Fix bug #60688

.github/workflows/zap-ds.yaml

@@ -1,70 +0,0 @@
----
-name: Scanning DocumentServer with ZAP
-
-run-name: > 
-      ZAP DocumentServer ver: ${{ github.event.inputs.version }} from branch: ${{ github.event.inputs.branch }}
-
-on:
-  workflow_dispatch:
-    inputs:
-      version:
-        description: 'Set DocumentServer version that will be deployed'
-        type: string
-        required: true
-      branch:
-        description: 'The branch from which the scan will be performed'
-        type: string
-        required: true
-jobs:
-  zap:
-    name: "Zap scanning DocumentServer"
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Run DS
-        id: run-ds
-        env:
-          TAG: ${{ github.event.inputs.version }}
-        run: |
-           # Create ssl certs
-           openssl genrsa -out tls.key 2048
-           openssl req -new -key tls.key -out tls.csr -subj "/C=RU/ST=NizhObl/L=NizhNov/O=RK-Tech/OU=TestUnit/CN=TestName"
-           openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt
-           openssl dhparam -out dhparam.pem 2048
-           sudo mkdir -p /app/onlyoffice/DocumentServer/data/certs
-           sudo cp ./tls.key /app/onlyoffice/DocumentServer/data/certs/
-           sudo cp ./tls.crt /app/onlyoffice/DocumentServer/data/certs/
-           sudo cp ./dhparam.pem /app/onlyoffice/DocumentServer/data/certs/
-           sudo chmod 400 /app/onlyoffice/DocumentServer/data/certs/tls.key
-           rm ./tls.key ./tls.crt ./dhparam.pem
-
-           # Run Ds with enabled ssl
-           export CONTAINER_NAME="documentserver"
-           sudo docker run -itd \
-                           --name ${CONTAINER_NAME} \
-                           -p 80:80 \
-                           -p 443:443 \
-                           -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-                           onlyoffice/4testing-documentserver:${TAG}
-           sleep 60
-           sudo docker exec ${CONTAINER_NAME} sudo supervisorctl start ds:example
-           LOCAL_IP=$(hostname -I | awk '{print $1}')
-           echo "local-ip=${LOCAL_IP}" >> "$GITHUB_OUTPUT"
-
-      # Scan DocumentServer with ZAP.
-      # NOTE: Full scan get a lot of time.
-      # If you want make scan more faster (but less accurate) remove `cmd options` field
-      # -j mean that scanning use AJAX Spider, with this spider the scan takes approximately an hour
-      # Without any cmd options will be used default spider and the scan takes approximately ~10-15 minutes
-      - name: ZAP Scan
-        uses: zaproxy/action-full-scan@v0.8.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
-          target: 'https://${{ steps.run-ds.outputs.local-ip }}/'
-          allow_issue_writing: false
-          cmd_options: '-j'

README.md

@@ -178,7 +178,6 @@ Below is the complete list of parameters that can be set using environment varia
 - **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/tls.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
 - **SSL_VERIFY_CLIENT**: Enable verification of client certificates using the `CA_CERTIFICATES_PATH` file. Defaults to `false`
-- **NODE_EXTRA_CA_CERTS**: The [NODE_EXTRA_CA_CERTS](https://nodejs.org/api/cli.html#node_extra_ca_certsfile "Node.js documentation") to extend CAs with the extra certificates for Node.js. Defaults to `/var/www/onlyoffice/Data/certs/extra-ca-certs.pem`.
 - **DB_TYPE**: The database type. Supported values are `postgres`, `mariadb` or `mysql`. Defaults to `postgres`.
 - **DB_HOST**: The IP address or the name of the host where the database server is running.
 - **DB_PORT**: The database server port number.

config/supervisor/ds/ds-metrics.conf

@@ -9,5 +9,5 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/var/log/COMPANY_NAME/documentserver/metrics/err.log
 stderr_logfile_backups=0
 stderr_logfile_maxbytes=0
-autostart=false
-autorestart=false
+autostart=true
+autorestart=true

run-document-server.sh

@@ -23,7 +23,6 @@ DS_LOG_DIR="${LOG_DIR}/documentserver"
 LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
-SUPERVISOR_CONF_DIR="/etc/supervisor/conf.d"
 IS_UPGRADE="false"
 
 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
@@ -61,25 +60,6 @@ if [[ -z $SSL_KEY_PATH ]] && [[ -f ${SSL_CERTIFICATES_DIR}/${COMPANY_NAME}.key ]
 else
   SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/tls.key}
 fi
-
-#When set, the well known "root" CAs will be extended with the extra certificates in file
-NODE_EXTRA_CA_CERTS=${NODE_EXTRA_CA_CERTS:-${SSL_CERTIFICATES_DIR}/extra-ca-certs.pem}
-if [[ -f ${NODE_EXTRA_CA_CERTS} ]]; then
-  NODE_EXTRA_ENVIRONMENT="${NODE_EXTRA_CA_CERTS}"
-elif [[ -f ${SSL_CERTIFICATE_PATH} ]]; then
-  SSL_CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${SSL_CERTIFICATE_PATH}" | sed 's/subject=//')
-  SSL_CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${SSL_CERTIFICATE_PATH}" | sed 's/issuer=//')
-
-  #Add self-signed certificate to trusted list for validating Docs requests to the test example 
-  if [[ -n $SSL_CERTIFICATE_SUBJECT && $SSL_CERTIFICATE_SUBJECT == $SSL_CERTIFICATE_ISSUER ]]; then
-    NODE_EXTRA_ENVIRONMENT="${SSL_CERTIFICATE_PATH}"
-  fi
-fi
-
-if [[ -n $NODE_EXTRA_ENVIRONMENT ]]; then
-  sed -i "s|^environment=.*$|&,NODE_EXTRA_CA_CERTS=${NODE_EXTRA_ENVIRONMENT}|" /etc/supervisor/conf.d/*.conf
-fi
-
 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
 SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
 SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
@@ -174,9 +154,6 @@ read_setting(){
     "mariadb"|"mysql")
       DB_PORT=${DB_PORT:-"3306"}
       ;;
-    "dameng")
-      DB_PORT=${DB_PORT:-"5236"}
-      ;;
     "")
       DB_PORT=${DB_PORT:-${POSTGRESQL_SERVER_PORT:-$(${JSON} services.CoAuthoring.sql.dbPort)}}
       ;;
@@ -276,7 +253,6 @@ update_statsd_settings(){
   ${JSON} -I -e "this.statsd.host = '${METRICS_HOST}'"
   ${JSON} -I -e "this.statsd.port = '${METRICS_PORT}'"
   ${JSON} -I -e "this.statsd.prefix = '${METRICS_PREFIX}'"
-  sed -i -E "s/(autostart|autorestart)=.*$/\1=${METRICS_ENABLED}/g" ${SUPERVISOR_CONF_DIR}/ds-metrics.conf
 }
 
