Merge branch 'release/v4.2.0'

v4.1.2

Dockerfile

@@ -1,36 +1,46 @@
 FROM ubuntu:14.04
 MAINTAINER Ascensio System SIA <support@onlyoffice.com>
 
-ENV LANG en_US.UTF-8  
-ENV LANGUAGE en_US:en  
-ENV LC_ALL en_US.UTF-8 
-
-RUN apt-get update && apt-get -y -q install libreoffice 
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
 
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
-    echo "deb http://static.teamlab.com.s3.amazonaws.com/repo/debian/ squeeze main" >>  /etc/apt/sources.list && \
+    apt-get -y update && \
+    apt-get --force-yes -yq install wget apt-transport-https curl && \
     apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D9D0BF019CC8AC0D && \
-    echo "deb http://download.mono-project.com/repo/debian wheezy/snapshots/3.12.0  main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
     echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" >> /etc/apt/sources.list && \
-    DEBIAN_FRONTEND=noninteractive  && \
     locale-gen en_US.UTF-8 && \
+    curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
     apt-get -y update && \
     echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
-    apt-get install --force-yes -yq software-properties-common && \
-    add-apt-repository ppa:ubuntu-toolchain-r/test && \
-    apt-get -y update && \
-    apt-get --force-yes -yq install gcc-4.9 onlyoffice-documentserver nano htop && \
+    apt-get --force-yes -yq install software-properties-common adduser postgresql redis-server rabbitmq-server nginx-extras nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g supervisor fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libgtkglext1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2 bomstrip libnspr4 libnss3 libnss3-nssdb nano htop && \
+    sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" && \
+    sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" && \
+    sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" && \ 
+    service postgresql stop && \
+    service redis-server stop && \
+    service rabbitmq-server stop && \
+    service supervisor stop && \
+    service nginx stop && \
     rm -rf /var/lib/apt/lists/*
 
 ADD config /app/onlyoffice/setup/config/
 ADD run-document-server.sh /app/onlyoffice/run-document-server.sh
-RUN chmod 755 /app/onlyoffice/*.sh
 
-VOLUME ["/var/log/onlyoffice"]
-VOLUME ["/var/www/onlyoffice/Data"]
+EXPOSE 80 443
 
-EXPOSE 80
-EXPOSE 443
+ARG REPO_URL="deb http://download.onlyoffice.com/repo/debian squeeze main"
+ARG PRODUCT_NAME=onlyoffice-documentserver
+
+RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/onlyoffice.list && \
+    apt-get -y update && \
+    service postgresql start && \
+    apt-get --force-yes -yq install $PRODUCT_NAME && \
+    service postgresql stop && \
+    service supervisor stop && \
+    chmod 755 /app/onlyoffice/*.sh && \
+    rm -rf /var/log/onlyoffice && \
+    rm -rf /var/lib/apt/lists/*
+
+VOLUME /etc/onlyoffice /var/log/onlyoffice /var/lib/onlyoffice /var/www/onlyoffice/Data
 
 CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'

LICENSE.txt

@@ -658,4 +658,4 @@ specific requirements.
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU AGPL, see
-<http://www.gnu.org/licenses/>.
+<http://www.gnu.org/licenses/>.

Makefile

@@ -0,0 +1,48 @@
+PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
+
+REPO_URL := "deb http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
+
+UPDATE_LATEST := false
+
+ifneq (,$(findstring develop,$(GIT_BRANCH)))
+UPDATE_LATEST := true
+endif
+
+ifneq (,$(findstring release,$(GIT_BRANCH)))
+UPDATE_LATEST := true
+endif
+
+ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
+UPDATE_LATEST := true
+endif
+
+ifeq ($(UPDATE_LATEST), true)
+DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))
+DOCKER_TAGS += latest
+else
+DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+endif
+
+DOCKER_REPO = $(COMPANY_NAME)/4testing-$(PRODUCT_NAME)
+
+COLON := __colon__
+DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
+
+.PHONY: all clean clean-docker deploy docker
+
+$(DOCKER_TARGETS): $(DEB_REPO_DATA)
+
+	sudo docker build --build-arg REPO_URL=$(REPO_URL) --build-arg PRODUCT_NAME=$(COMPANY_NAME)-$(PRODUCT_NAME) -t $(subst $(COLON),:,$@) . &&\
+	mkdir -p $$(dirname $@) &&\
+	echo "Done" > $@
+
+all: $(DOCKER_TARGETS)
+
+clean:
+	rm -rfv $(DOCKER_TARGETS)
+		
+clean-docker:
+	sudo docker rmi -f $$(sudo docker images -q $(COMPANY_NAME)/*) || exit 0
+
+deploy: $(DOCKER_TARGETS)
+	$(foreach TARGET,$(DOCKER_TARGETS),sudo docker push $(subst $(COLON),:,$(TARGET));)

