Merge branch release/v8.1.0 into develop

Fix branding paths (#745 )
Fix changing permissions for log directories (#744 )
2026-04-07 14:01:38 +08:00 · 2024-06-26 10:50:52 +00:00 · 2024-06-11 11:16:38 +03:00 · 2024-06-10 17:28:48 +03:00 · 2024-06-03 17:35:29 +03:00 · 2024-06-03 17:33:07 +03:00
20 changed files with 566 additions and 14 deletions
--- a/.github/workflows/stable-build.yml
+++ b/.github/workflows/stable-build.yml
@ -129,7 +129,7 @@ jobs:
           export PRODUCT_EDITION=${{ matrix.edition }}
           export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
           export DOCKERFILE=Dockerfile
-           export BASE_IMAGE=ubuntu:20.04
+           export BASE_VERSION=20.04
           export PG_VERSION=12
           export TAG=${VERSION%.*}.${RELEASE_NUMBER}
           export PACKAGE_VERSION=$( echo ${VERSION} |  sed -E 's/(.*)\./\1-/')
--- a/.github/workflows/zap-ds.yaml
+++ b/.github/workflows/zap-ds.yaml
@ -0,0 +1,70 @@
+---
+name: Scanning DocumentServer with ZAP
+
+run-name: > 
+      ZAP DocumentServer ver: ${{ github.event.inputs.version }} from branch: ${{ github.event.inputs.branch }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Set DocumentServer version that will be deployed'
+        type: string
+        required: true
+      branch:
+        description: 'The branch from which the scan will be performed'
+        type: string
+        required: true
+jobs:
+  zap:
+    name: "Zap scanning DocumentServer"
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run DS
+        id: run-ds
+        env:
+          TAG: ${{ github.event.inputs.version }}
+        run: |
+           # Create ssl certs
+           openssl genrsa -out tls.key 2048
+           openssl req -new -key tls.key -out tls.csr -subj "/C=RU/ST=NizhObl/L=NizhNov/O=RK-Tech/OU=TestUnit/CN=TestName"
+           openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
+           openssl dhparam -out dhparam.pem 2048
+           sudo mkdir -p /app/onlyoffice/DocumentServer/data/certs
+           sudo cp ./tls.key /app/onlyoffice/DocumentServer/data/certs/
+           sudo cp ./tls.crt /app/onlyoffice/DocumentServer/data/certs/
+           sudo cp ./dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
+           sudo chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
+           rm ./tls.key ./tls.crt ./dhparam.pem
+
+           # Run Ds with enabled ssl
+           export CONTAINER_NAME="documentserver"
+           sudo docker run -itd \
+                           --name ${CONTAINER_NAME} \
+                           -p 80:80 \
+                           -p 443:443 \
+                           -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
+                           onlyoffice/4testing-documentserver:${TAG}
+           sleep 60
+           sudo docker exec ${CONTAINER_NAME} sudo supervisorctl start ds:example
+           LOCAL_IP=$(hostname -I | awk '{print $1}')
+           echo "local-ip=${LOCAL_IP}" >> "$GITHUB_OUTPUT"
+
+      # Scan DocumentServer with ZAP.
+      # NOTE: Full scan get a lot of time.
+      # If you want make scan more faster (but less accurate) remove `cmd options` field
+      # -j mean that scanning use AJAX Spider, with this spider the scan takes approximately an hour
+      # Without any cmd options will be used default spider and the scan takes approximately ~10-15 minutes
+      - name: ZAP Scan
+        uses: zaproxy/action-full-scan@v0.8.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          target: 'https://${{ steps.run-ds.outputs.local-ip }}/'
+          allow_issue_writing: false
+          cmd_options: '-j'
--- a/37
+++ b/37
@ -1,26 +1,44 @@
-ARG BASE_IMAGE=ubuntu:22.04
+ARG BASE_VERSION=22.04
+
+ARG BASE_IMAGE=ubuntu:$BASE_VERSION

 FROM ${BASE_IMAGE} as documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>

