Cosmetic changes

Refactoring code for secrets use
Add link to secrets configure block
2026-04-07 14:01:38 +08:00 · 2022-07-29 20:26:01 +03:00 · 2022-07-29 20:24:07 +03:00 · 2022-07-29 17:00:13 +03:00 · 2022-07-29 16:56:35 +03:00 · 2022-07-29 16:52:42 +03:00
12 changed files with 433 additions and 89 deletions
--- a/.github/workflows/4testing-build.yml
+++ b/.github/workflows/4testing-build.yml
@ -0,0 +1,93 @@
+### This workflow setup instance then build and push images ###
+name: 4testing multiarch-build
+
+on:
+  push:
+    tags:
+      - "v*"
+      - "!v*-stable"
+
+env: 
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver"
+      
+jobs:
+  build:
+    name: Build 
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.condition }}
+    strategy:
+      matrix:
+        images: ["documentserver"]
+        edition: ["", "-ee", "-de"]
+        condition: [true]
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+     
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get Tag Name
+        run: |
+          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Build 4testing
+        run: |
+          ### ==>> At this step build variable declaration ###
+          DOCKER_TAG=$( echo ${{ env.RELEASE_VERSION }} | sed 's/^.//' )
+          PACKAGE_VERSION=$( echo $DOCKER_TAG | sed -E 's/(.*)\./\1-/' )
+          NODE_PLATFORMS=$( echo ${{ steps.buildx.outputs.platforms }} | sed 's/linux\///g' | sed 's/,/ /g' )
+          echo "Start check avalivable build platforms >>"
+
+          ### ==>> In this loop we will check all avalivable documentserver architectures. After that all accessed arch will be added to build-platforms list. ###
+          for ARCH in ${NODE_PLATFORMS}; do
+            REPO_URL=${{ secrets.REPO_URL }} 
+            if [[ ${{ env.RELEASE_VERSION }} == v99.* ]]; then
+              REPO_URL=${{ secrets.UNSTABLE_REPO_URL }}
+            fi
+            PACKAGE_URL_CHECK=${REPO_URL}${{ matrix.edition }}_"$PACKAGE_VERSION"_${ARCH}.deb
+            STATUS=$(curl -s -o /dev/null -w "%{http_code}\n" "${PACKAGE_URL_CHECK}")
+            if [[ "$STATUS" = "200" ]]; then
+              echo "✔  ${ARCH} is avalivable >> set like one of build platforms"
+              PLATFORMS+=(linux/${ARCH},)
+              BUILD_PLATFORMS=$( echo ${PLATFORMS[@]} | sed 's/ //g' | sed 's/\(.*\),/\1/' )
+            else
+              echo "${ARCH} in not avalivable"
+            fi
+          done
+          PACKAGE_URL_BUILD=$( echo ${PACKAGE_URL_CHECK} | sed -e "s/${PACKAGE_VERSION}_.*.deb/${PACKAGE_VERSION}_TARGETARCH.deb/g" )
+
+          ### ==>> At this step if there is no access to any platform and platform list is empty, build will exit with 1. ###  
+          if [[ -z ${BUILD_PLATFORMS} ]]; then
+            echo "Have no access to any platform >> exit with 1"
+            exit 1
+          fi
+          echo "DONE: Check passed >> Build for platforms: ${BUILD_PLATFORMS}"
+          echo "Build is starting ... >>"
+
+          ### ==>> Build and push images at this step ### 
+          PRODUCT_EDITION=${{ matrix.edition }} \
+          PACKAGE_URL=$PACKAGE_URL_BUILD \
+          PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
+          DOCKERFILE=Dockerfile \
+          PREFIX_NAME=4testing- \
+          TAG=$DOCKER_TAG \
+          PLATFORM=$BUILD_PLATFORMS \
+          COMPANY_NAME=${{ env.COMPANY_NAME }} \
+            docker buildx bake \
+            -f docker-bake.hcl ${{ matrix.images }} \
+            --push
+          echo "DONE: Build success >> exit with 0"
+          exit 0
+        shell: bash
--- a/.github/workflows/stable-build.yml
+++ b/.github/workflows/stable-build.yml
@ -0,0 +1,67 @@
+### This workflow setup instance then build and push images ###
+name: Multi-arch build stable
+
+on:
+  push:
+    tags:
+      - "v*-stable"
+
+env:
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver" 
+
+jobs:
+  build:
+    name: Build 
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.condition }}
+    strategy:
+      matrix:
+        images: ["documentserver-stable"]
+        edition: ["", "-ee", "-de"]
+        condition: [true]
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+     
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get Tag Name
+        id: tag_name
+        run: |
+          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
+
+      - name: Build documentserver-release
+        run: |
+          TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
+          SHORTER_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+\.[\d]+')
+          SHORTEST_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+')
+          IMAGE_STATUS=$(docker manifest inspect ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG > /dev/null ; echo $?)
+             if [[ "$IMAGE_STATUS" = "0" ]]; then
+                echo "Image present on docker.hub >> start build stable version"
+                echo "FROM ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG as ${{ env.PRODUCT_NAME }}-stable" >> Dockerfile.stable
+                PRODUCT_EDITION=${{ matrix.edition }} PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
+                COMPANY_NAME=${{ env.COMPANY_NAME}} DOCKERFILE=Dockerfile.stable \
+                   TAG=$TAG \
+                   SHORTER_TAG=$SHORTER_TAG \
+                   SHORTEST_TAG=$SHORTEST_TAG \
+                   docker buildx bake \
+                   -f docker-bake.hcl ${{ matrix.images }} \
+                   --push 
+                echo "DONE: Build success >> exit with 0"
+                exit 0
+             else
+                echo "FAILED: Image with tag $TAG do not presented on docker.hub >> build will not started >> exit with 1"
+                exit 1
+             fi
+        shell: bash
--- a/18
+++ b/18
@ -1,14 +1,16 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04 as documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>

