Add identity packages

Co-authored-by: Alexey Safronov <Alexey.Safronov@onlyoffice.com>

.github/workflows/ci-oci-docker-install.yml

@@ -8,31 +8,31 @@ on:
       - 'install/OneClickInstall/install-Docker.sh'
   workflow_dispatch:
     inputs:
-      script-branch:
-        description: 'Branch for OCI script docker'
+      offline:
+        description: 'Publish 4testing offline archive'
         required: true
-        type: string
-        default: master
-    
+        default: false
+        type: boolean
+
 jobs:
   Install-OneClickInstall-Docker:
     runs-on: ubuntu-22.04
     steps:
-      - name: Test OCI docker scripts
+      - name: Determine Branch Name
+        run: |
+          BRANCH_NAME=$([ "${{ github.event_name }}" = "pull_request" ] && echo "${{ github.event.pull_request.head.ref }}" || echo "${GITHUB_REF#refs/heads/}")
+          echo "BRANCH_NAME=${BRANCH_NAME:-master}" >> $GITHUB_ENV
+
+      - name: Free Disk Space
         run: |
           sudo docker image prune --all --force
-          
-          BRANCH_NAME=$(
-            case "${{ github.event_name }}" in
-              pull_request) echo "${{ github.event.pull_request.head.ref }}";;
-              workflow_dispatch) echo "${{ github.event.inputs.script-branch }}";;
-              push) echo "${GITHUB_REF#refs/heads/}";;
-            esac
-          )
 
-          wget https://download.onlyoffice.com/docspace/docspace-install.sh
-          sed '/bash install-Docker.sh/i sed -i "1i set -x" install-Docker.sh' -i docspace-install.sh
-          sudo bash docspace-install.sh docker -skiphc true -noni true $([ $BRANCH_NAME != "master" ] && echo "-gb $BRANCH_NAME -s 4testing-") || exit $?
+      - name: Test OCI docker scripts
+        run: |
+          wget https://download.onlyoffice.com/docspace/docspace-enterprise-install.sh
+          sed '/bash install-Docker.sh/i sed -i "1i set -x" install-Docker.sh' -i docspace-enterprise-install.sh
+          sed '/bash install-Docker.sh/i sed -i "/docker-compose.*up -d/ s/$/ --quiet-pull/" install-Docker.sh' -i docspace-enterprise-install.sh
+          sudo bash docspace-enterprise-install.sh docker -docsi onlyoffice/documentserver-ee -skiphc true -noni true $([ ${{ env.BRANCH_NAME }} != "master" ] && echo "-gb ${{ env.BRANCH_NAME }} -s 4testing-") || exit $?
           
           echo -n "Waiting for all containers to start..."
           timeout 300 bash -c 'while docker ps | grep -q "starting"; do sleep 5; done' && echo "OK" || echo "container_status=timeout" >> $GITHUB_ENV
@@ -46,7 +46,7 @@ jobs:
                 "no healthcheck") color="\033[0;33m" ;;                               # yellow
                 *) color="\033[0;31m"; echo "container_status=red" >> $GITHUB_ENV ;;  # red
               esac;
-              printf "%-30s ${color}%s\033[0m\n" "{}:" "$status";
+              printf "%-50s ${color}%s\033[0m\n" "{}:" "$status";
           '
       
       - name: Print logs for crashed container
@@ -66,3 +66,60 @@ jobs:
               red) echo "One or more containers have status 'red'. Job will fail."; exit 1 ;;
           esac
 
+      - name: Checkout repository
+        if: ${{ github.event.inputs.offline == 'true' }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BRANCH_NAME }}
+
+      - name: Free Disk Space
+        if: ${{ github.event.inputs.offline == 'true' }}
+        run: |
+          docker stop $(docker ps -a -q) && docker rm $(docker ps -a -q) && docker volume rm $(docker volume ls -q)
+          sudo rm -rf /usr/local/lib/android /opt/ghc
+
+      - name: Creating 4testing offline self-extracting archive
+        if: ${{ github.event.inputs.offline == 'true' }}
+        run: |
+          INSTALL_PATH=${{ github.workspace }}/install
+
+          docker images --format "{{.Repository}}:{{.Tag}}" | grep "4testing-" | xargs -I{} bash -c '
+            docker tag "$1" $(echo "${1/4testing-/}" | sed -E "s/([0-9]+\.[0-9]+\.[0-9]+)\.[0-9]+/\1/")
+            docker rmi "$1"
+          ' _ {}
+
+          sed -i 's~\(OFFLINE_INSTALLATION="\|SKIP_HARDWARE_CHECK="\).*"$~\1true"~' "${INSTALL_PATH}/OneClickInstall/install-Docker.sh"
+
+          echo "Creating offline self-extracting archive..."
+          docker save $(docker images --format "{{.Repository}}:{{.Tag}}") | xz --verbose -T0 -z -9e > ${INSTALL_PATH}/docker_images.tar.xz
+          cd ${INSTALL_PATH}/docker && tar -czvf ${INSTALL_PATH}/docker.tar.gz --exclude='config/supervisor*' *.yml .env config/
+          
+          tar -cvf ${INSTALL_PATH}/offline-docspace.tar \
+          -C "${INSTALL_PATH}/OneClickInstall" install-Docker.sh \
+          -C "${INSTALL_PATH}" docker_images.tar.xz \
+          -C "${INSTALL_PATH}" docker.tar.gz
+          rm -rf ${INSTALL_PATH}/docker_images.tar.xz ${INSTALL_PATH}/docker.tar.gz
+
+          echo "ARTIFACT_NAME=${ARTIFACT_NAME:=4testing-offline-docspace-installation.sh}" >> $GITHUB_ENV
+          cat ${INSTALL_PATH}/common/self-extracting.sh ${INSTALL_PATH}/offline-docspace.tar > ${INSTALL_PATH}/${ARTIFACT_NAME}
+          chmod +x ${INSTALL_PATH}/${ARTIFACT_NAME} 
+
+      - name: Configure AWS Credentials
+        if: ${{ github.event.inputs.offline == 'true' }}
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_OCI }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_OCI }}
+          aws-region: us-east-1
+      
+      - name: Upload 4testing offline self-extracting archive
+        if: ${{ github.event.inputs.offline == 'true' }}
+        run: |
+          aws s3 cp ${{ github.workspace }}/install/${{ env.ARTIFACT_NAME }} \
+            ${{ secrets.AWS_BUCKET_URL_OCI }}/${{ env.ARTIFACT_NAME }} \
+            --acl public-read \
+            --content-type application/x-xz \
+            --metadata-directive REPLACE 
+          aws cloudfront create-invalidation \
+            --distribution-id ${{ secrets.AWS_DISTRIBUTION_ID_OCI }} \
+            --paths "/docspace/${{ env.ARTIFACT_NAME }}"

.github/workflows/ci-oci-install.yml

@@ -5,9 +5,10 @@ on:
     types: [opened, reopened, synchronize]
     paths:
       - '.github/workflows/ci-oci-install.yml'
-      - 'install/OneClickInstall/**'
-      - '!install/OneClickInstall/install-Docker.sh'
-      - '!install/OneClickInstall/docspace-install.sh'
+      - 'install/OneClickInstall/install-Debian/**'
+      - 'install/OneClickInstall/install-RedHat/**'
+      - 'install/OneClickInstall/install-Debian.sh'
+      - 'install/OneClickInstall/install-RedHat.sh'
 
   schedule:
     - cron: '00 20 * * 6'  # At 23:00 on Saturday.
@@ -57,6 +58,19 @@ jobs:
     outputs:
       matrix: ${{ steps.set-matrix.outputs.matrix }}
     steps:
+      - name: Checkout code
+        if: github.event_name == 'pull_request'
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Determine affected distributions
+        id: determine-distros
+        if: github.event_name == 'pull_request'
+        run: |
+          CHANGED_FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }})
+          echo "debian_changed=$(echo "$CHANGED_FILES" | grep -q 'install-Debian' && echo true || echo false)" >> $GITHUB_ENV
+          echo "redhat_changed=$(echo "$CHANGED_FILES" | grep -q 'install-RedHat' && echo true || echo false)" >> $GITHUB_ENV 
 
       - name: Set matrix names
         id: set-matrix
@@ -69,11 +83,20 @@ jobs:
               {"execute": '${{ github.event.inputs.debian12 || true }}', "name": "Debian12", "os": "debian12", "distr": "generic"},
               {"execute": '${{ github.event.inputs.ubuntu2004 || true }}', "name": "Ubuntu20.04", "os": "ubuntu2004", "distr": "generic"},
               {"execute": '${{ github.event.inputs.ubuntu2204 || true }}', "name": "Ubuntu22.04", "os": "ubuntu2204", "distr": "generic"},
-              {"execute": '${{ github.event.inputs.ubuntu2204 || true }}', "name": "Ubuntu24.04", "os": "ubuntu-24.04", "distr": "bento"},            
+              {"execute": '${{ github.event.inputs.ubuntu2404 || true }}', "name": "Ubuntu24.04", "os": "ubuntu-24.04", "distr": "bento"},
               {"execute": '${{ github.event.inputs.fedora39 || true }}', "name": "Fedora39", "os": "39-cloud-base", "distr": "fedora"},
               {"execute": '${{ github.event.inputs.fedora40 || true }}', "name": "Fedora40", "os": "fedora-40", "distr": "bento"}
             ]
-          }' | jq -c '{include: [.include[] | select(.execute == true)]}')
+          }' | jq -c '.include')
+
+          matrix=$(jq -c --arg REDHAT_CHANGED "${{ env.redhat_changed }}" --arg DEBIAN_CHANGED "${{ env.debian_changed }}" '
+            { include: [.[] | select(
+                ($REDHAT_CHANGED == "true" and $DEBIAN_CHANGED == "true" and .execute == true) or
+                ($REDHAT_CHANGED == "true" and (.name | test("CentOS|Fedora"))) or
+                ($DEBIAN_CHANGED == "true" and (.name | test("Debian|Ubuntu"))) or
+                ($REDHAT_CHANGED == "false" and $DEBIAN_CHANGED == "false" and .execute == true))]
+            }' <<< "$matrix")
+
           echo "matrix=${matrix}" >> $GITHUB_OUTPUT
 
   vagrant-up:

.github/workflows/oci-release.yml

@@ -33,7 +33,13 @@ jobs:
       - name: Create Docker Tarball
         run: |
           cd ${{ env.DOCKER_DIR }}
-          tar -czvf ${{ env.SCRIPT_DIR }}/docker.tar.gz --exclude='config/supervisor*' *.yml .env config/
+          tar -czvf ${{ env.SCRIPT_DIR }}/docker.tar.gz \
+            --exclude='config/supervisor*' \
+            --exclude='config/mysql*' \
+            --exclude='config/nginx/docker-entrypoint*' \
+            --exclude='config/createdb.sql' \
+            --exclude='build-*' \
+            *.yml .env config
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v1

