Cosmetic changes

.github/workflows/4testing-build.yml

@@ -2,78 +2,25 @@
 name: 4testing multiarch-build
 
 on:
-  workflow_dispatch:
+  push:
-    inputs:
+    tags:
-      build:
+      - "v*"
-        description: 'Build number (ex. 45)'
+      - "!v*-stable"
-        type: string
-        required: true
-      amd64:
-        type: boolean
-        description: 'Build AMD64'
-        default: true
-      arm64:
-        type: boolean
-        description: 'Build ARM64'
-        default: true
-      community:
-        type: boolean
-        description: 'Build Community Edition'
-        default: true
-      enterprise:
-        type: boolean
-        description: 'Build Enterprise Edition'
-        default: true
-      developer:
-        type: boolean
-        description: 'Build Developer Edition'
-        default: true
 
 env: 
   COMPANY_NAME: "onlyoffice"
   PRODUCT_NAME: "documentserver"
       
 jobs:
-  prepare:
-    runs-on: ubuntu-latest
-    steps:
-      - id: matrix
-        run: |
-          set -ex
-
-          BRANCH_NAME=${GITHUB_REF#refs/heads/}
-          if ! [[ $BRANCH_NAME == develop || $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
-            echo "Wrong branch."
-            exit 1
-          fi
-
-          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
-          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
-          if [ -z ${PLATFORMS} ]; then
-            echo "None of the platforms are selected."
-            exit 1
-          fi
-
-          [ ${{ github.event.inputs.community }} = true ] && EDITIONS+=("community")
-          [ ${{ github.event.inputs.enterprise }} = true ] && EDITIONS+=("enterprise")
-          [ ${{ github.event.inputs.developer }} = true ] && EDITIONS+=("developer")
-          if [ -z ${EDITIONS} ]; then
-            echo "None of the editions are selected."
-            exit 1
-          fi
-          echo "::set-output name=editions::$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')"
-    outputs:
-      editions: ${{ steps.matrix.outputs.editions }}
-
   build:
-    name: "Build ${{ matrix.image }}-${{ matrix.edition }}"
+    name: Build 
     runs-on: ubuntu-latest
-    needs: prepare
+    continue-on-error: ${{ matrix.condition }}
     strategy:
-      fail-fast: false
       matrix:
-        image: ["documentserver"]
+        images: ["documentserver"]
-        edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
+        edition: ["", "-ee", "-de"]
+        condition: [true]
     steps:
       - name: Checkout code 
         uses: actions/checkout@v3
@@ -86,54 +33,61 @@ jobs:
         uses: docker/setup-buildx-action@v2
      
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
+      - name: Get Tag Name
+        run: |
+          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
       - name: Build 4testing
         run: |
-          set -eux
-
           ### ==>> At this step build variable declaration ###
+          DOCKER_TAG=$( echo ${{ env.RELEASE_VERSION }} | sed 's/^.//' )
+          PACKAGE_VERSION=$( echo $DOCKER_TAG | sed -E 's/(.*)\./\1-/' )
+          NODE_PLATFORMS=$( echo ${{ steps.buildx.outputs.platforms }} | sed 's/linux\///g' | sed 's/,/ /g' )
+          echo "Start check avalivable build platforms >>"
 
-          case ${{ matrix.edition }} in
+          ### ==>> In this loop we will check all avalivable documentserver architectures. After that all accessed arch will be added to build-platforms list. ###
-            community)
+          for ARCH in ${NODE_PLATFORMS}; do
-              PRODUCT_EDITION=""
+            REPO_URL=${{ secrets.REPO_URL }} 
-              ;;
+            if [[ ${{ env.RELEASE_VERSION }} == v99.* ]]; then
-            enterprise)
+              REPO_URL=${{ secrets.UNSTABLE_REPO_URL }}
-              PRODUCT_EDITION="-ee"
+            fi
-              ;;
+            PACKAGE_URL_CHECK=${REPO_URL}${{ matrix.edition }}_"$PACKAGE_VERSION"_${ARCH}.deb
-            developer)
+            STATUS=$(curl -s -o /dev/null -w "%{http_code}\n" "${PACKAGE_URL_CHECK}")
-              PRODUCT_EDITION="-de"
+            if [[ "$STATUS" = "200" ]]; then
-              ;;
+              echo "✔  ${ARCH} is avalivable >> set like one of build platforms"
-          esac
+              PLATFORMS+=(linux/${ARCH},)
+              BUILD_PLATFORMS=$( echo ${PLATFORMS[@]} | sed 's/ //g' | sed 's/\(.*\),/\1/' )
+            else
+              echo "${ARCH} in not avalivable"
+            fi
+          done
+          PACKAGE_URL_BUILD=$( echo ${PACKAGE_URL_CHECK} | sed -e "s/${PACKAGE_VERSION}_.*.deb/${PACKAGE_VERSION}_TARGETARCH.deb/g" )
 