-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=12
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=14

 ARG ONLYOFFICE_VALUE=onlyoffice

 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
    apt-get -yq install wget apt-transport-https gnupg locales && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
+    mkdir -p $HOME/.gnupg && \
+    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
+    chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \
    locale-gen en_US.UTF-8 && \
    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
    apt-get -yq install \
@ -69,14 +71,18 @@ COPY run-document-server.sh /app/ds/run-document-server.sh

 EXPOSE 80 443

+ARG TARGETARCH
+ARG PRODUCT_EDITION=
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
-ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}_amd64.deb"
+ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}_$TARGETARCH.deb"

 ENV COMPANY_NAME=$COMPANY_NAME \
-    PRODUCT_NAME=$PRODUCT_NAME
+    PRODUCT_NAME=$PRODUCT_NAME \
+    PRODUCT_EDITION=$PRODUCT_EDITION

-RUN wget -q -P /tmp "$PACKAGE_URL" && \
+RUN PACKAGE_URL=$( echo ${PACKAGE_URL} | sed "s/TARGETARCH/"${TARGETARCH}"/g") && \
+    wget -q -P /tmp "$PACKAGE_URL" && \
    apt-get -y update && \
    service postgresql start && \
    apt-get -yq install /tmp/$(basename "$PACKAGE_URL") && \
--- a/Dockerfile.cl
+++ b/Dockerfile.cl
@ -1,4 +0,0 @@
-FROM onlyoffice/documentserver-ee:latest
-
-RUN sed -i '/trap clean_exit SIGTERM/s/^/#/' /app/ds/run-document-server.sh
-
--- a/56
+++ b/56
@ -15,60 +15,54 @@ PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
 PACKAGE_URL := http://$(S3_BUCKET).s3.amazonaws.com/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu/$(PACKAGE_NAME)_$(PACKAGE_VERSION)_amd64.deb

