}
footerContent={}
diff --git a/products/ASC.People/Client/src/store/profile/actions.js b/products/ASC.People/Client/src/store/profile/actions.js
index b749410dda..a676883daa 100644
--- a/products/ASC.People/Client/src/store/profile/actions.js
+++ b/products/ASC.People/Client/src/store/profile/actions.js
@@ -42,7 +42,6 @@ export function toEmployeeWrapper(profile) {
password: "",
birthday: "",
sex: "male",
- passwordType: "link",
workFrom: "",
location: "",
title: "",
From 3341b343d185a9868e2ebb4147019a5492ef7650 Mon Sep 17 00:00:00 2001
From: alexeybannov
Date: Wed, 4 Sep 2019 15:33:02 +0000
Subject: [PATCH 06/37] snap package: init
---
build/install/snap/.gitignore | 1 +
build/install/snap/run.sh | 7 +
build/install/snap/snap/.snapcraft/state | 4 +
.../__pycache__/x-redis.cpython-35.pyc | Bin 0 -> 1031 bytes
build/install/snap/snap/plugins/x-redis.py | 27 +
build/install/snap/snap/snapcraft.yaml | 153 +++
build/install/snap/src/hooks/bin/configure | 10 +
.../snap/src/hooks/utilities/hook-utilities | 32 +
build/install/snap/src/mysql/bin/start_mysql | 97 ++
build/install/snap/src/mysql/my.cnf | 8 +
.../src/mysql/support-files/.mysql.server.swp | Bin 0 -> 1024 bytes
.../snap/src/mysql/support-files/mysql.server | 315 +++++
.../snap/src/mysql/utilities/mysql-utilities | 72 ++
build/install/snap/src/nginx/bin/start_nginx | 12 +
...-communityserver-common-init.conf.template | 43 +
...e-communityserver-common-ssl.conf.template | 129 +++
.../onlyoffice-communityserver-common.conf | 83 ++
...ffice-communityserver-common.conf.template | 46 +
...nlyoffice-communityserver-letsencrypt.conf | 3 +
...office-communityserver-nginx.conf.template | 32 +
...server-proxy-to-controlpanel.conf.template | 36 +
...rver-proxy-to-documentserver.conf.template | 18 +
.../onlyoffice-communityserver-services.conf | 44 +
.../config/nginx-config/conf.d/onlyoffice | 46 +
.../src/nginx/config/nginx-config/nginx.conf | 30 +
.../snap/src/nginx/utilities/nginx-utilities | 17 +
.../snap/src/onlyoffice/bin/start_monoserve | 87 ++
.../config/hyperfastcgi-config/onlyoffice | 24 +
.../hyperfastcgi-config/onlyofficeApiSystem | 24 +
.../onlyoffice/utilities/monoserve-utilities | 36 +
...ompile-time-disabling-of-setpriority.patch | 92 ++
.../snap/src/redis/bin/start-redis-server | 12 +
.../install/snap/src/redis/config/redis.conf | 1023 +++++++++++++++++
.../snap/src/redis/utilities/redis-utilities | 35 +
34 files changed, 2598 insertions(+)
create mode 100644 build/install/snap/.gitignore
create mode 100644 build/install/snap/run.sh
create mode 100644 build/install/snap/snap/.snapcraft/state
create mode 100644 build/install/snap/snap/plugins/__pycache__/x-redis.cpython-35.pyc
create mode 100644 build/install/snap/snap/plugins/x-redis.py
create mode 100644 build/install/snap/snap/snapcraft.yaml
create mode 100755 build/install/snap/src/hooks/bin/configure
create mode 100755 build/install/snap/src/hooks/utilities/hook-utilities
create mode 100755 build/install/snap/src/mysql/bin/start_mysql
create mode 100644 build/install/snap/src/mysql/my.cnf
create mode 100644 build/install/snap/src/mysql/support-files/.mysql.server.swp
create mode 100755 build/install/snap/src/mysql/support-files/mysql.server
create mode 100755 build/install/snap/src/mysql/utilities/mysql-utilities
create mode 100755 build/install/snap/src/nginx/bin/start_nginx
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common-init.conf.template
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common-ssl.conf.template
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common.conf
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common.conf.template
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-letsencrypt.conf
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-nginx.conf.template
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-proxy-to-controlpanel.conf.template
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-proxy-to-documentserver.conf.template
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-services.conf
create mode 100644 build/install/snap/src/nginx/config/nginx-config/conf.d/onlyoffice
create mode 100644 build/install/snap/src/nginx/config/nginx-config/nginx.conf
create mode 100755 build/install/snap/src/nginx/utilities/nginx-utilities
create mode 100755 build/install/snap/src/onlyoffice/bin/start_monoserve
create mode 100644 build/install/snap/src/onlyoffice/config/hyperfastcgi-config/onlyoffice
create mode 100644 build/install/snap/src/onlyoffice/config/hyperfastcgi-config/onlyofficeApiSystem
create mode 100755 build/install/snap/src/onlyoffice/utilities/monoserve-utilities
create mode 100644 build/install/snap/src/patches/support-compile-time-disabling-of-setpriority.patch
create mode 100755 build/install/snap/src/redis/bin/start-redis-server
create mode 100644 build/install/snap/src/redis/config/redis.conf
create mode 100755 build/install/snap/src/redis/utilities/redis-utilities
diff --git a/build/install/snap/.gitignore b/build/install/snap/.gitignore
new file mode 100644
index 0000000000..c0ff3025c3
--- /dev/null
+++ b/build/install/snap/.gitignore
@@ -0,0 +1 @@
+!*/
diff --git a/build/install/snap/run.sh b/build/install/snap/run.sh
new file mode 100644
index 0000000000..30b18bd80d
--- /dev/null
+++ b/build/install/snap/run.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+rm -dfr parts
+rm -dfr prime
+rm -dfr stage
+
+#snapcraft
diff --git a/build/install/snap/snap/.snapcraft/state b/build/install/snap/snap/.snapcraft/state
new file mode 100644
index 0000000000..02785499a1
--- /dev/null
+++ b/build/install/snap/snap/.snapcraft/state
@@ -0,0 +1,4 @@
+!GlobalState
+assets:
+ build-packages: []
+ build-snaps: []
diff --git a/build/install/snap/snap/plugins/__pycache__/x-redis.cpython-35.pyc b/build/install/snap/snap/plugins/__pycache__/x-redis.cpython-35.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..d6791c5e50f434ddeb7d566f4b7ade90c222bd76
GIT binary patch
literal 1031
zcmY*XOK%e~5FUG9Nt&oFEv>l1X%A`s07ank5CW>IxuBJhwcT~XF5U~%h&Gr&MAmu=
z5nW>kB4>?Vh}<>yAo47xAbcnShyoy-K;8r1hb7Vt;8luOUBHMac>wtqERk<$f=@&5
zH)aB-A<=FTf8vQbtv{y&>LCJ-dD`4CtM33a#JDJYL%m}()6mgd=RD2SnP}%(nUL-}
zHUT``hEDxJ(cr=yDO>|ADdY|;0SMB~3EU8)&0WYnkk8>7{d^NyiB8QqhWO{
za-zz(UWwYyQcW($
z(v0?~zLEj9WZTSg2L+G=+NVSE0QVk!L>9Yup1_f14PD)1ti&1_(*wqeDs6?qL&iS0
zu~=Cwt=vOKD?%dg8N6?Vc{wB8%1mQO?HLdIOTtv~0@Tcp7u-p2siH=KCz@nB>9OKXKpQo8qeRmc "$root_option_file"
+ [client]
+ socket=$MYSQL_SOCKET
+ user=root
+ EOF
+ chmod 600 "$root_option_file"
+
+ # Now set everything up in one step:
+ # 1) Set the root user's password
+ # 2) Create the onlyoffice user
+ # 3) Create the onlyoffice database
+ # 4) Grant the onlyoffice user privileges on the onlyoffice database
+ printf "Setting up users and onlyoffice database... "
+ if mysql --defaults-file="$root_option_file" <<-SQL
+ ALTER USER 'root'@'localhost' IDENTIFIED BY '$root_password';
+ CREATE USER 'onlyoffice'@'localhost' IDENTIFIED WITH mysql_native_password BY '$onlyoffice_password';
+ CREATE DATABASE IF NOT EXISTS onlyoffice CHARACTER SET utf8 COLLATE 'utf8_general_ci';
+ GRANT ALL PRIVILEGES ON onlyoffice.* TO 'onlyoffice'@'localhost' IDENTIFIED WITH mysql_native_password BY '$onlyoffice_password';
+ SQL
+ then
+ printf "done\n"
+ else
+ echo "Failed to initialize-- reverting..."
+ "$SNAP/support-files/mysql.server" stop
+ rm -rf "$SNAP_DATA"/mysql/*
+ fi
+
+ # Now the root mysql user has a password. Save that as well.
+ echo "password=$root_password" >> "$root_option_file"
+else
+ # Okay, this isn't a new installation. However, we recently changed
+ # the location of MySQL's socket. Make sure the root
+ # option file is updated to look there instead of the old location.
+ sed -ri "s|(socket\s*=\s*)/var/snap/.*mysql.sock|\1$MYSQL_SOCKET|" "$root_option_file"
+fi
+
+# Wait here until mysql is running
+wait_for_mysql -f
+
+# Check and upgrade mysql tables if necessary. This will return 0 if the upgrade
+# succeeded, in which case we need to restart mysql.
+echo "Checking/upgrading mysql tables if necessary..."
+if mysql_upgrade --defaults-file="$root_option_file"; then
+ echo "Restarting mysql server after upgrade..."
+ "$SNAP/support-files/mysql.server" restart
+
+ # Wait for server to come back after upgrade
+ wait_for_mysql -f
+fi
+
+# If this was a new installation, wait until the server is all up and running
+# before saving off the onlyoffice user's password. This way the presence of the
+# file can be used as a signal that mysql is ready to be used.
+if [ $new_install = true ]; then
+ mysql_set_onlyoffice_password "$onlyoffice_password"
+fi
+
+set_mysql_setup_not_running
+
+# Wait here until mysql exits (turn a forking service into simple). This is
+# only needed for Ubuntu Core 15.04, as 16.04 supports forking services.
+pid=$(mysql_pid)
+while kill -0 "$pid" 2>/dev/null; do
+ sleep 1
+done
diff --git a/build/install/snap/src/mysql/my.cnf b/build/install/snap/src/mysql/my.cnf
new file mode 100644
index 0000000000..269102c561
--- /dev/null
+++ b/build/install/snap/src/mysql/my.cnf
@@ -0,0 +1,8 @@
+[mysqld]
+user=root
+secure-file-priv=NULL
+skip-networking
+sql_mode = 'NO_ENGINE_SUBSTITUTION'
+max_connections = 1000
+max_allowed_packet = 1048576000
+group_concat_max_len = 2048
diff --git a/build/install/snap/src/mysql/support-files/.mysql.server.swp b/build/install/snap/src/mysql/support-files/.mysql.server.swp
new file mode 100644
index 0000000000000000000000000000000000000000..349dcf7cacd3e41fec66728215f9c84cbbd888d2
GIT binary patch
literal 1024
zcmYc?$V<%2S1{5u)iY*50{d(j7>e@qOOS+cGE0+6^GZr}i**glk_$?8jnb2Ji_`Lr
hbPWtqwd7V77v|^{rxul^7NN?F@
+# - Add the above to any other configuration file (for example ~/.my.ini)
+# and copy my_print_defaults to /usr/bin
+# - Add the path to the mysql-installation-directory to the basedir variable
+# below.
+#
+# If you want to affect other MySQL variables, you should make your changes
+# in the /etc/my.cnf, ~/.my.cnf or other MySQL configuration files.
+
+# If you change base dir, you must also change datadir. These may get
+# overwritten by settings in the MySQL configuration files.
+
+# shellcheck source=src/mysql/utilities/mysql-utilities
+. "$SNAP/utilities/mysql-utilities"
+
+basedir="$SNAP"
+datadir="$SNAP_DATA/mysql"
+
+# Default value, in seconds, afterwhich the script should timeout waiting
+# for server start.
+# Value here is overriden by value in my.cnf.
+# 0 means don't wait at all
+# Negative numbers mean to wait indefinitely
+service_startup_timeout=900
+
+# Lock directory for RedHat / SuSE.
+lockdir="$SNAP_DATA/mysql/lock"
+lock_file_path="$lockdir/mysql"
+
+# The following variables are only set for letting mysql.server find things.
