Update build

add hooks
2026-04-07 14:01:38 +08:00 · 2022-01-06 12:18:40 +03:00 · 2022-01-06 12:13:22 +03:00 · 2022-01-06 11:46:31 +03:00 · 2021-12-20 11:01:52 +03:00 · 2021-12-17 17:04:20 +03:00
12 changed files with 89 additions and 433 deletions
--- a/.github/workflows/4testing-build.yml
+++ b/.github/workflows/4testing-build.yml
@ -1,93 +0,0 @@
-### This workflow setup instance then build and push images ###
-name: 4testing multiarch-build
-
-on:
-  push:
-    tags:
-      - "v*"
-      - "!v*-stable"
-
-env: 
-  COMPANY_NAME: "onlyoffice"
-  PRODUCT_NAME: "documentserver"
-      
-jobs:
-  build:
-    name: Build 
-    runs-on: ubuntu-latest
-    continue-on-error: ${{ matrix.condition }}
-    strategy:
-      matrix:
-        images: ["documentserver"]
-        edition: ["", "-ee", "-de"]
-        condition: [true]
-    steps:
-      - name: Checkout code 
-        uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-     
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-
-      - name: Get Tag Name
-        run: |
-          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-
-      - name: Build 4testing
-        run: |
-          ### ==>> At this step build variable declaration ###
-          DOCKER_TAG=$( echo ${{ env.RELEASE_VERSION }} | sed 's/^.//' )
-          PACKAGE_VERSION=$( echo $DOCKER_TAG | sed -E 's/(.*)\./\1-/' )
-          NODE_PLATFORMS=$( echo ${{ steps.buildx.outputs.platforms }} | sed 's/linux\///g' | sed 's/,/ /g' )
-          echo "Start check avalivable build platforms >>"
-
-          ### ==>> In this loop we will check all avalivable documentserver architectures. After that all accessed arch will be added to build-platforms list. ###
-          for ARCH in ${NODE_PLATFORMS}; do
-            REPO_URL=${{ secrets.REPO_URL }} 
-            if [[ ${{ env.RELEASE_VERSION }} == v99.* ]]; then
-              REPO_URL=${{ secrets.UNSTABLE_REPO_URL }}
-            fi
-            PACKAGE_URL_CHECK=${REPO_URL}${{ matrix.edition }}_"$PACKAGE_VERSION"_${ARCH}.deb
-            STATUS=$(curl -s -o /dev/null -w "%{http_code}\n" "${PACKAGE_URL_CHECK}")
-            if [[ "$STATUS" = "200" ]]; then
-              echo "✔  ${ARCH} is avalivable >> set like one of build platforms"
-              PLATFORMS+=(linux/${ARCH},)
-              BUILD_PLATFORMS=$( echo ${PLATFORMS[@]} | sed 's/ //g' | sed 's/\(.*\),/\1/' )
-            else
-              echo "${ARCH} in not avalivable"
-            fi
-          done
-          PACKAGE_URL_BUILD=$( echo ${PACKAGE_URL_CHECK} | sed -e "s/${PACKAGE_VERSION}_.*.deb/${PACKAGE_VERSION}_TARGETARCH.deb/g" )
-
-          ### ==>> At this step if there is no access to any platform and platform list is empty, build will exit with 1. ###  
-          if [[ -z ${BUILD_PLATFORMS} ]]; then
-            echo "Have no access to any platform >> exit with 1"
-            exit 1
-          fi
-          echo "DONE: Check passed >> Build for platforms: ${BUILD_PLATFORMS}"
-          echo "Build is starting ... >>"
-
-          ### ==>> Build and push images at this step ### 
-          PRODUCT_EDITION=${{ matrix.edition }} \
-          PACKAGE_URL=$PACKAGE_URL_BUILD \
-          PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
-          DOCKERFILE=Dockerfile \
-          PREFIX_NAME=4testing- \
-          TAG=$DOCKER_TAG \
-          PLATFORM=$BUILD_PLATFORMS \
-          COMPANY_NAME=${{ env.COMPANY_NAME }} \
-            docker buildx bake \
-            -f docker-bake.hcl ${{ matrix.images }} \
-            --push
-          echo "DONE: Build success >> exit with 0"
-          exit 0
-        shell: bash
--- a/.github/workflows/stable-build.yml
+++ b/.github/workflows/stable-build.yml
@ -1,67 +0,0 @@
-### This workflow setup instance then build and push images ###
-name: Multi-arch build stable
-
-on:
-  push:
-    tags:
-      - "v*-stable"
-
-env:
-  COMPANY_NAME: "onlyoffice"
-  PRODUCT_NAME: "documentserver" 
-
-jobs:
-  build:
-    name: Build 
-    runs-on: ubuntu-latest
-    continue-on-error: ${{ matrix.condition }}
-    strategy:
-      matrix:
-        images: ["documentserver-stable"]
-        edition: ["", "-ee", "-de"]
-        condition: [true]
-    steps:
-      - name: Checkout code 
-        uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-     
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
-
-      - name: Get Tag Name
-        id: tag_name
-        run: |
-          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
-
-      - name: Build documentserver-release
-        run: |
-          TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
-          SHORTER_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+\.[\d]+')
-          SHORTEST_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+')
-          IMAGE_STATUS=$(docker manifest inspect ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG > /dev/null ; echo $?)
-             if [[ "$IMAGE_STATUS" = "0" ]]; then
-                echo "Image present on docker.hub >> start build stable version"
-                echo "FROM ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG as ${{ env.PRODUCT_NAME }}-stable" >> Dockerfile.stable
-                PRODUCT_EDITION=${{ matrix.edition }} PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
-                COMPANY_NAME=${{ env.COMPANY_NAME}} DOCKERFILE=Dockerfile.stable \
-                   TAG=$TAG \
-                   SHORTER_TAG=$SHORTER_TAG \
-                   SHORTEST_TAG=$SHORTEST_TAG \
-                   docker buildx bake \
-                   -f docker-bake.hcl ${{ matrix.images }} \
-                   --push 
-                echo "DONE: Build success >> exit with 0"
-                exit 0
-             else
-                echo "FAILED: Image with tag $TAG do not presented on docker.hub >> build will not started >> exit with 1"
-                exit 1
-             fi
-        shell: bash
--- a/18
+++ b/18
@ -1,16 +1,14 @@
-FROM ubuntu:22.04 as documentserver
+FROM ubuntu:20.04
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>

