Remake fix #96

* fix issue #96 ; 'Download failed' after upgrade to onlyoffice - unable to verify the first certificate

* New variable name REJECT_UNAUTHORIZED_STORAGE

Shell variable rnamed to REJECT_UNAUTHORIZED_STORAGE.

.travis.yml

@@ -0,0 +1,59 @@
+language: generic
+
+dist: trusty
+
+env:
+  # postgresql
+  - config: postgres.yml
+
+  # custom values
+  - config: postgres.yml
+    DB_NAME: mydb
+    DB_USER: myuser
+    DB_PWD: password
+    POSTGRES_DB: mydb
+    POSTGRES_USER: myuser
+
+  # deprecated variables
+  - config: postgres-old.yml
+    POSTGRESQL_SERVER_HOST: onlyoffice-postgresql
+    POSTGRESQL_SERVER_PORT: 5432
+    POSTGRESQL_SERVER_DB_NAME: onlyoffice
+    POSTGRESQL_SERVER_USER: onlyoffice
+    POSTGRESQL_SERVER_PASS: onlyoffice
+
+  # mysql
+  - config: mysql.yml
+    DB_TYPE: mysql
+    DB_HOST: onlyoffice-mysql
+    DB_PORT: 3306
+
+  # activemq
+  - config: activemq.yml
+    AMQP_TYPE: activemq
+    AMQP_URI: amqp://guest:guest@onlyoffice-activemq
+
+  # rabbitmq
+  - config: rabbitmq.yml
+    AMQP_TYPE: rabbitmq
+    AMQP_URI: amqp://guest:guest@onlyoffice-rabbitmq
+
+  # rabbitmq old variables
+  - config: rabbitmq-old.yml
+    AMQP_SERVER_TYPE: rabbitmq
+    AMQP_SERVER_URL: amqp://guest:guest@onlyoffice-rabbitmq
+
+  # redis
+  - config: redis.yml
+    REDIS_SERVER_HOST: onlyoffice-redis
+    REDIS_SERVER_PORT: 6379
+
+services:
+  - docker
+
+script:
+  # Go to tests dir
+  - cd ${PWD}/tests
+
+  # Run test.
+  - ./test.sh

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:16.04
+FROM ubuntu:18.04
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
 
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
@@ -7,28 +7,30 @@ ARG ONLYOFFICE_VALUE=onlyoffice
 
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     apt-get -y update && \
-    apt-get -yq install wget apt-transport-https curl locales && \
+    apt-get -yq install wget apt-transport-https gnupg curl locales && \
     apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
     locale-gen en_US.UTF-8 && \
-    curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
+    curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
     apt-get -y update && \
     apt-get -yq install \
         adduser \
+        apt-utils \
         bomstrip \
         htop \
         libasound2 \
         libboost-regex-dev \
         libcairo2 \
         libcurl3 \
+        libcurl3-gnutls \
         libgconf2-4 \
         libgtkglext1 \
         libnspr4 \
         libnss3 \
-        libnss3-nssdb \
         libstdc++6 \
         libxml2 \
         libxss1 \
         libxtst6 \
+        mysql-client \
         nano \
         net-tools \
         netcat \
@@ -44,6 +46,10 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
         supervisor \
         xvfb \
         zlib1g && \
+    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
+    sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
+    pg_conftool 10 main set listen_addresses 'localhost' && \
+    service postgresql restart && \
     sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
     sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
     sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ 
@@ -75,6 +81,6 @@ RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/ds.list && \
     rm -rf /var/log/$COMPANY_NAME && \
     rm -rf /var/lib/apt/lists/*
 
-VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /usr/share/fonts/truetype/custom
+VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom
 
 ENTRYPOINT /app/ds/run-document-server.sh

README.md

@@ -67,6 +67,8 @@ To get access to your data from outside the container, you need to mount the vol
         -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
         -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
         -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
+        -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
+        -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
         -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver
 
 Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
@@ -162,13 +164,14 @@ Below is the complete list of parameters that can be set using environment varia
 - **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
-- **POSTGRESQL_SERVER_HOST**: The IP address or the name of the host where the PostgreSQL server is running.
-- **POSTGRESQL_SERVER_PORT**: The PostgreSQL server port number.
-- **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup.
-- **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account.
-- **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account.
-- **AMQP_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
-- **AMQP_SERVER_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
+- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.
+- **DB_HOST**: The IP address or the name of the host where the database server is running.
+- **DB_PORT**: The database server port number.
+- **DB_NAME**: The name of a database to be created on the image startup.
+- **DB_USER**: The new user name with superuser permissions for the database account.
+- **DB_PWD**: The password set for the database account.
+- **AMQP_URI**: The [AMQP URI](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
+- **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
@@ -176,6 +179,8 @@ Below is the complete list of parameters that can be set using environment varia
 - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
+- **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
+- **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
 
