2015-04-17 17:25:41 +02:00
#!/bin/bash
2022-08-31 11:13:30 +02:00
umask 0022
2020-09-10 16:02:20 +02:00
function clean_exit {
2023-10-27 14:08:30 +02:00
if [ ${ ONLYOFFICE_DATA_CONTAINER } = = "false" ] && \
[ ${ ONLYOFFICE_DATA_CONTAINER_HOST } = = "localhost" ] ; then
/usr/bin/documentserver-prepare4shutdown.sh
fi
2020-09-10 16:02:20 +02:00
}
trap clean_exit SIGTERM
2018-04-21 11:14:26 +02:00
# Define '**' behavior explicitly
shopt -s globstar
2019-10-21 10:51:06 +02:00
APP_DIR = " /var/www/ ${ COMPANY_NAME } /documentserver "
DATA_DIR = " /var/www/ ${ COMPANY_NAME } /Data "
2021-04-14 16:10:38 +02:00
PRIVATE_DATA_DIR = " ${ DATA_DIR } /.private "
DS_RELEASE_DATE = " ${ PRIVATE_DATA_DIR } /ds_release_date "
2019-10-21 10:51:06 +02:00
LOG_DIR = " /var/log/ ${ COMPANY_NAME } "
2017-11-10 13:10:52 +01:00
DS_LOG_DIR = " ${ LOG_DIR } /documentserver "
2019-10-21 10:51:06 +02:00
LIB_DIR = " /var/lib/ ${ COMPANY_NAME } "
2019-05-29 15:26:22 +02:00
DS_LIB_DIR = " ${ LIB_DIR } /documentserver "
2019-10-21 10:51:06 +02:00
CONF_DIR = " /etc/ ${ COMPANY_NAME } /documentserver "
2021-04-14 16:10:38 +02:00
IS_UPGRADE = "false"
2015-04-17 17:25:41 +02:00
2016-07-11 10:47:22 +02:00
ONLYOFFICE_DATA_CONTAINER = ${ ONLYOFFICE_DATA_CONTAINER :- false }
2016-07-20 17:56:20 +02:00
ONLYOFFICE_DATA_CONTAINER_HOST = ${ ONLYOFFICE_DATA_CONTAINER_HOST :- localhost }
ONLYOFFICE_DATA_CONTAINER_PORT = 80
2015-04-17 17:25:41 +02:00
2021-04-14 16:10:38 +02:00
RELEASE_DATE = " $( stat -c= "%y" ${ APP_DIR } /server/DocService/docservice | sed -r 's/=([0-9]+)-([0-9]+)-([0-9]+) ([0-9:.+ ]+)/\1-\2-\3/' ) " ;
if [ -f ${ DS_RELEASE_DATE } ] ; then
2022-05-15 18:23:47 +02:00
PREV_RELEASE_DATE = $( head -n 1 ${ DS_RELEASE_DATE } )
2021-04-14 16:10:38 +02:00
else
2022-05-15 18:23:47 +02:00
PREV_RELEASE_DATE = "0"
2021-04-14 16:10:38 +02:00
fi
if [ " ${ RELEASE_DATE } " != " ${ PREV_RELEASE_DATE } " ] ; then
2022-05-15 18:23:47 +02:00
if [ ${ ONLYOFFICE_DATA_CONTAINER } != "true" ] ; then
IS_UPGRADE = "true" ;
fi
2021-04-14 16:10:38 +02:00
fi
2022-07-05 13:56:42 +02:00
SSL_CERTIFICATES_DIR = "/usr/share/ca-certificates/ds"
mkdir -p ${ SSL_CERTIFICATES_DIR }
2022-07-19 14:51:46 +02:00
if [ [ -d ${ DATA_DIR } /certs ] ] && [ -e ${ DATA_DIR } /certs/*.crt ] ; then
cp -f ${ DATA_DIR } /certs/* ${ SSL_CERTIFICATES_DIR }
chmod 644 ${ SSL_CERTIFICATES_DIR } /*.crt ${ SSL_CERTIFICATES_DIR } /*.pem
chmod 400 ${ SSL_CERTIFICATES_DIR } /*.key
fi
2022-07-05 13:56:42 +02:00
2022-04-25 16:25:19 +02:00
if [ [ -z $SSL_CERTIFICATE_PATH ] ] && [ [ -f ${ SSL_CERTIFICATES_DIR } /${ COMPANY_NAME } .crt ] ] ; then
2022-05-15 18:23:47 +02:00
SSL_CERTIFICATE_PATH = ${ SSL_CERTIFICATES_DIR } /${ COMPANY_NAME } .crt
2020-04-29 18:48:33 +02:00
else
2022-05-15 18:23:47 +02:00
SSL_CERTIFICATE_PATH = ${ SSL_CERTIFICATE_PATH :- ${ SSL_CERTIFICATES_DIR } /tls.crt }
2020-04-29 18:48:33 +02:00
fi
2022-04-25 16:25:19 +02:00
if [ [ -z $SSL_KEY_PATH ] ] && [ [ -f ${ SSL_CERTIFICATES_DIR } /${ COMPANY_NAME } .key ] ] ; then
2022-05-15 18:23:47 +02:00
SSL_KEY_PATH = ${ SSL_CERTIFICATES_DIR } /${ COMPANY_NAME } .key
2020-04-29 18:48:33 +02:00
else
2022-05-15 18:23:47 +02:00
SSL_KEY_PATH = ${ SSL_KEY_PATH :- ${ SSL_CERTIFICATES_DIR } /tls.key }
2020-04-29 18:48:33 +02:00
fi
2016-06-30 11:41:52 +02:00
CA_CERTIFICATES_PATH = ${ CA_CERTIFICATES_PATH :- ${ SSL_CERTIFICATES_DIR } /ca-certificates.pem }
2015-04-17 17:25:41 +02:00
SSL_DHPARAM_PATH = ${ SSL_DHPARAM_PATH :- ${ SSL_CERTIFICATES_DIR } /dhparam.pem }
SSL_VERIFY_CLIENT = ${ SSL_VERIFY_CLIENT :- off }
2019-12-26 11:13:13 +01:00
USE_UNAUTHORIZED_STORAGE = ${ USE_UNAUTHORIZED_STORAGE :- false }