+ARG BASE_VERSION
 ARG PG_VERSION=14

-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION}
+ENV OC_RELEASE_NUM=21
+ENV OC_RU_VER=12
+ENV OC_RU_REVISION_VER=0
+ENV OC_RESERVED_NUM=0
+ENV OC_RU_DATE=0
+ENV OC_PATH=${OC_RELEASE_NUM}${OC_RU_VER}000
+ENV OC_FILE_SUFFIX=${OC_RELEASE_NUM}.${OC_RU_VER}.${OC_RU_REVISION_VER}.${OC_RESERVED_NUM}.${OC_RU_DATE}${OC_FILE_SUFFIX}dbru
+ENV OC_VER_DIR=${OC_RELEASE_NUM}_${OC_RU_VER}
+ENV OC_DOWNLOAD_URL=https://download.oracle.com/otn_software/linux/instantclient/${OC_PATH}
+
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION} BASE_VERSION=${BASE_VERSION}

 ARG ONLYOFFICE_VALUE=onlyoffice

 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
    apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \
+    wget -q -O /etc/apt/sources.list.d/mssql-release.list https://packages.microsoft.com/config/ubuntu/$BASE_VERSION/prod.list && \
+    wget -q -O - https://packages.microsoft.com/keys/microsoft.asc | apt-key add - && \
+    apt-get -y update && \
    locale-gen en_US.UTF-8 && \
    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
-    apt-get -yq install \
+    ACCEPT_EULA=Y apt-get -yq install \
        adduser \
        apt-utils \
        bomstrip \
        certbot \
+        cron \
        curl \
        htop \
+        libaio1 \
        libasound2 \
        libboost-regex-dev \
        libcairo2 \
@ -33,6 +51,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
        libxml2 \
        libxss1 \
        libxtst6 \
+        mssql-tools18 \
        mysql-client \
        nano \
        net-tools \
@ -47,6 +66,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
        sudo \
        supervisor \
        ttf-mscorefonts-installer \
+        unixodbc-dev \
+        unzip \
        xvfb \
        zlib1g && \
    if [  $(ls -l /usr/share/fonts/truetype/msttcorefonts | wc -l) -ne 61 ]; \
@ -58,6 +79,11 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    service postgresql restart && \
    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE OWNER $ONLYOFFICE_VALUE;" && \
+    wget -O basic.zip ${OC_DOWNLOAD_URL}/instantclient-basic-linux.x64-${OC_FILE_SUFFIX}.zip && \
+    wget -O sqlplus.zip ${OC_DOWNLOAD_URL}/instantclient-sqlplus-linux.x64-${OC_FILE_SUFFIX}.zip && \
+    unzip -d /usr/share basic.zip && \
+    unzip -d /usr/share sqlplus.zip && \
+    mv /usr/share/instantclient_${OC_VER_DIR} /usr/share/instantclient && \
    service postgresql stop && \
    service redis-server stop && \
    service rabbitmq-server stop && \
@ -68,6 +94,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
 COPY config/supervisor/supervisor /etc/init.d/
 COPY config/supervisor/ds/*.conf /etc/supervisor/conf.d/
 COPY run-document-server.sh /app/ds/run-document-server.sh
+COPY oracle/sqlplus /usr/bin/sqlplus

 EXPOSE 80 443

@ -93,6 +120,10 @@ RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VER
    sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
    service supervisor stop && \
    chmod 755 /app/ds/*.sh && \
+    printf "\nGO" >> /var/www/$COMPANY_NAME/documentserver/server/schema/mssql/createdb.sql && \
+    printf "\nGO" >> /var/www/$COMPANY_NAME/documentserver/server/schema/mssql/removetbl.sql && \
+    printf "\nexit" >> /var/www/$COMPANY_NAME/documentserver/server/schema/oracle/createdb.sql && \
+    printf "\nexit" >> /var/www/$COMPANY_NAME/documentserver/server/schema/oracle/removetbl.sql && \
    rm -f /tmp/$PACKAGE_FILE && \
    rm -rf /var/log/$COMPANY_NAME && \
    rm -rf /var/lib/apt/lists/*
--- a/README.md
+++ b/README.md
@ -178,7 +178,8 @@ Below is the complete list of parameters that can be set using environment varia
 - **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/tls.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.
+- **NODE_EXTRA_CA_CERTS**: The [NODE_EXTRA_CA_CERTS](https://nodejs.org/api/cli.html#node_extra_ca_certsfile "Node.js documentation") to extend CAs with the extra certificates for Node.js. Defaults to `/var/www/onlyoffice/Data/certs/extra-ca-certs.pem`.
+- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb`, `mysql`, `mssql` or `oracle`. Defaults to `postgres`.
 - **DB_HOST**: The IP address or the name of the host where the database server is running.
 - **DB_PORT**: The database server port number.
 - **DB_NAME**: The name of a database to use. Should be existing on container startup.
--- a/config/supervisor/ds/ds-metrics.conf
+++ b/config/supervisor/ds/ds-metrics.conf
@ -9,5 +9,5 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/var/log/COMPANY_NAME/documentserver/metrics/err.log
 stderr_logfile_backups=0
 stderr_logfile_maxbytes=0
-autostart=true
-autorestart=true
+autostart=false
+autorestart=false
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -64,7 +64,7 @@ variable "LATEST" {

