NW
/
OnlyOfficeCS-docker
mirror of https://github.com/ONLYOFFICE/Docker-CommunityServer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #197 from ONLYOFFICE/release/12.5 

Merge release/12.5 into master
This commit is contained in:
Alexey Golubev 2023-07-31 16:06:07 +03:00 committed by GitHub
parent 703b202db5 3e7cc45b99
commit a7dd75ed28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 156 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
Dockerfile
View File

@ -1,13 +1,15 @@
FROM ubuntu:18.04
FROM ubuntu:22.04
ARG RELEASE_DATE="2016-06-21"
ARG RELEASE_DATE_SIGN=""
ARG VERSION="8.9.0.190"
ARG SOURCE_REPO_URL="deb http://static.teamlab.com.s3.amazonaws.com/repo/debian squeeze main"
ARG SOURCE_REPO_URL="deb [signed-by=/usr/share/keyrings/onlyoffice.gpg] https://download.onlyoffice.com/repo/debian squeeze main"
ARG DEBIAN_FRONTEND=noninteractive
ARG PACKAGE_SYSNAME="onlyoffice"
ARG ELK_DIR=/usr/share/elasticsearch
ARG ELK_INDEX_DIR=/var/www/${PACKAGE_SYSNAME}/Data/Index
ARG ELK_LOG_DIR=/var/log/${PACKAGE_SYSNAME}/Index
ARG ELK_LIB_DIR=${ELK_DIR}/lib
ARG ELK_MODULE_DIR=${ELK_DIR}/modules
@ -49,20 +51,24 @@ RUN apt-get -y update && \
locale-gen en_US.UTF-8 && \
echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
echo "${SOURCE_REPO_URL}" >> /etc/apt/sources.list && \
echo "deb https://download.mono-project.com/repo/ubuntu stable-bionic/snapshots/6.8.0.123 main" | tee /etc/apt/sources.list.d/mono-official.list && \
echo "deb https://d2nlctn12v279m.cloudfront.net/repo/mono/ubuntu bionic main" | tee /etc/apt/sources.list.d/mono-extra.list && \
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5 && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
wget http://nginx.org/keys/nginx_signing.key && \
apt-key add nginx_signing.key && \
echo "deb http://nginx.org/packages/ubuntu/ bionic nginx" >> /etc/apt/sources.list.d/nginx.list && \
echo "deb [signed-by=/usr/share/keyrings/xamarin.gpg] https://download.mono-project.com/repo/ubuntu stable-focal/snapshots/6.8.0.123 main" | tee /etc/apt/sources.list.d/mono-official.list && \
echo "deb [signed-by=/usr/share/keyrings/mono-extra.gpg] https://d2nlctn12v279m.cloudfront.net/repo/mono/ubuntu focal main" | tee /etc/apt/sources.list.d/mono-extra.list && \
curl -fsSL https://download.onlyoffice.com/GPG-KEY-ONLYOFFICE | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/onlyoffice.gpg --import && \
chmod 644 /usr/share/keyrings/onlyoffice.gpg && \
curl -fsSL https://download.mono-project.com/repo/xamarin.gpg | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/xamarin.gpg --import && \
chmod 644 /usr/share/keyrings/xamarin.gpg && \
curl -fsSL https://d2nlctn12v279m.cloudfront.net/repo/mono/mono.key | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/mono-extra.gpg --import && \
chmod 644 /usr/share/keyrings/mono-extra.gpg && \
wget http://archive.ubuntu.com/ubuntu/pool/main/g/glibc/multiarch-support_2.27-3ubuntu1_amd64.deb && \
apt-get install ./multiarch-support_2.27-3ubuntu1_amd64.deb && \
rm -f ./multiarch-support_2.27-3ubuntu1_amd64.deb && \
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - && \
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-7.x.list && \
add-apt-repository -y ppa:certbot/certbot && \
add-apt-repository -y ppa:chris-lea/redis-server && \
curl -sSL https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
echo "deb [arch=amd64] https://packages.microsoft.com/ubuntu/18.04/prod bionic main" >> /etc/apt/sources.list.d/microsoft-prod.list && \
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - && \
wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \
sudo dpkg -i packages-microsoft-prod.deb && \
rm packages-microsoft-prod.deb && \
printf "Package: * \nPin: origin \"packages.microsoft.com\"\nPin-Priority: 1001" > /etc/apt/preferences && \
curl -sL https://deb.nodesource.com/setup_18.x | sudo -E bash - && \
apt-get install -yq gnupg2 \
ca-certificates \
software-properties-common \
@ -75,7 +81,7 @@ RUN apt-get -y update && \
gdb \
mono-complete \
ca-certificates-mono \
python-certbot-nginx \
python3-certbot-nginx \
htop \
nano \
dnsutils \
@ -86,9 +92,20 @@ RUN apt-get -y update && \
ffmpeg \
jq \
apt-transport-https \
elasticsearch=${ELASTICSEARCH_VERSION} \
mono-webserver-hyperfastcgi=0.4-7 \
dotnet-sdk-6.0 \
elasticsearch=${ELASTICSEARCH_VERSION} && \
mkdir -p ${ELK_INDEX_DIR}/v${ELASTICSEARCH_VERSION} && \
mkdir -p ${ELK_LOG_DIR} && \
chmod -R u=rwx /var/www/${PACKAGE_SYSNAME} && \
chmod -R g=rx /var/www/${PACKAGE_SYSNAME} && \
chmod -R o=rx /var/www/${PACKAGE_SYSNAME} && \
chown -R elasticsearch:elasticsearch ${ELK_INDEX_DIR}/v${ELASTICSEARCH_VERSION} && \
chown -R elasticsearch:elasticsearch ${ELK_LOG_DIR} && \
chmod -R u=rwx ${ELK_INDEX_DIR}/v${ELASTICSEARCH_VERSION} && \
chmod -R g=rs ${ELK_INDEX_DIR}/v${ELASTICSEARCH_VERSION} && \
chmod -R o= ${ELK_INDEX_DIR}/v${ELASTICSEARCH_VERSION} && \
apt-get install -yq \
mono-webserver-hyperfastcgi=0.4-8 \
dotnet-sdk-7.0 \
${PACKAGE_SYSNAME}-communityserver \
${PACKAGE_SYSNAME}-xmppserver && \
apt-get clean && \

35
README.md
View File

@ -351,19 +351,29 @@ Then launch containers on it using the 'docker run --net onlyoffice' option:
Follow [these steps](#installing-mysql) to install MySQL server.
