fix Bug 80465 - Skip PostgreSQL probe for other DB types

Fix: actualize damengdb stand
Bump database version to 8.1.3. Also disable build for documentserver image
2026-04-07 14:01:38 +08:00 · 2026-03-06 15:49:05 +03:00 · 2026-02-26 15:04:36 +03:00 · 2026-02-25 15:16:39 +00:00 · 2026-02-22 22:19:21 +02:00 · 2026-02-13 13:13:02 +03:00
11 changed files with 247 additions and 64 deletions
--- a/.github/workflows/4testing-build.yml
+++ b/.github/workflows/4testing-build.yml
@ -77,41 +77,61 @@ jobs:
            exit 1
          fi
          echo "editions=$(jq -n -c --arg s "${EDITIONS[*]}" '($s|split(" "))')" >> $GITHUB_OUTPUT
+          echo "platforms=$(jq -c -n '$ARGS.positional' --args "${PLATFORMS[@]}")" >> $GITHUB_OUTPUT
    outputs:
      editions: ${{ steps.matrix.outputs.editions }}
+      platforms: ${{ steps.matrix.outputs.platforms }}

  build:
-    name: "Build ${{ matrix.image }}-${{ matrix.edition }}"
-    runs-on: ubuntu-latest
+    name: "Build ${{ matrix.image }}-${{ matrix.edition }}:${{ matrix.platform }}"
+    runs-on: ${{ matrix.runner }}
    needs: prepare
    strategy:
      fail-fast: false
      matrix:
        image: ["documentserver"]
        edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
+        platform: ${{ fromJSON(needs.prepare.outputs.platforms) }}
+        include:
+          - platform: amd64
+            runner: ubuntu-latest
+          - platform: arm64
+            runner: ubuntu-24.04-arm
    steps:
      - name: Checkout code 
-        uses: actions/checkout@v3
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
     
      - name: Login to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

+      - name: Prepare fonts cache
+        id: fonts
+        uses: actions/cache@v4
+        with:
+          path: fonts
+          key: fonts-${{ runner.os }}-v1
+
+      - name: Install fonts if not cached
+        if: steps.fonts.outputs.cache-hit != 'true'
+        run: |
+          sudo apt-get update
+          echo "ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true" | sudo debconf-set-selections
+          sudo apt-get install -y ttf-mscorefonts-installer
+          mkdir -p fonts/msttcorefonts
+          cp -a /usr/share/fonts/truetype/msttcorefonts/* fonts/msttcorefonts/
+
      - name: Build 4testing
        id: build-ds
        env:
          BRANCH_NAME: ${{ github.ref_name }}
-          AMD64: ${{ github.event.inputs.amd64 }}
-          ARM64: ${{ github.event.inputs.arm64 }}
+          PLATFORM: linux/${{ matrix.platform }}
          BUILD_NUMBER: ${{ github.event.inputs.build }}
          EDITION: ${{ matrix.edition }}
          IMAGE: ${{ matrix.image }}
@ -133,10 +153,6 @@ jobs:
              ;;
          esac

-          [ "${AMD64}" = true ] && PLATFORMS+=("amd64")
-          [ "${ARM64}" = true ] && PLATFORMS+=("arm64")
-          PLATFORM=$(echo ${PLATFORMS[*]/#/linux/} | tr ' ' ',')
-
          if [ "$BRANCH_NAME" = develop ]; then
            BUILD_CHANNEL=nightly
            PRODUCT_VERSION=99.99.99
@ -148,10 +164,9 @@ jobs:
          export PRODUCT_EDITION
          export PACKAGE_VERSION=${PRODUCT_VERSION}-${BUILD_NUMBER}
          export BUILD_CHANNEL
-          export PLATFORM
          export DOCKERFILE=Dockerfile
          export PREFIX_NAME=4testing-
-          export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
+          export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}-${{ matrix.platform }}

          ### ==>> Build and push images at this step ###

@ -170,6 +185,7 @@ jobs:
      - name: Trigger zap manualy
        if: >-
             matrix.edition == 'community' &&
+             matrix.platform == 'amd64' &&
             (startsWith(steps.build-ds.outputs.branch, 'release/') ||
              startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
        env:
@ -184,3 +200,120 @@ jobs:
                 -f version="${VERSION}"
        shell: bash