-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=14
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=12

 ARG ONLYOFFICE_VALUE=onlyoffice

 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
    apt-get -yq install wget apt-transport-https gnupg locales && \
-    mkdir -p $HOME/.gnupg && \
-    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
-    chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
    locale-gen en_US.UTF-8 && \
    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
    apt-get -yq install \
@ -71,18 +69,14 @@ COPY run-document-server.sh /app/ds/run-document-server.sh

 EXPOSE 80 443

-ARG TARGETARCH
-ARG PRODUCT_EDITION=
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
-ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}_$TARGETARCH.deb"
+ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}_amd64.deb"

 ENV COMPANY_NAME=$COMPANY_NAME \
-    PRODUCT_NAME=$PRODUCT_NAME \
-    PRODUCT_EDITION=$PRODUCT_EDITION
+    PRODUCT_NAME=$PRODUCT_NAME

-RUN PACKAGE_URL=$( echo ${PACKAGE_URL} | sed "s/TARGETARCH/"${TARGETARCH}"/g") && \
-    wget -q -P /tmp "$PACKAGE_URL" && \
+RUN wget -q -P /tmp "$PACKAGE_URL" && \
    apt-get -y update && \
    service postgresql start && \
    apt-get -yq install /tmp/$(basename "$PACKAGE_URL") && \
--- a/Dockerfile.cl
+++ b/Dockerfile.cl
@ -0,0 +1,4 @@
+FROM onlyoffice/documentserver-ee:latest
+
+RUN sed -i '/trap clean_exit SIGTERM/s/^/#/' /app/ds/run-document-server.sh
+
--- a/56
+++ b/56
@ -15,54 +15,60 @@ PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
 PACKAGE_URL := http://$(S3_BUCKET).s3.amazonaws.com/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu/$(PACKAGE_NAME)_$(PACKAGE_VERSION)_amd64.deb

