Add prof of concept none pivilage execution

Use 'DS_PORT' env to use custom https port sudo docker run -e DS_PORT=1234 -itd -p80:1234 \ onlyoffice/documentserver
2020-01-13 15:22:54 +03:00
29 changed files with 525 additions and 1523 deletions
--- a/.github/workflows/4testing-build.yml
+++ b/.github/workflows/4testing-build.yml
@ -1,139 +0,0 @@
 ### This workflow setup instance then build and push images ###
 name: 4testing multiarch-build
 on:
  workflow_dispatch:
    inputs:
      build:
        description: 'Build number (ex. 45)'
        type: string
        required: true
      amd64:
        type: boolean
        description: 'Build AMD64'
        default: true
      arm64:
        type: boolean
        description: 'Build ARM64'
        default: true
      community:
        type: boolean
        description: 'Build Community Edition'
        default: true
      enterprise:
        type: boolean
        description: 'Build Enterprise Edition'
        default: true
      developer:
        type: boolean
        description: 'Build Developer Edition'
        default: true
 env: 
  COMPANY_NAME: "onlyoffice"
  PRODUCT_NAME: "documentserver"
 jobs:
  prepare:
    runs-on: ubuntu-latest
    steps:
      - id: matrix
        run: |
          set -ex
          BRANCH_NAME=${GITHUB_REF#refs/heads/}
          if ! [[ $BRANCH_NAME == develop || $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
            echo "Wrong branch."
            exit 1
          fi
          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
          if [ -z ${PLATFORMS} ]; then
            echo "None of the platforms are selected."
            exit 1
          fi
          [ ${{ github.event.inputs.community }} = true ] && EDITIONS+=("community")
          [ ${{ github.event.inputs.enterprise }} = true ] && EDITIONS+=("enterprise")
          [ ${{ github.event.inputs.developer }} = true ] && EDITIONS+=("developer")
          if [ -z ${EDITIONS} ]; then
            echo "None of the editions are selected."
            exit 1
          fi
          echo "::set-output name=editions::$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')"
    outputs:
      editions: ${{ steps.matrix.outputs.editions }}
  build:
    name: "Build ${{ matrix.image }}-${{ matrix.edition }}"
    runs-on: ubuntu-latest
    needs: prepare
    strategy:
      fail-fast: false
      matrix:
        image: ["documentserver"]
        edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
    steps:
      - name: Checkout code 
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: Build 4testing
        run: |
          set -eux
          ### ==>> At this step build variable declaration ###
          case ${{ matrix.edition }} in
            community)
              PRODUCT_EDITION=""
              ;;
            enterprise)
              PRODUCT_EDITION="-ee"
              ;;
            developer)
              PRODUCT_EDITION="-de"
              ;;
          esac
          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
          PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')
          BRANCH_NAME=${GITHUB_REF#refs/heads/}
          if [ $BRANCH_NAME = develop ]; then
            RELEASE_BRANCH=unstable
            PRODUCT_VERSION=99.99.99
          elif [[ $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
            RELEASE_BRANCH=testing
            PRODUCT_VERSION=${BRANCH_NAME#*/v}
          fi
          BUILD_NUMBER=${{ github.event.inputs.build }}
          export PRODUCT_EDITION
          export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
          export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL_OLD }}/${RELEASE_BRANCH}/ubuntu
          export RELEASE_BRANCH
          export PLATFORM
          export DOCKERFILE=Dockerfile
          export PREFIX_NAME=4testing-
          export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
          ### ==>> Build and push images at this step ###
          docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
          echo "DONE: Build success"
        shell: bash
--- a/.github/workflows/stable-build.yml
+++ b/.github/workflows/stable-build.yml
@ -1,130 +0,0 @@
 ### This workflow setup instance then build and push images ###
 name: Multi-arch build stable
 on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag for release (ex. 1.2.3.45)'
        type: string
        required: true
 env:
  COMPANY_NAME: "onlyoffice"
  PRODUCT_NAME: "documentserver" 
 jobs:
  build:
    name: "Release image: DocumentServer${{ matrix.edition }}"
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        images: ["documentserver-stable"]
        edition: ["", "-ee", "-de"]
    steps:
      - name: Checkout code 
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: Build documentserver-release
        run: |
          set -eux
          VERSION=${{ github.event.inputs.tag }}
          PRODUCT_EDITION=${{ matrix.edition }}
          TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
          if docker manifest inspect ${TESTING_IMAGE}:${VERSION} > /dev/null; then
            echo "Image present on docker.hub >> start build stable version"
            export PRODUCT_EDITION
            export TAG=${VERSION}
            export SHORTER_TAG=${VERSION%.*}
            export SHORTEST_TAG=${VERSION%.*.*}
            docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
            echo "DONE: Build success >> exit with 0"
            exit 0
          else
            echo "FAILED: Image with tag ${VERSION} do not presented on docker.hub >> build will not started >> exit with 1"
            exit 1
          fi
        shell: bash
  build-nonexample:
    name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
    runs-on: ubuntu-latest
    needs: [build]
    if: ${{ false }}
    strategy:
      fail-fast: false
      matrix:
        images: ["documentserver-nonexample"]
        edition: ["", "-ee", "-de"]
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: build image
        run: |
          set -eux
          export PRODUCT_EDITION=${{ matrix.edition }}
          export TAG=${{ github.event.inputs.tag }}
          docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
        shell: bash
  build-ucs-ubuntu20:
    name: "Release image: DocumentServer${{ matrix.edition }}-ucs"
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        edition: ["", "-ee"]
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      - name: build UCS
        run: |
           set -eux
           export PRODUCT_EDITION=${{ matrix.edition }}
           export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL_OLD }}/testing/ubuntu
           export DOCKERFILE=Dockerfile
           export BASE_IMAGE=ubuntu:20.04
           export PG_VERSION=12
           export TAG=${{ github.event.inputs.tag }}
           export PACKAGE_VERSION=$( echo ${TAG} |  sed -E 's/(.*)\./\1-/')
           docker buildx bake -f docker-bake.hcl documentserver-ucs --push
        shell: bash
--- a/.travis.yml
+++ b/.travis.yml
@ -1,131 +0,0 @@
 language: generic
 dist: trusty
 env:
  # community edition
  - config: standalone.yml
  # integration edition
  - config: standalone.yml
    PRODUCT_NAME: documentserver-ie
  # certificates (default tls if onlyoffice not exists)
  - config: certs.yml
    ssl: true
  # certificates (default onlyoffice if exists)
  - config: certs.yml
    ssl: true
    private_key: onlyoffice.key
    certificate_request: onlyoffice.csr
    certificate: onlyoffice.crt
  # custom certificates
  - config: certs-customized.yml
    ssl: true
    private_key: mycert.key
    certificate_request: mycert.csr
    certificate: mycert.crt
    SSL_CERTIFICATE_PATH: /var/www/onlyoffice/Data/certs/mycert.crt
    SSL_KEY_PATH: /var/www/onlyoffice/Data/certs/mycert.key
  # postgresql 12
  - config: postgres.yml
    POSTGRES_VERSION: 12
  # postgresql 11
  - config: postgres.yml
    POSTGRES_VERSION: 11
  # postgresql 10
  - config: postgres.yml
    POSTGRES_VERSION: 10
  # postgresql 9
  - config: postgres.yml
    POSTGRES_VERSION: 9
  # postgresql 9.5
  - config: postgres.yml
  # postgresql custom values
  - config: postgres.yml
    DB_NAME: mydb
    DB_USER: myuser
    DB_PWD: password
    POSTGRES_DB: mydb
    POSTGRES_USER: myuser
  # postgresql deprecated variables
  - config: postgres-old.yml
  # mysql 8
  - config: mysql.yml
    MYSQL_VERSION: 8
  # mysql 5
  - config: mysql.yml
    MYSQL_VERSION: 5
  # mysql 5.7
  - config: mysql.yml
  # mariadb 10
  - config: mariadb.yml
    MARIADB_VERSION: 10
  # mariadb 10.5
  - config: mariadb.yml
  - config: activemq.yml
    ACTIVEMQ_VERSION: latest
  # activemq 5.14.3
  - config: activemq.yml
  # rabbitmq latest
  - config: rabbitmq.yml
  # rabbitmq 3
  - config: rabbitmq.yml
    RABBITMQ_VERSION: 3
  # rabbitmq old variables
  - config: rabbitmq-old.yml
  # redis latest with community edition
  - config: redis.yml
  # redis latest with integraion edition
  - config: redis.yml
    PRODUCT_NAME: documentserver-ie
  # redis 6
  - config: redis.yml
    REDIS_VERSION: 6
  # redis 5
  - config: redis.yml
    REDIS_VERSION: 5
  # graphite
  - config: graphite.yml
 services:
  - docker
 script:
