Merge branch hotfix/v8.3.1 into master

Co-authored-by: danilapog <danil.titarenko@onlyoffice.com>
Co-committed-by: danilapog <danil.titarenko@onlyoffice.com>

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,13 @@
+**Do you want to request a *feature* or report a *bug*?**
+
+**What is the current behavior?**
+
+**If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.**
+
+**What is the expected behavior?**
+
+**Did this work in previous versions of DocumentServer?**
+
+**DocumentServer Docker tag:**
+
+**Host Operating System:**

.github/workflows/4testing-build.yml

@@ -0,0 +1,186 @@
+### This workflow setup instance then build and push images ###
+name: 4testing multiarch-build
+run-name: >-
+  Build #${{ inputs.build }} [
+  ${{ inputs.amd64 && 'AMD64' || '-' }}
+  ${{ inputs.arm64 && 'ARM64' || '-' }}
+  ] [
+  ${{ inputs.community && 'CE' || '-' }}
+  ${{ inputs.developer && 'DE' || '-' }}
+  ${{ inputs.enterprise && 'EE' || '-' }}
+  ]
+
+on:
+  workflow_dispatch:
+    inputs:
+      build:
+        description: 'Build number (ex. 45)'
+        type: string
+        required: true
+      amd64:
+        type: boolean
+        description: 'Build AMD64'
+        default: true
+      arm64:
+        type: boolean
+        description: 'Build ARM64'
+        default: true
+      community:
+        type: boolean
+        description: 'Build Community Edition'
+        default: true
+      enterprise:
+        type: boolean
+        description: 'Build Enterprise Edition'
+        default: true
+      developer:
+        type: boolean
+        description: 'Build Developer Edition'
+        default: true
+
+env: 
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver"
+      
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    steps:
+      - id: matrix
+        env:
+          BRANCH_NAME: ${{ github.ref_name }}
+          AMD64: ${{ github.event.inputs.amd64 }}
+          ARM64: ${{ github.event.inputs.arm64 }}
+          COMMUNITY: ${{ github.event.inputs.community }}
+          ENTERPRISE: ${{ github.event.inputs.enterprise }}
+          DEVELOPER: ${{ github.event.inputs.developer }}
+        run: |
+          set -ex
+
+          if ! [[ "$BRANCH_NAME" == develop || "$BRANCH_NAME" =~ hotfix || "$BRANCH_NAME" =~ release ]]; then
+            echo "Wrong branch."
+            exit 1
+          fi
+
+          [ "${AMD64}" = true ] && PLATFORMS+=("amd64")
+          [ "${ARM64}" = true ] && PLATFORMS+=("arm64")
+          if [ -z ${PLATFORMS} ]; then
+            echo "None of the platforms are selected."
+            exit 1
+          fi
+
+          [ "${COMMUNITY}" = true ] && EDITIONS+=("community")
+          [ "${ENTERPRISE}" = true ] && EDITIONS+=("enterprise")
+          [ "${DEVELOPER}" = true ] && EDITIONS+=("developer")
+          if [ -z ${EDITIONS} ]; then
+            echo "None of the editions are selected."
+            exit 1
+          fi
+          echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT
+    outputs:
+      editions: ${{ steps.matrix.outputs.editions }}
+
+  build:
+    name: "Build ${{ matrix.image }}-${{ matrix.edition }}"
+    runs-on: ubuntu-latest
+    needs: prepare
+    strategy:
+      fail-fast: false
+      matrix:
+        image: ["documentserver"]
+        edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+     
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Build 4testing
+        id: build-ds
+        env:
+          BRANCH_NAME: ${{ github.ref_name }}
+          AMD64: ${{ github.event.inputs.amd64 }}
+          ARM64: ${{ github.event.inputs.arm64 }}
+          BUILD_NUMBER: ${{ github.event.inputs.build }}
+          EDITION: ${{ matrix.edition }}
+          IMAGE: ${{ matrix.image }}
+          PACKAGE_BASEURL: ${{ secrets.REPO_BASEURL }}
+        run: |
+          set -eux
+
+          ### ==>> At this step build variable declaration ###
+
+          case "${EDITION}" in
+            community)
+              PRODUCT_EDITION=""
+              ;;
+            enterprise)
+              PRODUCT_EDITION="-ee"
+              ;;
+            developer)
+              PRODUCT_EDITION="-de"
+              ;;
+          esac
+
+          [ "${AMD64}" = true ] && PLATFORMS+=("amd64")
+          [ "${ARM64}" = true ] && PLATFORMS+=("arm64")
+          PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')
+
+          if [ "$BRANCH_NAME" = develop ]; then
+            BUILD_CHANNEL=nightly
+            PRODUCT_VERSION=99.99.99
+          elif [[ "$BRANCH_NAME" =~ hotfix || "$BRANCH_NAME" =~ release ]]; then
+            BUILD_CHANNEL=test
+            PRODUCT_VERSION=${BRANCH_NAME#*/v}
+          fi
+
+          export PRODUCT_EDITION
+          export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
+          export BUILD_CHANNEL
+          export PLATFORM
+          export DOCKERFILE=Dockerfile
+          export PREFIX_NAME=4testing-
+          export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
+
+          ### ==>> Build and push images at this step ###
+
+          docker buildx bake -f docker-bake.hcl "${IMAGE}" --push
+          echo "DONE: Build success"
+
+          ### Set output for Zap scanner
+          ### NOTE: Output will be used only in release/hotfix branches
+          
+          echo "version=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
+        shell: bash
+
+      # Run scanner only when edition is community 
+      # and branch hit release/ or hotfix/
+      - name: Trigger zap manualy
+        if: >-
+             matrix.edition == 'community' &&
+             (startsWith(steps.build-ds.outputs.branch, 'release/') ||
+              startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
+        env:
+          VERSION: ${{ steps.build-ds.outputs.version }}
+          BRANCH: ${{ steps.build-ds.outputs.branch }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+          REPO: ${{ github.repository }}
+        run: |
+            gh workflow run zap-ds.yaml \
+                 --repo "${REPO}" \
+                 -f branch="${BRANCH}" \
+                 -f version="${VERSION}"
+        shell: bash
+

.github/workflows/cron-rebuild-trigger.yml

@@ -0,0 +1,22 @@
+---
+name: Trigger 4testing rebuild
+
+run-name: "Weekly 4testing rebuild trigger"
+
+on: 
+  schedule:
+    # Run every Saturday at 10 p.m.   
+    - cron: '00 22 * * 6'
+  
+jobs: 
+  trigger-rebuild:
+    name: "trigget-rebuild"
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Rebuild 4testing manualy
+        env: 
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+        run: |
+          gh workflow run rebuild.yml \
+              --repo ONLYOFFICE/Docker-DocumentServer \
+              -f repo=4test

.github/workflows/rebuild.yml

@@ -0,0 +1,224 @@
+---
+name: Rebuild Docker-Documentserver 
+
+run-name: >
+        Rebuild DocumentServer with secure updates for repo: ${{ github.event.inputs.repo }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      repo:
+        type: choice
+        description: Please, choose upload repo..
+        options:
+        - '4test'
+        - 'stable'
+
+permissions:
+  # All other permissions are set to none
+  contents: read
+  # Technically read access while waiting for images should be more than enough. However,
+  # there is a bug in GitHub Actions/Packages and in case private repositories are used, you get a permission
+  # denied error when attempting to just pull private image, changing the token permission to write solves the
+  # issue. This is not dangerous, because if it is for "ONLYOFFICE/Docker-DocumentServer", only maintainers can use ds-rebuild.yaml
+  # If it is for a fork, then the token is read-only anyway.
+  packages: read
+
+env: 
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver" 
+  REGISTRY_URL: "https://hub.docker.com/v2/repositories"  
+
+jobs:
+  rebuild-info:
+    name: "Rebuild-info"
+    runs-on: "ubuntu-22.04"
+    env:
+      REPO_INPUTS: ${{ github.event.inputs.repo }}
+      EVENT: ${{ github.event_name }}
+    outputs: 
+      stable-versions: ${{ steps.selective-checks.outputs.stable-versions }}
+      ucs-versions: ${{ steps.selective-checks.outputs.ucs-versions }}
+      minor-tags: ${{ steps.selective-checks.outputs.minor-tags }}
+      ucs-rebuild-condition: ${{ steps.selective-checks.outputs.ucs-rebuild-condition }}
+      prefix-name: ${{ steps.selective-checks.outputs.prefix-name }}
+      repo: ${{ steps.selective-checks.outputs.repo }}
+    steps:
+      - name: Selective checks
+        id: selective-checks
+        run: |
+            set -e
+
+            REPO=${REPO_INPUTS:-"4test"}
+
+            if [ "${REPO}" == "stable" ]; then
+                 UCS_REBUILD=true
+                 UCS_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}-ucs/tags/?page_size=100 | \
+                            jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
+                 echo "ucs-versions=$(jq -c -n '$ARGS.positional' --args "${UCS_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
+            elif
+               [ "${REPO}" == "4test" ]; then 
+                 UCS_REBUILD=false
+                 PREFIX_NAME=4testing-
+            fi
+            
+            STABLE_VERSIONS=($(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 | \
+                            jq -r '.results|.[]|.name' | grep -oxE '[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.1' || true))
+                            
+            # When rebuilding stable versions of the document server, 
+            # it is necessary to determine the version from which the 
+            # minor x.x tag will need to be pushed.        
+            
+            VERSIONS=(${STABLE_VERSIONS[@]})
+            for i in {1..10}; do
+                 if [ -z "${VERSIONS}" ]; then
+                     break
+                 else 
+                     TEMPLATE=${VERSIONS[0]%.*.*}
+                     TEMPLATE_MINOR=$(printf -- '%s\n' "${VERSIONS[@]}" | grep -o -m 1 "${VERSIONS[0]%.*.*}.[0-9].[0-9]")
+                     MINOR_TAGS+=(${TEMPLATE_MINOR%.*})
+            
+                     for v in ${MINOR_TAGS[@]}; do
+                          VERSIONS=(${VERSIONS[@]//${v%.*}.*.*})
+                     done
+                 fi
+            done
+            
+            echo "Stable releases that will be rebuilded"
+            echo "--------------------------------------"
+            echo "${STABLE_VERSIONS[@]}"
+            echo
+            echo 
+            echo "Ucs releases that will be rebuilded"
+            echo "-----------------------------------"
+            echo "${UCS_VERSIONS[@]}"
+            
+            echo "stable-versions=$(jq -c -n '$ARGS.positional' --args "${STABLE_VERSIONS[@]}")" >> "$GITHUB_OUTPUT"
+            echo "minor-tags=${MINOR_TAGS[@]}" >> "$GITHUB_OUTPUT"
+            echo "ucs-rebuild-condition=${UCS_REBUILD}" >> "$GITHUB_OUTPUT"
+            echo "prefix-name=${PREFIX_NAME}" >>  "$GITHUB_OUTPUT"
+            echo "repo=${REPO}" >> "$GITHUB_OUTPUT"
+        shell: bash
+
+  re-build-stable:
+    name: "Rebuild stable:${{ matrix.version }} ${{ matrix.edition }}"
+    needs: [rebuild-info]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        type: ["stable"]
+        edition: ["", "-ee", "-de"]
+        version: ${{fromJSON(needs.rebuild-info.outputs.stable-versions)}}
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2      
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+     # Determines the new build number based 
+     # on data from the hub.docker registry
+      - name: Declare release number
+        id: release-number
+        env: 
+          REBUILD_VERSION: ${{ matrix.version }}
+        run: |
+          MINOR_VERSION=${REBUILD_VERSION%.*} 
+          LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
+          | jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
+          LAST_RELEASE=${LAST_RELEASE#*.*.*.}
+          echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"   
+        shell: bash  
+    #  Note: Rebuilding images with an 
+    #  extra layer to update security and 
+    #  all dependencies. Update tags got +1 to previous release.
+      - name: Re-build documentserver-stable
+        env:
+          MINOR_TAGS_ST: ${{ needs.rebuild-info.outputs.minor-tags }}
+          VERSION: ${{ matrix.version }}
+          RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
+          PREFIX_NAME: ${{ needs.rebuild-info.outputs.prefix-name }}
+          REPO: ${{ needs.rebuild-info.outputs.repo }}
+          PRODUCT_EDITION: ${{ matrix.edition }}
+        run: |
+            set -eux
+            export PULL_TAG=${VERSION}
+            export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+            export SHORTER_TAG=${VERSION%.*}
+            export SHORTEST_TAG=${VERSION%.*.*}
+            
+            if [ "${REPO}" == "stable" ]; then
+                 MINOR_TAGS=(${MINOR_TAGS_ST})
+                 for v in ${MINOR_TAGS[@]}; do
+                     if [ "${SHORTER_TAG}" == "${v}" ]; then
+                         export PUSH_MAJOR="true"
+                     fi
+                 done
+                 if [ "${SHORTER_TAG}" == "${MINOR_TAGS[0]}" ]; then
+                     export LATEST="true"
+                 fi
+            fi
+            docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
+        shell: bash
+  re-build-ucs:
+    name: "Rebuild ucs: ${{ matrix.version }} ${{ matrix.edition }}"
+    if: needs.rebuild-info.outputs.ucs-rebuild-condition == 'true'
+    needs: [rebuild-info]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        type: ["ucs"]
+        edition: ["", "-ee"]
+        version: ${{fromJSON(needs.rebuild-info.outputs.ucs-versions)}}
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+      # Determines the new build number based 
+      # on data from the hub.docker registry
+      - name: Declare release number
+        id: release-number
+        env: 
+          REBUILD_VERSION: ${{ matrix.version }}
+        run: |
+          MINOR_VERSION=${REBUILD_VERSION%.*} 
+          LAST_RELEASE=$(curl -s -H -X ${REGISTRY_URL}/${COMPANY_NAME}/${PRODUCT_NAME}/tags/?page_size=100 \
+                        | jq -r '.results|.[]|.name' | grep -Eo -m1 "${MINOR_VERSION}.[0-9]{1,}")
+          LAST_RELEASE=${LAST_RELEASE#*.*.*.}
+          echo "release-number=$((LAST_RELEASE+1))" >> "$GITHUB_OUTPUT"
+        shell: bash       
+      #  Note: Rebuilding images with an 
+      #  extra layer to update security and 
+      #  all dependencies. Update tags +1 to previous release.
+      - name: Re-build documentserver-ucs
+        env: 
+          VERSION: ${{ matrix.version }}
+          RELEASE_NUMBER: ${{ steps.release-number.outputs.release-number }}
+          PRODUCT_EDITION: ${{ matrix.edition }}
+        run: |
+            set -eux
+            export PULL_TAG=${VERSION}
+            export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+            export SHORTER_TAG=${VERSION%.*}
+            export SHORTEST_TAG=${VERSION%.*.*}
+          
+            export UCS_REBUILD=true
+            export UCS_PREFIX=-ucs
+          
+            docker buildx bake -f docker-bake.hcl documentserver-stable-rebuild --push
+        shell: bash