README.md

@@ -4,7 +4,6 @@
 * [Running Docker Image](#running-docker-image)
 * [Configuring Docker Image](#configuring-docker-image)
     - [Storing Data](#storing-data)
-    - [Running ONLYOFFICE Document Server on Different Port](#running-onlyoffice-document-server-on-different-port)
     - [Running ONLYOFFICE Document Server using HTTPS](#running-onlyoffice-document-server-using-https)
         + [Generation of Self Signed Certificates](#generation-of-self-signed-certificates)
         + [Strengthening the Server Security](#strengthening-the-server-security)
@@ -43,7 +42,7 @@ Integrating it with ONLYOFFICE Community Server you will be able to:
 * **Swap file**: at least 2 GB
 * **HDD**: at least 2 GB of free space
 * **Distributive**: 64-bit Red Hat, CentOS or other compatible distributive with kernel version 3.8 or later, 64-bit Debian, Ubuntu or other compatible distributive with kernel version 3.8 or later
-* **Docker**: version 1.4.1 or later
+* **Docker**: version 1.9.0 or later
 
 ## Running Docker Image
 
@@ -62,21 +61,15 @@ All the data are stored in the specially-designated directories, **data volumes*
 To get access to your data from outside the container, you need to mount the volumes. It can be done by specifying the '-v' option in the docker run command.
 
     sudo docker run -i -t -d -p 80:80 \
-        -v /opt/onlyoffice/Logs:/var/log/onlyoffice  \
-        -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data  onlyoffice/documentserver
+        -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
+        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  onlyoffice/documentserver
 
 Storing the data on the host machine allows you to easily update ONLYOFFICE once the new version is released without losing your data.
 
-### Running ONLYOFFICE Document Server on Different Port
-
-To change the port, use the -p command. E.g.: to make your portal accessible via port 8080 execute the following command:
-
-    sudo docker run -i -t -d -p 8080:80 onlyoffice/documentserver
-
 ### Running ONLYOFFICE Document Server using HTTPS
 
         sudo docker run -i -t -d -p 443:443 \
-        -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data  onlyoffice/documentserver
+        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  onlyoffice/documentserver
 
 Access to the onlyoffice application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. Below the instructions on achieving this are provided.
 
@@ -87,8 +80,8 @@ To secure the application via SSL basically two things are needed:
 
 So you need to create and install the following files:
 
-        /opt/onlyoffice/Data/certs/onlyoffice.key
-        /opt/onlyoffice/Data/certs/onlyoffice.crt
+        /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
+        /app/onlyoffice/DocumentServer/data/certs/onlyoffice.crt
 
 When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are have CA certified SSL certificates.
 
@@ -131,14 +124,14 @@ Out of the four files generated above, you need to install the `onlyoffice.key`,
 
 The default path that the onlyoffice application is configured to look for the SSL certificates is at `/var/www/onlyoffice/Data/certs`, this can however be changed using the `SSL_KEY_PATH`, `SSL_CERTIFICATE_PATH` and `SSL_DHPARAM_PATH` configuration options.
 
-The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/opt/onlyoffice/Data/` and copy the files into it and as a measure of security you will update the permission on the `onlyoffice.key` file to only be readable by the owner.
+The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/app/onlyoffice/DocumentServer/data/` and copy the files into it and as a measure of security you will update the permission on the `onlyoffice.key` file to only be readable by the owner.
 
 ```bash
-mkdir -p /opt/onlyoffice/Data/certs
-cp onlyoffice.key /opt/onlyoffice/Data/certs/
-cp onlyoffice.crt /opt/onlyoffice/Data/certs/
-cp dhparam.pem /opt/onlyoffice/Data/certs/
-chmod 400 /opt/onlyoffice/Data/certs/onlyoffice.key
+mkdir -p /app/onlyoffice/DocumentServer/data/certs
+cp onlyoffice.key /app/onlyoffice/DocumentServer/data/certs/
+cp onlyoffice.crt /app/onlyoffice/DocumentServer/data/certs/
+cp dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
+chmod 400 /app/onlyoffice/DocumentServer/data/certs/onlyoffice.key
 ```
 
 You are now just one step away from having our application secured.
@@ -155,37 +148,82 @@ Below is the complete list of parameters that can be set using environment varia
 - **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
+- **POSTGRESQL_SERVER_HOST**: The IP address or the name of the host where the PostgreSQL server is running.
+- **POSTGRESQL_SERVER_PORT**: The PostgreSQL server port number.
+- **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup.
+- **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account.
+- **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account.
+- **RABBITMQ_SERVER_HOST**: The IP address or the name of the host where the RabbitMQ server is running.
+- **RABBITMQ_SERVER_USER**: The RabbitMQ server user name.
+- **RABBITMQ_SERVER_PASS**: The password set for the RabbitMQ account.
+- **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
+- **REDIS_SERVER_PORT**:  The Redis server port number.
 