+      - name: Save build result to file
+        if: always()
+        run: |
+          mkdir -p build-result
+
+          cat > build-result/info.json <<EOF
+          {
+            "status": "${{ job.status }}"
+          }
+          EOF
+
+      - name: Upload build result artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-result-${{ matrix.edition }}-${{ matrix.platform }}
+          path: build-result
+
+  make-images:
+    runs-on: ubuntu-latest
+    needs: [prepare,build]
+    if: always()
+    strategy:
+      fail-fast: false
+      matrix:
+        image: ["documentserver"]
+        edition: ${{ fromJSON(needs.prepare.outputs.editions) }}
+    steps:
+      - name: Download all build results
+        uses: actions/download-artifact@v4
+        with:
+          path: build-results
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: "Make images documentserver"
+        env:
+          EDITION: ${{ matrix.edition }}
+          BUILD_NUMBER: ${{ github.event.inputs.build }}
+          BRANCH_NAME: ${{ github.ref_name }}
+        run: |
+           case "${EDITION}" in
+             community)
+               PRODUCT_EDITION=""
+               ;;
+             enterprise)
+               PRODUCT_EDITION="-ee"
+               ;;
+             developer)
+               PRODUCT_EDITION="-de"
+               ;;
+           esac
+
+           AMD64_STATUS=$(cat ./build-results/build-result-${{ matrix.edition }}-amd64/info.json | jq -r .status)
+           ARM64_STATUS=$(cat ./build-results/build-result-${{ matrix.edition }}-arm64/info.json | jq -r .status)
+
+           echo "ARM64 status: ${ARM64_STATUS}"
+           echo "AMD64 status: ${AMD64_STATUS}"
+
+           if [ "$BRANCH_NAME" = develop ]; then
+            BUILD_CHANNEL=nightly
+            PRODUCT_VERSION=99.99.99
+           elif [[ "$BRANCH_NAME" =~ hotfix || "$BRANCH_NAME" =~ release ]]; then
+            BUILD_CHANNEL=test
+            PRODUCT_VERSION=${BRANCH_NAME#*/v}
+           fi
+
+           export TAG=${PRODUCT_VERSION}.${BUILD_NUMBER}
+
+           FROM_TAGS=()
+           PUSH_TAGS=()
+
+           check_image() {
+                local img="$1"
+                local timeout=120
+                local interval=20
+                local elapsed=0
+
+                echo "Checking for image: $img"
+
+                while (( elapsed < timeout )); do
+                  if docker manifest inspect "$img" > /dev/null 2>&1; then
+                    echo "Found image: $img"
+                    FROM_TAGS+=( "$img" )
+                    return 0
+                  fi
+
+                  echo "Image not found yet, retrying in ${interval}s..."
+                  sleep $interval
+                  elapsed=$(( elapsed + interval ))
+                done
+
+                echo "ERROR: Image not found after ${timeout}s: $img"
+                return 1
+              }
+
+           if [[ "${AMD64_STATUS}" == "success" ]]; then
+              check_image "${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}-amd64"
+           fi
+
+           if [[ "${ARM64_STATUS}" == "success" ]]; then
+              check_image "${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}-arm64"
+           fi
+
+           PUSH_TAGS=(
+               -t "${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}"
+           )
+
+           if [[ "${BUILD_CHANNEL}" == "nightly" ]]; then
+              PUSH_TAGS+=( -t "${COMPANY_NAME}/4testing-${PRODUCT_NAME}${PRODUCT_EDITION}:latest" )
+           fi
+
+           docker buildx imagetools create "${PUSH_TAGS[@]}" "${FROM_TAGS[@]}"
--- a/.github/workflows/stable-build.yml
+++ b/.github/workflows/stable-build.yml
@ -76,6 +76,32 @@ jobs:
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
          repository: ${{ env.COMPANY_NAME }}/${{ env.PRODUCT_NAME }}${{ matrix.edition }}

+  release_4enterprise:
+    name: "Release image: onlyoffice4enterprise"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME_ENTERPRISE }}
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN_ENTERPRISE }}
+
+      - name: release 4enterpise
+        shell: bash
+        run: |
+          export TAG=${VERSION%.*}.${RELEASE_NUMBER}
+          docker buildx imagetools create --tag onlyoffice4enterprise/documentserver-ee:${TAG} \
+                                                onlyoffice/4testing-documentserver-ee:${VERSION}
+
  build-nonexample:
    name: "Release image: DocumentServer${{ matrix.edition }}-nonExample"
    runs-on: ubuntu-latest
--- a/.github/workflows/zap-ds.yaml
+++ b/.github/workflows/zap-ds.yaml
@ -67,4 +67,4 @@ jobs:
          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
          target: 'https://${{ steps.run-ds.outputs.local-ip }}/'
          allow_issue_writing: false
-          cmd_options: '-j'
+          #cmd_options: '-j'
--- a/8
+++ b/8
@ -3,7 +3,7 @@ ARG BASE_VERSION=24.04
 ARG BASE_IMAGE=ubuntu:$BASE_VERSION

 FROM ${BASE_IMAGE} AS documentserver
-LABEL maintainer Ascensio System SIA <support@onlyoffice.com>
+LABEL maintainer="Ascensio System SIA <support@onlyoffice.com>"