  # Go to tests dir
  - cd ${PWD}/tests
  # Run test.
  - ./test.sh
--- a/63
+++ b/63
@ -1,67 +1,49 @@
-ARG BASE_IMAGE=ubuntu:22.04
+FROM ubuntu:16.04
 FROM ${BASE_IMAGE} as documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
-ARG PG_VERSION=14
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION}
 ARG ONLYOFFICE_VALUE=onlyoffice
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
-    apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \
+    apt-get -yq install wget apt-transport-https curl locales && \
-    mkdir -p $HOME/.gnupg && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
    chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \
    locale-gen en_US.UTF-8 && \
-    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
+    curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
-    wget -O - https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.deb.sh | bash && \
+    apt-get -y update && \
    if [ $(lsb_release -cs) = focal ]; then RABBITMQ_VERSION=3.8.11-1; else RABBITMQ_VERSION=3.10 ; fi && \
    apt-get -yq install \
        adduser \
        apt-utils \
        bomstrip \
        certbot \
        curl \
        gconf-service \
        htop \
        libasound2 \
        libboost-regex-dev \
        libcairo2 \
-        libcurl3-gnutls \
+        libcurl3 \
-        libcurl4 \
+        libgconf2-4 \
-        libgtk-3-0 \
+        libgtkglext1 \
        libnspr4 \
        libnss3 \
        libnss3-nssdb \
        libstdc++6 \
        libxml2 \
        libxss1 \
        libxtst6 \
        mysql-client \
        nano \
        net-tools \
-        netcat-openbsd \
+        netcat \
        nginx-extras \
        nodejs \
        postgresql \
        postgresql-client \
        pwgen \
-        rabbitmq-server=${RABBITMQ_VERSION}* \
+        rabbitmq-server \
        redis-server \
        software-properties-common \
        sudo \
        supervisor \
        ttf-mscorefonts-installer \
        xvfb \
        zlib1g && \
    if [  $(ls -l /usr/share/fonts/truetype/msttcorefonts | wc -l) -ne 61 ]; \
        then echo 'msttcorefonts failed to download'; exit 1; fi  && \
    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
    sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
    sed 's|\(application\/zip.*\)|\1\n    application\/wasm wasm;|' -i /etc/nginx/mime.types && \
    pg_conftool $PG_VERSION main set listen_addresses 'localhost' && \
    service postgresql restart && \
    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
    sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ 
@ -77,29 +59,22 @@ COPY run-document-server.sh /app/ds/run-document-server.sh
 EXPOSE 80 443
 ARG REPO_URL="deb http://download.onlyoffice.com/repo/debian squeeze main"
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
 ARG PRODUCT_EDITION=
 ARG PACKAGE_VERSION=
 ARG TARGETARCH
 ARG PACKAGE_BASEURL="http://download.onlyoffice.com/install/documentserver/linux"
-ENV COMPANY_NAME=$COMPANY_NAME \
+ENV COMPANY_NAME=$COMPANY_NAME
    PRODUCT_NAME=$PRODUCT_NAME \
    PRODUCT_EDITION=$PRODUCT_EDITION
-RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VERSION:+_$PACKAGE_VERSION}_${TARGETARCH:-$(dpkg --print-architecture)}.deb" && \
+RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/ds.list && \
    wget -q -P /tmp "$PACKAGE_BASEURL/$PACKAGE_FILE" && \
    apt-get -y update && \
    service postgresql start && \
-    apt-get -yq install /tmp/$PACKAGE_FILE && \
+    apt-get -yq install $COMPANY_NAME-$PRODUCT_NAME && \
    service postgresql stop && \
    service supervisor stop && \
    chmod 755 /app/ds/*.sh && \
    rm -f /tmp/$PACKAGE_FILE && \
    rm -rf /var/log/$COMPANY_NAME && \
    rm -rf /var/lib/apt/lists/*
-VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom
+VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /usr/share/fonts/truetype/custom
-ENTRYPOINT ["/app/ds/run-document-server.sh"]
+ENTRYPOINT /app/ds/run-document-server.sh
--- a/89
+++ b/89
@ -1,73 +1,66 @@
-COMPANY_NAME ?= ONLYOFFICE
+COMPANY_NAME ?= onlyoffice
 GIT_BRANCH ?= develop
-PRODUCT_NAME ?= DocumentServer
+PRODUCT_NAME ?= documentserver-ie
 PRODUCT_EDITION ?= 
 PRODUCT_VERSION ?= 0.0.0
 BUILD_NUMBER ?= 0
 ONLYOFFICE_VALUE ?= onlyoffice
 S3_BUCKET ?= repo-doc-onlyoffice-com
 RELEASE_BRANCH ?= unstable
 COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
 PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z)
 COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW))
 PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
 PACKAGE_BASEURL := https://s3.eu-west-1.amazonaws.com/$(S3_BUCKET)/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu
-ifeq ($(RELEASE_BRANCH),$(filter $(RELEASE_BRANCH),unstable testing))
+REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
-	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))
+
 UPDATE_LATEST := false
 ifneq (,$(findstring develop,$(GIT_BRANCH)))
 DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 DOCKER_TAGS += latest
 else ifneq (,$(findstring release,$(GIT_BRANCH)))
 DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 else ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
 DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 else
-	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
 endif
-DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)
+DOCKER_TAGS += $(DOCKER_TAG)
 DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy
 DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
 DOCKER_ARCH_URI := $(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/docker/$(notdir $(DOCKER_ARCH))
-.PHONY: all clean clean-docker image deploy docker publish
+DOCKER_REPO = $(COMPANY_NAME)/4testing-$(PRODUCT_NAME)
 COLON := __colon__
 DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
 DOCKER_ARCH := $(COMPANY_NAME)-$(PRODUCT_NAME)_$(PACKAGE_VERSION).tar.gz
 .PHONY: all clean clean-docker deploy docker publish
 $(DOCKER_TARGETS): $(DEB_REPO_DATA)
 $(DOCKER_DUMMY):
 	docker pull ubuntu:20.04
 	docker build \
-		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
+		--build-arg REPO_URL=$(REPO_URL) \
-		--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
+		--build-arg COMPANY_NAME=$(COMPANY_NAME) \
-		--build-arg PRODUCT_EDITION=$(PRODUCT_EDITION) \
+		--build-arg PRODUCT_NAME=$(PRODUCT_NAME) \
 		--build-arg PACKAGE_VERSION=$(PACKAGE_VERSION) \
 		--build-arg PACKAGE_BASEURL=$(PACKAGE_BASEURL) \
 		--build-arg TARGETARCH=amd64 \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
-		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
+		-t $(subst $(COLON),:,$@) . &&\
-	mkdir -p $$(dirname $@) && \
+	mkdir -p $$(dirname $@) &&\
 	echo "Done" > $@
-$(DOCKER_ARCH): $(DOCKER_DUMMY)
+$(DOCKER_ARCH): $(DOCKER_TARGETS)
-	docker save $(DOCKER_IMAGE):$(DOCKER_TAG) | \
+	docker save $(DOCKER_REPO):$(DOCKER_TAG) | \
 		gzip > $@
-all: image
+all: $(DOCKER_TARGETS)
 clean:
-	rm -rfv *.dummy *.tar.gz
+	rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
 clean-docker:
-	docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0
+	docker rmi -f $$(docker images -q $(COMPANY_NAME)/*) || exit 0
-image: $(DOCKER_DUMMY)
+deploy: $(DOCKER_TARGETS)
-
+	$(foreach TARGET,$(DOCKER_TARGETS),docker push $(subst $(COLON),:,$(TARGET));)
 deploy: $(DOCKER_DUMMY)
 	for i in {1..3}; do \
 		docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \
 	done
 ifeq ($(RELEASE_BRANCH),unstable)
 	docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest
 	for i in {1..3}; do \
 		docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \
 	done
 endif
 publish: $(DOCKER_ARCH)
-	aws s3 cp --no-progress --acl public-read \
+	aws s3 cp \
-		$(DOCKER_ARCH) s3://$(S3_BUCKET)/$(DOCKER_ARCH_URI)
+		$(DOCKER_ARCH) \
 		s3://repo-doc-onlyoffice-com.s3.amazonaws.com/docker/amd64/ \
 		--acl public-read
--- a/README.md
+++ b/README.md
@ -21,12 +21,6 @@
 ONLYOFFICE Document Server is an online office suite comprising viewers and editors for texts, spreadsheets and presentations, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
 Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It has [three editions](https://github.com/ONLYOFFICE/DocumentServer#onlyoffice-document-server-editions). With this image, you will install the free Community version. 
 ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface.
 ***Important*** Please update `docker-enginge` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
 ## Functionality ##
 * ONLYOFFICE Document Editor
 * ONLYOFFICE Spreadsheet Editor
@ -73,8 +67,6 @@ To get access to your data from outside the container, you need to mount the vol
        -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
        -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
        -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
        -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
        -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver
 Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
@ -102,17 +94,10 @@ To secure the application via SSL basically two things are needed:
 So you need to create and install the following files:
-        /app/onlyoffice/DocumentServer/data/certs/tls.key
+        /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
-        /app/onlyoffice/DocumentServer/data/certs/tls.crt
+        /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
-When using CA certified certificates (e.g [Let's encrypt](https://letsencrypt.org)), these files are provided to you by the CA. If you are using self-signed certificates you need to generate these files [yourself](#generation-of-self-signed-certificates).
+When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are have CA certified SSL certificates.
 #### Using the automatically generated Let's Encrypt SSL Certificates
        sudo docker run -i -t -d -p 80:80 -p 443:443 \
        -e LETS_ENCRYPT_DOMAIN=your_domain -e LETS_ENCRYPT_MAIL=your_mail  onlyoffice/documentserver
 If you want to get and extend Let's Encrypt SSL Certificates automatically just set LETS_ENCRYPT_DOMAIN and LETS_ENCRYPT_MAIL variables.
 #### Generation of Self Signed Certificates
@ -121,19 +106,19 @@ Generation of self-signed SSL certificates involves a simple 3 step procedure.
 **STEP 1**: Create the server private key
 ```bash
-openssl genrsa -out tls.key 2048
+openssl genrsa -out onlyoffice.key 2048
 ```
 **STEP 2**: Create the certificate signing request (CSR)
 ```bash
-openssl req -new -key tls.key -out tls.csr
+openssl req -new -key onlyoffice.key -out onlyoffice.csr
 ```
 **STEP 3**: Sign the certificate using the private key and CSR
 ```bash
-openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
+openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
 ```
 You have now generated an SSL certificate that's valid for 365 days.
@ -149,18 +134,18 @@ openssl dhparam -out dhparam.pem 2048
 #### Installation of the SSL Certificates
-Out of the four files generated above, you need to install the `tls.key`, `tls.crt` and `dhparam.pem` files at the onlyoffice server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
+Out of the four files generated above, you need to install the `onlyoffice.key`, `onlyoffice.crt` and `dhparam.pem` files at the onlyoffice server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
 The default path that the onlyoffice application is configured to look for the SSL certificates is at `/var/www/onlyoffice/Data/certs`, this can however be changed using the `SSL_KEY_PATH`, `SSL_CERTIFICATE_PATH` and `SSL_DHPARAM_PATH` configuration options.
-The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/app/onlyoffice/DocumentServer/data/` and copy the files into it and as a measure of security you will update the permission on the `tls.key` file to only be readable by the owner.
+The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/app/onlyoffice/DocumentServer/data/` and copy the files into it and as a measure of security you will update the permission on the `onlyoffice.key` file to only be readable by the owner.
 ```bash
 mkdir -p /app/onlyoffice/DocumentServer/data/certs
-cp tls.key /app/onlyoffice/DocumentServer/data/certs/
+cp onlyoffice.key /app/onlyoffice/DocumentServer/data/certs/
-cp tls.crt /app/onlyoffice/DocumentServer/data/certs/
+cp onlyoffice.crt /app/onlyoffice/DocumentServer/data/certs/
 cp dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
-chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
+chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
 ```
 You are now just one step away from having our application secured.
@ -173,37 +158,24 @@ Below is the complete list of parameters that can be set using environment varia
 - **ONLYOFFICE_HTTPS_HSTS_ENABLED**: Advanced configuration option for turning off the HSTS configuration. Applicable only when SSL is in use. Defaults to `true`.
 - **ONLYOFFICE_HTTPS_HSTS_MAXAGE**: Advanced configuration option for setting the HSTS max-age in the onlyoffice nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
- **SSL_CERTIFICATE_PATH**: The path to the SSL certificate to use. Defaults to `/var/www/onlyoffice/Data/certs/tls.crt`.
+- **SSL_CERTIFICATE_PATH**: The path to the SSL certificate to use. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.crt`.
- **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/tls.key`.
+- **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.
+- **POSTGRESQL_SERVER_HOST**: The IP address or the name of the host where the PostgreSQL server is running.
- **DB_HOST**: The IP address or the name of the host where the database server is running.
+- **POSTGRESQL_SERVER_PORT**: The PostgreSQL server port number.
- **DB_PORT**: The database server port number.
+- **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup.
- **DB_NAME**: The name of a database to use. Should be existing on container startup.
+- **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account.
- **DB_USER**: The new user name with superuser permissions for the database account.
+- **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account.
- **DB_PWD**: The password set for the database account.
+- **AMQP_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
- **AMQP_URI**: The [AMQP URI](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
+- **AMQP_SERVER_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
 - **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
+- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
+- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
 - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
 - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
 - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
 - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true`
 - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`.
 - **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`.
 - **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`.
 - **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
 - **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
 - **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
@ -249,7 +221,7 @@ sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always -
 onlyoffice/mailserver
 ```
-The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml#L87).
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).
 To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
@ -287,7 +259,7 @@ Alternatively, you can use an automatic installation script to install the whole
 **STEP 1**: Download the Community Edition Docker script file
 ```bash
-wget https://download.onlyoffice.com/install/opensource-install.sh
+wget http://download.onlyoffice.com/install/opensource-install.sh
 ```
 **STEP 2**: Install ONLYOFFICE Community Edition executing the following command:
@ -299,7 +271,7 @@ bash opensource-install.sh -md yourdomain.com
 Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
 ```bash
-wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.groups.yml
+wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
 docker-compose up -d
 ```
@ -337,7 +309,7 @@ SaaS version: [https://www.onlyoffice.com/cloud-office.aspx](https://www.onlyoff
 ## User Feedback and Support
-If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [forum.onlyoffice.com][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].
+If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [dev.onlyoffice.org][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].
-  [1]: https://forum.onlyoffice.com
+  [1]: http://dev.onlyoffice.org
-  [2]: https://stackoverflow.com/questions/tagged/onlyoffice
+  [2]: http://stackoverflow.com/questions/tagged/onlyoffice
--- a/tests/activemq.yml
+++ b/tests/activemq.yml
@ -1,12 +1,11 @@
-version: '2.1'
+version: '2'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
-    build:
+    image: onlyoffice/4testing-documentserver-ie:latest
      context: ../.