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
 
-ONLYOFFICE Document Server is a part of ONLYOFFICE Free Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
+ONLYOFFICE Document Server is a part of ONLYOFFICE Community Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
+
+**STEP 1**: Create the 'onlyoffice' network.
+
+```bash
+docker network create --driver bridge onlyoffice
+```
+Than launch containers on it using the 'docker run --net onlyoffice' option:
 
 **STEP 1**: Install ONLYOFFICE Document Server.
 
 ```bash
-sudo docker run -i -t -d  --name onlyoffice-document-server onlyoffice/documentserver
+sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \
+	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
+	-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
+	onlyoffice/documentserver
 ```
 
 **STEP 2**: Install ONLYOFFICE Mail Server. 
 
 For the mail server correct work you need to specify its hostname 'yourdomain.com'.
-To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/MailServer "ONLYOFFICE Mail Server documentation").
+To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
 
 ```bash
-sudo docker run --privileged -i -t -d --name onlyoffice-mail-server -p 25:25 -p 143:143 -p 587:587 \
--h yourdomain.com onlyoffice/mailserver
+sudo docker run --net onlyoffice --privileged -i -t -d --restart=always --name onlyoffice-mail-server \
+	-p 25:25 -p 143:143 -p 587:587 \
+	-v /app/onlyoffice/MailServer/data:/var/vmail \
+	-v /app/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver \
+	-v /app/onlyoffice/MailServer/logs:/var/log \
+	-v /app/onlyoffice/MailServer/mysql:/var/lib/mysql \
+	-h yourdomain.com \
+	onlyoffice/mailserver
 ```
 
 **STEP 3**: Install ONLYOFFICE Community Server
 
 ```bash
-sudo docker run -i -t -d -p 80:80 -p 5222:5222 -p 443:443 \
---link onlyoffice-mail-server:mail_server \
---link onlyoffice-document-server:document_server \
-onlyoffice/communityserver
+sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server \
+	-p 80:80 -p 5222:5222 -p 443:443 \
+	-v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
+	-v /app/onlyoffice/CommunityServer/mysql:/var/lib/mysql \
+	-v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
+	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/DocumentServerData \
+	-e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
+	-e MAIL_SERVER_DB_HOST=onlyoffice-mail-server \
+	onlyoffice/communityserver
 ```
 
