IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature/oauth2 client (#276)

Browse Source
This commit is contained in:
Alexey Bannov 2024-07-09 16:24:04 +03:00 committed by GitHub
commit c312ba632b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 453 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
build.backend.docker.py
View File

@ -11,13 +11,14 @@ def help():
# Display Help
print("Build and run backend and working environment. (Use 'yarn start' to run client -> https://github.com/ONLYOFFICE/DocSpace-client)")
print()
print("Syntax: available params [-h|f|s|c|d|]")
print("Syntax: available params [-h|f|s|c|d|i")
print("options:")
print("h Print this Help.")
print("f Force rebuild base images.")
print("s Run as SAAS otherwise as STANDALONE.")
print("c Run as COMMUNITY otherwise ENTERPRISE.")
print("d Run dnsmasq.")
print("i Run identity (oauth2).")
print()
@ -37,6 +38,8 @@ if local_ip == "127.0.0.1":
doceditor = f"{local_ip}:5013"
login = f"{local_ip}:5011"
client = f"{local_ip}:5001"
identity_auth = f"{local_ip}:8080"
identity_api = f"{local_ip}:9090"
management = f"{local_ip}:5015"
portal_url = f"http://{local_ip}"
@ -44,13 +47,14 @@ force = False
dns = False
standalone = True
community = False
identity = False
migration_type = "STANDALONE" # SAAS
installation_type = "ENTERPRISE"
document_server_image_name = "onlyoffice/documentserver-de:latest"
# Get the options
opts, args = getopt.getopt(sys.argv[1:], "hfscd")
opts, args = getopt.getopt(sys.argv[1:], "hfscdi")
for opt, arg in opts:
if opt == "-h":
help()
@ -63,6 +67,8 @@ for opt, arg in opts:
community = arg if arg else True
elif opt == "-d":
dns = arg if arg else True
elif opt == "-i":
identity = arg if arg else True
else:
print("Error: Invalid '-" + opt + "' option")
sys.exit()
@ -80,6 +86,7 @@ print(f"DOCSPACE_APP_URL: {portal_url}")
print()
print("FORCE REBUILD BASE IMAGES:", force)
print("Run dnsmasq:", dns)
print("Run identity:", identity)
if standalone == False:
migration_type = "SAAS"
@ -182,6 +189,8 @@ os.environ["SERVICE_DOCEDITOR"] = doceditor
os.environ["SERVICE_LOGIN"] = login
os.environ["SERVICE_MANAGEMENT"] = management
os.environ["SERVICE_CLIENT"] = client
os.environ["SERVICE_IDENTITY"] = identity_auth
os.environ["SERVICE_IDENTITY_API"] = identity_api
os.environ["ROOT_DIR"] = dir
os.environ["BUILD_PATH"] = "/var/www"
os.environ["SRC_PATH"] = os.path.join(dir, "publish/services")
@ -190,6 +199,10 @@ os.environ["APP_URL_PORTAL"] = portal_url
os.environ["MIGRATION_TYPE"] = migration_type
subprocess.run(["docker-compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join(dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"])
if identity:
print("Run identity")
subprocess.run(["docker-compose", "-f",os.path.join(dockerDir, "identity.yml"), "up", "-d" ])
print()
print("Run script directory:", dir)
print("Root directory:", dir)

26
build.backend.dotnet.bat Normal file
View File

@ -0,0 +1,26 @@
@echo off
echo Start build backend...
echo.
cd /D "%~dp0"
call runasadmin.bat "%~dpnx0"
if %errorlevel% == 0 (
call start\stop.bat nopause
dotnet build ..\server\asc.web.slnf /fl1 /flp1:logfile=asc.web.log;verbosity=normal
echo.
)
if %errorlevel% == 0 (
call start\start.bat nopause
)
echo.
if "%1"=="nopause" goto end
pause
:end

4
clear.backend.docker.py
View File

@ -31,6 +31,10 @@ if containers or images:
db_command = f"docker compose -f {os.path.join(docker_dir, 'db.yml')} down --volumes"
subprocess.run(db_command, shell=True)
print("Remove docker contatiners 'Identity'")
identity_command = f"docker compose -f {os.path.join(docker_dir, 'identity.yml')} down --volumes"
subprocess.run(identity_command, shell=True)
print("Remove docker volumes")
volumes_command = f"docker volume prune -fa"
subprocess.run(volumes_command, shell=True)

7
config/appsettings.json
View File

@ -38,7 +38,10 @@
},
"themelimit": "9",
"oidc": {
"authority": ""
"authority": "",
"disableValidateToken": "true",
"requireHttps": "false",
"showPII": "true"
},
"server-root": "",
"username": {
@ -122,7 +125,7 @@
"api-system": "",
"api-cache": "",
"images": "static/images",
"hide-settings": "Monitoring,LdapSettings,DocService,MailService,PublicPortal,ProxyHttpContent,SpamSubscription,FullTextSearch",
"hide-settings": "Monitoring,LdapSettings,DocService,MailService,PublicPortal,ProxyHttpContent,SpamSubscription,FullTextSearch,IdentityServer",
"hub": {
"url": "/socket.io",
"internal": "http://localhost:9899/"