    environment:
-      - AMQP_TYPE=${AMQP_TYPE:-activemq}
+      - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-activemq
-      - AMQP_URI=${AMQP_URI:-amqp://guest:guest@onlyoffice-activemq}
+      - AMQP_SERVER_TYPE=activemq
    stdin_open: true
    restart: always
    ports:
@ -17,10 +16,10 @@ services:
  onlyoffice-activemq:
    container_name: onlyoffice-activemq
-    image: webcenter/activemq:${ACTIVEMQ_VERSION:-5.14.3}
+    image: webcenter/activemq:5.14.3
    environment:
-      - ACTIVEMQ_USERS_guest=${ACTIVEMQ_USERS_guest:-guest}
+      - ACTIVEMQ_USERS_guest=guest
-      - ACTIVEMQ_GROUPS_owners=${ACTIVEMQ_GROUPS_owners:-guest}
+      - ACTIVEMQ_GROUPS_owners=guest
    restart: always
    networks:
     - onlyoffice
--- a/cluster.yml
+++ b/cluster.yml
@ -1,108 +0,0 @@
 version: '2.1'
 x-ds-image:
  &ds-image
  ${COMPANY_NAME:-onlyoffice}/${PRODUCT_NAME:-documentserver-de}:${PRODUCT_VERSION:-latest}
 services:
  onlyoffice-documentserver-data:  
    container_name: onlyoffice-documentserver-data
    image: *ds-image
    environment:
      - ONLYOFFICE_DATA_CONTAINER=true
      - DB_HOST=onlyoffice-postgresql
      - DB_PORT=5432
      - DB_NAME=onlyoffice
      - DB_USER=onlyoffice
      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
      - REDIS_SERVER_HOST=onlyoffice-redis
      - REDIS_SERVER_PORT=6379
      # Uncomment strings below to enable the JSON Web Token validation.
      #- JWT_ENABLED=true
      #- JWT_SECRET=secret
      #- JWT_HEADER=Authorization
      #- JWT_IN_BODY=true
    stdin_open: true
    restart: always
    volumes:
       - /etc/onlyoffice
       - /var/www/onlyoffice/Data
       - /var/log/onlyoffice
       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
       - /var/www/onlyoffice/documentserver-example/public/files
       - /usr/share/fonts
  onlyoffice-documentserver:
    image: *ds-image
    depends_on:
      - onlyoffice-documentserver-data
      - onlyoffice-postgresql
      - onlyoffice-redis
      - onlyoffice-rabbitmq
    environment:
      - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
      - BALANCE=uri depth 3
      - EXCLUDE_PORTS=443
      - HTTP_CHECK=GET /healthcheck
      - EXTRA_SETTINGS=http-check expect string true
      # Uncomment the string below to redirect HTTP request to HTTPS request.
      #- FORCE_SSL=true
    stdin_open: true
    restart: always
    expose:
      - '80'
    volumes_from:
     - onlyoffice-documentserver-data
  onlyoffice-haproxy:
    container_name: onlyoffice-haproxy
    image: dockercloud/haproxy:1.5.1
    depends_on:
      - onlyoffice-documentserver
    environment:
      - MODE=http
      # Uncomment the string below to specify the path of ssl certificates
      #- CERT_FOLDER=/certs/
    stdin_open: true
    links:
     - onlyoffice-documentserver
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # Uncomment the string below to map a ssl certificate from host
      # to the proxy container
      #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem
    restart: always
    ports:
      - '80:80'
      - '443:443'
      - '1936:1936'
  onlyoffice-redis:
    container_name: onlyoffice-redis
    image: redis
    restart: always
    expose:
      - '6379'
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
    expose:
      - '5672'
  onlyoffice-postgresql:
    container_name: onlyoffice-postgresql
    image: postgres:9.5
    environment:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
      - POSTGRES_HOST_AUTH_METHOD=trust
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
 volumes:
  postgresql_data:
--- a/config/nginx/nginx
+++ b/config/nginx/nginx
@ -0,0 +1,196 @@
 #!/bin/sh
 ### BEGIN INIT INFO
 # Provides:       nginx
 # Required-Start:    $local_fs $remote_fs $network $syslog $named
 # Required-Stop:     $local_fs $remote_fs $network $syslog $named
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: starts the nginx web server
 # Description:       starts nginx using start-stop-daemon
 ### END INIT INFO
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 DAEMON=/usr/sbin/nginx
 NAME=nginx
 DESC=nginx
 # Include nginx defaults if available
 if [ -r /etc/default/nginx ]; then
        . /etc/default/nginx
 fi
 STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
 test -x $DAEMON || exit 0
 . /lib/init/vars.sh
 . /lib/lsb/init-functions
 # Try to extract nginx pidfile
 PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
 if [ -z "$PID" ]; then
        PID=/tmp/nginx.pid
 fi
 if [ -n "$ULIMIT" ]; then
        # Set ulimit if it is set in /etc/default/nginx
        ulimit $ULIMIT
 fi
 start_nginx() {
        # Start the daemon/service
        #
        # Returns:
        #   0 if daemon has been started
        #   1 if daemon was already running
        #   2 if daemon could not be started
        start-stop-daemon --start --quiet --pidfile $PID --chuid www-data:www-data --exec $DAEMON --test > /dev/null \
                || return 1
        start-stop-daemon --start --quiet --pidfile $PID --chuid www-data:www-data --exec $DAEMON -- \
                $DAEMON_OPTS 2>/dev/null \
                || return 2
 }
 test_config() {
        # Test the nginx configuration
        $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
 }
 stop_nginx() {
        # Stops the daemon/service
        #
        # Return
        #   0 if daemon has been stopped
        #   1 if daemon was already stopped
        #   2 if daemon could not be stopped
        #   other if a failure occurred
        start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
        RETVAL="$?"
        sleep 1
        return "$RETVAL"
 }
 reload_nginx() {
        # Function that sends a SIGHUP to the daemon/service
        start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
        return 0
 }
 rotate_logs() {
        # Rotate log files
        start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
        return 0
 }
 upgrade_nginx() {
        # Online upgrade nginx executable
        # http://nginx.org/en/docs/control.html
        #
        # Return
        #   0 if nginx has been successfully upgraded
        #   1 if nginx is not running
        #   2 if the pid files were not created on time
        #   3 if the old master could not be killed
        if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
                # Wait for both old and new master to write their pid file
                while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
                        cnt=`expr $cnt + 1`
                        if [ $cnt -gt 10 ]; then
                                return 2
                        fi
                        sleep 1
                done
                # Everything is ready, gracefully stop the old master
                if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
                        return 0
                else
                        return 3
                fi
        else
                return 1
        fi
 }
 case "$1" in
        start)
                log_daemon_msg "Starting $DESC" "$NAME"
                start_nginx
                case "$?" in
                        0|1) log_end_msg 0 ;;
                        2)   log_end_msg 1 ;;
                esac
                ;;
        stop)
                log_daemon_msg "Stopping $DESC" "$NAME"
                stop_nginx
                case "$?" in
                        0|1) log_end_msg 0 ;;
                        2)   log_end_msg 1 ;;
                esac
                ;;
        restart)
                log_daemon_msg "Restarting $DESC" "$NAME"
                # Check configuration before stopping nginx
                if ! test_config; then
                        log_end_msg 1 # Configuration error
                        exit $?
                fi
                stop_nginx
                case "$?" in
                        0|1)
                                start_nginx
                                case "$?" in
                                        0) log_end_msg 0 ;;
                                        1) log_end_msg 1 ;; # Old process is still running
                                        *) log_end_msg 1 ;; # Failed to start
                                esac
                                ;;
                        *)
                                # Failed to stop
                                log_end_msg 1
                                ;;
                esac
                ;;
        reload|force-reload)
                log_daemon_msg "Reloading $DESC configuration" "$NAME"
                # Check configuration before stopping nginx
                #
                # This is not entirely correct since the on-disk nginx binary
                # may differ from the in-memory one, but that's not common.
                # We prefer to check the configuration and return an error
                # to the administrator.
                if ! test_config; then
                        log_end_msg 1 # Configuration error
                        exit $?
                fi
                reload_nginx
                log_end_msg $?
                ;;
        configtest|testconfig)
                log_daemon_msg "Testing $DESC configuration"
                test_config
                log_end_msg $?
                ;;
        status)
                status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
                ;;
        upgrade)
                log_daemon_msg "Upgrading binary" "$NAME"
                upgrade_nginx
                log_end_msg $?
                ;;
        rotate)
                log_daemon_msg "Re-opening $DESC log files" "$NAME"
                rotate_logs
                log_end_msg $?