-Alternatively, you can use [docker-compose](https://docs.docker.com/compose/install "docker-compose") to install the whole ONLYOFFICE Free Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
+Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'.
+
+**STEP 1**: Download the Community Edition Docker script file
+
+```bash
+wget http://download.onlyoffice.com/install/opensource-install.sh
+```
+
+**STEP 2**: Install ONLYOFFICE Community Edition executing the following command:
+
+```bash
+bash opensource-install.sh -md yourdomain.com
+```
+
+Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
 
 ```bash
 wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
@@ -219,6 +257,7 @@ SaaS version: [http://www.onlyoffice.com](http://www.onlyoffice.com "http://www.
 
 ## User Feedback and Support
 
-If you have any problems with or questions about this image, please contact us through a [dev.onlyoffice.org][1].
+If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [dev.onlyoffice.org][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].
 
   [1]: http://dev.onlyoffice.org
+  [2]: http://stackoverflow.com/questions/tagged/onlyoffice

config/nginx/onlyoffice-documentserver-ssl.conf

@@ -0,0 +1,71 @@
+include /etc/nginx/includes/onlyoffice-http.conf;
+
+## Normal HTTP host
+server {
+  listen 0.0.0.0:80;
+  listen [::]:80 default_server;
+  server_name _;
+  server_tokens off;
+
+  ## Redirects all traffic to the HTTPS host
+  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
+  rewrite ^ https://$host$request_uri? permanent;
+}
+
+#HTTP host for internal services
+server {
+  listen 127.0.0.1:80;
+  listen [::1]:80;
+  server_name localhost;
+  server_tokens off;
+  
+  include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
+  include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
+}
+
+## HTTPS host
+server {
+  listen 0.0.0.0:443 ssl;
+  listen [::]:443 ssl default_server;
+  server_tokens off;
+  root /usr/share/nginx/html;
+
+  ## Strong SSL Security
+  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+  ssl on;
+  ssl_certificate {{SSL_CERTIFICATE_PATH}};
+  ssl_certificate_key {{SSL_KEY_PATH}};
+  ssl_verify_client {{SSL_VERIFY_CLIENT}};
+  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
+
+  ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+
+  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+  ssl_session_cache  builtin:1000  shared:SSL:10m;
+
+  ssl_prefer_server_ciphers   on;
+
+  add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
+  # add_header X-Frame-Options SAMEORIGIN;
+  add_header X-Content-Type-Options nosniff;
+
+  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
+  ## Replace with your ssl_trusted_certificate. For more info see:
+  ## - https://medium.com/devops-programming/4445f4862461
+  ## - https://www.ruby-forum.com/topic/4419319
+  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+  # ssl_stapling on;
+  # ssl_stapling_verify on;
+  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
+  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
+  # resolver_timeout 10s;
+
+  ## [Optional] Generate a stronger DHE parameter:
+  ##   cd /etc/ssl/certs
+  ##   sudo openssl dhparam -out dhparam.pem 4096
+  ##
+  ssl_dhparam {{SSL_DHPARAM_PATH}};
+
+  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
+
+}

config/nginx/onlyoffice-documentserver.conf

@@ -0,0 +1,8 @@
+include /etc/nginx/includes/onlyoffice-http.conf;
+server {
+  listen 0.0.0.0:80;
+  listen [::]:80 default_server;
+  server_tokens off;
+  
+  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
+}

config/nginx/onlyoffice-ssl

@@ -1,114 +0,0 @@
-## Normal HTTP host
-server {
-  listen 0.0.0.0:80;
-  listen [::]:80 default_server;
-  server_name _;
-  server_tokens off;
-
-  ## Redirects all traffic to the HTTPS host
-  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
-  rewrite ^ https://$host$request_uri? permanent;
-}
-
-upstream fastcgi_backend {
-    server 127.0.0.1:9001;
-    keepalive 32;
-}
-
-## HTTPS host
-server {
-  listen 0.0.0.0:443 ssl spdy;
-  listen [::]:443 ssl spdy default_server;
-  server_tokens off;
-  root /usr/share/nginx/html;
-
-  ## Increase this if you want to upload large attachments
-  client_max_body_size 100m;
-
-  ## Strong SSL Security
-  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-  ssl on;
-  ssl_certificate {{SSL_CERTIFICATE_PATH}};
-  ssl_certificate_key {{SSL_KEY_PATH}};
-  ssl_verify_client {{SSL_VERIFY_CLIENT}};
-  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
-
-  ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
-  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
-  ssl_session_cache  builtin:1000  shared:SSL:10m;
-
-  ssl_prefer_server_ciphers   on;
-
-  add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
-  # add_header X-Frame-Options SAMEORIGIN;
-  add_header X-Content-Type-Options nosniff;
-
-  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
-  ## Replace with your ssl_trusted_certificate. For more info see:
-  ## - https://medium.com/devops-programming/4445f4862461
