fix(ci/cd): Missing apt update, wrong exit code

fix(ci/cd): Cache apt packages
chore: Disaable jobs from upstream
2024-09-22 23:13:52 +02:00 · 2024-09-22 23:05:26 +02:00 · 2024-09-22 22:59:30 +02:00 · 2024-09-22 22:52:58 +02:00 · 2024-09-22 22:23:41 +02:00 · 2024-09-22 22:23:18 +02:00
42 changed files with 4928 additions and 303 deletions
--- a/.envrc
+++ b/.envrc
@ -0,0 +1 @@
 use nix
--- a/.gitea/ISSUE_TEMPLATE.md
+++ b/.gitea/ISSUE_TEMPLATE.md
@ -0,0 +1,13 @@
 **Do you want to request a *feature* or report a *bug*?**
 **What is the current behavior?**
 **If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.**
 **What is the expected behavior?**
 **Did this work in previous versions of DocumentServer?**
 **DocumentServer Docker tag:**
 **Host Operating System:**
--- a/.gitea/workflows/4testing-build.yml.arch
+++ b/.gitea/workflows/4testing-build.yml.arch
@ -0,0 +1,174 @@
 ### This workflow setup instance then build and push images ###
 name: 4testing multiarch-build
 run-name: >-
  Build #${{ inputs.build }} [
  ${{ inputs.amd64 && 'AMD64' || '-' }}
  ${{ inputs.arm64 && 'ARM64' || '-' }}
  ] [
  ${{ inputs.community && 'CE' || '-' }}
  ${{ inputs.developer && 'DE' || '-' }}
  ${{ inputs.enterprise && 'EE' || '-' }}
  ]
 on:
  workflow_dispatch:
    inputs:
      build:
        description: 'Build number (ex. 45)'
        type: string
        required: true
      amd64:
        type: boolean
        description: 'Build AMD64'
        default: true
      arm64:
        type: boolean
        description: 'Build ARM64'
        default: true
      community:
        type: boolean
        description: 'Build Community Edition'
        default: true
      enterprise:
        type: boolean
        description: 'Build Enterprise Edition'
        default: true
      developer:
        type: boolean
        description: 'Build Developer Edition'
        default: true
 env: 
  COMPANY_NAME: "onlyoffice"
  PRODUCT_NAME: "documentserver"
 jobs:
  prepare:
    runs-on: ubuntu-latest
    steps:
      - id: matrix
        run: |
          set -ex
          BRANCH_NAME=${GITHUB_REF#refs/heads/}
          if ! [[ $BRANCH_NAME == develop || $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
            echo "Wrong branch."
            exit 1
          fi
          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
          if [ -z ${PLATFORMS} ]; then
            echo "None of the platforms are selected."
            exit 1
          fi
          [ ${{ github.event.inputs.community }} = true ] && EDITIONS+=("community")
          [ ${{ github.event.inputs.enterprise }} = true ] && EDITIONS+=("enterprise")
          [ ${{ github.event.inputs.developer }} = true ] && EDITIONS+=("developer")
          if [ -z ${EDITIONS} ]; then
            echo "None of the editions are selected."
            exit 1
          fi
          echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT
    outputs:
      editions: ${{ steps.matrix.outputs.editions }}
  build:
    name: "Build ${{ matrix.image }}-${{ matrix.edition }}"
    runs-on: ubuntu-latest
    needs: prepare
    strategy:
      fail-fast: false
      matrix:
        image: ["documentserver"]
        edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
    steps:
      - name: Checkout code 
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: Build 4testing
        id: build-ds
        run: |
          set -eux
          ### ==>> At this step build variable declaration ###
          case ${{ matrix.edition }} in
            community)
              PRODUCT_EDITION=""
              ;;
            enterprise)
              PRODUCT_EDITION="-ee"
              ;;
            developer)
              PRODUCT_EDITION="-de"
              ;;
          esac
          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
          PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')
          BRANCH_NAME=${GITHUB_REF#refs/heads/}
          if [ $BRANCH_NAME = develop ]; then
            BUILD_CHANNEL=nightly
            PRODUCT_VERSION=99.99.99
          elif [[ $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
            BUILD_CHANNEL=test
            PRODUCT_VERSION=${BRANCH_NAME#*/v}
          fi
          BUILD_NUMBER=${{ github.event.inputs.build }}
          export PRODUCT_EDITION
          export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
          export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
          export BUILD_CHANNEL
          export PLATFORM
          export DOCKERFILE=Dockerfile
          export PREFIX_NAME=4testing-
          export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
          ### ==>> Build and push images at this step ###
          docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
          echo "DONE: Build success"
          ### Set output for Zap scanner
          ### NOTE: Output will be used only in release/hotfix branches
          echo "version=${TAG}" >> "$GITHUB_OUTPUT"
          echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
        shell: bash
      # Run scanner only when edition is community 
      # and branch hit release/ or hotfix/
      - name: Trigger zap manualy
        if: >-
             matrix.edition == 'community' &&
             (startsWith(steps.build-ds.outputs.branch, 'release/') ||
              startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
        env:
          VERSION: ${{ steps.build-ds.outputs.version }}
          BRANCH: ${{ steps.build-ds.outputs.branch }}
          GITHUB_TOKEN: ${{ secrets.TOKEN }}
        run: |
            gh workflow run zap-ds.yaml \
                 --repo ${{ github.repository }} \
                 -f branch=${BRANCH} \
                 -f version=${VERSION}
        shell: bash
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@ -0,0 +1,66 @@
 name: Build
 on:
  schedule:
    - cron: "0 0 * * 1"
  push:
    tags:        
      - 'manual_build'
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Get upstream repository
        run: |
          git clone https://github.com/ONLYOFFICE/DocumentServer/ upstream
      - name: Extract tags and labels for Docker
        id: meta
        run: |
          export VERSION="$(cd upstream && git describe --tags --abbrev=0 | cut -d 'v' -f2-)" 
          echo "Version: ${VERSION}"
          echo "tag=${VERSION}" >> $GITHUB_OUTPUT
        shell: bash
      - name: Check if the image was already built
        id: check-build-status
        run: |
          echo ${{ steps.meta.outputs.tag }}
          if curl --silent -f -lSL "https://hub.docker.com/v2/repositories/jiriks74/onlyoffice-documentserver/tags/$(echo ${{ steps.meta.outputs.tag }})" > /dev/null; then echo "Already exists" && exit 1; else echo "Desn't exist" && exit 0; fi
      - name: Set tag in Dockerfile
        run: |
          sed -i "s/ARG PACKAGE_VERSION=/ARG PACKAGE_VERSION=$(echo ${{ steps.meta.outputs.tag }} | cut -d ':' -f2)/g" Dockerfile
      - name: Update repositories
        run: sudo apt update
      - name: Install Docker
        uses: awalsh128/cache-apt-pkgs-action@latest
        with:
          packages: docker.io
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        with:
          platforms: linux/amd64,linux/arm64
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build and push image
        uses: docker/build-push-action@v2
        with:
          push: true
          tags: jiriks74/onlyoffice-documentserver:${{ steps.meta.outputs.tag }},jiriks74/onlyoffice-documentserver:latest
          platforms: linux/amd64,linux/arm64
          context: .
          file: ./Dockerfile
--- a/.gitea/workflows/cron-rebuild-trigger.yml.arch
+++ b/.gitea/workflows/cron-rebuild-trigger.yml.arch
@ -0,0 +1,22 @@
 ---
 name: Trigger 4testing rebuild
 run-name: "Weekly 4testing rebuild trigger"
 on: 
  schedule:
    # Run every Saturday at 10 p.m.   
    - cron: '00 22 * * 6'
 jobs: 
  trigger-rebuild:
    name: "trigget-rebuild"
    runs-on: "ubuntu-latest"
    steps:
      - name: Rebuild 4testing manualy
        env: 
          GITHUB_TOKEN: ${{ secrets.TOKEN }}
        run: |
          gh workflow run rebuild.yml \
              --repo ONLYOFFICE/Docker-DocumentServer \
              -f repo=4test
--- a/.gitea/workflows/rebuild.yml.arch
+++ b/.gitea/workflows/rebuild.yml.arch
@ -0,0 +1,224 @@
 ---
 name: Rebuild Docker-Documentserver 
 run-name: >
        Rebuild DocumentServer with secure updates for repo: ${{ github.event.inputs.repo }}
 on:
  workflow_dispatch:
    inputs:
      repo:
        type: choice
        description: Please, choose upload repo..
        options:
        - '4test'
        - 'stable'
 permissions:
  # All other permissions are set to none
  contents: read
  # Technically read access while waiting for images should be more than enough. However,
  # there is a bug in GitHub Actions/Packages and in case private repositories are used, you get a permission
  # denied error when attempting to just pull private image, changing the token permission to write solves the
  # issue. This is not dangerous, because if it is for "ONLYOFFICE/Docker-DocumentServer", only maintainers can use ds-rebuild.yaml
  # If it is for a fork, then the token is read-only anyway.
  packages: read
 env: 
  COMPANY_NAME: "onlyoffice"
  PRODUCT_NAME: "documentserver" 
  REGISTRY_URL: "https://hub.docker.com/v2/repositories"  
 jobs:
  rebuild-info:
    name: "Rebuild-info"
    runs-on: "ubuntu-22.04"
    env:
      REPO_INPUTS: ${{ github.event.inputs.repo }}
      EVENT: ${{ github.event_name }}
    outputs: 
      stable-versions: ${{ steps.selective-checks.outputs.stable-versions }}
      ucs-versions: ${{ steps.selective-checks.outputs.ucs-versions }}
      minor-tags: ${{ steps.selective-checks.outputs.minor-tags }}
      ucs-rebuild-condition: ${{ steps.selective-checks.outputs.ucs-rebuild-condition }}
      prefix-name: ${{ steps.selective-checks.outputs.prefix-name }}
      repo: ${{ steps.selective-checks.outputs.repo }}
    steps:
      - name: Selective checks
        id: selective-checks
        run: |
            set -e
            REPO=${REPO_INPUTS:-"4test"}
            if [ "${REPO}" == "stable" ]; then
                 UCS_REBUILD=true
                 UCS_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}-ucs/tags/?page_size=100 | \
                            jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
                 echo "ucs-versions=$(jq -c -n '$ARGS.positional' --args "${UCS_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