                ;;
        *)
                echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
                exit 3
                ;;
 esac
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@ -0,0 +1,63 @@
 user www-data;
 worker_processes 1;
 pid /tmp/nginx.pid;
 events {
        worker_connections 524288;
        # multi_accept on;
 }
 http {
        ##
        # Basic Settings
        ##
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;
        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        ##
        # SSL Settings
        ##
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;
        ##
        # Logging Settings
        ##
        access_log off;
        error_log /var/log/nginx/error.log;
        ##
        # Gzip Settings
        ##
        gzip on;
        gzip_disable "msie6";
        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
        ##
        # Virtual Host Configs
        ##
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
 }
--- a/config/supervisor/supervisor
+++ b/config/supervisor/supervisor
@ -30,8 +30,8 @@ DESC=supervisor
 test -x $DAEMON || exit 0
-LOGDIR=/var/log/supervisor
+LOGDIR=/tmp
-PIDFILE=/var/run/$NAME.pid
+PIDFILE=/tmp/$NAME.pid
 PS_COUNT=0
 DODTIME=5                   # Time to wait for the server to die, in seconds
                            # If this value is set too low you might not
@ -101,7 +101,7 @@ case "$1" in
            rm -f "$PIDFILE"
        fi
 	echo -n "Starting $DESC: "
-	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+	start-stop-daemon --start --quiet --chuid ds:ds --pidfile $PIDFILE \
 		--startas $DAEMON -- $DAEMON_OPTS
 	test -f $PIDFILE || sleep 1
        if running ; then
@ -152,7 +152,7 @@ case "$1" in
    echo -n "Restarting $DESC: "
    start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
 	[ -n "$DODTIME" ] && sleep $DODTIME
-	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+	start-stop-daemon --start --quiet --chuid ds:ds --pidfile $PIDFILE \
 		--startas $DAEMON -- $DAEMON_OPTS
 	echo "$NAME."
 	;;
--- a/config/supervisor/supervisord.conf
+++ b/config/supervisor/supervisord.conf
@ -4,9 +4,9 @@
 port = 127.0.0.1:9001
 [supervisord]
-logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
-pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
-childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
+childlogdir=/tmp            ; ('AUTO' child log dir, default $TEMP)
 ; the below section must remain in the config file for RPC
 ; (supervisorctl/web interface) to work, additional interfaces may be
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,129 +0,0 @@
 variable "TAG" {
    default = ""
 }
 variable "SHORTER_TAG" {
    default = ""
 }
 variable "SHORTEST_TAG" {
    default = ""
 }
 variable "COMPANY_NAME" {
    default = ""
 }
 variable "PREFIX_NAME" {
    default = ""
 }
 variable "PRODUCT_EDITION" {
    default = ""
 }
 variable "PRODUCT_NAME" {
    default = ""
 }
 variable "PACKAGE_VERSION" {
    default = ""
 }
 variable "DOCKERFILE" {
    default = ""
 }
 variable "PLATFORM" {
    default = ""
 }
 variable "PACKAGE_BASEURL" {
    default = ""
 }
 variable "PACKAGE_FILE" {
    default = ""
 }
 variable "RELEASE_BRANCH" {
    default = ""
 }
 ### ↓ Variables for UCS build ↓
 variable "BASE_IMAGE" {
    default     = ""
 }
 variable "PG_VERSION" {
    default     = ""
 }
 ### ↑ Variables for UCS build ↑
 target "documentserver" {
    target = "documentserver"
    dockerfile = "${DOCKERFILE}"
    tags = [
           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
           equal("unstable",RELEASE_BRANCH) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
           ]
    platforms = ["${PLATFORM}"]
    args = {
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
        "PLATFORM": "${PLATFORM}"
    }
 }
 target "documentserver-stable" {
    target = "documentserver-stable"
    dockerfile = "production.dockerfile"
    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest",
            equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "TAG": "${TAG}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
    }
 }
 target "documentserver-ucs" {
    target = "documentserver"
    dockerfile = "${DOCKERFILE}"
    tags = [
           "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}"
           ]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
        "BASE_IMAGE": "${BASE_IMAGE}"
        "PG_VERSION": "${PG_VERSION}"
    }
 }
 target "documentserver-nonexample" {
    target = "documentserver-nonexample"
    dockerfile = "production.dockerfile"
    tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "TAG": "${TAG}"
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PRODUCT_NAME": "${PRODUCT_NAME}"
        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
    } 
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,41 +1,97 @@
 version: '2'
 services:
-  onlyoffice-documentserver:
+  onlyoffice-documentserver-data:
-    build:
+    container_name: onlyoffice-documentserver-data
-      context: .
+    image: onlyoffice/documentserver:latest
    container_name: onlyoffice-documentserver
    depends_on:
      - onlyoffice-postgresql
      - onlyoffice-rabbitmq
    environment:
-      - DB_TYPE=postgres
+      - ONLYOFFICE_DATA_CONTAINER=true
-      - DB_HOST=onlyoffice-postgresql
+      - POSTGRESQL_SERVER_HOST=onlyoffice-postgresql
-      - DB_PORT=5432
+      - POSTGRESQL_SERVER_PORT=5432
-      - DB_NAME=onlyoffice
+      - POSTGRESQL_SERVER_DB_NAME=onlyoffice
-      - DB_USER=onlyoffice
+      - POSTGRESQL_SERVER_USER=onlyoffice
-      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+      - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq
      - REDIS_SERVER_HOST=onlyoffice-redis
      - REDIS_SERVER_PORT=6379
      # Uncomment strings below to enable the JSON Web Token validation.
      #- JWT_ENABLED=true
      #- JWT_SECRET=secret
      #- JWT_HEADER=Authorization
      #- JWT_IN_BODY=true
    ports:
      - '80:80'
      - '443:443'
    stdin_open: true
    restart: always
-    stop_grace_period: 60s
+    networks:
      - onlyoffice
    volumes:
       - /etc/onlyoffice
       - /var/www/onlyoffice/Data
       - /var/log/onlyoffice
       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
       - /var/www/onlyoffice/documentserver-example/public/files
       - /usr/share/fonts
  onlyoffice-documentserver:
    image: onlyoffice/documentserver:latest
    depends_on:
      - onlyoffice-documentserver-data
      - onlyoffice-postgresql
      - onlyoffice-redis
      - onlyoffice-rabbitmq
    environment:
      - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
      - BALANCE=uri depth 3
      - EXCLUDE_PORTS=443
      - HTTP_CHECK=GET /healthcheck
      - EXTRA_SETTINGS=http-check expect string true
      # Uncomment the string below to redirect HTTP request to HTTPS request.
      #- FORCE_SSL=true
    stdin_open: true
    restart: always
    networks:
      - onlyoffice
    expose:
      - '80'
    volumes_from:
     - onlyoffice-documentserver-data
  onlyoffice-haproxy:
    container_name: onlyoffice-haproxy
    image: dockercloud/haproxy:1.5.1
    depends_on:
      - onlyoffice-documentserver
    environment:
      - MODE=http
      # Uncomment the string below to specify the path of ssl certificates
      #- CERT_FOLDER=/certs/
    stdin_open: true
    links:
     - onlyoffice-documentserver
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # Uncomment the string below to map a ssl certificate from host
      # to the proxy container
      #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem
    restart: always
    networks:
     - onlyoffice
    ports:
      - '80:80'
      - '443:443'
      - '1936:1936'
  onlyoffice-redis:
    container_name: onlyoffice-redis
    image: redis
    restart: always
    networks:
     - onlyoffice
    expose:
      - '6379'
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
    networks:
     - onlyoffice
    expose:
      - '5672'
@ -45,12 +101,17 @@ services:
    environment:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
-      - POSTGRES_HOST_AUTH_METHOD=trust
+    networks:
      - onlyoffice
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
 networks:
  onlyoffice:
    driver: 'bridge'
 volumes:
  postgresql_data:
--- a/production.dockerfile
+++ b/production.dockerfile
@ -1,24 +0,0 @@
 ### Arguments avavlivable only for FROM instruction ### 
 ARG TAG=latest
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_EDITION=
 ### Build main-release ###
 FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable
 ### Build nonexample ###
 FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
 ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
 ### Remove all documentserver-example data ###
 RUN    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \
    && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \
    && rm -f $DS_SUPERVISOR_CONF \ 
    && rm -f /etc/nginx/includes/ds-example.conf \
    && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf  $DS_SUPERVISOR_CONF 
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -1,66 +1,26 @@
 #!/bin/bash
 umask 0022
 function clean_exit {
  /usr/bin/documentserver-prepare4shutdown.sh
 }
 trap clean_exit SIGTERM
 # Define '**' behavior explicitly
 shopt -s globstar
 APP_DIR="/var/www/${COMPANY_NAME}/documentserver"
 DATA_DIR="/var/www/${COMPANY_NAME}/Data"
 PRIVATE_DATA_DIR="${DATA_DIR}/.private"
 DS_RELEASE_DATE="${PRIVATE_DATA_DIR}/ds_release_date"
 LOG_DIR="/var/log/${COMPANY_NAME}"
 DS_LOG_DIR="${LOG_DIR}/documentserver"
 LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
