From 7d1606bc9516f383f05691ff10083620876171a4 Mon Sep 17 00:00:00 2001 From: Semyon Bezrukov Date: Tue, 29 Oct 2019 12:42:43 +0300 Subject: [PATCH 01/23] Add support of MySQL DBMS (#188) * Add support of MySQL database --- .travis.yml | 44 ++++++++++++++ Dockerfile | 1 + README.md | 11 ++-- docker-compose.yml | 9 +-- run-document-server.sh | 97 ++++++++++++++++++++++-------- activemq.yml => tests/activemq.yml | 8 +-- tests/defaults.env | 40 ++++++++++++ tests/mysql.yml | 35 +++++++++++ tests/postgres-old.yml | 32 ++++++++++ tests/postgres.yml | 33 ++++++++++ tests/test.sh | 37 ++++++++++++ 11 files changed, 310 insertions(+), 37 deletions(-) create mode 100644 .travis.yml rename activemq.yml => tests/activemq.yml (75%) create mode 100644 tests/defaults.env create mode 100644 tests/mysql.yml create mode 100644 tests/postgres-old.yml create mode 100644 tests/postgres.yml create mode 100755 tests/test.sh diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..5877421 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,44 @@ +language: generic + +dist: trusty + +env: + # postgresql + - config: postgres.yml + + # custom values + - config: postgres.yml + DB_NAME: mydb + DB_USER: myuser + DB_PWD: password + POSTGRES_DB: mydb + POSTGRES_USER: myuser + + # deprecated variables + - config: postgres-old.yml + POSTGRESQL_SERVER_HOST: onlyoffice-postgresql + POSTGRESQL_SERVER_PORT: 5432 + POSTGRESQL_SERVER_DB_NAME: onlyoffice + POSTGRESQL_SERVER_USER: onlyoffice + POSTGRESQL_SERVER_PASS: onlyoffice + + # mysql + - config: mysql.yml + DB_TYPE: mysql + DB_HOST: onlyoffice-mysql + DB_PORT: 3306 + + # activemq + - config: activemq.yml + AMQP_SERVER_TYPE: activemq + AMQP_SERVER_URL: amqp://guest:guest@onlyoffice-activemq + +services: + - docker + +script: + # Go to tests dir + - cd ${PWD}/tests + + # Run test. + - ./test.sh diff --git a/Dockerfile b/Dockerfile index 038c756..0c3fb85 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,6 +27,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ libxml2 \ libxss1 \ libxtst6 \ + mysql-client \ nano \ net-tools \ netcat \ diff --git a/README.md b/README.md index c921efb..eec79bc 100644 --- a/README.md +++ b/README.md @@ -162,11 +162,12 @@ Below is the complete list of parameters that can be set using environment varia - **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.key`. - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`. - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false` -- **POSTGRESQL_SERVER_HOST**: The IP address or the name of the host where the PostgreSQL server is running. -- **POSTGRESQL_SERVER_PORT**: The PostgreSQL server port number. -- **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup. -- **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account. -- **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account. +- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`. +- **DB_HOST**: The IP address or the name of the host where the database server is running. +- **DB_PORT**: The database server port number. +- **DB_NAME**: The name of a database to be created on the image startup. +- **DB_USER**: The new user name with superuser permissions for the database account. +- **DB_PWD**: The password set for the database account. - **AMQP_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server. - **AMQP_SERVER_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`. - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running. diff --git a/docker-compose.yml b/docker-compose.yml index 0cc4cf8..3df7230 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,10 +5,11 @@ services: image: onlyoffice/documentserver:latest environment: - ONLYOFFICE_DATA_CONTAINER=true - - POSTGRESQL_SERVER_HOST=onlyoffice-postgresql - - POSTGRESQL_SERVER_PORT=5432 - - POSTGRESQL_SERVER_DB_NAME=onlyoffice - - POSTGRESQL_SERVER_USER=onlyoffice + - DB_TYPE=postgres + - DB_HOST=onlyoffice-postgresql + - DB_PORT=5432 + - DB_NAME=onlyoffice + - DB_USER=onlyoffice - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq - REDIS_SERVER_HOST=onlyoffice-redis - REDIS_SERVER_PORT=6379 diff --git a/run-document-server.sh b/run-document-server.sh index c46c6b0..3e3bb2b 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -57,11 +57,32 @@ PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME} PG_NEW_CLUSTER=false read_setting(){ - POSTGRESQL_SERVER_HOST=${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)} - POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-5432} - POSTGRESQL_SERVER_DB_NAME=${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)} - POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)} - POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)} + deprecated_var POSTGRESQL_SERVER_HOST DB_HOST + deprecated_var POSTGRESQL_SERVER_PORT DB_PORT + deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME + deprecated_var POSTGRESQL_SERVER_USER DB_USER + deprecated_var POSTGRESQL_SERVER_PASS DB_PWD + + DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}} + case $DB_TYPE in + "postgres") + DB_PORT=${DB_PORT:-"5432"} + ;; + "mariadb"|"mysql") + DB_PORT=${DB_PORT:-"3306"} + ;; + "") + DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}} + ;; + *) + echo "ERROR: unknown database type" + exit 1 + ;; + esac + DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}} + DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}} + DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}} + DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)} RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)} AMQP_SERVER_URL=${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}} @@ -74,6 +95,12 @@ read_setting(){ DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)} } +deprecated_var() { + if [[ -n ${!1} ]]; then + echo "Variable $1 is deprecated. Use $2 instead." + fi +} + parse_rabbitmq_url(){ local amqp=$1 @@ -123,8 +150,8 @@ waiting_for_connection(){ done } -waiting_for_postgresql(){ - waiting_for_connection ${POSTGRESQL_SERVER_HOST} ${POSTGRESQL_SERVER_PORT} +waiting_for_db(){ + waiting_for_connection $DB_HOST $DB_PORT } waiting_for_amqp(){ @@ -137,12 +164,13 @@ waiting_for_redis(){ waiting_for_datacontainer(){ waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT} } -update_postgresql_settings(){ - ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${POSTGRESQL_SERVER_HOST}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${POSTGRESQL_SERVER_PORT}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${POSTGRESQL_SERVER_DB_NAME}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${POSTGRESQL_SERVER_USER}'" - ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${POSTGRESQL_SERVER_PASS}'" +update_db_settings(){ + ${JSON} -I -e "this.services.CoAuthoring.sql.type = '${DB_TYPE}'" + ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'" + ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'" + ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'" + ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'" + ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'" } update_rabbitmq_setting(){ @@ -232,10 +260,21 @@ create_postgresql_db(){ sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" } -create_postgresql_tbl(){ - CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -p${POSTGRESQL_SERVER_PORT} -U${POSTGRESQL_SERVER_USER} -w" - if [ -n "${POSTGRESQL_SERVER_PASS}" ]; then - export PGPASSWORD=${POSTGRESQL_SERVER_PASS} +create_db_tbl() { + case $DB_TYPE in + "postgres") + create_postgresql_tbl + ;; + "mariadb"|"mysql") + create_mysql_tbl + ;; + esac +} + +create_postgresql_tbl() { + CONNECTION_PARAMS="-h$DB_HOST -p$DB_PORT -U$DB_USER -w" + if [ -n "$DB_PWD" ]; then + export PGPASSWORD=$DB_PWD fi PSQL="psql -q $CONNECTION_PARAMS" @@ -243,10 +282,20 @@ create_postgresql_tbl(){ # Create db on remote server if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then - $CREATEDB $POSTGRESQL_SERVER_DB_NAME + $CREATEDB $DB_NAME fi - $PSQL -d "${POSTGRESQL_SERVER_DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql" + $PSQL -d "$DB_NAME" -f "$APP_DIR/server/schema/postgresql/createdb.sql" +} + +create_mysql_tbl() { + CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w" + MYSQL="mysql -q $CONNECTION_PARAMS" + + # Create db on remote server + $MYSQL -e "CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" >/dev/null 2>&1 + + $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1 } update_nginx_settings(){ @@ -340,10 +389,10 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then update_jwt_settings # update settings by env variables - if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then - update_postgresql_settings - waiting_for_postgresql - create_postgresql_tbl + if [ $DB_HOST != "localhost" ]; then + update_db_settings + waiting_for_db + create_db_tbl else # change rights for postgres directory chown -R postgres:postgres ${PG_ROOT} @@ -390,7 +439,7 @@ if [ ${PG_NEW_CLUSTER} = "true" ]; then fi if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then - waiting_for_postgresql + waiting_for_db waiting_for_amqp waiting_for_redis diff --git a/activemq.yml b/tests/activemq.yml similarity index 75% rename from activemq.yml rename to tests/activemq.yml index f6a5fed..14c3884 100644 --- a/activemq.yml +++ b/tests/activemq.yml @@ -4,8 +4,8 @@ services: container_name: onlyoffice-documentserver image: onlyoffice/4testing-documentserver-ie:latest environment: - - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-activemq - - AMQP_SERVER_TYPE=activemq + - AMQP_SERVER_TYPE + - AMQP_SERVER_URL stdin_open: true restart: always ports: @@ -18,8 +18,8 @@ services: container_name: onlyoffice-activemq image: webcenter/activemq:5.14.3 environment: - - ACTIVEMQ_USERS_guest=guest - - ACTIVEMQ_GROUPS_owners=guest + - ACTIVEMQ_USERS_guest + - ACTIVEMQ_GROUPS_owners restart: always networks: - onlyoffice diff --git a/tests/defaults.env b/tests/defaults.env new file mode 100644 index 0000000..664f342 --- /dev/null +++ b/tests/defaults.env @@ -0,0 +1,40 @@ +# DocumentServer Container +ONLYOFFICE_DATA_CONTAINER=true +DB_TYPE=postgres +DB_HOST=onlyoffice-postgresql +DB_PORT=5432 +DB_NAME=onlyoffice +DB_USER=onlyoffice +DB_PWD=onlyoffice +AMQP_SERVER_TYPE=rabbitmq +AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq +REDIS_SERVER_HOST=onlyoffice-redis +REDIS_SERVER_PORT=6379 +JWT_ENABLED=true +JWT_SECRET=secret +JWT_HEADER=Authorization + +ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data +BALANCE=uri depth 3 +EXCLUDE_PORTS=443 +HTTP_CHECK=GET /healthcheck +EXTRA_SETTINGS=http-check expect string true +FORCE_SSL=true + +# HAProxy Container +MODE=http +CERT_FOLDER=/certs/ + +# ActiveMQ Container +ACTIVEMQ_USERS_guest=guest +ACTIVEMQ_GROUPS_owners=guest + +# Postgres Container +POSTGRES_DB=onlyoffice +POSTGRES_USER=onlyoffice + +# MySQL Container +MYSQL_DATABASE=onlyoffice +MYSQL_USER=onlyoffice +MYSQL_PASSWORD=onlyoffice +MYSQL_ALLOW_EMPTY_PASSWORD=yes \ No newline at end of file diff --git a/tests/mysql.yml b/tests/mysql.yml new file mode 100644 index 0000000..9a4155f --- /dev/null +++ b/tests/mysql.yml @@ -0,0 +1,35 @@ +version: '2' +services: + onlyoffice-documentserver: + container_name: onlyoffice-documentserver + image: onlyoffice/4testing-documentserver-ie:latest + depends_on: + - onlyoffice-mysql + environment: + - DB_TYPE + - DB_HOST + - DB_PORT + - DB_NAME + - DB_USER + - DB_PWD + stdin_open: true + restart: always + ports: + - '80:80' + + onlyoffice-mysql: + container_name: onlyoffice-mysql + image: mysql:5.7 + environment: + - MYSQL_DATABASE + - MYSQL_USER + - MYSQL_PASSWORD + - MYSQL_ALLOW_EMPTY_PASSWORD + restart: always + volumes: + - mysql_data:/var/lib/mysql + expose: + - '3306' + +volumes: + mysql_data: diff --git a/tests/postgres-old.yml b/tests/postgres-old.yml new file mode 100644 index 0000000..4385562 --- /dev/null +++ b/tests/postgres-old.yml @@ -0,0 +1,32 @@ +version: '2' +services: + onlyoffice-documentserver: + container_name: onlyoffice-documentserver + image: onlyoffice/4testing-documentserver-ie:latest + depends_on: + - onlyoffice-postgresql + environment: + - POSTGRESQL_SERVER_HOST + - POSTGRESQL_SERVER_PORT + - POSTGRESQL_SERVER_DB_NAME + - POSTGRESQL_SERVER_USER + - POSTGRESQL_SERVER_PASS + stdin_open: true + restart: always + ports: + - '80:80' + + onlyoffice-postgresql: + container_name: onlyoffice-postgresql + image: postgres:9.5 + environment: + - POSTGRES_DB + - POSTGRES_USER + restart: always + expose: + - '5432' + volumes: + - postgresql_data:/var/lib/postgresql + +volumes: + postgresql_data: diff --git a/tests/postgres.yml b/tests/postgres.yml new file mode 100644 index 0000000..0c5c39d --- /dev/null +++ b/tests/postgres.yml @@ -0,0 +1,33 @@ +version: '2' +services: + onlyoffice-documentserver: + container_name: onlyoffice-documentserver + image: onlyoffice/4testing-documentserver-ie:latest + depends_on: + - onlyoffice-postgresql + environment: + - DB_TYPE + - DB_HOST + - DB_PORT + - DB_NAME + - DB_USER + - DB_PWD + stdin_open: true + restart: always + ports: + - '80:80' + + onlyoffice-postgresql: + container_name: onlyoffice-postgresql + image: postgres:9.5 + environment: + - POSTGRES_DB + - POSTGRES_USER + restart: always + expose: + - '5432' + volumes: + - postgresql_data:/var/lib/postgresql + +volumes: + postgresql_data: diff --git a/tests/test.sh b/tests/test.sh new file mode 100755 index 0000000..49d57c3 --- /dev/null +++ b/tests/test.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +# Check if the yml exists +if [[ ! -f $config ]]; then + echo "File $config doesn't exist!" + exit 1 +fi + +env_file=defaults.env + +# Copy .env +if [[ -f $env_file ]]; then + cp $env_file .env +else + echo "File $env_file doesn't exist!" + exit 1 +fi + +# Run test environment +docker-compose -p ds -f $config up -d + +wakeup_timeout=30 + +# Get documentserver healthcheck status +echo "Wait for service wake up" +sleep $wakeup_timeout +healthcheck_res=$(wget --no-check-certificate -qO - localhost/healthcheck) + +# Fail if it isn't true +if [[ $healthcheck_res == "true" ]]; then + echo "Healthcheck passed." +else + echo "Healthcheck failed!" + exit 1 +fi + +docker-compose -p ds -f $config down From 18b8dbe4fe309e02f8af4032d1d4d82f8df03a6f Mon Sep 17 00:00:00 2001 From: Semyon Bezrukov Date: Tue, 26 Nov 2019 17:08:29 +0300 Subject: [PATCH 02/23] Fix RabbitMQ high CPU usage on idle VM (#193) --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 0c3fb85..efbef17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,6 +43,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ supervisor \ xvfb \ zlib1g && \ + echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \ sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" && \ sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" && \ sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" && \ From b3055c362cfda49863b890f9acfefeaf568eceb7 Mon Sep 17 00:00:00 2001 From: Semyon Bezrukov Date: Wed, 27 Nov 2019 11:35:08 +0300 Subject: [PATCH 03/23] Add support JWT_IN_BODY param (#194) --- README.md | 1 + docker-compose.yml | 1 + run-document-server.sh | 4 ++++ 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index eec79bc..bea73b9 100644 --- a/README.md +++ b/README.md @@ -177,6 +177,7 @@ Below is the complete list of parameters that can be set using environment varia - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`. - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. +- **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers diff --git a/docker-compose.yml b/docker-compose.yml index 3df7230..6e73ff5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,6 +17,7 @@ services: #- JWT_ENABLED=true #- JWT_SECRET=secret #- JWT_HEADER=Authorization + #- JWT_IN_BODY=true stdin_open: true restart: always networks: diff --git a/run-document-server.sh b/run-document-server.sh index 3e3bb2b..436a017 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -38,6 +38,7 @@ NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)} JWT_ENABLED=${JWT_ENABLED:-false} JWT_SECRET=${JWT_SECRET:-secret} JWT_HEADER=${JWT_HEADER:-Authorization} +JWT_IN_BODY=${JWT_IN_BODY:-false} ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json @@ -235,6 +236,9 @@ update_jwt_settings(){ ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" + ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = '${JWT_IN_BODY}'" + ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = '${JWT_IN_BODY}'" + if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}" ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'" From f18d04f4067ab9711015e902de2221d6c32f83b3 Mon Sep 17 00:00:00 2001 From: Semyon Bezrukov Date: Thu, 28 Nov 2019 14:59:20 +0300 Subject: [PATCH 04/23] Fix commands on welcome page (#197) --- run-document-server.