Add target for deploy docker images to s3

- UTMs added to website links in Project information
- Link to solutions comparison added to Project information

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,13 @@
+**Do you want to request a *feature* or report a *bug*?**
+
+**What is the current behavior?**
+
+**If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.**
+
+**What is the expected behavior?**
+
+**Did this work in previous versions of DocumentServer?**
+
+**DocumentServer Docker tag:**
+
+**Host Operating System:**

Dockerfile

@@ -1,21 +1,52 @@
-FROM ubuntu:14.04
-MAINTAINER Ascensio System SIA <support@onlyoffice.com>
+FROM ubuntu:16.04
+LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
 
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
 
+ARG ONLYOFFICE_VALUE=onlyoffice
+
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     apt-get -y update && \
-    apt-get --force-yes -yq install wget apt-transport-https curl && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D9D0BF019CC8AC0D && \
-    echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" >> /etc/apt/sources.list && \
+    apt-get -yq install wget apt-transport-https curl locales && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
     locale-gen en_US.UTF-8 && \
-    curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
+    curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
     apt-get -y update && \
-    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
-    apt-get --force-yes -yq install software-properties-common adduser postgresql redis-server rabbitmq-server nginx-extras nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g supervisor fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libgtkglext1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2 bomstrip libnspr4 libnss3 libnss3-nssdb nano htop && \
-    sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" && \
-    sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" && \
-    sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" && \ 
+    apt-get -yq install \
+        adduser \
+        bomstrip \
+        htop \
+        libasound2 \
+        libboost-regex-dev \
+        libcairo2 \
+        libcurl3 \
+        libgconf2-4 \
+        libgtkglext1 \
+        libnspr4 \
+        libnss3 \
+        libnss3-nssdb \
+        libstdc++6 \
+        libxml2 \
+        libxss1 \
+        libxtst6 \
+        nano \
+        net-tools \
+        netcat \
+        nginx-extras \
+        nodejs \
+        postgresql \
+        postgresql-client \
+        pwgen \
+        rabbitmq-server \
+        redis-server \
+        software-properties-common \
+        sudo \
+        supervisor \
+        xvfb \
+        zlib1g && \
+    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
+    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
+    sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ 
     service postgresql stop && \
     service redis-server stop && \
     service rabbitmq-server stop && \
@@ -23,24 +54,27 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     service nginx stop && \
     rm -rf /var/lib/apt/lists/*
 
-ADD config /app/onlyoffice/setup/config/
-ADD run-document-server.sh /app/onlyoffice/run-document-server.sh
+COPY config /app/ds/setup/config/
+COPY run-document-server.sh /app/ds/run-document-server.sh
 
 EXPOSE 80 443
 
 ARG REPO_URL="deb http://download.onlyoffice.com/repo/debian squeeze main"
-ARG PRODUCT_NAME=onlyoffice-documentserver
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_NAME=documentserver
 
-RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/onlyoffice.list && \
+ENV COMPANY_NAME=$COMPANY_NAME
+
+RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/ds.list && \
     apt-get -y update && \
     service postgresql start && \
-    apt-get --force-yes -yq install $PRODUCT_NAME && \
+    apt-get -yq install $COMPANY_NAME-$PRODUCT_NAME && \
     service postgresql stop && \
     service supervisor stop && \
-    chmod 755 /app/onlyoffice/*.sh && \
-    rm -rf /var/log/onlyoffice && \
+    chmod 755 /app/ds/*.sh && \
+    rm -rf /var/log/$COMPANY_NAME && \
     rm -rf /var/lib/apt/lists/*
 
-VOLUME /etc/onlyoffice /var/log/onlyoffice /var/lib/onlyoffice /var/www/onlyoffice/Data
+VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /usr/share/fonts/truetype/custom
 
-CMD bash -C '/app/onlyoffice/run-document-server.sh';'bash'
+ENTRYPOINT /app/ds/run-document-server.sh

Makefile

@@ -1,48 +1,66 @@
+COMPANY_NAME ?= onlyoffice
+GIT_BRANCH ?= develop
+PRODUCT_NAME ?= documentserver-ie
+PRODUCT_VERSION ?= 0.0.0
+BUILD_NUMBER ?= 0
+ONLYOFFICE_VALUE ?= onlyoffice
+
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
 
-REPO_URL := "deb http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
+REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
 