-UPDATE_LATEST := false
-
-ifneq (,$(findstring develop,$(GIT_BRANCH)))
-DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
-DOCKER_TAGS += latest
-else ifneq (,$(findstring release,$(GIT_BRANCH)))
-DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
-else ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
-DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
+ifeq ($(RELEASE_BRANCH),$(filter $(RELEASE_BRANCH),unstable testing))
+	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))
 else
-DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
 endif

-DOCKER_TAGS += $(DOCKER_TAG)
-
-DOCKER_REPO = $(COMPANY_NAME_LOW_ESCAPED)/4testing-$(PRODUCT_NAME_LOW)
-
-COLON := __colon__
-DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
-
+DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)
+DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)__$(DOCKER_TAG).dummy
 DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
-
 DOCKER_ARCH_URI := $(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/docker/$(notdir $(DOCKER_ARCH))

-.PHONY: all clean clean-docker deploy docker publish
+.PHONY: all clean clean-docker image deploy docker publish

-$(DOCKER_TARGETS): $(DEB_REPO_DATA)
+$(DOCKER_DUMMY):
 	docker pull ubuntu:20.04
 	docker build \
 		--build-arg PACKAGE_URL=$(PACKAGE_URL) \
 		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
 		--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
-		-t $(subst $(COLON),:,$@) . &&\
-	mkdir -p $$(dirname $@) &&\
+		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
+	mkdir -p $$(dirname $@) && \
 	echo "Done" > $@

-$(DOCKER_ARCH): $(DOCKER_TARGETS)
-	docker save $(DOCKER_REPO):$(DOCKER_TAG) | \
+$(DOCKER_ARCH): $(DOCKER_DUMMY)
+	docker save $(DOCKER_IMAGE):$(DOCKER_TAG) | \
 		gzip > $@

-all: $(DOCKER_TARGETS)
+all: image

 clean:
-	rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
+	rm -rfv *.dummy *.tar.gz
 		
 clean-docker:
 	docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0

-deploy: $(DOCKER_TARGETS)
-	$(foreach TARGET,$(DOCKER_TARGETS), \
-		for i in {1..3}; do \
-			docker push $(subst $(COLON),:,$(TARGET)) && break || sleep 1m; \
-		done;)
+image: $(DOCKER_DUMMY)
+
+deploy: $(DOCKER_DUMMY)
+	for i in {1..3}; do \
+		docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \
+	done
+ifeq ($(RELEASE_BRANCH),unstable)
+	docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest
+	for i in {1..3}; do \
+		docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \
+	done
+endif

 publish: $(DOCKER_ARCH)
 	aws s3 cp --no-progress --acl public-read \
--- a/README.md
+++ b/README.md
@ -10,6 +10,7 @@
        + [Strengthening the Server Security](#strengthening-the-server-security)
        + [Installation of the SSL Certificates](#installation-of-the-ssl-certificates)
        + [Available Configuration Parameters](#available-configuration-parameters)
+    - [Running ONLYOFFICE Document Server using docker secrets](#running-onlyoffice-document-server-using-docker-secrets)
 * [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
 * [Issues](#issues)
    - [Docker Issues](#docker-issues)
@ -163,6 +164,58 @@ chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key

 You are now just one step away from having our application secured.

