Add prof of concept none pivilage execution

Use 'DS_PORT' env to use custom https port sudo docker run -e DS_PORT=1234 -itd -p80:1234 \ onlyoffice/documentserver
2026-04-07 14:01:38 +08:00 · 2020-01-13 15:22:54 +03:00
21 changed files with 428 additions and 673 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,65 +0,0 @@
-language: generic
-
-dist: trusty
-
-env:
-  # postgresql
-  - config: postgres.yml
-
-  # custom values
-  - config: postgres.yml
-    DB_NAME: mydb
-    DB_USER: myuser
-    DB_PWD: password
-    POSTGRES_DB: mydb
-    POSTGRES_USER: myuser
-
-  # deprecated variables
-  - config: postgres-old.yml
-    POSTGRESQL_SERVER_HOST: onlyoffice-postgresql
-    POSTGRESQL_SERVER_PORT: 5432
-    POSTGRESQL_SERVER_DB_NAME: onlyoffice
-    POSTGRESQL_SERVER_USER: onlyoffice
-    POSTGRESQL_SERVER_PASS: onlyoffice
-
-  # mysql
-  - config: mysql.yml
-    DB_TYPE: mysql
-    DB_HOST: onlyoffice-mysql
-    DB_PORT: 3306
-
-  # mariadb
-  - config: mariadb.yml
-    DB_TYPE: mysql
-    DB_HOST: db
-    DB_PORT: 3306
-
-  # activemq
-  - config: activemq.yml
-    AMQP_TYPE: activemq
-    AMQP_URI: amqp://guest:guest@onlyoffice-activemq
-
-  # rabbitmq
-  - config: rabbitmq.yml
-    AMQP_TYPE: rabbitmq
-    AMQP_URI: amqp://guest:guest@onlyoffice-rabbitmq
-
-  # rabbitmq old variables
-  - config: rabbitmq-old.yml
-    AMQP_SERVER_TYPE: rabbitmq
-    AMQP_SERVER_URL: amqp://guest:guest@onlyoffice-rabbitmq
-
-  # redis
-  - config: redis.yml
-    REDIS_SERVER_HOST: onlyoffice-redis
-    REDIS_SERVER_PORT: 6379
-
-services:
-  - docker
-
-script:
-  # Go to tests dir
-  - cd ${PWD}/tests
-
-  # Run test.
-  - ./test.sh
--- a/20
+++ b/20
@ -1,4 +1,4 @@
-FROM ubuntu:18.04
+FROM ubuntu:16.04
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>

 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive
@ -7,32 +7,33 @@ ARG ONLYOFFICE_VALUE=onlyoffice

 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
-    apt-get -yq install wget apt-transport-https gnupg locales && \
+    apt-get -yq install wget apt-transport-https curl locales && \
    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
    locale-gen en_US.UTF-8 && \
+    curl -sL https://deb.nodesource.com/setup_8.x | bash - && \
+    apt-get -y update && \
    apt-get -yq install \
        adduser \
-        apt-utils \
        bomstrip \
        htop \
        libasound2 \
        libboost-regex-dev \
        libcairo2 \
        libcurl3 \
-        libcurl3-gnutls \
        libgconf2-4 \
-        libgtk-3-0 \
+        libgtkglext1 \
        libnspr4 \
        libnss3 \
+        libnss3-nssdb \
        libstdc++6 \
        libxml2 \
        libxss1 \
        libxtst6 \
-        mysql-client \
        nano \
        net-tools \
        netcat \
        nginx-extras \
+        nodejs \
        postgresql \
        postgresql-client \
        pwgen \
@ -43,11 +44,6 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
        supervisor \
        xvfb \
        zlib1g && \
-    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
-    sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
-    sed 's|\(application\/zip.*\)|\1\n    application\/wasm wasm;|' -i /etc/nginx/mime.types && \
-    pg_conftool 10 main set listen_addresses 'localhost' && \
-    service postgresql restart && \
    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
    sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ 
@ -79,6 +75,6 @@ RUN echo "$REPO_URL" | tee /etc/apt/sources.list.d/ds.list && \
    rm -rf /var/log/$COMPANY_NAME && \
    rm -rf /var/lib/apt/lists/*

-VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom
+VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /usr/share/fonts/truetype/custom

 ENTRYPOINT /app/ds/run-document-server.sh
--- a/20
+++ b/20
@ -1,17 +1,13 @@
-COMPANY_NAME ?= ONLYOFFICE
+COMPANY_NAME ?= onlyoffice
 GIT_BRANCH ?= develop
-PRODUCT_NAME ?= DocumentServer
+PRODUCT_NAME ?= documentserver-ie
 PRODUCT_VERSION ?= 0.0.0
 BUILD_NUMBER ?= 0
 ONLYOFFICE_VALUE ?= onlyoffice

-COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
-PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z)
-COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW))
-
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)

-REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"
+REPO_URL := "deb [trusted=yes] http://repo-doc-onlyoffice-com.s3.amazonaws.com/ubuntu/trusty/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/ repo/"

 UPDATE_LATEST := false

@ -28,12 +24,12 @@ endif

 DOCKER_TAGS += $(DOCKER_TAG)

-DOCKER_REPO = $(COMPANY_NAME_LOW_ESCAPED)/4testing-$(PRODUCT_NAME_LOW)
+DOCKER_REPO = $(COMPANY_NAME)/4testing-$(PRODUCT_NAME)

 COLON := __colon__
 DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))

-DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
+DOCKER_ARCH := $(COMPANY_NAME)-$(PRODUCT_NAME)_$(PACKAGE_VERSION).tar.gz