2015-04-17 17:25:41 +02:00
ONLYOFFICE_HTTPS_HSTS_ENABLED = ${ ONLYOFFICE_HTTPS_HSTS_ENABLED :- true }
2017-05-12 15:51:22 +02:00
ONLYOFFICE_HTTPS_HSTS_MAXAGE = ${ ONLYOFFICE_HTTPS_HSTS_MAXAGE :- 31536000 }
2019-10-21 10:51:06 +02:00
SYSCONF_TEMPLATES_DIR = "/app/ds/setup/config"
2015-04-17 17:25:41 +02:00
2017-01-24 17:34:20 +01:00
NGINX_CONFD_PATH = "/etc/nginx/conf.d" ;
2017-11-29 10:52:57 +01:00
NGINX_ONLYOFFICE_PATH = " ${ CONF_DIR } /nginx "
2018-10-16 11:22:18 +02:00
NGINX_ONLYOFFICE_CONF = " ${ NGINX_ONLYOFFICE_PATH } /ds.conf "
2017-11-29 12:37:21 +01:00
NGINX_ONLYOFFICE_EXAMPLE_PATH = " ${ CONF_DIR } -example/nginx "
2018-10-16 11:22:18 +02:00
NGINX_ONLYOFFICE_EXAMPLE_CONF = " ${ NGINX_ONLYOFFICE_EXAMPLE_PATH } /includes/ds-example.conf "
2017-11-29 10:52:57 +01:00
2016-06-30 11:41:52 +02:00
NGINX_CONFIG_PATH = "/etc/nginx/nginx.conf"
2017-09-20 16:25:38 +02:00
NGINX_WORKER_PROCESSES = ${ NGINX_WORKER_PROCESSES :- 1 }
2022-10-31 14:34:42 +01:00
# Limiting the maximum number of simultaneous connections due to possible memory shortage
[ $( ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS = ${ NGINX_WORKER_CONNECTIONS :- 1048576 } || NGINX_WORKER_CONNECTIONS = ${ NGINX_WORKER_CONNECTIONS :- $( ulimit -n) }
2016-06-30 11:41:52 +02:00
2022-08-22 19:27:10 +02:00
JWT_ENABLED = ${ JWT_ENABLED :- true }
2022-04-12 18:00:46 +02:00
# validate user's vars before usinig in json
if [ " ${ JWT_ENABLED } " = = "true" ] ; then
2022-05-15 18:23:47 +02:00
JWT_ENABLED = "true"
2022-04-12 18:00:46 +02:00
else
2022-05-15 18:23:47 +02:00
JWT_ENABLED = "false"
2022-04-12 18:00:46 +02:00
fi
2022-09-13 10:08:04 +02:00
[ -z $JWT_SECRET ] && JWT_MESSAGE = 'JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
2022-08-22 19:27:10 +02:00
2023-02-07 07:02:40 +01:00
JWT_SECRET = ${ JWT_SECRET :- $( pwgen -s 32) }
2017-09-01 15:59:34 +02:00
JWT_HEADER = ${ JWT_HEADER :- Authorization }
2019-11-27 09:35:08 +01:00
JWT_IN_BODY = ${ JWT_IN_BODY :- false }
2017-09-01 15:59:34 +02:00
2021-09-14 16:53:37 +02:00
WOPI_ENABLED = ${ WOPI_ENABLED :- false }
2023-05-26 15:59:54 +02:00
ALLOW_META_IP_ADDRESS = ${ ALLOW_META_IP_ADDRESS :- false }
ALLOW_PRIVATE_IP_ADDRESS = ${ ALLOW_PRIVATE_IP_ADDRESS :- false }
2021-09-14 16:53:37 +02:00
2020-10-20 15:14:55 +02:00
GENERATE_FONTS = ${ GENERATE_FONTS :- true }
2022-06-15 09:30:18 +02:00
if [ [ ${ PRODUCT_NAME } ${ PRODUCT_EDITION } = = "documentserver" ] ] ; then
2022-05-15 18:23:47 +02:00
REDIS_ENABLED = false
2020-06-04 14:15:34 +02:00
else
2022-05-15 18:23:47 +02:00
REDIS_ENABLED = true
2020-06-04 14:15:34 +02:00
fi
2018-05-04 10:56:18 +02:00
ONLYOFFICE_DEFAULT_CONFIG = ${ CONF_DIR } /local.json
2017-05-17 16:41:13 +02:00
ONLYOFFICE_LOG4JS_CONFIG = ${ CONF_DIR } /log4js/production.json
2018-05-04 10:56:18 +02:00
ONLYOFFICE_EXAMPLE_CONFIG = ${ CONF_DIR } -example/local.json
2016-06-30 11:41:52 +02:00
2020-02-21 12:58:20 +01:00
JSON_BIN = ${ APP_DIR } /npm/json
2019-02-15 13:10:19 +01:00
JSON = " ${ JSON_BIN } -q -f ${ ONLYOFFICE_DEFAULT_CONFIG } "
JSON_LOG = " ${ JSON_BIN } -q -f ${ ONLYOFFICE_LOG4JS_CONFIG } "
JSON_EXAMPLE = " ${ JSON_BIN } -q -f ${ ONLYOFFICE_EXAMPLE_CONFIG } "
2016-07-11 10:47:22 +02:00
2016-07-20 17:56:20 +02:00
LOCAL_SERVICES = ( )
2016-07-11 10:47:22 +02:00
2018-04-03 18:39:11 +02:00
PG_ROOT = /var/lib/postgresql
2017-04-24 19:02:01 +02:00
PG_NAME = main
2018-04-03 18:39:11 +02:00
PGDATA = ${ PG_ROOT } /${ PG_VERSION } /${ PG_NAME }
2017-04-24 19:02:01 +02:00
PG_NEW_CLUSTER = false
2019-12-20 11:15:59 +01:00
RABBITMQ_DATA = /var/lib/rabbitmq
REDIS_DATA = /var/lib/redis
2017-04-24 19:02:01 +02:00
2020-11-18 08:46:19 +01:00
