Cleanup dockerfiles

* Refactoring stable images release versioning

The new principle of stable docker images versioning: release numbering is now not by build number, but by serial number.

* Refactoring: fix non-example image pull tag

.github/workflows/4testing-build.yml

@@ -2,24 +2,78 @@
 name: 4testing multiarch-build
 
 on:
-  push:
-    tags:
-      - "v*"
-      - "!v*-stable"
+  workflow_dispatch:
+    inputs:
+      build:
+        description: 'Build number (ex. 45)'
+        type: string
+        required: true
+      amd64:
+        type: boolean
+        description: 'Build AMD64'
+        default: true
+      arm64:
+        type: boolean
+        description: 'Build ARM64'
+        default: true
+      community:
+        type: boolean
+        description: 'Build Community Edition'
+        default: true
+      enterprise:
+        type: boolean
+        description: 'Build Enterprise Edition'
+        default: true
+      developer:
+        type: boolean
+        description: 'Build Developer Edition'
+        default: true
 
 env: 
   COMPANY_NAME: "onlyoffice"
   PRODUCT_NAME: "documentserver"
       
 jobs:
-  build:
-    name: "Build image: DocumentServer${{ matrix.edition }}"
+  prepare:
     runs-on: ubuntu-latest
+    steps:
+      - id: matrix
+        run: |
+          set -ex
+
+          BRANCH_NAME=${GITHUB_REF#refs/heads/}
+          if ! [[ $BRANCH_NAME == develop || $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
+            echo "Wrong branch."
+            exit 1
+          fi
+
+          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
+          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
+          if [ -z ${PLATFORMS} ]; then
+            echo "None of the platforms are selected."
+            exit 1
+          fi
+
+          [ ${{ github.event.inputs.community }} = true ] && EDITIONS+=("community")
+          [ ${{ github.event.inputs.enterprise }} = true ] && EDITIONS+=("enterprise")
+          [ ${{ github.event.inputs.developer }} = true ] && EDITIONS+=("developer")
+          if [ -z ${EDITIONS} ]; then
+            echo "None of the editions are selected."
+            exit 1
+          fi
+          echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT
+    outputs:
+      editions: ${{ steps.matrix.outputs.editions }}
+
+  build:
+    name: "Build ${{ matrix.image }}-${{ matrix.edition }}"
+    runs-on: ubuntu-latest
+    needs: prepare
     strategy:
       fail-fast: false
       matrix:
-        images: ["documentserver"]
-        edition: ["", "-ee", "-de"]
+        image: ["documentserver"]
+        edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
     steps:
       - name: Checkout code 
         uses: actions/checkout@v3
@@ -37,58 +91,49 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
-      - name: Get Tag Name
-        run: |
-          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
-
       - name: Build 4testing
         run: |
+          set -eux
+
           ### ==>> At this step build variable declaration ###
-          DOCKER_TAG=$( echo ${{ env.RELEASE_VERSION }} | sed 's/^.//' )
-          PACKAGE_VERSION=$( echo $DOCKER_TAG | sed -E 's/(.*)\./\1-/' )
-          NODE_PLATFORMS=$( echo ${{ steps.buildx.outputs.platforms }} | sed 's/linux\///g' | sed 's/,/ /g' )
-          echo "Start check avalivable build platforms >>"
 
-          ### ==>> In this loop we will check all avalivable documentserver architectures. After that all accessed arch will be added to build-platforms list. ###
-          for ARCH in ${NODE_PLATFORMS}; do
-            REPO_URL=${{ secrets.REPO_URL }} 
-            if [[ ${{ env.RELEASE_VERSION }} == v99.* ]]; then
-              REPO_URL=${{ secrets.UNSTABLE_REPO_URL }}
-              DEVELOP_BUILD=true
-            fi
-            PACKAGE_URL_CHECK=${REPO_URL}${{ matrix.edition }}_"$PACKAGE_VERSION"_${ARCH}.deb
-            STATUS=$(curl -s -o /dev/null -w "%{http_code}\n" "${PACKAGE_URL_CHECK}")
-            if [[ "$STATUS" = "200" ]]; then
-              echo "✔  ${ARCH} is avalivable >> set like one of build platforms"
-              PLATFORMS+=(linux/${ARCH},)
-              BUILD_PLATFORMS=$( echo ${PLATFORMS[@]} | sed 's/ //g' | sed 's/\(.*\),/\1/' )
-            else
-              echo "Х ${ARCH} in not avalivable"
-            fi
-          done
-          PACKAGE_URL_BUILD=$( echo ${PACKAGE_URL_CHECK} | sed -e "s/${PACKAGE_VERSION}_.*.deb/${PACKAGE_VERSION}_TARGETARCH.deb/g" )
+          case ${{ matrix.edition }} in
+            community)
+              PRODUCT_EDITION=""
+              ;;
+            enterprise)
+              PRODUCT_EDITION="-ee"
+              ;;
+            developer)
+              PRODUCT_EDITION="-de"
+              ;;
+          esac
 
