From d9f308fdcf2d6236d3663c8f309ff17e68140826 Mon Sep 17 00:00:00 2001 From: Iskandar Kurbonov <116521281+IskandarKurbonov@users.noreply.github.com> Date: Mon, 25 Mar 2024 15:19:13 +0500 Subject: [PATCH 01/55] Fix the timeout error (#179) --- .github/workflows/ci-oci-install.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-oci-install.yml b/.github/workflows/ci-oci-install.yml index 32750d4e4c..db7f1f0ac6 100644 --- a/.github/workflows/ci-oci-install.yml +++ b/.github/workflows/ci-oci-install.yml @@ -91,7 +91,7 @@ jobs: uses: nick-fields/retry@v3 with: max_attempts: 2 - timeout_minutes: 40 + timeout_minutes: 80 retry_on: error command: | set -eux @@ -115,7 +115,7 @@ jobs: uses: nick-fields/retry@v3 with: max_attempts: 2 - timeout_minutes: 40 + timeout_minutes: 80 retry_on: error command: | set -eux From 37cd9e6f1cf5b43b37ee4a6936bff038a7d07ad0 Mon Sep 17 00:00:00 2001 From: diana-vahomskaya Date: Wed, 17 Apr 2024 11:56:02 +0300 Subject: [PATCH 02/55] fix nlog for tests --- config/nlog.config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/nlog.config b/config/nlog.config index 4c87bbc44c..662ca7efe2 100644 --- a/config/nlog.config +++ b/config/nlog.config @@ -13,10 +13,10 @@ - + - + From 5570c5d52dfd299cee1e33b648759971673023dd Mon Sep 17 00:00:00 2001 From: Nikolay Rechkin Date: Tue, 23 Apr 2024 15:36:00 +0300 Subject: [PATCH 03/55] FormRoom: added pdf to coauthor-docs --- config/appsettings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/appsettings.json b/config/appsettings.json index ca10545471..35a925ce70 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -71,7 +71,7 @@ "files": { "thirdparty": { "enable": ["box", "dropboxv2", "docusign", "google", "onedrive", "nextcloud", "owncloud", "webdav", "kdrive" ] }, "docservice": { - "coauthor-docs": [ ".csv", ".docm", ".docx", ".docxf", ".dotm", ".dotx", ".oform", ".potm", ".potx", ".ppsm", ".pptm", ".ppsx", ".pptx", ".txt", ".xlsm", ".xlsx", ".xltm", ".xltx" ], + "coauthor-docs": [ ".csv", ".docm", ".docx", ".docxf", ".dotm", ".dotx", ".oform", ".pdf", ".potm", ".potx", ".ppsm", ".pptm", ".ppsx", ".pptx", ".txt", ".xlsm", ".xlsx", ".xltm", ".xltx" ], "commented-docs": [ ".docm", ".docx", ".docxf", ".dotm", ".dotx", ".potm", ".potx", ".ppsm", ".pptm", ".ppsx", ".pptx", ".xlsm", ".xlsx", ".xltm", ".xltx" ], "convert-docs": [ ".doc", ".dot", ".dps", ".dpt", ".epub", ".et", ".ett", ".fb2", ".fodp", ".fods", ".fodt", ".htm", ".html", ".mht", ".mhtml", ".odp", ".ods", ".odt", ".otp", ".ots", ".ott", ".pot", ".pps", ".ppt", ".rtf", ".stw", ".sxc", ".sxi", ".sxw", ".wps", ".wpt", ".xls", ".xlsb", ".xlt", ".xml" ], "edited-docs": [ ".csv", ".doc", ".docm", ".docx", ".docxf", ".dot", ".dotm", ".dotx", ".dps", ".dpt", ".epub", ".et", ".ett", ".fb2", ".fodp", ".fods", ".fodt", ".htm", ".html", ".mht", ".mhtml", ".odp", ".ods", ".odt", ".oform", ".otp", ".ots", ".ott", ".pdf", ".pot", ".potm", ".potx", ".pps", ".ppsm", ".ppsx", ".ppt", ".pptm", ".pptx", ".rtf", ".stw", ".sxc", ".sxi", ".sxw", ".txt", ".wps", ".wpt", ".xls", ".xlsb", ".xlsm", ".xlsx", ".xlt", ".xltm", ".xltx", ".xml" ], From ae896c9d9ceb0bf60ffcfddb0f14294c4a3a8f56 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Sat, 27 Apr 2024 11:42:21 +0400 Subject: [PATCH 04/55] Config: Removed other thumbnail sizes except 1280x720 --- config/appsettings.json | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/config/appsettings.json b/config/appsettings.json index 35a925ce70..0fb194dac9 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -218,18 +218,7 @@ }, "thumbnail": { "maxDegreeOfParallelism": 1, - "sizes": [ - { "height": 156, "width": 216 }, - { "height": 156, "width": 240 }, - { "height": 156, "width": 264 }, - { "height": 156, "width": 288 }, - { "height": 156, "width": 312 }, - { "height": 156, "width": 336 }, - { "height": 156, "width": 360 }, - { "height": 156, "width": 400 }, - { "height": 156, "width": 440 }, - { "height": 720, "width": 1280, "resizeMode": "Max" } - ] + "sizes": [{ "height": 720, "width": 1280, "resizeMode": "Max" }] }, "csp": { "default": { From b709f41fa048071687a0cd7addf8b9b45dad4052 Mon Sep 17 00:00:00 2001 From: Timofey Boyko Date: Sat, 27 Apr 2024 12:32:13 +0300 Subject: [PATCH 05/55] Nginx: fix config for login --- config/nginx/onlyoffice.conf | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index 2a579f7f19..75dd217093 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -46,7 +46,7 @@ map $request_uri $cache_control { default "no-cache, no-store, no-transform"; ~*\/(filehandler\.ashx\?action=(thumb|preview))|\/(storage\/room_logos\/root\/.*\?hash.*|storage\/userPhotos\/root\/.*\?hash.*|storage\/whitelabel\/root\/.*\?hash.*|storage\/static_partnerdata\/root\/.*\?hash.*) "must-revalidate, no-transform, immutable, max-age=31536000"; ~*\/(api\/2\.0.*|storage|login\.ashx|filehandler\.ashx|ChunkedUploader.ashx|ThirdPartyAppHandler|apisystem|sh|remoteEntry\.js|debuginfo\.md|static\/scripts\/api\.js|static\/scripts\/sdk\/.*|static\/scripts\/api\.poly\.js) "no-cache, no-store, no-transform"; - ~*\/(static\/images\/.*)|\.(js|woff|woff2|css)|(locales.*\.json) "must-revalidate, no-transform, immutable, max-age=31536000"; + ~*\/(static\/images\/.*)|\/(_next\/public\/images\/.*)|\.(js|woff|woff2|css)|(locales.*\.json) "must-revalidate, no-transform, immutable, max-age=31536000"; } map $request_uri $content_security_policy { @@ -229,17 +229,9 @@ server { proxy_pass http://127.0.0.1:5011; proxy_redirect off; - location ~* /static/favicon.ico { - try_files /$basename /index.html =404; - } - - location ~* /static/images/(.*)$ { + location ~* /_next/public/images/(.*)$ { try_files /images/$1 /index.html =404; } - - location ~* /static/css/ { - try_files /css/$basename /index.html =404; - } } location /management { From 17151eabc8bfec7745a76fb501a2c0a279379e13 Mon Sep 17 00:00:00 2001 From: Andrey Savihin Date: Thu, 2 May 2024 11:32:29 +0300 Subject: [PATCH 06/55] fix Bug 67768 --- config/storage.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/storage.json b/config/storage.json index 8577be2e2e..59c4c5042c 100644 --- a/config/storage.json +++ b/config/storage.json @@ -87,7 +87,8 @@ "type": "disc", "path": "$STORAGE_ROOT\\Studio\\{0}\\CoBranding", "virtualpath": "~/studio/{0}/cobranding", - "public": true + "public": true, + "contentAsAttachment": true }, { "name": "static_partnerdata", From 21d82d66e489e2ea27a14bf89f86032feb2d086e Mon Sep 17 00:00:00 2001 From: Alexey Bannov Date: Thu, 2 May 2024 12:50:43 +0300 Subject: [PATCH 07/55] config: change resize mode from max to manual for thumbnail generation --- config/appsettings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/appsettings.json b/config/appsettings.json index 0fb194dac9..fa888df64d 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -218,7 +218,7 @@ }, "thumbnail": { "maxDegreeOfParallelism": 1, - "sizes": [{ "height": 720, "width": 1280, "resizeMode": "Max" }] + "sizes": [{ "height": 720, "width": 1280, "resizeMode": "Manual" }] }, "csp": { "default": { From a7abb2d726ce5bfdc6c33001aaf5a0260bd49152 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Thu, 2 May 2024 18:11:58 +0400 Subject: [PATCH 08/55] Config: thumbnails: Added 4k --- config/appsettings.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/appsettings.json b/config/appsettings.json index fa888df64d..43327cd925 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -218,7 +218,10 @@ }, "thumbnail": { "maxDegreeOfParallelism": 1, - "sizes": [{ "height": 720, "width": 1280, "resizeMode": "Manual" }] + "sizes": [ + { "height": 720, "width": 1280, "resizeMode": "Manual" }, + { "height": 2160, "width": 3840, "resizeMode": "Manual" } + ] }, "csp": { "default": { From feb177ba2b879dffd9a459e2cf991baeb6ad7565 Mon Sep 17 00:00:00 2001 From: Sergey Kirichenko Date: Mon, 6 May 2024 10:33:49 +0300 Subject: [PATCH 09/55] Modify healthcheck links for login, doceditor --- install/docker/docspace.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/docker/docspace.yml b/install/docker/docspace.yml index e9b4f8533a..859b16dbbf 100644 --- a/install/docker/docspace.yml +++ b/install/docker/docspace.yml @@ -161,7 +161,7 @@ services: - "5013" healthcheck: <<: *x-healthcheck - test: curl --fail http://${SERVICE_DOCEDITOR}/health || exit 1 + test: curl --fail http://${SERVICE_DOCEDITOR}/doceditor/health || exit 1 onlyoffice-login: <<: *x-service-base @@ -171,7 +171,7 @@ services: - "5011" healthcheck: <<: *x-healthcheck - test: curl --fail http://${SERVICE_LOGIN}/health || exit 1 + test: curl --fail http://${SERVICE_LOGIN}/login/health || exit 1 onlyoffice-router: image: "${REPO}/${DOCKER_IMAGE_PREFIX}-router:${DOCKER_TAG}" From f1c8bcec80261d3ea7b2d49122b7a0ca6dae8f3b Mon Sep 17 00:00:00 2001 From: Nikolay Rechkin Date: Tue, 7 May 2024 10:38:34 +0300 Subject: [PATCH 10/55] FormRoom: oform -> pdf --- config/appsettings.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/appsettings.json b/config/appsettings.json index 43327cd925..267f39d9e5 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -104,11 +104,11 @@ "oform": { "domain": "https://cmsoforms.teamlab.info", "path": "/api/oforms/", - "ext": ".oform", + "ext": ".pdf", "upload": { "domain": "https://oforms.teamlab.info", "path": "/api/upload", - "ext": ".docxf", + "ext": ".pdf", "dashboard": "/dashboard/api" } } @@ -221,7 +221,7 @@ "sizes": [ { "height": 720, "width": 1280, "resizeMode": "Manual" }, { "height": 2160, "width": 3840, "resizeMode": "Manual" } - ] + ] }, "csp": { "default": { From fb3b14522f8977b509983cf5cb175b42ce288bec Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Wed, 22 May 2024 19:17:25 +0400 Subject: [PATCH 11/55] NGINX: Added redirect to /login if no auth key --- config/nginx/onlyoffice.conf | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index 75dd217093..b23afa685d 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -102,7 +102,18 @@ server { set $csp ""; access_by_lua ' local accept_header = ngx.req.get_headers()["Accept"] - if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath") then + if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then + + if not ngx.re.match(ngx.var.request_uri, "login|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*") then + if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then + if ngx.var.request_uri == "/" then + return ngx.redirect("/login") + else + return ngx.redirect("/login?referenceUrl=" .. ngx.var.request_uri) + end + end + end + local key = string.format("csp:%s",ngx.var.host) local redis = require "resty.redis" local red = redis:new() From 5014429c2b43adfc7d098b61bb9ada498acf807f Mon Sep 17 00:00:00 2001 From: Elbakyan Shirak Date: Thu, 23 May 2024 18:12:24 +0400 Subject: [PATCH 12/55] Check if firewalld service is running (#247) --- install/common/product-configuration | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/install/common/product-configuration b/install/common/product-configuration index e29335d981..bdc567e23b 100644 --- a/install/common/product-configuration +++ b/install/common/product-configuration @@ -548,10 +548,12 @@ setup_openresty(){ done fi - if rpm -q "firewalld"; then - firewall-cmd --permanent --zone=public --add-service=http - firewall-cmd --permanent --zone=public --add-service=https - systemctl restart firewalld.service + if $PACKAGE_MANAGER firewalld >/dev/null 2>&1; then + if [ $(systemctl is-active firewalld.service) == active ]; then + firewall-cmd --permanent --zone=public --add-service=http + firewall-cmd --permanent --zone=public --add-service=https + systemctl restart firewalld.service + fi fi elif [ "$DIST" = "Debian" ]; then if ! id "nginx" &>/dev/null; then From 84ef92a4eedc51631c9b15fa16057d9040573fae Mon Sep 17 00:00:00 2001 From: Elbakyan Shirak Date: Fri, 24 May 2024 17:04:02 +0400 Subject: [PATCH 13/55] Add openssl dependency for packages (#249) --- install/deb/debian/control | 2 +- install/rpm/SPECS/product.spec | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/install/deb/debian/control b/install/deb/debian/control index 9412cbd08f..fd17bc8dfe 100644 --- a/install/deb/debian/control +++ b/install/deb/debian/control @@ -11,7 +11,7 @@ Multi-Arch: foreign Package: {{product}} Architecture: all Multi-Arch: foreign -Depends: debconf, +Depends: debconf, openssl, ${misc:Depends}, ${shlibs:Depends}, {{product}}-api (= {{package_header_tag_version}}), {{product}}-api-system (= {{package_header_tag_version}}), diff --git a/install/rpm/SPECS/product.spec b/install/rpm/SPECS/product.spec index 4aa9df9357..3eabd5f142 100644 --- a/install/rpm/SPECS/product.spec +++ b/install/rpm/SPECS/product.spec @@ -53,6 +53,7 @@ Requires: %name-socket = %version-%release Requires: %name-ssoauth = %version-%release Requires: %name-studio = %version-%release Requires: %name-studio-notify = %version-%release +Requires: openssl %description ONLYOFFICE DocSpace is a new way to collaborate on documents with teams, From d41b7c1e03d9d17d114d06ea0f7fd40612200c95 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Thu, 30 May 2024 12:35:36 +0300 Subject: [PATCH 14/55] Add http/3 support to docker (#235) --- install/deb/debian/rules | 2 +- install/docker/config/nginx/onlyoffice-proxy-ssl.conf | 9 ++++++++- install/docker/proxy-ssl.yml | 3 ++- install/rpm/SPECS/build.spec | 2 +- install/win/build-batch.bat | 1 + 5 files changed, 13 insertions(+), 4 deletions(-) diff --git a/install/deb/debian/rules b/install/deb/debian/rules index 07d8104bc7..573b14207f 100644 --- a/install/deb/debian/rules +++ b/install/deb/debian/rules @@ -79,7 +79,7 @@ override_dh_auto_build: check_archives sed -E 's_(http://)[^:]+(:5601)_\1localhost\2_g' -i ${BUILDTOOLS_PATH}/config/nginx/onlyoffice.conf sed 's/teamlab.info/onlyoffice.com/g' -i ${BUILDTOOLS_PATH}/config/autofac.consumers.json json -I -f ${CLENT_PATH}/public/scripts/config.json -e "this.wrongPortalNameUrl=\"\"" - sed -e 's/$$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy*.conf + sed -e 's/$$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy*.conf sed "s_\(.