.github/workflows/stable-build.yml

@@ -0,0 +1,139 @@
+### This workflow setup instance then build and push images ###
+name: Multi-arch build stable
+run-name: ${{ inputs.tag }} (${{ inputs.release_number }})
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag for release (ex. 1.2.3.45)'
+        type: string
+        required: true
+      release_number:
+        description: 'Sequence number of the release (ex. x.x.x.<number>)'
+        type: string
+        required: true
+        default: '1'
+
+env:
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver"
+  VERSION: ${{ github.event.inputs.tag }}
+  RELEASE_NUMBER: ${{ github.event.inputs.release_number }}
+
+jobs:
+  build:
+    name: "Release image: DocumentServer${{ matrix.edition }}"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        images: ["documentserver-stable"]
+        edition: ["", "-ee", "-de"]
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+     
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Build documentserver-release
+        env:
+          TARGET: ${{ matrix.images }}
+          PRODUCT_EDITION: ${{ matrix.edition }}
+        run: |
+          set -eux
+          TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
+            export PRODUCT_EDITION
+            export PULL_TAG=${VERSION}
+            export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+            export SHORTER_TAG=${VERSION%.*}
+            export SHORTEST_TAG=${VERSION%.*.*}
+            docker buildx bake -f docker-bake.hcl "${TARGET}" --push
+            echo "DONE: Build success >> exit with 0"
+            exit 0
+        shell: bash
+
+  build-nonexample:
+    name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: ${{ false }}
+    strategy:
+      fail-fast: false
+      matrix:
+        images: ["documentserver-nonexample"]
+        edition: ["", "-ee", "-de"]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: build image
+        env:
+          TARGET: ${{ matrix.images }}
+          PRODUCT_EDITION: ${{ matrix.edition }}
+        run: |
+          set -eux
+          export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER}
+          export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+          docker buildx bake -f docker-bake.hcl "${TARGET}" --push
+        shell: bash
+
+  build-ucs-ubuntu20:
+    name: "Release image: DocumentServer${{ matrix.edition }}-ucs"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        edition: ["", "-ee"]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: build UCS
+        env:
+          PACKAGE_BASEURL: ${{ secrets.REPO_BASEURL }}
+          PRODUCT_EDITION: ${{ matrix.edition }}
+        run: |
+           set -eux
+           export DOCKERFILE=Dockerfile
+           export BASE_VERSION=20.04
+           export PG_VERSION=12
+           export PACKAGE_SUFFIX=
+           export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+           export PACKAGE_VERSION=$( echo ${VERSION} |  sed -E 's/(.*)\./\1-/')
+           docker buildx bake -f docker-bake.hcl documentserver-ucs --push
+        shell: bash

.github/workflows/zap-ds.yaml

@@ -0,0 +1,70 @@
+---
+name: Scanning DocumentServer with ZAP
+
+run-name: > 
+      ZAP DocumentServer ver: ${{ github.event.inputs.version }} from branch: ${{ github.event.inputs.branch }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Set DocumentServer version that will be deployed'
+        type: string
+        required: true
+      branch:
+        description: 'The branch from which the scan will be performed'
+        type: string
+        required: true
+jobs:
+  zap:
+    name: "Zap scanning DocumentServer"
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run DS
+        id: run-ds
+        env:
+          TAG: ${{ github.event.inputs.version }}
+        run: |
+           # Create ssl certs
+           openssl genrsa -out tls.key 2048
+           openssl req -new -key tls.key -out tls.csr -subj "/C=RU/ST=NizhObl/L=NizhNov/O=RK-Tech/OU=TestUnit/CN=TestName"
+           openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
+           openssl dhparam -out dhparam.pem 2048
+           sudo mkdir -p /app/onlyoffice/DocumentServer/data/certs
+           sudo cp ./tls.key /app/onlyoffice/DocumentServer/data/certs/
+           sudo cp ./tls.crt /app/onlyoffice/DocumentServer/data/certs/
+           sudo cp ./dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
+           sudo chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
+           rm ./tls.key ./tls.crt ./dhparam.pem
+
+           # Run Ds with enabled ssl
+           export CONTAINER_NAME="documentserver"
+           sudo docker run -itd \
+                           --name ${CONTAINER_NAME} \
+                           -p 80:80 \
+                           -p 443:443 \
+                           -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
+                           onlyoffice/4testing-documentserver:${TAG}
+           sleep 60
+           sudo docker exec ${CONTAINER_NAME} sudo supervisorctl start ds:example
+           LOCAL_IP=$(hostname -I | awk '{print $1}')
+           echo "local-ip=${LOCAL_IP}" >> "$GITHUB_OUTPUT"
+
+      # Scan DocumentServer with ZAP.
+      # NOTE: Full scan get a lot of time.
+      # If you want make scan more faster (but less accurate) remove `cmd options` field
+      # -j mean that scanning use AJAX Spider, with this spider the scan takes approximately an hour
+      # Without any cmd options will be used default spider and the scan takes approximately ~10-15 minutes
+      - name: ZAP Scan
+        uses: zaproxy/action-full-scan@v0.8.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          target: 'https://${{ steps.run-ds.outputs.local-ip }}/'
+          allow_issue_writing: false
+          cmd_options: '-j'

.travis.yml

@@ -0,0 +1,131 @@
+language: generic
+
+dist: trusty
+
+env:
+  # community edition
+  - config: standalone.yml
+
+  # integration edition
+  - config: standalone.yml
+    PRODUCT_NAME: documentserver-ie
+
+
+  # certificates (default tls if onlyoffice not exists)
+  - config: certs.yml
+    ssl: true
+
+  # certificates (default onlyoffice if exists)
+  - config: certs.yml
+    ssl: true
+    private_key: onlyoffice.key
+    certificate_request: onlyoffice.csr
+    certificate: onlyoffice.crt
+
+  # custom certificates
+  - config: certs-customized.yml
+    ssl: true
+    private_key: mycert.key
+    certificate_request: mycert.csr
+    certificate: mycert.crt
+    SSL_CERTIFICATE_PATH: /var/www/onlyoffice/Data/certs/mycert.crt
+    SSL_KEY_PATH: /var/www/onlyoffice/Data/certs/mycert.key
+
+
+  # postgresql 16
+  - config: postgres.yml
+    POSTGRES_VERSION: 16
+
+  # postgresql 15
+  - config: postgres.yml
+    POSTGRES_VERSION: 15
+
+  # postgresql 14
+  - config: postgres.yml
+    POSTGRES_VERSION: 14
+
+  # postgresql 13
+  - config: postgres.yml
+    POSTGRES_VERSION: 13
+
+  # postgresql 12
+  - config: postgres.yml
+
+  # postgresql custom values
+  - config: postgres.yml
+    DB_NAME: mydb
+    DB_USER: myuser
+    DB_PWD: password
+    POSTGRES_DB: mydb
+    POSTGRES_USER: myuser
+
+  # postgresql deprecated variables
+  - config: postgres-old.yml
+
+
+  # mysql 8
+  - config: mysql.yml
+    MYSQL_VERSION: 8
+
+  # mysql 5
+  - config: mysql.yml
+    MYSQL_VERSION: 5
+
+  # mysql 5.7
+  - config: mysql.yml
+
+
+  # mariadb 10
+  - config: mariadb.yml
+    MARIADB_VERSION: 10
+
+  # mariadb 10.5
+  - config: mariadb.yml
+
+
+  - config: activemq.yml
+    ACTIVEMQ_VERSION: latest
+
+  # activemq 5.14.3
+  - config: activemq.yml
+
+
+  # rabbitmq latest
+  - config: rabbitmq.yml
+
+  # rabbitmq 3
+  - config: rabbitmq.yml
+    RABBITMQ_VERSION: 3
+
+  # rabbitmq old variables
+  - config: rabbitmq-old.yml
+
+
+  # redis latest with community edition
+  - config: redis.yml
+
+  # redis latest with integraion edition
+  - config: redis.yml
+    PRODUCT_NAME: documentserver-ie
+
+  # redis 6
+  - config: redis.yml
+    REDIS_VERSION: 6
+
+  # redis 5
+  - config: redis.yml
+    REDIS_VERSION: 5
+
+
+  # graphite
+  - config: graphite.yml
+
+services:
+  - docker
+
+script:
+  # Go to tests dir
+  - cd ${PWD}/tests
+
+  # Run test.
+  - ./test.sh

Dockerfile

@@ -1,36 +1,138 @@
-FROM ubuntu:14.04
-MAINTAINER Ascensio System SIA <support@onlyoffice.com>
+ARG BASE_VERSION=24.04
 
-ENV LANG en_US.UTF-8  
-ENV LANGUAGE en_US:en  
-ENV LC_ALL en_US.UTF-8 
+ARG BASE_IMAGE=ubuntu:$BASE_VERSION
 
-RUN apt-get update && apt-get -y -q install libreoffice 
+FROM ${BASE_IMAGE} AS documentserver
+LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
+
+ARG BASE_VERSION
+ARG PG_VERSION=16
+ARG PACKAGE_SUFFIX=t64
+
+ENV OC_RELEASE_NUM=21
+ENV OC_RU_VER=12
+ENV OC_RU_REVISION_VER=0
+ENV OC_RESERVED_NUM=0
+ENV OC_RU_DATE=0
+ENV OC_PATH=${OC_RELEASE_NUM}${OC_RU_VER}000
+ENV OC_FILE_SUFFIX=${OC_RELEASE_NUM}.${OC_RU_VER}.${OC_RU_REVISION_VER}.${OC_RESERVED_NUM}.${OC_RU_DATE}${OC_FILE_SUFFIX}dbru
+ENV OC_VER_DIR=${OC_RELEASE_NUM}_${OC_RU_VER}
+ENV OC_DOWNLOAD_URL=https://download.oracle.com/otn_software/linux/instantclient/${OC_PATH}
+
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION} BASE_VERSION=${BASE_VERSION}
+
+ARG ONLYOFFICE_VALUE=onlyoffice
 
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
-    echo "deb http://static.teamlab.com.s3.amazonaws.com/repo/debian/ squeeze main" >>  /etc/apt/sources.list && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D9D0BF019CC8AC0D && \
-    echo "deb http://download.mono-project.com/repo/debian wheezy/snapshots/3.12.0  main" | sudo tee /etc/apt/sources.list.d/mono-xamarin.list && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF && \
-    echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" >> /etc/apt/sources.list && \
-    DEBIAN_FRONTEND=noninteractive  && \
+    apt-get -y update && \
+    apt-get -yq install wget apt-transport-https gnupg locales lsb-release && \
+    wget -q -O /etc/apt/sources.list.d/mssql-release.list "https://packages.microsoft.com/config/ubuntu/$BASE_VERSION/prod.list" && \
+    wget -q -O /tmp/microsoft.asc https://packages.microsoft.com/keys/microsoft.asc && \
+    apt-key add /tmp/microsoft.asc && \
+    gpg --dearmor -o /usr/share/keyrings/microsoft-prod.gpg < /tmp/microsoft.asc && \
+    apt-get -y update && \
     locale-gen en_US.UTF-8 && \
-    apt-get -y update && \
     echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
-    apt-get install --force-yes -yq software-properties-common && \
-    add-apt-repository ppa:ubuntu-toolchain-r/test && \
-    apt-get -y update && \
-    apt-get --force-yes -yq install gcc-4.9 onlyoffice-documentserver nano htop && \
+    ACCEPT_EULA=Y apt-get -yq install \
+        adduser \
+        apt-utils \
+        bomstrip \
+        certbot \
+        cron \
+        curl \
+        htop \
+        libaio1${PACKAGE_SUFFIX} \
+        libasound2${PACKAGE_SUFFIX} \
+        libboost-regex-dev \
+        libcairo2 \
+        libcurl3-gnutls \
+        libcurl4 \
+        libgtk-3-0 \
+        libnspr4 \
+        libnss3 \
+        libstdc++6 \
+        libxml2 \
+        libxss1 \
+        libxtst6 \
+        mssql-tools18 \
+        mysql-client \
+        nano \
+        net-tools \
+        netcat-openbsd \
+        nginx-extras \
+        postgresql \
+        postgresql-client \
+        pwgen \
+        rabbitmq-server \
+        redis-server \
+        sudo \
+        supervisor \
+        ttf-mscorefonts-installer \
+        unixodbc-dev \
+        unzip \
+        xvfb \
+        xxd \
+        zlib1g || dpkg --configure -a && \
+    # Added dpkg --configure -a to handle installation issues with rabbitmq-server on arm64 architecture
+    if [  $(ls -l /usr/share/fonts/truetype/msttcorefonts | wc -l) -ne 61 ]; \
+        then echo 'msttcorefonts failed to download'; exit 1; fi  && \
+    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
+    sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
+    sed 's|\(application\/zip.*\)|\1\n    application\/wasm wasm;|' -i /etc/nginx/mime.types && \
+    pg_conftool $PG_VERSION main set listen_addresses 'localhost' && \
+    service postgresql restart && \
+    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
+    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE OWNER $ONLYOFFICE_VALUE;" && \
+    wget -O basic.zip ${OC_DOWNLOAD_URL}/instantclient-basic-linux.x64-${OC_FILE_SUFFIX}.zip && \
+    wget -O sqlplus.zip ${OC_DOWNLOAD_URL}/instantclient-sqlplus-linux.x64-${OC_FILE_SUFFIX}.zip && \
+    unzip -d /usr/share basic.zip && \
+    unzip -d /usr/share sqlplus.zip && \
+    mv /usr/share/instantclient_${OC_VER_DIR} /usr/share/instantclient && \
+    service postgresql stop && \
+    service redis-server stop && \
+    service rabbitmq-server stop && \
+    service supervisor stop && \
+    service nginx stop && \
     rm -rf /var/lib/apt/lists/*
 
-ADD config /app/onlyoffice/setup/config/
-ADD run-document-server.sh /app/onlyoffice/run-document-server.sh
-RUN chmod 755 /app/onlyoffice/*.sh
+COPY config/supervisor/supervisor /etc/init.d/
+COPY config/supervisor/ds/*.conf /etc/supervisor/conf.d/
+COPY run-document-server.sh /app/ds/run-document-server.sh
+COPY oracle/sqlplus /usr/bin/sqlplus
 
-VOLUME ["/var/log/onlyoffice"]
-VOLUME ["/var/www/onlyoffice/Data"]
+EXPOSE 80 443
 
-EXPOSE 80
-EXPOSE 443
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_NAME=documentserver
+ARG PRODUCT_EDITION=
+ARG PACKAGE_VERSION=
+ARG TARGETARCH
+ARG PACKAGE_BASEURL="http://download.onlyoffice.com/install/documentserver/linux"
 
-CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'
+ENV COMPANY_NAME=$COMPANY_NAME \
+    PRODUCT_NAME=$PRODUCT_NAME \
+    PRODUCT_EDITION=$PRODUCT_EDITION \
+    DS_PLUGIN_INSTALLATION=false \
+    DS_DOCKER_INSTALLATION=true
+
+RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VERSION:+_$PACKAGE_VERSION}_${TARGETARCH:-$(dpkg --print-architecture)}.deb" && \
+    wget -q -P /tmp "$PACKAGE_BASEURL/$PACKAGE_FILE" && \
+    apt-get -y update && \
+    service postgresql start && \
+    apt-get -yq install /tmp/$PACKAGE_FILE && \
+    service postgresql stop && \
+    chmod 755 /etc/init.d/supervisor && \
+    sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
+    service supervisor stop && \
+    chmod 755 /app/ds/*.sh && \
+    printf "\nGO" >> "/var/www/$COMPANY_NAME/documentserver/server/schema/mssql/createdb.sql" && \
+    printf "\nGO" >> "/var/www/$COMPANY_NAME/documentserver/server/schema/mssql/removetbl.sql" && \
+    printf "\nexit" >> "/var/www/$COMPANY_NAME/documentserver/server/schema/oracle/createdb.sql" && \
+    printf "\nexit" >> "/var/www/$COMPANY_NAME/documentserver/server/schema/oracle/removetbl.sql" && \
+    rm -f /tmp/$PACKAGE_FILE && \
+    rm -rf /var/log/$COMPANY_NAME && \
+    rm -rf /var/lib/apt/lists/*
+
+VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom
+
+ENTRYPOINT ["/app/ds/run-document-server.sh"]

LICENSE.txt

@@ -658,4 +658,4 @@ specific requirements.
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU AGPL, see
-<http://www.gnu.org/licenses/>.
+<http://www.gnu.org/licenses/>.

