Lea/Docker-DocumentServer
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Added the ability to use secrets for compose/swarm

Browse source
This commit is contained in:
danilapog 2022-07-28 12:50:17 +03:00
parent 05c5042985
commit 48332f0ff9
2 changed files with 42 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
docker-compose.yml
View file

@ -1,4 +1,4 @@
version: '2' version: "3.9"
services: services:
onlyoffice-documentserver: onlyoffice-documentserver:
build: build:
@ -31,6 +31,11 @@ services:
- /var/lib/onlyoffice/documentserver/App_Data/cache/files - /var/lib/onlyoffice/documentserver/App_Data/cache/files
- /var/www/onlyoffice/documentserver-example/public/files - /var/www/onlyoffice/documentserver-example/public/files
- /usr/share/fonts - /usr/share/fonts
secrets:
- db_username
- db_password
- jwt_secret
- jwt_header
onlyoffice-rabbitmq: onlyoffice-rabbitmq:
container_name: onlyoffice-rabbitmq container_name: onlyoffice-rabbitmq
@ -46,11 +51,26 @@ services:
- POSTGRES_DB=onlyoffice - POSTGRES_DB=onlyoffice
- POSTGRES_USER=onlyoffice - POSTGRES_USER=onlyoffice
- POSTGRES_HOST_AUTH_METHOD=trust - POSTGRES_HOST_AUTH_METHOD=trust
#- POSTGRES_USER_FILE=/run/secrets/db_username
#- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
restart: always restart: always
expose: expose:
- '5432' - '5432'
volumes: volumes:
- postgresql_data:/var/lib/postgresql - postgresql_data:/var/lib/postgresql
secrets:
- db_username
- db_password
secrets:
db_username:
file: db_username.txt
db_password:
file: db_password.txt
jwt_secret:
file: jwt_secret.txt
jwt_header:
file: jwt_header.txt
volumes: volumes:
postgresql_data: postgresql_data:

21
run-document-server.sh
View file

@ -19,6 +19,7 @@ LIB_DIR="/var/lib/${COMPANY_NAME}"
DS_LIB_DIR="${LIB_DIR}/documentserver" DS_LIB_DIR="${LIB_DIR}/documentserver"
CONF_DIR="/etc/${COMPANY_NAME}/documentserver" CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
IS_UPGRADE="false" IS_UPGRADE="false"
SECRETS_PATH="/run/secrets/"
ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false} ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost} ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
@ -86,6 +87,14 @@ JWT_SECRET=${JWT_SECRET:-secret}
JWT_HEADER=${JWT_HEADER:-Authorization} JWT_HEADER=${JWT_HEADER:-Authorization}
JWT_IN_BODY=${JWT_IN_BODY:-false} JWT_IN_BODY=${JWT_IN_BODY:-false}
if [ -s ${SECRETS_PATH}/jwt_secret.txt ]; then
JWT_SECRET=$( cat ${SECRETS_PATH}/jwt_secret.txt )
fi
if [ -s ${SECRETS_PATH}/jwt_header.txt ]; then
JWT_HEADER=$( cat ${SECRETS_PATH}/jwt_header.txt )
fi
WOPI_ENABLED=${WOPI_ENABLED:-false} WOPI_ENABLED=${WOPI_ENABLED:-false}
GENERATE_FONTS=${GENERATE_FONTS:-true} GENERATE_FONTS=${GENERATE_FONTS:-true}
@ -252,6 +261,18 @@ update_db_settings(){
${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'" ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'"
${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'" ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'"
${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'" ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'"
# update db credentials if secrets present
if [ -s ${SECRETS_PATH}/db_username.txt ]; then
SECRET_DB_USER=$( cat ${SECRETS_PATH}/db_username.txt )
${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${SECRET_DB_USER}'"
fi
if [ -s ${SECRETS_PATH}/db_password.txt ]; then
SECRET_DB_PWD=$( cat {SECRETS_PATH}/db_password.txt )
${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${SECRET_DB_PWD}'"
fi
} }
update_rabbitmq_setting(){ update_rabbitmq_setting(){