v5.1.1

Use a long keyid for Onlyoffice's Debian repo

Dockerfile

@@ -1,18 +1,47 @@
-FROM ubuntu:14.04
-MAINTAINER Ascensio System SIA <support@onlyoffice.com>
+FROM ubuntu:16.04
+LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
 
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
 
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     apt-get -y update && \
-    apt-get --force-yes -yq install wget apt-transport-https curl && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CB2DE8E5 && \
-    echo "deb http://archive.ubuntu.com/ubuntu precise main universe multiverse" >> /etc/apt/sources.list && \
+    apt-get -yq install wget apt-transport-https curl locales && \
+    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
     locale-gen en_US.UTF-8 && \
     curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
     apt-get -y update && \
-    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
-    apt-get --force-yes -yq install software-properties-common adduser postgresql postgresql-client redis-server rabbitmq-server nginx-extras nodejs libstdc++6 libcurl3 libxml2 libboost-regex-dev zlib1g supervisor fonts-dejavu fonts-liberation ttf-mscorefonts-installer fonts-crosextra-carlito fonts-takao-gothic fonts-opensymbol libxss1 libgtkglext1 libcairo2 xvfb libxtst6 libgconf2-4 libasound2 bomstrip libnspr4 libnss3 libnss3-nssdb nano htop && \
+    apt-get -yq install \
+        adduser \
+        bomstrip \
+        htop \
+        libasound2 \
+        libboost-regex-dev \
+        libcairo2 \
+        libcurl3 \
+        libgconf2-4 \
+        libgtkglext1 \
+        libnspr4 \
+        libnss3 \
+        libnss3-nssdb \
+        libstdc++6 \
+        libxml2 \
+        libxss1 \
+        libxtst6 \
+        nano \
+        net-tools \
+        netcat \
+        nginx-extras \
+        nodejs \
+        postgresql \
+        postgresql-client \
+        pwgen \
+        rabbitmq-server \
+        redis-server \
+        software-properties-common \
+        sudo \
+        supervisor \
+        xvfb \
+        zlib1g && \
     sudo -u postgres psql -c "CREATE DATABASE onlyoffice;" && \
     sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';" && \
     sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;" && \ 
@@ -23,8 +52,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     service nginx stop && \
     rm -rf /var/lib/apt/lists/*
 
-ADD config /app/onlyoffice/setup/config/
-ADD run-document-server.sh /app/onlyoffice/run-document-server.sh
+COPY config /app/onlyoffice/setup/config/
+COPY run-document-server.sh /app/onlyoffice/run-document-server.sh
 
 EXPOSE 80 443
 
@@ -34,7 +63,7 @@ ARG PRODUCT_NAME=onlyoffice-documentserver
 RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/onlyoffice.list && \
     apt-get -y update && \
     service postgresql start && \
-    apt-get --force-yes -yq install $PRODUCT_NAME && \
+    apt-get --allow-unauthenticated -yq install $PRODUCT_NAME && \
     service postgresql stop && \
     service supervisor stop && \
     chmod 755 /app/onlyoffice/*.sh && \

Makefile

@@ -1,3 +1,9 @@
+COMPANY_NAME ?= onlyoffice
+GIT_BRANCH ?= origin/develop
+PRODUCT_NAME ?= documentserver-ie
+PRODUCT_VERSION ?= 0.0.0
+BUILD_NUMBER ?= 0
+
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
 
 REPO_URL := "deb http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"

README.md

@@ -13,7 +13,6 @@
 * [Installing ONLYOFFICE Document Server integrated with Community and Mail Servers](#installing-onlyoffice-document-server-integrated-with-community-and-mail-servers)
 * [Issues](#issues)
     - [Docker Issues](#docker-issues)
-    - [Mono Issues](#mono-issues)
 * [Project Information](#project-information)
 * [User Feedback and Support](#user-feedback-and-support)
 
@@ -58,15 +57,21 @@ Use this command if you wish to install ONLYOFFICE Document Server separately. T
 All the data are stored in the specially-designated directories, **data volumes**, at the following location:
 * **/var/log/onlyoffice** for ONLYOFFICE Document Server logs
 * **/var/www/onlyoffice/Data** for certificates
+* **/var/lib/onlyoffice** for file cache
+* **/var/lib/postgresql** for database
 
 To get access to your data from outside the container, you need to mount the volumes. It can be done by specifying the '-v' option in the docker run command.
 
