diff --git a/.github/workflows/ci-oci-install.yml b/.github/workflows/ci-oci-install.yml
index 5d07a13fd4..5e6272b1ca 100644
--- a/.github/workflows/ci-oci-install.yml
+++ b/.github/workflows/ci-oci-install.yml
@@ -109,7 +109,7 @@ jobs:
uses: nick-fields/retry@v3
with:
max_attempts: 2
- timeout_minutes: 40
+ timeout_minutes: 80
retry_on: error
command: |
set -eux
@@ -133,7 +133,7 @@ jobs:
uses: nick-fields/retry@v3
with:
max_attempts: 2
- timeout_minutes: 40
+ timeout_minutes: 80
retry_on: error
command: |
set -eux
diff --git a/build.backend.docker.py b/build.backend.docker.py
index 452024ad57..291ea0c9a6 100755
--- a/build.backend.docker.py
+++ b/build.backend.docker.py
@@ -188,7 +188,8 @@ os.environ["SRC_PATH"] = os.path.join(dir, "publish/services")
os.environ["DATA_DIR"] = os.path.join(dir, "data")
os.environ["APP_URL_PORTAL"] = portal_url
os.environ["MIGRATION_TYPE"] = migration_type
-subprocess.run(["docker-compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join(dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"])
+subprocess.run(["docker", "compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join(
+ dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"])
print()
print("Run script directory:", dir)
diff --git a/config/apisystem.json b/config/apisystem.json
index a3174134c0..b87e02f32a 100644
--- a/config/apisystem.json
+++ b/config/apisystem.json
@@ -30,6 +30,9 @@
"ios": ""
}
},
+ "hcaptcha" : {
+ "private-key" : ""
+ },
"auth" : {
"allowskip" : {
"default" : false,
diff --git a/config/appsettings.json b/config/appsettings.json
index aacf90ae3e..413981bf0b 100644
--- a/config/appsettings.json
+++ b/config/appsettings.json
@@ -71,7 +71,7 @@
"files": {
"thirdparty": { "enable": ["box", "dropboxv2", "docusign", "google", "onedrive", "nextcloud", "owncloud", "webdav", "kdrive" ] },
"docservice": {
- "coauthor-docs": [ ".csv", ".docm", ".docx", ".docxf", ".dotm", ".dotx", ".oform", ".potm", ".potx", ".ppsm", ".pptm", ".ppsx", ".pptx", ".txt", ".xlsm", ".xlsx", ".xltm", ".xltx" ],
+ "coauthor-docs": [ ".csv", ".docm", ".docx", ".docxf", ".dotm", ".dotx", ".oform", ".pdf", ".potm", ".potx", ".ppsm", ".pptm", ".ppsx", ".pptx", ".txt", ".xlsm", ".xlsx", ".xltm", ".xltx" ],
"commented-docs": [ ".docm", ".docx", ".docxf", ".dotm", ".dotx", ".potm", ".potx", ".ppsm", ".pptm", ".ppsx", ".pptx", ".xlsm", ".xlsx", ".xltm", ".xltx" ],
"convert-docs": [ ".doc", ".dot", ".dps", ".dpt", ".epub", ".et", ".ett", ".fb2", ".fodp", ".fods", ".fodt", ".htm", ".html", ".mht", ".mhtml", ".odp", ".ods", ".odt", ".otp", ".ots", ".ott", ".pot", ".pps", ".ppt", ".rtf", ".stw", ".sxc", ".sxi", ".sxw", ".wps", ".wpt", ".xls", ".xlsb", ".xlt", ".xml" ],
"edited-docs": [ ".csv", ".doc", ".docm", ".docx", ".docxf", ".dot", ".dotm", ".dotx", ".dps", ".dpt", ".epub", ".et", ".ett", ".fb2", ".fodp", ".fods", ".fodt", ".htm", ".html", ".mht", ".mhtml", ".odp", ".ods", ".odt", ".oform", ".otp", ".ots", ".ott", ".pdf", ".pot", ".potm", ".potx", ".pps", ".ppsm", ".ppsx", ".ppt", ".pptm", ".pptx", ".rtf", ".stw", ".sxc", ".sxi", ".sxw", ".txt", ".wps", ".wpt", ".xls", ".xlsb", ".xlsm", ".xlsx", ".xlt", ".xltm", ".xltx", ".xml" ],
@@ -104,13 +104,14 @@
"oform": {
"domain": "https://cmsoforms.teamlab.info",
"path": "/api/oforms/",
- "ext": ".oform",
+ "ext": ".pdf",
"upload": {
"domain": "https://oforms.teamlab.info",
"path": "/api/upload",
- "ext": ".docxf",
+ "ext": ".pdf",
"dashboard": "/dashboard/api"
- }
+ },
+ "signature": "ONLYOFFICEFORM"
}
},
"web": {
@@ -127,7 +128,10 @@
"url": "/socket.io",
"internal": "http://localhost:9899/"
},
- "cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR",
+ "cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Cyrl-RS,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR",
+ "logo": {
+ "custom-cultures": ["zh-CN"]
+ },
"controlpanel": {
"url": ""
},
@@ -156,6 +160,10 @@
"recaptcha": {
"public-key": "",
"private-key": ""
+ },
+ "hcaptcha" : {
+ "public-key": "",
+ "private-key": ""
}
},
"ConnectionStrings": {
@@ -219,16 +227,8 @@
"thumbnail": {
"maxDegreeOfParallelism": 1,
"sizes": [
- { "height": 156, "width": 216 },
- { "height": 156, "width": 240 },
- { "height": 156, "width": 264 },
- { "height": 156, "width": 288 },
- { "height": 156, "width": 312 },
- { "height": 156, "width": 336 },
- { "height": 156, "width": 360 },
- { "height": 156, "width": 400 },
- { "height": 156, "width": 440 },
- { "height": 720, "width": 1280, "resizeMode": "Max" }
+ { "height": 720, "width": 1280, "resizeMode": "Manual" },
+ { "height": 2160, "width": 3840, "resizeMode": "Manual" }
]
},
"csp": {
@@ -257,6 +257,12 @@
"oform": {
"img": ["static-oforms.teamlab.info"],
"connect": ["cmsoforms.teamlab.info", "oforms.teamlab.info"]
+ },
+ "captcha": {
+ "script": ["*.google.com", "*.gstatic.com", "hcaptcha.com", "*.hcaptcha.com"],
+ "style": ["hcaptcha.com", "*.hcaptcha.com"],
+ "frame": ["*.google.com", "hcaptcha.com", "*.hcaptcha.com"],
+ "connect": ["hcaptcha.com", "*.hcaptcha.com"]
}
},
"logocolors": [
@@ -324,5 +330,9 @@
"asc.files": "/openapi/asc.files/common.yaml",
"asc.data.backup": "/openapi/asc.data.backup/common.yaml"
}
+ },
+ "urlShortener":{
+ "length": 15,
+ "alphabet": "5XzpDt6wZRdsTrJkSY_cgPyxN4j-fnb9WKBF8vh3GH72QqmLVCM"
}
}
diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf
index 2a579f7f19..3c94028b2a 100644
--- a/config/nginx/onlyoffice.conf
+++ b/config/nginx/onlyoffice.conf
@@ -46,7 +46,7 @@ map $request_uri $cache_control {
default "no-cache, no-store, no-transform";
~*\/(filehandler\.ashx\?action=(thumb|preview))|\/(storage\/room_logos\/root\/.*\?hash.*|storage\/userPhotos\/root\/.*\?hash.*|storage\/whitelabel\/root\/.*\?hash.*|storage\/static_partnerdata\/root\/.*\?hash.*) "must-revalidate, no-transform, immutable, max-age=31536000";
~*\/(api\/2\.0.*|storage|login\.ashx|filehandler\.ashx|ChunkedUploader.ashx|ThirdPartyAppHandler|apisystem|sh|remoteEntry\.js|debuginfo\.md|static\/scripts\/api\.js|static\/scripts\/sdk\/.*|static\/scripts\/api\.poly\.js) "no-cache, no-store, no-transform";
- ~*\/(static\/images\/.*)|\.(js|woff|woff2|css)|(locales.*\.json) "must-revalidate, no-transform, immutable, max-age=31536000";
+ ~*\/(static\/images\/.*)|\/(_next\/public\/images\/.*)|\.(js|woff|woff2|css)|(locales.*\.json) "must-revalidate, no-transform, immutable, max-age=31536000";
}
map $request_uri $content_security_policy {
@@ -102,7 +102,8 @@ server {
set $csp "";
access_by_lua '
local accept_header = ngx.req.get_headers()["Accept"]
- if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath") then
+ if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then
+
local key = string.format("csp:%s",ngx.var.host)
local redis = require "resty.redis"
local red = redis:new()
@@ -229,17 +230,9 @@ server {
proxy_pass http://127.0.0.1:5011;
proxy_redirect off;
- location ~* /static/favicon.ico {
- try_files /$basename /index.html =404;
- }
-
- location ~* /static/images/(.*)$ {
+ location ~* /_next/public/images/(.*)$ {
try_files /images/$1 /index.html =404;
}
-
- location ~* /static/css/ {
- try_files /css/$basename /index.html =404;
- }
}
location /management {
diff --git a/config/nlog.config b/config/nlog.config
index 4c87bbc44c..662ca7efe2 100644
--- a/config/nlog.config
+++ b/config/nlog.config
@@ -13,10 +13,10 @@
-
+
-
+
diff --git a/config/storage.json b/config/storage.json
index 8577be2e2e..59c4c5042c 100644
--- a/config/storage.json
+++ b/config/storage.json
@@ -87,7 +87,8 @@
"type": "disc",
"path": "$STORAGE_ROOT\\Studio\\{0}\\CoBranding",
"virtualpath": "~/studio/{0}/cobranding",
- "public": true
+ "public": true,
+ "contentAsAttachment": true
},
{
"name": "static_partnerdata",
diff --git a/install/OneClickInstall/docspace-install.sh b/install/OneClickInstall/docspace-install.sh
index 4ab24ee409..b54796a3c2 100644
--- a/install/OneClickInstall/docspace-install.sh
+++ b/install/OneClickInstall/docspace-install.sh
@@ -156,27 +156,27 @@ fi
if [ "$DOCKER" == "true" ]; then
if [ "$LOCAL_SCRIPTS" == "true" ]; then
- bash install-Docker.sh ${PARAMETERS}
+ bash install-Docker.sh ${PARAMETERS} || EXIT_CODE=$?