 IS_UPGRADE="false"
 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
 ONLYOFFICE_DATA_CONTAINER_PORT=80
-RELEASE_DATE="$(stat -c="%y" ${APP_DIR}/server/DocService/docservice | sed -r 's/=([0-9]+)-([0-9]+)-([0-9]+) ([0-9:.+ ]+)/\1-\2-\3/')";
+SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
-if [ -f ${DS_RELEASE_DATE} ]; then
+SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
-  PREV_RELEASE_DATE=$(head -n 1 ${DS_RELEASE_DATE})
+SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
 else
  PREV_RELEASE_DATE="0"
 fi
 if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
  if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
    IS_UPGRADE="true";
  fi
 fi
 SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
 mkdir -p ${SSL_CERTIFICATES_DIR}
 if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then
  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
  chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem
  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key
 fi
 if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt
 else
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt}
 fi
 if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then
  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key
 else
  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
 USE_UNAUTHORIZED_STORAGE=${USE_UNAUTHORIZED_STORAGE:-false}
 ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
 ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
 SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
@ -73,98 +33,42 @@ NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-exam
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
-# Limiting the maximum number of simultaneous connections due to possible memory shortage
+NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 [ $(ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1048576} || NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
-JWT_ENABLED=${JWT_ENABLED:-true}
+JWT_ENABLED=${JWT_ENABLED:-false}
-
+JWT_SECRET=${JWT_SECRET:-secret}
 # validate user's vars before usinig in json
 if [ "${JWT_ENABLED}" == "true" ]; then
  JWT_ENABLED="true"
 else
  JWT_ENABLED="false"
 fi
 [ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
 JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}
 WOPI_ENABLED=${WOPI_ENABLED:-false}
 GENERATE_FONTS=${GENERATE_FONTS:-true}
 if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then
  REDIS_ENABLED=false
 else
  REDIS_ENABLED=true
 fi
 ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
 ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
 ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json
-JSON_BIN=${APP_DIR}/npm/json
+JSON_BIN=${APP_DIR}/npm/node_modules/.bin/json
 JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
 JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
 JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
 DS_PORT=${DS_PORT:-80}
 LOCAL_SERVICES=()
 PG_ROOT=/var/lib/postgresql
 PG_VERSION=9.5
 PG_NAME=main
 PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME}
 PG_NEW_CLUSTER=false
 RABBITMQ_DATA=/var/lib/rabbitmq
 REDIS_DATA=/var/lib/redis
 if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
  LETSENCRYPT_ROOT_DIR="/etc/letsencrypt/live"
  SSL_CERTIFICATE_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/fullchain.pem
  SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
 fi
 read_setting(){
-  deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
+  POSTGRESQL_SERVER_HOST=${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}
-  deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
+  POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-5432}
-  deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME
+  POSTGRESQL_SERVER_DB_NAME=${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}
-  deprecated_var POSTGRESQL_SERVER_USER DB_USER
+  POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
-  deprecated_var POSTGRESQL_SERVER_PASS DB_PWD
+  POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}
  deprecated_var RABBITMQ_SERVER_URL AMQP_URI
  deprecated_var AMQP_SERVER_URL AMQP_URI
  deprecated_var AMQP_SERVER_TYPE AMQP_TYPE
  METRICS_ENABLED="${METRICS_ENABLED:-false}"
  METRICS_HOST="${METRICS_HOST:-localhost}"
  METRICS_PORT="${METRICS_PORT:-8125}"
  METRICS_PREFIX="${METRICS_PREFIX:-.ds}"
  DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}}
  DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)}
  case $DB_TYPE in
    "postgres")
      DB_PORT=${DB_PORT:-"5432"}
      ;;
    "mariadb"|"mysql")
      DB_PORT=${DB_PORT:-"3306"}
      ;;
    "")
      DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}}
      ;;
    *)
      echo "ERROR: unknown database type"
      exit 1
      ;;
  esac
  DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}}
  DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}}
  DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}}
  RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
-  AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}}
+  AMQP_SERVER_URL=${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}
-  AMQP_TYPE=${AMQP_TYPE:-${AMQP_SERVER_TYPE:-rabbitmq}}
+  AMQP_SERVER_TYPE=${AMQP_SERVER_TYPE:-rabbitmq}
-  parse_rabbitmq_url ${AMQP_URI}
+  parse_rabbitmq_url ${AMQP_SERVER_URL}
  REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
@ -172,12 +76,6 @@ read_setting(){
  DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)}
 }
 deprecated_var() {
  if [[ -n ${!1} ]]; then
    echo "Variable $1 is deprecated. Use $2 instead."
  fi
 }
 parse_rabbitmq_url(){
  local amqp=$1
@ -200,7 +98,7 @@ parse_rabbitmq_url(){
  # extract the host
  local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
  # by request - try to extract the port
-  local port="$(echo $hostport | grep : | sed -r 's_^.*:+|/.*$__g')"
+  local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
  local host
  if [ -n "$port" ]; then
@ -227,8 +125,8 @@ waiting_for_connection(){
  done
 }
-waiting_for_db(){
+waiting_for_postgresql(){
-  waiting_for_connection $DB_HOST $DB_PORT
+  waiting_for_connection ${POSTGRESQL_SERVER_HOST} ${POSTGRESQL_SERVER_PORT}
 }
 waiting_for_amqp(){
@ -241,32 +139,22 @@ waiting_for_redis(){
 waiting_for_datacontainer(){
  waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT}
 }
-
+update_postgresql_settings(){
-update_statsd_settings(){
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${POSTGRESQL_SERVER_HOST}'"
-  ${JSON} -I -e "if(this.statsd===undefined)this.statsd={};"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${POSTGRESQL_SERVER_PORT}'"
-  ${JSON} -I -e "this.statsd.useMetrics = '${METRICS_ENABLED}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${POSTGRESQL_SERVER_DB_NAME}'"
-  ${JSON} -I -e "this.statsd.host = '${METRICS_HOST}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${POSTGRESQL_SERVER_USER}'"
-  ${JSON} -I -e "this.statsd.port = '${METRICS_PORT}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${POSTGRESQL_SERVER_PASS}'"
  ${JSON} -I -e "this.statsd.prefix = '${METRICS_PREFIX}'"
 }
 update_db_settings(){
  ${JSON} -I -e "this.services.CoAuthoring.sql.type = '${DB_TYPE}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'"
  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'"
 }
 update_rabbitmq_setting(){
-  if [ "${AMQP_TYPE}" == "rabbitmq" ]; then
+  if [ "${AMQP_SERVER_TYPE}" == "rabbitmq" ]; then
    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
    ${JSON} -I -e "this.queue.type = 'rabbitmq'"
-    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'"
+    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_SERVER_URL}'"
  fi
-  if [ "${AMQP_TYPE}" == "activemq" ]; then
+  if [ "${AMQP_SERVER_TYPE}" == "activemq" ]; then
    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
    ${JSON} -I -e "this.queue.type = 'activemq'"
    ${JSON} -I -e "if(this.activemq===undefined)this.activemq={};"
@ -304,45 +192,28 @@ update_rabbitmq_setting(){
 }
 update_redis_settings(){
  ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
  if [ -n "${REDIS_SERVER_PASS}" ]; then
    ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}"
  fi
 }
-update_ds_settings(){
+update_jwt_settings(){
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
+  if [ "${JWT_ENABLED}" == "true" ]; then
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
-  ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
-  ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
-  ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
-  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
-  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
-  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
+    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
-  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
+      ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
-
+      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
-  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
+      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
-    ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
+    fi
    ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
    ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
  fi
  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
  fi
  if [ "${WOPI_ENABLED}" == "true" ]; then
    ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}"
    ${JSON} -I -e "this.wopi.enable = true"
  fi
 }
@ -358,87 +229,26 @@ create_postgresql_cluster(){
 }
 create_postgresql_db(){
-  sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