**STEP 3**: Install ONLYOFFICE Document Server.
**STEP 3**: Generate JWT Secret
JWT secret defines the secret key to validate the JSON Web Token in the request to the **ONLYOFFICE Document Server**. You can specify it yourself or easily get it using the command:
```
JWT_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32);
```
**STEP 4**: Install ONLYOFFICE Document Server.
```bash
sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/DocumentServer/fonts:/usr/share/fonts/truetype/custom \
-v /app/onlyoffice/DocumentServer/forgotten:/var/lib/onlyoffice/documentserver/App_Data/cache/files/forgotten \
onlyoffice/documentserver
-e JWT_ENABLED=true \
-e JWT_SECRET=${JWT_SECRET} \
-e JWT_HEADER=AuthorizationJwt \
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/DocumentServer/fonts:/usr/share/fonts/truetype/custom \
-v /app/onlyoffice/DocumentServer/forgotten:/var/lib/onlyoffice/documentserver/App_Data/cache/files/forgotten \
onlyoffice/documentserver
```
To learn more, refer to the [ONLYOFFICE Document Server documentation](https://github.com/ONLYOFFICE/Docker-DocumentServer "ONLYOFFICE Document Server documentation").
**STEP 4**: Install ONLYOFFICE Mail Server.
**STEP 5**: Install ONLYOFFICE Mail Server.
For the mail server correct work you need to specify its hostname 'yourdomain.com'.
To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
@ -384,7 +394,7 @@ sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always -
The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).
**STEP 5**: Install ONLYOFFICE Control Panel
**STEP 6**: Install ONLYOFFICE Control Panel
```bash
docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-control-panel \
@ -394,7 +404,7 @@ docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-control-
-v /app/onlyoffice/ControlPanel/logs:/var/log/onlyoffice onlyoffice/controlpanel
```
**STEP 6**: Install ONLYOFFICE Community Server
**STEP 7**: Install ONLYOFFICE Community Server
```bash
sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 --cgroupns=host \
@ -404,6 +414,9 @@ sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name o
-e MYSQL_SERVER_USER=onlyoffice_user \
-e MYSQL_SERVER_PASS=onlyoffice_pass \
-e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
-e DOCUMENT_SERVER_JWT_ENABLED=true \
-e DOCUMENT_SERVER_JWT_SECRET=${JWT_SECRET} \
-e DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt \
-e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \
-e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \
-e MAIL_SERVER_DB_NAME=onlyoffice_mailserver \
@ -436,7 +449,7 @@ wget https://download.onlyoffice.com/install/workspace-install.sh
workspace-install.sh -md yourdomain.com
```
Or use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). `Temporarily does not work on Ubuntu 22.04 and Debian 11.`
Or use [docker-compose](https://docs.docker.com/compose/install "docker-compose").