4
config/dnsmasq.conf
View File

@ -9,6 +9,6 @@ server=8.8.4.4
server=8.8.8.8
strict-order
#serve all .company queries using a specific nameserver
server=/site/127.0.0.1
server=/site/192.168.0.18
#explicitly define host-ip mappings
address=/docspace.site/127.0.0.1
address=/docspace.site/192.168.0.18

21
config/nginx/onlyoffice.conf
View File

@ -104,7 +104,7 @@ server {
local accept_header = ngx.req.get_headers()["Accept"]
if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then
if not ngx.re.match(ngx.var.request_uri, "login|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*") then
if not ngx.re.match(ngx.var.request_uri, "login|oauth2|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*") then
if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then
if ngx.var.request_uri == "/" then
return ngx.redirect("/login")
@ -322,7 +322,26 @@ server {
location ~* /migration {
proxy_pass http://127.0.0.1:5034;
}
location ~* /(clients|scopes) {
proxy_pass http://127.0.0.1:9090;
}
location ~* /oauth2 {
rewrite api/2.0/(.*) /$1 break;
proxy_redirect off;
proxy_pass http://127.0.0.1:8080;
}
}
location /oauth2/.well-known/openid-configuration {
rewrite oauth2/(.*) /$1 break;
proxy_pass http://127.0.0.1:8080;
}
location /oauth2 {
proxy_pass http://127.0.0.1:8080;
}
location /sso {
rewrite sso/(.*) /$1 break;