+
+# Set some defaults
+mysqld_pid_file_path="$MYSQL_PIDFILE"
+if test -z "$basedir"
+then
+ basedir=/
+ bindir=//bin
+ if test -z "$datadir"
+ then
+ datadir=//data
+ fi
+ libexecdir=//bin
+else
+ bindir="$basedir/bin"
+ if test -z "$datadir"
+ then
+ datadir="$basedir/data"
+ fi
+ libexecdir="$basedir/libexec"
+fi
+
+#
+# Use LSB init script functions for printing messages, if possible
+#
+lsb_functions="/lib/lsb/init-functions"
+if test -f $lsb_functions ; then
+ . $lsb_functions
+else
+ log_success_msg()
+ {
+ echo " SUCCESS! $*"
+ }
+ log_failure_msg()
+ {
+ echo " ERROR! $*"
+ }
+fi
+
+PATH="/sbin:/usr/sbin:/bin:/usr/bin:$basedir/bin"
+export PATH
+
+mode=$1 # start or stop
+
+[ $# -ge 1 ] && shift
+
+
+other_args="$*" # uncommon, but needed when called from an RPM upgrade action
+ # Expected: "--skip-networking --skip-grant-tables"
+ # They are not checked here, intentionally, as it is the resposibility
+ # of the "spec" file author to give correct arguments only.
+
+# Upstream mysql stuff, no need to fix this
+# shellcheck disable=SC2116,SC2039
+case "$(echo "testing\c")","$(echo -n testing)" in
+ *c*,-n*) echo_n="" echo_c="" ;;
+ *c*,*) echo_n=-n echo_c="" ;;
+ *) echo_n="" echo_c='\c' ;;
+esac
+
+wait_for_pid () {
+ verb="$1" # created | removed
+ pid="$2" # process ID of the program operating on the pid-file
+ pid_file_path="$3" # path to the PID file.
+
+ i=0
+ avoid_race_condition="by checking again"
+
+ while test "$i" -ne "$service_startup_timeout" ; do
+
+ case "$verb" in
+ 'created')
+ # wait for a PID-file to pop into existence.
+ test -s "$pid_file_path" && i='' && break
+ ;;
+ 'removed')
+ # wait for this PID-file to disappear
+ test ! -s "$pid_file_path" && i='' && break
+ ;;
+ *)
+ echo "wait_for_pid () usage: wait_for_pid created|removed pid pid_file_path"
+ exit 1
+ ;;
+ esac
+
+ # if server isn't running, then pid-file will never be updated
+ if test -n "$pid"; then
+ if kill -0 "$pid" 2>/dev/null; then
+ : # the server still runs
+ else
+ # The server may have exited between the last pid-file check and now.
+ if test -n "$avoid_race_condition"; then
+ avoid_race_condition=""
+ continue # Check again.
+ fi
+
+ # there's nothing that will affect the file.
+ log_failure_msg "The server quit without updating PID file ($pid_file_path)."
+ return 1 # not waiting any more.
+ fi
+ fi
+
+ echo $echo_n ".$echo_c"
+ i=$((i + 1))
+ sleep 1
+
+ done
+
+ if test -z "$i" ; then
+ log_success_msg
+ return 0
+ else
+ log_failure_msg
+ return 1
+ fi
+}
+
+#
+# Set pid file if not given
+#
+if test -z "$mysqld_pid_file_path"
+then
+ mysqld_pid_file_path="$datadir"/"$(hostname)".pid
+else
+ case "$mysqld_pid_file_path" in
+ /* ) ;;
+ * ) mysqld_pid_file_path="$datadir/$mysqld_pid_file_path" ;;
+ esac
+fi
+
+case "$mode" in
+ 'start')
+ # Start daemon
+
+ # Safeguard (relative paths, core dumps..)
+ cd "$basedir" || exit
+
+ echo $echo_n "Starting MySQL"
+ if test -x "$bindir/mysqld_safe"
+ then
+ # Give extra arguments to mysqld with the my.cnf file. This script
+ # may be overwritten at next upgrade.
+ "$bindir/mysqld_safe" --datadir="$datadir" --pid-file="$mysqld_pid_file_path" --lc-messages-dir="$SNAP/share" --socket="$MYSQL_SOCKET" "$other_args" >/dev/null 2>&1 &
+ wait_for_pid created "$!" "$mysqld_pid_file_path"; return_value=$?
+
+ # Make lock for RedHat / SuSE
+ if test -w "$lockdir"
+ then
+ touch "$lock_file_path"
+ fi
+
+ exit $return_value
+ else
+ log_failure_msg "Couldn't find MySQL server ($bindir/mysqld_safe)"
+ fi
+ ;;
+
+ 'stop')
+ # Stop daemon. We use a signal here to avoid having to know the
+ # root password.
+
+ if test -s "$mysqld_pid_file_path"
+ then
+ # signal mysqld_safe that it needs to stop
+ touch "$mysqld_pid_file_path.shutdown"
+
+ mysqld_pid="$(cat "$mysqld_pid_file_path")"
+
+ if (kill -0 "$mysqld_pid" 2>/dev/null)
+ then
+ echo $echo_n "Shutting down MySQL"
+ kill "$mysqld_pid"
+ # mysqld should remove the pid file when it exits, so wait for it.
+ wait_for_pid removed "$mysqld_pid" "$mysqld_pid_file_path"; return_value=$?
+ else
+ log_failure_msg "MySQL server process #$mysqld_pid is not running!"
+ rm "$mysqld_pid_file_path"
+ fi
+
+ # Delete lock for RedHat / SuSE
+ if test -f "$lock_file_path"
+ then
+ rm -f "$lock_file_path"
+ fi
+ exit $return_value
+ else
+ log_failure_msg "MySQL server PID file could not be found!"
+ fi
+ ;;
+
+ 'restart')
+ # Stop the service and regardless of whether it was
+ # running or not, start it again.
+ if $0 stop "$other_args"; then
+ $0 start "$other_args"
+ else
+ log_failure_msg "Failed to stop running server, so refusing to try to start."
+ exit 1
+ fi
+ ;;
+
+ 'reload'|'force-reload')
+ if test -s "$mysqld_pid_file_path" ; then
+ read -r mysqld_pid < "$mysqld_pid_file_path"
+ kill -HUP "$mysqld_pid" && log_success_msg "Reloading service MySQL"
+ touch "$mysqld_pid_file_path"
+ else
+ log_failure_msg "MySQL PID file could not be found!"
+ exit 1
+ fi
+ ;;
+ 'status')
+ # First, check to see if pid file exists
+ if test -s "$mysqld_pid_file_path" ; then
+ read -r mysqld_pid < "$mysqld_pid_file_path"
+ if kill -0 "$mysqld_pid" 2>/dev/null ; then
+ log_success_msg "MySQL running ($mysqld_pid)"
+ exit 0
+ else
+ log_failure_msg "MySQL is not running, but PID file exists"
+ exit 1
+ fi
+ else
+ # Try to find appropriate mysqld process
+ mysqld_pid="$(pidof "$libexecdir/mysqld")"
+
+ # test if multiple pids exist
+ pid_count="$(echo "$mysqld_pid" | wc -w)"
+ if test "$pid_count" -gt 1 ; then
+ log_failure_msg "Multiple MySQL running but PID file could not be found ($mysqld_pid)"
+ exit 5
+ elif test -z "$mysqld_pid" ; then
+ if test -f "$lock_file_path" ; then
+ log_failure_msg "MySQL is not running, but lock file ($lock_file_path) exists"
+ exit 2
+ fi
+ log_failure_msg "MySQL is not running"
+ exit 3
+ else
+ log_failure_msg "MySQL is running but PID file could not be found"
+ exit 4
+ fi
+ fi
+ ;;
+ *)
+ # usage
+ basename="$(basename "$0")"
+ echo "Usage: $basename {start|stop|restart|reload|force-reload|status} [ MySQL server options ]"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/build/install/snap/src/mysql/utilities/mysql-utilities b/build/install/snap/src/mysql/utilities/mysql-utilities
new file mode 100755
index 0000000000..7f7eb2cbc7
--- /dev/null
+++ b/build/install/snap/src/mysql/utilities/mysql-utilities
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+export MYSQL_PIDFILE="/tmp/pids/mysql.pid"
+export MYSQL_SOCKET="/tmp/sockets/mysql.sock"
+export ONLYOFFICE_PASSWORD_FILE="$SNAP_DATA/mysql/onlyoffice_password"
+MYSQL_SETUP_LOCKFILE="/tmp/locks/mysql-setup"
+
+mkdir -p "$(dirname "$MYSQL_PIDFILE")"
+mkdir -p "$(dirname "$MYSQL_SOCKET")"
+chmod 750 "$(dirname "$MYSQL_PIDFILE")"
+chmod 750 "$(dirname "$MYSQL_SOCKET")"
+
+mysql_is_running()
+{
+ # Arguments:
+ # -f: Force the check, i.e. ignore if it's currently in setup
+ [ -f "$MYSQL_PIDFILE" ] && [ -S "$MYSQL_SOCKET" ] && (! mysql_setup_running || [ "$1" = "-f" ])
+}
+
+wait_for_mysql()
+{
+ # Arguments:
+ # -f: Force the check, i.e. ignore if it's currently in setup
+ if ! mysql_is_running "$@"; then
+ printf "Waiting for MySQL... "
+ while ! mysql_is_running "$@"; do
+ sleep 1
+ done
+ printf "done\n"
+ fi
+}
+
+mysql_setup_running()
+{
+ [ -f "$MYSQL_SETUP_LOCKFILE" ]
+}
+
+set_mysql_setup_running()
+{
+ touch "$MYSQL_SETUP_LOCKFILE"
+}
+
+set_mysql_setup_not_running()
+{
+ rm -f "$MYSQL_SETUP_LOCKFILE"
+}
+
+mysql_pid()
+{
+ if mysql_is_running; then
+ cat "$MYSQL_PIDFILE"
+ else
+ echo "Unable to get MySQL PID as it's not yet running" >&2
+ echo ""
+ fi
+}
+
+mysql_set_onlyoffice_password()
+{
+ echo "$1" > "$ONLYOFFICE_PASSWORD_FILE"
+ chmod 600 "$ONLYOFFICE_PASSWORD_FILE"
+}
+
+mysql_get_onlyoffice_password()
+{
+ if [ -f "$ONLYOFFICE_PASSWORD_FILE" ]; then
+ cat "$ONLYOFFICE_PASSWORD_FILE"
+ else
+ echo "MySQL ONLYOFFICE password has not yet been generated" >&2
+ echo ""
+ fi
+}
diff --git a/build/install/snap/src/nginx/bin/start_nginx b/build/install/snap/src/nginx/bin/start_nginx
new file mode 100755
index 0000000000..c1719d3a6c
--- /dev/null
+++ b/build/install/snap/src/nginx/bin/start_nginx
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# shellcheck source=src/nginx/utilities/nginx-utilities
+. "$SNAP/utilities/nginx-utilities"
+
+cp -dfr ${SNAP}/config/nginx-config/* ${SNAP_DATA}/nginx/config
+
+sed -e "s|\${SNAP}|$SNAP|;s|\${SNAP_DATA}|$SNAP_DATA|;s|\${NGINX_PIDFILE}|$NGINX_PIDFILE|;s|\${ONLYOFFICE_SOCKET}|$ONLYOFFICE_SOCKET|;s|\${ONLYOFFICE_API_SYSTEM_SOCKET}|$ONLYOFFICE_API_SYSTEM_SOCKET|" -i ${SNAP_DATA}/nginx/config/conf.d/onlyoffice
+sed -e "s|\${SNAP}|$SNAP|;s|\${SNAP_DATA}|$SNAP_DATA|;s|\${NGINX_PIDFILE}|$NGINX_PIDFILE|;s|\${ONLYOFFICE_SOCKET}|$ONLYOFFICE_SOCKET|;s|\${ONLYOFFICE_API_SYSTEM_SOCKET}|$ONLYOFFICE_API_SYSTEM_SOCKET|" -i ${SNAP_DATA}/nginx/config/conf.d/includes/onlyoffice-communityserver-common.conf
+sed -e "s|\${SNAP}|$SNAP|;s|\${SNAP_DATA}|$SNAP_DATA|;s|\${NGINX_PIDFILE}|$NGINX_PIDFILE|;s|\${ONLYOFFICE_SOCKET}|$ONLYOFFICE_SOCKET|;s|\${ONLYOFFICE_API_SYSTEM_SOCKET}|$ONLYOFFICE_API_SYSTEM_SOCKET|" -i ${SNAP_DATA}/nginx/config/nginx.conf
+
+exec "$SNAP/sbin/nginx" "-c" "$SNAP_DATA/nginx/config/nginx.conf" "-p" "$SNAP_DATA/nginx" "-g" "daemon off;" "$@"
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common-init.conf.template b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common-init.conf.template
new file mode 100644
index 0000000000..e713c3312f
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common-init.conf.template
@@ -0,0 +1,43 @@
+upstream fastcgi_backend {
+ server unix:/var/run/onlyoffice/onlyoffice.socket;
+ keepalive 32;
+}
+
+server {
+ listen 80;
+
+ fastcgi_keep_conn on;
+ fastcgi_index Default.aspx;
+ fastcgi_intercept_errors on;
+
+
+ include fastcgi_params;
+
+ fastcgi_param HTTP_X_REWRITER_URL $http_x_rewriter_url;