if [ " ${ LETS_ENCRYPT_DOMAIN } " != "" -a " ${ LETS_ENCRYPT_MAIL } " != "" ] ; then
2022-05-15 18:23:47 +02:00
LETSENCRYPT_ROOT_DIR = "/etc/letsencrypt/live"
SSL_CERTIFICATE_PATH = ${ LETSENCRYPT_ROOT_DIR } /${ LETS_ENCRYPT_DOMAIN } /fullchain.pem
SSL_KEY_PATH = ${ LETSENCRYPT_ROOT_DIR } /${ LETS_ENCRYPT_DOMAIN } /privkey.pem
2020-10-22 12:47:51 +02:00
fi
2016-07-20 17:56:20 +02:00
read_setting( ) {
2022-05-15 18:23:47 +02:00
deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME
deprecated_var POSTGRESQL_SERVER_USER DB_USER
deprecated_var POSTGRESQL_SERVER_PASS DB_PWD
deprecated_var RABBITMQ_SERVER_URL AMQP_URI
deprecated_var AMQP_SERVER_URL AMQP_URI
deprecated_var AMQP_SERVER_TYPE AMQP_TYPE
METRICS_ENABLED = " ${ METRICS_ENABLED :- false } "
METRICS_HOST = " ${ METRICS_HOST :- localhost } "
METRICS_PORT = " ${ METRICS_PORT :- 8125 } "
METRICS_PREFIX = " ${ METRICS_PREFIX :- .ds } "
DB_HOST = ${ DB_HOST :- ${ POSTGRESQL_SERVER_HOST :- $( ${ JSON } services.CoAuthoring.sql.dbHost) } }
DB_TYPE = ${ DB_TYPE :- $( ${ JSON } services.CoAuthoring.sql.type) }
case $DB_TYPE in
"postgres" )
DB_PORT = ${ DB_PORT :- "5432" }
; ;
"mariadb" | "mysql" )
DB_PORT = ${ DB_PORT :- "3306" }
; ;
"" )
DB_PORT = ${ DB_PORT :- ${ POSTGRESQL_SERVER_PORT :- $( ${ JSON } services.CoAuthoring.sql.dbPort) } }
; ;
*)
echo "ERROR: unknown database type"
exit 1
; ;
esac
DB_NAME = ${ DB_NAME :- ${ POSTGRESQL_SERVER_DB_NAME :- $( ${ JSON } services.CoAuthoring.sql.dbName) } }
DB_USER = ${ DB_USER :- ${ POSTGRESQL_SERVER_USER :- $( ${ JSON } services.CoAuthoring.sql.dbUser) } }
DB_PWD = ${ DB_PWD :- ${ POSTGRESQL_SERVER_PASS :- $( ${ JSON } services.CoAuthoring.sql.dbPass) } }
RABBITMQ_SERVER_URL = ${ RABBITMQ_SERVER_URL :- $( ${ JSON } rabbitmq.url) }
AMQP_URI = ${ AMQP_URI :- ${ AMQP_SERVER_URL :- ${ RABBITMQ_SERVER_URL } } }
AMQP_TYPE = ${ AMQP_TYPE :- ${ AMQP_SERVER_TYPE :- rabbitmq } }
parse_rabbitmq_url ${ AMQP_URI }
REDIS_SERVER_HOST = ${ REDIS_SERVER_HOST :- $( ${ JSON } services.CoAuthoring.redis.host) }
REDIS_SERVER_PORT = ${ REDIS_SERVER_PORT :- 6379 }
DS_LOG_LEVEL = ${ DS_LOG_LEVEL :- $( ${ JSON_LOG } categories.default.level) }
2016-07-20 17:56:20 +02:00
}
2016-07-11 10:47:22 +02:00
2019-10-29 10:42:43 +01:00
deprecated_var( ) {
2022-05-15 18:23:47 +02:00
if [ [ -n ${ !1 } ] ] ; then
echo " Variable $1 is deprecated. Use $2 instead. "
fi
2019-10-29 10:42:43 +01:00
}
2016-12-09 13:50:07 +01:00
parse_rabbitmq_url( ) {
2022-05-15 18:23:47 +02:00
local amqp = $1
# extract the protocol
local proto = " $( echo $amqp | grep :// | sed -e's,^\(.*://\).*,\1,g' ) "
# remove the protocol
local url = " $( echo ${ amqp / $proto / } ) "
# extract the user and password (if any)
local userpass = " `echo $url | grep @ | cut -d@ -f1` "
local pass = ` echo $userpass | grep : | cut -d: -f2`
local user
if [ -n " $pass " ] ; then
user = ` echo $userpass | grep : | cut -d: -f1`
else
user = $userpass
fi
# extract the host
local hostport = " $( echo ${ url / $userpass @/ } | cut -d/ -f1) "
# by request - try to extract the port
2022-10-28 15:33:41 +02:00
local port = " $( echo $hostport | grep : | sed -r 's_^.*:+|/.*$__g' ) "
2022-05-15 18:23:47 +02:00
local host
if [ -n " $port " ] ; then
host = ` echo $hostport | grep : | cut -d: -f1`
else
host = $hostport
port = "5672"
fi
# extract the path (if any)
local path = " $( echo $url | grep / | cut -d/ -f2-) "
AMQP_SERVER_PROTO = ${ proto : 0 :- 3 }
AMQP_SERVER_HOST = $host
AMQP_SERVER_USER = $user
AMQP_SERVER_PASS = $pass
AMQP_SERVER_PORT = $port
2016-12-09 13:50:07 +01:00
}
2016-07-11 10:47:22 +02:00
waiting_for_connection( ) {
2022-05-15 18:23:47 +02:00
until nc -z -w 3 " $1 " " $2 " ; do