 .PHONY: all clean clean-docker deploy docker publish

@ -41,8 +37,8 @@ $(DOCKER_TARGETS): $(DEB_REPO_DATA)

 	docker build \
 		--build-arg REPO_URL=$(REPO_URL) \
-		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
-		--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
+		--build-arg COMPANY_NAME=$(COMPANY_NAME) \
+		--build-arg PRODUCT_NAME=$(PRODUCT_NAME) \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
 		-t $(subst $(COLON),:,$@) . &&\
 	mkdir -p $$(dirname $@) &&\
@ -58,7 +54,7 @@ clean:
 	rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
 		
 clean-docker:
-	docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0
+	docker rmi -f $$(docker images -q $(COMPANY_NAME)/*) || exit 0

 deploy: $(DOCKER_TARGETS)
 	$(foreach TARGET,$(DOCKER_TARGETS),docker push $(subst $(COLON),:,$(TARGET));)
--- a/README.md
+++ b/README.md
@ -67,8 +67,6 @@ To get access to your data from outside the container, you need to mount the vol
        -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
        -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-        -v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
-        -v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
        -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql  onlyoffice/documentserver

 Normally, you do not need to store container data because the container's operation does not depend on its state. Saving data will be useful:
@ -164,14 +162,13 @@ Below is the complete list of parameters that can be set using environment varia
 - **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/onlyoffice.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
- **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.
- **DB_HOST**: The IP address or the name of the host where the database server is running.
- **DB_PORT**: The database server port number.
- **DB_NAME**: The name of a database to be created on the image startup.
- **DB_USER**: The new user name with superuser permissions for the database account.
- **DB_PWD**: The password set for the database account.
- **AMQP_URI**: The [AMQP URI](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
- **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
+- **POSTGRESQL_SERVER_HOST**: The IP address or the name of the host where the PostgreSQL server is running.
+- **POSTGRESQL_SERVER_PORT**: The PostgreSQL server port number.
+- **POSTGRESQL_SERVER_DB_NAME**: The name of a PostgreSQL database to be created on the image startup.
+- **POSTGRESQL_SERVER_USER**: The new user name with superuser permissions for the PostgreSQL account.
+- **POSTGRESQL_SERVER_PASS**: The password set for the PostgreSQL account.
+- **AMQP_SERVER_URL**: The [AMQP URL](http://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
+- **AMQP_SERVER_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
@ -179,8 +176,6 @@ Below is the complete list of parameters that can be set using environment varia
 - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
- **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
- **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`

 ## Installing ONLYOFFICE Document Server integrated with Community and Mail Servers

@ -264,7 +259,7 @@ Alternatively, you can use an automatic installation script to install the whole
 **STEP 1**: Download the Community Edition Docker script file

 ```bash
-wget https://download.onlyoffice.com/install/opensource-install.sh
+wget http://download.onlyoffice.com/install/opensource-install.sh
 ```

 **STEP 2**: Install ONLYOFFICE Community Edition executing the following command:
@ -316,5 +311,5 @@ SaaS version: [https://www.onlyoffice.com/cloud-office.aspx](https://www.onlyoff

 If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [dev.onlyoffice.org][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].