else
curl -s -O ${DOWNLOAD_URL_PREFIX}/install-Docker.sh
- bash install-Docker.sh ${PARAMETERS}
+ bash install-Docker.sh ${PARAMETERS} || EXIT_CODE=$?
rm install-Docker.sh
fi
else
if [ -f /etc/redhat-release ] ; then
if [ "$LOCAL_SCRIPTS" == "true" ]; then
- bash install-RedHat.sh ${PARAMETERS}
+ bash install-RedHat.sh ${PARAMETERS} || EXIT_CODE=$?
else
curl -s -O ${DOWNLOAD_URL_PREFIX}/install-RedHat.sh
- bash install-RedHat.sh ${PARAMETERS}
+ bash install-RedHat.sh ${PARAMETERS} || EXIT_CODE=$?
rm install-RedHat.sh
fi
elif [ -f /etc/debian_version ] ; then
if [ "$LOCAL_SCRIPTS" == "true" ]; then
- bash install-Debian.sh ${PARAMETERS}
+ bash install-Debian.sh ${PARAMETERS} || EXIT_CODE=$?
else
curl -s -O ${DOWNLOAD_URL_PREFIX}/install-Debian.sh
- bash install-Debian.sh ${PARAMETERS}
+ bash install-Debian.sh ${PARAMETERS} || EXIT_CODE=$?
rm install-Debian.sh
fi
else
@@ -184,3 +184,5 @@ else
exit 1;
fi
fi
+
+exit ${EXIT_CODE:-0}
diff --git a/install/OneClickInstall/install-Debian/install-app.sh b/install/OneClickInstall/install-Debian/install-app.sh
index c8705b76d2..9427847a31 100644
--- a/install/OneClickInstall/install-Debian/install-app.sh
+++ b/install/OneClickInstall/install-Debian/install-app.sh
@@ -85,8 +85,6 @@ elif [ "$UPDATE" = "true" ] && [ "$PRODUCT_INSTALLED" = "true" ]; then
fi
fi
-hold_package_version dotnet-host opensearch redis-server rabbitmq-server opensearch-dashboards fluent-bit
-
if [ "$MAKESWAP" == "true" ]; then
make_swap
fi
diff --git a/install/OneClickInstall/install-Debian/install-preq.sh b/install/OneClickInstall/install-Debian/install-preq.sh
index 2d6c24dba7..42d2c7ca9a 100644
--- a/install/OneClickInstall/install-Debian/install-preq.sh
+++ b/install/OneClickInstall/install-Debian/install-preq.sh
@@ -10,6 +10,8 @@ cat<> /etc/apt/sources.list
echo "deb-src http://ftp.uk.debian.org/debian/ $DISTRIB_CODENAME main contrib" >> /etc/apt/sources.list
@@ -33,13 +35,13 @@ locale-gen en_US.UTF-8
# add opensearch repo
curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring
-echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" >> /etc/apt/sources.list.d/opensearch-2.x.list
+echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" > /etc/apt/sources.list.d/opensearch-2.x.list
ELASTIC_VERSION="2.11.1"
#add opensearch dashboards repo
if [ ${INSTALL_FLUENT_BIT} == "true" ]; then
curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring
- echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" >> /etc/apt/sources.list.d/opensearch-dashboards-2.x.list
+ echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" > /etc/apt/sources.list.d/opensearch-dashboards-2.x.list
DASHBOARDS_VERSION="2.11.1"
fi
@@ -48,10 +50,12 @@ NODE_VERSION="18"
curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
#add dotnet repo
-if [[ "$DISTRIB_CODENAME" != noble ]]; then
+if [ "$DIST" = "debian" ] || [ "$DISTRIB_CODENAME" = "focal" ]; then
curl https://packages.microsoft.com/config/$DIST/$REV/packages-microsoft-prod.deb -O
echo -e "Package: *\nPin: origin \"packages.microsoft.com\"\nPin-Priority: 1002" | tee /etc/apt/preferences.d/99microsoft-prod.pref
dpkg -i packages-microsoft-prod.deb && rm packages-microsoft-prod.deb
+elif dpkg -l | grep -q packages-microsoft-prod; then
+ apt-get purge -y packages-microsoft-prod
fi
MYSQL_REPO_VERSION="$(curl https://repo.mysql.com | grep -oP 'mysql-apt-config_\K.*' | grep -o '^[^_]*' | sort --version-sort --field-separator=. | tail -n1)"
diff --git a/install/OneClickInstall/install-Debian/tools.sh b/install/OneClickInstall/install-Debian/tools.sh
index aa582112ce..e1265b2522 100644
--- a/install/OneClickInstall/install-Debian/tools.sh
+++ b/install/OneClickInstall/install-Debian/tools.sh
@@ -26,14 +26,23 @@ command_exists () {
# Function to prevent package auto-update
hold_package_version() {
- for package in "$@"; do
- if command -v apt-mark >/dev/null 2>&1 &&
- dpkg -s "$package" >/dev/null 2>&1 &&
- ! apt-mark showhold | grep -q "$package" >/dev/null 2>&1
- then
- apt-mark hold "$package"
- fi
- done
+ packages=("dotnet-*" "aspnetcore-*" opensearch redis-server rabbitmq-server opensearch-dashboards fluent-bit)
+ for package in "${packages[@]}"; do
+ command -v apt-mark >/dev/null 2>&1 && apt-mark showhold | grep -q "^$package" && apt-mark unhold "$package"
+ done
+
+ UNATTENDED_UPGRADES_FILE="/etc/apt/apt.conf.d/50unattended-upgrades"
+ if [ -f ${UNATTENDED_UPGRADES_FILE} ] && grep -q "Package-Blacklist" ${UNATTENDED_UPGRADES_FILE}; then
+ for package in "${packages[@]}"; do
+ if ! grep -q "$package" ${UNATTENDED_UPGRADES_FILE}; then
+ sed -i "/Package-Blacklist/a \\\t\"$package\";" ${UNATTENDED_UPGRADES_FILE}
+ fi
+ done
+
+ if systemctl list-units --type=service --state=running | grep -q "unattended-upgrades"; then
+ systemctl restart unattended-upgrades
+ fi
+ fi
}
check_hardware () {
diff --git a/install/OneClickInstall/install-Docker.sh b/install/OneClickInstall/install-Docker.sh
index 799ae7ef72..92c58036d4 100644
--- a/install/OneClickInstall/install-Docker.sh
+++ b/install/OneClickInstall/install-Docker.sh
@@ -60,7 +60,7 @@ INSTALL_RABBITMQ="true";
INSTALL_MYSQL_SERVER="true";
INSTALL_DOCUMENT_SERVER="true";
INSTALL_ELASTICSEARCH="true";
-INSTALL_FLUENT_BIT="false";
+INSTALL_FLUENT_BIT="true";
INSTALL_PRODUCT="true";
UPDATE="false";
@@ -1324,41 +1324,32 @@ install_elasticsearch () {
install_fluent_bit () {
if [ "$INSTALL_FLUENT_BIT" == "true" ]; then
- curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh
- systemctl enable fluent-bit
-
- if systemctl list-unit-files --type=service | grep -q "fluent-bit.service"; then
- sed -i "s/OPENSEARCH_SCHEME/$(get_env_parameter "ELK_SHEME")/g" "${BASE_DIR}/config/fluent-bit.conf"
- sed -i "s/OPENSEARCH_HOST/${ELK_HOST:-127.0.0.1}/g" "${BASE_DIR}/config/fluent-bit.conf"
- sed -i "s/OPENSEARCH_PORT/$(get_env_parameter "ELK_PORT")/g" ${BASE_DIR}/config/fluent-bit.conf
- sed -i "s/OPENSEARCH_INDEX/${OPENSEARCH_INDEX:-"${PACKAGE_SYSNAME}-fluent-bit"}/g" ${BASE_DIR}/config/fluent-bit.conf
- [ ! -z "${ELK_HOST}" ] && sed -i "s/ELK_CONTAINER_NAME/ELK_HOST/g" ${BASE_DIR}/dashboards.yml
- cp -rf ${BASE_DIR}/config/fluent-bit.conf /etc/fluent-bit/fluent-bit.conf
- systemctl restart fluent-bit
-
- DOCKER_SYSTEMD_DIR="/etc/systemd/system/docker.service.d"
- if [ ! -f "${DOCKER_SYSTEMD_DIR}/fluent-after.conf" ]; then
- mkdir -p ${DOCKER_SYSTEMD_DIR}
- echo -e "[Unit]\n$(grep After= $(systemctl show -p FragmentPath docker.service | awk -F= '{print $2}')) fluent-bit.service" > "${DOCKER_SYSTEMD_DIR}/fluent-after.conf"
- systemctl daemon-reload
+ if ! command_exists crontab; then
+ if command_exists apt-get; then
+ install_service crontab cron
+ elif command_exists yum; then
+ install_service crontab cronie
fi
-
- DOCKER_DAEMON_FILE="/etc/docker/daemon.json"
- if [[ ! -f "${DOCKER_DAEMON_FILE}" ]]; then
- echo "{\"log-driver\": \"fluentd\", \"log-opts\": { \"fluentd-address\": \"127.0.0.1:24224\" }}" > "${DOCKER_DAEMON_FILE}"
- systemctl restart docker
- elif ! grep -q "log-driver" ${DOCKER_DAEMON_FILE}; then
- sed -i 's!{!& "log-driver": "fluentd", "log-opts": { "fluentd-address": "127.0.0.1:24224" },!' "${DOCKER_DAEMON_FILE}"
- systemctl restart docker
- fi
-
- reconfigure DASHBOARDS_USERNAME "${DASHBOARDS_USERNAME:-"onlyoffice"}"
- reconfigure DASHBOARDS_PASSWORD "${DASHBOARDS_PASSWORD:-$(get_random_str 20)}"
-
- docker-compose -f ${BASE_DIR}/dashboards.yml up -d
- else
- echo "The installation of the fluent-bit service was unsuccessful."
