Merge hotfix/v2.0.1 into master
This commit is contained in:
commit
7a77b35abc
146
.github/workflows/ci-oci-install.yml
vendored
Normal file
146
.github/workflows/ci-oci-install.yml
vendored
Normal file
@ -0,0 +1,146 @@
|
||||
name: Install OneClickInstall DocSpace
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, reopened, synchronize]
|
||||
paths:
|
||||
- 'install/OneClickInstall/**'
|
||||
|
||||
schedule:
|
||||
- cron: '00 20 * * 6' # At 23:00 on Saturday.
|
||||
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
centos7:
|
||||
type: boolean
|
||||
description: 'CentOS 7'
|
||||
default: true
|
||||
centos8s:
|
||||
type: boolean
|
||||
description: 'CentOS 8 Stream'
|
||||
default: true
|
||||
centos9s:
|
||||
type: boolean
|
||||
description: 'CentOS 9 Stream'
|
||||
default: true
|
||||
debian10:
|
||||
type: boolean
|
||||
description: 'Debian 10'
|
||||
default: true
|
||||
debian11:
|
||||
type: boolean
|
||||
description: 'Debian 11'
|
||||
default: true
|
||||
debian12:
|
||||
type: boolean
|
||||
description: 'Debian 12'
|
||||
default: true
|
||||
ubuntu1804:
|
||||
type: boolean
|
||||
description: 'Ubuntu 18.04'
|
||||
default: true
|
||||
ubuntu2004:
|
||||
type: boolean
|
||||
description: 'Ubuntu 20.04'
|
||||
default: true
|
||||
ubuntu2204:
|
||||
type: boolean
|
||||
description: 'Ubuntu 22.04'
|
||||
default: true
|
||||
|
||||
jobs:
|
||||
prepare:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
matrix: ${{ steps.set-matrix.outputs.matrix }}
|
||||
steps:
|
||||
|
||||
- name: Set matrix names
|
||||
id: set-matrix
|
||||
run: |
|
||||
matrix=$(echo '{
|
||||
"include": [
|
||||
{"execute": '${{ github.event.inputs.centos7 || true }}', "name": "CentOS7", "os": "centos7", "distr": "generic"},
|
||||
{"execute": '${{ github.event.inputs.centos8s || true }}', "name": "CentOS8S", "os": "centos8s", "distr": "generic"},
|
||||
{"execute": '${{ github.event.inputs.centos9s || true }}', "name": "CentOS9S", "os": "centos9s", "distr": "generic"},
|
||||
{"execute": '${{ github.event.inputs.debian10 || true }}', "name": "Debian10", "os": "debian10", "distr": "generic"},
|
||||
{"execute": '${{ github.event.inputs.debian11 || true }}', "name": "Debian11", "os": "debian11", "distr": "generic"},
|
||||
{"execute": '${{ github.event.inputs.debian12 || true }}', "name": "Debian12", "os": "debian12", "distr": "generic"},
|
||||
{"execute": '${{ github.event.inputs.ubuntu1804 || true }}', "name": "Ubuntu18.04", "os": "ubuntu1804", "distr": "generic"},
|
||||
{"execute": '${{ github.event.inputs.ubuntu2004 || true }}', "name": "Ubuntu20.04", "os": "ubuntu2004", "distr": "generic"},
|
||||
{"execute": '${{ github.event.inputs.ubuntu2204 || true }}', "name": "Ubuntu22.04", "os": "ubuntu2204", "distr": "generic"}
|
||||
]
|
||||
}' | jq -c '{include: [.include[] | select(.execute == true)]}')
|
||||
echo "matrix=${matrix}" >> $GITHUB_OUTPUT
|
||||
|
||||
vagrant-up:
|
||||
name: "Test DocSpace with ${{ matrix.name}}"
|
||||
runs-on: ubuntu-22.04
|
||||
needs: prepare
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix: ${{fromJSON(needs.prepare.outputs.matrix)}}
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Set up Python 3.
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Get update and install vagrant
|
||||
run: |
|
||||
set -eux
|
||||
sudo apt update -y
|
||||
sudo apt install vagrant virtualbox -y
|
||||
|
||||
- name: "Test production scripts with ${{matrix.name}}"
|
||||
if: ${{ github.event_name == 'schedule' }}
|
||||
uses: nick-fields/retry@v2
|
||||
with:
|
||||
max_attempts: 2
|
||||
timeout_minutes: 40
|
||||
retry_on: error
|
||||
command: |
|
||||
set -eux
|
||||
cd tests/vagrant
|
||||
TEST_CASE='--production-install' \
|
||||
DISTR='${{ matrix.distr }}' \
|
||||
OS='${{ matrix.os }}' \
|
||||
DOWNLOAD_SCRIPT='-ds true' \
|
||||
RAM='5100' \
|
||||
CPU='3' \
|
||||
ARGUMENTS="-arg '--skiphardwarecheck true --makeswap false'" \
|
||||
vagrant up
|
||||
on_retry_command: |
|
||||
echo "RUN CLEAN UP: Destroy vagrant and one more try"
|
||||
cd tests/vagrant
|
||||
sleep 10
|
||||
vagrant destroy --force
|
||||
|
||||
- name: "Test Local scripts with ${{matrix.name}}"
|
||||
if: ${{ github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' }}
|
||||
uses: nick-fields/retry@v2
|
||||
with:
|
||||
max_attempts: 2
|
||||
timeout_minutes: 40
|
||||
retry_on: error
|
||||
command: |
|
||||
set -eux
|
||||
cd tests/vagrant
|
||||
TEST_CASE='--local-install' \
|
||||
DISTR='${{ matrix.distr }}' \
|
||||
OS='${{matrix.os}}' \
|
||||
RAM='5100' \
|
||||
CPU='3' \
|
||||
DOWNLOAD_SCRIPT='-ds false' \
|
||||
TEST_REPO='-tr true' \
|
||||
ARGUMENTS="-arg '--skiphardwarecheck true --makeswap false --localscripts true'" \
|
||||
vagrant up
|
||||
on_retry_command: |
|
||||
echo "RUN CLEAN UP: Destroy vagrant and one more try"
|
||||
cd tests/vagrant
|
||||
sleep 10
|
||||
vagrant destroy --force
|
@ -374,7 +374,7 @@
|
||||
"url": "/socket.io",
|
||||
"internal": "http://localhost:9899/"
|
||||
},
|
||||
"cultures": "az,cs,el-GR,es,fr,hy-AM,ja-JP,lo-LA,nl,pt,ro,sk,tr,vi,bg,de,en-US,en-GB,fi,it,ko-KR,lv,pl,pt-BR,ru,sl,uk-UA,ar-SA,zh-CN",
|
||||
"cultures": "az,bg,cs,de,el-GR,en-GB,en-US,es,fi,fr,hy-AM,it,lv,nl,pl,pt,pt-BR,ro,ru,sk,sl,vi,tr,uk-UA,ar-SA,lo-LA,ja-JP,zh-CN,ko-KR",
|
||||
"controlpanel": {
|
||||
"url": ""
|
||||
},
|
||||
@ -383,6 +383,7 @@
|
||||
"teamlab-site": "http://www.onlyoffice.com",
|
||||
"help-center": "https://helpcenter.onlyoffice.com/{ru|de|fr|es|it}",
|
||||
"api-docs": "https://api.onlyoffice.com",
|
||||
"user-forum": "https://forum.onlyoffice.com/",
|
||||
"book-training-email": "training@onlyoffice.com",
|
||||
"documentation-email": "documentation@onlyoffice.com",
|
||||
"max-upload-size": 5242880,
|
||||
@ -525,7 +526,7 @@
|
||||
"media": ["*.zdassets.com"]
|
||||
},
|
||||
"firebase": {
|
||||
"script": ["*.googleapis.com"],
|
||||
"script": ["*.googleapis.com", "*.firebaseio.com"],
|
||||
"frame": ["personal-teamlab-guru.firebaseapp.com"],
|
||||
"connect": ["personal-teamlab-guru.firebaseapp.com", "*.googleapis.com"]
|
||||
},
|
||||
@ -553,9 +554,10 @@
|
||||
},
|
||||
"plugins": {
|
||||
"enabled": "true",
|
||||
"upload": "true",
|
||||
"delete": "true",
|
||||
"extension": ".zip",
|
||||
"maxSize": 5242880,
|
||||
"allow": ["upload", "delete"],
|
||||
"assetExtensions": [".jpg", ".jpeg", ".png", ".svg"]
|
||||
},
|
||||
"aws": {
|
||||
@ -572,5 +574,21 @@
|
||||
"region": "us-east-1",
|
||||
"tableName": ""
|
||||
}
|
||||
},
|
||||
"webhooks": {
|
||||
"blacklist": [
|
||||
"0.0.0.0/8",
|
||||
"10.0.0.0/8",
|
||||
"100.64.0.0/10",
|
||||
"127.0.0.0/8",
|
||||
"169.254.0.0/16",
|
||||
"172.16.0.0/12",
|
||||
"192.168.0.0/16",
|
||||
"::/128",
|
||||
"::1/128",
|
||||
"fc00::/8",
|
||||
"fd00::/8",
|
||||
"fe80::/64"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
@ -45,10 +45,15 @@ map $request_uri $header_x_frame_options {
|
||||
map $request_uri $cache_control {
|
||||
default "no-cache, no-store, no-transform";
|
||||
~*\/(filehandler\.ashx\?action=(thumb|preview))|\/(storage\/room_logos\/root\/|storage\/userPhotos\/root\/) "must-revalidate, no-transform, immutable, max-age=31536000";
|
||||
~*\/(api\/2\.0.*|storage|login\.ashx|filehandler\.ashx|ChunkedUploader.ashx|ThirdPartyAppHandler|apisystem|sh|remoteEntry\.js|debuginfo\.md|static\/scripts\/api\.poly\.js) "no-cache, no-store, no-transform";
|
||||
~*\/(api\/2\.0.*|storage|login\.ashx|filehandler\.ashx|ChunkedUploader.ashx|ThirdPartyAppHandler|apisystem|sh|remoteEntry\.js|debuginfo\.md|static\/scripts\/api\.js|static\/scripts\/api\.poly\.js) "no-cache, no-store, no-transform";
|
||||
~*\/(images|favicon.ico.*)|\.(js|woff|woff2|css)|(locales.*\.json) "must-revalidate, no-transform, immutable, max-age=31536000";
|
||||
}
|
||||
|
||||
map $request_uri $content_security_policy {
|
||||
"" "";
|
||||
~*\/(ds-vpath)\/ "default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; img-src * data:; style-src * 'unsafe-inline' data:; font-src * data:; frame-src * ascdesktop:; object-src; connect-src * ascdesktop:;";
|
||||
}
|
||||
|
||||
include /etc/nginx/includes/onlyoffice-*.conf;
|
||||
|
||||
server_names_hash_bucket_size 128;
|
||||
@ -95,7 +100,7 @@ server {
|
||||
set $csp "";
|
||||
access_by_lua '
|
||||
local accept_header = ngx.req.get_headers()["Accept"]
|
||||
if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") then
|
||||