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
 

config/nginx/nginx

@@ -1,196 +0,0 @@
-#!/bin/sh
-
-### BEGIN INIT INFO
-# Provides:       nginx
-# Required-Start:    $local_fs $remote_fs $network $syslog $named
-# Required-Stop:     $local_fs $remote_fs $network $syslog $named
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: starts the nginx web server
-# Description:       starts nginx using start-stop-daemon
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/nginx
-NAME=nginx
-DESC=nginx
-
-# Include nginx defaults if available
-if [ -r /etc/default/nginx ]; then
-        . /etc/default/nginx
-fi
-
-STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
-
-test -x $DAEMON || exit 0
-
-. /lib/init/vars.sh
-. /lib/lsb/init-functions
-
-# Try to extract nginx pidfile
-PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
-if [ -z "$PID" ]; then
-        PID=/tmp/nginx.pid
-fi
-
-if [ -n "$ULIMIT" ]; then
-        # Set ulimit if it is set in /etc/default/nginx
-        ulimit $ULIMIT
-fi
-
-start_nginx() {
-        # Start the daemon/service
-        #
-        # Returns:
-        #   0 if daemon has been started
-        #   1 if daemon was already running
-        #   2 if daemon could not be started
-        start-stop-daemon --start --quiet --pidfile $PID --chuid www-data:www-data --exec $DAEMON --test > /dev/null \
-                || return 1
-        start-stop-daemon --start --quiet --pidfile $PID --chuid www-data:www-data --exec $DAEMON -- \
-                $DAEMON_OPTS 2>/dev/null \
-                || return 2
-}
-
-test_config() {
-        # Test the nginx configuration
-        $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
-}
-
-stop_nginx() {
-        # Stops the daemon/service
-        #
-        # Return
-        #   0 if daemon has been stopped
-        #   1 if daemon was already stopped
-        #   2 if daemon could not be stopped
-        #   other if a failure occurred
-        start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
-        RETVAL="$?"
-        sleep 1
-        return "$RETVAL"
-}
-
-reload_nginx() {
-        # Function that sends a SIGHUP to the daemon/service
-        start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
-        return 0
-}
-
-rotate_logs() {
-        # Rotate log files
-        start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
-        return 0
-}
-
-upgrade_nginx() {
-        # Online upgrade nginx executable
-        # http://nginx.org/en/docs/control.html
-        #
-        # Return
-        #   0 if nginx has been successfully upgraded
-        #   1 if nginx is not running
-        #   2 if the pid files were not created on time
-        #   3 if the old master could not be killed
-        if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
-                # Wait for both old and new master to write their pid file
-                while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
-                        cnt=`expr $cnt + 1`
-                        if [ $cnt -gt 10 ]; then
-                                return 2
-                        fi
-                        sleep 1
-                done
-                # Everything is ready, gracefully stop the old master
-                if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
-                        return 0
-                else
-                        return 3
-                fi
-        else
-                return 1
-        fi
-}
-
-case "$1" in
-        start)
-                log_daemon_msg "Starting $DESC" "$NAME"
-                start_nginx
-                case "$?" in
-                        0|1) log_end_msg 0 ;;
-                        2)   log_end_msg 1 ;;
-                esac
-                ;;
-        stop)
-                log_daemon_msg "Stopping $DESC" "$NAME"
-                stop_nginx
-                case "$?" in
-                        0|1) log_end_msg 0 ;;
-                        2)   log_end_msg 1 ;;
-                esac
-                ;;
-        restart)
-                log_daemon_msg "Restarting $DESC" "$NAME"
-
-                # Check configuration before stopping nginx
-                if ! test_config; then
-                        log_end_msg 1 # Configuration error
-                        exit $?
-                fi
-
-                stop_nginx
-                case "$?" in
-                        0|1)
-                                start_nginx
-                                case "$?" in
-                                        0) log_end_msg 0 ;;
-                                        1) log_end_msg 1 ;; # Old process is still running
-                                        *) log_end_msg 1 ;; # Failed to start
-                                esac
-                                ;;
-                        *)
-                                # Failed to stop
-                                log_end_msg 1
-                                ;;
-                esac
-                ;;
-        reload|force-reload)
-                log_daemon_msg "Reloading $DESC configuration" "$NAME"
-
-                # Check configuration before stopping nginx
-                #
-                # This is not entirely correct since the on-disk nginx binary
-                # may differ from the in-memory one, but that's not common.
-                # We prefer to check the configuration and return an error
-                # to the administrator.
-                if ! test_config; then
-                        log_end_msg 1 # Configuration error
-                        exit $?
-                fi
-
-                reload_nginx
-                log_end_msg $?
-                ;;
-        configtest|testconfig)
-                log_daemon_msg "Testing $DESC configuration"
-                test_config
-                log_end_msg $?
-                ;;
-        status)
-                status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
-                ;;
-        upgrade)
-                log_daemon_msg "Upgrading binary" "$NAME"
-                upgrade_nginx
-                log_end_msg $?
-                ;;
-        rotate)
-                log_daemon_msg "Re-opening $DESC log files" "$NAME"
-                rotate_logs
-                log_end_msg $?
-                ;;
-        *)
-                echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
-                exit 3
-                ;;
-esac

