updated for onlyoffice-documentserver v4.0
This commit is contained in:
parent
7b887035da
commit
1125fc0900
7 changed files with 412 additions and 175 deletions
36
Dockerfile
36
Dockerfile
|
@ -1,36 +1,42 @@
|
||||||
FROM ubuntu:14.04
|
FROM ubuntu:14.04
|
||||||
MAINTAINER Ascensio System SIA <support@onlyoffice.com>
|
MAINTAINER Ascensio System SIA <support@onlyoffice.com>
|
||||||
|
|
||||||
ENV LANG en_US.UTF-8
|
ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
|
||||||
ENV LANGUAGE en_US:en
|
|
||||||
ENV LC_ALL en_US.UTF-8
|
|
||||||
|
|
||||||
RUN apt-get update && apt-get -y -q install libreoffice
|
|
||||||
|
|
||||||
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
||||||
echo "deb http://static.teamlab.com.s3.amazonaws.com/repo/debian/ squeeze main" >> /etc/apt/sources.list && \
|
apt-get -y update && \
|
||||||
|
apt-get --force-yes -yq install apt-transport-https && \
|
||||||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D9D0BF019CC8AC0D && \
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D9D0BF019CC8AC0D && \
|
||||||
echo "deb http://download.mono-project.com/repo/debian wheezy/snapshots/3.12.0 main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list && \
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1655A0AB68576280 && \
|
||||||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
|
|
||||||
echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" >> /etc/apt/sources.list && \
|
echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" >> /etc/apt/sources.list && \
|
||||||
DEBIAN_FRONTEND=noninteractive && \
|
echo "deb https://deb.nodesource.com/node_4.x trusty main" | tee /etc/apt/sources.list.d/nodesource.list && \
|
||||||
locale-gen en_US.UTF-8 && \
|
locale-gen en_US.UTF-8 && \
|
||||||
apt-get -y update && \
|
apt-get -y update && \
|
||||||
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
|
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
|
||||||
apt-get install --force-yes -yq software-properties-common && \
|
apt-get install --force-yes -yq software-properties-common && \
|
||||||
add-apt-repository ppa:ubuntu-toolchain-r/test && \
|
add-apt-repository ppa:ubuntu-toolchain-r/test && \
|
||||||
apt-get -y update && \
|
apt-get -y update && \
|
||||||
apt-get --force-yes -yq install gcc-4.9 onlyoffice-documentserver nano htop && \
|
apt-get --force-yes -yq install software-properties-common adduser mysql-server redis-server rabbitmq-server nginx-extras nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g supervisor fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libgtkglext1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2 bomstrip libnspr4 libnss3 libnss3-nssdb nano htop && \
|
||||||
|
service mysql stop && \
|
||||||
|
service redis-server stop && \
|
||||||
|
service rabbitmq-server stop && \
|
||||||
|
service supervisor stop && \
|
||||||
|
service nginx stop && \
|
||||||
rm -rf /var/lib/apt/lists/*
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
ADD config /app/onlyoffice/setup/config/
|
ADD config /app/onlyoffice/setup/config/
|
||||||
ADD run-document-server.sh /app/onlyoffice/run-document-server.sh
|
ADD run-document-server.sh /app/onlyoffice/run-document-server.sh
|
||||||
RUN chmod 755 /app/onlyoffice/*.sh
|
|
||||||
|
|
||||||
VOLUME ["/var/log/onlyoffice"]
|
EXPOSE 80 443
|
||||||
VOLUME ["/var/www/onlyoffice/Data"]
|
|
||||||
|
|
||||||
EXPOSE 80
|
RUN echo "deb http://static.teamlab.com/repo/debian/ squeeze main" | tee /etc/apt/sources.list.d/onlyoffice.list && \
|
||||||
EXPOSE 443
|
apt-get -y update && \
|
||||||
|
service mysql start && \
|
||||||
|
apt-get --force-yes -yq install onlyoffice-documentserver && \
|
||||||
|
service mysql stop && \
|
||||||
|