fi
+
+ [ ! -z "$ELK_HOST" ] && sed -i "s/ELK_CONTAINER_NAME/ELK_HOST/g" $BASE_DIR/fluent.yml ${BASE_DIR}/dashboards.yml
+
+ OPENSEARCH_INDEX="${OPENSEARCH_INDEX:-"${PACKAGE_SYSNAME}-fluent-bit"}"
+ if crontab -l | grep -q "${OPENSEARCH_INDEX}"; then
+ crontab < <(crontab -l | grep -v "${OPENSEARCH_INDEX}")
+ fi
+ (crontab -l 2>/dev/null; echo "0 0 */1 * * curl -s -X POST "$(get_env_parameter 'ELK_SHEME')"://${ELK_HOST:-127.0.0.1}:$(get_env_parameter 'ELK_PORT')/${OPENSEARCH_INDEX}/_delete_by_query -H 'Content-Type: application/json' -d '{\"query\": {\"range\": {\"@timestamp\": {\"lt\": \"now-30d\"}}}}'") | crontab -
+
+ sed -i "s/OPENSEARCH_HOST/${ELK_HOST:-"${PACKAGE_SYSNAME}-opensearch"}/g" "${BASE_DIR}/config/fluent-bit.conf"
+ sed -i "s/OPENSEARCH_PORT/$(get_env_parameter "ELK_PORT")/g" ${BASE_DIR}/config/fluent-bit.conf
+ sed -i "s/OPENSEARCH_INDEX/${OPENSEARCH_INDEX}/g" ${BASE_DIR}/config/fluent-bit.conf
+
+ reconfigure DASHBOARDS_USERNAME "${DASHBOARDS_USERNAME:-"${PACKAGE_SYSNAME}"}"
+ reconfigure DASHBOARDS_PASSWORD "${DASHBOARDS_PASSWORD:-$(get_random_str 20)}"
+
+ docker-compose -f ${BASE_DIR}/fluent.yml -f ${BASE_DIR}/dashboards.yml up -d
+ elif [ "$INSTALL_FLUENT_BIT" == "pull" ]; then
+ docker-compose -f ${BASE_DIR}/fluent.yml -f ${BASE_DIR}/dashboards.yml pull
fi
}
diff --git a/install/OneClickInstall/install-RedHat/install-preq.sh b/install/OneClickInstall/install-RedHat/install-preq.sh
index 3074a91f53..8cb87ff997 100644
--- a/install/OneClickInstall/install-RedHat/install-preq.sh
+++ b/install/OneClickInstall/install-RedHat/install-preq.sh
@@ -37,12 +37,9 @@ fi
rpm -ivh https://rpms.remirepo.net/$REMI_DISTR_NAME/remi-release-$REV.rpm || true
yum localinstall -y --nogpgcheck https://download1.rpmfusion.org/free/$RPMFUSION_DISTR_NAME/rpmfusion-free-release-$REV.noarch.rpm
-[ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1
-if [ "$DIST" == "centos" ]; then
- [ "$REV" = "9" ] && TESTING_REPO="--enablerepo=crb" || POWERTOOLS_REPO="--enablerepo=powertools"
-elif [ "$DIST" == "redhat" ]; then
- /usr/bin/crb enable
-fi
+[ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1 && ${package_manager} -y install xorg-x11-font-utils
+[ "$DIST" = "centos" ] && TESTING_REPO="--enablerepo=$( [ "$REV" = "9" ] && echo "crb" || echo "powertools" )"
+[ "$DIST" = "redhat" ] && /usr/bin/crb enable
#add rabbitmq & erlang repo
curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | bash
diff --git a/install/common/logrotate/product-common b/install/common/logrotate/product-common
deleted file mode 100644
index 66a81ce9ab..0000000000
--- a/install/common/logrotate/product-common
+++ /dev/null
@@ -1,16 +0,0 @@
-/var/log/onlyoffice/docspace/*.log {
- daily
- missingok
- rotate 30
- compress
- dateext
- delaycompress
- notifempty
- nocreate
- sharedscripts
- postrotate
- if pgrep -x ""systemd"" >/dev/null; then
- systemctl restart docspace* > /dev/null
- fi
- endscript
-}
diff --git a/install/common/product-configuration b/install/common/product-configuration
index e29335d981..e51196f361 100644
--- a/install/common/product-configuration
+++ b/install/common/product-configuration
@@ -26,7 +26,7 @@ APP_PORT="80"
ELK_SHEME="http"
ELK_HOST="localhost"
ELK_PORT="9200"
-OPENSEARCH_INDEX="${PACKAGE_SYSNAME}-${PRODUCT}-logs"
+OPENSEARCH_INDEX="${PACKAGE_SYSNAME}-fluent-bit"
RABBITMQ_HOST="localhost"
RABBITMQ_USER="guest"
@@ -548,10 +548,12 @@ setup_openresty(){
done
fi
- if rpm -q "firewalld"; then
- firewall-cmd --permanent --zone=public --add-service=http
- firewall-cmd --permanent --zone=public --add-service=https
- systemctl restart firewalld.service
+ if $PACKAGE_MANAGER firewalld >/dev/null 2>&1; then
+ if [ $(systemctl is-active firewalld.service) == active ]; then
+ firewall-cmd --permanent --zone=public --add-service=http
+ firewall-cmd --permanent --zone=public --add-service=https
+ systemctl restart firewalld.service
+ fi
fi
elif [ "$DIST" = "Debian" ]; then
if ! id "nginx" &>/dev/null; then
diff --git a/install/common/product-ssl-setup b/install/common/product-ssl-setup
index 6a58fc7794..ace387a517 100644
--- a/install/common/product-ssl-setup
+++ b/install/common/product-ssl-setup
@@ -8,7 +8,8 @@ LETSENCRYPT="/etc/letsencrypt/live";
OPENRESTY="/etc/openresty/conf.d"
DHPARAM_FILE="/etc/ssl/certs/dhparam.pem"
WEBROOT_PATH="/var/www/${PRODUCT}"
-SYSTEMD_DIR="/usr/lib/systemd/system"
+CONFIG_DIR="/etc/onlyoffice/${PRODUCT}"
+SYSTEMD_DIR=$(dirname $($(command -v dpkg-query &> /dev/null && echo "dpkg-query -L" || echo "rpm -ql") ${PRODUCT}-api | grep systemd/system/))
# Check if configuration files are present
if [ ! -f "${OPENRESTY}/onlyoffice-proxy-ssl.conf.template" -a ! -f "${OPENRESTY}/onlyoffice-proxy.conf.template" ]; then
@@ -47,6 +48,8 @@ case $1 in
DOMAIN=$2
CERTIFICATE_FILE=$3
PRIVATEKEY_FILE=$4
+
+ [[ $DOMAIN =~ ^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$ ]] || { echo "Error: domain name '$DOMAIN' is incorrect." >&2; exit 1; }
else
help
fi
@@ -59,7 +62,7 @@ case $1 in
sed "s!\(worker_connections\).*;!\1 $(ulimit -n);!" -i "${OPENRESTY}/onlyoffice-proxy.conf"
[[ -f "${DIR}/${PRODUCT}-renew-letsencrypt" ]] && rm -rf "${DIR}/${PRODUCT}-renew-letsencrypt"
[ $(pgrep -x ""systemd"" | wc -l) -gt 0 ] && systemctl reload openresty || service openresty reload
-
+ sed -i "s/\(\"portal\":\).*/\1 \"http:\/\/localhost:80\"/" ${CONFIG_DIR}/appsettings.$(grep -oP 'ENVIRONMENT=\K.*' ${SYSTEMD_DIR}/${PRODUCT}-api.service).json
SYSTEMD_NODE_FILES=$(grep -l "NODE_EXTRA_CA_CERTS" ${SYSTEMD_DIR}/${PRODUCT}-*.service ${SYSTEMD_DIR}/ds-*.service || true)
if [ -n "$SYSTEMD_NODE_FILES" ]; then
sed -i '/NODE_EXTRA_CA_CERTS/d' ${SYSTEMD_NODE_FILES}
@@ -91,8 +94,8 @@ case $1 in
echo "Generating Let's Encrypt SSL Certificates..."