+### Running ONLYOFFICE Document Server using docker secrets
+
+For manage sensitive data like database password/username you can use Docker secrets. If you want use secrets, you must start the Document Server like service with docker compose or docker swarm. According to [official docker documentation](https://docs.docker.com/engine/swarm/secrets/) secrets did not avalivable to standalone containers. To start using the secrets you need to go through a few simple steps: 
+
+**STEP 1**: 
+At first you need to iniciate docker swarm with command:
+
+```bash
+sudo docker swarm init 
+```
+
+**STEP 2**:
+On the next step you need to make the secrets. DocumentServer support username/password for postgresql access and jwt header/secret. 
+
+If you want to use secrets for database access create secrets with command:
+
+```bash
+sudo printf "your_pass" | docker secret create dbPass -
+sudo printf "your_user" | docker secret create dbUser -
+```
+NOTE: After secrets dbPass and dbUser was created, DocumentServer will be configured automaticly for use the same secrets for postgres access.
+
+If you want to use JSON Web Token values from secrets create secrets with command: 
+
+```bash
+sudo printf "secret_value" | docker secret create jwtSecret -
+sudo printf "header_value" | docker secret create jwtHeader -
+```
+
+**STEP 3**:
+After secrets was created you need to build the DocumentServer with command:
+
+```bash
+sudo docker compose build
+```
+
+**STEP 4**:
+After all when images was builded and secrets was created very important uncomment in docker-compose.yml file strings with secrets thats you want to use. For more information refer to the comments in docker-compose.yml
+
+**STEP 5**:
+Now Document Server is ready to deploy with secrets. For that run: 
+
+```bash
+sudo docker stack deploy --compose-file=docker-compose.yml documentserver-secrets
+```
+
+Also you can run Document Server in docker-compose mode with the same config
+
+```bash
+sudo docker compose up -d 
+```
+
 #### Available Configuration Parameters

 *Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command.*
@ -185,8 +238,10 @@ Below is the complete list of parameters that can be set using environment varia
 - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
+- **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
+- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
 - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
@ -201,6 +256,13 @@ Below is the complete list of parameters that can be set using environment varia
 - **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
 - **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.

+Below list values avalivable only for compose/swarm mode.
+
+- **JWT_SECRET_FILE**: Specifies the path to the mounted file, the value from which will be used like JWT_Secret value. Default path that docker mounted secrets: `/run/secrets/jwtSecret`
+- **JWT_HEADER_FILE**: Specifies the path to the mounted file, the value from which will be used like JWT_Header value. Default path that docker mounted secrets: `/run/secrets/jwtHeader`
+- **POSTGRES_USER_FILE**: Default postgresql container value. Tells the database where to get the username value by set to db access. Default path: `run/secrets/dbUser`
+- **POSTGRES_PASSWORD_FILE**: Default postgresql container value. Tells the database where to get the password value by set to db access. Default path: `run/secrets/dbPass`
+
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers

 ONLYOFFICE Document Server is a part of ONLYOFFICE Community Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
@ -245,7 +307,7 @@ sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always -
 onlyoffice/mailserver
 ```

-The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml#L87).

 To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").

@ -295,7 +357,7 @@ bash opensource-install.sh -md yourdomain.com
 Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:

 ```bash
-wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
+wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.groups.yml
 docker-compose up -d
 ```

--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -0,0 +1,68 @@
+variable "TAG" {
+    default = ""
+}
+
+variable "SHORTER_TAG" {
+    default = ""
+}
+
+variable "SHORTEST_TAG" {
+    default = ""
+}
+
+variable "COMPANY_NAME" {
+    default = ""
+}
+
+variable "PREFIX_NAME" {
+    default = ""
+}
+
+variable "PRODUCT_EDITION" {
+    default = ""
+}
+
+variable "PRODUCT_NAME" {
+    default = ""
+}
+
+variable "DOCKERFILE" {
+    default = ""
+}
+
+variable "PLATFORM" {
+    default = ""
+}
+
+variable "PACKAGE_URL" {
+    default = ""
+}
+
+target "documentserver" {
+    target = "documentserver"
+    dockerfile= "${DOCKERFILE}"
+    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}"]
+    platforms = ["${PLATFORM}"]
+    args = {
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PACKAGE_URL": "${PACKAGE_URL}"
+        "PLATFORM": "${PLATFORM}"
+    }
+}
+
+target "documentserver-stable" {
+    target = "documentserver-stable"
+    dockerfile= "${DOCKERFILE}"
+    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest"]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+    }
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,4 @@
-version: '2'
+version: "3.9"
 services:
  onlyoffice-documentserver:
    build:
@ -8,6 +8,7 @@ services:
      - onlyoffice-postgresql
      - onlyoffice-rabbitmq
    environment:
+      - USE_SECRETS=false # ←  Set on "true" if you plan use secrets.
      - DB_TYPE=postgres
      - DB_HOST=onlyoffice-postgresql
      - DB_PORT=5432
@ -16,9 +17,13 @@ services:
      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
      # Uncomment strings below to enable the JSON Web Token validation.
      #- JWT_ENABLED=true
+      #- JWT_IN_BODY=true
      #- JWT_SECRET=secret
      #- JWT_HEADER=Authorization
-      #- JWT_IN_BODY=true
+      #  ↑ Uncomment two upper strings to use jwt_secret and jwt_header values by default without docker secrets.
+      #  ↓ Or uncomment two strings below to use jwt_secret and jwt_header values from docker secrets that you create.
+      #- JWT_SECTER_FILE=/run/secrets/jwtSecret
+      #- JWT_HEADER_FILE=/run/secrets/jwtHeader
    ports:
      - '80:80'
      - '443:443'
@ -31,6 +36,12 @@ services:
       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
       - /var/www/onlyoffice/documentserver-example/public/files
       - /usr/share/fonts
+   # ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
+   #secrets:
+   #  - dbUser
+   #  - dbPass
+   #  - jwtSecret
+   #  - jwtHeader
       
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
@ -46,11 +57,30 @@ services:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
      - POSTGRES_HOST_AUTH_METHOD=trust
+      #  ↑ Comment two lines upper: POSTGRES_HOST_AUTH_METHOD and POSTGRES_USER and
+      #  ↓ Uncomment two strings below for use database access values from secrets that you create. 
+      #- POSTGRES_USER_FILE=/run/secrets/dbUser
+      #- POSTGRES_PASSWORD_FILE=/run/secrets/dbPass
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
+   #  ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
+   #secrets:
+   #  - dbUser
+   #  - dbPass
+
+#  ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
+#secrets:
+#  dbUser:
+#    external: true
+#  dbPass:
+#    external: true
+#  jwtSecret:
+#    external: true
+#  jwtHeader:
+#    external: true

 volumes:
  postgresql_data:
--- a/hooks/build
+++ b/hooks/build
@ -1,5 +0,0 @@
-#!/bin/bash
-
-sed -i '/trap clean_exit SIGTERM/s/^/#/' run-document-server.sh
-
-docker build -t $IMAGE_NAME .
--- a/hooks/post_push
+++ b/hooks/post_push
@ -1,7 +0,0 @@
-#!/bin/bash
-
-NEW_TAG=6.4.2
-NEW_IMAGE_NAME=$DOCKER_REPO:$NEW_TAG
-
-docker tag $IMAGE_NAME $NEW_IMAGE_NAME
-docker push $NEW_IMAGE_NAME
--- a/hooks/push
+++ b/hooks/push
@ -1,3 +0,0 @@
-#!/bin/bash
-
-docker push $IMAGE_NAME
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -19,6 +19,7 @@ LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