 ### ↓ Variables for UCS build ↓

-variable "BASE_IMAGE" {
+variable "BASE_VERSION" {
    default     = ""
 }

@ -130,7 +130,7 @@ target "documentserver-ucs" {
        "COMPANY_NAME": "${COMPANY_NAME}"
        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
-        "BASE_IMAGE": "${BASE_IMAGE}"
+        "BASE_VERSION": "${BASE_VERSION}"
        "PG_VERSION": "${PG_VERSION}"
    }
 }
--- a/oracle/sqlplus
+++ b/oracle/sqlplus
@ -0,0 +1,6 @@
+#!/bin/sh
+
+CLIENTDIR=/usr/share/instantclient
+export LD_LIBRARY_PATH=$CLIENTDIR
+$CLIENTDIR/sqlplus $@
+
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -23,6 +23,7 @@ DS_LOG_DIR="${LOG_DIR}/documentserver"
 LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
+SUPERVISOR_CONF_DIR="/etc/supervisor/conf.d"
 IS_UPGRADE="false"

 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
@ -60,6 +61,25 @@ if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]
 else
  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
+
+#When set, the well known "root" CAs will be extended with the extra certificates in file
+NODE_EXTRA_CA_CERTS=${NODE_EXTRA_CA_CERTS:-${SSL_CERTIFICATES_DIR}/extra-ca-certs.pem}
+if [[ -f ${NODE_EXTRA_CA_CERTS} ]]; then
+  NODE_EXTRA_ENVIRONMENT="${NODE_EXTRA_CA_CERTS}"
+elif [[ -f ${SSL_CERTIFICATE_PATH} ]]; then
+  SSL_CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${SSL_CERTIFICATE_PATH}" | sed 's/subject=//')
+  SSL_CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${SSL_CERTIFICATE_PATH}" | sed 's/issuer=//')
+
+  #Add self-signed certificate to trusted list for validating Docs requests to the test example 
+  if [[ -n $SSL_CERTIFICATE_SUBJECT && $SSL_CERTIFICATE_SUBJECT == $SSL_CERTIFICATE_ISSUER ]]; then
+    NODE_EXTRA_ENVIRONMENT="${SSL_CERTIFICATE_PATH}"
+  fi
+fi
+
+if [[ -n $NODE_EXTRA_ENVIRONMENT ]]; then
+  sed -i "s|^environment=.*$|&,NODE_EXTRA_CA_CERTS=${NODE_EXTRA_ENVIRONMENT}|" /etc/supervisor/conf.d/*.conf
+fi
+
 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
@ -154,6 +174,15 @@ read_setting(){
    "mariadb"|"mysql")
      DB_PORT=${DB_PORT:-"3306"}
      ;;
+    "dameng")
+      DB_PORT=${DB_PORT:-"5236"}
+      ;;
+    "mssql")
+      DB_PORT=${DB_PORT:-"1433"}
+      ;;
+    "oracle")
+      DB_PORT=${DB_PORT:-"1521"}
+      ;;
    "")
      DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}}
      ;;
@ -232,8 +261,31 @@ waiting_for_connection(){
  done
 }

+waiting_for_db_ready(){
+  case $DB_TYPE in
+    "oracle")
+      PDB="XEPDB1"
+      ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+      DB_TEST="echo \"SELECT version FROM V\$INSTANCE;\" | $ORACLE_SQL 2>/dev/null | grep \"Connected\" | wc -l"
+      ;;
+    *)
+      return
+      ;;
+  esac
+
+  for (( i=1; i <= 10; i++ )); do
+    RES=$(eval $DB_TEST)
+    if [ "$RES" -ne "0" ]; then
+      echo "Database is ready"
+      break
+    fi
+    sleep 5
+  done
+}
+
 waiting_for_db(){
  waiting_for_connection $DB_HOST $DB_PORT
+  waiting_for_db_ready
 }