-          ### ==>> At this step if there is no access to any platform and platform list is empty, build will exit with 1. ###  
-          if [[ -z ${BUILD_PLATFORMS} ]]; then
-            echo "Have no access to any platform >> exit with 1"
-            exit 1
+          [ ${{ github.event.inputs.amd64 }} = true ] && PLATFORMS+=("amd64")
+          [ ${{ github.event.inputs.arm64 }} = true ] && PLATFORMS+=("arm64")
+          PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')
+
+          BRANCH_NAME=${GITHUB_REF#refs/heads/}
+          if [ $BRANCH_NAME = develop ]; then
+            BUILD_CHANNEL=nightly
+            PRODUCT_VERSION=99.99.99
+          elif [[ $BRANCH_NAME =~ hotfix || $BRANCH_NAME =~ release ]]; then
+            BUILD_CHANNEL=test
+            PRODUCT_VERSION=${BRANCH_NAME#*/v}
           fi
-          echo "DONE: Check passed >> Build for platforms: ${BUILD_PLATFORMS}"
-          echo "Build is starting ... >>"
+          BUILD_NUMBER=${{ github.event.inputs.build }}
 
-          ### ==>> Build and push images at this step ### 
-          PRODUCT_EDITION=${{ matrix.edition }} \
-          PACKAGE_URL=$PACKAGE_URL_BUILD \
-          PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
-          DOCKERFILE=Dockerfile \
-          PREFIX_NAME=4testing- \
-          TAG=$DOCKER_TAG \
-          PLATFORM=$BUILD_PLATFORMS \
-          COMPANY_NAME=${{ env.COMPANY_NAME }} \
-          DEVELOP_BUILD=$DEVELOP_BUILD \
-            docker buildx bake \
-            -f docker-bake.hcl ${{ matrix.images }} \
-            --push
-          echo "DONE: Build success >> exit with 0"
-          exit 0
+          export PRODUCT_EDITION
+          export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
+          export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
+          export BUILD_CHANNEL
+          export PLATFORM
+          export DOCKERFILE=Dockerfile
+          export PREFIX_NAME=4testing-
+          export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
+
+          ### ==>> Build and push images at this step ###
+
+          docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
+          echo "DONE: Build success"
         shell: bash

.github/workflows/stable-build.yml

@@ -2,9 +2,17 @@
 name: Multi-arch build stable
 
 on:
-  push:
-    tags:
-      - "v*-stable"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag for release (ex. 1.2.3.45)'
+        type: string
+        required: true
+      release_number:
+        description: 'Sequence number of the release (ex. x.x.x.<number>)'
+        type: string
+        required: true
+        default: '1'
 
 env:
   COMPANY_NAME: "onlyoffice"
@@ -35,41 +43,28 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
-      - name: Get Tag Name
-        id: tag_name
-        run: |
-          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
-
       - name: Build documentserver-release
         run: |
-          TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
-          SHORTER_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+\.[\d]+')
-          SHORTEST_TAG=$(echo ${TAG} | grep -o -P '^[\d]+\.[\d]+')
-          IMAGE_STATUS=$(docker manifest inspect ${{ env.COMPANY_NAME }}/4testing-${{ env.PRODUCT_NAME }}${{ matrix.edition }}:$TAG > /dev/null ; echo $?)
-             if [[ "$IMAGE_STATUS" = "0" ]]; then
-                echo "Image present on docker.hub >> start build stable version"
-                PRODUCT_EDITION=${{ matrix.edition }} \
-                PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
-                COMPANY_NAME=${{ env.COMPANY_NAME}} \
-                   TAG=$TAG \
-                   SHORTER_TAG=$SHORTER_TAG \
-                   SHORTEST_TAG=$SHORTEST_TAG \
-                   docker buildx bake \
-                   -f docker-bake.hcl ${{ matrix.images }} \
-                   --push 
-                echo "DONE: Build success >> exit with 0"
-                exit 0
-             else
-                echo "FAILED: Image with tag $TAG do not presented on docker.hub >> build will not started >> exit with 1"
-                exit 1
-             fi
+          set -eux
+          VERSION=${{ github.event.inputs.tag }}
+          RELEASE_NUMBER=${{ github.event.inputs.release_number }}
+          PRODUCT_EDITION=${{ matrix.edition }}
+          TESTING_IMAGE=${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}
+            export PRODUCT_EDITION
+            export PULL_TAG=${VERSION}
+            export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+            export SHORTER_TAG=${VERSION%.*}
+            export SHORTEST_TAG=${VERSION%.*.*}
+            docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
+            echo "DONE: Build success >> exit with 0"
+            exit 0
         shell: bash
 
-  build-nonExample:
+  build-nonexample:
     name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
     runs-on: ubuntu-latest
     needs: [build]
-    if: always()
+    if: ${{ false }}
     strategy:
       fail-fast: false
       matrix:
@@ -91,19 +86,51 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
-      - name: Get Tag Name
-        id: tag_name
-        run: |
-          echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}
-
       - name: build image
         run: |
-           TAG=$(echo ${{ steps.tag_name.outputs.SOURCE_TAG }} | sed 's/^.//; s/-stable//')
-           PRODUCT_EDITION=${{ matrix.edition }} \
-           PRODUCT_NAME=${{ env.PRODUCT_NAME }} \
-           COMPANY_NAME=${{ env.COMPANY_NAME }} \
-           TAG=$TAG \
-           docker buildx bake \
-           -f docker-bake.hcl ${{ matrix.images }} \
-           --push
+          set -eux
+          VERSION=${{ github.event.inputs.tag }}
+          RELEASE_NUMBER=${{ github.event.inputs.release_number }}
+          export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER}
+          export PRODUCT_EDITION=${{ matrix.edition }}
+          export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+          docker buildx bake -f docker-bake.hcl ${{ matrix.images }} --push
+        shell: bash
+
+  build-ucs-ubuntu20:
+    name: "Release image: DocumentServer${{ matrix.edition }}-ucs"
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        edition: ["", "-ee"]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: build UCS
+        run: |
+           set -eux
+           VERSION=${{ github.event.inputs.tag }}
+           RELEASE_NUMBER=${{ github.event.inputs.release_number }}
+           export PRODUCT_EDITION=${{ matrix.edition }}
+           export PACKAGE_BASEURL=${{ secrets.REPO_BASEURL }}
+           export DOCKERFILE=Dockerfile
+           export BASE_IMAGE=ubuntu:20.04
+           export PG_VERSION=12
+           export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+           export PACKAGE_VERSION=$( echo ${VERSION} |  sed -E 's/(.*)\./\1-/')
+           docker buildx bake -f docker-bake.hcl documentserver-ucs --push
         shell: bash

