This commit is contained in:
Alexey Golubev 2020-03-04 18:33:54 +03:00
commit 82c24e6b4c
4 changed files with 53 additions and 32 deletions

View file

@ -1,4 +1,4 @@
FROM ubuntu:16.04 FROM ubuntu:18.04
LABEL maintainer Ascensio System SIA <support@onlyoffice.com> LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
@ -7,24 +7,23 @@ ARG ONLYOFFICE_VALUE=onlyoffice
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
apt-get -y update && \ apt-get -y update && \
apt-get -yq install wget apt-transport-https curl locales && \ apt-get -yq install wget apt-transport-https gnupg locales && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
locale-gen en_US.UTF-8 && \ locale-gen en_US.UTF-8 && \
curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
apt-get -y update && \
apt-get -yq install \ apt-get -yq install \
adduser \ adduser \
apt-utils \
bomstrip \ bomstrip \
htop \ htop \
libasound2 \ libasound2 \
libboost-regex-dev \ libboost-regex-dev \
libcairo2 \ libcairo2 \
libcurl3 \ libcurl3 \
libcurl3-gnutls \
libgconf2-4 \ libgconf2-4 \
libgtkglext1 \ libgtk-3-0 \
libnspr4 \ libnspr4 \
libnss3 \ libnss3 \
libnss3-nssdb \
libstdc++6 \ libstdc++6 \
libxml2 \ libxml2 \
libxss1 \ libxss1 \
@ -34,7 +33,6 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
net-tools \ net-tools \
netcat \ netcat \
nginx-extras \ nginx-extras \
nodejs \
postgresql \ postgresql \
postgresql-client \ postgresql-client \
pwgen \ pwgen \
@ -46,6 +44,10 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
xvfb \ xvfb \
zlib1g && \ zlib1g && \
echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \ echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
sed 's|\(application\/zip.*\)|\1\n application\/wasm wasm;|' -i /etc/nginx/mime.types && \
pg_conftool 10 main set listen_addresses 'localhost' && \
service postgresql restart && \
sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \ sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \ sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \
@ -77,6 +79,6 @@ RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/ds.list && \
rm -rf /var/log/$COMPANY_NAME && \ rm -rf /var/log/$COMPANY_NAME && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /usr/share/fonts/truetype/custom VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom
ENTRYPOINT /app/ds/run-document-server.sh ENTRYPOINT /app/ds/run-document-server.sh

View file

@ -1,13 +1,17 @@
COMPANY_NAME ?= onlyoffice COMPANY_NAME ?= ONLYOFFICE
GIT_BRANCH ?= develop GIT_BRANCH ?= develop
PRODUCT_NAME ?= documentserver-ie PRODUCT_NAME ?= DocumentServer
PRODUCT_VERSION ?= 0.0.0 PRODUCT_VERSION ?= 0.0.0
BUILD_NUMBER ?= 0 BUILD_NUMBER ?= 0
ONLYOFFICE_VALUE ?= onlyoffice ONLYOFFICE_VALUE ?= onlyoffice
COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z)
COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW))
PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER) PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/" REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
UPDATE_LATEST := false UPDATE_LATEST := false
@ -24,12 +28,12 @@ endif
DOCKER_TAGS += $(DOCKER_TAG) DOCKER_TAGS += $(DOCKER_TAG)
DOCKER_REPO = $(COMPANY_NAME)/4testing-$(PRODUCT_NAME) DOCKER_REPO = $(COMPANY_NAME_LOW_ESCAPED)/4testing-$(PRODUCT_NAME_LOW)
COLON := __colon__ COLON := __colon__
DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG)) DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
DOCKER_ARCH := $(COMPANY_NAME)-$(PRODUCT_NAME)_$(PACKAGE_VERSION).tar.gz DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
.PHONY: all clean clean-docker deploy docker publish .PHONY: all clean clean-docker deploy docker publish
@ -37,8 +41,8 @@ $(DOCKER_TARGETS): $(DEB_REPO_DATA)
docker build \ docker build \
--build-arg REPO_URL=$(REPO_URL) \ --build-arg REPO_URL=$(REPO_URL) \
--build-arg COMPANY_NAME=$(COMPANY_NAME) \ --build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
--build-arg PRODUCT_NAME=$(PRODUCT_NAME) \ --build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \ --build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
-t $(subst $(COLON),:,$@) . &&\ -t $(subst $(COLON),:,$@) . &&\
mkdir -p $$(dirname $@) &&\ mkdir -p $$(dirname $@) &&\
@ -54,7 +58,7 @@ clean:
rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH) rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
clean-docker: clean-docker:
docker rmi -f $$(docker images -q $(COMPANY_NAME)/*) || exit 0 docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0
deploy: $(DOCKER_TARGETS) deploy: $(DOCKER_TARGETS)
$(foreach TARGET,$(DOCKER_TARGETS),docker push $(subst $(COLON),:,$(TARGET));) $(foreach TARGET,$(DOCKER_TARGETS),docker push $(subst $(COLON),:,$(TARGET));)