chmod 755 /app/onlyoffice/*.sh && \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
VOLUME /etc/onlyoffice /var/log/onlyoffice /var/lib/onlyoffice /var/www/onlyoffice/Data
|
||||||
|
|
||||||
CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'
|
CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'
|
||||||
|
|
71
config/nginx/onlyoffice-documentserver-ssl.conf
Normal file
71
config/nginx/onlyoffice-documentserver-ssl.conf
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
include /etc/nginx/includes/onlyoffice-http.conf;
|
||||||
|
|
||||||
|
## Normal HTTP host
|
||||||
|
server {
|
||||||
|
listen 0.0.0.0:80;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
server_name _;
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
## Redirects all traffic to the HTTPS host
|
||||||
|
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
|
||||||
|
rewrite ^ https://$host$request_uri? permanent;
|
||||||
|
}
|
||||||
|
|
||||||
|
#HTTP host for internal services
|
||||||
|
server {
|
||||||
|
listen 127.0.0.1:80;
|
||||||
|
listen [::1]:80;
|
||||||
|
server_name localhost;
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
|
||||||
|
include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
## HTTPS host
|
||||||
|
server {
|
||||||
|
listen 0.0.0.0:443 ssl spdy;
|
||||||
|
listen [::]:443 ssl spdy default_server;
|
||||||
|
server_tokens off;
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
|
||||||
|
## Strong SSL Security
|
||||||
|
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate {{SSL_CERTIFICATE_PATH}};
|
||||||
|
ssl_certificate_key {{SSL_KEY_PATH}};
|
||||||
|
ssl_verify_client {{SSL_VERIFY_CLIENT}};
|
||||||
|
ssl_client_certificate {{CA_CERTIFICATES_PATH}};
|
||||||
|
|
||||||
|
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||||
|
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_session_cache builtin:1000 shared:SSL:10m;
|
||||||
|
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
|
||||||
|
# add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
|
||||||
|
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
|
||||||
|
## Replace with your ssl_trusted_certificate. For more info see:
|
||||||
|
## - https://medium.com/devops-programming/4445f4862461
|
||||||
|
## - https://www.ruby-forum.com/topic/4419319
|
||||||
|
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
|
||||||
|
# ssl_stapling on;
|
||||||
|
# ssl_stapling_verify on;
|
||||||
|
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
|
||||||
|
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
|
||||||
|
# resolver_timeout 10s;
|
||||||
|
|
||||||
|
## [Optional] Generate a stronger DHE parameter:
|
||||||
|
## cd /etc/ssl/certs
|
||||||
|
## sudo openssl dhparam -out dhparam.pem 4096
|
||||||
|
##
|
||||||
|
ssl_dhparam {{SSL_DHPARAM_PATH}};
|
||||||
|
|
||||||
|
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
|
||||||
|
|
||||||
|
}
|
8
config/nginx/onlyoffice-documentserver.conf
Normal file
8
config/nginx/onlyoffice-documentserver.conf
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
include /etc/nginx/includes/onlyoffice-http.conf;
|
||||||
|
server {
|
||||||
|
listen 0.0.0.0:80;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
|
||||||
|
}
|
|
@ -1,114 +0,0 @@
|
||||||
## Normal HTTP host
|
|
||||||
server {
|
|
||||||
listen 0.0.0.0:80;
|
|
||||||
listen [::]:80 default_server;
|
|
||||||
server_name _;
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
## Redirects all traffic to the HTTPS host
|
|
||||||
root /nowhere; ## root doesn't have to be a valid path since we are redirecting
|
|
||||||
rewrite ^ https://$host$request_uri? permanent;
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream fastcgi_backend {
|
|
