,8 @@ ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
 SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
 
 NGINX_ONLYOFFICE_PATH="/etc/nginx/conf.d/onlyoffice-documentserver.conf";
+NGINX_ONLYOFFICE_INCLUDES_PATH="/etc/nginx/includes";
+NGINX_ONLYOFFICE_EXAMPLE_PATH=${NGINX_ONLYOFFICE_INCLUDES_PATH}/onlyoffice-documentserver-example.conf
 
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)}
@@ -178,6 +180,10 @@ update_nginx_settings(){
   else
     cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver.conf ${NGINX_ONLYOFFICE_PATH}
   fi
+  
+  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_PATH}" ]; then
+    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_PATH}
+  fi
 }
 
 update_supervisor_settings(){

From b60bd1cebb72f75c9143570fed0f87d7c2606142 Mon Sep 17 00:00:00 2001
From: Alexey Golubev <alexey.golubev@onlyoffice.com>
Date: Wed, 18 Jan 2017 14:13:24 +0300
Subject: [PATCH 6/7] Export folder for the custom fonts

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 8bc3858..73a7e32 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,6 +41,6 @@ RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/onlyoffice.list && \
     rm -rf /var/log/onlyoffice && \
     rm -rf /var/lib/apt/lists/*
 
-VOLUME /etc/onlyoffice /var/log/onlyoffice /var/lib/onlyoffice /var/www/onlyoffice/Data
+VOLUME /etc/onlyoffice /var/log/onlyoffice /var/lib/onlyoffice /var/www/onlyoffice/Data /usr/share/fonts/truetype/custom
 
 CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'

From 1047e5189a66e524efa66bbe494d9e1c0f23c49e Mon Sep 17 00:00:00 2001
From: "Alexey.Golubev" <alexey.golubev@onlyoffice.com>
Date: Tue, 24 Jan 2017 19:34:20 +0300
Subject: [PATCH 7/7] Use nginx config from the package

---
 .../nginx/onlyoffice-documentserver-ssl.conf  | 71 -------------------
 config/nginx/onlyoffice-documentserver.conf   |  8 ---
 run-document-server.sh                        |  7 +-
 3 files changed, 4 insertions(+), 82 deletions(-)
 delete mode 100644 config/nginx/onlyoffice-documentserver-ssl.conf
 delete mode 100644 config/nginx/onlyoffice-documentserver.conf

diff --git a/config/nginx/onlyoffice-documentserver-ssl.conf b/config/nginx/onlyoffice-documentserver-ssl.conf
deleted file mode 100644
index 26501a9..0000000
--- a/config/nginx/onlyoffice-documentserver-ssl.conf
+++ /dev/null
@@ -1,71 +0,0 @@
-include /etc/nginx/includes/onlyoffice-http.conf;
-
-## Normal HTTP host
-server {
-  listen 0.0.0.0:80;
-  listen [::]:80 default_server;
-  server_name _;
-  server_tokens off;
-
-  ## Redirects all traffic to the HTTPS host
-  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
-  rewrite ^ https://$host$request_uri? permanent;
-}
-
-#HTTP host for internal services
-server {
-  listen 127.0.0.1:80;
-  listen [::1]:80;
-  server_name localhost;
-  server_tokens off;
-  
-  include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
-  include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
-}
-
-## HTTPS host
-server {
-  listen 0.0.0.0:443 ssl;
-  listen [::]:443 ssl default_server;
-  server_tokens off;
-  root /usr/share/nginx/html;
-
-  ## Strong SSL Security
-  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-  ssl on;
-  ssl_certificate {{SSL_CERTIFICATE_PATH}};
-  ssl_certificate_key {{SSL_KEY_PATH}};
-  ssl_verify_client {{SSL_VERIFY_CLIENT}};
-  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
-
-  ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
-  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
-  ssl_session_cache  builtin:1000  shared:SSL:10m;
-
-  ssl_prefer_server_ciphers   on;
-
-  add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
-  # add_header X-Frame-Options SAMEORIGIN;
-  add_header X-Content-Type-Options nosniff;
-
-  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
-  ## Replace with your ssl_trusted_certificate. For more info see:
-  ## - https://medium.com/devops-programming/4445f4862461
-  ## - https://www.ruby-forum.com/topic/4419319
-  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
-  # ssl_stapling on;
-  # ssl_stapling_verify on;
-  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
-  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
-  # resolver_timeout 10s;
-
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   cd /etc/ssl/certs
-  ##   sudo openssl dhparam -out dhparam.pem 4096
-  ##
-  ssl_dhparam {{SSL_DHPARAM_PATH}};
-
-  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
-
-}
diff --git a/config/nginx/onlyoffice-documentserver.conf b/config/nginx/onlyoffice-documentserver.conf
deleted file mode 100644
index 0572fa8..0000000
--- a/config/nginx/onlyoffice-documentserver.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-include /etc/nginx/includes/onlyoffice-http.conf;
-server {
-  listen 0.0.0.0:80;
-  listen [::]:80 default_server;
-  server_tokens off;
-  
-  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
-}
\ No newline at end of file
diff --git a/run-document-server.sh b/run-document-server.sh
index c151be3..c19afa0 100644
--- a/run-document-server.sh
+++ b/run-document-server.sh
@@ -18,7 +18,8 @@ ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
 ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
 SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
 
-NGINX_ONLYOFFICE_PATH="/etc/nginx/conf.d/onlyoffice-documentserver.conf";
+NGINX_CONFD_PATH="/etc/nginx/conf.d";
+NGINX_ONLYOFFICE_PATH="${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf";
 NGINX_ONLYOFFICE_INCLUDES_PATH="/etc/nginx/includes";
 NGINX_ONLYOFFICE_EXAMPLE_PATH=${NGINX_ONLYOFFICE_INCLUDES_PATH}/onlyoffice-documentserver-example.conf
 
@@ -151,7 +152,7 @@ update_nginx_settings(){
 
   # setup HTTPS
   if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
-    cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver-ssl.conf ${NGINX_ONLYOFFICE_PATH}
+    cp ${NGINX_CONFD_PATH}/onlyoffice-documentserver-ssl.conf.template ${NGINX_ONLYOFFICE_PATH}
 
     # configure nginx
     sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
@@ -178,7 +179,7 @@ update_nginx_settings(){
       sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
     fi
   else
-    cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver.conf ${NGINX_ONLYOFFICE_PATH}
+    cp ${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf.template ${NGINX_ONLYOFFICE_PATH}
   fi
   
   if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_PATH}" ]; then