 ARG BASE_VERSION
 ARG PG_VERSION=16
@ -22,6 +22,7 @@ ENV OC_DOWNLOAD_URL=https://download.oracle.com/otn_software/linux/instantclient
 ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 DEBIAN_FRONTEND=noninteractive PG_VERSION=${PG_VERSION} BASE_VERSION=${BASE_VERSION}

 ARG ONLYOFFICE_VALUE=onlyoffice
+COPY fonts/ /usr/share/fonts/truetype/

 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get -y update && \
@ -74,7 +75,7 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
        xxd \
        zlib1g || dpkg --configure -a && \
    # Added dpkg --configure -a to handle installation issues with rabbitmq-server on arm64 architecture
-    if [  $(ls -l /usr/share/fonts/truetype/msttcorefonts | wc -l) -ne 61 ]; \
+    if [  $(find /usr/share/fonts/truetype/msttcorefonts -maxdepth 1 -type f -iname '*.ttf' | wc -l) -lt 30 ]; \
        then echo 'msttcorefonts failed to download'; exit 1; fi  && \
    echo "SERVER_ADDITIONAL_ERL_ARGS=\"+S 1:1\"" | tee -a /etc/rabbitmq/rabbitmq-env.conf && \
    sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf && \
@ -121,6 +122,9 @@ RUN PACKAGE_FILE="${COMPANY_NAME}-${PRODUCT_NAME}${PRODUCT_EDITION}${PACKAGE_VER
    apt-get -y update && \
    service postgresql start && \
    apt-get -yq install /tmp/$PACKAGE_FILE && \
+    if [ "${PRODUCT_EDITION}" != "-ee" ] && [ "${PRODUCT_EDITION}" != "-de" ]; then rm -f /etc/supervisor/conf.d/ds-adminpanel.conf && sed -i 's/,adminpanel//' /etc/supervisor/conf.d/ds.conf; fi && \
+    PGPASSWORD=$ONLYOFFICE_VALUE dropdb -h localhost -p 5432 -U $ONLYOFFICE_VALUE $ONLYOFFICE_VALUE && \
+    sudo -u postgres psql -c "DROP ROLE onlyoffice;" && \
    service postgresql stop && \
    chmod 755 /etc/init.d/supervisor && \
    sed "s/COMPANY_NAME/${COMPANY_NAME}/g" -i /etc/supervisor/conf.d/*.conf && \
--- a/README.md
+++ b/README.md
@ -100,7 +100,7 @@ To change the port, use the -p command. E.g.: to make your portal accessible via
        sudo docker run -i -t -d -p 443:443 \
        -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data  onlyoffice/documentserver

-Access to the onlyoffice application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self signed certificates can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. Below the instructions on achieving this are provided.
+Access to the ONLYOFFICE application can be secured using SSL so as to prevent unauthorized access. While a CA certified SSL certificate allows for verification of trust via the CA, a self-signed certificate can also provide an equal level of trust verification as long as each client takes some additional steps to verify the identity of your website. Below the instructions on achieving this are provided.

 To secure the application via SSL basically two things are needed:

@ -112,7 +112,7 @@ So you need to create and install the following files:
        /app/onlyoffice/DocumentServer/data/certs/tls.key
        /app/onlyoffice/DocumentServer/data/certs/tls.crt

-When using CA certified certificates (e.g [Let's encrypt](https://letsencrypt.org)), these files are provided to you by the CA. If you are using self-signed certificates you need to generate these files [yourself](#generation-of-self-signed-certificates).
+When using CA certified certificates (e.g. [Let's Encrypt](https://letsencrypt.org)), these files are provided to you by the CA. If you are using self-signed certificates you need to generate these files [yourself](#generation-of-self-signed-certificates).

 #### Using the automatically generated Let's Encrypt SSL Certificates

@ -156,9 +156,9 @@ openssl dhparam -out dhparam.pem 2048

 #### Installation of the SSL Certificates

-Out of the four files generated above, you need to install the `tls.key`, `tls.crt` and `dhparam.pem` files at the onlyoffice server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).
+Out of the four files generated above, you need to install the `tls.key`, `tls.crt` and `dhparam.pem` files at the ONLYOFFICE server. The CSR file is not needed, but do make sure you safely backup the file (in case you ever need it again).

-The default path that the onlyoffice application is configured to look for the SSL certificates is at `/var/www/onlyoffice/Data/certs`, this can however be changed using the `SSL_KEY_PATH`, `SSL_CERTIFICATE_PATH` and `SSL_DHPARAM_PATH` configuration options.
+The default path that the ONLYOFFICE application is configured to look for the SSL certificates is at `/var/www/onlyoffice/Data/certs`, this can however be changed using the `SSL_KEY_PATH`, `SSL_CERTIFICATE_PATH` and `SSL_DHPARAM_PATH` configuration options.