if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath") then
|
||||
local key = string.format("csp:%s",ngx.var.host)
|
||||
local redis = require "resty.redis"
|
||||
local red = redis:new()
|
||||
@ -146,6 +151,7 @@ server {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host/ds-vpath;
|
||||
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
|
||||
add_header Content-Security-Policy $content_security_policy;
|
||||
|
||||
}
|
||||
|
||||
|
@ -24,6 +24,7 @@
|
||||
"data": "e67be73d-f9ae-4ce1-8fec-1880cb518cb4",
|
||||
"type": "disc",
|
||||
"path": "$STORAGE_ROOT\\Products\\Files",
|
||||
"validatorType":"ASC.Files.Core.Security.FileValidator, ASC.Files.Core",
|
||||
"expires": "0:16:0",
|
||||
"domain": [
|
||||
{
|
||||
|
@ -113,8 +113,8 @@ if [ -z "${SKIP_HARDWARE_CHECK}" ]; then
|
||||
SKIP_HARDWARE_CHECK="false";
|
||||
fi
|
||||
|
||||
apt-get update -y --allow-releaseinfo-change;
|
||||
if [ $(dpkg-query -W -f='${Status}' curl 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
|
||||
apt-get update;
|
||||
apt-get install -yq curl;
|
||||
fi
|
||||
|
||||
|
@ -40,9 +40,7 @@ chmod 644 /usr/share/keyrings/elastic-${ELASTIC_DIST}.x.gpg
|
||||
|
||||
# add nodejs repo
|
||||
[[ "$DISTRIB_CODENAME" =~ ^(bionic|stretch)$ ]] && NODE_VERSION="16" || NODE_VERSION="18"
|
||||
echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_VERSION.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
|
||||
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/nodesource.gpg --import
|
||||
chmod 644 /usr/share/keyrings/nodesource.gpg
|
||||
curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash -
|
||||
|
||||
#add dotnet repo
|
||||
if [ "$DIST" = "debian" ] && [ "$DISTRIB_CODENAME" = "stretch" ]; then
|
||||
|
@ -59,16 +59,15 @@ curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/sc
|
||||
curl -s https://packagecloud.io/install/repositories/rabbitmq/erlang/script.rpm.sh | os=centos dist=$REV bash
|
||||
|
||||
#add nodejs repo
|
||||
[ "$REV" = "8" ] && NODEJS_OPTION="--setopt=nodesource-nodejs.module_hotfixes=1"
|
||||
[ "$REV" = "7" ] && NODE_VERSION="16" || NODE_VERSION="18"
|
||||
yum install -y https://rpm.nodesource.com/pub_${NODE_VERSION}.x/nodistro/repo/nodesource-release-nodistro-1.noarch.rpm || true
|
||||
curl -fsSL https://rpm.nodesource.com/setup_${NODE_VERSION}.x | sed '/update -y/d' | bash - || true
|
||||
|
||||
#add dotnet repo
|
||||
[ $REV = "7" ] && rpm -Uvh https://packages.microsoft.com/config/centos/$REV/packages-microsoft-prod.rpm || true
|
||||
|
||||
#add mysql repo
|
||||
[ "$REV" != "7" ] && dnf remove -y @mysql && dnf module -y reset mysql && dnf module -y disable mysql
|
||||
MYSQL_REPO_VERSION="$(curl https://repo.mysql.com | grep -oP "mysql80-community-release-el${REV}-\K.*" | grep -o '^[^.]*' | sort | tail -n1)"
|
||||
MYSQL_REPO_VERSION="$(curl https://repo.mysql.com | grep -oP "mysql80-community-release-el${REV}-\K.*" | grep -o '^[^.]*' | sort -n | tail -n1)"
|
||||
yum localinstall -y https://repo.mysql.com/mysql80-community-release-el${REV}-${MYSQL_REPO_VERSION}.noarch.rpm || true
|
||||
|
||||
if ! rpm -q mysql-community-server; then
|
||||
|
@ -651,17 +651,21 @@ change_elasticsearch_config(){
|
||||
local MEMORY_REQUIREMENTS=12228; #RAM ~4*3Gb
|
||||
|
||||
if [ ${TOTAL_MEMORY} -gt ${MEMORY_REQUIREMENTS} ]; then
|
||||
if ! grep -q "[-]Xms1g" ${ELASTIC_SEARCH_JAVA_CONF_PATH}; then
|
||||
echo "-Xms4g" >> ${ELASTIC_SEARCH_JAVA_CONF_PATH}
|
||||
else
|
||||
sed -i "s/-Xms1g/-Xms4g/" ${ELASTIC_SEARCH_JAVA_CONF_PATH}
|
||||
fi
|
||||
ELASTICSEATCH_MEMORY="4g"
|
||||
else
|
||||
ELASTICSEATCH_MEMORY="1g"
|
||||
fi
|
||||
|
||||
if ! grep -q "[-]Xmx1g" ${ELASTIC_SEARCH_JAVA_CONF_PATH}; then
|
||||
echo "-Xmx4g" >> ${ELASTIC_SEARCH_JAVA_CONF_PATH}
|
||||
else
|
||||
sed -i "s/-Xmx1g/-Xmx4g/" ${ELASTIC_SEARCH_JAVA_CONF_PATH}
|
||||
fi
|
||||
if grep -qE "^[^#]*-Xms[0-9]g" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"; then
|
||||
sed -i "s/-Xms[0-9]g/-Xms${ELASTICSEATCH_MEMORY}/" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"
|
||||
else
|
||||
echo "-Xms${ELASTICSEATCH_MEMORY}" >> "${ELASTIC_SEARCH_JAVA_CONF_PATH}"
|
||||
fi
|
||||
|
||||
if grep -qE "^[^#]*-Xmx[0-9]g" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"; then
|
||||
sed -i "s/-Xmx[0-9]g/-Xmx${ELASTICSEATCH_MEMORY}/" "${ELASTIC_SEARCH_JAVA_CONF_PATH}"
|
||||
else
|
||||
echo "-Xmx${ELASTICSEATCH_MEMORY}" >> "${ELASTIC_SEARCH_JAVA_CONF_PATH}"
|
||||
fi
|
||||
|
||||
if [ -d /etc/elasticsearch/ ]; then
|
||||
|
@ -9,79 +9,12 @@ OPENRESTY="/etc/openresty/conf.d"
|
||||
DHPARAM_FILE="/etc/ssl/certs/dhparam.pem"
|
||||
WEBROOT_PATH="/var/www/${PRODUCT}"
|
||||
|
||||
if [ "$#" -ge "2" ]; then
|
||||
if [ "$1" != "-f" ]; then
|
||||
MAIL=$1
|
||||
DOMAIN=$2
|
||||
LETSENCRYPT_ENABLE="true"
|
||||
# Check if configuration files are present
|
||||
if [ ! -f "${OPENRESTY}/onlyoffice-proxy-ssl.conf.template" -a ! -f "${OPENRESTY}/onlyoffice-proxy.conf.template" ]; then
|
||||
echo "Error: proxy configuration file not found." && exit 1
|
||||
fi
|
||||
|
||||
# Install certbot if not already installed
|
||||
if ! type "certbot" &> /dev/null; then
|
||||
if type "apt-get" &> /dev/null; then
|
||||
apt-get -y update -qq
|
||||
apt-get -y -q install certbot
|
||||
elif type "yum" &> /dev/null; then
|
||||
yum -y install certbot
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Generating Let's Encrypt SSL Certificates..."
|
||||
|
||||
# Request and generate Let's Encrypt SSL certificate
|
||||
echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAIN} > /var/log/le-start.log
|
||||
certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAIN} > /var/log/le-new.log
|
||||
else
|
||||
echo "Using specified files to configure SSL..."
|
||||
|
||||
DOMAIN=$2
|
||||
CERTIFICATE_FILE=$3
|
||||
PRIVATEKEY_FILE=$4
|
||||
fi
|
||||
|
||||
[[ ! -f "${DHPARAM_FILE}" ]] && openssl dhparam -out ${DHPARAM_FILE} 2048
|
||||
|
||||
CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${PRODUCT}/fullchain.pem"}"
|
||||
PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}"
|
||||
|
||||
if [ -f "${CERTIFICATE_FILE}" -a -f ${PRIVATEKEY_FILE} ]; then
|
||||
if [ -f "${OPENRESTY}/onlyoffice-proxy-ssl.conf.template" ]; then
|
||||
cp -f ${OPENRESTY}/onlyoffice-proxy-ssl.conf.template ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
|
||||
PACKAGE_FILE_CHECKER=$(command -v dpkg-query &> /dev/null && echo "dpkg-query -L" || echo "rpm -ql")
|
||||
ENVIRONMENT=$(grep -oP 'ENVIRONMENT=\K.*' $(dirname $(${PACKAGE_FILE_CHECKER} ${PRODUCT}-api | grep systemd/system/))/${PRODUCT}-api.service)
|
||||
sed -i "s/\(\"portal\":\).*/\1 \"https:\/\/${DOMAIN}\"/" /etc/onlyoffice/docspace/appsettings.$ENVIRONMENT.json
|
||||
sed -i "s~\(ssl_certificate \).*;~\1${CERTIFICATE_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
sed -i "s~\(ssl_certificate_key \).*;~\1${PRIVATEKEY_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
sed -i "s~\(ssl_dhparam \).*;~\1${DHPARAM_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
|
||||
if [[ "${LETSENCRYPT_ENABLE}" = "true" ]]; then
|
||||
# Create and set permissions for ${PRODUCT}-renew-letsencrypt
|
||||
echo '#!/bin/bash' > ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo "certbot renew >> /var/log/le-renew.log" >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
if [ $(pgrep -x ""systemd"" | wc -l) -gt 0 ]; then
|
||||
echo 'systemctl reload openresty' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
else
|
||||
echo 'service openresty reload' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
fi
|
||||
|
||||
chmod a+x ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
|
||||
# Add cron job if /etc/cron.d directory exists
|
||||
if [ -d /etc/cron.d ]; then
|
||||
echo -e "@weekly root ${DIR}/${PRODUCT}-renew-letsencrypt" | tee /etc/cron.d/${PRODUCT}-letsencrypt
|
||||
fi
|
||||
fi
|
||||
|
||||
[ $(pgrep -x ""systemd"" | wc -l) -gt 0 ] && systemctl reload openresty || service openresty reload
|
||||
|
||||
echo "OK"
|
||||
else
|
||||
echo "Error: proxy configuration file not found." && exit 1
|
||||
fi
|
||||
else
|
||||
echo "Error: certificate or private key file not found." && exit 1
|
||||
fi
|
||||
else
|
||||
help(){
|
||||
echo ""
|
||||
echo "This script provided to automatically setup SSL Certificates for DocSpace"
|
||||
echo "Automatically get Let's Encrypt SSL Certificates:"
|
||||
@ -91,10 +24,108 @@ else
|
||||
echo " u1@example.com,u2@example.com."