config/nginx/nginx.conf

@@ -1,63 +0,0 @@
-user www-data;
-worker_processes 1;
-pid /tmp/nginx.pid;
-
-events {
-        worker_connections 524288;
-        # multi_accept on;
-}
-
-http {
-
-        ##
-        # Basic Settings
-        ##
-
-        sendfile on;
-        tcp_nopush on;
-        tcp_nodelay on;
-        keepalive_timeout 65;
-        types_hash_max_size 2048;
-        # server_tokens off;
-
-        # server_names_hash_bucket_size 64;
-        # server_name_in_redirect off;
-
-        include /etc/nginx/mime.types;
-        default_type application/octet-stream;
-
-        ##
-        # SSL Settings
-        ##
-
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
-        ssl_prefer_server_ciphers on;
-
-        ##
-        # Logging Settings
-        ##
-
-        access_log off;
-        error_log /var/log/nginx/error.log;
-
-        ##
-        # Gzip Settings
-        ##
-
-        gzip on;
-        gzip_disable "msie6";
-
-        # gzip_vary on;
-        # gzip_proxied any;
-        # gzip_comp_level 6;
-        # gzip_buffers 16 8k;
-        # gzip_http_version 1.1;
-        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
-        ##
-        # Virtual Host Configs
-        ##
-
-        include /etc/nginx/conf.d/*.conf;
-        include /etc/nginx/sites-enabled/*;
-}

config/supervisor/supervisor

@@ -30,8 +30,8 @@ DESC=supervisor
 
 test -x $DAEMON || exit 0
 
-LOGDIR=/tmp
-PIDFILE=/tmp/$NAME.pid
+LOGDIR=/var/log/supervisor
+PIDFILE=/var/run/$NAME.pid
 PS_COUNT=0
 DODTIME=5                   # Time to wait for the server to die, in seconds
                             # If this value is set too low you might not
@@ -101,7 +101,7 @@ case "$1" in
             rm -f "$PIDFILE"
         fi
 	echo -n "Starting $DESC: "
-	start-stop-daemon --start --quiet --chuid ds:ds --pidfile $PIDFILE \
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
 		--startas $DAEMON -- $DAEMON_OPTS
 	test -f $PIDFILE || sleep 1
         if running ; then
@@ -152,7 +152,7 @@ case "$1" in
     echo -n "Restarting $DESC: "
     start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
 	[ -n "$DODTIME" ] && sleep $DODTIME
-	start-stop-daemon --start --quiet --chuid ds:ds --pidfile $PIDFILE \
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
 		--startas $DAEMON -- $DAEMON_OPTS
 	echo "$NAME."
 	;;

config/supervisor/supervisord.conf

@@ -4,9 +4,9 @@
 port = 127.0.0.1:9001
 
 [supervisord]
-logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
-pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
-childlogdir=/tmp            ; ('AUTO' child log dir, default $TEMP)
+logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
 