.github/workflows/offline-release.yml

@@ -0,0 +1,45 @@
+name: Upload offline self-extracting archive
+
+on:
+  workflow_dispatch:
+
+jobs:
+  release:
+    name: Upload offline self-extracting archive
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set environment variables
+        run: |
+          DOCKER_VERSION=$(curl -s https://hub.docker.com/v2/repositories/onlyoffice/4testing-docspace-api/tags/ | jq -r '.results[].name' | grep -oE '^[0-9]+\.[0-9]+\.[0-9]+' | sort -V | tail -n 1)
+          echo "ARTIFACT_NAME=offline-docspace-installation.sh" >> $GITHUB_ENV
+          echo "ARTIFACT_VERSION_NAME=offline-docspace-${DOCKER_VERSION}-installation.sh" >> $GITHUB_ENV
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_OCI }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_OCI }}
+          aws-region: us-east-1
+
+      - name: Upload offline self-extracting archive (latest)
+        run: |
+          aws s3 cp ${{ secrets.AWS_BUCKET_URL_OCI }}/4testing-${{ env.ARTIFACT_NAME }} \
+            ${{ secrets.AWS_BUCKET_URL_OCI }}/${{ env.ARTIFACT_NAME }} \
+            --acl public-read \
+            --metadata-directive REPLACE
+
+      - name: Upload offline self-extracting archive (versioned)
+        run: |
+          aws s3 cp ${{ secrets.AWS_BUCKET_URL_OCI }}/4testing-${{ env.ARTIFACT_NAME }} \
+            ${{ secrets.AWS_BUCKET_URL_OCI }}/${{ env.ARTIFACT_VERSION_NAME }} \
+            --acl public-read \
+            --metadata-directive REPLACE
+
+      - name: Invalidate AWS CloudFront cache
+        run: |
+          aws cloudfront create-invalidation \
+            --distribution-id ${{ secrets.AWS_DISTRIBUTION_ID_OCI }} \
+            --paths "/docspace/${{ env.ARTIFACT_NAME }}" "/docspace/${{ env.ARTIFACT_VERSION_NAME }}"

build.backend.docker.py

@@ -11,13 +11,14 @@ def help():
     # Display Help
     print("Build and run backend and working environment. (Use 'yarn start' to run client -> https://github.com/ONLYOFFICE/DocSpace-client)")
     print()
-    print("Syntax: available params [-h|f|s|c|d|]")
+    print("Syntax: available params [-h|f|s|c|d|i")
     print("options:")
     print("h     Print this Help.")
     print("f     Force rebuild base images.")
     print("s     Run as SAAS otherwise as STANDALONE.")
     print("c     Run as COMMUNITY otherwise ENTERPRISE.")
     print("d     Run dnsmasq.")
+    print("i     Run identity (oauth2).")
     print()
 
 
@@ -37,6 +38,8 @@ if local_ip == "127.0.0.1":
 doceditor = f"{local_ip}:5013"
 login = f"{local_ip}:5011"
 client = f"{local_ip}:5001"
+identity_auth = f"{local_ip}:8080"
+identity_api = f"{local_ip}:9090"
 management = f"{local_ip}:5015"
 portal_url = f"http://{local_ip}"
 
@@ -44,13 +47,14 @@ force = False
 dns = False
 standalone = True
 community = False
+identity = False
 
 migration_type = "STANDALONE" # SAAS
 installation_type = "ENTERPRISE"
 document_server_image_name = "onlyoffice/documentserver-de:latest"
 
 # Get the options
-opts, args = getopt.getopt(sys.argv[1:], "hfscd")
+opts, args = getopt.getopt(sys.argv[1:], "hfscdi")
 for opt, arg in opts:
     if opt == "-h":
         help()
@@ -63,6 +67,8 @@ for opt, arg in opts:
         community = arg if arg else True
     elif opt == "-d":
         dns = arg if arg else True
+    elif opt == "-i":
+        identity = arg if arg else True
     else:
         print("Error: Invalid '-" + opt + "' option")
         sys.exit()
@@ -80,6 +86,7 @@ print(f"DOCSPACE_APP_URL: {portal_url}")
 print()
 print("FORCE REBUILD BASE IMAGES:", force)
 print("Run dnsmasq:", dns)
+print("Run identity:", identity)
 
 if standalone == False:
     migration_type = "SAAS"
@@ -182,6 +189,8 @@ os.environ["SERVICE_DOCEDITOR"] = doceditor
 os.environ["SERVICE_LOGIN"] = login
 os.environ["SERVICE_MANAGEMENT"] = management
 os.environ["SERVICE_CLIENT"] = client
+os.environ["SERVICE_IDENTITY"] = identity_auth
+os.environ["SERVICE_IDENTITY_API"] = identity_api
 os.environ["ROOT_DIR"] = dir
 os.environ["BUILD_PATH"] = "/var/www"
 os.environ["SRC_PATH"] = os.path.join(dir, "publish/services")
@@ -191,6 +200,10 @@ os.environ["MIGRATION_TYPE"] = migration_type
 subprocess.run(["docker", "compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join(
     dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"])
 
+if identity:
+    print("Run identity")
+    subprocess.run(["docker-compose", "-f",os.path.join(dockerDir, "build-identity.yml"), "up", "-d" ])
+
 print()
 print("Run script directory:", dir)
 print("Root directory:", dir)

build.backend.dotnet.bat

@@ -0,0 +1,26 @@
+@echo off
+
+echo Start build backend...
+echo.
+
+cd /D "%~dp0"
+call runasadmin.bat "%~dpnx0"
+
+if %errorlevel% == 0 (
+call start\stop.bat nopause
+dotnet build ..\server\asc.web.slnf  /fl1 /flp1:logfile=asc.web.log;verbosity=normal
+echo.
+)
+
+if %errorlevel% == 0 (
+call start\start.bat nopause
+)
+
+echo.
+
+if "%1"=="nopause" goto end
+pause
+
+
+
+:end

clear.backend.docker.py

@@ -31,6 +31,10 @@ if containers or images:
     db_command = f"docker compose -f {os.path.join(docker_dir, 'db.yml')} down --volumes"
     subprocess.run(db_command, shell=True)
 
+    print("Remove docker contatiners 'Identity'")
+    identity_command = f"docker compose -f {os.path.join(docker_dir, 'identity.yml')} down --volumes"
+    subprocess.run(identity_command, shell=True)
+
     print("Remove docker volumes")
     volumes_command = f"docker volume prune -fa"
     subprocess.run(volumes_command, shell=True)

config/appsettings.json

@@ -38,7 +38,10 @@
     },
     "themelimit": "9",
     "oidc": {
-      "authority": ""
+      "authority": "",
+      "disableValidateToken": "true",
+      "requireHttps": "false",
+      "showPII": "true"
     },
     "server-root": "",
     "username": {
@@ -123,7 +126,7 @@
     "api-system": "",
     "api-cache": "",
     "images": "static/images",
-    "hide-settings": "Monitoring,LdapSettings,DocService,MailService,PublicPortal,ProxyHttpContent,SpamSubscription,FullTextSearch",
+    "hide-settings": "Monitoring,LdapSettings,DocService,MailService,PublicPortal,ProxyHttpContent,SpamSubscription,FullTextSearch,IdentityServer",
     "hub": {
       "url": "/socket.io",
       "internal": "http://localhost:9899/"
@@ -136,6 +139,7 @@
       "url": ""
     },
     "legalterms": "https://help.onlyoffice.co/products/files/doceditor.aspx?fileid=5048502&doc=SXhWMEVzSEYxNlVVaXJJeUVtS0kyYk14YWdXTEFUQmRWL250NllHNUFGbz0_IjUwNDg1MDIi0",
+    "license-url": "https://www.gnu.org/licenses/agpl-3.0.en.html",
     "support-feedback": "https://helpdesk.onlyoffice.com",
     "teamlab-site": "http://www.onlyoffice.com",
     "help-center": "https://helpcenter.onlyoffice.com/{ru|de|fr|es|it}",

config/autofac.consumers.json

@@ -33,33 +33,6 @@
 			"appleIdRedirectUrl" : "https://service.teamlab.info/oauth2.aspx"
 		  }
 	  }
-    },    
-    {
-      "type": "ASC.FederatedLogin.LoginProviders.BitlyLoginProvider, ASC.FederatedLogin",
-      "services": [
-        {
-          "type": "ASC.Core.Common.Configuration.Consumer, ASC.Core.Common"
-        }, 
-		{
-		  "type": "ASC.FederatedLogin.LoginProviders.BitlyLoginProvider, ASC.FederatedLogin"
-		}, 
-		{
-		  "key": "bitly",
-		  "type": "ASC.Core.Common.Configuration.Consumer, ASC.Core.Common"
-		}, 
-		{
-		  "key": "bitly",
-		  "type": "ASC.FederatedLogin.LoginProviders.BitlyLoginProvider, ASC.FederatedLogin"
-		}
-      ],
-	  "instanceScope": "perlifetimescope",
-	  "parameters": {
-		  "name": "bitly",
-		  "order": "13",
-		  "props": {
-			"bitlyToken": ""
-		  }
-	  }
     },
 	{
       "type": "ASC.FederatedLogin.LoginProviders.BoxLoginProvider, ASC.FederatedLogin",
@@ -93,33 +66,6 @@
 	  }
     }, 
 	{
-      "type": "ASC.Web.Core.Sms.ClickatellProvider, ASC.Web.Core",
-      "services": [
-        {
-          "type": "ASC.Core.Common.Configuration.Consumer, ASC.Core.Common"
-        }, 
-		{
-		  "type": "ASC.Web.Core.Sms.ClickatellProvider, ASC.Web.Core"
-		}, 
-		{
-		  "key": "clickatell",
-		  "type": "ASC.Core.Common.Configuration.Consumer, ASC.Core.Common"
-		}, 
-		{
-		  "key": "clickatell",
-		  "type": "ASC.Web.Core.Sms.ClickatellProvider, ASC.Web.Core"
-		}
-      ],
-	  "instanceScope": "perlifetimescope",
-	  "parameters": {
-		  "name": "clickatell",
-		  "order": "10",
-		  "props": {
-			"clickatellapiKey": ""
-		  }
-	  }
-    },
-	{
       "type": "ASC.FederatedLogin.LoginProviders.DropboxLoginProvider, ASC.FederatedLogin",
       "services": [
         {
@@ -394,37 +340,6 @@
 			"twiliosender": ""
 		  }
 	  }
-    },
-	{
-      "type": "ASC.FederatedLogin.LoginProviders.WordpressLoginProvider, ASC.FederatedLogin",
-      "services": [
-        {
-          "type": "ASC.Core.Common.Configuration.Consumer, ASC.Core.Common"
-        }, 
-		{
-		  "type": "ASC.FederatedLogin.LoginProviders.WordpressLoginProvider, ASC.FederatedLogin"
-		}, 
-		{
-		  "key": "wordpress",
-		  "type": "ASC.Core.Common.Configuration.Consumer, ASC.Core.Common"
-		}, 
-		{
-		  "key": "wordpress",
-		  "type": "ASC.FederatedLogin.LoginProviders.WordpressLoginProvider, ASC.FederatedLogin"
-		}
-      ],
-	  "instanceScope": "perlifetimescope",
-	  "parameters": {
-		  "name": "wordpress",
-		  "order": "15",
-		  "props": {
-			"wpClientId": "",
-			"wpClientSecret": ""
-		  },
-		  "additional": {
-			"wpRedirectUrl" : "https://service.teamlab.info/oauth2.aspx"
-		  }
-	  }
     },
 	{
       "type": "ASC.Core.Common.Configuration.DataStoreConsumer, ASC.Core.Common",
@@ -529,39 +444,6 @@
 			"region" : ""
 		  }
 	  }
-    },
-	{
-      "type": "ASC.Core.Common.Configuration.DataStoreConsumer, ASC.Core.Common",
-      "services": [
-        {
-          "type": "ASC.Core.Common.Configuration.Consumer, ASC.Core.Common"
-        }, 
-		{
-		  "type": "ASC.Core.Common.Configuration.DataStoreConsumer, ASC.Core.Common"
-		}, 
-		{
-		  "key": "selectel",
-		  "type": "ASC.Core.Common.Configuration.Consumer, ASC.Core.Common"
-		}, 
-		{
-		  "key": "selectel",
-		  "type": "ASC.Core.Common.Configuration.DataStoreConsumer, ASC.Core.Common"
-		}
-      ],
-	  "instanceScope": "perlifetimescope",
-	  "parameters": {
-		  "name": "selectel",
-		  "order": "23",
-		  "props": {
-			"authUser": "",
-			"authPwd": ""
-		  },
-		  "additional": {
-			"handlerType" : "ASC.Data.Storage.Selectel.SelectelStorage, ASC.Data.Storage",
-			"public_container" : "",
-			"private_container" : ""
-		  }
-	  }
     },
 	{
 		"type": "ASC.FederatedLogin.LoginProviders.ZoomLoginProvider, ASC.FederatedLogin",

