Merge remote-tracking branch 'upstream/master'
Some checks failed
Build / build (push) Failing after 38s
Trigger 4testing rebuild / trigget-rebuild (push) Failing after 1s

This commit is contained in:
Jiří Štefka 2024-04-09 01:57:21 +02:00
commit d94706dd54
Signed by: jiriks74
GPG Key ID: 1D5E30D3DB2264DE
20 changed files with 3525 additions and 66 deletions

@ -1,5 +1,14 @@
### This workflow setup instance then build and push images ###
name: 4testing multiarch-build
run-name: >-
Build #${{ inputs.build }} [
${{ inputs.amd64 && 'AMD64' || '-' }}
${{ inputs.arm64 && 'ARM64' || '-' }}
] [
${{ inputs.community && 'CE' || '-' }}
${{ inputs.developer && 'DE' || '-' }}
${{ inputs.enterprise && 'EE' || '-' }}
]
on:
workflow_dispatch:
@ -61,7 +70,7 @@ jobs:
echo "None of the editions are selected."
exit 1
fi
echo "::set-output name=editions::$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')"
echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT
outputs:
editions: ${{ steps.matrix.outputs.editions }}
@ -92,6 +101,7 @@ jobs:
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Build 4testing
id: build-ds
run: |
set -eux
@ -124,8 +134,8 @@ jobs:
BUILD_NUMBER=${{ github.event.inputs.build }}
export PRODUCT_EDITION
export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}~stretch
export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/${BUILD_CHANNEL}
export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
export BUILD_CHANNEL
export PLATFORM
export DOCKERFILE=Dockerfile
@ -136,4 +146,29 @@ jobs:
docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
echo "DONE: Build success"
### Set output for Zap scanner
### NOTE: Output will be used only in release/hotfix branches
echo "version=${TAG}" >> "$GITHUB_OUTPUT"
echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
shell: bash
# Run scanner only when edition is community
# and branch hit release/ or hotfix/
- name: Trigger zap manualy
if: >-
matrix.edition == 'community' &&
(startsWith(steps.build-ds.outputs.branch, 'release/') ||
startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
env:
VERSION: ${{ steps.build-ds.outputs.version }}
BRANCH: ${{ steps.build-ds.outputs.branch }}
GITHUB_TOKEN: ${{ secrets.TOKEN }}
run: |
gh workflow run zap-ds.yaml \
--repo ${{ github.repository }} \
-f branch=${BRANCH} \
-f version=${VERSION}
shell: bash

@ -0,0 +1,22 @@
---
name: Trigger 4testing rebuild
run-name: "Weekly 4testing rebuild trigger"
on:
schedule:
# Run every Saturday at 10 p.m.
- cron: '00 22 * * 6'
jobs:
trigger-rebuild:
name: "trigget-rebuild"
runs-on: "ubuntu-latest"
steps:
- name: Rebuild 4testing manualy
env:
GITHUB_TOKEN: ${{ secrets.TOKEN }}
run: |
gh workflow run rebuild.yml \
--repo ONLYOFFICE/Docker-DocumentServer \
-f repo=4test

@ -0,0 +1,224 @@
---
name: Rebuild Docker-Documentserver
run-name: >
Rebuild DocumentServer with secure updates for repo: ${{ github.event.inputs.repo }}
on:
workflow_dispatch:
inputs:
repo:
type: choice
description: Please, choose upload repo..
options:
- '4test'
- 'stable'
permissions:
# All other permissions are set to none
contents: read
# Technically read access while waiting for images should be more than enough. However,
# there is a bug in GitHub Actions/Packages and in case private repositories are used, you get a permission
# denied error when attempting to just pull private image, changing the token permission to write solves the
# issue. This is not dangerous, because if it is for "ONLYOFFICE/Docker-DocumentServer", only maintainers can use ds-rebuild.yaml