-  ## - https://www.ruby-forum.com/topic/4419319
-  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
-  # ssl_stapling on;
-  # ssl_stapling_verify on;
-  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
-  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
-  # resolver_timeout 10s;
-
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   cd /etc/ssl/certs
-  ##   sudo openssl dhparam -out dhparam.pem 4096
-  ##
-  ssl_dhparam {{SSL_DHPARAM_PATH}};
-
-        gzip on;
-        gzip_types      text/plain
-                                text/xml
-                                text/css
-                                text/csv
-                                application/xml
-                                application/javascript
-                                application/x-javascript
-                                application/json
-                                application/octet-stream
-                                application/pdf
-                                application/rtf
-                                application/msword
-                                application/vnd.ms-excel
-                                application/vnd.ms-powerpoint;
-                                #application/vnd.oasis.opendocument.text
-                                #application/vnd.oasis.opendocument.spreadsheet
-                                #application/vnd.oasis.opendocument.presentation
-                                #application/vnd.openxmlformats-officedocument.wordprocessingml.document
-                                #application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
-                                #application/vnd.openxmlformats-officedocument.presentationml.presentation;
-
-
-        location / {
-                root /var/www/onlyoffice/documentserver/DocService/;
-                index index.html index.htm default.aspx Default.aspx;
-                fastcgi_index Default.aspx;
-                fastcgi_keep_conn on;
-                fastcgi_pass fastcgi_backend;
-                include /etc/onlyoffice/documentserver/fastcgi_params;
-        }
-
-        location ~ \/OfficeWeb\/(?!sdk\/Fonts\/) {
-                root /var/www/onlyoffice/documentserver/DocService;
-        }
-
-        location /coauthoring/ {
-                proxy_pass http://localhost:8000/;
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-        }
-
-        location /spellchecker/ {
-                proxy_pass http://localhost:8080/;
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-        }
-}
-

config/supervisor/supervisor

@@ -0,0 +1,176 @@
+#! /bin/sh
+#
+# skeleton	example file to build /etc/init.d/ scripts.
+#		This file should be used to construct scripts for /etc/init.d.
+#
+#		Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+#		Modified for Debian
+#		by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+#               Further changes by Javier Fernandez-Sanguino <jfs@debian.org>
+#
+# Version:	@(#)skeleton  1.9  26-Feb-2001  miquels@cistron.nl
+#
+### BEGIN INIT INFO
+# Provides:          supervisor
+# Required-Start:    $remote_fs $network $named
+# Required-Stop:     $remote_fs $network $named
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start/stop supervisor
+# Description:       Start/stop supervisor daemon and its configured
+#                    subprocesses.
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/supervisord
+NAME=supervisord
+DESC=supervisor
+
+test -x $DAEMON || exit 0
+
+LOGDIR=/var/log/supervisor
+PIDFILE=/var/run/$NAME.pid
+PS_COUNT=0
+DODTIME=5                   # Time to wait for the server to die, in seconds
+                            # If this value is set too low you might not
+                            # let some servers to die gracefully and
+                            # 'restart' will not work
+
+# Include supervisor defaults if available
+if [ -f /etc/default/supervisor ] ; then
+	. /etc/default/supervisor
+fi
+DAEMON_OPTS="-c /etc/supervisor/supervisord.conf $DAEMON_OPTS"
+
+set -e
+
+running_pid()
+{
+    # Check if a given process pid's cmdline matches a given name
+    pid=$1
+    name=$2
+    [ -z "$pid" ] && return 1
+    [ ! -d /proc/$pid ] &&  return 1
+    (cat /proc/$pid/cmdline | tr "\000" "\n"|grep -q $name) || return 1
+    return 0
+}
+
+running()
+{
+# Check if the process is running looking at /proc
+# (works for all users)
+
+    # No pidfile, probably no daemon present
+    [ ! -f "$PIDFILE" ] && return 1
+    # Obtain the pid and check it against the binary name
+    pid=`cat $PIDFILE`
+    running_pid $pid $DAEMON || return 1
+    return 0
+}
+
+force_stop() {
+# Forcefully kill the process
+    [ ! -f "$PIDFILE" ] && return
+    if running ; then
+        kill -15 $pid
+        # Is it really dead?
+        [ -n "$DODTIME" ] && sleep "$DODTIME"s
+        if running ; then
+            kill -9 $pid
+            [ -n "$DODTIME" ] && sleep "$DODTIME"s
+            if running ; then
+                echo "Cannot kill $LABEL (pid=$pid)!"
+                exit 1
+            fi
+        fi
+    fi