config/dnsmasq.conf

@@ -9,6 +9,6 @@ server=8.8.4.4
 server=8.8.8.8
 strict-order
 #serve all .company queries using a specific nameserver
-server=/site/127.0.0.1
+server=/site/192.168.0.18
 #explicitly define host-ip mappings
-address=/docspace.site/127.0.0.1
+address=/docspace.site/192.168.0.18

config/nginx/includes/server-dashboards.conf

@@ -0,0 +1,12 @@
+location ^~ /dashboards/ {
+    auth_basic "Restricted Access";
+    auth_basic_user_file /etc/nginx/.htpasswd_dashboards;
+    
+    rewrite ^/dashboards(/.*)$ $1 break;
+    proxy_pass http://127.0.0.1:5601;
+    proxy_redirect off;
+    proxy_buffering off;
+
+    proxy_set_header Connection "Keep-Alive";
+    proxy_set_header Proxy-Connection "Keep-Alive";
+}

config/nginx/onlyoffice.conf

@@ -44,7 +44,7 @@ map $request_uri $header_x_frame_options {
 
 map $request_uri $cache_control {
   default "no-cache, no-store, no-transform";
-  ~*\/(filehandler\.ashx\?action=(thumb|preview))|\/(storage\/room_logos\/root\/.*\?hash.*|storage\/userPhotos\/root\/.*\?hash.*|storage\/whitelabel\/root\/.*\?hash.*|storage\/static_partnerdata\/root\/.*\?hash.*) "must-revalidate, no-transform, immutable, max-age=31536000";
+  ~*\/(filehandler\.ashx\?action=(thumb|preview))|\/(storage\/room_logos\/root\/.*\?hash.*|storage\/userPhotos\/root\/.*\?hash.*|storage\/whitelabel\/root\/.*\?hash.*|storage\/static_partnerdata\/root\/.*\?hash.*) "must-revalidate, no-transform, immutable, max-age=31536000, private";
   ~*\/(api\/2\.0.*|storage|login\.ashx|filehandler\.ashx|ChunkedUploader.ashx|ThirdPartyAppHandler|apisystem|sh|remoteEntry\.js|debuginfo\.md|static\/scripts\/api\.js|static\/scripts\/sdk\/.*|static\/scripts\/api\.poly\.js) "no-cache, no-store, no-transform";
   ~*\/(static\/images\/.*)|\/(_next\/public\/images\/.*)|\.(js|woff|woff2|css)|(locales.*\.json) "must-revalidate, no-transform, immutable, max-age=31536000";
 }
@@ -54,6 +54,13 @@ map $request_uri $content_security_policy {
         ~*\/(ds-vpath)\/ "default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; img-src * data:; style-src * 'unsafe-inline' data:; font-src * data:; frame-src * ascdesktop:; object-src; connect-src * ascdesktop:;";
 }
 
+map $request_time $request_time_ms {
+    ~^0\.000$ 0;
+    ~^0\.(?:0*)([^0].*)$ $1;
+    ~^([^0][^.]*)\.(.*)$ $1$2;
+}
+
+
 include /etc/nginx/includes/onlyoffice-*.conf;
 
 server_names_hash_bucket_size 128;
@@ -65,7 +72,7 @@ server {
 	add_header X-Content-Type-Options "nosniff";
 	add_header X-Frame-Options $header_x_frame_options;
 	add_header Cache-Control $cache_control;
-	add_header Permissions-Policy "autoplay=(), geolocation=(), camera=(), microphone=(), interest-cohort=()";
+	add_header Permissions-Policy "autoplay=(), geolocation=(), camera=(), interest-cohort=()";
 
 	root $public_root;	
 	etag on;
@@ -98,7 +105,8 @@ server {
 	proxy_set_header Upgrade $http_upgrade;
 	proxy_set_header Connection $proxy_connection;
 	proxy_set_header Proxy "";
-		
+	proxy_buffering off;
+			
 	set $csp "";
 	access_by_lua '
 	local accept_header = ngx.req.get_headers()["Accept"]
@@ -158,18 +166,7 @@ server {
 		
 	}
 	
-	location ^~ /dashboards/ {
-		auth_basic "Restricted Access";
-		auth_basic_user_file /etc/nginx/.htpasswd_dashboards;
-		
-		rewrite ^/dashboards(/.*)$ $1 break;
-		proxy_pass http://127.0.0.1:5601;
-		proxy_redirect off;
-		proxy_buffering off;
-
-		proxy_set_header Connection "Keep-Alive";
-		proxy_set_header Proxy-Connection "Keep-Alive";
-	}
+	include /etc/nginx/includes/server-*.conf;
 
 	location / {
 		proxy_pass http://127.0.0.1:5001;
@@ -288,6 +285,9 @@ server {
 	}
 	
 	location /api/2.0 {
+        add_header Trailer Server-Timing;
+        add_header Server-Timing "proxy-request-time;dur=${request_time_ms}";
+		
 		location ~* /(files|privacyroom) {
 			 proxy_pass http://127.0.0.1:5007;
 		}
@@ -323,7 +323,26 @@ server {
         location ~* /migration {
 			 proxy_pass http://127.0.0.1:5034;
 		}
+
+		location ~* /(clients|scopes) {
+			 proxy_pass http://127.0.0.1:9090;
+		}
+
+		location ~* /oauth2 {
+			rewrite api/2.0/(.*) /$1  break;
+			proxy_redirect off;
+			proxy_pass http://127.0.0.1:8080;
+		}
     }
+	
+	location /oauth2/.well-known/openid-configuration {
+		rewrite oauth2/(.*) /$1  break;
+		proxy_pass http://127.0.0.1:8080;
+	}
+
+	location /oauth2 {
+		proxy_pass http://127.0.0.1:8080;
+	}
 
 	location /sso {
 		rewrite sso/(.*) /$1  break;

config/nlog.config

@@ -51,6 +51,7 @@
 		<logger name="ASC.SQL" minlevel="Debug" writeTo="sql" final="true" />
 		<logger name="ASC*" minlevel="Debug" writeTo="web">
 			<filters defaultAction="Log">
+				<when condition="contains('${logger}', 'ASC.SQL')" action="Ignore" />
 				<when condition="regex-matches('${scope-property:RequestPath}', '^/health/?$', 'ignorecase,singleline')" action="Ignore" /> 
 			</filters>
 		</logger>

install/OneClickInstall/install-Docker.sh

@@ -39,7 +39,7 @@ PROXY_YML="${BASE_DIR}/proxy.yml"
 STATUS=""
 DOCKER_TAG=""
 INSTALLATION_TYPE="ENTERPRISE"
-IMAGE_NAME="${PACKAGE_SYSNAME}/${PRODUCT}-api"
+IMAGE_NAME="${PACKAGE_SYSNAME}/${STATUS}${PRODUCT}-api"
 CONTAINER_NAME="${PACKAGE_SYSNAME}-api"
 
 NETWORK_NAME=${PACKAGE_SYSNAME}
@@ -87,6 +87,7 @@ REDIS_PORT=""
 REDIS_USER_NAME=""
 REDIS_PASSWORD=""
 
+RABBIT_PROTOCOL=""
 RABBIT_HOST=""
 RABBIT_PORT=""
 RABBIT_USER_NAME=""
@@ -105,8 +106,9 @@ LETS_ENCRYPT_DOMAIN=""
 LETS_ENCRYPT_MAIL=""
 
 HELP_TARGET="install-Docker.sh";
+OFFLINE_INSTALLATION="false"
 
-SKIP_HARDWARE_CHECK="false";
+SKIP_HARDWARE_CHECK="false"
 
 EXTERNAL_PORT="80"
 
@@ -408,6 +410,13 @@ while [ "$1" != "" ]; do
 			fi
 		;;
 
+		-rbpr | --rabbitmqprotocol )
+			if [ "$2" != "" ]; then
+				RABBIT_PROTOCOL=$2
+				shift
+			fi
+		;;
+
 		-rbth | --rabbitmqhost )
 			if [ "$2" != "" ]; then
 				RABBIT_HOST=$2
@@ -491,6 +500,13 @@ while [ "$1" != "" ]; do
 				shift
 			fi
 		;;
+		
+		-off | --offline )
+			if [ "$2" != "" ]; then
+				OFFLINE_INSTALLATION=$2
+				shift
+			fi
+		;;
 
 		-? | -h | --help )
 			echo "  Usage: bash $HELP_TARGET [PARAMETER] [[PARAMETER], ...]"
@@ -528,6 +544,7 @@ while [ "$1" != "" ]; do
 			echo "      -rdsp, --redisport                redis server port number (default value 6379)"
 			echo "      -rdsu, --redisusername            redis user name"
 			echo "      -rdspass, --redispassword         password set for redis account"
+			echo "      -rbpr, --rabbitmqprotocol         the protocol for the connection to rabbitmq server (default value amqp)"
 			echo "      -rbth, --rabbitmqhost             the IP address or hostname of the rabbitmq server"
 			echo "      -rbtp, --rabbitmqport             rabbitmq server port number (default value 5672)"
 			echo "      -rbtu, --rabbitmqusername         username for rabbitmq server account"
@@ -543,6 +560,7 @@ while [ "$1" != "" ]; do
 			echo "      -lem, --letsencryptmail           defines the domain administator mail address for Let's Encrypt certificate"
 			echo "      -cf, --certfile                   path to the certificate file for the domain"
 			echo "      -ckf, --certkeyfile               path to the private key file for the certificate"
+			echo "      -off, --offline                   set the script for offline installation (true|false)"
 			echo "      -noni, --noninteractive           auto confirm all questions (true|false)"
 			echo "      -dbm, --databasemigration         database migration (true|false)"
 			echo "      -ms, --makeswap                   make swap file (true|false)"
@@ -583,7 +601,7 @@ root_checking () {
 	fi
 }
 
-command_exists () {
+is_command_exists () {
     type "$1" &> /dev/null;
 }
 
@@ -738,22 +756,20 @@ check_hardware () {
 	fi
 }
 
-install_service () {
-	local COMMAND_NAME=$1
-	local PACKAGE_NAME=$2
+install_package () {
+	if ! is_command_exists $1; then
+		local COMMAND_NAME=$1
+		local PACKAGE_NAME=${2:-"$COMMAND_NAME"}
+		local PACKAGE_NAME_APT=${PACKAGE_NAME%%|*}
+		local PACKAGE_NAME_YUM=${PACKAGE_NAME##*|}
 
-	PACKAGE_NAME=${PACKAGE_NAME:-"$COMMAND_NAME"}
+		if is_command_exists apt-get; then
+			apt-get -y -q install ${PACKAGE_NAME_APT:-$PACKAGE_NAME}
+		elif is_command_exists yum; then
+			yum -y install ${PACKAGE_NAME_YUM:-$PACKAGE_NAME}
+		fi
 
-	if command_exists apt-get; then
-		apt-get -y update -qq
-		apt-get -y -q install $PACKAGE_NAME
-	elif command_exists yum; then
-		yum -y install $PACKAGE_NAME
-	fi
-
-	if ! command_exists $COMMAND_NAME; then
-		echo "Command $COMMAND_NAME not found"
-		exit 1;
+		is_command_exists $COMMAND_NAME || { echo "Command $COMMAND_NAME not found"; exit 1; }
 	fi
 }
 