Makefile

@@ -0,0 +1,66 @@
+COMPANY_NAME ?= ONLYOFFICE
+GIT_BRANCH ?= develop
+PRODUCT_NAME ?= documentserver
+PRODUCT_EDITION ?= 
+PRODUCT_VERSION ?= 0.0.0
+BUILD_NUMBER ?= 0
+BUILD_CHANNEL ?= nightly
+ONLYOFFICE_VALUE ?= onlyoffice
+
+COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
+
+PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)
+PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch
+PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian
+
+ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test))
+	DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)
+else
+	DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)-$(subst /,-,$(GIT_BRANCH))
+endif
+
+DOCKER_ORG ?= $(COMPANY_NAME_LOW)
+DOCKER_IMAGE := $(DOCKER_ORG)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION)
+DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy
+DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)_$(DOCKER_TAG).tar.gz
+
+.PHONY: all clean clean-docker image deploy docker
+
+$(DOCKER_DUMMY):
+	docker pull ubuntu:22.04
+	docker build \
+		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
+		--build-arg PRODUCT_NAME=$(PRODUCT_NAME) \
+		--build-arg PRODUCT_EDITION=$(PRODUCT_EDITION) \
+		--build-arg PACKAGE_VERSION=$(PACKAGE_VERSION) \
+		--build-arg PACKAGE_BASEURL=$(PACKAGE_BASEURL) \
+		--build-arg TARGETARCH=amd64 \
+		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
+		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
+	mkdir -p $$(dirname $@) && \
+	echo "Done" > $@
+
+$(DOCKER_ARCH): $(DOCKER_DUMMY)
+	docker save $(DOCKER_IMAGE):$(DOCKER_TAG) | \
+		gzip > $@
+
+all: image
+
+clean:
+	rm -rfv *.dummy *.tar.gz
+		
+clean-docker:
+	docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0
+
+image: $(DOCKER_DUMMY)
+
+deploy: $(DOCKER_DUMMY)
+	for i in {1..3}; do \
+		docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \
+	done
+ifeq ($(BUILD_CHANNEL),nightly)
+	docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest
+	for i in {1..3}; do \
+		docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \
+	done
+endif

README.md

@@ -11,9 +11,10 @@
         + [Installation of the SSL Certificates](#installation-of-the-ssl-certificates)
         + [Available Configuration Parameters](#available-configuration-parameters)
 * [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
+* [ONLYOFFICE Document Server ipv6 setup](#onlyoffice-document-server-ipv6-setup)
 * [Issues](#issues)
     - [Docker Issues](#docker-issues)
-    - [Mono Issues](#mono-issues)
+    - [Document Server usage Issues](#document-server-usage-issues)
 * [Project Information](#project-information)
 * [User Feedback and Support](#user-feedback-and-support)
 
@@ -21,6 +22,12 @@
 
 ONLYOFFICE Document Server is an online office suite comprising viewers and editors for texts, spreadsheets and presentations, fully compatible with Office Open XML formats: .docx, .xlsx, .pptx and enabling collaborative editing in real time.
 
+Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It has [three editions](https://github.com/ONLYOFFICE/DocumentServer#onlyoffice-document-server-editions). With this image, you will install the free Community version. 
+
+ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface.
+
+***Important*** Please update `docker-engine` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
+
 ## Functionality ##
 * ONLYOFFICE Document Editor
 * ONLYOFFICE Spreadsheet Editor
@@ -40,10 +47,10 @@ Integrating it with ONLYOFFICE Community Server you will be able to:
 
 * **RAM**: 4 GB or more
 * **CPU**: dual-core 2 GHz or higher
-* **Swap file**: at least 2 GB
+* **Swap**: at least 2 GB
 * **HDD**: at least 2 GB of free space
-* **Distributive**: 64-bit Red Hat, CentOS or other compatible distributive with kernel version 3.8 or later, 64-bit Debian, Ubuntu or other compatible distributive with kernel version 3.8 or later
-* **Docker**: version 1.4.1 or later
+* **Distribution**: 64-bit Red Hat, CentOS or other compatible distributive with kernel version 3.8 or later, 64-bit Debian, Ubuntu or other compatible distributive with kernel version 3.8 or later
+* **Docker**: version 1.9.0 or later
 
 ## Running Docker Image
 
@@ -58,14 +65,23 @@ Use this command if you wish to install ONLYOFFICE Document Server separately. T
 All the data are stored in the specially-designated directories, **data volumes**, at the following location:
 * **/var/log/onlyoffice** for ONLYOFFICE Document Server logs
 * **/var/www/onlyoffice/Data** for certificates
+* **/var/lib/onlyoffice** for file cache
+* **/var/lib/postgresql** for database
 
 To get access to your data from outside the container, you need to mount the volumes. It can be done by specifying the '-v' option in the docker run command.
 
     sudo docker run -i -t -d -p 80:80 \
-        -v /opt/onlyoffice/Logs:/var/log/onlyoffice  \
-        -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data  onlyoffice/documentserver
+        -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
+        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
+        -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
+        -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
+        -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
+        -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver
 
-Storing the data on the host machine allows you to easily update ONLYOFFICE once the new version is released without losing your data.
+Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
+* For easy access to container data, such as logs
+* To remove the limit on the size of the data inside the container
+* When using services launched outside the container such as PostgreSQL, Redis, RabbitMQ
 
 ### Running ONLYOFFICE Document Server on Different Port
 
@@ -76,7 +92,7 @@ To change the port, use the -p command. E.g.: to make your portal accessible via
 ### Running ONLYOFFICE Document Server using HTTPS
 
         sudo docker run -i -t -d -p 443:443 \
-        -v /opt/onlyoffice/Data:/var/www/onlyoffice/Data  onlyoffice/documentserver
+        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  onlyoffice/documentserver
 
 Access to the onlyoffice application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. Below the instructions on achieving this are provided.
 
@@ -87,10 +103,17 @@ To secure the application via SSL basically two things are needed:
 
 So you need to create and install the following files:
 
-        /opt/onlyoffice/Data/certs/onlyoffice.key
-        /opt/onlyoffice/Data/certs/onlyoffice.crt
+        /app/onlyoffice/DocumentServer/data/certs/tls.key
+        /app/onlyoffice/DocumentServer/data/certs/tls.crt
 
-When using CA certified certificates, these files are provided to you by the CA. When using self-signed certificates you need to generate these files yourself. Skip the following section if you are have CA certified SSL certificates.
+When using CA certified certificates (e.g [Let's encrypt](https://letsencrypt.org)), these files are provided to you by the CA. If you are using self-signed certificates you need to generate these files [yourself](#generation-of-self-signed-certificates).
+
+#### Using the automatically generated Let's Encrypt SSL Certificates
+
+        sudo docker run -i -t -d -p 80:80 -p 443:443 \
+        -e LETS_ENCRYPT_DOMAIN=your_domain -e LETS_ENCRYPT_MAIL=your_mail  onlyoffice/documentserver
+
+If you want to get and extend Let's Encrypt SSL Certificates automatically just set LETS_ENCRYPT_DOMAIN and LETS_ENCRYPT_MAIL variables.
 
 #### Generation of Self Signed Certificates
 
@@ -99,19 +122,19 @@ Generation of self-signed SSL certificates involves a simple 3 step procedure.
 **STEP 1**: Create the server private key
 
 ```bash
-openssl genrsa -out onlyoffice.key 2048
+openssl genrsa -out tls.key 2048
 ```
 
 **STEP 2**: Create the certificate signing request (CSR)
 
 ```bash
-openssl req -new -key onlyoffice.key -out onlyoffice.csr
+openssl req -new -key tls.key -out tls.csr
 ```
 
 **STEP 3**: Sign the certificate using the private key and CSR
 
 ```bash
-openssl x509 -req -days 365 -in onlyoffice.csr -signkey onlyoffice.key -out onlyoffice.crt
+openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
 ```
 
 You have now generated an SSL certificate that's valid for 365 days.
@@ -127,18 +150,18 @@ openssl dhparam -out dhparam.pem 2048
 
 #### Installation of the SSL Certificates
 
-Out of the four files generated above, you need to install the `onlyoffice.key`, `onlyoffice.crt` and `dhparam.pem` files at the onlyoffice server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
+Out of the four files generated above, you need to install the `tls.key`, `tls.crt` and `dhparam.pem` files at the onlyoffice server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
 
 The default path that the onlyoffice application is configured to look for the SSL certificates is at `/var/www/onlyoffice/Data/certs`, this can however be changed using the `SSL_KEY_PATH`, `SSL_CERTIFICATE_PATH` and `SSL_DHPARAM_PATH` configuration options.
 
-The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/opt/onlyoffice/Data/` and copy the files into it and as a measure of security you will update the permission on the `onlyoffice.key` file to only be readable by the owner.
+The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/app/onlyoffice/DocumentServer/data/` and copy the files into it and as a measure of security you will update the permission on the `tls.key` file to only be readable by the owner.
 
 ```bash
-mkdir -p /opt/onlyoffice/Data/certs
-cp onlyoffice.key /opt/onlyoffice/Data/certs/
-cp onlyoffice.crt /opt/onlyoffice/Data/certs/
-cp dhparam.pem /opt/onlyoffice/Data/certs/
-chmod 400 /opt/onlyoffice/Data/certs/onlyoffice.key
+mkdir -p /app/onlyoffice/DocumentServer/data/certs
+cp tls.key /app/onlyoffice/DocumentServer/data/certs/
+cp tls.crt /app/onlyoffice/DocumentServer/data/certs/
+cp dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
+chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
 ```
 
 You are now just one step away from having our application secured.
@@ -151,47 +174,179 @@ Below is the complete list of parameters that can be set using environment varia
 
 - **ONLYOFFICE_HTTPS_HSTS_ENABLED**: Advanced configuration option for turning off the HSTS configuration. Applicable only when SSL is in use. Defaults to `true`.
 - **ONLYOFFICE_HTTPS_HSTS_MAXAGE**: Advanced configuration option for setting the HSTS max-age in the onlyoffice nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
-- **SSL_CERTIFICATE_PATH**: The path to the SSL certificate to use. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.crt`.
-- **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.key`.
+- **SSL_CERTIFICATE_PATH**: The path to the SSL certificate to use. Defaults to `/var/www/onlyoffice/Data/certs/tls.crt`.
+- **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/tls.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
+- **NODE_EXTRA_CA_CERTS**: The [NODE_EXTRA_CA_CERTS](https://nodejs.org/api/cli.html#node_extra_ca_certsfile "Node.js documentation") to extend CAs with the extra certificates for Node.js. Defaults to `/var/www/onlyoffice/Data/certs/extra-ca-certs.pem`.
+- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb`, `mysql`, `mssql` or `oracle`. Defaults to `postgres`.
+- **DB_HOST**: The IP address or the name of the host where the database server is running.
+- **DB_PORT**: The database server port number.
+- **DB_NAME**: The name of a database to use. Should be existing on container startup.
+- **DB_USER**: The new user name with superuser permissions for the database account.
+- **DB_PWD**: The password set for the database account.
+- **AMQP_URI**: The [AMQP URI](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
+- **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
+- **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
+- **REDIS_SERVER_PORT**:  The Redis server port number.
+- **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
+- **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
+- **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
+- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
+- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
+- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value.
+- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
+- **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
+- **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
+- **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`.
+- **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`.
+- **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
+- **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true`
+- **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`.
+- **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`.
+- **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`.
+- **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
+- **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
+- **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
+- **PLUGINS_ENABLED**: Defines whether to enable default plugins. Defaults to `true`.
 
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
 
-ONLYOFFICE Document Server is a part of ONLYOFFICE Free Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
+ONLYOFFICE Document Server is a part of ONLYOFFICE Community Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
 
-**STEP 1**: Install ONLYOFFICE Document Server.
+**STEP 1**: Create the `onlyoffice` network.
 
 ```bash
-sudo docker run -i -t -d  --name onlyoffice-document-server onlyoffice/documentserver
+docker network create --driver bridge onlyoffice
+```
+Then launch containers on it using the 'docker run --net onlyoffice' option:
+
+**STEP 2**: Install MySQL.
+
+Follow [these steps](#installing-mysql) to install MySQL server.
+
+**STEP 3**: Generate JWT Secret
+
+JWT secret defines the secret key to validate the JSON Web Token in the request to the **ONLYOFFICE Document Server**. You can specify it yourself or easily get it using the command:
+```
+JWT_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12);
 ```
 
-**STEP 2**: Install ONLYOFFICE Mail Server. 
+**STEP 4**: Install ONLYOFFICE Document Server.
+
+```bash
+sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \
+ -e JWT_ENABLED=true \
+ -e JWT_SECRET=${JWT_SECRET} \
+ -e JWT_HEADER=AuthorizationJwt \
+ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
+ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
+ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
+ -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
+ onlyoffice/documentserver
+```
+
+**STEP 5**: Install ONLYOFFICE Mail Server. 
 