|
||||
echo " DOMAIN Domain name to apply"
|
||||
echo ""
|
||||
echo "Using your own certificates via the -f parameter:"
|
||||
echo " docspace-ssl-setup -f DOMAIN CERTIFICATE PRIVATEKEY"
|
||||
echo "Using your own certificates via the -f or --file parameter:"
|
||||
echo " docspace-ssl-setup --file DOMAIN CERTIFICATE PRIVATEKEY"
|
||||
echo " DOMAIN Domain name to apply."
|
||||
echo " CERTIFICATE Path to the certificate file for the domain."
|
||||
echo " PRIVATEKEY Path to the private key file for the certificate."
|
||||
echo ""
|
||||
echo "Return to the default proxy configuration using the -d or --default parameter:"
|
||||
echo " docspace-ssl-setup --default"
|
||||
echo ""
|
||||
exit 0
|
||||
}
|
||||
|
||||
case $1 in
|
||||
-f | --file )
|
||||
if [ -n "$2" ] && [ -n "$3" ] && [ -n "$4" ]; then
|
||||
echo "Using specified files to configure SSL..."
|
||||
|
||||
DOMAIN=$2
|
||||
CERTIFICATE_FILE=$3
|
||||
PRIVATEKEY_FILE=$4
|
||||
else
|
||||
help
|
||||
fi
|
||||
;;
|
||||
|
||||
-d | --default )
|
||||
echo "Return to the default proxy configuration..."
|
||||
cp -f ${OPENRESTY}/onlyoffice-proxy.conf.template ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
sed "s!\(^worker_processes\).*;!\1 $(grep processor /proc/cpuinfo | wc -l);!" -i "${OPENRESTY}/onlyoffice-proxy.conf"
|
||||
sed "s!\(worker_connections\).*;!\1 $(ulimit -n);!" -i "${OPENRESTY}/onlyoffice-proxy.conf"
|
||||
[[ -f "${DIR}/${PRODUCT}-renew-letsencrypt" ]] && rm -rf "${DIR}/${PRODUCT}-renew-letsencrypt"
|
||||
[ $(pgrep -x ""systemd"" | wc -l) -gt 0 ] && systemctl reload openresty || service openresty reload
|
||||
echo "OK"
|
||||
exit 0
|
||||
;;
|
||||
|
||||
* )
|
||||
if [ "$#" -ge "2" ]; then
|
||||
MAIL=$1
|
||||
DOMAIN=$2
|
||||
LETSENCRYPT_ENABLE="true"
|
||||
|
||||
# Install certbot if not already installed
|
||||
if ! type "certbot" &> /dev/null; then
|
||||
if type "apt-get" &> /dev/null; then
|
||||
apt-get -y update -qq
|
||||
apt-get -y -q install certbot
|
||||
elif type "yum" &> /dev/null; then
|
||||
yum -y install certbot
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Generating Let's Encrypt SSL Certificates..."
|
||||
|
||||
# Request and generate Let's Encrypt SSL certificate
|
||||
echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAIN} > /var/log/le-start.log
|
||||
certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAIN} > /var/log/le-new.log
|
||||
else
|
||||
help
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
[[ ! -f "${DHPARAM_FILE}" ]] && openssl dhparam -out ${DHPARAM_FILE} 2048
|
||||
CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${PRODUCT}/fullchain.pem"}"
|
||||
PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}"
|
||||
|
||||
if [ -f "${CERTIFICATE_FILE}" ]; then
|
||||
if [ -f "${PRIVATEKEY_FILE}" ]; then
|
||||
cp -f ${OPENRESTY}/onlyoffice-proxy-ssl.conf.template ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
|
||||
PACKAGE_FILE_CHECKER=$(command -v dpkg-query &> /dev/null && echo "dpkg-query -L" || echo "rpm -ql")
|
||||
ENVIRONMENT=$(grep -oP 'ENVIRONMENT=\K.*' $(dirname $(${PACKAGE_FILE_CHECKER} ${PRODUCT}-api | grep systemd/system/))/${PRODUCT}-api.service)
|
||||
sed -i "s/\(\"portal\":\).*/\1 \"https:\/\/${DOMAIN}\"/" /etc/onlyoffice/docspace/appsettings.$ENVIRONMENT.json
|
||||
sed -i "s~\(ssl_certificate \).*;~\1${CERTIFICATE_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
sed -i "s~\(ssl_certificate_key \).*;~\1${PRIVATEKEY_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
sed -i "s~\(ssl_dhparam \).*;~\1${DHPARAM_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
|
||||
|
||||
if [[ "${LETSENCRYPT_ENABLE}" = "true" ]]; then
|
||||
# Create and set permissions for ${PRODUCT}-renew-letsencrypt
|
||||
echo '#!/bin/bash' > ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo "certbot renew >> /var/log/le-renew.log" >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
if [ $(pgrep -x ""systemd"" | wc -l) -gt 0 ]; then
|
||||
echo 'systemctl reload openresty' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
else
|
||||
echo 'service openresty reload' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
fi
|
||||
|
||||
chmod a+x ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
|
||||
# Add cron job if /etc/cron.d directory exists
|
||||
if [ -d /etc/cron.d ]; then
|
||||
echo -e "@weekly root ${DIR}/${PRODUCT}-renew-letsencrypt" | tee /etc/cron.d/${PRODUCT}-letsencrypt
|
||||
fi
|
||||
fi
|
||||
|
||||
[ $(pgrep -x ""systemd"" | wc -l) -gt 0 ] && systemctl reload openresty || service openresty reload
|
||||
|
||||
echo "OK"
|
||||
else
|
||||
echo "Error: private key file at path ${PRIVATEKEY_FILE} not found." && exit 1
|
||||
fi
|
||||
else
|
||||
echo "Error: certificate file at path ${CERTIFICATE_FILE} not found." && exit 1
|
||||
fi
|
||||
|
@ -13,10 +13,18 @@ while [ "$1" != "" ]; do
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
|
||||
-pm | --packagemanager )
|
||||
if [ "$2" != "" ]; then
|
||||
PACKAGE_MANAGER=$2
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
|
||||
-? | -h | --help )
|
||||
echo " Usage: bash build.sh [PARAMETER] [[PARAMETER], ...]"