+ fastcgi_param SERVER_NAME $host;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO "";
+
+ fastcgi_read_timeout 600;
+ fastcgi_send_timeout 600;
+
+
+ location / {
+ root /var/www/onlyoffice/WebStudio/;
+ expires 0;
+ add_header Cache-Control no-cache;
+ rewrite ^(.*)$ /StartConfigure.htm break;
+ }
+
+ location /api {
+ fastcgi_pass fastcgi_backend;
+ break;
+ }
+
+ location ~* ^/(warmup[2-9]?)/ {
+ rewrite /warmup([^/]*)/(.*) /$2 break;
+ fastcgi_pass unix:/var/run/onlyoffice/onlyoffice$1.socket;
+ }
+}
+
+
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common-ssl.conf.template b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common-ssl.conf.template
new file mode 100644
index 0000000000..fad50ea9df
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common-ssl.conf.template
@@ -0,0 +1,129 @@
+upstream fastcgi_backend_apisystem {
+ server unix:/var/run/onlyoffice/onlyofficeApiSystem.socket;
+ keepalive 32;
+}
+
+upstream fastcgi_backend {
+ server unix:/var/run/onlyoffice/onlyoffice.socket;
+ keepalive {{ONLYOFFICE_NIGNX_KEEPLIVE}};
+}
+
+fastcgi_cache_path /var/cache/nginx/onlyoffice
+ levels=1:2
+ keys_zone=onlyoffice:16m
+ max_size=256m
+ inactive=1d;
+
+geo $ip_external {
+ default 1;
+ {{DOCKER_ONLYOFFICE_SUBNET}} 0;
+ 127.0.0.1 0;
+}
+
+map $http_host $this_host {
+ "" $host;
+ default $http_host;
+}
+
+map $http_x_forwarded_proto $the_scheme {
+ default $http_x_forwarded_proto;
+ "" $scheme;
+}
+
+map $http_x_forwarded_host $the_host {
+ default $http_x_forwarded_host;
+ "" $this_host;
+}
+
+## Normal HTTP host
+server {
+ listen 0.0.0.0:80;
+ listen [::]:80 default_server;
+ server_name _;
+ server_tokens off;
+
+ root /nowhere; ## root doesn't have to be a valid path since we are redirecting
+
+ location / {
+ if ($ip_external) {
+ ## Redirects all traffic to the HTTPS host
+ rewrite ^ https://$host$request_uri? permanent;
+ }
+
+
+ client_max_body_size 100m;
+
+ proxy_pass https://127.0.0.1;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_ssl_verify off;
+ }
+}
+
+## HTTPS host
+server {
+ listen 0.0.0.0:443 ssl;
+ listen [::]:443 ssl default_server;
+ server_tokens off;
+ root /usr/share/nginx/html;
+
+ ## Increase this if you want to upload large attachments
+ client_max_body_size 100m;
+
+ ## Strong SSL Security
+ ## https://cipherli.st/
+ ssl on;
+ ssl_certificate {{SSL_CERTIFICATE_PATH}};
+ ssl_certificate_key {{SSL_KEY_PATH}};
+ ssl_verify_client {{SSL_VERIFY_CLIENT}};
+ ssl_client_certificate {{CA_CERTIFICATES_PATH}};
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_prefer_server_ciphers on;
+ ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_tickets off; # Requires nginx >= 1.5.9
+
+ add_header Strict-Transport-Security "max-age={{ONLYOFFICE_HTTPS_HSTS_MAXAGE}}; includeSubDomains; preload" always;
+# add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header Access-Control-Allow-Origin *;
+
+ ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
+ ## Replace with your ssl_trusted_certificate. For more info see:
+ ## - https://medium.com/devops-programming/4445f4862461
+ ## - https://www.ruby-forum.com/topic/4419319
+ ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate {{SSL_OCSP_CERTIFICATE_PATH}};
+ resolver 8.8.8.8 8.8.4.4 127.0.0.11 valid=300s; # Can change to your DNS resolver if desired
+ resolver_timeout 10s;
+
+ ## [Optional] Generate a stronger DHE parameter:
+ ## cd /etc/ssl/certs
+ ## sudo openssl dhparam -out dhparam.pem 4096
+ ##
+ ssl_dhparam {{SSL_DHPARAM_PATH}};
+
+ large_client_header_buffers 4 16k;
+
+ set $X_REWRITER_URL $the_scheme://$the_host;
+
+ if ($http_x_rewriter_url != '') {
+ set $X_REWRITER_URL $http_x_rewriter_url ;
+ }
+
+
+ include /etc/nginx/includes/onlyoffice-communityserver-*.conf;
+}
+
+
+
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common.conf b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common.conf
new file mode 100644
index 0000000000..e095919623
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common.conf
@@ -0,0 +1,83 @@
+location / {
+ root ${SNAP}/var/www/onlyoffice/WebStudio/;
+ index index.html index.htm default.aspx Default.aspx;
+
+ client_max_body_size 4G;
+
+ fastcgi_pass fastcgi_backend;
+ fastcgi_keep_conn on;
+
+ error_page 404 /404.htm;
+
+ gzip off;
+ gzip_comp_level 2;
+ gzip_min_length 1000;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_types text/html application/x-javascript text/css application/xml;
+
+ fastcgi_index Default.aspx;
+ fastcgi_intercept_errors on;
+
+ include ${SNAP}/conf/fastcgi_params;
+
+ fastcgi_param HTTP_X_REWRITER_URL $X_REWRITER_URL;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO "";
+
+ fastcgi_read_timeout 600;
+ fastcgi_send_timeout 600;
+
+ location ~* (^\/(?:skins|products|addons).*\.(?:jpg|jpeg|gif|png|svg|ico)$)|(.*bundle/(?!clientscript).*) {
+ fastcgi_pass fastcgi_backend;
+
+ fastcgi_temp_path ${SNAP_DATA}/nginx/cache/tmp 1 2;
+ fastcgi_cache onlyoffice;
+ fastcgi_cache_key "$scheme|$request_method|$host|$request_uri|$query_string";
+ fastcgi_cache_use_stale updating error timeout invalid_header http_500;
+ fastcgi_cache_valid 1d;
+ fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+
+ add_header X-Fastcgi-Cache $upstream_cache_status;
+ access_log off;
+ log_not_found off;
+ expires max;
+ }
+
+}
+
+location /apisystem {
+ rewrite /apisystem(.*) /$1 break;
+
+ root ${SNAP}/var/www/onlyoffice/ApiSystem/;
+ index index.html index.htm default.aspx Default.aspx;
+
+ add_header Access-Control-Allow-Origin *;
+ add_header X-Frame-Options DENY;
+
+ client_max_body_size 4G;
+
+ fastcgi_keep_conn on;
+ fastcgi_pass fastcgi_backend_apisystem;
+
+ include ${SNAP}/conf/fastcgi_params;
+
+ set $X_REWRITER_URL $scheme://$http_host;
+
+ if ($http_x_rewriter_url != '') {
+ set $X_REWRITER_URL $http_x_rewriter_url ;
+ }
+
+
+ fastcgi_param HTTP_X_REWRITER_URL $X_REWRITER_URL;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO "";
+
+ fastcgi_read_timeout 600;
+ fastcgi_send_timeout 600;
+}
+
+location /filesData {
+ rewrite /filesData/var/www/onlyoffice/Data/Products/Files(.*) /$1 break;
+ root ${SNAP_DATA}/onlyoffice/Data/Products/Files;
+ internal;
+}
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common.conf.template b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common.conf.template
new file mode 100644
index 0000000000..ad47769d78
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-common.conf.template
@@ -0,0 +1,46 @@
+upstream fastcgi_backend_apisystem {
+ server unix:/var/run/onlyoffice/onlyofficeApiSystem.socket;
+ keepalive 32;
+}
+
+upstream fastcgi_backend {
+ server unix:/var/run/onlyoffice/onlyoffice.socket;
+ keepalive {{ONLYOFFICE_NIGNX_KEEPLIVE}};
+}
+
+fastcgi_cache_path /var/cache/nginx/onlyoffice
+ levels=1:2
+ keys_zone=onlyoffice:16m
+ max_size=256m
+ inactive=1d;
+
+map $http_host $this_host {
+ "" $host;
+ default $http_host;
+}
+
+map $http_x_forwarded_proto $the_scheme {
+ default $http_x_forwarded_proto;
+ "" $scheme;
+}
+
+map $http_x_forwarded_host $the_host {
+ default $http_x_forwarded_host;
+ "" $this_host;
+}
+
+server {
+ listen 80;
+
+ add_header Access-Control-Allow-Origin *;
+
+ large_client_header_buffers 4 16k;
+
+ set $X_REWRITER_URL $the_scheme://$the_host;
+
+ if ($http_x_rewriter_url != '') {
+ set $X_REWRITER_URL $http_x_rewriter_url ;
+ }
+
+ include /etc/nginx/includes/onlyoffice-communityserver-*.conf;
+}
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-letsencrypt.conf b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-letsencrypt.conf
new file mode 100644
index 0000000000..77a7050fe1
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-letsencrypt.conf
@@ -0,0 +1,3 @@
+location /.well-known/acme-challenge {
+ root /var/www/onlyoffice/Data/certs/;
+}
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-nginx.conf.template b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-nginx.conf.template
new file mode 100644
index 0000000000..a61a6b92db
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-nginx.conf.template
@@ -0,0 +1,32 @@
+user nginx;
+worker_processes auto;
+
+error_log /var/log/nginx/error.log warn;
+pid /var/run/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+ include /etc/nginx/sites-enabled/*;
+ include /etc/nginx/conf.d/*.conf;
+}
+
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-proxy-to-controlpanel.conf.template b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-proxy-to-controlpanel.conf.template
new file mode 100644
index 0000000000..bff6b556c2
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-proxy-to-controlpanel.conf.template
@@ -0,0 +1,36 @@
+location /controlpanel {
+ proxy_pass http://{{CONTROL_PANEL_HOST_ADDR}};
+
+ client_max_body_size 100m;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
+}
+
+location /sso/ {
+ proxy_pass http://{{SERVICE_SSO_AUTH_HOST_ADDR}}:9834;
+
+ client_max_body_size 100m;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
+
+ proxy_redirect / /;
+
+}
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-proxy-to-documentserver.conf.template b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-proxy-to-documentserver.conf.template
new file mode 100644
index 0000000000..368ab4fdc5
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-proxy-to-documentserver.conf.template
@@ -0,0 +1,18 @@
+location ~* ^/ds-vpath/ {
+ rewrite /ds-vpath/(.*) /$1 break;
+ proxy_pass {{DOCUMENT_SERVER_HOST_ADDR}};
+ proxy_redirect off;
+
+ client_max_body_size 100m;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
+ proxy_set_header X-Forwarded-Proto $the_scheme;
+}
+
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-services.conf b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-services.conf
new file mode 100644
index 0000000000..9d5281d6f4
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/includes/onlyoffice-communityserver-services.conf