 The `/var/www/onlyoffice/Data/` path is the path of the data store, which means that you have to create a folder named certs inside `/app/onlyoffice/DocumentServer/data/` and copy the files into it and as a measure of security you will update the permission on the `tls.key` file to only be readable by the owner.

@ -179,7 +179,7 @@ You are now just one step away from having our application secured.
 Below is the complete list of parameters that can be set using environment variables.

 - **ONLYOFFICE_HTTPS_HSTS_ENABLED**: Advanced configuration option for turning off the HSTS configuration. Applicable only when SSL is in use. Defaults to `true`.
- **ONLYOFFICE_HTTPS_HSTS_MAXAGE**: Advanced configuration option for setting the HSTS max-age in the onlyoffice nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
+- **ONLYOFFICE_HTTPS_HSTS_MAXAGE**: Advanced configuration option for setting the HSTS max-age in the ONLYOFFICE nginx vHost configuration. Applicable only when SSL is in use. Defaults to `31536000`.
 - **SSL_CERTIFICATE_PATH**: The path to the SSL certificate to use. Defaults to `/var/www/onlyoffice/Data/certs/tls.crt`.
 - **SSL_KEY_PATH**: The path to the SSL certificate's private key. Defaults to `/var/www/onlyoffice/Data/certs/tls.key`.
 - **SSL_DHPARAM_PATH**: The path to the Diffie-Hellman parameter. Defaults to `/var/www/onlyoffice/Data/certs/dhparam.pem`.
@ -196,13 +196,14 @@ Below is the complete list of parameters that can be set using environment varia
  - **MSSQL** — schema to set as [DEFAULT_SCHEMA](https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-user-transact-sql?view=sql-server-ver17#default_schema---schema_name--null-), default `dbo`.  
 - **AMQP_URI**: The [AMQP URI](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server.
 - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`.
+- **RABBIT_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened to the RabbitMQ message broker. Defaults to the soft limit from `ulimit -n`.
 - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running.
 - **REDIS_SERVER_PORT**:  The Redis server port number.
 - **REDIS_SERVER_USER**: The Redis server username. The username is not set by default.
 - **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default.
 - **REDIS_SERVER_DB**: The Redis database index number to select. Defaults to `0`.  
 - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes.
- **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process.
+- **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. Defaults to the soft limit from `ulimit -n`.
 - **NGINX_ACCESS_LOG**: Defines whether access logging is enabled. Defaults to `false`.
 - **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`.
 - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`.
@ -212,14 +213,16 @@ Below is the complete list of parameters that can be set using environment varia
 - **WOPI_ENABLED**: Specifies the enabling the wopi handlers. Defaults to `false`.
 - **ALLOW_META_IP_ADDRESS**: Defines if it is allowed to connect meta IP address or not. Defaults to `false`.
 - **ALLOW_PRIVATE_IP_ADDRESS**: Defines if it is allowed to connect private IP address or not. Defaults to `false`.
- **USE_UNAUTHORIZED_STORAGE**: Set to `true`if using selfsigned certificates for your storage server e.g. Nextcloud. Defaults to `false`
+- **USE_UNAUTHORIZED_STORAGE**: Set to `true` if using self-signed certificates for your storage server e.g. Nextcloud. Defaults to `false`
 - **GENERATE_FONTS**: When 'true' regenerates fonts list and the fonts thumbnails etc. at each start. Defaults to `true`
+- **ADMINPANEL_ENABLED**: Enables admin panel service autostart. Defaults to `false`.
+- **EXAMPLE_ENABLED**: Enables example service autostart. Defaults to `false`.
 - **METRICS_ENABLED**: Specifies the enabling StatsD for ONLYOFFICE Document Server. Defaults to `false`.
 - **METRICS_HOST**: Defines StatsD listening host. Defaults to `localhost`.
 - **METRICS_PORT**: Defines StatsD listening port. Defaults to `8125`.
 - **METRICS_PREFIX**: Defines StatsD metrics prefix for backend services. Defaults to `ds.`.
 - **LETS_ENCRYPT_DOMAIN**: Defines the domain for Let's Encrypt certificate.
- **LETS_ENCRYPT_MAIL**: Defines the domain administator mail address for Let's Encrypt certificate.
+- **LETS_ENCRYPT_MAIL**: Defines the domain administrator mail address for Let's Encrypt certificate.
 - **PLUGINS_ENABLED**: Defines whether to enable default plugins. Defaults to `true`.

 ## Installing ONLYOFFICE Document Server using Docker Compose
@ -388,7 +391,7 @@ For more information, visit the official [Docker manual site](https://docs.docke

 As a relatively new project Docker is being worked on and actively developed by its community. So it's recommended to use the latest version of Docker, because the issues that you encounter might have already been fixed with a newer Docker release.

