Fix KylinOS start error (#471)

* Fix KylinOS start error

* Small changes

* Small changes

.github/workflows/4testing-build.yml

@@ -0,0 +1,94 @@
+### This workflow setup instance then build and push images ###
+name: 4testing multiarch-build
+
+on:
+  push:
+    tags:
+      - "v*"
+      - "!v*-stable"
+
+env: 
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver"
+      
+jobs:
+  build:
+    name: "Build image: DocumentServer${{ matrix.edition }}"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        images: ["documentserver"]
+        edition: ["", "-ee", "-de"]
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+     
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get Tag Name
+        run: |
+          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Build 4testing
+        run: |
+          ### ==>> At this step build variable declaration ###
+          DOCKER_TAG=$( echo ${{ env.RELEASE_VERSION }} | sed 's/^.//' )
+          PACKAGE_VERSION=$( echo $DOCKER_TAG | sed -E 's/(.*)\./\1-/' )
+          NODE_PLATFORMS=$( echo ${{ steps.buildx.outputs.platforms }} | sed 's/linux\///g' | sed 's/,/ /g' )
+          echo "Start check avalivable build platforms >>"
+
+          ### ==>> In this loop we will check all avalivable documentserver architectures. After that all accessed arch will be added to build-platforms list. ###
+          for ARCH in ${NODE_PLATFORMS}; do
+            REPO_URL=${{ secrets.REPO_URL }} 
+            if [[ ${{ env.RELEASE_VERSION }} == v99.* ]]; then
+              REPO_URL=${{ secrets.UNSTABLE_REPO_URL }}
+              DEVELOP_BUILD=true
+            fi
+            PACKAGE_URL_CHECK=${REPO_URL}${{ matrix.edition }}_"$PACKAGE_VERSION"_${ARCH}.deb
+            STATUS=$(curl -s -o /dev/null -w "%{http_code}\n" "${PACKAGE_URL_CHECK}")
+            if [[ "$STATUS" = "200" ]]; then
+              echo "✔  ${ARCH} is avalivable >> set like one of build platforms"
+              PLATFORMS+=(linux/${ARCH},)
+              BUILD_PLATFORMS=$( echo ${PLATFORMS[@]} | sed 's/ //g' | sed 's/\(.*\),/\1/' )
+            else
+              echo "Х ${ARCH} in not avalivable"
+            fi
+          done
+          PACKAGE_URL_BUILD=$( echo ${PACKAGE_URL_CHECK} | sed -e "s/${PACKAGE_VERSION}_.*.deb/${PACKAGE_VERSION}_TARGETARCH.deb/g" )
+
+          ### ==>> At this step if there is no access to any platform and platform list is empty, build will exit with 1. ###  
+          if [[ -z ${BUILD_PLATFORMS} ]]; then
+            echo "Have no access to any platform >> exit with 1"
+            exit 1
+          fi
+          echo "DONE: Check passed >> Build for platforms: ${BUILD_PLATFORMS}"
+          echo "Build is starting ... >>"
+
+          ### ==>> Build and push images at this step ### 
+          PRODUCT_EDITION=${{ matrix.edition }} \
+          PACKAGE_URL=$PACKAGE_URL_BUILD \
+          PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
+          DOCKERFILE=Dockerfile \
+          PREFIX_NAME=4testing- \
+          TAG=$DOCKER_TAG \
+          PLATFORM=$BUILD_PLATFORMS \
+          COMPANY_NAME=${{ env.COMPANY_NAME }} \
+          DEVELOP_BUILD=$DEVELOP_BUILD \
+            docker buildx bake \
+            -f docker-bake.hcl ${{ matrix.images }} \
+            --push
+          echo "DONE: Build success >> exit with 0"
+          exit 0
+        shell: bash