-          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
+          ### ==>> At this step if there is no access to any platform and platform list is empty, build will exit with 1. ###  
-          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
+          if [[ -z ${BUILD_PLATFORMS} ]]; then
-          PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')
+            echo "Have no access to any platform >> exit with 1"
-
+            exit 1
-          BRANCH_NAME=${GITHUB_REF#refs/heads/}
-          if [ $BRANCH_NAME = develop ]; then
-            RELEASE_BRANCH=unstable
-            PRODUCT_VERSION=99.99.99
-          elif [[ $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
-            RELEASE_BRANCH=testing
-            PRODUCT_VERSION=${BRANCH_NAME#*/v}
           fi
-          BUILD_NUMBER=${{ github.event.inputs.build }}
+          echo "DONE: Check passed >> Build for platforms: ${BUILD_PLATFORMS}"
+          echo "Build is starting ... >>"
 
-          export PRODUCT_EDITION
+          ### ==>> Build and push images at this step ### 
-          export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
+          PRODUCT_EDITION=${{ matrix.edition }} \
-          export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL_OLD }}/${RELEASE_BRANCH}/ubuntu
+          PACKAGE_URL=$PACKAGE_URL_BUILD \
-          export RELEASE_BRANCH
+          PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
-          export PLATFORM
+          DOCKERFILE=Dockerfile \
-          export DOCKERFILE=Dockerfile
+          PREFIX_NAME=4testing- \
-          export PREFIX_NAME=4testing-
+          TAG=$DOCKER_TAG \
-          export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
+          PLATFORM=$BUILD_PLATFORMS \
-
+          COMPANY_NAME=${{ env.COMPANY_NAME }} \
-          ### ==>> Build and push images at this step ###
+            docker buildx bake \
-
+            -f docker-bake.hcl ${{ matrix.images }} \
-          docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
+            --push
-          echo "DONE: Build success"
+          echo "DONE: Build success >> exit with 0"
+          exit 0
         shell: bash

.github/workflows/stable-build.yml

@@ -2,12 +2,9 @@
 name: Multi-arch build stable
 
 on:
-  workflow_dispatch:
+  push:
-    inputs:
+    tags:
-      tag:
+      - "v*-stable"
-        description: 'Tag for release (ex. 1.2.3.45)'
-        type: string
-        required: true
 
 env:
   COMPANY_NAME: "onlyoffice"
@@ -15,13 +12,14 @@ env:
 
 jobs:
   build:
-    name: "Release image: DocumentServer${{ matrix.edition }}"
+    name: Build 
     runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.condition }}
     strategy:
-      fail-fast: false
       matrix:
         images: ["documentserver-stable"]
         edition: ["", "-ee", "-de"]
+        condition: [true]
     steps:
       - name: Checkout code 
         uses: actions/checkout@v3
@@ -33,98 +31,37 @@ jobs:
         uses: docker/setup-buildx-action@v2
      
       - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
+      - name: Get Tag Name
+        id: tag_name
+        run: |
+          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
+
       - name: Build documentserver-release
         run: |
-          set -eux
+          TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
-          VERSION=${{ github.event.inputs.tag }}
+          SHORTER_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+\.[\d]+')
-          PRODUCT_EDITION=${{ matrix.edition }}
+          SHORTEST_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+')
-          TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
+          IMAGE_STATUS=$(docker manifest inspect ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG > /dev/null ; echo $?)
-          if docker manifest inspect ${TESTING_IMAGE}:${VERSION} > /dev/null; then
+             if [[ "$IMAGE_STATUS" = "0" ]]; then
-            echo "Image present on docker.hub >> start build stable version"
+                echo "Image present on docker.hub >> start build stable version"
-            export PRODUCT_EDITION
+                echo "FROM ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG as ${{ env.PRODUCT_NAME }}-stable" >> Dockerfile.stable
-            export TAG=${VERSION}
+                PRODUCT_EDITION=${{ matrix.edition }} PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
-            export SHORTER_TAG=${VERSION%.*}
+                COMPANY_NAME=${{ env.COMPANY_NAME}} DOCKERFILE=Dockerfile.stable \
-            export SHORTEST_TAG=${VERSION%.*.*}
+                   TAG=$TAG \
-            docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
+                   SHORTER_TAG=$SHORTER_TAG \
-            echo "DONE: Build success >> exit with 0"
+                   SHORTEST_TAG=$SHORTEST_TAG \
-            exit 0
+                   docker buildx bake \
-          else
+                   -f docker-bake.hcl ${{ matrix.images }} \
-            echo "FAILED: Image with tag ${VERSION} do not presented on docker.hub >> build will not started >> exit with 1"
+                   --push 
-            exit 1
+                echo "DONE: Build success >> exit with 0"
-          fi
+                exit 0
-        shell: bash
+             else
-
+                echo "FAILED: Image with tag $TAG do not presented on docker.hub >> build will not started >> exit with 1"
-  build-nonexample:
+                exit 1
-    name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
+             fi
-    runs-on: ubuntu-latest
-    needs: [build]
-    if: ${{ false }}
-    strategy:
-      fail-fast: false
-      matrix:
-        images: ["documentserver-nonexample"]
-        edition: ["", "-ee", "-de"]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-
-      - name: build image
-        run: |
-          set -eux
-          export PRODUCT_EDITION=${{ matrix.edition }}
-          export TAG=${{ github.event.inputs.tag }}
-          docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
-        shell: bash
-
-  build-ucs-ubuntu20:
-    name: "Release image: DocumentServer${{ matrix.edition }}-ucs"
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        edition: ["", "-ee"]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-
-      - name: build UCS
-        run: |
-           set -eux
-           export PRODUCT_EDITION=${{ matrix.edition }}
-           export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL_OLD }}/testing/ubuntu
-           export DOCKERFILE=Dockerfile
-           export BASE_IMAGE=ubuntu:20.04
-           export PG_VERSION=12
-           export TAG=${{ github.event.inputs.tag }}
-           export PACKAGE_VERSION=$( echo ${TAG} |  sed -E 's/(.*)\./\1-/')
-           docker buildx bake -f docker-bake.hcl documentserver-ucs --push
         shell: bash

Dockerfile

@@ -1,24 +1,18 @@
-ARG BASE_IMAGE=ubuntu:22.04
+FROM ubuntu:22.04 as documentserver
-
-FROM ${BASE_IMAGE} as documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
 
-ARG PG_VERSION=14
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=14
-
-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION}
 
 ARG ONLYOFFICE_VALUE=onlyoffice
 
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     apt-get -y update && \
-    apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \
+    apt-get -yq install wget apt-transport-https gnupg locales && \
     mkdir -p $HOME/.gnupg && \
     gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
     chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \
     locale-gen en_US.UTF-8 && \
     echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
-    wget -O - https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.deb.sh | bash && \
-    if [ $(lsb_release -cs) = focal ]; then RABBITMQ_VERSION=3.8.11-1; else RABBITMQ_VERSION=3.10 ; fi && \
     apt-get -yq install \
         adduser \
         apt-utils \
@@ -47,7 +41,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
         postgresql \
         postgresql-client \
         pwgen \
-        rabbitmq-server=${RABBITMQ_VERSION}* \
+        rabbitmq-server \
         redis-server \
         software-properties-common \
         sudo \
@@ -77,26 +71,25 @@ COPY run-document-server.sh /app/ds/run-document-server.sh
 
 EXPOSE 80 443
 
+ARG TARGETARCH
+ARG PRODUCT_EDITION=
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
-ARG PRODUCT_EDITION=
+ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}_$TARGETARCH.deb"
-ARG PACKAGE_VERSION=
-ARG TARGETARCH
-ARG PACKAGE_BASEURL="http://download.onlyoffice.com/install/documentserver/linux"
 