# Request and generate Let's Encrypt SSL certificate
- echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log
- certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log
+ echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log
+ certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log
else
help
fi
@@ -106,10 +109,7 @@ PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}"
if [ -f "${CERTIFICATE_FILE}" ]; then
if [ -f "${PRIVATEKEY_FILE}" ]; then
cp -f ${OPENRESTY}/onlyoffice-proxy-ssl.conf.template ${OPENRESTY}/onlyoffice-proxy.conf
-
- PACKAGE_FILE_CHECKER=$(command -v dpkg-query &> /dev/null && echo "dpkg-query -L" || echo "rpm -ql")
- ENVIRONMENT=$(grep -oP 'ENVIRONMENT=\K.*' $(dirname $(${PACKAGE_FILE_CHECKER} ${PRODUCT}-api | grep systemd/system/))/${PRODUCT}-api.service)
- sed -i "s/\(\"portal\":\).*/\1 \"https:\/\/${DOMAIN}\"/" /etc/onlyoffice/docspace/appsettings.$ENVIRONMENT.json
+ sed -i "s/\(\"portal\":\).*/\1 \"https:\/\/${DOMAIN}\"/" ${CONFIG_DIR}/appsettings.$(grep -oP 'ENVIRONMENT=\K.*' ${SYSTEMD_DIR}/${PRODUCT}-api.service).json
sed -i "s~\(ssl_certificate \).*;~\1${CERTIFICATE_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
sed -i "s~\(ssl_certificate_key \).*;~\1${PRIVATEKEY_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
sed -i "s~\(ssl_dhparam \).*;~\1${DHPARAM_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
diff --git a/install/deb/debian/control b/install/deb/debian/control
index 9412cbd08f..18e9b1fcd8 100644
--- a/install/deb/debian/control
+++ b/install/deb/debian/control
@@ -11,7 +11,7 @@ Multi-Arch: foreign
Package: {{product}}
Architecture: all
Multi-Arch: foreign
-Depends: debconf,
+Depends: debconf, openssl,
${misc:Depends}, ${shlibs:Depends},
{{product}}-api (= {{package_header_tag_version}}),
{{product}}-api-system (= {{package_header_tag_version}}),
@@ -40,7 +40,7 @@ Description: {{product}}
Package: {{product}}-common
Architecture: all
Multi-Arch: foreign
-Depends: adduser, logrotate, ${misc:Depends}, ${shlibs:Depends}
+Depends: adduser, ${misc:Depends}, ${shlibs:Depends}
Recommends: default-mysql-client
Description: {{product}}-common
A package containing configs and scripts
diff --git a/install/deb/debian/product-common.install b/install/deb/debian/product-common.install
index 2f3a5de1c7..60aaa49f2e 100644
--- a/install/deb/debian/product-common.install
+++ b/install/deb/debian/product-common.install
@@ -1,5 +1,4 @@
debian/build/buildtools/config/*.json etc/onlyoffice/{{product}}
debian/build/buildtools/config/*.config etc/onlyoffice/{{product}}
debian/build/buildtools/install/common/{{product}}-configuration usr/bin
-debian/build/buildtools/install/common/logrotate/{{product}}-common etc/logrotate.d
debian/build/buildtools/install/docker/config/fluent-bit.conf etc/onlyoffice/{{product}}
diff --git a/install/deb/debian/rules b/install/deb/debian/rules
index 07d8104bc7..c189c93fae 100644
--- a/install/deb/debian/rules
+++ b/install/deb/debian/rules
@@ -79,13 +79,17 @@ override_dh_auto_build: check_archives
sed -E 's_(http://)[^:]+(:5601)_\1localhost\2_g' -i ${BUILDTOOLS_PATH}/config/nginx/onlyoffice.conf
sed 's/teamlab.info/onlyoffice.com/g' -i ${BUILDTOOLS_PATH}/config/autofac.consumers.json
json -I -f ${CLENT_PATH}/public/scripts/config.json -e "this.wrongPortalNameUrl=\"\""
- sed -e 's/$$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy*.conf
+ sed -e 's/$$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy*.conf
sed "s_\(.*root\).*;_\1 \"/var/www/${PRODUCT}\";_g" -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/letsencrypt.conf
sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/templates/nginx.conf.template
mv -f ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy-ssl.conf ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy-ssl.conf.template
cp -rf ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy.conf ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy.conf.template
- sed -i '/^\s*Name\s\+forward\s*/d; /^\s*Listen\s\+127\.0\.0\.1\s*/d; /^\s*Port\s\+24224\s*/d' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
- sed -i '0,/\[INPUT\]/ s/\(\[INPUT\]\)/\1\n Name tail\n Path \/var\/log\/onlyoffice\/${PRODUCT}\/*.log\n Path_Key filename/' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
+ sed -i "s#\(/var/log/onlyoffice/\)#\1${PRODUCT}/#" ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
+ sed -i '/^\[OUTPUT\]/i\[INPUT]' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
+ sed -i '/^\[OUTPUT\]/i\ Name exec' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
+ sed -i '/^\[OUTPUT\]/i\ Interval_Sec 86400' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
+ sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\''' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
+ sed -i '/^\[OUTPUT\]/i\\' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
for i in ${PRODUCT} $$(ls ${CURDIR}/debian/*.install | grep -oP 'debian/\K.*' | grep -o '^[^.]*'); do \
cp ${CURDIR}/debian/source/lintian-overrides ${CURDIR}/debian/$$i.lintian-overrides; \
diff --git a/install/docker/.env b/install/docker/.env
index a010cb2d35..6235394068 100644
--- a/install/docker/.env
+++ b/install/docker/.env
@@ -24,6 +24,8 @@
DASHBOARDS_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch-dashboards
DASHBOARDS_USERNAME=onlyoffice
DASHBOARDS_PASSWORD=onlyoffice
+ FLUENT_BIT_VERSION=3.0.2
+ FLUENT_BIT_CONTAINER_NAME=${CONTAINER_PREFIX}fluent-bit
# app service environment #
ENV_EXTENSION=none
diff --git a/install/docker/Dockerfile.app b/install/docker/Dockerfile.app
index 5e0d49bf2d..7ae38e6183 100644
--- a/install/docker/Dockerfile.app
+++ b/install/docker/Dockerfile.app
@@ -253,8 +253,8 @@ ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64
WORKDIR ${BUILD_PATH}/products/ASC.Files/service/
RUN echo "deb http://security.ubuntu.com/ubuntu focal-security main" | tee /etc/apt/sources.list && \
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 && \
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 871920D1991BC93C && \
+ apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \
+ apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \
apt-get -y update && \
apt-get install -yq libssl1.1 && \
rm -rf /var/lib/apt/lists/*
diff --git a/install/docker/config/docspace-logs b/install/docker/config/docspace-logs
deleted file mode 100644
index e8c34e7a3b..0000000000
--- a/install/docker/config/docspace-logs
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-set -e
-
-PRODUCT="docspace"
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-DOCKERCOMPOSE=$(dirname "$DIR")
-
-if [ -f "${DOCKERCOMPOSE}/docspace.yml" ]; then
- :
-elif [ -f "/app/onlyoffice/${PRODUCT}.yml" ]; then
- DOCKERCOMPOSE="/app/onlyoffice"
-else
- echo "Error: yml files not found." && exit 1
-fi
-
-FILES=("${PRODUCT}" "notify" "healthchecks" "proxy" "ds" "rabbitmq" "redis" "opensearch" "dashboards" "db")
-
-LOG_DIR="${DOCKERCOMPOSE}/logs"
-mkdir -p ${LOG_DIR}
-
-echo "Creating ${PRODUCT} logs to a directory ${LOG_DIR}..."
-for FILE in "${FILES[@]}"; do
- SERVICE_NAMES=($(docker-compose -f ${DOCKERCOMPOSE}/${FILE}.yml config --services))
- for SERVICE_NAME in "${SERVICE_NAMES[@]}"; do
- if [[ $(docker-compose -f ${DOCKERCOMPOSE}/${FILE}.yml ps -q ${SERVICE_NAME} | wc -l) -eq 1 ]]; then
- docker-compose -f ${DOCKERCOMPOSE}/${FILE}.yml logs ${SERVICE_NAME} > ${LOG_DIR}/${SERVICE_NAME}.log
- else
- echo "The ${SERVICE_NAME} service is not running"
- fi
- done
-done
-echo "OK"
diff --git a/install/docker/config/docspace-ssl-setup b/install/docker/config/docspace-ssl-setup
index d8e01ce200..5521c96144 100644
--- a/install/docker/config/docspace-ssl-setup
+++ b/install/docker/config/docspace-ssl-setup
@@ -72,12 +72,9 @@ case $1 in
fi
if grep -q '${CERTIFICATE_PATH}:' ${DOCKERCOMPOSE}/docspace.yml; then
- sed -i '/${CERTIFICATE_PATH}:/d' ${DOCKERCOMPOSE}/docspace.yml
- docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up --force-recreate -d onlyoffice-doceditor onlyoffice-login onlyoffice-socket onlyoffice-ssoauth
- fi
-
- if grep -q 'USE_UNAUTHORIZED_STORAGE' ${DOCKERCOMPOSE}/ds.yml; then
sed -i '/USE_UNAUTHORIZED_STORAGE/d' ${DOCKERCOMPOSE}/ds.yml
+ sed -i '/${CERTIFICATE_PATH}:/d' ${DOCKERCOMPOSE}/docspace.yml ${DOCKERCOMPOSE}/ds.yml
+ docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up --force-recreate -d onlyoffice-doceditor onlyoffice-login onlyoffice-socket onlyoffice-ssoauth
docker-compose -f ${DOCKERCOMPOSE}/ds.yml up --force-recreate -d
fi
@@ -112,7 +109,7 @@ case $1 in
-v /var/log:/var/log \
-v onlyoffice_webroot_path:${WEBROOT_PATH} \
certbot/certbot certonly \
- --expand --webroot -w ${WEBROOT_PATH} \
+ --expand --webroot -w ${WEBROOT_PATH} --key-type rsa \
--cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAINS[@]}
else
help
@@ -148,14 +145,14 @@ if [ -f "${CERTIFICATE_FILE}" ]; then
echo -e "@weekly root ${DIR}/${PRODUCT}-renew-letsencrypt" | tee /etc/cron.d/${PRODUCT}-letsencrypt
fi
else
- CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${CERTIFICATE_FILE}" | sed 's/subject=//')
- CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${CERTIFICATE_FILE}" | sed 's/issuer=//')
+ CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${CERTIFICATE_FILE}" | sed -n 's/^.*CN *= *\([^,]*\).*$/\1/p' | awk -F. '{print $(NF-1)"."$NF}')
+ CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${CERTIFICATE_FILE}" | sed -n 's/^.*CN *= *\([^,]*\).*$/\1/p' | awk -F. '{print $(NF-1)"."$NF}')
#Checking whether the certificate is self-signed
if [[ -n "$CERTIFICATE_SUBJECT" && -n "$CERTIFICATE_ISSUER" && "$CERTIFICATE_SUBJECT" == "$CERTIFICATE_ISSUER" ]]; then
sed -i '/app_data:\/.*/a \ - ${CERTIFICATE_PATH}:${CERTIFICATE_PATH}' ${DOCKERCOMPOSE}/docspace.yml
docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up --force-recreate -d onlyoffice-doceditor onlyoffice-login onlyoffice-socket onlyoffice-ssoauth
- sed -i '/environment:/a \ - USE_UNAUTHORIZED_STORAGE=true' ${DOCKERCOMPOSE}/ds.yml
+ sed -i '/app_data:\/.*/a \ - ${CERTIFICATE_PATH}:/var/www/onlyoffice/Data/certs/extra-ca-certs.pem' ${DOCKERCOMPOSE}/ds.yml
docker-compose -f ${DOCKERCOMPOSE}/ds.yml up --force-recreate -d
fi
fi
diff --git a/install/docker/config/fluent-bit.conf b/install/docker/config/fluent-bit.conf
index 5e9b731523..acffc677b1 100644
--- a/install/docker/config/fluent-bit.conf
+++ b/install/docker/config/fluent-bit.conf
@@ -4,14 +4,14 @@
Daemon off
[INPUT]
- Name forward
- Listen 127.0.0.1
- Port 24224
-
-[INPUT]
- Name exec
- Interval_Sec 86400
- Command curl -s -X POST 'OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query' -H 'Content-Type: application/json' -d "{\"query\": {\"range\": {\"@timestamp\": {\"lt\": \"$(date -u -d '30 days ago' '+%Y-%m-%dT%H:%M:%S')\"}}}}"
+ Name tail
+ Path /var/log/onlyoffice/*.log, /var/log/onlyoffice/**/**/*.log
+ Exclude_Path /var/log/onlyoffice/*.sql.log
+ Path_Key filename
+ Mem_Buf_Limit 500MB
+ Refresh_Interval 60
+ Ignore_Older 30d
+ Skip_Empty_Lines true
[OUTPUT]
Name opensearch
@@ -20,6 +20,7 @@
Port OPENSEARCH_PORT
Replace_Dots On
Suppress_Type_Name On
+ Compress gzip
Time_Key @timestamp
Type _doc
Index OPENSEARCH_INDEX
diff --git a/install/docker/config/nginx/onlyoffice-proxy-ssl.conf b/install/docker/config/nginx/onlyoffice-proxy-ssl.conf
index 3cf3dce2a5..1dbe016713 100644
--- a/install/docker/config/nginx/onlyoffice-proxy-ssl.conf
+++ b/install/docker/config/nginx/onlyoffice-proxy-ssl.conf
@@ -7,6 +7,9 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header 'Server';
proxy_hide_header 'X-Powered-By';
+access_log /var/log/nginx/access-proxy.log;
+error_log /var/log/nginx/error-proxy.log;
+
## HTTP host
server {
listen 0.0.0.0:80;
@@ -32,8 +35,14 @@ server {
## HTTPS host
server {
+ # Enable HTTP/2
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl default_server;
+
+ # Enable QUIC and HTTP/3.