 UPDATE_LATEST := false
 
 ifneq (,$(findstring develop,$(GIT_BRANCH)))
-UPDATE_LATEST := true
-endif
-
-ifneq (,$(findstring release,$(GIT_BRANCH)))
-UPDATE_LATEST := true
-endif
-
-ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
-UPDATE_LATEST := true
-endif
-
-ifeq ($(UPDATE_LATEST), true)
-DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 DOCKER_TAGS += latest
+else ifneq (,$(findstring release,$(GIT_BRANCH)))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
+else ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
 else
-DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
 endif
 
+DOCKER_TAGS += $(DOCKER_TAG)
+
 DOCKER_REPO = $(COMPANY_NAME)/4testing-$(PRODUCT_NAME)
 
 COLON := __colon__
 DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
 
-.PHONY: all clean clean-docker deploy docker
+DOCKER_ARCH := $(COMPANY_NAME)-$(PRODUCT_NAME)_$(PACKAGE_VERSION).tar.gz
+
+.PHONY: all clean clean-docker deploy docker publish
 
 $(DOCKER_TARGETS): $(DEB_REPO_DATA)
 
-	sudo docker build --build-arg REPO_URL=$(REPO_URL) --build-arg PRODUCT_NAME=$(COMPANY_NAME)-$(PRODUCT_NAME) -t $(subst $(COLON),:,$@) . &&\
+	docker build \
+		--build-arg REPO_URL=$(REPO_URL) \
+		--build-arg COMPANY_NAME=$(COMPANY_NAME) \
+		--build-arg PRODUCT_NAME=$(PRODUCT_NAME) \
+		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
+		-t $(subst $(COLON),:,$@) . &&\
 	mkdir -p $$(dirname $@) &&\
 	echo "Done" > $@
 
+$(DOCKER_ARCH): $(DOCKER_TARGETS)
+	docker save $(DOCKER_REPO):$(DOCKER_TAG) | \
+		gzip > $@
+
 all: $(DOCKER_TARGETS)
 
 clean:
-	rm -rfv $(DOCKER_TARGETS)
+	rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
 		
 clean-docker:
-	sudo docker rmi -f $$(sudo docker images -q $(COMPANY_NAME)/*) || exit 0
+	docker rmi -f $$(docker images -q $(COMPANY_NAME)/*) || exit 0
 
 deploy: $(DOCKER_TARGETS)
-	$(foreach TARGET,$(DOCKER_TARGETS),sudo docker push $(subst $(COLON),:,$(TARGET));)
+	$(foreach TARGET,$(DOCKER_TARGETS),docker push $(subst $(COLON),:,$(TARGET));)
+
+publish: $(DOCKER_ARCH)
+	aws s3 cp \
+		$(DOCKER_ARCH) \
+		s3://repo-doc-onlyoffice-com.s3.amazonaws.com/docker/amd64/ \
+		--acl public-read

README.md

@@ -4,6 +4,7 @@
 * [Running Docker Image](#running-docker-image)
 * [Configuring Docker Image](#configuring-docker-image)
     - [Storing Data](#storing-data)
+    - [Running ONLYOFFICE Document Server on Different Port](#running-onlyoffice-document-server-on-different-port)
     - [Running ONLYOFFICE Document Server using HTTPS](#running-onlyoffice-document-server-using-https)
         + [Generation of Self Signed Certificates](#generation-of-self-signed-certificates)
         + [Strengthening the Server Security](#strengthening-the-server-security)
@@ -12,7 +13,7 @@
 * [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
 * [Issues](#issues)
     - [Docker Issues](#docker-issues)
-    - [Mono Issues](#mono-issues)
+    - [Document Server usage Issues](#document-server-usage-issues)
 * [Project Information](#project-information)
 * [User Feedback and Support](#user-feedback-and-support)
 
@@ -39,9 +40,9 @@ Integrating it with ONLYOFFICE Community Server you will be able to:
 
 * **RAM**: 4 GB or more
 * **CPU**: dual-core 2 GHz or higher
-* **Swap file**: at least 2 GB
+* **Swap**: at least 2 GB
 * **HDD**: at least 2 GB of free space
-* **Distributive**: 64-bit Red Hat, CentOS or other compatible distributive with kernel version 3.8 or later, 64-bit Debian, Ubuntu or other compatible distributive with kernel version 3.8 or later
+* **Distribution**: 64-bit Red Hat, CentOS or other compatible distributive with kernel version 3.8 or later, 64-bit Debian, Ubuntu or other compatible distributive with kernel version 3.8 or later
 * **Docker**: version 1.9.0 or later
 