-The known Docker issue with ONLYOFFICE Document Server with rpm-based distributives is that sometimes the processes fail to start inside Docker container. Fedora and RHEL/CentOS users should try disabling selinux with setenforce 0. If it fixes the issue then you can either stick with SELinux disabled which is not recommended by RedHat, or switch to using Ubuntu.
+The known Docker issue with ONLYOFFICE Document Server with rpm-based distributives is that sometimes the processes fail to start inside Docker container. Fedora and RHEL/CentOS users should try disabling SELinux with setenforce 0. If it fixes the issue then you can either stick with SELinux disabled which is not recommended by Red Hat, or switch to using Ubuntu.

 ### Document Server usage issues

--- a/config/supervisor/ds/ds-docservice.conf
+++ b/config/supervisor/ds/ds-docservice.conf
@ -2,7 +2,7 @@
 command=/var/www/COMPANY_NAME/documentserver/server/DocService/docservice
 directory=/var/www/COMPANY_NAME/documentserver/server/DocService
 user=ds
-environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME
+environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,PKG_NATIVE_CACHE_PATH=/tmp/.cache,APPLICATION_NAME=COMPANY_NAME
 stdout_logfile=/var/log/COMPANY_NAME/documentserver/docservice/out.log
 stdout_logfile_backups=0
 stdout_logfile_maxbytes=0
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -90,8 +90,7 @@ target "documentserver" {
    target = "documentserver"
    dockerfile = "${DOCKERFILE}"
    tags = [
-           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
-           equal("nightly",BUILD_CHANNEL) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
+           "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}"
           ]
    platforms = ["${PLATFORM}"]
    args = {
@ -110,8 +109,7 @@ target "documentserver-stable" {
    tags = ["docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTER_TAG}",
            "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${SHORTEST_TAG}",
-            equal("true",LATEST) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",
-            equal("-ee",PRODUCT_EDITION) ? "docker.io/${COMPANY_NAME}4enterprise/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:${TAG}": "",]
+            equal("true",LATEST) ? "docker.io/${COMPANY_NAME}/${PREFIX_NAME}${PRODUCT_NAME}${PRODUCT_EDITION}:latest": "",]
    platforms = ["linux/amd64", "linux/arm64"]
    args = {
        "PULL_TAG": "${PULL_TAG}"
--- a/fonts/.placeholder
+++ b/fonts/.placeholder
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -84,7 +84,7 @@ elif [[ -f ${SSL_CERTIFICATE_PATH} ]]; then
 fi

 if [[ -n $NODE_EXTRA_ENVIRONMENT ]]; then
-  sed -i "s|^environment=.*$|&,NODE_EXTRA_CA_CERTS=${NODE_EXTRA_ENVIRONMENT}|" /etc/supervisor/conf.d/*.conf
+  sed -i "s|^environment=.*$|&,NODE_EXTRA_CA_CERTS=${NODE_EXTRA_ENVIRONMENT}|" ${SUPERVISOR_CONF_DIR}/*.conf
 fi

 CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca-certificates.pem}
@ -105,13 +105,13 @@ NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
 NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
 NGINX_ACCESS_LOG=${NGINX_ACCESS_LOG:-false}
 # Limiting the maximum number of simultaneous connections due to possible memory shortage
-LIMIT=$(ulimit -n); [ $LIMIT -gt 1048576 ] && LIMIT=1048576
+LIMIT=$(ulimit -n); [ "$LIMIT" = "unlimited" ] || [ "$LIMIT" -gt 1048576 ] && LIMIT=1048576
 NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$LIMIT}
 RABBIT_CONNECTIONS=${RABBIT_CONNECTIONS:-$LIMIT}

 JWT_ENABLED=${JWT_ENABLED:-true}

-# validate user's vars before usinig in json
+# validate user's vars before using in json
 if [ "${JWT_ENABLED}" == "true" ]; then
  JWT_ENABLED="true"
 else
@ -136,6 +136,8 @@ else
  REDIS_ENABLED=true
 fi