272
install/docker/.env
View File

@ -1,127 +1,145 @@
# docker-compose tags #
PRODUCT=onlyoffice
REPO=${PRODUCT}
INSTALLATION_TYPE=COMMUNITY
STATUS=""
DOCKER_IMAGE_PREFIX=${STATUS}docspace
DOCKER_TAG=latest
CONTAINER_PREFIX=${PRODUCT}-
MYSQL_VERSION=8.3.0
MYSQL_IMAGE=mysql:${MYSQL_VERSION}
SERVICE_PORT=5050
DOCUMENT_SERVER_IMAGE_NAME=onlyoffice/4testing-documentserver-ee:latest
DOCKERFILE=Dockerfile.app
APP_DOTNET_ENV=""
EXTERNAL_PORT="80"
# opensearch stack #
ELK_VERSION=2.11.1
ELK_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch
ELK_SHEME=http
ELK_HOST=""
ELK_PORT=9200
DASHBOARDS_VERSION=2.11.1
DASHBOARDS_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch-dashboards
DASHBOARDS_USERNAME=onlyoffice
DASHBOARDS_PASSWORD=onlyoffice
FLUENT_BIT_VERSION=3.0.2
FLUENT_BIT_CONTAINER_NAME=${CONTAINER_PREFIX}fluent-bit
# app service environment #
ENV_EXTENSION=none
APP_CORE_BASE_DOMAIN=localhost
APP_URL_PORTAL="http://localhost:8092"
OAUTH_REDIRECT_URL="https://service.onlyoffice.com/oauth2.aspx"
WRONG_PORTAL_NAME_URL=""
LOG_LEVEL="Warning"
DEBUG_INFO="false"
APP_KNOWN_PROXIES=""
APP_KNOWN_NETWORKS=""
APP_CORE_MACHINEKEY=your_core_machinekey
CERTIFICATE_PATH=""
CERTIFICATE_KEY_PATH=""
DHPARAM_PATH=""
# docs #
DOCUMENT_CONTAINER_NAME=${CONTAINER_PREFIX}document-server
DOCUMENT_SERVER_URL_EXTERNAL=""
DOCUMENT_SERVER_JWT_SECRET=your_jwt_secret
DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt
DOCUMENT_SERVER_URL_PUBLIC=/ds-vpath/
# redis #
REDIS_CONTAINER_NAME=${CONTAINER_PREFIX}redis
REDIS_HOST=""
REDIS_PORT=6379
REDIS_USER_NAME=""
REDIS_PASSWORD=""
# rabbitmq #
RABBIT_CONTAINER_NAME=${CONTAINER_PREFIX}rabbitmq
RABBIT_HOST=""
RABBIT_PORT=5672
RABBIT_VIRTUAL_HOST=/
RABBIT_USER_NAME=guest
RABBIT_PASSWORD=guest
# mysql #
MYSQL_CONTAINER_NAME=${CONTAINER_PREFIX}mysql-server
MYSQL_HOST=""
MYSQL_PORT=3306
MYSQL_ROOT_PASSWORD=my-secret-pw
MYSQL_DATABASE=docspace
MYSQL_USER=${PRODUCT}_user
MYSQL_PASSWORD=${PRODUCT}_pass
DATABASE_MIGRATION=false
MIGRATION_TYPE="SAAS"
# service host #
API_SYSTEM_HOST=${CONTAINER_PREFIX}api-system
BACKUP_HOST=${CONTAINER_PREFIX}backup
BACKUP_BACKGRUOND_TASKS_HOST=${CONTAINER_PREFIX}backup-background-tasks
CLEAR_EVENTS_HOST=${CONTAINER_PREFIX}clear-events
FILES_HOST=${CONTAINER_PREFIX}files
FILES_SERVICES_HOST=${CONTAINER_PREFIX}files-services
STORAGE_MIGRATION_HOST=${CONTAINER_PREFIX}storage-migration
NOTIFY_HOST=${CONTAINER_PREFIX}notify
PEOPLE_SERVER_HOST=${CONTAINER_PREFIX}people-server
SOCKET_HOST=${CONTAINER_PREFIX}socket
STUDIO_NOTIFY_HOST=${CONTAINER_PREFIX}studio-notify
API_HOST=${CONTAINER_PREFIX}api
STUDIO_HOST=${CONTAINER_PREFIX}studio
SSOAUTH_HOST=${CONTAINER_PREFIX}ssoauth
TELEGRAMREPORTS_HOST=${CONTAINER_PREFIX}telegramreports
MIGRATION_RUNNER_HOST=${CONTAINER_PREFIX}migration-runner
PROXY_HOST=${CONTAINER_PREFIX}proxy
ROUTER_HOST=${CONTAINER_PREFIX}router
DOCEDITOR_HOST=${CONTAINER_PREFIX}doceditor
LOGIN_HOST=${CONTAINER_PREFIX}login
MANAGEMENT_HOST={CONTAINER_PREFIX}management
HELTHCHECKS_HOST=${CONTAINER_PREFIX}healthchecks
# router upstream environment #
SERVICE_API_SYSTEM=${API_SYSTEM_HOST}:${SERVICE_PORT}
SERVICE_BACKUP=${BACKUP_HOST}:${SERVICE_PORT}
SERVICE_BACKUP_BACKGRUOND_TASKS=${BACKUP_BACKGRUOND_TASKS_HOST}:${SERVICE_PORT}
SERVICE_CLEAR_EVENTS=${CLEAR_EVENTS_HOST}:${SERVICE_PORT}
SERVICE_FILES=${FILES_HOST}:${SERVICE_PORT}
SERVICE_FILES_SERVICES=${FILES_SERVICES_HOST}:${SERVICE_PORT}
SERVICE_STORAGE_MIGRATION=${STORAGE_MIGRATION_HOST}:${SERVICE_PORT}
SERVICE_NOTIFY=${NOTIFY_HOST}:${SERVICE_PORT}
SERVICE_PEOPLE_SERVER=${PEOPLE_SERVER_HOST}:${SERVICE_PORT}
SERVICE_SOCKET=${SOCKET_HOST}:${SERVICE_PORT}
SERVICE_STUDIO_NOTIFY=${STUDIO_NOTIFY_HOST}:${SERVICE_PORT}
SERVICE_API=${API_HOST}:${SERVICE_PORT}
SERVICE_STUDIO=${STUDIO_HOST}:${SERVICE_PORT}
SERVICE_SSOAUTH=${SSOAUTH_HOST}:${SERVICE_PORT}
SERVICE_TELEGRAMREPORTS=${TELEGRAMREPORTS_HOST}:${SERVICE_PORT}
SERVICE_DOCEDITOR=${DOCEDITOR_HOST}:5013
SERVICE_LOGIN=${LOGIN_HOST}:5011
SERVICE_MANAGEMENT={MANAGEMENT_HOST}:${SERVICE_PORT}
SERVICE_HELTHCHECKS=${HELTHCHECKS_HOST}:${SERVICE_PORT}
NETWORK_NAME=${PRODUCT}
COMPOSE_IGNORE_ORPHANS=True
# docker-compose tags #
PRODUCT=onlyoffice
REPO=${PRODUCT}
INSTALLATION_TYPE=COMMUNITY
STATUS=""
DOCKER_IMAGE_PREFIX=${STATUS}docspace
DOCKER_TAG=latest
CONTAINER_PREFIX=${PRODUCT}-
MYSQL_VERSION=8.3.0
MYSQL_IMAGE=mysql:${MYSQL_VERSION}
SERVICE_PORT=5050