*root\).*;_\1 \"/var/www/${PRODUCT}\";_g" -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/letsencrypt.conf sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/templates/nginx.conf.template mv -f ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy-ssl.conf ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy-ssl.conf.template diff --git a/install/docker/config/nginx/onlyoffice-proxy-ssl.conf b/install/docker/config/nginx/onlyoffice-proxy-ssl.conf index 3cf3dce2a5..5235323474 100644 --- a/install/docker/config/nginx/onlyoffice-proxy-ssl.conf +++ b/install/docker/config/nginx/onlyoffice-proxy-ssl.conf @@ -32,8 +32,14 @@ server { ## HTTPS host server { + # Enable HTTP/2 listen 0.0.0.0:443 ssl; listen [::]:443 ssl default_server; + + # Enable QUIC and HTTP/3. + listen 0.0.0.0:443 quic reuseport; + listen [::]:443 quic reuseport; + root /usr/share/nginx/html; client_max_body_size 4G; @@ -48,7 +54,7 @@ server { ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - ssl_protocols TLSv1.2; + ssl_protocols TLSv1.3; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_prefer_server_ciphers on; @@ -56,6 +62,7 @@ server { add_header Strict-Transport-Security max-age=31536000; # add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; + add_header alt-svc 'h3=":443"; ma=86400'; ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. ## Replace with your ssl_trusted_certificate. For more info see: diff --git a/install/docker/proxy-ssl.yml b/install/docker/proxy-ssl.yml index c06212bb7d..dc8288c8f1 100644 --- a/install/docker/proxy-ssl.yml +++ b/install/docker/proxy-ssl.yml @@ -16,7 +16,8 @@ services: test: nginx -t || exit 1 ports: - 80:80 - - 443:443 + - 443:443/tcp + - 443:443/udp environment: - ROUTER_HOST=${ROUTER_HOST} - EXTERNAL_PORT=${EXTERNAL_PORT} diff --git a/install/rpm/SPECS/build.spec b/install/rpm/SPECS/build.spec index 08012cb81a..d460bf218b 100644 --- a/install/rpm/SPECS/build.spec +++ b/install/rpm/SPECS/build.spec @@ -27,7 +27,7 @@ sed 's/teamlab.info/onlyoffice.com/g' -i config/autofac.consumers.json sed -e 's_etc/nginx_etc/openresty_g' -e 's/listen\s\+\([0-9]\+\);/listen 127.0.0.1:\1;/g' -i config/nginx/*.conf sed -i "s#\$public_root#/var/www/%{product}/public/#g" config/nginx/onlyoffice.conf sed -E 's_(http://)[^:]+(:5601)_\1localhost\2_g' -i config/nginx/onlyoffice.conf -sed -e 's/$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -i install/docker/config/nginx/onlyoffice-proxy*.conf +sed -e 's/$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i install/docker/config/nginx/onlyoffice-proxy*.conf sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i install/docker/config/nginx/templates/nginx.conf.template sed -i "s_\(.*root\).*;_\1 \"/var/www/%{product}\";_g" -i install/docker/config/nginx/letsencrypt.conf sed -i '/^\s*Name\s\+forward\s*$/d; /^\s*Listen\s\+127\.0\.0\.1\s*$/d; /^\s*Port\s\+24224\s*$/d' -i install/docker/config/fluent-bit.conf diff --git a/install/win/build-batch.bat b/install/win/build-batch.bat index 9f394a503b..51007e78ea 100644 --- a/install/win/build-batch.bat +++ b/install/win/build-batch.bat @@ -59,6 +59,7 @@ REM echo ######## SSL configs ######## %sed% -i "s/proxy_x_forwarded_port/server_port/g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl %sed% -i "s/proxy_x_forwarded_proto/scheme/g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl %sed% -i "s/ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/#ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl +%sed% -i "/quic\|alt-svc/Id" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl %sed% -i "s_\(.*root\).*;_\1 \"{APPDIR}letsencrypt\";_g" -i buildtools\install\win\Files\nginx\conf\includes\letsencrypt.conf %sed% -i "s#/etc/nginx/html#conf/html#g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf %sed% -i "s/\/etc\/nginx\/\.htpasswd_dashboards/\.htpasswd_dashboards/g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf From 1e4d844f69be07f6bd1362a02b159044b76de7fa Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Thu, 30 May 2024 12:37:54 +0300 Subject: [PATCH 15/55] Remove logrotate usage in packages (#241) --- install/common/logrotate/product-common | 16 ---------------- install/deb/debian/control | 2 +- install/deb/debian/product-common.install | 1 - install/rpm/SPECS/files.spec | 1 - install/rpm/SPECS/install.spec | 2 -- install/rpm/SPECS/package.spec | 1 - 6 files changed, 1 insertion(+), 22 deletions(-) delete mode 100644 install/common/logrotate/product-common diff --git a/install/common/logrotate/product-common b/install/common/logrotate/product-common deleted file mode 100644 index 66a81ce9ab..0000000000 --- a/install/common/logrotate/product-common +++ /dev/null @@ -1,16 +0,0 @@ -/var/log/onlyoffice/docspace/*.log { - daily - missingok - rotate 30 - compress - dateext - delaycompress - notifempty - nocreate - sharedscripts - postrotate - if pgrep -x ""systemd"" >/dev/null; then - systemctl restart docspace* > /dev/null - fi - endscript -} diff --git a/install/deb/debian/control b/install/deb/debian/control index fd17bc8dfe..18e9b1fcd8 100644 --- a/install/deb/debian/control +++ b/install/deb/debian/control @@ -40,7 +40,7 @@ Description: {{product}} Package: {{product}}-common Architecture: all Multi-Arch: foreign -Depends: adduser, logrotate, ${misc:Depends}, ${shlibs:Depends} +Depends: adduser, ${misc:Depends}, ${shlibs:Depends} Recommends: default-mysql-client Description: {{product}}-common A package containing configs and scripts diff --git a/install/deb/debian/product-common.install b/install/deb/debian/product-common.install index 2f3a5de1c7..60aaa49f2e 100644 --- a/install/deb/debian/product-common.install +++ b/install/deb/debian/product-common.install @@ -1,5 +1,4 @@ debian/build/buildtools/config/*.json etc/onlyoffice/{{product}} debian/build/buildtools/config/*.config etc/onlyoffice/{{product}} debian/build/buildtools/install/common/{{product}}-configuration usr/bin -debian/build/buildtools/install/common/logrotate/{{product}}-common etc/logrotate.d debian/build/buildtools/install/docker/config/fluent-bit.conf etc/onlyoffice/{{product}} diff --git a/install/rpm/SPECS/files.spec b/install/rpm/SPECS/files.spec index aa8073a1ad..70b30262e3 100644 --- a/install/rpm/SPECS/files.spec +++ b/install/rpm/SPECS/files.spec @@ -34,7 +34,6 @@ %exclude %{_sysconfdir}/onlyoffice/%{product}/openresty %exclude %{_sysconfdir}/onlyoffice/%{product}/nginx %{_docdir}/%{name}-%{version}-%{release}/ -%config %{_sysconfdir}/logrotate.d/%{product}-common %{_var}/log/onlyoffice/%{product}/ %dir %{_sysconfdir}/onlyoffice/ %dir %{_sysconfdir}/onlyoffice/%{product}/ diff --git a/install/rpm/SPECS/install.spec b/install/rpm/SPECS/install.spec index e9a53680b1..6769649dcf 100644 --- a/install/rpm/SPECS/install.spec +++ b/install/rpm/SPECS/install.spec @@ -34,7 +34,6 @@ mkdir -p "%{buildroot}%{_sysconfdir}/openresty/conf.d/" mkdir -p "%{buildroot}%{_sysconfdir}/openresty/html/" mkdir -p "%{buildroot}%{_sysconfdir}/onlyoffice/%{product}/openresty" mkdir -p "%{buildroot}%{_sysconfdir}/onlyoffice/%{product}/.private/" -mkdir -p "%{buildroot}%{_sysconfdir}/logrotate.d" mkdir -p "%{buildroot}%{_sysconfdir}/fluent-bit/" mkdir -p "%{buildroot}%{_docdir}/%{name}-%{version}-%{release}/" mkdir -p "%{buildroot}%{_bindir}/" @@ -69,7 +68,6 @@ cp -rf %{_builddir}/buildtools/install/docker/config/nginx/onlyoffice-proxy.conf cp -rf %{_builddir}/buildtools/install/docker/config/nginx/onlyoffice-proxy-ssl.conf "%{buildroot}%{_sysconfdir}/openresty/conf.d/onlyoffice-proxy-ssl.conf.template" cp -rf %{_builddir}/buildtools/install/docker/config/nginx/letsencrypt.conf "%{buildroot}%{_sysconfdir}/openresty/includes/letsencrypt.conf" cp -rf %{_builddir}/buildtools/install/common/systemd/modules/* "%{buildroot}/usr/lib/systemd/system/" -cp -rf %{_builddir}/buildtools/install/common/logrotate/product-common "%{buildroot}%{_sysconfdir}/logrotate.d/%{product}-common" cp -rf %{_builddir}/buildtools/install/common/%{product}-ssl-setup "%{buildroot}%{_bindir}/%{product}-ssl-setup" cp -rf %{_builddir}/buildtools/install/common/%{product}-configuration "%{buildroot}%{_bindir}/%{product}-configuration" cp -rf %{_builddir}/buildtools/config/nginx/onlyoffice*.conf "%{buildroot}%{_sysconfdir}/openresty/conf.d/" diff --git a/install/rpm/SPECS/package.spec b/install/rpm/SPECS/package.spec index ed8879e870..767e1eae74 100644 --- a/install/rpm/SPECS/package.spec +++ b/install/rpm/SPECS/package.spec @@ -13,7 +13,6 @@ The service which handles API requests related to backup Packager: %{packager} Summary: Common Group: Applications/Internet -Requires: logrotate BuildArch: noarch %description common A package containing configure and scripts From 124c6be56e11a06ea281ec98b161fdd940a30d2a Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Thu, 30 May 2024 12:42:38 +0300 Subject: [PATCH 16/55] Fix the dotnet auto-update issue (#248) --- install/OneClickInstall/install-Debian/install-app.sh | 2 -- install/OneClickInstall/install-Debian/install-preq.sh | 6 +++++- install/OneClickInstall/install-Debian/tools.sh | 3 +-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/install/OneClickInstall/install-Debian/install-app.sh b/install/OneClickInstall/install-Debian/install-app.sh index c8705b76d2..9427847a31 100644 --- a/install/OneClickInstall/install-Debian/install-app.sh +++ b/install/OneClickInstall/install-Debian/install-app.sh @@ -85,8 +85,6 @@ elif [ "$UPDATE" = "true" ] && [ "$PRODUCT_INSTALLED" = "true" ]; then fi fi -hold_package_version dotnet-host opensearch redis-server rabbitmq-server opensearch-dashboards fluent-bit - if [ "$MAKESWAP" == "true" ]; then make_swap fi diff --git a/install/OneClickInstall/install-Debian/install-preq.sh b/install/OneClickInstall/install-Debian/install-preq.sh index 2d6c24dba7..52285682fb 100644 --- a/install/OneClickInstall/install-Debian/install-preq.sh +++ b/install/OneClickInstall/install-Debian/install-preq.sh @@ -48,10 +48,12 @@ NODE_VERSION="18" curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - #add dotnet repo -if [[ "$DISTRIB_CODENAME" != noble ]]; then +if [ "$DIST" = "debian" ] || [ "$DISTRIB_CODENAME" = "focal" ]; then curl https://packages.microsoft.com/config/$DIST/$REV/packages-microsoft-prod.deb -O echo -e "Package: *\nPin: origin \"packages.microsoft.com\"\nPin-Priority: 1002" | tee /etc/apt/preferences.d/99microsoft-prod.pref dpkg -i packages-microsoft-prod.deb && rm packages-microsoft-prod.deb +elif dpkg -l | grep -q packages-microsoft-prod; then + apt-get purge -y packages-microsoft-prod fi MYSQL_REPO_VERSION="$(curl https://repo.mysql.com | grep -oP 'mysql-apt-config_\K.