.github/workflows/stable-build.yml

@@ -0,0 +1,109 @@
+### This workflow setup instance then build and push images ###
+name: Multi-arch build stable
+
+on:
+  push:
+    tags:
+      - "v*-stable"
+
+env:
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver" 
+
+jobs:
+  build:
+    name: "Release image: DocumentServer${{ matrix.edition }}"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        images: ["documentserver-stable"]
+        edition: ["", "-ee", "-de"]
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+     
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get Tag Name
+        id: tag_name
+        run: |
+          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
+
+      - name: Build documentserver-release
+        run: |
+          TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
+          SHORTER_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+\.[\d]+')
+          SHORTEST_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+')
+          IMAGE_STATUS=$(docker manifest inspect ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG > /dev/null ; echo $?)
+             if [[ "$IMAGE_STATUS" = "0" ]]; then
+                echo "Image present on docker.hub >> start build stable version"
+                PRODUCT_EDITION=${{ matrix.edition }} \
+                PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
+                COMPANY_NAME=${{ env.COMPANY_NAME}} \
+                   TAG=$TAG \
+                   SHORTER_TAG=$SHORTER_TAG \
+                   SHORTEST_TAG=$SHORTEST_TAG \
+                   docker buildx bake \
+                   -f docker-bake.hcl ${{ matrix.images }} \
+                   --push 
+                echo "DONE: Build success >> exit with 0"
+                exit 0
+             else
+                echo "FAILED: Image with tag $TAG do not presented on docker.hub >> build will not started >> exit with 1"
+                exit 1
+             fi
+        shell: bash
+
+  build-nonExample:
+    name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: always()
+    strategy:
+      fail-fast: false
+      matrix:
+        images: ["documentserver-nonexample"]
+        edition: ["", "-ee", "-de"]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get Tag Name
+        id: tag_name
+        run: |
+          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
+
+      - name: build image
+        run: |
+           TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
+           PRODUCT_EDITION=${{ matrix.edition }} \
+           PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
+           COMPANY_NAME=${{ env.COMPANY_NAME }} \
+           TAG=$TAG \
+           docker buildx bake \
+           -f docker-bake.hcl ${{ matrix.images }} \
+           --push
+        shell: bash

Dockerfile

@@ -1,14 +1,16 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04 as documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
 
-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=12
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=14
 
 ARG ONLYOFFICE_VALUE=onlyoffice
 
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
     apt-get -y update && \
     apt-get -yq install wget apt-transport-https gnupg locales && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
+    mkdir -p $HOME/.gnupg && \
+    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
+    chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \
     locale-gen en_US.UTF-8 && \
     echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
     apt-get -yq install \
@@ -69,14 +71,18 @@ COPY run-document-server.sh /app/ds/run-document-server.sh
 
 EXPOSE 80 443
 
+ARG TARGETARCH
+ARG PRODUCT_EDITION=
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
-ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}_amd64.deb"
+ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}_$TARGETARCH.deb"
 
 ENV COMPANY_NAME=$COMPANY_NAME \
-    PRODUCT_NAME=$PRODUCT_NAME
+    PRODUCT_NAME=$PRODUCT_NAME \
+    PRODUCT_EDITION=$PRODUCT_EDITION
 
-RUN wget -q -P /tmp "$PACKAGE_URL" && \
+RUN PACKAGE_URL=$( echo ${PACKAGE_URL} | sed "s/TARGETARCH/"${TARGETARCH}"/g") && \
+    wget -q -P /tmp "$PACKAGE_URL" && \
     apt-get -y update && \
     service postgresql start && \
     apt-get -yq install /tmp/$(basename "$PACKAGE_URL") && \

Dockerfile.production

@@ -0,0 +1,24 @@
+### Arguments avavlivable only for FROM instruction ### 
+ARG TAG=latest
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_EDITION=
+
+### Build main-release ###
+
+FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable
+
+### Build nonexample ###
+ 
+FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample
+
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_NAME=documentserver
+ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
+
+### Remove all documentserver-example data ###
+
+RUN    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \
+    && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \
+    && rm -f $DS_SUPERVISOR_CONF \ 
+    && rm -f /etc/nginx/includes/ds-example.conf \
+    && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf  $DS_SUPERVISOR_CONF 

Makefile

@@ -15,60 +15,54 @@ PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)
 PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
 PACKAGE_URL := http://$(S3_BUCKET).s3.amazonaws.com/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu/$(PACKAGE_NAME)_$(PACKAGE_VERSION)_amd64.deb
 
-UPDATE_LATEST := false
-
-ifneq (,$(findstring develop,$(GIT_BRANCH)))
-DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
-DOCKER_TAGS += latest
-else ifneq (,$(findstring release,$(GIT_BRANCH)))
-DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
-else ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
-DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))
+ifeq ($(RELEASE_BRANCH),$(filter $(RELEASE_BRANCH),unstable testing))
+	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))
 else
-DOCKER_TAG += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
 endif
 
-DOCKER_TAGS += $(DOCKER_TAG)
-
-DOCKER_REPO = $(COMPANY_NAME_LOW_ESCAPED)/4testing-$(PRODUCT_NAME_LOW)
-
-COLON := __colon__
-DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
-
+DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)
+DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)__$(DOCKER_TAG).dummy
 DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
-
 DOCKER_ARCH_URI := $(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/docker/$(notdir $(DOCKER_ARCH))
 