 ## Running Docker Image
@@ -57,14 +58,27 @@ Use this command if you wish to install ONLYOFFICE Document Server separately. T
 All the data are stored in the specially-designated directories, **data volumes**, at the following location:
 * **/var/log/onlyoffice** for ONLYOFFICE Document Server logs
 * **/var/www/onlyoffice/Data** for certificates
+* **/var/lib/onlyoffice** for file cache
+* **/var/lib/postgresql** for database
 
 To get access to your data from outside the container, you need to mount the volumes. It can be done by specifying the '-v' option in the docker run command.
 
     sudo docker run -i -t -d -p 80:80 \
         -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
-        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  onlyoffice/documentserver
+        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
+        -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
+        -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver
 
-Storing the data on the host machine allows you to easily update ONLYOFFICE once the new version is released without losing your data.
+Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
+* For easy access to container data, such as logs
+* To remove the limit on the size of the data inside the container
+* When using services launched outside the container such as PostgreSQL, Redis, RabbitMQ
+
+### Running ONLYOFFICE Document Server on Different Port
+
+To change the port, use the -p command. E.g.: to make your portal accessible via port 8080 execute the following command:
+
+    sudo docker run -i -t -d -p 8080:80 onlyoffice/documentserver
 
 ### Running ONLYOFFICE Document Server using HTTPS
 
@@ -153,60 +167,91 @@ Below is the complete list of parameters that can be set using environment varia
 - **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup.
 - **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account.
 - **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account.
-- **RABBITMQ_SERVER_HOST**: The IP address or the name of the host where the RabbitMQ server is running.
-- **RABBITMQ_SERVER_USER**: The RabbitMQ server user name.
-- **RABBITMQ_SERVER_PASS**: The password set for the RabbitMQ account.
+- **AMQP_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
+- **AMQP_SERVER_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
+- **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
+- **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
+- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
+- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
+- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
 
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
 
 ONLYOFFICE Document Server is a part of ONLYOFFICE Community Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
 
-**STEP 1**: Create the 'onlyoffice' network.
+**STEP 1**: Create the `onlyoffice` network.
 
 ```bash
 docker network create --driver bridge onlyoffice
 ```
-Than launch containers on it using the 'docker run --net onlyoffice' option:
+Then launch containers on it using the 'docker run --net onlyoffice' option:
 
-**STEP 1**: Install ONLYOFFICE Document Server.
+**STEP 2**: Install MySQL.
+
+Follow [these steps](#installing-mysql) to install MySQL server.
+
+**STEP 3**: Install ONLYOFFICE Document Server.
 
 ```bash
 sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \
-	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-	-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
+	-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
+	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
+	-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
+	-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
 	onlyoffice/documentserver
 ```
 
-**STEP 2**: Install ONLYOFFICE Mail Server. 
+**STEP 4**: Install ONLYOFFICE Mail Server. 
 
 For the mail server correct work you need to specify its hostname 'yourdomain.com'.
-To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
 
 ```bash
-sudo docker run --net onlyoffice --privileged -i -t -d --restart=always --name onlyoffice-mail-server \
-	-p 25:25 -p 143:143 -p 587:587 \
-	-v /app/onlyoffice/MailServer/data:/var/vmail \
-	-v /app/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver \
-	-v /app/onlyoffice/MailServer/logs:/var/log \
-	-v /app/onlyoffice/MailServer/mysql:/var/lib/mysql \
-	-h yourdomain.com \
-	onlyoffice/mailserver
+sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always --name onlyoffice-mail-server -p 25:25 -p 143:143 -p 587:587 \
+ -e MYSQL_SERVER=onlyoffice-mysql-server \
+ -e MYSQL_SERVER_PORT=3306 \
+ -e MYSQL_ROOT_USER=root \
+ -e MYSQL_ROOT_PASSWD=my-secret-pw \
+ -e MYSQL_SERVER_DB_NAME=onlyoffice_mailserver \
+ -v /app/onlyoffice/MailServer/data:/var/vmail \
+ -v /app/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver \
+ -v /app/onlyoffice/MailServer/logs:/var/log \
+ -h yourdomain.com \
+ onlyoffice/mailserver
 ```
 
