Fix KylinOS start error (#471 )

* Fix KylinOS start error * Small changes * Small changes
Build: Set job fail status if some build failed (#488 )
2026-04-07 14:01:38 +08:00 · 2022-08-31 12:13:30 +03:00 · 2022-08-30 14:33:23 +03:00 · 2022-08-29 11:40:25 +03:00 · 2022-08-24 12:47:47 +03:00 · 2022-08-24 11:14:59 +03:00
7 changed files with 392 additions and 37 deletions
--- a/.github/workflows/4testing-build.yml
+++ b/.github/workflows/4testing-build.yml
@ -0,0 +1,94 @@
+### This workflow setup instance then build and push images ###
+name: 4testing multiarch-build
+
+on:
+  push:
+    tags:
+      - "v*"
+      - "!v*-stable"
+
+env: 
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver"
+      
+jobs:
+  build:
+    name: "Build image: DocumentServer${{ matrix.edition }}"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        images: ["documentserver"]
+        edition: ["", "-ee", "-de"]
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+     
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get Tag Name
+        run: |
+          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Build 4testing
+        run: |
+          ### ==>> At this step build variable declaration ###
+          DOCKER_TAG=$( echo ${{ env.RELEASE_VERSION }} | sed 's/^.//' )
+          PACKAGE_VERSION=$( echo $DOCKER_TAG | sed -E 's/(.*)\./\1-/' )
+          NODE_PLATFORMS=$( echo ${{ steps.buildx.outputs.platforms }} | sed 's/linux\///g' | sed 's/,/ /g' )
+          echo "Start check avalivable build platforms >>"
+
+          ### ==>> In this loop we will check all avalivable documentserver architectures. After that all accessed arch will be added to build-platforms list. ###
+          for ARCH in ${NODE_PLATFORMS}; do
+            REPO_URL=${{ secrets.REPO_URL }} 
+            if [[ ${{ env.RELEASE_VERSION }} == v99.* ]]; then
+              REPO_URL=${{ secrets.UNSTABLE_REPO_URL }}
+              DEVELOP_BUILD=true
+            fi
+            PACKAGE_URL_CHECK=${REPO_URL}${{ matrix.edition }}_"$PACKAGE_VERSION"_${ARCH}.deb
+            STATUS=$(curl -s -o /dev/null -w "%{http_code}\n" "${PACKAGE_URL_CHECK}")
+            if [[ "$STATUS" = "200" ]]; then
+              echo "✔  ${ARCH} is avalivable >> set like one of build platforms"
+              PLATFORMS+=(linux/${ARCH},)
+              BUILD_PLATFORMS=$( echo ${PLATFORMS[@]} | sed 's/ //g' | sed 's/\(.*\),/\1/' )
+            else
+              echo "Х ${ARCH} in not avalivable"
+            fi
+          done
+          PACKAGE_URL_BUILD=$( echo ${PACKAGE_URL_CHECK} | sed -e "s/${PACKAGE_VERSION}_.*.deb/${PACKAGE_VERSION}_TARGETARCH.deb/g" )
+
+          ### ==>> At this step if there is no access to any platform and platform list is empty, build will exit with 1. ###  
+          if [[ -z ${BUILD_PLATFORMS} ]]; then
+            echo "Have no access to any platform >> exit with 1"
+            exit 1
+          fi
+          echo "DONE: Check passed >> Build for platforms: ${BUILD_PLATFORMS}"
+          echo "Build is starting ... >>"
+
+          ### ==>> Build and push images at this step ### 
+          PRODUCT_EDITION=${{ matrix.edition }} \
+          PACKAGE_URL=$PACKAGE_URL_BUILD \
+          PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
+          DOCKERFILE=Dockerfile \
+          PREFIX_NAME=4testing- \
+          TAG=$DOCKER_TAG \
+          PLATFORM=$BUILD_PLATFORMS \
+          COMPANY_NAME=${{ env.COMPANY_NAME }} \
+          DEVELOP_BUILD=$DEVELOP_BUILD \
+            docker buildx bake \
+            -f docker-bake.hcl ${{ matrix.images }} \
+            --push
+          echo "DONE: Build success >> exit with 0"
+          exit 0
+        shell: bash
--- a/.github/workflows/stable-build.yml
+++ b/.github/workflows/stable-build.yml
@ -0,0 +1,109 @@
+### This workflow setup instance then build and push images ###
+name: Multi-arch build stable
+
+on:
+  push:
+    tags:
+      - "v*-stable"
+
+env:
+  COMPANY_NAME: "onlyoffice"
+  PRODUCT_NAME: "documentserver" 
+
+jobs:
+  build:
+    name: "Release image: DocumentServer${{ matrix.edition }}"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        images: ["documentserver-stable"]
+        edition: ["", "-ee", "-de"]
+    steps:
+      - name: Checkout code 
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+     
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get Tag Name
+        id: tag_name
+        run: |
+          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
+
+      - name: Build documentserver-release
+        run: |
+          TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
+          SHORTER_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+\.[\d]+')
+          SHORTEST_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+')
+          IMAGE_STATUS=$(docker manifest inspect ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG > /dev/null ; echo $?)
+             if [[ "$IMAGE_STATUS" = "0" ]]; then
+                echo "Image present on docker.hub >> start build stable version"
+                PRODUCT_EDITION=${{ matrix.edition }} \
+                PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
+                COMPANY_NAME=${{ env.COMPANY_NAME}} \
+                   TAG=$TAG \
+                   SHORTER_TAG=$SHORTER_TAG \
+                   SHORTEST_TAG=$SHORTEST_TAG \
+                   docker buildx bake \
+                   -f docker-bake.hcl ${{ matrix.images }} \
+                   --push 
+                echo "DONE: Build success >> exit with 0"
+                exit 0
+             else
+                echo "FAILED: Image with tag $TAG do not presented on docker.hub >> build will not started >> exit with 1"
+                exit 1
+             fi
+        shell: bash
+
+  build-nonExample:
+    name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
+    runs-on: ubuntu-latest
+    needs: [build]
+    if: always()
+    strategy:
+      fail-fast: false
+      matrix:
+        images: ["documentserver-nonexample"]
+        edition: ["", "-ee", "-de"]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Get Tag Name
+        id: tag_name
+        run: |
+          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
+
+      - name: build image
+        run: |
+           TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
+           PRODUCT_EDITION=${{ matrix.edition }} \
+           PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
+           COMPANY_NAME=${{ env.COMPANY_NAME }} \
+           TAG=$TAG \
+           docker buildx bake \
+           -f docker-bake.hcl ${{ matrix.images }} \
+           --push
+        shell: bash
--- a/18
+++ b/18
@ -1,14 +1,16 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04 as documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>