Dockerfile

@@ -1,18 +1,30 @@
-FROM ubuntu:22.04 as documentserver
+ARG BASE_IMAGE=ubuntu:22.04
+
+FROM ${BASE_IMAGE} as documentserver
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
 
-ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=14
+ARG PG_VERSION=14
+
+ENV LANG=en_US.UTF-8 \
+    LANGUAGE=en_US:en \
+    LC_ALL=en_US.UTF-8 \
+    DEBIAN_FRONTEND=noninteractive \
+    PG_VERSION=${PG_VERSION}
 
 ARG ONLYOFFICE_VALUE=onlyoffice
 
-RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
-    apt-get -y update && \
-    apt-get -yq install wget apt-transport-https gnupg locales && \
-    mkdir -p $HOME/.gnupg && \
-    gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/onlyoffice.gpg --keyserver keyserver.ubuntu.com --recv-keys 0x8320ca65cb2de8e5 && \
-    chmod 644 /etc/apt/trusted.gpg.d/onlyoffice.gpg && \
-    locale-gen en_US.UTF-8 && \
-    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
+RUN set -eux; \
+    echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d; \
+    apt-get -y update; \
+    apt-get -yq install \
+        wget \
+        apt-transport-https \
+        gnupg \
+        locales \
+        lsb-release \
+    ; \
+    locale-gen en_US.UTF-8; \
+    echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections; \
     apt-get -yq install \
         adduser \
         apt-utils \
@@ -48,22 +60,24 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
         supervisor \
         ttf-mscorefonts-installer \
         xvfb \
-        zlib1g && \
-    if [  $(ls -l /usr/share/fonts/truetype/msttcorefonts | wc -l) -ne 61 ]; \
-        then echo 'msttcorefonts failed to download'; exit 1; fi  && \
-    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
-    sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
-    sed 's|\(application\/zip.*\)|\1\n    application\/wasm wasm;|' -i /etc/nginx/mime.types && \
-    pg_conftool $PG_VERSION main set listen_addresses 'localhost' && \
-    service postgresql restart && \
-    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE;" && \
-    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';" && \
-    sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $ONLYOFFICE_VALUE TO $ONLYOFFICE_VALUE;" && \ 
-    service postgresql stop && \
-    service redis-server stop && \
-    service rabbitmq-server stop && \
-    service supervisor stop && \
-    service nginx stop && \
+        zlib1g \
+    ; \
+    if [ $(ls -1 /usr/share/fonts/truetype/msttcorefonts | wc -l) -ne 60 ]; then \
+        echo 'msttcorefonts failed to download'; \
+        exit 1; \
+    fi; \
+    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf; \
+    sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf; \
+    sed 's|\(application\/zip.*\)|\1\n    application\/wasm wasm;|' -i /etc/nginx/mime.types; \
+    pg_conftool $PG_VERSION main set listen_addresses 'localhost'; \
+    service postgresql restart; \
+    sudo -u postgres psql -c "CREATE USER $ONLYOFFICE_VALUE WITH password '$ONLYOFFICE_VALUE';"; \
+    sudo -u postgres psql -c "CREATE DATABASE $ONLYOFFICE_VALUE OWNER $ONLYOFFICE_VALUE;"; \
+    service postgresql stop; \
+    service redis-server stop; \
+    service rabbitmq-server stop; \
+    service supervisor stop; \
+    service nginx stop; \
     rm -rf /var/lib/apt/lists/*
 
 COPY config /app/ds/setup/config/
@@ -71,28 +85,37 @@ COPY run-document-server.sh /app/ds/run-document-server.sh
 
 EXPOSE 80 443
 
-ARG TARGETARCH
-ARG PRODUCT_EDITION=
 ARG COMPANY_NAME=onlyoffice
 ARG PRODUCT_NAME=documentserver
-ARG PACKAGE_URL="http://download.onlyoffice.com/install/documentserver/linux/${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}_$TARGETARCH.deb"
+ARG PRODUCT_EDITION=
+ARG PACKAGE_VERSION=
+ARG TARGETARCH
+ARG PACKAGE_BASEURL="http://download.onlyoffice.com/install/documentserver/linux"
 
 ENV COMPANY_NAME=$COMPANY_NAME \
     PRODUCT_NAME=$PRODUCT_NAME \
-    PRODUCT_EDITION=$PRODUCT_EDITION
+    PRODUCT_EDITION=$PRODUCT_EDITION \
+    DS_DOCKER_INSTALLATION=true
 