-**STEP 3**: Install ONLYOFFICE Community Server
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).
+
+To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
+
+**STEP 5**: Install ONLYOFFICE Community Server
 
 ```bash
-sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server \
-	-p 80:80 -p 5222:5222 -p 443:443 \
-	-v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
-	-v /app/onlyoffice/CommunityServer/mysql:/var/lib/mysql \
-	-v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
-	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/DocumentServerData \
-	-e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
-	-e MAIL_SERVER_DB_HOST=onlyoffice-mail-server \
-	onlyoffice/communityserver
+sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \
+ -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \
+ -e MYSQL_SERVER_DB_NAME=onlyoffice \
+ -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \
+ -e MYSQL_SERVER_USER=onlyoffice_user \
+ -e MYSQL_SERVER_PASS=onlyoffice_pass \
+ 
+ -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
+ 
+ -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \
+ -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \
+ -e MAIL_SERVER_DB_NAME=onlyoffice_mailserver \
+ -e MAIL_SERVER_DB_PORT=3306 \
+ -e MAIL_SERVER_DB_USER=root \
+ -e MAIL_SERVER_DB_PASS=my-secret-pw \
+ 
+ -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
+ -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
+ onlyoffice/communityserver
+```
+
+Where `${MAIL_SERVER_IP}` is the IP address for **ONLYOFFICE Mail Server**. You can easily get it using the command:
+```
+docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server
 ```
 
 Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'.
@@ -238,14 +283,19 @@ As a relatively new project Docker is being worked on and actively developed by
 
 The known Docker issue with ONLYOFFICE Document Server with rpm-based distributives is that sometimes the processes fail to start inside Docker container. Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0. If it fixes the issue then you can either stick with SELinux disabled which is not recommended by RedHat, or switch to using Ubuntu.
 
-### Mono Issues
+### Document Server usage issues
 
-ONLYOFFICE installation requires the presence of mono (tested for version 3.12.1 or [older](http://www.mono-project.com/docs/getting-started/install/linux/#accessing-older-releases "older")) that may cause problems for some Linux kernel versions. The full list of supported kernel versions is available [here](http://onlyo.co/1PABPEI "here").
+Due to the operational characteristic, **Document Server** saves a document only after the document has been closed by all the users who edited it. To avoid data loss, you must forcefully disconnect the **Document Server** users when you need to stop **Document Server** in cases of the application update, server reboot etc. To do that, execute the following script on the server where **Document Server** is installed:
 
+```
+sudo docker exec <CONTAINER> documentserver-prepare4shutdown.sh
+```
+
+Please note, that both executing the script and disconnecting users may take a long time (up to 5 minutes).
 
 ## Project Information
 
-Official website: [http://www.onlyoffice.org](http://onlyoffice.org "http://www.onlyoffice.org")
+Official website: [https://www.onlyoffice.com](https://www.onlyoffice.com/?utm_source=github&utm_medium=cpc&utm_campaign=GitHubDockerDS)
 
 Code repository: [https://github.com/ONLYOFFICE/DocumentServer](https://github.com/ONLYOFFICE/DocumentServer "https://github.com/ONLYOFFICE/DocumentServer")
 
@@ -253,7 +303,9 @@ Docker Image: [https://github.com/ONLYOFFICE/Docker-DocumentServer](https://gith
 
 License: [GNU AGPL v3.0](https://help.onlyoffice.com/products/files/doceditor.aspx?fileid=4358397&doc=K0ZUdlVuQzQ0RFhhMzhZRVN4ZFIvaHlhUjN2eS9XMXpKR1M5WEppUk1Gcz0_IjQzNTgzOTci0 "GNU AGPL v3.0")
 
-SaaS version: [http://www.onlyoffice.com](http://www.onlyoffice.com "http://www.onlyoffice.com")
+Free version vs commercial builds comparison: https://github.com/ONLYOFFICE/DocumentServer#onlyoffice-document-server-editions
+
+SaaS version: [https://www.onlyoffice.com/cloud-office.aspx](https://www.onlyoffice.com/cloud-office.aspx?utm_source=github&utm_medium=cpc&utm_campaign=GitHubDockerDS)
 
 ## User Feedback and Support
 

activemq.yml

@@ -0,0 +1,31 @@
+version: '2'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    image: onlyoffice/4testing-documentserver-ie:latest
+    environment:
+      - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-activemq
+      - AMQP_SERVER_TYPE=activemq
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+      - '443:443'
+    networks:
+      - onlyoffice
+
+  onlyoffice-activemq:
+    container_name: onlyoffice-activemq
+    image: webcenter/activemq:5.14.3
+    environment:
+      - ACTIVEMQ_USERS_guest=guest
+      - ACTIVEMQ_GROUPS_owners=guest
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '5672'
+
+networks:
+  onlyoffice:
+    driver: 'bridge'