+ listen 0.0.0.0:443 quic reuseport;
+ listen [::]:443 quic reuseport;
+
root /usr/share/nginx/html;
client_max_body_size 4G;
@@ -48,7 +57,7 @@ server {
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
- ssl_protocols TLSv1.2;
+ ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
@@ -56,6 +65,7 @@ server {
add_header Strict-Transport-Security max-age=31536000;
# add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
+ add_header alt-svc 'h3=":443"; ma=86400';
## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
## Replace with your ssl_trusted_certificate. For more info see:
diff --git a/install/docker/config/nginx/onlyoffice-proxy.conf b/install/docker/config/nginx/onlyoffice-proxy.conf
index 1180039766..bfa3d940f0 100644
--- a/install/docker/config/nginx/onlyoffice-proxy.conf
+++ b/install/docker/config/nginx/onlyoffice-proxy.conf
@@ -7,6 +7,9 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header 'Server';
proxy_hide_header 'X-Powered-By';
+access_log /var/log/nginx/access-proxy.log;
+error_log /var/log/nginx/error-proxy.log;
+
server {
listen 0.0.0.0:80;
listen [::]:80 default_server;
diff --git a/install/docker/docker-entrypoint.py b/install/docker/docker-entrypoint.py
index 9026586bdd..e1a3522623 100644
--- a/install/docker/docker-entrypoint.py
+++ b/install/docker/docker-entrypoint.py
@@ -200,6 +200,7 @@ writeJsonFile(filePath, jsonData)
filePath = "/app/onlyoffice/config/appsettings.services.json"
jsonData = openJsonFile(filePath)
+updateJsonData(jsonData,"$.logPath", LOG_DIR)
updateJsonData(jsonData,"$.logLevel", LOG_LEVEL)
writeJsonFile(filePath, jsonData)
diff --git a/install/docker/docspace.yml b/install/docker/docspace.yml
index e9b4f8533a..1224e3227e 100644
--- a/install/docker/docspace.yml
+++ b/install/docker/docspace.yml
@@ -53,6 +53,7 @@ x-service: &x-service-base
CERTIFICATE_PATH: ${CERTIFICATE_PATH}
volumes:
#- /app/onlyoffice/CommunityServer/data:/app/onlyoffice/data
+ - log_data:/var/log/onlyoffice
- app_data:/app/onlyoffice/data
- files_data:/var/www/products/ASC.Files/server/
- people_data:/var/www/products/ASC.People/server/
@@ -161,7 +162,7 @@ services:
- "5013"
healthcheck:
<<: *x-healthcheck
- test: curl --fail http://${SERVICE_DOCEDITOR}/health || exit 1
+ test: curl --fail http://${SERVICE_DOCEDITOR}/doceditor/health || exit 1
onlyoffice-login:
<<: *x-service-base
@@ -171,7 +172,7 @@ services:
- "5011"
healthcheck:
<<: *x-healthcheck
- test: curl --fail http://${SERVICE_LOGIN}/health || exit 1
+ test: curl --fail http://${SERVICE_LOGIN}/login/health || exit 1
onlyoffice-router:
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-router:${DOCKER_TAG}"
@@ -227,7 +228,7 @@ services:
- DASHBOARDS_USERNAME=${DASHBOARDS_USERNAME}
- DASHBOARDS_PASSWORD=${DASHBOARDS_PASSWORD}
volumes:
- - router_log:/var/log/nginx
+ - log_data:/var/log/nginx
networks:
default:
@@ -235,7 +236,7 @@ networks:
external: true
volumes:
- router_log:
+ log_data:
app_data:
files_data:
people_data:
diff --git a/install/docker/ds.yml b/install/docker/ds.yml
index d5aab2d741..b64e3f6a3e 100644
--- a/install/docker/ds.yml
+++ b/install/docker/ds.yml
@@ -9,6 +9,7 @@ services:
- JWT_HEADER=${DOCUMENT_SERVER_JWT_HEADER}
- JWT_IN_BODY=true
volumes:
+ - log_data:/var/log/onlyoffice
- app_data:/var/www/onlyoffice/Data
expose:
- '80'
@@ -22,4 +23,5 @@ networks:
external: true
volumes:
+ log_data:
app_data:
diff --git a/install/docker/fluent.yml b/install/docker/fluent.yml
new file mode 100644
index 0000000000..6eada1fb3a
--- /dev/null
+++ b/install/docker/fluent.yml
@@ -0,0 +1,19 @@
+services:
+ fluent-bit:
+ image: fluent/fluent-bit:${FLUENT_BIT_VERSION}
+ container_name: ${FLUENT_BIT_CONTAINER_NAME}
+ restart: always
+ environment:
+ - HOST=${ELK_CONTAINER_NAME}
+ - PORT=${ELK_PORT}
+ volumes:
+ - log_data:/var/log/onlyoffice
+ - ./config/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
+
+networks:
+ default:
+ name: ${NETWORK_NAME}
+ external: true
+
+volumes:
+ log_data:
diff --git a/install/docker/notify.yml b/install/docker/notify.yml
index 6f21d6e4a1..870b617408 100644
--- a/install/docker/notify.yml
+++ b/install/docker/notify.yml
@@ -53,6 +53,7 @@ x-service:
DEBUG_INFO: ${DEBUG_INFO}
volumes:
#- /app/onlyoffice/CommunityServer/data:/app/onlyoffice/data
+ - log_data:/var/log/onlyoffice
- app_data:/app/onlyoffice/data
- files_data:/var/www/products/ASC.Files/server/
- people_data:/var/www/products/ASC.People/server/
@@ -72,6 +73,7 @@ networks:
external: true
volumes:
+ log_data:
app_data:
files_data:
people_data:
diff --git a/install/docker/proxy-ssl.yml b/install/docker/proxy-ssl.yml
index c06212bb7d..50e8aa0405 100644
--- a/install/docker/proxy-ssl.yml
+++ b/install/docker/proxy-ssl.yml
@@ -16,13 +16,14 @@ services:
test: nginx -t || exit 1
ports:
- 80:80
- - 443:443
+ - 443:443/tcp
+ - 443:443/udp
environment:
- ROUTER_HOST=${ROUTER_HOST}
- EXTERNAL_PORT=${EXTERNAL_PORT}
volumes:
- webroot_path:/letsencrypt
- - proxy_log:/var/log/nginx
+ - log_data:/var/log/nginx
- ./config/nginx/templates/nginx.conf.template:/etc/nginx/nginx.conf
- ./config/nginx/letsencrypt.conf:/etc/nginx/includes/letsencrypt.conf
- ./config/nginx/templates/proxy.upstream.conf.template:/etc/nginx/templates/proxy.upstream.conf.template:ro
@@ -37,5 +38,5 @@ networks:
external: true
volumes:
- proxy_log:
+ log_data:
webroot_path:
diff --git a/install/docker/proxy.yml b/install/docker/proxy.yml
index d4f1255eef..6d149d5713 100644
--- a/install/docker/proxy.yml
+++ b/install/docker/proxy.yml
@@ -21,7 +21,7 @@ services:
- EXTERNAL_PORT=${EXTERNAL_PORT}
volumes:
- webroot_path:/letsencrypt
- - proxy_log:/var/log/nginx
+ - log_data:/var/log/nginx
- ./config/nginx/templates/nginx.conf.template:/etc/nginx/nginx.conf
- ./config/nginx/letsencrypt.conf:/etc/nginx/includes/letsencrypt.conf
- ./config/nginx/templates/proxy.upstream.conf.template:/etc/nginx/templates/proxy.upstream.conf.template:ro
@@ -33,5 +33,5 @@ networks:
external: true
volumes:
- proxy_log:
+ log_data:
webroot_path:
diff --git a/install/install.bat b/install/install.bat
index b03e6a86f3..84d5901467 100644
--- a/install/install.bat
+++ b/install/install.bat
@@ -1,5 +1,7 @@
@echo off
+chcp 65001 > nul
+
PUSHD %~dp0..