>& 2 echo " Waiting for connection to the $1 host on port $2 "
sleep 1
done
2016-07-11 10:47:22 +02:00
}
2019-10-29 10:42:43 +01:00
waiting_for_db( ) {
2022-05-15 18:23:47 +02:00
waiting_for_connection $DB_HOST $DB_PORT
2016-07-11 10:47:22 +02:00
}
2019-01-28 13:47:32 +01:00
waiting_for_amqp( ) {
2022-05-15 18:23:47 +02:00
waiting_for_connection ${ AMQP_SERVER_HOST } ${ AMQP_SERVER_PORT }
2016-07-11 10:47:22 +02:00
}
waiting_for_redis( ) {
2022-05-15 18:23:47 +02:00
waiting_for_connection ${ REDIS_SERVER_HOST } ${ REDIS_SERVER_PORT }
2016-07-11 10:47:22 +02:00
}
2016-07-20 17:56:20 +02:00
waiting_for_datacontainer( ) {
2022-05-15 18:23:47 +02:00
waiting_for_connection ${ ONLYOFFICE_DATA_CONTAINER_HOST } ${ ONLYOFFICE_DATA_CONTAINER_PORT }
2016-07-20 17:56:20 +02:00
}
2020-07-23 14:42:17 +02:00
update_statsd_settings( ) {
2022-05-15 18:23:47 +02:00
${ JSON } -I -e "if(this.statsd===undefined)this.statsd={};"
${ JSON } -I -e " this.statsd.useMetrics = ' ${ METRICS_ENABLED } ' "
${ JSON } -I -e " this.statsd.host = ' ${ METRICS_HOST } ' "
${ JSON } -I -e " this.statsd.port = ' ${ METRICS_PORT } ' "
${ JSON } -I -e " this.statsd.prefix = ' ${ METRICS_PREFIX } ' "
2020-07-23 14:42:17 +02:00
}
2019-10-29 10:42:43 +01:00
update_db_settings( ) {
2022-05-15 18:23:47 +02:00
${ JSON } -I -e " this.services.CoAuthoring.sql.type = ' ${ DB_TYPE } ' "
${ JSON } -I -e " this.services.CoAuthoring.sql.dbHost = ' ${ DB_HOST } ' "
${ JSON } -I -e " this.services.CoAuthoring.sql.dbPort = ' ${ DB_PORT } ' "
${ JSON } -I -e " this.services.CoAuthoring.sql.dbName = ' ${ DB_NAME } ' "
${ JSON } -I -e " this.services.CoAuthoring.sql.dbUser = ' ${ DB_USER } ' "
${ JSON } -I -e " this.services.CoAuthoring.sql.dbPass = ' ${ DB_PWD } ' "
2016-07-11 10:47:22 +02:00
}
update_rabbitmq_setting( ) {
2022-05-15 18:23:47 +02:00
if [ " ${ AMQP_TYPE } " = = "rabbitmq" ] ; then
${ JSON } -I -e "if(this.queue===undefined)this.queue={};"
${ JSON } -I -e "this.queue.type = 'rabbitmq'"
${ JSON } -I -e " this.rabbitmq.url = ' ${ AMQP_URI } ' "
fi
if [ " ${ AMQP_TYPE } " = = "activemq" ] ; then
${ JSON } -I -e "if(this.queue===undefined)this.queue={};"
${ JSON } -I -e "this.queue.type = 'activemq'"
${ JSON } -I -e "if(this.activemq===undefined)this.activemq={};"
${ JSON } -I -e "if(this.activemq.connectOptions===undefined)this.activemq.connectOptions={};"
${ JSON } -I -e " this.activemq.connectOptions.host = ' ${ AMQP_SERVER_HOST } ' "
if [ ! " ${ AMQP_SERVER_PORT } " = = "" ] ; then
${ JSON } -I -e " this.activemq.connectOptions.port = ' ${ AMQP_SERVER_PORT } ' "
else
${ JSON } -I -e "delete this.activemq.connectOptions.port"
fi
if [ ! " ${ AMQP_SERVER_USER } " = = "" ] ; then
${ JSON } -I -e " this.activemq.connectOptions.username = ' ${ AMQP_SERVER_USER } ' "
else
${ JSON } -I -e "delete this.activemq.connectOptions.username"
fi
if [ ! " ${ AMQP_SERVER_PASS } " = = "" ] ; then
${ JSON } -I -e " this.activemq.connectOptions.password = ' ${ AMQP_SERVER_PASS } ' "
else
${ JSON } -I -e "delete this.activemq.connectOptions.password"
fi
case " ${ AMQP_SERVER_PROTO } " in
amqp+ssl| amqps)
${ JSON } -I -e "this.activemq.connectOptions.transport = 'tls'"
; ;
*)
${ JSON } -I -e "delete this.activemq.connectOptions.transport"
; ;
esac
fi
2016-07-11 10:47:22 +02:00
}
update_redis_settings( ) {
2022-05-15 18:23:47 +02:00
${ JSON } -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
${ JSON } -I -e " this.services.CoAuthoring.redis.host = ' ${ REDIS_SERVER_HOST } ' "
${ JSON } -I -e " this.services.CoAuthoring.redis.port = ' ${ REDIS_SERVER_PORT } ' "
2022-07-18 16:11:06 +02:00
if [ -n " ${ REDIS_SERVER_PASS } " ] ; then