-RUN PACKAGE_URL=$( echo ${PACKAGE_URL} | sed "s/TARGETARCH/"${TARGETARCH}"/g") && \
-    wget -q -P /tmp "$PACKAGE_URL" && \
-    apt-get -y update && \
-    service postgresql start && \
-    apt-get -yq install /tmp/$(basename "$PACKAGE_URL") && \
-    service postgresql stop && \
-    service supervisor stop && \
-    chmod 755 /app/ds/*.sh && \
-    rm -f /tmp/$(basename "$PACKAGE_URL") && \
-    rm -rf /var/log/$COMPANY_NAME && \
+RUN set -eux; \
+    PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VERSION:+_$PACKAGE_VERSION}_${TARGETARCH:-$(dpkg --print-architecture)}.deb"; \
+    wget -q -P /tmp "$PACKAGE_BASEURL/$PACKAGE_FILE"; \
+    apt-get -y update; \
+    service postgresql start; \
+    apt-get -yq install /tmp/$PACKAGE_FILE; \
+    service postgresql stop; \
+    service supervisor stop; \
+    chmod 755 /app/ds/*.sh; \
+    rm -f /tmp/$PACKAGE_FILE; \
+    rm -rf /var/log/$COMPANY_NAME; \
     rm -rf /var/lib/apt/lists/*
 
-VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /var/lib/postgresql /var/lib/rabbitmq /var/lib/redis /usr/share/fonts/truetype/custom
+VOLUME /var/log/$COMPANY_NAME \
+    /var/lib/$COMPANY_NAME \
+    /var/www/$COMPANY_NAME/Data \
+    /var/lib/postgresql \
+    /var/lib/rabbitmq \
+    /var/lib/redis \
+    /usr/share/fonts/truetype/custom
 
 ENTRYPOINT ["/app/ds/run-document-server.sh"]

Dockerfile.production

@@ -1,24 +0,0 @@
-### Arguments avavlivable only for FROM instruction ### 
-ARG TAG=latest
-ARG COMPANY_NAME=onlyoffice
-ARG PRODUCT_EDITION=
-
-### Build main-release ###
-
-FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${TAG} as documentserver-stable
-
-### Build nonexample ###
- 
-FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${TAG} as documentserver-nonexample
-
-ARG COMPANY_NAME=onlyoffice
-ARG PRODUCT_NAME=documentserver
-ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
-
-### Remove all documentserver-example data ###
-
-RUN    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example \
-    && rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example \
-    && rm -f $DS_SUPERVISOR_CONF \ 
-    && rm -f /etc/nginx/includes/ds-example.conf \
-    && ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf  $DS_SUPERVISOR_CONF 

Makefile

@@ -1,39 +1,40 @@
 COMPANY_NAME ?= ONLYOFFICE
 GIT_BRANCH ?= develop
-PRODUCT_NAME ?= DocumentServer
+PRODUCT_NAME ?= documentserver
+PRODUCT_EDITION ?= 
 PRODUCT_VERSION ?= 0.0.0
 BUILD_NUMBER ?= 0
+BUILD_CHANNEL ?= nightly
 ONLYOFFICE_VALUE ?= onlyoffice
-S3_BUCKET ?= repo-doc-onlyoffice-com
-RELEASE_BRANCH ?= unstable
 
 COMPANY_NAME_LOW = $(shell echo $(COMPANY_NAME) | tr A-Z a-z)
-PRODUCT_NAME_LOW = $(shell echo $(PRODUCT_NAME) | tr A-Z a-z)
-COMPANY_NAME_LOW_ESCAPED = $(subst -,,$(COMPANY_NAME_LOW))
+COMPANY_NAME_ESC = $(subst -,,$(COMPANY_NAME_LOW))
 
-PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)
-PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
-PACKAGE_URL := http://$(S3_BUCKET).s3.amazonaws.com/$(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/ubuntu/$(PACKAGE_NAME)_$(PACKAGE_VERSION)_amd64.deb
+PACKAGE_NAME := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)
+PACKAGE_VERSION ?= $(PRODUCT_VERSION)-$(BUILD_NUMBER)~stretch
+PACKAGE_BASEURL ?= https://s3.eu-west-1.amazonaws.com/repo-doc-onlyoffice-com/server/linux/debian
 
-ifeq ($(RELEASE_BRANCH),$(filter $(RELEASE_BRANCH),unstable testing))
-	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))
+ifeq ($(BUILD_CHANNEL),$(filter $(BUILD_CHANNEL),nightly test))
+	DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)
 else
-	DOCKER_TAG := $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+	DOCKER_TAG := $(PRODUCT_VERSION).$(BUILD_NUMBER)-$(subst /,-,$(GIT_BRANCH))
 endif
 
-DOCKER_IMAGE := $(subst -,,$(COMPANY_NAME_LOW))/4testing-$(PRODUCT_NAME_LOW)
-DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)__$(DOCKER_TAG).dummy
-DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME_LOW)_$(PACKAGE_VERSION).tar.gz
-DOCKER_ARCH_URI := $(COMPANY_NAME_LOW)/$(RELEASE_BRANCH)/docker/$(notdir $(DOCKER_ARCH))
+DOCKER_IMAGE := $(COMPANY_NAME_ESC)/4testing-$(PRODUCT_NAME)$(PRODUCT_EDITION)
+DOCKER_DUMMY := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)$(PRODUCT_EDITION)__$(DOCKER_TAG).dummy
+DOCKER_ARCH := $(COMPANY_NAME_LOW)-$(PRODUCT_NAME)_$(DOCKER_TAG).tar.gz
 
-.PHONY: all clean clean-docker image deploy docker publish
+.PHONY: all clean clean-docker image deploy docker
 