||||||
server 127.0.0.1:9001;
|
|
||||||
keepalive 32;
|
|
||||||
}
|
|
||||||
|
|
||||||
## HTTPS host
|
|
||||||
server {
|
|
||||||
listen 0.0.0.0:443 ssl spdy;
|
|
||||||
listen [::]:443 ssl spdy default_server;
|
|
||||||
server_tokens off;
|
|
||||||
root /usr/share/nginx/html;
|
|
||||||
|
|
||||||
## Increase this if you want to upload large attachments
|
|
||||||
client_max_body_size 100m;
|
|
||||||
|
|
||||||
## Strong SSL Security
|
|
||||||
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate {{SSL_CERTIFICATE_PATH}};
|
|
||||||
ssl_certificate_key {{SSL_KEY_PATH}};
|
|
||||||
ssl_verify_client {{SSL_VERIFY_CLIENT}};
|
|
||||||
ssl_client_certificate {{CA_CERTIFICATES_PATH}};
|
|
||||||
|
|
||||||
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
||||||
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_session_cache builtin:1000 shared:SSL:10m;
|
|
||||||
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
|
|
||||||
# add_header X-Frame-Options SAMEORIGIN;
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
|
|
||||||
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
|
|
||||||
## Replace with your ssl_trusted_certificate. For more info see:
|
|
||||||
## - https://medium.com/devops-programming/4445f4862461
|
|
||||||
## - https://www.ruby-forum.com/topic/4419319
|
|
||||||
## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
|
|
||||||
# ssl_stapling on;
|
|
||||||
# ssl_stapling_verify on;
|
|
||||||
# ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
|
|
||||||
# resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
|
|
||||||
# resolver_timeout 10s;
|
|
||||||
|
|
||||||
## [Optional] Generate a stronger DHE parameter:
|
|
||||||
## cd /etc/ssl/certs
|
|
||||||
## sudo openssl dhparam -out dhparam.pem 4096
|
|
||||||
##
|
|
||||||
ssl_dhparam {{SSL_DHPARAM_PATH}};
|
|
||||||
|
|
||||||
gzip on;
|
|
||||||
gzip_types text/plain
|
|
||||||
text/xml
|
|
||||||
text/css
|
|
||||||
text/csv
|
|
||||||
application/xml
|
|
||||||
application/javascript
|
|
||||||
application/x-javascript
|
|
||||||
application/json
|
|
||||||
application/octet-stream
|
|
||||||
application/pdf
|
|
||||||
application/rtf
|
|
||||||
application/msword
|
|
||||||
application/vnd.ms-excel
|
|
||||||
application/vnd.ms-powerpoint;
|
|
||||||
#application/vnd.oasis.opendocument.text
|
|
||||||
#application/vnd.oasis.opendocument.spreadsheet
|
|
||||||
#application/vnd.oasis.opendocument.presentation
|
|
||||||
#application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
|
||||||
#application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
|
|
||||||
#application/vnd.openxmlformats-officedocument.presentationml.presentation;
|
|
||||||
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root /var/www/onlyoffice/documentserver/DocService/;
|
|
||||||
index index.html index.htm default.aspx Default.aspx;
|
|
||||||
fastcgi_index Default.aspx;
|
|
||||||
fastcgi_keep_conn on;
|
|
||||||
fastcgi_pass fastcgi_backend;
|
|
||||||
include /etc/onlyoffice/documentserver/fastcgi_params;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \/OfficeWeb\/(?!sdk\/Fonts\/) {
|
|
||||||
root /var/www/onlyoffice/documentserver/DocService;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /coauthoring/ {
|
|
||||||
proxy_pass http://localhost:8000/;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
}
|
|
||||||
|
|
||||||
location /spellchecker/ {
|
|
||||||
proxy_pass http://localhost:8080/;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
176
config/supervisor/supervisor
Normal file
176
config/supervisor/supervisor
Normal file
|
@ -0,0 +1,176 @@
|
||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# skeleton example file to build /etc/init.d/ scripts.