View file

@ -67,6 +67,8 @@ To get access to your data from outside the container, you need to mount the vol
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
-v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver
Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful: Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
@ -178,7 +180,7 @@ Below is the complete list of parameters that can be set using environment varia
- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`. - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`. - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
- **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`. - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
- **REJECT_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false` - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers

View file

@ -21,7 +21,7 @@ SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem} CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem} SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off} SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
REJECT_UNAUTHORIZED_STORAGE=${REJECT_UNAUTHORIZED_STORAGE:-false} USE_UNAUTHORIZED_STORAGE=${USE_UNAUTHORIZED_STORAGE:-false}
ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true} ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000} ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
SYSCONF_TEMPLATES_DIR="/app/ds/setup/config" SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
@ -45,7 +45,7 @@ ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json
JSON_BIN=${APP_DIR}/npm/node_modules/.bin/json JSON_BIN=${APP_DIR}/npm/json
JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}" JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}" JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}" JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
@ -53,10 +53,12 @@ JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
LOCAL_SERVICES=() LOCAL_SERVICES=()
PG_ROOT=/var/lib/postgresql PG_ROOT=/var/lib/postgresql
PG_VERSION=9.5 PG_VERSION=10
PG_NAME=main PG_NAME=main
PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME} PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME}
PG_NEW_CLUSTER=false PG_NEW_CLUSTER=false
RABBITMQ_DATA=/var/lib/rabbitmq
REDIS_DATA=/var/lib/redis
read_setting(){ read_setting(){
deprecated_var POSTGRESQL_SERVER_HOST DB_HOST deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
@ -227,7 +229,7 @@ update_redis_settings(){
${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
} }
update_jwt_settings(){ update_ds_settings(){
if [ "${JWT_ENABLED}" == "true" ]; then if [ "${JWT_ENABLED}" == "true" ]; then
${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
@ -240,8 +242,8 @@ update_jwt_settings(){
${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = '${JWT_IN_BODY}'" ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = '${JWT_IN_BODY}'" ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}" ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
@ -249,6 +251,11 @@ update_jwt_settings(){
${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'" ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
fi fi
fi fi
if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
fi
} }
create_postgresql_cluster(){ create_postgresql_cluster(){
@ -354,11 +361,6 @@ update_nginx_settings(){
else else
sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF} sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF}
fi fi
if [ "${REJECT_UNAUTHORIZED_STORAGE}" == "true" ]; then
${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
fi
else else
ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF} ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
fi fi
@ -389,15 +391,15 @@ update_logrotate_settings(){
} }
# create base folders # create base folders
for i in converter docservice spellchecker metrics gc; do for i in converter docservice spellchecker metrics; do
mkdir -p "${DS_LOG_DIR}/$i" mkdir -p "${DS_LOG_DIR}/$i"
done done
mkdir -p ${DS_LOG_DIR}-example mkdir -p ${DS_LOG_DIR}-example
# create app folders # create app folders
for i in App_Data/cache/files App_Data/docbuilder; do for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do
mkdir -p "${DS_LIB_DIR}/$i" mkdir -p "$i"
done done
# change folder rights # change folder rights
@ -414,7 +416,7 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
update_log_settings update_log_settings
update_jwt_settings update_ds_settings
# update settings by env variables # update settings by env variables
if [ $DB_HOST != "localhost" ]; then if [ $DB_HOST != "localhost" ]; then
@ -437,6 +439,13 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
if [ ${AMQP_SERVER_HOST} != "localhost" ]; then if [ ${AMQP_SERVER_HOST} != "localhost" ]; then
update_rabbitmq_setting update_rabbitmq_setting
else else
# change rights for rabbitmq directory
chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA}
chmod -R go=rX,u=rwX ${RABBITMQ_DATA}
if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then
chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
fi
LOCAL_SERVICES+=("rabbitmq-server") LOCAL_SERVICES+=("rabbitmq-server")
# allow Rabbitmq startup after container kill # allow Rabbitmq startup after container kill
rm -rf /var/run/rabbitmq rm -rf /var/run/rabbitmq
@ -445,6 +454,10 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
if [ ${REDIS_SERVER_HOST} != "localhost" ]; then if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
update_redis_settings update_redis_settings
else else
# change rights for redis directory
chown -R redis:redis ${REDIS_DATA}
chmod -R 750 ${REDIS_DATA}
LOCAL_SERVICES+=("redis-server") LOCAL_SERVICES+=("redis-server")
fi fi
else else