${ JSON } -I -e " this.services.CoAuthoring.redis.options = {'password':' ${ REDIS_SERVER_PASS } '} "
fi
2016-07-11 10:47:22 +02:00
}
2019-12-26 11:13:13 +01:00
update_ds_settings( ) {
2022-05-15 18:23:47 +02:00
${ JSON } -I -e " this.services.CoAuthoring.token.enable.browser = ${ JWT_ENABLED } "
${ JSON } -I -e " this.services.CoAuthoring.token.enable.request.inbox = ${ JWT_ENABLED } "
${ JSON } -I -e " this.services.CoAuthoring.token.enable.request.outbox = ${ JWT_ENABLED } "
${ JSON } -I -e " this.services.CoAuthoring.secret.inbox.string = ' ${ JWT_SECRET } ' "
${ JSON } -I -e " this.services.CoAuthoring.secret.outbox.string = ' ${ JWT_SECRET } ' "
${ JSON } -I -e " this.services.CoAuthoring.secret.session.string = ' ${ JWT_SECRET } ' "
${ JSON } -I -e " this.services.CoAuthoring.token.inbox.header = ' ${ JWT_HEADER } ' "
${ JSON } -I -e " this.services.CoAuthoring.token.outbox.header = ' ${ JWT_HEADER } ' "
${ JSON } -I -e " this.services.CoAuthoring.token.inbox.inBody = ${ JWT_IN_BODY } "
${ JSON } -I -e " this.services.CoAuthoring.token.outbox.inBody = ${ JWT_IN_BODY } "
if [ -f " ${ ONLYOFFICE_EXAMPLE_CONFIG } " ] ; then
${ JSON_EXAMPLE } -I -e " this.server.token.enable = ${ JWT_ENABLED } "
${ JSON_EXAMPLE } -I -e " this.server.token.secret = ' ${ JWT_SECRET } ' "
${ JSON_EXAMPLE } -I -e " this.server.token.authorizationHeader = ' ${ JWT_HEADER } ' "
fi
if [ " ${ USE_UNAUTHORIZED_STORAGE } " = = "true" ] ; then
${ JSON } -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
${ JSON } -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
fi
if [ " ${ WOPI_ENABLED } " = = "true" ] ; then
${ JSON } -I -e "if(this.wopi===undefined)this.wopi={}"
${ JSON } -I -e "this.wopi.enable = true"
fi
2023-05-26 15:59:54 +02:00
if [ " ${ ALLOW_META_IP_ADDRESS } " = "true" ] || [ " ${ ALLOW_PRIVATE_IP_ADDRESS } " = "true" ] ; then
${ JSON } -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}"
[ " ${ ALLOW_META_IP_ADDRESS } " = "true" ] && ${ JSON } -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true"
[ " ${ ALLOW_PRIVATE_IP_ADDRESS } " = "true" ] && ${ JSON } -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true"
fi
2017-09-01 15:59:34 +02:00
}
2017-04-24 19:02:01 +02:00
create_postgresql_cluster( ) {
2022-05-15 18:23:47 +02:00
local pg_conf_dir = /etc/postgresql/${ PG_VERSION } /${ PG_NAME }
local postgresql_conf = $pg_conf_dir /postgresql.conf
local hba_conf = $pg_conf_dir /pg_hba.conf
2017-04-24 19:02:01 +02:00
2022-05-15 18:23:47 +02:00
mv $postgresql_conf $postgresql_conf .backup
mv $hba_conf $hba_conf .backup
2017-05-17 15:35:54 +02:00
2022-05-15 18:23:47 +02:00
pg_createcluster ${ PG_VERSION } ${ PG_NAME }
2017-04-24 19:02:01 +02:00
}
2016-08-25 18:52:14 +02:00
create_postgresql_db( ) {
2022-05-15 18:23:47 +02:00
sudo -u postgres psql -c " CREATE USER $DB_USER WITH password ' " $DB_PWD "';"
2023-02-07 14:08:40 +01:00
sudo -u postgres psql -c " CREATE DATABASE $DB_NAME OWNER $DB_USER ; "
2017-04-24 19:02:01 +02:00
}
2019-10-29 10:42:43 +01:00
create_db_tbl( ) {
2022-05-15 18:23:47 +02:00
case $DB_TYPE in
"postgres" )
create_postgresql_tbl
; ;
"mariadb" | "mysql" )
create_mysql_tbl
; ;
esac
2019-10-29 10:42:43 +01:00
}
2021-04-14 16:10:38 +02:00
upgrade_db_tbl( ) {
2022-05-15 18:23:47 +02:00
case $DB_TYPE in
"postgres" )
upgrade_postgresql_tbl
; ;
"mariadb" | "mysql" )
upgrade_mysql_tbl
; ;
esac
2021-04-14 16:10:38 +02:00
}
upgrade_postgresql_tbl( ) {
2022-05-15 18:23:47 +02:00
if [ -n " $DB_PWD " ] ; then
export PGPASSWORD = $DB_PWD
fi
2021-04-14 16:10:38 +02:00
2022-05-15 18:23:47 +02:00
PSQL = " psql -q -h $DB_HOST -p $DB_PORT -d $DB_NAME -U $DB_USER -w "