 For the mail server correct work you need to specify its hostname 'yourdomain.com'.
-To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/MailServer "ONLYOFFICE Mail Server documentation").
 
 ```bash
-sudo docker run --privileged -i -t -d --name onlyoffice-mail-server -p 25:25 -p 143:143 -p 587:587 \
--h yourdomain.com onlyoffice/mailserver
+sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always --name onlyoffice-mail-server -p 25:25 -p 143:143 -p 587:587 \
+ -e MYSQL_SERVER=onlyoffice-mysql-server \
+ -e MYSQL_SERVER_PORT=3306 \
+ -e MYSQL_ROOT_USER=root \
+ -e MYSQL_ROOT_PASSWD=my-secret-pw \
+ -e MYSQL_SERVER_DB_NAME=onlyoffice_mailserver \
+ -v /app/onlyoffice/MailServer/data:/var/vmail \
+ -v /app/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver \
+ -v /app/onlyoffice/MailServer/logs:/var/log \
+ -h yourdomain.com \
+ onlyoffice/mailserver
 ```
 
-**STEP 3**: Install ONLYOFFICE Community Server
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml#L87).
+
+To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
+
+**STEP 6**: Install ONLYOFFICE Community Server
 
 ```bash
-sudo docker run -i -t -d -p 80:80 -p 5222:5222 -p 443:443 \
---link onlyoffice-mail-server:mail_server \
---link onlyoffice-document-server:document_server \
-onlyoffice/communityserver
+sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 --cgroupns=host \
+ -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \
+ -e MYSQL_SERVER_DB_NAME=onlyoffice \
+ -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \
+ -e MYSQL_SERVER_USER=onlyoffice_user \
+ -e MYSQL_SERVER_PASS=onlyoffice_pass \
+ 
+ -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
+ -e DOCUMENT_SERVER_JWT_ENABLED=true \
+ -e DOCUMENT_SERVER_JWT_SECRET=${JWT_SECRET} \
+ -e DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt \
+ 
+ -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \
+ -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \
+ -e MAIL_SERVER_DB_NAME=onlyoffice_mailserver \
+ -e MAIL_SERVER_DB_PORT=3306 \
+ -e MAIL_SERVER_DB_USER=root \
+ -e MAIL_SERVER_DB_PASS=my-secret-pw \
+ 
+ -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
+ -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
+ -v /app/onlyoffice/CommunityServer/letsencrypt:/etc/letsencrypt \
+ -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
+ onlyoffice/communityserver
 ```
 
-Alternatively, you can use [docker-compose](https://docs.docker.com/compose/install "docker-compose") to install the whole ONLYOFFICE Free Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
+Where `${MAIL_SERVER_IP}` is the IP address for **ONLYOFFICE Mail Server**. You can easily get it using the command:
+```
+MAIL_SERVER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server)
+```
+
+Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'.
+
+**STEP 1**: Download the Community Edition Docker script file
 
 ```bash
-wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
+wget https://download.onlyoffice.com/install/opensource-install.sh
+```
+
+**STEP 2**: Install ONLYOFFICE Community Edition executing the following command:
+
+```bash
+bash opensource-install.sh -md yourdomain.com
+```
+
+Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
+
+```bash
+wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.groups.yml
 docker-compose up -d
 ```
 
+## ONLYOFFICE Document Server ipv6 setup
+
+(Works and is supported only for Linux hosts)
+
+Docker does not currently provide ipv6 addresses to containers by default. This function is experimental now.
+
+To set up interaction via ipv6, you need to enable support for this feature in your Docker. For this you need:
+- create the `/etc/docker/daemon.json` file with the following content:
+
+```
+{
+"ipv6": true,
+"fixed-cidr-v6": "2001:db8:abc1::/64"
+}
+```
+- restart docker with the following command: `systemctl restart docker`
+
+After that, all running containers receive an ipv6 address and have an inet6 interface.
+
+You can check your default bridge network and see the field there
+`EnableIPv6=true`. A new ipv6 subnet will also be added.
+
+For more information, visit the official [Docker manual site](https://docs.docker.com/config/daemon/ipv6/)
+
 ## Issues
 
 ### Docker Issues
@@ -200,14 +355,19 @@ As a relatively new project Docker is being worked on and actively developed by
 
 The known Docker issue with ONLYOFFICE Document Server with rpm-based distributives is that sometimes the processes fail to start inside Docker container. Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0. If it fixes the issue then you can either stick with SELinux disabled which is not recommended by RedHat, or switch to using Ubuntu.
 
-### Mono Issues
+### Document Server usage issues
 
-ONLYOFFICE installation requires the presence of mono (tested for version 3.12.1 or [older](http://www.mono-project.com/docs/getting-started/install/linux/#accessing-older-releases "older")) that may cause problems for some Linux kernel versions. The full list of supported kernel versions is available [here](http://onlyo.co/1PABPEI "here").
+Due to the operational characteristic, **Document Server** saves a document only after the document has been closed by all the users who edited it. To avoid data loss, you must forcefully disconnect the **Document Server** users when you need to stop **Document Server** in cases of the application update, server reboot etc. To do that, execute the following script on the server where **Document Server** is installed:
 
+```
+sudo docker exec <CONTAINER> documentserver-prepare4shutdown.sh
+```
+
+Please note, that both executing the script and disconnecting users may take a long time (up to 5 minutes).
 
 ## Project Information
 
-Official website: [http://www.onlyoffice.org](http://onlyoffice.org "http://www.onlyoffice.org")
+Official website: [https://www.onlyoffice.com](https://www.onlyoffice.com/?utm_source=github&utm_medium=cpc&utm_campaign=GitHubDockerDS)
 
 Code repository: [https://github.com/ONLYOFFICE/DocumentServer](https://github.com/ONLYOFFICE/DocumentServer "https://github.com/ONLYOFFICE/DocumentServer")
 
@@ -215,10 +375,13 @@ Docker Image: [https://github.com/ONLYOFFICE/Docker-DocumentServer](https://gith
 
 License: [GNU AGPL v3.0](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=4358397&doc=K0ZUdlVuQzQ0RFhhMzhZRVN4ZFIvaHlhUjN2eS9XMXpKR1M5WEppUk1Gcz0_IjQzNTgzOTci0 "GNU AGPL v3.0")
 
-SaaS version: [http://www.onlyoffice.com](http://www.onlyoffice.com "http://www.onlyoffice.com")
+Free version vs commercial builds comparison: https://github.com/ONLYOFFICE/DocumentServer#onlyoffice-document-server-editions
+
+SaaS version: [https://www.onlyoffice.com/cloud-office.aspx](https://www.onlyoffice.com/cloud-office.aspx?utm_source=github&utm_medium=cpc&utm_campaign=GitHubDockerDS)
 
 ## User Feedback and Support
 
-If you have any problems with or questions about this image, please contact us through a [dev.onlyoffice.org][1].
+If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [forum.onlyoffice.com][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].
 
-  [1]: http://dev.onlyoffice.org
+  [1]: https://forum.onlyoffice.com
+  [2]: https://stackoverflow.com/questions/tagged/onlyoffice

config/nginx/onlyoffice-ssl

@@ -1,114 +0,0 @@
-## Normal HTTP host
-server {
-  listen 0.0.0.0:80;
-  listen [::]:80 default_server;
-  server_name _;
-  server_tokens off;
-
-  ## Redirects all traffic to the HTTPS host
-  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
-  rewrite ^ https://$host$request_uri? permanent;
-}
-
-upstream fastcgi_backend {
-    server 127.0.0.1:9001;
-    keepalive 32;
-}
-
-## HTTPS host
-server {
-  listen 0.0.0.0:443 ssl spdy;
-  listen [::]:443 ssl spdy default_server;
-  server_tokens off;
-  root /usr/share/nginx/html;
-
-  ## Increase this if you want to upload large attachments
-  client_max_body_size 100m;
-
-  ## Strong SSL Security
-  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-  ssl on;
-  ssl_certificate {{SSL_CERTIFICATE_PATH}};
-  ssl_certificate_key {{SSL_KEY_PATH}};
-  ssl_verify_client {{SSL_VERIFY_CLIENT}};
-  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
-
-  ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
-  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
-  ssl_session_cache  builtin:1000  shared:SSL:10m;
-
-  ssl_prefer_server_ciphers   on;
-
-  add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
-  # add_header X-Frame-Options SAMEORIGIN;
-  add_header X-Content-Type-Options nosniff;
-
-  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
-  ## Replace with your ssl_trusted_certificate. For more info see:
-  ## - https://medium.com/devops-programming/4445f4862461
-  ## - https://www.ruby-forum.com/topic/4419319
-  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
-  # ssl_stapling on;
-  # ssl_stapling_verify on;
-  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
-  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
-  # resolver_timeout 10s;
-
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   cd /etc/ssl/certs
-  ##   sudo openssl dhparam -out dhparam.pem 4096
-  ##
-  ssl_dhparam {{SSL_DHPARAM_PATH}};
-
-        gzip on;
-        gzip_types      text/plain
-                                text/xml
-                                text/css
-                                text/csv
-                                application/xml
-                                application/javascript
-                                application/x-javascript
-                                application/json
-                                application/octet-stream
-                                application/pdf
-                                application/rtf
-                                application/msword
-                                application/vnd.ms-excel
-                                application/vnd.ms-powerpoint;
-                                #application/vnd.oasis.opendocument.text
-                                #application/vnd.oasis.opendocument.spreadsheet
-                                #application/vnd.oasis.opendocument.presentation
-                                #application/vnd.openxmlformats-officedocument.wordprocessingml.document
-                                #application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
-                                #application/vnd.openxmlformats-officedocument.presentationml.presentation;
-
-
-        location / {
-                root /var/www/onlyoffice/documentserver/DocService/;
-                index index.html index.htm default.aspx Default.aspx;
-                fastcgi_index Default.aspx;
-                fastcgi_keep_conn on;
-                fastcgi_pass fastcgi_backend;
-                include /etc/onlyoffice/documentserver/fastcgi_params;
-        }
-
-        location ~ \/OfficeWeb\/(?!sdk\/Fonts\/) {
-                root /var/www/onlyoffice/documentserver/DocService;
-        }
-
-        location /coauthoring/ {
-                proxy_pass http://localhost:8000/;
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-        }
-
-        location /spellchecker/ {
-                proxy_pass http://localhost:8080/;
-                proxy_http_version 1.1;
-                proxy_set_header Upgrade $http_upgrade;
-                proxy_set_header Connection "upgrade";
-        }
-}
-

config/supervisor/ds/ds-converter.conf

@@ -0,0 +1,13 @@
+[program:converter]
+command=/var/www/COMPANY_NAME/documentserver/server/FileConverter/converter
+directory=/var/www/COMPANY_NAME/documentserver/server/FileConverter
+user=ds
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME,LD_LIBRARY_PATH=/var/www/COMPANY_NAME/documentserver/server/FileConverter/bin
+stdout_logfile=/var/log/COMPANY_NAME/documentserver/converter/out.log
+stdout_logfile_backups=0
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/COMPANY_NAME/documentserver/converter/err.log
+stderr_logfile_backups=0
+stderr_logfile_maxbytes=0
+autostart=true
+autorestart=true

config/supervisor/ds/ds-docservice.conf

@@ -0,0 +1,13 @@
+[program:docservice]
+command=/var/www/COMPANY_NAME/documentserver/server/DocService/docservice
+directory=/var/www/COMPANY_NAME/documentserver/server/DocService
+user=ds
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME
+stdout_logfile=/var/log/COMPANY_NAME/documentserver/docservice/out.log
+stdout_logfile_backups=0
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/COMPANY_NAME/documentserver/docservice/err.log
+stderr_logfile_backups=0
+stderr_logfile_maxbytes=0
+autostart=true
+autorestart=true

config/supervisor/ds/ds-example.conf

@@ -0,0 +1,14 @@
+[program:example]
+command=/var/www/COMPANY_NAME/documentserver-example/example
+directory=/var/www/COMPANY_NAME/documentserver-example/
+user=ds
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver-example,NODE_DISABLE_COLORS=1
+stdout_logfile=/var/log/COMPANY_NAME/documentserver-example/out.log
+stdout_logfile_backups=0
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/COMPANY_NAME/documentserver-example/err.log
+stderr_logfile_backups=0
+stderr_logfile_maxbytes=0
+autostart=false
+autorestart=true
+redirect_stderr=true

config/supervisor/ds/ds-metrics.conf

@@ -0,0 +1,13 @@
+[program:metrics]
+command=/var/www/COMPANY_NAME/documentserver/server/Metrics/metrics ./config/config.js
+directory=/var/www/COMPANY_NAME/documentserver/server/Metrics
+user=ds
+environment=NODE_DISABLE_COLORS=1
+stdout_logfile=/var/log/COMPANY_NAME/documentserver/metrics/out.log
+stdout_logfile_backups=0
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/COMPANY_NAME/documentserver/metrics/err.log
+stderr_logfile_backups=0
+stderr_logfile_maxbytes=0
+autostart=false
+autorestart=false

config/supervisor/ds/ds.conf

@@ -0,0 +1,2 @@
+[group:ds]
+programs=docservice,converter,metrics,example

config/supervisor/supervisor

@@ -0,0 +1,176 @@
+#! /bin/sh
+#
+# skeleton	example file to build /etc/init.d/ scripts.
+#		This file should be used to construct scripts for /etc/init.d.
+#
+#		Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+#		Modified for Debian
+#		by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+#               Further changes by Javier Fernandez-Sanguino <jfs@debian.org>
+#
+# Version:	@(#)skeleton  1.9  26-Feb-2001  miquels@cistron.nl
+#
+### BEGIN INIT INFO
+# Provides:          supervisor
+# Required-Start:    $remote_fs $network $named
+# Required-Stop:     $remote_fs $network $named
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start/stop supervisor
+# Description:       Start/stop supervisor daemon and its configured
+#                    subprocesses.
+### END INIT INFO
+
+. /lib/lsb/init-functions
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/supervisord
+NAME=supervisord
+DESC=supervisor
+
+test -x $DAEMON || exit 0
+
+LOGDIR=/var/log/supervisor
+PIDFILE=/var/run/$NAME.pid
+PS_COUNT=0
+DODTIME=5                   # Time to wait for the server to die, in seconds
+                            # If this value is set too low you might not
+                            # let some servers to die gracefully and
+                            # 'restart' will not work
+
+# Include supervisor defaults if available
+if [ -f /etc/default/supervisor ] ; then
+	. /etc/default/supervisor
+fi
+DAEMON_OPTS="-c /etc/supervisor/supervisord.conf $DAEMON_OPTS"
+
+set -e
+
+running_pid()
+{
+    # Check if a given process pid's cmdline matches a given name
+    pid=$1
+    name=$2
+    [ -z "$pid" ] && return 1
+    [ ! -d /proc/$pid ] &&  return 1
+    (cat /proc/$pid/cmdline | tr "\000" "\n"|grep -q $name) || return 1
+    return 0
+}
+
+running()
+{
+# Check if the process is running looking at /proc
+# (works for all users)
+
+    # No pidfile, probably no daemon present
+    [ ! -f "$PIDFILE" ] && return 1
+    # Obtain the pid and check it against the binary name
+    pid=`cat $PIDFILE`
+    running_pid $pid $DAEMON || return 1
+    return 0
+}
+
+force_stop() {
+# Forcefully kill the process
+    [ ! -f "$PIDFILE" ] && return
+    if running ; then
+        kill -15 $pid
+        # Is it really dead?
+        [ -n "$DODTIME" ] && sleep "$DODTIME"s
+        if running ; then
+            kill -9 $pid
+            [ -n "$DODTIME" ] && sleep "$DODTIME"s
+            if running ; then
+                echo "Cannot kill $LABEL (pid=$pid)!"
+                exit 1
+            fi
+        fi
+    fi
+    rm -f $PIDFILE
+    return 0
+}
+
+get_pid() {
+    PS_COUNT=$(pgrep -fc $DAEMON || true)
+}
+
+case "$1" in
+  start)
+        get_pid
+        if [ $PS_COUNT -eq 0 ]; then
+            rm -f "$PIDFILE"
+        fi
+	echo -n "Starting $DESC: "
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+		--startas $DAEMON -- $DAEMON_OPTS
+	test -f $PIDFILE || sleep 1
+        if running ; then
+            echo "$NAME."
+        else
+            echo " ERROR."
+        fi
+	;;
+  stop)
+	echo -n "Stopping $DESC: "
+	start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE 
+	echo "$NAME."
+	;;
+  force-stop)
+	echo -n "Forcefully stopping $DESC: "
+        force_stop
+        if ! running ; then
+            echo "$NAME."
+        else
+            echo " ERROR."
+        fi
+	;;
+  #reload)
+	#
+	#	If the daemon can reload its config files on the fly
+	#	for example by sending it SIGHUP, do it here.
+	#
+	#	If the daemon responds to changes in its config file
+	#	directly anyway, make this a do-nothing entry.
+	#
+	# echo "Reloading $DESC configuration files."
+	# start-stop-daemon --stop --signal 1 --quiet --pidfile \
+	#	/var/run/$NAME.pid --exec $DAEMON
+  #;;
+  force-reload)
+	#
+	#	If the "reload" option is implemented, move the "force-reload"
+	#	option to the "reload" entry above. If not, "force-reload" is
+	#	just the same as "restart" except that it does nothing if the
+	#   daemon isn't already running.
+	# check wether $DAEMON is running. If so, restart
+	start-stop-daemon --stop --test --quiet --pidfile $PIDFILE \
+        --startas $DAEMON \
+	&& $0 restart \
+	|| exit 0
+	;;
+  restart)
+    echo -n "Restarting $DESC: "
+    start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
+	[ -n "$DODTIME" ] && sleep $DODTIME
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+		--startas $DAEMON -- $DAEMON_OPTS
+	echo "$NAME."
+	;;
+  status)
+    echo -n "$LABEL is "
+    if running ;  then
+        echo "running"
+    else
+        echo " not running."
+        exit 1
+    fi
+    ;;
+  *)
+	N=/etc/init.d/$NAME
+	# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+	echo "Usage: $N {start|stop|restart|force-reload|status|force-stop}" >&2
+	exit 1
+	;;
+esac
+
+exit 0