|
||||
echo " Parameters:"
|
||||
echo " -pm, --packagemanager dependencies for package manager"
|
||||
echo " -bp, --buildpath output path"
|
||||
echo " -?, -h, --help this help"
|
||||
echo " Examples"
|
||||
@ -64,6 +72,11 @@ SERVICE_NAME=(
|
||||
)
|
||||
|
||||
reassign_values (){
|
||||
if [[ "${PACKAGE_MANAGER}" = "deb" ]]; then
|
||||
DEPENDENCY_LIST="mysql.service redis-server.service rabbitmq-server.service"
|
||||
else
|
||||
DEPENDENCY_LIST="mysqld.service redis.service rabbitmq-server.service"
|
||||
fi
|
||||
case $1 in
|
||||
api )
|
||||
SERVICE_PORT="5000"
|
||||
@ -79,6 +92,7 @@ reassign_values (){
|
||||
SERVICE_PORT="9899"
|
||||
WORK_DIR="${BASE_DIR}/services/ASC.Socket.IO/"
|
||||
EXEC_FILE="server.js"
|
||||
DEPENDENCY_LIST=""
|
||||
;;
|
||||
studio-notify )
|
||||
SERVICE_PORT="5006"
|
||||
@ -106,6 +120,7 @@ reassign_values (){
|
||||
WORK_DIR="${BASE_DIR}/products/ASC.Files/service/"
|
||||
EXEC_FILE="ASC.Files.Service.dll"
|
||||
CORE_EVENT_BUS=" --core:eventBus:subscriptionClientName=asc_event_bus_files_service_queue"
|
||||
DEPENDENCY_LIST="${DEPENDENCY_LIST} elasticsearch.service"
|
||||
;;
|
||||
studio )
|
||||
SERVICE_PORT="5003"
|
||||
@ -122,6 +137,7 @@ reassign_values (){
|
||||
SERVICE_PORT="9834"
|
||||
WORK_DIR="${BASE_DIR}/services/ASC.SsoAuth/"
|
||||
EXEC_FILE="app.js"
|
||||
DEPENDENCY_LIST=""
|
||||
;;
|
||||
clear-events )
|
||||
SERVICE_PORT="5027"
|
||||
@ -138,6 +154,7 @@ reassign_values (){
|
||||
SERVICE_PORT="5013"
|
||||
WORK_DIR="${BASE_DIR}/products/ASC.Files/editor/"
|
||||
EXEC_FILE="server.js"
|
||||
DEPENDENCY_LIST=""
|
||||
;;
|
||||
migration-runner )
|
||||
WORK_DIR="${BASE_DIR}/services/ASC.Migration.Runner/"
|
||||
@ -147,11 +164,13 @@ reassign_values (){
|
||||
SERVICE_PORT="5011"
|
||||
WORK_DIR="${BASE_DIR}/products/ASC.Login/login/"
|
||||
EXEC_FILE="server.js"
|
||||
DEPENDENCY_LIST="openresty.service"
|
||||
;;
|
||||
healthchecks )
|
||||
SERVICE_PORT="5033"
|
||||
WORK_DIR="${BASE_DIR}/services/ASC.Web.HealthChecks.UI/"
|
||||
EXEC_FILE="ASC.Web.HealthChecks.UI.dll"
|
||||
DEPENDENCY_LIST=""
|
||||
;;
|
||||
esac
|
||||
SERVICE_NAME="$1"
|
||||
@ -173,6 +192,7 @@ reassign_values (){
|
||||
}
|
||||
|
||||
write_to_file () {
|
||||
[[ -n ${DEPENDENCY_LIST} ]] && sed -e "s_\(After=.*\)_\1 ${DEPENDENCY_LIST}_" -e "/After=/a Wants=${DEPENDENCY_LIST}" -i $BUILD_PATH/${PRODUCT}-${SERVICE_NAME[$i]}.service
|
||||
sed -i -e 's#${SERVICE_NAME}#'$SERVICE_NAME'#g' -e 's#${WORK_DIR}#'$WORK_DIR'#g' -e "s#\${RESTART}#$RESTART#g" \
|
||||
-e "s#\${EXEC_START}#$EXEC_START#g" -e "s#\${SERVICE_TYPE}#$SERVICE_TYPE#g" $BUILD_PATH/${PRODUCT}-${SERVICE_NAME[$i]}.service
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ override_dh_auto_configure:
|
||||
|
||||
override_dh_auto_build:
|
||||
cd ${SRC_PATH}/${SCRIPT_PATH}/systemd; \
|
||||
bash build.sh -bp "${CURRENT_PATH}/debian/"; \
|
||||
bash build.sh -pm "deb" -bp "${CURRENT_PATH}/debian/"; \
|
||||
cd ${SRC_PATH}/${SCRIPT_PATH}; \
|
||||
bash build-frontend.sh -sp ${SRC_PATH} -di "false"; \
|
||||
bash build-backend.sh -sp ${SRC_PATH}; \
|
||||
@ -57,6 +57,7 @@ override_dh_auto_build:
|
||||
sed "s_\(.*root\).*;_\1 \"/var/www/${PRODUCT}\";_g" -i ${SRC_PATH}/buildtools/install/docker/config/nginx/letsencrypt.conf
|
||||
sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/nginx.conf.template
|
||||
mv -f ${SRC_PATH}/buildtools/install/docker/config/nginx/onlyoffice-proxy-ssl.conf ${SRC_PATH}/buildtools/install/docker/config/nginx/onlyoffice-proxy-ssl.conf.template
|
||||
cp -rf ${SRC_PATH}/buildtools/install/docker/config/nginx/onlyoffice-proxy.conf ${SRC_PATH}/buildtools/install/docker/config/nginx/onlyoffice-proxy.conf.template
|
||||
|
||||
for i in ${PRODUCT} $$(ls ${CURRENT_PATH}/debian/*.install | grep -oP 'debian/\K.*' | grep -o '^[^.]*'); do \
|
||||
cp ${CURRENT_PATH}/debian/source/lintian-overrides ${CURRENT_PATH}/debian/$$i.lintian-overrides; \
|
||||
|
@ -9,92 +9,17 @@ LETSENCRYPT="/etc/letsencrypt/live";
|
||||
DHPARAM_FILE="/etc/ssl/certs/dhparam.pem"
|
||||
WEBROOT_PATH="/letsencrypt"
|
||||
|
||||
if [ "$#" -ge "2" ]; then
|
||||
if [ "$1" != "-f" ]; then
|
||||
MAIL=$1
|
||||
DOMAIN=$2
|
||||
LETSENCRYPT_ENABLE="true"
|
||||
|
||||
if [ -f "${DOCKERCOMPOSE}/proxy.yml" ]; then
|
||||
:
|
||||
elif [ -f "/app/onlyoffice/proxy.yml" ]; then
|
||||
DOCKERCOMPOSE="/app/onlyoffice"
|
||||
DIR="/app/onlyoffice/config"
|
||||
else
|
||||
echo "Error: proxy configuration file not found." && exit 1
|
||||
fi
|
||||
|
||||
if ! docker ps -f "name=onlyoffice-proxy" --format '{{.Names}}' | grep -q "onlyoffice-proxy"; then
|
||||
echo "Error: the proxy container is not running" && exit 1
|
||||
fi
|
||||
|
||||
if ! docker volume inspect "onlyoffice_webroot_path" &> /dev/null; then
|
||||
echo "Error: missing webroot_path volume" && exit 1
|
||||
fi
|
||||
|
||||
echo "Generating Let's Encrypt SSL Certificates..."
|
||||
|
||||
# Request and generate Let's Encrypt SSL certificate
|
||||
docker run -it --rm \
|
||||
-v /etc/letsencrypt:/etc/letsencrypt \
|
||||
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
|
||||
-v /var/log:/var/log \
|
||||
-v onlyoffice_webroot_path:${WEBROOT_PATH} \
|
||||
certbot/certbot certonly \
|
||||
--expand --webroot -w ${WEBROOT_PATH} \
|
||||
--cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAIN}
|
||||
else
|
||||
echo "Using specified files to configure SSL..."
|
||||
|
||||
DOMAIN=$2
|
||||
CERTIFICATE_FILE=$3
|
||||
PRIVATEKEY_FILE=$4
|
||||
fi
|
||||
|
||||
[[ ! -f "${DHPARAM_FILE}" ]] && openssl dhparam -out ${DHPARAM_FILE} 2048
|
||||
|
||||
CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${PRODUCT}/fullchain.pem"}"
|
||||
PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}"
|
||||
|
||||
if [ -f "${CERTIFICATE_FILE}" -a -f ${PRIVATEKEY_FILE} ]; then
|
||||
if [ -f ${DOCKERCOMPOSE}/.env -a -f ${DOCKERCOMPOSE}/proxy-ssl.yml ]; then
|
||||
docker-compose -f ${DOCKERCOMPOSE}/proxy.yml down
|
||||
docker-compose -f ${DOCKERCOMPOSE}/docspace.yml stop onlyoffice-files
|
||||
|
||||
sed -i "s~\(APP_URL_PORTAL=\).*~\1\"https://${DOMAIN}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
sed -i "s~\(CERTIFICATE_PATH=\).*~\1\"${CERTIFICATE_FILE}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
sed -i "s~\(CERTIFICATE_KEY_PATH=\).*~\1\"${PRIVATEKEY_FILE}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
sed -i "s~\(DHPARAM_PATH=\).*~\1\"${DHPARAM_FILE}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
|
||||
if [[ "${LETSENCRYPT_ENABLE}" = "true" ]]; then
|
||||
# Create and set permissions for docspace-renew-letsencrypt
|
||||
echo '#!/bin/bash' > ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo "docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml down" >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo 'docker run -it --rm \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo ' -v /etc/letsencrypt:/etc/letsencrypt \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo ' -v /var/lib/letsencrypt:/var/lib/letsencrypt \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo ' certbot/certbot renew' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo "docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml up -d" >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
|
||||
chmod a+x ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
|
||||
# Add cron job if /etc/cron.d directory exists
|
||||
if [ -d /etc/cron.d ]; then
|
||||
echo -e "@weekly root ${DIR}/${PRODUCT}-renew-letsencrypt" | tee /etc/cron.d/${PRODUCT}-letsencrypt
|
||||
fi
|
||||
fi
|
||||
|
||||
docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml up -d
|
||||
docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up -d onlyoffice-files
|
||||
|
||||
echo "OK"
|
||||
else
|
||||
echo "Error: proxy configuration file not found." && exit 1
|
||||
fi
|
||||
else
|
||||
echo "Error: certificate or private key file not found." && exit 1
|
||||
fi
|
||||
# Check if configuration files are present
|
||||
if [ -f "/app/onlyoffice/.env" -a -f "/app/onlyoffice/proxy.yml" -a -f "/app/onlyoffice/proxy-ssl.yml" ]; then
|
||||
DOCKERCOMPOSE="/app/onlyoffice"
|
||||
DIR="/app/onlyoffice/config"
|
||||
elif [ -f "${DOCKERCOMPOSE}/.env" -a -f "${DOCKERCOMPOSE}/proxy.yml" -a -f "${DOCKERCOMPOSE}/proxy-ssl.yml" ]; then
|
||||
:
|
||||
else
|
||||
echo "Error: configuration files not found." && exit 1
|
||||
fi
|
||||
|
||||
help(){
|
||||
echo ""
|
||||
echo "This script provided to automatically setup SSL Certificates for DocSpace"
|
||||
echo "Automatically get Let's Encrypt SSL Certificates:"
|
||||
@ -104,10 +29,123 @@ else
|
||||
echo " u1@example.com,u2@example.com."
|
||||
echo " DOMAIN Domain name to apply"
|
||||
echo ""
|
||||
echo "Using your own certificates via the -f parameter:"
|
||||
echo " docspace-ssl-setup -f DOMAIN CERTIFICATE PRIVATEKEY"
|
||||
echo "Using your own certificates via the -f or --file parameter:"
|
||||
echo " docspace-ssl-setup --file DOMAIN CERTIFICATE PRIVATEKEY"
|
||||
echo " DOMAIN Domain name to apply."
|
||||
echo " CERTIFICATE Path to the certificate file for the domain."
|
||||
echo " PRIVATEKEY Path to the private key file for the certificate."
|
||||
echo ""
|
||||
echo "Return to the default proxy configuration using the -d or --default parameter:"
|
||||
echo " docspace-ssl-setup --default"
|
||||
echo ""
|
||||
exit 0
|
||||
}
|
||||
|
||||
case $1 in
|
||||
-f | --file )
|
||||
if [ -n "$2" ] && [ -n "$3" ] && [ -n "$4" ]; then
|
||||
echo "Using specified files to configure SSL..."
|
||||
DOMAIN=$2
|
||||
CERTIFICATE_FILE=$3
|
||||
PRIVATEKEY_FILE=$4
|
||||
else
|
||||
help
|
||||
fi
|
||||
;;
|
||||
|
||||
-d | --default )
|
||||
echo "Return to the default proxy configuration..."