 IS_UPGRADE="false"
+SECRETS_PATH="/run/secrets/"

 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
@ -37,14 +38,21 @@ if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
  fi
 fi

-SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
-if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.crt ]]; then
-  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.crt
+SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
+mkdir -p ${SSL_CERTIFICATES_DIR}
+if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then
+  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
+  chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem
+  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key
+fi
+
+if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
+  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt
 else
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt}
 fi
-if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.key ]]; then
-  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.key
+if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then
+  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key
 else
  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
@ -67,15 +75,31 @@ NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
 NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}

 JWT_ENABLED=${JWT_ENABLED:-false}
+
+# validate user's vars before usinig in json
+if [ "${JWT_ENABLED}" == "true" ]; then
+  JWT_ENABLED="true"
+else
+  JWT_ENABLED="false"
+fi
+
 JWT_SECRET=${JWT_SECRET:-secret}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}

+if [ ${USE_SECRETS} == "true" ] && [ -s ${SECRETS_PATH}/jwtSecret ]; then
+  JWT_SECRET=$( cat ${SECRETS_PATH}/jwtSecret )
+fi
+
+if [ ${USE_SECRETS} == "true" ] && [ -s ${SECRETS_PATH}/jwtHeader ]; then
+  JWT_HEADER=$( cat ${SECRETS_PATH}/jwtHeader ) 
+fi
+
 WOPI_ENABLED=${WOPI_ENABLED:-false}

 GENERATE_FONTS=${GENERATE_FONTS:-true}

-if [[ ${PRODUCT_NAME} == "documentserver" ]]; then
+if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then
  REDIS_ENABLED=false
 else
  REDIS_ENABLED=true
@ -105,6 +129,17 @@ if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
  SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
 fi

+# update db credentials if secrets was configure
+if [ "${USE_SECRETS}" == "true" ]; then
+  if [ -s ${SECRETS_PATH}/dbUser ]; then
+    DB_USER=$( cat ${SECRETS_PATH}/dbUser )
+  fi
+
+  if [ -s ${SECRETS_PATH}/dbPass ]; then
+    DB_PWD=$( cat ${SECRETS_PATH}/dbPass )
+  fi
+fi
+
 read_setting(){
  deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
  deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
@ -284,33 +319,37 @@ update_rabbitmq_setting(){
 }

 update_redis_settings(){
+  ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
+
+  if [ -n "${REDIS_SERVER_PASS}" ]; then
+    ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}"
+  fi
+
 }

 update_ds_settings(){
-  if [ "${JWT_ENABLED}" == "true" ]; then
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"

-    ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
-    ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
-    ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"

-    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
-    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"

-    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"

-    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
-      ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
-      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
-      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
-    fi
+  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
+    ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
+    ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
+    ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
  fi
-
+ 
  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
@ -403,11 +442,13 @@ update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
  if [[ -e $WELCOME_PAGE ]]; then
    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