*' | grep -o '^[^_]*' | sort --version-sort --field-separator=. | tail -n1)" @@ -142,3 +144,5 @@ if which apparmor_parser && [ ! -f /etc/apparmor.d/disable/usr.sbin.mysqld ] && ln -sf /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/; apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld; fi + +hold_package_version "dotnet-*" "aspnetcore-*" opensearch redis-server rabbitmq-server opensearch-dashboards fluent-bit diff --git a/install/OneClickInstall/install-Debian/tools.sh b/install/OneClickInstall/install-Debian/tools.sh index aa582112ce..f96431e9a5 100644 --- a/install/OneClickInstall/install-Debian/tools.sh +++ b/install/OneClickInstall/install-Debian/tools.sh @@ -28,8 +28,7 @@ command_exists () { hold_package_version() { for package in "$@"; do if command -v apt-mark >/dev/null 2>&1 && - dpkg -s "$package" >/dev/null 2>&1 && - ! apt-mark showhold | grep -q "$package" >/dev/null 2>&1 + dpkg-query -l "$package" >/dev/null 2>&1 then apt-mark hold "$package" fi From 86dbea14fd92d1a4ecd54834428f4b2df73fd5a0 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Thu, 30 May 2024 17:30:24 +0300 Subject: [PATCH 17/55] Modify running fluent-bit through docker and reading log files (#234) --- install/OneClickInstall/install-Docker.sh | 57 ++++++++----------- install/deb/debian/rules | 8 ++- install/docker/.env | 2 + install/docker/config/docspace-logs | 33 ----------- install/docker/config/fluent-bit.conf | 17 +++--- .../config/nginx/onlyoffice-proxy-ssl.conf | 3 + .../docker/config/nginx/onlyoffice-proxy.conf | 3 + install/docker/docker-entrypoint.py | 1 + install/docker/docspace.yml | 5 +- install/docker/ds.yml | 2 + install/docker/fluent.yml | 19 +++++++ install/docker/notify.yml | 2 + install/docker/proxy-ssl.yml | 4 +- install/docker/proxy.yml | 4 +- install/rpm/SPECS/build.spec | 8 ++- install/win/build-batch.bat | 10 ++-- 16 files changed, 90 insertions(+), 88 deletions(-) delete mode 100644 install/docker/config/docspace-logs create mode 100644 install/docker/fluent.yml diff --git a/install/OneClickInstall/install-Docker.sh b/install/OneClickInstall/install-Docker.sh index 799ae7ef72..191442e804 100644 --- a/install/OneClickInstall/install-Docker.sh +++ b/install/OneClickInstall/install-Docker.sh @@ -1324,41 +1324,32 @@ install_elasticsearch () { install_fluent_bit () { if [ "$INSTALL_FLUENT_BIT" == "true" ]; then - curl https://raw.githubusercontent.com/fluent/fluent-bit/master/install.sh | sh - systemctl enable fluent-bit - - if systemctl list-unit-files --type=service | grep -q "fluent-bit.service"; then - sed -i "s/OPENSEARCH_SCHEME/$(get_env_parameter "ELK_SHEME")/g" "${BASE_DIR}/config/fluent-bit.conf" - sed -i "s/OPENSEARCH_HOST/${ELK_HOST:-127.0.0.1}/g" "${BASE_DIR}/config/fluent-bit.conf" - sed -i "s/OPENSEARCH_PORT/$(get_env_parameter "ELK_PORT")/g" ${BASE_DIR}/config/fluent-bit.conf - sed -i "s/OPENSEARCH_INDEX/${OPENSEARCH_INDEX:-"${PACKAGE_SYSNAME}-fluent-bit"}/g" ${BASE_DIR}/config/fluent-bit.conf - [ ! -z "${ELK_HOST}" ] && sed -i "s/ELK_CONTAINER_NAME/ELK_HOST/g" ${BASE_DIR}/dashboards.yml - cp -rf ${BASE_DIR}/config/fluent-bit.conf /etc/fluent-bit/fluent-bit.conf - systemctl restart fluent-bit - - DOCKER_SYSTEMD_DIR="/etc/systemd/system/docker.service.d" - if [ ! -f "${DOCKER_SYSTEMD_DIR}/fluent-after.conf" ]; then - mkdir -p ${DOCKER_SYSTEMD_DIR} - echo -e "[Unit]\n$(grep After= $(systemctl show -p FragmentPath docker.service | awk -F= '{print $2}')) fluent-bit.service" > "${DOCKER_SYSTEMD_DIR}/fluent-after.conf" - systemctl daemon-reload + if ! command_exists crontab; then + if command_exists apt-get; then + install_service crontab cron + elif command_exists yum; then + install_service crontab cronie fi - - DOCKER_DAEMON_FILE="/etc/docker/daemon.json" - if [[ ! -f "${DOCKER_DAEMON_FILE}" ]]; then - echo "{\"log-driver\": \"fluentd\", \"log-opts\": { \"fluentd-address\": \"127.0.0.1:24224\" }}" > "${DOCKER_DAEMON_FILE}" - systemctl restart docker - elif ! grep -q "log-driver" ${DOCKER_DAEMON_FILE}; then - sed -i 's!{!& "log-driver": "fluentd", "log-opts": { "fluentd-address": "127.0.0.1:24224" },!' "${DOCKER_DAEMON_FILE}" - systemctl restart docker - fi - - reconfigure DASHBOARDS_USERNAME "${DASHBOARDS_USERNAME:-"onlyoffice"}" - reconfigure DASHBOARDS_PASSWORD "${DASHBOARDS_PASSWORD:-$(get_random_str 20)}" - - docker-compose -f ${BASE_DIR}/dashboards.yml up -d - else - echo "The installation of the fluent-bit service was unsuccessful." fi + + [ ! -z "$ELK_HOST" ] && sed -i "s/ELK_CONTAINER_NAME/ELK_HOST/g" $BASE_DIR/fluent.yml ${BASE_DIR}/dashboards.yml + + OPENSEARCH_INDEX="${OPENSEARCH_INDEX:-"${PACKAGE_SYSNAME}-fluent-bit"}" + if crontab -l | grep -q "${OPENSEARCH_INDEX}"; then + crontab < <(crontab -l | grep -v "${OPENSEARCH_INDEX}") + fi + (crontab -l 2>/dev/null; echo "0 0 */1 * * curl -s -X POST "$(get_env_parameter 'ELK_SHEME')"://${ELK_HOST:-127.0.0.1}:$(get_env_parameter 'ELK_PORT')/${OPENSEARCH_INDEX}/_delete_by_query -H 'Content-Type: application/json' -d '{\"query\": {\"range\": {\"@timestamp\": {\"lt\": \"now-30d\"}}}}'") | crontab - + + sed -i "s/OPENSEARCH_HOST/${ELK_HOST:-"${PACKAGE_SYSNAME}-opensearch"}/g" "${BASE_DIR}/config/fluent-bit.conf" + sed -i "s/OPENSEARCH_PORT/$(get_env_parameter "ELK_PORT")/g" ${BASE_DIR}/config/fluent-bit.conf + sed -i "s/OPENSEARCH_INDEX/${OPENSEARCH_INDEX}/g" ${BASE_DIR}/config/fluent-bit.conf + + reconfigure DASHBOARDS_USERNAME "${DASHBOARDS_USERNAME:-"${PACKAGE_SYSNAME}"}" + reconfigure DASHBOARDS_PASSWORD "${DASHBOARDS_PASSWORD:-$(get_random_str 20)}" + + docker-compose -f ${BASE_DIR}/fluent.yml -f ${BASE_DIR}/dashboards.yml up -d + elif [ "$INSTALL_FLUENT_BIT" == "pull" ]; then + docker-compose -f ${BASE_DIR}/fluent.yml -f ${BASE_DIR}/dashboards.yml pull fi } diff --git a/install/deb/debian/rules b/install/deb/debian/rules index 573b14207f..94d8165ee9 100644 --- a/install/deb/debian/rules +++ b/install/deb/debian/rules @@ -84,8 +84,12 @@ override_dh_auto_build: check_archives sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/templates/nginx.conf.template mv -f ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy-ssl.conf ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy-ssl.conf.template cp -rf ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy.conf ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy.conf.template - sed -i '/^\s*Name\s\+forward\s*/d; /^\s*Listen\s\+127\.0\.0\.1\s*/d; /^\s*Port\s\+24224\s*/d' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf - sed -i '0,/\[INPUT\]/ s/\(\[INPUT\]\)/\1\n Name tail\n Path \/var\/log\/onlyoffice\/${PRODUCT}\/*.log\n Path_Key filename/' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf + sed -i "s#\(/var/log/onlyoffice/\)#\1${PRODUCT}/#" ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf + sed -i '/^\[OUTPUT\]/i\[INPUT]' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf + sed -i '/^\[OUTPUT\]/i\ Name exec' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf + sed -i '/^\[OUTPUT\]/i\ Interval_Sec 86400' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf + sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\'' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf + sed -i '/^\[OUTPUT\]/i\\' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf for i in ${PRODUCT} $$(ls ${CURDIR}/debian/*.install | grep -oP 'debian/\K.*' | grep -o '^[^.]*'); do \ cp ${CURDIR}/debian/source/lintian-overrides ${CURDIR}/debian/$$i.lintian-overrides; \ diff --git a/install/docker/.env b/install/docker/.env index a010cb2d35..6235394068 100644 --- a/install/docker/.env +++ b/install/docker/.env @@ -24,6 +24,8 @@ DASHBOARDS_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch-dashboards DASHBOARDS_USERNAME=onlyoffice DASHBOARDS_PASSWORD=onlyoffice + FLUENT_BIT_VERSION=3.0.2 + FLUENT_BIT_CONTAINER_NAME=${CONTAINER_PREFIX}fluent-bit # app service environment # ENV_EXTENSION=none diff --git a/install/docker/config/docspace-logs b/install/docker/config/docspace-logs deleted file mode 100644 index e8c34e7a3b..0000000000 --- a/install/docker/config/docspace-logs +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -set -e - -PRODUCT="docspace" -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -DOCKERCOMPOSE=$(dirname "$DIR") - -if [ -f "${DOCKERCOMPOSE}/docspace.yml" ]; then - : -elif [ -f "/app/onlyoffice/${PRODUCT}.yml" ]; then - DOCKERCOMPOSE="/app/onlyoffice" -else - echo "Error: yml files not found." && exit 1 -fi - -FILES=("${PRODUCT}" "notify" "healthchecks" "proxy" "ds" "rabbitmq" "redis" "opensearch" "dashboards" "db") - -LOG_DIR="${DOCKERCOMPOSE}/logs" -mkdir -p ${LOG_DIR} - -echo "Creating ${PRODUCT} logs to a directory ${LOG_DIR}..." -for FILE in "${FILES[@]}"; do - SERVICE_NAMES=($(docker-compose -f ${DOCKERCOMPOSE}/${FILE}.yml config --services)) - for SERVICE_NAME in "${SERVICE_NAMES[@]}"; do - if [[ $(docker-compose -f ${DOCKERCOMPOSE}/${FILE}.yml ps -q ${SERVICE_NAME} | wc -l) -eq 1 ]]; then - docker-compose -f ${DOCKERCOMPOSE}/${FILE}.yml logs ${SERVICE_NAME} > ${LOG_DIR}/${SERVICE_NAME}.log - else - echo "The ${SERVICE_NAME} service is not running" - fi - done -done -echo "OK" diff --git a/install/docker/config/fluent-bit.conf b/install/docker/config/fluent-bit.conf index 5e9b731523..acffc677b1 100644 --- a/install/docker/config/fluent-bit.conf +++ b/install/docker/config/fluent-bit.conf @@ -4,14 +4,14 @@ Daemon off [INPUT] - Name forward - Listen 127.0.0.1 - Port 24224 - -[INPUT] - Name exec - Interval_Sec 86400 - Command curl -s -X POST 'OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query' -H 'Content-Type: application/json' -d "{\"query\": {\"range\": {\"@timestamp\": {\"lt\": \"$(date -u -d '30 days ago' '+%Y-%m-%dT%H:%M:%S')\"}}}}" + Name tail + Path /var/log/onlyoffice/*.log, /var/log/onlyoffice/**/**/*.log + Exclude_Path /var/log/onlyoffice/*.sql.log + Path_Key filename + Mem_Buf_Limit 500MB + Refresh_Interval 60 + Ignore_Older 30d + Skip_Empty_Lines true [OUTPUT] Name opensearch @@ -20,6 +20,7 @@ Port OPENSEARCH_PORT Replace_Dots On Suppress_Type_Name On + Compress gzip Time_Key @timestamp Type _doc Index OPENSEARCH_INDEX diff --git a/install/docker/config/nginx/onlyoffice-proxy-ssl.conf b/install/docker/config/nginx/onlyoffice-proxy-ssl.conf index 5235323474..be3b136aa1 100644 --- a/install/docker/config/nginx/onlyoffice-proxy-ssl.conf +++ b/install/docker/config/nginx/onlyoffice-proxy-ssl.conf @@ -7,6 +7,9 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header 'Server'; proxy_hide_header 'X-Powered-By'; +access_log /var/log/nginx/access-proxy.log; +error_log /var/log/nginx/error-proxy.log; + ## HTTP host server { listen 0.0.0.0:80; diff --git a/install/docker/config/nginx/onlyoffice-proxy.conf b/install/docker/config/nginx/onlyoffice-proxy.conf index 1180039766..bfa3d940f0 100644 --- a/install/docker/config/nginx/onlyoffice-proxy.conf +++ b/install/docker/config/nginx/onlyoffice-proxy.conf @@ -7,6 +7,9 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_hide_header 'Server'; proxy_hide_header 'X-Powered-By'; +access_log /var/log/nginx/access-proxy.log; +error_log /var/log/nginx/error-proxy.log; + server { listen 0.0.0.0:80; listen [::]:80 default_server; diff --git a/install/docker/docker-entrypoint.py b/install/docker/docker-entrypoint.py index 9026586bdd..e1a3522623 100644 --- a/install/docker/docker-entrypoint.py +++ b/install/docker/docker-entrypoint.py @@ -200,6 +200,7 @@ writeJsonFile(filePath, jsonData) filePath = "/app/onlyoffice/config/appsettings.services.json" jsonData = openJsonFile(filePath) +updateJsonData(jsonData,"$.logPath", LOG_DIR) updateJsonData(jsonData,"$.logLevel", LOG_LEVEL) writeJsonFile(filePath, jsonData) diff --git a/install/docker/docspace.yml b/install/docker/docspace.yml index 859b16dbbf..1224e3227e 100644 --- a/install/docker/docspace.yml +++ b/install/docker/docspace.yml @@ -53,6 +53,7 @@ x-service: &x-service-base CERTIFICATE_PATH: ${CERTIFICATE_PATH} volumes: #- /app/onlyoffice/CommunityServer/data:/app/onlyoffice/data + - log_data:/var/log/onlyoffice - app_data:/app/onlyoffice/data - files_data:/var/www/products/ASC.Files/server/ - people_data:/var/www/products/ASC.People/server/ @@ -227,7 +228,7 @@ services: - DASHBOARDS_USERNAME=${DASHBOARDS_USERNAME} - DASHBOARDS_PASSWORD=${DASHBOARDS_PASSWORD} volumes: - - router_log:/var/log/nginx + - log_data:/var/log/nginx networks: default: @@ -235,7 +236,7 @@ networks: external: true volumes: - router_log: + log_data: app_data: files_data: people_data: diff --git a/install/docker/ds.yml b/install/docker/ds.yml index d5aab2d741..b64e3f6a3e 100644 --- a/install/docker/ds.yml +++ b/install/docker/ds.yml @@ -9,6 +9,7 @@ services: - JWT_HEADER=${DOCUMENT_SERVER_JWT_HEADER} - JWT_IN_BODY=true volumes: + - log_data:/var/log/onlyoffice - app_data:/var/www/onlyoffice/Data expose: - '80' @@ -22,4 +23,5 @@ networks: external: true volumes: + log_data: app_data: diff --git a/install/docker/fluent.yml b/install/docker/fluent.yml new file mode 100644 index 0000000000..6eada1fb3a --- /dev/null +++ b/install/docker/fluent.yml @@ -0,0 +1,19 @@ +services: + fluent-bit: + image: fluent/fluent-bit:${FLUENT_BIT_VERSION} + container_name: ${FLUENT_BIT_CONTAINER_NAME} + restart: always + environment: + - HOST=${ELK_CONTAINER_NAME} + - PORT=${ELK_PORT} + volumes: + - log_data:/var/log/onlyoffice + - ./config/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf + +networks: + default: + name: ${NETWORK_NAME} + external: true + +volumes: + log_data: diff --git a/install/docker/notify.yml b/install/docker/notify.yml index 6f21d6e4a1..870b617408 100644 --- a/install/docker/notify.yml +++ b/install/docker/notify.yml @@ -53,6 +53,7 @@ x-service: DEBUG_INFO: ${DEBUG_INFO} volumes: #- /app/onlyoffice/CommunityServer/data:/app/onlyoffice/data + - log_data:/var/log/onlyoffice - app_data:/app/onlyoffice/data - files_data:/var/www/products/ASC.Files/server/ - people_data:/var/www/products/ASC.People/server/ @@ -72,6 +73,7 @@ networks: external: true volumes: + log_data: app_data: files_data: people_data: diff --git a/install/docker/proxy-ssl.yml b/install/docker/proxy-ssl.yml index dc8288c8f1..50e8aa0405 100644 --- a/install/docker/proxy-ssl.yml +++ b/install/docker/proxy-ssl.yml @@ -23,7 +23,7 @@ services: - EXTERNAL_PORT=${EXTERNAL_PORT} volumes: - webroot_path:/letsencrypt - - proxy_log:/var/log/nginx + - log_data:/var/log/nginx - ./config/nginx/templates/nginx.conf.template:/etc/nginx/nginx.conf - ./config/nginx/letsencrypt.conf:/etc/nginx/includes/letsencrypt.conf - ./config/nginx/templates/proxy.upstream.conf.template:/etc/nginx/templates/proxy.upstream.conf.template:ro @@ -38,5 +38,5 @@ networks: external: true volumes: - proxy_log: + log_data: webroot_path: diff --git a/install/docker/proxy.yml b/install/docker/proxy.yml index d4f1255eef..6d149d5713 100644 --- a/install/docker/proxy.yml +++ b/install/docker/proxy.yml @@ -21,7 +21,7 @@ services: - EXTERNAL_PORT=${EXTERNAL_PORT} volumes: - webroot_path:/letsencrypt - - proxy_log:/var/log/nginx + - log_data:/var/log/nginx - ./config/nginx/templates/nginx.conf.template:/etc/nginx/nginx.conf - ./config/nginx/letsencrypt.conf:/etc/nginx/includes/letsencrypt.conf - ./config/nginx/templates/proxy.upstream.conf.template:/etc/nginx/templates/proxy.upstream.conf.template:ro @@ -33,5 +33,5 @@ networks: external: true volumes: - proxy_log: + log_data: webroot_path: diff --git a/install/rpm/SPECS/build.spec b/install/rpm/SPECS/build.spec index d460bf218b..664b4f3ef8 100644 --- a/install/rpm/SPECS/build.spec +++ b/install/rpm/SPECS/build.spec @@ -30,8 +30,12 @@ sed -E 's_(http://)[^:]+(:5601)_\1localhost\2_g' -i config/nginx/onlyoffice.conf sed -e 's/$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i install/docker/config/nginx/onlyoffice-proxy*.conf sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i install/docker/config/nginx/templates/nginx.conf.template sed -i "s_\(.*root\).*;_\1 \"/var/www/%{product}\";_g" -i install/docker/config/nginx/letsencrypt.conf -sed -i '/^\s*Name\s\+forward\s*$/d; /^\s*Listen\s\+127\.0\.0\.1\s*$/d; /^\s*Port\s\+24224\s*$/d' -i install/docker/config/fluent-bit.conf -sed -i "0,/\[INPUT\]/ s/\(\[INPUT\]\)/\1\n Name tail\n Path \/var\/log\/onlyoffice\/%{product}\/*.log\n Path_Key filename/" -i install/docker/config/fluent-bit.conf +sed -i "s#\(/var/log/onlyoffice/\)#\1%{product}#" install/docker/config/fluent-bit.conf +sed -i '/^\[OUTPUT\]/i\[INPUT]' install/docker/config/fluent-bit.conf +sed -i '/^\[OUTPUT\]/i\ Name exec' install/docker/config/fluent-bit.conf +sed -i '/^\[OUTPUT\]/i\ Interval_Sec 86400' install/docker/config/fluent-bit.conf +sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\'' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf +sed -i '/^\[OUTPUT\]/i\\' install/docker/config/fluent-bit.conf find %{_builddir}/server/publish/ \ %{_builddir}/server/ASC.Migration.Runner \ diff --git a/install/win/build-batch.bat b/install/win/build-batch.bat index 51007e78ea..c98e107ab6 100644 --- a/install/win/build-batch.bat +++ b/install/win/build-batch.bat @@ -65,10 +65,12 @@ REM echo ######## SSL configs ######## %sed% -i "s/\/etc\/nginx\/\.htpasswd_dashboards/\.htpasswd_dashboards/g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf REM echo ######## Configure fluent-bit config for windows ######## -%sed% -i "s/forward/tail/" buildtools\install\win\Files\config\fluent-bit.conf -%sed% -i "s/Port/Path/" buildtools\install\win\Files\config\fluent-bit.conf -%sed% -i "s/24224/{APPDIR}Logs\*.log/" buildtools\install\win\Files\config\fluent-bit.conf -%sed% -i "/Listen\s*127\.0\.0\.1/d" buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i -e "s|/var/log/onlyoffice/|{APPDIR}Logs\\|g" -e "s|\*\*/|\*\*\\|g" buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i "/^\[OUTPUT\]/i\[INPUT]" buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i "/^\[OUTPUT\]/i\ Name exec" buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i "/^\[OUTPUT\]/i\ Interval_Sec 86400" buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i "/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H 'Content-Type: application/json' -d '{\"query\": {\"range\": {\"@timestamp\": {\"lt\": \"now-30d\"}}}}'" buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i "/^\[OUTPUT\]/i\ " buildtools\install\win\Files\config\fluent-bit.conf REM echo ######## Delete test and dev configs ######## del /f /q buildtools\install\win\Files\config\*.test.json From c64b815fe2e06208d05a1ae3b357b70a4e961727 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 31 May 2024 14:47:45 +0300 Subject: [PATCH 18/55] Enable fluent-bit cofiguring in OCI docker by default --- install/OneClickInstall/install-Docker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/OneClickInstall/install-Docker.sh b/install/OneClickInstall/install-Docker.sh index 191442e804..92c58036d4 100644 --- a/install/OneClickInstall/install-Docker.sh +++ b/install/OneClickInstall/install-Docker.sh @@ -60,7 +60,7 @@ INSTALL_RABBITMQ="true"; INSTALL_MYSQL_SERVER="true"; INSTALL_DOCUMENT_SERVER="true"; INSTALL_ELASTICSEARCH="true"; -INSTALL_FLUENT_BIT="false"; +INSTALL_FLUENT_BIT="true"; INSTALL_PRODUCT="true"; UPDATE="false"; From d98874e1825b6cca8514a274e7ddaa61f81234c0 Mon Sep 17 00:00:00 2001 From: Andrey Savihin Date: Tue, 4 Jun 2024 13:07:00 +0300 Subject: [PATCH 19/55] ApiSystem: added new recaptcha type --- config/apisystem.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/apisystem.json b/config/apisystem.json index a3174134c0..b87e02f32a 100644 --- a/config/apisystem.json +++ b/config/apisystem.json @@ -30,6 +30,9 @@ "ios": "" } }, + "hcaptcha" : { + "private-key" : "" + }, "auth" : { "allowskip" : { "default" : false, From 87aad9f6cc9a01f07596d16c6c08511978270a06 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Wed, 5 Jun 2024 10:53:51 +0300 Subject: [PATCH 20/55] Improve the definition of a self-signed certificate --- install/docker/config/docspace-ssl-setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/docker/config/docspace-ssl-setup b/install/docker/config/docspace-ssl-setup index d8e01ce200..fc0bad3fe3 100644 --- a/install/docker/config/docspace-ssl-setup +++ b/install/docker/config/docspace-ssl-setup @@ -148,8 +148,8 @@ if [ -f "${CERTIFICATE_FILE}" ]; then echo -e "@weekly root ${DIR}/${PRODUCT}-renew-letsencrypt" | tee /etc/cron.d/${PRODUCT}-letsencrypt fi else - CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${CERTIFICATE_FILE}" | sed 's/subject=//') - CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${CERTIFICATE_FILE}" | sed 's/issuer=//') + CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${CERTIFICATE_FILE}" | sed -n 's/^.*CN *= *\([^,]*\).*$/\1/p') + CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${CERTIFICATE_FILE}" | sed -n 's/^.*CN *= *\([^,]*\).*$/\1/p') #Checking whether the certificate is self-signed if [[ -n "$CERTIFICATE_SUBJECT" && -n "$CERTIFICATE_ISSUER" && "$CERTIFICATE_SUBJECT" == "$CERTIFICATE_ISSUER" ]]; then From 30fd1f860d6016a231f439f4010bd8718865b892 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Wed, 5 Jun 2024 12:40:59 +0300 Subject: [PATCH 21/55] Correct the definition of a self-signed certificate by base domain --- install/docker/config/docspace-ssl-setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/docker/config/docspace-ssl-setup b/install/docker/config/docspace-ssl-setup index fc0bad3fe3..4762c4d7e2 100644 --- a/install/docker/config/docspace-ssl-setup +++ b/install/docker/config/docspace-ssl-setup @@ -148,8 +148,8 @@ if [ -f "${CERTIFICATE_FILE}" ]; then echo -e "@weekly root ${DIR}/${PRODUCT}-renew-letsencrypt" | tee /etc/cron.d/${PRODUCT}-letsencrypt fi else - CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${CERTIFICATE_FILE}" | sed -n 's/^.*CN *= *\([^,]*\).*$/\1/p') - CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${CERTIFICATE_FILE}" | sed -n 's/^.*CN *= *\([^,]*\).*$/\1/p') + CERTIFICATE_SUBJECT=$(openssl x509 -subject -noout -in "${CERTIFICATE_FILE}" | sed -n 's/^.*CN *= *\([^,]*\).*$/\1/p' | awk -F. '{print $(NF-1)"."$NF}') + CERTIFICATE_ISSUER=$(openssl x509 -issuer -noout -in "${CERTIFICATE_FILE}" | sed -n 's/^.*CN *= *\([^,]*\).*$/\1/p' | awk -F. '{print $(NF-1)"."$NF}') #Checking whether the certificate is self-signed if [[ -n "$CERTIFICATE_SUBJECT" && -n "$CERTIFICATE_ISSUER" && "$CERTIFICATE_SUBJECT" == "$CERTIFICATE_ISSUER" ]]; then From 509ec61a555309d4ed0b73faa5b3fe1cf76efefc Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 7 Jun 2024 15:11:50 +0300 Subject: [PATCH 22/55] Optimize the fix for the self-signed certificate problem (#236) --- install/docker/config/docspace-ssl-setup | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/install/docker/config/docspace-ssl-setup b/install/docker/config/docspace-ssl-setup index 4762c4d7e2..7b54556372 100644 --- a/install/docker/config/docspace-ssl-setup +++ b/install/docker/config/docspace-ssl-setup @@ -72,12 +72,9 @@ case $1 in fi if grep -q '${CERTIFICATE_PATH}:' ${DOCKERCOMPOSE}/docspace.yml; then - sed -i '/${CERTIFICATE_PATH}:/d' ${DOCKERCOMPOSE}/docspace.yml - docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up --force-recreate -d onlyoffice-doceditor onlyoffice-login onlyoffice-socket onlyoffice-ssoauth - fi - - if grep -q 'USE_UNAUTHORIZED_STORAGE' ${DOCKERCOMPOSE}/ds.yml; then sed -i '/USE_UNAUTHORIZED_STORAGE/d' ${DOCKERCOMPOSE}/ds.yml + sed -i '/${CERTIFICATE_PATH}:/d' ${DOCKERCOMPOSE}/docspace.yml ${DOCKERCOMPOSE}/ds.yml + docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up --force-recreate -d onlyoffice-doceditor onlyoffice-login onlyoffice-socket onlyoffice-ssoauth docker-compose -f ${DOCKERCOMPOSE}/ds.yml up --force-recreate -d fi @@ -155,7 +152,7 @@ if [ -f "${CERTIFICATE_FILE}" ]; then if [[ -n "$CERTIFICATE_SUBJECT" && -n "$CERTIFICATE_ISSUER" && "$CERTIFICATE_SUBJECT" == "$CERTIFICATE_ISSUER" ]]; then sed -i '/app_data:\/.*/a \ - ${CERTIFICATE_PATH}:${CERTIFICATE_PATH}' ${DOCKERCOMPOSE}/docspace.yml docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up --force-recreate -d onlyoffice-doceditor onlyoffice-login onlyoffice-socket onlyoffice-ssoauth - sed -i '/environment:/a \ - USE_UNAUTHORIZED_STORAGE=true' ${DOCKERCOMPOSE}/ds.yml + sed -i '/app_data:\/.*/a \ - ${CERTIFICATE_PATH}:/var/www/onlyoffice/Data/certs/extra-ca-certs.pem' ${DOCKERCOMPOSE}/ds.yml docker-compose -f ${DOCKERCOMPOSE}/ds.yml up --force-recreate -d fi fi From 2a6fd1449fd1e5c5e63ed3fddcb43a33d0f6f363 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Thu, 13 Jun 2024 15:07:39 +0400 Subject: [PATCH 23/55] Fix run run.translations.tests.bat on windows --- run.translations.tests.bat | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/run.translations.tests.bat b/run.translations.tests.bat index 4ec7cccfb5..4ef9257ee9 100644 --- a/run.translations.tests.bat +++ b/run.translations.tests.bat @@ -1,4 +1,5 @@ -PUSHD %~dp0\.. -set dir="%cd%" -echo %dir% -dotnet test %dir%\client\common\Tests\Frontend.Translations.Tests\Frontend.Translations.Tests.csproj --filter "TestCategory=Locales" -l:html --environment "BASE_DIR=%dir%" --results-directory "%dir%\TestsResults" \ No newline at end of file +PUSHD %~dp0\.. +set dir=%cd% +echo %dir% +dotnet test %dir%\client\common\Tests\Frontend.Translations.Tests\Frontend.Translations.Tests.csproj --filter "TestCategory=Locales" -l:html --environment "BASE_DIR=%dir%\client" --results-directory "%dir%\TestsResults" +pause \ No newline at end of file From b7f87ae77ba92b505c8f9eb20a8bdc7edb4edc5b Mon Sep 17 00:00:00 2001 From: Andrey Savihin Date: Thu, 13 Jun 2024 14:38:11 +0300 Subject: [PATCH 24/55] Feature/hcaptcha (#257) --- config/appsettings.