 waiting_for_amqp(){
@ -253,6 +305,7 @@ update_statsd_settings(){
  ${JSON} -I -e "this.statsd.host = '${METRICS_HOST}'"
  ${JSON} -I -e "this.statsd.port = '${METRICS_PORT}'"
  ${JSON} -I -e "this.statsd.prefix = '${METRICS_PREFIX}'"
+  sed -i -E "s/(autostart|autorestart)=.*$/\1=${METRICS_ENABLED}/g" ${SUPERVISOR_CONF_DIR}/ds-metrics.conf
 }

 update_db_settings(){
@ -345,10 +398,24 @@ update_ds_settings(){
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
  fi

-  if [ "${WOPI_ENABLED}" == "true" ]; then
-    ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}"
-    ${JSON} -I -e "this.wopi.enable = true"
-  fi
+  WOPI_PRIVATE_KEY="${DATA_DIR}/wopi_private.key"
+  WOPI_PUBLIC_KEY="${DATA_DIR}/wopi_public.key"
+
+  [ ! -f "${WOPI_PRIVATE_KEY}" ] && echo -n "Generating WOPI private key..." && openssl genpkey -algorithm RSA -outform PEM -out "${WOPI_PRIVATE_KEY}" >/dev/null 2>&1 && echo "Done"
+  [ ! -f "${WOPI_PUBLIC_KEY}" ] && echo -n "Generating WOPI public key..." && openssl rsa -RSAPublicKey_out -in "${WOPI_PRIVATE_KEY}" -outform "MS PUBLICKEYBLOB" -out "${WOPI_PUBLIC_KEY}" >/dev/null 2>&1  && echo "Done"
+  WOPI_MODULUS=$(openssl rsa -pubin -inform "MS PUBLICKEYBLOB" -modulus -noout -in "${WOPI_PUBLIC_KEY}" | sed 's/Modulus=//')
+  WOPI_EXPONENT=$(openssl rsa -pubin -inform "MS PUBLICKEYBLOB" -text -noout -in "${WOPI_PUBLIC_KEY}" | grep -oP '(?<=Exponent: )\d+')
+  
+  ${JSON} -I -e "if(this.wopi===undefined)this.wopi={};"
+  ${JSON} -I -e "this.wopi.enable = ${WOPI_ENABLED}"
+  ${JSON} -I -e "this.wopi.privateKey = '$(awk '{printf "%s\\n", $0}' ${WOPI_PRIVATE_KEY})'"
+  ${JSON} -I -e "this.wopi.privateKeyOld = '$(awk '{printf "%s\\n", $0}' ${WOPI_PRIVATE_KEY})'"
+  ${JSON} -I -e "this.wopi.publicKey = '$(openssl base64 -in ${WOPI_PUBLIC_KEY} -A)'"
+  ${JSON} -I -e "this.wopi.publicKeyOld = '$(openssl base64 -in ${WOPI_PUBLIC_KEY} -A)'"
+  ${JSON} -I -e "this.wopi.modulus = '${WOPI_MODULUS}'"
+  ${JSON} -I -e "this.wopi.modulusOld = '${WOPI_MODULUS}'"
+  ${JSON} -I -e "this.wopi.exponent = ${WOPI_EXPONENT}"
+  ${JSON} -I -e "this.wopi.exponentOld = ${WOPI_EXPONENT}"

  if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}"
@ -373,6 +440,12 @@ create_postgresql_db(){
  sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
 }

+create_mssql_db(){
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT"
+
+  $MSSQL -U $DB_USER -P "$DB_PWD" -C -Q "IF NOT EXISTS (SELECT * FROM sys.databases WHERE name = '$DB_NAME') BEGIN CREATE DATABASE $DB_NAME; END"
+}
+
 create_db_tbl() {
  case $DB_TYPE in
    "postgres")
@ -381,6 +454,12 @@ create_db_tbl() {
    "mariadb"|"mysql")
      create_mysql_tbl
    ;;
+    "mssql")
+      create_mssql_tbl
+    ;;
+    "oracle")
+      create_oracle_tbl
+    ;;
  esac
 }

@ -392,6 +471,12 @@ upgrade_db_tbl() {
    "mariadb"|"mysql")
      upgrade_mysql_tbl
    ;;
+    "mssql")
+      upgrade_mssql_tbl
+    ;;
+    "oracle")
+      upgrade_oracle_tbl
+    ;;
  esac
 }