     sudo docker run -i -t -d -p 80:80 \
         -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
         -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
-        -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice onlyoffice/documentserver
+        -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
+        -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver
 
-Storing the data on the host machine allows you to easily update ONLYOFFICE once the new version is released without losing your data.
+Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
+* For easy access to container data, such as logs
+* To remove the limit on the size of the data inside the container
+* When using services launched outside the container such as PostgreSQL, Redis, RabbitMQ
 
 ### Running ONLYOFFICE Document Server on Different Port
 
@@ -166,56 +171,85 @@ Below is the complete list of parameters that can be set using environment varia
 - **REDIS_SERVER_PORT**:  The Redis server port number.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
+- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
+- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
+- **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
 
 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers
 
 ONLYOFFICE Document Server is a part of ONLYOFFICE Community Edition that comprises also Community Server and Mail Server. To install them, follow these easy steps:
 
-**STEP 1**: Create the 'onlyoffice' network.
+**STEP 1**: Create the `onlyoffice` network.
 
 ```bash
 docker network create --driver bridge onlyoffice
 ```
-Than launch containers on it using the 'docker run --net onlyoffice' option:
+Then launch containers on it using the 'docker run --net onlyoffice' option:
 
-**STEP 1**: Install ONLYOFFICE Document Server.
+**STEP 2**: Install MySQL.
+
+Follow [these steps](#installing-mysql) to install MySQL server.
+
+**STEP 3**: Install ONLYOFFICE Document Server.
 
 ```bash
 sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \
-	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-	-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
+	-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
+	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
 	-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
+	-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
 	onlyoffice/documentserver
 ```
 
-**STEP 2**: Install ONLYOFFICE Mail Server. 
+**STEP 4**: Install ONLYOFFICE Mail Server. 
 
 For the mail server correct work you need to specify its hostname 'yourdomain.com'.
-To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
 
 ```bash
-sudo docker run --net onlyoffice --privileged -i -t -d --restart=always --name onlyoffice-mail-server \
-	-p 25:25 -p 143:143 -p 587:587 \
-	-v /app/onlyoffice/MailServer/data:/var/vmail \
-	-v /app/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver \
-	-v /app/onlyoffice/MailServer/logs:/var/log \
-	-v /app/onlyoffice/MailServer/mysql:/var/lib/mysql \
-	-h yourdomain.com \
-	onlyoffice/mailserver
+sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always --name onlyoffice-mail-server -p 25:25 -p 143:143 -p 587:587 \
+ -e MYSQL_SERVER=onlyoffice-mysql-server \
+ -e MYSQL_SERVER_PORT=3306 \
+ -e MYSQL_ROOT_USER=root \
+ -e MYSQL_ROOT_PASSWD=my-secret-pw \
+ -e MYSQL_SERVER_DB_NAME=onlyoffice_mailserver \
+ -v /app/onlyoffice/MailServer/data:/var/vmail \
+ -v /app/onlyoffice/MailServer/data/certs:/etc/pki/tls/mailserver \
+ -v /app/onlyoffice/MailServer/logs:/var/log \
+ -h yourdomain.com \
+ onlyoffice/mailserver
 ```
 
-**STEP 3**: Install ONLYOFFICE Community Server
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).
+
+To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
+
+**STEP 5**: Install ONLYOFFICE Community Server
 
 ```bash
-sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server \
-	-p 80:80 -p 5222:5222 -p 443:443 \
-	-v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
-	-v /app/onlyoffice/CommunityServer/mysql:/var/lib/mysql \
-	-v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
-	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/DocumentServerData \
-	-e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
-	-e MAIL_SERVER_DB_HOST=onlyoffice-mail-server \
-	onlyoffice/communityserver
+sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \
+ -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \
+ -e MYSQL_SERVER_DB_NAME=onlyoffice \
+ -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \
+ -e MYSQL_SERVER_USER=onlyoffice_user \
+ -e MYSQL_SERVER_PASS=onlyoffice_pass \
+ 
+ -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
+ 
+ -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \
+ -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \
+ -e MAIL_SERVER_DB_NAME=onlyoffice_mailserver \
+ -e MAIL_SERVER_DB_PORT=3306 \
+ -e MAIL_SERVER_DB_USER=root \
+ -e MAIL_SERVER_DB_PASS=my-secret-pw \
+ 
+ -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
+ -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
+ onlyoffice/communityserver
+```
+
+Where `${MAIL_SERVER_IP}` is the IP address for **ONLYOFFICE Mail Server**. You can easily get it using the command:
+```
+docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server
 ```
 
 Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'.
@@ -247,11 +281,6 @@ As a relatively new project Docker is being worked on and actively developed by
 
 The known Docker issue with ONLYOFFICE Document Server with rpm-based distributives is that sometimes the processes fail to start inside Docker container. Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0. If it fixes the issue then you can either stick with SELinux disabled which is not recommended by RedHat, or switch to using Ubuntu.
 