DOCUMENT_SERVER_IMAGE_NAME=onlyoffice/4testing-documentserver-ee:latest
DOCKERFILE=Dockerfile.app
APP_DOTNET_ENV=""
EXTERNAL_PORT="80"
# opensearch stack #
ELK_VERSION=2.11.1
ELK_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch
ELK_SHEME=http
ELK_HOST=""
ELK_PORT=9200
DASHBOARDS_VERSION=2.11.1
DASHBOARDS_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch-dashboards
DASHBOARDS_USERNAME=onlyoffice
DASHBOARDS_PASSWORD=onlyoffice
FLUENT_BIT_VERSION=3.0.2
FLUENT_BIT_CONTAINER_NAME=${CONTAINER_PREFIX}fluent-bit
# app service environment #
ENV_EXTENSION=none
APP_CORE_BASE_DOMAIN=localhost
APP_URL_PORTAL="http://localhost:8092"
OAUTH_REDIRECT_URL="https://service.onlyoffice.com/oauth2.aspx"
WRONG_PORTAL_NAME_URL=""
LOG_LEVEL="Warning"
DEBUG_INFO="false"
APP_KNOWN_PROXIES=""
APP_KNOWN_NETWORKS=""
APP_CORE_MACHINEKEY=your_core_machinekey
CERTIFICATE_PATH=""
CERTIFICATE_KEY_PATH=""
DHPARAM_PATH=""
# docs #
DOCUMENT_CONTAINER_NAME=${CONTAINER_PREFIX}document-server
DOCUMENT_SERVER_URL_EXTERNAL=""
DOCUMENT_SERVER_JWT_SECRET=your_jwt_secret
DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt
DOCUMENT_SERVER_URL_PUBLIC=/ds-vpath/
# redis #
REDIS_CONTAINER_NAME=${CONTAINER_PREFIX}redis
REDIS_HOST=""
REDIS_PORT=6379
REDIS_USER_NAME=""
REDIS_PASSWORD=""
# rabbitmq #
RABBIT_CONTAINER_NAME=${CONTAINER_PREFIX}rabbitmq
RABBIT_HOST=""
RABBIT_PORT=5672
RABBIT_VIRTUAL_HOST=/
RABBIT_USER_NAME=guest
RABBIT_PASSWORD=guest
# mysql #
MYSQL_CONTAINER_NAME=${CONTAINER_PREFIX}mysql-server
MYSQL_HOST=""
MYSQL_PORT=3306
MYSQL_ROOT_PASSWORD=my-secret-pw
MYSQL_DATABASE=docspace
MYSQL_USER=${PRODUCT}_user
MYSQL_PASSWORD=${PRODUCT}_pass
DATABASE_MIGRATION=false
MIGRATION_TYPE="SAAS"
# service host #
API_SYSTEM_HOST=${CONTAINER_PREFIX}api-system
BACKUP_HOST=${CONTAINER_PREFIX}backup
BACKUP_BACKGRUOND_TASKS_HOST=${CONTAINER_PREFIX}backup-background-tasks
CLEAR_EVENTS_HOST=${CONTAINER_PREFIX}clear-events
FILES_HOST=${CONTAINER_PREFIX}files
FILES_SERVICES_HOST=${CONTAINER_PREFIX}files-services
STORAGE_MIGRATION_HOST=${CONTAINER_PREFIX}storage-migration
NOTIFY_HOST=${CONTAINER_PREFIX}notify
PEOPLE_SERVER_HOST=${CONTAINER_PREFIX}people-server
SOCKET_HOST=${CONTAINER_PREFIX}socket
STUDIO_NOTIFY_HOST=${CONTAINER_PREFIX}studio-notify
API_HOST=${CONTAINER_PREFIX}api
STUDIO_HOST=${CONTAINER_PREFIX}studio
SSOAUTH_HOST=${CONTAINER_PREFIX}ssoauth
TELEGRAMREPORTS_HOST=${CONTAINER_PREFIX}telegramreports
MIGRATION_RUNNER_HOST=${CONTAINER_PREFIX}migration-runner
PROXY_HOST=${CONTAINER_PREFIX}proxy
ROUTER_HOST=${CONTAINER_PREFIX}router
DOCEDITOR_HOST=${CONTAINER_PREFIX}doceditor
LOGIN_HOST=${CONTAINER_PREFIX}login
MANAGEMENT_HOST={CONTAINER_PREFIX}management
HELTHCHECKS_HOST=${CONTAINER_PREFIX}healthchecks
# router upstream environment #
SERVICE_API_SYSTEM=${API_SYSTEM_HOST}:${SERVICE_PORT}
SERVICE_BACKUP=${BACKUP_HOST}:${SERVICE_PORT}
SERVICE_BACKUP_BACKGRUOND_TASKS=${BACKUP_BACKGRUOND_TASKS_HOST}:${SERVICE_PORT}
SERVICE_CLEAR_EVENTS=${CLEAR_EVENTS_HOST}:${SERVICE_PORT}
SERVICE_FILES=${FILES_HOST}:${SERVICE_PORT}
SERVICE_FILES_SERVICES=${FILES_SERVICES_HOST}:${SERVICE_PORT}
SERVICE_STORAGE_MIGRATION=${STORAGE_MIGRATION_HOST}:${SERVICE_PORT}
SERVICE_NOTIFY=${NOTIFY_HOST}:${SERVICE_PORT}
SERVICE_PEOPLE_SERVER=${PEOPLE_SERVER_HOST}:${SERVICE_PORT}
SERVICE_SOCKET=${SOCKET_HOST}:${SERVICE_PORT}
SERVICE_STUDIO_NOTIFY=${STUDIO_NOTIFY_HOST}:${SERVICE_PORT}
SERVICE_API=${API_HOST}:${SERVICE_PORT}
SERVICE_STUDIO=${STUDIO_HOST}:${SERVICE_PORT}
SERVICE_SSOAUTH=${SSOAUTH_HOST}:${SERVICE_PORT}
SERVICE_TELEGRAMREPORTS=${TELEGRAMREPORTS_HOST}:${SERVICE_PORT}
SERVICE_DOCEDITOR=${DOCEDITOR_HOST}:5013
SERVICE_LOGIN=${LOGIN_HOST}:5011
SERVICE_MANAGEMENT={MANAGEMENT_HOST}:${SERVICE_PORT}
SERVICE_HELTHCHECKS=${HELTHCHECKS_HOST}:${SERVICE_PORT}
NETWORK_NAME=${PRODUCT}
COMPOSE_IGNORE_ORPHANS=True
# identity #
IDENTITY_DOCKERFILE=/Dockerfile
JDBC_USER_NAME=root
JDBC_PASSWORD=${MYSQL_ROOT_PASSWORD}
JDBC_URL=${MYSQL_CONTAINER_NAME}
JDBC_DATABASE=${MYSQL_DATABASE}
IDENTITY_PROFILE="dev"
IDENTITY_MIGRATION_CONTAINER_NAME=${CONTAINER_PREFIX}identity_migration
IDENTITY_MIGRATION_SERVER_PORT=8081
IDENTITY_AUTHORIZATION_CONTAINER_NAME=${CONTAINER_PREFIX}identity-authorization
IDENTITY_AUTHORIZATION_SERVER_PORT=8080
IDENTITY_API_CONTAINER_NAME=${CONTAINER_PREFIX}identity-api
IDENTITY_API_SERVER_PORT=9090
REDIS_ADDRESSES=redis://onlyoffice-redis:6379