docker-bake.hcl

@@ -0,0 +1,174 @@
+variable "TAG" {
+    default = ""
+}
+
+variable "SHORTER_TAG" {
+    default = ""
+}
+
+variable "SHORTEST_TAG" {
+    default = ""
+}
+
+variable "PULL_TAG" {
+    default = ""
+}
+
+variable "COMPANY_NAME" {
+    default = ""
+}
+
+variable "PREFIX_NAME" {
+    default = ""
+}
+
+variable "PRODUCT_EDITION" {
+    default = ""
+}
+
+variable "PRODUCT_NAME" {
+    default = ""
+}
+
+variable "PACKAGE_VERSION" {
+    default = ""
+}
+
+variable "DOCKERFILE" {
+    default = ""
+}
+
+variable "PLATFORM" {
+    default = ""
+}
+
+variable "PACKAGE_BASEURL" {
+    default = ""
+}
+
+variable "PACKAGE_FILE" {
+    default = ""
+}
+
+variable "BUILD_CHANNEL" {
+    default = ""
+}
+
+variable "PUSH_MAJOR" {
+    default = "false"
+}
+
+variable "LATEST" {
+    default = "false"
+}
+
+### ↓ Variables for UCS build ↓
+
+variable "BASE_VERSION" {
+    default     = ""
+}
+
+variable "PACKAGE_SUFFIX" {
+    default     = ""
+}
+
+variable "PG_VERSION" {
+    default     = ""
+}
+
+variable "UCS_REBUILD" {
+    default = ""
+}
+
+variable "UCS_PREFIX" {
+    default = ""
+}
+
+### ↑ Variables for UCS build ↑
+
+target "documentserver" {
+    target = "documentserver"
+    dockerfile = "${DOCKERFILE}"
+    tags = [
+           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
+           equal("nightly",BUILD_CHANNEL) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
+           ]
+    platforms = ["${PLATFORM}"]
+    args = {
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
+        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
+        "PLATFORM": "${PLATFORM}"
+    }
+}
+
+target "documentserver-stable" {
+    target = "documentserver-stable"
+    dockerfile = "production.dockerfile"
+    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest",
+            equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "PULL_TAG": "${PULL_TAG}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+    }
+}
+
+target "documentserver-ucs" {
+    target = "documentserver"
+    dockerfile = "${DOCKERFILE}"
+    tags = [
+           "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}"
+           ]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
+        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
+        "PACKAGE_SUFFIX": "${PACKAGE_SUFFIX}"
+        "BASE_VERSION": "${BASE_VERSION}"
+        "PG_VERSION": "${PG_VERSION}"
+    }
+}
+
+target "documentserver-nonexample" {
+    target = "documentserver-nonexample"
+    dockerfile = "production.dockerfile"
+    tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "PULL_TAG": "${PULL_TAG}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+    } 
+}
+
+target "documentserver-stable-rebuild" {
+    target = "documentserver-stable-rebuild"
+    dockerfile = "production.dockerfile"
+    tags = equal("true",UCS_REBUILD) ? ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}",] : [
+                                        "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
+                equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}": "",
+             equal("true",PUSH_MAJOR) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}": "",
+                equal("",PREFIX_NAME) && equal("true",LATEST) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
+         equal("-ee",PRODUCT_EDITION) && equal("",PREFIX_NAME) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",
+                                 ]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "UCS_PREFIX": "${UCS_PREFIX}"
+        "PULL_TAG": "${PULL_TAG}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+    }
+}

docker-compose.yml

@@ -0,0 +1,55 @@
+services:
+  onlyoffice-documentserver:
+    build:
+      context: .
+    container_name: onlyoffice-documentserver
+    depends_on:
+      - onlyoffice-postgresql
+      - onlyoffice-rabbitmq
+    environment:
+      - DB_TYPE=postgres
+      - DB_HOST=onlyoffice-postgresql
+      - DB_PORT=5432
+      - DB_NAME=onlyoffice
+      - DB_USER=onlyoffice
+      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+      # Uncomment strings below to enable the JSON Web Token validation.
+      #- JWT_ENABLED=true
+      #- JWT_SECRET=secret
+      #- JWT_HEADER=Authorization
+      #- JWT_IN_BODY=true
+    ports:
+      - '80:80'
+      - '443:443'
+    stdin_open: true
+    restart: always
+    stop_grace_period: 60s
+    volumes:
+       - /var/www/onlyoffice/Data
+       - /var/log/onlyoffice
+       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
+       - /var/www/onlyoffice/documentserver-example/public/files
+       - /usr/share/fonts
+       
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq
+    restart: always
+    expose:
+      - '5672'
+
+  onlyoffice-postgresql:
+    container_name: onlyoffice-postgresql
+    image: postgres:12
+    environment:
+      - POSTGRES_DB=onlyoffice
+      - POSTGRES_USER=onlyoffice
+      - POSTGRES_HOST_AUTH_METHOD=trust
+    restart: always
+    expose:
+      - '5432'
+    volumes:
+      - postgresql_data:/var/lib/postgresql
+
+volumes:
+  postgresql_data:

oracle/sqlplus

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+CLIENTDIR=/usr/share/instantclient
+export LD_LIBRARY_PATH=$CLIENTDIR
+$CLIENTDIR/sqlplus $@
+

production.dockerfile

@@ -0,0 +1,33 @@
+### Arguments avavlivable only for FROM instruction ### 
+ARG PULL_TAG=latest
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_EDITION=
+### Rebuild arguments
+ARG UCS_PREFIX=
+ARG IMAGE=${COMPANY_NAME}/documentserver${PRODUCT_EDITION}${UCS_PREFIX}:${PULL_TAG}
+
+### Build main-release ###
+
+FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable
+
+### Rebuild stable images with secure updates 
+FROM ${IMAGE} as documentserver-stable-rebuild
+RUN    echo "This is rebuild" \
+    && apt-get update -y \
+    && apt-get upgrade -y
+
+### Build nonexample ###
+ 
+FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample
+
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_NAME=documentserver
+ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
+
+### Remove all documentserver-example data ###
+
+RUN    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \
+    && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \
+    && rm -f $DS_SUPERVISOR_CONF \ 
+    && rm -f /etc/nginx/includes/ds-example.conf \
+    && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf  $DS_SUPERVISOR_CONF 

run-document-server.sh

@@ -1,76 +1,795 @@
 #!/bin/bash
 
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/CoAuthoringService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/DocService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/FileConverterService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/LibreOfficeService.conf
-sed "/user=/s/onlyoffice/root/" -i /etc/supervisor/conf.d/SpellCheckerService.conf
+umask 0022
 
-sed "/sudo /s/-u onlyoffice//" -i /var/www/onlyoffice/documentserver/Tools/CheckDocService.sh
-sed "/sudo /s/-u onlyoffice//" -i /var/www/onlyoffice/documentserver/Tools/GenerateAllFonts.sh
+start_process() {
+  "$@" &
+  CHILD=$!; wait "$CHILD"; CHILD="";
+}
 
-chown root /var/www/onlyoffice
-chown root /var/lib/onlyoffice
+function clean_exit {
+  [[ -z "$CHILD" ]] || kill -s SIGTERM "$CHILD" 2>/dev/null
+  if [ ${ONLYOFFICE_DATA_CONTAINER} == "false" ] && \
+  [ ${ONLYOFFICE_DATA_CONTAINER_HOST} == "localhost" ]; then
+    /usr/bin/documentserver-prepare4shutdown.sh
+  fi
+  exit
+}
 
-adduser --quiet www-data root
+trap clean_exit SIGTERM SIGQUIT SIGABRT SIGINT
 
-DATA_DIR="/var/www/onlyoffice/Data"
-LOG_DIR="/var/log/onlyoffice"
+# Define '**' behavior explicitly
+shopt -s globstar
 
-ONLYOFFICE_HTTPS=${ONLYOFFICE_HTTPS:-false}
+APP_DIR="/var/www/${COMPANY_NAME}/documentserver"
+DATA_DIR="/var/www/${COMPANY_NAME}/Data"
+PRIVATE_DATA_DIR="${DATA_DIR}/.private"
+DS_RELEASE_DATE="${PRIVATE_DATA_DIR}/ds_release_date"
+LOG_DIR="/var/log/${COMPANY_NAME}"
+DS_LOG_DIR="${LOG_DIR}/documentserver"
+LIB_DIR="/var/lib/${COMPANY_NAME}"
+DS_LIB_DIR="${LIB_DIR}/documentserver"
+CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
+SUPERVISOR_CONF_DIR="/etc/supervisor/conf.d"
+IS_UPGRADE="false"
+PLUGINS_ENABLED=${PLUGINS_ENABLED:-true}
 
-SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
-SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
-SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
-SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
-SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
-ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
-ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
-SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
+ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
+ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
+ONLYOFFICE_DATA_CONTAINER_PORT=80
 
-NGINX_ONLYOFFICE_PATH="/etc/nginx/sites-enabled/onlyoffice-documentserver";
-
-# create base folders
-mkdir -p /var/log/onlyoffice/documentserver/FileConverterService/
-mkdir -p /var/log/onlyoffice/documentserver/CoAuthoringService/
-mkdir -p /var/log/onlyoffice/documentserver/DocService/
-mkdir -p /var/log/onlyoffice/documentserver/SpellCheckerService/
-mkdir -p /var/log/onlyoffice/documentserver/LibreOfficeService/
-mkdir -p /var/log/onlyoffice/documentserver/WatchDogService/
-
-# setup HTTPS
-if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
-        cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-ssl ${NGINX_ONLYOFFICE_PATH}
-
-        mkdir ${DATA_DIR}
-        mkdir ${LOG_DIR}/nginx
-
-        # configure nginx
-        sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-
-        # if dhparam path is valid, add to the config, otherwise remove the option
-        if [ -r "${SSL_DHPARAM_PATH}" ]; then
-          sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
-
-        sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
-
-        if [ -f /usr/local/share/ca-certificates/ca.crt ]; then
-          sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
-
-        if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
-          sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/'"${ONLYOFFICE_HTTPS_HSTS_MAXAGE}"'/' -i ${NGINX_ONLYOFFICE_PATH}
-        else
-          sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
-        fi
+RELEASE_DATE="$(stat -c="%y" ${APP_DIR}/server/DocService/docservice | sed -r 's/=([0-9]+)-([0-9]+)-([0-9]+) ([0-9:.+ ]+)/\1-\2-\3/')";
+if [ -f ${DS_RELEASE_DATE} ]; then
+  PREV_RELEASE_DATE=$(head -n 1 ${DS_RELEASE_DATE})
+else
+  PREV_RELEASE_DATE="0"
 fi
 