-.PHONY: all clean clean-docker deploy docker publish
-
-$(DOCKER_TARGETS): $(DEB_REPO_DATA)
+.PHONY: all clean clean-docker image deploy docker publish
 
+$(DOCKER_DUMMY):
+	docker pull ubuntu:20.04
 	docker build \
 		--build-arg PACKAGE_URL=$(PACKAGE_URL) \
 		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
 		--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
-		-t $(subst $(COLON),:,$@) . &&\
-	mkdir -p $$(dirname $@) &&\
+		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
+	mkdir -p $$(dirname $@) && \
 	echo "Done" > $@
 
-$(DOCKER_ARCH): $(DOCKER_TARGETS)
-	docker save $(DOCKER_REPO):$(DOCKER_TAG) | \
+$(DOCKER_ARCH): $(DOCKER_DUMMY)
+	docker save $(DOCKER_IMAGE):$(DOCKER_TAG) | \
 		gzip > $@
 
-all: $(DOCKER_TARGETS)
+all: image
 
 clean:
-	rm -rfv $(DOCKER_TARGETS) $(DOCKER_ARCH)
+	rm -rfv *.dummy *.tar.gz
 		
 clean-docker:
 	docker rmi -f $$(docker images -q $(COMPANY_NAME_LOW)/*) || exit 0
 
-deploy: $(DOCKER_TARGETS)
-	$(foreach TARGET,$(DOCKER_TARGETS), \
-		for i in {1..3}; do \
-			docker push $(subst $(COLON),:,$(TARGET)) && break || sleep 1m; \
-		done;)
+image: $(DOCKER_DUMMY)
+
+deploy: $(DOCKER_DUMMY)
+	for i in {1..3}; do \
+		docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \
+	done
+ifeq ($(RELEASE_BRANCH),unstable)
+	docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest
+	for i in {1..3}; do \
+		docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \
+	done
+endif
 
 publish: $(DOCKER_ARCH)
 	aws s3 cp --no-progress --acl public-read \

README.md

@@ -107,7 +107,7 @@ When using CA certified certificates (e.g [Let's encrypt](https://letsencrypt.or
 
 #### Using the automatically generated Let's Encrypt SSL Certificates
 
-        sudo docker run -i -t -d -p 443:443 \
+        sudo docker run -i -t -d -p 80:80 -p 443:443 \
         -e LETS_ENCRYPT_DOMAIN=your_domain -e LETS_ENCRYPT_MAIL=your_mail  onlyoffice/documentserver
 
 If you want to get and extend Let's Encrypt SSL Certificates automatically just set LETS_ENCRYPT_DOMAIN and LETS_ENCRYPT_MAIL variables.
@@ -178,19 +178,22 @@ Below is the complete list of parameters that can be set using environment varia
 - **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.
 - **DB_HOST**: The IP address or the name of the host where the database server is running.
 - **DB_PORT**: The database server port number.
-- **DB_NAME**: The name of a database to be created on the image startup.
+- **DB_NAME**: The name of a database to use. Should be existing on container startup.
 - **DB_USER**: The new user name with superuser permissions for the database account.
 - **DB_PWD**: The password set for the database account.
 - **AMQP_URI**: The [AMQP URI](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
 - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
+- **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
+- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
 - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
 - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
+- **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
 - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
 - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true`
 - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`.
@@ -244,7 +247,7 @@ sudo docker run --init --net onlyoffice --privileged -i -t -d --restart=always -
  onlyoffice/mailserver
 ```
 
-The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.yml#L75).
+The additional parameters for mail server are available [here](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml#L87).
 
 To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
 
@@ -294,7 +297,7 @@ bash opensource-install.sh -md yourdomain.com
 Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). For the mail server correct work you need to specify its hostname 'yourdomain.com'. Assuming you have docker-compose installed, execute the following command:
 