@@ -0,0 +1,44 @@
+location /addons/talk/http-poll/httppoll.ashx {
+ proxy_pass http://localhost:5280/http-poll/;
+ proxy_buffering off;
+ client_max_body_size 10m;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+}
+
+
+location /socketio {
+ rewrite /socketio/(.*) /$1 break;
+ proxy_pass http://localhost:9899;
+
+ client_max_body_size 100m;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ proxy_set_header X-Forwarded-Proto "http";
+ proxy_set_header X-REWRITER-URL $X_REWRITER_URL;
+}
+
+
+location /healthcheck {
+ rewrite /healthcheck(.*) /$1 break;
+ proxy_pass http://localhost:9810;
+ proxy_redirect ~*/(.*) /healthcheck/$1;
+
+ client_max_body_size 100m;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ proxy_set_header X-Forwarded-Proto $scheme;
+}
diff --git a/build/install/snap/src/nginx/config/nginx-config/conf.d/onlyoffice b/build/install/snap/src/nginx/config/nginx-config/conf.d/onlyoffice
new file mode 100644
index 0000000000..39e496d5e9
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/conf.d/onlyoffice
@@ -0,0 +1,46 @@
+upstream fastcgi_backend_apisystem {
+ server unix:${ONLYOFFICE_API_SYSTEM_SOCKET};
+ keepalive 32;
+}
+
+upstream fastcgi_backend {
+ server unix:${ONLYOFFICE_SOCKET};
+ keepalive 32;
+}
+
+fastcgi_cache_path ${SNAP_DATA}/nginx/cache/onlyoffice
+ levels=1:2
+ keys_zone=onlyoffice:16m
+ max_size=256m
+ inactive=1d;
+
+map $http_host $this_host {
+ "" $host;
+ default $http_host;
+}
+
+map $http_x_forwarded_proto $the_scheme {
+ default $http_x_forwarded_proto;
+ "" $scheme;
+}
+
+map $http_x_forwarded_host $the_host {
+ default $http_x_forwarded_host;
+ "" $this_host;
+}
+
+server {
+ listen 80;
+
+ add_header Access-Control-Allow-Origin *;
+
+ large_client_header_buffers 4 16k;
+
+ set $X_REWRITER_URL $the_scheme://$the_host;
+
+ if ($http_x_rewriter_url != '') {
+ set $X_REWRITER_URL $http_x_rewriter_url ;
+ }
+
+ include ${SNAP_DATA}/nginx/config/conf.d/includes/onlyoffice-communityserver-*.conf;
+}
diff --git a/build/install/snap/src/nginx/config/nginx-config/nginx.conf b/build/install/snap/src/nginx/config/nginx-config/nginx.conf
new file mode 100644
index 0000000000..4d266bdd6d
--- /dev/null
+++ b/build/install/snap/src/nginx/config/nginx-config/nginx.conf
@@ -0,0 +1,30 @@
+user root;
+worker_processes 2;
+
+error_log ${SNAP_DATA}/nginx/logs/error.log warn;
+pid ${NGINX_PIDFILE};
+
+
+events {
+ worker_connections 1048576;
+}
+
+
+http {
+ include ${SNAP}/conf/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log ${SNAP_DATA}/nginx/logs/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+ include ${SNAP_DATA}/nginx/config/conf.d/onlyoffice;
+}
diff --git a/build/install/snap/src/nginx/utilities/nginx-utilities b/build/install/snap/src/nginx/utilities/nginx-utilities
new file mode 100755
index 0000000000..e2f34ea0ff
--- /dev/null
+++ b/build/install/snap/src/nginx/utilities/nginx-utilities
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+export NGINX_PIDFILE="/tmp/pids/nginx.pid"
+
+mkdir -p "$(dirname "$NGINX_PIDFILE")"
+chmod 750 "$(dirname "$NGINX_PIDFILE")"
+
+mkdir -p ${SNAP_DATA}/nginx/logs
+chmod 750 ${SNAP_DATA}/nginx/logs
+
+mkdir -p ${SNAP_DATA}/nginx/cache
+chmod 750 ${SNAP_DATA}/nginx/cache
+
+mkdir -p ${SNAP_DATA}/nginx/config
+chmod 750 ${SNAP_DATA}/nginx/config
+
+
diff --git a/build/install/snap/src/onlyoffice/bin/start_monoserve b/build/install/snap/src/onlyoffice/bin/start_monoserve
new file mode 100755
index 0000000000..6481c2bb9b
--- /dev/null
+++ b/build/install/snap/src/onlyoffice/bin/start_monoserve
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+set -x
+
+# shellcheck source=src/mysql/utilities/mysql-utilities
+. "$SNAP/utilities/mysql-utilities"
+
+# shellcheck source=src/onlyoffice/utilities/monoserve-utilities
+. "${SNAP}/utilities/monoserve-utilities"
+
+# shellcheck source=src/redis/utilities/redis-utilities
+. "$SNAP/utilities/redis-utilities"
+
+
+wait_for_redis
+wait_for_mysql
+
+DB_NAME="onlyoffice";
+DB_HOST="localhost";
+DB_USER="onlyoffice";
+DB_PWD=$( mysql_get_onlyoffice_password );
+
+
+ONLYOFFICE_CORE_MACHINEKEY=$( onlyoffice_get_core_machine_key );
+
+cp -drf ${SNAP}/config/hyperfastcgi-config/* ${SNAP_DATA}/hyperfastcgi/
+
+[ -e ${ONLYOFFCE_SOCKET} ] && rm -f ${ONLYOFFCE_SOCKET}
+
+sed -e "s|\${SNAP}|$SNAP|;s|\${SNAP_DATA}|$SNAP_DATA|;s|\${ONLYOFFICE_SOCKET}|$ONLYOFFICE_SOCKET|" -i ${SNAP_DATA}/hyperfastcgi/onlyoffice
+
+mkdir -p ${SNAP_DATA}/onlyoffice/config/WebStudio/
+cp -dfr ${SNAP}/var/www/onlyoffice/WebStudio/*.config ${SNAP_DATA}/onlyoffice/config/WebStudio/
+
+sed "/core.machinekey/s!value=\".*\"!value=\"${ONLYOFFICE_CORE_MACHINEKEY}\"!g" -i ${SNAP_DATA}/onlyoffice/config/WebStudio/web.appsettings.config
+sed "s!/var/log/onlyoffice/!${SNAP_DATA}/onlyoffice/logs/!g" -i ${SNAP_DATA}/onlyoffice/config/WebStudio/web.log4net.config
+sed "s|\.*\\\Data\\\|${SNAP_DATA}/onlyoffice/data/|g" -i ${SNAP_DATA}/onlyoffice/config/WebStudio/web.storage.config
+
+sed "s|Password=.*;|Password=${DB_PWD};|g" -i ${SNAP_DATA}/onlyoffice/config/WebStudio/web.connections.config
+sed "s|User\\s*ID=.*;|User\\s*ID=${DB_USER};|g" -i ${SNAP_DATA}/onlyoffice/config/WebStudio/web.connections.config
+
+
+export ONLYOFFICE_APP_CONFIG_FILE="${SNAP_DATA}/onlyoffice/config/WebStudio/Web.config";
+
+MYSQL="mysql -h$DB_HOST -u$DB_USER -p$DB_PWD -S$MYSQL_SOCKET";
+
+DB_TABLES_COUNT=$($MYSQL --silent --skip-column-names -e "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema='${DB_NAME}'");
+
+if [ "${DB_TABLES_COUNT}" -eq "0" ]; then
+
+ $MYSQL "$DB_NAME" < $SNAP/var/www/onlyoffice/Sql/onlyoffice.sql
+ $MYSQL "$DB_NAME" < $SNAP/var/www/onlyoffice/Sql/onlyoffice.data.sql
+ $MYSQL "$DB_NAME" < $SNAP/var/www/onlyoffice/Sql/onlyoffice.resources.sql
+fi
+
+for i in $(ls $SNAP/var/www/onlyoffice/Sql/onlyoffice.upgrade*); do
+ $MYSQL "$DB_NAME" < ${i};
+done
+
+# export mono variables
+export MONO_IOMAP=all
+export MONO_ASPNET_WEBCONFIG_CACHESIZE=2000
+export MONO_THREADS_PER_CPU=2000
+export MONO_OPTIONS="--server"
+export MONO_GC_PARAMS=nursery-size=64m
+
+PKG_DIR=$SNAP/usr
+
+export MONO_PATH=$PKG_DIR/lib/mono/4.5
+export MONO_CONFIG=$SNAP/etc/mono/config
+export MONO_CFG_DIR=$SNAP/etc
+export C_INCLUDE_PATH=${PKG_DIR}/include
+export MONO_REGISTRY_PATH=~/.mono/registry
+export MONO_GAC_PREFIX=$PKG_DIR/lib/mono/gac/
+#export LD_LIBRARY_PATH=$PKG_DIR/lib:$LD_LIBRARY_PATH
+
+export LD_RUN_PATH=$LD_LIBRARY_PATH
+#export LD_DEBUG=files
+
+export PKG_CONFIG_PATH=$PKG_DIR/lib/pkgconfig:$PKG_CONFIG_PATH
+export ACLOCAL_PATH=${PKG_DIR}/share/aclocal
+#export MONO_LOG_LEVEL=debug
+#export FONTCONFIG_PATH=${PKG_DIR}/etc/fonts
+#export XDG_DATA_HOME=${PKG_DIR}/etc/fonts
+
+
+exec ${SNAP}/usr/bin/mono ${SNAP}/usr/lib/hyperfastcgi/4.0/HyperFastCgi.exe /config=${SNAP_DATA}/hyperfastcgi/onlyoffice /logfile=${SNAP_DATA}/onlyoffice/logs/onlyoffice.log
diff --git a/build/install/snap/src/onlyoffice/config/hyperfastcgi-config/onlyoffice b/build/install/snap/src/onlyoffice/config/hyperfastcgi-config/onlyoffice
new file mode 100644
index 0000000000..9418beb0db
--- /dev/null
+++ b/build/install/snap/src/onlyoffice/config/hyperfastcgi-config/onlyoffice
@@ -0,0 +1,24 @@
+
+
+ ${SNAP}/var/www/onlyoffice/WebStudio
+
+
+
+
+ Task
+
+ Unix
+ //666@${ONLYOFFICE_SOCKET}
+
+
+
+ false
+
+
+
+ onlyoffice
+ /
+ .
+
+
+
diff --git a/build/install/snap/src/onlyoffice/config/hyperfastcgi-config/onlyofficeApiSystem b/build/install/snap/src/onlyoffice/config/hyperfastcgi-config/onlyofficeApiSystem
new file mode 100644
index 0000000000..2059a6effa
--- /dev/null
+++ b/build/install/snap/src/onlyoffice/config/hyperfastcgi-config/onlyofficeApiSystem
@@ -0,0 +1,24 @@
+
+
+ ${SNAP}/var/www/onlyoffice/ApiSystem
+
+
+
+
+ Task
+
+ Unix
+ //666@${ONLYOFFICE_API_SYSTEM_SOCKET}
+
+
+
+ false
+
+
+
+ onlyofficeApiSystem
+ /
+ .
+
+
+
diff --git a/build/install/snap/src/onlyoffice/utilities/monoserve-utilities b/build/install/snap/src/onlyoffice/utilities/monoserve-utilities
new file mode 100755
index 0000000000..8039f88e6d
--- /dev/null
+++ b/build/install/snap/src/onlyoffice/utilities/monoserve-utilities
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+export ONLYOFFICE_SOCKET="/tmp/sockets/onlyoffice.socket"
+export ONLYOFFICE_API_SYSTEM_SOCKET="/tmp/sockets/onlyofficeApiSystem.socket"
+export ONLYOFFICE_CORE_MACHINEKEY_FILE="$SNAP_DATA/onlyoffice/.onlyoffice_core_machine_key"
+
+mkdir -p "$(dirname "$ONLYOFFICE_SOCKET")"
+chmod 750 "$(dirname "$ONLYOFFICE_SOCKET")"
+
+mkdir -p "$(dirname "$ONLYOFFICE_API_SYSTEM_SOCKET")"
+chmod 750 "$(dirname "$ONLYOFFICE_API_SYSTEM_SOCKET")"
+
+mkdir -p "$(dirname "$ONLYOFFICE_CORE_MACHINEKEY_FILE")"
+chmod 750 "$(dirname "$ONLYOFFICE_CORE_MACHINEKEY_FILE")"
+
+mkdir -p $SNAP_DATA/hyperfastcgi
+chmod 750 $SNAP_DATA/hyperfastcgi
+
+mkdir -p $SNAP_DATA/onlyoffice/logs
+chmod 750 $SNAP_DATA/onlyoffice/logs
+
+mkdir -p $SNAP_DATA/onlyoffice/data
+chmod 750 $SNAP_DATA/onlyoffice/data
+
+mkdir -p $SNAP_DATA/onlyoffice/config
+chmod 750 $SNAP_DATA/onlyoffice/config
+
+onlyoffice_get_core_machine_key() {
+ if [ ! -f "$ONLYOFFICE_CORE_MACHINEKEY_FILE" ]; then
+ echo "$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c64)" > ${ONLYOFFICE_CORE_MACHINEKEY_FILE};
+ chmod 600 ${ONLYOFFICE_CORE_MACHINEKEY_FILE};
+ fi
+
+ cat "$ONLYOFFICE_CORE_MACHINEKEY_FILE";
+}
+
diff --git a/build/install/snap/src/patches/support-compile-time-disabling-of-setpriority.patch b/build/install/snap/src/patches/support-compile-time-disabling-of-setpriority.patch
new file mode 100644
index 0000000000..569a01be7a
--- /dev/null
+++ b/build/install/snap/src/patches/support-compile-time-disabling-of-setpriority.patch
@@ -0,0 +1,92 @@
+From bb6c86ca997b2ca1b052cb83e91152220fe149ad Mon Sep 17 00:00:00 2001
+From: Kyle Fazzari
+Date: Fri, 25 Mar 2016 15:03:38 +0000
+Subject: [PATCH] Support compile-time disabling of setpriority().