config/nginx/onlyoffice-documentserver-ssl.conf

@@ -1,71 +0,0 @@
-include /etc/nginx/includes/onlyoffice-http.conf;
-
-## Normal HTTP host
-server {
-  listen 0.0.0.0:80;
-  listen [::]:80 default_server;
-  server_name _;
-  server_tokens off;
-
-  ## Redirects all traffic to the HTTPS host
-  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
-  rewrite ^ https://$host$request_uri? permanent;
-}
-
-#HTTP host for internal services
-server {
-  listen 127.0.0.1:80;
-  listen [::1]:80;
-  server_name localhost;
-  server_tokens off;
-  
-  include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
-  include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
-}
-
-## HTTPS host
-server {
-  listen 0.0.0.0:443 ssl;
-  listen [::]:443 ssl default_server;
-  server_tokens off;
-  root /usr/share/nginx/html;
-
-  ## Strong SSL Security
-  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-  ssl on;
-  ssl_certificate {{SSL_CERTIFICATE_PATH}};
-  ssl_certificate_key {{SSL_KEY_PATH}};
-  ssl_verify_client {{SSL_VERIFY_CLIENT}};
-  ssl_client_certificate {{CA_CERTIFICATES_PATH}};
-
-  ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-
-  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
-  ssl_session_cache  builtin:1000  shared:SSL:10m;
-
-  ssl_prefer_server_ciphers   on;
-
-  add_header Strict-Transport-Security max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}};
-  # add_header X-Frame-Options SAMEORIGIN;
-  add_header X-Content-Type-Options nosniff;
-
-  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
-  ## Replace with your ssl_trusted_certificate. For more info see:
-  ## - https://medium.com/devops-programming/4445f4862461
-  ## - https://www.ruby-forum.com/topic/4419319
-  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
-  # ssl_stapling on;
-  # ssl_stapling_verify on;
-  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
-  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
-  # resolver_timeout 10s;
-
-  ## [Optional] Generate a stronger DHE parameter:
-  ##   cd /etc/ssl/certs
-  ##   sudo openssl dhparam -out dhparam.pem 4096
-  ##
-  ssl_dhparam {{SSL_DHPARAM_PATH}};
-
-  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
-
-}

config/nginx/onlyoffice-documentserver.conf

@@ -1,8 +0,0 @@
-include /etc/nginx/includes/onlyoffice-http.conf;
-server {
-  listen 0.0.0.0:80;
-  listen [::]:80 default_server;
-  server_tokens off;
-  
-  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
-}

docker-compose.yml

@@ -9,16 +9,19 @@ services:
       - POSTGRESQL_SERVER_PORT=5432
       - POSTGRESQL_SERVER_DB_NAME=onlyoffice
       - POSTGRESQL_SERVER_USER=onlyoffice
-      - RABBITMQ_SERVER_HOST=onlyoffice-rabbitmq
-      - RABBITMQ_SERVER_USER=guest
-      - RABBITMQ_SERVER_PASS=guest
+      - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq
       - REDIS_SERVER_HOST=onlyoffice-redis
       - REDIS_SERVER_PORT=6379
+      # Uncomment strings below to enable the JSON Web Token validation.
+      #- JWT_ENABLED=true
+      #- JWT_SECRET=secret
+      #- JWT_HEADER=Authorization
     stdin_open: true
     restart: always
     networks:
       - onlyoffice
     volumes:
+       - /etc/onlyoffice
        - /var/www/onlyoffice/Data
        - /var/log/onlyoffice
        - /var/lib/onlyoffice/documentserver/App_Data/cache/files

run-document-server.sh

@@ -1,8 +1,15 @@
 #!/bin/bash
 
-APP_DIR="/var/www/onlyoffice/documentserver"
-DATA_DIR="/var/www/onlyoffice/Data"
-LOG_DIR="/var/log/onlyoffice/documentserver"
+# Define '**' behavior explicitly
+shopt -s globstar
+
+APP_DIR="/var/www/${COMPANY_NAME}/documentserver"
+DATA_DIR="/var/www/${COMPANY_NAME}/Data"
+LOG_DIR="/var/log/${COMPANY_NAME}"
+DS_LOG_DIR="${LOG_DIR}/documentserver"
+LIB_DIR="/var/lib/${COMPANY_NAME}"
+DS_LIB_DIR="${LIB_DIR}/documentserver"
+CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
 
 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
@@ -15,36 +22,98 @@ CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certific
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
 ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
-ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
-SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
+ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
+SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
 
-NGINX_ONLYOFFICE_PATH="/etc/nginx/conf.d/onlyoffice-documentserver.conf";
+NGINX_CONFD_PATH="/etc/nginx/conf.d";
+NGINX_ONLYOFFICE_PATH="${CONF_DIR}/nginx"
+NGINX_ONLYOFFICE_CONF="${NGINX_ONLYOFFICE_PATH}/ds.conf"
+NGINX_ONLYOFFICE_EXAMPLE_PATH="${CONF_DIR}-example/nginx"
+NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-example.conf"
 