+[[ "${PRODUCT_EDITION}" =~ ^-(ee|de)$ ]] && ADMINPANEL_AVAILABLE=true || ADMINPANEL_AVAILABLE=false
+
 ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
 ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
 ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json
@ -585,16 +587,25 @@ create_oracle_tbl() {

 update_welcome_page() {
  WELCOME_PAGE="${APP_DIR}-example/welcome/docker.html"
+  EXAMPLE_DISABLED_PAGE="${APP_DIR}-example/welcome/example-disabled.html"
+  if ${ADMINPANEL_AVAILABLE}; then
+    ADMIN_DISABLED_PAGE="${APP_DIR}-example/welcome/admin-disabled.html"
+    sed -Ei 's#sudo systemctl start ds-(adminpanel|example)#sudo docker exec $(sudo docker ps -q) supervisorctl start ds:\1#g' "$ADMIN_DISABLED_PAGE" "$EXAMPLE_DISABLED_PAGE"
+  else
+    sed -Ei 's#sudo systemctl start ds-example#sudo docker exec $(sudo docker ps -q) supervisorctl start ds:example#g' "$EXAMPLE_DISABLED_PAGE"
+  fi
+
+  TARGET_PAGES="$WELCOME_PAGE $EXAMPLE_DISABLED_PAGE${ADMIN_DISABLED_PAGE:+ $ADMIN_DISABLED_PAGE}"
  if [[ -e $WELCOME_PAGE ]]; then
    DOCKER_CONTAINER_ID=$(basename $(cat /proc/1/cpuset))
    (( ${#DOCKER_CONTAINER_ID} < 12 )) && DOCKER_CONTAINER_ID=$(hostname)
    if (( ${#DOCKER_CONTAINER_ID} >= 12 )); then
      if [[ -x $(command -v docker) ]]; then
        DOCKER_CONTAINER_NAME=$(docker inspect --format="{{.Name}}" $DOCKER_CONTAINER_ID)
-        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i $WELCOME_PAGE
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/' -i ${TARGET_PAGES}
        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_NAME#/}"'/')
      else
-        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i $WELCOME_PAGE
+        sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/' -i ${TARGET_PAGES}
        JWT_MESSAGE=$(echo $JWT_MESSAGE | sed 's/$(sudo docker ps -q)/'"${DOCKER_CONTAINER_ID::12}"'/')
      fi
    fi
@ -672,10 +683,10 @@ update_release_date(){
 }

 # create base folders
-for i in converter docservice metrics adminpanel; do
-  mkdir -p "$DS_LOG_DIR/$i" && touch "$DS_LOG_DIR/$i"/{out,err}.log
+for SUPERVISOR_CONF in "${SUPERVISOR_CONF_DIR}"/ds-*.conf; do
+  SERVICE_NAME=$(sed "s|^${SUPERVISOR_CONF_DIR}/ds-||; s|\.conf$||" <<<"$SUPERVISOR_CONF")
+  mkdir -p "$DS_LOG_DIR/$SERVICE_NAME" && touch "$DS_LOG_DIR/$SERVICE_NAME"/{out,err}.log
 done
-
 mkdir -p "${DS_LOG_DIR}-example" && touch "${DS_LOG_DIR}-example"/{out,err}.log

 # create app folders
@ -736,7 +747,8 @@ if [ ${ONLYOFFICE_DATA_CONTAINER_HOST} = "localhost" ]; then
        chmod 400 ${RABBITMQ_DATA}/.erlang.cookie
    fi

-    echo "ulimit -n $RABBIT_CONNECTIONS" >> /etc/default/rabbitmq-server
+    sed -i '/^[[:space:]]*ulimit[[:space:]]\+-n[[:space:]]\+/d' /etc/default/rabbitmq-server
+    printf 'ulimit -n %s\n' "${RABBIT_CONNECTIONS}" >> /etc/default/rabbitmq-server

    LOCAL_SERVICES+=("rabbitmq-server")
    # allow Rabbitmq startup after container kill
@ -759,7 +771,7 @@ else
  waiting_for_datacontainer

  # read settings after the data container in ready state
-  # to prevent get unconfigureted data
+  # to prevent get unconfigured data
  read_setting
  
  update_welcome_page
@ -772,9 +784,12 @@ for i in ${LOCAL_SERVICES[@]}; do
  service $i start
 done

-if [ ${PG_NEW_CLUSTER} = "true" ]; then
-  create_postgresql_db
-  create_postgresql_tbl
+if [ "${DB_TYPE}" = "postgres" ]; then
+  PG_DB_EXISTS=$(PGPASSWORD="$DB_PWD" psql -h ${DB_HOST} -p${DB_PORT} -U "${DB_USER}" -tAc "SELECT 1 FROM pg_database WHERE datname='${DB_NAME}';" 2>/dev/null)
+  if [ ${PG_NEW_CLUSTER} = "true" ] || [ "${PG_DB_EXISTS}" != "1" ]; then
+    create_postgresql_db
+    create_postgresql_tbl
+  fi
 fi

 if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then
@ -791,6 +806,12 @@ if [ ${ONLYOFFICE_DATA_CONTAINER} != "true" ]; then

  update_nginx_settings
  
+  if [ "${PLUGINS_ENABLED}" = "true" ]; then
+    ( documentserver-pluginsmanager.sh -r false --update="${APP_DIR}/sdkjs-plugins/plugin-list-default.json" >/dev/null; echo "[pluginsmanager] Plugins initialization finished" >/proc/1/fd/1 ) &
+  fi
+
+  ${ADMINPANEL_AVAILABLE} && [ "${ADMINPANEL_ENABLED:-false}" = "true" ] && sed -i 's,autostart=false,autostart=true,' ${SUPERVISOR_CONF_DIR}/ds-adminpanel.conf
+  [ "${EXAMPLE_ENABLED:-false}" = "true" ] && sed -i 's,autostart=false,autostart=true,' ${SUPERVISOR_CONF_DIR}/ds-example.conf
  service supervisor start
  