 $(DOCKER_DUMMY):
-	docker pull ubuntu:20.04
+	docker pull ubuntu:22.04
 	docker build \
-		--build-arg PACKAGE_URL=$(PACKAGE_URL) \
 		--build-arg COMPANY_NAME=$(COMPANY_NAME_LOW) \
-		--build-arg PRODUCT_NAME=$(PRODUCT_NAME_LOW) \
+		--build-arg PRODUCT_NAME=$(PRODUCT_NAME) \
+		--build-arg PRODUCT_EDITION=$(PRODUCT_EDITION) \
+		--build-arg PACKAGE_VERSION=$(PACKAGE_VERSION) \
+		--build-arg PACKAGE_BASEURL=$(PACKAGE_BASEURL) \
+		--build-arg TARGETARCH=amd64 \
 		--build-arg ONLYOFFICE_VALUE=$(ONLYOFFICE_VALUE) \
 		-t $(DOCKER_IMAGE):$(DOCKER_TAG) . && \
 	mkdir -p $$(dirname $@) && \
@@ -57,13 +58,9 @@ deploy: $(DOCKER_DUMMY)
 	for i in {1..3}; do \
 		docker push $(DOCKER_IMAGE):$(DOCKER_TAG) && break || sleep 1m; \
 	done
-ifeq ($(RELEASE_BRANCH),unstable)
+ifeq ($(BUILD_CHANNEL),nightly)
 	docker tag $(DOCKER_IMAGE):$(DOCKER_TAG) $(DOCKER_IMAGE):latest
 	for i in {1..3}; do \
 		docker push $(DOCKER_IMAGE):latest && break || sleep 1m; \
 	done
 endif
-
-publish: $(DOCKER_ARCH)
-	aws s3 cp --no-progress --acl public-read \
-		$(DOCKER_ARCH) s3://$(S3_BUCKET)/$(DOCKER_ARCH_URI)

README.md

@@ -25,6 +25,8 @@ Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It
 
 ONLYOFFICE Docs can be used as a part of ONLYOFFICE Workspace or with third-party sync&share solutions (e.g. Nextcloud, ownCloud, Seafile) to enable collaborative editing within their interface.
 
+***Important*** Please update `docker-enginge` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it
+
 ## Functionality ##
 * ONLYOFFICE Document Editor
 * ONLYOFFICE Spreadsheet Editor
@@ -188,12 +190,14 @@ Below is the complete list of parameters that can be set using environment varia
 - **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
 - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
-- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](http://nginx.org/ru/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
-- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `false`.
-- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to `secret`.
+- **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
+- **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
+- **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value.
 - **JWT_HEADER**: Defines the http header that will be used to send the JSON Web Token. Defaults to `Authorization`.
 - **JWT_IN_BODY**: Specifies the enabling the token validation in the request body to the ONLYOFFICE Document Server. Defaults to `false`.
 - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
+- **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`.
+- **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`.
 - **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
 - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true`
 - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`.
@@ -218,18 +222,28 @@ Then launch containers on it using the 'docker run --net onlyoffice' option:
 
 Follow [these steps](#installing-mysql) to install MySQL server.
 
-**STEP 3**: Install ONLYOFFICE Document Server.
+**STEP 3**: Generate JWT Secret
+
+JWT secret defines the secret key to validate the JSON Web Token in the request to the **ONLYOFFICE Document Server**. You can specify it yourself or easily get it using the command:
+```
+JWT_SECRET=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12);
+```
+
+**STEP 4**: Install ONLYOFFICE Document Server.
 
 ```bash
 sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-document-server \
-	-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
-	-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
-	-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-	-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
-	onlyoffice/documentserver
+ -e JWT_ENABLED=true \
+ -e JWT_SECRET=${JWT_SECRET} \
+ -e JWT_HEADER=AuthorizationJwt \
+ -v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice  \
+ -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  \
+ -v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
+ -v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql \
+ onlyoffice/documentserver
 ```
 
-**STEP 4**: Install ONLYOFFICE Mail Server. 
+**STEP 5**: Install ONLYOFFICE Mail Server. 
 
 For the mail server correct work you need to specify its hostname 'yourdomain.com'.
 
@@ -251,10 +265,10 @@ The additional parameters for mail server are available [here](https://github.co
 
 To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation").
 
-**STEP 5**: Install ONLYOFFICE Community Server
+**STEP 6**: Install ONLYOFFICE Community Server
 
 ```bash
-sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \
+sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 --cgroupns=host \
  -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \
  -e MYSQL_SERVER_DB_NAME=onlyoffice \
  -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \
@@ -262,6 +276,9 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-com
  -e MYSQL_SERVER_PASS=onlyoffice_pass \
  
  -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \
+ -e DOCUMENT_SERVER_JWT_ENABLED=true \
+ -e DOCUMENT_SERVER_JWT_SECRET=${JWT_SECRET} \
+ -e DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt \
  
  -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \
  -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \
@@ -272,12 +289,14 @@ sudo docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-com
  
  -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \
  -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \
+ -v /app/onlyoffice/CommunityServer/letsencrypt:/etc/letsencrypt \
+ -v /sys/fs/cgroup:/sys/fs/cgroup:rw \
  onlyoffice/communityserver
 ```
 
 Where `${MAIL_SERVER_IP}` is the IP address for **ONLYOFFICE Mail Server**. You can easily get it using the command:
 ```
-docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server
+MAIL_SERVER_IP=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' onlyoffice-mail-server)
 ```
 
 Alternatively, you can use an automatic installation script to install the whole ONLYOFFICE Community Edition at once. For the mail server correct work you need to specify its hostname 'yourdomain.com'.