-ifeq ($(RELEASE_BRANCH),$(filter $(RELEASE_BRANCH),unstable testing))
-	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))
+UPDATE_LATEST := false
+
+ifneq (,$(findstring develop,$(GIT_BRANCH)))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
+DOCKER_TAGS += latest
+else ifneq (,$(findstring release,$(GIT_BRANCH)))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
+else ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 else
-	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
 endif

-DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)
-DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)__$(DOCKER_TAG).dummy
+DOCKER_TAGS += $(DOCKER_TAG)
+
+DOCKER_REPO = $(COMPANY_NAME_LOW_ESCAPED)/4testing-$(PRODUCT_NAME_LOW)
+
+COLON := __colon__
+DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
+
 DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
+
 DOCKER_ARCH_URI := $(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/docker/$(notdir $(DOCKER_ARCH))

-.PHONY: all clean clean-docker image deploy docker publish
+.PHONY: all clean clean-docker deploy docker publish

-$(DOCKER_DUMMY):
+$(DOCKER_TARGETS): $(DEB_REPO_DATA)
 	docker pull ubuntu:20.04
 	docker build \
 		--build-arg PACKAGE_URL=$(PACKAGE_URL) \
 		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
 		--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
-		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
-	mkdir -p $$(dirname $@) && \
+		-t $(subst $(COLON),:,$@) . &&\
+	mkdir -p $$(dirname $@) &&\
 	echo "Done" > $@

-$(DOCKER_ARCH): $(DOCKER_DUMMY)
-	docker save $(DOCKER_IMAGE):$(DOCKER_TAG) | \
+$(DOCKER_ARCH): $(DOCKER_TARGETS)
+	docker save $(DOCKER_REPO):$(DOCKER_TAG) | \
 		gzip > $@

-all: image
+all: $(DOCKER_TARGETS)

 clean:
-	rm -rfv *.dummy *.tar.gz
+	rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
 		
 clean-docker:
 	docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0

-image: $(DOCKER_DUMMY)
-
-deploy: $(DOCKER_DUMMY)
-	for i in {1..3}; do \
-		docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \
-	done
-ifeq ($(RELEASE_BRANCH),unstable)
-	docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest
-	for i in {1..3}; do \
-		docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \
-	done
-endif
+deploy: $(DOCKER_TARGETS)
+	$(foreach TARGET,$(DOCKER_TARGETS), \
+		for i in {1..3}; do \
+			docker push $(subst $(COLON),:,$(TARGET)) && break || sleep 1m; \
+		done;)

 publish: $(DOCKER_ARCH)
 	aws s3 cp --no-progress --acl public-read \
--- a/README.md
+++ b/README.md
@ -10,7 +10,6 @@
        + [Strengthening the Server Security](#strengthening-the-server-security)
        + [Installation of the SSL Certificates](#installation-of-the-ssl-certificates)
        + [Available Configuration Parameters](#available-configuration-parameters)
-    - [Running ONLYOFFICE Document Server using docker secrets](#running-onlyoffice-document-server-using-docker-secrets)
 * [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
 * [Issues](#issues)
    - [Docker Issues](#docker-issues)
@ -164,58 +163,6 @@ chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key

 You are now just one step away from having our application secured.