-service mysql start
+if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
+  if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
+    IS_UPGRADE="true";
+  fi
+fi
+
+SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
+mkdir -p ${SSL_CERTIFICATES_DIR}
+if find "${DATA_DIR}/certs" -type f \( -name "*.crt" -o -name "*.pem" \) -print -quit >/dev/null 2>&1; then
+  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
+  chmod 644 ${SSL_CERTIFICATES_DIR}/*.{crt,pem} 2>/dev/null
+  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key 2>/dev/null
+fi
+
+if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
+  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt
+else
+  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt}
+fi
+if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then
+  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key
+else
+  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
+fi
+
+#When set, the well known "root" CAs will be extended with the extra certificates in file
+NODE_EXTRA_CA_CERTS=${NODE_EXTRA_CA_CERTS:-${SSL_CERTIFICATES_DIR}/extra-ca-certs.pem}
+if [[ -f ${NODE_EXTRA_CA_CERTS} ]]; then
+  NODE_EXTRA_ENVIRONMENT="${NODE_EXTRA_CA_CERTS}"
+elif [[ -f ${SSL_CERTIFICATE_PATH} ]]; then
+  SSL_CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${SSL_CERTIFICATE_PATH}" | sed 's/subject=//')
+  SSL_CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${SSL_CERTIFICATE_PATH}" | sed 's/issuer=//')
+
+  #Add self-signed certificate to trusted list for validating Docs requests to the test example 
+  if [[ -n $SSL_CERTIFICATE_SUBJECT && $SSL_CERTIFICATE_SUBJECT == $SSL_CERTIFICATE_ISSUER ]]; then
+    NODE_EXTRA_ENVIRONMENT="${SSL_CERTIFICATE_PATH}"
+  fi
+fi
+
+if [[ -n $NODE_EXTRA_ENVIRONMENT ]]; then
+  sed -i "s|^environment=.*$|&,NODE_EXTRA_CA_CERTS=${NODE_EXTRA_ENVIRONMENT}|" /etc/supervisor/conf.d/*.conf
+fi
+
+CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
+SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
+SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
+USE_UNAUTHORIZED_STORAGE=${USE_UNAUTHORIZED_STORAGE:-false}
+ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
+ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
+SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
+
+NGINX_CONFD_PATH="/etc/nginx/conf.d";
+NGINX_ONLYOFFICE_PATH="${CONF_DIR}/nginx"
+NGINX_ONLYOFFICE_CONF="${NGINX_ONLYOFFICE_PATH}/ds.conf"
+NGINX_ONLYOFFICE_EXAMPLE_PATH="${CONF_DIR}-example/nginx"
+NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-example.conf"
+
+NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
+NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
+# Limiting the maximum number of simultaneous connections due to possible memory shortage
+LIMIT=$(ulimit -n); [ $LIMIT -gt 1048576 ] && LIMIT=1048576
+NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$LIMIT}
+RABBIT_CONNECTIONS=${RABBIT_CONNECTIONS:-$LIMIT}
+
+JWT_ENABLED=${JWT_ENABLED:-true}
+
+# validate user's vars before usinig in json
+if [ "${JWT_ENABLED}" == "true" ]; then
+  JWT_ENABLED="true"
+else
+  JWT_ENABLED="false"
+fi
+
+[ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
+
+JWT_SECRET=${JWT_SECRET:-$(pwgen -s 32)}
+JWT_HEADER=${JWT_HEADER:-Authorization}
+JWT_IN_BODY=${JWT_IN_BODY:-false}
+
+WOPI_ENABLED=${WOPI_ENABLED:-false}
+ALLOW_META_IP_ADDRESS=${ALLOW_META_IP_ADDRESS:-false}
+ALLOW_PRIVATE_IP_ADDRESS=${ALLOW_PRIVATE_IP_ADDRESS:-false}
+
+GENERATE_FONTS=${GENERATE_FONTS:-true}
+
+if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then
+  REDIS_ENABLED=false
+else
+  REDIS_ENABLED=true
+fi
+
+ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
+ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
+ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json
+
+JSON_BIN=${APP_DIR}/npm/json
+JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
+JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
+JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
+
+LOCAL_SERVICES=()
+
+PG_ROOT=/var/lib/postgresql
+PG_NAME=main
+PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME}
+PG_NEW_CLUSTER=false
+RABBITMQ_DATA=/var/lib/rabbitmq
+REDIS_DATA=/var/lib/redis
+
+if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
+  LETSENCRYPT_ROOT_DIR="/etc/letsencrypt/live"
+  SSL_CERTIFICATE_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/fullchain.pem
+  SSL_KEY_PATH=${LETSENCRYPT_ROOT_DIR}/${LETS_ENCRYPT_DOMAIN}/privkey.pem
+fi
+
+read_setting(){
+  deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
+  deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
+  deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME
+  deprecated_var POSTGRESQL_SERVER_USER DB_USER
+  deprecated_var POSTGRESQL_SERVER_PASS DB_PWD
+  deprecated_var RABBITMQ_SERVER_URL AMQP_URI
+  deprecated_var AMQP_SERVER_URL AMQP_URI
+  deprecated_var AMQP_SERVER_TYPE AMQP_TYPE
+
+  METRICS_ENABLED="${METRICS_ENABLED:-false}"
+  METRICS_HOST="${METRICS_HOST:-localhost}"
+  METRICS_PORT="${METRICS_PORT:-8125}"
+  METRICS_PREFIX="${METRICS_PREFIX:-.ds}"
+
+  DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}}
+  DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)}
+  case $DB_TYPE in
+    "postgres")
+      DB_PORT=${DB_PORT:-"5432"}
+      ;;
+    "mariadb"|"mysql")
+      DB_PORT=${DB_PORT:-"3306"}
+      ;;
+    "dameng")
+      DB_PORT=${DB_PORT:-"5236"}
+      ;;
+    "mssql")
+      DB_PORT=${DB_PORT:-"1433"}
+      ;;
+    "oracle")
+      DB_PORT=${DB_PORT:-"1521"}
+      ;;
+    "")
+      DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}}
+      ;;
+    *)
+      echo "ERROR: unknown database type"
+      exit 1
+      ;;
+  esac
+  DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}}
+  DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}}
+  DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}}
+
+  RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
+  AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}}
+  AMQP_TYPE=${AMQP_TYPE:-${AMQP_SERVER_TYPE:-rabbitmq}}
+  parse_rabbitmq_url ${AMQP_URI}
+
+  REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
+  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
+
+  DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)}
+}
+
+deprecated_var() {
+  if [[ -n ${!1} ]]; then
+    echo "Variable $1 is deprecated. Use $2 instead."
+  fi
+}
+
+parse_rabbitmq_url(){
+  local amqp=$1
+
+  # extract the protocol
+  local proto="$(echo $amqp | grep :// | sed -e's,^\(.*://\).*,\1,g')"
+  # remove the protocol
+  local url="$(echo ${amqp/$proto/})"
+
+  # extract the user and password (if any)
+  local userpass="`echo $url | grep @ | cut -d@ -f1`"
+  local pass=`echo $userpass | grep : | cut -d: -f2`
+
+  local user
+  if [ -n "$pass" ]; then
+    user=`echo $userpass | grep : | cut -d: -f1`
+  else
+    user=$userpass
+  fi
+
+  # extract the host
+  local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
+  # by request - try to extract the port
+  local port="$(echo $hostport | grep : | sed -r 's_^.*:+|/.*$__g')"
+
+  local host
+  if [ -n "$port" ]; then
+    host=`echo $hostport | grep : | cut -d: -f1`
+  else
+    host=$hostport
+    port="5672"
+  fi
+
+  # extract the path (if any)
+  local path="$(echo $url | grep / | cut -d/ -f2-)"
+
+  AMQP_SERVER_PROTO=${proto:0:-3}
+  AMQP_SERVER_HOST=$host
+  AMQP_SERVER_USER=$user
+  AMQP_SERVER_PASS=$pass
+  AMQP_SERVER_PORT=$port
+}
+
+waiting_for_connection(){
+  until nc -z -w 3 "$1" "$2"; do
+    >&2 echo "Waiting for connection to the $1 host on port $2"
+    sleep 1
+  done
+}
+
+waiting_for_db_ready(){
+  case $DB_TYPE in
+    "oracle")
+      PDB="XEPDB1"
+      ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+      DB_TEST="echo \"SELECT version FROM V\$INSTANCE;\" | $ORACLE_SQL 2>/dev/null | grep \"Connected\" | wc -l"
+      ;;
+    *)
+      return
+      ;;
+  esac
+
+  for (( i=1; i <= 10; i++ )); do
+    RES=$(eval $DB_TEST)
+    if [ "$RES" -ne "0" ]; then
+      echo "Database is ready"
+      break
+    fi
+    sleep 5
+  done
+}
+
+waiting_for_db(){
+  waiting_for_connection $DB_HOST $DB_PORT
+  waiting_for_db_ready
+}
+
+waiting_for_amqp(){
+  waiting_for_connection ${AMQP_SERVER_HOST} ${AMQP_SERVER_PORT}
+}
+
+waiting_for_redis(){
+  waiting_for_connection ${REDIS_SERVER_HOST} ${REDIS_SERVER_PORT}
+}
+waiting_for_datacontainer(){
+  waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT}
+}
+
+update_statsd_settings(){
+  ${JSON} -I -e "if(this.statsd===undefined)this.statsd={};"
+  ${JSON} -I -e "this.statsd.useMetrics = '${METRICS_ENABLED}'"
+  ${JSON} -I -e "this.statsd.host = '${METRICS_HOST}'"
+  ${JSON} -I -e "this.statsd.port = '${METRICS_PORT}'"
+  ${JSON} -I -e "this.statsd.prefix = '${METRICS_PREFIX}'"
+  sed -i -E "s/(autostart|autorestart)=.*$/\1=${METRICS_ENABLED}/g" ${SUPERVISOR_CONF_DIR}/ds-metrics.conf
+}
+
+update_db_settings(){
+  ${JSON} -I -e "this.services.CoAuthoring.sql.type = '${DB_TYPE}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'"
+}
+
+update_rabbitmq_setting(){
+  if [ "${AMQP_TYPE}" == "rabbitmq" ]; then
+    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
+    ${JSON} -I -e "this.queue.type = 'rabbitmq'"
+    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'"
+  fi
+  
+  if [ "${AMQP_TYPE}" == "activemq" ]; then
+    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
+    ${JSON} -I -e "this.queue.type = 'activemq'"
+    ${JSON} -I -e "if(this.activemq===undefined)this.activemq={};"
+    ${JSON} -I -e "if(this.activemq.connectOptions===undefined)this.activemq.connectOptions={};"
+
+    ${JSON} -I -e "this.activemq.connectOptions.host = '${AMQP_SERVER_HOST}'"
+
+    if [ ! "${AMQP_SERVER_PORT}" == "" ]; then
+      ${JSON} -I -e "this.activemq.connectOptions.port = '${AMQP_SERVER_PORT}'"
+    else
+      ${JSON} -I -e "delete this.activemq.connectOptions.port"
+    fi
+
+    if [ ! "${AMQP_SERVER_USER}" == "" ]; then
+      ${JSON} -I -e "this.activemq.connectOptions.username = '${AMQP_SERVER_USER}'"
+    else
+      ${JSON} -I -e "delete this.activemq.connectOptions.username"
+    fi
+
+    if [ ! "${AMQP_SERVER_PASS}" == "" ]; then
+      ${JSON} -I -e "this.activemq.connectOptions.password = '${AMQP_SERVER_PASS}'"
+    else
+      ${JSON} -I -e "delete this.activemq.connectOptions.password"
+    fi
+
+    case "${AMQP_SERVER_PROTO}" in
+      amqp+ssl|amqps)
+        ${JSON} -I -e "this.activemq.connectOptions.transport = 'tls'"
+        ;;
+      *)
+        ${JSON} -I -e "delete this.activemq.connectOptions.transport"
+        ;;
+    esac 
+  fi
+}
+
+update_redis_settings(){
+  ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
+  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
+  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
+
+  if [ -n "${REDIS_SERVER_PASS}" ]; then
+    ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}"
+  fi
+
+}
+
+update_ds_settings(){
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
+
+  ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+
+  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+
+  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
+
+  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
+    ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
+    ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
+    ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
+  fi
+ 
+  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
+    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
+    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
+  fi
+
+  WOPI_PRIVATE_KEY="${DATA_DIR}/wopi_private.key"
+  WOPI_PUBLIC_KEY="${DATA_DIR}/wopi_public.key"
+
+  [ ! -f "${WOPI_PRIVATE_KEY}" ] && echo -n "Generating WOPI private key..." && openssl genpkey -algorithm RSA -outform PEM -out "${WOPI_PRIVATE_KEY}" >/dev/null 2>&1 && echo "Done"
+  [ ! -f "${WOPI_PUBLIC_KEY}" ] && echo -n "Generating WOPI public key..." && openssl rsa -RSAPublicKey_out -in "${WOPI_PRIVATE_KEY}" -outform "MS PUBLICKEYBLOB" -out "${WOPI_PUBLIC_KEY}" >/dev/null 2>&1  && echo "Done"
+  WOPI_MODULUS=$(openssl rsa -pubin -inform "MS PUBLICKEYBLOB" -modulus -noout -in "${WOPI_PUBLIC_KEY}" | sed 's/Modulus=//' | xxd -r -p | openssl base64 -A)
+  WOPI_EXPONENT=$(openssl rsa -pubin -inform "MS PUBLICKEYBLOB" -text -noout -in "${WOPI_PUBLIC_KEY}" | grep -oP '(?<=Exponent: )\d+')
+  
+  ${JSON} -I -e "if(this.wopi===undefined)this.wopi={};"
+  ${JSON} -I -e "this.wopi.enable = ${WOPI_ENABLED}"
+  ${JSON} -I -e "this.wopi.privateKey = '$(awk '{printf "%s\\n", $0}' ${WOPI_PRIVATE_KEY})'"
+  ${JSON} -I -e "this.wopi.privateKeyOld = '$(awk '{printf "%s\\n", $0}' ${WOPI_PRIVATE_KEY})'"
+  ${JSON} -I -e "this.wopi.publicKey = '$(openssl base64 -in ${WOPI_PUBLIC_KEY} -A)'"
+  ${JSON} -I -e "this.wopi.publicKeyOld = '$(openssl base64 -in ${WOPI_PUBLIC_KEY} -A)'"
+  ${JSON} -I -e "this.wopi.modulus = '${WOPI_MODULUS}'"
+  ${JSON} -I -e "this.wopi.modulusOld = '${WOPI_MODULUS}'"
+  ${JSON} -I -e "this.wopi.exponent = ${WOPI_EXPONENT}"
+  ${JSON} -I -e "this.wopi.exponentOld = ${WOPI_EXPONENT}"
+
+  if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then
+    ${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}"
+    [ "${ALLOW_META_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true"
+    [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true"
+  fi
+}
+
+create_postgresql_cluster(){
+  local pg_conf_dir=/etc/postgresql/${PG_VERSION}/${PG_NAME}
+  local postgresql_conf=$pg_conf_dir/postgresql.conf
+  local hba_conf=$pg_conf_dir/pg_hba.conf
+
+  mv $postgresql_conf $postgresql_conf.backup
+  mv $hba_conf $hba_conf.backup
+
+  pg_createcluster ${PG_VERSION} ${PG_NAME}
+}
+
+create_postgresql_db(){
+  sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';"
+  sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
+}
+
+create_mssql_db(){
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT"
+
+  $MSSQL -U $DB_USER -P "$DB_PWD" -C -Q "IF NOT EXISTS (SELECT * FROM sys.databases WHERE name = '$DB_NAME') BEGIN CREATE DATABASE $DB_NAME; END"
+}
+
+create_db_tbl() {
+  case $DB_TYPE in
+    "postgres")
+      create_postgresql_tbl
+    ;;
+    "mariadb"|"mysql")
+      create_mysql_tbl
+    ;;
+    "mssql")
+      create_mssql_tbl
+    ;;
+    "oracle")
+      create_oracle_tbl
+    ;;
+  esac
+}
+
+upgrade_db_tbl() {
+  case $DB_TYPE in
+    "postgres")
+      upgrade_postgresql_tbl
+    ;;
+    "mariadb"|"mysql")
+      upgrade_mysql_tbl
+    ;;
+    "mssql")
+      upgrade_mssql_tbl
+    ;;
+    "oracle")
+      upgrade_oracle_tbl
+    ;;
+  esac
+}
+
+upgrade_postgresql_tbl() {
+  if [ -n "$DB_PWD" ]; then
+    export PGPASSWORD=$DB_PWD
+  fi
+
+  PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w"
+
+  $PSQL -f "$APP_DIR/server/schema/postgresql/removetbl.sql"
+  $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql"
+}
+
+upgrade_mysql_tbl() {
+  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
+  MYSQL="mysql -q $CONNECTION_PARAMS"
+
+  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/removetbl.sql" >/dev/null 2>&1
+  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
+}
+
+upgrade_mssql_tbl() {
+  CONN_PARAMS="-U $DB_USER -P "$DB_PWD" -C"
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT $CONN_PARAMS"
+
+  $MSSQL < "$APP_DIR/server/schema/mssql/removetbl.sql" >/dev/null 2>&1
+  $MSSQL < "$APP_DIR/server/schema/mssql/createdb.sql" >/dev/null 2>&1
+}
+
+upgrade_oracle_tbl() {
+  PDB="XEPDB1"
+  ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/removetbl.sql >/dev/null 2>&1
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/createdb.sql >/dev/null 2>&1
+}
+
+create_postgresql_tbl() {
+  if [ -n "$DB_PWD" ]; then
+    export PGPASSWORD=$DB_PWD
+  fi
+
+  PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w"
+  $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql"
+}
+
+create_mysql_tbl() {
+  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
+  MYSQL="mysql -q $CONNECTION_PARAMS"
+
+  # Create db on remote server
+  $MYSQL -e "CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" >/dev/null 2>&1
+
+  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
+}
+
+create_mssql_tbl() {  
+  create_mssql_db
+
+  CONN_PARAMS="-U $DB_USER -P "$DB_PWD" -C"
+  MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT $CONN_PARAMS"
+
+  $MSSQL < "$APP_DIR/server/schema/mssql/createdb.sql" >/dev/null 2>&1
+}
+
+create_oracle_tbl() {
+  PDB="XEPDB1"
+  ORACLE_SQL="sqlplus $DB_USER/$DB_PWD@//$DB_HOST:$DB_PORT/$PDB"
+
+  $ORACLE_SQL @$APP_DIR/server/schema/oracle/createdb.sql >/dev/null 2>&1
+}
+
+update_welcome_page() {
+  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
+  if [[ -e $WELCOME_PAGE ]]; then
+    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
+    (( ${#DOCKER_CONTAINER_ID} < 12 )) && DOCKER_CONTAINER_ID=$(hostname)
+    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
+      if [[ -x $(command -v docker) ]]; then
+        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/')
+      else
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/')
+      fi
+    fi
+  fi
+}
+
+update_nginx_settings(){
+  # Set up nginx
+  sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH}
+  sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_CONFIG_PATH}
+  sed 's/access_log.*/'"access_log off;"'/' -i ${NGINX_CONFIG_PATH}
+
+  # setup HTTPS
+  if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
+    cp -f ${NGINX_ONLYOFFICE_PATH}/ds-ssl.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
+
+    # configure nginx
+    sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
+    sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
+
+    # turn on http2
+    sed 's,\(443 ssl\),\1 http2,' -i ${NGINX_ONLYOFFICE_CONF}
+
+    # if dhparam path is valid, add to the config, otherwise remove the option
+    if [ -r "${SSL_DHPARAM_PATH}" ]; then
+      sed 's,\(\#* *\)\?\(ssl_dhparam \).*\(;\)$,'"\2${SSL_DHPARAM_PATH}\3"',' -i ${NGINX_ONLYOFFICE_CONF}
+    else
+      sed '/ssl_dhparam/d' -i ${NGINX_ONLYOFFICE_CONF}
+    fi
+
+    sed 's,\(ssl_verify_client \).*\(;\)$,'"\1${SSL_VERIFY_CLIENT}\2"',' -i ${NGINX_ONLYOFFICE_CONF}
+
+    if [ -f "${CA_CERTIFICATES_PATH}" ]; then
+      sed '/ssl_verify_client/a '"ssl_client_certificate ${CA_CERTIFICATES_PATH}"';' -i ${NGINX_ONLYOFFICE_CONF}
+    fi
+
+    if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
+      sed 's,\(max-age=\).*\(;\)$,'"\1${ONLYOFFICE_HTTPS_HSTS_MAXAGE}\2"',' -i ${NGINX_ONLYOFFICE_CONF}
+    else
+      sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF}
+    fi
+  else
+    ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
+  fi
+
+  # check if ipv6 supported otherwise remove it from nginx config
+  if [ ! -f /proc/net/if_inet6 ]; then
+    sed '/listen\s\+\[::[0-9]*\].\+/d' -i $NGINX_ONLYOFFICE_CONF
+  fi
+
+  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
+    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
+  fi
+
+  start_process documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
+}
+
+update_log_settings(){
+   ${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
+}
+
+update_logrotate_settings(){
+  sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf
+}
+
+update_release_date(){
+  mkdir -p ${PRIVATE_DATA_DIR}
+  echo ${RELEASE_DATE} > ${DS_RELEASE_DATE}
+}
+
+# create base folders
+for i in converter docservice metrics; do
+  mkdir -p "${DS_LOG_DIR}/$i"
+done
+
+mkdir -p ${DS_LOG_DIR}-example
+
+# create app folders
+for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do
+  mkdir -p "$i"
+done
+
+# change folder rights
+for i in ${DS_LOG_DIR} ${DS_LOG_DIR}-example ${LIB_DIR}; do
+  chown -R ds:ds "$i"
+  chmod -R 755 "$i"
+done
+
+if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
+
+  read_setting
+
+  if [ $METRICS_ENABLED = "true" ]; then
+    update_statsd_settings
+  fi
+
+  update_welcome_page
+
+  update_log_settings
+
+  update_ds_settings
+
+  # update settings by env variables
+  if [ $DB_HOST != "localhost" ]; then
+    update_db_settings
+    waiting_for_db
+    create_db_tbl
+  else
+    # change rights for postgres directory
+    chown -R postgres:postgres ${PG_ROOT}
+    chmod -R 700 ${PG_ROOT}
+
+    # create new db if it isn't exist
+    if [ ! -d ${PGDATA} ]; then
+      create_postgresql_cluster
+      PG_NEW_CLUSTER=true
+    fi
+    LOCAL_SERVICES+=("postgresql")
+  fi
+
+  if [ ${AMQP_SERVER_HOST} != "localhost" ]; then
+    update_rabbitmq_setting
+  else
+    # change rights for rabbitmq directory
+    chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA}
+    chmod -R go=rX,u=rwX ${RABBITMQ_DATA}
+    if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then
+        chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
+    fi
+
+    echo "ulimit -n $RABBIT_CONNECTIONS" >> /etc/default/rabbitmq-server
+
+    LOCAL_SERVICES+=("rabbitmq-server")
+    # allow Rabbitmq startup after container kill
+    rm -rf /var/run/rabbitmq
+  fi
+
+  if [ ${REDIS_ENABLED} = "true" ]; then
+    if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
+      update_redis_settings
+    else
+      # change rights for redis directory
+      chown -R redis:redis ${REDIS_DATA}
+      chmod -R 750 ${REDIS_DATA}
+
+      LOCAL_SERVICES+=("redis-server")
+    fi
+  fi
+else
+  # no need to update settings just wait for remote data
+  waiting_for_datacontainer
+
+  # read settings after the data container in ready state
+  # to prevent get unconfigureted data
+  read_setting
+  
+  update_welcome_page
+fi
+
+find /etc/${COMPANY_NAME} ! -path '*logrotate*' -exec chown ds:ds {} \;
+
+#start needed local services
+for i in ${LOCAL_SERVICES[@]}; do
+  service $i start
+done
+
+if [ ${PG_NEW_CLUSTER} = "true" ]; then
+  create_postgresql_db
+  create_postgresql_tbl
+fi
+
+if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
+  waiting_for_db
+  waiting_for_amqp
+  if [ ${REDIS_ENABLED} = "true" ]; then
+    waiting_for_redis
+  fi
+
+  if [ "${IS_UPGRADE}" = "true" ]; then
+    upgrade_db_tbl
+    update_release_date
+  fi
+
+  update_nginx_settings
+  
+  service supervisor start
+  
+  # start cron to enable log rotating
+  update_logrotate_settings
+  service cron start
+fi
+
+# Fix to resolve the `unknown "cache_tag" variable` error
+start_process documentserver-flush-cache.sh -r false
+
+# nginx used as a proxy, and as data container status service.
+# it run in all cases.
 service nginx start
-service supervisor start
+
+if [ "${LETS_ENCRYPT_DOMAIN}" != "" -a "${LETS_ENCRYPT_MAIL}" != "" ]; then
+  if [ ! -f "${SSL_CERTIFICATE_PATH}" -a ! -f "${SSL_KEY_PATH}" ]; then
+    start_process documentserver-letsencrypt.sh ${LETS_ENCRYPT_MAIL} ${LETS_ENCRYPT_DOMAIN}
+  fi
+fi
+
+# Regenerate the fonts list and the fonts thumbnails
+if [ "${GENERATE_FONTS}" == "true" ]; then
+  start_process documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
+fi
+
+if [ "${PLUGINS_ENABLED}" = "true" ]; then
+  echo -n Installing plugins, please wait...
+  start_process documentserver-pluginsmanager.sh -r false --update=\"${APP_DIR}/sdkjs-plugins/plugin-list-default.json\" >/dev/null
+  echo Done
+fi
+
+start_process documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}
+
+echo "${JWT_MESSAGE}" 
+
+start_process tail -f /var/log/${COMPANY_NAME}/**/*.log