34
install/docker/Dockerfile
View File

@ -28,7 +28,7 @@ ARG PRODUCT_VERSION=0.0.0
ARG BUILD_NUMBER=0
LABEL onlyoffice.appserver.release-date="${RELEASE_DATE}" \
maintainer="Ascensio System SIA <support@onlyoffice.com>"
maintainer="Ascensio System SIA <support@onlyoffice.com>"
ENV LANG=en_US.UTF-8 \
LANGUAGE=en_US:en \
@ -40,10 +40,10 @@ COPY . .
RUN apt-get -y update && \
apt-get install -yq \
sudo \
locales \
git \
npm && \
sudo \
locales \
git \
npm && \
locale-gen en_US.UTF-8 && \
npm install --global yarn && \
echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
@ -81,7 +81,7 @@ RUN mkdir -p /app/onlyoffice/ && \
rm -rf ${SRC_PATH}/products/ASC.Files/Service/* && \
rm -rf ${SRC_PATH}/products/ASC.Files/Server/* && \
rm -rf ${SRC_PATH}/products/ASC.People/Server/*
FROM $DOTNET_RUN as dotnetrun
ARG BUILD_PATH
ARG SRC_PATH
@ -98,16 +98,16 @@ RUN mkdir -p /var/log/onlyoffice && \
chown onlyoffice:onlyoffice /var/www -R && \
apt-get -y update && \
apt-get install -yq \
python3-pip \
nano \
curl \
vim \
libgdiplus && \
python3-pip \
nano \
curl \
vim \
libgdiplus && \
pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces && \
rm -rf /var/lib/apt/lists/*
COPY --from=base --chown=onlyoffice:onlyoffice /app/onlyoffice/config/* /app/onlyoffice/config/
#USER onlyoffice
EXPOSE 5050
ENTRYPOINT ["python3", "docker-entrypoint.py"]
@ -127,10 +127,10 @@ RUN mkdir -p /var/log/onlyoffice && \
chown onlyoffice:onlyoffice /var/www -R && \
apt-get -y update && \
apt-get install -yq \
nano \
curl \
vim \
python3-pip && \
nano \
curl \
vim \
python3-pip && \
pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
rm -rf /var/lib/apt/lists/*
@ -176,6 +176,8 @@ RUN chown nginx:nginx /etc/nginx/* -R && \
sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
if [[ -z "${SERVICE_CLIENT}" ]] ; then sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
if [[ -z "${SERVICE_MANAGEMENT}" ]] ; then sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \

52
install/docker/Dockerfile.app
View File

@ -17,7 +17,7 @@ ARG DEBUG_INFO="true"
ARG PUBLISH_CNF="Release"
LABEL onlyoffice.appserver.release-date="${RELEASE_DATE}" \
maintainer="Ascensio System SIA <support@onlyoffice.com>"
maintainer="Ascensio System SIA <support@onlyoffice.com>"
ENV LANG=en_US.UTF-8 \
LANGUAGE=en_US:en \
@ -25,11 +25,11 @@ ENV LANG=en_US.UTF-8 \
RUN apt-get -y update && \
apt-get install -yq \
sudo \
locales \
git \
python3-pip \
npm && \
sudo \
locales \
git \
python3-pip \
npm && \
locale-gen en_US.UTF-8 && \
npm install --global yarn && \
echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
@ -66,7 +66,7 @@ RUN cd ${SRC_PATH} && \
rm -rf ${SRC_PATH}/server/products/ASC.Files/Server/* && \
rm -rf ${SRC_PATH}/server/products/ASC.Files/Service/* && \
rm -rf ${SRC_PATH}/server/products/ASC.People/Server/*
COPY config/mysql/conf.d/mysql.cnf /etc/mysql/conf.d/mysql.cnf
FROM $DOTNET_RUN as dotnetrun
@ -85,17 +85,17 @@ RUN mkdir -p /var/log/onlyoffice && \
chown onlyoffice:onlyoffice /var/www -R && \
apt-get -y update && \
apt-get install -yq \
sudo \
nano \
curl \
vim \
python3-pip \
libgdiplus && \
sudo \
nano \
curl \
vim \
python3-pip \
libgdiplus && \
pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
rm -rf /var/lib/apt/lists/*
COPY --from=base --chown=onlyoffice:onlyoffice /app/onlyoffice/config/* /app/onlyoffice/config/
#USER onlyoffice
EXPOSE 5050
ENTRYPOINT ["python3", "docker-entrypoint.py"]
@ -115,12 +115,12 @@ RUN mkdir -p /var/log/onlyoffice && \
chown onlyoffice:onlyoffice /var/www -R && \
apt-get -y update && \
apt-get install -yq \
sudo \
nano \
curl \
vim \
python3-pip && \
pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
sudo \
nano \
curl \
vim \
python3-pip && \
pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
rm -rf /var/lib/apt/lists/*
COPY --from=base --chown=onlyoffice:onlyoffice /app/onlyoffice/config/* /app/onlyoffice/config/
@ -170,6 +170,8 @@ RUN sed -i 's/127.0.0.1:5010/$service_api_system/' /etc/nginx/conf.d/onlyoffice.
sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
if [[ -z "${SERVICE_CLIENT}" ]] ; then sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
if [[ -z "${SERVICE_MANAGEMENT}" ]] ; then sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \
@ -253,11 +255,11 @@ ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64
WORKDIR ${BUILD_PATH}/products/ASC.Files/service/
RUN echo "deb http://security.ubuntu.com/ubuntu focal-security main" | tee /etc/apt/sources.list && \
apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \
apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \
apt-get -y update && \
apt-get install -yq libssl1.1 && \
rm -rf /var/lib/apt/lists/*
apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \
apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \
apt-get -y update && \
apt-get install -yq libssl1.1 && \
rm -rf /var/lib/apt/lists/*
COPY --chown=onlyoffice:onlyoffice docker-entrypoint.py ./docker-entrypoint.py
COPY --from=base --chown=onlyoffice:onlyoffice ${BUILD_PATH}/services/ASC.Files.Service/service/ .

20
install/docker/Dockerfile.runtime
View File

@ -36,11 +36,11 @@ RUN mkdir -p /var/log/onlyoffice && \
chown onlyoffice:onlyoffice /var/www -R && \
apt-get -y update && \
apt-get install -yq \
python3-pip \
nano \
curl \
vim \
libgdiplus && \
python3-pip \
nano \
curl \
vim \
libgdiplus && \
pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
rm -rf /var/lib/apt/lists/*
@ -64,10 +64,10 @@ RUN mkdir -p /var/log/onlyoffice && \
chown onlyoffice:onlyoffice /var/www -R && \
apt-get -y update && \
apt-get install -yq \
nano \
curl \
vim \
python3-pip && \
nano \
curl \
vim \
python3-pip && \
pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
rm -rf /var/lib/apt/lists/*
@ -122,6 +122,8 @@ RUN chown onlyoffice:onlyoffice /etc/nginx/* -R && \
sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf && \
sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \

12
install/docker/config/nginx/templates/upstream.conf.template
View File

@ -54,6 +54,18 @@ map $SERVICE_API $service_api {
default $SERVICE_API;
}
map $SERVICE_IDENTITY_API $service_identity_api {
volatile;
"" 127.0.0.1:9090;
default $SERVICE_IDENTITY_API;
}
map $SERVICE_IDENTITY $service_identity {
volatile;
"" 127.0.0.1:8080;
default $SERVICE_IDENTITY;
}
map $SERVICE_STUDIO $service_studio {
volatile;
"" 127.0.0.1:5003;