call runasadmin.bat "%~dpnx0"
diff --git a/install/rpm/SPECS/build.spec b/install/rpm/SPECS/build.spec
index 08012cb81a..49dc43eb69 100644
--- a/install/rpm/SPECS/build.spec
+++ b/install/rpm/SPECS/build.spec
@@ -27,11 +27,15 @@ sed 's/teamlab.info/onlyoffice.com/g' -i config/autofac.consumers.json
sed -e 's_etc/nginx_etc/openresty_g' -e 's/listen\s\+\([0-9]\+\);/listen 127.0.0.1:\1;/g' -i config/nginx/*.conf
sed -i "s#\$public_root#/var/www/%{product}/public/#g" config/nginx/onlyoffice.conf
sed -E 's_(http://)[^:]+(:5601)_\1localhost\2_g' -i config/nginx/onlyoffice.conf
-sed -e 's/$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -i install/docker/config/nginx/onlyoffice-proxy*.conf
+sed -e 's/$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i install/docker/config/nginx/onlyoffice-proxy*.conf
sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i install/docker/config/nginx/templates/nginx.conf.template
sed -i "s_\(.*root\).*;_\1 \"/var/www/%{product}\";_g" -i install/docker/config/nginx/letsencrypt.conf
-sed -i '/^\s*Name\s\+forward\s*$/d; /^\s*Listen\s\+127\.0\.0\.1\s*$/d; /^\s*Port\s\+24224\s*$/d' -i install/docker/config/fluent-bit.conf
-sed -i "0,/\[INPUT\]/ s/\(\[INPUT\]\)/\1\n Name tail\n Path \/var\/log\/onlyoffice\/%{product}\/*.log\n Path_Key filename/" -i install/docker/config/fluent-bit.conf
+sed -i "s#\(/var/log/onlyoffice/\)#\1%{product}#" install/docker/config/fluent-bit.conf
+sed -i '/^\[OUTPUT\]/i\[INPUT]' install/docker/config/fluent-bit.conf
+sed -i '/^\[OUTPUT\]/i\ Name exec' install/docker/config/fluent-bit.conf
+sed -i '/^\[OUTPUT\]/i\ Interval_Sec 86400' install/docker/config/fluent-bit.conf
+sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\''' install/docker/config/fluent-bit.conf
+sed -i '/^\[OUTPUT\]/i\\' install/docker/config/fluent-bit.conf
find %{_builddir}/server/publish/ \
%{_builddir}/server/ASC.Migration.Runner \
diff --git a/install/rpm/SPECS/files.spec b/install/rpm/SPECS/files.spec
index aa8073a1ad..70b30262e3 100644
--- a/install/rpm/SPECS/files.spec
+++ b/install/rpm/SPECS/files.spec
@@ -34,7 +34,6 @@
%exclude %{_sysconfdir}/onlyoffice/%{product}/openresty
%exclude %{_sysconfdir}/onlyoffice/%{product}/nginx
%{_docdir}/%{name}-%{version}-%{release}/
-%config %{_sysconfdir}/logrotate.d/%{product}-common
%{_var}/log/onlyoffice/%{product}/
%dir %{_sysconfdir}/onlyoffice/
%dir %{_sysconfdir}/onlyoffice/%{product}/
diff --git a/install/rpm/SPECS/install.spec b/install/rpm/SPECS/install.spec
index e9a53680b1..6846089986 100644
--- a/install/rpm/SPECS/install.spec
+++ b/install/rpm/SPECS/install.spec
@@ -25,6 +25,7 @@ mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/server/DocStore/"
mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/editor/"
# Hidden folders are not copied when applying a mask * (only in RPM), so we explicitly copy .next directory in this way
mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/editor/.next/"
+mkdir -p "%{buildroot}%{buildpath}/products/ASC.Login/login/.next/"
mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/client/"
mkdir -p "%{buildroot}%{buildpath}/client/"
mkdir -p "%{buildroot}%{buildpath}/management/"
@@ -34,13 +35,13 @@ mkdir -p "%{buildroot}%{_sysconfdir}/openresty/conf.d/"
mkdir -p "%{buildroot}%{_sysconfdir}/openresty/html/"
mkdir -p "%{buildroot}%{_sysconfdir}/onlyoffice/%{product}/openresty"
mkdir -p "%{buildroot}%{_sysconfdir}/onlyoffice/%{product}/.private/"
-mkdir -p "%{buildroot}%{_sysconfdir}/logrotate.d"
mkdir -p "%{buildroot}%{_sysconfdir}/fluent-bit/"
mkdir -p "%{buildroot}%{_docdir}/%{name}-%{version}-%{release}/"
mkdir -p "%{buildroot}%{_bindir}/"
cp -rf %{_builddir}/publish/web/public/* "%{buildroot}%{buildpath}/public/"
cp -rf %{_builddir}/campaigns/src/campaigns/* "%{buildroot}%{buildpath}/public/campaigns"
cp -rf %{_builddir}/publish/web/login/* "%{buildroot}%{buildpath}/products/ASC.Login/login/"
+cp -rf %{_builddir}/publish/web/login/.next/* "%{buildroot}%{buildpath}/products/ASC.Login/login/.next/"
cp -rf %{_builddir}/publish/web/editor/* "%{buildroot}%{buildpath}/products/ASC.Files/editor/"
cp -rf %{_builddir}/publish/web/editor/.next/* "%{buildroot}%{buildpath}/products/ASC.Files/editor/.next/"
cp -rf %{_builddir}/server/products/ASC.Files/Server/DocStore/* "%{buildroot}%{buildpath}/products/ASC.Files/server/DocStore/"
@@ -69,7 +70,6 @@ cp -rf %{_builddir}/buildtools/install/docker/config/nginx/onlyoffice-proxy.conf
cp -rf %{_builddir}/buildtools/install/docker/config/nginx/onlyoffice-proxy-ssl.conf "%{buildroot}%{_sysconfdir}/openresty/conf.d/onlyoffice-proxy-ssl.conf.template"
cp -rf %{_builddir}/buildtools/install/docker/config/nginx/letsencrypt.conf "%{buildroot}%{_sysconfdir}/openresty/includes/letsencrypt.conf"
cp -rf %{_builddir}/buildtools/install/common/systemd/modules/* "%{buildroot}/usr/lib/systemd/system/"
-cp -rf %{_builddir}/buildtools/install/common/logrotate/product-common "%{buildroot}%{_sysconfdir}/logrotate.d/%{product}-common"
cp -rf %{_builddir}/buildtools/install/common/%{product}-ssl-setup "%{buildroot}%{_bindir}/%{product}-ssl-setup"
cp -rf %{_builddir}/buildtools/install/common/%{product}-configuration "%{buildroot}%{_bindir}/%{product}-configuration"
cp -rf %{_builddir}/buildtools/config/nginx/onlyoffice*.conf "%{buildroot}%{_sysconfdir}/openresty/conf.d/"
diff --git a/install/rpm/SPECS/package.spec b/install/rpm/SPECS/package.spec
index ed8879e870..767e1eae74 100644
--- a/install/rpm/SPECS/package.spec
+++ b/install/rpm/SPECS/package.spec
@@ -13,7 +13,6 @@ The service which handles API requests related to backup
Packager: %{packager}
Summary: Common
Group: Applications/Internet
-Requires: logrotate
BuildArch: noarch
%description common
A package containing configure and scripts
diff --git a/install/rpm/SPECS/product.spec b/install/rpm/SPECS/product.spec
index 4aa9df9357..3eabd5f142 100644
--- a/install/rpm/SPECS/product.spec
+++ b/install/rpm/SPECS/product.spec
@@ -53,6 +53,7 @@ Requires: %name-socket = %version-%release
Requires: %name-ssoauth = %version-%release
Requires: %name-studio = %version-%release
Requires: %name-studio-notify = %version-%release
+Requires: openssl
%description
ONLYOFFICE DocSpace is a new way to collaborate on documents with teams,
diff --git a/install/win/DocSpace.aip b/install/win/DocSpace.aip
index 96b57413d0..004329ddf5 100644
--- a/install/win/DocSpace.aip
+++ b/install/win/DocSpace.aip
@@ -56,7 +56,7 @@
-
+
@@ -366,6 +366,7 @@
+
@@ -393,10 +394,12 @@
+
+
diff --git a/install/win/build-batch.bat b/install/win/build-batch.bat
index 9f394a503b..b8aecbc3fc 100644
--- a/install/win/build-batch.bat
+++ b/install/win/build-batch.bat
@@ -59,15 +59,20 @@ REM echo ######## SSL configs ########
%sed% -i "s/proxy_x_forwarded_port/server_port/g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl
%sed% -i "s/proxy_x_forwarded_proto/scheme/g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
%sed% -i "s/ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/#ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
+%sed% -i "/quic\|alt-svc/Id" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
%sed% -i "s_\(.*root\).*;_\1 \"{APPDIR}letsencrypt\";_g" -i buildtools\install\win\Files\nginx\conf\includes\letsencrypt.conf
+%sed% -i "s#/var/log/nginx/#logs/#g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
%sed% -i "s#/etc/nginx/html#conf/html#g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf
%sed% -i "s/\/etc\/nginx\/\.htpasswd_dashboards/\.htpasswd_dashboards/g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf
REM echo ######## Configure fluent-bit config for windows ########
-%sed% -i "s/forward/tail/" buildtools\install\win\Files\config\fluent-bit.conf
-%sed% -i "s/Port/Path/" buildtools\install\win\Files\config\fluent-bit.conf
-%sed% -i "s/24224/{APPDIR}Logs\*.log/" buildtools\install\win\Files\config\fluent-bit.conf
-%sed% -i "/Listen\s*127\.0\.0\.1/d" buildtools\install\win\Files\config\fluent-bit.conf
