migrate to deb/rpm package

assets/tools/default-onlyoffice-ssl.sh

@@ -1,49 +0,0 @@
-#!/bin/bash
-
-if [ ! -f /var/www/onlyoffice/Data/certs/dhparam.pem ]; then
-        sudo openssl dhparam -out dhparam.pem 2048
-
-        mv dhparam.pem /var/www/onlyoffice/Data/certs/dhparam.pem;
-fi
-
-DOCKER_ONLYOFFICE_SUBNET=$(ip -o -f inet addr show | awk '/scope global/ {print $4}');
-
-cp /app/onlyoffice/config/nginx/onlyoffice-ssl default-onlyoffice-ssl.conf;
-
-SSL_CERTIFICATE_PATH="/var/www/onlyoffice/Data/certs/onlyoffice.crt"
-SSL_KEY_PATH="/var/www/onlyoffice/Data/certs/onlyoffice.key"
-ONLYOFFICE_SERVICES_DIR="/var/www/onlyoffice/Services"
-
-sed "s,{{SSL_CERTIFICATE_PATH}},${SSL_CERTIFICATE_PATH}," -i default-onlyoffice-ssl.conf;
-sed "s,{{SSL_KEY_PATH}},${SSL_KEY_PATH}," -i default-onlyoffice-ssl.conf;
-sed 's,{{SSL_DHPARAM_PATH}},/var/www/onlyoffice/Data/certs/dhparam.pem,' -i default-onlyoffice-ssl.conf;
-sed 's,{{SSL_VERIFY_CLIENT}},off,' -i default-onlyoffice-ssl.conf;
-sed '/{{CA_CERTIFICATES_PATH}}/d' -i default-onlyoffice-ssl.conf;
-sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/63072000/' -i default-onlyoffice-ssl.conf;
-sed 's,{{DOCKER_ONLYOFFICE_SUBNET}},'"${DOCKER_ONLYOFFICE_SUBNET}"',' -i default-onlyoffice-ssl.conf;
-sed 's/{{ONLYOFFICE_NIGNX_KEEPLIVE}}/64/g' -i default-onlyoffice-ssl.conf;
-
-SSL_OCSP_CERTIFICATE_PATH="/var/www/onlyoffice/Data/certs/stapling.trusted.crt"
-
-# if dhparam path is valid, add to the config, otherwise remove the option
-if [ -r "${SSL_OCSP_CERTIFICATE_PATH}" ]; then
-        sed 's,{{SSL_OCSP_CERTIFICATE_PATH}},'"${SSL_OCSP_CERTIFICATE_PATH}"',' -i default-onlyoffice-ssl.conf;
-else
-        sed '/ssl_stapling/d' -i default-onlyoffice-ssl.conf;
-        sed '/ssl_stapling_verify/d' -i default-onlyoffice-ssl.conf;
-        sed '/ssl_trusted_certificate/d' -i default-onlyoffice-ssl.conf;
-        sed '/resolver/d' -i default-onlyoffice-ssl.conf;
-        sed '/resolver_timeout/d' -i default-onlyoffice-ssl.conf;
-fi
-
-# sed '/certificate/s/\(value\s*=\s*\"\).*\"/\1${SSL_CERTIFICATE_PATH}"\"/' -i ${ONLYOFFICE_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.Config
-# sed '/certificatePrivateKey/s/\(value\s*=\s*\"\).*\"/\1${SSL_KEY_PATH}"\"/' -i ${ONLYOFFICE_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.Config;
-# sed '/startTls/s/\(value\s*=\s*\"\).*\"/\1optional"\"/' -i ${ONLYOFFICE_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.Config;
-
-sed '/mail\.default-api-scheme/s/\(value\s*=\s*\"\).*\"/\1https\"/' -i /var/www/onlyoffice/Services/MailAggregator/ASC.Mail.Aggregator.CollectionService.exe.config;
-
-mv default-onlyoffice-ssl.conf /etc/nginx/sites-enabled/onlyoffice
-
-service onlyofficeMailAggregator restart
-# service onlyofficeJabber restart
-service nginx reload

assets/tools/default-onlyoffice.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-cp /app/onlyoffice/config/nginx/onlyoffice default-onlyoffice.conf;
-
-sed 's/{{ONLYOFFICE_NIGNX_KEEPLIVE}}/64/g' -i default-onlyoffice.conf;
-sed '/mail\.default-api-scheme/s/\(value\s*=\s*\"\).*\"/\1http\"/' -i /var/www/onlyoffice/Services/MailAggregator/ASC.Mail.Aggregator.CollectionService.exe.config;
-
-mv default-onlyoffice.conf /etc/nginx/sites-enabled/onlyoffice
-
-service onlyofficeMailAggregator restart
-service nginx reload
-