tests/README.md

@@ -0,0 +1,3 @@
+The files in this folder are intended for use in integration auto-tests.
+
+All credentials are strictly for testing purposes only.

tests/activemq.yml

@@ -0,0 +1,32 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    environment:
+      - AMQP_TYPE=${AMQP_TYPE:-activemq}
+      - AMQP_URI=${AMQP_URI:-amqp://guest:guest@onlyoffice-activemq}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    networks:
+      - onlyoffice
+
+  onlyoffice-activemq:
+    container_name: onlyoffice-activemq
+    image: webcenter/activemq:${ACTIVEMQ_VERSION:-5.14.3}
+    environment:
+      - ACTIVEMQ_USERS_guest=${ACTIVEMQ_USERS_guest:-guest}
+      - ACTIVEMQ_GROUPS_owners=${ACTIVEMQ_GROUPS_owners:-guest}
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '5672'
+
+networks:
+  onlyoffice:
+    driver: 'bridge'

tests/certs-customized.yml

@@ -0,0 +1,18 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    environment:
+      - SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-/var/www/onlyoffice/Data/certs/tls.crt}
+      - SSL_KEY_PATH=${SSL_KEY_PATH:-/var/www/onlyoffice/Data/certs/tls.key}
+      - CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-/var/www/onlyoffice/Data/certs/ca-certificates.pem}
+      - SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-/var/www/onlyoffice/Data/certs/dhparam.pem}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - ./data:/var/www/onlyoffice/Data

tests/certs.yml

@@ -0,0 +1,13 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - ./data:/var/www/onlyoffice/Data

tests/damengdb/.env

@@ -0,0 +1 @@
+VERSION=latest

tests/damengdb/README.md

@@ -0,0 +1,19 @@
+## Stand Documentserver with damengdb
+
+### How it works
+
+For deploy stand, you need:
+
+**STEP 1**: Build you own images, do it with command:
+   
+```bash
+docker compose build
+```
+
+**STEP 2**: Wait build and when it finish deploy with command:
+
+```bash
+docker compose up -d 
+```
+
+Thats all.

tests/damengdb/damengdb.Dockerfile

@@ -0,0 +1,57 @@
+FROM onlyoffice/damengdb:8.1.2 as damengdb
+
+ARG DM8_USER="SYSDBA"
+ARG DM8_PASS="SYSDBA001"
+ARG DB_HOST="localhost"
+ARG DB_PORT="5236"
+ARG DISQL_BIN="/opt/dmdbms/bin"
+
+SHELL ["/bin/bash", "-c"]
+
+COPY <<"EOF" /wait_dm_ready.sh
+#!/usr/bin/env bash
+
+function wait_dm_ready() {
+  cd /opt/dmdbms/bin
+  for i in `seq 1  10`; do
+    echo `./disql /nolog <<EOF
+CONN SYSDBA/SYSDBA001@localhost
+exit
+EOF` | grep  "connection failure" > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+      echo "DM Database is not OK, please wait..."
+      sleep 10
+    else
+      echo "DM Database is OK"
+      break
+    fi
+  done
+}
+
+wait_dm_ready
+
+EOF
+
+COPY <<"EOF" /permissions.sql
+
+CREATE SYNONYM onlyoffice.DOC_CHANGES FOR sysdba.DOC_CHANGES;
+CREATE SYNONYM onlyoffice.TASK_RESULT FOR sysdba.TASK_RESULT;
+GRANT ALL PRIVILEGES ON sysdba.DOC_CHANGES TO onlyoffice;
+GRANT ALL PRIVILEGES ON sysdba.TASK_RESULT TO onlyoffice;
+
+EOF
+
+RUN   bash /opt/startup.sh > /dev/null 2>&1 \
+   &  mkdir -p /schema/damengdb \
+   && apt update -y ; apt install wget -y \
+   && wget https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/dameng/createdb.sql -P /schema/dameng/ \
+   && bash ./wait_dm_ready.sh \
+   && cd ${DISQL_BIN} \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT -e \
+      "create user "onlyoffice" identified by "onlyoffice" password_policy 0;" \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT -e \
+      "GRANT SELECT ON DBA_TAB_COLUMNS TO onlyoffice;" \
+   && echo "EXIT" | tee -a /schema/dameng/createdb.sql \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT \`/schema/dameng/createdb.sql \
+   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT \`/permissions.sql \
+   && sleep 10

tests/damengdb/docker-compose.yml

@@ -0,0 +1,67 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+      target: documentserver
+    container_name: onlyoffice-documentserver
+    depends_on:
+      - onlyoffice-dameng
+      - onlyoffice-rabbitmq
+    environment:
+      - DB_TYPE=dameng
+      - DB_HOST=onlyoffice-dameng
+      - DB_PORT=5236
+      - DB_NAME=onlyoffice
+      - DB_USER=onlyoffice
+      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+      # Costomize the JSON Web Token validation parameters if needed.
+      #- JWT_ENABLED=false
+      #- JWT_SECRET=secret
+      #- JWT_HEADER=Authorization
+      #- JWT_IN_BODY=true
+    ports:
+      - '80:80'
+      - '443:443'
+    stdin_open: true
+    restart: always
+    stop_grace_period: 60s
+    volumes:
+       - /var/www/onlyoffice/Data
+       - /var/log/onlyoffice
+       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
+       - /var/www/onlyoffice/documentserver-example/public/files
+       - /usr/share/fonts
+       
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq
+    restart: always
+    expose:
+      - '5672'
+
+  onlyoffice-dameng:
+    container_name: onlyoffice-dameng
+    build:
+      context: .
+      dockerfile: damengdb.Dockerfile
+      target: damengdb
+      args:
+        DM8_USER: SYSDBA
+        DM8_PASS: SYSDBA001
+        DB_HOST: localhost
+        DB_PORT: 5236
+    environment:
+      - PAGE_SIZE=16
+      - LD_LIBRARY_PATH=/opt/dmdbms/bin
+      - INSTANCE_NAME=dm8_01
+    restart: always
+    expose:
+      - '5236'
+    volumes:
+      - dameng_data:/opt/dmdbms/data
+
+volumes:
+  dameng_data:
+  

tests/graphite.yml

@@ -0,0 +1,32 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    depends_on:
+      - onlyoffice-graphite
+    environment:
+      - METRICS_ENABLED=${METRICS_ENABLED:-true}
+      - METRICS_HOST=${METRICS_HOST:-localhost}
+      - METRICS_PORT=${METRICS_PORT:-8125}
+      - METRICS_PREFIX=${METRICS_PREFIX:-ds.}
+    stdin_open: true
+    restart: always
+    expose:
+      - '2003'
+    ports:
+      - '80:80'
+    volumes:
+      - ./graphite/statsd:/var/www/onlyoffice/documentserver/server/Metrics/config
+
+  onlyoffice-graphite:
+    container_name: onlyoffice-graphite
+    image: graphiteapp/graphite-statsd
+    environment:
+      - GRAPHITE_STATSD_HOST=${GRAPHITE_STATSD_HOST:-onlyoffice-documentserver}
+      - GRAPHITE_TIME_ZONE=${GRAPHITE_TIME_ZONE:-Etc/UTC}
+    ports:
+      - '8888:80'
+    stdin_open: true
+    restart: always

tests/graphite/statsd/config.js

@@ -0,0 +1,7 @@
+{
+  "graphiteHost": "onlyoffice-graphite",
+  "graphitePort": 2003,
+  "port": 8125,
+  "flushInterval": 60000,
+  "backends": [ "./backends/graphite.js" ]
+}

tests/mariadb.yml

@@ -0,0 +1,36 @@
+version: '2.1'
+services:
+  ds:
+    container_name: ds
+    build:
+      context: ../.
+    depends_on:
+      - onlyoffice-mariadb
+    environment:
+      - DB_TYPE=${DB_TYPE:-mysql}
+      - DB_HOST=${DB_HOST:-onlyoffice-mariadb}
+      - DB_PORT=${DB_PORT:-3306}
+      - DB_NAME=${DB_NAME:-onlyoffice}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-mariadb:
+    container_name: onlyoffice-mariadb
+    image: mariadb:${MARIADB_VERSION:-10.5}
+    environment:
+      - MYSQL_DATABASE=${MYSQL_DATABASE:-onlyoffice}
+      - MYSQL_USER=${MYSQL_USER:-onlyoffice}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD:-onlyoffice}
+      - MYSQL_ALLOW_EMPTY_PASSWORD=${MYSQL_ALLOW_EMPTY_PASSWORD:-yes}
+    restart: always
+    volumes:
+      - mysql_data:/var/lib/mysql
+    expose:
+      - '3306'
+
+volumes:
+  mysql_data:

tests/mssql/README.md

@@ -0,0 +1,17 @@
+## Stand Documentserver with mssql
+
+### How it works
+
+For deploy stand:
+
+**STEP 1**: Build you own images:
+   
+```bash
+sudo docker-compose build
+```
+
+**STEP 2**: Wait build complete and when:
+
+```bash
+sudo docker-compose up -d 
+```