@@ -767,10 +783,6 @@ check_ports () {
 	ARRAY_PORTS=();
 	USED_PORTS="";
 
-	if ! command_exists netstat; then
-		install_service netstat net-tools
-	fi
-
 	if [ "${EXTERNAL_PORT//[0-9]}" = "" ]; then
 		for RESERVED_PORT in "${RESERVED_PORTS[@]}"
 		do
@@ -845,21 +857,11 @@ check_docker_version () {
 	done
 }
 
-install_docker_using_script () {
-	if ! command_exists curl ; then
-		install_service curl
-	fi
-
-	curl -fsSL https://get.docker.com -o get-docker.sh
-	sh get-docker.sh
-	rm get-docker.sh
-}
-
 install_docker () {
 
 	if [ "${DIST}" == "Ubuntu" ] || [ "${DIST}" == "Debian" ] || [[ "${DIST}" == CentOS* ]] || [ "${DIST}" == "Fedora" ]; then
 
-		install_docker_using_script
+		curl -fsSL https://get.docker.com | bash
 		systemctl start docker
 		systemctl enable docker
 
@@ -905,7 +907,7 @@ install_docker () {
 
 	fi
 
-	if ! command_exists docker ; then
+	if ! is_command_exists docker ; then
 		echo "error while installing docker"
 		exit 1;
 	fi
@@ -948,30 +950,6 @@ read_continue_installation () {
 }
 
 domain_check () {
-	if ! command_exists dig; then
-		if command_exists apt-get; then
-			install_service dig dnsutils
-		elif command_exists yum; then
-			install_service dig bind-utils
-		fi
-	fi
-
-	if ! command_exists ping; then
-		if command_exists apt-get; then
-			install_service ping iputils-ping
-		elif command_exists yum; then
-			install_service ping iputils
-		fi
-	fi
-
-	if ! command_exists ip; then
-		if command_exists apt-get; then
-			install_service ip iproute2
-		elif command_exists yum; then
-			install_service ip iproute
-		fi
-	fi
-
 	APP_DOMAIN_PORTAL=${LETS_ENCRYPT_DOMAIN:-${APP_URL_PORTAL:-$(get_env_parameter "APP_URL_PORTAL" "${PACKAGE_SYSNAME}-files" | awk -F[/:] '{if ($1 == "https") print $4; else print ""}')}}
 
 	while IFS= read -r DOMAIN; do
@@ -1003,15 +981,8 @@ domain_check () {
 
 establish_conn() {
 	echo -n "Trying to establish $3 connection... "
-  
-	exec {FD}<> /dev/tcp/$1/$2 && exec {FD}>&-
 
-	if [ "$?" != 0 ]; then
-		echo "FAILURE";
-		exit 1;
-	fi
-
-	echo "OK"
+	exec {FD}<> /dev/tcp/${1}/${2} && { exec {FD}>&-; echo "OK"; } || { echo "FAILURE"; exit 1; }
 }
 
 get_env_parameter () {
@@ -1023,7 +994,7 @@ get_env_parameter () {
 		exit 1;
 	fi
 
-	if command_exists docker ; then
+	if is_command_exists docker ; then
 		[ -n "$CONTAINER_NAME" ] && CONTAINER_EXIST=$(docker ps -aqf "name=$CONTAINER_NAME");
 
 		if [[ -n ${CONTAINER_EXIST} ]]; then
@@ -1038,74 +1009,47 @@ get_env_parameter () {
 	echo ${VALUE//\"}
 }
 
-get_available_version () {
-	if [[ -z "$1" ]]; then
-		echo "image name is empty";
-		exit 1;
-	fi
-
-	if ! command_exists curl ; then
-		install_curl;
-	fi
-
-	CREDENTIALS="";
-	AUTH_HEADER="";
-	TAGS_RESP="";
-
+get_tag_from_hub () {
 	if [[ -n ${HUB} ]]; then
-		DOCKER_CONFIG="$HOME/.docker/config.json";
-
-		if [[ -f "$DOCKER_CONFIG" ]]; then
-			CREDENTIALS=$(jq -r '.auths."'$HUB'".auth' < "$DOCKER_CONFIG");
-			if [ "$CREDENTIALS" == "null" ]; then
-				CREDENTIALS="";
-			fi
+		if [[ -n ${USERNAME} && -n ${PASSWORD} ]]; then
+			CREDENTIALS=$(echo -n "$USERNAME:$PASSWORD" | base64)
+		elif [[ -f "$HOME/.docker/config.json" ]]; then
+			CREDENTIALS=$(jq -r --arg hub "${HUB}" '.auths | to_entries[] | select(.key | contains($hub)).value.auth // empty' "$HOME/.docker/config.json")
 		fi
 
-		if [[ -z ${CREDENTIALS} && -n ${USERNAME} && -n ${PASSWORD} ]]; then
-			CREDENTIALS=$(echo -n "$USERNAME:$PASSWORD" | base64);
-		fi
+		[[ -n ${CREDENTIALS} ]] && AUTH_HEADER="Authorization: Basic $CREDENTIALS"
 
-		if [[ -n ${CREDENTIALS} ]]; then
-			AUTH_HEADER="Authorization: Basic $CREDENTIALS";
-		fi
-
-		REPO=$(echo $1 | sed "s/$HUB\///g");
-		TAGS_RESP=$(curl -s -H "$AUTH_HEADER" -X GET https://$HUB/v2/$REPO/tags/list);
-		TAGS_RESP=$(echo $TAGS_RESP | jq -r '.tags')
+		HUB_URL="https://${HUB}/v2/${1/#$HUB\//}/tags/list"
+		JQ_FILTER='.tags | join("\n")'
 	else
 		if [[ -n ${USERNAME} && -n ${PASSWORD} ]]; then
-			CREDENTIALS="{\"username\":\"$USERNAME\",\"password\":\"$PASSWORD\"}";
-		fi
-
-		if [[ -n ${CREDENTIALS} ]]; then
-			LOGIN_RESP=$(curl -s -H "Content-Type: application/json" -X POST -d "$CREDENTIALS" https://hub.docker.com/v2/users/login/);
-			TOKEN=$(echo $LOGIN_RESP | jq -r '.token');
-			AUTH_HEADER="Authorization: JWT $TOKEN";
+			CREDENTIALS="{\"username\":\"$USERNAME\",\"password\":\"$PASSWORD\"}"
+			TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d "$CREDENTIALS" https://hub.docker.com/v2/users/login/ | jq -r '.token');
+			AUTH_HEADER="Authorization: JWT $TOKEN"
 			sleep 1;
 		fi
 
-		TAGS_RESP=$(curl -s -H "$AUTH_HEADER" -X GET https://hub.docker.com/v2/repositories/$1/tags/);
-		TAGS_RESP=$(echo $TAGS_RESP | jq -r '.results[].name')
+		HUB_URL="https://hub.docker.com/v2/repositories/${1}/tags/"
+		JQ_FILTER='.results[].name // empty'
 	fi
 
-	VERSION_REGEX="[0-9]+\.[0-9]+\.[0-9]+(\.[0-9]+)?$"
-	
-	TAG_LIST=""
+	TAGS_RESP=($(curl -s -H "${AUTH_HEADER}" -X GET "${HUB_URL}" | jq -r "${JQ_FILTER}"))
+}
 
-	for item in $TAGS_RESP
-	do
-		if [[ $item =~ $VERSION_REGEX ]]; then
-			TAG_LIST="$item,$TAG_LIST"
-		fi
-	done
+get_available_version () {
+	[ "${OFFLINE_INSTALLATION}" = "false" ] && get_tag_from_hub ${1} || TAGS_RESP=$(docker images --format "{{.Tag}}" ${1})
 
-	LATEST_TAG=$(echo $TAG_LIST | tr ',' '\n' | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n | awk '/./{line=$0} END{print line}');
+	VERSION_REGEX='^[0-9]+\.[0-9]+(\.[0-9]+){0,2}$'
+	[ ${#TAGS_RESP[@]} -eq 1 ] && LATEST_TAG="${TAGS_RESP[0]}" || LATEST_TAG=$(printf "%s\n" "${TAGS_RESP[@]}" | grep -E "$VERSION_REGEX" | sort -V | tail -n 1)
 
 	if [ ! -z "${LATEST_TAG}" ]; then
 		echo "${LATEST_TAG}" | sed "s/\"//g"
 	else
-		echo "Unable to retrieve tag from ${1} repository" >&2
+		if [ "${OFFLINE_INSTALLATION}" = "false" ]; then
+			echo "Unable to retrieve tag from ${1} repository" >&2
+		else
+			echo "Error: The image '${1}' is not found in the local Docker registry." >&2
+		fi
 		kill -s TERM $PID
 	fi
 }
@@ -1115,6 +1059,7 @@ set_docs_url_external () {
 
 	if [[ ! -z ${DOCUMENT_SERVER_URL_EXTERNAL} ]] && [[ $DOCUMENT_SERVER_URL_EXTERNAL =~ ^(https?://)?([^:/]+)(:([0-9]+))?(/.*)?$ ]]; then
 		[[ -z ${BASH_REMATCH[1]} ]] && DOCUMENT_SERVER_URL_EXTERNAL="http://$DOCUMENT_SERVER_URL_EXTERNAL"
+		DOCUMENT_SERVER_PROTOCOL="${BASH_REMATCH[1]}"
 		DOCUMENT_SERVER_HOST="${BASH_REMATCH[2]}"
 		DOCUMENT_SERVER_PORT="${BASH_REMATCH[4]:-"80"}"
 	fi
@@ -1151,6 +1096,8 @@ set_mysql_params () {
 }
 
 set_docspace_params() {
+	HUB=${HUB:-$(get_env_parameter "HUB")};
+
 	ENV_EXTENSION=${ENV_EXTENSION:-$(get_env_parameter "ENV_EXTENSION" "${CONTAINER_NAME}")};
 	APP_CORE_BASE_DOMAIN=${APP_CORE_BASE_DOMAIN:-$(get_env_parameter "APP_CORE_BASE_DOMAIN" "${CONTAINER_NAME}")};
 	EXTERNAL_PORT=${EXTERNAL_PORT:-$(get_env_parameter "EXTERNAL_PORT" "${CONTAINER_NAME}")};
@@ -1188,46 +1135,32 @@ set_installation_type_data () {
 }
 
 download_files () {
-	if ! command_exists jq ; then
-		if command_exists yum; then 
-			rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-$REV.noarch.rpm
-		fi
-		install_service jq
-	fi
-
-	if ! command_exists docker-compose; then
-		install_docker_compose
-	fi
-
-	# Fixes issues with variables when upgrading to v1.1.3
-	HOSTS=("ELK_HOST" "REDIS_HOST" "RABBIT_HOST" "MYSQL_HOST"); 
-	for HOST in "${HOSTS[@]}"; do [[ "${!HOST}" == *CONTAINER_PREFIX* || "${!HOST}" == *$PACKAGE_SYSNAME* ]] && export "$HOST="; done
-	[[ "${APP_URL_PORTAL}" == *${PACKAGE_SYSNAME}-proxy* ]] && APP_URL_PORTAL=""
-
-	echo -n "Downloading configuration files to the ${BASE_DIR} directory..."
-
-	if ! command_exists tar; then
-		install_service tar
-	fi
+	[ "${OFFLINE_INSTALLATION}" = "false" ] && echo -n "Downloading configuration files to ${BASE_DIR}..." || echo "Unzip docker.tar.gz to ${BASE_DIR}..."
 