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
-NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)}
+NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
 NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 
-ONLYOFFICE_DEFAULT_CONFIG=/etc/onlyoffice/documentserver/default.json
+JWT_ENABLED=${JWT_ENABLED:-false}
+JWT_SECRET=${JWT_SECRET:-secret}
+JWT_HEADER=${JWT_HEADER:-Authorization}
 
-JSON="json -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
+ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
+ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
+ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json
+
+JSON_BIN=${APP_DIR}/npm/node_modules/.bin/json
+JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
+JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
+JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
 
 LOCAL_SERVICES=()
 
+PG_ROOT=/var/lib/postgresql
+PG_VERSION=9.5
+PG_NAME=main
+PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME}
+PG_NEW_CLUSTER=false
+
 read_setting(){
   POSTGRESQL_SERVER_HOST=${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}
-  POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}
+  POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-5432}
   POSTGRESQL_SERVER_DB_NAME=${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}
   POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
   POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}
 
-  RABBITMQ_SERVER_URL=$(${JSON} rabbitmq.url)
-  RABBITMQ_SERVER_HOST=${RABBITMQ_SERVER_HOST:-${RABBITMQ_SERVER_URL#'amqp://'}}
-  RABBITMQ_SERVER_USER=${RABBITMQ_SERVER_USER:-$(${JSON} rabbitmq.login)}
-  RABBITMQ_SERVER_PASS=${RABBITMQ_SERVER_PASS:-$(${JSON} rabbitmq.password)}
-  RABBITMQ_SERVER_PORT=${RABBITMQ_SERVER_PORT:-"5672"}
+  RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
+  AMQP_SERVER_URL=${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}
+  AMQP_SERVER_TYPE=${AMQP_SERVER_TYPE:-rabbitmq}
+  parse_rabbitmq_url ${AMQP_SERVER_URL}
 
   REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
-  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-$(${JSON} services.CoAuthoring.redis.port)}
+  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
+
+  DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)}
+}
+
+parse_rabbitmq_url(){
+  local amqp=$1
+
+  # extract the protocol
+  local proto="$(echo $amqp | grep :// | sed -e's,^\(.*://\).*,\1,g')"
+  # remove the protocol
+  local url="$(echo ${amqp/$proto/})"
+
+  # extract the user and password (if any)
+  local userpass="`echo $url | grep @ | cut -d@ -f1`"
+  local pass=`echo $userpass | grep : | cut -d: -f2`
+
+  local user
+  if [ -n "$pass" ]; then
+    user=`echo $userpass | grep : | cut -d: -f1`
+  else
+    user=$userpass
+  fi
+
+  # extract the host
+  local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
+  # by request - try to extract the port
+  local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
+
+  local host
+  if [ -n "$port" ]; then
+    host=`echo $hostport | grep : | cut -d: -f1`
+  else
+    host=$hostport
+    port="5672"
+  fi
+
+  # extract the path (if any)
+  local path="$(echo $url | grep / | cut -d/ -f2-)"
+
+  AMQP_SERVER_PROTO=${proto:0:-3}
+  AMQP_SERVER_HOST=$host
+  AMQP_SERVER_USER=$user
+  AMQP_SERVER_PASS=$pass
+  AMQP_SERVER_PORT=$port
 }
 
 waiting_for_connection(){
@@ -58,8 +127,8 @@ waiting_for_postgresql(){
   waiting_for_connection ${POSTGRESQL_SERVER_HOST} ${POSTGRESQL_SERVER_PORT}
 }
 
-waiting_for_rabbitmq(){
-  waiting_for_connection ${RABBITMQ_SERVER_HOST} ${RABBITMQ_SERVER_PORT}
+waiting_for_amqp(){
+  waiting_for_connection ${AMQP_SERVER_HOST} ${AMQP_SERVER_PORT}
 }
 