-  [1]: https://dev.onlyoffice.org
-  [2]: https://stackoverflow.com/questions/tagged/onlyoffice
+  [1]: http://dev.onlyoffice.org
+  [2]: http://stackoverflow.com/questions/tagged/onlyoffice
--- a/tests/activemq.yml
+++ b/tests/activemq.yml
@ -4,8 +4,8 @@ services:
    container_name: onlyoffice-documentserver
    image: onlyoffice/4testing-documentserver-ie:latest
    environment:
-      - AMQP_TYPE
-      - AMQP_URI
+      - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-activemq
+      - AMQP_SERVER_TYPE=activemq
    stdin_open: true
    restart: always
    ports:
@ -18,8 +18,8 @@ services:
    container_name: onlyoffice-activemq
    image: webcenter/activemq:5.14.3
    environment:
-      - ACTIVEMQ_USERS_guest
-      - ACTIVEMQ_GROUPS_owners
+      - ACTIVEMQ_USERS_guest=guest
+      - ACTIVEMQ_GROUPS_owners=guest
    restart: always
    networks:
     - onlyoffice
--- a/cluster.yml
+++ b/cluster.yml
@ -1,108 +0,0 @@
-version: '2.1'
-
-x-ds-image:
-  &ds-image
-  ${COMPANY_NAME:-onlyoffice}/${PRODUCT_NAME:-documentserver-de}:${PRODUCT_VERSION:-latest}
-
-services:
-  onlyoffice-documentserver-data:  
-    container_name: onlyoffice-documentserver-data
-    image: *ds-image
-    environment:
-      - ONLYOFFICE_DATA_CONTAINER=true
-      - DB_HOST=onlyoffice-postgresql
-      - DB_PORT=5432
-      - DB_NAME=onlyoffice
-      - DB_USER=onlyoffice
-      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
-      - REDIS_SERVER_HOST=onlyoffice-redis
-      - REDIS_SERVER_PORT=6379
-      # Uncomment strings below to enable the JSON Web Token validation.
-      #- JWT_ENABLED=true
-      #- JWT_SECRET=secret
-      #- JWT_HEADER=Authorization
-      #- JWT_IN_BODY=true
-    stdin_open: true
-    restart: always
-    volumes:
-       - /etc/onlyoffice
-       - /var/www/onlyoffice/Data
-       - /var/log/onlyoffice
-       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
-       - /var/www/onlyoffice/documentserver-example/public/files
-       - /usr/share/fonts
-       
-  onlyoffice-documentserver:
-    image: *ds-image
-    depends_on:
-      - onlyoffice-documentserver-data
-      - onlyoffice-postgresql
-      - onlyoffice-redis
-      - onlyoffice-rabbitmq
-    environment:
-      - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
-      - BALANCE=uri depth 3
-      - EXCLUDE_PORTS=443
-      - HTTP_CHECK=GET /healthcheck
-      - EXTRA_SETTINGS=http-check expect string true
-      # Uncomment the string below to redirect HTTP request to HTTPS request.
-      #- FORCE_SSL=true
-    stdin_open: true
-    restart: always
-    expose:
-      - '80'
-    volumes_from:
-     - onlyoffice-documentserver-data
-
-  onlyoffice-haproxy:
-    container_name: onlyoffice-haproxy
-    image: dockercloud/haproxy:1.5.1
-    depends_on:
-      - onlyoffice-documentserver
-    environment:
-      - MODE=http
-      # Uncomment the string below to specify the path of ssl certificates
-      #- CERT_FOLDER=/certs/
-    stdin_open: true
-    links:
-     - onlyoffice-documentserver
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      # Uncomment the string below to map a ssl certificate from host
-      # to the proxy container
-      #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem
-    restart: always
-    ports:
-      - '80:80'
-      - '443:443'
-      - '1936:1936'
-       
-  onlyoffice-redis:
-    container_name: onlyoffice-redis
-    image: redis
-    restart: always
-    expose:
-      - '6379'
-
-  onlyoffice-rabbitmq:
-    container_name: onlyoffice-rabbitmq
-    image: rabbitmq
-    restart: always
-    expose:
-      - '5672'
-
-  onlyoffice-postgresql:
-    container_name: onlyoffice-postgresql
-    image: postgres:9.5
-    environment:
-      - POSTGRES_DB=onlyoffice
-      - POSTGRES_USER=onlyoffice
-      - POSTGRES_HOST_AUTH_METHOD=trust
-    restart: always
-    expose:
-      - '5432'
-    volumes:
-      - postgresql_data:/var/lib/postgresql
-
-volumes:
-  postgresql_data:
--- a/config/nginx/nginx
+++ b/config/nginx/nginx
@ -0,0 +1,196 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:       nginx
+# Required-Start:    $local_fs $remote_fs $network $syslog $named
+# Required-Stop:     $local_fs $remote_fs $network $syslog $named
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: starts the nginx web server
+# Description:       starts nginx using start-stop-daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/nginx
+NAME=nginx
+DESC=nginx
+
+# Include nginx defaults if available
+if [ -r /etc/default/nginx ]; then
+        . /etc/default/nginx
+fi
+
+STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/5/KILL/5}"
+
+test -x $DAEMON || exit 0
+
+. /lib/init/vars.sh
+. /lib/lsb/init-functions
+
+# Try to extract nginx pidfile
+PID=$(cat /etc/nginx/nginx.conf | grep -Ev '^\s*#' | awk 'BEGIN { RS="[;{}]" } { if ($1 == "pid") print $2 }' | head -n1)
+if [ -z "$PID" ]; then
+        PID=/tmp/nginx.pid
+fi
+
+if [ -n "$ULIMIT" ]; then
+        # Set ulimit if it is set in /etc/default/nginx
+        ulimit $ULIMIT
+fi
+
+start_nginx() {
+        # Start the daemon/service
+        #
+        # Returns:
+        #   0 if daemon has been started
+        #   1 if daemon was already running
+        #   2 if daemon could not be started
+        start-stop-daemon --start --quiet --pidfile $PID --chuid www-data:www-data --exec $DAEMON --test > /dev/null \
+                || return 1
+        start-stop-daemon --start --quiet --pidfile $PID --chuid www-data:www-data --exec $DAEMON -- \
+                $DAEMON_OPTS 2>/dev/null \
+                || return 2
+}
+
+test_config() {
+        # Test the nginx configuration
+        $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1
+}
+
+stop_nginx() {
+        # Stops the daemon/service
+        #
+        # Return
+        #   0 if daemon has been stopped
+        #   1 if daemon was already stopped
+        #   2 if daemon could not be stopped
+        #   other if a failure occurred
+        start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PID --name $NAME
+        RETVAL="$?"
+        sleep 1
+        return "$RETVAL"
+}
+
+reload_nginx() {
+        # Function that sends a SIGHUP to the daemon/service
+        start-stop-daemon --stop --signal HUP --quiet --pidfile $PID --name $NAME
+        return 0
+}
+
+rotate_logs() {
+        # Rotate log files
+        start-stop-daemon --stop --signal USR1 --quiet --pidfile $PID --name $NAME
+        return 0
+}
+
+upgrade_nginx() {
+        # Online upgrade nginx executable
+        # http://nginx.org/en/docs/control.html
+        #
+        # Return
+        #   0 if nginx has been successfully upgraded
+        #   1 if nginx is not running
+        #   2 if the pid files were not created on time
+        #   3 if the old master could not be killed
+        if start-stop-daemon --stop --signal USR2 --quiet --pidfile $PID --name $NAME; then
+                # Wait for both old and new master to write their pid file
+                while [ ! -s "${PID}.oldbin" ] || [ ! -s "${PID}" ]; do
+                        cnt=`expr $cnt + 1`
+                        if [ $cnt -gt 10 ]; then
+                                return 2
+                        fi
+                        sleep 1
+                done
+                # Everything is ready, gracefully stop the old master
+                if start-stop-daemon --stop --signal QUIT --quiet --pidfile "${PID}.oldbin" --name $NAME; then
+                        return 0
+                else
+                        return 3
+                fi
+        else
+                return 1
+        fi
+}
+
+case "$1" in
+        start)
+                log_daemon_msg "Starting $DESC" "$NAME"
+                start_nginx
+                case "$?" in
+                        0|1) log_end_msg 0 ;;
+                        2)   log_end_msg 1 ;;
+                esac
+                ;;
+        stop)
+                log_daemon_msg "Stopping $DESC" "$NAME"
+                stop_nginx
+                case "$?" in
+                        0|1) log_end_msg 0 ;;
+                        2)   log_end_msg 1 ;;
+                esac
+                ;;
+        restart)
+                log_daemon_msg "Restarting $DESC" "$NAME"
+
+                # Check configuration before stopping nginx
+                if ! test_config; then
+                        log_end_msg 1 # Configuration error
+                        exit $?
+                fi
+
+                stop_nginx
+                case "$?" in
+                        0|1)
+                                start_nginx
+                                case "$?" in
+                                        0) log_end_msg 0 ;;
+                                        1) log_end_msg 1 ;; # Old process is still running
+                                        *) log_end_msg 1 ;; # Failed to start
+                                esac
+                                ;;
+                        *)
+                                # Failed to stop
+                                log_end_msg 1
+                                ;;
+                esac
+                ;;
+        reload|force-reload)
+                log_daemon_msg "Reloading $DESC configuration" "$NAME"
+
+                # Check configuration before stopping nginx
+                #
+                # This is not entirely correct since the on-disk nginx binary
+                # may differ from the in-memory one, but that's not common.
+                # We prefer to check the configuration and return an error
+                # to the administrator.
+                if ! test_config; then
+                        log_end_msg 1 # Configuration error
+                        exit $?
+                fi
+
+                reload_nginx
+                log_end_msg $?
+                ;;
+        configtest|testconfig)
+                log_daemon_msg "Testing $DESC configuration"
+                test_config
+                log_end_msg $?
+                ;;
+        status)
+                status_of_proc -p $PID "$DAEMON" "$NAME" && exit 0 || exit $?
+                ;;
+        upgrade)
+                log_daemon_msg "Upgrading binary" "$NAME"
+                upgrade_nginx
+                log_end_msg $?
+                ;;
+        rotate)
+                log_daemon_msg "Re-opening $DESC log files" "$NAME"
+                rotate_logs
+                log_end_msg $?
+                ;;
+        *)
+                echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}" >&2
+                exit 3
+                ;;
+esac
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@ -0,0 +1,63 @@
+user www-data;
+worker_processes 1;
+pid /tmp/nginx.pid;
+
+events {
+        worker_connections 524288;
+        # multi_accept on;
+}
+
+http {
+
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        # server_tokens off;
+
+        # server_names_hash_bucket_size 64;
+        # server_name_in_redirect off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+
+        access_log off;
+        error_log /var/log/nginx/error.log;
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+        gzip_disable "msie6";
+
+        # gzip_vary on;
+        # gzip_proxied any;
+        # gzip_comp_level 6;
+        # gzip_buffers 16 8k;
+        # gzip_http_version 1.1;
+        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+        ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/conf.d/*.conf;
+        include /etc/nginx/sites-enabled/*;
+}
--- a/config/supervisor/supervisor
+++ b/config/supervisor/supervisor
@ -30,8 +30,8 @@ DESC=supervisor

