Allow let's encrypte sertificates (#300)
* Allow let's encrypte sertificates Co-authored-by: papacarlo <builder@onlyoffice.com> Co-authored-by: Roman <demidov.roman@onlyoffice.com>
This commit is contained in:
parent
211ae50980
commit
bdef500858
|
@ -15,6 +15,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
|
|||
adduser \
|
||||
apt-utils \
|
||||
bomstrip \
|
||||
certbot \
|
||||
htop \
|
||||
libasound2 \
|
||||
libboost-regex-dev \
|
||||
|
|
11
README.md
11
README.md
|
@ -99,7 +99,14 @@ So you need to create and install the following files:
|
|||
/app/onlyoffice/DocumentServer/data/certs/tls.key
|
||||
/app/onlyoffice/DocumentServer/data/certs/tls.crt
|
||||
|
||||
When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you have CA certified SSL certificates (e.g. [Let's Encrypt](https://letsencrypt.org)).
|
||||
When using CA certified certificates (e.g [Let's encrypt](https://letsencrypt.org)), these files are provided to you by the CA. If you are using self-signed certificates you need to generate these files [yourself](#generation-of-self-signed-certificates).
|
||||
|
||||
#### Using the automatically generated Let's Encrypt SSL Certificates
|
||||
|
||||
sudo docker run -i -t -d -p 443:443 \
|
||||
-e LETS_ENCRYPT_DOMAIN=your_domain -e LETS_ENCRYPT_MAIL=your_mail onlyoffice/documentserver
|
||||
|
||||
If you want to get and extend Let's Encrypt SSL Certificates automatically just set LETS_ENCRYPT_DOMAIN and LETS_ENCRYPT_MAIL variables.
|
||||
|
||||
#### Generation of Self Signed Certificates
|
||||
|
||||
|
@ -186,6 +193,8 @@ Below is the complete list of parameters that can be set using environment varia
|
|||
- **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`.
|
||||
- **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`.
|
||||
- **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
|
||||
- **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
|
||||
- **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
|
||||
|
||||
## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
|
||||
|
||||
|
|
|
@ -82,6 +82,12 @@ PG_NEW_CLUSTER=false
|
|||
RABBITMQ_DATA=/var/lib/rabbitmq
|
||||
REDIS_DATA=/var/lib/redis
|
||||
|
||||
if [ ${LETS_ENCRYPT_DOMAIN} != "" -a ${LETS_ENCRYPT_MAIL} != "" ]; then
|
||||
LETSENCRYPT_ROOT_DIR="/etc/letsencrypt/live"
|
||||
SSL_CERTIFICATE_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/fullchain.pem
|
||||
SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
|
||||
fi
|
||||
|
||||
read_setting(){
|
||||
deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
|
||||
deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
|
||||
|
@ -544,6 +550,12 @@ fi
|
|||
# it run in all cases.
|
||||
service nginx start
|
||||
|
||||
if [ ${LETS_ENCRYPT_DOMAIN} != "" -a ${LETS_ENCRYPT_MAIL} != "" ]; then
|
||||
if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then
|
||||
documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN}
|
||||
fi
|
||||
fi
|
||||
|
||||
# Regenerate the fonts list and the fonts thumbnails
|
||||
if [ "${GENERATE_FONTS}" == "true" ]; then
|
||||
documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
|
||||
|
|
Loading…
Reference in a new issue