 waiting_for_redis(){
@@ -77,9 +146,47 @@ update_postgresql_settings(){
 }
 
 update_rabbitmq_setting(){
-  ${JSON} -I -e "this.rabbitmq.url = 'amqp://${RABBITMQ_SERVER_HOST}'"
-  ${JSON} -I -e "this.rabbitmq.login = '${RABBITMQ_SERVER_USER}'"
-  ${JSON} -I -e "this.rabbitmq.password = '${RABBITMQ_SERVER_PASS}'"
+  if [ "${AMQP_SERVER_TYPE}" == "rabbitmq" ]; then
+    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
+    ${JSON} -I -e "this.queue.type = 'rabbitmq'"
+    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_SERVER_URL}'"
+  fi
+  
+  if [ "${AMQP_SERVER_TYPE}" == "activemq" ]; then
+    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
+    ${JSON} -I -e "this.queue.type = 'activemq'"
+    ${JSON} -I -e "if(this.activemq===undefined)this.activemq={};"
+    ${JSON} -I -e "if(this.activemq.connectOptions===undefined)this.activemq.connectOptions={};"
+
+    ${JSON} -I -e "this.activemq.connectOptions.host = '${AMQP_SERVER_HOST}'"
+
+    if [ ! "${AMQP_SERVER_PORT}" == "" ]; then
+      ${JSON} -I -e "this.activemq.connectOptions.port = '${AMQP_SERVER_PORT}'"
+    else
+      ${JSON} -I -e "delete this.activemq.connectOptions.port"
+    fi
+
+    if [ ! "${AMQP_SERVER_USER}" == "" ]; then
+      ${JSON} -I -e "this.activemq.connectOptions.username = '${AMQP_SERVER_USER}'"
+    else
+      ${JSON} -I -e "delete this.activemq.connectOptions.username"
+    fi
+
+    if [ ! "${AMQP_SERVER_PASS}" == "" ]; then
+      ${JSON} -I -e "this.activemq.connectOptions.password = '${AMQP_SERVER_PASS}'"
+    else
+      ${JSON} -I -e "delete this.activemq.connectOptions.password"
+    fi
+
+    case "${AMQP_SERVER_PROTO}" in
+      amqp+ssl|amqps)
+        ${JSON} -I -e "this.activemq.connectOptions.transport = 'tls'"
+        ;;
+      *)
+        ${JSON} -I -e "delete this.activemq.connectOptions.transport"
+        ;;
+    esac 
+  fi
 }
 
 update_redis_settings(){
@@ -87,8 +194,46 @@ update_redis_settings(){
   ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
 }
 
+update_jwt_settings(){
+  if [ "${JWT_ENABLED}" == "true" ]; then
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
+
+    ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+
+    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+
+    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
+      ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
+      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
+      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
+    fi
+  fi
+}
+
+create_postgresql_cluster(){
+  local pg_conf_dir=/etc/postgresql/${PG_VERSION}/${PG_NAME}
+  local postgresql_conf=$pg_conf_dir/postgresql.conf
+  local hba_conf=$pg_conf_dir/pg_hba.conf
+
+  mv $postgresql_conf $postgresql_conf.backup
+  mv $hba_conf $hba_conf.backup
+
+  pg_createcluster ${PG_VERSION} ${PG_NAME}
+}
+
 create_postgresql_db(){
-  CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -U${POSTGRESQL_SERVER_USER} -w"
+  sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
+  sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
+  sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
+}
+
+create_postgresql_tbl(){
+  CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -p${POSTGRESQL_SERVER_PORT} -U${POSTGRESQL_SERVER_USER} -w"
   if [ -n "${POSTGRESQL_SERVER_PASS}" ]; then
     export PGPASSWORD=${POSTGRESQL_SERVER_PASS}
   fi
@@ -98,7 +243,7 @@ create_postgresql_db(){
 
   # Create db on remote server
   if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then
-    $CREATEDB $DB_NAME
+    $CREATEDB $POSTGRESQL_SERVER_DB_NAME
   fi
 
   $PSQL -d "${POSTGRESQL_SERVER_DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql"
@@ -112,34 +257,44 @@ update_nginx_settings(){
 
   # setup HTTPS
   if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
-    cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver-ssl.conf ${NGINX_ONLYOFFICE_PATH}
+    cp -f ${NGINX_ONLYOFFICE_PATH}/ds-ssl.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
 
     # configure nginx
-    sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-    sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+    sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
+    sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
+
+    # turn on http2
+    sed 's,\(443 ssl\),\1 http2,' -i ${NGINX_ONLYOFFICE_CONF}
 
     # if dhparam path is valid, add to the config, otherwise remove the option
     if [ -r "${SSL_DHPARAM_PATH}" ]; then
-      sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+      sed 's,\(\#* *\)\?\(ssl_dhparam \).*\(;\)$,'"\2${SSL_DHPARAM_PATH}\3"',' -i ${NGINX_ONLYOFFICE_CONF}
     else
-      sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i ${NGINX_ONLYOFFICE_PATH}
+      sed '/ssl_dhparam/d' -i ${NGINX_ONLYOFFICE_CONF}
     fi
 