-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=12
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=14

 ARG ONLYOFFICE_VALUE=onlyoffice

 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
    apt-get -yq install wget apt-transport-https gnupg locales && \
-    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
+    mkdir -p $HOME/.gnupg && \
+    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
+    chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \
    locale-gen en_US.UTF-8 && \
    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
    apt-get -yq install \
@ -69,14 +71,18 @@ COPY run-document-server.sh /app/ds/run-document-server.sh

 EXPOSE 80 443

+ARG TARGETARCH
+ARG PRODUCT_EDITION=
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
-ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}_amd64.deb"
+ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}_$TARGETARCH.deb"

 ENV COMPANY_NAME=$COMPANY_NAME \
-    PRODUCT_NAME=$PRODUCT_NAME
+    PRODUCT_NAME=$PRODUCT_NAME \
+    PRODUCT_EDITION=$PRODUCT_EDITION

-RUN wget -q -P /tmp "$PACKAGE_URL" && \
+RUN PACKAGE_URL=$( echo ${PACKAGE_URL} | sed "s/TARGETARCH/"${TARGETARCH}"/g") && \
+    wget -q -P /tmp "$PACKAGE_URL" && \
    apt-get -y update && \
    service postgresql start && \
    apt-get -yq install /tmp/$(basename "$PACKAGE_URL") && \
--- a/Dockerfile.production
+++ b/Dockerfile.production
@ -0,0 +1,24 @@
+### Arguments avavlivable only for FROM instruction ### 
+ARG TAG=latest
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_EDITION=
+
+### Build main-release ###
+
+FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable
+
+### Build nonexample ###
+ 
+FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample
+
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_NAME=documentserver
+ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
+
+### Remove all documentserver-example data ###
+
+RUN    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \
+    && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \
+    && rm -f $DS_SUPERVISOR_CONF \ 
+    && rm -f /etc/nginx/includes/ds-example.conf \
+    && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf  $DS_SUPERVISOR_CONF 
--- a/README.md
+++ b/README.md
@ -185,8 +185,10 @@ Below is the complete list of parameters that can be set using environment varia
 - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
+- **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
+- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
 - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
 - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -0,0 +1,89 @@
+variable "TAG" {
+    default = ""
+}
+
+variable "SHORTER_TAG" {
+    default = ""
+}
+
+variable "SHORTEST_TAG" {
+    default = ""
+}
+
+variable "COMPANY_NAME" {
+    default = ""
+}
+
+variable "PREFIX_NAME" {
+    default = ""
+}
+
+variable "PRODUCT_EDITION" {
+    default = ""
+}
+
+variable "PRODUCT_NAME" {
+    default = ""
+}
+
+variable "DOCKERFILE" {
+    default = ""
+}
+
+variable "PLATFORM" {
+    default = ""
+}
+
+variable "PACKAGE_URL" {
+    default = ""
+}
+
+variable "DEVELOP_BUILD" {
+    default = ""
+}
+
+target "documentserver" {
+    target = "documentserver"
+    dockerfile= "${DOCKERFILE}"
+    tags = [
+           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
+           notequal("",DEVELOP_BUILD) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
+           ]
+    platforms = ["${PLATFORM}"]
+    args = {
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PACKAGE_URL": "${PACKAGE_URL}"
+        "PLATFORM": "${PLATFORM}"
+    }
+}
+
+target "documentserver-stable" {
+    target = "documentserver-stable"
+    dockerfile= "Dockerfile.production"
+    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest"]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "TAG": "${TAG}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+    }
+}
+
+target "documentserver-nonexample" {
+    target = "documentserver-nonexample"
+    dockerfile = "Dockerfile.production"
+    tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "TAG": "${TAG}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+    } 
+}
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -1,5 +1,7 @@
 #!/bin/bash