 ENV COMPANY_NAME=$COMPANY_NAME \
     PRODUCT_NAME=$PRODUCT_NAME \
     PRODUCT_EDITION=$PRODUCT_EDITION
 
-RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VERSION:+_$PACKAGE_VERSION}_${TARGETARCH:-$(dpkg --print-architecture)}.deb" && \
+RUN PACKAGE_URL=$( echo ${PACKAGE_URL} | sed "s/TARGETARCH/"${TARGETARCH}"/g") && \
-    wget -q -P /tmp "$PACKAGE_BASEURL/$PACKAGE_FILE" && \
+    wget -q -P /tmp "$PACKAGE_URL" && \
     apt-get -y update && \
     service postgresql start && \
-    apt-get -yq install /tmp/$PACKAGE_FILE && \
+    apt-get -yq install /tmp/$(basename "$PACKAGE_URL") && \
     service postgresql stop && \
     service supervisor stop && \
     chmod 755 /app/ds/*.sh && \
-    rm -f /tmp/$PACKAGE_FILE && \
+    rm -f /tmp/$(basename "$PACKAGE_URL") && \
     rm -rf /var/log/$COMPANY_NAME && \
     rm -rf /var/lib/apt/lists/*
 

Makefile

@@ -1,7 +1,6 @@
 COMPANY_NAME ?= ONLYOFFICE
 GIT_BRANCH ?= develop
 PRODUCT_NAME ?= DocumentServer
-PRODUCT_EDITION ?= 
 PRODUCT_VERSION ?= 0.0.0
 BUILD_NUMBER ?= 0
 ONLYOFFICE_VALUE ?= onlyoffice
@@ -12,9 +11,9 @@ COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
 PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z)
 COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW))
 
-PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)
+PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
-PACKAGE_BASEURL := https://s3.eu-west-1.amazonaws.com/$(S3_BUCKET)/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu
+PACKAGE_URL := http://$(S3_BUCKET).s3.amazonaws.com/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu/$(PACKAGE_NAME)_$(PACKAGE_VERSION)_amd64.deb
 
 ifeq ($(RELEASE_BRANCH),$(filter $(RELEASE_BRANCH),unstable testing))
 	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))
@@ -22,8 +21,8 @@ else
 	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
 endif
 
-DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)
+DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)
-DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy
+DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)__$(DOCKER_TAG).dummy
 DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
 DOCKER_ARCH_URI := $(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/docker/$(notdir $(DOCKER_ARCH))
 
@@ -32,12 +31,9 @@ DOCKER_ARCH_URI := $(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/docker/$(notdir $(DOCKE
 $(DOCKER_DUMMY):
 	docker pull ubuntu:20.04
 	docker build \
+		--build-arg PACKAGE_URL=$(PACKAGE_URL) \
 		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
 		--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
-		--build-arg PRODUCT_EDITION=$(PRODUCT_EDITION) \
-		--build-arg PACKAGE_VERSION=$(PACKAGE_VERSION) \
-		--build-arg PACKAGE_BASEURL=$(PACKAGE_BASEURL) \
-		--build-arg TARGETARCH=amd64 \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
 		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
 	mkdir -p $$(dirname $@) && \

README.md

@@ -10,6 +10,7 @@
         + [Strengthening the Server Security](#strengthening-the-server-security)
         + [Installation of the SSL Certificates](#installation-of-the-ssl-certificates)
         + [Available Configuration Parameters](#available-configuration-parameters)
+    - [Running ONLYOFFICE Document Server using docker secrets](#running-onlyoffice-document-server-using-docker-secrets)
 * [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
 * [Issues](#issues)
     - [Docker Issues](#docker-issues)
@@ -25,8 +26,6 @@ Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It
 
 ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface.
 
-***Important*** Please update `docker-enginge` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
-
 ## Functionality ##
 * ONLYOFFICE Document Editor
 * ONLYOFFICE Spreadsheet Editor
@@ -165,6 +164,58 @@ chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
 
 You are now just one step away from having our application secured.
 