 test -x $DAEMON || exit 0

-LOGDIR=/var/log/supervisor
-PIDFILE=/var/run/$NAME.pid
+LOGDIR=/tmp
+PIDFILE=/tmp/$NAME.pid
 PS_COUNT=0
 DODTIME=5                   # Time to wait for the server to die, in seconds
                            # If this value is set too low you might not
@ -101,7 +101,7 @@ case "$1" in
            rm -f "$PIDFILE"
        fi
 	echo -n "Starting $DESC: "
-	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+	start-stop-daemon --start --quiet --chuid ds:ds --pidfile $PIDFILE \
 		--startas $DAEMON -- $DAEMON_OPTS
 	test -f $PIDFILE || sleep 1
        if running ; then
@ -152,7 +152,7 @@ case "$1" in
    echo -n "Restarting $DESC: "
    start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
 	[ -n "$DODTIME" ] && sleep $DODTIME
-	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+	start-stop-daemon --start --quiet --chuid ds:ds --pidfile $PIDFILE \
 		--startas $DAEMON -- $DAEMON_OPTS
 	echo "$NAME."
 	;;
--- a/config/supervisor/supervisord.conf
+++ b/config/supervisor/supervisord.conf
@ -4,9 +4,9 @@
 port = 127.0.0.1:9001

 [supervisord]
-logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
-pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
-childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
+logfile=/tmp/supervisord.log ; (main log file;default $CWD/supervisord.log)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+childlogdir=/tmp            ; ('AUTO' child log dir, default $TEMP)

 ; the below section must remain in the config file for RPC
 ; (supervisorctl/web interface) to work, additional interfaces may be
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,40 +1,97 @@
 version: '2'
 services:
-  onlyoffice-documentserver:
-    build:
-      context: .
-    container_name: onlyoffice-documentserver
-    depends_on:
-      - onlyoffice-postgresql
-      - onlyoffice-rabbitmq
+  onlyoffice-documentserver-data:
+    container_name: onlyoffice-documentserver-data
+    image: onlyoffice/documentserver:latest
    environment:
-      - DB_TYPE=postgres
-      - DB_HOST=onlyoffice-postgresql
-      - DB_PORT=5432
-      - DB_NAME=onlyoffice
-      - DB_USER=onlyoffice
-      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
+      - ONLYOFFICE_DATA_CONTAINER=true
+      - POSTGRESQL_SERVER_HOST=onlyoffice-postgresql
+      - POSTGRESQL_SERVER_PORT=5432
+      - POSTGRESQL_SERVER_DB_NAME=onlyoffice
+      - POSTGRESQL_SERVER_USER=onlyoffice
+      - AMQP_SERVER_URL=amqp://guest:guest@onlyoffice-rabbitmq
+      - REDIS_SERVER_HOST=onlyoffice-redis
+      - REDIS_SERVER_PORT=6379
      # Uncomment strings below to enable the JSON Web Token validation.
      #- JWT_ENABLED=true
      #- JWT_SECRET=secret
      #- JWT_HEADER=Authorization
-      #- JWT_IN_BODY=true
-    ports:
-      - '80:80'
-      - '443:443'
    stdin_open: true
    restart: always
+    networks:
+      - onlyoffice
    volumes:
+       - /etc/onlyoffice
       - /var/www/onlyoffice/Data
       - /var/log/onlyoffice
       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
       - /var/www/onlyoffice/documentserver-example/public/files
       - /usr/share/fonts
       