 ; the below section must remain in the config file for RPC
 ; (supervisorctl/web interface) to work, additional interfaces may be

docker-compose.yml

@@ -5,17 +5,19 @@ services:
     image: onlyoffice/documentserver:latest
     environment:
       - ONLYOFFICE_DATA_CONTAINER=true
-      - POSTGRESQL_SERVER_HOST=onlyoffice-postgresql
-      - POSTGRESQL_SERVER_PORT=5432
-      - POSTGRESQL_SERVER_DB_NAME=onlyoffice
-      - POSTGRESQL_SERVER_USER=onlyoffice
-      - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq
+      - DB_TYPE=postgres
+      - DB_HOST=onlyoffice-postgresql
+      - DB_PORT=5432
+      - DB_NAME=onlyoffice
+      - DB_USER=onlyoffice
+      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
       - REDIS_SERVER_HOST=onlyoffice-redis
       - REDIS_SERVER_PORT=6379
       # Uncomment strings below to enable the JSON Web Token validation.
       #- JWT_ENABLED=true
       #- JWT_SECRET=secret
       #- JWT_HEADER=Authorization
+      #- JWT_IN_BODY=true
     stdin_open: true
     restart: always
     networks:

run-document-server.sh

@@ -21,6 +21,7 @@ SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
+USE_UNAUTHORIZED_STORAGE=${USE_UNAUTHORIZED_STORAGE:-false}
 ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
 ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
 SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
@@ -38,6 +39,7 @@ NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 JWT_ENABLED=${JWT_ENABLED:-false}
 JWT_SECRET=${JWT_SECRET:-secret}
 JWT_HEADER=${JWT_HEADER:-Authorization}
+JWT_IN_BODY=${JWT_IN_BODY:-false}
 
 ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
 ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
@@ -48,27 +50,51 @@ JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
 JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
 JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
 
-DS_PORT=${DS_PORT:-80}
-
 LOCAL_SERVICES=()
 
 PG_ROOT=/var/lib/postgresql
-PG_VERSION=9.5
+PG_VERSION=10
 PG_NAME=main
 PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME}
 PG_NEW_CLUSTER=false
+RABBITMQ_DATA=/var/lib/rabbitmq
+REDIS_DATA=/var/lib/redis
 
 read_setting(){
-  POSTGRESQL_SERVER_HOST=${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}
-  POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-5432}
-  POSTGRESQL_SERVER_DB_NAME=${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}
-  POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
-  POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}
+  deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
+  deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
+  deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME
+  deprecated_var POSTGRESQL_SERVER_USER DB_USER
+  deprecated_var POSTGRESQL_SERVER_PASS DB_PWD
+  deprecated_var RABBITMQ_SERVER_URL AMQP_URI
+  deprecated_var AMQP_SERVER_URL AMQP_URI
+  deprecated_var AMQP_SERVER_TYPE AMQP_TYPE
+
+  DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}}
+  case $DB_TYPE in
+    "postgres")
+      DB_PORT=${DB_PORT:-"5432"}
+      ;;
+    "mariadb"|"mysql")
+      DB_PORT=${DB_PORT:-"3306"}
+      ;;
+    "")
+      DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}}
+      ;;
+    *)
+      echo "ERROR: unknown database type"
+      exit 1
+      ;;
+  esac
+  DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}}
+  DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}}
+  DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}}
+  DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)}
 
   RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
-  AMQP_SERVER_URL=${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}
-  AMQP_SERVER_TYPE=${AMQP_SERVER_TYPE:-rabbitmq}
-  parse_rabbitmq_url ${AMQP_SERVER_URL}
+  AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}}
+  AMQP_TYPE=${AMQP_TYPE:-${AMQP_SERVER_TYPE:-rabbitmq}}
+  parse_rabbitmq_url ${AMQP_URI}
 
   REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
   REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
@@ -76,6 +102,12 @@ read_setting(){
   DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)}
 }
 
+deprecated_var() {
+  if [[ -n ${!1} ]]; then
+    echo "Variable $1 is deprecated. Use $2 instead."
+  fi
+}
+
 parse_rabbitmq_url(){
   local amqp=$1
 
