Lea/Docker-DocumentServer
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Use external secrets instead of secret file

Browse source
This commit is contained in:
danilapog 2022-07-29 12:35:11 +03:00
parent 9388fcbbc0
commit 87a1ea2663
2 changed files with 24 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
docker-compose.yml
View file

@ -14,10 +14,13 @@ services:
- DB_NAME=onlyoffice - DB_NAME=onlyoffice
- DB_USER=onlyoffice - DB_USER=onlyoffice
- AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
# Uncomment strings below to enable the JSON Web Token validation. # Uncomment strings below to enable the JSON Web Token validation without secrets.
#- JWT_ENABLED=true #- JWT_ENABLED=true
#- JWT_SECRET=secret #- JWT_SECRET=secret
#- JWT_HEADER=Authorization #- JWT_HEADER=Authorization
# Uncomment two strings below to enable the JSON Web Token validation with secret
#- JWT_SECTER_FILE=/run/secrets/jwtSecret
#- JWT_HEADER_FILE=/run/secrets/jwtHeader
#- JWT_IN_BODY=true #- JWT_IN_BODY=true
ports: ports:
- '80:80' - '80:80'
@ -32,10 +35,10 @@ services:
- /var/www/onlyoffice/documentserver-example/public/files - /var/www/onlyoffice/documentserver-example/public/files
- /usr/share/fonts - /usr/share/fonts
secrets: secrets:
- db_username - dbUser
- db_password - dbPass
- jwt_secret - jwtSecret
- jwt_header - jwtHeader
onlyoffice-rabbitmq: onlyoffice-rabbitmq:
container_name: onlyoffice-rabbitmq container_name: onlyoffice-rabbitmq
@ -51,28 +54,28 @@ services:
- POSTGRES_DB=onlyoffice - POSTGRES_DB=onlyoffice
- POSTGRES_USER=onlyoffice - POSTGRES_USER=onlyoffice
- POSTGRES_HOST_AUTH_METHOD=trust - POSTGRES_HOST_AUTH_METHOD=trust
# NOTE: Comment line POSTGRES_HOST_AUTH_METHOD if you want use access with password. # NOTE: Comment lines POSTGRES_HOST_AUTH_METHOD and POSTGRES_USER if you want use access with secrets.
# Uncomment strings below for use database credentials from secrets. # Uncomment strings below for use database credentials from secrets.
#- POSTGRES_USER_FILE=/run/secrets/db_username #- POSTGRES_USER_FILE=/run/secrets/dbUser
#- POSTGRES_PASSWORD_FILE=/run/secrets/db_password #- POSTGRES_PASSWORD_FILE=/run/secrets/dbPass
restart: always restart: always
expose: expose:
- '5432' - '5432'
volumes: volumes:
- postgresql_data:/var/lib/postgresql - postgresql_data:/var/lib/postgresql
secrets: secrets:
- db_username - dbUser
- db_password - dbPass
secrets: secrets:
db_username: dbUser:
file: db_username.txt external: true
db_password: dbPass:
file: db_password.txt external: true
jwt_secret: jwtSecret:
file: jwt_secret.txt external: true
jwt_header: jwtHeader:
file: jwt_header.txt external: true
volumes: volumes:
postgresql_data: postgresql_data:

6
run-document-server.sh
View file

@ -264,13 +264,13 @@ update_db_settings(){
# update db credentials if secrets present # update db credentials if secrets present
if [ -s ${SECRETS_PATH}/db_username ]; then if [ -s ${SECRETS_PATH}/dbUser ]; then
SECRET_DB_USER=$( cat ${SECRETS_PATH}/db_username ) SECRET_DB_USER=$( cat ${SECRETS_PATH}/dbUser )
${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${SECRET_DB_USER}'" ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${SECRET_DB_USER}'"
fi fi
if [ -s ${SECRETS_PATH}/db_password ]; then if [ -s ${SECRETS_PATH}/db_password ]; then
SECRET_DB_PWD=$( cat ${SECRETS_PATH}/db_password ) SECRET_DB_PWD=$( cat ${SECRETS_PATH}/dbPass )
${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${SECRET_DB_PWD}'" ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${SECRET_DB_PWD}'"
fi fi
} }