|
||||||
|
# This file should be used to construct scripts for /etc/init.d.
|
||||||
|
#
|
||||||
|
# Written by Miquel van Smoorenburg <miquels@cistron.nl>.
|
||||||
|
# Modified for Debian
|
||||||
|
# by Ian Murdock <imurdock@gnu.ai.mit.edu>.
|
||||||
|
# Further changes by Javier Fernandez-Sanguino <jfs@debian.org>
|
||||||
|
#
|
||||||
|
# Version: @(#)skeleton 1.9 26-Feb-2001 miquels@cistron.nl
|
||||||
|
#
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: supervisor
|
||||||
|
# Required-Start: $remote_fs $network $named
|
||||||
|
# Required-Stop: $remote_fs $network $named
|
||||||
|
# Default-Start: 2 3 4 5
|
||||||
|
# Default-Stop: 0 1 6
|
||||||
|
# Short-Description: Start/stop supervisor
|
||||||
|
# Description: Start/stop supervisor daemon and its configured
|
||||||
|
# subprocesses.
|
||||||
|
### END INIT INFO
|
||||||
|
|
||||||
|
. /lib/lsb/init-functions
|
||||||
|
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
DAEMON=/usr/bin/supervisord
|
||||||
|
NAME=supervisord
|
||||||
|
DESC=supervisor
|
||||||
|
|
||||||
|
test -x $DAEMON || exit 0
|
||||||
|
|
||||||
|
LOGDIR=/var/log/supervisor
|
||||||
|
PIDFILE=/var/run/$NAME.pid
|
||||||
|
PS_COUNT=0
|
||||||
|
DODTIME=5 # Time to wait for the server to die, in seconds
|
||||||
|
# If this value is set too low you might not
|
||||||
|
# let some servers to die gracefully and
|
||||||
|
# 'restart' will not work
|
||||||
|
|
||||||
|
# Include supervisor defaults if available
|
||||||
|
if [ -f /etc/default/supervisor ] ; then
|
||||||
|
. /etc/default/supervisor
|
||||||
|
fi
|
||||||
|
DAEMON_OPTS="-c /etc/supervisor/supervisord.conf $DAEMON_OPTS"
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
running_pid()
|
||||||
|
{
|
||||||
|
# Check if a given process pid's cmdline matches a given name
|
||||||
|
pid=$1
|
||||||
|
name=$2
|
||||||
|
[ -z "$pid" ] && return 1
|
||||||
|
[ ! -d /proc/$pid ] && return 1
|
||||||
|
(cat /proc/$pid/cmdline | tr "\000" "\n"|grep -q $name) || return 1
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
running()
|
||||||
|
{
|
||||||
|
# Check if the process is running looking at /proc
|
||||||
|
# (works for all users)
|
||||||
|
|
||||||
|
# No pidfile, probably no daemon present
|
||||||
|
[ ! -f "$PIDFILE" ] && return 1
|
||||||
|
# Obtain the pid and check it against the binary name
|
||||||
|
pid=`cat $PIDFILE`
|
||||||
|
running_pid $pid $DAEMON || return 1
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
force_stop() {
|
||||||
|
# Forcefully kill the process
|
||||||
|
[ ! -f "$PIDFILE" ] && return
|
||||||
|
if running ; then
|
||||||
|
kill -15 $pid
|
||||||
|
# Is it really dead?
|
||||||
|
[ -n "$DODTIME" ] && sleep "$DODTIME"s
|
||||||
|
if running ; then
|
||||||
|
kill -9 $pid
|
||||||
|
[ -n "$DODTIME" ] && sleep "$DODTIME"s
|
||||||
|
if running ; then
|
||||||
|
echo "Cannot kill $LABEL (pid=$pid)!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
rm -f $PIDFILE
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
get_pid() {
|
||||||
|
PS_COUNT=$(pgrep -fc $DAEMON || true)
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
get_pid
|
||||||
|
if [ $PS_COUNT -eq 0 ]; then
|
||||||
|
rm -f "$PIDFILE"
|
||||||
|
fi
|
||||||
|
echo -n "Starting $DESC: "
|
||||||
|
start-stop-daemon --start --quiet --pidfile $PIDFILE \
|
||||||
|
--startas $DAEMON -- $DAEMON_OPTS
|
||||||
|
test -f $PIDFILE || sleep 1
|
||||||
|
if running ; then
|
||||||
|
echo "$NAME."
|
||||||
|
else
|
||||||
|
echo " ERROR."
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
stop)
|
||||||
|
echo -n "Stopping $DESC: "
|
||||||
|
start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
|
||||||
|
echo "$NAME."
|
||||||
|
;;
|
||||||
|
force-stop)
|
||||||
|
echo -n "Forcefully stopping $DESC: "
|
||||||
|
force_stop
|
||||||
|
if ! running ; then
|
||||||
|
echo "$NAME."
|
||||||
|
else
|
||||||
|
echo " ERROR."