+    rm -f $PIDFILE
+    return 0
+}
+
+get_pid() {
+    PS_COUNT=$(pgrep -fc $DAEMON || true)
+}
+
+case "$1" in
+  start)
+        get_pid
+        if [ $PS_COUNT -eq 0 ]; then
+            rm -f "$PIDFILE"
+        fi
+	echo -n "Starting $DESC: "
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+		--startas $DAEMON -- $DAEMON_OPTS
+	test -f $PIDFILE || sleep 1
+        if running ; then
+            echo "$NAME."
+        else
+            echo " ERROR."
+        fi
+	;;
+  stop)
+	echo -n "Stopping $DESC: "
+	start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE 
+	echo "$NAME."
+	;;
+  force-stop)
+	echo -n "Forcefully stopping $DESC: "
+        force_stop
+        if ! running ; then
+            echo "$NAME."
+        else
+            echo " ERROR."
+        fi
+	;;
+  #reload)
+	#
+	#	If the daemon can reload its config files on the fly
+	#	for example by sending it SIGHUP, do it here.
+	#
+	#	If the daemon responds to changes in its config file
+	#	directly anyway, make this a do-nothing entry.
+	#
+	# echo "Reloading $DESC configuration files."
+	# start-stop-daemon --stop --signal 1 --quiet --pidfile \
+	#	/var/run/$NAME.pid --exec $DAEMON
+  #;;
+  force-reload)
+	#
+	#	If the "reload" option is implemented, move the "force-reload"
+	#	option to the "reload" entry above. If not, "force-reload" is
+	#	just the same as "restart" except that it does nothing if the
+	#   daemon isn't already running.
+	# check wether $DAEMON is running. If so, restart
+	start-stop-daemon --stop --test --quiet --pidfile $PIDFILE \
+        --startas $DAEMON \
+	&& $0 restart \
+	|| exit 0
+	;;
+  restart)
+    echo -n "Restarting $DESC: "
+    start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
+	[ -n "$DODTIME" ] && sleep $DODTIME
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+		--startas $DAEMON -- $DAEMON_OPTS
+	echo "$NAME."
+	;;
+  status)
+    echo -n "$LABEL is "
+    if running ;  then
+        echo "running"
+    else
+        echo " not running."
+        exit 1
+    fi
+    ;;
+  *)
+	N=/etc/init.d/$NAME
+	# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+	echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2
+	exit 1
+	;;
+esac
+
+exit 0

config/supervisor/supervisord.conf

@@ -0,0 +1,27 @@
+; supervisor config file
+
+[inet_http_server]
+port = 127.0.0.1:9001
+
+[supervisord]
+logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
+
+; the below section must remain in the config file for RPC
+; (supervisorctl/web interface) to work, additional interfaces may be
+; added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = http://localhost:9001 ; use a unix:// URL  for a unix socket
+
+; The [include] section can just contain the "files" setting.  This
+; setting can list multiple files (separated by whitespace or
+; newlines).  It can also contain wildcards.  The filenames are
+; interpreted as relative to this file.  Included files *cannot*
+; include files themselves.
+
+[include]
+files = /etc/supervisor/conf.d/*.conf

docker-compose.yml

@@ -0,0 +1,114 @@
+version: '2'
+services:
+  onlyoffice-documentserver-data:
+    container_name: onlyoffice-documentserver-data
+    image: onlyoffice/documentserver:latest
+    environment:
+      - ONLYOFFICE_DATA_CONTAINER=true
+      - POSTGRESQL_SERVER_HOST=onlyoffice-postgresql
+      - POSTGRESQL_SERVER_PORT=5432
+      - POSTGRESQL_SERVER_DB_NAME=onlyoffice
+      - POSTGRESQL_SERVER_USER=onlyoffice
+      - RABBITMQ_SERVER_HOST=onlyoffice-rabbitmq
+      - RABBITMQ_SERVER_USER=guest
+      - RABBITMQ_SERVER_PASS=guest
+      - REDIS_SERVER_HOST=onlyoffice-redis
+      - REDIS_SERVER_PORT=6379
+    stdin_open: true
+    restart: always
+    networks:
+      - onlyoffice
+    volumes:
+       - /var/www/onlyoffice/Data
+       - /var/log/onlyoffice
+       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
+       - /var/www/onlyoffice/documentserver-example/public/files
+       - /usr/share/fonts
+       
+  onlyoffice-documentserver:
+    image: onlyoffice/documentserver:latest
+    depends_on:
+      - onlyoffice-documentserver-data
+      - onlyoffice-postgresql
+      - onlyoffice-redis
+      - onlyoffice-rabbitmq
+    environment:
+      - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
+      - BALANCE=uri depth 3
+      - EXCLUDE_PORTS=443
+      - HTTP_CHECK=GET /healthcheck
+      - EXTRA_SETTINGS=http-check expect string true
+      # Uncomment the string below to redirect HTTP request to HTTPS request.
+      #- FORCE_SSL=true
+    stdin_open: true
+    restart: always
+    networks:
+      - onlyoffice
+    expose:
+      - '80'
+    volumes_from:
+     - onlyoffice-documentserver-data
+
+  onlyoffice-haproxy:
+    container_name: onlyoffice-haproxy
+    image: dockercloud/haproxy:1.5.1
+    depends_on:
+      - onlyoffice-documentserver
+    environment:
+      - MODE=http
+      # Uncomment the string below to specify the path of ssl certificates
+      #- CERT_FOLDER=/certs/
+    stdin_open: true
+    links:
+     - onlyoffice-documentserver