+### Running ONLYOFFICE Document Server using docker secrets
+
+For manage sensitive data like database password/username you can use Docker secrets. If you want use secrets, you must start the Document Server like service with docker compose or docker swarm. According to [official docker documentation](https://docs.docker.com/engine/swarm/secrets/) secrets did not avalivable to standalone containers. To start using the secrets you need to go through a few simple steps: 
+
+**STEP 1**: 
+At first you need to iniciate docker swarm with command:
+
+```bash
+sudo docker swarm init 
+```
+
+**STEP 2**:
+On the next step you need to make the secrets. DocumentServer support username/password for postgresql access and jwt header/secret. 
+
+If you want to use secrets for database access create secrets with command:
+
+```bash
+sudo printf "your_pass" | docker secret create dbPass -
+sudo printf "your_user" | docker secret create dbUser -
+```
+NOTE: After secrets dbPass and dbUser was created, DocumentServer will be configured automaticly for use the same secrets for postgres access.
+
+If you want to use JSON Web Token values from secrets create secrets with command: 
+
+```bash
+sudo printf "secret_value" | docker secret create jwtSecret -
+sudo printf "header_value" | docker secret create jwtHeader -
+```
+
+**STEP 3**:
+After secrets was created you need to build the DocumentServer with command:
+
+```bash
+sudo docker compose build
+```
+
+**STEP 4**:
+After all when images was builded and secrets was created very important uncomment in docker-compose.yml file strings with secrets thats you want to use. For more information refer to the comments in docker-compose.yml
+
+**STEP 5**:
+Now Document Server is ready to deploy with secrets. For that run: 
+
+```bash
+sudo docker stack deploy --compose-file=docker-compose.yml documentserver-secrets
+```
+
+Also you can run Document Server in docker-compose mode with the same config
+
+```bash
+sudo docker compose up -d 
+```
+
 #### Available Configuration Parameters
 
 *Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command.*
@@ -191,8 +242,8 @@ Below is the complete list of parameters that can be set using environment varia
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
 - **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
-- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
+- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
-- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value.
+- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
 - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
 - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
@@ -205,6 +256,13 @@ Below is the complete list of parameters that can be set using environment varia
 - **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
 - **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
 
+Below list values avalivable only for compose/swarm mode.
+
+- **JWT_SECRET_FILE**: Specifies the path to the mounted file, the value from which will be used like JWT_Secret value. Default path that docker mounted secrets: `/run/secrets/jwtSecret`
+- **JWT_HEADER_FILE**: Specifies the path to the mounted file, the value from which will be used like JWT_Header value. Default path that docker mounted secrets: `/run/secrets/jwtHeader`
+- **POSTGRES_USER_FILE**: Default postgresql container value. Tells the database where to get the username value by set to db access. Default path: `run/secrets/dbUser`
+- **POSTGRES_PASSWORD_FILE**: Default postgresql container value. Tells the database where to get the password value by set to db access. Default path: `run/secrets/dbPass`
+
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
 
 ONLYOFFICE Document Server is a part of ONLYOFFICE Community Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:

docker-bake.hcl

@@ -26,10 +26,6 @@ variable "PRODUCT_NAME" {
     default = ""
 }
 
-variable "PACKAGE_VERSION" {
-    default = ""
-}
-
 variable "DOCKERFILE" {
     default = ""
 }
@@ -38,92 +34,35 @@ variable "PLATFORM" {
     default = ""
 }
 
-variable "PACKAGE_BASEURL" {
+variable "PACKAGE_URL" {
     default = ""
 }
 
-variable "PACKAGE_FILE" {
-    default = ""
-}
-
-variable "RELEASE_BRANCH" {
-    default = ""
-}
-
-### ↓ Variables for UCS build ↓
-
-variable "BASE_IMAGE" {
-    default     = ""
-}
-
-variable "PG_VERSION" {
-    default     = ""
-}
-
-### ↑ Variables for UCS build ↑
-
 target "documentserver" {
     target = "documentserver"
-    dockerfile = "${DOCKERFILE}"
+    dockerfile= "${DOCKERFILE}"
-    tags = [
+    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}"]
-           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
-           equal("unstable",RELEASE_BRANCH) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
-           ]
     platforms = ["${PLATFORM}"]
     args = {
-        "COMPANY_NAME": "${COMPANY_NAME}"
-        "PRODUCT_NAME": "${PRODUCT_NAME}"
         "PRODUCT_EDITION": "${PRODUCT_EDITION}"
-        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
-        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PACKAGE_URL": "${PACKAGE_URL}"
         "PLATFORM": "${PLATFORM}"
     }
 }
 