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
#reload)
|
||||||
|
#
|
||||||
|
# If the daemon can reload its config files on the fly
|
||||||
|
# for example by sending it SIGHUP, do it here.
|
||||||
|
#
|
||||||
|
# If the daemon responds to changes in its config file
|
||||||
|
# directly anyway, make this a do-nothing entry.
|
||||||
|
#
|
||||||
|
# echo "Reloading $DESC configuration files."
|
||||||
|
# start-stop-daemon --stop --signal 1 --quiet --pidfile \
|
||||||
|
# /var/run/$NAME.pid --exec $DAEMON
|
||||||
|
#;;
|
||||||
|
force-reload)
|
||||||
|
#
|
||||||
|
# If the "reload" option is implemented, move the "force-reload"
|
||||||
|
# option to the "reload" entry above. If not, "force-reload" is
|
||||||
|
# just the same as "restart" except that it does nothing if the
|
||||||
|
# daemon isn't already running.
|
||||||
|
# check wether $DAEMON is running. If so, restart
|
||||||
|
start-stop-daemon --stop --test --quiet --pidfile $PIDFILE \
|
||||||
|
--startas $DAEMON \
|
||||||
|
&& $0 restart \
|
||||||
|
|| exit 0
|
||||||
|
;;
|
||||||
|
restart)
|
||||||
|
echo -n "Restarting $DESC: "
|
||||||
|
start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
|
||||||
|
[ -n "$DODTIME" ] && sleep $DODTIME
|
||||||
|
start-stop-daemon --start --quiet --pidfile $PIDFILE \
|
||||||
|
--startas $DAEMON -- $DAEMON_OPTS
|
||||||
|
echo "$NAME."
|
||||||
|
;;
|
||||||
|
status)
|
||||||
|
echo -n "$LABEL is "
|
||||||
|
if running ; then
|
||||||
|
echo "running"
|
||||||
|
else
|
||||||
|
echo " not running."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
N=/etc/init.d/$NAME
|
||||||
|
# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
|
||||||
|
echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
exit 0
|
27
config/supervisor/supervisord.conf
Normal file
27
config/supervisor/supervisord.conf
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
; supervisor config file
|
||||||
|
|
||||||
|
[inet_http_server]
|
||||||
|
port = 127.0.0.1:9001
|
||||||
|
|
||||||
|
[supervisord]
|
||||||
|
logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
|
||||||
|
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
|
||||||
|
childlogdir=/var/log/supervisor ; ('AUTO' child log dir, default $TEMP)
|
||||||
|
|
||||||
|
; the below section must remain in the config file for RPC
|
||||||
|
; (supervisorctl/web interface) to work, additional interfaces may be
|
||||||
|
; added by defining them in separate rpcinterface: sections
|
||||||
|
[rpcinterface:supervisor]
|
||||||
|
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
||||||
|
|
||||||
|
[supervisorctl]
|
||||||
|
serverurl = http://localhost:9001 ; use a unix:// URL for a unix socket
|
||||||
|
|
||||||
|
; The [include] section can just contain the "files" setting. This
|
||||||
|
; setting can list multiple files (separated by whitespace or
|
||||||
|
; newlines). It can also contain wildcards. The filenames are
|
||||||
|
; interpreted as relative to this file. Included files *cannot*
|
||||||
|
; include files themselves.