@ -414,6 +499,22 @@ upgrade_mysql_tbl() {
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
 }

+upgrade_mssql_tbl() {
+  CONN_PARAMS="-U $DB_USER -P "$DB_PWD" -C"
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT $CONN_PARAMS"
+
+  $MSSQL < "$APP_DIR/server/schema/mssql/removetbl.sql" >/dev/null 2>&1
+  $MSSQL < "$APP_DIR/server/schema/mssql/createdb.sql" >/dev/null 2>&1
+}
+
+upgrade_oracle_tbl() {
+  PDB="XEPDB1"
+  ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/removetbl.sql >/dev/null 2>&1
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/createdb.sql >/dev/null 2>&1
+}
+
 create_postgresql_tbl() {
  if [ -n "$DB_PWD" ]; then
    export PGPASSWORD=$DB_PWD
@ -433,6 +534,22 @@ create_mysql_tbl() {
  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
 }

+create_mssql_tbl() {  
+  create_mssql_db
+
+  CONN_PARAMS="-U $DB_USER -P "$DB_PWD" -C"
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT $CONN_PARAMS"
+
+  $MSSQL < "$APP_DIR/server/schema/mssql/createdb.sql" >/dev/null 2>&1
+}
+
+create_oracle_tbl() {
+  PDB="XEPDB1"
+  ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/createdb.sql >/dev/null 2>&1
+}
+
 update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
  if [[ -e $WELCOME_PAGE ]]; then
@ -528,7 +645,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${
 done