  # start cron to enable log rotating
@ -816,14 +837,8 @@ if [ "${GENERATE_FONTS}" == "true" ]; then
  start_process documentserver-generate-allfonts.sh ${ONLYOFFICE_DATA_CONTAINER}
 fi

-if [ "${PLUGINS_ENABLED}" = "true" ]; then
-  echo -n Installing plugins, please wait...
-  start_process documentserver-pluginsmanager.sh -r false --update=\"${APP_DIR}/sdkjs-plugins/plugin-list-default.json\" >/dev/null
-  echo Done
-fi
-
 start_process documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER}

 echo "${JWT_MESSAGE}" 

-start_process find "$DS_LOG_DIR" "$DS_LOG_DIR-example" -type f -name "*.log" | xargs tail -F
+start_process bash -c "find '$DS_LOG_DIR' '$DS_LOG_DIR-example' -type f -name '*.log' | xargs tail -F"
--- a/tests/damengdb/damengdb.Dockerfile
+++ b/tests/damengdb/damengdb.Dockerfile
@ -1,7 +1,7 @@
-FROM onlyoffice/damengdb:8.1.2 as damengdb
+FROM onlyoffice/damengdb:8.1.3 as damengdb

 ARG DM8_USER="SYSDBA"
-ARG DM8_PASS="SYSDBA001"
+ARG DM8_PASS="SYSDBA_dm001"
 ARG DB_HOST="localhost"
 ARG DB_PORT="5236"
 ARG DISQL_BIN="/opt/dmdbms/bin"
@ -15,7 +15,7 @@ function wait_dm_ready() {
  cd /opt/dmdbms/bin
  for i in `seq 1  10`; do
    echo `./disql /nolog <<EOF
-CONN SYSDBA/SYSDBA001@localhost
+CONN SYSDBA/SYSDBA_dm001@localhost
 exit
 EOF` | grep  "connection failure" > /dev/null 2>&1
    if [ $? -eq 0 ]; then
@ -41,14 +41,20 @@ GRANT ALL PRIVILEGES ON sysdba.TASK_RESULT TO onlyoffice;