tests/mssql/create_db_user.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+#generate SA password
+SYMBOLS='!#$%&*+,-.:;=?@^_~'
+for (( i=1; i <= 20; i++ )); do
+  PASS=$(tr -dc "A-Za-z0-9$SYMBOLS" </dev/urandom | head -c 15)
+  if [[ $PASS == *[0-9]* && 
+        $PASS != $(echo "$PASS" | tr [:upper:] ' ') && 
+        $PASS != $(echo "$PASS" | tr [:lower:] ' ') && 
+        $PASS != $(echo "$PASS" | tr "$SYMBOLS" ' ') ]]; then
+    break
+  fi
+done
+export MSSQL_SA_PASSWORD=$PASS
+
+CONNECTION_STR="/opt/mssql-tools/bin/sqlcmd -S localhost,1433 -U SA -P "$MSSQL_SA_PASSWORD" -C -Q"
+
+#start db
+/opt/mssql/bin/sqlservr &
+
+#wait for db up
+for (( i=1; i <= 10; i++ )); do
+  RES=$($CONNECTION_STR "SELECT @@VERSION;" 2>/dev/null | grep "affected" | wc -l)
+  if [ "$RES" -eq "1" ]; then
+    echo "Database is ready"
+    break
+  fi
+  sleep 10
+done
+
+#create new db user
+$CONNECTION_STR "IF NOT EXISTS (SELECT * FROM sys.sql_logins WHERE name = '$MSSQL_USER') BEGIN CREATE LOGIN $MSSQL_USER WITH PASSWORD = '$MSSQL_PASSWORD' , CHECK_POLICY = OFF; ALTER SERVER ROLE [dbcreator] ADD MEMBER [$MSSQL_USER]; END"

tests/mssql/docker-compose.yml

@@ -0,0 +1,38 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+    depends_on:
+      - onlyoffice-mssql
+    environment:
+      - DB_TYPE=${DB_TYPE:-mssql}
+      - DB_HOST=${DB_HOST:-onlyoffice-mssql}
+      - DB_PORT=${DB_PORT:-1433}
+      - DB_NAME=${DB_NAME:-onlyoffice}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-mssql:
+    container_name: onlyoffice-mssql
+    build:
+      context: .
+      dockerfile: mssql.Dockerfile
+      args:
+        - MSSQL_DATABASE=${DB_NAME:-onlyoffice}
+        - MSSQL_USER=${DB_USER:-onlyoffice}
+        - MSSQL_PASSWORD=${DB_PWD:-onlyoffice}
+    restart: always
+    volumes:
+      - mssql_data:/var/opt/mssql
+    expose:
+      - '1433'
+
+volumes:
+  mssql_data:

tests/mssql/mssql.Dockerfile

@@ -0,0 +1,9 @@
+FROM mcr.microsoft.com/mssql/server:2022-latest as onlyoffice-mssql
+
+ENV ACCEPT_EULA=Y
+
+SHELL ["/bin/bash", "-c"]
+
+COPY create_db_user.sh /tmp/create_db_user.sh
+
+RUN bash /tmp/create_db_user.sh

tests/mysql.yml

@@ -0,0 +1,37 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    depends_on:
+      - onlyoffice-mysql
+    environment:
+      - DB_TYPE=${DB_TYPE:-mysql}
+      - DB_HOST=${DB_HOST:-onlyoffice-mysql}
+      - DB_PORT=${DB_PORT:-3306}
+      - DB_NAME=${DB_NAME:-onlyoffice}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-mysql:
+    container_name: onlyoffice-mysql
+    image: mysql:${MYSQL_VERSION:-5.7}
+    command: --default-authentication-plugin=mysql_native_password
+    environment:
+      - MYSQL_DATABASE=${MYSQL_DATABASE:-onlyoffice}
+      - MYSQL_USER=${MYSQL_USER:-onlyoffice}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD:-onlyoffice}
+      - MYSQL_ALLOW_EMPTY_PASSWORD=${MYSQL_ALLOW_EMPTY_PASSWORD:-yes}
+    restart: always
+    volumes:
+      - mysql_data:/var/lib/mysql
+    expose:
+      - '3306'
+
+volumes:
+  mysql_data:

tests/oracle/README.md

@@ -0,0 +1,17 @@
+## Stand Documentserver with oracle
+
+### How it works
+
+For deploy stand:
+
+**STEP 1**: Build you own images:
+   
+```bash
+sudo docker-compose build
+```
+
+**STEP 2**: Wait build complete and when:
+
+```bash
+sudo docker-compose up -d 
+```

tests/oracle/create_db_user.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+CONNECTION_STR="sqlplus sys/$ORACLE_PASSWORD@//localhost:1521/$ORACLE_DATABASE as sysdba"
+
+export ORACLE_PWD=$ORACLE_PASSWORD
+
+#start db
+/opt/oracle/runOracle.sh &
+
+#wait for db up
+for (( i=1; i <= 20; i++ )); do
+  RES=$(echo "SELECT version FROM V\$INSTANCE;" | $CONNECTION_STR 2>/dev/null | grep "Connected" | wc -l)
+  if [ "$RES" -ne "0" ]; then
+    echo "Database is ready"
+    break
+  fi
+  sleep 10
+done
+
+sleep 1
+
+#create new db user
+$CONNECTION_STR <<EOF
+CREATE USER $ORACLE_USER IDENTIFIED BY $ORACLE_PASSWORD;
+GRANT CREATE SESSION TO $ORACLE_USER;
+GRANT CREATE TABLE TO $ORACLE_USER; 
+ALTER USER $ORACLE_USER quota unlimited on USERS;
+EOF

tests/oracle/docker-compose.yml

@@ -0,0 +1,38 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../../.
+      dockerfile: Dockerfile
+    depends_on:
+      - onlyoffice-oracle
+    environment:
+      - DB_TYPE=${DB_TYPE:-oracle}
+      - DB_HOST=${DB_HOST:-onlyoffice-oracle}
+      - DB_PORT=${DB_PORT:-1521}
+      - DB_NAME=${DB_NAME:-xepdb1}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-oracle:
+    container_name: onlyoffice-oracle
+    build:
+      context: .
+      dockerfile: oracle.Dockerfile
+      args:
+        - ORACLE_DATABASE=${DB_NAME:-xepdb1}
+        - ORACLE_USER=${DB_USER:-onlyoffice}
+        - ORACLE_PASSWORD=${DB_PWD:-onlyoffice}
+    restart: always
+    volumes:
+      - oracle_data:/opt/oracle/oradata
+    expose:
+      - '1521'
+
+volumes:
+  oracle_data:

tests/oracle/oracle.Dockerfile

@@ -0,0 +1,15 @@
+FROM container-registry.oracle.com/database/express:21.3.0-xe as onlyoffice-oracle
+
+ARG ORACLE_DATABASE=
+ARG ORACLE_PASSWORD=
+ARG ORACLE_USER=
+
+ENV ORACLE_DATABASE=$ORACLE_DATABASE \
+    ORACLE_PASSWORD=$ORACLE_PASSWORD \
+    ORACLE_USER=$ORACLE_USER
+
+SHELL ["/bin/bash", "-c"]
+
+COPY create_db_user.sh /tmp/create_db_user.sh
+
+RUN bash /tmp/create_db_user.sh

tests/postgres-old.yml

@@ -0,0 +1,34 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    depends_on:
+      - onlyoffice-postgresql
+    environment:
+      - POSTGRESQL_SERVER_HOST=${DB_HOST:-onlyoffice-postgresql}
+      - POSTGRESQL_SERVER_PORT=${DB_PORT:-5432}
+      - POSTGRESQL_SERVER_DB_NAME=${DB_NAME:-onlyoffice}
+      - POSTGRESQL_SERVER_USER=${DB_USER:-onlyoffice}
+      - POSTGRESQL_SERVER_PASS=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-postgresql:
+    container_name: onlyoffice-postgresql
+    image: postgres:9.5
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB:-onlyoffice}
+      - POSTGRES_USER=${POSTGRES_USER:-onlyoffice}
+      - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
+    restart: always
+    expose:
+      - '5432'
+    volumes:
+      - postgresql_data:/var/lib/postgresql
+
+volumes:
+  postgresql_data:

tests/postgres.yml

@@ -0,0 +1,35 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    depends_on:
+      - onlyoffice-postgresql
+    environment:
+      - DB_TYPE=${DB_TYPE:-postgres}
+      - DB_HOST=${DB_HOST:-onlyoffice-postgresql}
+      - DB_PORT=${DB_PORT:-5432}
+      - DB_NAME=${DB_NAME:-onlyoffice}
+      - DB_USER=${DB_USER:-onlyoffice}
+      - DB_PWD=${DB_PWD:-onlyoffice}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-postgresql:
+    container_name: onlyoffice-postgresql
+    image: postgres:${POSTGRES_VERSION:-12}
+    environment:
+      - POSTGRES_DB=${POSTGRES_DB:-onlyoffice}
+      - POSTGRES_USER=${POSTGRES_USER:-onlyoffice}
+      - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD:-trust}
+    restart: always
+    expose:
+      - '5432'
+    volumes:
+      - postgresql_data:/var/lib/postgresql
+
+volumes:
+  postgresql_data:

tests/prometheus.yml

@@ -0,0 +1,46 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    depends_on:
+      - onlyoffice-statsd-exporter
+    environment:
+      - METRICS_ENABLED=${METRICS_ENABLED:-true}
+      - METRICS_HOST=${METRICS_HOST:-onlyoffice-statsd-exporter}
+      - METRICS_PORT=${METRICS_PORT:-9125}
+      - METRICS_PREFIX=${METRICS_PREFIX:-ds.}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-statsd-exporter:
+    container_name: onlyoffice-statsd-exporter
+    image: prom/statsd-exporter
+    command: --statsd.event-flush-interval=30000ms
+    ports:
+      - '9102:9102'
+      - '9125:9125/tcp'
+      - '9125:9125/udp'
+
+  onlyoffice-prometheus:
+    container_name: onlyoffice-prometheus
+    image: prom/prometheus
+    ports:
+      - '9090:9090'
+    volumes:
+      - ./prometheus/prometheus-scrape/statsd-exporter.yml:/etc/prometheus/prometheus.yml
+
+  grafana:
+    container_name: onlyoffice-grafana
+    image: bitnami/grafana
+    ports:
+      - '3000:3000'
+    environment:
+      - 'GF_SECURITY_ADMIN_PASSWORD=G0pGE4'
+    volumes:
+      - ./prometheus/grafana/conf/prometheus.yml:/opt/bitnami/grafana/conf/provisioning/datasources/prometheus.yml
+      - ./prometheus/grafana/conf/default-provider.yaml:/opt/bitnami/grafana/conf/provisioning/dashboards/default-provider.yaml
+      - ./prometheus/grafana/dashboards:/opt/bitnami/grafana/dashboards

tests/prometheus/grafana/conf/default-provider.yaml

@@ -0,0 +1,23 @@
+apiVersion: 1
+providers:
+  # <string> an unique provider name
+- name: 'default-provider'
+  # <int> org id. will default to orgId 1 if not specified
+  orgId: 1
+  # <string, required> name of the dashboard folder. Required
+  folder: dashboards
+  # <string> folder UID. will be automatically generated if not specified
+  folderUid: ''
+  # <string, required> provider type. Required
+  type: file
+  # <bool> disable dashboard deletion
+  disableDeletion: false
+  # <bool> enable dashboard editing
+  editable: true
+  # <int> how often Grafana will scan for changed dashboards
+  updateIntervalSeconds: 10
+  options:
+    # <string, required> path to dashboard files on disk. Required
+    path: /opt/bitnami/grafana/dashboards
+    # <bool> enable folders creation for dashboards
+    #foldersFromFilesStructure: true

tests/prometheus/grafana/conf/prometheus.yml

@@ -0,0 +1,6 @@
+apiVersion: 1
+datasources:
+  - name: Prometheus
+    type: prometheus
+    url: http://onlyoffice-prometheus:9090
+    editable: true

tests/prometheus/prometheus-scrape/statsd-exporter.yml

@@ -0,0 +1,6 @@
+scrape_configs:
+  - job_name: 'statsd'
+    scrape_interval: 30s
+    static_configs:
+      - targets:
+        - onlyoffice-statsd-exporter:9102

tests/rabbitmq-old.yml

@@ -0,0 +1,29 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    environment:
+      - AMQP_SERVER_TYPE=${AMQP_SERVER_TYPE:-rabbitmq}
+      - AMQP_SERVER_URL=${AMQP_SERVER_URL:-amqp://guest:guest@onlyoffice-rabbitmq}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    networks:
+      - onlyoffice
+
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '5672'
+
+networks:
+  onlyoffice:
+    driver: 'bridge'

tests/rabbitmq.yml

@@ -0,0 +1,29 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    environment:
+      - AMQP_TYPE=${AMQP_TYPE:-rabbitmq}
+      - AMQP_URI=${AMQP_URI:-amqp://guest:guest@onlyoffice-rabbitmq}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    networks:
+      - onlyoffice
+
+  onlyoffice-rabbitmq:
+    container_name: onlyoffice-rabbitmq
+    image: rabbitmq:${RABBITMQ_VERSION:-latest}
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '5672'
+
+networks:
+  onlyoffice:
+    driver: 'bridge'

tests/redis.yml

@@ -0,0 +1,31 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+      args:
+        - PRODUCT_NAME=${PRODUCT_NAME:-documentserver}
+    environment:
+      - REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-onlyoffice-redis}
+      - REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    networks:
+      - onlyoffice
+
+  onlyoffice-redis:
+    container_name: onlyoffice-redis
+    image: redis:${REDIS_VERSION:-latest}
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '6379'
+
+networks:
+  onlyoffice:
+    driver: 'bridge'

tests/standalone.yml

@@ -0,0 +1,12 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+      args:
+        - PRODUCT_NAME=${PRODUCT_NAME:-documentserver}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'

tests/test.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+ssl=${ssl:-false}
+private_key=${private_key:-tls.key}
+certificate_request=${certificate_request:-tls.csr}
+certificate=${certificate:-tls.crt}
+
+# Generate certificate
+if [[ $ssl == "true" ]]; then
+  url=${url:-"https://localhost"}
+
+  mkdir -p data/certs
+  pushd data/certs
+
+  openssl genrsa -out ${private_key} 2048
+  openssl req \
+    -new \
+    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \
+    -key ${private_key} \
+    -out ${certificate_request}
+  openssl x509 -req -days 365 -in ${certificate_request} -signkey ${private_key} -out ${certificate}
+  openssl dhparam -out dhparam.pem 2048
+  chmod 400 ${private_key}
+
+  popd
+else
+  url=${url:-"http://localhost"}
+fi
+
+# Check if the yml exists
+if [[ ! -f $config ]]; then
+  echo "File $config doesn't exist!"
+  exit 1
+fi
+
+# Run test environment
+docker-compose -p ds -f $config up -d
+
+wakeup_timeout=90
+
+# Get documentserver healthcheck status
+echo "Wait for service wake up"
+sleep $wakeup_timeout
+healthcheck_res=$(wget --no-check-certificate -qO - ${url}/healthcheck)
+
+# Fail if it isn't true
+if [[ $healthcheck_res == "true" ]]; then
+  echo "Healthcheck passed."
+else
+  echo "Healthcheck failed!"
+  exit 1
+fi
+
+docker-compose -p ds -f $config down