            elif
               [ "${REPO}" == "4test" ]; then 
                 UCS_REBUILD=false
                 PREFIX_NAME=4testing-
            fi
            STABLE_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 | \
                            jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
            # When rebuilding stable versions of the document server, 
            # it is necessary to determine the version from which the 
            # minor x.x tag will need to be pushed.        
            VERSIONS=(${STABLE_VERSIONS[@]})
            for i in {1..10}; do
                 if [ -z "${VERSIONS}" ]; then
                     break
                 else 
                     TEMPLATE=${VERSIONS[0]%.*.*}
                     TEMPLATE_MINOR=$(printf -- '%s\n' "${VERSIONS[@]}" | grep -o -m 1 "${VERSIONS[0]%.*.*}.[0-9].[0-9]")
                     MINOR_TAGS+=(${TEMPLATE_MINOR%.*})
                     for v in ${MINOR_TAGS[@]}; do
                          VERSIONS=(${VERSIONS[@]//${v%.*}.*.*})
                     done
                 fi
            done
            echo "Stable releases that will be rebuilded"
            echo "--------------------------------------"
            echo "${STABLE_VERSIONS[@]}"
            echo
            echo 
            echo "Ucs releases that will be rebuilded"
            echo "-----------------------------------"
            echo "${UCS_VERSIONS[@]}"
            echo "stable-versions=$(jq -c -n '$ARGS.positional' --args "${STABLE_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
            echo "minor-tags=${MINOR_TAGS[@]}" >> "$GITHUB_OUTPUT"
            echo "ucs-rebuild-condition=${UCS_REBUILD}" >> "$GITHUB_OUTPUT"
            echo "prefix-name=${PREFIX_NAME}" >>  "$GITHUB_OUTPUT"
            echo "repo=${REPO}" >> "$GITHUB_OUTPUT"
        shell: bash
  re-build-stable:
    name: "Rebuild stable:${{ matrix.version }} ${{ matrix.edition }}"
    needs: [rebuild-info]
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        type: ["stable"]
        edition: ["", "-ee", "-de"]
        version: ${{fromJSON(needs.rebuild-info.outputs.stable-versions)}}
    steps:
      - name: Checkout code 
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2      
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
     # Determines the new build number based 
     # on data from the hub.docker registry
      - name: Declare release number
        id: release-number
        env: 
          REBUILD_VERSION: ${{ matrix.version }}
        run: |
          MINOR_VERSION=${REBUILD_VERSION%.*} 
          LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
          | jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
          LAST_RELEASE=${LAST_RELEASE#*.*.*.}
          echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"   
        shell: bash  
    #  Note: Rebuilding images with an 
    #  extra layer to update security and 
    #  all dependencies. Update tags got +1 to previous release.
      - name: Re-build documentserver-stable
        env:
          MINOR_TAGS_ST: ${{ needs.rebuild-info.outputs.minor-tags }}
          VERSION: ${{ matrix.version }}
          RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
          PREFIX_NAME: ${{ needs.rebuild-info.outputs.prefix-name }}
          REPO: ${{ needs.rebuild-info.outputs.repo }}
          PRODUCT_EDITION: ${{ matrix.edition }}
        run: |
            set -eux
            export PULL_TAG=${VERSION}
            export TAG=${VERSION%.*}.${RELEASE_NUMBER}
            export SHORTER_TAG=${VERSION%.*}
            export SHORTEST_TAG=${VERSION%.*.*}
            if [ "${REPO}" == "stable" ]; then
                 MINOR_TAGS=(${MINOR_TAGS_ST})
                 for v in ${MINOR_TAGS[@]}; do
                     if [ "${SHORTER_TAG}" == "${v}" ]; then
                         export PUSH_MAJOR="true"
                     fi
                 done
                 if [ "${SHORTER_TAG}" == "${MINOR_TAGS[0]}" ]; then
                     export LATEST="true"
                 fi
            fi
            docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
        shell: bash
  re-build-ucs:
    name: "Rebuild ucs: ${{ matrix.version }} ${{ matrix.edition }}"
    if: needs.rebuild-info.outputs.ucs-rebuild-condition == 'true'
    needs: [rebuild-info]
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        type: ["ucs"]
        edition: ["", "-ee"]
        version: ${{fromJSON(needs.rebuild-info.outputs.ucs-versions)}}
    steps:
      - name: Checkout code 
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      # Determines the new build number based 
      # on data from the hub.docker registry
      - name: Declare release number
        id: release-number
        env: 
          REBUILD_VERSION: ${{ matrix.version }}
        run: |
          MINOR_VERSION=${REBUILD_VERSION%.*} 
          LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
                        | jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
          LAST_RELEASE=${LAST_RELEASE#*.*.*.}
          echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
        shell: bash       
      #  Note: Rebuilding images with an 
      #  extra layer to update security and 
      #  all dependencies. Update tags +1 to previous release.
      - name: Re-build documentserver-ucs
        env: 
          VERSION: ${{ matrix.version }}
          RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
          PRODUCT_EDITION: ${{ matrix.edition }}
        run: |
            set -eux
            export PULL_TAG=${VERSION}
            export TAG=${VERSION%.*}.${RELEASE_NUMBER}
            export SHORTER_TAG=${VERSION%.*}
            export SHORTEST_TAG=${VERSION%.*.*}
            export UCS_REBUILD=true
            export UCS_PREFIX=-ucs
            docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
        shell: bash
--- a/.gitea/workflows/stable-build.yml.arch
+++ b/.gitea/workflows/stable-build.yml.arch
@ -0,0 +1,137 @@
 ### This workflow setup instance then build and push images ###
 name: Multi-arch build stable
 run-name: ${{ inputs.tag }} (${{ inputs.release_number }})
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag for release (ex. 1.2.3.45)'
        type: string
        required: true
      release_number:
        description: 'Sequence number of the release (ex. x.x.x.<number>)'
        type: string
        required: true
        default: '1'
 env:
  COMPANY_NAME: "onlyoffice"
  PRODUCT_NAME: "documentserver" 
 jobs:
  build:
    name: "Release image: DocumentServer${{ matrix.edition }}"
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        images: ["documentserver-stable"]
        edition: ["", "-ee", "-de"]
    steps:
      - name: Checkout code 
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: Build documentserver-release
        run: |
          set -eux
          VERSION=${{ github.event.inputs.tag }}
          RELEASE_NUMBER=${{ github.event.inputs.release_number }}
          PRODUCT_EDITION=${{ matrix.edition }}
          TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
            export PRODUCT_EDITION
            export PULL_TAG=${VERSION}
            export TAG=${VERSION%.*}.${RELEASE_NUMBER}
            export SHORTER_TAG=${VERSION%.*}
            export SHORTEST_TAG=${VERSION%.*.*}
            docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
            echo "DONE: Build success >> exit with 0"
            exit 0
        shell: bash
  build-nonexample:
    name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
    runs-on: ubuntu-latest
    needs: [build]
    if: ${{ false }}
    strategy:
      fail-fast: false
      matrix:
        images: ["documentserver-nonexample"]
        edition: ["", "-ee", "-de"]
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: build image
        run: |
          set -eux
          VERSION=${{ github.event.inputs.tag }}
          RELEASE_NUMBER=${{ github.event.inputs.release_number }}
          export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER}
          export PRODUCT_EDITION=${{ matrix.edition }}
          export TAG=${VERSION%.*}.${RELEASE_NUMBER}
          docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
        shell: bash
  build-ucs-ubuntu20:
    name: "Release image: DocumentServer${{ matrix.edition }}-ucs"
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        edition: ["", "-ee"]
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: build UCS
        run: |
           set -eux
           VERSION=${{ github.event.inputs.tag }}
           RELEASE_NUMBER=${{ github.event.inputs.release_number }}
           export PRODUCT_EDITION=${{ matrix.edition }}
           export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
           export DOCKERFILE=Dockerfile
           export BASE_IMAGE=ubuntu:20.04
           export PG_VERSION=12
           export TAG=${VERSION%.*}.${RELEASE_NUMBER}
           export PACKAGE_VERSION=$( echo ${VERSION} |  sed -E 's/(.*)\./\1-/')
           docker buildx bake -f docker-bake.hcl documentserver-ucs --push
        shell: bash
--- a/.gitea/workflows/zap-ds.yaml.arch
+++ b/.gitea/workflows/zap-ds.yaml.arch
@ -0,0 +1,70 @@
 ---
 name: Scanning DocumentServer with ZAP
 run-name: > 
      ZAP DocumentServer ver: ${{ github.event.inputs.version }} from branch: ${{ github.event.inputs.branch }}
 on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Set DocumentServer version that will be deployed'
        type: string
        required: true
      branch:
        description: 'The branch from which the scan will be performed'
        type: string
        required: true
 jobs:
  zap:
    name: "Zap scanning DocumentServer"
    runs-on: ubuntu-latest
    permissions:
      issues: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Run DS
        id: run-ds
        env:
          TAG: ${{ github.event.inputs.version }}
        run: |
           # Create ssl certs
           openssl genrsa -out tls.key 2048
           openssl req -new -key tls.key -out tls.csr -subj "/C=RU/ST=NizhObl/L=NizhNov/O=RK-Tech/OU=TestUnit/CN=TestName"
           openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
           openssl dhparam -out dhparam.pem 2048
           sudo mkdir -p /app/onlyoffice/DocumentServer/data/certs
           sudo cp ./tls.key /app/onlyoffice/DocumentServer/data/certs/
           sudo cp ./tls.crt /app/onlyoffice/DocumentServer/data/certs/
           sudo cp ./dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
           sudo chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
           rm ./tls.key ./tls.crt ./dhparam.pem
           # Run Ds with enabled ssl
           export CONTAINER_NAME="documentserver"
           sudo docker run -itd \
                           --name ${CONTAINER_NAME} \
                           -p 80:80 \
                           -p 443:443 \
                           -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
                           onlyoffice/4testing-documentserver:${TAG}
           sleep 60
           sudo docker exec ${CONTAINER_NAME} sudo supervisorctl start ds:example
           LOCAL_IP=$(hostname -I | awk '{print $1}')
           echo "local-ip=${LOCAL_IP}" >> "$GITHUB_OUTPUT"
      # Scan DocumentServer with ZAP.
      # NOTE: Full scan get a lot of time.
      # If you want make scan more faster (but less accurate) remove `cmd options` field
      # -j mean that scanning use AJAX Spider, with this spider the scan takes approximately an hour
      # Without any cmd options will be used default spider and the scan takes approximately ~10-15 minutes
      - name: ZAP Scan
        uses: zaproxy/action-full-scan@v0.8.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
          target: 'https://${{ steps.run-ds.outputs.local-ip }}/'
          allow_issue_writing: false
          cmd_options: '-j'
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 # Nix, direnv
 .direnv
--- a/.travis.yml
+++ b/.travis.yml
@ -0,0 +1,131 @@
 language: generic
 dist: trusty
 env:
  # community edition
  - config: standalone.yml
  # integration edition
  - config: standalone.yml
    PRODUCT_NAME: documentserver-ie
  # certificates (default tls if onlyoffice not exists)
  - config: certs.yml
    ssl: true
  # certificates (default onlyoffice if exists)
  - config: certs.yml
    ssl: true
    private_key: onlyoffice.key
    certificate_request: onlyoffice.csr
    certificate: onlyoffice.crt
  # custom certificates
  - config: certs-customized.yml
    ssl: true
    private_key: mycert.key
    certificate_request: mycert.csr
    certificate: mycert.crt
    SSL_CERTIFICATE_PATH: /var/www/onlyoffice/Data/certs/mycert.crt
    SSL_KEY_PATH: /var/www/onlyoffice/Data/certs/mycert.key
  # postgresql 16
  - config: postgres.yml
    POSTGRES_VERSION: 16
  # postgresql 15
  - config: postgres.yml
    POSTGRES_VERSION: 15
  # postgresql 14
  - config: postgres.yml
    POSTGRES_VERSION: 14
  # postgresql 13
  - config: postgres.yml
    POSTGRES_VERSION: 13
  # postgresql 12
  - config: postgres.yml
  # postgresql custom values
  - config: postgres.yml
    DB_NAME: mydb
    DB_USER: myuser
    DB_PWD: password
    POSTGRES_DB: mydb
    POSTGRES_USER: myuser
  # postgresql deprecated variables
  - config: postgres-old.yml
  # mysql 8
  - config: mysql.yml
    MYSQL_VERSION: 8
  # mysql 5
  - config: mysql.yml
    MYSQL_VERSION: 5
  # mysql 5.7
  - config: mysql.yml
  # mariadb 10
  - config: mariadb.yml
    MARIADB_VERSION: 10
  # mariadb 10.5
  - config: mariadb.yml
  - config: activemq.yml
    ACTIVEMQ_VERSION: latest
  # activemq 5.14.3
  - config: activemq.yml
  # rabbitmq latest
  - config: rabbitmq.yml
  # rabbitmq 3
  - config: rabbitmq.yml
    RABBITMQ_VERSION: 3
  # rabbitmq old variables
  - config: rabbitmq-old.yml
  # redis latest with community edition
  - config: redis.yml
  # redis latest with integraion edition
  - config: redis.yml
    PRODUCT_NAME: documentserver-ie
  # redis 6
  - config: redis.yml
    REDIS_VERSION: 6
  # redis 5
  - config: redis.yml
    REDIS_VERSION: 5
  # graphite
  - config: graphite.yml
 services:
  - docker
 script:
  # Go to tests dir
  - cd ${PWD}/tests
  # Run test.
  - ./test.sh
--- a/80
+++ b/80
@ -1,37 +1,44 @@
-FROM ubuntu:16.04
+ARG BASE_IMAGE=ubuntu:22.04
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
+FROM ${BASE_IMAGE} as documentserver
 LABEL maintainer Jiří Štefka <jiri.stefka.js@gmail.com>
 ARG PG_VERSION=14
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION}
 ARG ONLYOFFICE_VALUE=onlyoffice
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
-    apt-get -yq install wget apt-transport-https curl locales && \
+    apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \
    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
    locale-gen en_US.UTF-8 && \
-    curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
+    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
    apt-get -y update && \
    apt-get -yq install \
        adduser \
        apt-utils \
        bomstrip \
        certbot \
        cron \
        curl \
        htop \
        libasound2 \
        libboost-regex-dev \
        libcairo2 \
-        libcurl3 \
+        libcurl3-gnutls \
-        libgconf2-4 \
+        libcurl4 \
-        libgtkglext1 \
+        libgtk-3-0 \
        libnspr4 \
        libnss3 \
        libnss3-nssdb \
        libstdc++6 \
        libxml2 \
        libxss1 \
        libxtst6 \
        mysql-client \
        nano \
        net-tools \
-        netcat \
+        netcat-openbsd \
        nginx-extras \
        nodejs \
        postgresql \
        postgresql-client \
        pwgen \
@ -40,11 +47,18 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
        software-properties-common \
        sudo \
        supervisor \
        ttf-mscorefonts-installer \
        xvfb \
        zlib1g && \
-    sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" && \
+    if [  $(ls -l /usr/share/fonts/truetype/msttcorefonts | wc -l) -ne 61 ]; \
-    sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" && \
+        then echo 'msttcorefonts failed to download'; exit 1; fi  && \
-    sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" && \ 
+    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
    sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
    sed 's|\(application\/zip.*\)|\1\n    application\/wasm wasm;|' -i /etc/nginx/mime.types && \
    pg_conftool $PG_VERSION main set listen_addresses 'localhost' && \
    service postgresql restart && \
    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE OWNER $ONLYOFFICE_VALUE;" && \
    service postgresql stop && \
    service redis-server stop && \
    service rabbitmq-server stop && \
@ -52,24 +66,38 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    service nginx stop && \
    rm -rf /var/lib/apt/lists/*
-COPY config /app/onlyoffice/setup/config/
+COPY config/supervisor/supervisor /etc/init.d/
-COPY run-document-server.sh /app/onlyoffice/run-document-server.sh
+COPY config/supervisor/ds/*.conf /etc/supervisor/conf.d/
 COPY run-document-server.sh /app/ds/run-document-server.sh
 EXPOSE 80 443
-ARG REPO_URL="deb http://download.onlyoffice.com/repo/debian squeeze main"
+ARG COMPANY_NAME=onlyoffice
-ARG PRODUCT_NAME=onlyoffice-documentserver
+ARG PRODUCT_NAME=documentserver
 ARG PRODUCT_EDITION=
 ARG PACKAGE_VERSION=
 ARG TARGETARCH
 ARG PACKAGE_BASEURL="http://download.onlyoffice.com/install/documentserver/linux"
-RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/onlyoffice.list && \
+ENV COMPANY_NAME=$COMPANY_NAME \
    PRODUCT_NAME=$PRODUCT_NAME \
    PRODUCT_EDITION=$PRODUCT_EDITION \
    DS_DOCKER_INSTALLATION=true
 RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VERSION:+_$PACKAGE_VERSION}_${TARGETARCH:-$(dpkg --print-architecture)}.deb" && \
    wget -q -P /tmp "$PACKAGE_BASEURL/$PACKAGE_FILE" && \
    apt-get -y update && \
    service postgresql start && \
-    apt-get --allow-unauthenticated -yq install $PRODUCT_NAME && \
+    apt-get -yq install /tmp/$PACKAGE_FILE && \
    service postgresql stop && \
    chmod 755 /etc/init.d/supervisor && \
    sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
    service supervisor stop && \
-    chmod 755 /app/onlyoffice/*.sh && \
+    chmod 755 /app/ds/*.sh && \
-    rm -rf /var/log/onlyoffice && \
+    rm -f /tmp/$PACKAGE_FILE && \
    rm -rf /var/log/$COMPANY_NAME && \
    rm -rf /var/lib/apt/lists/*
-VOLUME /etc/onlyoffice /var/log/onlyoffice /var/lib/onlyoffice /var/www/onlyoffice/Data /var/lib/postgresql /usr/share/fonts/truetype/custom
+VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom
-CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'
+ENTRYPOINT ["/app/ds/run-document-server.sh"]
--- a/78
+++ b/78
@ -1,46 +1,66 @@
-COMPANY_NAME ?= onlyoffice
+COMPANY_NAME ?= ONLYOFFICE
-GIT_BRANCH ?= origin/develop
+GIT_BRANCH ?= develop
-PRODUCT_NAME ?= documentserver-ie
+PRODUCT_NAME ?= documentserver
 PRODUCT_EDITION ?= 
 PRODUCT_VERSION ?= 0.0.0
 BUILD_NUMBER ?= 0
 BUILD_CHANNEL ?= nightly
 ONLYOFFICE_VALUE ?= onlyoffice
-PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
+COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
-REPO_URL := "deb http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
+PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)
 PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch
 PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian
-UPDATE_LATEST := false
+ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test))
-
+	DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)
 ifneq (,$(findstring develop,$(GIT_BRANCH)))
 DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))
 DOCKER_TAGS += latest
 else ifneq (,$(findstring release,$(GIT_BRANCH)))
 DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))
 else ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
 DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))
 else
-DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+	DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)-$(subst /,-,$(GIT_BRANCH))
 endif
-DOCKER_REPO = $(COMPANY_NAME)/4testing-$(PRODUCT_NAME)
+DOCKER_ORG ?= $(COMPANY_NAME_LOW)
 DOCKER_IMAGE := $(DOCKER_ORG)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION)
 DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy
 DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)_$(DOCKER_TAG).tar.gz
-COLON := __colon__
+.PHONY: all clean clean-docker image deploy docker
 DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
-.PHONY: all clean clean-docker deploy docker
+$(DOCKER_DUMMY):
-
+	docker pull ubuntu:22.04
-$(DOCKER_TARGETS): $(DEB_REPO_DATA)
+	docker build \
-
+		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
-	sudo docker build --build-arg REPO_URL=$(REPO_URL) --build-arg PRODUCT_NAME=$(COMPANY_NAME)-$(PRODUCT_NAME) -t $(subst $(COLON),:,$@) . &&\
+		--build-arg PRODUCT_NAME=$(PRODUCT_NAME) \
-	mkdir -p $$(dirname $@) &&\
+		--build-arg PRODUCT_EDITION=$(PRODUCT_EDITION) \
 		--build-arg PACKAGE_VERSION=$(PACKAGE_VERSION) \
 		--build-arg PACKAGE_BASEURL=$(PACKAGE_BASEURL) \
 		--build-arg TARGETARCH=amd64 \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
 		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
 	mkdir -p $$(dirname $@) && \
 	echo "Done" > $@
-all: $(DOCKER_TARGETS)
+$(DOCKER_ARCH): $(DOCKER_DUMMY)
 	docker save $(DOCKER_IMAGE):$(DOCKER_TAG) | \
 		gzip > $@
 all: image
 clean:
-	rm -rfv $(DOCKER_TARGETS)
+	rm -rfv *.dummy *.tar.gz
 clean-docker:
-	sudo docker rmi -f $$(sudo docker images -q $(COMPANY_NAME)/*) || exit 0
+	docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0
-deploy: $(DOCKER_TARGETS)
+image: $(DOCKER_DUMMY)
-	$(foreach TARGET,$(DOCKER_TARGETS),sudo docker push $(subst $(COLON),:,$(TARGET));)
+
 deploy: $(DOCKER_DUMMY)
 	for i in {1..3}; do \
 		docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \
 	done
 ifeq ($(BUILD_CHANNEL),nightly)
 	docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest
 	for i in {1..3}; do \
 		docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \
 	done
 endif
--- a/README.md
+++ b/README.md
@ -1,3 +1,190 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/jiriks74/onlyoffice-documentserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=pulls&logo=docker)](https://hub.docker.com/r/jiriks74/onlyoffice-documentserver)
 [![Docker Stars](https://img.shields.io/docker/stars/jiriks74/onlyoffice-documentserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/jiriks74/onlyoffice-documentserver)
 [![Docker Size](https://img.shields.io/docker/image-size/jiriks74/onlyoffice-documentserver/latest.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Size&logo=docker)](https://hub.docker.com/r/jiriks74/onlyoffice-documentserver)
 #### This repository is based on the official `Dockerfile` and `docker-compose.yml` files with all the needed files as well
 # Table of contents
 - [Usage](#usage)
  - [Setting up secret key with nextcloud](#setting-up-secret-key-with-nextcloud)
  - [Larger file limits](#setting-up-larger-file-limits)
  - [Generating custom presentation themes](#generating-custom-presentation-themes)
 - [Tags on DockerHub](#tags-used-on-dockerhub)
 - [Building the image from source](#building-the-image-yourself-not-recommended---may-take-a-lot-of-time)
  - [Updating the image yourself](#updating-the-image-yourself)
 ## Usage
 #### docker-compose with prebuilt image (recommended)
 - Docker will pull the correct architecture automatically
 - Below in `Details` you'll find a `docker-compose.yml` templete.
 To use it, make a directory where data from the container will be saved, create
 `docker-compose.yml` file in it and put the template from below in it.
 Then modify the template to your needs.