-### Mono Issues
-
-ONLYOFFICE installation requires the presence of mono (tested for version 3.12.1 or [older](http://www.mono-project.com/docs/getting-started/install/linux/#accessing-older-releases "older")) that may cause problems for some Linux kernel versions. The full list of supported kernel versions is available [here](http://onlyo.co/1PABPEI "here").
-
-
 ## Project Information
 
 Official website: [http://www.onlyoffice.org](http://onlyoffice.org "http://www.onlyoffice.org")

run-document-server.sh

@@ -2,7 +2,10 @@
 
 APP_DIR="/var/www/onlyoffice/documentserver"
 DATA_DIR="/var/www/onlyoffice/Data"
-LOG_DIR="/var/log/onlyoffice/documentserver"
+LOG_DIR="/var/log/onlyoffice"
+DS_LOG_DIR="${LOG_DIR}/documentserver"
+LIB_DIR="/var/lib/onlyoffice"
+CONF_DIR="/etc/onlyoffice/documentserver"
 
 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
@@ -15,25 +18,34 @@ CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certific
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
 ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
-ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAG:-31536000}
+ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
 SYSCONF_TEMPLATES_DIR="/app/onlyoffice/setup/config"
 
 NGINX_CONFD_PATH="/etc/nginx/conf.d";
-NGINX_ONLYOFFICE_PATH="${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf";
-NGINX_ONLYOFFICE_INCLUDES_PATH="/etc/nginx/includes";
-NGINX_ONLYOFFICE_EXAMPLE_PATH=${NGINX_ONLYOFFICE_INCLUDES_PATH}/onlyoffice-documentserver-example.conf
+NGINX_ONLYOFFICE_CONF="${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf"
+NGINX_ONLYOFFICE_PATH="${CONF_DIR}/nginx"
+NGINX_ONLYOFFICE_EXAMPLE_PATH="${CONF_DIR}-example/nginx"
+NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/onlyoffice-documentserver-example.conf"
 
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
-NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-$(grep processor /proc/cpuinfo | wc -l)}
+NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
 NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 
-ONLYOFFICE_DEFAULT_CONFIG=/etc/onlyoffice/documentserver/default.json
+JWT_ENABLED=${JWT_ENABLED:-false}
+JWT_SECRET=${JWT_SECRET:-secret}
+JWT_HEADER=${JWT_HEADER:-Authorization}
+
+ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/default.json
+ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
+ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/default.json
 
 JSON="json -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
+JSON_LOG="json -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
+JSON_EXAMPLE="json -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
 
 LOCAL_SERVICES=()
 
-PG_VERSION=9.3
+PG_VERSION=9.5
 PG_NAME=main
 PGDATA=/var/lib/postgresql/${PG_VERSION}/${PG_NAME}
 PG_NEW_CLUSTER=false
@@ -50,6 +62,8 @@ read_setting(){
 
   REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
   REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-$(${JSON} services.CoAuthoring.redis.port)}
+
+  DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} levels.nodeJS)}
 }
 
 parse_rabbitmq_url(){
@@ -70,7 +84,6 @@ parse_rabbitmq_url(){
   else
     user=$userpass
   fi
-  echo $user
 
   # extract the host
   local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
@@ -132,6 +145,27 @@ update_redis_settings(){
   ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
 }
 
+update_jwt_settings(){
+  if [ "${JWT_ENABLED}" == "true" ]; then
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = '${JWT_ENABLED}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = '${JWT_ENABLED}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = '${JWT_ENABLED}'"
+
+    ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+    ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+
+    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+
+    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
+      ${JSON_EXAMPLE} -I -e "this.server.token.enable = '${JWT_ENABLED}'"
+      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
+      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
+    fi
+  fi
+}
+
 create_postgresql_cluster(){
   local pg_conf_dir=/etc/postgresql/${PG_VERSION}/${PG_NAME}
   local postgresql_conf=$pg_conf_dir/postgresql.conf
@@ -139,7 +173,7 @@ create_postgresql_cluster(){
 
   mv $postgresql_conf $postgresql_conf.backup
   mv $hba_conf $hba_conf.backup
-  
+
   pg_createcluster ${PG_VERSION} ${PG_NAME}
 }
 