|
||||||
|
|
||||||
|
[include]
|
||||||
|
files = /etc/supervisor/conf.d/*.conf
|
|
@ -1,49 +1,59 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/CoAuthoringService.conf
|
APP_DIR="/var/www/onlyoffice/documentserver"
|
||||||
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/DocService.conf
|
|
||||||
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/FileConverterService.conf
|
|
||||||
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/LibreOfficeService.conf
|
|
||||||
sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/SpellCheckerService.conf
|
|
||||||
|
|
||||||
sed "/sudo /s/-u onlyoffice//" -i /var/www/onlyoffice/documentserver/Tools/CheckDocService.sh
|
|
||||||
sed "/sudo /s/-u onlyoffice//" -i /var/www/onlyoffice/documentserver/Tools/GenerateAllFonts.sh
|
|
||||||
|
|
||||||
chown root /var/www/onlyoffice
|
|
||||||
chown root /var/lib/onlyoffice
|
|
||||||
|
|
||||||
adduser --quiet www-data root
|
|
||||||
|
|
||||||
DATA_DIR="/var/www/onlyoffice/Data"
|
DATA_DIR="/var/www/onlyoffice/Data"
|
||||||
LOG_DIR="/var/log/onlyoffice"
|
LOG_DIR="/var/log/onlyoffice/documentserver"
|
||||||
|
|
||||||
ONLYOFFICE_HTTPS=${ONLYOFFICE_HTTPS:-false}
|
ONLYOFFICE_HTTPS=${ONLYOFFICE_HTTPS:-false}
|
||||||
|
|
||||||
SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
|
SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
|
||||||
SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
|
SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
|
||||||
SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
|
SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
|
||||||
|
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
|
||||||
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
|
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
|
||||||
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
|
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
|
||||||
ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
|
ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
|
||||||
ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
|
ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
|
||||||
SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
|
SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
|
||||||
|
|
||||||
NGINX_ONLYOFFICE_PATH="/etc/nginx/sites-enabled/onlyoffice-documentserver";
|
NGINX_ONLYOFFICE_PATH="/etc/nginx/conf.d/onlyoffice-documentserver.conf";
|
||||||
|
|
||||||
|
NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
|
||||||
|
NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)}
|
||||||
|
NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
|
||||||
|
|
||||||
|
ONLYOFFICE_DEFAULT_CONFIG=/etc/onlyoffice/documentserver/default.json
|
||||||
|
|
||||||
|
MYSQL_SERVER_HOST=${MYSQL_SERVER_HOST:-"localhost"}
|
||||||
|
MYSQL_SERVER_PORT=${MYSQL_SERVER_PORT:-"3306"}
|
||||||
|
MYSQL_SERVER_DB_NAME=${MYSQL_SERVER_DB_NAME:-"onlyoffice"}
|
||||||
|
MYSQL_SERVER_USER=${MYSQL_SERVER_USER:-"root"}
|
||||||
|
MYSQL_SERVER_PASS=${MYSQL_SERVER_PASS:-""}
|
||||||
|
|
||||||
|
RABBITMQ_SERVER_HOST=${RABBITMQ_SERVER_HOST:-"localhost"}
|
||||||
|
RABBITMQ_SERVER_USER=${RABBITMQ_SERVER_USER:-"guest"}
|
||||||
|
RABBITMQ_SERVER_PASS=${RABBITMQ_SERVER_PASS:-"guest"}
|
||||||
|
|
||||||
|
REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-"localhost"}
|
||||||
|
REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-"6379"}
|
||||||
|
|
||||||
# create base folders
|
# create base folders
|
||||||
mkdir -p /var/log/onlyoffice/documentserver/FileConverterService/
|
for i in converter docservice spellchecker metrics gc; do
|
||||||
mkdir -p /var/log/onlyoffice/documentserver/CoAuthoringService/
|
mkdir -p "${LOG_DIR}/$i"
|
||||||
mkdir -p /var/log/onlyoffice/documentserver/DocService/
|
done
|
||||||
mkdir -p /var/log/onlyoffice/documentserver/SpellCheckerService/
|
|
||||||
mkdir -p /var/log/onlyoffice/documentserver/LibreOfficeService/
|
mkdir -p ${LOG_DIR}-example
|
||||||
mkdir -p /var/log/onlyoffice/documentserver/WatchDogService/
|
|
||||||
|
# Set up nginx
|
||||||
|
sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH}
|
||||||