@@ -125,8 +157,8 @@ waiting_for_connection(){
   done
 }
 
-waiting_for_postgresql(){
-  waiting_for_connection ${POSTGRESQL_SERVER_HOST} ${POSTGRESQL_SERVER_PORT}
+waiting_for_db(){
+  waiting_for_connection $DB_HOST $DB_PORT
 }
 
 waiting_for_amqp(){
@@ -139,22 +171,23 @@ waiting_for_redis(){
 waiting_for_datacontainer(){
   waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT}
 }
-update_postgresql_settings(){
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${POSTGRESQL_SERVER_HOST}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${POSTGRESQL_SERVER_PORT}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${POSTGRESQL_SERVER_DB_NAME}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${POSTGRESQL_SERVER_USER}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${POSTGRESQL_SERVER_PASS}'"
+update_db_settings(){
+  ${JSON} -I -e "this.services.CoAuthoring.sql.type = '${DB_TYPE}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'"
 }
 
 update_rabbitmq_setting(){
-  if [ "${AMQP_SERVER_TYPE}" == "rabbitmq" ]; then
+  if [ "${AMQP_TYPE}" == "rabbitmq" ]; then
     ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
     ${JSON} -I -e "this.queue.type = 'rabbitmq'"
-    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_SERVER_URL}'"
+    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'"
   fi
   
-  if [ "${AMQP_SERVER_TYPE}" == "activemq" ]; then
+  if [ "${AMQP_TYPE}" == "activemq" ]; then
     ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
     ${JSON} -I -e "this.queue.type = 'activemq'"
     ${JSON} -I -e "if(this.activemq===undefined)this.activemq={};"
@@ -196,7 +229,7 @@ update_redis_settings(){
   ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
 }
 
-update_jwt_settings(){
+update_ds_settings(){
   if [ "${JWT_ENABLED}" == "true" ]; then
     ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
     ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
@@ -209,12 +242,20 @@ update_jwt_settings(){
     ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
     ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
 
+    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
+
     if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
       ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
       ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
       ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
     fi
   fi
+
+  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
+    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
+    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
+  fi
 }
 
 create_postgresql_cluster(){
@@ -234,10 +275,21 @@ create_postgresql_db(){
   sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
 }
 
-create_postgresql_tbl(){
-  CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -p${POSTGRESQL_SERVER_PORT} -U${POSTGRESQL_SERVER_USER} -w"
-  if [ -n "${POSTGRESQL_SERVER_PASS}" ]; then
-    export PGPASSWORD=${POSTGRESQL_SERVER_PASS}
+create_db_tbl() {
+  case $DB_TYPE in
+    "postgres")
+      create_postgresql_tbl
+    ;;
+    "mariadb"|"mysql")
+      create_mysql_tbl
+    ;;
+  esac
+}
+
+create_postgresql_tbl() {
+  CONNECTION_PARAMS="-h$DB_HOST -p$DB_PORT -U$DB_USER -w"
+  if [ -n "$DB_PWD" ]; then
+    export PGPASSWORD=$DB_PWD
   fi
 
   PSQL="psql -q $CONNECTION_PARAMS"
@@ -245,10 +297,33 @@ create_postgresql_tbl(){
 
   # Create db on remote server
   if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then
-    $CREATEDB $POSTGRESQL_SERVER_DB_NAME
+    $CREATEDB $DB_NAME
   fi
 
-  $PSQL -d "${POSTGRESQL_SERVER_DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql"
+  $PSQL -d "$DB_NAME" -f "$APP_DIR/server/schema/postgresql/createdb.sql"
+}
+
+create_mysql_tbl() {
+  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
+  MYSQL="mysql -q $CONNECTION_PARAMS"
+
+  # Create db on remote server
+  $MYSQL -e "CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" >/dev/null 2>&1
+
+  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
+}
+
+update_welcome_page() {
+  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
+  if [[ -e $WELCOME_PAGE ]]; then
+    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
+    if [[ -x $(command -v docker) ]]; then
+      DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
+      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+    else
+      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+    fi
+  fi
 }
 
 update_nginx_settings(){
@@ -288,8 +363,6 @@ update_nginx_settings(){
     fi
   else
     ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
-    # set up default listening port
-    sed 's,\(listen.\+:\)\([0-9]\+\)\(.*;\),'"\1${DS_PORT}\3"',' -i ${NGINX_ONLYOFFICE_CONF}
   fi
 
   # check if ipv6 supported otherwise remove it from nginx config
@@ -307,10 +380,6 @@ update_supervisor_settings(){
   cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
   # Copy modified supervisor config
   cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
-  # Copy modified nginx start script
-  cp ${SYSCONF_TEMPLATES_DIR}/nginx/nginx /etc/init.d/
-  # Copy modified ngnix config
-  cp ${SYSCONF_TEMPLATES_DIR}/nginx/nginx.conf /etc/nginx/nginx.conf
 }
 
 update_log_settings(){
@@ -339,22 +408,21 @@ for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
   chmod -R 755 "$i"
 done
 