+
+This is to support running on systems such as Snappy Ubuntu Core,
+e.g. heavily confined using seccomp filters. In such a situation,
+without this commit, MySQL is aborted as soon as it tries to call
+setpriority(). With this commit, MySQL can be built without
+setpriority() by using -DWITH_INNODB_PAGE_CLEANER_PRIORITY=OFF,
+thus supporting such systems.
+
+Signed-off-by: Kyle Fazzari
+---
+ storage/innobase/buf/buf0flu.cc | 12 ++++++------
+ storage/innobase/innodb.cmake | 5 +++++
+ 2 files changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/storage/innobase/buf/buf0flu.cc b/storage/innobase/buf/buf0flu.cc
+index 5a8a3567e0f..0961f757b1a 100644
+--- a/storage/innobase/buf/buf0flu.cc
++++ b/storage/innobase/buf/buf0flu.cc
+@@ -2952,7 +2952,7 @@ pc_wait_finished(
+ return(all_succeeded);
+ }
+
+-#ifdef UNIV_LINUX
++#if defined(UNIV_LINUX) && defined(SET_PAGE_CLEANER_PRIORITY)
+ /**
+ Set priority for page_cleaner threads.
+ @param[in] priority priority intended to set
+@@ -2967,7 +2967,7 @@ buf_flush_page_cleaner_set_priority(
+ return(getpriority(PRIO_PROCESS, (pid_t)syscall(SYS_gettid))
+ == priority);
+ }
+-#endif /* UNIV_LINUX */
++#endif /* UNIV_LINUX && SET_PAGE_CLEANER_PRIORITY */
+
+ #ifdef UNIV_DEBUG
+ /** Loop used to disable page cleaner threads. */
+@@ -3113,7 +3113,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_coordinator)(
+ << os_thread_pf(os_thread_get_curr_id());
+ #endif /* UNIV_DEBUG_THREAD_CREATION */
+
+-#ifdef UNIV_LINUX
++#if defined(UNIV_LINUX) && defined(SET_PAGE_CLEANER_PRIORITY)
+ /* linux might be able to set different setting for each thread.
+ worth to try to set high priority for page cleaner threads */
+ if (buf_flush_page_cleaner_set_priority(
+@@ -3126,7 +3126,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_coordinator)(
+ " page cleaner thread priority can be changed."
+ " See the man page of setpriority().";
+ }
+-#endif /* UNIV_LINUX */
++#endif /* UNIV_LINUX && SET_PAGE_CLEANER_PRIORITY */
+
+ buf_page_cleaner_is_active = true;
+
+@@ -3481,7 +3481,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_worker)(
+ page_cleaner->n_workers++;
+ mutex_exit(&page_cleaner->mutex);
+
+-#ifdef UNIV_LINUX
++#if defined(UNIV_LINUX) && defined(SET_PAGE_CLEANER_PRIORITY)
+ /* linux might be able to set different setting for each thread
+ worth to try to set high priority for page cleaner threads */
+ if (buf_flush_page_cleaner_set_priority(
+@@ -3490,7 +3490,7 @@ DECLARE_THREAD(buf_flush_page_cleaner_worker)(
+ ib::info() << "page_cleaner worker priority: "
+ << buf_flush_page_cleaner_priority;
+ }
+-#endif /* UNIV_LINUX */
++#endif /* UNIV_LINUX && SET_PAGE_CLEANER_PRIORITY */
+
+ while (true) {
+ os_event_wait(page_cleaner->is_requested);
+diff --git a/storage/innobase/innodb.cmake b/storage/innobase/innodb.cmake
+index a90fe67f492..0d0a3ad7e3b 100644
+--- a/storage/innobase/innodb.cmake
++++ b/storage/innobase/innodb.cmake
+@@ -38,6 +38,11 @@ IF(UNIX)
+ LINK_LIBRARIES(aio)
+ ENDIF()
+
++ OPTION(WITH_INNODB_PAGE_CLEANER_PRIORITY "Set a high priority for page cleaner threads" ON)
++ IF(WITH_INNODB_PAGE_CLEANER_PRIORITY)
++ ADD_DEFINITIONS("-DSET_PAGE_CLEANER_PRIORITY")
++ ENDIF()
++
+ ELSEIF(CMAKE_SYSTEM_NAME STREQUAL "SunOS")
+ ADD_DEFINITIONS("-DUNIV_SOLARIS")
+ ENDIF()
diff --git a/build/install/snap/src/redis/bin/start-redis-server b/build/install/snap/src/redis/bin/start-redis-server
new file mode 100755
index 0000000000..5cbc923790
--- /dev/null
+++ b/build/install/snap/src/redis/bin/start-redis-server
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# shellcheck source=src/redis/utilities/redis-utilities
+. "$SNAP/utilities/redis-utilities"
+
+mkdir -p "${SNAP_DATA}/redis"
+chmod 750 "${SNAP_DATA}/redis"
+
+# redis doesn't support environment variables in its config files. Thankfully
+# it supports reading the config file from stdin though, so we'll rewrite the
+# config file on the fly and pipe it in.
+sed -e "s|\${SNAP_DATA}|$SNAP_DATA|;s|\${REDIS_PIDFILE}|$REDIS_PIDFILE|;s|\${REDIS_SOCKET}|$REDIS_SOCKET|" "$SNAP/config/redis/redis.conf" | redis-server -
diff --git a/build/install/snap/src/redis/config/redis.conf b/build/install/snap/src/redis/config/redis.conf
new file mode 100644
index 0000000000..ddeddc6465
--- /dev/null
+++ b/build/install/snap/src/redis/config/redis.conf
@@ -0,0 +1,1023 @@
+# Redis configuration file example.
+#
+# Note that in order to read the configuration file, Redis must be
+# started with the file path as first argument:
+#
+# ./redis-server /path/to/redis.conf
+
+# Note on units: when memory size is needed, it is possible to specify
+# it in the usual form of 1k 5GB 4M and so forth:
+#
+# 1k => 1000 bytes
+# 1kb => 1024 bytes
+# 1m => 1000000 bytes
+# 1mb => 1024*1024 bytes
+# 1g => 1000000000 bytes
+# 1gb => 1024*1024*1024 bytes
+#
+# units are case insensitive so 1GB 1Gb 1gB are all the same.
+
+################################## INCLUDES ###################################
+
+# Include one or more other config files here. This is useful if you
+# have a standard template that goes to all Redis servers but also need
+# to customize a few per-server settings. Include files can include
+# other files, so use this wisely.
+#
+# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
+# from admin or Redis Sentinel. Since Redis always uses the last processed
+# line as value of a configuration directive, you'd better put includes
+# at the beginning of this file to avoid overwriting config change at runtime.
+#
+# If instead you are interested in using includes to override configuration
+# options, it is better to use include as the last line.
+#
+# include /path/to/local.conf
+# include /path/to/other.conf
+
+################################## NETWORK #####################################
+
+# By default, if no "bind" configuration directive is specified, Redis listens
+# for connections from all the network interfaces available on the server.
+# It is possible to listen to just one or multiple selected interfaces using
+# the "bind" configuration directive, followed by one or more IP addresses.
+#
+# Examples:
+#
+# bind 192.168.1.100 10.0.0.1
+# bind 127.0.0.1 ::1
+#
+# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
+# internet, binding to all the interfaces is dangerous and will expose the
+# instance to everybody on the internet. So by default we uncomment the
+# following bind directive, that will force Redis to listen only into
+# the IPv4 lookback interface address (this means Redis will be able to
+# accept connections only from clients running into the same computer it
+# is running).
+#
+# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
+# JUST COMMENT THE FOLLOWING LINE.
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+bind 127.0.0.1
+
+# Protected mode is a layer of security protection, in order to avoid that
+# Redis instances left open on the internet are accessed and exploited.
+#
+# When protected mode is on and if:
+#
+# 1) The server is not binding explicitly to a set of addresses using the
+# "bind" directive.
+# 2) No password is configured.
+#
+# The server only accepts connections from clients connecting from the
+# IPv4 and IPv6 loopback addresses 127.0.0.1 and ::1, and from Unix domain
+# sockets.
+#
+# By default protected mode is enabled. You should disable it only if
+# you are sure you want clients from other hosts to connect to Redis
+# even if no authentication is configured, nor a specific set of interfaces
+# are explicitly listed using the "bind" directive.
+protected-mode yes
+
+# Accept connections on the specified port, default is 6379 (IANA #815344).
+# If port 0 is specified Redis will not listen on a TCP socket.
+port 0
+
+# TCP listen() backlog.
+#
+# In high requests-per-second environments you need an high backlog in order
+# to avoid slow clients connections issues. Note that the Linux kernel
+# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
+# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
+# in order to get the desired effect.
+tcp-backlog 511
+
+# Unix socket.
+#
+# Specify the path for the Unix socket that will be used to listen for
+# incoming connections. There is no default, so Redis will not listen
+# on a unix socket when not specified.
+#
+unixsocket ${REDIS_SOCKET}
+# unixsocketperm 700
+
+# Close the connection after a client is idle for N seconds (0 to disable)
+timeout 0
+
+# TCP keepalive.
+#
+# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
+# of communication. This is useful for two reasons:
+#
+# 1) Detect dead peers.
+# 2) Take the connection alive from the point of view of network
+# equipment in the middle.
+#
+# On Linux, the specified value (in seconds) is the period used to send ACKs.
+# Note that to close the connection the double of the time is needed.
+# On other kernels the period depends on the kernel configuration.
+#
+# A reasonable value for this option is 300 seconds, which is the new
+# Redis default starting with Redis 3.2.1.
+tcp-keepalive 300
+
+################################# GENERAL #####################################
+
+# By default Redis does not run as a daemon. Use 'yes' if you need it.
+# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
+daemonize no
+
+# If you run Redis from upstart or systemd, Redis can interact with your
+# supervision tree. Options:
+# supervised no - no supervision interaction
+# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
+# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
+# supervised auto - detect upstart or systemd method based on
+# UPSTART_JOB or NOTIFY_SOCKET environment variables
+# Note: these supervision methods only signal "process is ready."
+# They do not enable continuous liveness pings back to your supervisor.
+supervised no
+
+# If a pid file is specified, Redis writes it where specified at startup
+# and removes it at exit.
+#
+# When the server runs non daemonized, no pid file is created if none is
+# specified in the configuration. When the server is daemonized, the pid file
+# is used even if not specified, defaulting to "/var/run/redis.pid".
+#
+# Creating a pid file is best effort: if Redis is not able to create it
+# nothing bad happens, the server will start and run normally.
+pidfile ${REDIS_PIDFILE}
+
+# Specify the server verbosity level.
+# This can be one of:
+# debug (a lot of information, useful for development/testing)
+# verbose (many rarely useful info, but not a mess like the debug level)
+# notice (moderately verbose, what you want in production probably)
+# warning (only very important / critical messages are logged)
+loglevel notice
+
+# Specify the log file name. Also the empty string can be used to force
+# Redis to log on the standard output. Note that if you use standard
+# output for logging but daemonize, logs will be sent to /dev/null
+logfile ${SNAP_DATA}/redis/redis.log
+
+# To enable logging to the system logger, just set 'syslog-enabled' to yes,
+# and optionally update the other syslog parameters to suit your needs.