 	[ -d "${BASE_DIR}" ] && rm -rf "${BASE_DIR}"
 	mkdir -p ${BASE_DIR}
 
-	if [ -z "${GIT_BRANCH}" ]; then
-		curl -sL -o docker.tar.gz "https://download.${PACKAGE_SYSNAME}.com/${PRODUCT}/docker.tar.gz"
-		tar -xf docker.tar.gz -C ${BASE_DIR}
-	else
-		curl -sL -o docker.tar.gz "https://github.com/${PACKAGE_SYSNAME}/${PRODUCT}-buildtools/archive/${GIT_BRANCH}.tar.gz"
-		tar -xf docker.tar.gz --strip-components=3 -C ${BASE_DIR} --wildcards '*/install/docker/*'
-	fi
 	
-	rm -rf docker.tar.gz
+	if [ "${OFFLINE_INSTALLATION}" = "false" ]; then
+		if [ -z "${GIT_BRANCH}" ]; then
+			DOWNLOAD_URL="https://download.${PACKAGE_SYSNAME}.com/${PRODUCT}/docker.tar.gz"
+		else
+			DOWNLOAD_URL="https://github.com/${PACKAGE_SYSNAME}/${PRODUCT}-buildtools/archive/${GIT_BRANCH}.tar.gz"
+			STRIP_COMPONENTS="--strip-components=3 --wildcards */install/docker/*"
+		fi
+
+		curl -sL "${DOWNLOAD_URL}" | tar -xzf - -C "${BASE_DIR}" ${STRIP_COMPONENTS}
+	else
+		if [ -f "$(dirname "$0")/docker.tar.gz" ]; then
+			tar -xf $(dirname "$0")/docker.tar.gz -C "${BASE_DIR}"
+		else
+			echo "Error: docker.tar.gz not found in the same directory as the script."
+			echo "You need to download the docker.tar.gz file from https://download.${PACKAGE_SYSNAME}.com/${PRODUCT}/docker.tar.gz"
+			exit 1
+		fi
+	fi
 
 	echo "OK"
-
-	reconfigure STATUS ${STATUS}
-	reconfigure INSTALLATION_TYPE ${INSTALLATION_TYPE}
-	reconfigure NETWORK_NAME ${NETWORK_NAME}
 }
 
 reconfigure () {
@@ -1245,32 +1178,21 @@ install_mysql_server () {
 	reconfigure MYSQL_USER ${MYSQL_USER}
 	reconfigure MYSQL_PASSWORD ${MYSQL_PASSWORD}
 	reconfigure MYSQL_ROOT_PASSWORD ${MYSQL_ROOT_PASSWORD}
-	reconfigure MYSQL_VERSION ${MYSQL_VERSION}
 
 	if [[ -z ${MYSQL_HOST} ]] && [ "$INSTALL_MYSQL_SERVER" == "true" ]; then
 		docker-compose -f $BASE_DIR/db.yml up -d
 	elif [ "$INSTALL_MYSQL_SERVER" == "pull" ]; then
 		docker-compose -f $BASE_DIR/db.yml pull
-	elif [ ! -z "$MYSQL_HOST" ]; then
-		establish_conn ${MYSQL_HOST} "${MYSQL_PORT:-"3306"}" "MySQL"
-		reconfigure MYSQL_HOST ${MYSQL_HOST}
-		reconfigure MYSQL_PORT "${MYSQL_PORT:-"3306"}"
 	fi
 }
 
 install_document_server () {
 	reconfigure DOCUMENT_SERVER_JWT_HEADER ${DOCUMENT_SERVER_JWT_HEADER}
 	reconfigure DOCUMENT_SERVER_JWT_SECRET ${DOCUMENT_SERVER_JWT_SECRET}
-	reconfigure DOCUMENT_SERVER_IMAGE_NAME "${DOCUMENT_SERVER_IMAGE_NAME}:${DOCUMENT_SERVER_VERSION:-$(get_available_version "$DOCUMENT_SERVER_IMAGE_NAME")}"
 	if [[ -z ${DOCUMENT_SERVER_HOST} ]] && [ "$INSTALL_DOCUMENT_SERVER" == "true" ]; then
 		docker-compose -f $BASE_DIR/ds.yml up -d
 	elif [ "$INSTALL_DOCUMENT_SERVER" == "pull" ]; then
 		docker-compose -f $BASE_DIR/ds.yml pull
-	elif [ ! -z "$DOCUMENT_SERVER_HOST" ]; then
-		APP_URL_PORTAL=${APP_URL_PORTAL:-"http://$(curl -s ifconfig.me):${EXTERNAL_PORT}"}  
-		establish_conn ${DOCUMENT_SERVER_HOST} ${DOCUMENT_SERVER_PORT} "${PACKAGE_SYSNAME^^} Docs"
-		reconfigure DOCUMENT_SERVER_URL_EXTERNAL ${DOCUMENT_SERVER_URL_EXTERNAL}
-		reconfigure DOCUMENT_SERVER_URL_PUBLIC ${DOCUMENT_SERVER_URL_EXTERNAL}
 	fi
 }
 
@@ -1279,13 +1201,6 @@ install_rabbitmq () {
 		docker-compose -f $BASE_DIR/rabbitmq.yml up -d
 	elif [ "$INSTALL_RABBITMQ" == "pull" ]; then
 		docker-compose -f $BASE_DIR/rabbitmq.yml pull
-	elif [ ! -z "$RABBIT_HOST" ]; then
-		establish_conn ${RABBIT_HOST} "${RABBIT_PORT:-"5672"}" "RabbitMQ"
-		reconfigure RABBIT_HOST ${RABBIT_HOST}
-		reconfigure RABBIT_PORT "${RABBIT_PORT:-"5672"}"
-		reconfigure RABBIT_USER_NAME ${RABBIT_USER_NAME}
-		reconfigure RABBIT_PASSWORD ${RABBIT_PASSWORD}
-		reconfigure RABBIT_VIRTUAL_HOST "${RABBIT_VIRTUAL_HOST:-"/"}"
 	fi
 }
 
@@ -1294,17 +1209,10 @@ install_redis () {
 		docker-compose -f $BASE_DIR/redis.yml up -d
 	elif [ "$INSTALL_REDIS" == "pull" ]; then
 		docker-compose -f $BASE_DIR/redis.yml pull
-	elif [ ! -z "$REDIS_HOST" ]; then
-		establish_conn ${REDIS_HOST} "${REDIS_PORT:-"6379"}" "Redis"
-		reconfigure REDIS_HOST ${REDIS_HOST}
-		reconfigure REDIS_PORT "${REDIS_PORT:-"6379"}"
-		reconfigure REDIS_USER_NAME ${REDIS_USER_NAME}
-		reconfigure REDIS_PASSWORD ${REDIS_PASSWORD}
 	fi
 }
 
 install_elasticsearch () {
-	reconfigure ELK_VERSION ${ELK_VERSION}
 	if [[ -z ${ELK_HOST} ]] && [ "$INSTALL_ELASTICSEARCH" == "true" ]; then
 		if [ $(free --mega | grep -oP '\d+' | head -n 1) -gt "12000" ]; then #RAM ~12Gb
 			sed -i 's/Xms[0-9]g/Xms4g/g; s/Xmx[0-9]g/Xmx4g/g' $BASE_DIR/opensearch.yml
@@ -1314,24 +1222,11 @@ install_elasticsearch () {
 		docker-compose -f $BASE_DIR/opensearch.yml up -d
 	elif [ "$INSTALL_ELASTICSEARCH" == "pull" ]; then
 		docker-compose -f $BASE_DIR/opensearch.yml pull
-	elif [ ! -z "$ELK_HOST" ]; then
-		establish_conn ${ELK_HOST} "${ELK_PORT:-"9200"}" "search engine"
-		reconfigure ELK_SHEME "${ELK_SHEME:-"http"}"	
-		reconfigure ELK_HOST ${ELK_HOST}
-		reconfigure ELK_PORT "${ELK_PORT:-"9200"}"	
 	fi
 }
 
 install_fluent_bit () {
 	if [ "$INSTALL_FLUENT_BIT" == "true" ]; then
-		if ! command_exists crontab; then
-			if command_exists apt-get; then
-				install_service crontab cron
-			elif command_exists yum; then
-				install_service crontab cronie
-			fi
-		fi
-
 		[ ! -z "$ELK_HOST" ] && sed -i "s/ELK_CONTAINER_NAME/ELK_HOST/g" $BASE_DIR/fluent.yml ${BASE_DIR}/dashboards.yml
 
 		OPENSEARCH_INDEX="${OPENSEARCH_INDEX:-"${PACKAGE_SYSNAME}-fluent-bit"}"
@@ -1346,7 +1241,7 @@ install_fluent_bit () {
 
 		reconfigure DASHBOARDS_USERNAME "${DASHBOARDS_USERNAME:-"${PACKAGE_SYSNAME}"}"
 		reconfigure DASHBOARDS_PASSWORD "${DASHBOARDS_PASSWORD:-$(get_random_str 20)}"
-
+		
 		docker-compose -f ${BASE_DIR}/fluent.yml -f ${BASE_DIR}/dashboards.yml up -d
 	elif [ "$INSTALL_FLUENT_BIT" == "pull" ]; then
 		docker-compose -f ${BASE_DIR}/fluent.yml -f ${BASE_DIR}/dashboards.yml pull
@@ -1354,30 +1249,34 @@ install_fluent_bit () {
 }
 
 install_product () {
-	DOCKER_TAG="${DOCKER_TAG:-$(get_available_version ${IMAGE_NAME})}"
-	reconfigure DOCKER_TAG ${DOCKER_TAG}
 	if [ "$INSTALL_PRODUCT" == "true" ]; then
 		[ "${UPDATE}" = "true" ] && LOCAL_CONTAINER_TAG="$(docker inspect --format='{{index .Config.Image}}' ${CONTAINER_NAME} | awk -F':' '{print $2}')"
 
 		if [ "${UPDATE}" = "true" ] && [ "${LOCAL_CONTAINER_TAG}" != "${DOCKER_TAG}" ]; then
 			docker-compose -f $BASE_DIR/build.yml pull
-			docker-compose -f $BASE_DIR/migration-runner.yml -f $BASE_DIR/notify.yml -f $BASE_DIR/healthchecks.yml -f ${PROXY_YML} down
+			docker-compose -f $BASE_DIR/migration-runner.yml -f $BASE_DIR/identity.yml -f $BASE_DIR/notify.yml -f $BASE_DIR/healthchecks.yml -f ${PROXY_YML} down
 			docker-compose -f $BASE_DIR/${PRODUCT}.yml down --volumes
 		fi
 
 		reconfigure ENV_EXTENSION ${ENV_EXTENSION}
+		reconfigure IDENTITY_PROFILE "${IDENTITY_PROFILE:-"prod"}"
 		reconfigure APP_CORE_MACHINEKEY ${APP_CORE_MACHINEKEY}
 		reconfigure APP_CORE_BASE_DOMAIN ${APP_CORE_BASE_DOMAIN}
 		reconfigure APP_URL_PORTAL "${APP_URL_PORTAL:-"http://${PACKAGE_SYSNAME}-router:8092"}"
 		reconfigure EXTERNAL_PORT ${EXTERNAL_PORT}
 