-touch ${DS_LOG_DIR}/nginx.error.log
-chown www-data:www-data ${DS_LOG_DIR}/nginx.error.log
-
 if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
 
   read_setting
 
+  update_welcome_page
+
   update_log_settings
 
-  update_jwt_settings
+  update_ds_settings
 
   # update settings by env variables
-  if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then
-    update_postgresql_settings
-    waiting_for_postgresql
-    create_postgresql_tbl
+  if [ $DB_HOST != "localhost" ]; then
+    update_db_settings
+    waiting_for_db
+    create_db_tbl
   else
     # change rights for postgres directory
     chown -R postgres:postgres ${PG_ROOT}
@@ -371,6 +439,13 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
   if [ ${AMQP_SERVER_HOST} != "localhost" ]; then
     update_rabbitmq_setting
   else
+    # change rights for rabbitmq directory
+    chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA}
+    chmod -R go=rX,u=rwX ${RABBITMQ_DATA}
+    if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then
+        chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
+    fi
+
     LOCAL_SERVICES+=("rabbitmq-server")
     # allow Rabbitmq startup after container kill
     rm -rf /var/run/rabbitmq
@@ -379,6 +454,10 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
   if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
     update_redis_settings
   else
+    # change rights for redis directory
+    chown -R redis:redis ${REDIS_DATA}
+    chmod -R 750 ${REDIS_DATA}
+
     LOCAL_SERVICES+=("redis-server")
   fi
 else
@@ -388,6 +467,8 @@ else
   # read settings after the data container in ready state
   # to prevent get unconfigureted data
   read_setting
+  
+  update_welcome_page
 fi
 
 #start needed local services
@@ -401,7 +482,7 @@ if [ ${PG_NEW_CLUSTER} = "true" ]; then
 fi
 
 if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
-  waiting_for_postgresql
+  waiting_for_db
   waiting_for_amqp
   waiting_for_redis
 

tests/activemq.yml

@@ -4,8 +4,8 @@ services:
     container_name: onlyoffice-documentserver
     image: onlyoffice/4testing-documentserver-ie:latest
     environment:
-      - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-activemq
-      - AMQP_SERVER_TYPE=activemq
+      - AMQP_TYPE
+      - AMQP_URI
     stdin_open: true
     restart: always
     ports:
@@ -18,8 +18,8 @@ services:
     container_name: onlyoffice-activemq
     image: webcenter/activemq:5.14.3
     environment:
-      - ACTIVEMQ_USERS_guest=guest
-      - ACTIVEMQ_GROUPS_owners=guest
+      - ACTIVEMQ_USERS_guest
+      - ACTIVEMQ_GROUPS_owners
     restart: always
     networks:
      - onlyoffice

tests/defaults.env

@@ -0,0 +1,40 @@
+# DocumentServer Container
+ONLYOFFICE_DATA_CONTAINER=true
+DB_TYPE=postgres
+DB_HOST=onlyoffice-postgresql
+DB_PORT=5432
+DB_NAME=onlyoffice
+DB_USER=onlyoffice
+DB_PWD=onlyoffice
+AMQP_TYPE=rabbitmq
+AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+REDIS_SERVER_HOST=onlyoffice-redis
+REDIS_SERVER_PORT=6379
+JWT_ENABLED=true
+JWT_SECRET=secret
+JWT_HEADER=Authorization
+
+ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
+BALANCE=uri depth 3
+EXCLUDE_PORTS=443
+HTTP_CHECK=GET /healthcheck
+EXTRA_SETTINGS=http-check expect string true
+FORCE_SSL=true
+
+# HAProxy Container
+MODE=http
+CERT_FOLDER=/certs/
+
+# ActiveMQ Container
+ACTIVEMQ_USERS_guest=guest
+ACTIVEMQ_GROUPS_owners=guest
+
+# Postgres Container
+POSTGRES_DB=onlyoffice
+POSTGRES_USER=onlyoffice
+
+# MySQL Container
+MYSQL_DATABASE=onlyoffice
+MYSQL_USER=onlyoffice
+MYSQL_PASSWORD=onlyoffice
+MYSQL_ALLOW_EMPTY_PASSWORD=yes