 ```bash
-wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.yml
+wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.groups.yml
 docker-compose up -d
 ```
 
@@ -332,7 +335,7 @@ SaaS version: [https://www.onlyoffice.com/cloud-office.aspx](https://www.onlyoff
 
 ## User Feedback and Support
 
-If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [dev.onlyoffice.org][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].
+If you have any problems with or questions about this image, please visit our official forum to find answers to your questions: [forum.onlyoffice.com][1] or you can ask and answer ONLYOFFICE development questions on [Stack Overflow][2].
 
-  [1]: https://dev.onlyoffice.org
+  [1]: https://forum.onlyoffice.com
   [2]: https://stackoverflow.com/questions/tagged/onlyoffice

docker-bake.hcl

@@ -0,0 +1,89 @@
+variable "TAG" {
+    default = ""
+}
+
+variable "SHORTER_TAG" {
+    default = ""
+}
+
+variable "SHORTEST_TAG" {
+    default = ""
+}
+
+variable "COMPANY_NAME" {
+    default = ""
+}
+
+variable "PREFIX_NAME" {
+    default = ""
+}
+
+variable "PRODUCT_EDITION" {
+    default = ""
+}
+
+variable "PRODUCT_NAME" {
+    default = ""
+}
+
+variable "DOCKERFILE" {
+    default = ""
+}
+
+variable "PLATFORM" {
+    default = ""
+}
+
+variable "PACKAGE_URL" {
+    default = ""
+}
+
+variable "DEVELOP_BUILD" {
+    default = ""
+}
+
+target "documentserver" {
+    target = "documentserver"
+    dockerfile= "${DOCKERFILE}"
+    tags = [
+           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
+           notequal("",DEVELOP_BUILD) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
+           ]
+    platforms = ["${PLATFORM}"]
+    args = {
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PACKAGE_URL": "${PACKAGE_URL}"
+        "PLATFORM": "${PLATFORM}"
+    }
+}
+
+target "documentserver-stable" {
+    target = "documentserver-stable"
+    dockerfile= "Dockerfile.production"
+    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest"]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "TAG": "${TAG}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+    }
+}
+
+target "documentserver-nonexample" {
+    target = "documentserver-nonexample"
+    dockerfile = "Dockerfile.production"
+    tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "TAG": "${TAG}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+    } 
+}

run-document-server.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+umask 0022
+
 function clean_exit {
   /usr/bin/documentserver-prepare4shutdown.sh
 }
@@ -11,24 +13,47 @@ shopt -s globstar
 
 APP_DIR="/var/www/${COMPANY_NAME}/documentserver"
 DATA_DIR="/var/www/${COMPANY_NAME}/Data"
+PRIVATE_DATA_DIR="${DATA_DIR}/.private"
+DS_RELEASE_DATE="${PRIVATE_DATA_DIR}/ds_release_date"
 LOG_DIR="/var/log/${COMPANY_NAME}"
 DS_LOG_DIR="${LOG_DIR}/documentserver"
 LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
+IS_UPGRADE="false"
 
 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
 ONLYOFFICE_DATA_CONTAINER_PORT=80
 
-SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
-if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.crt ]]; then
-  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.crt
+RELEASE_DATE="$(stat -c="%y" ${APP_DIR}/server/DocService/docservice | sed -r 's/=([0-9]+)-([0-9]+)-([0-9]+) ([0-9:.+ ]+)/\1-\2-\3/')";
+if [ -f ${DS_RELEASE_DATE} ]; then
+  PREV_RELEASE_DATE=$(head -n 1 ${DS_RELEASE_DATE})
+else
+  PREV_RELEASE_DATE="0"
+fi
+
+if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
+  if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
+    IS_UPGRADE="true";
+  fi
+fi
+
+SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
+mkdir -p ${SSL_CERTIFICATES_DIR}
+if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then
+  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
+  chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem
+  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key
+fi
+
+if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
+  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt
 else
   SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt}
 fi
-if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.key ]]; then
-  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.key
+if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then
+  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key
 else
   SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
@@ -50,14 +75,26 @@ NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
 NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 
-JWT_ENABLED=${JWT_ENABLED:-false}
-JWT_SECRET=${JWT_SECRET:-secret}
+JWT_ENABLED=${JWT_ENABLED:-true}
+
+# validate user's vars before usinig in json
+if [ "${JWT_ENABLED}" == "true" ]; then
+  JWT_ENABLED="true"
+else
+  JWT_ENABLED="false"
+fi
+
+[ -z $JWT_SECRET ] && JWT_MESSAGE="JWT is enabled by default. A random secret is generated automatically. Run the command 'docker exec $(cut -c9-20 < /proc/1/cpuset) sudo documentserver-jwt-status.sh' to get information about JWT."
+
+JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}
 
+WOPI_ENABLED=${WOPI_ENABLED:-false}
+
 GENERATE_FONTS=${GENERATE_FONTS:-true}
 
-if [[ ${PRODUCT_NAME} == "documentserver" ]]; then
+if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then
   REDIS_ENABLED=false
 else
   REDIS_ENABLED=true
@@ -103,6 +140,7 @@ read_setting(){
   METRICS_PREFIX="${METRICS_PREFIX:-.ds}"
 