# If it is for a fork, then the token is read-only anyway.
packages: read
env:
COMPANY_NAME: "onlyoffice"
PRODUCT_NAME: "documentserver"
REGISTRY_URL: "https://hub.docker.com/v2/repositories"
jobs:
rebuild-info:
name: "Rebuild-info"
runs-on: "ubuntu-22.04"
env:
REPO_INPUTS: ${{ github.event.inputs.repo }}
EVENT: ${{ github.event_name }}
outputs:
stable-versions: ${{ steps.selective-checks.outputs.stable-versions }}
ucs-versions: ${{ steps.selective-checks.outputs.ucs-versions }}
minor-tags: ${{ steps.selective-checks.outputs.minor-tags }}
ucs-rebuild-condition: ${{ steps.selective-checks.outputs.ucs-rebuild-condition }}
prefix-name: ${{ steps.selective-checks.outputs.prefix-name }}
repo: ${{ steps.selective-checks.outputs.repo }}
steps:
- name: Selective checks
id: selective-checks
run: |
set -e
REPO=${REPO_INPUTS:-"4test"}
if [ "${REPO}" == "stable" ]; then
UCS_REBUILD=true
UCS_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}-ucs/tags/?page_size=100 | \
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
echo "ucs-versions=$(jq -c -n '$ARGS.positional' --args "${UCS_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
elif
[ "${REPO}" == "4test" ]; then
UCS_REBUILD=false
PREFIX_NAME=4testing-
fi
STABLE_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 | \
jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
# When rebuilding stable versions of the document server,
# it is necessary to determine the version from which the
# minor x.x tag will need to be pushed.
VERSIONS=(${STABLE_VERSIONS[@]})
for i in {1..10}; do
if [ -z "${VERSIONS}" ]; then
break
else
TEMPLATE=${VERSIONS[0]%.*.*}
TEMPLATE_MINOR=$(printf -- '%s\n' "${VERSIONS[@]}" | grep -o -m 1 "${VERSIONS[0]%.*.*}.[0-9].[0-9]")
MINOR_TAGS+=(${TEMPLATE_MINOR%.*})
for v in ${MINOR_TAGS[@]}; do
VERSIONS=(${VERSIONS[@]//${v%.*}.*.*})
done
fi
done
echo "Stable releases that will be rebuilded"
echo "--------------------------------------"
echo "${STABLE_VERSIONS[@]}"
echo
echo
echo "Ucs releases that will be rebuilded"
echo "-----------------------------------"
echo "${UCS_VERSIONS[@]}"
echo "stable-versions=$(jq -c -n '$ARGS.positional' --args "${STABLE_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
echo "minor-tags=${MINOR_TAGS[@]}" >> "$GITHUB_OUTPUT"
echo "ucs-rebuild-condition=${UCS_REBUILD}" >> "$GITHUB_OUTPUT"
echo "prefix-name=${PREFIX_NAME}" >> "$GITHUB_OUTPUT"
echo "repo=${REPO}" >> "$GITHUB_OUTPUT"
shell: bash
re-build-stable:
name: "Rebuild stable:${{ matrix.version }} ${{ matrix.edition }}"
needs: [rebuild-info]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
type: ["stable"]
edition: ["", "-ee", "-de"]
version: ${{fromJSON(needs.rebuild-info.outputs.stable-versions)}}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# Determines the new build number based
# on data from the hub.docker registry
- name: Declare release number
id: release-number
env:
REBUILD_VERSION: ${{ matrix.version }}
run: |
MINOR_VERSION=${REBUILD_VERSION%.*}
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
shell: bash
# Note: Rebuilding images with an
# extra layer to update security and
# all dependencies. Update tags got +1 to previous release.
- name: Re-build documentserver-stable
env:
MINOR_TAGS_ST: ${{ needs.rebuild-info.outputs.minor-tags }}
VERSION: ${{ matrix.version }}
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
PREFIX_NAME: ${{ needs.rebuild-info.outputs.prefix-name }}
REPO: ${{ needs.rebuild-info.outputs.repo }}
PRODUCT_EDITION: ${{ matrix.edition }}
run: |
set -eux
export PULL_TAG=${VERSION}
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
export SHORTER_TAG=${VERSION%.*}
export SHORTEST_TAG=${VERSION%.*.*}
if [ "${REPO}" == "stable" ]; then
MINOR_TAGS=(${MINOR_TAGS_ST})
for v in ${MINOR_TAGS[@]}; do
if [ "${SHORTER_TAG}" == "${v}" ]; then
export PUSH_MAJOR="true"
fi
done
if [ "${SHORTER_TAG}" == "${MINOR_TAGS[0]}" ]; then
export LATEST="true"
fi
fi
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
shell: bash
re-build-ucs:
name: "Rebuild ucs: ${{ matrix.version }} ${{ matrix.edition }}"
if: needs.rebuild-info.outputs.ucs-rebuild-condition == 'true'
needs: [rebuild-info]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
type: ["ucs"]
edition: ["", "-ee"]
version: ${{fromJSON(needs.rebuild-info.outputs.ucs-versions)}}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
# Determines the new build number based
# on data from the hub.docker registry
- name: Declare release number
id: release-number
env:
REBUILD_VERSION: ${{ matrix.version }}
run: |
MINOR_VERSION=${REBUILD_VERSION%.*}
LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
| jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
LAST_RELEASE=${LAST_RELEASE#*.*.*.}
echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
shell: bash
# Note: Rebuilding images with an
# extra layer to update security and
# all dependencies. Update tags +1 to previous release.
- name: Re-build documentserver-ucs
env:
VERSION: ${{ matrix.version }}
RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
PRODUCT_EDITION: ${{ matrix.edition }}
run: |
set -eux
export PULL_TAG=${VERSION}
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
export SHORTER_TAG=${VERSION%.*}
export SHORTEST_TAG=${VERSION%.*.*}
export UCS_REBUILD=true
export UCS_PREFIX=-ucs
docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
shell: bash

@ -1,5 +1,6 @@
### This workflow setup instance then build and push images ###
name: Multi-arch build stable
run-name: ${{ inputs.tag }} (${{ inputs.release_number }})
on:
workflow_dispatch:
@ -8,6 +9,11 @@ on:
description: 'Tag for release (ex. 1.2.3.45)'
type: string
required: true
release_number:
description: 'Sequence number of the release (ex. x.x.x.<number>)'
type: string
required: true
default: '1'
env:
COMPANY_NAME: "onlyoffice"
@ -42,10 +48,12 @@ jobs:
run: |
set -eux
VERSION=${{ github.event.inputs.tag }}
RELEASE_NUMBER=${{ github.event.inputs.release_number }}
PRODUCT_EDITION=${{ matrix.edition }}
TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
export PRODUCT_EDITION
export TAG=${VERSION}
export PULL_TAG=${VERSION}
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
export SHORTER_TAG=${VERSION%.*}
export SHORTEST_TAG=${VERSION%.*.*}
docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
@ -82,8 +90,11 @@ jobs:
- name: build image
run: |
set -eux
VERSION=${{ github.event.inputs.tag }}
RELEASE_NUMBER=${{ github.event.inputs.release_number }}
export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER}
export PRODUCT_EDITION=${{ matrix.edition }}
export TAG=${{ github.event.inputs.tag }}
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
shell: bash
@ -113,12 +124,14 @@ jobs:
- name: build UCS
run: |
set -eux
VERSION=${{ github.event.inputs.tag }}
RELEASE_NUMBER=${{ github.event.inputs.release_number }}
export PRODUCT_EDITION=${{ matrix.edition }}
export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}/test
export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
export DOCKERFILE=Dockerfile
export BASE_IMAGE=ubuntu:20.04
export PG_VERSION=12
export TAG=${{ github.event.inputs.tag }}
export PACKAGE_VERSION=$( echo ${TAG} | sed -E 's/(.*)\./\1-/')~stretch
export TAG=${VERSION%.*}.${RELEASE_NUMBER}
export PACKAGE_VERSION=$( echo ${VERSION} | sed -E 's/(.*)\./\1-/')
docker buildx bake -f docker-bake.hcl documentserver-ucs --push
shell: bash

@ -0,0 +1,70 @@
---
name: Scanning DocumentServer with ZAP
run-name: >
ZAP DocumentServer ver: ${{ github.event.inputs.version }} from branch: ${{ github.event.inputs.branch }}
on:
workflow_dispatch:
inputs:
version:
description: 'Set DocumentServer version that will be deployed'
type: string
required: true
branch:
description: 'The branch from which the scan will be performed'
type: string
required: true
jobs:
zap:
name: "Zap scanning DocumentServer"
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run DS
id: run-ds
env:
TAG: ${{ github.event.inputs.version }}
run: |
# Create ssl certs
openssl genrsa -out tls.key 2048
openssl req -new -key tls.key -out tls.csr -subj "/C=RU/ST=NizhObl/L=NizhNov/O=RK-Tech/OU=TestUnit/CN=TestName"
openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
openssl dhparam -out dhparam.pem 2048
sudo mkdir -p /app/onlyoffice/DocumentServer/data/certs
sudo cp ./tls.key /app/onlyoffice/DocumentServer/data/certs/
sudo cp ./tls.crt /app/onlyoffice/DocumentServer/data/certs/
sudo cp ./dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
sudo chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
rm ./tls.key ./tls.crt ./dhparam.pem
# Run Ds with enabled ssl
export CONTAINER_NAME="documentserver"
sudo docker run -itd \
--name ${CONTAINER_NAME} \
-p 80:80 \
-p 443:443 \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
onlyoffice/4testing-documentserver:${TAG}
sleep 60
sudo docker exec ${CONTAINER_NAME} sudo supervisorctl start ds:example
LOCAL_IP=$(hostname -I | awk '{print $1}')
echo "local-ip=${LOCAL_IP}" >> "$GITHUB_OUTPUT"