+  onlyoffice-documentserver:
+    image: onlyoffice/documentserver:latest
+    depends_on:
+      - onlyoffice-documentserver-data
+      - onlyoffice-postgresql
+      - onlyoffice-redis
+      - onlyoffice-rabbitmq
+    environment:
+      - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
+      - BALANCE=uri depth 3
+      - EXCLUDE_PORTS=443
+      - HTTP_CHECK=GET /healthcheck
+      - EXTRA_SETTINGS=http-check expect string true
+      # Uncomment the string below to redirect HTTP request to HTTPS request.
+      #- FORCE_SSL=true
+    stdin_open: true
+    restart: always
+    networks:
+      - onlyoffice
+    expose:
+      - '80'
+    volumes_from:
+     - onlyoffice-documentserver-data
+
+  onlyoffice-haproxy:
+    container_name: onlyoffice-haproxy
+    image: dockercloud/haproxy:1.5.1
+    depends_on:
+      - onlyoffice-documentserver
+    environment:
+      - MODE=http
+      # Uncomment the string below to specify the path of ssl certificates
+      #- CERT_FOLDER=/certs/
+    stdin_open: true
+    links:
+     - onlyoffice-documentserver
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      # Uncomment the string below to map a ssl certificate from host
+      # to the proxy container
+      #- /app/onlyoffice/DocumentServer/data/certs/onlyoffice.pem:/certs/cert1.pem
+    restart: always
+    networks:
+     - onlyoffice
+    ports:
+      - '80:80'
+      - '443:443'
+      - '1936:1936'
+       
+  onlyoffice-redis:
+    container_name: onlyoffice-redis
+    image: redis
+    restart: always
+    networks:
+     - onlyoffice
+    expose:
+      - '6379'
+
  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
+    networks:
+     - onlyoffice
    expose:
      - '5672'

@ -44,12 +101,17 @@ services:
    environment:
      - POSTGRES_DB=onlyoffice
      - POSTGRES_USER=onlyoffice
-      - POSTGRES_HOST_AUTH_METHOD=trust
+    networks:
+      - onlyoffice
    restart: always
    expose:
      - '5432'
    volumes:
      - postgresql_data:/var/lib/postgresql

+networks:
+  onlyoffice:
+    driver: 'bridge'
+
 volumes:
  postgresql_data:
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -21,7 +21,6 @@ SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
-USE_UNAUTHORIZED_STORAGE=${USE_UNAUTHORIZED_STORAGE:-false}
 ONLYOFFICE_HTTPS_HSTS_ENABLED=${ONLYOFFICE_HTTPS_HSTS_ENABLED:-true}
 ONLYOFFICE_HTTPS_HSTS_MAXAGE=${ONLYOFFICE_HTTPS_HSTS_MAXAGE:-31536000}
 SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
@ -39,62 +38,37 @@ NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 JWT_ENABLED=${JWT_ENABLED:-false}
 JWT_SECRET=${JWT_SECRET:-secret}
 JWT_HEADER=${JWT_HEADER:-Authorization}
-JWT_IN_BODY=${JWT_IN_BODY:-false}

 ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
 ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
 ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json

-JSON_BIN=${APP_DIR}/npm/json
+JSON_BIN=${APP_DIR}/npm/node_modules/.bin/json
 JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
 JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
 JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"

+DS_PORT=${DS_PORT:-80}
+
 LOCAL_SERVICES=()

 PG_ROOT=/var/lib/postgresql
-PG_VERSION=10
+PG_VERSION=9.5
 PG_NAME=main
 PGDATA=${PG_ROOT}/${PG_VERSION}/${PG_NAME}
 PG_NEW_CLUSTER=false
-RABBITMQ_DATA=/var/lib/rabbitmq
-REDIS_DATA=/var/lib/redis

 read_setting(){
-  deprecated_var POSTGRESQL_SERVER_HOST DB_HOST
-  deprecated_var POSTGRESQL_SERVER_PORT DB_PORT
-  deprecated_var POSTGRESQL_SERVER_DB_NAME DB_NAME
-  deprecated_var POSTGRESQL_SERVER_USER DB_USER
-  deprecated_var POSTGRESQL_SERVER_PASS DB_PWD
-  deprecated_var RABBITMQ_SERVER_URL AMQP_URI
-  deprecated_var AMQP_SERVER_URL AMQP_URI
-  deprecated_var AMQP_SERVER_TYPE AMQP_TYPE
-
-  DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}}
-  case $DB_TYPE in
-    "postgres")
-      DB_PORT=${DB_PORT:-"5432"}
-      ;;
-    "mariadb"|"mysql")
-      DB_PORT=${DB_PORT:-"3306"}
-      ;;
-    "")
-      DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}}
-      ;;
-    *)
-      echo "ERROR: unknown database type"
-      exit 1
-      ;;
-  esac
-  DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}}
-  DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}}
-  DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}}
-  DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)}
+  POSTGRESQL_SERVER_HOST=${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}
+  POSTGRESQL_SERVER_PORT=${POSTGRESQL_SERVER_PORT:-5432}
+  POSTGRESQL_SERVER_DB_NAME=${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}
+  POSTGRESQL_SERVER_USER=${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
+  POSTGRESQL_SERVER_PASS=${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}

  RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
-  AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}}
-  AMQP_TYPE=${AMQP_TYPE:-${AMQP_SERVER_TYPE:-rabbitmq}}
-  parse_rabbitmq_url ${AMQP_URI}
+  AMQP_SERVER_URL=${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}
+  AMQP_SERVER_TYPE=${AMQP_SERVER_TYPE:-rabbitmq}
+  parse_rabbitmq_url ${AMQP_SERVER_URL}

  REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
@ -102,12 +76,6 @@ read_setting(){
  DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)}
 }