 EOF

+ADD https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/dameng/createdb.sql /schema/dameng/createdb.sql
+
+ARG OO_DB_USER="onlyoffice"
+ARG OO_DB_PASS="Onlyoffice_2026"
+
 RUN   bash /opt/startup.sh > /dev/null 2>&1 \
   &  mkdir -p /schema/damengdb \
-   && apt update -y ; apt install wget -y \
-   && wget https://raw.githubusercontent.com/ONLYOFFICE/server/master/schema/dameng/createdb.sql -P /schema/dameng/ \
+   && export DEBIAN_FRONTEND=noninteractive \
+   && apt-get update \
+   && rm -rf /var/lib/apt/lists/* \
   && bash ./wait_dm_ready.sh \
   && cd ${DISQL_BIN} \
   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT -e \
-      "create user "onlyoffice" identified by "onlyoffice" password_policy 0;" \
+      "create user \"${OO_DB_USER}\" identified by \"${OO_DB_PASS}\";" \
   && ./disql $DM8_USER/$DM8_PASS@$DB_HOST:$DB_PORT -e \
      "GRANT SELECT ON DBA_TAB_COLUMNS TO onlyoffice;" \
   && echo "EXIT" | tee -a /schema/dameng/createdb.sql \
--- a/tests/damengdb/docker-compose.yml
+++ b/tests/damengdb/docker-compose.yml
@ -1,10 +1,7 @@
 version: '2'
 services:
  onlyoffice-documentserver:
-    build:
-      context: ../../.
-      dockerfile: Dockerfile
-      target: documentserver
+    image: onlyoffice/documentserver-ee:latest
    container_name: onlyoffice-documentserver
    depends_on:
      - onlyoffice-dameng
@ -15,6 +12,7 @@ services:
      - DB_PORT=5236
      - DB_NAME=onlyoffice
      - DB_USER=onlyoffice
+      - DB_PWD=Onlyoffice_2026
      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
      # Costomize the JSON Web Token validation parameters if needed.
      #- JWT_ENABLED=false
@ -49,7 +47,7 @@ services:
      target: damengdb
      args:
        DM8_USER: SYSDBA
-        DM8_PASS: SYSDBA001
+        DM8_PASS: SYSDBA_dm001
        DB_HOST: localhost
        DB_PORT: 5236
    environment:
Author	SHA1	Message	Date
Vladimir Ischenko	852fc2a6ad	fix Bug 80465 - Skip PostgreSQL probe for other DB types	2026-03-06 15:49:05 +03:00
danilapog	69256014cc	Fix: actualize damengdb stand Bump database version to 8.1.3. Also disable build for documentserver image	2026-02-26 15:04:36 +03:00
papacarlo	58051c573f	Merge branch release/v9.3.0 into develop	2026-02-25 15:16:39 +00:00
Evgeniy Antonyuk	475a957b34	Make adminpanel conditional by edition	2026-02-22 22:19:21 +02:00
Evgeniy Antonyuk	c344bc46c8	Add RABBIT_CONNECTIONS and note ulimit defaults	2026-02-13 13:13:02 +03:00
Evgeniy Antonyuk	b531e96c10	Increase file descriptor cap to 1,048,576	2026-02-13 13:13:02 +03:00
danilapog	f63607aecc	Build: get runner specification from the matrix	2026-02-11 14:11:58 +03:00
danilapog	0bf51cae5e	Cosmetic: just cosmetic fix	2026-02-10 16:27:28 +03:00
danilapog	425241b1a5	Build: build images on navite runners Also make multiarch image with simple tag after build	2026-02-10 16:20:23 +03:00
Vladimir Ischenko	578deab49a	Replace help commands in disabled pages	2026-02-03 12:37:07 +03:00
Evgeniy Antonyuk	849cb4ee70	fix Bug 78722 - Add admin panel and example service autostart options	2026-01-28 09:38:55 +00:00
Evgeniy Antonyuk	058d512af2	fix Bug 78997 - Run plugin manager in background during startup	2026-01-23 05:37:57 +02:00
Evgeniy Antonyuk	9ee11e40c0	fix Bug 78949 - Fix RabbitMQ startup failure due to ulimit nofile changes	2026-01-22 06:11:39 +02:00
Sergey Konovalov	0362706b26	Add env var PKG_NATIVE_CACHE_PATH to control pkg native cache location; For Bug 76727	2025-12-30 17:12:58 +03:00
papacarlo	3056ddb7b6	Merge branch hotfix/v9.2.1 into release/v9.3.0	2025-12-17 15:37:15 +00:00
papacarlo	d17d150827	Merge branch hotfix/v9.2.1 into develop	2025-12-17 15:37:14 +00:00
papacarlo	7bb59095a5	Merge branch release/v9.2.0 into develop	2025-12-10 10:31:48 +00:00
papacarlo	ce58202562	Merge branch release/v9.2.0 into master	2025-12-01 07:34:32 +00:00
Vladimir Ischenko	d3d6bcf8b4	fix bug 78605 - Prevent SIGTERM shutdown hang on log tailing	2025-11-24 11:43:57 +00:00
danilapog	c1c4f9793a	Fix secrets name	2025-11-24 10:55:46 +00:00
danilapog	ec12b6a021	4enterprise release separately with separate logins	2025-11-24 10:55:46 +00:00
Vladimir Ischenko	feadbdf42b	Add empty directory for local font cache	2025-11-13 08:52:10 +00:00
Vladimir Ischenko	b13570f221	Add msfonts caching to avoid install issues	2025-11-13 08:52:10 +00:00
danilapog	32b11818cc	Disable zap ajax spider untill action not fixed	2025-11-11 15:14:03 +00:00
Vladimir Ischenko	d20143734d	Fix cosmetic typos in README	2025-11-01 14:44:54 +03:00
papacarlo	0da835b7ae	Merge branch release/v9.1.0 into develop	2025-10-28 12:01:25 +00:00
Evgeniy Antonyuk	818573b9ba	fix Bug 77433 - Fix duplicate tables in public when using DB_SCHEMA	2025-10-24 11:43:09 +00:00
Vladimir Ischenko	92936a7971	Fix bug 71003 - Install plugins before services start (#51 ) Co-authored-by: Vladimir Ischenko <vladimir.ischenko@onlyoffice.com> Co-committed-by: Vladimir Ischenko <vladimir.ischenko@onlyoffice.com>	2025-10-24 11:41:36 +00:00
Vladimir Ischenko	fc99345e11	Fix typos in comments	2025-08-27 16:17:33 +03:00
Vladimir Ischenko	f6cf4c37c1	Update to modern LABEL maintainer syntax	2025-08-27 16:13:19 +03:00