2
install/docker/docspace.profiles.yml
View File

@ -264,6 +264,8 @@ services:
- SERVICE_NOTIFY=${SERVICE_NOTIFY}
- SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER}
- SERVICE_SOCKET=${SERVICE_SOCKET}
- SERVICE_IDENTITY_API=${SERVICE_IDENTITY_API}
- SERVICE_IDENTITY=${SERVICE_IDENTITY}
- SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY}
- SERVICE_API=${SERVICE_API}
- SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM}

58
install/docker/docspace.yml
View File

@ -1,5 +1,5 @@
x-healthcheck:
&x-healthcheck
version: "3.8"
x-healthcheck: &x-healthcheck
test: curl --fail http://127.0.0.1 || exit 1
interval: 60s
retries: 5
@ -64,48 +64,48 @@ services:
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup-background:${DOCKER_TAG}"
container_name: ${BACKUP_BACKGRUOND_TASKS_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1
onlyoffice-backup:
<<: *x-service-base
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup:${DOCKER_TAG}"
container_name: ${BACKUP_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1
onlyoffice-clear-events:
<<: *x-service-base
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-clear-events:${DOCKER_TAG}"
container_name: ${CLEAR_EVENTS_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1
onlyoffice-files:
<<: *x-service-base
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files:${DOCKER_TAG}"
container_name: ${FILES_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_FILES}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_FILES}/health/ || exit 1
onlyoffice-files-services:
<<: *x-service-base
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files-services:${DOCKER_TAG}"
container_name: ${FILES_SERVICES_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1
onlyoffice-people-server:
<<: *x-service-base
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-people-server:${DOCKER_TAG}"
container_name: ${PEOPLE_SERVER_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1
onlyoffice-socket:
<<: *x-service-base
@ -119,32 +119,32 @@ services:
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio-notify:${DOCKER_TAG}"
container_name: ${STUDIO_NOTIFY_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1
onlyoffice-api:
<<: *x-service-base
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api:${DOCKER_TAG}"
container_name: ${API_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_API}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_API}/health/ || exit 1
onlyoffice-api-system:
<<: *x-service-base
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api-system:${DOCKER_TAG}"
container_name: ${API_SYSTEM_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1
onlyoffice-studio:
<<: *x-service-base
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio:${DOCKER_TAG}"
container_name: ${STUDIO_HOST}
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1
onlyoffice-ssoauth:
<<: *x-service-base
@ -161,8 +161,8 @@ services:
expose:
- "5013"
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_DOCEDITOR}/doceditor/health || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_DOCEDITOR}/doceditor/health || exit 1
onlyoffice-login:
<<: *x-service-base
@ -171,16 +171,16 @@ services:
expose:
- "5011"
healthcheck:
<<: *x-healthcheck
test: curl --fail http://${SERVICE_LOGIN}/login/health || exit 1
<<: *x-healthcheck
test: curl --fail http://${SERVICE_LOGIN}/login/health || exit 1
onlyoffice-router:
image: "${REPO}/${DOCKER_IMAGE_PREFIX}-router:${DOCKER_TAG}"
container_name: ${ROUTER_HOST}
restart: always
healthcheck:
<<: *x-healthcheck
test: nginx -t || exit 1
<<: *x-healthcheck
test: nginx -t || exit 1
expose:
- "8081"
- "8099"
@ -208,6 +208,8 @@ services:
- SERVICE_NOTIFY=${SERVICE_NOTIFY}
- SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER}
- SERVICE_SOCKET=${SERVICE_SOCKET}
- SERVICE_IDENTITY_API=${SERVICE_IDENTITY_API}
- SERVICE_IDENTITY=${SERVICE_IDENTITY}
- SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY}
- SERVICE_API=${SERVICE_API}
- SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM}