-deprecated_var() {
-  if [[ -n ${!1} ]]; then
-    echo "Variable $1 is deprecated. Use $2 instead."
-  fi
-}
-
 parse_rabbitmq_url(){
  local amqp=$1

@ -157,8 +125,8 @@ waiting_for_connection(){
  done
 }

-waiting_for_db(){
-  waiting_for_connection $DB_HOST $DB_PORT
+waiting_for_postgresql(){
+  waiting_for_connection ${POSTGRESQL_SERVER_HOST} ${POSTGRESQL_SERVER_PORT}
 }

 waiting_for_amqp(){
@ -171,23 +139,22 @@ waiting_for_redis(){
 waiting_for_datacontainer(){
  waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT}
 }
-update_db_settings(){
-  ${JSON} -I -e "this.services.CoAuthoring.sql.type = '${DB_TYPE}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'"
+update_postgresql_settings(){
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${POSTGRESQL_SERVER_HOST}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${POSTGRESQL_SERVER_PORT}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${POSTGRESQL_SERVER_DB_NAME}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${POSTGRESQL_SERVER_USER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${POSTGRESQL_SERVER_PASS}'"
 }

 update_rabbitmq_setting(){
-  if [ "${AMQP_TYPE}" == "rabbitmq" ]; then
+  if [ "${AMQP_SERVER_TYPE}" == "rabbitmq" ]; then
    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
    ${JSON} -I -e "this.queue.type = 'rabbitmq'"
-    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'"
+    ${JSON} -I -e "this.rabbitmq.url = '${AMQP_SERVER_URL}'"
  fi
  
-  if [ "${AMQP_TYPE}" == "activemq" ]; then
+  if [ "${AMQP_SERVER_TYPE}" == "activemq" ]; then
    ${JSON} -I -e "if(this.queue===undefined)this.queue={};"
    ${JSON} -I -e "this.queue.type = 'activemq'"
    ${JSON} -I -e "if(this.activemq===undefined)this.activemq={};"
@ -229,7 +196,7 @@ update_redis_settings(){
  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
 }

-update_ds_settings(){
+update_jwt_settings(){
  if [ "${JWT_ENABLED}" == "true" ]; then
    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
@ -242,20 +209,12 @@ update_ds_settings(){
    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"

-    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
-
    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
      ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
    fi
  fi
-
-  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
-    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
-    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
-  fi
 }

 create_postgresql_cluster(){
@ -270,60 +229,26 @@ create_postgresql_cluster(){
 }

 create_postgresql_db(){
-  sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
-  sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';"
-  sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;"
+  sudo -u postgres psql -c "CREATE DATABASE onlyoffice;"
+  sudo -u postgres psql -c "CREATE USER onlyoffice WITH password 'onlyoffice';"
+  sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE onlyoffice TO onlyoffice;"
 }

-create_db_tbl() {
-  case $DB_TYPE in
-    "postgres")
-      create_postgresql_tbl
-    ;;
-    "mariadb"|"mysql")
-      create_mysql_tbl
-    ;;
-  esac
-}
-
-create_postgresql_tbl() {
-  CONNECTION_PARAMS="-h$DB_HOST -p$DB_PORT -U$DB_USER -w"
-  if [ -n "$DB_PWD" ]; then
-    export PGPASSWORD=$DB_PWD
+create_postgresql_tbl(){
+  CONNECTION_PARAMS="-h${POSTGRESQL_SERVER_HOST} -p${POSTGRESQL_SERVER_PORT} -U${POSTGRESQL_SERVER_USER} -w"
+  if [ -n "${POSTGRESQL_SERVER_PASS}" ]; then
+    export PGPASSWORD=${POSTGRESQL_SERVER_PASS}
  fi

  PSQL="psql -q $CONNECTION_PARAMS"
  CREATEDB="createdb $CONNECTION_PARAMS"

  # Create db on remote server
-  if $PSQL -lt | cut -d\| -f 1 | grep -qw $DB_NAME | grep 0; then
-    $CREATEDB $DB_NAME
+  if $PSQL -lt | cut -d\| -f 1 | grep -qw | grep 0; then
+    $CREATEDB $POSTGRESQL_SERVER_DB_NAME
  fi

-  $PSQL -d "$DB_NAME" -f "$APP_DIR/server/schema/postgresql/createdb.sql"
-}
-
-create_mysql_tbl() {
-  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
-  MYSQL="mysql -q $CONNECTION_PARAMS"
-
-  # Create db on remote server
-  $MYSQL -e "CREATE DATABASE IF NOT EXISTS $DB_NAME DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;" >/dev/null 2>&1
-
-  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
-}
-
-update_welcome_page() {
-  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
-  if [[ -e $WELCOME_PAGE ]]; then
-    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
-    if [[ -x $(command -v docker) ]]; then
-      DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
-      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
-    else
-      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
-    fi
-  fi
+  $PSQL -d "${POSTGRESQL_SERVER_DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql"
 }

 update_nginx_settings(){
@ -363,6 +288,8 @@ update_nginx_settings(){
    fi
  else
    ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
+    # set up default listening port
+    sed 's,\(listen.\+:\)\([0-9]\+\)\(.*;\),'"\1${DS_PORT}\3"',' -i ${NGINX_ONLYOFFICE_CONF}
  fi

  # check if ipv6 supported otherwise remove it from nginx config
@ -380,6 +307,10 @@ update_supervisor_settings(){
  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
  # Copy modified supervisor config
  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
+  # Copy modified nginx start script
+  cp ${SYSCONF_TEMPLATES_DIR}/nginx/nginx /etc/init.d/
+  # Copy modified ngnix config
+  cp ${SYSCONF_TEMPLATES_DIR}/nginx/nginx.conf /etc/nginx/nginx.conf
 }

 update_log_settings(){
@ -391,15 +322,15 @@ update_logrotate_settings(){
 }

 # create base folders
-for i in converter docservice spellchecker metrics; do
+for i in converter docservice spellchecker metrics gc; do
  mkdir -p "${DS_LOG_DIR}/$i"
 done

 mkdir -p ${DS_LOG_DIR}-example

 # create app folders
-for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do
-  mkdir -p "$i"
+for i in App_Data/cache/files App_Data/docbuilder; do
+  mkdir -p "${DS_LIB_DIR}/$i"
 done