-    sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
+    sed 's,\(ssl_verify_client \).*\(;\)$,'"\1${SSL_VERIFY_CLIENT}\2"',' -i ${NGINX_ONLYOFFICE_CONF}
 
     if [ -f "${CA_CERTIFICATES_PATH}" ]; then
-      sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-    else
-      sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
+      sed '/ssl_verify_client/a '"ssl_client_certificate ${CA_CERTIFICATES_PATH}"';' -i ${NGINX_ONLYOFFICE_CONF}
     fi
 
     if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
-      sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/'"${ONLYOFFICE_HTTPS_HSTS_MAXAGE}"'/' -i ${NGINX_ONLYOFFICE_PATH}
+      sed 's,\(max-age=\).*\(;\)$,'"\1${ONLYOFFICE_HTTPS_HSTS_MAXAGE}\2"',' -i ${NGINX_ONLYOFFICE_CONF}
     else
-      sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
+      sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF}
     fi
   else
-    cp ${SYSCONF_TEMPLATES_DIR}/nginx/onlyoffice-documentserver.conf ${NGINX_ONLYOFFICE_PATH}
+    ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
+  fi
+
+  # check if ipv6 supported otherwise remove it from nginx config
+  if [ ! -f /proc/net/if_inet6 ]; then
+    sed '/listen\s\+\[::[0-9]*\].\+/d' -i $NGINX_ONLYOFFICE_CONF
+  fi
+
+  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
+    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
   fi
 }
 
@@ -150,36 +305,70 @@ update_supervisor_settings(){
   cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
 }
 
+update_log_settings(){
+   ${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
+}
+
+update_logrotate_settings(){
+  sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf
+}
+
 # create base folders
 for i in converter docservice spellchecker metrics gc; do
-  mkdir -p "${LOG_DIR}/$i"
+  mkdir -p "${DS_LOG_DIR}/$i"
 done
 
-mkdir -p ${LOG_DIR}-example
+mkdir -p ${DS_LOG_DIR}-example
+
+# create app folders
+for i in App_Data/cache/files App_Data/docbuilder; do
+  mkdir -p "${DS_LIB_DIR}/$i"
+done
+
+# change folder rights
+for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
+  chown -R ds:ds "$i"
+  chmod -R 755 "$i"
+done
 
 if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
 
   read_setting
 
+  update_log_settings
+
+  update_jwt_settings
+
   # update settings by env variables
   if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then
     update_postgresql_settings
     waiting_for_postgresql
-    create_postgresql_db
+    create_postgresql_tbl
   else
+    # change rights for postgres directory
+    chown -R postgres:postgres ${PG_ROOT}
+    chmod -R 700 ${PG_ROOT}
+
+    # create new db if it isn't exist
+    if [ ! -d ${PGDATA} ]; then
+      create_postgresql_cluster
+      PG_NEW_CLUSTER=true
+    fi
     LOCAL_SERVICES+=("postgresql")
   fi
 
-  if [ ${RABBITMQ_SERVER_HOST} != "localhost" ]; then
+  if [ ${AMQP_SERVER_HOST} != "localhost" ]; then
     update_rabbitmq_setting
   else
-    LOCAL_SERVICES+=("redis-server")
+    LOCAL_SERVICES+=("rabbitmq-server")
+    # allow Rabbitmq startup after container kill
+    rm -rf /var/run/rabbitmq
   fi
 
   if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
     update_redis_settings
   else
-    LOCAL_SERVICES+=("rabbitmq-server")
+    LOCAL_SERVICES+=("redis-server")
   fi
 else
   # no need to update settings just wait for remote data
@@ -195,15 +384,24 @@ for i in ${LOCAL_SERVICES[@]}; do
   service $i start
 done
 
+if [ ${PG_NEW_CLUSTER} = "true" ]; then
+  create_postgresql_db
+  create_postgresql_tbl
+fi
+
 if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
   waiting_for_postgresql
-  waiting_for_rabbitmq
+  waiting_for_amqp
   waiting_for_redis
 
   update_nginx_settings
 
   update_supervisor_settings
   service supervisor start
+  
+  # start cron to enable log rotating
+  update_logrotate_settings
+  service cron start
 fi
 
 # nginx used as a proxy, and as data container status service.
@@ -212,3 +410,6 @@ service nginx start
 
 # Regenerate the fonts list and the fonts thumbnails
 documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
+documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}
+
+tail -f /var/log/${COMPANY_NAME}/**/*.log