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/run-document-server.sh b/run-document-server.sh index 436a017..6cde63a 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -302,6 +302,19 @@ create_mysql_tbl() { $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1 } +update_welcome_page() { + WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html" + if [[ -e $WELCOME_PAGE ]]; then + DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset)) + if [[ -x $(command -v docker) ]]; then + DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID) + sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE + else + sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE + fi + fi +} + update_nginx_settings(){ # Set up nginx sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH} @@ -388,6 +401,8 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then read_setting + update_welcome_page + update_log_settings update_jwt_settings @@ -430,6 +445,8 @@ else # read settings after the data container in ready state # to prevent get unconfigureted data read_setting + + update_welcome_page fi #start needed local services From 2b982778f31b6e04ac39544a5f147c3846147f62 Mon Sep 17 00:00:00 2001 From: ReinerNippes Date: Thu, 5 Dec 2019 17:18:36 +0100 Subject: [PATCH 05/23] fix issue #96 ; 'Download failed' after upgrade to onlyoffice (#191) * fix issue #96 ; 'Download failed' after upgrade to onlyoffice - unable to verify the first certificate * New variable name REJECT_UNAUTHORIZED_STORAGE Shell variable rnamed to REJECT_UNAUTHORIZED_STORAGE. --- README.md | 1 + run-document-server.sh | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/README.md b/README.md index bea73b9..29e3a46 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,7 @@ Below is the complete list of parameters that can be set using environment varia - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. +- **REJECT_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false` ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers diff --git a/run-document-server.sh b/run-document-server.sh index 3f9d09d..d61be11 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -21,6 +21,7 @@ SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key} CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem} SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem} SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off} +REJECT_UNAUTHORIZED_STORAGE=${REJECT_UNAUTHORIZED_STORAGE:-false} ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true} ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000} SYSCONF_TEMPLATES_DIR="/app/ds/setup/config" @@ -350,6 +351,11 @@ update_nginx_settings(){ else sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF} fi + + if [ "${REJECT_UNAUTHORIZED_STORAGE}" == "true" ]; then + ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}" + ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false" + fi else ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF} fi From 261232e10dd1d9914cefcdc749dca1eaa0147c8c Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Mon, 16 Dec 2019 18:28:50 +0300 Subject: [PATCH 06/23] Move from unsupported node.js version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 47828f3..877388f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ apt-get -yq install wget apt-transport-https curl locales && \ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \ locale-gen en_US.UTF-8 && \ - curl -sL https://deb.nodesource.com/setup_8.x | bash - && \ + curl -sL https://deb.nodesource.com/setup_10.x | bash - && \ apt-get -y update && \ apt-get -yq install \ adduser \ From ee8fa827e3a998c51bb85dce6457af8c59e1ac49 Mon Sep 17 00:00:00 2001 From: Roman Demidov <58073444+romandemidov@users.noreply.github.com> Date: Fri, 20 Dec 2019 13:15:59 +0300 Subject: [PATCH 07/23] Add external volumes for rabbitmq and redis (#203) --- Dockerfile | 2 +- README.md | 2 ++ run-document-server.sh | 13 +++++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 877388f..810d9eb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -77,6 +77,6 @@ RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/ds.list && \ rm -rf /var/log/$COMPANY_NAME && \ rm -rf /var/lib/apt/lists/* -VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /usr/share/fonts/truetype/custom +VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom ENTRYPOINT /app/ds/run-document-server.sh diff --git a/README.md b/README.md index 29e3a46..b3836c8 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,8 @@ To get access to your data from outside the container, you need to mount the vol -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ + -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \ + -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \ -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful: diff --git a/run-document-server.sh b/run-document-server.sh index d61be11..d348a43 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -57,6 +57,8 @@ PG_VERSION=9.5 PG_NAME=main PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME} PG_NEW_CLUSTER=false +RABBITMQ_DATA=/var/lib/rabbitmq +REDIS_DATA=/var/lib/redis read_setting(){ deprecated_var POSTGRESQL_SERVER_HOST DB_HOST @@ -434,6 +436,13 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then if [ ${AMQP_SERVER_HOST} != "localhost" ]; then update_rabbitmq_setting else + # change rights for rabbitmq directory + chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA} + chmod -R go=rX,u=rwX ${RABBITMQ_DATA} + if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then + chmod 400 ${RABBITMQ_DATA}/.erlang.cookie + fi + LOCAL_SERVICES+=("rabbitmq-server") # allow Rabbitmq startup after container kill rm -rf /var/run/rabbitmq @@ -442,6 +451,10 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then if [ ${REDIS_SERVER_HOST} != "localhost" ]; then update_redis_settings else + # change rights for redis directory + chown -R redis:redis ${REDIS_DATA} + chmod -R 750 ${REDIS_DATA} + LOCAL_SERVICES+=("redis-server") fi else From 08bb07e2d0c25152cc9bbacd01ed7bcf730b00e5 Mon Sep 17 00:00:00 2001 From: Roman Demidov <58073444+romandemidov@users.noreply.github.com> Date: Mon, 23 Dec 2019 12:27:47 +0300 Subject: [PATCH 08/23] Rename AMQP variables (#205) --- .travis.yml | 14 ++++++++++++-- README.md | 4 ++-- docker-compose.yml | 2 +- run-document-server.sh | 15 +++++++++------ tests/activemq.yml | 4 ++-- tests/defaults.env | 4 ++-- tests/rabbitmq-old.yml | 28 ++++++++++++++++++++++++++++ tests/rabbitmq.yml | 28 ++++++++++++++++++++++++++++ 8 files changed, 84 insertions(+), 15 deletions(-) create mode 100644 tests/rabbitmq-old.yml create mode 100644 tests/rabbitmq.yml diff --git a/.travis.yml b/.travis.yml index 5877421..93c8ad5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,8 +30,18 @@ env: # activemq - config: activemq.yml - AMQP_SERVER_TYPE: activemq - AMQP_SERVER_URL: amqp://guest:guest@onlyoffice-activemq + AMQP_TYPE: activemq + AMQP_URI: amqp://guest:guest@onlyoffice-activemq + + # rabbitmq + - config: rabbitmq.yml + AMQP_TYPE: rabbitmq + AMQP_URI: amqp://guest:guest@onlyoffice-rabbitmq + + # rabbitmq old variables + - config: rabbitmq-old.yml + AMQP_SERVER_TYPE: rabbitmq + AMQP_SERVER_URL: amqp://guest:guest@onlyoffice-rabbitmq services: - docker diff --git a/README.md b/README.md index b3836c8..7ecaf9c 100644 --- a/README.md +++ b/README.md @@ -170,8 +170,8 @@ Below is the complete list of parameters that can be set using environment varia - **DB_NAME**: The name of a database to be created on the image startup. - **DB_USER**: The new user name with superuser permissions for the database account. - **DB_PWD**: The password set for the database account. -- **AMQP_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server. -- **AMQP_SERVER_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`. +- **AMQP_URI**: The [AMQP URI](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server. +- **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`. - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running. - **REDIS_SERVER_PORT**: The Redis server port number. - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. diff --git a/docker-compose.yml b/docker-compose.yml index 6e73ff5..3ae25f0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: - DB_PORT=5432 - DB_NAME=onlyoffice - DB_USER=onlyoffice - - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq + - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq - REDIS_SERVER_HOST=onlyoffice-redis - REDIS_SERVER_PORT=6379 # Uncomment strings below to enable the JSON Web Token validation. diff --git a/run-document-server.sh b/run-document-server.sh index d348a43..6fc1931 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -66,6 +66,9 @@ read_setting(){ deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME deprecated_var POSTGRESQL_SERVER_USER DB_USER deprecated_var POSTGRESQL_SERVER_PASS DB_PWD + deprecated_var RABBITMQ_SERVER_URL AMQP_URI + deprecated_var AMQP_SERVER_URL AMQP_URI + deprecated_var AMQP_SERVER_TYPE AMQP_TYPE DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}} case $DB_TYPE in @@ -89,9 +92,9 @@ read_setting(){ DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)} RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)} - AMQP_SERVER_URL=${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}} - AMQP_SERVER_TYPE=${AMQP_SERVER_TYPE:-rabbitmq} - parse_rabbitmq_url ${AMQP_SERVER_URL} + AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}} + AMQP_TYPE=${AMQP_TYPE:-${AMQP_SERVER_TYPE:-rabbitmq}} + parse_rabbitmq_url ${AMQP_URI} REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)} REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379} @@ -178,13 +181,13 @@ update_db_settings(){ } update_rabbitmq_setting(){ - if [ "${AMQP_SERVER_TYPE}" == "rabbitmq" ]; then + if [ "${AMQP_TYPE}" == "rabbitmq" ]; then ${JSON} -I -e "if(this.queue===undefined)this.queue={};" ${JSON} -I -e "this.queue.type = 'rabbitmq'" - ${JSON} -I -e "this.rabbitmq.url = '${AMQP_SERVER_URL}'" + ${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'" fi - if [ "${AMQP_SERVER_TYPE}" == "activemq" ]; then + if [ "${AMQP_TYPE}" == "activemq" ]; then ${JSON} -I -e "if(this.queue===undefined)this.queue={};" ${JSON} -I -e "this.queue.type = 'activemq'" ${JSON} -I -e "if(this.activemq===undefined)this.activemq={};" diff --git a/tests/activemq.yml b/tests/activemq.yml index 14c3884..f9b4823 100644 --- a/tests/activemq.yml +++ b/tests/activemq.yml @@ -4,8 +4,8 @@ services: container_name: onlyoffice-documentserver image: onlyoffice/4testing-documentserver-ie:latest environment: - - AMQP_SERVER_TYPE - - AMQP_SERVER_URL + - AMQP_TYPE + - AMQP_URI stdin_open: true restart: always ports: diff --git a/tests/defaults.env b/tests/defaults.env index 664f342..cb8a2aa 100644 --- a/tests/defaults.env +++ b/tests/defaults.env @@ -6,8 +6,8 @@ DB_PORT=5432 DB_NAME=onlyoffice DB_USER=onlyoffice DB_PWD=onlyoffice -AMQP_SERVER_TYPE=rabbitmq -AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq +AMQP_TYPE=rabbitmq +AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq REDIS_SERVER_HOST=onlyoffice-redis REDIS_SERVER_PORT=6379 JWT_ENABLED=true diff --git a/tests/rabbitmq-old.yml b/tests/rabbitmq-old.yml new file mode 100644 index 0000000..9301ae4 --- /dev/null +++ b/tests/rabbitmq-old.yml @@ -0,0 +1,28 @@ +version: '2' +services: + onlyoffice-documentserver: + container_name: onlyoffice-documentserver + image: onlyoffice/4testing-documentserver-ie:latest + environment: + - AMQP_SERVER_TYPE + - AMQP_SERVER_URL + stdin_open: true + restart: always + ports: + - '80:80' + - '443:443' + networks: + - onlyoffice + + onlyoffice-rabbitmq: + container_name: onlyoffice-rabbitmq + image: rabbitmq + restart: always + networks: + - onlyoffice + expose: + - '5672' + +networks: + onlyoffice: + driver: 'bridge' diff --git a/tests/rabbitmq.yml b/tests/rabbitmq.yml new file mode 100644 index 0000000..9006cb0 --- /dev/null +++ b/tests/rabbitmq.yml @@ -0,0 +1,28 @@ +version: '2' +services: + onlyoffice-documentserver: + container_name: onlyoffice-documentserver + image: onlyoffice/4testing-documentserver-ie:latest + environment: + - AMQP_TYPE + - AMQP_URI + stdin_open: true + restart: always + ports: + - '80:80' + - '443:443' + networks: + - onlyoffice + + onlyoffice-rabbitmq: + container_name: onlyoffice-rabbitmq + image: rabbitmq + restart: always + networks: + - onlyoffice + expose: + - '5672' + +networks: + onlyoffice: + driver: 'bridge' From a6cda6537b6b787b555aaad55f92e47b945793d2 Mon Sep 17 00:00:00 2001 From: Roman Demidov <58073444+romandemidov@users.noreply.github.com> Date: Mon, 23 Dec 2019 15:59:14 +0300 Subject: [PATCH 09/23] Add redis test (#206) --- .travis.yml | 5 +++++ tests/redis.yml | 28 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 tests/redis.yml diff --git a/.travis.yml b/.travis.yml index 93c8ad5..aad8a55 100644 --- a/.travis.yml +++ b/.travis.yml @@ -43,6 +43,11 @@ env: AMQP_SERVER_TYPE: rabbitmq AMQP_SERVER_URL: amqp://guest:guest@onlyoffice-rabbitmq + # redis + - config: redis.yml + REDIS_SERVER_HOST: onlyoffice-redis + REDIS_SERVER_PORT: 6379 + services: - docker diff --git a/tests/redis.yml b/tests/redis.yml new file mode 100644 index 0000000..2984ffe --- /dev/null +++ b/tests/redis.yml @@ -0,0 +1,28 @@ +version: '2' +services: + onlyoffice-documentserver: + container_name: onlyoffice-documentserver + image: onlyoffice/4testing-documentserver-ie:latest + environment: + - REDIS_SERVER_HOST + - REDIS_SERVER_PORT + stdin_open: true + restart: always + ports: + - '80:80' + - '443:443' + networks: + - onlyoffice + + onlyoffice-redis: + container_name: onlyoffice-redis + image: redis + restart: always + networks: + - onlyoffice + expose: + - '6379' + +networks: + onlyoffice: + driver: 'bridge' From 3ff96e8b49c2d4f7e4d3ee11309cc6ecd769e295 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 25 Dec 2019 17:25:57 +0300 Subject: [PATCH 10/23] Fix 'JWT_IN_BODY' param parsing --- run-document-server.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run-document-server.sh b/run-document-server.sh index 6fc1931..97b970e 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -242,8 +242,8 @@ update_jwt_settings(){ ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" - ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = '${JWT_IN_BODY}'" - ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = '${JWT_IN_BODY}'" + ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}" + ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}" if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}" From 89882472320e7594d17b084be34b92c55dbd7543 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Thu, 26 Dec 2019 12:42:27 +0300 Subject: [PATCH 11/23] Change base image to ubuntu 18.04 --- Dockerfile | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 810d9eb..be2c245 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:16.04 +FROM ubuntu:18.04 LABEL maintainer Ascensio System SIA ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive @@ -7,24 +7,25 @@ ARG ONLYOFFICE_VALUE=onlyoffice RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ apt-get -y update && \ - apt-get -yq install wget apt-transport-https curl locales && \ + apt-get -yq install wget apt-transport-https gnupg curl locales && \ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \ locale-gen en_US.UTF-8 && \ curl -sL https://deb.nodesource.com/setup_10.x | bash - && \ apt-get -y update && \ apt-get -yq install \ adduser \ + apt-utils \ bomstrip \ htop \ libasound2 \ libboost-regex-dev \ libcairo2 \ libcurl3 \ + libcurl3-gnutls \ libgconf2-4 \ libgtkglext1 \ libnspr4 \ libnss3 \ - libnss3-nssdb \ libstdc++6 \ libxml2 \ libxss1 \ @@ -46,6 +47,9 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ xvfb \ zlib1g && \ echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \ + sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \ + pg_conftool 10 main set listen_addresses 'localhost' && \ + service postgresql restart && \ sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \ sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \ sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ From df8e19ed90a918542f4f23d4d8c83250b3e8d9a3 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Thu, 26 Dec 2019 12:43:27 +0300 Subject: [PATCH 12/23] Update postgersql version --- run-document-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-document-server.sh b/run-document-server.sh index 97b970e..81f59f1 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -53,7 +53,7 @@ JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}" LOCAL_SERVICES=() PG_ROOT=/var/lib/postgresql -PG_VERSION=9.5 +PG_VERSION=10 PG_NAME=main PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME} PG_NEW_CLUSTER=false From 9eff99f618f033ba9986e62b5fff75ed5d24a0c0 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Thu, 26 Dec 2019 13:13:13 +0300 Subject: [PATCH 13/23] Remake fix #96 --- README.md | 2 +- run-document-server.sh | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7ecaf9c..12beef5 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ Below is the complete list of parameters that can be set using environment varia - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. -- **REJECT_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false` +- **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false` ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers diff --git a/run-document-server.sh b/run-document-server.sh index 81f59f1..673808d 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -21,7 +21,7 @@ SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key} CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem} SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem} SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off} -REJECT_UNAUTHORIZED_STORAGE=${REJECT_UNAUTHORIZED_STORAGE:-false} +USE_UNAUTHORIZED_STORAGE=${USE_UNAUTHORIZED_STORAGE:-false} ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true} ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000} SYSCONF_TEMPLATES_DIR="/app/ds/setup/config" @@ -229,7 +229,7 @@ update_redis_settings(){ ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" } -update_jwt_settings(){ +update_ds_settings(){ if [ "${JWT_ENABLED}" == "true" ]; then ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" @@ -251,6 +251,11 @@ update_jwt_settings(){ ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'" fi fi + + if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then + ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}" + ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false" + fi } create_postgresql_cluster(){ @@ -356,11 +361,6 @@ update_nginx_settings(){ else sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF} fi - - if [ "${REJECT_UNAUTHORIZED_STORAGE}" == "true" ]; then - ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}" - ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false" - fi else ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF} fi @@ -416,7 +416,7 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then update_log_settings - update_jwt_settings + update_ds_settings # update settings by env variables if [ $DB_HOST != "localhost" ]; then From f241f36893bd6dbaf92baf92f5318ecbb57e8a3d Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Fri, 31 Jan 2020 13:33:25 +0300 Subject: [PATCH 14/23] Add abbility customize docker build --- Makefile | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 72c2faa..e93ba7d 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,14 @@ -COMPANY_NAME ?= onlyoffice +COMPANY_NAME ?= ONLYOFFICE GIT_BRANCH ?= develop -PRODUCT_NAME ?= documentserver-ie +PRODUCT_NAME ?= DocumentServer PRODUCT_VERSION ?= 0.0.0 BUILD_NUMBER ?= 0 ONLYOFFICE_VALUE ?= onlyoffice +COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z) +PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z) +COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW)) + PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER) REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/" @@ -24,12 +28,12 @@ endif DOCKER_TAGS += $(DOCKER_TAG) -DOCKER_REPO = $(COMPANY_NAME)/4testing-$(PRODUCT_NAME) +DOCKER_REPO = $(COMPANY_NAME_LOW)/4testing-$(PRODUCT_NAME_LOW) COLON := __colon__ DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG)) -DOCKER_ARCH := $(COMPANY_NAME)-$(PRODUCT_NAME)_$(PACKAGE_VERSION).tar.gz +DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz .PHONY: all clean clean-docker deploy docker publish @@ -37,8 +41,8 @@ $(DOCKER_TARGETS): $(DEB_REPO_DATA) docker build \ --build-arg REPO_URL=$(REPO_URL) \ - --build-arg COMPANY_NAME=$(COMPANY_NAME) \ - --build-arg PRODUCT_NAME=$(PRODUCT_NAME) \ + --build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \ + --build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \ --build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \ -t $(subst $(COLON),:,$@) . &&\ mkdir -p $$(dirname $@) &&\ @@ -54,7 +58,7 @@ clean: rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH) clean-docker: - docker rmi -f $$(docker images -q $(COMPANY_NAME)/*) || exit 0 + docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0 deploy: $(DOCKER_TARGETS) $(foreach TARGET,$(DOCKER_TARGETS),docker push $(subst $(COLON),:,$(TARGET));) From 6b81686cf6611d015ecd3d8a016ed993105798f5 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Fri, 31 Jan 2020 17:27:31 +0300 Subject: [PATCH 15/23] Fix deploy to docker hub --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e93ba7d..ce11a08 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW)) PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER) -REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/" +REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/" UPDATE_LATEST := false @@ -28,7 +28,7 @@ endif DOCKER_TAGS += $(DOCKER_TAG) -DOCKER_REPO = $(COMPANY_NAME_LOW)/4testing-$(PRODUCT_NAME_LOW) +DOCKER_REPO = $(COMPANY_NAME_LOW_ESCAPED)/4testing-$(PRODUCT_NAME_LOW) COLON := __colon__ DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG)) From 586d1078e66f282c9e832dbafcab6a88592f78b4 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 12 Feb 2020 13:42:04 +0300 Subject: [PATCH 16/23] Create folder for pkg example --- run-document-server.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run-document-server.sh b/run-document-server.sh index 673808d..0923cf2 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -398,8 +398,8 @@ done mkdir -p ${DS_LOG_DIR}-example # create app folders -for i in App_Data/cache/files App_Data/docbuilder; do - mkdir -p "${DS_LIB_DIR}/$i" +for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do + mkdir -p "$i" done # change folder rights From efe1d8482f78e7877235915ed4ed8b36f5a347f6 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Fri, 14 Feb 2020 17:18:04 +0300 Subject: [PATCH 17/23] Fix browser 'wasm' warning Fix browser warning: wasm streaming compile failed: TypeError: Failed to execute 'compile' on 'WebAssembly': Incorrect response MIME type. Expected 'application/wasm'. --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index be2c245..00eb375 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,6 +48,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ zlib1g && \ echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \ sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \ + sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types pg_conftool 10 main set listen_addresses 'localhost' && \ service postgresql restart && \ sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \ From b639a8ef8964b655f6cf8ff5189c6de99a824296 