First you need to clone this [GitHub repository](https://github.com/ONLYOFFICE/Docker-CommunityServer/):
@ -456,6 +469,8 @@ For the mail server correct work, open one of the files depending on the product
* [docker-compose.yml](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace.yml) for ONLYOFFICE Workspace Community Edition
* [docker-compose.yml](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml) for ONLYOFFICE Workspace Enterprise Edition
For working on `Ubuntu 22.04` and `Debian 11` or later, you need to use docker-compose versions v2.16.0 or later and uncomment the cgroup line in the yml file
Then replace the `${MAIL_SERVER_HOSTNAME}` variable with your own hostname for the **Mail Server**. After that, assuming you have docker-compose installed, execute the following command:
```bash

4
config/mysql/docker-entrypoint-initdb.d/onlyoffice-initdb.sql
View File

@ -3,10 +3,10 @@ CREATE DATABASE IF NOT EXISTS onlyoffice_mailserver CHARACTER SET "utf8" COLLATE
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'my-secret-pw';
CREATE USER IF NOT EXISTS 'onlyoffice_user'@'%' IDENTIFIED WITH mysql_native_password BY 'onlyoffice_pass';
CREATE USER IF NOT EXISTS 'onlyoffice_mailserver_user'@'%' IDENTIFIED WITH mysql_native_password BY 'onlyoffice_mailserver_user_pass';
CREATE USER IF NOT EXISTS 'mail_admin'@'%' IDENTIFIED WITH mysql_native_password BY 'Isadmin123';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';
GRANT ALL PRIVILEGES ON *.* TO 'onlyoffice_user'@'%';
GRANT ALL PRIVILEGES ON *.* TO 'onlyoffice_mailserver_user'@'%';
GRANT ALL PRIVILEGES ON *.* TO 'mail_admin'@'%';
FLUSH PRIVILEGES;

1
docker-compose.groups.yml
View File

@ -41,6 +41,7 @@ services:
tty: true
restart: always
privileged: true
# cgroup: host
volumes:
- community_data:/var/www/onlyoffice/Data
- community_log:/var/log/onlyoffice

9
docker-compose.workspace.yml
View File

@ -40,8 +40,8 @@ services:
- MAIL_SERVER_DB_HOST=onlyoffice-mysql-server
- MAIL_SERVER_DB_PORT=3306
- MAIL_SERVER_DB_NAME=onlyoffice_mailserver
- MAIL_SERVER_DB_USER=onlyoffice_mailserver_user
- MAIL_SERVER_DB_PASS=onlyoffice_mailserver_user_pass
- MAIL_SERVER_DB_USER=mail_admin
- MAIL_SERVER_DB_PASS=Isadmin123
- ELASTICSEARCH_SERVER_HOST=onlyoffice-elasticsearch
- ELASTICSEARCH_SERVER_HTTPPORT=9200
networks:
@ -54,6 +54,7 @@ services:
tty: true
restart: always
privileged: true
# cgroup: host
volumes:
- community_data:/var/www/onlyoffice/Data
- community_log:/var/log/onlyoffice
@ -115,8 +116,8 @@ services:
environment:
- MYSQL_SERVER=onlyoffice-mysql-server
- MYSQL_SERVER_PORT=3306
- MYSQL_ROOT_USER=onlyoffice_mailserver_user
- MYSQL_ROOT_PASSWD=onlyoffice_mailserver_user_pass
- MYSQL_ROOT_USER=mail_admin
- MYSQL_ROOT_PASSWD=Isadmin123
- MYSQL_SERVER_DB_NAME=onlyoffice_mailserver
networks:
- onlyoffice

9
docker-compose.workspace_enterprise.yml
View File

@ -40,8 +40,8 @@ services:
- MAIL_SERVER_DB_HOST=onlyoffice-mysql-server
- MAIL_SERVER_DB_PORT=3306
- MAIL_SERVER_DB_NAME=onlyoffice_mailserver
- MAIL_SERVER_DB_USER=onlyoffice_mailserver_user
- MAIL_SERVER_DB_PASS=onlyoffice_mailserver_user_pass
- MAIL_SERVER_DB_USER=mail_admin
- MAIL_SERVER_DB_PASS=Isadmin123
- ELASTICSEARCH_SERVER_HOST=onlyoffice-elasticsearch
- ELASTICSEARCH_SERVER_HTTPPORT=9200
networks:
@ -54,6 +54,7 @@ services:
tty: true
restart: always
privileged: true
# cgroup: host
volumes:
- community_data:/var/www/onlyoffice/Data
- community_log:/var/log/onlyoffice
@ -115,8 +116,8 @@ services:
environment:
- MYSQL_SERVER=onlyoffice-mysql-server
- MYSQL_SERVER_PORT=3306
- MYSQL_ROOT_USER=onlyoffice_mailserver_user