|
||||
if [ -z "$(awk -F '=' '/^\s*DOCUMENT_SERVER_URL_EXTERNAL/{gsub(/^[[:space:]]*"|"[[:space:]]*$/, "", $2); print $2}' ${DOCKERCOMPOSE}/.env)" ]; then
|
||||
sed "s#\(APP_URL_PORTAL=\).*#\1\"http://onlyoffice-router:8092\"#g" -i ${DOCKERCOMPOSE}/.env
|
||||
else
|
||||
sed "s#\(APP_URL_PORTAL=\).*#\1\"http://$(curl -s ifconfig.me)\"#g" -i ${DOCKERCOMPOSE}/.env
|
||||
fi
|
||||
|
||||
[[ -f "${DIR}/${PRODUCT}-renew-letsencrypt" ]] && rm -rf "${DIR}/${PRODUCT}-renew-letsencrypt"
|
||||
|
||||
if docker ps -f "name=onlyoffice-proxy" --format '{{.Names}}' | grep -q "onlyoffice-proxy"; then
|
||||
if docker ps -f "name=onlyoffice-proxy" --format "{{.Ports}}" | grep -q "443"; then
|
||||
docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml down
|
||||
fi
|
||||
fi
|
||||
|
||||
docker-compose -f ${DOCKERCOMPOSE}/proxy.yml up -d
|
||||
docker-compose -f ${DOCKERCOMPOSE}/docspace.yml restart onlyoffice-files
|
||||
|
||||
echo "OK"
|
||||
exit 0
|
||||
;;
|
||||
|
||||
* )
|
||||
if [ "$#" -ge "2" ]; then
|
||||
MAIL=$1
|
||||
DOMAIN=$2
|
||||
LETSENCRYPT_ENABLE="true"
|
||||
|
||||
if ! docker volume inspect "onlyoffice_webroot_path" &> /dev/null; then
|
||||
echo "Error: missing webroot_path volume" && exit 1
|
||||
fi
|
||||
|
||||
if ! docker ps -f "name=onlyoffice-proxy" --format '{{.Names}}' | grep -q "onlyoffice-proxy"; then
|
||||
echo "Error: the proxy container is not running" && exit 1
|
||||
fi
|
||||
|
||||
echo "Generating Let's Encrypt SSL Certificates..."
|
||||
|
||||
# Request and generate Let's Encrypt SSL certificate
|
||||
docker run -it --rm \
|
||||
-v /etc/letsencrypt:/etc/letsencrypt \
|
||||
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
|
||||
-v /var/log:/var/log \
|
||||
-v onlyoffice_webroot_path:${WEBROOT_PATH} \
|
||||
certbot/certbot certonly \
|
||||
--expand --webroot -w ${WEBROOT_PATH} \
|
||||
--cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAIN}
|
||||
else
|
||||
help
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
[[ ! -f "${DHPARAM_FILE}" ]] && openssl dhparam -out ${DHPARAM_FILE} 2048
|
||||
CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${PRODUCT}/fullchain.pem"}"
|
||||
PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}"
|
||||
|
||||
if [ -f "${CERTIFICATE_FILE}" ]; then
|
||||
if [ -f "${PRIVATEKEY_FILE}" ]; then
|
||||
docker-compose -f ${DOCKERCOMPOSE}/proxy.yml down
|
||||
docker-compose -f ${DOCKERCOMPOSE}/docspace.yml stop onlyoffice-files
|
||||
|
||||
sed -i "s~\(APP_URL_PORTAL=\).*~\1\"https://${DOMAIN}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
sed -i "s~\(CERTIFICATE_PATH=\).*~\1\"${CERTIFICATE_FILE}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
sed -i "s~\(CERTIFICATE_KEY_PATH=\).*~\1\"${PRIVATEKEY_FILE}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
sed -i "s~\(DHPARAM_PATH=\).*~\1\"${DHPARAM_FILE}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
|
||||
if [[ "${LETSENCRYPT_ENABLE}" = "true" ]]; then
|
||||
# Create and set permissions for docspace-renew-letsencrypt
|
||||
echo '#!/bin/bash' > ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo "docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml down" >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo 'docker run -it --rm \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo ' -v /etc/letsencrypt:/etc/letsencrypt \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo ' -v /var/lib/letsencrypt:/var/lib/letsencrypt \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo ' certbot/certbot renew' >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
echo "docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml up -d" >> ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
|
||||
chmod a+x ${DIR}/${PRODUCT}-renew-letsencrypt
|
||||
|
||||
# Add cron job if /etc/cron.d directory exists
|
||||
if [ -d /etc/cron.d ]; then
|
||||
echo -e "@weekly root ${DIR}/${PRODUCT}-renew-letsencrypt" | tee /etc/cron.d/${PRODUCT}-letsencrypt
|
||||
fi
|
||||
fi
|
||||
|
||||
docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml up -d
|
||||
docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up -d onlyoffice-files
|
||||
|
||||
echo "OK"
|
||||
else
|
||||
echo "Error: private key file at path ${PRIVATEKEY_FILE} not found." && exit 1
|
||||
fi
|
||||
else
|
||||
echo "Error: certificate file at path ${CERTIFICATE_FILE} not found." && exit 1
|
||||
fi
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
cd %{_builddir}/buildtools
|
||||
|
||||
bash install/common/systemd/build.sh
|
||||
bash install/common/systemd/build.sh -pm "rpm"
|
||||
|
||||
bash install/common/build-frontend.sh --srcpath %{_builddir} -di "false"
|
||||
bash install/common/build-backend.sh --srcpath %{_builddir}
|
||||
|
@ -56,6 +56,7 @@ cp -rf %{_builddir}/document-templates-main-community-server/* "%{buildroot}%{bu
|
||||
cp -rf %{_builddir}/buildtools/install/RadicalePlugins/* "%{buildroot}%{buildpath}/Tools/radicale/plugins/"
|
||||
cp -rf %{_builddir}/buildtools/install/docker/config/nginx/templates/nginx.conf.template "%{buildroot}%{_sysconfdir}/onlyoffice/%{product}/openresty/nginx.conf.template"
|
||||
cp -rf %{_builddir}/buildtools/install/docker/config/nginx/onlyoffice-proxy.conf "%{buildroot}%{_sysconfdir}/openresty/conf.d/onlyoffice-proxy.conf"
|
||||
cp -rf %{_builddir}/buildtools/install/docker/config/nginx/onlyoffice-proxy.conf "%{buildroot}%{_sysconfdir}/openresty/conf.d/onlyoffice-proxy.conf.template"
|
||||
cp -rf %{_builddir}/buildtools/install/docker/config/nginx/onlyoffice-proxy-ssl.conf "%{buildroot}%{_sysconfdir}/openresty/conf.d/onlyoffice-proxy-ssl.conf.template"
|
||||
cp -rf %{_builddir}/buildtools/install/docker/config/nginx/letsencrypt.conf "%{buildroot}%{_sysconfdir}/openresty/includes/letsencrypt.conf"
|
||||
cp -rf %{_builddir}/buildtools/install/common/systemd/modules/* "%{buildroot}/usr/lib/systemd/system/"
|
||||
|
@ -23,14 +23,14 @@
|
||||
<ROW Property="APP_URLS" Value="http://0.0.0.0"/>
|
||||
<ROW Property="ARPCOMMENTS" Value="[|PRODUCT_NAME] is a platform based on .NET Core and React engines which comprises document management features and makes it possible to implement advanced folder management." ValueLocId="*"/>
|
||||
<ROW Property="ARPCONTACT" Value="20A-6, Ernesta Birznieka-Upisha str., Riga, LV-1050"/>
|
||||
<ROW Property="ARPHELPLINK" Value="http://dev.onlyoffice.org/"/>
|
||||
<ROW Property="ARPHELPLINK" Value="https://forum.onlyoffice.com"/>
|
||||
<ROW Property="ARPHELPTELEPHONE" Value="+371 66016425"/>
|
||||
<ROW Property="ARPNOMODIFY" MultiBuildValue="DefaultBuild:1"/>
|
||||
<ROW Property="ARPNOREPAIR" Value="1" MultiBuildValue="DefaultBuild:1#ExeBuild:1"/>
|
||||
<ROW Property="ARPPRODUCTICON" Value="icon.exe" Type="8"/>
|
||||
<ROW Property="ARPSYSTEMCOMPONENT" Value="1"/>
|
||||
<ROW Property="ARPURLINFOABOUT" Value="http://www.onlyoffice.com"/>
|
||||
<ROW Property="ARPURLUPDATEINFO" Value="http://www.onlyoffice.com/download.aspx"/>
|
||||
<ROW Property="ARPURLINFOABOUT" Value="https://helpdesk.onlyoffice.com"/>
|
||||
<ROW Property="ARPURLUPDATEINFO" Value="https://www.onlyoffice.com/download-docspace.aspx"/>
|
||||
<ROW Property="BASE_DOMAIN" Value="localhost"/>
|
||||
<ROW Property="COMMON_SHORTCUT_NAME" Value="ONLYOFFICE"/>
|
||||
<ROW Property="DATABASE_MIGRATION" Value="true"/>
|
||||
@ -1012,7 +1012,7 @@
|
||||
<ROW Action="DetectMySQLService" Type="1" Source="aicustact.dll" Target="DetectProcess" Options="3" AdditionalSeq="AI_DATA_SETTER_9"/>
|
||||
<ROW Action="ElasticSearchInstallPlugin" Type="1030" Source="utils.vbs" Target="ElasticSearchInstallPlugin"/>
|
||||
<ROW Action="ElasticSearchSetup" Type="6" Source="utils.vbs" Target="ElasticSearchSetup"/>
|
||||
<ROW Action="MoveNginxConfigs" Type="6" Source="utils.vbs" Target="MoveNginxConfigs"/>
|
||||
<ROW Action="MoveNginxConfigs" Type="4102" Source="utils.vbs" Target="MoveNginxConfigs"/>
|
||||
<ROW Action="MySQLConfigure" Type="262" Source="utils.vbs" Target="MySQLConfigure"/>
|
||||