2021-04-14 16:10:38 +02:00
2022-05-15 18:23:47 +02:00
$PSQL -f " $APP_DIR /server/schema/postgresql/removetbl.sql "
$PSQL -f " $APP_DIR /server/schema/postgresql/createdb.sql "
2021-04-14 16:10:38 +02:00
}
upgrade_mysql_tbl( ) {
2022-05-15 18:23:47 +02:00
CONNECTION_PARAMS = " -h $DB_HOST -P $DB_PORT -u $DB_USER -p $DB_PWD -w "
MYSQL = " mysql -q $CONNECTION_PARAMS "
2021-04-14 16:10:38 +02:00
2022-05-15 18:23:47 +02:00
$MYSQL $DB_NAME < " $APP_DIR /server/schema/mysql/removetbl.sql " >/dev/null 2>& 1
$MYSQL $DB_NAME < " $APP_DIR /server/schema/mysql/createdb.sql " >/dev/null 2>& 1
2021-04-14 16:10:38 +02:00
}
2019-10-29 10:42:43 +01:00
create_postgresql_tbl( ) {
2022-05-15 18:23:47 +02:00
if [ -n " $DB_PWD " ] ; then
export PGPASSWORD = $DB_PWD
fi
2016-06-30 11:41:52 +02:00
2022-05-15 18:23:47 +02:00
PSQL = " psql -q -h $DB_HOST -p $DB_PORT -d $DB_NAME -U $DB_USER -w "
$PSQL -f " $APP_DIR /server/schema/postgresql/createdb.sql "
2019-10-29 10:42:43 +01:00
}
create_mysql_tbl( ) {
2022-05-15 18:23:47 +02:00
CONNECTION_PARAMS = " -h $DB_HOST -P $DB_PORT -u $DB_USER -p $DB_PWD -w "
MYSQL = " mysql -q $CONNECTION_PARAMS "
2019-10-29 10:42:43 +01:00
2022-05-15 18:23:47 +02:00
# Create db on remote server
$MYSQL -e " CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; " >/dev/null 2>& 1
2019-10-29 10:42:43 +01:00
2022-05-15 18:23:47 +02:00
$MYSQL $DB_NAME < " $APP_DIR /server/schema/mysql/createdb.sql " >/dev/null 2>& 1
2016-08-25 18:52:14 +02:00
}
2016-07-11 10:47:22 +02:00
2019-11-28 12:59:20 +01:00
update_welcome_page( ) {
2022-05-15 18:23:47 +02:00
WELCOME_PAGE = " ${ APP_DIR } -example/welcome/docker.html "
if [ [ -e $WELCOME_PAGE ] ] ; then
DOCKER_CONTAINER_ID = $( basename $( cat /proc/1/cpuset) )
2022-09-13 10:08:04 +02:00
( ( ${# DOCKER_CONTAINER_ID } < 12 ) ) && DOCKER_CONTAINER_ID = $( hostname)
2022-05-15 18:23:47 +02:00
if ( ( ${# DOCKER_CONTAINER_ID } >= 12 ) ) ; then
if [ [ -x $( command -v docker) ] ] ; then
DOCKER_CONTAINER_NAME = $( docker inspect --format= "{{.Name}}" $DOCKER_CONTAINER_ID )
sed 's/$(sudo docker ps -q)/' " ${ DOCKER_CONTAINER_NAME #/ } " '/' -i $WELCOME_PAGE
2022-09-13 10:08:04 +02:00
JWT_MESSAGE = $( echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/' " ${ DOCKER_CONTAINER_NAME #/ } " '/' )
2022-05-15 18:23:47 +02:00
else
sed 's/$(sudo docker ps -q)/' " ${ DOCKER_CONTAINER_ID : : 12 } " '/' -i $WELCOME_PAGE
2022-09-13 10:08:04 +02:00
JWT_MESSAGE = $( echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/' " ${ DOCKER_CONTAINER_ID : : 12 } " '/' )
2022-05-15 18:23:47 +02:00
fi
fi
fi
2016-08-25 18:52:14 +02:00
}
2016-07-11 10:47:22 +02:00
2016-07-20 17:56:20 +02:00
update_nginx_settings( ) {
2022-05-15 18:23:47 +02:00
# Set up nginx
sed 's/^worker_processes.*/' " worker_processes ${ NGINX_WORKER_PROCESSES } ; " '/' -i ${ NGINX_CONFIG_PATH }
sed 's/worker_connections.*/' " worker_connections ${ NGINX_WORKER_CONNECTIONS } ; " '/' -i ${ NGINX_CONFIG_PATH }
sed 's/access_log.*/' "access_log off;" '/' -i ${ NGINX_CONFIG_PATH }
# setup HTTPS
if [ -f " ${ SSL_CERTIFICATE_PATH } " -a -f " ${ SSL_KEY_PATH } " ] ; then
cp -f ${ NGINX_ONLYOFFICE_PATH } /ds-ssl.conf.tmpl ${ NGINX_ONLYOFFICE_CONF }
# configure nginx
sed 's,{{SSL_CERTIFICATE_PATH}},' " ${ SSL_CERTIFICATE_PATH } " ',' -i ${ NGINX_ONLYOFFICE_CONF }
sed 's,{{SSL_KEY_PATH}},' " ${ SSL_KEY_PATH } " ',' -i ${ NGINX_ONLYOFFICE_CONF }
# turn on http2
sed 's,\(443 ssl\),\1 http2,' -i ${ NGINX_ONLYOFFICE_CONF }
# if dhparam path is valid, add to the config, otherwise remove the option
if [ -r " ${ SSL_DHPARAM_PATH } " ] ; then