-		if [[ -z ${MYSQL_HOST} ]] && [ "$INSTALL_MYSQL_SERVER" == "true" ]; then
+		if [[ -z ${MYSQL_HOST} ]] && [ "$INSTALL_MYSQL_SERVER" == "true" ] && [[ -n $(docker ps -q --filter "name=${PACKAGE_SYSNAME}-mysql-server") ]]; then
 			echo -n "Waiting for MySQL container to become healthy..."
 			(timeout 30 bash -c "while ! docker inspect --format '{{json .State.Health.Status }}' ${PACKAGE_SYSNAME}-mysql-server | grep -q 'healthy'; do sleep 1; done") && echo "OK" || (echo "FAILED")
 		fi
-
+		
 		docker-compose -f $BASE_DIR/migration-runner.yml up -d
-		echo -n "Waiting for database migration to complete..." && docker wait ${PACKAGE_SYSNAME}-migration-runner && echo "OK"
+		if [[ -n $(docker ps -q --filter "name=${PACKAGE_SYSNAME}-migration-runner") ]]; then
+			echo -n "Waiting for database migration to complete..."
+			timeout 30 bash -c "while [ $(docker wait ${PACKAGE_SYSNAME}-migration-runner) -ne 0 ]; do sleep 1; done;" && echo "OK" || echo "FAILED"
+		fi
+	
+		docker-compose -f $BASE_DIR/identity.yml up -d
 		docker-compose -f $BASE_DIR/${PRODUCT}.yml up -d
 		docker-compose -f ${PROXY_YML} up -d
 		docker-compose -f $BASE_DIR/notify.yml up -d
@@ -1396,6 +1295,7 @@ install_product () {
 			bash $BASE_DIR/config/${PRODUCT}-ssl-setup "${LETS_ENCRYPT_MAIL}" "${LETS_ENCRYPT_DOMAIN}"
 		fi
 	elif [ "$INSTALL_PRODUCT" == "pull" ]; then
+		docker-compose -f $BASE_DIR/identity.yml pull
 		docker-compose -f $BASE_DIR/migration-runner.yml pull
 		docker-compose -f $BASE_DIR/${PRODUCT}.yml pull
 		docker-compose -f ${PROXY_YML} pull
@@ -1427,6 +1327,121 @@ make_swap () {
 	fi
 }
 
+offline_check_docker_image() {
+	[ ! -f "$1" ] && { echo "Error: File '$1' does not exist."; exit 1; }
+	docker-compose -f "$1" config | grep -oP 'image:\s*\K\S+' | while IFS= read -r IMAGE_TAG; do
+		docker images "${IMAGE_TAG}" | grep -q "${IMAGE_TAG%%:*}" || { echo "Error: The image '${IMAGE_TAG}' is not found in the local Docker registry."; kill -s TERM $PID; }
+	done
+}
+
+check_hub_connection() {
+	get_tag_from_hub ${IMAGE_NAME}
+	[ -z "$TAGS_RESP" ] && { echo -e "Unable to download tags from ${HUB:-hub.docker.com}.\nTry specifying another dockerhub name using -hub"; exit 1; } || true
+}
+
+dependency_installation() {
+	is_command_exists apt-get && apt-get -y update -qq
+
+	install_package tar
+	install_package curl
+	install_package netstat net-tools
+
+	if [ "${OFFLINE_INSTALLATION}" = "false" ]; then
+		install_package dig  "dnsutils|bind-utils"
+		install_package ping "iputils-ping|iputils"
+		install_package ip   "iproute2|iproute"
+	fi
+
+	[ "$INSTALL_FLUENT_BIT" = "true" ] && install_package crontab "cron|cronie"
+
+	if ! is_command_exists jq ; then
+		if is_command_exists yum && ! rpm -q epel-release > /dev/null 2>&1; then
+			[ "${OFFLINE_INSTALLATION}" = "false" ] && rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-${REV}.noarch.rpm
+		fi
+		install_package jq
+	fi
+
+	is_command_exists docker && { check_docker_version; service docker start; } || { [ "${OFFLINE_INSTALLATION}" = "false" ] && install_docker || { echo "docker not installed"; exit 1; }; }
+
+	if ! is_command_exists docker-compose; then
+		[ "${OFFLINE_INSTALLATION}" = "false" ] && install_docker_compose || { echo "docker-compose not installed"; exit 1; }
+	elif [ "$(docker-compose --version | grep -oP '(?<=v)\d+\.\d+'| sed 's/\.//')" -lt "21" ]; then
+		[ "$OFFLINE_INSTALLATION" = "false" ]   && install_docker_compose || { echo "docker-compose version is outdated"; exit 1; }
+	fi
+}
+
+check_docker_image () {
+	reconfigure HUB "${HUB%/}${HUB:+/}"
+	reconfigure STATUS ${STATUS}
+	reconfigure INSTALLATION_TYPE ${INSTALLATION_TYPE}
+	reconfigure NETWORK_NAME ${NETWORK_NAME}
+	
+	reconfigure MYSQL_VERSION ${MYSQL_VERSION}
+	reconfigure ELK_VERSION ${ELK_VERSION}
+	reconfigure DOCUMENT_SERVER_IMAGE_NAME "${DOCUMENT_SERVER_IMAGE_NAME}:\${DOCUMENT_SERVER_VERSION}"
+	reconfigure DOCUMENT_SERVER_VERSION ${DOCUMENT_SERVER_VERSION:-$(get_available_version "$DOCUMENT_SERVER_IMAGE_NAME")}
+
+	DOCKER_TAG="${DOCKER_TAG:-$(get_available_version ${IMAGE_NAME})}"
+	reconfigure DOCKER_TAG ${DOCKER_TAG}
+	if [ "${OFFLINE_INSTALLATION}" != "false" ]; then
+		[ "$INSTALL_RABBITMQ" == "true" ]           && offline_check_docker_image ${BASE_DIR}/db.yml
+		[ "$INSTALL_RABBITMQ" == "true" ]           && offline_check_docker_image ${BASE_DIR}/rabbitmq.yml
+		[ "$INSTALL_REDIS" == "true" ]              && offline_check_docker_image ${BASE_DIR}/redis.yml
+		[ "$INSTALL_FLUENT_BIT" == "true" ]         && offline_check_docker_image ${BASE_DIR}/fluent.yml
+		[ "$INSTALL_FLUENT_BIT" == "true" ]         && offline_check_docker_image ${BASE_DIR}/dashboards.yml
+		[ "$INSTALL_ELASTICSEARCH" == "true" ]      && offline_check_docker_image ${BASE_DIR}/opensearch.yml
+		[ "$INSTALL_DOCUMENT_SERVER" == "true" ]    && offline_check_docker_image ${BASE_DIR}/ds.yml
+
+		if [ "$INSTALL_PRODUCT" == "true" ]; then
+			offline_check_docker_image ${BASE_DIR}/migration-runner.yml
+			offline_check_docker_image ${BASE_DIR}/${PRODUCT}.yml
+			offline_check_docker_image ${BASE_DIR}/notify.yml
+			offline_check_docker_image ${BASE_DIR}/healthchecks.yml
+			offline_check_docker_image ${PROXY_YML}
+		fi
+	fi
+}
+
+services_check_connection () {
+	# Fixes issues with variables when upgrading to v1.1.3
+	HOSTS=("ELK_HOST" "REDIS_HOST" "RABBIT_HOST" "MYSQL_HOST"); 
+	for HOST in "${HOSTS[@]}"; do [[ "${!HOST}" == *CONTAINER_PREFIX* || "${!HOST}" == *$PACKAGE_SYSNAME* ]] && export "$HOST="; done
+	[[ "${APP_URL_PORTAL}" == *${PACKAGE_SYSNAME}-proxy* ]] && APP_URL_PORTAL=""
+
+	[[ ! -z "$MYSQL_HOST" ]] && {
+		establish_conn ${MYSQL_HOST} "${MYSQL_PORT:-3306}" "MySQL"
+		reconfigure MYSQL_HOST ${MYSQL_HOST}
+		reconfigure MYSQL_PORT "${MYSQL_PORT:-3306}"
+	}
+	[[ ! -z "$DOCUMENT_SERVER_HOST" ]] && {
+		APP_URL_PORTAL=${APP_URL_PORTAL:-"http://$(curl -s ifconfig.me):${EXTERNAL_PORT}"}
+		establish_conn ${DOCUMENT_SERVER_HOST} ${DOCUMENT_SERVER_PORT} "${PACKAGE_SYSNAME^^} Docs"
+		reconfigure DOCUMENT_SERVER_URL_EXTERNAL ${DOCUMENT_SERVER_URL_EXTERNAL}
+		reconfigure DOCUMENT_SERVER_URL_PUBLIC ${DOCUMENT_SERVER_URL_EXTERNAL}
+	}
+	[[ ! -z "$RABBIT_HOST" ]] && {
+		establish_conn ${RABBIT_HOST} "${RABBIT_PORT:-5672}" "RabbitMQ"
+		reconfigure RABBIT_PROTOCOL ${RABBIT_PROTOCOL:-amqp}
+		reconfigure RABBIT_HOST ${RABBIT_HOST}
+		reconfigure RABBIT_PORT "${RABBIT_PORT:-5672}"
+		reconfigure RABBIT_USER_NAME ${RABBIT_USER_NAME}
+		reconfigure RABBIT_PASSWORD ${RABBIT_PASSWORD}
+		reconfigure RABBIT_VIRTUAL_HOST "${RABBIT_VIRTUAL_HOST:-/}"
+	}
+	[[ ! -z "$REDIS_HOST" ]] && {
+		establish_conn ${REDIS_HOST} "${REDIS_PORT:-6379}" "Redis"
+		reconfigure REDIS_HOST ${REDIS_HOST}
+		reconfigure REDIS_PORT "${REDIS_PORT:-6379}"
+		reconfigure REDIS_USER_NAME ${REDIS_USER_NAME}
+		reconfigure REDIS_PASSWORD ${REDIS_PASSWORD}
+	}
+	[[ ! -z "$ELK_HOST" ]] && {
+		establish_conn ${ELK_HOST} "${ELK_PORT:-9200}" "search engine"
+		reconfigure ELK_SHEME "${ELK_SHEME:-http}"
+		reconfigure ELK_HOST ${ELK_HOST}
+		reconfigure ELK_PORT "${ELK_PORT:-9200}"
+	}
+}
 
 start_installation () {
 	root_checking
@@ -1437,6 +1452,8 @@ start_installation () {
 	check_os_info
 	check_kernel
 
+	dependency_installation
+
 	if [ "$UPDATE" != "true" ]; then
 		check_ports
 	fi
@@ -1449,18 +1466,13 @@ start_installation () {
 		make_swap
 	fi
 
-	if command_exists docker ; then
-		check_docker_version
-		service docker start
-	else
-		install_docker
-	fi
-
 	docker_login
 
+	[ "${OFFLINE_INSTALLATION}" = "false" ] && check_hub_connection
+
 	create_network
 
-	domain_check
+	[ "${OFFLINE_INSTALLATION}" = "false" ] && domain_check
 
 	if [ "$UPDATE" = "true" ]; then
 		set_docspace_params
@@ -1476,6 +1488,10 @@ start_installation () {
 
 	download_files
 
+	check_docker_image
+
+	services_check_connection
+
 	install_elasticsearch
 
 	install_fluent_bit

install/OneClickInstall/install-RedHat/install-preq.sh

@@ -39,7 +39,7 @@ yum localinstall -y --nogpgcheck https://download1.rpmfusion.org/free/$RPMFUSION
 
 [ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1 && ${package_manager} -y install xorg-x11-font-utils
 [ "$DIST" = "centos" ] && TESTING_REPO="--enablerepo=$( [ "$REV" = "9" ] && echo "crb" || echo "powertools" )"
-[ "$DIST" = "redhat" ] && /usr/bin/crb enable
+[ "$DIST" = "redhat" ] && { /usr/bin/crb enable && yum repolist enabled | grep -qi -e crb -e codeready || echo "Failed to enable or verify CRB repository."; exit 1; }
 