<ROW Action="OpenCancelUrl" Type="194" Source="viewer.exe" Target="http://www.onlyoffice.com/install-canceled.aspx" WithoutSeq="true" Options="1"/>
|
||||
<ROW Action="PostgreSQLConfigure" Type="4102" Source="utils.vbs" Target="PostgreSqlConfigure"/>
|
||||
@ -1542,14 +1542,12 @@
|
||||
<ROW Name="ReplaceRoot" TxtUpdateSet="YourFile.txt_2" FindPattern="/var/www/public/" ReplacePattern=""[APPDIR]public/"" Options="2" Order="0" FileEncoding="-1"/>
|
||||
<ROW Name="ReplaceDsProxyPass" TxtUpdateSet="YourFile.txt" FindPattern="proxy_pass .*;" ReplacePattern="proxy_pass http://[DOCUMENT_SERVER_HOST]:[DOCUMENT_SERVER_PORT];" Options="19" Order="1" FileEncoding="-1"/>
|
||||
<ROW Name="ReplaceRouter" TxtUpdateSet="YourFile.txt_3" FindPattern="$router_host" ReplacePattern="127.0.0.1" Options="2" Order="0" FileEncoding="-1"/>
|
||||
<ROW Name="ReplaceRouter1" TxtUpdateSet="YourFile.txt_4" FindPattern="$router_host" ReplacePattern="127.0.0.1" Options="2" Order="0" FileEncoding="-1"/>
|
||||
</COMPONENT>
|
||||
<COMPONENT cid="caphyon.advinst.msicomp.TxtUpdateSetComponent">
|
||||
<ROW Key="YourFile.txt" Component="conf" FileName="onlyoffice.conf" Directory="conf_Dir" Options="17"/>
|
||||
<ROW Key="YourFile.txt_1" Component="conf" FileName="onlyoffice-client.conf" Directory="conf_Dir" Options="17"/>
|
||||
<ROW Key="YourFile.txt_2" Component="includes" FileName="onlyoffice-public.conf" Directory="includes_Dir" Options="17"/>
|
||||
<ROW Key="YourFile.txt_3" Component="conf" FileName="onlyoffice-proxy.conf" Directory="conf_Dir" Options="17"/>
|
||||
<ROW Key="YourFile.txt_4" Component="conf" FileName="onlyoffice-proxy-ssl.conf.tmpl" Directory="conf_Dir" Options="17"/>
|
||||
<ROW Key="YourFile.txt_3" Component="conf" FileName="onlyoffice-proxy*" Directory="conf_Dir" Options="17"/>
|
||||
<ROW Key="YourFile.txt_5" Component="includes" FileName="letsencrypt.conf" Directory="includes_Dir" Options="17"/>
|
||||
<ROW Key="xml" Component="tools" FileName="*.xml" Directory="tools_Dir" Options="17"/>
|
||||
</COMPONENT>
|
||||
|
@ -32,14 +32,15 @@ copy buildtools\install\win\WinSW3.0.0.exe "buildtools\install\win\Files\tools\L
|
||||
copy buildtools\install\win\tools\Login.xml "buildtools\install\win\Files\tools\Login.xml" /y
|
||||
copy "buildtools\install\win\nginx.conf" "buildtools\install\win\Files\nginx\conf\nginx.conf" /y
|
||||
copy "buildtools\install\docker\config\nginx\onlyoffice-proxy.conf" "buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf" /y
|
||||
copy "buildtools\install\docker\config\nginx\onlyoffice-proxy.conf" "buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl" /y
|
||||
copy "buildtools\install\docker\config\nginx\onlyoffice-proxy-ssl.conf" "buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl" /y
|
||||
copy "buildtools\install\docker\config\nginx\letsencrypt.conf" "buildtools\install\win\Files\nginx\conf\includes\letsencrypt.conf" /y
|
||||
copy "buildtools\install\win\sbin\docspace-ssl-setup.ps1" "buildtools\install\win\Files\sbin\docspace-ssl-setup.ps1" /y
|
||||
rmdir buildtools\install\win\publish /s /q
|
||||
|
||||
REM echo ######## SSL configs ########
|
||||
%sed% -i "s/the_host/host/g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s/the_scheme/scheme/g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s/the_host/host/g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s/the_scheme/scheme/g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s/ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/#ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s_\(.*root\).*;_\1 \"{APPDIR}letsencrypt\";_g" -i buildtools\install\win\Files\nginx\conf\includes\letsencrypt.conf
|
||||
|
||||
|
@ -28,16 +28,17 @@ if ( -not $certbot_path )
|
||||
exit
|
||||
}
|
||||
|
||||
$letsencrypt_root_dir = "$env:SystemDrive\Certbot\live"
|
||||
$app = Resolve-Path -Path ".\..\"
|
||||
$root_dir = "${app}\letsencrypt"
|
||||
$nginx_conf_dir = "$env:SystemDrive\OpenResty\conf"
|
||||
$nginx_conf = "onlyoffice-proxy.conf"
|
||||
$nginx_conf_tmpl = "onlyoffice-proxy.conf.tmpl"
|
||||
$nginx_ssl_tmpl = "onlyoffice-proxy-ssl.conf.tmpl"
|
||||
$proxy_service = "OpenResty"
|
||||
|
||||
if ( $args.Count -ge 2 )
|
||||
{
|
||||
$letsencrypt_root_dir = "$env:SystemDrive\Certbot\live"
|
||||
$app = Resolve-Path -Path ".\..\"
|
||||
$root_dir = "${app}\letsencrypt"
|
||||
$nginx_conf_dir = "$env:SystemDrive\OpenResty\conf"
|
||||
$nginx_conf = "onlyoffice-proxy.conf"
|
||||
$nginx_tmpl = "onlyoffice-proxy-ssl.conf.tmpl"
|
||||
$proxy_service = "OpenResty"
|
||||
$appsettings_config_path = "${app}\config\appsettings.production.json"
|
||||
|
||||
if ($args[0] -eq "-f") {
|
||||
$ssl_cert = $args[1]
|
||||
@ -59,9 +60,9 @@ if ( $args.Count -ge 2 )
|
||||
popd
|
||||
}
|
||||
|
||||
if ( [System.IO.File]::Exists($ssl_cert) -and [System.IO.File]::Exists($ssl_key) -and [System.IO.File]::Exists("${nginx_conf_dir}\${nginx_tmpl}"))
|
||||
if ( [System.IO.File]::Exists($ssl_cert) -and [System.IO.File]::Exists($ssl_key) -and [System.IO.File]::Exists("${nginx_conf_dir}\${nginx_ssl_tmpl}"))
|
||||
{
|
||||
Copy-Item "${nginx_conf_dir}\${nginx_tmpl}" -Destination "${nginx_conf_dir}\${nginx_conf}"
|
||||
Copy-Item "${nginx_conf_dir}\${nginx_ssl_tmpl}" -Destination "${nginx_conf_dir}\${nginx_conf}"
|
||||
((Get-Content -Path "${nginx_conf_dir}\${nginx_conf}" -Raw) -replace '/usr/local/share/ca-certificates/tls.crt', $ssl_cert) | Set-Content -Path "${nginx_conf_dir}\${nginx_conf}"
|
||||
((Get-Content -Path "${nginx_conf_dir}\${nginx_conf}" -Raw) -replace '/etc/ssl/private/tls.key', $ssl_key) | Set-Content -Path "${nginx_conf_dir}\${nginx_conf}"
|
||||
|
||||
@ -83,6 +84,14 @@ if ( $args.Count -ge 2 )
|
||||
$time = Get-Date -Format "HH:mm"
|
||||
cmd.exe /c "SCHTASKS /F /CREATE /SC WEEKLY /D $day /TN `"Certbot renew`" /TR `"${app}\letsencrypt\letsencrypt_cron.bat`" /ST $time"
|
||||
}
|
||||
|
||||
elseif ($args[0] -eq "-d" -or $args[0] -eq "--default") {
|
||||
Copy-Item "${nginx_conf_dir}\${nginx_conf_tmpl}" -Destination "${nginx_conf_dir}\${nginx_conf}"
|
||||
Restart-Service -Name $proxy_service
|
||||
Remove-Item -Path "${app}\letsencrypt\letsencrypt_cron.bat" -Force
|
||||
Write-Host "Returned to the default proxy configuration."
|
||||
}
|
||||
|
||||
else
|
||||
{
|
||||
Write-Output " This script provided to automatically get Let's Encrypt SSL Certificates for DocSpace "
|
||||
@ -98,4 +107,7 @@ else
|
||||
Write-Output " docspace-ssl-setup.ps1 -f CERTIFICATE PRIVATEKEY "
|
||||
Write-Output " CERTIFICATE Path to the certificate file for the domain."
|
||||
Write-Output " PRIVATEKEY Path to the private key file for the certificate."
|
||||
Write-Output " "
|
||||
Write-Output " Return to the default proxy configuration using the -d or --default parameter: "
|
||||
Write-Output " docspace-ssl-setup.ps1 -d | docspace-ssl-setup.ps1 --default "
|
||||
}
|
||||
|
@ -478,13 +478,26 @@ End Function
|
||||
Function MoveNginxConfigs
|
||||
On Error Resume Next
|
||||
|
||||
Dim objFSO, sourceFolder, targetFolder, nginxFolder
|
||||
Dim objFSO, objShell, sourceFolder, targetFolder, nginxFolder, configFile, configSslFile, sslScriptPath, sslCertPath, sslCertKeyPath, psCommand
|
||||
|
||||
' Define source and target paths
|
||||
Set objFSO = CreateObject("Scripting.FileSystemObject")
|
||||
Set objShell = CreateObject("WScript.Shell")
|
||||
sourceFolder = Session.Property("APPDIR") & "nginx\conf"
|
||||
targetFolder = "C:\OpenResty\conf"
|
||||
nginxFolder = Session.Property("APPDIR") & "nginx"
|
||||
configSslFile = targetFolder & "\onlyoffice-proxy-ssl.conf.tmpl"
|
||||
configFile = targetFolder & "\onlyoffice-proxy.conf"
|
||||
sslScriptPath = Session.Property("APPDIR") & "sbin\docspace-ssl-setup.ps1"
|
||||
|
||||
' Read content and extract SSL certificate and key paths if it exists
|
||||
If objFSO.FileExists(configFile) Then
|
||||
content = ReadFile(configFile, objFSO)
|
||||
sslCertPath = ExtractPath(content, "ssl_certificate\s+(.*?);", objFSO)
|
||||
sslCertKeyPath = ExtractPath(content, "ssl_certificate_key\s+(.*?);", objFSO)
|
||||
Else
|
||||
WScript.Echo "Configuration file not found!"