- MYSQL_ROOT_PASSWD=onlyoffice_mailserver_user_pass
- MYSQL_ROOT_USER=mail_admin
- MYSQL_ROOT_PASSWD=Isadmin123
- MYSQL_SERVER_DB_NAME=onlyoffice_mailserver
networks:
- onlyoffice

150
run-community-server.sh
View File

@ -74,7 +74,7 @@ else
APP_CORE_MACHINEKEY=$(head -n 1 ${APP_PRIVATE_DATA_DIR}/machinekey)
fi
RELEASE_DATE="$(sudo sed -n '/"version.release-date"/s!.*value\s*=\s*"\([^"]*\)".*!\1!p' ${APP_ROOT_DIR}/web.appsettings.config)";
RELEASE_DATE="$(sudo sed -n '/"version.number"/s!.*value\s*=\s*"\([^"]*\)".*!\1!p' ${APP_ROOT_DIR}/web.appsettings.config)";
RELEASE_DATE_SIGN="$(CreateAuthToken "${RELEASE_DATE}" "${APP_CORE_MACHINEKEY}" )";
sed -i '/version.release-date.sign/s!value="[^"]*"!value=\"'"$RELEASE_DATE_SIGN"'\"!g' ${APP_ROOT_DIR}/web.appsettings.config
@ -148,6 +148,8 @@ DOCUMENT_SERVER_HOST_IP="";
CONTROL_PANEL_ENABLED=false
MAIL_SERVER_ENABLED=false
set +x
MYSQL_SERVER_ROOT_PASSWORD=${MYSQL_SERVER_ROOT_PASSWORD:-""}
MYSQL_SERVER_HOST=${MYSQL_SERVER_HOST:-"127.0.0.1"}
MYSQL_SERVER_PORT=${MYSQL_SERVER_PORT:-"3306"}
@ -156,6 +158,25 @@ MYSQL_SERVER_USER=${MYSQL_SERVER_USER:-"root"}
MYSQL_SERVER_PASS=${MYSQL_SERVER_PASS:-${MYSQL_SERVER_ROOT_PASSWORD}}
MYSQL_SERVER_EXTERNAL=${MYSQL_SERVER_EXTERNAL:-false};
mysql_config() {
cat << EOF > $1
[client]
host=$2
port=$3
user=$4
password=$5
EOF
}
MYSQL_CLIENT_CONFIG="/etc/mysql/conf.d/client.cnf"
MYSQL_ROOT_CONFIG="/etc/mysql/conf.d/root.cnf"
MYSQL_MAIL_CONFIG="/etc/mysql/conf.d/mail.cnf"
mysql_config ${MYSQL_CLIENT_CONFIG} ${MYSQL_SERVER_HOST} ${MYSQL_SERVER_PORT} ${MYSQL_SERVER_USER} ${MYSQL_SERVER_PASS}
mysql_config ${MYSQL_ROOT_CONFIG} ${MYSQL_SERVER_HOST} ${MYSQL_SERVER_PORT} root ${MYSQL_SERVER_ROOT_PASSWORD}
set -x
mkdir -p "${SSL_CERTIFICATES_DIR}/.well-known/acme-challenge"
check_ip_is_internal(){
@ -377,12 +398,20 @@ fi
if [ ${MYSQL_SERVER_PORT_3306_TCP} ]; then
MYSQL_SERVER_EXTERNAL=true;
set +x
MYSQL_SERVER_HOST=${MYSQL_SERVER_PORT_3306_TCP_ADDR};
MYSQL_SERVER_PORT=${MYSQL_SERVER_PORT_3306_TCP_PORT};
MYSQL_SERVER_DB_NAME=${MYSQL_SERVER_ENV_MYSQL_DATABASE:-${MYSQL_SERVER_DB_NAME}};
MYSQL_SERVER_USER=${MYSQL_SERVER_ENV_MYSQL_USER:-${MYSQL_SERVER_USER}};
MYSQL_SERVER_PASS=${MYSQL_SERVER_ENV_MYSQL_PASSWORD:-${MYSQL_SERVER_ENV_MYSQL_ROOT_PASSWORD:-${MYSQL_SERVER_PASS}}};
mysql_config ${MYSQL_CLIENT_CONFIG} ${MYSQL_SERVER_HOST} ${MYSQL_SERVER_PORT} ${MYSQL_SERVER_USER} ${MYSQL_SERVER_PASS}
mysql_config ${MYSQL_ROOT_CONFIG} ${MYSQL_SERVER_HOST} ${MYSQL_SERVER_PORT} root ${MYSQL_SERVER_ROOT_PASSWORD}
set -x
if [ ${LOG_DEBUG} ]; then
log_debug "MYSQL_SERVER_HOST: ${MYSQL_SERVER_HOST}";
log_debug "MYSQL_SERVER_PORT: ${MYSQL_SERVER_PORT}";
@ -397,6 +426,8 @@ if [ ${CONTROL_PANEL_PORT_80_TCP} ]; then
CONTROL_PANEL_ENABLED=true;
fi
set +x
MAIL_SERVER_API_PORT=${MAIL_SERVER_API_PORT:-${MAIL_SERVER_PORT_8081_TCP_PORT:-8081}};
MAIL_SERVER_API_HOST=${MAIL_SERVER_API_HOST:-${MAIL_SERVER_PORT_8081_TCP_ADDR}};
MAIL_SERVER_DB_HOST=${MAIL_SERVER_DB_HOST:-${MAIL_SERVER_PORT_3306_TCP_ADDR}};
@ -405,6 +436,10 @@ MAIL_SERVER_DB_NAME=${MAIL_SERVER_DB_NAME:-"onlyoffice_mailserver"};
MAIL_SERVER_DB_USER=${MAIL_SERVER_DB_USER:-"mail_admin"};
MAIL_SERVER_DB_PASS=${MAIL_SERVER_DB_PASS:-"Isadmin123"};
mysql_config ${MYSQL_MAIL_CONFIG} ${MAIL_SERVER_DB_HOST} ${MAIL_SERVER_DB_PORT} ${MAIL_SERVER_DB_USER} ${MAIL_SERVER_DB_PASS}
set -x
if [ ${MAIL_SERVER_DB_HOST} ]; then
MAIL_SERVER_ENABLED=true;
@ -453,13 +488,14 @@ REDIS_SERVER_SSL=${REDIS_SERVER_SSL:-"false"};
REDIS_SERVER_DATABASE=${REDIS_SERVER_DATABASE:-"0"};
REDIS_SERVER_CONNECT_TIMEOUT=${REDIS_SERVER_CONNECT_TIMEOUT:-"5000"};
REDIS_SERVER_EXTERNAL=false;