assets/tools/letsencrypt.sh

@@ -1,25 +0,0 @@
-#!/bin/bash
-
-_domains="";
-
-for arg; do
-    _domains="$_domains -d $arg";
-done
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-certbot certonly --expand --webroot -w /var/www/onlyoffice/Data/certs --noninteractive --agree-tos --email support@$1 $_domains;
-
-cp /etc/letsencrypt/live/$1/fullchain.pem /var/www/onlyoffice/Data/certs/onlyoffice.crt
-cp /etc/letsencrypt/live/$1/privkey.pem /var/www/onlyoffice/Data/certs/onlyoffice.key
-cp /etc/letsencrypt/live/$1/chain.pem /var/www/onlyoffice/Data/certs/stapling.trusted.crt
-
-cat > /etc/cron.d/letsencrypt <<END
-@weekly root certbot renew >> /var/log/le-renew.log
-@weekly root cp /etc/letsencrypt/live/$1/fullchain.pem /var/www/onlyoffice/Data/certs/onlyoffice.crt
-@weekly root cp /etc/letsencrypt/live/$1/privkey.pem /var/www/onlyoffice/Data/certs/onlyoffice.key
-@weekly root cp /etc/letsencrypt/live/$1/chain.pem /var/www/onlyoffice/Data/certs/stapling.trusted.crt
-@weekly root nginx reload
-END
-
-source $DIR/default-onlyoffice-ssl.sh

config/nginx/nginx.conf

@@ -1,32 +0,0 @@
-user  nginx;
-worker_processes  auto;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    #gzip  on;
-    include /etc/nginx/sites-enabled/*;
-    include /etc/nginx/conf.d/*.conf;
-}
-

config/nginx/onlyoffice

@@ -1,38 +0,0 @@
-upstream fastcgi_backend_apisystem {
-        server unix:/var/run/onlyoffice/onlyofficeApiSystem.socket;
-        keepalive 32;
-}
-
-upstream fastcgi_backend {
-	server unix:/var/run/onlyoffice/onlyoffice.socket;
-	keepalive {{ONLYOFFICE_NIGNX_KEEPLIVE}};
-}
-
-fastcgi_cache_path /var/cache/nginx/onlyoffice
-	levels=1:2
-	keys_zone=onlyoffice:16m
-	max_size=256m
-	inactive=1d;
-
-map $http_host $this_host {
-  "" $host;
-  default $http_host;
-}
-
-map $http_x_forwarded_proto $the_scheme {
-  default $http_x_forwarded_proto;
-  "" $scheme;
-}
-
-map $http_x_forwarded_host $the_host {
-  default $http_x_forwarded_host;
-  "" $this_host;
-}
-
-server {
-	listen 80;
-	
-	add_header Access-Control-Allow-Origin *;
-
-        include /etc/nginx/includes/onlyoffice-communityserver-*.conf;
-}

config/nginx/onlyoffice-init

@@ -1,43 +0,0 @@
-upstream fastcgi_backend {
-        server unix:/var/run/onlyoffice/onlyoffice.socket;
-        keepalive 32;
-}
-
-server {
-        listen 80;
-
-        fastcgi_keep_conn on;
-        fastcgi_index   Default.aspx;
-        fastcgi_intercept_errors on;
-
-
-        include fastcgi_params;
-
-        fastcgi_param HTTP_X_REWRITER_URL $http_x_rewriter_url;
-        fastcgi_param SERVER_NAME $host;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param PATH_INFO "";
-
-        fastcgi_read_timeout    600;
-        fastcgi_send_timeout    600;
-
-
-        location / {
-                root    /var/www/onlyoffice/WebStudio/;
-                expires           0;
-                add_header        Cache-Control no-cache;
-                rewrite ^(.*)$ /StartConfigure.htm  break;
-        }
-
-	location /api {
-		fastcgi_pass fastcgi_backend;
-		break;
-	}
-
-        location  ~* ^/(warmup[2-9]?)/ {
-		rewrite /warmup([^/]*)/(.*) /$2 break;
-                fastcgi_pass unix:/var/run/onlyoffice/onlyoffice$1.socket;
-        }
-}
-
-