|
||||
End If
|
||||
|
||||
' Check if source folder exists
|
||||
If objFSO.FolderExists(sourceFolder) Then
|
||||
@ -504,7 +517,41 @@ Function MoveNginxConfigs
|
||||
WScript.Echo "Source folder does not exist."
|
||||
End If
|
||||
|
||||
' If SSL path variables are present, set the SSL paths
|
||||
If objFSO.FileExists(configSslFile) And ((Len(Trim(sslCertPath)) > 0) And (Len(Trim(sslCertKeyPath)) > 0)) Then
|
||||
psCommand = "powershell -File """ & sslScriptPath & """ -f """ & sslCertPath & """ """ & sslCertKeyPath & """"
|
||||
objShell.Run psCommand, 0, True
|
||||
Else
|
||||
WScript.Echo "Source file not found."
|
||||
End If
|
||||
|
||||
Set objFSO = Nothing
|
||||
Set objShell = Nothing
|
||||
End Function
|
||||
|
||||
Function ReadFile(filePath, objFSO)
|
||||
Dim objFile
|
||||
If objFSO.FileExists(filePath) Then
|
||||
Set objFile = objFSO.OpenTextFile(filePath, 1)
|
||||
ReadFile = objFile.ReadAll
|
||||
objFile.Close
|
||||
Else
|
||||
WScript.Echo "File not found: " & filePath
|
||||
End If
|
||||
End Function
|
||||
|
||||
Function ExtractPath(content, pattern, objFSO)
|
||||
Dim regex, match
|
||||
Set regex = New RegExp
|
||||
regex.Pattern = pattern
|
||||
|
||||
Set match = regex.Execute(content)
|
||||
If match.Count > 0 Then
|
||||
ExtractPath = match(0).Submatches(0)
|
||||
Else
|
||||
WScript.Echo "Path not found in the content."
|
||||
ExtractPath = Null
|
||||
End If
|
||||
End Function
|
||||
|
||||
Sub CopyFolderContents(sourceFolder, targetFolder, objFSO)
|
||||
|
@ -1,4 +1,4 @@
|
||||
@echo off
|
||||
|
||||
PUSHD %~dp0..\..
|
||||
set servicepath=%cd%\server\web\ASC.Web.Studio\bin\Debug\ASC.Web.Studio.exe urls=http://0.0.0.0:5003 $STORAGE_ROOT=%cd%\Data log:dir=%cd%\Logs log:name=web.studio pathToConf=%cd%\buildtools\config core:products:folder=%cd%\server\products
|
||||
set servicepath=%cd%\server\web\ASC.Web.Studio\bin\Debug\ASC.Web.Studio.exe urls=http://0.0.0.0:5003 $STORAGE_ROOT=%cd%\Data log:dir=%cd%\Logs log:name=web.studio pathToConf=%cd%\buildtools\config core:products:folder=%cd%\server\products core:eventBus:subscriptionClientName=asc_event_bus_webstudio_queue
|
22
tests/vagrant/Vagrantfile
vendored
Normal file
22
tests/vagrant/Vagrantfile
vendored
Normal file
@ -0,0 +1,22 @@
|
||||
Vagrant.configure("2") do |config|
|
||||
config.vm.box = "#{ENV['DISTR']}/#{ENV['OS']}"
|
||||
|
||||
config.vm.provider "virtualbox" do |v|
|
||||
v.customize ["modifyvm", :id, "--memory", "#{ENV['RAM']}"] #<= total RAM.
|
||||
v.customize ["modifyvm", :id, "--cpus", "#{ENV['CPU']}"] #<= total CPU.
|
||||
v.customize ["modifyvm", :id, "--ioapic", "on"]
|
||||
end
|
||||
|
||||
config.vm.define 'ubuntu'
|
||||
|
||||
config.vm.hostname = "host4test"
|
||||
|
||||
if ENV['TEST_CASE'] != '--production-install'
|
||||
config.vm.provision "file", source: "../../../DocSpace-buildtools/install/OneClickInstall/.", destination: "/tmp/docspace/"
|
||||
end
|
||||
|
||||
config.vm.provision "shell", path: './install.sh', :args => "#{ENV['DOWNLOAD_SCRIPT']} #{ENV['TEST_REPO']} #{ENV['ARGUMENTS']}"
|
||||
|
||||
# Prevent SharedFoldersEnableSymlinksCreate errors
|
||||
config.vm.synced_folder ".", "/vagrant", disabled: true
|
||||
end
|
357
tests/vagrant/install.sh
Normal file
357
tests/vagrant/install.sh
Normal file
@ -0,0 +1,357 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
while [ "$1" != "" ]; do
|
||||
case $1 in
|
||||
|
||||
-ds | --download-scripts )
|
||||
if [ "$2" != "" ]; then
|
||||
DOWNLOAD_SCRIPTS=$2
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
|
||||
-arg | --arguments )
|
||||
if [ "$2" != "" ]; then
|
||||
ARGUMENTS=$2
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
|
||||
|
||||
-pi | --production-install )
|
||||
if [ "$2" != "" ]; then
|
||||
PRODUCTION_INSTALL=$2
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
|
||||
-li | --local-install )
|
||||
if [ "$2" != "" ]; then
|
||||
LOCAL_INSTALL=$2
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
|
||||
-lu | --local-update )
|
||||
if [ "$2" != "" ]; then
|
||||
LOCAL_UPDATE=$2
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
|
||||
-tr | --test-repo )
|
||||
if [ "$2" != "" ]; then
|
||||
TEST_REPO_ENABLE=$2
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
|
||||
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
export TERM=xterm-256color^M
|
||||
|
||||
SERVICES_SYSTEMD=(
|
||||
"docspace-api.service"
|
||||
"docspace-doceditor.service"
|
||||
"docspace-studio-notify.service"
|
||||
"docspace-files.service"
|
||||
"docspace-notify.service"
|
||||
"docspace-studio.service"
|
||||
"docspace-backup-background.service"
|
||||
"docspace-files-services.service"
|
||||
"docspace-people-server.service"
|
||||
"docspace-backup.service"
|
||||
"docspace-healthchecks.service"
|
||||
"docspace-socket.service"
|
||||
"docspace-clear-events.service"
|
||||
"docspace-login.service"
|
||||
"docspace-ssoauth.service"
|
||||
"ds-converter.service"
|
||||
"ds-docservice.service"
|
||||
"ds-metrics.service")
|
||||
|
||||
function common::get_colors() {
|
||||
COLOR_BLUE=$'\e[34m'
|
||||
COLOR_GREEN=$'\e[32m'
|
||||
COLOR_RED=$'\e[31m'
|
||||
COLOR_RESET=$'\e[0m'
|
||||
COLOR_YELLOW=$'\e[33m'
|
||||
export COLOR_BLUE
|
||||
export COLOR_GREEN
|
||||
export COLOR_RED
|
||||
export COLOR_RESET
|
||||
export COLOR_YELLOW
|
||||
}
|
||||
|
||||
#############################################################################################
|
||||
# Checking available resources for a virtual machine
|
||||
# Globals:
|
||||
# None
|
||||
# Arguments:
|
||||
# None
|
||||
# Outputs:
|
||||
# None
|
||||
#############################################################################################
|
||||
function check_hw() {
|
||||
local FREE_RAM=$(free -h)
|
||||
local FREE_CPU=$(nproc)
|
||||
echo "${COLOR_RED} ${FREE_RAM} ${COLOR_RESET}"
|
||||
echo "${COLOR_RED} ${FREE_CPU} ${COLOR_RESET}"
|
||||
}
|
||||
|
||||
|
||||
#############################################################################################
|
||||
# Prepare vagrant boxes like: set hostname/remove postfix for DEB distributions
|
||||
# Globals:
|
||||
# None
|
||||
# Arguments:
|
||||
# None
|
||||
# Outputs:
|
||||
# ☑ PREPAVE_VM: **<prepare_message>**
|
||||
#############################################################################################
|
||||
function prepare_vm() {
|
||||
|
||||
if [ -f /etc/lsb-release ] ; then
|
||||
DIST=`cat /etc/lsb-release | grep '^DISTRIB_ID' | awk -F= '{ print $2 }'`
|
||||
REV=`cat /etc/lsb-release | grep '^DISTRIB_RELEASE' | awk -F= '{ print $2 }'`
|
||||
DISTRIB_CODENAME=`cat /etc/lsb-release | grep '^DISTRIB_CODENAME' | awk -F= '{ print $2 }'`
|
||||
DISTRIB_RELEASE=`cat /etc/lsb-release | grep '^DISTRIB_RELEASE' | awk -F= '{ print $2 }'`
|
||||
elif [ -f /etc/lsb_release ] || [ -f /usr/bin/lsb_release ] ; then
|
||||
DIST=`lsb_release -a 2>&1 | grep 'Distributor ID:' | awk -F ":" '{print $2 }'`
|
||||
REV=`lsb_release -a 2>&1 | grep 'Release:' | awk -F ":" '{print $2 }'`
|
||||
DISTRIB_CODENAME=`lsb_release -a 2>&1 | grep 'Codename:' | awk -F ":" '{print $2 }'`
|
||||
DISTRIB_RELEASE=`lsb_release -a 2>&1 | grep 'Release:' | awk -F ":" '{print $2 }'`
|
||||
elif [ -f /etc/os-release ] ; then
|
||||
DISTRIB_CODENAME=$(grep "VERSION=" /etc/os-release |awk -F= {' print $2'}|sed s/\"//g |sed s/[0-9]//g | sed s/\)$//g |sed s/\(//g | tr -d '[:space:]')
|
||||
DISTRIB_RELEASE=$(grep "VERSION_ID=" /etc/os-release |awk -F= {' print $2'}|sed s/\"//g |sed s/[0-9]//g | sed s/\)$//g |sed s/\(//g | tr -d '[:space:]')
|
||||
fi
|
||||
|
||||
DIST=`echo "$DIST" | tr '[:upper:]' '[:lower:]' | xargs`;
|
||||
DISTRIB_CODENAME=`echo "$DISTRIB_CODENAME" | tr '[:upper:]' '[:lower:]' | xargs`;
|
||||
REV=`echo "$REV" | xargs`;
|
||||
|
||||
if [ ! -f /etc/centos-release ]; then
|
||||
if [ "${DIST}" = "debian" ]; then
|
||||
if [ "${DISTRIB_CODENAME}" == "bookworm" ]; then
|
||||
apt-get update -y
|
||||
apt install -y curl gnupg
|
||||
fi
|
||||
|
||||
apt-get remove postfix -y
|
||||
echo "${COLOR_GREEN}☑ PREPAVE_VM: Postfix was removed${COLOR_RESET}"
|
||||
fi
|
||||
|
||||
if [ "${TEST_REPO_ENABLE}" == 'true' ]; then
|
||||
mkdir -p -m 700 $HOME/.gnupg