+umask 0022
+
 function clean_exit {
  /usr/bin/documentserver-prepare4shutdown.sh
 }
@ -37,14 +39,21 @@ if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
  fi
 fi

-SSL_CERTIFICATES_DIR="${DATA_DIR}/certs"
-if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.crt ]]; then
-  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.crt
+SSL_CERTIFICATES_DIR="/usr/share/ca-certificates/ds"
+mkdir -p ${SSL_CERTIFICATES_DIR}
+if [[ -d ${DATA_DIR}/certs ]] && [ -e ${DATA_DIR}/certs/*.crt ]; then
+  cp -f ${DATA_DIR}/certs/* ${SSL_CERTIFICATES_DIR}
+  chmod 644 ${SSL_CERTIFICATES_DIR}/*.crt ${SSL_CERTIFICATES_DIR}/*.pem
+  chmod 400 ${SSL_CERTIFICATES_DIR}/*.key
+fi
+
+if [[ -z $SSL_CERTIFICATE_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt ]]; then
+  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.crt
 else
  SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/tls.crt}
 fi
-if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/onlyoffice.key ]]; then
-  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/onlyoffice.key
+if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]]; then
+  SSL_KEY_PATH=${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key
 else
  SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
@ -66,8 +75,18 @@ NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
 NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}

-JWT_ENABLED=${JWT_ENABLED:-false}
-JWT_SECRET=${JWT_SECRET:-secret}
+JWT_ENABLED=${JWT_ENABLED:-true}
+
+# validate user's vars before usinig in json
+if [ "${JWT_ENABLED}" == "true" ]; then
+  JWT_ENABLED="true"
+else
+  JWT_ENABLED="false"
+fi
+
+[ -z $JWT_SECRET ] && JWT_MESSAGE="JWT is enabled by default. A random secret is generated automatically. Run the command 'docker exec $(cut -c9-20 < /proc/1/cpuset) sudo documentserver-jwt-status.sh' to get information about JWT."
+
+JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}

@ -75,7 +94,7 @@ WOPI_ENABLED=${WOPI_ENABLED:-false}

 GENERATE_FONTS=${GENERATE_FONTS:-true}

-if [[ ${PRODUCT_NAME} == "documentserver" ]]; then
+if [[ ${PRODUCT_NAME}${PRODUCT_EDITION} == "documentserver" ]]; then
  REDIS_ENABLED=false
 else
  REDIS_ENABLED=true
@ -284,33 +303,37 @@ update_rabbitmq_setting(){
 }

 update_redis_settings(){
+  ${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
+
+  if [ -n "${REDIS_SERVER_PASS}" ]; then
+    ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}"
+  fi
+
 }

 update_ds_settings(){
-  if [ "${JWT_ENABLED}" == "true" ]; then
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"

-    ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
-    ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
-    ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
+  ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"

-    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
-    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
+  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"

-    ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.inbox.inBody = ${JWT_IN_BODY}"
+  ${JSON} -I -e "this.services.CoAuthoring.token.outbox.inBody = ${JWT_IN_BODY}"