tests/mysql.yml

@@ -0,0 +1,35 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    image: onlyoffice/4testing-documentserver-ie:latest
+    depends_on:
+      - onlyoffice-mysql
+    environment:
+      - DB_TYPE
+      - DB_HOST
+      - DB_PORT
+      - DB_NAME
+      - DB_USER
+      - DB_PWD
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-mysql:
+    container_name: onlyoffice-mysql
+    image: mysql:5.7
+    environment:
+      - MYSQL_DATABASE
+      - MYSQL_USER
+      - MYSQL_PASSWORD
+      - MYSQL_ALLOW_EMPTY_PASSWORD
+    restart: always
+    volumes:
+      - mysql_data:/var/lib/mysql
+    expose:
+      - '3306'
+
+volumes:
+  mysql_data:

tests/postgres-old.yml

@@ -0,0 +1,32 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    image: onlyoffice/4testing-documentserver-ie:latest
+    depends_on:
+      - onlyoffice-postgresql
+    environment:
+      - POSTGRESQL_SERVER_HOST
+      - POSTGRESQL_SERVER_PORT
+      - POSTGRESQL_SERVER_DB_NAME
+      - POSTGRESQL_SERVER_USER
+      - POSTGRESQL_SERVER_PASS
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-postgresql:
+    container_name: onlyoffice-postgresql
+    image: postgres:9.5
+    environment:
+      - POSTGRES_DB
+      - POSTGRES_USER
+    restart: always
+    expose:
+      - '5432'
+    volumes:
+      - postgresql_data:/var/lib/postgresql
+
+volumes:
+  postgresql_data:

tests/postgres.yml

@@ -0,0 +1,33 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    image: onlyoffice/4testing-documentserver-ie:latest
+    depends_on:
+      - onlyoffice-postgresql
+    environment:
+      - DB_TYPE
+      - DB_HOST
+      - DB_PORT
+      - DB_NAME
+      - DB_USER
+      - DB_PWD
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-postgresql:
+    container_name: onlyoffice-postgresql
+    image: postgres:9.5
+    environment:
+      - POSTGRES_DB
+      - POSTGRES_USER
+    restart: always
+    expose:
+      - '5432'
+    volumes:
+      - postgresql_data:/var/lib/postgresql
+
+volumes:
+  postgresql_data:

tests/rabbitmq-old.yml

@@ -0,0 +1,28 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    image: onlyoffice/4testing-documentserver-ie:latest
+    environment:
+      - AMQP_SERVER_TYPE
+      - AMQP_SERVER_URL
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    networks:
+      - onlyoffice
+
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '5672'
+
+networks:
+  onlyoffice:
+    driver: 'bridge'

tests/rabbitmq.yml

@@ -0,0 +1,28 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    image: onlyoffice/4testing-documentserver-ie:latest
+    environment:
+      - AMQP_TYPE
+      - AMQP_URI
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    networks:
+      - onlyoffice
+
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '5672'
+
+networks:
+  onlyoffice:
+    driver: 'bridge'

tests/redis.yml

@@ -0,0 +1,28 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    image: onlyoffice/4testing-documentserver-ie:latest
+    environment:
+      - REDIS_SERVER_HOST
+      - REDIS_SERVER_PORT
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    networks:
+      - onlyoffice
+
+  onlyoffice-redis:
+    container_name: onlyoffice-redis
+    image: redis
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '6379'
+
+networks:
+  onlyoffice:
+    driver: 'bridge'

tests/test.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Check if the yml exists
+if [[ ! -f $config ]]; then
+  echo "File $config doesn't exist!"
+  exit 1
+fi
+
+env_file=defaults.env
+
+# Copy .env
+if [[ -f $env_file ]]; then
+  cp $env_file .env
+else
+  echo "File $env_file doesn't exist!"
+  exit 1
+fi
+
+# Run test environment
+docker-compose -p ds -f $config up -d
+
+wakeup_timeout=30
+
+# Get documentserver healthcheck status
+echo "Wait for service wake up"
+sleep $wakeup_timeout
+healthcheck_res=$(wget --no-check-certificate -qO - localhost/healthcheck)
+
+# Fail if it isn't true
+if [[ $healthcheck_res == "true" ]]; then
+  echo "Healthcheck passed."
+else
+  echo "Healthcheck failed!"
+  exit 1
+fi
+
+docker-compose -p ds -f $config down