 <details>
 ```yml
 version: '2'
 services:
  onlyoffice-documentserver:
    image: jiriks74/onlyoffice-documentserver:latest
    container_name: onlyoffice-documentserver
    depends_on:
      - onlyoffice-postgresql
      - onlyoffice-rabbitmq
    environment:
      - DB_TYPE=postgres
      - DB_HOST=onlyoffice-postgresql
      - DB_PORT=5432
      - DB_NAME=onlyoffice
      - DB_USER=onlyoffice
      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
      # Uncomment strings below to enable the JSON Web Token validation.
      #- JWT_ENABLED=true
      #- JWT_SECRET=secret
      #- JWT_HEADER=AuthorizationJwt
      #- JWT_IN_BODY=true
      # Uncomment the line below to set larger file limits (about 1GB)
      #- LARGER_FILE_LIMITS=true
    ports:
      - '80:80'
      - '443:443'
    stdin_open: true
    restart: always
    stop_grace_period: 120s
    volumes:
       # Uncomment the line below to get access to the slide themes directory.
       # To use the themes, copy them to the slideThemes directory and run `docker exec -it <container-name> /usr/bin/documentserver-generate-allfonts.sh`
       #- ./slideThemes:/var/www/onlyoffice/documentserver/sdkjs/slide/themes/src
       - /var/www/onlyoffice/Data
       - /var/log/onlyoffice
       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
       - /var/www/onlyoffice/documentserver-example/public/files
       - /usr/share/fonts
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
    expose:
      - '5672'
  onlyoffice-postgresql:
    container_name: onlyoffice-postgresql
    image: postgres:9.5
    environment:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
      - POSTGRES_HOST_AUTH_METHOD=trust
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
 volumes:
  postgresql_data:
 ```
 </details>
 ### Setting up `Secret key` with Nextcloud
 1. Uncomment four lines starting with `JWT` in `docker-compose`
 2. Set your secret on line `JWT_SECRET=yourSecret`
 3. Open Nexcloud's `config.php` (by default `/var/www/nextcloud/config/config.php`)
 4. Add this to the 2nd last line (before the line with `);`) and paste in your secret (3rd last line)
 ```php
  'onlyoffice' =>
    array (
      "jwt_secret" => "yourSecret",
      "jwt_header" => "AuthorizationJwt"
  )
 ```
 5. Go to your Nextcloud settings, navigate to Onlyoffice settings
 6. Add your server Address and Secret key
 7. Save
 ### Setting up larger file limits
 - Uncomment the `- LARGER_FILE_LIMITS=true` line in `docker-compose.yml`
 ### Generating custom presentation themes
 1. Uncomment the
 `- ./slideThemes:/var/www/onlyoffice/documentserver/sdkjs/slide/themes/src`
 line in `docker-compose.yml`
 2. Put your themes into the `slideThemes` directory
 3. Run `docker exec -it <container-name> /usr/bin/documentserver-generate-allfonts.sh`
 	- (This will take some time. I have totally 35 themes and it took about 30 minutes to generate them on a Raspberry Pi 4 4GB on an external HDD - SSD may be faster)
 4. If you want to add more themes later, repeat step 2 and 3.
 ## Tags used on DockerHub
 - `latest` - the latest version of the Documentserver
 - Version tags (eg. `7.0.1-37`) - these tags are equal to the Documentserver
 version of the `onlyoffice-documentserver` debian package used in the image
 ## Building the image yourself (not recommended - may take a lot of time)
 #### 1. Clone the repository (for example to your home directory `cd /home/$USER/`) 
   `git clone https://github.com/jiriks74/Docker-DocumentServer.git && cd Docker-DocumentServer`
 #### 2. Build the docker image 
 ##### Building only for the architecture you are building the image on (when building on Raspberry Pi result will be `arm64`, when on pc result will be `amd64`) 
   `docker-compose build` 
 ##### Building for all supported architectures (you have to have your environment setup for emulation of arm64 with `qemu` and build it on `amd64`) - you have to push to DockerHub
   `docker buildx build --push --platform linux/arm64,linux/amd64,linux/386 .`
 #### 3. Create and start the container
   `docker-compose up -d`
   - This will start the server. It is set to be automatically started/restarted so as long you have docker running on startup this will start automatically
 ### Updating the image yourself
 #### 1. Stop and delete the old container
   `docker-compose down`
 #### 2. (optional) Clear the docker cache 
 ####    - ! This will remove all unused cache images ! (good for saving space, bad if you develop with and need cache, but you understand it at that point)
   `docker rmi $(docker images -f "dangling=true" -q)`
 #### 4. Rebuild the image without cache
 ##### Building only for the architecture you are building the image on (when building on Raspberry Pi result will be `arm64`, when on pc result will be `amd64`)
   `docker-compose build`
 ##### Building for all supported architectures (you have to have your environment setup for emulation of arm64 with `qemu`) - you'll have to push to DockerHub, multiplatform images cannot be saved locally (for whatever reason)
   `docker buildx build --push --platform linux/arm64,linux/amd64,linux/386 .`
 #### 3. Create and start the new container
   `docker-compose up -d`
 ---
 ## The rest of this file is the official [`README.md` from OnlyOffice-Documentserver repository](https://github.com/ONLYOFFICE/Docker-DocumentServer). I will not change anything in it, it may not work, but considering the changes I made, it should be fully compatible (beware that you must change the `docker-compose.yml` from building the image locally to using this repository). If you want to change something, make a issue on my repository and we'll figure it out.
 <details>
 * [Overview](#overview)
 * [Functionality](#functionality)
 * [Recommended System Requirements](#recommended-system-requirements)
@ -11,8 +198,10 @@
        + [Installation of the SSL Certificates](#installation-of-the-ssl-certificates)
        + [Available Configuration Parameters](#available-configuration-parameters)
 * [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
 * [ONLYOFFICE Document Server ipv6 setup](#onlyoffice-document-server-ipv6-setup)
 * [Issues](#issues)
    - [Docker Issues](#docker-issues)
    - [Document Server usage Issues](#document-server-usage-issues)
 * [Project Information](#project-information)
 * [User Feedback and Support](#user-feedback-and-support)
@ -20,6 +209,12 @@
 ONLYOFFICE Document Server is an online office suite comprising viewers and editors for texts, spreadsheets and presentations, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
 Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It has [three editions](https://github.com/ONLYOFFICE/DocumentServer#onlyoffice-document-server-editions). With this image, you will install the free Community version. 
 ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface.
 ***Important*** Please update `docker-engine` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
 ## Functionality ##
 * ONLYOFFICE Document Editor
 * ONLYOFFICE Spreadsheet Editor
@ -66,6 +261,8 @@ To get access to your data from outside the container, you need to mount the vol
        -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
        -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
        -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
        -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
        -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver
 Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
@ -93,10 +290,17 @@ To secure the application via SSL basically two things are needed:
 So you need to create and install the following files:
-        /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
+        /app/onlyoffice/DocumentServer/data/certs/tls.key
-        /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
+        /app/onlyoffice/DocumentServer/data/certs/tls.crt
-When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are have CA certified SSL certificates.
+When using CA certified certificates (e.g [Let's encrypt](https://letsencrypt.org)), these files are provided to you by the CA. If you are using self-signed certificates you need to generate these files [yourself](#generation-of-self-signed-certificates).
 #### Using the automatically generated Let's Encrypt SSL Certificates
        sudo docker run -i -t -d -p 80:80 -p 443:443 \
        -e LETS_ENCRYPT_DOMAIN=your_domain -e LETS_ENCRYPT_MAIL=your_mail  onlyoffice/documentserver
 If you want to get and extend Let's Encrypt SSL Certificates automatically just set LETS_ENCRYPT_DOMAIN and LETS_ENCRYPT_MAIL variables.
 #### Generation of Self Signed Certificates
@ -105,19 +309,19 @@ Generation of self-signed SSL certificates involves a simple 3 step procedure.
 **STEP 1**: Create the server private key
 ```bash
-openssl genrsa -out onlyoffice.key 2048
+openssl genrsa -out tls.key 2048
 ```
 **STEP 2**: Create the certificate signing request (CSR)
 ```bash
-openssl req -new -key onlyoffice.key -out onlyoffice.csr
+openssl req -new -key tls.key -out tls.csr
 ```
 **STEP 3**: Sign the certificate using the private key and CSR
 ```bash
-openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
+openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
 ```
 You have now generated an SSL certificate that's valid for 365 days.
@ -133,18 +337,18 @@ openssl dhparam -out dhparam.pem 2048
 #### Installation of the SSL Certificates
-Out of the four files generated above, you need to install the `onlyoffice.key`, `onlyoffice.crt` and `dhparam.pem` files at the onlyoffice server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
+Out of the four files generated above, you need to install the `tls.key`, `tls.crt` and `dhparam.pem` files at the onlyoffice server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
 The default path that the onlyoffice application is configured to look for the SSL certificates is at `/var/www/onlyoffice/Data/certs`, this can however be changed using the `SSL_KEY_PATH`, `SSL_CERTIFICATE_PATH` and `SSL_DHPARAM_PATH` configuration options.
-The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/app/onlyoffice/DocumentServer/data/` and copy the files into it and as a measure of security you will update the permission on the `onlyoffice.key` file to only be readable by the owner.
+The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/app/onlyoffice/DocumentServer/data/` and copy the files into it and as a measure of security you will update the permission on the `tls.key` file to only be readable by the owner.
 ```bash
 mkdir -p /app/onlyoffice/DocumentServer/data/certs
-cp onlyoffice.key /app/onlyoffice/DocumentServer/data/certs/
+cp tls.key /app/onlyoffice/DocumentServer/data/certs/
-cp onlyoffice.crt /app/onlyoffice/DocumentServer/data/certs/
+cp tls.crt /app/onlyoffice/DocumentServer/data/certs/
 cp dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
-chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
+chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
 ```
 You are now just one step away from having our application secured.
@ -157,23 +361,39 @@ Below is the complete list of parameters that can be set using environment varia
 - **ONLYOFFICE_HTTPS_HSTS_ENABLED**: Advanced configuration option for turning off the HSTS configuration. Applicable only when SSL is in use. Defaults to `true`.
 - **ONLYOFFICE_HTTPS_HSTS_MAXAGE**: Advanced configuration option for setting the HSTS max-age in the onlyoffice nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
- **SSL_CERTIFICATE_PATH**: The path to the SSL certificate to use. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.crt`.
+- **SSL_CERTIFICATE_PATH**: The path to the SSL certificate to use. Defaults to `/var/www/onlyoffice/Data/certs/tls.crt`.
- **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.key`.
+- **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/tls.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
- **POSTGRESQL_SERVER_HOST**: The IP address or the name of the host where the PostgreSQL server is running.
+- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.
- **POSTGRESQL_SERVER_PORT**: The PostgreSQL server port number.
+- **DB_HOST**: The IP address or the name of the host where the database server is running.
- **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup.
+- **DB_PORT**: The database server port number.
- **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account.
+- **DB_NAME**: The name of a database to use. Should be existing on container startup.
- **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account.
+- **DB_USER**: The new user name with superuser permissions for the database account.
- **RABBITMQ_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to RabbitMQ server.
+- **DB_PWD**: The password set for the database account.
 - **AMQP_URI**: The [AMQP URI](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
 - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
 - **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
+- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
+- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
 - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
 - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
 - **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`.
 - **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`.
 - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
 - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true`
 - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`.
 - **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`.
 - **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`.
 - **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
 - **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
 - **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
@ -190,10 +410,20 @@ Then launch containers on it using the 'docker run --net onlyoffice' option:
 Follow [these steps](#installing-mysql) to install MySQL server.
-**STEP 3**: Install ONLYOFFICE Document Server.
+**STEP 3**: Generate JWT Secret
 JWT secret defines the secret key to validate the JSON Web Token in the request to the **ONLYOFFICE Document Server**. You can specify it yourself or easily get it using the command:
 ```
 JWT_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12);
 ```
 **STEP 4**: Install ONLYOFFICE Document Server.
 ```bash
 sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \
 -e JWT_ENABLED=true \
 -e JWT_SECRET=${JWT_SECRET} \
 -e JWT_HEADER=AuthorizationJwt \
 -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
 -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
 -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
@ -201,7 +431,7 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-doc
 onlyoffice/documentserver
 ```
-**STEP 4**: Install ONLYOFFICE Mail Server. 