-    if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ] && [ "${JWT_ENABLED}" == "true" ]; then
-      ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
-      ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
-      ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
-    fi
+  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
+    ${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
+    ${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
+    ${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
  fi
-
+ 
  if [ "${USE_UNAUTHORIZED_STORAGE}" == "true" ]; then
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults===undefined)this.services.CoAuthoring.requestDefaults={}"
    ${JSON} -I -e "if(this.services.CoAuthoring.requestDefaults.rejectUnauthorized===undefined)this.services.CoAuthoring.requestDefaults.rejectUnauthorized=false"
@ -403,11 +426,13 @@ update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
  if [[ -e $WELCOME_PAGE ]]; then
    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
-    if [[ -x $(command -v docker) ]]; then
-      DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
-      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
-    else
-      sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
+      if [[ -x $(command -v docker) ]]; then
+        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+      else
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+      fi
    fi
  fi
 }
@ -459,6 +484,8 @@ update_nginx_settings(){
  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
  fi
+
+  documentserver-update-securelink.sh -s ${SECURE_LINK_SECRET:-$(pwgen -s 20)} -r false
 }

 update_supervisor_settings(){
@ -494,7 +521,7 @@ for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${
 done

 # change folder rights
-for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
+for i in ${LOG_DIR} ${LIB_DIR}; do
  chown -R ds:ds "$i"
  chmod -R 755 "$i"
 done
@ -568,6 +595,8 @@ else
  update_welcome_page
 fi

+find /etc/${COMPANY_NAME} -exec chown ds:ds {} \;
+
 #start needed local services
 for i in ${LOCAL_SERVICES[@]}; do
  service $i start
@ -616,5 +645,7 @@ if [ "${GENERATE_FONTS}" == "true" ]; then
 fi
 documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}