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/config/appsettings.json b/config/appsettings.json index f82ac7e2d1..38bca67305 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -156,6 +156,10 @@ "recaptcha": { "public-key": "", "private-key": "" + }, + "hcaptcha" : { + "public-key": "", + "private-key": "" } }, "ConnectionStrings": { @@ -249,6 +253,12 @@ "oform": { "img": ["static-oforms.teamlab.info"], "connect": ["cmsoforms.teamlab.info", "oforms.teamlab.info"] + }, + "captcha": { + "script": ["*.google.com", "*.gstatic.com", "hcaptcha.com", "*.hcaptcha.com"], + "style": ["hcaptcha.com", "*.hcaptcha.com"], + "frame": ["*.google.com", "hcaptcha.com", "*.hcaptcha.com"], + "connect": ["hcaptcha.com", "*.hcaptcha.com"] } }, "logocolors": [ From 274ede0fdc400fbad577cb06971abb16c39930be Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Mon, 17 Jun 2024 14:58:17 +0400 Subject: [PATCH 25/55] Added new language "sr-Cyrl-RS" --- config/appsettings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/appsettings.json b/config/appsettings.json index 38bca67305..ea2afb4795 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -127,7 +127,7 @@ "url": "/socket.io", "internal": "http://localhost:9899/" }, - "cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR", + "cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Cyrl-RS,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR", "controlpanel": { "url": "" }, From 1b020f34414fbef2c786108694344bd08b587d29 Mon Sep 17 00:00:00 2001 From: Nasrullo Nurullaev Date: Tue, 18 Jun 2024 21:14:36 +0500 Subject: [PATCH 26/55] fix Bug 68483 - Fix installation issue with external MySQL server --- install/win/DocSpace.aip | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/win/DocSpace.aip b/install/win/DocSpace.aip index 96b57413d0..a253bf7a81 100644 --- a/install/win/DocSpace.aip +++ b/install/win/DocSpace.aip @@ -366,6 +366,7 @@ + @@ -393,10 +394,12 @@ + + From 955267377ea10c425edf0d5cfbd1a08c1fe59f50 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Wed, 19 Jun 2024 15:20:00 +0300 Subject: [PATCH 27/55] fix Bug 68738 - Fix opensearch repository re-addition --- install/OneClickInstall/install-Debian/install-preq.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/OneClickInstall/install-Debian/install-preq.sh b/install/OneClickInstall/install-Debian/install-preq.sh index 52285682fb..89fd8f3548 100644 --- a/install/OneClickInstall/install-Debian/install-preq.sh +++ b/install/OneClickInstall/install-Debian/install-preq.sh @@ -33,13 +33,13 @@ locale-gen en_US.UTF-8 # add opensearch repo curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring -echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" >> /etc/apt/sources.list.d/opensearch-2.x.list +echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" > /etc/apt/sources.list.d/opensearch-2.x.list ELASTIC_VERSION="2.11.1" #add opensearch dashboards repo if [ ${INSTALL_FLUENT_BIT} == "true" ]; then curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring - echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" >> /etc/apt/sources.list.d/opensearch-dashboards-2.x.list + echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" > /etc/apt/sources.list.d/opensearch-dashboards-2.x.list DASHBOARDS_VERSION="2.11.1" fi From 1c3907df34202e84a527074eb6ea6f696efb452d Mon Sep 17 00:00:00 2001 From: Sergey Kirichenko Date: Thu, 20 Jun 2024 19:14:48 +0300 Subject: [PATCH 28/55] Change keyserver address --- install/docker/Dockerfile.app | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/docker/Dockerfile.app b/install/docker/Dockerfile.app index 5e0d49bf2d..7ae38e6183 100644 --- a/install/docker/Dockerfile.app +++ b/install/docker/Dockerfile.app @@ -253,8 +253,8 @@ ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64 WORKDIR ${BUILD_PATH}/products/ASC.Files/service/ RUN echo "deb http://security.ubuntu.com/ubuntu focal-security main" | tee /etc/apt/sources.list && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 871920D1991BC93C && \ + apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \ + apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \ apt-get -y update && \ apt-get install -yq libssl1.1 && \ rm -rf /var/lib/apt/lists/* From 58867e72a8b40653cae849fe71a183e62e9ec6a0 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Thu, 20 Jun 2024 20:27:37 +0300 Subject: [PATCH 29/55] Ensure proper exit code handling in script termination --- install/OneClickInstall/docspace-install.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/install/OneClickInstall/docspace-install.sh b/install/OneClickInstall/docspace-install.sh index 4ab24ee409..b54796a3c2 100644 --- a/install/OneClickInstall/docspace-install.sh +++ b/install/OneClickInstall/docspace-install.sh @@ -156,27 +156,27 @@ fi if [ "$DOCKER" == "true" ]; then if [ "$LOCAL_SCRIPTS" == "true" ]; then - bash install-Docker.sh ${PARAMETERS} + bash install-Docker.sh ${PARAMETERS} || EXIT_CODE=$? else curl -s -O ${DOWNLOAD_URL_PREFIX}/install-Docker.sh - bash install-Docker.sh ${PARAMETERS} + bash install-Docker.sh ${PARAMETERS} || EXIT_CODE=$? rm install-Docker.sh fi else if [ -f /etc/redhat-release ] ; then if [ "$LOCAL_SCRIPTS" == "true" ]; then - bash install-RedHat.sh ${PARAMETERS} + bash install-RedHat.sh ${PARAMETERS} || EXIT_CODE=$? else curl -s -O ${DOWNLOAD_URL_PREFIX}/install-RedHat.sh - bash install-RedHat.sh ${PARAMETERS} + bash install-RedHat.sh ${PARAMETERS} || EXIT_CODE=$? rm install-RedHat.sh fi elif [ -f /etc/debian_version ] ; then if [ "$LOCAL_SCRIPTS" == "true" ]; then - bash install-Debian.sh ${PARAMETERS} + bash install-Debian.sh ${PARAMETERS} || EXIT_CODE=$? else curl -s -O ${DOWNLOAD_URL_PREFIX}/install-Debian.sh - bash install-Debian.sh ${PARAMETERS} + bash install-Debian.sh ${PARAMETERS} || EXIT_CODE=$? rm install-Debian.sh fi else @@ -184,3 +184,5 @@ else exit 1; fi fi + +exit ${EXIT_CODE:-0} From 74a849ec924c53ce9099582398974ef85ea802d8 Mon Sep 17 00:00:00 2001 From: Sukhorukov Anton Date: Sat, 22 Jun 2024 22:24:22 +0300 Subject: [PATCH 30/55] add urlshortener --- config/appsettings.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/appsettings.json b/config/appsettings.json index ea2afb4795..67be62c3f1 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -326,5 +326,9 @@ "asc.files": "/openapi/asc.files/common.yaml", "asc.data.backup": "/openapi/asc.data.backup/common.yaml" } + }, + "urlShortener":{ + "length": 15, + "alphabet": "5XzpDt6wZRdsTrJkSY_cgPyxN4j-fnb9WKBF8vh3GH72QqmLVCM" } } From 0a72fbc828e726794f6c44d0a6bd16b7934cd0f4 Mon Sep 17 00:00:00 2001 From: Timofey Boyko Date: Mon, 1 Jul 2024 14:03:35 +0300 Subject: [PATCH 31/55] Fix run login for windows service --- run/Login.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run/Login.xml b/run/Login.xml index 9ed5a7efda..06ba10362e 100644 --- a/run/Login.xml +++ b/run/Login.xml @@ -3,7 +3,8 @@ ONLYOFFICE Login SSR manual node - ../../publish/web/login/server.js + server.js + %BASE%\..\..\client\packages\login true From 5d9a492c0655fd72ff9153fa9d29462068906644 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Mon, 1 Jul 2024 15:51:54 +0300 Subject: [PATCH 32/55] Merge develop into release/v2.6.0 (#266) Co-authored-by: Elbakyan Shirak --- .../install-Debian/install-preq.sh | 4 ++-- .../OneClickInstall/install-Debian/tools.sh | 24 +++++++++++++------ .../install-RedHat/install-preq.sh | 2 +- install/deb/debian/rules | 2 +- install/rpm/SPECS/build.spec | 2 +- install/rpm/SPECS/install.spec | 2 ++ 6 files changed, 24 insertions(+), 12 deletions(-) diff --git a/install/OneClickInstall/install-Debian/install-preq.sh b/install/OneClickInstall/install-Debian/install-preq.sh index 89fd8f3548..42d2c7ca9a 100644 --- a/install/OneClickInstall/install-Debian/install-preq.sh +++ b/install/OneClickInstall/install-Debian/install-preq.sh @@ -10,6 +10,8 @@ cat<> /etc/apt/sources.list echo "deb-src http://ftp.uk.debian.org/debian/ $DISTRIB_CODENAME main contrib" >> /etc/apt/sources.list @@ -144,5 +146,3 @@ if which apparmor_parser && [ ! -f /etc/apparmor.d/disable/usr.sbin.mysqld ] && ln -sf /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/; apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld; fi - -hold_package_version "dotnet-*" "aspnetcore-*" opensearch redis-server rabbitmq-server opensearch-dashboards fluent-bit diff --git a/install/OneClickInstall/install-Debian/tools.sh b/install/OneClickInstall/install-Debian/tools.sh index f96431e9a5..e1265b2522 100644 --- a/install/OneClickInstall/install-Debian/tools.sh +++ b/install/OneClickInstall/install-Debian/tools.sh @@ -26,13 +26,23 @@ command_exists () { # Function to prevent package auto-update hold_package_version() { - for package in "$@"; do - if command -v apt-mark >/dev/null 2>&1 && - dpkg-query -l "$package" >/dev/null 2>&1 - then - apt-mark hold "$package" - fi - done + packages=("dotnet-*" "aspnetcore-*" opensearch redis-server rabbitmq-server opensearch-dashboards fluent-bit) + for package in "${packages[@]}"; do + command -v apt-mark >/dev/null 2>&1 && apt-mark showhold | grep -q "^$package" && apt-mark unhold "$package" + done + + UNATTENDED_UPGRADES_FILE="/etc/apt/apt.conf.d/50unattended-upgrades" + if [ -f ${UNATTENDED_UPGRADES_FILE} ] && grep -q "Package-Blacklist" ${UNATTENDED_UPGRADES_FILE}; then + for package in "${packages[@]}"; do + if ! grep -q "$package" ${UNATTENDED_UPGRADES_FILE}; then + sed -i "/Package-Blacklist/a \\\t\"$package\";" ${UNATTENDED_UPGRADES_FILE} + fi + done + + if systemctl list-units --type=service --state=running | grep -q "unattended-upgrades"; then + systemctl restart unattended-upgrades + fi + fi } check_hardware () { diff --git a/install/OneClickInstall/install-RedHat/install-preq.sh b/install/OneClickInstall/install-RedHat/install-preq.sh index 3074a91f53..390fc8c220 100644 --- a/install/OneClickInstall/install-RedHat/install-preq.sh +++ b/install/OneClickInstall/install-RedHat/install-preq.sh @@ -39,7 +39,7 @@ yum localinstall -y --nogpgcheck https://download1.rpmfusion.org/free/$RPMFUSION [ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1 if [ "$DIST" == "centos" ]; then - [ "$REV" = "9" ] && TESTING_REPO="--enablerepo=crb" || POWERTOOLS_REPO="--enablerepo=powertools" + [ "$REV" = "9" ] && { ${package_manager} -y install xorg-x11-font-utils; TESTING_REPO="--enablerepo=crb"; } || POWERTOOLS_REPO="--enablerepo=powertools" elif [ "$DIST" == "redhat" ]; then /usr/bin/crb enable fi diff --git a/install/deb/debian/rules b/install/deb/debian/rules index 94d8165ee9..c189c93fae 100644 --- a/install/deb/debian/rules +++ b/install/deb/debian/rules @@ -88,7 +88,7 @@ override_dh_auto_build: check_archives sed -i '/^\[OUTPUT\]/i\[INPUT]' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf sed -i '/^\[OUTPUT\]/i\ Name exec' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf sed -i '/^\[OUTPUT\]/i\ Interval_Sec 86400' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf - sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\'' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf + sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\''' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf sed -i '/^\[OUTPUT\]/i\\' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf for i in ${PRODUCT} $$(ls ${CURDIR}/debian/*.install | grep -oP 'debian/\K.*' | grep -o '^[^.]*'); do \ diff --git a/install/rpm/SPECS/build.spec b/install/rpm/SPECS/build.spec index 664b4f3ef8..49dc43eb69 100644 --- a/install/rpm/SPECS/build.spec +++ b/install/rpm/SPECS/build.spec @@ -34,7 +34,7 @@ sed -i "s#\(/var/log/onlyoffice/\)#\1%{product}#" install/docker/config/fluent-b sed -i '/^\[OUTPUT\]/i\[INPUT]' install/docker/config/fluent-bit.conf sed -i '/^\[OUTPUT\]/i\ Name exec' install/docker/config/fluent-bit.conf sed -i '/^\[OUTPUT\]/i\ Interval_Sec 86400' install/docker/config/fluent-bit.conf -sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\'' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf +sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\''' install/docker/config/fluent-bit.conf sed -i '/^\[OUTPUT\]/i\\' install/docker/config/fluent-bit.conf find %{_builddir}/server/publish/ \ diff --git a/install/rpm/SPECS/install.spec b/install/rpm/SPECS/install.spec index 6769649dcf..6846089986 100644 --- a/install/rpm/SPECS/install.spec +++ b/install/rpm/SPECS/install.spec @@ -25,6 +25,7 @@ mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/server/DocStore/" mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/editor/" # Hidden folders are not copied when applying a mask * (only in RPM), so we explicitly copy .next directory in this way mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/editor/.next/" +mkdir -p "%{buildroot}%{buildpath}/products/ASC.Login/login/.next/" mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/client/" mkdir -p "%{buildroot}%{buildpath}/client/" mkdir -p "%{buildroot}%{buildpath}/management/" @@ -40,6 +41,7 @@ mkdir -p "%{buildroot}%{_bindir}/" cp -rf %{_builddir}/publish/web/public/* "%{buildroot}%{buildpath}/public/" cp -rf %{_builddir}/campaigns/src/campaigns/* "%{buildroot}%{buildpath}/public/campaigns" cp -rf %{_builddir}/publish/web/login/* "%{buildroot}%{buildpath}/products/ASC.Login/login/" +cp -rf %{_builddir}/publish/web/login/.next/* "%{buildroot}%{buildpath}/products/ASC.Login/login/.next/" cp -rf %{_builddir}/publish/web/editor/* "%{buildroot}%{buildpath}/products/ASC.Files/editor/" cp -rf %{_builddir}/publish/web/editor/.next/* "%{buildroot}%{buildpath}/products/ASC.Files/editor/.next/" cp -rf %{_builddir}/server/products/ASC.Files/Server/DocStore/* "%{buildroot}%{buildpath}/products/ASC.Files/server/DocStore/" From 