 #add rabbitmq & erlang repo
 curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | bash

install/OneClickInstall/install-RedHat/tools.sh

@@ -71,8 +71,9 @@ read_unsupported_installation () {
 	esac
 }
 
-DIST=$(rpm -q --queryformat '%{NAME}' centos-release redhat-release fedora-release | awk -F'[- ]|package' '{print tolower($1)}' | tr -cd '[:alpha:]')
-[ -z $DIST ] && DIST=$(cat /etc/redhat-release | awk -F 'Linux|release| ' '{print tolower($1)}')
+DIST=$(rpm -qa --queryformat '%{NAME}\n' | grep -E 'centos-release|redhat-release|fedora-release' | awk -F '-' '{print $1}' | head -n 1)
+DIST=${DIST:-$(awk -F= '/^ID=/ {gsub(/"/, "", $2); print tolower($2)}' /etc/os-release)}; 
+[[ "$DIST" =~ ^(centos|redhat|fedora)$ ]] || DIST="centos"
 REV=$(sed -n 's/.*release\ \([0-9]*\).*/\1/p' /etc/redhat-release)
 REV=${REV:-"7"}
 

install/common/build-backend.sh

@@ -58,3 +58,22 @@ for i in ${!services_name_backend_nodejs[@]}; do
   cd ${SRC_PATH}/server/common/${services_name_backend_nodejs[$i]}
   yarn install --frozen-lockfile
 done
+
+# Array of names identity services
+IDENTITY_NAMES+=("ASC.Identity.Authorization")
+IDENTITY_NAMES+=("ASC.Identity.Registration")
+IDENTITY_NAMES+=("ASC.Identity.Migration")
+
+IDENTITY_MODULES+=("authorization/authorization-container")
+IDENTITY_MODULES+=("registration/registration-container")
+IDENTITY_MODULES+=("infrastructure/infrastructure-migration-runner")
+
+cd ${SRC_PATH}/server/common/ASC.Identity/
+
+# Build and publish identity services
+mvn dependency:go-offline
+for i in "${!IDENTITY_NAMES[@]}"; do
+  echo "== Build ${IDENTITY_NAMES[$i]} project =="
+  mvn clean package -DskipTests -pl "${IDENTITY_MODULES[$i]}" -am
+  mkdir -p ${IDENTITY_NAMES[$i]} && cp -rf "${IDENTITY_MODULES[$i]}/target/"*.jar "${IDENTITY_NAMES[$i]}/app.jar"
+done

install/common/product-configuration

@@ -28,6 +28,7 @@ ELK_HOST="localhost"
 ELK_PORT="9200"
 OPENSEARCH_INDEX="${PACKAGE_SYSNAME}-fluent-bit"
 
+RABBITMQ_PROTOCOL="amqp"
 RABBITMQ_HOST="localhost"
 RABBITMQ_USER="guest"
 RABBITMQ_PASSWORD="guest"
@@ -216,6 +217,7 @@ while [ "$1" != "" ]; do
 			echo "      -rbp, --rabbitmqport                rabbitmq port"
 			echo "      -rbu, --rabbitmquser                rabbitmq user"
 			echo "      -rbpw, --rabbitmqpassword           rabbitmq password"
+			echo "      -rbpr, --rabbitmqprotocol           rabbitmq protocol"
 			echo "      -mysqlh, --mysqlhost                mysql server host"
 			echo "      -mysqld, --mysqldatabase            ${PRODUCT} database name"
 			echo "      -mysqlu, --mysqluser                ${PRODUCT} database user"
@@ -588,7 +590,7 @@ setup_docs() {
 		local DOCUMENT_SERVER_JWT_SECRET=${DOCUMENT_SERVER_JWT_SECRET:-$(json -f ${DS_CONF_DIR}/local.json services.CoAuthoring.secret.inbox.string)}
 		local DOCUMENT_SERVER_JWT_HEADER=${DOCUMENT_SERVER_JWT_HEADER:-$(json -f ${DS_CONF_DIR}/local.json services.CoAuthoring.token.inbox.header)}
 
-		$JSON ${DS_CONF_DIR}/local.json -e "this.rabbitmq = { 'url': 'amqp://${RABBITMQ_USER}:${RABBITMQ_PASSWORD}@${RABBITMQ_HOST}:${RABBITMQ_PORT}' }" >/dev/null 2>&1
+		$JSON ${DS_CONF_DIR}/local.json -e "this.rabbitmq = { 'url': '${RABBITMQ_PROTOCOL}://${RABBITMQ_USER}:${RABBITMQ_PASSWORD}@${RABBITMQ_HOST}:${RABBITMQ_PORT}' }" >/dev/null 2>&1
 		$JSON ${DS_CONF_DIR}/local.json -e "this.services.CoAuthoring.redis = { 'host': '$REDIS_HOST' }" >/dev/null 2>&1
 		sed 's/\(listen .*:\)\([0-9]\{2,5\}\b\)\( default_server\)\?\(;\)/\1'${DOCUMENT_SERVER_PORT}'\3\4/' -i ${DS_CONF_DIR}/nginx/ds.conf 
 		
@@ -796,6 +798,9 @@ setup_rabbitmq() {
 	save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Password" "${RABBITMQ_PASSWORD}" "$EXTERNAL_RABBITMQ_FLAG"
 	save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Port" "${RABBITMQ_PORT}" "$EXTERNAL_RABBITMQ_FLAG"
 	save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.VirtualHost" "/"
+	if [[ ${RABBITMQ_PROTOCOL} = "amqps" ]] && [[ ${RABBITMQ_HOST} != "localhost" ]]; then
+		save_undefined_param "${APP_DIR}/rabbitmq.${ENVIRONMENT}.json" "RabbitMQ.Uri" "${RABBITMQ_PROTOCOL}://${RABBITMQ_USER}:${RABBITMQ_PASSWORD}@${RABBITMQ_HOST}:${RABBITMQ_PORT}/"
+	fi
 
 	if [ $1 == "LOCAL_RABBITMQ_SERVER" ]; then
 		systemctl enable rabbitmq-server >/dev/null 2>&1

install/common/publish-backend.sh

@@ -102,10 +102,14 @@ services_name_backend_nodejs=()
 services_name_backend_nodejs+=(ASC.Socket.IO)
 services_name_backend_nodejs+=(ASC.SsoAuth)
 
-# Publish backend services (Nodejs) 
-for i in ${!services_name_backend_nodejs[@]}; do
-  echo "== Publish ${services_name_backend_nodejs[$i]} project =="
-  SERVICE_DIR="$(find ${SRC_PATH} -type d -name ${services_name_backend_nodejs[$i]})"
-  cd ${SERVICE_DIR}
-  mkdir -p ${BUILD_PATH}/services/${services_name_backend_nodejs[$i]}/service/ && cp -arfv ./* ${BUILD_PATH}/services/${services_name_backend_nodejs[$i]}/service/
+services_name_backend_java+=(ASC.Identity.Authorization)
+services_name_backend_java+=(ASC.Identity.Registration)
+services_name_backend_java+=(ASC.Identity.Migration)
+
+# Publish backend services (Nodejs/Java) 
+for SERVICE in "${services_name_backend_nodejs[@]}" "${services_name_backend_java[@]}"; do
+  echo "== Publish ${SERVICE} project =="
+  SERVICE_DIR="$(find ${SRC_PATH} -type d -name ${SERVICE})"
+  mkdir -p ${BUILD_PATH}/services/${SERVICE}/service/
+  cp -arfv ${SERVICE_DIR}/* ${BUILD_PATH}/services/${SERVICE}/service/
 done

install/common/self-extracting.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+set -e
+
+[ "$(id -u)" -ne 0 ] && { echo "To perform this action you must be logged in with root rights"; exit 1; }
+
+TEMP_DIR=$(mktemp -d)
+
+trap 'echo "Cleaning up temporary files..."; rm -rf "${TEMP_DIR}"' EXIT
+
+! type docker &> /dev/null && { echo "docker not installed"; exit 1; }
+! type docker-compose &> /dev/null && { echo "docker-compose not installed"; exit 1; }
+
+echo "Extracting docker images to ${TEMP_DIR}..."
+tail -n +$(awk '/^__END_OF_SHELL_SCRIPT__$/{print NR + 1; exit 0;}' "$0") "$0" | tar x -C "${TEMP_DIR}"
+
+echo "Loading docker images..."
+docker load -i ${TEMP_DIR}/docker_images.tar.xz
+
+echo "Extracting OneClickInstall files to the current directory..."
+mv -f ${TEMP_DIR}/docker.tar.gz $(dirname "$0")/docker.tar.gz
+mv -f ${TEMP_DIR}/install-Docker.sh $(dirname "$0")/install-Docker.sh
+
+echo "Running the install-Docker.sh script..."
+chmod +x $(dirname "$0")/install-Docker.sh
+$(dirname "$0")/install-Docker.sh
+
+exit 0
+
+__END_OF_SHELL_SCRIPT__

install/common/systemd/build.sh

@@ -63,6 +63,9 @@ SERVICE_NAME=(
 	studio
 	backup
 	ssoauth
+	identity-api
+	identity-authorization
+	identity-migration
 	clear-events
 	backup-background
 	doceditor
@@ -139,6 +142,21 @@ reassign_values (){
 		EXEC_FILE="app.js"
 		DEPENDENCY_LIST=""
 	;;
+	identity-api )
+		SERVICE_PORT="9090"
+		WORK_DIR="${BASE_DIR}/services/ASC.Identity.Registration/"
+		EXEC_FILE="app.jar"
+	;;
+	identity-authorization )
+		SERVICE_PORT="8080"
+		WORK_DIR="${BASE_DIR}/services/ASC.Identity.Authorization/"
+		EXEC_FILE="app.jar"
+	;;
+	identity-migration )
+		SERVICE_PORT="8081"
+		WORK_DIR="${BASE_DIR}/services/ASC.Identity.Migration/"
+		EXEC_FILE="app.jar"
+	;;
 	clear-events )
 		SERVICE_PORT="5027"
 		WORK_DIR="${BASE_DIR}/services/ASC.ClearEvents/"

install/deb/debian/control

@@ -151,6 +151,24 @@ Description: {{product}}-ssoauth
 	SAML-based single sign-on (SSO) authentication to provide a more quick, 
 	easy and secure way to access DocSpace for users
 
+Package: {{product}}-identity-api
+Architecture: all
+Multi-Arch: foreign
+Depends: {{product}}-common (= {{package_header_tag_version}}), java (> 21), nodejs (>= 16), ${misc:Depends}, ${shlibs:Depends}
+Description: {{product}}-identity-api
+
+Package: {{product}}-identity-migration
+Architecture: all
+Multi-Arch: foreign
+Depends: {{product}}-common (= {{package_header_tag_version}}), java (> 21), nodejs (>= 16), ${misc:Depends}, ${shlibs:Depends}
+Description: {{product}}-identity-migration
+
+Package: {{product}}-identity-authorization
+Architecture: all
+Multi-Arch: foreign
+Depends: {{product}}-common (= {{package_header_tag_version}}), java (> 21), nodejs (>= 16), ${misc:Depends}, ${shlibs:Depends}
+Description: {{product}}-identity-authorization
+
 Package: {{product}}-backup-background
 Architecture: all
 Multi-Arch: foreign

install/deb/debian/product-identity-api.install

@@ -0,0 +1 @@
+debian/build/server/publish/services/ASC.Identity.Registration/service/*         var/www/{{product}}/services/ASC.Identity.Registration

install/deb/debian/product-identity-authorization.install

@@ -0,0 +1 @@
+debian/build/server/publish/services/ASC.Identity.Authorization/service/*         var/www/{{product}}/services/ASC.Identity.Authorization

install/deb/debian/product-identity-migration.install

@@ -0,0 +1 @@
+debian/build/server/publish/services/ASC.Identity.Migration/service/*         var/www/{{product}}/services/ASC.Identity.Migration