config/supervisor/ds/ds-converter.conf

@@ -0,0 +1,13 @@
+[program:converter]
+command=/var/www/COMPANY_NAME/documentserver/server/FileConverter/converter
+directory=/var/www/COMPANY_NAME/documentserver/server/FileConverter
+user=ds
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME
+stdout_logfile=/var/log/COMPANY_NAME/documentserver/converter/out.log
+stdout_logfile_backups=0
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/COMPANY_NAME/documentserver/converter/err.log
+stderr_logfile_backups=0
+stderr_logfile_maxbytes=0
+autostart=true
+autorestart=true

config/supervisor/ds/ds-docservice.conf

@@ -0,0 +1,13 @@
+[program:docservice]
+command=/var/www/COMPANY_NAME/documentserver/server/DocService/docservice
+directory=/var/www/COMPANY_NAME/documentserver/server/DocService
+user=ds
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1
+stdout_logfile=/var/log/COMPANY_NAME/documentserver/docservice/out.log
+stdout_logfile_backups=0
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/COMPANY_NAME/documentserver/docservice/err.log
+stderr_logfile_backups=0
+stderr_logfile_maxbytes=0
+autostart=true
+autorestart=true

config/supervisor/ds/ds-example.conf

@@ -0,0 +1,14 @@
+[program:example]
+command=/var/www/COMPANY_NAME/documentserver-example/example
+directory=/var/www/COMPANY_NAME/documentserver-example/
+user=ds
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver-example,NODE_DISABLE_COLORS=1
+stdout_logfile=/var/log/COMPANY_NAME/documentserver-example/out.log
+stdout_logfile_backups=0
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/COMPANY_NAME/documentserver-example/err.log
+stderr_logfile_backups=0
+stderr_logfile_maxbytes=0
+autostart=false
+autorestart=true
+redirect_stderr=true

config/supervisor/ds/ds-metrics.conf

@@ -0,0 +1,13 @@
+[program:metrics]
+command=/var/www/COMPANY_NAME/documentserver/server/Metrics/metrics ./config/config.js
+directory=/var/www/COMPANY_NAME/documentserver/server/Metrics
+user=ds
+environment=NODE_DISABLE_COLORS=1
+stdout_logfile=/var/log/COMPANY_NAME/documentserver/metrics/out.log
+stdout_logfile_backups=0
+stdout_logfile_maxbytes=0
+stderr_logfile=/var/log/COMPANY_NAME/documentserver/metrics/err.log
+stderr_logfile_backups=0
+stderr_logfile_maxbytes=0
+autostart=true
+autorestart=true

config/supervisor/ds/ds.conf

@@ -0,0 +1,2 @@
+[group:ds]
+programs=docservice,converter,metrics,example

config/supervisor/supervisord.conf

@@ -1,27 +0,0 @@
-; supervisor config file
-
-[inet_http_server]
-port = 127.0.0.1:9001
-
-[supervisord]
-logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
-pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
-childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
-
-; the below section must remain in the config file for RPC
-; (supervisorctl/web interface) to work, additional interfaces may be
-; added by defining them in separate rpcinterface: sections
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl = http://localhost:9001 ; use a unix:// URL  for a unix socket
-
-; The [include] section can just contain the "files" setting.  This
-; setting can list multiple files (separated by whitespace or
-; newlines).  It can also contain wildcards.  The filenames are
-; interpreted as relative to this file.  Included files *cannot*
-; include files themselves.
-
-[include]
-files = /etc/supervisor/conf.d/*.conf

docker-bake.hcl

@@ -10,6 +10,10 @@ variable "SHORTEST_TAG" {
     default = ""
 }
 
+variable "PULL_TAG" {
+    default = ""
+}
+
 variable "COMPANY_NAME" {
     default = ""
 }
@@ -26,6 +30,10 @@ variable "PRODUCT_NAME" {
     default = ""
 }
 
+variable "PACKAGE_VERSION" {
+    default = ""
+}
+
 variable "DOCKERFILE" {
     default = ""
 }
@@ -34,54 +42,90 @@ variable "PLATFORM" {
     default = ""
 }
 
-variable "PACKAGE_URL" {
+variable "PACKAGE_BASEURL" {
     default = ""
 }
 
-variable "DEVELOP_BUILD" {
+variable "PACKAGE_FILE" {
     default = ""
 }
 
+variable "BUILD_CHANNEL" {
+    default = ""
+}
+
+### ↓ Variables for UCS build ↓
+
+variable "BASE_IMAGE" {
+    default     = ""
+}
+
+variable "PG_VERSION" {
+    default     = ""
+}
+
+### ↑ Variables for UCS build ↑
+
 target "documentserver" {
     target = "documentserver"
-    dockerfile= "${DOCKERFILE}"
+    dockerfile = "${DOCKERFILE}"
     tags = [
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
-           notequal("",DEVELOP_BUILD) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
+           equal("nightly",BUILD_CHANNEL) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
            ]
     platforms = ["${PLATFORM}"]
     args = {
-        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
-        "PRODUCT_NAME": "${PRODUCT_NAME}"
         "COMPANY_NAME": "${COMPANY_NAME}"
-        "PACKAGE_URL": "${PACKAGE_URL}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
+        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
         "PLATFORM": "${PLATFORM}"
     }
 }
 
 target "documentserver-stable" {
     target = "documentserver-stable"
-    dockerfile= "Dockerfile.production"
+    dockerfile = "production.dockerfile"
     tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
             "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
             "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
-            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest"]
+            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest",
+            equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
     platforms = ["linux/amd64", "linux/arm64"]
     args = {
-        "TAG": "${TAG}"
+        "PULL_TAG": "${PULL_TAG}"
         "COMPANY_NAME": "${COMPANY_NAME}"
         "PRODUCT_NAME": "${PRODUCT_NAME}"
         "PRODUCT_EDITION": "${PRODUCT_EDITION}"
     }
 }
 