3c6249de92a7d69996232670375536d9e4a6e75f Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Mon, 1 Jul 2024 17:32:56 +0300 Subject: [PATCH 33/55] Fix fluent-bit in windows package (#268) --- install/win/DocSpace.aip | 2 +- install/win/build-batch.bat | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/install/win/DocSpace.aip b/install/win/DocSpace.aip index a253bf7a81..004329ddf5 100644 --- a/install/win/DocSpace.aip +++ b/install/win/DocSpace.aip @@ -56,7 +56,7 @@ - + diff --git a/install/win/build-batch.bat b/install/win/build-batch.bat index c98e107ab6..4f31bff1a1 100644 --- a/install/win/build-batch.bat +++ b/install/win/build-batch.bat @@ -65,12 +65,13 @@ REM echo ######## SSL configs ######## %sed% -i "s/\/etc\/nginx\/\.htpasswd_dashboards/\.htpasswd_dashboards/g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf REM echo ######## Configure fluent-bit config for windows ######## -%sed% -i -e "s|/var/log/onlyoffice/|{APPDIR}Logs\\|g" -e "s|\*\*/|\*\*\\|g" buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i -e "s|/var/log/onlyoffice/|{APPDIR}Logs\\|g" -e "s|\*\*/|\*\*\\|g" -e "s#DocSpace\Logs\**\#DocumentServer\Log\#g" buildtools\install\win\Files\config\fluent-bit.conf %sed% -i "/^\[OUTPUT\]/i\[INPUT]" buildtools\install\win\Files\config\fluent-bit.conf %sed% -i "/^\[OUTPUT\]/i\ Name exec" buildtools\install\win\Files\config\fluent-bit.conf %sed% -i "/^\[OUTPUT\]/i\ Interval_Sec 86400" buildtools\install\win\Files\config\fluent-bit.conf %sed% -i "/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H 'Content-Type: application/json' -d '{\"query\": {\"range\": {\"@timestamp\": {\"lt\": \"now-30d\"}}}}'" buildtools\install\win\Files\config\fluent-bit.conf -%sed% -i "/^\[OUTPUT\]/i\ " buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i -e "s/\"/\\\\\"/g" -e "s/'/\"/g" buildtools\install\win\Files\config\fluent-bit.conf +%sed% -i "/\[OUTPUT\]/i\\n" buildtools\install\win\Files\config\fluent-bit.conf REM echo ######## Delete test and dev configs ######## del /f /q buildtools\install\win\Files\config\*.test.json From 16abb17842c80d9fa48595aa86092c164c078b4b Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Mon, 1 Jul 2024 17:34:11 +0300 Subject: [PATCH 34/55] Fix logging error in windows package (#269) --- install/win/build-batch.bat | 1 + 1 file changed, 1 insertion(+) diff --git a/install/win/build-batch.bat b/install/win/build-batch.bat index 4f31bff1a1..b8aecbc3fc 100644 --- a/install/win/build-batch.bat +++ b/install/win/build-batch.bat @@ -61,6 +61,7 @@ REM echo ######## SSL configs ######## %sed% -i "s/ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/#ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl %sed% -i "/quic\|alt-svc/Id" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl %sed% -i "s_\(.*root\).*;_\1 \"{APPDIR}letsencrypt\";_g" -i buildtools\install\win\Files\nginx\conf\includes\letsencrypt.conf +%sed% -i "s#/var/log/nginx/#logs/#g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl %sed% -i "s#/etc/nginx/html#conf/html#g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf %sed% -i "s/\/etc\/nginx\/\.htpasswd_dashboards/\.htpasswd_dashboards/g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf From 94113da1ecc4f523ffa08057d1e36b051aa2a240 Mon Sep 17 00:00:00 2001 From: Andrey Savihin Date: Tue, 2 Jul 2024 12:32:45 +0300 Subject: [PATCH 35/55] Feature/install encoding (#270) --- install/install.bat | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/install.bat b/install/install.bat index b03e6a86f3..84d5901467 100644 --- a/install/install.bat +++ b/install/install.bat @@ -1,5 +1,7 @@ @echo off +chcp 65001 > nul + PUSHD %~dp0.. call runasadmin.bat "%~dpnx0" From 044eb04161f5804f40302239de6d762a338959f2 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Tue, 2 Jul 2024 16:32:54 +0300 Subject: [PATCH 36/55] Correct index name for fluent-bit (#271) --- install/common/product-configuration | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/common/product-configuration b/install/common/product-configuration index bdc567e23b..e51196f361 100644 --- a/install/common/product-configuration +++ b/install/common/product-configuration @@ -26,7 +26,7 @@ APP_PORT="80" ELK_SHEME="http" ELK_HOST="localhost" ELK_PORT="9200" -OPENSEARCH_INDEX="${PACKAGE_SYSNAME}-${PRODUCT}-logs" +OPENSEARCH_INDEX="${PACKAGE_SYSNAME}-fluent-bit" RABBITMQ_HOST="localhost" RABBITMQ_USER="guest" From ea968a82eb987617ab597c5e33d431f734dda569 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Tue, 2 Jul 2024 17:21:53 +0300 Subject: [PATCH 37/55] Optimize repository inclusion for OCI RedHat (#272) --- install/OneClickInstall/install-RedHat/install-preq.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/install/OneClickInstall/install-RedHat/install-preq.sh b/install/OneClickInstall/install-RedHat/install-preq.sh index 390fc8c220..8cb87ff997 100644 --- a/install/OneClickInstall/install-RedHat/install-preq.sh +++ b/install/OneClickInstall/install-RedHat/install-preq.sh @@ -37,12 +37,9 @@ fi rpm -ivh https://rpms.remirepo.net/$REMI_DISTR_NAME/remi-release-$REV.rpm || true yum localinstall -y --nogpgcheck https://download1.rpmfusion.org/free/$RPMFUSION_DISTR_NAME/rpmfusion-free-release-$REV.noarch.rpm -[ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1 -if [ "$DIST" == "centos" ]; then - [ "$REV" = "9" ] && { ${package_manager} -y install xorg-x11-font-utils; TESTING_REPO="--enablerepo=crb"; } || POWERTOOLS_REPO="--enablerepo=powertools" -elif [ "$DIST" == "redhat" ]; then - /usr/bin/crb enable -fi +[ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1 && ${package_manager} -y install xorg-x11-font-utils +[ "$DIST" = "centos" ] && TESTING_REPO="--enablerepo=$( [ "$REV" = "9" ] && echo "crb" || echo "powertools" )" +[ "$DIST" = "redhat" ] && /usr/bin/crb enable #add rabbitmq & erlang repo curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | bash From 1892c1187a018391cf6d9dac45cf44fedc844535 Mon Sep 17 00:00:00 2001 From: Nikolay Rechkin Date: Wed, 3 Jul 2024 15:38:16 +0300 Subject: [PATCH 38/55] FormRoom: moved the PDF form signature to the config --- config/appsettings.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/appsettings.json b/config/appsettings.json index 67be62c3f1..b4aa97228f 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -110,7 +110,8 @@ "path": "/api/upload", "ext": ".pdf", "dashboard": "/dashboard/api" - } + }, + "signature": "ONLYOFFICEFORM" } }, "web": { From 633f0de3d114b548621fec0e2511b87418e310f4 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 5 Jul 2024 12:28:28 +0300 Subject: [PATCH 39/55] Add domain name validation when switching to HTTPS (#278) --- install/common/product-ssl-setup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/common/product-ssl-setup b/install/common/product-ssl-setup index 6a58fc7794..b93e8cc0c2 100644 --- a/install/common/product-ssl-setup +++ b/install/common/product-ssl-setup @@ -47,6 +47,8 @@ case $1 in DOMAIN=$2 CERTIFICATE_FILE=$3 PRIVATEKEY_FILE=$4 + + [[ $DOMAIN =~ ^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$ ]] || { echo "Error: domain name '$DOMAIN' is incorrect." >&2; exit 1; } else help fi From 9c85615a6c3627fb5352b871e64a863c5ad8386b Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 5 Jul 2024 17:44:54 +0300 Subject: [PATCH 40/55] fix Bug 68999 - Set the default address when resetting the configuration (#277) --- install/common/product-ssl-setup | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/install/common/product-ssl-setup b/install/common/product-ssl-setup index b93e8cc0c2..d4fa66e0dd 100644 --- a/install/common/product-ssl-setup +++ b/install/common/product-ssl-setup @@ -8,7 +8,8 @@ LETSENCRYPT="/etc/letsencrypt/live"; OPENRESTY="/etc/openresty/conf.d" DHPARAM_FILE="/etc/ssl/certs/dhparam.pem" WEBROOT_PATH="/var/www/${PRODUCT}" -SYSTEMD_DIR="/usr/lib/systemd/system" +CONFIG_DIR="/etc/onlyoffice/${PRODUCT}" +SYSTEMD_DIR=$(dirname $($(command -v dpkg-query &> /dev/null && echo "dpkg-query -L" || echo "rpm -ql") ${PRODUCT}-api | grep systemd/system/)) # Check if configuration files are present if [ ! -f "${OPENRESTY}/onlyoffice-proxy-ssl.conf.template" -a ! -f "${OPENRESTY}/onlyoffice-proxy.conf.template" ]; then @@ -61,7 +62,7 @@ case $1 in sed "s!\(worker_connections\).*;!\1 $(ulimit -n);!" -i "${OPENRESTY}/onlyoffice-proxy.conf" [[ -f "${DIR}/${PRODUCT}-renew-letsencrypt" ]] && rm -rf "${DIR}/${PRODUCT}-renew-letsencrypt" [ $(pgrep -x ""systemd"" | wc -l) -gt 0 ] && systemctl reload openresty || service openresty reload - + sed -i "s/\(\"portal\":\).*/\1 \"http:\/\/localhost:80\"/" ${CONFIG_DIR}/appsettings.$(grep -oP 'ENVIRONMENT=\K.*' ${SYSTEMD_DIR}/${PRODUCT}-api.service).json SYSTEMD_NODE_FILES=$(grep -l "NODE_EXTRA_CA_CERTS" ${SYSTEMD_DIR}/${PRODUCT}-*.service ${SYSTEMD_DIR}/ds-*.service || true) if [ -n "$SYSTEMD_NODE_FILES" ]; then sed -i '/NODE_EXTRA_CA_CERTS/d' ${SYSTEMD_NODE_FILES} @@ -108,10 +109,7 @@ PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}" if [ -f "${CERTIFICATE_FILE}" ]; then if [ -f "${PRIVATEKEY_FILE}" ]; then cp -f ${OPENRESTY}/onlyoffice-proxy-ssl.conf.template ${OPENRESTY}/onlyoffice-proxy.conf - - PACKAGE_FILE_CHECKER=$(command -v dpkg-query &> /dev/null && echo "dpkg-query -L" || echo "rpm -ql") - ENVIRONMENT=$(grep -oP 'ENVIRONMENT=\K.*' $(dirname $(${PACKAGE_FILE_CHECKER} ${PRODUCT}-api | grep systemd/system/))/${PRODUCT}-api.service) - sed -i "s/\(\"portal\":\).*/\1 \"https:\/\/${DOMAIN}\"/" /etc/onlyoffice/docspace/appsettings.$ENVIRONMENT.json + sed -i "s/\(\"portal\":\).*/\1 \"https:\/\/${DOMAIN}\"/" ${CONFIG_DIR}/appsettings.$(grep -oP 'ENVIRONMENT=\K.*' ${SYSTEMD_DIR}/${PRODUCT}-api.service).json sed -i "s~\(ssl_certificate \).*;~\1${CERTIFICATE_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf sed -i "s~\(ssl_certificate_key \).*;~\1${PRIVATEKEY_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf sed -i "s~\(ssl_dhparam \).*;~\1${DHPARAM_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf From 4cbb9f028cf15aa740604db610eadbb4de74c21b Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 5 Jul 2024 18:22:41 +0300 Subject: [PATCH 41/55] Refactoring the script for running OCI tests (#275) --- tests/vagrant/Vagrantfile | 1 + tests/vagrant/install.sh | 243 +++++++++----------------------------- 2 files changed, 58 insertions(+), 186 deletions(-) diff --git a/tests/vagrant/Vagrantfile b/tests/vagrant/Vagrantfile index 98c7b371e3..68f9f831ae 100644 --- a/tests/vagrant/Vagrantfile +++ b/tests/vagrant/Vagrantfile @@ -15,6 +15,7 @@ Vagrant.configure("2") do |config| config.vm.provision "file", source: "../../../DocSpace-buildtools/install/OneClickInstall/.", destination: "/tmp/docspace/" end + config.vm.provision "file", source: "../../../DocSpace-buildtools/install/common/systemd/build.sh", destination: "/tmp/docspace/build.sh" config.vm.provision "shell", path: './install.sh', :args => "#{ENV['DOWNLOAD_SCRIPT']} #{ENV['TEST_REPO']} #{ENV['ARGUMENTS']}" # Prevent SharedFoldersEnableSymlinksCreate errors diff --git a/tests/vagrant/install.sh b/tests/vagrant/install.sh index 76802eb254..9e45cb2ab7 100644 --- a/tests/vagrant/install.sh +++ b/tests/vagrant/install.sh @@ -1,91 +1,45 @@ #!