+# syslog-enabled no
+
+# Specify the syslog identity.
+# syslog-ident redis
+
+# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
+# syslog-facility local0
+
+# Set the number of databases. The default database is DB 0, you can select
+# a different one on a per-connection basis using SELECT where
+# dbid is a number between 0 and 'databases'-1
+databases 16
+
+################################ SNAPSHOTTING ################################
+#
+# Save the DB on disk:
+#
+# save
+#
+# Will save the DB if both the given number of seconds and the given
+# number of write operations against the DB occurred.
+#
+# In the example below the behaviour will be to save:
+# after 900 sec (15 min) if at least 1 key changed
+# after 300 sec (5 min) if at least 10 keys changed
+# after 60 sec if at least 10000 keys changed
+#
+# Note: you can disable saving completely by commenting out all "save" lines.
+#
+# It is also possible to remove all the previously configured save
+# points by adding a save directive with a single empty string argument
+# like in the following example:
+#
+# save ""
+
+save 900 1
+save 300 10
+save 60 10000
+
+# By default Redis will stop accepting writes if RDB snapshots are enabled
+# (at least one save point) and the latest background save failed.
+# This will make the user aware (in a hard way) that data is not persisting
+# on disk properly, otherwise chances are that no one will notice and some
+# disaster will happen.
+#
+# If the background saving process will start working again Redis will
+# automatically allow writes again.
+#
+# However if you have setup your proper monitoring of the Redis server
+# and persistence, you may want to disable this feature so that Redis will
+# continue to work as usual even if there are problems with disk,
+# permissions, and so forth.
+stop-writes-on-bgsave-error yes
+
+# Compress string objects using LZF when dump .rdb databases?
+# For default that's set to 'yes' as it's almost always a win.
+# If you want to save some CPU in the saving child set it to 'no' but
+# the dataset will likely be bigger if you have compressible values or keys.
+rdbcompression yes
+
+# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
+# This makes the format more resistant to corruption but there is a performance
+# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
+# for maximum performances.
+#
+# RDB files created with checksum disabled have a checksum of zero that will
+# tell the loading code to skip the check.
+rdbchecksum yes
+
+# The filename where to dump the DB
+dbfilename dump.rdb
+
+# The working directory.
+#
+# The DB will be written inside this directory, with the filename specified
+# above using the 'dbfilename' configuration directive.
+#
+# The Append Only File will also be created inside this directory.
+#
+# Note that you must specify a directory here, not a file name.
+dir ${SNAP_DATA}/redis/
+
+################################# REPLICATION #################################
+
+# Master-Slave replication. Use slaveof to make a Redis instance a copy of
+# another Redis server. A few things to understand ASAP about Redis replication.
+#
+# 1) Redis replication is asynchronous, but you can configure a master to
+# stop accepting writes if it appears to be not connected with at least
+# a given number of slaves.
+# 2) Redis slaves are able to perform a partial resynchronization with the
+# master if the replication link is lost for a relatively small amount of
+# time. You may want to configure the replication backlog size (see the next
+# sections of this file) with a sensible value depending on your needs.
+# 3) Replication is automatic and does not need user intervention. After a
+# network partition slaves automatically try to reconnect to masters
+# and resynchronize with them.
+#
+# slaveof
+
+# If the master is password protected (using the "requirepass" configuration
+# directive below) it is possible to tell the slave to authenticate before
+# starting the replication synchronization process, otherwise the master will
+# refuse the slave request.
+#
+# masterauth
+
+# When a slave loses its connection with the master, or when the replication
+# is still in progress, the slave can act in two different ways:
+#
+# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
+# still reply to client requests, possibly with out of date data, or the
+# data set may just be empty if this is the first synchronization.
+#
+# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
+# an error "SYNC with master in progress" to all the kind of commands
+# but to INFO and SLAVEOF.
+#
+slave-serve-stale-data yes
+
+# You can configure a slave instance to accept writes or not. Writing against
+# a slave instance may be useful to store some ephemeral data (because data
+# written on a slave will be easily deleted after resync with the master) but
+# may also cause problems if clients are writing to it because of a
+# misconfiguration.
+#
+# Since Redis 2.6 by default slaves are read-only.
+#
+# Note: read only slaves are not designed to be exposed to untrusted clients
+# on the internet. It's just a protection layer against misuse of the instance.
+# Still a read only slave exports by default all the administrative commands
+# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
+# security of read only slaves using 'rename-command' to shadow all the
+# administrative / dangerous commands.
+slave-read-only yes
+
+# Replication SYNC strategy: disk or socket.
+#
+# -------------------------------------------------------
+# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
+# -------------------------------------------------------
+#
+# New slaves and reconnecting slaves that are not able to continue the replication
+# process just receiving differences, need to do what is called a "full
+# synchronization". An RDB file is transmitted from the master to the slaves.
+# The transmission can happen in two different ways:
+#
+# 1) Disk-backed: The Redis master creates a new process that writes the RDB
+# file on disk. Later the file is transferred by the parent
+# process to the slaves incrementally.
+# 2) Diskless: The Redis master creates a new process that directly writes the
+# RDB file to slave sockets, without touching the disk at all.
+#
+# With disk-backed replication, while the RDB file is generated, more slaves
+# can be queued and served with the RDB file as soon as the current child producing
+# the RDB file finishes its work. With diskless replication instead once
+# the transfer starts, new slaves arriving will be queued and a new transfer
+# will start when the current one terminates.
+#
+# When diskless replication is used, the master waits a configurable amount of
+# time (in seconds) before starting the transfer in the hope that multiple slaves
+# will arrive and the transfer can be parallelized.
+#
+# With slow disks and fast (large bandwidth) networks, diskless replication
+# works better.
+repl-diskless-sync no
+
+# When diskless replication is enabled, it is possible to configure the delay
+# the server waits in order to spawn the child that transfers the RDB via socket
+# to the slaves.
+#
+# This is important since once the transfer starts, it is not possible to serve
+# new slaves arriving, that will be queued for the next RDB transfer, so the server
+# waits a delay in order to let more slaves arrive.
+#
+# The delay is specified in seconds, and by default is 5 seconds. To disable
+# it entirely just set it to 0 seconds and the transfer will start ASAP.
+repl-diskless-sync-delay 5
+
+# Slaves send PINGs to server in a predefined interval. It's possible to change
+# this interval with the repl_ping_slave_period option. The default value is 10
+# seconds.
+#
+# repl-ping-slave-period 10
+
+# The following option sets the replication timeout for:
+#
+# 1) Bulk transfer I/O during SYNC, from the point of view of slave.
+# 2) Master timeout from the point of view of slaves (data, pings).
+# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings).
+#
+# It is important to make sure that this value is greater than the value
+# specified for repl-ping-slave-period otherwise a timeout will be detected
+# every time there is low traffic between the master and the slave.
+#
+# repl-timeout 60
+
+# Disable TCP_NODELAY on the slave socket after SYNC?
+#
+# If you select "yes" Redis will use a smaller number of TCP packets and
+# less bandwidth to send data to slaves. But this can add a delay for
+# the data to appear on the slave side, up to 40 milliseconds with
+# Linux kernels using a default configuration.
+#
+# If you select "no" the delay for data to appear on the slave side will
+# be reduced but more bandwidth will be used for replication.
+#
+# By default we optimize for low latency, but in very high traffic conditions
+# or when the master and slaves are many hops away, turning this to "yes" may
+# be a good idea.
+repl-disable-tcp-nodelay no
+
+# Set the replication backlog size. The backlog is a buffer that accumulates
+# slave data when slaves are disconnected for some time, so that when a slave
+# wants to reconnect again, often a full resync is not needed, but a partial
+# resync is enough, just passing the portion of data the slave missed while
+# disconnected.
+#
+# The bigger the replication backlog, the longer the time the slave can be
+# disconnected and later be able to perform a partial resynchronization.
+#
+# The backlog is only allocated once there is at least a slave connected.
+#
+# repl-backlog-size 1mb
+
+# After a master has no longer connected slaves for some time, the backlog
+# will be freed. The following option configures the amount of seconds that
+# need to elapse, starting from the time the last slave disconnected, for
+# the backlog buffer to be freed.
+#
+# A value of 0 means to never release the backlog.
+#
+# repl-backlog-ttl 3600
+
+# The slave priority is an integer number published by Redis in the INFO output.
+# It is used by Redis Sentinel in order to select a slave to promote into a
+# master if the master is no longer working correctly.
+#
+# A slave with a low priority number is considered better for promotion, so
+# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
+# pick the one with priority 10, that is the lowest.
+#
+# However a special priority of 0 marks the slave as not able to perform the
+# role of master, so a slave with priority of 0 will never be selected by
+# Redis Sentinel for promotion.
+#
+# By default the priority is 100.
+slave-priority 100
+
+# It is possible for a master to stop accepting writes if there are less than
+# N slaves connected, having a lag less or equal than M seconds.
+#
+# The N slaves need to be in "online" state.
+#
+# The lag in seconds, that must be <= the specified value, is calculated from
+# the last ping received from the slave, that is usually sent every second.
+#
+# This option does not GUARANTEE that N replicas will accept the write, but
+# will limit the window of exposure for lost writes in case not enough slaves
+# are available, to the specified number of seconds.
+#
+# For example to require at least 3 slaves with a lag <= 10 seconds use:
+#
+# min-slaves-to-write 3
+# min-slaves-max-lag 10
+#
+# Setting one or the other to 0 disables the feature.
+#
+# By default min-slaves-to-write is set to 0 (feature disabled) and
+# min-slaves-max-lag is set to 10.
+
+################################## SECURITY ###################################
+
+# Require clients to issue AUTH before processing any other
+# commands. This might be useful in environments in which you do not trust
+# others with access to the host running redis-server.
+#
+# This should stay commented out for backward compatibility and because most
+# people do not need auth (e.g. they run their own servers).
+#
+# Warning: since Redis is pretty fast an outside user can try up to
+# 150k passwords per second against a good box. This means that you should
+# use a very strong password otherwise it will be very easy to break.
+#
+# requirepass foobared
+
+# Command renaming.
+#
+# It is possible to change the name of dangerous commands in a shared
+# environment. For instance the CONFIG command may be renamed into something
+# hard to guess so that it will still be available for internal-use tools
+# but not available for general clients.
+#
+# Example:
+#
+# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
+#
+# It is also possible to completely kill a command by renaming it into
+# an empty string:
+#
+# rename-command CONFIG ""
+#
+# Please note that changing the name of commands that are logged into the
+# AOF file or transmitted to slaves may cause problems.
+
+################################### LIMITS ####################################
+
+# Set the max number of connected clients at the same time. By default
+# this limit is set to 10000 clients, however if the Redis server is not
+# able to configure the process file limit to allow for the specified limit
+# the max number of allowed clients is set to the current file limit
+# minus 32 (as Redis reserves a few file descriptors for internal uses).
+#
+# Once the limit is reached Redis will close all the new connections sending
+# an error 'max number of clients reached'.
+#
+# maxclients 10000
+
+# Don't use more memory than the specified amount of bytes.
+# When the memory limit is reached Redis will try to remove keys
+# according to the eviction policy selected (see maxmemory-policy).
+#
+# If Redis can't remove keys according to the policy, or if the policy is
+# set to 'noeviction', Redis will start to reply with errors to commands
+# that would use more memory, like SET, LPUSH, and so on, and will continue
+# to reply to read-only commands like GET.
+#
+# This option is usually useful when using Redis as an LRU cache, or to set
+# a hard memory limit for an instance (using the 'noeviction' policy).
+#
+# WARNING: If you have slaves attached to an instance with maxmemory on,
+# the size of the output buffers needed to feed the slaves are subtracted
+# from the used memory count, so that network problems / resyncs will
+# not trigger a loop where keys are evicted, and in turn the output
+# buffer of slaves is full with DELs of keys evicted triggering the deletion
+# of more keys, and so forth until the database is completely emptied.
+#
+# In short... if you have slaves attached it is suggested that you set a lower
+# limit for maxmemory so that there is some free RAM on the system for slave
+# output buffers (but this is not needed if the policy is 'noeviction').