+**STEP 5**: Install ONLYOFFICE Mail Server. 
 For the mail server correct work you need to specify its hostname 'yourdomain.com'.
@ -219,14 +449,14 @@ sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always -
 onlyoffice/mailserver
 ```
-The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml#L87).
 To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
-**STEP 5**: Install ONLYOFFICE Community Server
+**STEP 6**: Install ONLYOFFICE Community Server
 ```bash
-sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \
+sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 --cgroupns=host \
 -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \
 -e MYSQL_SERVER_DB_NAME=onlyoffice \
 -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \
@ -234,6 +464,9 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-com
 -e MYSQL_SERVER_PASS=onlyoffice_pass \
 -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
 -e DOCUMENT_SERVER_JWT_ENABLED=true \
 -e DOCUMENT_SERVER_JWT_SECRET=${JWT_SECRET} \
 -e DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt \
 -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \
 -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \
@ -244,12 +477,14 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-com
 -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
 -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
 -v /app/onlyoffice/CommunityServer/letsencrypt:/etc/letsencrypt \
 -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
 onlyoffice/communityserver
 ```
 Where `${MAIL_SERVER_IP}` is the IP address for **ONLYOFFICE Mail Server**. You can easily get it using the command:
 ```
-docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server
+MAIL_SERVER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server)
 ```
 Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'.
@ -257,7 +492,7 @@ Alternatively, you can use an automatic installation script to install the whole
 **STEP 1**: Download the Community Edition Docker script file
 ```bash
-wget http://download.onlyoffice.com/install/opensource-install.sh
+wget https://download.onlyoffice.com/install/opensource-install.sh
 ```
 **STEP 2**: Install ONLYOFFICE Community Edition executing the following command:
@ -269,10 +504,34 @@ bash opensource-install.sh -md yourdomain.com
 Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
 ```bash
-wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
+wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.groups.yml
 docker-compose up -d
 ```
 ## ONLYOFFICE Document Server ipv6 setup
 (Works and is supported only for Linux hosts)
 Docker does not currently provide ipv6 addresses to containers by default. This function is experimental now.
 To set up interaction via ipv6, you need to enable support for this feature in your Docker. For this you need:
 - create the `/etc/docker/daemon.json` file with the following content:
 ```
 {
 "ipv6": true,
 "fixed-cidr-v6": "2001:db8:abc1::/64"
 }
 ```
 - restart docker with the following command: `systemctl restart docker`
 After that, all running containers receive an ipv6 address and have an inet6 interface.
 You can check your default bridge network and see the field there
 `EnableIPv6=true`. A new ipv6 subnet will also be added.
 For more information, visit the official [Docker manual site](https://docs.docker.com/config/daemon/ipv6/)
 ## Issues
 ### Docker Issues
@ -281,9 +540,19 @@ As a relatively new project Docker is being worked on and actively developed by
 The known Docker issue with ONLYOFFICE Document Server with rpm-based distributives is that sometimes the processes fail to start inside Docker container. Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0. If it fixes the issue then you can either stick with SELinux disabled which is not recommended by RedHat, or switch to using Ubuntu.
 ### Document Server usage issues
 Due to the operational characteristic, **Document Server** saves a document only after the document has been closed by all the users who edited it. To avoid data loss, you must forcefully disconnect the **Document Server** users when you need to stop **Document Server** in cases of the application update, server reboot etc. To do that, execute the following script on the server where **Document Server** is installed:
 ```
 sudo docker exec <CONTAINER> documentserver-prepare4shutdown.sh
 ```
 Please note, that both executing the script and disconnecting users may take a long time (up to 5 minutes).
 ## Project Information
-Official website: [http://www.onlyoffice.org](http://onlyoffice.org "http://www.onlyoffice.org")
+Official website: [https://www.onlyoffice.com](https://www.onlyoffice.com/?utm_source=github&utm_medium=cpc&utm_campaign=GitHubDockerDS)
 Code repository: [https://github.com/ONLYOFFICE/DocumentServer](https://github.com/ONLYOFFICE/DocumentServer "https://github.com/ONLYOFFICE/DocumentServer")
@ -291,11 +560,15 @@ Docker Image: [https://github.com/ONLYOFFICE/Docker-DocumentServer](https://gith
 License: [GNU AGPL v3.0](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=4358397&doc=K0ZUdlVuQzQ0RFhhMzhZRVN4ZFIvaHlhUjN2eS9XMXpKR1M5WEppUk1Gcz0_IjQzNTgzOTci0 "GNU AGPL v3.0")
-SaaS version: [http://www.onlyoffice.com](http://www.onlyoffice.com "http://www.onlyoffice.com")
+Free version vs commercial builds comparison: https://github.com/ONLYOFFICE/DocumentServer#onlyoffice-document-server-editions
 SaaS version: [https://www.onlyoffice.com/cloud-office.aspx](https://www.onlyoffice.com/cloud-office.aspx?utm_source=github&utm_medium=cpc&utm_campaign=GitHubDockerDS)
 ## User Feedback and Support
-If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [dev.onlyoffice.org][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].
+If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [forum.onlyoffice.com][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].
-  [1]: http://dev.onlyoffice.org
+  [1]: https://forum.onlyoffice.com
-  [2]: http://stackoverflow.com/questions/tagged/onlyoffice
+  [2]: https://stackoverflow.com/questions/tagged/onlyoffice
 </details>
--- a/build_and_push_all_images.py
+++ b/build_and_push_all_images.py
@ -0,0 +1,18 @@
 import requests
 import os
 response = requests.get("https://api.github.com/repos/ONLYOFFICE/DocumentServer/releases/latest")
 print('docker buildx build --push --platform linux/arm64,linux/amd64 --tag jiriks74/onlyoffice-documentserver:latest .')
 os.system(f'docker buildx build --push --platform linux/arm64,linux/amd64 --tag jiriks74/onlyoffice-documentserver:latest .')
 print("///////////////////////////////////////////////////////////////////////////")
 print('Build and push ":latest" .........................................finished')
 print("///////////////////////////////////////////////////////////////////////////")
 print()
 print(f'docker buildx build --push --platform linux/arm64,linux/amd64 --tag jiriks74/onlyoffice-documentserver:{response.json()["name"].replace("ONLYOFFICE-DocumentServer-", "")} .')
 os.system(f'docker buildx build --push --platform linux/arm64,linux/amd64 --tag jiriks74/onlyoffice-documentserver:{response.json()["name"].replace("ONLYOFFICE-DocumentServer-", "")} .')
 print("///////////////////////////////////////////////////////////////////////////")
 print(f'Build and push ":{response.json()["name"].replace("ONLYOFFICE-DocumentServer-", "")}".........................................finished')
 print("///////////////////////////////////////////////////////////////////////////")
--- a/config/supervisor/ds/ds-converter.conf
+++ b/config/supervisor/ds/ds-converter.conf
@ -0,0 +1,13 @@
 [program:converter]
 command=/var/www/COMPANY_NAME/documentserver/server/FileConverter/converter
 directory=/var/www/COMPANY_NAME/documentserver/server/FileConverter
 user=ds
 environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME
 stdout_logfile=/var/log/COMPANY_NAME/documentserver/converter/out.log
 stdout_logfile_backups=0
 stdout_logfile_maxbytes=0
 stderr_logfile=/var/log/COMPANY_NAME/documentserver/converter/err.log
 stderr_logfile_backups=0
 stderr_logfile_maxbytes=0
 autostart=true
 autorestart=true
--- a/config/supervisor/ds/ds-docservice.conf
+++ b/config/supervisor/ds/ds-docservice.conf
@ -0,0 +1,13 @@
 [program:docservice]
 command=/var/www/COMPANY_NAME/documentserver/server/DocService/docservice
 directory=/var/www/COMPANY_NAME/documentserver/server/DocService
 user=ds
 environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1
 stdout_logfile=/var/log/COMPANY_NAME/documentserver/docservice/out.log
 stdout_logfile_backups=0
 stdout_logfile_maxbytes=0
 stderr_logfile=/var/log/COMPANY_NAME/documentserver/docservice/err.log
 stderr_logfile_backups=0
 stderr_logfile_maxbytes=0
 autostart=true
 autorestart=true
--- a/config/supervisor/ds/ds-example.conf
+++ b/config/supervisor/ds/ds-example.conf
@ -0,0 +1,14 @@
 [program:example]
 command=/var/www/COMPANY_NAME/documentserver-example/example
 directory=/var/www/COMPANY_NAME/documentserver-example/
 user=ds
 environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver-example,NODE_DISABLE_COLORS=1
 stdout_logfile=/var/log/COMPANY_NAME/documentserver-example/out.log
 stdout_logfile_backups=0
 stdout_logfile_maxbytes=0
 stderr_logfile=/var/log/COMPANY_NAME/documentserver-example/err.log
 stderr_logfile_backups=0
 stderr_logfile_maxbytes=0
 autostart=false
 autorestart=true
 redirect_stderr=true
--- a/config/supervisor/ds/ds-metrics.conf
+++ b/config/supervisor/ds/ds-metrics.conf
@ -0,0 +1,13 @@
 [program:metrics]
 command=/var/www/COMPANY_NAME/documentserver/server/Metrics/metrics ./config/config.js
 directory=/var/www/COMPANY_NAME/documentserver/server/Metrics
 user=ds
 environment=NODE_DISABLE_COLORS=1
 stdout_logfile=/var/log/COMPANY_NAME/documentserver/metrics/out.log
 stdout_logfile_backups=0
 stdout_logfile_maxbytes=0
 stderr_logfile=/var/log/COMPANY_NAME/documentserver/metrics/err.log
 stderr_logfile_backups=0
 stderr_logfile_maxbytes=0
 autostart=true
 autorestart=true
--- a/config/supervisor/ds/ds.conf
+++ b/config/supervisor/ds/ds.conf
@ -0,0 +1,2 @@
 [group:ds]
 programs=docservice,converter,metrics,example
--- a/config/supervisor/supervisord.conf
+++ b/config/supervisor/supervisord.conf
@ -1,27 +0,0 @@
 ; supervisor config file
 [inet_http_server]
 port = 127.0.0.1:9001
 [supervisord]
 logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
 pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
 childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
 ; the below section must remain in the config file for RPC
 ; (supervisorctl/web interface) to work, additional interfaces may be
 ; added by defining them in separate rpcinterface: sections
 [rpcinterface:supervisor]
 supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 [supervisorctl]
 serverurl = http://localhost:9001 ; use a unix:// URL  for a unix socket
 ; The [include] section can just contain the "files" setting.  This
 ; setting can list multiple files (separated by whitespace or
 ; newlines).  It can also contain wildcards.  The filenames are
 ; interpreted as relative to this file.  Included files *cannot*
 ; include files themselves.