69
install/docker/identity.yml Normal file
View File

@ -0,0 +1,69 @@
version: "3.8"
services:
onlyoffice-identity-authorization:
build:
context: ../../../server/common/ASC.Identity
dockerfile: ${IDENTITY_DOCKERFILE}
args:
- MODULE=authorization/authorization-container
container_name: ${IDENTITY_AUTHORIZATION_CONTAINER_NAME}
restart: always
ports:
- 8080:8080
environment:
- SPRING_PROFILES_ACTIVE=${IDENTITY_PROFILE}
- SPRING_APPLICATION_NAME=ASC.Identity.Authorization
- SERVER_PORT=${IDENTITY_AUTHORIZATION_SERVER_PORT}
- JDBC_PASSWORD=${JDBC_PASSWORD}
- JDBC_URL=${JDBC_URL}
- JDBC_USER_NAME=${JDBC_USER_NAME}
- JDBC_DATABASE=${JDBC_DATABASE}
- RABBIT_HOST=onlyoffice-rabbitmq
- REDIS_HOST=onlyoffice-redis
depends_on:
- onlyoffice-identity-migration
onlyoffice-identity-api:
build:
context: ../../../server/common/ASC.Identity
dockerfile: ${IDENTITY_DOCKERFILE}
args:
- MODULE=registration/registration-container
container_name: ${IDENTITY_API_CONTAINER_NAME}
ports:
- 9090:9090
environment:
- SPRING_PROFILES_ACTIVE=${PROFILE}
- SPRING_APPLICATION_NAME=ASC.Identity.Registration
- SERVER_PORT=${IDENTITY_API_SERVER_PORT}
- JDBC_PASSWORD=${JDBC_PASSWORD}
- JDBC_URL=${JDBC_URL}
- JDBC_USER_NAME=${JDBC_USER_NAME}
- JDBC_DATABASE=${JDBC_DATABASE}
- RABBIT_HOST=onlyoffice-rabbitmq
- REDIS_HOST=onlyoffice-redis
depends_on:
- onlyoffice-identity-migration
onlyoffice-identity-migration:
build:
context: ../../../server/common/ASC.Identity
dockerfile: ${IDENTITY_DOCKERFILE}
args:
- MODULE=infrastructure/infrastructure-migration-runner
container_name: ${IDENTITY_MIGRATION_CONTAINER_NAME}
restart: "no"
ports:
- 8081:8081
environment:
- JDBC_PASSWORD=${JDBC_PASSWORD}
- JDBC_URL=${JDBC_URL}
- JDBC_USER_NAME=${JDBC_USER_NAME}
- JDBC_DATABASE=${JDBC_DATABASE}
- RABBIT_HOST=onlyoffice-rabbitmq
- REDIS_HOST=onlyoffice-redis
networks:
default:
name: ${NETWORK_NAME}
external: true

12
run/IdentityApi.xml Normal file
View File

@ -0,0 +1,12 @@
<service>
<id>OnlyofficeIdentityApi</id>
<name>ONLYOFFICE IdentityApi</name>
<startmode>manual</startmode>
<executable>java</executable>
<env name="LOG_FILE_PATH" value="../../Logs/identity-api.log"/>
<env name="SPRING_PROFILES_ACTIVE" value=""/>
<arguments>-jar ../../server/common/ASC.Identity/registration/registration-container/target/registration-container-1.0.0.jar</arguments>
<log mode="none"/>
<delayedAutoStart>true</delayedAutoStart>
<onfailure action="restart" delay="5 sec" />
</service>

12
run/IdentityMigration.xml Normal file
View File

@ -0,0 +1,12 @@
<service>
<id>OnlyofficeIdentityMigration</id>
<name>ONLYOFFICE IdentityMigration</name>
<startmode>manual</startmode>
<executable>java</executable>
<env name="LOG_FILE_PATH" value="../../Logs/identity-migration.log"/>
<env name="SPRING_PROFILES_ACTIVE" value="dev"/>
<arguments>-jar ../../server/common/ASC.Identity/infrastructure/infrastructure-migration-runner/target/infrastructure-migration-runner-1.0.0.jar</arguments>
<log mode="none"/>
<delayedAutoStart>true</delayedAutoStart>
<onfailure action="restart" delay="5 sec" />
</service>

13
run/IdentityService.xml Normal file
View File

@ -0,0 +1,13 @@
<service>
<id>OnlyofficeIdentityService</id>
<name>ONLYOFFICE IdentityService</name>
<startmode>manual</startmode>
<executable>java</executable>
<env name="LOG_FILE_PATH" value="../../Logs/identity-authorization.log"/>
<env name="SERVER_PORT" value="8080"/>
<env name="SPRING_PROFILES_ACTIVE" value=""/>
<arguments>-jar ../../server/common/ASC.Identity/authorization/authorization-container/target/authorization-container-1.0.0.jar</arguments>
<log mode="none"/>
<delayedAutoStart>true</delayedAutoStart>
<onfailure action="restart" delay="5 sec" />
</service>

3
run/Login.xml
View File

@ -3,7 +3,8 @@
<name>ONLYOFFICE Login SSR</name>
<startmode>manual</startmode>
<executable>node</executable>
<arguments>../../publish/web/login/server.js</arguments>
<arguments>server.js</arguments>
<workingdirectory>%BASE%\..\..\client\packages\login</workingdirectory>
<log mode="none"/>
<delayedAutoStart>true</delayedAutoStart>
<onfailure action="none" />

28
scripts/identity.bat Normal file
View File

@ -0,0 +1,28 @@
PUSHD %~dp0..
cd %~dp0../../server/common/ASC.Identity/
echo Start build ASC.Identity project...
echo.
echo ASC.Identity: resolves all project dependencies...
echo.
call mvn dependency:go-offline -q
if %errorlevel% == 0 (
echo ASC.Identity: take the compiled code and package it in its distributable format, such as a JAR...
call mvn package -DskipTests -q
)
if %errorlevel% == 0 (
echo ASC.Identity: build completed
echo.
)
POPD