+target "documentserver-ucs" {
+    target = "documentserver"
+    dockerfile = "${DOCKERFILE}"
+    tags = [
+           "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PRODUCT_EDITION}-ucs:${TAG}"
+           ]
+    platforms = ["linux/amd64", "linux/arm64"]
+    args = {
+        "PRODUCT_EDITION": "${PRODUCT_EDITION}"
+        "PRODUCT_NAME": "${PRODUCT_NAME}"
+        "COMPANY_NAME": "${COMPANY_NAME}"
+        "PACKAGE_VERSION": "${PACKAGE_VERSION}"
+        "PACKAGE_BASEURL": "${PACKAGE_BASEURL}"
+        "BASE_IMAGE": "${BASE_IMAGE}"
+        "PG_VERSION": "${PG_VERSION}"
+    }
+}
+
 target "documentserver-nonexample" {
     target = "documentserver-nonexample"
-    dockerfile = "Dockerfile.production"
+    dockerfile = "production.dockerfile"
     tags = [ "docker.io/${COMPANY_NAME}/${PRODUCT_NAME}${PREFIX_NAME}${PRODUCT_EDITION}:${TAG}-nonexample" ]
     platforms = ["linux/amd64", "linux/arm64"]
     args = {
-        "TAG": "${TAG}"
+        "PULL_TAG": "${PULL_TAG}"
         "COMPANY_NAME": "${COMPANY_NAME}"
         "PRODUCT_NAME": "${PRODUCT_NAME}"
         "PRODUCT_EDITION": "${PRODUCT_EDITION}"

production.dockerfile

@@ -0,0 +1,25 @@
+### Arguments avavlivable only for FROM instruction ###
+ARG PULL_TAG=latest
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_EDITION=
+
+### Build main-release ###
+
+FROM ${COMPANY_NAME}/4testing-documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-stable
+
+### Build nonexample ###
+
+FROM ${COMPANY_NAME}/documentserver${PRODUCT_EDITION}:${PULL_TAG} as documentserver-nonexample
+
+ARG COMPANY_NAME=onlyoffice
+ARG PRODUCT_NAME=documentserver
+ARG DS_SUPERVISOR_CONF=/etc/supervisor/conf.d/ds.conf
+
+### Remove all documentserver-example data ###
+
+RUN set -eux; \
+    rm -rf /var/www/$COMPANY_NAME/$PRODUCT_NAME-example; \
+    rm -rf /etc/$COMPANY_NAME/$PRODUCT_NAME-example; \
+    rm -f $DS_SUPERVISOR_CONF; \
+    rm -f /etc/nginx/includes/ds-example.conf; \
+    ln -s /etc/$COMPANY_NAME/$PRODUCT_NAME/supervisor/ds.conf $DS_SUPERVISOR_CONF

run-document-server.sh

@@ -73,7 +73,8 @@ NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-exam
 
 NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
-NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
+# Limiting the maximum number of simultaneous connections due to possible memory shortage
+[ $(ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1048576} || NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
 
 JWT_ENABLED=${JWT_ENABLED:-true}
 
@@ -84,13 +85,15 @@ else
   JWT_ENABLED="false"
 fi
 
-[ -z $JWT_SECRET ] && JWT_MESSAGE="JWT is enabled by default. A random secret is generated automatically. Run the command 'docker exec $(cut -c9-20 < /proc/1/cpuset) sudo documentserver-jwt-status.sh' to get information about JWT."
+[ -z $JWT_SECRET ] && JWT_MESSAGE='JWT is enabled by default. A random secret is generated automatically. Run the command "docker exec $(sudo docker ps -q) sudo documentserver-jwt-status.sh" to get information about JWT.'
 
-JWT_SECRET=${JWT_SECRET:-$(pwgen -s 20)}
+JWT_SECRET=${JWT_SECRET:-$(pwgen -s 32)}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}
 
 WOPI_ENABLED=${WOPI_ENABLED:-false}
+ALLOW_META_IP_ADDRESS=${ALLOW_META_IP_ADDRESS:-false}
+ALLOW_PRIVATE_IP_ADDRESS=${ALLOW_PRIVATE_IP_ADDRESS:-false}
 
 GENERATE_FONTS=${GENERATE_FONTS:-true}
 
@@ -199,7 +202,7 @@ parse_rabbitmq_url(){
   # extract the host
   local hostport="$(echo ${url/$userpass@/} | cut -d/ -f1)"
   # by request - try to extract the port
-  local port="$(echo $hostport | sed -e 's,^.*:,:,g' -e 's,.*:\([0-9]*\).*,\1,g' -e 's,[^0-9],,g')"
+  local port="$(echo $hostport | grep : | sed -r 's_^.*:+|/.*$__g')"
 