config/nginx/onlyoffice-ssl

@@ -1,120 +0,0 @@
-upstream fastcgi_backend_apisystem {
-        server unix:/var/run/onlyoffice/onlyofficeApiSystem.socket;
-        keepalive 32;
-}
-
-upstream fastcgi_backend {
-	server unix:/var/run/onlyoffice/onlyoffice.socket;
-	keepalive {{ONLYOFFICE_NIGNX_KEEPLIVE}};
-}
-
-fastcgi_cache_path /var/cache/nginx/onlyoffice
-	levels=1:2
-	keys_zone=onlyoffice:16m
-	max_size=256m
-	inactive=1d;
-
-geo $ip_external {
-     default 1;
-     {{DOCKER_ONLYOFFICE_SUBNET}} 0;
-     127.0.0.1 0;
-}
-
-map $http_host $this_host {
-  "" $host;
-  default $http_host;
-}
-
-map $http_x_forwarded_proto $the_scheme {
-  default $http_x_forwarded_proto;
-  "" $scheme;
-}
-
-map $http_x_forwarded_host $the_host {
-  default $http_x_forwarded_host;
-  "" $this_host;
-}
-
-## Normal HTTP host
-server {
-	listen 0.0.0.0:80;
-	listen [::]:80 default_server;
-	server_name _;
-	server_tokens off;
-
-        root /nowhere; ## root doesn't have to be a valid path since we are redirecting
-
-        location / {
-	        if ($ip_external) {
-	                ## Redirects all traffic to the HTTPS host
-      		         rewrite ^ https://$host$request_uri? permanent;
-                }
-
-
-                client_max_body_size 100m;
-
-                proxy_pass https://127.0.0.1;
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-                proxy_set_header Host $host;
-                proxy_set_header X-Real-IP $remote_addr;
-                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-                proxy_set_header X-Forwarded-Host $server_name;
-                proxy_set_header X-Forwarded-Proto $scheme;
-                proxy_ssl_verify off;
-        }
-}
-
-## HTTPS host
-server {
-	listen 0.0.0.0:443 ssl http2;
-	listen [::]:443 ssl http2 default_server;
-	server_tokens off;
-	root /usr/share/nginx/html;
-
-	## Increase this if you want to upload large attachments
-	client_max_body_size 100m;
-
-	## Strong SSL Security
-	## https://cipherli.st/
-	ssl on;
-	ssl_certificate {{SSL_CERTIFICATE_PATH}};
-	ssl_certificate_key {{SSL_KEY_PATH}};
-	ssl_verify_client {{SSL_VERIFY_CLIENT}};
-	ssl_client_certificate {{CA_CERTIFICATES_PATH}};
-
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-	ssl_prefer_server_ciphers on;
-	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
-	ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
-	ssl_session_cache shared:SSL:10m;
-	ssl_session_tickets off; # Requires nginx >= 1.5.9
-
-	add_header Strict-Transport-Security "max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}; includeSubDomains; preload" always;
-#	add_header X-Frame-Options DENY;
-	add_header X-Content-Type-Options nosniff;
-	add_header Access-Control-Allow-Origin *;	
-
-	## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
-	## Replace with your ssl_trusted_certificate. For more info see:
-	## - https://medium.com/devops-programming/4445f4862461
-	## - https://www.ruby-forum.com/topic/4419319
-	## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
-	ssl_stapling on;
-	ssl_stapling_verify on;
-	ssl_trusted_certificate {{SSL_OCSP_CERTIFICATE_PATH}};
-	resolver 8.8.8.8 8.8.4.4 127.0.0.11 valid=300s; # Can change to your DNS resolver if desired
-	resolver_timeout 10s;
-
-	## [Optional] Generate a stronger DHE parameter:
-	## cd /etc/ssl/certs
-	## sudo openssl dhparam -out dhparam.pem 4096
-	##
-	ssl_dhparam {{SSL_DHPARAM_PATH}};
-
-        include /etc/nginx/includes/onlyoffice-communityserver-*.conf;
-}
-
-
-

run-community-server.sh

@@ -150,13 +150,13 @@ fi
 #	fi	
 # fi
 
-cp ${SYSCONF_TEMPLATES_DIR}/nginx/nginx.conf ${NGINX_ROOT_DIR}/nginx.conf
+cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-nginx.conf.template ${NGINX_ROOT_DIR}/nginx.conf
 
 sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_ROOT_DIR}/nginx.conf
 sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_ROOT_DIR}/nginx.conf
 
 
-cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-init ${NGINX_CONF_DIR}/onlyoffice
+cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-common-init.conf.template ${NGINX_CONF_DIR}/onlyoffice
 rm -f ${NGINX_ROOT_DIR}/conf.d/*.conf
 
 rsyslogd
@@ -435,7 +435,7 @@ done
 
 # setup HTTPS
 if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
-	cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-ssl ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
+	cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-common-ssl.conf.template ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
 
 	mkdir -p ${LOG_DIR}/nginx
 
@@ -484,7 +484,7 @@ if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
 	sed '/mail\.default-api-scheme/s/\(value\s*=\s*\"\).*\"/\1https\"/' -i ${ONLYOFFICE_SERVICES_DIR}/MailAggregator/ASC.Mail.Aggregator.CollectionService.exe.config;
 
 else
-	cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice;
+	cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-common.conf.template ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice;
 fi