/bin/bash -set -ex +set -e while [ "$1" != "" ]; do - case $1 in + case $1 in + -ds | --download-scripts ) + if [ "$2" != "" ]; then + DOWNLOAD_SCRIPTS=$2 + shift + fi + ;; - -ds | --download-scripts ) - if [ "$2" != "" ]; then - DOWNLOAD_SCRIPTS=$2 - shift - fi - ;; + -arg | --arguments ) + if [ "$2" != "" ]; then + ARGUMENTS=$2 + shift + fi + ;; - -arg | --arguments ) - if [ "$2" != "" ]; then - ARGUMENTS=$2 - shift - fi - ;; + -li | --local-install ) + if [ "$2" != "" ]; then + LOCAL_INSTALL=$2 + shift + fi + ;; - - -pi | --production-install ) - if [ "$2" != "" ]; then - PRODUCTION_INSTALL=$2 - shift - fi - ;; - - -li | --local-install ) - if [ "$2" != "" ]; then - LOCAL_INSTALL=$2 - shift - fi - ;; - - -lu | --local-update ) - if [ "$2" != "" ]; then - LOCAL_UPDATE=$2 - shift - fi - ;; - - -tr | --test-repo ) - if [ "$2" != "" ]; then - TEST_REPO_ENABLE=$2 - shift - fi - ;; - - - esac - shift + -tr | --test-repo ) + if [ "$2" != "" ]; then + TEST_REPO_ENABLE=$2 + shift + fi + ;; + esac + shift done export TERM=xterm-256color^M -SERVICES_SYSTEMD=( - "docspace-api.service" - "docspace-doceditor.service" - "docspace-studio-notify.service" - "docspace-files.service" - "docspace-notify.service" - "docspace-studio.service" - "docspace-backup-background.service" - "docspace-files-services.service" - "docspace-people-server.service" - "docspace-backup.service" - "docspace-healthchecks.service" - "docspace-socket.service" - "docspace-clear-events.service" - "docspace-login.service" - "docspace-ssoauth.service" - "ds-converter.service" - "ds-docservice.service" - "ds-metrics.service") - function common::get_colors() { - COLOR_BLUE=$'\e[34m' - COLOR_GREEN=$'\e[32m' - COLOR_RED=$'\e[31m' - COLOR_RESET=$'\e[0m' - COLOR_YELLOW=$'\e[33m' - export COLOR_BLUE - export COLOR_GREEN - export COLOR_RED - export COLOR_RESET - export COLOR_YELLOW + export LINE_SEPARATOR="-----------------------------------------" + export COLOR_BLUE=$'\e[34m' COLOR_GREEN=$'\e[32m' COLOR_RED=$'\e[31m' COLOR_RESET=$'\e[0m' COLOR_YELLOW=$'\e[33m' } ############################################################################################# @@ -98,13 +52,10 @@ function common::get_colors() { # None ############################################################################################# function check_hw() { - local FREE_RAM=$(free -h) - local FREE_CPU=$(nproc) - echo "${COLOR_RED} ${FREE_RAM} ${COLOR_RESET}" - echo "${COLOR_RED} ${FREE_CPU} ${COLOR_RESET}" + echo "${COLOR_RED} $(free -h) ${COLOR_RESET}" + echo "${COLOR_RED} $(nproc) ${COLOR_RESET}" } - ############################################################################################# # Add nexus repositories for test packages for .deb and .rpm packages # Globals: None @@ -149,12 +100,8 @@ function prepare_vm() { ;; debian) - if [ "$VERSION_CODENAME" == "bookworm" ]; then - apt-get update -y - apt install -y curl gnupg - fi - apt-get remove postfix -y - echo "${COLOR_GREEN}☑ PREPAVE_VM: Postfix was removed${COLOR_RESET}" + [ "$VERSION_CODENAME" == "bookworm" ] && apt-get update -y && apt install -y curl gnupg + apt-get remove postfix -y && echo "${COLOR_GREEN}☑ PREPAVE_VM: Postfix was removed${COLOR_RESET}" [[ "${TEST_REPO_ENABLE}" == 'true' ]] && add-repo-deb ;; @@ -163,10 +110,7 @@ function prepare_vm() { ;; centos) - if [ "$VERSION_ID" == "9" ]; then - update-crypto-policies --set LEGACY - echo "${COLOR_GREEN}☑ PREPAVE_VM: sha1 gpg key chek enabled${COLOR_RESET}" - fi + [ "$VERSION_ID" == "8" ] && sed -i 's|^mirrorlist=|#&|; s|^#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|' /etc/yum.repos.d/CentOS-* [[ "${TEST_REPO_ENABLE}" == 'true' ]] && add-repo-rpm yum -y install centos*-release ;; @@ -175,21 +119,16 @@ function prepare_vm() { echo "${COLOR_RED}Failed to determine Linux dist${COLOR_RESET}"; exit 1 ;; esac - else echo "${COLOR_RED}File /etc/os-release doesn't exist${COLOR_RESET}"; exit 1 fi # Clean up home folder rm -rf /home/vagrant/* - - if [ -d /tmp/docspace ]; then - mv /tmp/docspace/* /home/vagrant - fi + [ -d /tmp/docspace ] && mv /tmp/docspace/* /home/vagrant echo '127.0.0.1 host4test' | sudo tee -a /etc/hosts echo "${COLOR_GREEN}☑ PREPAVE_VM: Hostname was setting up${COLOR_RESET}" - } ############################################################################################# @@ -202,34 +141,23 @@ function prepare_vm() { # Script log ############################################################################################# function install_docspace() { - if [ "${DOWNLOAD_SCRIPTS}" == 'true' ]; then - wget https://download.onlyoffice.com/docspace/docspace-install.sh - else - sed 's/set -e/set -xe/' -i *.sh - fi - - printf "N\nY\nY" | bash docspace-install.sh ${ARGUMENTS} - - if [[ $? != 0 ]]; then - echo "Exit code non-zero. Exit with 1." - exit 1 - else - echo "Exit code 0. Continue..." - fi + [[ "${DOWNLOAD_SCRIPTS}" == 'true' ]] && wget https://download.onlyoffice.com/docspace/docspace-install.sh || sed 's/set -e/set -xe/' -i *.sh + bash docspace-install.sh package ${ARGUMENTS} || { echo "Exit code non-zero. Exit with 1."; exit 1; } + echo "Exit code 0. Continue..." } ############################################################################################# # Healthcheck function for systemd services # Globals: -# SERVICES_SYSTEMD +# None # Arguments: # None # Outputs: # Message about service status ############################################################################################# function healthcheck_systemd_services() { - for service in ${SERVICES_SYSTEMD[@]} - do + for service in ${SERVICES_SYSTEMD[@]}; do + [[ "$service" == "docspace-migration-runner.service" ]] && continue; if systemctl is-active --quiet ${service}; then echo "${COLOR_GREEN}☑ OK: Service ${service} is running${COLOR_RESET}" else @@ -239,7 +167,6 @@ function healthcheck_systemd_services() { done } - ############################################################################################# # Set output if some services failed # Globals: @@ -261,7 +188,7 @@ function healthcheck_general_status() { ############################################################################################# # Get logs for all services # Globals: -# $SERVICES_SYSTEMD +# None # Arguments: # None # Outputs: @@ -272,83 +199,27 @@ function healthcheck_general_status() { # This function succeeds even if the file for cat was not found. For that use ${SKIP_EXIT} variable ############################################################################################# function services_logs() { + SERVICES_SYSTEMD=($(awk '/SERVICE_NAME=\(/{flag=1; next} /\)/{flag=0} flag' "build.sh" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | sed 's/^/docspace-/' | sed 's/$/.service/')) + SERVICES_SYSTEMD+=("ds-converter.service" "ds-docservice.service" "ds-metrics.service") + for service in ${SERVICES_SYSTEMD[@]}; do - echo ----------------------------------------- - echo "${COLOR_GREEN}Check logs for systemd service: $service${COLOR_RESET}" - echo ---------------------- ------------------- - EXIT_CODE=0 - journalctl -u $service || true + echo $LINE_SEPARATOR && echo "${COLOR_GREEN}Check logs for systemd service: $service${COLOR_RESET}" && echo $LINE_SEPARATOR + journalctl -u $service -n 30 || true done - local MAIN_LOGS_DIR="/var/log/onlyoffice" - local DOCSPACE_LOGS_DIR="${MAIN_LOGS_DIR}/docspace" - local DOCUMENTSERVER_LOGS_DIR="${MAIN_LOGS_DIR}/documentserver" - local DOCSERVICE_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/docservice" - local CONVERTER_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/converter" - local METRICS_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/metrics" - - ARRAY_MAIN_SERVICES_LOGS=($(ls ${MAIN_LOGS_DIR} | grep log | sed 's/web.sql.log//;s/web.api.log//;s/nginx.*//' )) - ARRAY_DOCSPACE_LOGS=($(ls ${DOCSPACE_LOGS_DIR})) - ARRAY_DOCSERVICE_LOGS=($(ls ${DOCSERVICE_LOGS_DIR})) - ARRAY_CONVERTER_LOGS=($(ls ${CONVERTER_LOGS_DIR})) - ARRAY_METRICS_LOGS=($(ls ${METRICS_LOGS_DIR})) - - echo "-----------------------------------" - echo "${COLOR_YELLOW} Check logs for main services ${COLOR_RESET}" - echo "-----------------------------------" - for file in ${ARRAY_MAIN_SERVICES_LOGS[@]}; do - echo --------------------------------------- - echo "${COLOR_GREEN}logs from file: ${file}${COLOR_RESET}" - echo --------------------------------------- - cat ${MAIN_LOGS_DIR}/${file} || true - done - - echo "-----------------------------------" - echo "${COLOR_YELLOW} Check logs for Docservice ${COLOR_RESET}" - echo "-----------------------------------" - for file in ${ARRAY_DOCSERVICE_LOGS[@]}; do - echo --------------------------------------- - echo "${COLOR_GREEN}logs from file: ${file}${COLOR_RESET}" - echo --------------------------------------- - cat ${DOCSERVICE_LOGS_DIR}/${file} || true - done - - echo "-----------------------------------" - echo "${COLOR_YELLOW} Check logs for Converter ${COLOR_RESET}" - echo "-----------------------------------" - for file in ${ARRAY_CONVERTER_LOGS[@]}; do - echo --------------------------------------- - echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}" - echo --------------------------------------- - cat ${CONVERTER_LOGS_DIR}/${file} || true - done - - echo "-----------------------------------" - echo "${COLOR_YELLOW} Start logs for Metrics ${COLOR_RESET}" - echo "-----------------------------------" - for file in ${ARRAY_METRICS_LOGS[@]}; do - echo --------------------------------------- - echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}" - echo --------------------------------------- - cat ${METRICS_LOGS_DIR}/${file} || true - done + local DOCSPACE_LOGS_DIR="/var/log/onlyoffice/docspace" + local DOCUMENTSERVER_LOGS_DIR="/var/log/onlyoffice/documentserver" - echo "-----------------------------------" - echo "${COLOR_YELLOW} Start logs for DocSpace ${COLOR_RESET}" - echo "-----------------------------------" - for file in ${ARRAY_DOCSPACE_LOGS[@]}; do - echo --------------------------------------- - echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}" - echo --------------------------------------- - cat ${DOCSPACE_LOGS_DIR}/${file} || true + for LOGS_DIR in "${DOCSPACE_LOGS_DIR}" "${DOCUMENTSERVER_LOGS_DIR}"; do + echo $LINE_SEPARATOR && echo "${COLOR_YELLOW}Check logs for $(basename "${LOGS_DIR}"| tr '[:lower:]' '[:upper:]') ${COLOR_RESET}" && echo $LINE_SEPARATOR + + find "${LOGS_DIR}" -type f -name "*.log" ! -name "*sql*" ! -name "*nginx*" | while read -r FILE; do + echo $LINE_SEPARATOR && echo "${COLOR_GREEN}Logs from file: ${FILE}${COLOR_RESET}" && echo $LINE_SEPARATOR + tail -30 "${FILE}" || true + done done } -function healthcheck_docker_installation() { - exit 0 -} - - main() { common::get_colors prepare_vm From 83921a7f856dbe488587fa15c7e90e4e7e67018c Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Mon, 8 Jul 2024 13:52:05 +0400 Subject: [PATCH 42/55] Fix run build.backend.docker.py on macOS (command not found: docker-compose) --- build.backend.docker.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.backend.docker.py b/build.backend.docker.py index 452024ad57..291ea0c9a6 100755 --- a/build.backend.docker.py +++ b/build.backend.docker.py @@ -188,7 +188,8 @@ os.environ["SRC_PATH"] = os.path.join(dir, "publish/services") os.environ["DATA_DIR"] = os.path.join(dir, "data") os.environ["APP_URL_PORTAL"] = portal_url os.environ["MIGRATION_TYPE"] = migration_type -subprocess.run(["docker-compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join(dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"]) +subprocess.run(["docker", "compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join( + dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"]) print() print("Run script directory:", dir) From ac25dc567f1e00f1fe78e2dcacae56847b77db90 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Mon, 8 Jul 2024 13:55:38 +0400 Subject: [PATCH 43/55] Fix Bug 68978 - [SSO] No redirection to the portal after authorization via the IdP server --- config/nginx/onlyoffice.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index b23afa685d..67faedd15d 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -104,7 +104,7 @@ server { local accept_header = ngx.req.get_headers()["Accept"] if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then - if not ngx.re.match(ngx.var.request_uri, "login|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*") then + if not ngx.re.match(ngx.var.request_uri, "login|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.") then if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then if ngx.var.request_uri == "/" then return ngx.redirect("/login") From ef67bae3586fbf08cc4c014a658c112eef66ff57 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Tue, 9 Jul 2024 13:28:32 +0400 Subject: [PATCH 44/55] Fix download file from public room (redirect to /login issue) --- config/nginx/onlyoffice.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index 67faedd15d..6c252000ff 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -104,7 +104,7 @@ server { local accept_header = ngx.req.get_headers()["Accept"] if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then - if not ngx.re.match(ngx.var.request_uri, "login|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.") then + if not ngx.re.match(ngx.var.request_uri, "login|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.") then if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then if ngx.var.request_uri == "/" then return ngx.redirect("/login") From 520681d8d62beb03f648cb0f34210fe4bba6bd88 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Thu, 11 Jul 2024 16:10:27 +0300 Subject: [PATCH 45/55] Increase the SSL rating from A to A+ (#281) --- install/docker/config/nginx/onlyoffice-proxy-ssl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/docker/config/nginx/onlyoffice-proxy-ssl.conf b/install/docker/config/nginx/onlyoffice-proxy-ssl.conf index be3b136aa1..1dbe016713 100644 --- a/install/docker/config/nginx/onlyoffice-proxy-ssl.conf +++ b/install/docker/config/nginx/onlyoffice-proxy-ssl.conf @@ -57,7 +57,7 @@ server { ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - ssl_protocols TLSv1.3; + ssl_protocols TLSv1.2 TLSv1.3; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_prefer_server_ciphers on; From c09704c3d3a528e66c2e3e6cd4cafa8d4abef698 Mon Sep 17 00:00:00 2001 From: Ilya Oleshko Date: Thu, 11 Jul 2024 22:25:55 +0300 Subject: [PATCH 46/55] Fix sdk route for js-sdk (redirect to /login issue) --- config/nginx/onlyoffice.