+echo "${JWT_MESSAGE}" 
+
 tail -f /var/log/${COMPANY_NAME}/**/*.log &
 wait $!
Author	SHA1	Message	Date
Roman Demidov	e44acbebf7	Fix KylinOS start error (#471 ) * Fix KylinOS start error * Small changes * Small changes	2022-08-31 12:13:30 +03:00
Danil Titarenko	3626f8cc6c	Build: Set job fail status if some build failed (#488 )	2022-08-30 14:33:23 +03:00
Danil Titarenko	207bd5dac7	Add build Documentserver without example (#473 ) * Add dockerfile for non-example build * Create new symlink for supervisor config * Add ARG for dynamic images specification * Update action version * Add build nonexample after stable build success * Add targets for nonexample build * Cosmetic changes * Update FROM instruction * Add default tag * Remove needless welcome nginx location * Change nonexample image tags * Set correct nonexample image tag * Change tag for nonexample image * Change dockerfile name * Rename dockerfile for release images * Move stable build to dockerfile * Refactoring bake file	2022-08-29 11:40:25 +03:00
Danil Titarenko	2379128240	fix build (#486 )	2022-08-24 12:47:47 +03:00
Danil Titarenko	083ab2c6a6	Add latest tag for develop build (#484 )	2022-08-24 11:14:59 +03:00
Evgeniy Antonyuk	34180710cf	Fix command to get container id (#483 )	2022-08-22 20:56:45 +03:00
Evgeniy Antonyuk	8887cb7a26	Enable JWT by default and add a JWT status message (#482 ) * Enable JWT by default and add a JWT status message * Correct JWT message * Add a condition for displaying a JWT message * Minor correction * Minor correction	2022-08-22 20:27:10 +03:00
Danil Titarenko	05c5042985	Add the missing variable (#467 )	2022-07-22 09:44:59 +03:00
Danil Titarenko	2213fc70f5	Add another tags processing (#464 ) * Add support for processing other tags * Print build-info before build start * Cosmetic changes * Add architecture and URL processing * Refactoring action code * Refactoring code * Refactoring code * Cosmetic changes * Remove some check package version * Refactoring code * Redefining url variable for dockerfile * Cosmetic changes * Changes platform conditions check * Set to use default TARGETARCH in build	2022-07-21 18:44:06 +03:00
Danil Titarenko	06a05223b5	Fix bug #58032 / Fix moves certificates alarm messages (#461 ) * Add some checks before replace certificates * Change if check key * Refactoring code * Refactoring code * Add checking exist files * Refactor: refactoring code * Remove check files conditions	2022-07-19 15:51:46 +03:00
Danil Titarenko	143e77fdfc	Fix Big #57286 / Add redis password config settings (#466 ) * Add redis password settings * Add variable description * Change variable descriptions * Change variable descriptions * Change variable descriptions	2022-07-18 17:11:06 +03:00
papacarlo	8acbfdbeb7	Merge branch hotfix/v7.1.1 into release/v7.2.0	2022-07-18 10:02:02 +00:00
Danil Titarenko	c16635ea71	Fix supervisor socket messages (#459 )	2022-07-12 12:37:48 +03:00
Danil Titarenko	29e4ec3027	Refactoring workflow (#448 )	2022-07-11 13:27:43 +03:00
Evgeniy Antonyuk	c7a1fd04a4	fix Bug 50138 / Fix SSL key access error (#455 ) * Fix SSL key access error * Change name of directory	2022-07-05 14:56:42 +03:00
Danil Titarenko	c4ddb99710	Update base image version (#447 )	2022-07-05 14:41:20 +03:00
Danil Titarenko	9494e08e8f	Fix for redis correct work (#449 ) * Fix for redis correct work * Refactoring code * Refactoring code * Refactoring code * Refactor: refactoring code	2022-06-15 10:30:18 +03:00
Danil Titarenko	86cbb01bbf	Add short tags for released images (#446 ) * Add short tags for images * Edit workflow tags	2022-06-10 15:43:50 +03:00
Danil Titarenko	a6562f4017	Add multiarch build with action (#445 ) * Update run-document-server.sh (#439) * Revert "Update run-document-server.sh (#439)" This reverts commit `5c17c711b1`. * Add bake config * Add targets for multiarch build * Add multiarch workflows * Cosmetic changes * Refactoring * Cosmetic changes * Cosmetic changes * Change URL for test repo * Refactor: refactoring code * Refactoring sed * Remove -ie build * Add special tag for package * Cosmetic changes Co-authored-by: papacarlo <builder@onlyoffice.com> Co-authored-by: Roger Shieh <sh.rog@protonmail.ch> Co-authored-by: Alexey Golubev <alexey.golubev@onlyoffice.com>	2022-06-09 13:27:39 +03:00
Evgeniy Antonyuk	01606746c1	Fix Bug 53170 / Add the ability to set secure_link_secret (#444 ) * Add securelink generation * Add ability to configure securelink_secret * Add a description of SECURE_LINK_SECRET * Update README.md	2022-06-07 16:16:05 +03:00
Alexey Golubev	19b66de202	Revert "Update run-document-server.sh (#439 )" This reverts commit `5c17c711b1`.	2022-05-26 17:03:57 +03:00
Roger Shieh	5c17c711b1	Update run-document-server.sh (#439 )	2022-05-24 18:02:42 +03:00
papacarlo	61d388372b	Merge branch release/v7.1.0 into develop	2022-05-16 12:57:21 +00:00
papacarlo	95e27e2655	Merge branch release/v7.1.0 into master	2022-05-12 13:21:23 +00:00
Roman Demidov	452dfeb56d	Fix bug #56785 (#434 ) * Fix bug #56785 * Changes for root	2022-04-29 14:57:14 +03:00
Roman Demidov	80acbe974d	Fix bug #53046 : sed error starting container on Arch (#433 )	2022-04-29 14:55:25 +03:00
Alexey Golubev	4fb0a1e712	Improve SSL certificate detection (#431 )	2022-04-25 17:25:19 +03:00
Alexey Golubev	39d2e303f1	Fix disabling JWT	2022-04-12 19:00:46 +03:00
papacarlo	decb1ed860	Merge branch hotfix/v7.0.2 into release/v7.1.0	2022-04-05 12:27:33 +00:00
papacarlo	a830c53218	Merge branch hotfix/v7.0.2 into develop	2022-04-05 12:27:30 +00:00
papacarlo	bb160d345e	Merge branch hotfix/v7.0.1 into release/v7.1.0	2022-03-23 10:29:52 +00:00
papacarlo	3cf36a79cc	Merge branch hotfix/v7.0.1 into develop	2022-03-23 09:49:22 +00:00
Stavros Kois	21f5019e1c	Initialliaze services.CoAuthoring.redis before attempting to set a child to a value (#404 ) Co-authored-by: papacarlo <builder@onlyoffice.com>	2022-02-09 10:37:52 +03:00
papacarlo	4c959d62b7	Merge branch release/v7.0.0 into release/v7.1.0	2022-01-17 14:34:38 +00:00
papacarlo	c5fb8f1fe0	Merge branch release/v7.0.0 into develop	2022-01-17 14:34:35 +00:00
papacarlo	44a96b1fde	Merge branch hotfix/v6.4.2 into develop	2021-10-28 07:33:55 +00:00
papacarlo	2eb99ffb20	Merge branch hotfix/v6.4.1 into develop	2021-09-30 12:21:03 +00:00