+%sed% -i -e "s|/var/log/onlyoffice/|{APPDIR}Logs\\|g" -e "s|\*\*/|\*\*\\|g" -e "s#DocSpace\Logs\**\#DocumentServer\Log\#g" buildtools\install\win\Files\config\fluent-bit.conf
+%sed% -i "/^\[OUTPUT\]/i\[INPUT]" buildtools\install\win\Files\config\fluent-bit.conf
+%sed% -i "/^\[OUTPUT\]/i\ Name exec" buildtools\install\win\Files\config\fluent-bit.conf
+%sed% -i "/^\[OUTPUT\]/i\ Interval_Sec 86400" buildtools\install\win\Files\config\fluent-bit.conf
+%sed% -i "/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H 'Content-Type: application/json' -d '{\"query\": {\"range\": {\"@timestamp\": {\"lt\": \"now-30d\"}}}}'" buildtools\install\win\Files\config\fluent-bit.conf
+%sed% -i -e "s/\"/\\\\\"/g" -e "s/'/\"/g" buildtools\install\win\Files\config\fluent-bit.conf
+%sed% -i "/\[OUTPUT\]/i\\n" buildtools\install\win\Files\config\fluent-bit.conf
REM echo ######## Delete test and dev configs ########
del /f /q buildtools\install\win\Files\config\*.test.json
diff --git a/install/win/sbin/docspace-ssl-setup.ps1 b/install/win/sbin/docspace-ssl-setup.ps1
index 264a616754..1253428f9e 100644
--- a/install/win/sbin/docspace-ssl-setup.ps1
+++ b/install/win/sbin/docspace-ssl-setup.ps1
@@ -28,6 +28,7 @@ if ( -not $certbot_path )
exit
}
+$product = "docspace"
$letsencrypt_root_dir = "$env:SystemDrive\Certbot\live"
$app = Resolve-Path -Path ".\..\"
$root_dir = "${app}\letsencrypt"
@@ -46,17 +47,17 @@ if ( $args.Count -ge 2 )
}
else {
- $letsencrypt_mail = $args[0]
- $letsencrypt_domain = $args[1]
+ $letsencrypt_mail = $args[0] -JOIN ","
+ $letsencrypt_domain = $args[1] -JOIN ","
[void](New-Item -ItemType "directory" -Path "${root_dir}\Logs" -Force)
- "certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log"
- cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log"
+ "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log"
+ cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log"
- pushd "${letsencrypt_root_dir}\${letsencrypt_domain}"
- $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\fullchain.pem").Target).ToString().Replace('\', '/')
- $ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\privkey.pem").Target).ToString().Replace('\', '/')
+ pushd "${letsencrypt_root_dir}\${product}"
+ $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\fullchain.pem").Target).ToString().Replace('\', '/')
+ $ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\privkey.pem").Target).ToString().Replace('\', '/')
popd
}
@@ -68,7 +69,7 @@ if ( $args.Count -ge 2 )
if ($letsencrypt_domain)
{
- $acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${letsencrypt_domain}"
+ $acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${product}"
$acl.SetSecurityDescriptorSddlForm('O:LAG:S-1-5-21-4011186057-2202358572-2315966083-513D:PAI(A;;0x1200a9;;;WD)(A;;FA;;;SY)(A;OI;0x1200a9;;;LS)(A;;FA;;;BA)(A;;FA;;;LA)')
Set-Acl -Path $acl.path -ACLObject $acl
}
@@ -107,6 +108,8 @@ else
Write-Output " comma to register multiple emails, ex: "
Write-Output " u1@example.com,u2@example.com. "
Write-Output " DOMAIN Domain name to apply "
+ Write-Output " Use comma to register multiple domains, ex: "
+ Write-Output " example.com,s1.example.com,s2.example.com. "
Write-Output " "
Write-Output " Using your own certificates via the -f parameter: "
Write-Output " usage: "
diff --git a/run.translations.tests.bat b/run.translations.tests.bat
index 4ec7cccfb5..4ef9257ee9 100644
--- a/run.translations.tests.bat
+++ b/run.translations.tests.bat
@@ -1,4 +1,5 @@
-PUSHD %~dp0\..
-set dir="%cd%"
-echo %dir%
-dotnet test %dir%\client\common\Tests\Frontend.Translations.Tests\Frontend.Translations.Tests.csproj --filter "TestCategory=Locales" -l:html --environment "BASE_DIR=%dir%" --results-directory "%dir%\TestsResults"
\ No newline at end of file
+PUSHD %~dp0\..
+set dir=%cd%
+echo %dir%
+dotnet test %dir%\client\common\Tests\Frontend.Translations.Tests\Frontend.Translations.Tests.csproj --filter "TestCategory=Locales" -l:html --environment "BASE_DIR=%dir%\client" --results-directory "%dir%\TestsResults"
+pause
\ No newline at end of file
diff --git a/run/Login.xml b/run/Login.xml
index 9ed5a7efda..06ba10362e 100644
--- a/run/Login.xml
+++ b/run/Login.xml
@@ -3,7 +3,8 @@
ONLYOFFICE Login SSR
manual
node
- ../../publish/web/login/server.js
+ server.js
+ %BASE%\..\..\client\packages\login
true
diff --git a/tests/vagrant/Vagrantfile b/tests/vagrant/Vagrantfile
index 98c7b371e3..68f9f831ae 100644
--- a/tests/vagrant/Vagrantfile
+++ b/tests/vagrant/Vagrantfile
@@ -15,6 +15,7 @@ Vagrant.configure("2") do |config|
config.vm.provision "file", source: "../../../DocSpace-buildtools/install/OneClickInstall/.", destination: "/tmp/docspace/"
end
+ config.vm.provision "file", source: "../../../DocSpace-buildtools/install/common/systemd/build.sh", destination: "/tmp/docspace/build.sh"
config.vm.provision "shell", path: './install.sh', :args => "#{ENV['DOWNLOAD_SCRIPT']} #{ENV['TEST_REPO']} #{ENV['ARGUMENTS']}"
# Prevent SharedFoldersEnableSymlinksCreate errors
diff --git a/tests/vagrant/install.sh b/tests/vagrant/install.sh
index 76802eb254..9e45cb2ab7 100644
--- a/tests/vagrant/install.sh
+++ b/tests/vagrant/install.sh
@@ -1,91 +1,45 @@
#!/bin/bash
-set -ex
+set -e
while [ "$1" != "" ]; do
- case $1 in
+ case $1 in
+ -ds | --download-scripts )
+ if [ "$2" != "" ]; then
+ DOWNLOAD_SCRIPTS=$2
+ shift
+ fi
+ ;;
- -ds | --download-scripts )
- if [ "$2" != "" ]; then
- DOWNLOAD_SCRIPTS=$2
- shift
- fi
- ;;
+ -arg | --arguments )
+ if [ "$2" != "" ]; then
+ ARGUMENTS=$2
+ shift
+ fi
+ ;;
- -arg | --arguments )
- if [ "$2" != "" ]; then
- ARGUMENTS=$2
- shift
- fi
- ;;
+ -li | --local-install )
+ if [ "$2" != "" ]; then
+ LOCAL_INSTALL=$2
+ shift
+ fi
+ ;;
-
- -pi | --production-install )
- if [ "$2" != "" ]; then
- PRODUCTION_INSTALL=$2
- shift
- fi
- ;;
-
- -li | --local-install )
- if [ "$2" != "" ]; then
- LOCAL_INSTALL=$2
- shift
- fi
- ;;
-
- -lu | --local-update )
- if [ "$2" != "" ]; then
- LOCAL_UPDATE=$2
- shift
- fi
- ;;
-
- -tr | --test-repo )
- if [ "$2" != "" ]; then
- TEST_REPO_ENABLE=$2
- shift
- fi
- ;;
-
-
- esac
- shift
+ -tr | --test-repo )
+ if [ "$2" != "" ]; then
+ TEST_REPO_ENABLE=$2
+ shift
+ fi
+ ;;
+ esac
+ shift
done
export TERM=xterm-256color^M
-SERVICES_SYSTEMD=(
- "docspace-api.service"
- "docspace-doceditor.service"
- "docspace-studio-notify.service"
- "docspace-files.service"
- "docspace-notify.service"
- "docspace-studio.service"
- "docspace-backup-background.service"
- "docspace-files-services.service"
- "docspace-people-server.service"
- "docspace-backup.service"
- "docspace-healthchecks.service"
- "docspace-socket.service"
- "docspace-clear-events.service"
- "docspace-login.service"
- "docspace-ssoauth.service"
- "ds-converter.service"
- "ds-docservice.service"
- "ds-metrics.service")
-
function common::get_colors() {
- COLOR_BLUE=$'\e[34m'
- COLOR_GREEN=$'\e[32m'
- COLOR_RED=$'\e[31m'
- COLOR_RESET=$'\e[0m'
- COLOR_YELLOW=$'\e[33m'
- export COLOR_BLUE
- export COLOR_GREEN
- export COLOR_RED
- export COLOR_RESET
- export COLOR_YELLOW
+ export LINE_SEPARATOR="-----------------------------------------"
+ export COLOR_BLUE=$'\e[34m' COLOR_GREEN=$'\e[32m' COLOR_RED=$'\e[31m' COLOR_RESET=$'\e[0m' COLOR_YELLOW=$'\e[33m'
}
#############################################################################################
@@ -98,13 +52,10 @@ function common::get_colors() {
# None
#############################################################################################
function check_hw() {
- local FREE_RAM=$(free -h)
- local FREE_CPU=$(nproc)
- echo "${COLOR_RED} ${FREE_RAM} ${COLOR_RESET}"
- echo "${COLOR_RED} ${FREE_CPU} ${COLOR_RESET}"
+ echo "${COLOR_RED} $(free -h) ${COLOR_RESET}"
+ echo "${COLOR_RED} $(nproc) ${COLOR_RESET}"
}
-
#############################################################################################
# Add nexus repositories for test packages for .deb and .rpm packages
# Globals: None
@@ -149,12 +100,8 @@ function prepare_vm() {