 # change folder rights
@ -408,21 +339,22 @@ for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
  chmod -R 755 "$i"
 done

+touch ${DS_LOG_DIR}/nginx.error.log
+chown www-data:www-data ${DS_LOG_DIR}/nginx.error.log
+
 if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then

  read_setting

-  update_welcome_page
-
  update_log_settings

-  update_ds_settings
+  update_jwt_settings

  # update settings by env variables
-  if [ $DB_HOST != "localhost" ]; then
-    update_db_settings
-    waiting_for_db
-    create_db_tbl
+  if [ ${POSTGRESQL_SERVER_HOST} != "localhost" ]; then
+    update_postgresql_settings
+    waiting_for_postgresql
+    create_postgresql_tbl
  else
    # change rights for postgres directory
    chown -R postgres:postgres ${PG_ROOT}
@ -439,13 +371,6 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
  if [ ${AMQP_SERVER_HOST} != "localhost" ]; then
    update_rabbitmq_setting
  else
-    # change rights for rabbitmq directory
-    chown -R rabbitmq:rabbitmq ${RABBITMQ_DATA}
-    chmod -R go=rX,u=rwX ${RABBITMQ_DATA}
-    if [ -f ${RABBITMQ_DATA}/.erlang.cookie ]; then
-        chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
-    fi
-
    LOCAL_SERVICES+=("rabbitmq-server")
    # allow Rabbitmq startup after container kill
    rm -rf /var/run/rabbitmq
@ -454,10 +379,6 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
  if [ ${REDIS_SERVER_HOST} != "localhost" ]; then
    update_redis_settings
  else
-    # change rights for redis directory
-    chown -R redis:redis ${REDIS_DATA}
-    chmod -R 750 ${REDIS_DATA}
-
    LOCAL_SERVICES+=("redis-server")
  fi
 else
@ -467,8 +388,6 @@ else
  # read settings after the data container in ready state
  # to prevent get unconfigureted data
  read_setting
-  
-  update_welcome_page
 fi

 #start needed local services
@ -482,7 +401,7 @@ if [ ${PG_NEW_CLUSTER} = "true" ]; then
 fi

 if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
-  waiting_for_db
+  waiting_for_postgresql
  waiting_for_amqp
  waiting_for_redis