 [include]
 files = /etc/supervisor/conf.d/*.conf
--- a/default.nix
+++ b/default.nix
@ -0,0 +1,11 @@
 { pkgs ? (import <nixpkgs> { 
    config.allowUnfree = true;
 }),
 }:
 pkgs.mkShell {
  pure = true;
  packages = with pkgs; [
    # Choose the build tools that you need
    act
  ];
 }
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -0,0 +1,169 @@
 variable "TAG" {
    default = ""
 }
 variable "SHORTER_TAG" {
    default = ""
 }
 variable "SHORTEST_TAG" {
    default = ""
 }
 variable "PULL_TAG" {
    default = ""
 }
 variable "COMPANY_NAME" {
    default = ""
 }
 variable "PREFIX_NAME" {
    default = ""
 }
 variable "PRODUCT_EDITION" {
    default = ""
 }
 variable "PRODUCT_NAME" {
    default = ""
 }
 variable "PACKAGE_VERSION" {
    default = ""
 }
 variable "DOCKERFILE" {
    default = ""
 }
 variable "PLATFORM" {
    default = ""
 }
 variable "PACKAGE_BASEURL" {
    default = ""
 }
 variable "PACKAGE_FILE" {
    default = ""
 }
 variable "BUILD_CHANNEL" {
    default = ""
 }
 variable "PUSH_MAJOR" {
    default = "false"
 }
 variable "LATEST" {
    default = "false"
 }
 ### ↓ Variables for UCS build ↓
 variable "BASE_IMAGE" {
    default     = ""
 }
 variable "PG_VERSION" {
    default     = ""
 }
 variable "UCS_REBUILD" {
    default = ""
 }
 variable "UCS_PREFIX" {
    default = ""
 }
 ### ↑ Variables for UCS build ↑
 target "documentserver" {
    target = "documentserver"
    dockerfile = "${DOCKERFILE}"
    tags = [
           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
           equal("nightly",BUILD_CHANNEL) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
           ]
    platforms = ["${PLATFORM}"]
    args = {
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
        "PLATFORM": "${PLATFORM}"
    }
 }
 target "documentserver-stable" {
    target = "documentserver-stable"
    dockerfile = "production.dockerfile"
    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest",
            equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "PULL_TAG": "${PULL_TAG}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
    }
 }
 target "documentserver-ucs" {
    target = "documentserver"
    dockerfile = "${DOCKERFILE}"
    tags = [
           "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}"
           ]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
        "BASE_IMAGE": "${BASE_IMAGE}"
        "PG_VERSION": "${PG_VERSION}"
    }
 }
 target "documentserver-nonexample" {
    target = "documentserver-nonexample"
    dockerfile = "production.dockerfile"
    tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "PULL_TAG": "${PULL_TAG}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
    } 
 }
 target "documentserver-stable-rebuild" {
    target = "documentserver-stable-rebuild"
    dockerfile = "production.dockerfile"
    tags = equal("true",UCS_REBUILD) ? ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}",] : [
                                        "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
                equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}": "",
             equal("true",PUSH_MAJOR) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}": "",
                equal("",PREFIX_NAME) && equal("true",LATEST) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
         equal("-ee",PRODUCT_EDITION) && equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",
                                 ]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "UCS_PREFIX": "${UCS_PREFIX}"
        "PULL_TAG": "${PULL_TAG}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
    }
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,112 +1,61 @@
 version: '2'
 services:
-  onlyoffice-documentserver-data:
+  onlyoffice-documentserver:
-    container_name: onlyoffice-documentserver-data
+    build:
-    image: onlyoffice/documentserver:latest
+      context: .
    container_name: onlyoffice-documentserver
    depends_on:
      - onlyoffice-postgresql
      - onlyoffice-rabbitmq
    environment:
-      - ONLYOFFICE_DATA_CONTAINER=true
+      - DB_TYPE=postgres
-      - POSTGRESQL_SERVER_HOST=onlyoffice-postgresql
+      - DB_HOST=onlyoffice-postgresql
-      - POSTGRESQL_SERVER_PORT=5432
+      - DB_PORT=5432
-      - POSTGRESQL_SERVER_DB_NAME=onlyoffice
+      - DB_NAME=onlyoffice
-      - POSTGRESQL_SERVER_USER=onlyoffice
+      - DB_USER=onlyoffice
-      - RABBITMQ_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq
+      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
-      - REDIS_SERVER_HOST=onlyoffice-redis
+      # Uncomment strings below to enable the JSON Web Token validation.
-      - REDIS_SERVER_PORT=6379
+      #- JWT_ENABLED=true
      #- JWT_SECRET=secret
      #- JWT_HEADER=AuthorizationJwt
      #- JWT_IN_BODY=true
      # Uncomment the line below to set larger file limits (about 1GB)
      #- LARGER_FILE_LIMITS=true
    ports:
      - '80:80'
      - '443:443'
    stdin_open: true
    restart: always
-    networks:
+    stop_grace_period: 120s
      - onlyoffice
    volumes:
       # Uncomment the line below to get access to the slide themes directory.
       # To use the themes, copy them to the slideThemes directory and run `docker exec -it <container-name> /usr/bin/documentserver-generate-allfonts.sh`
       #- ./slideThemes:/var/www/onlyoffice/documentserver/sdkjs/slide/themes/src
       - /var/www/onlyoffice/Data
       - /var/log/onlyoffice
       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
       - /var/www/onlyoffice/documentserver-example/public/files
       - /usr/share/fonts
  onlyoffice-documentserver:
    image: onlyoffice/documentserver:latest
    depends_on:
      - onlyoffice-documentserver-data
      - onlyoffice-postgresql
      - onlyoffice-redis
      - onlyoffice-rabbitmq
    environment:
      - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
      - BALANCE=uri depth 3
      - EXCLUDE_PORTS=443
      - HTTP_CHECK=GET /healthcheck
      - EXTRA_SETTINGS=http-check expect string true
      # Uncomment the string below to redirect HTTP request to HTTPS request.
      #- FORCE_SSL=true
    stdin_open: true
    restart: always
    networks:
      - onlyoffice
    expose:
      - '80'
    volumes_from:
     - onlyoffice-documentserver-data
  onlyoffice-haproxy:
    container_name: onlyoffice-haproxy
    image: dockercloud/haproxy:1.5.1
    depends_on:
      - onlyoffice-documentserver
    environment:
      - MODE=http
      # Uncomment the string below to specify the path of ssl certificates
      #- CERT_FOLDER=/certs/
    stdin_open: true
    links:
     - onlyoffice-documentserver
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # Uncomment the string below to map a ssl certificate from host
      # to the proxy container
      #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem
    restart: always
    networks:
     - onlyoffice
    ports:
      - '80:80'
      - '443:443'
      - '1936:1936'
  onlyoffice-redis:
    container_name: onlyoffice-redis
    image: redis
    restart: always
    networks:
     - onlyoffice
    expose:
      - '6379'
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
    networks:
     - onlyoffice
    expose:
      - '5672'
  onlyoffice-postgresql:
    container_name: onlyoffice-postgresql
-    image: postgres:9.5
+    image: postgres:12
    environment:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
-    networks:
+      - POSTGRES_HOST_AUTH_METHOD=trust
      - onlyoffice
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
 networks:
  onlyoffice:
    driver: 'bridge'
 volumes:
  postgresql_data:
--- a/production.dockerfile
+++ b/production.dockerfile
@ -0,0 +1,33 @@
 ### Arguments avavlivable only for FROM instruction ### 
 ARG PULL_TAG=latest
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_EDITION=
 ### Rebuild arguments
 ARG UCS_PREFIX=
 ARG IMAGE=${COMPANY_NAME}/documentserver${PRODUCT_EDITION}${UCS_PREFIX}:${PULL_TAG}
 ### Build main-release ###
 FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable
 ### Rebuild stable images with secure updates 
 FROM ${IMAGE} as documentserver-stable-rebuild
 RUN    echo "This is rebuild" \
    && apt-get update -y \
    && apt-get upgrade -y
 ### Build nonexample ###
 FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
 ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
 ### Remove all documentserver-example data ###
 RUN    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \
    && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \
    && rm -f $DS_SUPERVISOR_CONF \ 
    && rm -f /etc/nginx/includes/ds-example.conf \
    && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf  $DS_SUPERVISOR_CONF 
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -1,73 +1,190 @@
 #!/bin/bash
-APP_DIR="/var/www/onlyoffice/documentserver"
+umask 0022
-DATA_DIR="/var/www/onlyoffice/Data"
+
-LOG_DIR="/var/log/onlyoffice"
+function clean_exit {
  if [ ${ONLYOFFICE_DATA_CONTAINER} == "false" ] && \
  [ ${ONLYOFFICE_DATA_CONTAINER_HOST} == "localhost" ]; then
    /usr/bin/documentserver-prepare4shutdown.sh
  fi
 }
 trap clean_exit SIGTERM
 # Define '**' behavior explicitly
 shopt -s globstar
 APP_DIR="/var/www/${COMPANY_NAME}/documentserver"
 DATA_DIR="/var/www/${COMPANY_NAME}/Data"
 PRIVATE_DATA_DIR="${DATA_DIR}/.private"
 DS_RELEASE_DATE="${PRIVATE_DATA_DIR}/ds_release_date"
 LOG_DIR="/var/log/${COMPANY_NAME}"
 DS_LOG_DIR="${LOG_DIR}/documentserver"
-LIB_DIR="/var/lib/onlyoffice"
+LIB_DIR="/var/lib/${COMPANY_NAME}"
-CONF_DIR="/etc/onlyoffice/documentserver"
+DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
 IS_UPGRADE="false"
 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
 ONLYOFFICE_DATA_CONTAINER_PORT=80
-SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
+RELEASE_DATE="$(stat -c="%y" ${APP_DIR}/server/DocService/docservice | sed -r 's/=([0-9]+)-([0-9]+)-([0-9]+) ([0-9:.+ ]+)/\1-\2-\3/')";
-SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
+if [ -f ${DS_RELEASE_DATE} ]; then
-SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
+  PREV_RELEASE_DATE=$(head -n 1 ${DS_RELEASE_DATE})
 else
  PREV_RELEASE_DATE="0"
 fi
 if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
  if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
    IS_UPGRADE="true";
  fi
 fi
 SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
 mkdir -p ${SSL_CERTIFICATES_DIR}
 if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then
  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
  chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem
  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key
 fi
 if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt
 else
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt}
 fi
 if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then
  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key
 else
  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
 USE_UNAUTHORIZED_STORAGE=${USE_UNAUTHORIZED_STORAGE:-false}
 ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
 ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
-SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
+SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
 NGINX_CONFD_PATH="/etc/nginx/conf.d";
 NGINX_ONLYOFFICE_CONF="${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf"
 NGINX_ONLYOFFICE_PATH="${CONF_DIR}/nginx"
 NGINX_ONLYOFFICE_CONF="${NGINX_ONLYOFFICE_PATH}/ds.conf"
 NGINX_ONLYOFFICE_EXAMPLE_PATH="${CONF_DIR}-example/nginx"
-NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/onlyoffice-documentserver-example.conf"
+NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-example.conf"
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
-NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
+# Limiting the maximum number of simultaneous connections due to possible memory shortage
 [ $(ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1048576} || NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
-JWT_ENABLED=${JWT_ENABLED:-false}
+JWT_ENABLED=${JWT_ENABLED:-true}
-JWT_SECRET=${JWT_SECRET:-secret}
+
 # validate user's vars before usinig in json
 if [ "${JWT_ENABLED}" == "true" ]; then
  JWT_ENABLED="true"
 else
  JWT_ENABLED="false"
 fi
 [ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
 JWT_SECRET=${JWT_SECRET:-$(pwgen -s 32)}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}
-ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/default.json
+WOPI_ENABLED=${WOPI_ENABLED:-false}
 ALLOW_META_IP_ADDRESS=${ALLOW_META_IP_ADDRESS:-false}
 ALLOW_PRIVATE_IP_ADDRESS=${ALLOW_PRIVATE_IP_ADDRESS:-false}
 GENERATE_FONTS=${GENERATE_FONTS:-true}
 if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then
  REDIS_ENABLED=false
 else
  REDIS_ENABLED=true
 fi
 ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
 ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
-ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/default.json
+ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json
-JSON="json -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
+JSON_BIN=${APP_DIR}/npm/json
-JSON_LOG="json -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
+JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
-JSON_EXAMPLE="json -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
+JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
 JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
 LOCAL_SERVICES=()
-PG_VERSION=9.5
+PG_ROOT=/var/lib/postgresql
 PG_NAME=main
-PGDATA=/var/lib/postgresql/${PG_VERSION}/${PG_NAME}
+PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME}
 PG_NEW_CLUSTER=false
 RABBITMQ_DATA=/var/lib/rabbitmq
 REDIS_DATA=/var/lib/redis
 if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
  LETSENCRYPT_ROOT_DIR="/etc/letsencrypt/live"
  SSL_CERTIFICATE_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/fullchain.pem
  SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
 fi
 read_setting(){
-  POSTGRESQL_SERVER_HOST=${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}
+  deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
-  POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}
+  deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
-  POSTGRESQL_SERVER_DB_NAME=${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}
+  deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME
-  POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
+  deprecated_var POSTGRESQL_SERVER_USER DB_USER
-  POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}
+  deprecated_var POSTGRESQL_SERVER_PASS DB_PWD
  deprecated_var RABBITMQ_SERVER_URL AMQP_URI
  deprecated_var AMQP_SERVER_URL AMQP_URI
  deprecated_var AMQP_SERVER_TYPE AMQP_TYPE
  METRICS_ENABLED="${METRICS_ENABLED:-false}"
  METRICS_HOST="${METRICS_HOST:-localhost}"
  METRICS_PORT="${METRICS_PORT:-8125}"
  METRICS_PREFIX="${METRICS_PREFIX:-.ds}"
  DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}}
  DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)}
  case $DB_TYPE in
    "postgres")
      DB_PORT=${DB_PORT:-"5432"}
      ;;
    "mariadb"|"mysql")
      DB_PORT=${DB_PORT:-"3306"}
      ;;
    "")
      DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}}
      ;;
    *)
      echo "ERROR: unknown database type"
      exit 1
      ;;
  esac
  DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}}
  DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}}
  DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}}
  RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
-  parse_rabbitmq_url
+  AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}}
  AMQP_TYPE=${AMQP_TYPE:-${AMQP_SERVER_TYPE:-rabbitmq}}
  parse_rabbitmq_url ${AMQP_URI}
  REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
-  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-$(${JSON} services.CoAuthoring.redis.port)}
+  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
-  DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} levels.nodeJS)}
+  DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)}
 }
 deprecated_var() {
  if [[ -n ${!1} ]]; then
    echo "Variable $1 is deprecated. Use $2 instead."