|
sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_CONFIG_PATH}
|
||||||
|
sed 's/access_log.*/'"access_log off;"'/' -i ${NGINX_CONFIG_PATH}
|
||||||
|
|
||||||
# setup HTTPS
|
# setup HTTPS
|
||||||
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
|
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
|
||||||
cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-ssl ${NGINX_ONLYOFFICE_PATH}
|
cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver-ssl.conf ${NGINX_ONLYOFFICE_PATH}
|
||||||
|
|
||||||
mkdir ${DATA_DIR}
|
mkdir ${DATA_DIR}
|
||||||
mkdir ${LOG_DIR}/nginx
|
|
||||||
|
|
||||||
# configure nginx
|
# configure nginx
|
||||||
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
|
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
|
||||||
|
@ -58,7 +68,7 @@ if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
|
||||||
|
|
||||||
sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
|
sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
|
||||||
|
|
||||||
if [ -f /usr/local/share/ca-certificates/ca.crt ]; then
|
if [ -f "${CA_CERTIFICATES_PATH}" ]; then
|
||||||
sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
|
sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
|
||||||
else
|
else
|
||||||
sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
|
sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
|
||||||
|
@ -69,8 +79,61 @@ if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
|
||||||
else
|
else
|
||||||
sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
|
sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver.conf ${NGINX_ONLYOFFICE_PATH}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
JSON="json -I -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
|
||||||
|
|
||||||
|
if [ ${MYSQL_SERVER_HOST} != "localhost" ]; then
|
||||||
|
|
||||||
|
# Change mysql settings
|
||||||
|
${JSON} -e "this.services.CoAuthoring.sql.dbHost = '${MYSQL_SERVER_HOST}'"
|
||||||
|
${JSON} -e "this.services.CoAuthoring.sql.dbPort = '${MYSQL_SERVER_PORT}'"
|
||||||
|
${JSON} -e "this.services.CoAuthoring.sql.dbName = '${MYSQL_SERVER_DB_NAME}'"
|
||||||
|
${JSON} -e "this.services.CoAuthoring.sql.dbUser = '${MYSQL_SERVER_USER}'"
|
||||||
|
${JSON} -e "this.services.CoAuthoring.sql.dbPass = '${MYSQL_SERVER_PASS}'"
|
||||||
|
|
||||||
|
MYSQL="mysql -s -h${MYSQL_SERVER_HOST} -u${MYSQL_SERVER_USER}"
|
||||||
|
if [ -n "${MYSQL_SERVER_PASS}" ]; then
|
||||||
|
MYSQL="$MYSQL -p${MYSQL_SERVER_PASS}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create db on remote server
|
||||||
|
${MYSQL} -e "CREATE DATABASE IF NOT EXISTS ${MYSQL_SERVER_DB_NAME} CHARACTER SET utf8 COLLATE 'utf8_general_ci';"
|
||||||
|
${MYSQL} "${MYSQL_SERVER_DB_NAME}" < "${APP_DIR}/server/schema/createdb.sql"
|
||||||
|
else
|
||||||
service mysql start
|
service mysql start
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ${RABBITMQ_SERVER_HOST} != "localhost" ]; then
|
||||||
|
|
||||||
|
# Change rabbitmq settings
|
||||||
|
${JSON} -e "this.rabbitmq.url = 'amqp://${RABBITMQ_SERVER_HOST}'"
|
||||||
|
${JSON} -e "this.rabbitmq.login = '${RABBITMQ_SERVER_USER}'"
|
||||||
|
${JSON} -e "this.rabbitmq.password = '${RABBITMQ_SERVER_PASS}'"
|
||||||
|
|
||||||
|
else
|
||||||
|
service redis-server start
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
|
||||||
|
|
||||||
|
# Change redis settings
|
||||||
|
${JSON} -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
|
||||||
|
${JSON} -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
|
||||||
|
|
||||||
|
else
|
||||||
|
service rabbitmq-server start
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Copy modified supervisor start script
|
||||||
|
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
|
||||||
|
# Copy modified supervisor config
|
||||||
|
cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
|
||||||
|
|
||||||
service nginx start
|
service nginx start
|
||||||
service supervisor start
|
service supervisor start
|
||||||
|
|
||||||
|
# Regenerate the fonts list and the fonts thumbnails
|
||||||
|
documentserver-generate-allfonts.sh
|
||||||
|
|
Loading…
Reference in a new issue