;;
debian)
- if [ "$VERSION_CODENAME" == "bookworm" ]; then
- apt-get update -y
- apt install -y curl gnupg
- fi
- apt-get remove postfix -y
- echo "${COLOR_GREEN}☑ PREPAVE_VM: Postfix was removed${COLOR_RESET}"
+ [ "$VERSION_CODENAME" == "bookworm" ] && apt-get update -y && apt install -y curl gnupg
+ apt-get remove postfix -y && echo "${COLOR_GREEN}☑ PREPAVE_VM: Postfix was removed${COLOR_RESET}"
[[ "${TEST_REPO_ENABLE}" == 'true' ]] && add-repo-deb
;;
@@ -163,10 +110,7 @@ function prepare_vm() {
;;
centos)
- if [ "$VERSION_ID" == "9" ]; then
- update-crypto-policies --set LEGACY
- echo "${COLOR_GREEN}☑ PREPAVE_VM: sha1 gpg key chek enabled${COLOR_RESET}"
- fi
+ [ "$VERSION_ID" == "8" ] && sed -i 's|^mirrorlist=|#&|; s|^#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|' /etc/yum.repos.d/CentOS-*
[[ "${TEST_REPO_ENABLE}" == 'true' ]] && add-repo-rpm
yum -y install centos*-release
;;
@@ -175,21 +119,16 @@ function prepare_vm() {
echo "${COLOR_RED}Failed to determine Linux dist${COLOR_RESET}"; exit 1
;;
esac
-
else
echo "${COLOR_RED}File /etc/os-release doesn't exist${COLOR_RESET}"; exit 1
fi
# Clean up home folder
rm -rf /home/vagrant/*
-
- if [ -d /tmp/docspace ]; then
- mv /tmp/docspace/* /home/vagrant
- fi
+ [ -d /tmp/docspace ] && mv /tmp/docspace/* /home/vagrant
echo '127.0.0.1 host4test' | sudo tee -a /etc/hosts
echo "${COLOR_GREEN}☑ PREPAVE_VM: Hostname was setting up${COLOR_RESET}"
-
}
#############################################################################################
@@ -202,34 +141,23 @@ function prepare_vm() {
# Script log
#############################################################################################
function install_docspace() {
- if [ "${DOWNLOAD_SCRIPTS}" == 'true' ]; then
- wget https://download.onlyoffice.com/docspace/docspace-install.sh
- else
- sed 's/set -e/set -xe/' -i *.sh
- fi
-
- printf "N\nY\nY" | bash docspace-install.sh ${ARGUMENTS}
-
- if [[ $? != 0 ]]; then
- echo "Exit code non-zero. Exit with 1."
- exit 1
- else
- echo "Exit code 0. Continue..."
- fi
+ [[ "${DOWNLOAD_SCRIPTS}" == 'true' ]] && wget https://download.onlyoffice.com/docspace/docspace-install.sh || sed 's/set -e/set -xe/' -i *.sh
+ bash docspace-install.sh package ${ARGUMENTS} || { echo "Exit code non-zero. Exit with 1."; exit 1; }
+ echo "Exit code 0. Continue..."
}
#############################################################################################
# Healthcheck function for systemd services
# Globals:
-# SERVICES_SYSTEMD
+# None
# Arguments:
# None
# Outputs:
# Message about service status
#############################################################################################
function healthcheck_systemd_services() {
- for service in ${SERVICES_SYSTEMD[@]}
- do
+ for service in ${SERVICES_SYSTEMD[@]}; do
+ [[ "$service" == "docspace-migration-runner.service" ]] && continue;
if systemctl is-active --quiet ${service}; then
echo "${COLOR_GREEN}☑ OK: Service ${service} is running${COLOR_RESET}"
else
@@ -239,7 +167,6 @@ function healthcheck_systemd_services() {
done
}
-
#############################################################################################
# Set output if some services failed
# Globals:
@@ -261,7 +188,7 @@ function healthcheck_general_status() {
#############################################################################################
# Get logs for all services
# Globals:
-# $SERVICES_SYSTEMD
+# None
# Arguments:
# None
# Outputs:
@@ -272,83 +199,27 @@ function healthcheck_general_status() {
# This function succeeds even if the file for cat was not found. For that use ${SKIP_EXIT} variable
#############################################################################################
function services_logs() {
+ SERVICES_SYSTEMD=($(awk '/SERVICE_NAME=\(/{flag=1; next} /\)/{flag=0} flag' "build.sh" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | sed 's/^/docspace-/' | sed 's/$/.service/'))
+ SERVICES_SYSTEMD+=("ds-converter.service" "ds-docservice.service" "ds-metrics.service")
+
for service in ${SERVICES_SYSTEMD[@]}; do
- echo -----------------------------------------
- echo "${COLOR_GREEN}Check logs for systemd service: $service${COLOR_RESET}"
- echo ---------------------- -------------------
- EXIT_CODE=0
- journalctl -u $service || true
+ echo $LINE_SEPARATOR && echo "${COLOR_GREEN}Check logs for systemd service: $service${COLOR_RESET}" && echo $LINE_SEPARATOR
+ journalctl -u $service -n 30 || true
done
- local MAIN_LOGS_DIR="/var/log/onlyoffice"
- local DOCSPACE_LOGS_DIR="${MAIN_LOGS_DIR}/docspace"
- local DOCUMENTSERVER_LOGS_DIR="${MAIN_LOGS_DIR}/documentserver"
- local DOCSERVICE_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/docservice"
- local CONVERTER_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/converter"
- local METRICS_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/metrics"
-
- ARRAY_MAIN_SERVICES_LOGS=($(ls ${MAIN_LOGS_DIR} | grep log | sed 's/web.sql.log//;s/web.api.log//;s/nginx.*//' ))
- ARRAY_DOCSPACE_LOGS=($(ls ${DOCSPACE_LOGS_DIR}))
- ARRAY_DOCSERVICE_LOGS=($(ls ${DOCSERVICE_LOGS_DIR}))
- ARRAY_CONVERTER_LOGS=($(ls ${CONVERTER_LOGS_DIR}))
- ARRAY_METRICS_LOGS=($(ls ${METRICS_LOGS_DIR}))
-
- echo "-----------------------------------"
- echo "${COLOR_YELLOW} Check logs for main services ${COLOR_RESET}"
- echo "-----------------------------------"
- for file in ${ARRAY_MAIN_SERVICES_LOGS[@]}; do
- echo ---------------------------------------
- echo "${COLOR_GREEN}logs from file: ${file}${COLOR_RESET}"
- echo ---------------------------------------
- cat ${MAIN_LOGS_DIR}/${file} || true
- done
-
- echo "-----------------------------------"
- echo "${COLOR_YELLOW} Check logs for Docservice ${COLOR_RESET}"
- echo "-----------------------------------"
- for file in ${ARRAY_DOCSERVICE_LOGS[@]}; do
- echo ---------------------------------------
- echo "${COLOR_GREEN}logs from file: ${file}${COLOR_RESET}"
- echo ---------------------------------------
- cat ${DOCSERVICE_LOGS_DIR}/${file} || true
- done
-
- echo "-----------------------------------"
- echo "${COLOR_YELLOW} Check logs for Converter ${COLOR_RESET}"
- echo "-----------------------------------"
- for file in ${ARRAY_CONVERTER_LOGS[@]}; do
- echo ---------------------------------------
- echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
- echo ---------------------------------------
- cat ${CONVERTER_LOGS_DIR}/${file} || true
- done
-
- echo "-----------------------------------"
- echo "${COLOR_YELLOW} Start logs for Metrics ${COLOR_RESET}"
- echo "-----------------------------------"
- for file in ${ARRAY_METRICS_LOGS[@]}; do
- echo ---------------------------------------
- echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
- echo ---------------------------------------
- cat ${METRICS_LOGS_DIR}/${file} || true
- done
+ local DOCSPACE_LOGS_DIR="/var/log/onlyoffice/docspace"
+ local DOCUMENTSERVER_LOGS_DIR="/var/log/onlyoffice/documentserver"
- echo "-----------------------------------"
- echo "${COLOR_YELLOW} Start logs for DocSpace ${COLOR_RESET}"
- echo "-----------------------------------"
- for file in ${ARRAY_DOCSPACE_LOGS[@]}; do
- echo ---------------------------------------
- echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
- echo ---------------------------------------
- cat ${DOCSPACE_LOGS_DIR}/${file} || true
+ for LOGS_DIR in "${DOCSPACE_LOGS_DIR}" "${DOCUMENTSERVER_LOGS_DIR}"; do
+ echo $LINE_SEPARATOR && echo "${COLOR_YELLOW}Check logs for $(basename "${LOGS_DIR}"| tr '[:lower:]' '[:upper:]') ${COLOR_RESET}" && echo $LINE_SEPARATOR
+
+ find "${LOGS_DIR}" -type f -name "*.log" ! -name "*sql*" ! -name "*nginx*" | while read -r FILE; do
+ echo $LINE_SEPARATOR && echo "${COLOR_GREEN}Logs from file: ${FILE}${COLOR_RESET}" && echo $LINE_SEPARATOR
+ tail -30 "${FILE}" || true
+ done
done
}
-function healthcheck_docker_installation() {
- exit 0
-}
-
-
main() {
common::get_colors
prepare_vm