Allow let's encrypte sertificates (#300)
* Allow let's encrypte sertificates Co-authored-by: papacarlo <builder@onlyoffice.com> Co-authored-by: Roman <demidov.roman@onlyoffice.com>
This commit is contained in:
parent
211ae50980
commit
bdef500858
@ -15,6 +15,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
|||||||
adduser \
|
adduser \
|
||||||
apt-utils \
|
apt-utils \
|
||||||
bomstrip \
|
bomstrip \
|
||||||
|
certbot \
|
||||||
htop \
|
htop \
|
||||||
libasound2 \
|
libasound2 \
|
||||||
libboost-regex-dev \
|
libboost-regex-dev \
|
||||||
|
11
README.md
11
README.md
@ -99,7 +99,14 @@ So you need to create and install the following files:
|
|||||||
/app/onlyoffice/DocumentServer/data/certs/tls.key
|
/app/onlyoffice/DocumentServer/data/certs/tls.key
|
||||||
/app/onlyoffice/DocumentServer/data/certs/tls.crt
|
/app/onlyoffice/DocumentServer/data/certs/tls.crt
|
||||||
|
|
||||||
When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you have CA certified SSL certificates (e.g. [Let's Encrypt](https://letsencrypt.org)).
|
When using CA certified certificates (e.g [Let's encrypt](https://letsencrypt.org)), these files are provided to you by the CA. If you are using self-signed certificates you need to generate these files [yourself](#generation-of-self-signed-certificates).
|
||||||
|
|
||||||
|
#### Using the automatically generated Let's Encrypt SSL Certificates
|
||||||
|
|
||||||
|
sudo docker run -i -t -d -p 443:443 \
|
||||||
|
-e LETS_ENCRYPT_DOMAIN=your_domain -e LETS_ENCRYPT_MAIL=your_mail onlyoffice/documentserver
|
||||||
|
|
||||||
|
If you want to get and extend Let's Encrypt SSL Certificates automatically just set LETS_ENCRYPT_DOMAIN and LETS_ENCRYPT_MAIL variables.
|
||||||
|
|
||||||
#### Generation of Self Signed Certificates
|
#### Generation of Self Signed Certificates
|
||||||
|
|
||||||
@ -186,6 +193,8 @@ Below is the complete list of parameters that can be set using environment varia
|
|||||||
- **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`.
|
- **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`.
|
||||||
- **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`.
|
- **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`.
|
||||||
- **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
|
- **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
|
||||||
|
- **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
|
||||||
|
- **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
|
||||||
|
|
||||||
## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
|
## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
|
||||||
|
|
||||||
|
@ -82,6 +82,12 @@ PG_NEW_CLUSTER=false
|
|||||||
RABBITMQ_DATA=/var/lib/rabbitmq
|
RABBITMQ_DATA=/var/lib/rabbitmq
|
||||||
REDIS_DATA=/var/lib/redis
|
REDIS_DATA=/var/lib/redis
|
||||||
|
|
||||||
|
if [ ${LETS_ENCRYPT_DOMAIN} != "" -a ${LETS_ENCRYPT_MAIL} != "" ]; then
|
||||||
|
LETSENCRYPT_ROOT_DIR="/etc/letsencrypt/live"
|
||||||
|
SSL_CERTIFICATE_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/fullchain.pem
|
||||||
|
SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
|
||||||
|
fi
|
||||||
|
|
||||||
read_setting(){
|
read_setting(){
|
||||||
deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
|
deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
|
||||||
deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
|
deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
|
||||||
@ -544,6 +550,12 @@ fi
|
|||||||
# it run in all cases.
|
# it run in all cases.
|
||||||
service nginx start
|
service nginx start
|
||||||
|
|
||||||
|
if [ ${LETS_ENCRYPT_DOMAIN} != "" -a ${LETS_ENCRYPT_MAIL} != "" ]; then
|
||||||
|
if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then
|
||||||
|
documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN}
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Regenerate the fonts list and the fonts thumbnails
|
# Regenerate the fonts list and the fonts thumbnails
|
||||||
if [ "${GENERATE_FONTS}" == "true" ]; then
|
if [ "${GENERATE_FONTS}" == "true" ]; then
|
||||||
documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
|
documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user