@@ -174,38 +208,39 @@ update_nginx_settings(){
 
   # setup HTTPS
   if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
-    cp ${NGINX_CONFD_PATH}/onlyoffice-documentserver-ssl.conf.template ${NGINX_ONLYOFFICE_PATH}
+    ln -sf ${NGINX_ONLYOFFICE_PATH}/onlyoffice-documentserver-ssl.conf.template ${NGINX_ONLYOFFICE_CONF}
 
     # configure nginx
-    sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-    sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+    sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
+    sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_ONLYOFFICE_CONF}
+
+    # turn on http2
+    sed 's,\(443 ssl\),\1 http2,' -i ${NGINX_ONLYOFFICE_CONF}
 
     # if dhparam path is valid, add to the config, otherwise remove the option
     if [ -r "${SSL_DHPARAM_PATH}" ]; then
-      sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
+      sed 's,\(\#* *\)\?\(ssl_dhparam \).*\(;\)$,'"\2${SSL_DHPARAM_PATH}\3"',' -i ${NGINX_ONLYOFFICE_CONF}
     else
-      sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i ${NGINX_ONLYOFFICE_PATH}
+      sed '/ssl_dhparam/d' -i ${NGINX_ONLYOFFICE_CONF}
     fi
 
-    sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${NGINX_ONLYOFFICE_PATH}
+    sed 's,\(ssl_verify_client \).*\(;\)$,'"\1${SSL_VERIFY_CLIENT}\2"',' -i ${NGINX_ONLYOFFICE_CONF}
 
     if [ -f "${CA_CERTIFICATES_PATH}" ]; then
-      sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${NGINX_ONLYOFFICE_PATH}
-    else
-      sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${NGINX_ONLYOFFICE_PATH}
+      sed '/ssl_verify_client/a '"ssl_client_certificate ${CA_CERTIFICATES_PATH}"';' -i ${NGINX_ONLYOFFICE_CONF}
     fi
 
     if [ "${ONLYOFFICE_HTTPS_HSTS_ENABLED}" == "true" ]; then
-      sed 's/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/'"${ONLYOFFICE_HTTPS_HSTS_MAXAGE}"'/' -i ${NGINX_ONLYOFFICE_PATH}
+      sed 's,\(max-age=\).*\(;\)$,'"\1${ONLYOFFICE_HTTPS_HSTS_MAXAGE}\2"',' -i ${NGINX_ONLYOFFICE_CONF}
     else
-      sed '/{{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}/d' -i ${NGINX_ONLYOFFICE_PATH}
+      sed '/max-age=/d' -i ${NGINX_ONLYOFFICE_CONF}
     fi
   else
-    cp ${NGINX_CONFD_PATH}/onlyoffice-documentserver.conf.template ${NGINX_ONLYOFFICE_PATH}
+    ln -sf ${NGINX_ONLYOFFICE_PATH}/onlyoffice-documentserver.conf.template ${NGINX_ONLYOFFICE_CONF}
   fi
-  
-  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_PATH}" ]; then
-    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_PATH}
+
+  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
+    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
   fi
 }
 
@@ -216,17 +251,31 @@ update_supervisor_settings(){
   cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
 }
 
+update_log_settings(){
+   ${JSON_LOG} -I -e "this.levels.nodeJS = '${DS_LOG_LEVEL}'"
+}
+
 # create base folders
 for i in converter docservice spellchecker metrics gc; do
-  mkdir -p "${LOG_DIR}/$i"
+  mkdir -p "${DS_LOG_DIR}/$i"
 done
 
-mkdir -p ${LOG_DIR}-example
+mkdir -p ${DS_LOG_DIR}-example
+
+# change folder rights
+for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
+  chown -R onlyoffice:onlyoffice "$i"
+  chmod -R 755 "$i"
+done
 
 if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
 
   read_setting
 
+  update_log_settings
+
+  update_jwt_settings
+
   # update settings by env variables
   if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then
     update_postgresql_settings
@@ -287,3 +336,4 @@ service nginx start
 
 # Regenerate the fonts list and the fonts thumbnails
 documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
+documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}