+  sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
-  sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';"
+  sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
-  sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;"
+  sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
 }
-create_db_tbl() {
+create_postgresql_tbl(){
-  case $DB_TYPE in
+  CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -p${POSTGRESQL_SERVER_PORT} -U${POSTGRESQL_SERVER_USER} -w"
-    "postgres")
+  if [ -n "${POSTGRESQL_SERVER_PASS}" ]; then
-      create_postgresql_tbl
+    export PGPASSWORD=${POSTGRESQL_SERVER_PASS}
    ;;
    "mariadb"|"mysql")
      create_mysql_tbl
    ;;
  esac
 }
 upgrade_db_tbl() {
  case $DB_TYPE in
    "postgres")
      upgrade_postgresql_tbl
    ;;
    "mariadb"|"mysql")
      upgrade_mysql_tbl
    ;;
  esac
 }
 upgrade_postgresql_tbl() {
  if [ -n "$DB_PWD" ]; then
    export PGPASSWORD=$DB_PWD
  fi
-  PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w"
+  PSQL="psql -q $CONNECTION_PARAMS"
-
+  CREATEDB="createdb $CONNECTION_PARAMS"
  $PSQL -f "$APP_DIR/server/schema/postgresql/removetbl.sql"
  $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql"
 }
 upgrade_mysql_tbl() {
  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
  MYSQL="mysql -q $CONNECTION_PARAMS"
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/removetbl.sql" >/dev/null 2>&1
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
 }
 create_postgresql_tbl() {
  if [ -n "$DB_PWD" ]; then
    export PGPASSWORD=$DB_PWD
  fi
  PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w"
  $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql"
 }
 create_mysql_tbl() {
  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
  MYSQL="mysql -q $CONNECTION_PARAMS"
  # Create db on remote server
-  $MYSQL -e "CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" >/dev/null 2>&1
+  if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then
-
+    $CREATEDB $POSTGRESQL_SERVER_DB_NAME
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
 }
 update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
  if [[ -e $WELCOME_PAGE ]]; then
    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
    (( ${#DOCKER_CONTAINER_ID} < 12 )) && DOCKER_CONTAINER_ID=$(hostname)
    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
      if [[ -x $(command -v docker) ]]; then
        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/')
      else
        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/')
      fi
    fi
  fi
  $PSQL -d "${POSTGRESQL_SERVER_DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql"
 }
 update_nginx_settings(){
@ -478,6 +288,8 @@ update_nginx_settings(){
    fi
  else
    ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
    # set up default listening port
    sed 's,\(listen.\+:\)\([0-9]\+\)\(.*;\),'"\1${DS_PORT}\3"',' -i ${NGINX_ONLYOFFICE_CONF}
  fi
  # check if ipv6 supported otherwise remove it from nginx config
@ -488,8 +300,6 @@ update_nginx_settings(){
  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
  fi
  documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
 }
 update_supervisor_settings(){
@ -497,6 +307,10 @@ update_supervisor_settings(){
  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
  # Copy modified supervisor config
  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
  # Copy modified nginx start script
  cp ${SYSCONF_TEMPLATES_DIR}/nginx/nginx /etc/init.d/
  # Copy modified ngnix config
  cp ${SYSCONF_TEMPLATES_DIR}/nginx/nginx.conf /etc/nginx/nginx.conf
 }
 update_log_settings(){
@ -507,48 +321,40 @@ update_logrotate_settings(){
  sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf
 }
 update_release_date(){
  mkdir -p ${PRIVATE_DATA_DIR}
  echo ${RELEASE_DATE} > ${DS_RELEASE_DATE}
 }
 # create base folders
-for i in converter docservice metrics; do
+for i in converter docservice spellchecker metrics gc; do
  mkdir -p "${DS_LOG_DIR}/$i"
 done
 mkdir -p ${DS_LOG_DIR}-example
 # create app folders
-for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do
+for i in App_Data/cache/files App_Data/docbuilder; do
-  mkdir -p "$i"
+  mkdir -p "${DS_LIB_DIR}/$i"
 done
 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR}; do
+for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
  chown -R ds:ds "$i"
  chmod -R 755 "$i"
 done
 touch ${DS_LOG_DIR}/nginx.error.log
 chown www-data:www-data ${DS_LOG_DIR}/nginx.error.log
 if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
  read_setting
  if [ $METRICS_ENABLED = "true" ]; then
    update_statsd_settings
  fi
  update_welcome_page
  update_log_settings
-  update_ds_settings
+  update_jwt_settings
  # update settings by env variables
-  if [ $DB_HOST != "localhost" ]; then
+  if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then
-    update_db_settings
+    update_postgresql_settings
-    waiting_for_db
+    waiting_for_postgresql
-    create_db_tbl
+    create_postgresql_tbl
  else
    # change rights for postgres directory
    chown -R postgres:postgres ${PG_ROOT}
@ -565,28 +371,15 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
  if [ ${AMQP_SERVER_HOST} != "localhost" ]; then
    update_rabbitmq_setting
  else
    # change rights for rabbitmq directory
    chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA}
    chmod -R go=rX,u=rwX ${RABBITMQ_DATA}
    if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then
        chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
    fi
    LOCAL_SERVICES+=("rabbitmq-server")
    # allow Rabbitmq startup after container kill
    rm -rf /var/run/rabbitmq
  fi
-  if [ ${REDIS_ENABLED} = "true" ]; then
+  if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
-    if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
+    update_redis_settings
-      update_redis_settings
+  else
-    else
+    LOCAL_SERVICES+=("redis-server")
      # change rights for redis directory
      chown -R redis:redis ${REDIS_DATA}
      chmod -R 750 ${REDIS_DATA}
      LOCAL_SERVICES+=("redis-server")
    fi
  fi
 else
  # no need to update settings just wait for remote data
@ -595,12 +388,8 @@ else
  # read settings after the data container in ready state
  # to prevent get unconfigureted data
  read_setting
  update_welcome_page
 fi
 find /etc/${COMPANY_NAME} -exec chown ds:ds {} \;
 #start needed local services
 for i in ${LOCAL_SERVICES[@]}; do
  service $i start
@ -612,16 +401,9 @@ if [ ${PG_NEW_CLUSTER} = "true" ]; then
 fi
 if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
-  waiting_for_db
+  waiting_for_postgresql
  waiting_for_amqp
-  if [ ${REDIS_ENABLED} = "true" ]; then
+  waiting_for_redis
    waiting_for_redis
  fi
  if [ "${IS_UPGRADE}" = "true" ]; then
    upgrade_db_tbl
    update_release_date
  fi
  update_nginx_settings
@ -637,19 +419,8 @@ fi
 # it run in all cases.
 service nginx start
 if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
  if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then
    documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN}
  fi
 fi
 # Regenerate the fonts list and the fonts thumbnails
-if [ "${GENERATE_FONTS}" == "true" ]; then
+documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
  documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
 fi
 documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}
-echo "${JWT_MESSAGE}" 
+tail -f /var/log/${COMPANY_NAME}/**/*.log
 tail -f /var/log/${COMPANY_NAME}/**/*.log &
 wait $!
--- a/tests/certs-customized.yml
+++ b/tests/certs-customized.yml
@ -1,18 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    environment:
      - SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-/var/www/onlyoffice/Data/certs/tls.crt}
      - SSL_KEY_PATH=${SSL_KEY_PATH:-/var/www/onlyoffice/Data/certs/tls.key}
      - CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-/var/www/onlyoffice/Data/certs/ca-certificates.pem}
      - SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-/var/www/onlyoffice/Data/certs/dhparam.pem}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./data:/var/www/onlyoffice/Data
--- a/tests/certs.yml
+++ b/tests/certs.yml
@ -1,13 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    stdin_open: true
    restart: always
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./data:/var/www/onlyoffice/Data
--- a/tests/graphite.yml
+++ b/tests/graphite.yml
@ -1,32 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    depends_on:
      - onlyoffice-graphite
    environment:
      - METRICS_ENABLED=${METRICS_ENABLED:-true}
      - METRICS_HOST=${METRICS_HOST:-localhost}
      - METRICS_PORT=${METRICS_PORT:-8125}
      - METRICS_PREFIX=${METRICS_PREFIX:-ds.}
    stdin_open: true
    restart: always
    expose:
      - '2003'
    ports:
      - '80:80'
    volumes:
      - ./graphite/statsd:/var/www/onlyoffice/documentserver/server/Metrics/config
  onlyoffice-graphite:
    container_name: onlyoffice-graphite
    image: graphiteapp/graphite-statsd
    environment:
      - GRAPHITE_STATSD_HOST=${GRAPHITE_STATSD_HOST:-onlyoffice-documentserver}
      - GRAPHITE_TIME_ZONE=${GRAPHITE_TIME_ZONE:-Etc/UTC}
    ports:
      - '8888:80'
    stdin_open: true
    restart: always
--- a/tests/graphite/statsd/config.js
+++ b/tests/graphite/statsd/config.js
@ -1,7 +0,0 @@
 {
  "graphiteHost": "onlyoffice-graphite",
  "graphitePort": 2003,
  "port": 8125,
  "flushInterval": 60000,
  "backends": [ "./backends/graphite.js" ]
 }
--- a/tests/mariadb.yml
+++ b/tests/mariadb.yml
@ -1,36 +0,0 @@
 version: '2.1'
 services:
  ds:
    container_name: ds
    build:
      context: ../.