sed 's,\(\#* *\)\?\(ssl_dhparam \).*\(;\)$,' " \2 ${ SSL_DHPARAM_PATH } \3 " ',' -i ${ NGINX_ONLYOFFICE_CONF }
else
sed '/ssl_dhparam/d' -i ${ NGINX_ONLYOFFICE_CONF }
fi
sed 's,\(ssl_verify_client \).*\(;\)$,' " \1 ${ SSL_VERIFY_CLIENT } \2 " ',' -i ${ NGINX_ONLYOFFICE_CONF }
if [ -f " ${ CA_CERTIFICATES_PATH } " ] ; then
sed '/ssl_verify_client/a ' " ssl_client_certificate ${ CA_CERTIFICATES_PATH } " ';' -i ${ NGINX_ONLYOFFICE_CONF }
fi
if [ " ${ ONLYOFFICE_HTTPS_HSTS_ENABLED } " = = "true" ] ; then
sed 's,\(max-age=\).*\(;\)$,' " \1 ${ ONLYOFFICE_HTTPS_HSTS_MAXAGE } \2 " ',' -i ${ NGINX_ONLYOFFICE_CONF }
else
sed '/max-age=/d' -i ${ NGINX_ONLYOFFICE_CONF }
fi
else
ln -sf ${ NGINX_ONLYOFFICE_PATH } /ds.conf.tmpl ${ NGINX_ONLYOFFICE_CONF }
fi
# check if ipv6 supported otherwise remove it from nginx config
if [ ! -f /proc/net/if_inet6 ] ; then
sed '/listen\s\+\[::[0-9]*\].\+/d' -i $NGINX_ONLYOFFICE_CONF
fi
if [ -f " ${ NGINX_ONLYOFFICE_EXAMPLE_CONF } " ] ; then
sed 's/linux/docker/' -i ${ NGINX_ONLYOFFICE_EXAMPLE_CONF }
fi
2022-06-07 15:16:05 +02:00
2022-07-12 11:37:48 +02:00
documentserver-update-securelink.sh -s ${ SECURE_LINK_SECRET :- $( pwgen -s 20) } -r false
2016-07-11 10:47:22 +02:00
}
2017-05-17 16:41:13 +02:00
update_log_settings( ) {
2022-05-15 18:23:47 +02:00
${ JSON_LOG } -I -e " this.categories.default.level = ' ${ DS_LOG_LEVEL } ' "
2017-05-17 16:41:13 +02:00
}
2018-11-20 15:06:53 +01:00
update_logrotate_settings( ) {
2022-05-15 18:23:47 +02:00
sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf
2018-11-20 15:06:53 +01:00
}
2021-04-14 16:10:38 +02:00
update_release_date( ) {
2022-05-15 18:23:47 +02:00
mkdir -p ${ PRIVATE_DATA_DIR }
echo ${ RELEASE_DATE } > ${ DS_RELEASE_DATE }
2021-04-14 16:10:38 +02:00
}
2015-05-25 12:47:54 +02:00
# create base folders
2021-06-22 08:59:50 +02:00
for i in converter docservice metrics; do
2022-05-15 18:23:47 +02:00
mkdir -p " ${ DS_LOG_DIR } / $i "
2016-06-30 11:41:52 +02:00
done
2017-11-10 13:10:52 +01:00
mkdir -p ${ DS_LOG_DIR } -example
2019-05-29 15:26:22 +02:00
# create app folders
2020-02-12 11:42:04 +01:00
for i in ${ DS_LIB_DIR } /App_Data/cache/files ${ DS_LIB_DIR } /App_Data/docbuilder ${ DS_LIB_DIR } -example/files; do
2022-05-15 18:23:47 +02:00
mkdir -p " $i "
2019-05-29 15:26:22 +02:00
done
2017-11-10 13:10:52 +01:00
# change folder rights
2022-07-05 13:56:42 +02:00
for i in ${ LOG_DIR } ${ LIB_DIR } ; do
2022-05-15 18:23:47 +02:00
chown -R ds:ds " $i "
chmod -R 755 " $i "
2017-11-10 13:10:52 +01:00
done
2016-06-30 11:41:52 +02:00
2016-07-20 17:56:20 +02:00
if [ ${ ONLYOFFICE_DATA_CONTAINER_HOST } = "localhost" ] ; then
2022-05-15 18:23:47 +02:00
read_setting
if [ $METRICS_ENABLED = "true" ] ; then
update_statsd_settings
fi
update_welcome_page
update_log_settings
update_ds_settings
# update settings by env variables
if [ $DB_HOST != "localhost" ] ; then
update_db_settings
waiting_for_db
create_db_tbl
else
# change rights for postgres directory
chown -R postgres:postgres ${ PG_ROOT }
chmod -R 700 ${ PG_ROOT }
# create new db if it isn't exist
if [ ! -d ${ PGDATA } ] ; then
create_postgresql_cluster
PG_NEW_CLUSTER = true
fi
LOCAL_SERVICES += ( "postgresql" )
fi
if [ ${ AMQP_SERVER_HOST } != "localhost" ] ; then
update_rabbitmq_setting
else
# change rights for rabbitmq directory
chown -R rabbitmq:rabbitmq ${ RABBITMQ_DATA }
chmod -R go = rX,u= rwX ${ RABBITMQ_DATA }
if [ -f ${ RABBITMQ_DATA } /.erlang.cookie ] ; then
chmod 400 ${ RABBITMQ_DATA } /.erlang.cookie
fi
LOCAL_SERVICES += ( "rabbitmq-server" )
# allow Rabbitmq startup after container kill
rm -rf /var/run/rabbitmq
fi
if [ ${ REDIS_ENABLED } = "true" ] ; then
if [ ${ REDIS_SERVER_HOST } != "localhost" ] ; then