REDIS_SERVER_SYNC_TIMEOUT=${REDIS_SERVER_SYNC_TIMEOUT:-"60000"}
if [ ${REDIS_SERVER_HOST} ]; then
sed 's/<add\s*host=".*"\s*cachePort="[0-9]*"\s*\/>/<add host="'${REDIS_SERVER_HOST}'" cachePort="'${REDIS_SERVER_CACHEPORT}'" \/>/' -i ${APP_ROOT_DIR}/Web.config
sed -E 's/<redisCacheClient\s*ssl="(false|true)"\s*connectTimeout="[0-9]*"\s*database="[0-9]*"\s*password=".*">/<redisCacheClient ssl="'${REDIS_SERVER_SSL}'" connectTimeout="'${REDIS_SERVER_CONNECT_TIMEOUT}'" database="'${REDIS_SERVER_DATABASE}'" password="'${REDIS_SERVER_PASSWORD}'">/' -i ${APP_ROOT_DIR}/Web.config
sed -E 's/<redisCacheClient\s*ssl="(false|true)"\s*connectTimeout="[0-9]*"\s*syncTimeout="[0-9]*"\s*database="[0-9]*"\s*password=".*">/<redisCacheClient ssl="'${REDIS_SERVER_SSL}'" connectTimeout="'${REDIS_SERVER_CONNECT_TIMEOUT}'" syncTimeout="'${REDIS_SERVER_SYNC_TIMEOUT}'" database="'${REDIS_SERVER_DATABASE}'" password="'${REDIS_SERVER_PASSWORD}'">/' -i ${APP_ROOT_DIR}/Web.config
sed 's/<add\s*host=".*"\s*cachePort="[0-9]*"\s*\/>/<add host="'${REDIS_SERVER_HOST}'" cachePort="'${REDIS_SERVER_CACHEPORT}'" \/>/' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
sed -E 's/<redisCacheClient\s*ssl="(false|true)"\s*connectTimeout="[0-9]*"\s*database="[0-9]*"\s*password=".*">/<redisCacheClient ssl="'${REDIS_SERVER_SSL}'" connectTimeout="'${REDIS_SERVER_CONNECT_TIMEOUT}'" database="'${REDIS_SERVER_DATABASE}'" password="'${REDIS_SERVER_PASSWORD}'">/' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
sed -E 's/<redisCacheClient\s*ssl="(false|true)"\s*connectTimeout="[0-9]*"\s*syncTimeout="[0-9]*"\s*database="[0-9]*"\s*password=".*">/<redisCacheClient ssl="'${REDIS_SERVER_SSL}'" connectTimeout="'${REDIS_SERVER_CONNECT_TIMEOUT}'" syncTimeout="'${REDIS_SERVER_SYNC_TIMEOUT}'" database="'${REDIS_SERVER_DATABASE}'" password="'${REDIS_SERVER_PASSWORD}'">/' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
APP_SERVICES_SOCKET_IO_PATH=${APP_SERVICES_DIR}/ASC.Socket.IO/config/config.json;
@ -504,9 +540,9 @@ mysql_scalar_exec(){
local queryResult="";
if [ "$2" == "opt_ignore_db_name" ]; then
queryResult=$(mysql --silent --skip-column-names -h ${MYSQL_SERVER_HOST} -P ${MYSQL_SERVER_PORT} -u ${MYSQL_SERVER_USER} --password=${MYSQL_SERVER_PASS} -e "$1");
queryResult=$(mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -e "$1");
else
queryResult=$(mysql --silent --skip-column-names -h ${MYSQL_SERVER_HOST} -P ${MYSQL_SERVER_PORT} -u ${MYSQL_SERVER_USER} --password=${MYSQL_SERVER_PASS} -D ${MYSQL_SERVER_DB_NAME} -e "$1");
queryResult=$(mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -D ${MYSQL_SERVER_DB_NAME} -e "$1");
fi
echo $queryResult;
}
@ -515,9 +551,9 @@ mysql_list_exec(){
local queryResult="";
if [ "$2" == "opt_ignore_db_name" ]; then
queryResult=$(mysql --silent --skip-column-names -h ${MYSQL_SERVER_HOST} -P ${MYSQL_SERVER_PORT} -u ${MYSQL_SERVER_USER} --password=${MYSQL_SERVER_PASS} -e "$1");
queryResult=$(mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -e "$1");
else
queryResult=$(mysql --silent --skip-column-names -h ${MYSQL_SERVER_HOST} -P ${MYSQL_SERVER_PORT} -u ${MYSQL_SERVER_USER} --password=${MYSQL_SERVER_PASS} -D ${MYSQL_SERVER_DB_NAME} -e "$1");
queryResult=$(mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -D ${MYSQL_SERVER_DB_NAME} -e "$1");
fi
read -ra vars <<< ${queryResult};
@ -527,7 +563,7 @@ mysql_list_exec(){
}
mysql_batch_exec(){
mysql --silent --skip-column-names -h ${MYSQL_SERVER_HOST} -P ${MYSQL_SERVER_PORT} -u ${MYSQL_SERVER_USER} --password=${MYSQL_SERVER_PASS} -D ${MYSQL_SERVER_DB_NAME} < "$1";
mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -D ${MYSQL_SERVER_DB_NAME} < "$1";
}
mysql_check_connection() {
@ -537,48 +573,32 @@ mysql_check_connection() {
fi
while ! mysqladmin ping -h ${MYSQL_SERVER_HOST} -P ${MYSQL_SERVER_PORT} -u ${MYSQL_SERVER_USER} --password=${MYSQL_SERVER_PASS} --silent; do
while ! mysqladmin --defaults-extra-file="$MYSQL_CLIENT_CONFIG" ping; do
sleep 1
done
}
change_connections(){
set +x
sed '/'${1}'/s/\(connectionString\s*=\s*\"\)[^\"]*\"/\1Server='${MYSQL_SERVER_HOST}';Port='${MYSQL_SERVER_PORT}';Database='${MYSQL_SERVER_DB_NAME}';User ID='${MYSQL_SERVER_USER}';Password='${MYSQL_SERVER_PASS}';Pooling=true;Character Set=utf8;AutoEnlist=false;SSL Mode=none;AllowPublicKeyRetrieval=true;Connection Timeout=30;Maximum Pool Size=300;\"/' -i ${2}
set -x
}
if [ "${MYSQL_SERVER_EXTERNAL}" == "false" ]; then
chown -R mysql:mysql /var/lib/mysql/
chmod -R 755 /var/lib/mysql/
if [ ! -f /var/lib/mysql/ibdata1 ]; then
# cp /etc/mysql/my.cnf /usr/share/mysql/my-default.cnf
mysql_install_db || true
# mysqld --initialize-insecure --user=mysql || true
fi
if [ ${LOG_DEBUG} ]; then
log_debug "Fix docker bug volume mapping for mysql";
fi
myisamchk -q -r /var/lib/mysql/mysql/proc || true
systemctl enable mysql.service
service mysql start
if [ ! -f /var/lib/mysql/mysql_upgrade_info ]; then
if mysqladmin --silent ping -u root | grep -q "mysqld is alive" ; then
mysql_upgrade
else
mysql_upgrade --password=${MYSQL_SERVER_ROOT_PASSWORD};
fi
service mysql restart;
fi
if [ -n "$MYSQL_SERVER_ROOT_PASSWORD" ] && mysqladmin --silent ping -u root | grep -q "mysqld is alive" ; then
mysql <<EOF
if [ -n "$MYSQL_SERVER_ROOT_PASSWORD" ] && mysqladmin --defaults-extra-file="$MYSQL_ROOT_CONFIG" ping | grep -q "mysqld is alive" ; then
mysql --defaults-extra-file="$MYSQL_ROOT_CONFIG" <<EOF
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY "$MYSQL_SERVER_ROOT_PASSWORD";
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DELETE FROM mysql.user WHERE User='';
@ -589,7 +609,7 @@ EOF
if [ "$MYSQL_SERVER_USER" != "root" ]; then
mysql "-p${MYSQL_SERVER_ROOT_PASSWORD}" <<EOF
mysql --defaults-extra-file="$MYSQL_ROOT_CONFIG" <<EOF
CREATE USER IF NOT EXISTS "$MYSQL_SERVER_USER"@"localhost" IDENTIFIED WITH mysql_native_password BY "$MYSQL_SERVER_PASS";
GRANT ALL PRIVILEGES ON *.* TO "$MYSQL_SERVER_USER"@'localhost';
FLUSH PRIVILEGES;
@ -599,14 +619,11 @@ EOF
fi
DEBIAN_SYS_MAINT_PASS=$(grep "password" /etc/mysql/debian.cnf | head -1 | sed 's/password\s*=\s*//' | tr -d '[[:space:]]');
mysql_scalar_exec "GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY '${DEBIAN_SYS_MAINT_PASS}'"
#mysql_scalar_exec "GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost'" "opt_ignore_db_name";
mysql_scalar_exec "GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost';"
set -x
else
service mysql stop
systemctl disable mysql.service
mysqladmin shutdown
systemctl disable mysql.service
fi
mysql_check_connection;
@ -635,13 +652,18 @@ change_connections "default" "${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.conf
change_connections "default" "${APP_SERVICES_DIR}/Jabber/ASC.Xmpp.Server.Launcher.exe.config";
change_connections "default" "${APP_APISYSTEM_DIR}/Web.config";
sed "s!\"host\":.*,!\"host\":\"${MYSQL_SERVER_HOST}\",!" -i ${APP_SERVICES_DIR}/ASC.UrlShortener/config/config.json
sed "s!\"user\":.*,!\"user\":\"${MYSQL_SERVER_USER}\",!" -i ${APP_SERVICES_DIR}/ASC.UrlShortener/config/config.json
sed "s!\"password\":.*,!\"password\":\"${MYSQL_SERVER_PASS}\",!" -i ${APP_SERVICES_DIR}/ASC.UrlShortener/config/config.json