  fi
 }
 parse_rabbitmq_url(){
-  local amqp=${RABBITMQ_SERVER_URL}
+  local amqp=$1
  # extract the protocol
  local proto="$(echo $amqp | grep :// | sed -e's,^\(.*://\).*,\1,g')"
@ -88,7 +205,7 @@ parse_rabbitmq_url(){
  # extract the host
  local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
  # by request - try to extract the port
-  local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
+  local port="$(echo $hostport | grep : | sed -r 's_^.*:+|/.*$__g')"
  local host
  if [ -n "$port" ]; then
@ -101,10 +218,11 @@ parse_rabbitmq_url(){
  # extract the path (if any)
  local path="$(echo $url | grep / | cut -d/ -f2-)"
-  RABBITMQ_SERVER_HOST=$host
+  AMQP_SERVER_PROTO=${proto:0:-3}
-  RABBITMQ_SERVER_USER=$user
+  AMQP_SERVER_HOST=$host
-  RABBITMQ_SERVER_PASS=$pass
+  AMQP_SERVER_USER=$user
-  RABBITMQ_SERVER_PORT=$port
+  AMQP_SERVER_PASS=$pass
  AMQP_SERVER_PORT=$port
 }
 waiting_for_connection(){
@ -114,12 +232,12 @@ waiting_for_connection(){
  done
 }
-waiting_for_postgresql(){
+waiting_for_db(){
-  waiting_for_connection ${POSTGRESQL_SERVER_HOST} ${POSTGRESQL_SERVER_PORT}
+  waiting_for_connection $DB_HOST $DB_PORT
 }
-waiting_for_rabbitmq(){
+waiting_for_amqp(){
-  waiting_for_connection ${RABBITMQ_SERVER_HOST} ${RABBITMQ_SERVER_PORT}
+  waiting_for_connection ${AMQP_SERVER_HOST} ${AMQP_SERVER_PORT}
 }
 waiting_for_redis(){
@ -128,28 +246,83 @@ waiting_for_redis(){
 waiting_for_datacontainer(){
  waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT}
 }
-update_postgresql_settings(){
+
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${POSTGRESQL_SERVER_HOST}'"
+update_statsd_settings(){
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${POSTGRESQL_SERVER_PORT}'"
+  ${JSON} -I -e "if(this.statsd===undefined)this.statsd={};"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${POSTGRESQL_SERVER_DB_NAME}'"
+  ${JSON} -I -e "this.statsd.useMetrics = '${METRICS_ENABLED}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${POSTGRESQL_SERVER_USER}'"
+  ${JSON} -I -e "this.statsd.host = '${METRICS_HOST}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${POSTGRESQL_SERVER_PASS}'"
+  ${JSON} -I -e "this.statsd.port = '${METRICS_PORT}'"
  ${JSON} -I -e "this.statsd.prefix = '${METRICS_PREFIX}'"
 }
 update_db_settings(){
  ${JSON} -I -e "this.services.CoAuthoring.sql.type = '${DB_TYPE}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'"
 }
 update_rabbitmq_setting(){
-  ${JSON} -I -e "this.rabbitmq.url = '${RABBITMQ_SERVER_URL}'"
+  if [ "${AMQP_TYPE}" == "rabbitmq" ]; then
    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
    ${JSON} -I -e "this.queue.type = 'rabbitmq'"
    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'"
  fi
  if [ "${AMQP_TYPE}" == "activemq" ]; then
    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
    ${JSON} -I -e "this.queue.type = 'activemq'"
    ${JSON} -I -e "if(this.activemq===undefined)this.activemq={};"
    ${JSON} -I -e "if(this.activemq.connectOptions===undefined)this.activemq.connectOptions={};"
    ${JSON} -I -e "this.activemq.connectOptions.host = '${AMQP_SERVER_HOST}'"
    if [ ! "${AMQP_SERVER_PORT}" == "" ]; then
      ${JSON} -I -e "this.activemq.connectOptions.port = '${AMQP_SERVER_PORT}'"
    else
      ${JSON} -I -e "delete this.activemq.connectOptions.port"
    fi
    if [ ! "${AMQP_SERVER_USER}" == "" ]; then
      ${JSON} -I -e "this.activemq.connectOptions.username = '${AMQP_SERVER_USER}'"
    else
      ${JSON} -I -e "delete this.activemq.connectOptions.username"
    fi
    if [ ! "${AMQP_SERVER_PASS}" == "" ]; then
      ${JSON} -I -e "this.activemq.connectOptions.password = '${AMQP_SERVER_PASS}'"
    else
      ${JSON} -I -e "delete this.activemq.connectOptions.password"
    fi
    case "${AMQP_SERVER_PROTO}" in
      amqp+ssl|amqps)
        ${JSON} -I -e "this.activemq.connectOptions.transport = 'tls'"
        ;;
      *)
        ${JSON} -I -e "delete this.activemq.connectOptions.transport"
        ;;
    esac 
  fi
 }
 update_redis_settings(){
  ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
  if [ -n "${REDIS_SERVER_PASS}" ]; then
    ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}"
  fi
 }
-update_jwt_settings(){
+update_ds_settings(){
-  if [ "${JWT_ENABLED}" == "true" ]; then
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = '${JWT_ENABLED}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = '${JWT_ENABLED}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = '${JWT_ENABLED}'"
  ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
  ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
@ -158,11 +331,29 @@ update_jwt_settings(){
  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
-      ${JSON_EXAMPLE} -I -e "this.server.token.enable = '${JWT_ENABLED}'"
+    ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
    ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
    ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
  fi
  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
  fi
  if [ "${WOPI_ENABLED}" == "true" ]; then
    ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}"
    ${JSON} -I -e "this.wopi.enable = true"
  fi
  if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}"
    [ "${ALLOW_META_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true"
    [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true"
  fi
 }
@ -178,26 +369,86 @@ create_postgresql_cluster(){
 }
 create_postgresql_db(){
-  sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
+  sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';"
-  sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
+  sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
  sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
 }
-create_postgresql_tbl(){
+create_db_tbl() {
-  CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -U${POSTGRESQL_SERVER_USER} -w"
+  case $DB_TYPE in
-  if [ -n "${POSTGRESQL_SERVER_PASS}" ]; then
+    "postgres")
-    export PGPASSWORD=${POSTGRESQL_SERVER_PASS}
+      create_postgresql_tbl
    ;;
    "mariadb"|"mysql")
      create_mysql_tbl
    ;;
  esac
 }
 upgrade_db_tbl() {
  case $DB_TYPE in
    "postgres")
      upgrade_postgresql_tbl
    ;;
    "mariadb"|"mysql")
      upgrade_mysql_tbl
    ;;
  esac
 }
 upgrade_postgresql_tbl() {
  if [ -n "$DB_PWD" ]; then
    export PGPASSWORD=$DB_PWD
  fi
-  PSQL="psql -q $CONNECTION_PARAMS"
+  PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w"
-  CREATEDB="createdb $CONNECTION_PARAMS"
+
  $PSQL -f "$APP_DIR/server/schema/postgresql/removetbl.sql"
  $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql"
 }
 upgrade_mysql_tbl() {
  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
  MYSQL="mysql -q $CONNECTION_PARAMS"
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/removetbl.sql" >/dev/null 2>&1
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
 }
 create_postgresql_tbl() {
  if [ -n "$DB_PWD" ]; then
    export PGPASSWORD=$DB_PWD
  fi
  PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w"
  $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql"
 }
 create_mysql_tbl() {
  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
  MYSQL="mysql -q $CONNECTION_PARAMS"
  # Create db on remote server
-  if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then
+  $MYSQL -e "CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" >/dev/null 2>&1
    $CREATEDB $DB_NAME
  fi
-  $PSQL -d "${POSTGRESQL_SERVER_DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql"
+  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
 }
 update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
  if [[ -e $WELCOME_PAGE ]]; then
    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
    (( ${#DOCKER_CONTAINER_ID} < 12 )) && DOCKER_CONTAINER_ID=$(hostname)
    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
      if [[ -x $(command -v docker) ]]; then
        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/')
      else
        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/')
      fi
    fi
  fi
 }
 update_nginx_settings(){
@ -208,7 +459,7 @@ update_nginx_settings(){
  # setup HTTPS
  if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
-    ln -sf ${NGINX_ONLYOFFICE_PATH}/onlyoffice-documentserver-ssl.conf.template ${NGINX_ONLYOFFICE_CONF}
+    cp -f ${NGINX_ONLYOFFICE_PATH}/ds-ssl.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
    # configure nginx
    sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
@ -236,35 +487,49 @@ update_nginx_settings(){
      sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF}
    fi
  else
-    ln -sf ${NGINX_ONLYOFFICE_PATH}/onlyoffice-documentserver.conf.template ${NGINX_ONLYOFFICE_CONF}
+    ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
  fi
  # check if ipv6 supported otherwise remove it from nginx config
  if [ ! -f /proc/net/if_inet6 ]; then
    sed '/listen\s\+\[::[0-9]*\].\+/d' -i $NGINX_ONLYOFFICE_CONF
  fi
  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
  fi
 }
-update_supervisor_settings(){
+  documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
  # Copy modified supervisor start script
  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
  # Copy modified supervisor config
  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
 }
 update_log_settings(){
-   ${JSON_LOG} -I -e "this.levels.nodeJS = '${DS_LOG_LEVEL}'"
+   ${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
 }
 update_logrotate_settings(){
  sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf
 }
 update_release_date(){
  mkdir -p ${PRIVATE_DATA_DIR}
  echo ${RELEASE_DATE} > ${DS_RELEASE_DATE}
 }
 # create base folders
-for i in converter docservice spellchecker metrics gc; do
+for i in converter docservice metrics; do
  mkdir -p "${DS_LOG_DIR}/$i"
 done
 mkdir -p ${DS_LOG_DIR}-example
 # create app folders
 for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do
  mkdir -p "$i"
 done
 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
+for i in ${LOG_DIR} ${LIB_DIR}; do
-  chown -R onlyoffice:onlyoffice "$i"
+  chown -R ds:ds "$i"
  chmod -R 755 "$i"
 done
@ -272,16 +537,27 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
  read_setting
  if [ $METRICS_ENABLED = "true" ]; then
    update_statsd_settings
  fi
  update_welcome_page
  update_log_settings
-  update_jwt_settings
+  update_ds_settings
  # update settings by env variables
-  if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then
+  if [ $DB_HOST != "localhost" ]; then
-    update_postgresql_settings
+    update_db_settings
-    waiting_for_postgresql
+    waiting_for_db
-    create_postgresql_tbl
+    create_db_tbl
  else
    # change rights for postgres directory
    chown -R postgres:postgres ${PG_ROOT}
    chmod -R 700 ${PG_ROOT}
    # create new db if it isn't exist
    if [ ! -d ${PGDATA} ]; then
      create_postgresql_cluster
      PG_NEW_CLUSTER=true
@ -289,17 +565,32 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
    LOCAL_SERVICES+=("postgresql")
  fi
-  if [ ${RABBITMQ_SERVER_HOST} != "localhost" ]; then
+  if [ ${AMQP_SERVER_HOST} != "localhost" ]; then
    update_rabbitmq_setting
  else
-    LOCAL_SERVICES+=("rabbitmq-server")
+    # change rights for rabbitmq directory
    chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA}
    chmod -R go=rX,u=rwX ${RABBITMQ_DATA}
    if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then
        chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
    fi
    LOCAL_SERVICES+=("rabbitmq-server")
    # allow Rabbitmq startup after container kill
    rm -rf /var/run/rabbitmq
  fi
  if [ ${REDIS_ENABLED} = "true" ]; then
    if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
      update_redis_settings
    else
      # change rights for redis directory
      chown -R redis:redis ${REDIS_DATA}
      chmod -R 750 ${REDIS_DATA}
      LOCAL_SERVICES+=("redis-server")
    fi
  fi
 else
  # no need to update settings just wait for remote data
  waiting_for_datacontainer
@ -307,8 +598,12 @@ else
  # read settings after the data container in ready state
  # to prevent get unconfigureted data
  read_setting
  update_welcome_page
 fi
 find /etc/${COMPANY_NAME} ! -path '*logrotate*' -exec chown ds:ds {} \;
 #start needed local services
 for i in ${LOCAL_SERVICES[@]}; do
  service $i start
@ -320,20 +615,68 @@ if [ ${PG_NEW_CLUSTER} = "true" ]; then
 fi
 if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
-  waiting_for_postgresql
+  waiting_for_db
-  waiting_for_rabbitmq
+  waiting_for_amqp
  if [ ${REDIS_ENABLED} = "true" ]; then
    waiting_for_redis
  fi
  if [ "${IS_UPGRADE}" = "true" ]; then
    upgrade_db_tbl
    update_release_date
  fi
  update_nginx_settings
  update_supervisor_settings
  service supervisor start
  # start cron to enable log rotating
  update_logrotate_settings
  service cron start
 fi
 # nginx used as a proxy, and as data container status service.
 # it run in all cases.
 service nginx start
 if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
  if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then
    documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN}
  fi
 fi
 # Regenerate the fonts list and the fonts thumbnails
-documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
+if [ "${GENERATE_FONTS}" == "true" ]; then
  documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
 fi
 documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}
 echo "${JWT_MESSAGE}" 
 # Check if lager file limits should be set
 if [ "$LARGER_FILE_LIMITS" = "true" ]; then
    if [ -e /app/ds/file_limits_set ]; then
        echo ""
    else
        touch /app/ds/file_limits_set
        sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver-example/production-linux.json
        sed -i '9iclient_max_body_size 1000M;' /etc/onlyoffice/documentserver-example/nginx/includes/ds-example.conf
        sed -i '16iclient_max_body_size 1000M;' /etc/nginx/nginx.conf
        sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver/default.json
        sed -i -e 's/50MB/5000MB/g' /etc/onlyoffice/documentserver/default.json
        sed -i -e 's/300MB/3000MB/g' /etc/onlyoffice/documentserver/default.json
        sed -i 's/^client_max_body_size 100m;$/client_max_body_size 1000m;/' /etc/onlyoffice/documentserver/nginx/includes/ds-common.conf
        service nginx restart
        supervisorctl restart all
    fi
 fi
 tail -f /var/log/${COMPANY_NAME}/**/*.log &
 wait $!
--- a/slideThemes/01_blank.pptx
+++ b/slideThemes/01_blank.pptx
--- a/slideThemes/02_basic.pptx
+++ b/slideThemes/02_basic.pptx
--- a/slideThemes/03_classic.pptx
+++ b/slideThemes/03_classic.pptx
--- a/slideThemes/04_official.pptx
+++ b/slideThemes/04_official.pptx
--- a/slideThemes/05_green
+++ b/slideThemes/05_green
--- a/slideThemes/06_lines.pptx
+++ b/slideThemes/06_lines.pptx
--- a/slideThemes/07_office.pptx
+++ b/slideThemes/07_office.pptx
--- a/slideThemes/08_safari.pptx
+++ b/slideThemes/08_safari.pptx
--- a/slideThemes/09_dotted.pptx
+++ b/slideThemes/09_dotted.pptx
--- a/slideThemes/10_corner.pptx
+++ b/slideThemes/10_corner.pptx
--- a/slideThemes/11_tort.pptx
+++ b/slideThemes/11_tort.pptx
--- a/tests/postgres.yml
+++ b/tests/postgres.yml
@ -0,0 +1,35 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    depends_on:
      - onlyoffice-postgresql
    environment:
      - DB_TYPE=${DB_TYPE:-postgres}
      - DB_HOST=${DB_HOST:-onlyoffice-postgresql}
      - DB_PORT=${DB_PORT:-5432}
      - DB_NAME=${DB_NAME:-onlyoffice}
      - DB_USER=${DB_USER:-onlyoffice}
      - DB_PWD=${DB_PWD:-onlyoffice}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
  onlyoffice-postgresql:
    container_name: onlyoffice-postgresql
    image: postgres:${POSTGRES_VERSION:-12}
    environment:
      - POSTGRES_DB=${POSTGRES_DB:-onlyoffice}
      - POSTGRES_USER=${POSTGRES_USER:-onlyoffice}
      - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
 volumes:
  postgresql_data:
--- a/tests/prometheus.yml
+++ b/tests/prometheus.yml
@ -0,0 +1,46 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    depends_on:
      - onlyoffice-statsd-exporter
    environment:
      - METRICS_ENABLED=${METRICS_ENABLED:-true}
      - METRICS_HOST=${METRICS_HOST:-onlyoffice-statsd-exporter}
      - METRICS_PORT=${METRICS_PORT:-9125}
      - METRICS_PREFIX=${METRICS_PREFIX:-ds.}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
  onlyoffice-statsd-exporter:
    container_name: onlyoffice-statsd-exporter
    image: prom/statsd-exporter
    command: --statsd.event-flush-interval=30000ms
    ports:
      - '9102:9102'
      - '9125:9125/tcp'
      - '9125:9125/udp'
  onlyoffice-prometheus:
    container_name: onlyoffice-prometheus
    image: prom/prometheus
    ports:
      - '9090:9090'
    volumes:
      - ./prometheus/prometheus-scrape/statsd-exporter.yml:/etc/prometheus/prometheus.yml
  grafana:
    container_name: onlyoffice-grafana
    image: bitnami/grafana
    ports:
      - '3000:3000'
    environment:
      - 'GF_SECURITY_ADMIN_PASSWORD=G0pGE4'
    volumes:
      - ./prometheus/grafana/conf/prometheus.yml:/opt/bitnami/grafana/conf/provisioning/datasources/prometheus.yml
      - ./prometheus/grafana/conf/default-provider.yaml:/opt/bitnami/grafana/conf/provisioning/dashboards/default-provider.yaml
      - ./prometheus/grafana/dashboards:/opt/bitnami/grafana/dashboards
--- a/tests/prometheus/grafana/conf/default-provider.yaml
+++ b/tests/prometheus/grafana/conf/default-provider.yaml
@ -0,0 +1,23 @@
 apiVersion: 1
 providers:
  # <string> an unique provider name
 - name: 'default-provider'
  # <int> org id. will default to orgId 1 if not specified
  orgId: 1
  # <string, required> name of the dashboard folder. Required
  folder: dashboards
  # <string> folder UID. will be automatically generated if not specified
  folderUid: ''
  # <string, required> provider type. Required
  type: file
  # <bool> disable dashboard deletion
  disableDeletion: false
  # <bool> enable dashboard editing
  editable: true
  # <int> how often Grafana will scan for changed dashboards
  updateIntervalSeconds: 10
  options:
    # <string, required> path to dashboard files on disk. Required
    path: /opt/bitnami/grafana/dashboards
    # <bool> enable folders creation for dashboards
    #foldersFromFilesStructure: true
--- a/tests/prometheus/grafana/conf/prometheus.yml
+++ b/tests/prometheus/grafana/conf/prometheus.yml
@ -0,0 +1,6 @@
 apiVersion: 1
 datasources:
  - name: Prometheus
    type: prometheus
    url: http://onlyoffice-prometheus:9090
    editable: true
--- a/tests/prometheus/grafana/dashboards/documentserver-statsd-exporter.json
+++ b/tests/prometheus/grafana/dashboards/documentserver-statsd-exporter.json
--- a/tests/prometheus/prometheus-scrape/statsd-exporter.yml
+++ b/tests/prometheus/prometheus-scrape/statsd-exporter.yml
@ -0,0 +1,6 @@
 scrape_configs:
  - job_name: 'statsd'
    scrape_interval: 30s
    static_configs:
      - targets:
        - onlyoffice-statsd-exporter:9102
		`@ -0,0 +1,2 @@`
							`[group:ds]`
							`programs=docservice,converter,metrics,example`