-### Running ONLYOFFICE Document Server using docker secrets
-
-For manage sensitive data like database password/username you can use Docker secrets. If you want use secrets, you must start the Document Server like service with docker compose or docker swarm. According to [official docker documentation](https://docs.docker.com/engine/swarm/secrets/) secrets did not avalivable to standalone containers. To start using the secrets you need to go through a few simple steps: 
-
-**STEP 1**: 
-At first you need to iniciate docker swarm with command:
-
-```bash
-sudo docker swarm init 
-```
-
-**STEP 2**:
-On the next step you need to make the secrets. DocumentServer support username/password for postgresql access and jwt header/secret. 
-
-If you want to use secrets for database access create secrets with command:
-
-```bash
-sudo printf "your_pass" | docker secret create dbPass -
-sudo printf "your_user" | docker secret create dbUser -
-```
-NOTE: After secrets dbPass and dbUser was created, DocumentServer will be configured automaticly for use the same secrets for postgres access.
-
-If you want to use JSON Web Token values from secrets create secrets with command: 
-
-```bash
-sudo printf "secret_value" | docker secret create jwtSecret -
-sudo printf "header_value" | docker secret create jwtHeader -
-```
-
-**STEP 3**:
-After secrets was created you need to build the DocumentServer with command:
-
-```bash
-sudo docker compose build
-```
-
-**STEP 4**:
-After all when images was builded and secrets was created very important uncomment in docker-compose.yml file strings with secrets thats you want to use. For more information refer to the comments in docker-compose.yml
-
-**STEP 5**:
-Now Document Server is ready to deploy with secrets. For that run: 
-
-```bash
-sudo docker stack deploy --compose-file=docker-compose.yml documentserver-secrets
-```
-
-Also you can run Document Server in docker-compose mode with the same config
-
-```bash
-sudo docker compose up -d 
-```
-
 #### Available Configuration Parameters

 *Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command.*
@ -238,10 +185,8 @@ Below is the complete list of parameters that can be set using environment varia
 - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
- **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
 - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
@ -256,13 +201,6 @@ Below is the complete list of parameters that can be set using environment varia
 - **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
 - **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.

-Below list values avalivable only for compose/swarm mode.
-
- **JWT_SECRET_FILE**: Specifies the path to the mounted file, the value from which will be used like JWT_Secret value. Default path that docker mounted secrets: `/run/secrets/jwtSecret`
- **JWT_HEADER_FILE**: Specifies the path to the mounted file, the value from which will be used like JWT_Header value. Default path that docker mounted secrets: `/run/secrets/jwtHeader`
- **POSTGRES_USER_FILE**: Default postgresql container value. Tells the database where to get the username value by set to db access. Default path: `run/secrets/dbUser`
- **POSTGRES_PASSWORD_FILE**: Default postgresql container value. Tells the database where to get the password value by set to db access. Default path: `run/secrets/dbPass`
-
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers

 ONLYOFFICE Document Server is a part of ONLYOFFICE Community Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
@ -307,7 +245,7 @@ sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always -
 onlyoffice/mailserver
 ```

-The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml#L87).
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).

 To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").

@ -357,7 +295,7 @@ bash opensource-install.sh -md yourdomain.com
 Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:

 ```bash
-wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.groups.yml
+wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
 docker-compose up -d
 ```

--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,68 +0,0 @@
-variable "TAG" {
-    default = ""
-}
-
-variable "SHORTER_TAG" {
-    default = ""
-}
-
-variable "SHORTEST_TAG" {
-    default = ""
-}
-
-variable "COMPANY_NAME" {
-    default = ""
-}
-
-variable "PREFIX_NAME" {
-    default = ""
-}
-
-variable "PRODUCT_EDITION" {
-    default = ""
-}
-
-variable "PRODUCT_NAME" {
-    default = ""
-}
-
-variable "DOCKERFILE" {
-    default = ""
-}
-
-variable "PLATFORM" {
-    default = ""
-}
-
-variable "PACKAGE_URL" {
-    default = ""
-}
-
-target "documentserver" {
-    target = "documentserver"
-    dockerfile= "${DOCKERFILE}"
-    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}"]
-    platforms = ["${PLATFORM}"]
-    args = {
-        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
-        "PRODUCT_NAME": "${PRODUCT_NAME}"
-        "COMPANY_NAME": "${COMPANY_NAME}"
-        "PACKAGE_URL": "${PACKAGE_URL}"
-        "PLATFORM": "${PLATFORM}"
-    }
-}
-
-target "documentserver-stable" {
-    target = "documentserver-stable"
-    dockerfile= "${DOCKERFILE}"
-    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
-            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
-            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
-            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest"]
-    platforms = ["linux/amd64", "linux/arm64"]
-    args = {
-        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
-        "PRODUCT_NAME": "${PRODUCT_NAME}"
-        "COMPANY_NAME": "${COMPANY_NAME}"
-    }
-}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,4 +1,4 @@
-version: "3.9"
+version: '2'
 services:
  onlyoffice-documentserver:
    build:
@ -8,7 +8,6 @@ services:
      - onlyoffice-postgresql
      - onlyoffice-rabbitmq
    environment:
-      - USE_SECRETS=false # ←  Set on "true" if you plan use secrets.
      - DB_TYPE=postgres
      - DB_HOST=onlyoffice-postgresql
      - DB_PORT=5432
@ -17,13 +16,9 @@ services:
      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
      # Uncomment strings below to enable the JSON Web Token validation.
      #- JWT_ENABLED=true
-      #- JWT_IN_BODY=true
      #- JWT_SECRET=secret
      #- JWT_HEADER=Authorization
-      #  ↑ Uncomment two upper strings to use jwt_secret and jwt_header values by default without docker secrets.
-      #  ↓ Or uncomment two strings below to use jwt_secret and jwt_header values from docker secrets that you create.
-      #- JWT_SECTER_FILE=/run/secrets/jwtSecret
-      #- JWT_HEADER_FILE=/run/secrets/jwtHeader
+      #- JWT_IN_BODY=true
    ports:
      - '80:80'
      - '443:443'
@ -36,12 +31,6 @@ services:
       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
       - /var/www/onlyoffice/documentserver-example/public/files
       - /usr/share/fonts
-   # ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
-   #secrets:
-   #  - dbUser
-   #  - dbPass
-   #  - jwtSecret
-   #  - jwtHeader
       
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
@ -57,30 +46,11 @@ services:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
      - POSTGRES_HOST_AUTH_METHOD=trust
-      #  ↑ Comment two lines upper: POSTGRES_HOST_AUTH_METHOD and POSTGRES_USER and
-      #  ↓ Uncomment two strings below for use database access values from secrets that you create. 
-      #- POSTGRES_USER_FILE=/run/secrets/dbUser
-      #- POSTGRES_PASSWORD_FILE=/run/secrets/dbPass
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql
-   #  ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
-   #secrets:
-   #  - dbUser
-   #  - dbPass
-
-#  ↓ If you use docker secrets, uncomment srtings below only with secrets that you will use in your installtion
-#secrets:
-#  dbUser:
-#    external: true
-#  dbPass:
-#    external: true
-#  jwtSecret:
-#    external: true
-#  jwtHeader:
-#    external: true

 volumes:
  postgresql_data:
--- a/hooks/build
+++ b/hooks/build
@ -0,0 +1,5 @@
+#!/bin/bash
+
+sed -i '/trap clean_exit SIGTERM/s/^/#/' run-document-server.sh
+
+docker build -t $IMAGE_NAME .
--- a/hooks/post_push
+++ b/hooks/post_push
@ -0,0 +1,7 @@
+#!/bin/bash
+
+NEW_TAG=6.4.2
+NEW_IMAGE_NAME=$DOCKER_REPO:$NEW_TAG
+
+docker tag $IMAGE_NAME $NEW_IMAGE_NAME
+docker push $NEW_IMAGE_NAME
--- a/hooks/push
+++ b/hooks/push
@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker push $IMAGE_NAME
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -19,7 +19,6 @@ LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
 IS_UPGRADE="false"
-SECRETS_PATH="/run/secrets/"

 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
@ -38,21 +37,14 @@ if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
  fi
 fi

-SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
-mkdir -p ${SSL_CERTIFICATES_DIR}
-if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then
-  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
-  chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem
-  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key