 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR}; do
+for i in ${DS_LOG_DIR} ${DS_LOG_DIR}-example ${LIB_DIR}; do
  chown -R ds:ds "$i"
  chmod -R 755 "$i"
 done
--- a/tests/damengdb/.env
+++ b/tests/damengdb/.env
@ -0,0 +1 @@
+VERSION=latest
--- a/tests/damengdb/README.md
+++ b/tests/damengdb/README.md
@ -0,0 +1,19 @@
+## Stand Documentserver with damengdb
+
+### How it works
+
+For deploy stand, you need:
+
+**STEP 1**: Build you own images, do it with command:
+   
+```bash
+docker compose build
+```
+
+**STEP 2**: Wait build and when it finish deploy with command:
+
+```bash
+docker compose up -d 
+```
+
+Thats all.
--- a/tests/damengdb/damengdb.Dockerfile
+++ b/tests/damengdb/damengdb.Dockerfile
@ -0,0 +1,46 @@
+FROM onlyoffice/damengdb:8.1.2 as damengdb
+
+ARG DM8_USER="SYSDBA"
+ARG DM8_PASS="SYSDBA001"
+ARG DB_HOST="localhost"
+ARG DB_PORT="5236"
+ARG DISQL_BIN="/opt/dmdbms/bin"
+
+SHELL ["/bin/bash", "-c"]
+
+COPY <<"EOF" /wait_dm_ready.sh
+#!/usr/bin/env bash
+
+function wait_dm_ready() {
+  cd /opt/dmdbms/bin
+  for i in `seq 1  10`; do
+    echo `./disql /nolog <<EOF
+CONN SYSDBA/SYSDBA001@localhost
+exit
+EOF` | grep  "connection failure" > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+      echo "DM Database is not OK, please wait..."
+      sleep 10
+    else
+      echo "DM Database is OK"
+      break
+    fi
+  done
+}
+
+wait_dm_ready
+
+EOF
+
+
+RUN   bash /opt/startup.sh > /dev/null 2>&1 \
+   &  mkdir -p /schema/damengdb \
+   && apt update -y ; apt install wget -y \
+   && wget https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/dameng/createdb.sql -P /schema/dameng/ \
+   && bash ./wait_dm_ready.sh \
+   && cd ${DISQL_BIN} \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT -e \
+      "create user "onlyoffice" identified by "onlyoffice" password_policy 0;" \
+   && echo "EXIT" | tee -a /schema/dameng/createdb.sql \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT \`/schema/dameng/createdb.sql \
+   && sleep 10
--- a/tests/damengdb/docker-compose.yml
+++ b/tests/damengdb/docker-compose.yml
@ -0,0 +1,67 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+      target: documentserver
+    container_name: onlyoffice-documentserver
+    depends_on:
+      - onlyoffice-dameng
+      - onlyoffice-rabbitmq
+    environment:
+      - DB_TYPE=dameng
+      - DB_HOST=onlyoffice-dameng
+      - DB_PORT=5236
+      - DB_NAME=onlyoffice
+      - DB_USER=onlyoffice
+      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+      # Costomize the JSON Web Token validation parameters if needed.
+      #- JWT_ENABLED=false
+      #- JWT_SECRET=secret
+      #- JWT_HEADER=Authorization
+      #- JWT_IN_BODY=true
+    ports:
+      - '80:80'
+      - '443:443'
+    stdin_open: true
+    restart: always
+    stop_grace_period: 60s
+    volumes:
+       - /var/www/onlyoffice/Data
+       - /var/log/onlyoffice
+       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
+       - /var/www/onlyoffice/documentserver-example/public/files
+       - /usr/share/fonts
+       
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq
+    restart: always
+    expose:
+      - '5672'
+
+  onlyoffice-dameng:
+    container_name: onlyoffice-dameng
+    build:
+      context: .
+      dockerfile: damengdb.Dockerfile
+      target: damengdb
+      args:
+        DM8_USER: SYSDBA
+        DM8_PASS: SYSDBA001
+        DB_HOST: localhost
+        DB_PORT: 5236
+    environment:
+      - PAGE_SIZE=16
+      - LD_LIBRARY_PATH=/opt/dmdbms/bin
+      - INSTANCE_NAME=dm8_01
+    restart: always
+    expose:
+      - '5236'
+    volumes:
+      - dameng_data:/opt/dmdbms/data
+
+volumes:
+  dameng_data:
+  
--- a/tests/mssql/README.md
+++ b/tests/mssql/README.md
@ -0,0 +1,17 @@
+## Stand Documentserver with mssql
+
+### How it works
+
+For deploy stand:
+
+**STEP 1**: Build you own images:
+   
+```bash
+sudo docker-compose build
+```
+
+**STEP 2**: Wait build complete and when:
+
+```bash
+sudo docker-compose up -d 
+```
--- a/tests/mssql/create_db_user.sh
+++ b/tests/mssql/create_db_user.sh
@ -0,0 +1,32 @@
+#!/bin/bash
+
+#generate SA password