update_redis_settings
else
# change rights for redis directory
chown -R redis:redis ${ REDIS_DATA }
chmod -R 750 ${ REDIS_DATA }
LOCAL_SERVICES += ( "redis-server" )
fi
fi
2022-05-15 18:22:11 +02:00
else
2022-05-15 18:23:47 +02:00
# no need to update settings just wait for remote data
waiting_for_datacontainer
2022-05-15 18:22:11 +02:00
2022-05-15 18:23:47 +02:00
# read settings after the data container in ready state
# to prevent get unconfigureted data
read_setting
update_welcome_page
2016-06-30 11:41:52 +02:00
fi
2023-03-17 10:25:33 +01:00
find /etc/${ COMPANY_NAME } ! -path '*logrotate*' -exec chown ds:ds { } \;
2022-08-31 11:13:30 +02:00
2016-07-20 17:56:20 +02:00
#start needed local services
for i in ${ LOCAL_SERVICES [@] } ; do
2022-05-15 18:23:47 +02:00
service $i start
2016-07-20 17:56:20 +02:00
done
2017-04-24 19:02:01 +02:00
if [ ${ PG_NEW_CLUSTER } = "true" ] ; then
2022-05-15 18:23:47 +02:00
create_postgresql_db
create_postgresql_tbl
2017-04-24 19:02:01 +02:00
fi
2016-07-11 10:47:22 +02:00
if [ ${ ONLYOFFICE_DATA_CONTAINER } != "true" ] ; then
2022-05-15 18:23:47 +02:00
waiting_for_db
waiting_for_amqp
if [ ${ REDIS_ENABLED } = "true" ] ; then
waiting_for_redis
fi
2022-05-15 18:22:11 +02:00
2022-05-15 18:23:47 +02:00
if [ " ${ IS_UPGRADE } " = "true" ] ; then
upgrade_db_tbl
update_release_date
fi
2016-07-20 17:56:20 +02:00
2022-05-15 18:23:47 +02:00
update_nginx_settings
2023-07-13 16:51:03 +02:00
2022-05-15 18:23:47 +02:00
service supervisor start
# start cron to enable log rotating
update_logrotate_settings
service cron start
2016-07-11 10:47:22 +02:00
fi
2016-06-30 11:41:52 +02:00
2016-07-20 17:56:20 +02:00
# nginx used as a proxy, and as data container status service.
# it run in all cases.
service nginx start
2020-11-18 08:46:19 +01:00
if [ " ${ LETS_ENCRYPT_DOMAIN } " != "" -a " ${ LETS_ENCRYPT_MAIL } " != "" ] ; then
2022-05-15 18:23:47 +02:00
if [ ! -f " ${ SSL_CERTIFICATE_PATH } " -a ! -f " ${ SSL_KEY_PATH } " ] ; then
documentserver-letsencrypt.sh ${ LETS_ENCRYPT_MAIL } ${ LETS_ENCRYPT_DOMAIN }
fi
2020-10-22 12:47:51 +02:00
fi
2016-06-30 11:41:52 +02:00
# Regenerate the fonts list and the fonts thumbnails
2020-10-20 15:14:55 +02:00
if [ " ${ GENERATE_FONTS } " = = "true" ] ; then
2022-05-15 18:23:47 +02:00
documentserver-generate-allfonts.sh ${ ONLYOFFICE_DATA_CONTAINER }
2020-10-20 15:14:55 +02:00
fi
2018-01-29 09:56:51 +01:00
documentserver-static-gzip.sh ${ ONLYOFFICE_DATA_CONTAINER }
2018-04-12 23:41:24 +02:00
2022-08-22 19:56:45 +02:00
echo " ${ JWT_MESSAGE } "
2022-05-15 20:07:31 +02:00
# Check if lager file limits should be set
if [ " $LARGER_FILE_LIMITS " = "true" ] ; then
if [ -e /app/ds/file_limits_set ] ; then
2023-03-09 12:19:40 +01:00
echo ""
2022-05-15 20:07:31 +02:00
else
2023-03-09 12:19:40 +01:00
touch /app/ds/file_limits_set
sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver-example/production-linux.json
sed -i '9iclient_max_body_size 1000M;' /etc/onlyoffice/documentserver-example/nginx/includes/ds-example.conf
sed -i '16iclient_max_body_size 1000M;' /etc/nginx/nginx.conf
sed -i -e 's/104857600/10485760000/g' /etc/onlyoffice/documentserver/default.json
sed -i -e 's/50MB/5000MB/g' /etc/onlyoffice/documentserver/default.json
sed -i -e 's/300MB/3000MB/g' /etc/onlyoffice/documentserver/default.json
sed -i 's/^client_max_body_size 100m;$/client_max_body_size 1000m;/' /etc/onlyoffice/documentserver/nginx/includes/ds-common.conf
service nginx restart
supervisorctl restart all
2022-05-15 20:07:31 +02:00
fi
fi
2020-09-10 16:02:20 +02:00
tail -f /var/log/${ COMPANY_NAME } /**/*.log &
wait $!
2023-03-09 12:19:40 +01:00