 update_db_settings(){

tests/damengdb/.env

@@ -1 +0,0 @@
-VERSION=latest

tests/damengdb/README.md

@@ -1,19 +0,0 @@
-## Stand Documentserver with damengdb
-
-### How it works
-
-For deploy stand, you need:
-
-**STEP 1**: Build you own images, do it with command:
-   
-```bash
-docker compose build
-```
-
-**STEP 2**: Wait build and when it finish deploy with command:
-
-```bash
-docker compose up -d 
-```
-
-Thats all.

tests/damengdb/damengdb.Dockerfile

@@ -1,46 +0,0 @@
-FROM onlyoffice/damengdb:8.1.2 as damengdb
-
-ARG DM8_USER="SYSDBA"
-ARG DM8_PASS="SYSDBA001"
-ARG DB_HOST="localhost"
-ARG DB_PORT="5236"
-ARG DISQL_BIN="/opt/dmdbms/bin"
-
-SHELL ["/bin/bash", "-c"]
-
-COPY <<"EOF" /wait_dm_ready.sh
-#!/usr/bin/env bash
-
-function wait_dm_ready() {
-  cd /opt/dmdbms/bin
-  for i in `seq 1  10`; do
-    echo `./disql /nolog <<EOF
-CONN SYSDBA/SYSDBA001@localhost
-exit
-EOF` | grep  "connection failure" > /dev/null 2>&1
-    if [ $? -eq 0 ]; then
-      echo "DM Database is not OK, please wait..."
-      sleep 10
-    else
-      echo "DM Database is OK"
-      break
-    fi
-  done
-}
-
-wait_dm_ready
-
-EOF
-
-
-RUN   bash /opt/startup.sh > /dev/null 2>&1 \
-   &  mkdir -p /schema/damengdb \
-   && apt update -y ; apt install wget -y \
-   && wget https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/dameng/createdb.sql -P /schema/dameng/ \
-   && bash ./wait_dm_ready.sh \
-   && cd ${DISQL_BIN} \
-   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT -e \
-      "create user "onlyoffice" identified by "onlyoffice" password_policy 0;" \
-   && echo "EXIT" | tee -a /schema/dameng/createdb.sql \
-   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT \`/schema/dameng/createdb.sql \
-   && sleep 10

tests/damengdb/docker-compose.yml

@@ -1,67 +0,0 @@
-version: '2'
-services:
-  onlyoffice-documentserver:
-    build:
-      context: ../../.
-      dockerfile: Dockerfile
-      target: documentserver
-    container_name: onlyoffice-documentserver
-    depends_on:
-      - onlyoffice-dameng
-      - onlyoffice-rabbitmq
-    environment:
-      - DB_TYPE=dameng
-      - DB_HOST=onlyoffice-dameng
-      - DB_PORT=5236
-      - DB_NAME=onlyoffice
-      - DB_USER=onlyoffice
-      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
-      # Costomize the JSON Web Token validation parameters if needed.
-      #- JWT_ENABLED=false
-      #- JWT_SECRET=secret
-      #- JWT_HEADER=Authorization
-      #- JWT_IN_BODY=true
-    ports:
-      - '80:80'
-      - '443:443'
-    stdin_open: true
-    restart: always
-    stop_grace_period: 60s
-    volumes:
-       - /var/www/onlyoffice/Data
-       - /var/log/onlyoffice
-       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
-       - /var/www/onlyoffice/documentserver-example/public/files
-       - /usr/share/fonts
-       
-  onlyoffice-rabbitmq:
-    container_name: onlyoffice-rabbitmq
-    image: rabbitmq
-    restart: always
-    expose:
-      - '5672'
-
-  onlyoffice-dameng:
-    container_name: onlyoffice-dameng
-    build:
-      context: .
-      dockerfile: damengdb.Dockerfile
-      target: damengdb
-      args:
-        DM8_USER: SYSDBA
-        DM8_PASS: SYSDBA001
-        DB_HOST: localhost
-        DB_PORT: 5236
-    environment:
-      - PAGE_SIZE=16
-      - LD_LIBRARY_PATH=/opt/dmdbms/bin
-      - INSTANCE_NAME=dm8_01
-    restart: always
-    expose:
-      - '5236'
-    volumes:
-      - dameng_data:/opt/dmdbms/data
-
-volumes:
-  dameng_data:
-