   local host
   if [ -n "$port" ]; then
@@ -343,6 +346,12 @@ update_ds_settings(){
     ${JSON} -I -e "if(this.wopi===undefined)this.wopi={}"
     ${JSON} -I -e "this.wopi.enable = true"
   fi
+
+  if [ "${ALLOW_META_IP_ADDRESS}" = "true" ] || [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ]; then
+    ${JSON} -I -e "if(this.services.CoAuthoring['request-filtering-agent']===undefined)this.services.CoAuthoring['request-filtering-agent']={}"
+    [ "${ALLOW_META_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowMetaIPAddress = true"
+    [ "${ALLOW_PRIVATE_IP_ADDRESS}" = "true" ] && ${JSON} -I -e "this.services.CoAuthoring['request-filtering-agent'].allowPrivateIPAddress = true"
+  fi
 }
 
 create_postgresql_cluster(){
@@ -357,9 +366,8 @@ create_postgresql_cluster(){
 }
 
 create_postgresql_db(){
-  sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
   sudo -u postgres psql -c "CREATE USER $DB_USER WITH password '"$DB_PWD"';"
-  sudo -u postgres psql -c "GRANT ALL privileges ON DATABASE $DB_NAME TO $DB_USER;"
+  sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_USER;"
 }
 
 create_db_tbl() {
@@ -426,12 +434,15 @@ update_welcome_page() {
   WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
   if [[ -e $WELCOME_PAGE ]]; then
     DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
+    (( ${#DOCKER_CONTAINER_ID} < 12 )) && DOCKER_CONTAINER_ID=$(hostname)
     if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
       if [[ -x $(command -v docker) ]]; then
         DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
         sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/')
       else
         sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/')
       fi
     fi
   fi
@@ -491,8 +502,8 @@ update_nginx_settings(){
 update_supervisor_settings(){
   # Copy modified supervisor start script
   cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisor /etc/init.d/
-  # Copy modified supervisor config
-  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
+  sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf
+  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/ds/*.conf /etc/supervisor/conf.d/
 }
 
 update_log_settings(){
@@ -595,7 +606,7 @@ else
   update_welcome_page
 fi
 
-find /etc/${COMPANY_NAME} -exec chown ds:ds {} \;
+find /etc/${COMPANY_NAME} ! -path '*logrotate*' -exec chown ds:ds {} \;
 
 #start needed local services
 for i in ${LOCAL_SERVICES[@]}; do

tests/prometheus.yml

@@ -0,0 +1,46 @@
+version: '2.1'
+services:
+  onlyoffice-documentserver:
+    container_name: onlyoffice-documentserver
+    build:
+      context: ../.
+    depends_on:
+      - onlyoffice-statsd-exporter
+    environment:
+      - METRICS_ENABLED=${METRICS_ENABLED:-true}
+      - METRICS_HOST=${METRICS_HOST:-onlyoffice-statsd-exporter}
+      - METRICS_PORT=${METRICS_PORT:-9125}
+      - METRICS_PREFIX=${METRICS_PREFIX:-ds.}
+    stdin_open: true
+    restart: always
+    ports:
+      - '80:80'
+
+  onlyoffice-statsd-exporter:
+    container_name: onlyoffice-statsd-exporter
+    image: prom/statsd-exporter
+    command: --statsd.event-flush-interval=30000ms
+    ports:
+      - '9102:9102'
+      - '9125:9125/tcp'
+      - '9125:9125/udp'
+
+  onlyoffice-prometheus:
+    container_name: onlyoffice-prometheus
+    image: prom/prometheus
+    ports:
+      - '9090:9090'
+    volumes:
+      - ./prometheus/prometheus-scrape/statsd-exporter.yml:/etc/prometheus/prometheus.yml
+
+  grafana:
+    container_name: onlyoffice-grafana
+    image: bitnami/grafana
+    ports:
+      - '3000:3000'
+    environment:
+      - 'GF_SECURITY_ADMIN_PASSWORD=G0pGE4'
+    volumes:
+      - ./prometheus/grafana/conf/prometheus.yml:/opt/bitnami/grafana/conf/provisioning/datasources/prometheus.yml
+      - ./prometheus/grafana/conf/default-provider.yaml:/opt/bitnami/grafana/conf/provisioning/dashboards/default-provider.yaml
+      - ./prometheus/grafana/dashboards:/opt/bitnami/grafana/dashboards

tests/prometheus/grafana/conf/default-provider.yaml

@@ -0,0 +1,23 @@
+apiVersion: 1
+providers:
+  # <string> an unique provider name
+- name: 'default-provider'
+  # <int> org id. will default to orgId 1 if not specified
+  orgId: 1
+  # <string, required> name of the dashboard folder. Required
+  folder: dashboards
+  # <string> folder UID. will be automatically generated if not specified
+  folderUid: ''
+  # <string, required> provider type. Required
+  type: file
+  # <bool> disable dashboard deletion
+  disableDeletion: false
+  # <bool> enable dashboard editing
+  editable: true
+  # <int> how often Grafana will scan for changed dashboards
+  updateIntervalSeconds: 10
+  options:
+    # <string, required> path to dashboard files on disk. Required
+    path: /opt/bitnami/grafana/dashboards
+    # <bool> enable folders creation for dashboards
+    #foldersFromFilesStructure: true

tests/prometheus/grafana/conf/prometheus.yml

@@ -0,0 +1,6 @@
+apiVersion: 1
+datasources:
+  - name: Prometheus
+    type: prometheus
+    url: http://onlyoffice-prometheus:9090
+    editable: true

tests/prometheus/prometheus-scrape/statsd-exporter.yml

@@ -0,0 +1,6 @@
+scrape_configs:
+  - job_name: 'statsd'
+    scrape_interval: 30s
+    static_configs:
+      - targets:
+        - onlyoffice-statsd-exporter:9102