-fi
-
-if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
-  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt
+SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
+if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.crt ]]; then
+  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.crt
 else
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt}
 fi
-if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then
-  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key
+if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.key ]]; then
+  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.key
 else
  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
@ -75,31 +67,15 @@ NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
 NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}

 JWT_ENABLED=${JWT_ENABLED:-false}
-
-# validate user's vars before usinig in json
-if [ "${JWT_ENABLED}" == "true" ]; then
-  JWT_ENABLED="true"
-else
-  JWT_ENABLED="false"
-fi
-
 JWT_SECRET=${JWT_SECRET:-secret}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}

-if [ ${USE_SECRETS} == "true" ] && [ -s ${SECRETS_PATH}/jwtSecret ]; then
-  JWT_SECRET=$( cat ${SECRETS_PATH}/jwtSecret )
-fi
-
-if [ ${USE_SECRETS} == "true" ] && [ -s ${SECRETS_PATH}/jwtHeader ]; then
-  JWT_HEADER=$( cat ${SECRETS_PATH}/jwtHeader ) 
-fi
-
 WOPI_ENABLED=${WOPI_ENABLED:-false}

 GENERATE_FONTS=${GENERATE_FONTS:-true}

-if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then
+if [[ ${PRODUCT_NAME} == "documentserver" ]]; then
  REDIS_ENABLED=false
 else
  REDIS_ENABLED=true
@ -129,17 +105,6 @@ if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
  SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
 fi

-# update db credentials if secrets was configure
-if [ "${USE_SECRETS}" == "true" ]; then
-  if [ -s ${SECRETS_PATH}/dbUser ]; then
-    DB_USER=$( cat ${SECRETS_PATH}/dbUser )
-  fi
-
-  if [ -s ${SECRETS_PATH}/dbPass ]; then
-    DB_PWD=$( cat ${SECRETS_PATH}/dbPass )
-  fi
-fi
-
 read_setting(){
  deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
  deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
@ -319,37 +284,33 @@ update_rabbitmq_setting(){
 }

 update_redis_settings(){
-  ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
-
-  if [ -n "${REDIS_SERVER_PASS}" ]; then
-    ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}"
-  fi
-
 }

 update_ds_settings(){
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
-  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
+  if [ "${JWT_ENABLED}" == "true" ]; then
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"

-  ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
-  ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
-  ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"

-  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
-  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"

-  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
-  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"

-  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
-    ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
-    ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
-    ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
+    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
+      ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
+      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
+      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
+    fi
  fi
- 
+
  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
@ -442,13 +403,11 @@ update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
  if [[ -e $WELCOME_PAGE ]]; then
    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
-    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
-      if [[ -x $(command -v docker) ]]; then
-        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
-        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
-      else
-        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
-      fi
+    if [[ -x $(command -v docker) ]]; then
+      DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
+      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+    else
+      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
    fi
  fi
 }
@ -500,8 +459,6 @@ update_nginx_settings(){
  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
  fi
-
-  documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
 }

 update_supervisor_settings(){
@ -537,7 +494,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${
 done

 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR}; do
+for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
  chown -R ds:ds "$i"
  chmod -R 755 "$i"
 done
Author	SHA1	Message	Date
AlexandrKharitonov	f663fbd43b	Update build	2022-01-06 12:18:40 +03:00
AlexandrKharitonov	e3f8ab9a1d	Update build	2022-01-06 12:13:22 +03:00
AlexandrKharitonov	2fbbccccec	add hooks	2022-01-06 11:46:31 +03:00
AlexandrKharitonov	9c1975df7b	Update Dockerfile.cl	2021-12-20 11:01:52 +03:00
AlexandrKharitonov	f9499ba9ff	Create Dockerfile.cl	2021-12-17 17:04:20 +03:00