 target "documentserver-stable" {
     target = "documentserver-stable"
-    dockerfile = "production.dockerfile"
+    dockerfile= "${DOCKERFILE}"
     tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
             "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
             "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
-            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest"]
-            equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
     platforms = ["linux/amd64", "linux/arm64"]
     args = {
-        "TAG": "${TAG}"
-        "COMPANY_NAME": "${COMPANY_NAME}"
-        "PRODUCT_NAME": "${PRODUCT_NAME}"
         "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
     }
 }
-
-target "documentserver-ucs" {
-    target = "documentserver"
-    dockerfile = "${DOCKERFILE}"
-    tags = [
-           "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}"
-           ]
-    platforms = ["linux/amd64", "linux/arm64"]
-    args = {
-        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
-        "PRODUCT_NAME": "${PRODUCT_NAME}"
-        "COMPANY_NAME": "${COMPANY_NAME}"
-        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
-        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
-        "BASE_IMAGE": "${BASE_IMAGE}"
-        "PG_VERSION": "${PG_VERSION}"
-    }
-}
-
-target "documentserver-nonexample" {
-    target = "documentserver-nonexample"
-    dockerfile = "production.dockerfile"
-    tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
-    platforms = ["linux/amd64", "linux/arm64"]
-    args = {
-        "TAG": "${TAG}"
-        "COMPANY_NAME": "${COMPANY_NAME}"
-        "PRODUCT_NAME": "${PRODUCT_NAME}"
-        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
-    } 
-}

docker-compose.yml

@@ -1,4 +1,4 @@
-version: '2'
+version: "3.9"
 services:
   onlyoffice-documentserver:
     build:
@@ -8,6 +8,7 @@ services:
       - onlyoffice-postgresql
       - onlyoffice-rabbitmq
     environment:
+      - USE_SECRETS=false # ←  Set on "true" if you plan use secrets.
       - DB_TYPE=postgres
       - DB_HOST=onlyoffice-postgresql
       - DB_PORT=5432
@@ -16,9 +17,13 @@ services:
       - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
       # Uncomment strings below to enable the JSON Web Token validation.
       #- JWT_ENABLED=true
+      #- JWT_IN_BODY=true
       #- JWT_SECRET=secret
       #- JWT_HEADER=Authorization
-      #- JWT_IN_BODY=true
+      #  ↑ Uncomment two upper strings to use jwt_secret and jwt_header values by default without docker secrets.
+      #  ↓ Or uncomment two strings below to use jwt_secret and jwt_header values from docker secrets that you create.
+      #- JWT_SECTER_FILE=/run/secrets/jwtSecret
+      #- JWT_HEADER_FILE=/run/secrets/jwtHeader
     ports:
       - '80:80'
       - '443:443'
@@ -31,6 +36,12 @@ services:
        - /var/lib/onlyoffice/documentserver/App_Data/cache/files
        - /var/www/onlyoffice/documentserver-example/public/files
        - /usr/share/fonts
+   # ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
+   #secrets:
+   #  - dbUser
+   #  - dbPass
+   #  - jwtSecret
+   #  - jwtHeader
        
   onlyoffice-rabbitmq:
     container_name: onlyoffice-rabbitmq
@@ -46,11 +57,30 @@ services:
       - POSTGRES_DB=onlyoffice
       - POSTGRES_USER=onlyoffice
       - POSTGRES_HOST_AUTH_METHOD=trust
+      #  ↑ Comment two lines upper: POSTGRES_HOST_AUTH_METHOD and POSTGRES_USER and
+      #  ↓ Uncomment two strings below for use database access values from secrets that you create. 
+      #- POSTGRES_USER_FILE=/run/secrets/dbUser
+      #- POSTGRES_PASSWORD_FILE=/run/secrets/dbPass
     restart: always
     expose:
       - '5432'
     volumes:
       - postgresql_data:/var/lib/postgresql
+   #  ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
+   #secrets:
+   #  - dbUser
+   #  - dbPass
+
+#  ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
+#secrets:
+#  dbUser:
+#    external: true
+#  dbPass:
+#    external: true
+#  jwtSecret:
+#    external: true
+#  jwtHeader:
+#    external: true
 