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Mon, 17 Feb 2020 12:25:38 +0300 Subject: [PATCH 18/23] Fix build error --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 00eb375..c270a04 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,7 +48,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ zlib1g && \ echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \ sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \ - sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types + sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types && \ pg_conftool 10 main set listen_addresses 'localhost' && \ service postgresql restart && \ sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \ From 4468a26a3e01268bcba6728551e303f2d25d13cb Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 19 Feb 2020 19:54:20 +0300 Subject: [PATCH 19/23] Change dependency gtk2->gtk3 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c270a04..037e736 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ libcurl3 \ libcurl3-gnutls \ libgconf2-4 \ - libgtkglext1 \ + libgtk-3-0 \ libnspr4 \ libnss3 \ libstdc++6 \ From 33d04dc4f43508d486079791f0fdd4e9322756f4 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Fri, 21 Feb 2020 14:58:20 +0300 Subject: [PATCH 20/23] Remove nodejs dependency --- Dockerfile | 6 ++---- run-document-server.sh | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 037e736..c737318 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,15 +7,14 @@ ARG ONLYOFFICE_VALUE=onlyoffice RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ apt-get -y update && \ - apt-get -yq install wget apt-transport-https gnupg curl locales && \ + apt-get -yq install wget apt-transport-https gnupg locales && \ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \ locale-gen en_US.UTF-8 && \ - curl -sL https://deb.nodesource.com/setup_10.x | bash - && \ - apt-get -y update && \ apt-get -yq install \ adduser \ apt-utils \ bomstrip \ + curl \ htop \ libasound2 \ libboost-regex-dev \ @@ -35,7 +34,6 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ net-tools \ netcat \ nginx-extras \ - nodejs \ postgresql \ postgresql-client \ pwgen \ diff --git a/run-document-server.sh b/run-document-server.sh index 0923cf2..7a1a7fc 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -45,7 +45,7 @@ ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json -JSON_BIN=${APP_DIR}/npm/node_modules/.bin/json +JSON_BIN=${APP_DIR}/npm/json JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}" JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}" JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}" From 9a2d10ceeaf72895dc3aa8f350d789ceee820290 Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Fri, 21 Feb 2020 16:29:49 +0300 Subject: [PATCH 21/23] Fix build error The following packages have unmet dependencies: curl : Depends: libcurl4 (= 7.58.0-2ubuntu3.8) but it is not going to be installed --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c737318..d996e71 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,6 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ adduser \ apt-utils \ bomstrip \ - curl \ htop \ libasound2 \ libboost-regex-dev \ From a21313bb39f73a1f911b1519e8298817591b54e1 Mon Sep 17 00:00:00 2001 From: Hugo Herter Date: Sun, 23 Feb 2020 14:07:27 +0100 Subject: [PATCH 22/23] Fix insecure http:// urls in README Many links in the README are using `http://` instead of `https://`, including the link to download the `Community Edition Docker script file`, which is then meant to be executed using bash and could allows an adversary to make the user execute arbitrary code. --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c921efb..12956b6 100644 --- a/README.md +++ b/README.md @@ -167,7 +167,7 @@ Below is the complete list of parameters that can be set using environment varia - **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup. - **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account. - **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account. -- **AMQP_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server. +- **AMQP_SERVER_URL**: The [AMQP URL](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server. - **AMQP_SERVER_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`. - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running. - **REDIS_SERVER_PORT**: The Redis server port number. @@ -259,7 +259,7 @@ Alternatively, you can use an automatic installation script to install the whole **STEP 1**: Download the Community Edition Docker script file ```bash -wget http://download.onlyoffice.com/install/opensource-install.sh +wget https://download.onlyoffice.com/install/opensource-install.sh ``` **STEP 2**: Install ONLYOFFICE Community Edition executing the following command: @@ -311,5 +311,5 @@ SaaS version: [https://www.onlyoffice.com/cloud-office.aspx](https://www.onlyoff If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [dev.onlyoffice.org][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2]. - [1]: http://dev.onlyoffice.org - [2]: http://stackoverflow.com/questions/tagged/onlyoffice + [1]: https://dev.onlyoffice.org + [2]: https://stackoverflow.com/questions/tagged/onlyoffice From 438a41a93348822c94cbf64429a4b820b02c5f8c Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Tue, 25 Feb 2020 13:54:23 +0300 Subject: [PATCH 23/23] Fix #44534 --- run-document-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-document-server.sh b/run-document-server.sh index 7a1a7fc..5fe88c2 100755 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -391,7 +391,7 @@ update_logrotate_settings(){ } # create base folders -for i in converter docservice spellchecker metrics gc; do +for i in converter docservice spellchecker metrics; do mkdir -p "${DS_LOG_DIR}/$i" done