sed "s!\"database\":.*!\"database\":\"${MYSQL_SERVER_DB_NAME}\"!" -i ${APP_SERVICES_DIR}/ASC.UrlShortener/config/config.json
set +x
find "${APP_SERVICES_DIR}/ASC.UrlShortener/config" -type f -name "*.json" -exec sed -i \
-e "s!\(\"host\":\).*,!\1 \"${MYSQL_SERVER_HOST}\",!" \
-e "s!\(\"user\":\).*,!\1 \"${MYSQL_SERVER_USER}\",!" \
-e "s!\(\"password\":\).*,!\1 \"${MYSQL_SERVER_PASS//!/\\!}\",!" \
-e "s!\(\"database\":\).*!\1 \"${MYSQL_SERVER_DB_NAME}\"!" {} \;
sed -i "s/Server=.*/Server=${MYSQL_SERVER_HOST};Port=${MYSQL_SERVER_PORT};Database=${MYSQL_SERVER_DB_NAME};User ID=${MYSQL_SERVER_USER};Password=${MYSQL_SERVER_PASS};Pooling=true;Character Set=utf8;AutoEnlist=false;SSL Mode=none;AllowPublicKeyRetrieval=true;Connection Timeout=30;Maximum Pool Size=300;\",/g" ${APP_CONFIG_DIR}/appsettings.production.json
set -x
if [ "${DB_TABLES_COUNT}" -eq "0" ]; then
mysql_batch_exec ${APP_SQL_DIR}/onlyoffice.sql
mysql_batch_exec ${APP_SQL_DIR}/onlyoffice.data.sql
@ -755,7 +777,7 @@ if [ "${DOCUMENT_SERVER_ENABLED}" == "true" ]; then
if [ ! -f ${LICENSE_FILE_PATH} ]; then
mysql --silent --skip-column-names -h ${MYSQL_SERVER_HOST} -P ${MYSQL_SERVER_PORT} -u ${MYSQL_SERVER_USER} --password=${MYSQL_SERVER_PASS} -D ${MYSQL_SERVER_DB_NAME} <<EOF || true
mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -D ${MYSQL_SERVER_DB_NAME} <<EOF || true
INSERT IGNORE INTO tenants_quota (tenant, name, max_file_size, max_total_size, active_users, features)
SELECT -1000, 'start_trial', max_file_size, max_total_size, active_users, CONCAT(features, ',trial')
FROM tenants_quota
@ -778,9 +800,8 @@ if [ "${MAIL_SERVER_ENABLED}" == "true" ]; then
while [ "$interval" -lt "$timeout" ] ; do
interval=$((${interval} + 10));
MAIL_SERVER_HOSTNAME=$(mysql --silent --skip-column-names -h ${MAIL_SERVER_DB_HOST} \
--port=${MAIL_SERVER_DB_PORT} -u "${MAIL_SERVER_DB_USER}" \
--password="${MAIL_SERVER_DB_PASS}" -D "${MAIL_SERVER_DB_NAME}" -e "SELECT Comment from greylisting_whitelist where Source='SenderIP:${MAIL_SERVER_API_HOST}' limit 1;");
MAIL_SERVER_HOSTNAME=$(mysql --defaults-extra-file="$MYSQL_MAIL_CONFIG" --skip-column-names \
-D "${MAIL_SERVER_DB_NAME}" -e "SELECT Comment from greylisting_whitelist where Source='SenderIP:${MAIL_SERVER_API_HOST}' limit 1;");
if [[ "$?" -eq "0" ]] && [[ -n ${MAIL_SERVER_HOSTNAME} ]]; then
break;
fi
@ -816,14 +837,10 @@ if [ "${MAIL_SERVER_ENABLED}" == "true" ]; then
fi
mysql --silent --skip-column-names -h ${MAIL_SERVER_DB_HOST} \
--port=${MAIL_SERVER_DB_PORT} -u "${MAIL_SERVER_DB_USER}" \
--password="${MAIL_SERVER_DB_PASS}" -D "${MAIL_SERVER_DB_NAME}" \
mysql --defaults-extra-file="$MYSQL_MAIL_CONFIG" --skip-column-names -D "${MAIL_SERVER_DB_NAME}" \
-e "DELETE FROM greylisting_whitelist WHERE Comment='onlyoffice-community-server';";
mysql --silent --skip-column-names -h ${MAIL_SERVER_DB_HOST} \
--port=${MAIL_SERVER_DB_PORT} -u "${MAIL_SERVER_DB_USER}" \
--password="${MAIL_SERVER_DB_PASS}" -D "${MAIL_SERVER_DB_NAME}" \
mysql --defaults-extra-file="$MYSQL_MAIL_CONFIG" --skip-column-names -D "${MAIL_SERVER_DB_NAME}" \
-e "REPLACE INTO greylisting_whitelist (Source, Comment, Disabled) VALUES (\"SenderIP:${SENDER_IP}\", 'onlyoffice-community-server', 0);";
if [ -z ${MYSQL_MAIL_SERVER_ID} ]; then
@ -866,10 +883,8 @@ END
while [ "$interval" -lt "$timeout" ] ; do
interval=$((${interval} + 10));
MYSQL_MAIL_SERVER_ACCESS_TOKEN=$(mysql --silent --skip-column-names -h ${MAIL_SERVER_DB_HOST} \
--port=${MAIL_SERVER_DB_PORT} -u "${MAIL_SERVER_DB_USER}" \
--password="${MAIL_SERVER_DB_PASS}" -D "${MAIL_SERVER_DB_NAME}" \
-e "select access_token from api_keys where id=1;");