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      # Uncomment the string below to map a ssl certificate from host
+      # to the proxy container
+      #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem
+    restart: always
+    networks:
+     - onlyoffice
+    ports:
+      - '80:80'
+      - '443:443'
+      - '1936:1936'
+       
+  onlyoffice-redis:
+    container_name: onlyoffice-redis
+    image: redis
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '6379'
+
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '5672'
+
+  onlyoffice-postgresql:
+    container_name: onlyoffice-postgresql
+    image: postgres:9.5
+    environment:
+      - POSTGRES_DB=onlyoffice
+      - POSTGRES_USER=onlyoffice
+    networks:
+      - onlyoffice
+    restart: always
+    expose:
+      - '5432'
+    volumes:
+      - postgresql_data:/var/lib/postgresql
+
+networks:
+  onlyoffice:
+    driver: 'bridge'
+
+volumes:
+  postgresql_data:

run-document-server.sh

@@ -1,76 +1,214 @@
 #!/bin/bash
 
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/CoAuthoringService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/DocService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/FileConverterService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/LibreOfficeService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/SpellCheckerService.conf
-
-sed "/sudo /s/-u onlyoffice//" -i /var/www/onlyoffice/documentserver/Tools/CheckDocService.sh
-sed "/sudo /s/-u onlyoffice//" -i /var/www/onlyoffice/documentserver/Tools/GenerateAllFonts.sh
-
-chown root /var/www/onlyoffice
-chown root /var/lib/onlyoffice
-
-adduser --quiet www-data root
-
+APP_DIR="/var/www/onlyoffice/documentserver"
 DATA_DIR="/var/www/onlyoffice/Data"
-LOG_DIR="/var/log/onlyoffice"
+LOG_DIR="/var/log/onlyoffice/documentserver"
 
-ONLYOFFICE_HTTPS=${ONLYOFFICE_HTTPS:-false}
+ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
+ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
+ONLYOFFICE_DATA_CONTAINER_PORT=80
 
 SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
 SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
 SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
+CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
 ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
 ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
 SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
 
-NGINX_ONLYOFFICE_PATH="/etc/nginx/sites-enabled/onlyoffice-documentserver";
+NGINX_ONLYOFFICE_PATH="/etc/nginx/conf.d/onlyoffice-documentserver.conf";
+
+NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
+NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)}
+NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
+
+ONLYOFFICE_DEFAULT_CONFIG=/etc/onlyoffice/documentserver/default.json
+
+JSON="json -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
+
+LOCAL_SERVICES=()
+
+read_setting(){
+  POSTGRESQL_SERVER_HOST=${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}
+  POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}
+  POSTGRESQL_SERVER_DB_NAME=${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}
+  POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
+  POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}
+
+  RABBITMQ_SERVER_URL=$(${JSON} rabbitmq.url)
+  RABBITMQ_SERVER_HOST=${RABBITMQ_SERVER_HOST:-${RABBITMQ_SERVER_URL#'amqp://'}}
+  RABBITMQ_SERVER_USER=${RABBITMQ_SERVER_USER:-$(${JSON} rabbitmq.login)}
+  RABBITMQ_SERVER_PASS=${RABBITMQ_SERVER_PASS:-$(${JSON} rabbitmq.password)}
+  RABBITMQ_SERVER_PORT=${RABBITMQ_SERVER_PORT:-"5672"}
+
+  REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
+  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-$(${JSON} services.CoAuthoring.redis.port)}
+}
+
+waiting_for_connection(){
+  until nc -z -w 3 "$1" "$2"; do
+    >&2 echo "Waiting for connection to the $1 host on port $2"
+    sleep 1
+  done
+}
+
+waiting_for_postgresql(){
+  waiting_for_connection ${POSTGRESQL_SERVER_HOST} ${POSTGRESQL_SERVER_PORT}
+}
+
+waiting_for_rabbitmq(){
+  waiting_for_connection ${RABBITMQ_SERVER_HOST} ${RABBITMQ_SERVER_PORT}
+}
+
+waiting_for_redis(){
+  waiting_for_connection ${REDIS_SERVER_HOST} ${REDIS_SERVER_PORT}
+}
+waiting_for_datacontainer(){
+  waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT}
+}
+update_postgresql_settings(){
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${POSTGRESQL_SERVER_HOST}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${POSTGRESQL_SERVER_PORT}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${POSTGRESQL_SERVER_DB_NAME}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${POSTGRESQL_SERVER_USER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${POSTGRESQL_SERVER_PASS}'"
+}
+
+update_rabbitmq_setting(){
+  ${JSON} -I -e "this.rabbitmq.url = 'amqp://${RABBITMQ_SERVER_HOST}'"
+  ${JSON} -I -e "this.rabbitmq.login = '${RABBITMQ_SERVER_USER}'"
+  ${JSON} -I -e "this.rabbitmq.password = '${RABBITMQ_SERVER_PASS}'"
+}
+
+update_redis_settings(){
+  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
+  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
+}
+