--- a/tests/defaults.env
+++ b/tests/defaults.env
@ -1,41 +0,0 @@
-# DocumentServer Container
-ONLYOFFICE_DATA_CONTAINER=true
-DB_TYPE=postgres
-DB_HOST=onlyoffice-postgresql
-DB_PORT=5432
-DB_NAME=onlyoffice
-DB_USER=onlyoffice
-DB_PWD=onlyoffice
-AMQP_TYPE=rabbitmq
-AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
-REDIS_SERVER_HOST=onlyoffice-redis
-REDIS_SERVER_PORT=6379
-JWT_ENABLED=true
-JWT_SECRET=secret
-JWT_HEADER=Authorization
-
-ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
-BALANCE=uri depth 3
-EXCLUDE_PORTS=443
-HTTP_CHECK=GET /healthcheck
-EXTRA_SETTINGS=http-check expect string true
-FORCE_SSL=true
-
-# HAProxy Container
-MODE=http
-CERT_FOLDER=/certs/
-
-# ActiveMQ Container
-ACTIVEMQ_USERS_guest=guest
-ACTIVEMQ_GROUPS_owners=guest
-
-# Postgres Container
-POSTGRES_DB=onlyoffice
-POSTGRES_USER=onlyoffice
-POSTGRES_HOST_AUTH_METHOD=trust
-
-# MySQL Container
-MYSQL_DATABASE=onlyoffice
-MYSQL_USER=onlyoffice
-MYSQL_PASSWORD=onlyoffice
-MYSQL_ALLOW_EMPTY_PASSWORD=yes
--- a/tests/mariadb.yml
+++ b/tests/mariadb.yml
@ -1,35 +0,0 @@
-version: '2'
-services:
-  ds:
-    container_name: ds
-    image: onlyoffice/4testing-documentserver-ie:latest
-    depends_on:
-      - db
-    environment:
-      - DB_TYPE
-      - DB_HOST
-      - DB_PORT
-      - DB_NAME
-      - DB_USER
-      - DB_PWD
-    stdin_open: true
-    restart: always
-    ports:
-      - '80:80'
-
-  db:
-    container_name: db
-    image: mariadb:10.5
-    environment:
-      - MYSQL_DATABASE
-      - MYSQL_USER
-      - MYSQL_PASSWORD
-      - MYSQL_ALLOW_EMPTY_PASSWORD
-    restart: always
-    volumes:
-      - mysql_data:/var/lib/mysql
-    expose:
-      - '3306'
-
-volumes:
-  mysql_data:
--- a/tests/mysql.yml
+++ b/tests/mysql.yml
@ -1,35 +0,0 @@
-version: '2'
-services:
-  onlyoffice-documentserver:
-    container_name: onlyoffice-documentserver
-    image: onlyoffice/4testing-documentserver-ie:latest
-    depends_on:
-      - onlyoffice-mysql
-    environment:
-      - DB_TYPE
-      - DB_HOST
-      - DB_PORT
-      - DB_NAME
-      - DB_USER
-      - DB_PWD
-    stdin_open: true
-    restart: always
-    ports:
-      - '80:80'
-
-  onlyoffice-mysql:
-    container_name: onlyoffice-mysql
-    image: mysql:5.7
-    environment:
-      - MYSQL_DATABASE
-      - MYSQL_USER
-      - MYSQL_PASSWORD
-      - MYSQL_ALLOW_EMPTY_PASSWORD
-    restart: always
-    volumes:
-      - mysql_data:/var/lib/mysql
-    expose:
-      - '3306'
-
-volumes:
-  mysql_data:
--- a/tests/postgres-old.yml
+++ b/tests/postgres-old.yml
@ -1,33 +0,0 @@
-version: '2'
-services:
-  onlyoffice-documentserver:
-    container_name: onlyoffice-documentserver
-    image: onlyoffice/4testing-documentserver-ie:latest
-    depends_on:
-      - onlyoffice-postgresql
-    environment:
-      - POSTGRESQL_SERVER_HOST
-      - POSTGRESQL_SERVER_PORT
-      - POSTGRESQL_SERVER_DB_NAME
-      - POSTGRESQL_SERVER_USER
-      - POSTGRESQL_SERVER_PASS
-    stdin_open: true
-    restart: always
-    ports:
-      - '80:80'
-
-  onlyoffice-postgresql:
-    container_name: onlyoffice-postgresql
-    image: postgres:9.5
-    environment:
-      - POSTGRES_DB
-      - POSTGRES_USER
-      - POSTGRES_HOST_AUTH_METHOD
-    restart: always
-    expose:
-      - '5432'
-    volumes:
-      - postgresql_data:/var/lib/postgresql
-
-volumes:
-  postgresql_data:
--- a/tests/postgres.yml
+++ b/tests/postgres.yml
@ -1,34 +0,0 @@
-version: '2'
-services:
-  onlyoffice-documentserver:
-    container_name: onlyoffice-documentserver
-    image: onlyoffice/4testing-documentserver-ie:latest
-    depends_on:
-      - onlyoffice-postgresql
-    environment:
-      - DB_TYPE
-      - DB_HOST
-      - DB_PORT
-      - DB_NAME
-      - DB_USER
-      - DB_PWD
-    stdin_open: true
-    restart: always
-    ports:
-      - '80:80'
-
-  onlyoffice-postgresql:
-    container_name: onlyoffice-postgresql
-    image: postgres:9.5
-    environment:
-      - POSTGRES_DB
-      - POSTGRES_USER
-      - POSTGRES_HOST_AUTH_METHOD
-    restart: always
-    expose:
-      - '5432'
-    volumes:
-      - postgresql_data:/var/lib/postgresql
-
-volumes:
-  postgresql_data:
--- a/tests/rabbitmq-old.yml
+++ b/tests/rabbitmq-old.yml
@ -1,28 +0,0 @@
-version: '2'
-services:
-  onlyoffice-documentserver:
-    container_name: onlyoffice-documentserver
-    image: onlyoffice/4testing-documentserver-ie:latest
-    environment:
-      - AMQP_SERVER_TYPE
-      - AMQP_SERVER_URL
-    stdin_open: true
-    restart: always
-    ports:
-      - '80:80'
-      - '443:443'
-    networks:
-      - onlyoffice
-
-  onlyoffice-rabbitmq:
-    container_name: onlyoffice-rabbitmq
-    image: rabbitmq
-    restart: always
-    networks:
-     - onlyoffice
-    expose:
-      - '5672'
-
-networks:
-  onlyoffice:
-    driver: 'bridge'
--- a/tests/rabbitmq.yml
+++ b/tests/rabbitmq.yml
@ -1,28 +0,0 @@
-version: '2'
-services:
-  onlyoffice-documentserver:
-    container_name: onlyoffice-documentserver
-    image: onlyoffice/4testing-documentserver-ie:latest
-    environment:
-      - AMQP_TYPE
-      - AMQP_URI
-    stdin_open: true
-    restart: always
-    ports:
-      - '80:80'
-      - '443:443'
-    networks:
-      - onlyoffice
-
-  onlyoffice-rabbitmq:
-    container_name: onlyoffice-rabbitmq
-    image: rabbitmq
-    restart: always
-    networks:
-     - onlyoffice
-    expose:
-      - '5672'
-
-networks:
-  onlyoffice:
-    driver: 'bridge'
--- a/tests/redis.yml
+++ b/tests/redis.yml
@ -1,28 +0,0 @@
-version: '2'
-services:
-  onlyoffice-documentserver:
-    container_name: onlyoffice-documentserver
-    image: onlyoffice/4testing-documentserver-ie:latest
-    environment:
-      - REDIS_SERVER_HOST
-      - REDIS_SERVER_PORT
-    stdin_open: true
-    restart: always
-    ports:
-      - '80:80'
-      - '443:443'
-    networks:
-      - onlyoffice
-
-  onlyoffice-redis:
-    container_name: onlyoffice-redis
-    image: redis
-    restart: always
-    networks:
-     - onlyoffice
-    expose:
-      - '6379'
-
-networks:
-  onlyoffice:
-    driver: 'bridge'
--- a/tests/test.sh
+++ b/tests/test.sh
@ -1,37 +0,0 @@
-#!/bin/bash
-
-# Check if the yml exists
-if [[ ! -f $config ]]; then
-  echo "File $config doesn't exist!"
-  exit 1
-fi
-
-env_file=defaults.env
-
-# Copy .env
-if [[ -f $env_file ]]; then
-  cp $env_file .env
-else
-  echo "File $env_file doesn't exist!"
-  exit 1
-fi
-
-# Run test environment
-docker-compose -p ds -f $config up -d
-
-wakeup_timeout=30
-
-# Get documentserver healthcheck status
-echo "Wait for service wake up"
-sleep $wakeup_timeout
-healthcheck_res=$(wget --no-check-certificate -qO - localhost/healthcheck)
-
-# Fail if it isn't true
-if [[ $healthcheck_res == "true" ]]; then
-  echo "Healthcheck passed."
-else
-  echo "Healthcheck failed!"
-  exit 1
-fi
-
-docker-compose -p ds -f $config down