   DB_HOST=${DB_HOST:-${POSTGRESQL_SERVER_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}}
+  DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)}
   case $DB_TYPE in
     "postgres")
       DB_PORT=${DB_PORT:-"5432"}
@@ -121,7 +159,6 @@ read_setting(){
   DB_NAME=${DB_NAME:-${POSTGRESQL_SERVER_DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}}
   DB_USER=${DB_USER:-${POSTGRESQL_SERVER_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}}
   DB_PWD=${DB_PWD:-${POSTGRESQL_SERVER_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}}
-  DB_TYPE=${DB_TYPE:-$(${JSON} services.CoAuthoring.sql.type)}
 
   RABBITMQ_SERVER_URL=${RABBITMQ_SERVER_URL:-$(${JSON} rabbitmq.url)}
   AMQP_URI=${AMQP_URI:-${AMQP_SERVER_URL:-${RABBITMQ_SERVER_URL}}}
@@ -266,37 +303,46 @@ update_rabbitmq_setting(){
 }
 
 update_redis_settings(){
+  ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
   ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
   ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
+
+  if [ -n "${REDIS_SERVER_PASS}" ]; then
+    ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}"
+  fi
+
 }
 
 update_ds_settings(){
-  if [ "${JWT_ENABLED}" == "true" ]; then
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
 
-    ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
-    ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
-    ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
 
-    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
-    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
 
-    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
 
-    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
-      ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
-      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
-      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
-    fi
+  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
+    ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
+    ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
+    ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
   fi
-
+ 
   if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
     ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
     ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
   fi
+
+  if [ "${WOPI_ENABLED}" == "true" ]; then
+    ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}"
+    ${JSON} -I -e "this.wopi.enable = true"
+  fi
 }
 
 create_postgresql_cluster(){
@@ -327,6 +373,36 @@ create_db_tbl() {
   esac
 }
 
+upgrade_db_tbl() {
+  case $DB_TYPE in
+    "postgres")
+      upgrade_postgresql_tbl
+    ;;
+    "mariadb"|"mysql")
+      upgrade_mysql_tbl
+    ;;
+  esac
+}
+
+upgrade_postgresql_tbl() {
+  if [ -n "$DB_PWD" ]; then
+    export PGPASSWORD=$DB_PWD
+  fi
+
+  PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w"
+
+  $PSQL -f "$APP_DIR/server/schema/postgresql/removetbl.sql"
+  $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql"
+}
+
+upgrade_mysql_tbl() {
+  CONNECTION_PARAMS="-h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PWD -w"
+  MYSQL="mysql -q $CONNECTION_PARAMS"
+
+  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/removetbl.sql" >/dev/null 2>&1
+  $MYSQL $DB_NAME < "$APP_DIR/server/schema/mysql/createdb.sql" >/dev/null 2>&1
+}
+
 create_postgresql_tbl() {
   if [ -n "$DB_PWD" ]; then
     export PGPASSWORD=$DB_PWD
@@ -350,11 +426,13 @@ update_welcome_page() {
   WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
   if [[ -e $WELCOME_PAGE ]]; then
     DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
-    if [[ -x $(command -v docker) ]]; then
-      DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
-      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
-    else
-      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
+      if [[ -x $(command -v docker) ]]; then
+        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+      else
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+      fi
     fi
   fi
 }
@@ -406,6 +484,8 @@ update_nginx_settings(){
   if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
     sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
   fi
+
+  documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
 }
 
 update_supervisor_settings(){
@@ -423,8 +503,13 @@ update_logrotate_settings(){
   sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf
 }
 
+update_release_date(){
+  mkdir -p ${PRIVATE_DATA_DIR}
+  echo ${RELEASE_DATE} > ${DS_RELEASE_DATE}
+}
+
 # create base folders
-for i in converter docservice spellchecker metrics; do
+for i in converter docservice metrics; do
   mkdir -p "${DS_LOG_DIR}/$i"
 done
 
@@ -436,7 +521,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${
 done
 
 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
+for i in ${LOG_DIR} ${LIB_DIR}; do
   chown -R ds:ds "$i"
   chmod -R 755 "$i"
 done
@@ -510,6 +595,8 @@ else
   update_welcome_page
 fi
 
+find /etc/${COMPANY_NAME} -exec chown ds:ds {} \;
+
 #start needed local services
 for i in ${LOCAL_SERVICES[@]}; do
   service $i start
@@ -527,6 +614,11 @@ if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
     waiting_for_redis
   fi
 
+  if [ "${IS_UPGRADE}" = "true" ]; then
+    upgrade_db_tbl
+    update_release_date
+  fi
+
   update_nginx_settings
 
   update_supervisor_settings
@@ -553,5 +645,7 @@ if [ "${GENERATE_FONTS}" == "true" ]; then
 fi
 documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}
 
+echo "${JWT_MESSAGE}" 
+
 tail -f /var/log/${COMPANY_NAME}/**/*.log &
 wait $!