Allow let's encrypte sertificates (#300)

* Allow let's encrypte sertificates

Co-authored-by: papacarlo <builder@onlyoffice.com>
Co-authored-by: Roman <demidov.roman@onlyoffice.com>
This commit is contained in:
Roman Demidov 2020-10-22 13:47:51 +03:00 committed by GitHub
parent 211ae50980
commit bdef500858
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 1 deletions

@ -15,6 +15,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
adduser \ adduser \
apt-utils \ apt-utils \
bomstrip \ bomstrip \
certbot \
htop \ htop \
libasound2 \ libasound2 \
libboost-regex-dev \ libboost-regex-dev \

@ -99,7 +99,14 @@ So you need to create and install the following files:
/app/onlyoffice/DocumentServer/data/certs/tls.key /app/onlyoffice/DocumentServer/data/certs/tls.key
/app/onlyoffice/DocumentServer/data/certs/tls.crt /app/onlyoffice/DocumentServer/data/certs/tls.crt
When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you have CA certified SSL certificates (e.g. [Let's Encrypt](https://letsencrypt.org)). When using CA certified certificates (e.g [Let's encrypt](https://letsencrypt.org)), these files are provided to you by the CA. If you are using self-signed certificates you need to generate these files [yourself](#generation-of-self-signed-certificates).
#### Using the automatically generated Let's Encrypt SSL Certificates
sudo docker run -i -t -d -p 443:443 \
-e LETS_ENCRYPT_DOMAIN=your_domain -e LETS_ENCRYPT_MAIL=your_mail onlyoffice/documentserver
If you want to get and extend Let's Encrypt SSL Certificates automatically just set LETS_ENCRYPT_DOMAIN and LETS_ENCRYPT_MAIL variables.
#### Generation of Self Signed Certificates #### Generation of Self Signed Certificates
@ -186,6 +193,8 @@ Below is the complete list of parameters that can be set using environment varia
- **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`. - **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`.
- **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`. - **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`.
- **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`. - **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
- **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
- **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers

@ -82,6 +82,12 @@ PG_NEW_CLUSTER=false
RABBITMQ_DATA=/var/lib/rabbitmq RABBITMQ_DATA=/var/lib/rabbitmq
REDIS_DATA=/var/lib/redis REDIS_DATA=/var/lib/redis
if [ ${LETS_ENCRYPT_DOMAIN} != "" -a ${LETS_ENCRYPT_MAIL} != "" ]; then
LETSENCRYPT_ROOT_DIR="/etc/letsencrypt/live"
SSL_CERTIFICATE_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/fullchain.pem
SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
fi
read_setting(){ read_setting(){
deprecated_var POSTGRESQL_SERVER_HOST DB_HOST deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
deprecated_var POSTGRESQL_SERVER_PORT DB_PORT deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
@ -544,6 +550,12 @@ fi
# it run in all cases. # it run in all cases.
service nginx start service nginx start
if [ ${LETS_ENCRYPT_DOMAIN} != "" -a ${LETS_ENCRYPT_MAIL} != "" ]; then
if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then
documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN}
fi
fi
# Regenerate the fonts list and the fonts thumbnails # Regenerate the fonts list and the fonts thumbnails
if [ "${GENERATE_FONTS}" == "true" ]; then if [ "${GENERATE_FONTS}" == "true" ]; then
documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER} documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}