# Scan DocumentServer with ZAP.
# NOTE: Full scan get a lot of time.
# If you want make scan more faster (but less accurate) remove `cmd options` field
# -j mean that scanning use AJAX Spider, with this spider the scan takes approximately an hour
# Without any cmd options will be used default spider and the scan takes approximately ~10-15 minutes
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.8.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
target: 'https://${{ steps.run-ds.outputs.local-ip }}/'
allow_issue_writing: false
cmd_options: '-j'

131
.travis.yml Normal file

@ -0,0 +1,131 @@
language: generic
dist: trusty
env:
# community edition
- config: standalone.yml
# integration edition
- config: standalone.yml
PRODUCT_NAME: documentserver-ie
# certificates (default tls if onlyoffice not exists)
- config: certs.yml
ssl: true
# certificates (default onlyoffice if exists)
- config: certs.yml
ssl: true
private_key: onlyoffice.key
certificate_request: onlyoffice.csr
certificate: onlyoffice.crt
# custom certificates
- config: certs-customized.yml
ssl: true
private_key: mycert.key
certificate_request: mycert.csr
certificate: mycert.crt
SSL_CERTIFICATE_PATH: /var/www/onlyoffice/Data/certs/mycert.crt
SSL_KEY_PATH: /var/www/onlyoffice/Data/certs/mycert.key
# postgresql 16
- config: postgres.yml
POSTGRES_VERSION: 16
# postgresql 15
- config: postgres.yml
POSTGRES_VERSION: 15
# postgresql 14
- config: postgres.yml
POSTGRES_VERSION: 14
# postgresql 13
- config: postgres.yml
POSTGRES_VERSION: 13
# postgresql 12
- config: postgres.yml
# postgresql custom values
- config: postgres.yml
DB_NAME: mydb
DB_USER: myuser
DB_PWD: password
POSTGRES_DB: mydb
POSTGRES_USER: myuser
# postgresql deprecated variables
- config: postgres-old.yml
# mysql 8
- config: mysql.yml
MYSQL_VERSION: 8
# mysql 5
- config: mysql.yml
MYSQL_VERSION: 5
# mysql 5.7
- config: mysql.yml
# mariadb 10
- config: mariadb.yml
MARIADB_VERSION: 10
# mariadb 10.5
- config: mariadb.yml
- config: activemq.yml
ACTIVEMQ_VERSION: latest
# activemq 5.14.3
- config: activemq.yml
# rabbitmq latest
- config: rabbitmq.yml
# rabbitmq 3
- config: rabbitmq.yml
RABBITMQ_VERSION: 3
# rabbitmq old variables
- config: rabbitmq-old.yml
# redis latest with community edition
- config: redis.yml
# redis latest with integraion edition
- config: redis.yml
PRODUCT_NAME: documentserver-ie
# redis 6
- config: redis.yml
REDIS_VERSION: 6
# redis 5
- config: redis.yml
REDIS_VERSION: 5
# graphite
- config: graphite.yml
services:
- docker
script:
# Go to tests dir
- cd ${PWD}/tests
# Run test.
- ./test.sh

@ -19,8 +19,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
apt-utils \
bomstrip \
certbot \
cron \
curl \
gconf-service \
htop \
libasound2 \
libboost-regex-dev \
@ -57,9 +57,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types && \
pg_conftool $PG_VERSION main set listen_addresses 'localhost' && \
service postgresql restart && \
sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \
sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE OWNER $ONLYOFFICE_VALUE;" && \
service postgresql stop && \
service redis-server stop && \
service rabbitmq-server stop && \
@ -67,7 +66,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
service nginx stop && \
rm -rf /var/lib/apt/lists/*
COPY config /app/ds/setup/config/
COPY config/supervisor/supervisor /etc/init.d/
COPY config/supervisor/ds/*.conf /etc/supervisor/conf.d/
COPY run-document-server.sh /app/ds/run-document-server.sh
EXPOSE 80 443
@ -90,6 +90,8 @@ RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VER
service postgresql start && \
apt-get -yq install /tmp/$PACKAGE_FILE && \
service postgresql stop && \
chmod 755 /etc/init.d/supervisor && \
sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
service supervisor stop && \
chmod 755 /app/ds/*.sh && \
rm -f /tmp/$PACKAGE_FILE && \

@ -8,11 +8,10 @@ BUILD_CHANNEL ?= nightly
ONLYOFFICE_VALUE ?= onlyoffice
COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
COMPANY_NAME_ESC = $(subst -,,$(COMPANY_NAME_LOW))
PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)
PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch
PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian/$(BUILD_CHANNEL)
PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian
ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test))
DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)
@ -20,7 +19,8 @@ else
DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)-$(subst /,-,$(GIT_BRANCH))
endif
DOCKER_IMAGE := $(COMPANY_NAME_ESC)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION)
DOCKER_ORG ?= $(COMPANY_NAME_LOW)
DOCKER_IMAGE := $(DOCKER_ORG)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION)
DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy
DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)_$(DOCKER_TAG).tar.gz

@ -198,6 +198,7 @@ version of the `onlyoffice-documentserver` debian package used in the image
+ [Installation of the SSL Certificates](#installation-of-the-ssl-certificates)
+ [Available Configuration Parameters](#available-configuration-parameters)
* [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
* [ONLYOFFICE Document Server ipv6 setup](#onlyoffice-document-server-ipv6-setup)
* [Issues](#issues)
- [Docker Issues](#docker-issues)
- [Document Server usage Issues](#document-server-usage-issues)
@ -212,7 +213,7 @@ Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It
ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface.
***Important*** Please update `docker-enginge` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
***Important*** Please update `docker-engine` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
## Functionality ##
* ONLYOFFICE Document Editor
@ -377,12 +378,14 @@ Below is the complete list of parameters that can be set using environment varia
- **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
- **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
- **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value.
- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
- **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
- **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
- **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`.
- **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`.
- **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
- **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true`
- **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`.
@ -505,6 +508,30 @@ wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/
docker-compose up -d
```
## ONLYOFFICE Document Server ipv6 setup
(Works and is supported only for Linux hosts)
Docker does not currently provide ipv6 addresses to containers by default. This function is experimental now.
To set up interaction via ipv6, you need to enable support for this feature in your Docker. For this you need:
- create the `/etc/docker/daemon.json` file with the following content:
```
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:abc1::/64"
}
```
- restart docker with the following command: `systemctl restart docker`
After that, all running containers receive an ipv6 address and have an inet6 interface.
You can check your default bridge network and see the field there
`EnableIPv6=true`. A new ipv6 subnet will also be added.
For more information, visit the official [Docker manual site](https://docs.docker.com/config/daemon/ipv6/)
## Issues
### Docker Issues

@ -1,27 +0,0 @@
; supervisor config file
[inet_http_server]
port = 127.0.0.1:9001
[supervisord]
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl = http://localhost:9001 ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf

@ -10,6 +10,10 @@ variable "SHORTEST_TAG" {
default = ""
}
variable "PULL_TAG" {