    depends_on:
      - onlyoffice-mariadb
    environment:
      - DB_TYPE=${DB_TYPE:-mysql}
      - DB_HOST=${DB_HOST:-onlyoffice-mariadb}
      - DB_PORT=${DB_PORT:-3306}
      - DB_NAME=${DB_NAME:-onlyoffice}
      - DB_USER=${DB_USER:-onlyoffice}
      - DB_PWD=${DB_PWD:-onlyoffice}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
  onlyoffice-mariadb:
    container_name: onlyoffice-mariadb
    image: mariadb:${MARIADB_VERSION:-10.5}
    environment:
      - MYSQL_DATABASE=${MYSQL_DATABASE:-onlyoffice}
      - MYSQL_USER=${MYSQL_USER:-onlyoffice}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD:-onlyoffice}
      - MYSQL_ALLOW_EMPTY_PASSWORD=${MYSQL_ALLOW_EMPTY_PASSWORD:-yes}
    restart: always
    volumes:
      - mysql_data:/var/lib/mysql
    expose:
      - '3306'
 volumes:
  mysql_data:
--- a/tests/mysql.yml
+++ b/tests/mysql.yml
@ -1,37 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    depends_on:
      - onlyoffice-mysql
    environment:
      - DB_TYPE=${DB_TYPE:-mysql}
      - DB_HOST=${DB_HOST:-onlyoffice-mysql}
      - DB_PORT=${DB_PORT:-3306}
      - DB_NAME=${DB_NAME:-onlyoffice}
      - DB_USER=${DB_USER:-onlyoffice}
      - DB_PWD=${DB_PWD:-onlyoffice}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
  onlyoffice-mysql:
    container_name: onlyoffice-mysql
    image: mysql:${MYSQL_VERSION:-5.7}
    command: --default-authentication-plugin=mysql_native_password
    environment:
      - MYSQL_DATABASE=${MYSQL_DATABASE:-onlyoffice}
      - MYSQL_USER=${MYSQL_USER:-onlyoffice}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD:-onlyoffice}
      - MYSQL_ALLOW_EMPTY_PASSWORD=${MYSQL_ALLOW_EMPTY_PASSWORD:-yes}
    restart: always
    volumes:
      - mysql_data:/var/lib/mysql
    expose:
      - '3306'
 volumes:
  mysql_data:
--- a/tests/postgres-old.yml
+++ b/tests/postgres-old.yml
@ -1,34 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    depends_on:
      - onlyoffice-postgresql
    environment:
      - POSTGRESQL_SERVER_HOST=${DB_HOST:-onlyoffice-postgresql}
      - POSTGRESQL_SERVER_PORT=${DB_PORT:-5432}
      - POSTGRESQL_SERVER_DB_NAME=${DB_NAME:-onlyoffice}
      - POSTGRESQL_SERVER_USER=${DB_USER:-onlyoffice}
      - POSTGRESQL_SERVER_PASS=${DB_PWD:-onlyoffice}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
  onlyoffice-postgresql:
    container_name: onlyoffice-postgresql
    image: postgres:9.5
    environment:
      - POSTGRES_DB=${POSTGRES_DB:-onlyoffice}
      - POSTGRES_USER=${POSTGRES_USER:-onlyoffice}
      - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
 volumes:
  postgresql_data:
--- a/tests/postgres.yml
+++ b/tests/postgres.yml
@ -1,35 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    depends_on:
      - onlyoffice-postgresql
    environment:
      - DB_TYPE=${DB_TYPE:-postgres}
      - DB_HOST=${DB_HOST:-onlyoffice-postgresql}
      - DB_PORT=${DB_PORT:-5432}
      - DB_NAME=${DB_NAME:-onlyoffice}
      - DB_USER=${DB_USER:-onlyoffice}
      - DB_PWD=${DB_PWD:-onlyoffice}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
  onlyoffice-postgresql:
    container_name: onlyoffice-postgresql
    image: postgres:${POSTGRES_VERSION:-9.5}
    environment:
      - POSTGRES_DB=${POSTGRES_DB:-onlyoffice}
      - POSTGRES_USER=${POSTGRES_USER:-onlyoffice}
      - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
 volumes:
  postgresql_data:
--- a/tests/rabbitmq-old.yml
+++ b/tests/rabbitmq-old.yml
@ -1,29 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    environment:
      - AMQP_SERVER_TYPE=${AMQP_SERVER_TYPE:-rabbitmq}
      - AMQP_SERVER_URL=${AMQP_SERVER_URL:-amqp://guest:guest@onlyoffice-rabbitmq}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
      - '443:443'
    networks:
      - onlyoffice
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
    networks:
     - onlyoffice
    expose:
      - '5672'
 networks:
  onlyoffice:
    driver: 'bridge'
--- a/tests/rabbitmq.yml
+++ b/tests/rabbitmq.yml
@ -1,29 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
    environment:
      - AMQP_TYPE=${AMQP_TYPE:-rabbitmq}
      - AMQP_URI=${AMQP_URI:-amqp://guest:guest@onlyoffice-rabbitmq}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
      - '443:443'
    networks:
      - onlyoffice
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq:${RABBITMQ_VERSION:-latest}
    restart: always
    networks:
     - onlyoffice
    expose:
      - '5672'
 networks:
  onlyoffice:
    driver: 'bridge'
--- a/tests/redis.yml
+++ b/tests/redis.yml
@ -1,31 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
      args:
        - PRODUCT_NAME=${PRODUCT_NAME:-documentserver}
    environment:
      - REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-onlyoffice-redis}
      - REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
      - '443:443'
    networks:
      - onlyoffice
  onlyoffice-redis:
    container_name: onlyoffice-redis
    image: redis:${REDIS_VERSION:-latest}
    restart: always
    networks:
     - onlyoffice
    expose:
      - '6379'
 networks:
  onlyoffice:
    driver: 'bridge'
--- a/tests/standalone.yml
+++ b/tests/standalone.yml
@ -1,12 +0,0 @@
 version: '2.1'
 services:
  onlyoffice-documentserver:
    container_name: onlyoffice-documentserver
    build:
      context: ../.
      args:
        - PRODUCT_NAME=${PRODUCT_NAME:-documentserver}
    stdin_open: true
    restart: always
    ports:
      - '80:80'
--- a/tests/test.sh
+++ b/tests/test.sh
@ -1,54 +0,0 @@
 #!/bin/bash
 ssl=${ssl:-false}
 private_key=${private_key:-tls.key}
 certificate_request=${certificate_request:-tls.csr}
 certificate=${certificate:-tls.crt}
 # Generate certificate
 if [[ $ssl == "true" ]]; then
  url=${url:-"https://localhost"}
  mkdir -p data/certs
  pushd data/certs
  openssl genrsa -out ${private_key} 2048
  openssl req \
    -new \
    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \
    -key ${private_key} \
    -out ${certificate_request}
  openssl x509 -req -days 365 -in ${certificate_request} -signkey ${private_key} -out ${certificate}
  openssl dhparam -out dhparam.pem 2048
  chmod 400 ${private_key}
  popd
 else
  url=${url:-"http://localhost"}
 fi
 # Check if the yml exists
 if [[ ! -f $config ]]; then
  echo "File $config doesn't exist!"
  exit 1
 fi
 # Run test environment
 docker-compose -p ds -f $config up -d
 wakeup_timeout=90
 # Get documentserver healthcheck status
 echo "Wait for service wake up"
 sleep $wakeup_timeout
 healthcheck_res=$(wget --no-check-certificate -qO - ${url}/healthcheck)
 # Fail if it isn't true
 if [[ $healthcheck_res == "true" ]]; then
  echo "Healthcheck passed."
 else
  echo "Healthcheck failed!"
  exit 1
 fi
 docker-compose -p ds -f $config down