v5.5.0
This commit is contained in:
commit
82c24e6b4c
4 changed files with 53 additions and 32 deletions
18
Dockerfile
18
Dockerfile
|
@ -1,4 +1,4 @@
|
|||
FROM ubuntu:16.04
|
||||
FROM ubuntu:18.04
|
||||
LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
|
||||
|
||||
ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
|
||||
|
@ -7,24 +7,23 @@ ARG ONLYOFFICE_VALUE=onlyoffice
|
|||
|
||||
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
||||
apt-get -y update && \
|
||||
apt-get -yq install wget apt-transport-https curl locales && \
|
||||
apt-get -yq install wget apt-transport-https gnupg locales && \
|
||||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
|
||||
locale-gen en_US.UTF-8 && \
|
||||
curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
|
||||
apt-get -y update && \
|
||||
apt-get -yq install \
|
||||
adduser \
|
||||
apt-utils \
|
||||
bomstrip \
|
||||
htop \
|
||||
libasound2 \
|
||||
libboost-regex-dev \
|
||||
libcairo2 \
|
||||
libcurl3 \
|
||||
libcurl3-gnutls \
|
||||
libgconf2-4 \
|
||||
libgtkglext1 \
|
||||
libgtk-3-0 \
|
||||
libnspr4 \
|
||||
libnss3 \
|
||||
libnss3-nssdb \
|
||||
libstdc++6 \
|
||||
libxml2 \
|
||||
libxss1 \
|
||||
|
@ -34,7 +33,6 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
|||
net-tools \
|
||||
netcat \
|
||||
nginx-extras \
|
||||
nodejs \
|
||||
postgresql \
|
||||
postgresql-client \
|
||||
pwgen \
|
||||
|
@ -46,6 +44,10 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
|||
xvfb \
|
||||
zlib1g && \
|
||||
echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
|
||||
sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
|
||||
sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types && \
|
||||
pg_conftool 10 main set listen_addresses 'localhost' && \
|
||||
service postgresql restart && \
|
||||
sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
|
||||
sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
|
||||
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \
|
||||
|
@ -77,6 +79,6 @@ RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/ds.list && \
|
|||
rm -rf /var/log/$COMPANY_NAME && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
|
||||
VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /usr/share/fonts/truetype/custom
|
||||
VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom
|
||||
|
||||
ENTRYPOINT /app/ds/run-document-server.sh
|
||||
|
|
20
Makefile
20
Makefile
|
@ -1,13 +1,17 @@
|
|||
COMPANY_NAME ?= onlyoffice
|
||||
COMPANY_NAME ?= ONLYOFFICE
|
||||
GIT_BRANCH ?= develop
|
||||
PRODUCT_NAME ?= documentserver-ie
|
||||
PRODUCT_NAME ?= DocumentServer
|
||||
PRODUCT_VERSION ?= 0.0.0
|
||||
BUILD_NUMBER ?= 0
|
||||
ONLYOFFICE_VALUE ?= onlyoffice
|
||||
|
||||
COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
|
||||
PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z)
|
||||
COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW))
|
||||
|
||||
PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
|
||||
|
||||
REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
|
||||
REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
|
||||
|
||||
UPDATE_LATEST := false
|
||||
|
||||
|
@ -24,12 +28,12 @@ endif
|
|||
|
||||
DOCKER_TAGS += $(DOCKER_TAG)
|
||||
|
||||
DOCKER_REPO = $(COMPANY_NAME)/4testing-$(PRODUCT_NAME)
|
||||
DOCKER_REPO = $(COMPANY_NAME_LOW_ESCAPED)/4testing-$(PRODUCT_NAME_LOW)
|
||||
|
||||
COLON := __colon__
|
||||
DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
|
||||
|
||||
DOCKER_ARCH := $(COMPANY_NAME)-$(PRODUCT_NAME)_$(PACKAGE_VERSION).tar.gz
|
||||
DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
|
||||
|
||||
.PHONY: all clean clean-docker deploy docker publish
|
||||
|
||||
|
@ -37,8 +41,8 @@ $(DOCKER_TARGETS): $(DEB_REPO_DATA)
|
|||
|
||||
docker build \
|
||||
--build-arg REPO_URL=$(REPO_URL) \
|
||||
--build-arg COMPANY_NAME=$(COMPANY_NAME) \
|
||||
--build-arg PRODUCT_NAME=$(PRODUCT_NAME) \
|
||||
--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
|
||||
--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
|
||||
--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
|
||||
-t $(subst $(COLON),:,$@) . &&\
|
||||
mkdir -p $$(dirname $@) &&\
|
||||
|
@ -54,7 +58,7 @@ clean:
|
|||
rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
|
||||
|
||||
clean-docker:
|
||||
docker rmi -f $$(docker images -q $(COMPANY_NAME)/*) || exit 0
|
||||
docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0
|
||||
|
||||
deploy: $(DOCKER_TARGETS)
|
||||
$(foreach TARGET,$(DOCKER_TARGETS),docker push $(subst $(COLON),:,$(TARGET));)
|
||||
|
|
|
@ -67,6 +67,8 @@ To get access to your data from outside the container, you need to mount the vol
|
|||
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
|
||||
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
|
||||
-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
|
||||
-v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
|
||||
-v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
|
||||
-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver
|
||||
|
||||
Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
|
||||
|
@ -178,7 +180,7 @@ Below is the complete list of parameters that can be set using environment varia
|
|||
- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
|
||||
- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
|
||||
- **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
|
||||
- **REJECT_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
|
||||
- **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
|
||||
|
||||
## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
|
|||
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
|
||||
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
|
||||
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
|
||||
REJECT_UNAUTHORIZED_STORAGE=${REJECT_UNAUTHORIZED_STORAGE:-false}
|
||||
USE_UNAUTHORIZED_STORAGE=${USE_UNAUTHORIZED_STORAGE:-false}
|
||||
ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
|
||||
ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
|
||||
SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
|
||||
|
@ -45,7 +45,7 @@ ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
|
|||
ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
|
||||
ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json
|
||||
|
||||
JSON_BIN=${APP_DIR}/npm/node_modules/.bin/json
|
||||
JSON_BIN=${APP_DIR}/npm/json
|
||||
JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
|
||||
JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
|
||||
JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
|
||||
|
@ -53,10 +53,12 @@ JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
|
|||
LOCAL_SERVICES=()
|
||||
|
||||
PG_ROOT=/var/lib/postgresql
|
||||
PG_VERSION=9.5
|
||||
PG_VERSION=10
|
||||
PG_NAME=main
|
||||
PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME}
|
||||
PG_NEW_CLUSTER=false
|
||||
RABBITMQ_DATA=/var/lib/rabbitmq
|
||||
REDIS_DATA=/var/lib/redis
|
||||
|
||||
read_setting(){
|
||||
deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
|
||||
|
@ -227,7 +229,7 @@ update_redis_settings(){
|
|||
${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
|
||||
}
|
||||
|
||||
update_jwt_settings(){
|
||||
update_ds_settings(){
|
||||
if [ "${JWT_ENABLED}" == "true" ]; then
|
||||
${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
|
||||
${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
|
||||
|
@ -240,8 +242,8 @@ update_jwt_settings(){
|
|||
${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
|
||||
${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
|
||||
|
||||
${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = '${JWT_IN_BODY}'"
|
||||
${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = '${JWT_IN_BODY}'"
|
||||
${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
|
||||
${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
|
||||
|
||||
if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
|
||||
${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
|
||||
|
@ -249,6 +251,11 @@ update_jwt_settings(){
|
|||
${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
|
||||
${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
|
||||
${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
|
||||
fi
|
||||
}
|
||||
|
||||
create_postgresql_cluster(){
|
||||
|
@ -354,11 +361,6 @@ update_nginx_settings(){
|
|||
else
|
||||
sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF}
|
||||
fi
|
||||
|
||||
if [ "${REJECT_UNAUTHORIZED_STORAGE}" == "true" ]; then
|
||||
${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
|
||||
${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
|
||||
fi
|
||||
else
|
||||
ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
|
||||
fi
|
||||
|
@ -389,15 +391,15 @@ update_logrotate_settings(){
|
|||
}
|
||||
|
||||
# create base folders
|
||||
for i in converter docservice spellchecker metrics gc; do
|
||||
for i in converter docservice spellchecker metrics; do
|
||||
mkdir -p "${DS_LOG_DIR}/$i"
|
||||
done
|
||||
|
||||
mkdir -p ${DS_LOG_DIR}-example
|
||||
|
||||
# create app folders
|
||||
for i in App_Data/cache/files App_Data/docbuilder; do
|
||||
mkdir -p "${DS_LIB_DIR}/$i"
|
||||
for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do
|
||||
mkdir -p "$i"
|
||||
done
|
||||
|
||||
# change folder rights
|
||||
|
@ -414,7 +416,7 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
|
|||
|
||||
update_log_settings
|
||||
|
||||
update_jwt_settings
|
||||
update_ds_settings
|
||||
|
||||
# update settings by env variables
|
||||
if [ $DB_HOST != "localhost" ]; then
|
||||
|
@ -437,6 +439,13 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
|
|||
if [ ${AMQP_SERVER_HOST} != "localhost" ]; then
|
||||
update_rabbitmq_setting
|
||||
else
|
||||
# change rights for rabbitmq directory
|
||||
chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA}
|
||||
chmod -R go=rX,u=rwX ${RABBITMQ_DATA}
|
||||
if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then
|
||||
chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
|
||||
fi
|
||||
|
||||
LOCAL_SERVICES+=("rabbitmq-server")
|
||||
# allow Rabbitmq startup after container kill
|
||||
rm -rf /var/run/rabbitmq
|
||||
|
@ -445,6 +454,10 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
|
|||
if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
|
||||
update_redis_settings
|
||||
else
|
||||
# change rights for redis directory
|
||||
chown -R redis:redis ${REDIS_DATA}
|
||||
chmod -R 750 ${REDIS_DATA}
|
||||
|
||||
LOCAL_SERVICES+=("redis-server")
|
||||
fi
|
||||
else
|
||||
|
|
Loading…
Reference in a new issue