+SYMBOLS='!#$%&*+,-.:;=?@^_~'
+for (( i=1; i <= 20; i++ )); do
+  PASS=$(tr -dc "A-Za-z0-9$SYMBOLS" </dev/urandom | head -c 15)
+  if [[ $PASS == *[0-9]* && 
+        $PASS != $(echo "$PASS" | tr [:upper:] ' ') && 
+        $PASS != $(echo "$PASS" | tr [:lower:] ' ') && 
+        $PASS != $(echo "$PASS" | tr "$SYMBOLS" ' ') ]]; then
+    break
+  fi
+done
+export MSSQL_SA_PASSWORD=$PASS
+
+CONNECTION_STR="/opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U SA -P "$MSSQL_SA_PASSWORD" -C -Q"
+
+#start db
+/opt/mssql/bin/sqlservr &
+
+#wait for db up
+for (( i=1; i <= 10; i++ )); do
+  RES=$($CONNECTION_STR "SELECT @@VERSION;" 2>/dev/null | grep "affected" | wc -l)
+  if [ "$RES" -eq "1" ]; then
+    echo "Database is ready"
+    break
+  fi
+  sleep 10
+done
+
+#create new db user
+$CONNECTION_STR "IF NOT EXISTS (SELECT * FROM sys.sql_logins WHERE name = '$MSSQL_USER') BEGIN CREATE LOGIN $MSSQL_USER WITH PASSWORD = '$MSSQL_PASSWORD' , CHECK_POLICY = OFF; ALTER SERVER ROLE [dbcreator] ADD MEMBER [$MSSQL_USER]; END"
--- a/tests/mssql/docker-compose.yml
+++ b/tests/mssql/docker-compose.yml
@ -0,0 +1,38 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+    depends_on:
+      - onlyoffice-mssql
+    environment:
+      - DB_TYPE=${DB_TYPE:-mssql}
+      - DB_HOST=${DB_HOST:-onlyoffice-mssql}
+      - DB_PORT=${DB_PORT:-1433}
+      - DB_NAME=${DB_NAME:-onlyoffice}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-mssql:
+    container_name: onlyoffice-mssql
+    build:
+      context: .
+      dockerfile: mssql.Dockerfile
+      args:
+        - MSSQL_DATABASE=${DB_NAME:-onlyoffice}
+        - MSSQL_USER=${DB_USER:-onlyoffice}
+        - MSSQL_PASSWORD=${DB_PWD:-onlyoffice}
+    restart: always
+    volumes:
+      - mssql_data:/var/opt/mssql
+    expose:
+      - '1433'
+
+volumes:
+  mssql_data:
--- a/tests/mssql/mssql.Dockerfile
+++ b/tests/mssql/mssql.Dockerfile
@ -0,0 +1,9 @@
+FROM mcr.microsoft.com/mssql/server:2022-latest as onlyoffice-mssql
+
+ENV ACCEPT_EULA=Y
+
+SHELL ["/bin/bash", "-c"]
+
+COPY create_db_user.sh /tmp/create_db_user.sh
+
+RUN bash /tmp/create_db_user.sh
--- a/tests/oracle/README.md
+++ b/tests/oracle/README.md
@ -0,0 +1,17 @@
+## Stand Documentserver with oracle
+
+### How it works
+
+For deploy stand:
+
+**STEP 1**: Build you own images:
+   
+```bash
+sudo docker-compose build
+```
+
+**STEP 2**: Wait build complete and when:
+
+```bash
+sudo docker-compose up -d 
+```
--- a/tests/oracle/create_db_user.sh
+++ b/tests/oracle/create_db_user.sh
@ -0,0 +1,28 @@
+#!/bin/bash
+
+CONNECTION_STR="sqlplus sys/$ORACLE_PASSWORD@//localhost:1521/$ORACLE_DATABASE as sysdba"
+
+export ORACLE_PWD=$ORACLE_PASSWORD
+
+#start db
+/opt/oracle/runOracle.sh &
+
+#wait for db up
+for (( i=1; i <= 20; i++ )); do
+  RES=$(echo "SELECT version FROM V\$INSTANCE;" | $CONNECTION_STR 2>/dev/null | grep "Connected" | wc -l)
+  if [ "$RES" -ne "0" ]; then
+    echo "Database is ready"
+    break
+  fi
+  sleep 10
+done
+
+sleep 1
+
+#create new db user
+$CONNECTION_STR <<EOF
+CREATE USER $ORACLE_USER IDENTIFIED BY $ORACLE_PASSWORD;
+GRANT CREATE SESSION TO $ORACLE_USER;
+GRANT CREATE TABLE TO $ORACLE_USER; 
+ALTER USER $ORACLE_USER quota unlimited on USERS;
+EOF
--- a/tests/oracle/docker-compose.yml
+++ b/tests/oracle/docker-compose.yml
@ -0,0 +1,38 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+    depends_on:
+      - onlyoffice-oracle
+    environment:
+      - DB_TYPE=${DB_TYPE:-oracle}
+      - DB_HOST=${DB_HOST:-onlyoffice-oracle}
+      - DB_PORT=${DB_PORT:-1521}
+      - DB_NAME=${DB_NAME:-xepdb1}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-oracle:
+    container_name: onlyoffice-oracle
+    build:
+      context: .
+      dockerfile: oracle.Dockerfile
+      args:
+        - ORACLE_DATABASE=${DB_NAME:-xepdb1}
+        - ORACLE_USER=${DB_USER:-onlyoffice}
+        - ORACLE_PASSWORD=${DB_PWD:-onlyoffice}
+    restart: always
+    volumes:
+      - oracle_data:/opt/oracle/oradata
+    expose:
+      - '1521'
+
+volumes:
+  oracle_data:
--- a/tests/oracle/oracle.Dockerfile
+++ b/tests/oracle/oracle.Dockerfile