|
||||
echo "deb [signed-by=/usr/share/keyrings/onlyoffice.gpg] https://nexus.onlyoffice.com/repository/4testing-debian stable main" | sudo tee /etc/apt/sources.list.d/onlyoffice4testing.list
|
||||
curl -fsSL https://download.onlyoffice.com/GPG-KEY-ONLYOFFICE | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/onlyoffice.gpg --import
|
||||
chmod 644 /usr/share/keyrings/onlyoffice.gpg
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f /etc/centos-release ]; then
|
||||
if [ "${TEST_REPO_ENABLE}" == 'true' ]; then
|
||||
cat > /etc/yum.repos.d/onlyoffice4testing.repo <<END
|
||||
[onlyoffice4testing]
|
||||
name=onlyoffice4testing repo
|
||||
baseurl=https://nexus.onlyoffice.com/repository/centos-testing/4testing/main/noarch
|
||||
gpgcheck=1
|
||||
enabled=1
|
||||
gpgkey=https://download.onlyoffice.com/GPG-KEY-ONLYOFFICE
|
||||
END
|
||||
yum -y install centos*-release
|
||||
fi
|
||||
|
||||
local REV=$(cat /etc/redhat-release | sed 's/[^0-9.]*//g')
|
||||
if [[ "${REV}" =~ ^9 ]]; then
|
||||
update-crypto-policies --set LEGACY
|
||||
echo "${COLOR_GREEN}☑ PREPAVE_VM: sha1 gpg key chek enabled${COLOR_RESET}"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Clean up home folder
|
||||
rm -rf /home/vagrant/*
|
||||
|
||||
if [ -d /tmp/docspace ]; then
|
||||
mv /tmp/docspace/* /home/vagrant
|
||||
fi
|
||||
|
||||
echo '127.0.0.1 host4test' | sudo tee -a /etc/hosts
|
||||
echo "${COLOR_GREEN}☑ PREPAVE_VM: Hostname was setting up${COLOR_RESET}"
|
||||
|
||||
}
|
||||
|
||||
#############################################################################################
|
||||
# Install docspace and then healthcheck
|
||||
# Globals:
|
||||
# None
|
||||
# Arguments:
|
||||
# None
|
||||
# Outputs:
|
||||
# Script log
|
||||
#############################################################################################
|
||||
function install_docspace() {
|
||||
if [ "${DOWNLOAD_SCRIPTS}" == 'true' ]; then
|
||||
wget https://download.onlyoffice.com/docspace/docspace-install.sh
|
||||
else
|
||||
sed 's/set -e/set -xe/' -i *.sh
|
||||
fi
|
||||
|
||||
printf "N\nY\nY" | bash docspace-install.sh ${ARGUMENTS}
|
||||
|
||||
if [[ $? != 0 ]]; then
|
||||
echo "Exit code non-zero. Exit with 1."
|
||||
exit 1
|
||||
else
|
||||
echo "Exit code 0. Continue..."
|
||||
fi
|
||||
}
|
||||
|
||||
#############################################################################################
|
||||
# Healthcheck function for systemd services
|
||||
# Globals:
|
||||
# SERVICES_SYSTEMD
|
||||
# Arguments:
|
||||
# None
|
||||
# Outputs:
|
||||
# Message about service status
|
||||
#############################################################################################
|
||||
function healthcheck_systemd_services() {
|
||||
for service in ${SERVICES_SYSTEMD[@]}
|
||||
do
|
||||
if systemctl is-active --quiet ${service}; then
|
||||
echo "${COLOR_GREEN}☑ OK: Service ${service} is running${COLOR_RESET}"
|
||||
else
|
||||
echo "${COLOR_RED}⚠ FAILED: Service ${service} is not running${COLOR_RESET}"
|
||||
SYSTEMD_SVC_FAILED="true"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
#############################################################################################
|
||||
# Set output if some services failed
|
||||
# Globals:
|
||||
# None
|
||||
# Arguments:
|
||||
# None
|
||||
# Outputs:
|
||||
# ⚠ ⚠ ATTENTION: Some sevices is not running ⚠ ⚠
|
||||
# Returns
|
||||
# 0 if all services is start correctly, non-zero if some failed
|
||||
#############################################################################################
|
||||
function healthcheck_general_status() {
|
||||
if [ ! -z "${SYSTEMD_SVC_FAILED}" ]; then
|
||||
echo "${COLOR_YELLOW}⚠ ⚠ ATTENTION: Some sevices is not running ⚠ ⚠ ${COLOR_RESET}"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
#############################################################################################
|
||||
# Get logs for all services
|
||||
# Globals:
|
||||
# $SERVICES_SYSTEMD
|
||||
# Arguments:
|
||||
# None
|
||||
# Outputs:
|
||||
# Logs for systemd services
|
||||
# Returns:
|
||||
# none
|
||||
# Commentaries:
|
||||
# This function succeeds even if the file for cat was not found. For that use ${SKIP_EXIT} variable
|
||||
#############################################################################################
|
||||
function services_logs() {
|
||||
for service in ${SERVICES_SYSTEMD[@]}; do
|
||||
echo -----------------------------------------
|
||||
echo "${COLOR_GREEN}Check logs for systemd service: $service${COLOR_RESET}"
|
||||
echo ---------------------- -------------------
|
||||
EXIT_CODE=0
|
||||
journalctl -u $service || true
|
||||
done
|
||||
|
||||
local MAIN_LOGS_DIR="/var/log/onlyoffice"
|
||||
local DOCSPACE_LOGS_DIR="${MAIN_LOGS_DIR}/docspace"
|
||||
local DOCUMENTSERVER_LOGS_DIR="${MAIN_LOGS_DIR}/documentserver"
|
||||
local DOCSERVICE_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/docservice"
|
||||
local CONVERTER_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/converter"
|
||||
local METRICS_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/metrics"
|
||||
|
||||
ARRAY_MAIN_SERVICES_LOGS=($(ls ${MAIN_LOGS_DIR} | grep log | sed 's/web.sql.log//;s/web.api.log//;s/nginx.*//' ))
|
||||
ARRAY_DOCSPACE_LOGS=($(ls ${DOCSPACE_LOGS_DIR}))
|
||||
ARRAY_DOCSERVICE_LOGS=($(ls ${DOCSERVICE_LOGS_DIR}))
|
||||
ARRAY_CONVERTER_LOGS=($(ls ${CONVERTER_LOGS_DIR}))
|
||||
ARRAY_METRICS_LOGS=($(ls ${METRICS_LOGS_DIR}))
|
||||
|
||||
echo "-----------------------------------"
|
||||
echo "${COLOR_YELLOW} Check logs for main services ${COLOR_RESET}"
|
||||
echo "-----------------------------------"
|
||||
for file in ${ARRAY_MAIN_SERVICES_LOGS[@]}; do
|
||||
echo ---------------------------------------
|
||||
echo "${COLOR_GREEN}logs from file: ${file}${COLOR_RESET}"
|
||||
echo ---------------------------------------
|
||||
cat ${MAIN_LOGS_DIR}/${file} || true
|
||||
done
|
||||
|
||||
echo "-----------------------------------"
|
||||
echo "${COLOR_YELLOW} Check logs for Docservice ${COLOR_RESET}"
|
||||
echo "-----------------------------------"
|
||||
for file in ${ARRAY_DOCSERVICE_LOGS[@]}; do
|
||||
echo ---------------------------------------
|
||||
echo "${COLOR_GREEN}logs from file: ${file}${COLOR_RESET}"
|
||||
echo ---------------------------------------
|
||||
cat ${DOCSERVICE_LOGS_DIR}/${file} || true
|
||||
done
|
||||
|
||||
echo "-----------------------------------"
|
||||
echo "${COLOR_YELLOW} Check logs for Converter ${COLOR_RESET}"
|
||||
echo "-----------------------------------"
|
||||
for file in ${ARRAY_CONVERTER_LOGS[@]}; do
|
||||
echo ---------------------------------------
|
||||
echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
|
||||
echo ---------------------------------------
|
||||
cat ${CONVERTER_LOGS_DIR}/${file} || true
|
||||
done
|
||||
|
||||
echo "-----------------------------------"
|
||||
echo "${COLOR_YELLOW} Start logs for Metrics ${COLOR_RESET}"
|
||||
echo "-----------------------------------"
|
||||
for file in ${ARRAY_METRICS_LOGS[@]}; do
|
||||
echo ---------------------------------------
|
||||
echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
|
||||
echo ---------------------------------------
|
||||
cat ${METRICS_LOGS_DIR}/${file} || true
|
||||
done
|
||||
|
||||
echo "-----------------------------------"
|
||||
echo "${COLOR_YELLOW} Start logs for DocSpace ${COLOR_RESET}"
|
||||
echo "-----------------------------------"
|
||||
for file in ${ARRAY_DOCSPACE_LOGS[@]}; do
|
||||
echo ---------------------------------------
|
||||
echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
|
||||
echo ---------------------------------------
|
||||
cat ${DOCSPACE_LOGS_DIR}/${file} || true
|
||||
done
|
||||
}
|
||||
|
||||
function healthcheck_docker_installation() {
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
main() {
|
||||
common::get_colors
|
||||
prepare_vm
|
||||
check_hw
|
||||
install_docspace
|
||||
sleep 120
|
||||
services_logs
|
||||
healthcheck_systemd_services
|
||||
healthcheck_general_status
|
||||
}
|
||||
|
||||
main
|
Loading…
Reference in New Issue
Block a user