+create_postgresql_db(){
+  CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -U${POSTGRESQL_SERVER_USER} -w"
+  if [ -n "${POSTGRESQL_SERVER_PASS}" ]; then
+    export PGPASSWORD=${POSTGRESQL_SERVER_PASS}
+  fi
+
+  PSQL="psql -q $CONNECTION_PARAMS"
+  CREATEDB="createdb $CONNECTION_PARAMS"
+
+  # Create db on remote server
+  if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then
+    $CREATEDB $DB_NAME
+  fi
+
+  $PSQL -d "${POSTGRESQL_SERVER_DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql"
+}
+
+update_nginx_settings(){
+  # Set up nginx
+  sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH}
+  sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_CONFIG_PATH}
+  sed 's/access_log.*/'"access_log off;"'/' -i ${NGINX_CONFIG_PATH}
+
+  # setup HTTPS
+  if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
+    cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver-ssl.conf ${NGINX_ONLYOFFICE_PATH}
+
+    # configure nginx
+    sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+    sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+
+    # if dhparam path is valid, add to the config, otherwise remove the option
+    if [ -r "${SSL_DHPARAM_PATH}" ]; then
+      sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+    else
+      sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i ${NGINX_ONLYOFFICE_PATH}
+    fi
+
+    sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
+
+    if [ -f "${CA_CERTIFICATES_PATH}" ]; then
+      sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+    else
+      sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
+    fi
+
+    if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
+      sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/'"${ONLYOFFICE_HTTPS_HSTS_MAXAGE}"'/' -i ${NGINX_ONLYOFFICE_PATH}
+    else
+      sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
+    fi
+  else
+    cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver.conf ${NGINX_ONLYOFFICE_PATH}
+  fi
+}
+
+update_supervisor_settings(){
+  # Copy modified supervisor start script
+  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
+  # Copy modified supervisor config
+  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
+}
 
 # create base folders
-mkdir -p /var/log/onlyoffice/documentserver/FileConverterService/
-mkdir -p /var/log/onlyoffice/documentserver/CoAuthoringService/
-mkdir -p /var/log/onlyoffice/documentserver/DocService/
-mkdir -p /var/log/onlyoffice/documentserver/SpellCheckerService/
-mkdir -p /var/log/onlyoffice/documentserver/LibreOfficeService/
-mkdir -p /var/log/onlyoffice/documentserver/WatchDogService/
+for i in converter docservice spellchecker metrics gc; do
+  mkdir -p "${LOG_DIR}/$i"
+done
 
-# setup HTTPS
-if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
-        cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-ssl ${NGINX_ONLYOFFICE_PATH}
+mkdir -p ${LOG_DIR}-example
 
-        mkdir ${DATA_DIR}
-        mkdir ${LOG_DIR}/nginx
+if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
 
-        # configure nginx
-        sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+  read_setting
 
-        # if dhparam path is valid, add to the config, otherwise remove the option
-        if [ -r "${SSL_DHPARAM_PATH}" ]; then
-          sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
+  # update settings by env variables
+  if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then
+    update_postgresql_settings
+    waiting_for_postgresql
+    create_postgresql_db
+  else
+    LOCAL_SERVICES+=("postgresql")
+  fi
 
-        sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
+  if [ ${RABBITMQ_SERVER_HOST} != "localhost" ]; then
+    update_rabbitmq_setting
+  else
+    LOCAL_SERVICES+=("redis-server")
+  fi
 
-        if [ -f /usr/local/share/ca-certificates/ca.crt ]; then
-          sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
+  if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
+    update_redis_settings
+  else
+    LOCAL_SERVICES+=("rabbitmq-server")
+  fi
+else
+  # no need to update settings just wait for remote data
+  waiting_for_datacontainer
 
-        if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
-          sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/'"${ONLYOFFICE_HTTPS_HSTS_MAXAGE}"'/' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
+  # read settings after the data container in ready state
+  # to prevent get unconfigureted data
+  read_setting
 fi
 
-service mysql start
+#start needed local services
+for i in ${LOCAL_SERVICES[@]}; do
+  service $i start
+done
+
+if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
+  waiting_for_postgresql
+  waiting_for_rabbitmq
+  waiting_for_redis
+
+  update_nginx_settings
+
+  update_supervisor_settings
+  service supervisor start
+fi
+
+# nginx used as a proxy, and as data container status service.
+# it run in all cases.
 service nginx start
-service supervisor start
+
+# Regenerate the fonts list and the fonts thumbnails
+documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}