-    if [[ -x $(command -v docker) ]]; then
-      DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
-      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
-    else
-      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
+      if [[ -x $(command -v docker) ]]; then
+        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+      else
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+      fi
    fi
  fi
 }
@ -459,6 +500,8 @@ update_nginx_settings(){
  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
  fi
+
+  documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
 }

 update_supervisor_settings(){
@ -494,7 +537,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${
 done

 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
+for i in ${LOG_DIR} ${LIB_DIR}; do
  chown -R ds:ds "$i"
  chmod -R 755 "$i"
 done
Author	SHA1	Message	Date
danilapog	2e805effb2	Cosmetic changes	2022-07-29 20:26:01 +03:00
danilapog	014d5f75d8	Refactoring code for secrets use	2022-07-29 20:24:07 +03:00
danilapog	39dc4078ad	Add link to secrets configure block	2022-07-29 17:00:13 +03:00
danilapog	2192612519	Refactoring commentaries for better understanding secrets mechanism	2022-07-29 16:56:35 +03:00
danilapog	fe55daee6c	Refactoring variable descriptions	2022-07-29 16:52:42 +03:00
danilapog	4103346331	Refactoring variable descriptions	2022-07-29 16:51:13 +03:00
danilapog	36b6addbff	Refactoring variable descriptions	2022-07-29 16:45:45 +03:00
danilapog	bbbb17fb42	Refactoring variable descriptions	2022-07-29 16:43:00 +03:00
danilapog	062b192ee0	Refactoring variable descriptions	2022-07-29 16:41:57 +03:00
danilapog	31b14c6303	Refactoring variable descriptions	2022-07-29 16:39:00 +03:00
danilapog	4789d388cb	Refactoring variable descriptions	2022-07-29 16:34:59 +03:00
danilapog	c9d807deae	Add secret variable values descriptions	2022-07-29 16:16:44 +03:00
danilapog	8fbf228a8e	Refactoring run with secret instructions	2022-07-29 15:55:18 +03:00
danilapog	c5b01dc5e5	Refactoring run with secret instruction	2022-07-29 15:11:39 +03:00
danilapog	dfa4075e9c	Add instructions to run with secrets	2022-07-29 15:04:46 +03:00
danilapog	6bbd1c764f	Add check if jwt env present	2022-07-29 12:53:06 +03:00
danilapog	f361f25024	Comment unuse strings with secrets	2022-07-29 12:47:31 +03:00
danilapog	87a1ea2663	Use external secrets instead of secret file	2022-07-29 12:35:11 +03:00
danilapog	9388fcbbc0	Refactor: refactoring code	2022-07-28 14:05:15 +03:00
danilapog	48332f0ff9	Added the ability to use secrets for compose/swarm	2022-07-28 12:50:17 +03:00
Danil Titarenko	05c5042985	Add the missing variable (#467 )	2022-07-22 09:44:59 +03:00
Danil Titarenko	2213fc70f5	Add another tags processing (#464 ) * Add support for processing other tags * Print build-info before build start * Cosmetic changes * Add architecture and URL processing * Refactoring action code * Refactoring code * Refactoring code * Cosmetic changes * Remove some check package version * Refactoring code * Redefining url variable for dockerfile * Cosmetic changes * Changes platform conditions check * Set to use default TARGETARCH in build	2022-07-21 18:44:06 +03:00
Danil Titarenko	06a05223b5	Fix bug #58032 / Fix moves certificates alarm messages (#461 ) * Add some checks before replace certificates * Change if check key * Refactoring code * Refactoring code * Add checking exist files * Refactor: refactoring code * Remove check files conditions	2022-07-19 15:51:46 +03:00
Danil Titarenko	143e77fdfc	Fix Big #57286 / Add redis password config settings (#466 ) * Add redis password settings * Add variable description * Change variable descriptions * Change variable descriptions * Change variable descriptions	2022-07-18 17:11:06 +03:00
papacarlo	8acbfdbeb7	Merge branch hotfix/v7.1.1 into release/v7.2.0	2022-07-18 10:02:02 +00:00
Danil Titarenko	c16635ea71	Fix supervisor socket messages (#459 )	2022-07-12 12:37:48 +03:00
Danil Titarenko	29e4ec3027	Refactoring workflow (#448 )	2022-07-11 13:27:43 +03:00
Evgeniy Antonyuk	c7a1fd04a4	fix Bug 50138 / Fix SSL key access error (#455 ) * Fix SSL key access error * Change name of directory	2022-07-05 14:56:42 +03:00