+#
+# maxmemory
+
+# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
+# is reached. You can select among five behaviors:
+#
+# volatile-lru -> remove the key with an expire set using an LRU algorithm
+# allkeys-lru -> remove any key according to the LRU algorithm
+# volatile-random -> remove a random key with an expire set
+# allkeys-random -> remove a random key, any key
+# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
+# noeviction -> don't expire at all, just return an error on write operations
+#
+# Note: with any of the above policies, Redis will return an error on write
+# operations, when there are no suitable keys for eviction.
+#
+# At the date of writing these commands are: set setnx setex append
+# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
+# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
+# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
+# getset mset msetnx exec sort
+#
+# The default is:
+#
+# maxmemory-policy noeviction
+
+# LRU and minimal TTL algorithms are not precise algorithms but approximated
+# algorithms (in order to save memory), so you can tune it for speed or
+# accuracy. For default Redis will check five keys and pick the one that was
+# used less recently, you can change the sample size using the following
+# configuration directive.
+#
+# The default of 5 produces good enough results. 10 Approximates very closely
+# true LRU but costs a bit more CPU. 3 is very fast but not very accurate.
+#
+# maxmemory-samples 5
+
+############################## APPEND ONLY MODE ###############################
+
+# By default Redis asynchronously dumps the dataset on disk. This mode is
+# good enough in many applications, but an issue with the Redis process or
+# a power outage may result into a few minutes of writes lost (depending on
+# the configured save points).
+#
+# The Append Only File is an alternative persistence mode that provides
+# much better durability. For instance using the default data fsync policy
+# (see later in the config file) Redis can lose just one second of writes in a
+# dramatic event like a server power outage, or a single write if something
+# wrong with the Redis process itself happens, but the operating system is
+# still running correctly.
+#
+# AOF and RDB persistence can be enabled at the same time without problems.
+# If the AOF is enabled on startup Redis will load the AOF, that is the file
+# with the better durability guarantees.
+#
+# Please check http://redis.io/topics/persistence for more information.
+
+appendonly no
+
+# The name of the append only file (default: "appendonly.aof")
+
+appendfilename "appendonly.aof"
+
+# The fsync() call tells the Operating System to actually write data on disk
+# instead of waiting for more data in the output buffer. Some OS will really flush
+# data on disk, some other OS will just try to do it ASAP.
+#
+# Redis supports three different modes:
+#
+# no: don't fsync, just let the OS flush the data when it wants. Faster.
+# always: fsync after every write to the append only log. Slow, Safest.
+# everysec: fsync only one time every second. Compromise.
+#
+# The default is "everysec", as that's usually the right compromise between
+# speed and data safety. It's up to you to understand if you can relax this to
+# "no" that will let the operating system flush the output buffer when
+# it wants, for better performances (but if you can live with the idea of
+# some data loss consider the default persistence mode that's snapshotting),
+# or on the contrary, use "always" that's very slow but a bit safer than
+# everysec.
+#
+# More details please check the following article:
+# http://antirez.com/post/redis-persistence-demystified.html
+#
+# If unsure, use "everysec".
+
+# appendfsync always
+appendfsync everysec
+# appendfsync no
+
+# When the AOF fsync policy is set to always or everysec, and a background
+# saving process (a background save or AOF log background rewriting) is
+# performing a lot of I/O against the disk, in some Linux configurations
+# Redis may block too long on the fsync() call. Note that there is no fix for
+# this currently, as even performing fsync in a different thread will block
+# our synchronous write(2) call.
+#
+# In order to mitigate this problem it's possible to use the following option
+# that will prevent fsync() from being called in the main process while a
+# BGSAVE or BGREWRITEAOF is in progress.
+#
+# This means that while another child is saving, the durability of Redis is
+# the same as "appendfsync none". In practical terms, this means that it is
+# possible to lose up to 30 seconds of log in the worst scenario (with the
+# default Linux settings).
+#
+# If you have latency problems turn this to "yes". Otherwise leave it as
+# "no" that is the safest pick from the point of view of durability.
+
+no-appendfsync-on-rewrite no
+
+# Automatic rewrite of the append only file.
+# Redis is able to automatically rewrite the log file implicitly calling
+# BGREWRITEAOF when the AOF log size grows by the specified percentage.
+#
+# This is how it works: Redis remembers the size of the AOF file after the
+# latest rewrite (if no rewrite has happened since the restart, the size of
+# the AOF at startup is used).
+#
+# This base size is compared to the current size. If the current size is
+# bigger than the specified percentage, the rewrite is triggered. Also
+# you need to specify a minimal size for the AOF file to be rewritten, this
+# is useful to avoid rewriting the AOF file even if the percentage increase
+# is reached but it is still pretty small.
+#
+# Specify a percentage of zero in order to disable the automatic AOF
+# rewrite feature.
+
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+
+# An AOF file may be found to be truncated at the end during the Redis
+# startup process, when the AOF data gets loaded back into memory.
+# This may happen when the system where Redis is running
+# crashes, especially when an ext4 filesystem is mounted without the
+# data=ordered option (however this can't happen when Redis itself
+# crashes or aborts but the operating system still works correctly).
+#
+# Redis can either exit with an error when this happens, or load as much
+# data as possible (the default now) and start if the AOF file is found
+# to be truncated at the end. The following option controls this behavior.
+#
+# If aof-load-truncated is set to yes, a truncated AOF file is loaded and
+# the Redis server starts emitting a log to inform the user of the event.
+# Otherwise if the option is set to no, the server aborts with an error
+# and refuses to start. When the option is set to no, the user requires
+# to fix the AOF file using the "redis-check-aof" utility before to restart
+# the server.
+#
+# Note that if the AOF file will be found to be corrupted in the middle
+# the server will still exit with an error. This option only applies when
+# Redis will try to read more data from the AOF file but not enough bytes
+# will be found.
+aof-load-truncated yes
+
+################################ LUA SCRIPTING ###############################
+
+# Max execution time of a Lua script in milliseconds.
+#
+# If the maximum execution time is reached Redis will log that a script is
+# still in execution after the maximum allowed time and will start to
+# reply to queries with an error.
+#
+# When a long running script exceeds the maximum execution time only the
+# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
+# used to stop a script that did not yet called write commands. The second
+# is the only way to shut down the server in the case a write command was
+# already issued by the script but the user doesn't want to wait for the natural
+# termination of the script.
+#
+# Set it to 0 or a negative value for unlimited execution without warnings.
+lua-time-limit 5000
+
+################################ REDIS CLUSTER ###############################
+#
+# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however
+# in order to mark it as "mature" we need to wait for a non trivial percentage
+# of users to deploy it in production.
+# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+#
+# Normal Redis instances can't be part of a Redis Cluster; only nodes that are
+# started as cluster nodes can. In order to start a Redis instance as a
+# cluster node enable the cluster support uncommenting the following:
+#
+# cluster-enabled yes
+
+# Every cluster node has a cluster configuration file. This file is not
+# intended to be edited by hand. It is created and updated by Redis nodes.
+# Every Redis Cluster node requires a different cluster configuration file.
+# Make sure that instances running in the same system do not have
+# overlapping cluster configuration file names.
+#
+# cluster-config-file nodes-6379.conf
+
+# Cluster node timeout is the amount of milliseconds a node must be unreachable
+# for it to be considered in failure state.
+# Most other internal time limits are multiple of the node timeout.
+#
+# cluster-node-timeout 15000
+
+# A slave of a failing master will avoid to start a failover if its data
+# looks too old.
+#
+# There is no simple way for a slave to actually have a exact measure of
+# its "data age", so the following two checks are performed:
+#
+# 1) If there are multiple slaves able to failover, they exchange messages
+# in order to try to give an advantage to the slave with the best
+# replication offset (more data from the master processed).
+# Slaves will try to get their rank by offset, and apply to the start
+# of the failover a delay proportional to their rank.
+#
+# 2) Every single slave computes the time of the last interaction with
+# its master. This can be the last ping or command received (if the master
+# is still in the "connected" state), or the time that elapsed since the
+# disconnection with the master (if the replication link is currently down).
+# If the last interaction is too old, the slave will not try to failover
+# at all.
+#
+# The point "2" can be tuned by user. Specifically a slave will not perform
+# the failover if, since the last interaction with the master, the time
+# elapsed is greater than:
+#
+# (node-timeout * slave-validity-factor) + repl-ping-slave-period
+#
+# So for example if node-timeout is 30 seconds, and the slave-validity-factor
+# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the
+# slave will not try to failover if it was not able to talk with the master
+# for longer than 310 seconds.
+#
+# A large slave-validity-factor may allow slaves with too old data to failover
+# a master, while a too small value may prevent the cluster from being able to
+# elect a slave at all.
+#
+# For maximum availability, it is possible to set the slave-validity-factor
+# to a value of 0, which means, that slaves will always try to failover the
+# master regardless of the last time they interacted with the master.
+# (However they'll always try to apply a delay proportional to their
+# offset rank).
+#
+# Zero is the only value able to guarantee that when all the partitions heal
+# the cluster will always be able to continue.
+#
+# cluster-slave-validity-factor 10
+
+# Cluster slaves are able to migrate to orphaned masters, that are masters
+# that are left without working slaves. This improves the cluster ability
+# to resist to failures as otherwise an orphaned master can't be failed over
+# in case of failure if it has no working slaves.
+#
+# Slaves migrate to orphaned masters only if there are still at least a
+# given number of other working slaves for their old master. This number
+# is the "migration barrier". A migration barrier of 1 means that a slave
+# will migrate only if there is at least 1 other working slave for its master
+# and so forth. It usually reflects the number of slaves you want for every
+# master in your cluster.
+#
+# Default is 1 (slaves migrate only if their masters remain with at least
+# one slave). To disable migration just set it to a very large value.
+# A value of 0 can be set but is useful only for debugging and dangerous
+# in production.
+#
+# cluster-migration-barrier 1
+
+# By default Redis Cluster nodes stop accepting queries if they detect there
+# is at least an hash slot uncovered (no available node is serving it).
+# This way if the cluster is partially down (for example a range of hash slots
+# are no longer covered) all the cluster becomes, eventually, unavailable.
+# It automatically returns available as soon as all the slots are covered again.
+#
+# However sometimes you want the subset of the cluster which is working,
+# to continue to accept queries for the part of the key space that is still
+# covered. In order to do so, just set the cluster-require-full-coverage
+# option to no.
+#
+# cluster-require-full-coverage yes
+
+# In order to setup your cluster make sure to read the documentation
+# available at http://redis.io web site.
+
+################################## SLOW LOG ###################################
+
+# The Redis Slow Log is a system to log queries that exceeded a specified
+# execution time. The execution time does not include the I/O operations
+# like talking with the client, sending the reply and so forth,
+# but just the time needed to actually execute the command (this is the only
+# stage of command execution where the thread is blocked and can not serve
+# other requests in the meantime).
+#
+# You can configure the slow log with two parameters: one tells Redis
+# what is the execution time, in microseconds, to exceed in order for the
+# command to get logged, and the other parameter is the length of the
+# slow log. When a new command is logged the oldest one is removed from the
+# queue of logged commands.
+
+# The following time is expressed in microseconds, so 1000000 is equivalent
+# to one second. Note that a negative number disables the slow log, while
+# a value of zero forces the logging of every command.
+slowlog-log-slower-than 10000
+
+# There is no limit to this length. Just be aware that it will consume memory.
+# You can reclaim memory used by the slow log with SLOWLOG RESET.
+slowlog-max-len 128
+
+################################ LATENCY MONITOR ##############################
+
+# The Redis latency monitoring subsystem samples different operations
+# at runtime in order to collect data related to possible sources of
+# latency of a Redis instance.
+#
+# Via the LATENCY command this information is available to the user that can
+# print graphs and obtain reports.
+#
+# The system only logs operations that were performed in a time equal or
+# greater than the amount of milliseconds specified via the
+# latency-monitor-threshold configuration directive. When its value is set
+# to zero, the latency monitor is turned off.
+#
+# By default latency monitoring is disabled since it is mostly not needed
+# if you don't have latency issues, and collecting data has a performance
+# impact, that while very small, can be measured under big load. Latency
+# monitoring can easily be enabled at runtime using the command
+# "CONFIG SET latency-monitor-threshold " if needed.
+latency-monitor-threshold 0
+
+############################# EVENT NOTIFICATION ##############################
+
+# Redis can notify Pub/Sub clients about events happening in the key space.