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index 6c252000ff..8fb084ec1d 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -104,7 +104,7 @@ server { local accept_header = ngx.req.get_headers()["Accept"] if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then - if not ngx.re.match(ngx.var.request_uri, "login|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.") then + if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.") then if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then if ngx.var.request_uri == "/" then return ngx.redirect("/login") From 2debedcfba28604653d25ebe3b58b9d5a8006d52 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Fri, 12 Jul 2024 18:49:20 +0400 Subject: [PATCH 47/55] Fix Bug 69116 - Payments: Logout occurs from the portal after paying for the tariff --- config/nginx/onlyoffice.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index 8fb084ec1d..dec6ef1f41 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -104,7 +104,7 @@ server { local accept_header = ngx.req.get_headers()["Accept"] if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then - if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.") then + if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.|complete=.") then if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then if ngx.var.request_uri == "/" then return ngx.redirect("/login") From c9488e3e1ad40c8b884d549ab96889a785d646cb Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Mon, 15 Jul 2024 10:30:55 +0300 Subject: [PATCH 48/55] Fix TLSv1.2 not working issue (#282) --- install/common/product-ssl-setup | 4 ++-- install/docker/config/docspace-ssl-setup | 2 +- install/win/sbin/docspace-ssl-setup.ps1 | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/install/common/product-ssl-setup b/install/common/product-ssl-setup index d4fa66e0dd..ace387a517 100644 --- a/install/common/product-ssl-setup +++ b/install/common/product-ssl-setup @@ -94,8 +94,8 @@ case $1 in echo "Generating Let's Encrypt SSL Certificates..." # Request and generate Let's Encrypt SSL certificate - echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log - certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log + echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log + certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log else help fi diff --git a/install/docker/config/docspace-ssl-setup b/install/docker/config/docspace-ssl-setup index 7b54556372..5521c96144 100644 --- a/install/docker/config/docspace-ssl-setup +++ b/install/docker/config/docspace-ssl-setup @@ -109,7 +109,7 @@ case $1 in -v /var/log:/var/log \ -v onlyoffice_webroot_path:${WEBROOT_PATH} \ certbot/certbot certonly \ - --expand --webroot -w ${WEBROOT_PATH} \ + --expand --webroot -w ${WEBROOT_PATH} --key-type rsa \ --cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} else help diff --git a/install/win/sbin/docspace-ssl-setup.ps1 b/install/win/sbin/docspace-ssl-setup.ps1 index 264a616754..706dc23250 100644 --- a/install/win/sbin/docspace-ssl-setup.ps1 +++ b/install/win/sbin/docspace-ssl-setup.ps1 @@ -51,8 +51,8 @@ if ( $args.Count -ge 2 ) [void](New-Item -ItemType "directory" -Path "${root_dir}\Logs" -Force) - "certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log" - cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log" + "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log" + cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log" pushd "${letsencrypt_root_dir}\${letsencrypt_domain}" $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\fullchain.pem").Target).ToString().Replace('\', '/') From 7bf4b77ec3dfeb67d5673d14a4d16b51ba6d8ce2 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Mon, 15 Jul 2024 20:23:49 +0400 Subject: [PATCH 49/55] Fix Bug 69227 - Notification. The login page opens when you click on links from notifications under an authorized user --- config/nginx/onlyoffice.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index dec6ef1f41..69e80a8c31 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -104,7 +104,7 @@ server { local accept_header = ngx.req.get_headers()["Accept"] if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then - if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*|token=.|complete=.") then + if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|notifications|share=.|rooms/share(.*)key=.|/s/*|token=.|complete=.") then if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then if ngx.var.request_uri == "/" then return ngx.redirect("/login") From c2a3b46e12e2abbe00eef3342f067cabd40abd83 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Tue, 16 Jul 2024 15:18:04 +0400 Subject: [PATCH 50/55] Fix goto /portal-settings/payments/portal-payments from mail (cookie 3d-party submit issue) --- config/nginx/onlyoffice.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index 69e80a8c31..0e3254570b 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -104,7 +104,7 @@ server { local accept_header = ngx.req.get_headers()["Accept"] if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then - if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|notifications|share=.|rooms/share(.*)key=.|/s/*|token=.|complete=.") then + if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|notifications|payments|share=.|rooms/share(.*)key=.|/s/*|token=.|complete=.") then if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then if ngx.var.request_uri == "/" then return ngx.redirect("/login") From 6f069fe4d1b7389e6285ac95d01b948c06e084d6 Mon Sep 17 00:00:00 2001 From: Alexey Safronov Date: Tue, 16 Jul 2024 16:39:05 +0400 Subject: [PATCH 51/55] Nginx: remove redirect to /login if cookie is not exists (too many links to skip) --- config/nginx/onlyoffice.conf | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index 0e3254570b..3c94028b2a 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -104,16 +104,6 @@ server { local accept_header = ngx.req.get_headers()["Accept"] if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then - if not ngx.re.match(ngx.var.request_uri, "login|sdk|filehandler|thirdparty|confirm|error|wizard|preparation-portal|unavailable|notifications|payments|share=.|rooms/share(.*)key=.|/s/*|token=.|complete=.") then - if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then - if ngx.var.request_uri == "/" then - return ngx.redirect("/login") - else - return ngx.redirect("/login?referenceUrl=" .. ngx.var.request_uri) - end - end - end - local key = string.format("csp:%s",ngx.var.host) local redis = require "resty.redis" local red = redis:new() From 8cd68c2cfae02f7eb5511032969089ec49649aeb Mon Sep 17 00:00:00 2001 From: Andrey Savihin Date: Fri, 19 Jul 2024 12:04:55 +0300 Subject: [PATCH 52/55] cfg: added setting for specifying regional logo --- config/appsettings.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/appsettings.json b/config/appsettings.json index b4aa97228f..adb2c928e6 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -129,6 +129,9 @@ "internal": "http://localhost:9899/" }, "cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Cyrl-RS,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR", + "logo": { + "custom-cultures": "zh-CN" + }, "controlpanel": { "url": "" }, From fd3517fc8eb4c49f30fa06844e741d2dbd1d5287 Mon Sep 17 00:00:00 2001 From: Andrey Savihin Date: Fri, 19 Jul 2024 16:33:22 +0300 Subject: [PATCH 53/55] cfg: settings web:logo:custom-cultures as array --- config/appsettings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/appsettings.json b/config/appsettings.json index adb2c928e6..413981bf0b 100644 --- a/config/appsettings.json +++ b/config/appsettings.json @@ -130,7 +130,7 @@ }, "cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Cyrl-RS,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR", "logo": { - "custom-cultures": "zh-CN" + "custom-cultures": ["zh-CN"] }, "controlpanel": { "url": "" From 1b1be72fdd37c78764fdda0bae875e4b6495f664 Mon Sep 17 00:00:00 2001 From: Nasrullo Nurullaev <61620246+nasrullonurullaev@users.noreply.github.com> Date: Tue, 23 Jul 2024 18:37:56 +0500 Subject: [PATCH 54/55] Add the ability to create a certificate for multiple domains (#288) --- install/win/sbin/docspace-ssl-setup.ps1 | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/install/win/sbin/docspace-ssl-setup.ps1 b/install/win/sbin/docspace-ssl-setup.ps1 index 706dc23250..101a22120c 100644 --- a/install/win/sbin/docspace-ssl-setup.ps1 +++ b/install/win/sbin/docspace-ssl-setup.ps1 @@ -46,17 +46,18 @@ if ( $args.Count -ge 2 ) } else { - $letsencrypt_mail = $args[0] - $letsencrypt_domain = $args[1] + $letsencrypt_mail = $args[0] -JOIN "," + $letsencrypt_domain = $args[1] -JOIN "," + $letsencrypt_main_domain = $letsencrypt_domain.Split(',')[0] [void](New-Item -ItemType "directory" -Path "${root_dir}\Logs" -Force) "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log" cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log" - pushd "${letsencrypt_root_dir}\${letsencrypt_domain}" - $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\fullchain.pem").Target).ToString().Replace('\', '/') - $ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\privkey.pem").Target).ToString().Replace('\', '/') + pushd "${letsencrypt_root_dir}\${letsencrypt_main_domain}" + $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_main_domain}\fullchain.pem").Target).ToString().Replace('\', '/') + $ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_main_domain}\privkey.pem").Target).ToString().Replace('\', '/') popd } @@ -68,7 +69,7 @@ if ( $args.Count -ge 2 ) if ($letsencrypt_domain) { - $acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${letsencrypt_domain}" + $acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${letsencrypt_main_domain}" $acl.SetSecurityDescriptorSddlForm('O:LAG:S-1-5-21-4011186057-2202358572-2315966083-513D:PAI(A;;0x1200a9;;;WD)(A;;FA;;;SY)(A;OI;0x1200a9;;;LS)(A;;FA;;;BA)(A;;FA;;;LA)') Set-Acl -Path $acl.path -ACLObject $acl } @@ -107,6 +108,8 @@ else Write-Output " comma to register multiple emails, ex: " Write-Output " u1@example.com,u2@example.com. " Write-Output " DOMAIN Domain name to apply " + Write-Output " Use comma to register multiple domains, ex: " + Write-Output " example.com,s1.example.com,s2.example.com. " Write-Output " " Write-Output " Using your own certificates via the -f parameter: " Write-Output " usage: " From 75d3548bc7fedb0f72305710455c1f33f3127b02 Mon Sep 17 00:00:00 2001 From: Nasrullo Nurullaev <61620246+nasrullonurullaev@users.noreply.github.com> Date: Tue, 30 Jul 2024 17:04:16 +0500 Subject: [PATCH 55/55] Add --cert-name option for ability to change key-type (#290) --- install/win/sbin/docspace-ssl-setup.ps1 | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/install/win/sbin/docspace-ssl-setup.ps1 b/install/win/sbin/docspace-ssl-setup.ps1 index 101a22120c..1253428f9e 100644 --- a/install/win/sbin/docspace-ssl-setup.ps1 +++ b/install/win/sbin/docspace-ssl-setup.ps1 @@ -28,6 +28,7 @@ if ( -not $certbot_path ) exit } +$product = "docspace" $letsencrypt_root_dir = "$env:SystemDrive\Certbot\live" $app = Resolve-Path -Path ".\..\" $root_dir = "${app}\letsencrypt" @@ -48,16 +49,15 @@ if ( $args.Count -ge 2 ) else { $letsencrypt_mail = $args[0] -JOIN "," $letsencrypt_domain = $args[1] -JOIN "," - $letsencrypt_main_domain = $letsencrypt_domain.Split(',')[0] [void](New-Item -ItemType "directory" -Path "${root_dir}\Logs" -Force) - "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log" - cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log" + "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log" + cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log" - pushd "${letsencrypt_root_dir}\${letsencrypt_main_domain}" - $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_main_domain}\fullchain.pem").Target).ToString().Replace('\', '/') - $ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_main_domain}\privkey.pem").Target).ToString().Replace('\', '/') + pushd "${letsencrypt_root_dir}\${product}" + $ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\fullchain.pem").Target).ToString().Replace('\', '/') + $ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\privkey.pem").Target).ToString().Replace('\', '/') popd } @@ -69,7 +69,7 @@ if ( $args.Count -ge 2 ) if ($letsencrypt_domain) { - $acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${letsencrypt_main_domain}" + $acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${product}" $acl.SetSecurityDescriptorSddlForm('O:LAG:S-1-5-21-4011186057-2202358572-2315966083-513D:PAI(A;;0x1200a9;;;WD)(A;;FA;;;SY)(A;OI;0x1200a9;;;LS)(A;;FA;;;BA)(A;;FA;;;LA)') Set-Acl -Path $acl.path -ACLObject $acl }