MYSQL_MAIL_SERVER_ACCESS_TOKEN=$(mysql --defaults-extra-file="$MYSQL_MAIL_CONFIG" --skip-column-names \
-D "${MAIL_SERVER_DB_NAME}" -e "select access_token from api_keys where id=1;");
if [[ "$?" -eq "0" ]] && [[ -n ${MYSQL_MAIL_SERVER_ACCESS_TOKEN} ]]; then
break;
fi
@ -908,13 +923,14 @@ do
if [ $serverID == 1 ]; then
sed '/web.warmup.count/s/value=\"\S*\"/value=\"'${APP_MONOSERVE_COUNT}'\"/g' -i ${APP_ROOT_DIR}/web.appsettings.config
sed '/web.warmup.domain/s/value=\"\S*\"/value=\"localhost\/warmup\"/g' -i ${APP_ROOT_DIR}/web.appsettings.config
sed "/core.machinekey/s!value=\".*\"!value=\"${APP_CORE_MACHINEKEY}\"!g" -i ${APP_ROOT_DIR}/web.appsettings.config
sed "/core.machinekey/s!value=\".*\"!value=\"${APP_CORE_MACHINEKEY}\"!g" -i ${APP_APISYSTEM_DIR}/Web.config
sed "/core.machinekey/s!value=\".*\"!value=\"${APP_CORE_MACHINEKEY}\"!g" -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
sed "/core\.machinekey/s!\"core\.machinekey\".*!\"core\.machinekey\":\"${APP_CORE_MACHINEKEY}\",!" -i ${APP_SERVICES_DIR}/ASC.Socket.IO/config/config.json
sed "s!machine_key\s*=.*!machine_key = ${APP_CORE_MACHINEKEY}!g" -i ${APP_SERVICES_DIR}/TeamLabSvc/radicale.config
sed "s!\"core\.machinekey\":.*,!\"core\.machinekey\":\"${APP_CORE_MACHINEKEY}\",!g" -i ${APP_SERVICES_DIR}/ASC.UrlShortener/config/config.json
sed "s!\"machinekey\":.*!\"machinekey\":\"${APP_CORE_MACHINEKEY}\",!" -i ${APP_CONFIG_DIR}/appsettings.production.json
sed "s^\(machine_key\)\s*=.*^\1 = ${APP_CORE_MACHINEKEY//^/\\^}^g" -i ${APP_SERVICES_DIR}/TeamLabSvc/radicale.config
binDirs=("$APP_APISYSTEM_DIR" "$APP_SERVICES_DIR" "$APP_ROOT_DIR" "$APP_CONFIG_DIR")
for i in "${!binDirs[@]}"; do
find "${binDirs[$i]}" -type f -name "*.[cC]onfig" -exec sed -i "/core.\machinekey/s_\(value\s*=\s*\"\)[^\"]*\"_\1${APP_CORE_MACHINEKEY//_/\\_}\"_" {} \;
find "${binDirs[$i]}" -type f -name "*.json" -exec sed -i "s_\(\"core.machinekey\":\|\"machinekey\":\).*,_\1 \"${APP_CORE_MACHINEKEY//_/\\_}\",_" {} \;
done
continue;
fi
@ -1099,14 +1115,14 @@ systemctl stop onlyofficeStorageMigrate
systemctl stop onlyofficeStorageEncryption
systemctl stop onlyofficeUrlShortener
systemctl stop onlyofficeThumbnailBuilder
systemctl stop onlyofficeAutoCleanUp
systemctl stop onlyofficeFilesTrashCleaner
systemctl stop god
systemctl enable god
systemctl stop elasticsearch
systemctl stop redis-server
systemctl stop mysql
mysqladmin shutdown
systemctl stop nginx
systemctl stop monoserveApiSystem.service
@ -1146,7 +1162,7 @@ if [ "${APP_SERVICES_EXTERNAL}" == "true" ]; then
systemctl disable onlyofficeStorageEncryption.service
systemctl disable onlyofficeUrlShortener.service
systemctl disable onlyofficeThumbnailBuilder.service
systemctl disable onlyofficeAutoCleanUp.service
systemctl disable onlyofficeFilesTrashCleaner.service
rm -f /lib/systemd/system/onlyofficeRadicale.service
rm -f /lib/systemd/system/onlyofficeTelegram.service
@ -1165,7 +1181,7 @@ if [ "${APP_SERVICES_EXTERNAL}" == "true" ]; then
rm -f /lib/systemd/system/onlyofficeStorageEncryption.sevice
rm -f /lib/systemd/system/onlyofficeUrlShortener.service
rm -f /lib/systemd/system/onlyofficeThumbnailBuilder.service
rm -f /lib/systemd/system/onlyofficeAutoCleanUp.service
rm -f /lib/systemd/system/onlyofficeFilesTrashCleaner.service
sed '/onlyoffice/d' -i ${APP_CRON_PATH}
else
@ -1186,7 +1202,7 @@ else
systemctl enable onlyofficeStorageEncryption.service
systemctl enable onlyofficeUrlShortener.service
systemctl enable onlyofficeThumbnailBuilder.service
systemctl enable onlyofficeAutoCleanUp.service
systemctl enable onlyofficeFilesTrashCleaner.service
fi
if [ "${APP_MODE}" == "SERVER" ]; then