default = ""
}
variable "COMPANY_NAME" {
default = ""
}
@ -50,6 +54,14 @@ variable "BUILD_CHANNEL" {
default = ""
}
variable "PUSH_MAJOR" {
default = "false"
}
variable "LATEST" {
default = "false"
}
### Variables for UCS build
variable "BASE_IMAGE" {
@ -60,6 +72,14 @@ variable "PG_VERSION" {
default = ""
}
variable "UCS_REBUILD" {
default = ""
}
variable "UCS_PREFIX" {
default = ""
}
### Variables for UCS build
target "documentserver" {
@ -90,7 +110,7 @@ target "documentserver-stable" {
equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
platforms = ["linux/amd64", "linux/arm64"]
args = {
"TAG": "${TAG}"
"PULL_TAG": "${PULL_TAG}"
"COMPANY_NAME": "${COMPANY_NAME}"
"PRODUCT_NAME": "${PRODUCT_NAME}"
"PRODUCT_EDITION": "${PRODUCT_EDITION}"
@ -121,7 +141,27 @@ target "documentserver-nonexample" {
tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
platforms = ["linux/amd64", "linux/arm64"]
args = {
"TAG": "${TAG}"
"PULL_TAG": "${PULL_TAG}"
"COMPANY_NAME": "${COMPANY_NAME}"
"PRODUCT_NAME": "${PRODUCT_NAME}"
"PRODUCT_EDITION": "${PRODUCT_EDITION}"
}
}
target "documentserver-stable-rebuild" {
target = "documentserver-stable-rebuild"
dockerfile = "production.dockerfile"
tags = equal("true",UCS_REBUILD) ? ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}",] : [
"docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}": "",
equal("true",PUSH_MAJOR) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}": "",
equal("",PREFIX_NAME) && equal("true",LATEST) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
equal("-ee",PRODUCT_EDITION) && equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",
]
platforms = ["linux/amd64", "linux/arm64"]
args = {
"UCS_PREFIX": "${UCS_PREFIX}"
"PULL_TAG": "${PULL_TAG}"
"COMPANY_NAME": "${COMPANY_NAME}"
"PRODUCT_NAME": "${PRODUCT_NAME}"
"PRODUCT_EDITION": "${PRODUCT_EDITION}"

@ -46,7 +46,7 @@ services:
onlyoffice-postgresql:
container_name: onlyoffice-postgresql
image: postgres:9.5
image: postgres:12
environment:
- POSTGRES_DB=onlyoffice
- POSTGRES_USER=onlyoffice

@ -1,15 +1,24 @@
### Arguments avavlivable only for FROM instruction ###
ARG TAG=latest
ARG PULL_TAG=latest
ARG COMPANY_NAME=onlyoffice
ARG PRODUCT_EDITION=
### Rebuild arguments
ARG UCS_PREFIX=
ARG IMAGE=${COMPANY_NAME}/documentserver${PRODUCT_EDITION}${UCS_PREFIX}:${PULL_TAG}
### Build main-release ###
FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable
FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable
### Rebuild stable images with secure updates
FROM ${IMAGE} as documentserver-stable-rebuild
RUN echo "This is rebuild" \
&& apt-get update -y \
&& apt-get upgrade -y
### Build nonexample ###
FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample
FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample
ARG COMPANY_NAME=onlyoffice
ARG PRODUCT_NAME=documentserver

30
run-document-server.sh Executable file → Normal file

@ -3,7 +3,10 @@
umask 0022
function clean_exit {
/usr/bin/documentserver-prepare4shutdown.sh
if [ ${ONLYOFFICE_DATA_CONTAINER} == "false" ] && \
[ ${ONLYOFFICE_DATA_CONTAINER_HOST} == "localhost" ]; then
/usr/bin/documentserver-prepare4shutdown.sh
fi
}
trap clean_exit SIGTERM
@ -87,11 +90,13 @@ fi
[ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)}
JWT_SECRET=${JWT_SECRET:-$(pwgen -s 32)}
JWT_HEADER=${JWT_HEADER:-Authorization}
JWT_IN_BODY=${JWT_IN_BODY:-false}
WOPI_ENABLED=${WOPI_ENABLED:-false}
ALLOW_META_IP_ADDRESS=${ALLOW_META_IP_ADDRESS:-false}
ALLOW_PRIVATE_IP_ADDRESS=${ALLOW_PRIVATE_IP_ADDRESS:-false}
GENERATE_FONTS=${GENERATE_FONTS:-true}
@ -344,6 +349,12 @@ update_ds_settings(){
${JSON} -I -e "if(this.wopi===undefined)this.wopi={}"
${JSON} -I -e "this.wopi.enable = true"
fi
if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then
${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}"
[ "${ALLOW_META_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true"
[ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true"
fi
}
create_postgresql_cluster(){
@ -358,9 +369,8 @@ create_postgresql_cluster(){
}
create_postgresql_db(){
sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';"
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;"
sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
}
create_db_tbl() {
@ -492,15 +502,6 @@ update_nginx_settings(){
documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
}
update_supervisor_settings(){
# Copy modified supervisor start script
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
# Copy modified supervisor config
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf etc/supervisor/conf.d/
}
update_log_settings(){
${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
}
@ -601,7 +602,7 @@ else
update_welcome_page
fi
find /etc/${COMPANY_NAME} -exec chown ds:ds {} \;
find /etc/${COMPANY_NAME} ! -path '*logrotate*' -exec chown ds:ds {} \;
#start needed local services
for i in ${LOCAL_SERVICES[@]}; do
@ -627,7 +628,6 @@ if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
update_nginx_settings
update_supervisor_settings
service supervisor start
# start cron to enable log rotating

35
tests/postgres.yml Normal file

@ -0,0 +1,35 @@
version: '2.1'
services:
onlyoffice-documentserver:
container_name: onlyoffice-documentserver
build:
context: ../.