 volumes:
   postgresql_data:

production.dockerfile

@@ -1,24 +0,0 @@
-### Arguments avavlivable only for FROM instruction ### 
-ARG TAG=latest
-ARG COMPANY_NAME=onlyoffice
-ARG PRODUCT_EDITION=
-
-### Build main-release ###
-
-FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable
-
-### Build nonexample ###
- 
-FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample
-
-ARG COMPANY_NAME=onlyoffice
-ARG PRODUCT_NAME=documentserver
-ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
-
-### Remove all documentserver-example data ###
-
-RUN    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \
-    && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \
-    && rm -f $DS_SUPERVISOR_CONF \ 
-    && rm -f /etc/nginx/includes/ds-example.conf \
-    && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf  $DS_SUPERVISOR_CONF 

run-document-server.sh

@@ -1,7 +1,5 @@
 #!/bin/bash
 
-umask 0022
-
 function clean_exit {
   /usr/bin/documentserver-prepare4shutdown.sh
 }
@@ -21,6 +19,7 @@ LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
 IS_UPGRADE="false"
+SECRETS_PATH="/run/secrets/"
 
 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
@@ -73,10 +72,9 @@ NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-exam
 
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
-# Limiting the maximum number of simultaneous connections due to possible memory shortage
+NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
-[ $(ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1048576} || NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 
-JWT_ENABLED=${JWT_ENABLED:-true}
+JWT_ENABLED=${JWT_ENABLED:-false}
 
 # validate user's vars before usinig in json
 if [ "${JWT_ENABLED}" == "true" ]; then
@@ -85,12 +83,18 @@ else
   JWT_ENABLED="false"
 fi
 
-[ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
+JWT_SECRET=${JWT_SECRET:-secret}
-
-JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}
 
+if [ ${USE_SECRETS} == "true" ] && [ -s ${SECRETS_PATH}/jwtSecret ]; then
+  JWT_SECRET=$( cat ${SECRETS_PATH}/jwtSecret )
+fi
+
+if [ ${USE_SECRETS} == "true" ] && [ -s ${SECRETS_PATH}/jwtHeader ]; then
+  JWT_HEADER=$( cat ${SECRETS_PATH}/jwtHeader ) 
+fi
+
 WOPI_ENABLED=${WOPI_ENABLED:-false}
 
 GENERATE_FONTS=${GENERATE_FONTS:-true}
@@ -125,6 +129,17 @@ if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
   SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
 fi
 
+# update db credentials if secrets was configure
+if [ "${USE_SECRETS}" == "true" ]; then
+  if [ -s ${SECRETS_PATH}/dbUser ]; then
+    DB_USER=$( cat ${SECRETS_PATH}/dbUser )
+  fi
+
+  if [ -s ${SECRETS_PATH}/dbPass ]; then
+    DB_PWD=$( cat ${SECRETS_PATH}/dbPass )
+  fi
+fi
+
 read_setting(){
   deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
   deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
@@ -200,7 +215,7 @@ parse_rabbitmq_url(){
   # extract the host
   local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
   # by request - try to extract the port
-  local port="$(echo $hostport | grep : | sed -r 's_^.*:+|/.*$__g')"
+  local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
 
   local host
   if [ -n "$port" ]; then
@@ -427,15 +442,12 @@ update_welcome_page() {
   WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
   if [[ -e $WELCOME_PAGE ]]; then
     DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
-    (( ${#DOCKER_CONTAINER_ID} < 12 )) && DOCKER_CONTAINER_ID=$(hostname)
     if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
       if [[ -x $(command -v docker) ]]; then
         DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
         sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
-        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/')
       else
         sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
-        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/')
       fi
     fi
   fi
@@ -599,8 +611,6 @@ else
   update_welcome_page
 fi
 
-find /etc/${COMPANY_NAME} -exec chown ds:ds {} \;
-
 #start needed local services
 for i in ${LOCAL_SERVICES[@]}; do
   service $i start
@@ -649,7 +659,5 @@ if [ "${GENERATE_FONTS}" == "true" ]; then
 fi
 documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}
 
-echo "${JWT_MESSAGE}" 
-
 tail -f /var/log/${COMPANY_NAME}/**/*.log &
 wait $!