@ -0,0 +1,15 @@
+FROM container-registry.oracle.com/database/express:21.3.0-xe as onlyoffice-oracle
+
+ARG ORACLE_DATABASE=
+ARG ORACLE_PASSWORD=
+ARG ORACLE_USER=
+
+ENV ORACLE_DATABASE=$ORACLE_DATABASE \
+    ORACLE_PASSWORD=$ORACLE_PASSWORD \
+    ORACLE_USER=$ORACLE_USER
+
+SHELL ["/bin/bash", "-c"]
+
+COPY create_db_user.sh /tmp/create_db_user.sh
+
+RUN bash /tmp/create_db_user.sh
Author	SHA1	Message	Date
papacarlo	7d78233879	Merge branch release/v8.1.0 into develop	2024-06-26 10:50:52 +00:00
Semyon Bezrukov	b2c9221d48	Fix branding paths (#745 )	2024-06-11 11:16:38 +03:00
Evgeniy Antonyuk	3b60bc3c6e	Fix changing permissions for log directories (#744 )	2024-06-10 17:28:48 +03:00
Evgeniy Antonyuk	275719d078	Add fixes to WOPI configuration (#742 )	2024-06-03 17:35:29 +03:00
Evgeniy Antonyuk	cf29c757a2	fix Bug 68320 - Fix output during WOPI configuration (#741 )	2024-06-03 17:33:07 +03:00
Evgeniy Antonyuk	85ddd66d9f	fix Bug 66601 - Add additional parameters for WOPI configuration (#738 )	2024-05-29 16:05:22 +03:00
Roman Demidov	bbfc86a1e0	Add ORACLE support (#734 )	2024-05-27 13:57:11 +03:00
Evgeniy Antonyuk	b4e29f9695	Add configuration of WOPI parameters (#735 )	2024-05-21 14:13:54 +03:00
Roman Demidov	b665c004da	Use mssql-tools version from BASE_IMAGE (#731 ) * Use mssql-tools version from BASE_IMAGE * Small changes * Small changes * Small changes * Small changes * Small changes	2024-05-03 11:23:12 +03:00
Roman Demidov	a571bd0d1a	Add MSSQL support (#728 )	2024-04-23 13:04:49 +03:00
Evgeniy Antonyuk	12eb20a61b	fix Bug 65410 - Disable ds:metrics service when METRICS_ENABLED=false (#726 )	2024-04-10 10:49:31 +03:00
Danil Titarenko	3fe861b1a4	Add damengdb stand (#712 ) * Add dameng stand * Rename compose file * Move damengdb files in tests folder * Remove copy bin disql command * Refactoring damengdb stand * Update readme instructions * Refactor: update readme * Refactor: add note * Update run command for disql copy * Remove scripts and add volumes in compose file Stand was updated. Main changes that scripts for prepare environment was removed.Now damengdb image can be pulled from hub.docker, also disql will be mounted from damengdb container in documentserver container. * Update damengdb image version * Actualized damengdb compose file Use damengdb image from onlyoffice repo. Also do not use develop documentserver build anymore * Don't mount entrypoint script anymore After release it will be inside the image with the necessary edits * Add the ability to build an image before compose is started * Dameng: Execute schema on build stage Now if you want use damengdb, you nedd build own image, schema for Documentserver will be create on build stage. Add dockerfile for the build dameng image. Also disql bin file don't share between containers * Actualize readme for damengdb stand * Editing typos * Remove useless lines * Small cosmetic change * Remove useless volume from compose file * Use default password for check connection * Remove `image` filed from compose	2024-03-25 17:13:26 +03:00
Evgeniy Antonyuk	eb1706e3b7	fix Bug 62253 - NODE_EXTRA_CA_CERTS substitution error (#721 )	2024-03-19 15:37:55 +03:00
papacarlo	184a07a2b3	Merge branch hotfix/v8.0.1 into release/v8.1.0	2024-03-15 11:20:06 +00:00
papacarlo	34a80e08da	Merge branch hotfix/v8.0.1 into develop	2024-03-15 11:20:03 +00:00
Evgeniy Antonyuk	5e9c269d86	fix Bug 62253 - self-signed SSL issue (#714 )	2024-03-13 16:00:05 +03:00
papacarlo	c4cd0a1417	Merge branch release/v8.0.0 into develop	2024-02-05 08:48:59 +00:00
papacarlo	40efc5bea9	Merge branch release/v8.0.0 into master	2024-01-30 11:32:11 +00:00
Alexey Golubev	0a42ee66b0	Fix bug #60688 (#703 )	2024-01-18 10:20:37 +03:00
Danil Titarenko	6416c2c32a	Action small fixes (#697 )	2023-12-21 13:22:02 +03:00
Danil Titarenko	016440fd4b	Disable issue creation from zap scanner (#695 )	2023-12-20 11:22:37 +03:00
Danil Titarenko	84a8191de9	Add DocumentServer zap scanner (#685 ) * Add DocumentServer zap scanner * Fix zap target url from `http` to `https`	2023-12-19 11:24:58 +03:00
papacarlo	f67284582f	Merge branch hotfix/v7.5.1 into develop	2023-11-15 12:57:39 +00:00