depends_on:
- onlyoffice-postgresql
environment:
- DB_TYPE=${DB_TYPE:-postgres}
- DB_HOST=${DB_HOST:-onlyoffice-postgresql}
- DB_PORT=${DB_PORT:-5432}
- DB_NAME=${DB_NAME:-onlyoffice}
- DB_USER=${DB_USER:-onlyoffice}
- DB_PWD=${DB_PWD:-onlyoffice}
stdin_open: true
restart: always
ports:
- '80:80'
onlyoffice-postgresql:
container_name: onlyoffice-postgresql
image: postgres:${POSTGRES_VERSION:-12}
environment:
- POSTGRES_DB=${POSTGRES_DB:-onlyoffice}
- POSTGRES_USER=${POSTGRES_USER:-onlyoffice}
- POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
restart: always
expose:
- '5432'
volumes:
- postgresql_data:/var/lib/postgresql
volumes:
postgresql_data:

46
tests/prometheus.yml Normal file

@ -0,0 +1,46 @@
version: '2.1'
services:
onlyoffice-documentserver:
container_name: onlyoffice-documentserver
build:
context: ../.
depends_on:
- onlyoffice-statsd-exporter
environment:
- METRICS_ENABLED=${METRICS_ENABLED:-true}
- METRICS_HOST=${METRICS_HOST:-onlyoffice-statsd-exporter}
- METRICS_PORT=${METRICS_PORT:-9125}
- METRICS_PREFIX=${METRICS_PREFIX:-ds.}
stdin_open: true
restart: always
ports:
- '80:80'
onlyoffice-statsd-exporter:
container_name: onlyoffice-statsd-exporter
image: prom/statsd-exporter
command: --statsd.event-flush-interval=30000ms
ports:
- '9102:9102'
- '9125:9125/tcp'
- '9125:9125/udp'
onlyoffice-prometheus:
container_name: onlyoffice-prometheus
image: prom/prometheus
ports:
- '9090:9090'
volumes:
- ./prometheus/prometheus-scrape/statsd-exporter.yml:/etc/prometheus/prometheus.yml
grafana:
container_name: onlyoffice-grafana
image: bitnami/grafana
ports:
- '3000:3000'
environment:
- 'GF_SECURITY_ADMIN_PASSWORD=G0pGE4'
volumes:
- ./prometheus/grafana/conf/prometheus.yml:/opt/bitnami/grafana/conf/provisioning/datasources/prometheus.yml
- ./prometheus/grafana/conf/default-provider.yaml:/opt/bitnami/grafana/conf/provisioning/dashboards/default-provider.yaml
- ./prometheus/grafana/dashboards:/opt/bitnami/grafana/dashboards

@ -0,0 +1,23 @@
apiVersion: 1
providers:
# <string> an unique provider name
- name: 'default-provider'
# <int> org id. will default to orgId 1 if not specified
orgId: 1
# <string, required> name of the dashboard folder. Required
folder: dashboards
# <string> folder UID. will be automatically generated if not specified
folderUid: ''
# <string, required> provider type. Required
type: file
# <bool> disable dashboard deletion
disableDeletion: false
# <bool> enable dashboard editing
editable: true
# <int> how often Grafana will scan for changed dashboards
updateIntervalSeconds: 10
options:
# <string, required> path to dashboard files on disk. Required
path: /opt/bitnami/grafana/dashboards
# <bool> enable folders creation for dashboards
#foldersFromFilesStructure: true

@ -0,0 +1,6 @@
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
url: http://onlyoffice-prometheus:9090
editable: true

File diff suppressed because it is too large Load Diff

@ -0,0 +1,6 @@
scrape_configs:
- job_name: 'statsd'
scrape_interval: 30s
static_configs:
- targets:
- onlyoffice-statsd-exporter:9102