Danil Titarenko	c4ddb99710	Update base image version (#447 )	2022-07-05 14:41:20 +03:00
Danil Titarenko	9494e08e8f	Fix for redis correct work (#449 ) * Fix for redis correct work * Refactoring code * Refactoring code * Refactoring code * Refactor: refactoring code	2022-06-15 10:30:18 +03:00
Danil Titarenko	86cbb01bbf	Add short tags for released images (#446 ) * Add short tags for images * Edit workflow tags	2022-06-10 15:43:50 +03:00
Danil Titarenko	a6562f4017	Add multiarch build with action (#445 ) * Update run-document-server.sh (#439) * Revert "Update run-document-server.sh (#439)" This reverts commit `5c17c711b1`. * Add bake config * Add targets for multiarch build * Add multiarch workflows * Cosmetic changes * Refactoring * Cosmetic changes * Cosmetic changes * Change URL for test repo * Refactor: refactoring code * Refactoring sed * Remove -ie build * Add special tag for package * Cosmetic changes Co-authored-by: papacarlo <builder@onlyoffice.com> Co-authored-by: Roger Shieh <sh.rog@protonmail.ch> Co-authored-by: Alexey Golubev <alexey.golubev@onlyoffice.com>	2022-06-09 13:27:39 +03:00
Evgeniy Antonyuk	01606746c1	Fix Bug 53170 / Add the ability to set secure_link_secret (#444 ) * Add securelink generation * Add ability to configure securelink_secret * Add a description of SECURE_LINK_SECRET * Update README.md	2022-06-07 16:16:05 +03:00
Alexey Golubev	19b66de202	Revert "Update run-document-server.sh (#439 )" This reverts commit `5c17c711b1`.	2022-05-26 17:03:57 +03:00
Roger Shieh	5c17c711b1	Update run-document-server.sh (#439 )	2022-05-24 18:02:42 +03:00
papacarlo	61d388372b	Merge branch release/v7.1.0 into develop	2022-05-16 12:57:21 +00:00
papacarlo	95e27e2655	Merge branch release/v7.1.0 into master	2022-05-12 13:21:23 +00:00
Roman Demidov	452dfeb56d	Fix bug #56785 (#434 ) * Fix bug #56785 * Changes for root	2022-04-29 14:57:14 +03:00
Roman Demidov	80acbe974d	Fix bug #53046 : sed error starting container on Arch (#433 )	2022-04-29 14:55:25 +03:00
Alexey Golubev	4fb0a1e712	Improve SSL certificate detection (#431 )	2022-04-25 17:25:19 +03:00
Alexey Golubev	39d2e303f1	Fix disabling JWT	2022-04-12 19:00:46 +03:00
papacarlo	decb1ed860	Merge branch hotfix/v7.0.2 into release/v7.1.0	2022-04-05 12:27:33 +00:00
papacarlo	a830c53218	Merge branch hotfix/v7.0.2 into develop	2022-04-05 12:27:30 +00:00
papacarlo	bb160d345e	Merge branch hotfix/v7.0.1 into release/v7.1.0	2022-03-23 10:29:52 +00:00
papacarlo	3cf36a79cc	Merge branch hotfix/v7.0.1 into develop	2022-03-23 09:49:22 +00:00
papacarlo	e17831904d	Merge branch hotfix/v7.0.1 into master	2022-02-22 08:17:41 +00:00
Stavros Kois	21f5019e1c	Initialliaze services.CoAuthoring.redis before attempting to set a child to a value (#404 ) Co-authored-by: papacarlo <builder@onlyoffice.com>	2022-02-09 10:37:52 +03:00
Pavel Lobashov	b2e720e66c	Fix broken links to Docker-CommunityServer (#402 ) Continue of #400 Those links became incorrect in `e7c8e59a37` I'm not sure that we REALLY need those links in this project, maybe just give links to README page and that's it But leaving it as it is	2022-01-31 11:18:50 +03:00
papacarlo	4c959d62b7	Merge branch release/v7.0.0 into release/v7.1.0	2022-01-17 14:34:38 +00:00
papacarlo	c5fb8f1fe0	Merge branch release/v7.0.0 into develop	2022-01-17 14:34:35 +00:00
papacarlo	973409cc8f	Merge branch release/v7.0.0 into master	2022-01-17 14:34:33 +00:00
papacarlo	33faf622c8	Merge branch hotfix/v6.4.2 into release/v7.0.0	2021-10-28 07:33:57 +00:00
papacarlo	44a96b1fde	Merge branch hotfix/v6.4.2 into develop	2021-10-28 07:33:55 +00:00
papacarlo	26ef312557	Merge branch hotfix/v6.4.1 into release/v6.5.0	2021-09-30 12:21:08 +00:00
papacarlo	2eb99ffb20	Merge branch hotfix/v6.4.1 into develop	2021-09-30 12:21:03 +00:00
papacarlo	0613f8a0ca	Merge branch release/v6.4.0 into develop	2021-08-26 13:55:56 +00:00
papacarlo	93a0526a7c	Merge branch hotfix/v6.3.1 into develop	2021-07-15 13:14:43 +00:00
Semyon Bezrukov	c6e7d68016	Fix docker targets (#361 ) * Fix docker targets * Fix docker latest tag	2021-06-01 17:29:31 +03:00