+# This feature is documented at http://redis.io/topics/notifications
+#
+# For instance if keyspace events notification is enabled, and a client
+# performs a DEL operation on key "foo" stored in the Database 0, two
+# messages will be published via Pub/Sub:
+#
+# PUBLISH __keyspace@0__:foo del
+# PUBLISH __keyevent@0__:del foo
+#
+# It is possible to select the events that Redis will notify among a set
+# of classes. Every class is identified by a single character:
+#
+# K Keyspace events, published with __keyspace@__ prefix.
+# E Keyevent events, published with __keyevent@__ prefix.
+# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
+# $ String commands
+# l List commands
+# s Set commands
+# h Hash commands
+# z Sorted set commands
+# x Expired events (events generated every time a key expires)
+# e Evicted events (events generated when a key is evicted for maxmemory)
+# A Alias for g$lshzxe, so that the "AKE" string means all the events.
+#
+# The "notify-keyspace-events" takes as argument a string that is composed
+# of zero or multiple characters. The empty string means that notifications
+# are disabled.
+#
+# Example: to enable list and generic events, from the point of view of the
+# event name, use:
+#
+# notify-keyspace-events Elg
+#
+# Example 2: to get the stream of the expired keys subscribing to channel
+# name __keyevent@0__:expired use:
+#
+# notify-keyspace-events Ex
+#
+# By default all notifications are disabled because most users don't need
+# this feature and the feature has some overhead. Note that if you don't
+# specify at least one of K or E, no events will be delivered.
+notify-keyspace-events ""
+
+############################### ADVANCED CONFIG ###############################
+
+# Hashes are encoded using a memory efficient data structure when they have a
+# small number of entries, and the biggest entry does not exceed a given
+# threshold. These thresholds can be configured using the following directives.
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+
+# Lists are also encoded in a special way to save a lot of space.
+# The number of entries allowed per internal list node can be specified
+# as a fixed maximum size or a maximum number of elements.
+# For a fixed maximum size, use -5 through -1, meaning:
+# -5: max size: 64 Kb <-- not recommended for normal workloads
+# -4: max size: 32 Kb <-- not recommended
+# -3: max size: 16 Kb <-- probably not recommended
+# -2: max size: 8 Kb <-- good
+# -1: max size: 4 Kb <-- good
+# Positive numbers mean store up to _exactly_ that number of elements
+# per list node.
+# The highest performing option is usually -2 (8 Kb size) or -1 (4 Kb size),
+# but if your use case is unique, adjust the settings as necessary.
+list-max-ziplist-size -2
+
+# Lists may also be compressed.
+# Compress depth is the number of quicklist ziplist nodes from *each* side of
+# the list to *exclude* from compression. The head and tail of the list
+# are always uncompressed for fast push/pop operations. Settings are:
+# 0: disable all list compression
+# 1: depth 1 means "don't start compressing until after 1 node into the list,
+# going from either the head or tail"
+# So: [head]->node->node->...->node->[tail]
+# [head], [tail] will always be uncompressed; inner nodes will compress.
+# 2: [head]->[next]->node->node->...->node->[prev]->[tail]
+# 2 here means: don't compress head or head->next or tail->prev or tail,
+# but compress all nodes between them.
+# 3: [head]->[next]->[next]->node->node->...->node->[prev]->[prev]->[tail]
+# etc.
+list-compress-depth 0
+
+# Sets have a special encoding in just one case: when a set is composed
+# of just strings that happen to be integers in radix 10 in the range
+# of 64 bit signed integers.
+# The following configuration setting sets the limit in the size of the
+# set in order to use this special memory saving encoding.
+set-max-intset-entries 512
+
+# Similarly to hashes and lists, sorted sets are also specially encoded in
+# order to save a lot of space. This encoding is only used when the length and
+# elements of a sorted set are below the following limits:
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+
+# HyperLogLog sparse representation bytes limit. The limit includes the
+# 16 bytes header. When an HyperLogLog using the sparse representation crosses
+# this limit, it is converted into the dense representation.
+#
+# A value greater than 16000 is totally useless, since at that point the
+# dense representation is more memory efficient.
+#
+# The suggested value is ~ 3000 in order to have the benefits of
+# the space efficient encoding without slowing down too much PFADD,
+# which is O(N) with the sparse encoding. The value can be raised to
+# ~ 10000 when CPU is not a concern, but space is, and the data set is
+# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
+hll-sparse-max-bytes 3000
+
+# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
+# order to help rehashing the main Redis hash table (the one mapping top-level
+# keys to values). The hash table implementation Redis uses (see dict.c)
+# performs a lazy rehashing: the more operation you run into a hash table
+# that is rehashing, the more rehashing "steps" are performed, so if the
+# server is idle the rehashing is never complete and some more memory is used
+# by the hash table.
+#
+# The default is to use this millisecond 10 times every second in order to
+# actively rehash the main dictionaries, freeing memory when possible.
+#
+# If unsure:
+# use "activerehashing no" if you have hard latency requirements and it is
+# not a good thing in your environment that Redis can reply from time to time
+# to queries with 2 milliseconds delay.
+#
+# use "activerehashing yes" if you don't have such hard requirements but
+# want to free memory asap when possible.
+activerehashing yes
+
+# The client output buffer limits can be used to force disconnection of clients
+# that are not reading data from the server fast enough for some reason (a
+# common reason is that a Pub/Sub client can't consume messages as fast as the
+# publisher can produce them).
+#
+# The limit can be set differently for the three different classes of clients:
+#
+# normal -> normal clients including MONITOR clients
+# slave -> slave clients
+# pubsub -> clients subscribed to at least one pubsub channel or pattern
+#
+# The syntax of every client-output-buffer-limit directive is the following:
+#
+# client-output-buffer-limit
+#
+# A client is immediately disconnected once the hard limit is reached, or if
+# the soft limit is reached and remains reached for the specified number of
+# seconds (continuously).
+# So for instance if the hard limit is 32 megabytes and the soft limit is
+# 16 megabytes / 10 seconds, the client will get disconnected immediately
+# if the size of the output buffers reach 32 megabytes, but will also get
+# disconnected if the client reaches 16 megabytes and continuously overcomes
+# the limit for 10 seconds.
+#
+# By default normal clients are not limited because they don't receive data
+# without asking (in a push way), but just after a request, so only
+# asynchronous clients may create a scenario where data is requested faster
+# than it can read.
+#
+# Instead there is a default limit for pubsub and slave clients, since
+# subscribers and slaves receive data in a push fashion.
+#
+# Both the hard or the soft limit can be disabled by setting them to zero.
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+
+# Redis calls an internal function to perform many background tasks, like
+# closing connections of clients in timeout, purging expired keys that are
+# never requested, and so forth.
+#
+# Not all tasks are performed with the same frequency, but Redis checks for
+# tasks to perform according to the specified "hz" value.
+#
+# By default "hz" is set to 10. Raising the value will use more CPU when
+# Redis is idle, but at the same time will make Redis more responsive when
+# there are many keys expiring at the same time, and timeouts may be
+# handled with more precision.
+#
+# The range is between 1 and 500, however a value over 100 is usually not
+# a good idea. Most users should use the default of 10 and raise this up to
+# 100 only in environments where very low latency is required.
+hz 10
+
+# When a child rewrites the AOF file, if the following option is enabled
+# the file will be fsync-ed every 32 MB of data generated. This is useful
+# in order to commit the file to the disk more incrementally and avoid
+# big latency spikes.
+aof-rewrite-incremental-fsync yes
diff --git a/build/install/snap/src/redis/utilities/redis-utilities b/build/install/snap/src/redis/utilities/redis-utilities
new file mode 100755
index 0000000000..09645429aa
--- /dev/null
+++ b/build/install/snap/src/redis/utilities/redis-utilities
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+export REDIS_PIDFILE="/tmp/pids/redis.pid"
+export REDIS_SOCKET="/tmp/sockets/redis.sock"
+
+mkdir -p "$(dirname "$REDIS_PIDFILE")"
+mkdir -p "$(dirname "$REDIS_SOCKET")"
+chmod 750 "$(dirname "$REDIS_PIDFILE")"
+chmod 750 "$(dirname "$REDIS_SOCKET")"
+
+redis_is_running()
+{
+ [ -f "$REDIS_PIDFILE" ] && [ -S "$REDIS_SOCKET" ]
+}
+
+wait_for_redis()
+{
+ if ! redis_is_running; then
+ printf "Waiting for redis... "
+ while ! redis_is_running; do
+ sleep 1
+ done
+ printf "done\n"
+ fi
+}
+
+redis_pid()
+{
+ if redis_is_running; then
+ cat "$REDIS_PIDFILE"
+ else
+ echo "Unable to get redis PID as it's not yet running" >&2
+ echo ""
+ fi
+}
From d54ba9f9d39e29c513078d2f8c04d62a35eafbb9 Mon Sep 17 00:00:00 2001
From: NikolayRechkin
Date: Thu, 5 Sep 2019 09:23:05 +0300
Subject: [PATCH 07/37] web: components: first version of the avatar editor
---
web/ASC.Web.Components/package.json | 1 +
.../src/components/avatar-editor/index.js | 218 ++++++++++++++++++
.../src/components/avatar/index.js | 2 +-
web/ASC.Web.Components/src/index.js | 1 +
web/ASC.Web.Components/yarn.lock | 12 +
.../stories/avatar-editor/README.md | 34 +++
.../stories/avatar-editor/index.stories.js | 72 ++++++
7 files changed, 339 insertions(+), 1 deletion(-)
create mode 100644 web/ASC.Web.Components/src/components/avatar-editor/index.js
create mode 100644 web/ASC.Web.Storybook/stories/avatar-editor/README.md
create mode 100644 web/ASC.Web.Storybook/stories/avatar-editor/index.stories.js
diff --git a/web/ASC.Web.Components/package.json b/web/ASC.Web.Components/package.json
index f666302a47..791343b521 100644
--- a/web/ASC.Web.Components/package.json
+++ b/web/ASC.Web.Components/package.json
@@ -33,6 +33,7 @@
"prop-types": "^15.7.2",
"rc-tree": "^2.1.2",
"react-autosize-textarea": "^7.0.0",
+ "react-avatar-edit": "^0.8.3",
"react-custom-scrollbars": "^4.2.1",
"react-datepicker": "^2.8.0",
"react-lifecycles-compat": "^3.0.4",
diff --git a/web/ASC.Web.Components/src/components/avatar-editor/index.js b/web/ASC.Web.Components/src/components/avatar-editor/index.js
new file mode 100644
index 0000000000..d5707524b7
--- /dev/null
+++ b/web/ASC.Web.Components/src/components/avatar-editor/index.js
@@ -0,0 +1,218 @@
+import React, { memo } from 'react'
+import styled, { css } from 'styled-components'
+import PropTypes from 'prop-types'
+import ModalDialog from '../modal-dialog'
+import Button from '../button'
+import { Text } from '../text'
+import Avatar from 'react-avatar-edit'
+import { default as ASCAvatar } from '../avatar/index'
+
+const StyledASCAvatar = styled(ASCAvatar)`
+ display: inline-block;
+ vertical-align: bottom;
+`;
+const StyledAvatarContainer = styled.div`
+ text-align: center;
+ div:first-child {
+ margin: 0 auto;
+ }
+`;
+class AvatarEditorBody extends React.Component {
+
+ constructor(props) {
+ super(props);
+ this.state = {
+ croppedImage: null,
+ src: this.props.image,
+ hasMaxSizeError: false
+ }
+ this.onCrop = this.onCrop.bind(this)
+ this.onClose = this.onClose.bind(this)
+ this.onBeforeFileLoad = this.onBeforeFileLoad.bind(this)
+ this.onFileLoad = this.onFileLoad.bind(this)
+
+ }
+ onClose() {
+ this.props.onCloseEditor();
+ this.setState({ croppedImage: null })
+ }
+ onCrop(croppedImage) {
+ this.props.onCropImage(croppedImage);
+ this.setState({ croppedImage })
+ }
+ onBeforeFileLoad(elem) {
+ if (elem.target.files[0].size > this.props.maxSize * 1000000) {
+ this.setState({
+ hasMaxSizeError: true
+ });
+ elem.target.value = "";
+ }else if(this.state.hasMaxSizeError){
+ this.setState({
+ hasMaxSizeError: false
+ });
+ };
+ }
+ onFileLoad(file){
+ let reader = new FileReader();
+ let _this = this;
+ reader.onloadend = () => {
+ _this.props.onFileLoad(reader.result);
+ };
+ reader.readAsDataURL(file)
+ }
+ render() {
+ return (
+
+
+ {this.state.croppedImage && (
+