install/deb/debian/rules

@@ -79,7 +79,7 @@ override_dh_auto_build: check_archives
 	sed -E 's_(http://)[^:]+(:5601)_\1localhost\2_g' -i ${BUILDTOOLS_PATH}/config/nginx/onlyoffice.conf
 	sed 's/teamlab.info/onlyoffice.com/g' -i ${BUILDTOOLS_PATH}/config/autofac.consumers.json
 	json -I -f ${CLENT_PATH}/public/scripts/config.json -e "this.wrongPortalNameUrl=\"\""
-	sed -e 's/$$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy*.conf
+	sed -e 's/$$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy*.conf
 	sed "s_\(.*root\).*;_\1 \"/var/www/${PRODUCT}\";_g" -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/letsencrypt.conf
 	sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i ${BUILDTOOLS_PATH}/install/docker/config/nginx/templates/nginx.conf.template
 	mv -f ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy-ssl.conf ${BUILDTOOLS_PATH}/install/docker/config/nginx/onlyoffice-proxy-ssl.conf.template

install/docker/.env

@@ -1,127 +1,156 @@
-# docker-compose tags #
-    PRODUCT=onlyoffice
-    REPO=${PRODUCT}
-    INSTALLATION_TYPE=COMMUNITY
-    STATUS=""
-    DOCKER_IMAGE_PREFIX=${STATUS}docspace
-    DOCKER_TAG=latest
-    CONTAINER_PREFIX=${PRODUCT}-
-    MYSQL_VERSION=8.3.0
-    MYSQL_IMAGE=mysql:${MYSQL_VERSION}
-    SERVICE_PORT=5050
-    DOCUMENT_SERVER_IMAGE_NAME=onlyoffice/4testing-documentserver-ee:latest
-    DOCKERFILE=Dockerfile.app
-    APP_DOTNET_ENV=""
-    EXTERNAL_PORT="80"
-
-# opensearch stack #
-    ELK_VERSION=2.11.1
-    ELK_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch
-    ELK_SHEME=http
-    ELK_HOST=""
-    ELK_PORT=9200
-    DASHBOARDS_VERSION=2.11.1
-    DASHBOARDS_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch-dashboards
-    DASHBOARDS_USERNAME=onlyoffice
-    DASHBOARDS_PASSWORD=onlyoffice
-    FLUENT_BIT_VERSION=3.0.2
-    FLUENT_BIT_CONTAINER_NAME=${CONTAINER_PREFIX}fluent-bit
-
-# app service environment #
-    ENV_EXTENSION=none
-    APP_CORE_BASE_DOMAIN=localhost
-    APP_URL_PORTAL="http://localhost:8092"
-    OAUTH_REDIRECT_URL="https://service.onlyoffice.com/oauth2.aspx"
-    WRONG_PORTAL_NAME_URL=""
-    LOG_LEVEL="Warning"
-    DEBUG_INFO="false"
-    
-    APP_KNOWN_PROXIES=""
-    APP_KNOWN_NETWORKS=""
-    APP_CORE_MACHINEKEY=your_core_machinekey
-
-    CERTIFICATE_PATH=""
-    CERTIFICATE_KEY_PATH=""
-    DHPARAM_PATH=""
-
-# docs #
-    DOCUMENT_CONTAINER_NAME=${CONTAINER_PREFIX}document-server
-    DOCUMENT_SERVER_URL_EXTERNAL=""
-    DOCUMENT_SERVER_JWT_SECRET=your_jwt_secret
-    DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt
-    DOCUMENT_SERVER_URL_PUBLIC=/ds-vpath/
-
-# redis # 
-    REDIS_CONTAINER_NAME=${CONTAINER_PREFIX}redis
-    REDIS_HOST=""
-    REDIS_PORT=6379
-    REDIS_USER_NAME=""
-    REDIS_PASSWORD=""
-
-# rabbitmq # 
-    RABBIT_CONTAINER_NAME=${CONTAINER_PREFIX}rabbitmq
-    RABBIT_HOST=""
-    RABBIT_PORT=5672
-    RABBIT_VIRTUAL_HOST=/
-    RABBIT_USER_NAME=guest
-    RABBIT_PASSWORD=guest
-
-# mysql # 
-    MYSQL_CONTAINER_NAME=${CONTAINER_PREFIX}mysql-server
-    MYSQL_HOST=""
-    MYSQL_PORT=3306
-    MYSQL_ROOT_PASSWORD=my-secret-pw
-    MYSQL_DATABASE=docspace
-    MYSQL_USER=${PRODUCT}_user
-    MYSQL_PASSWORD=${PRODUCT}_pass
-    DATABASE_MIGRATION=false
-    MIGRATION_TYPE="SAAS"
-
-# service host #
-    API_SYSTEM_HOST=${CONTAINER_PREFIX}api-system
-    BACKUP_HOST=${CONTAINER_PREFIX}backup
-    BACKUP_BACKGRUOND_TASKS_HOST=${CONTAINER_PREFIX}backup-background-tasks
-    CLEAR_EVENTS_HOST=${CONTAINER_PREFIX}clear-events
-    FILES_HOST=${CONTAINER_PREFIX}files
-    FILES_SERVICES_HOST=${CONTAINER_PREFIX}files-services
-    STORAGE_MIGRATION_HOST=${CONTAINER_PREFIX}storage-migration
-    NOTIFY_HOST=${CONTAINER_PREFIX}notify
-    PEOPLE_SERVER_HOST=${CONTAINER_PREFIX}people-server
-    SOCKET_HOST=${CONTAINER_PREFIX}socket
-    STUDIO_NOTIFY_HOST=${CONTAINER_PREFIX}studio-notify
-    API_HOST=${CONTAINER_PREFIX}api
-    STUDIO_HOST=${CONTAINER_PREFIX}studio
-    SSOAUTH_HOST=${CONTAINER_PREFIX}ssoauth
-    TELEGRAMREPORTS_HOST=${CONTAINER_PREFIX}telegramreports
-    MIGRATION_RUNNER_HOST=${CONTAINER_PREFIX}migration-runner
-    PROXY_HOST=${CONTAINER_PREFIX}proxy
-    ROUTER_HOST=${CONTAINER_PREFIX}router
-    DOCEDITOR_HOST=${CONTAINER_PREFIX}doceditor
-    LOGIN_HOST=${CONTAINER_PREFIX}login
-    MANAGEMENT_HOST={CONTAINER_PREFIX}management
-    HELTHCHECKS_HOST=${CONTAINER_PREFIX}healthchecks
-
-# router upstream environment #
-    SERVICE_API_SYSTEM=${API_SYSTEM_HOST}:${SERVICE_PORT}
-    SERVICE_BACKUP=${BACKUP_HOST}:${SERVICE_PORT}
-    SERVICE_BACKUP_BACKGRUOND_TASKS=${BACKUP_BACKGRUOND_TASKS_HOST}:${SERVICE_PORT}
-    SERVICE_CLEAR_EVENTS=${CLEAR_EVENTS_HOST}:${SERVICE_PORT}
-    SERVICE_FILES=${FILES_HOST}:${SERVICE_PORT}
-    SERVICE_FILES_SERVICES=${FILES_SERVICES_HOST}:${SERVICE_PORT}
-    SERVICE_STORAGE_MIGRATION=${STORAGE_MIGRATION_HOST}:${SERVICE_PORT}
-    SERVICE_NOTIFY=${NOTIFY_HOST}:${SERVICE_PORT}
-    SERVICE_PEOPLE_SERVER=${PEOPLE_SERVER_HOST}:${SERVICE_PORT}
-    SERVICE_SOCKET=${SOCKET_HOST}:${SERVICE_PORT}
-    SERVICE_STUDIO_NOTIFY=${STUDIO_NOTIFY_HOST}:${SERVICE_PORT}
-    SERVICE_API=${API_HOST}:${SERVICE_PORT}
-    SERVICE_STUDIO=${STUDIO_HOST}:${SERVICE_PORT}
-    SERVICE_SSOAUTH=${SSOAUTH_HOST}:${SERVICE_PORT}
-    SERVICE_TELEGRAMREPORTS=${TELEGRAMREPORTS_HOST}:${SERVICE_PORT}
-    SERVICE_DOCEDITOR=${DOCEDITOR_HOST}:5013
-    SERVICE_LOGIN=${LOGIN_HOST}:5011
-    SERVICE_MANAGEMENT={MANAGEMENT_HOST}:${SERVICE_PORT}
-    SERVICE_HELTHCHECKS=${HELTHCHECKS_HOST}:${SERVICE_PORT}
-    
-    NETWORK_NAME=${PRODUCT}
-    
-    COMPOSE_IGNORE_ORPHANS=True
+# docker-compose tags #
+    HUB=""
+    PRODUCT=onlyoffice
+    REPO=${PRODUCT}
+    INSTALLATION_TYPE=COMMUNITY
+    STATUS=""
+    DOCKER_IMAGE_PREFIX=${STATUS}docspace
+    CONTAINER_PREFIX=${PRODUCT}-
+    SERVICE_PORT=5050
+    DOCKERFILE=Dockerfile.app
+    APP_DOTNET_ENV=""
+    EXTERNAL_PORT="80"
+    UID="root"
+    GID="root" 
+
+# images version #
+    DOCKER_TAG=latest
+    MYSQL_VERSION=8.3.0
+    PROXY_VERSION=latest
+    REDIS_VERSION=7
+    RABBITMQ_VERSION=3
+    ELK_VERSION=2.11.1
+    FLUENT_BIT_VERSION=3.0.2
+    DASHBOARDS_VERSION=2.11.1
+    DOCUMENT_SERVER_VERSION=latest
+
+# images name #
+    MYSQL_IMAGE=mysql:${MYSQL_VERSION}
+    PROXY_IMAGE_NAME=nginx:${PROXY_VERSION}
+    REDIS_IMAGE_NAME=redis:${REDIS_VERSION}
+    RABBITMQ_IMAGE_NAME=rabbitmq:${RABBITMQ_VERSION}
+    ELK_IMAGE_NAME=${REPO}/opensearch:${ELK_VERSION}
+    FLUENT_BIT_IMAGE_NAME=fluent/fluent-bit:${FLUENT_BIT_VERSION}
+    DASHBOARDS_IMAGE_NAME=opensearchproject/opensearch-dashboards:${DASHBOARDS_VERSION}
+    DOCUMENT_SERVER_IMAGE_NAME=${REPO}/4testing-documentserver-ee:${DOCUMENT_SERVER_VERSION}
+
+# opensearch stack #
+    ELK_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch
+    ELK_SHEME=http
+    ELK_HOST=""
+    ELK_PORT=9200
+    DASHBOARDS_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch-dashboards
+    DASHBOARDS_USERNAME=onlyoffice
+    DASHBOARDS_PASSWORD=onlyoffice
+    FLUENT_BIT_CONTAINER_NAME=${CONTAINER_PREFIX}fluent-bit
+
+# app service environment #
+    ENV_EXTENSION=none
+    APP_CORE_BASE_DOMAIN=localhost
+    APP_URL_PORTAL="http://localhost:8092"
+    OAUTH_REDIRECT_URL="https://service.onlyoffice.com/oauth2.aspx"
+    WRONG_PORTAL_NAME_URL=""
+    LOG_LEVEL="Warning"
+    DEBUG_INFO="false"
+
+    APP_KNOWN_PROXIES=""
+    APP_KNOWN_NETWORKS=""
+    APP_CORE_MACHINEKEY=your_core_machinekey
+
+    CERTIFICATE_PATH=""
+    CERTIFICATE_KEY_PATH=""
+    DHPARAM_PATH=""
+
+# docs #
+    DOCUMENT_CONTAINER_NAME=${CONTAINER_PREFIX}document-server
+    DOCUMENT_SERVER_URL_EXTERNAL=""
+    DOCUMENT_SERVER_JWT_SECRET=your_jwt_secret
+    DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt
+    DOCUMENT_SERVER_URL_PUBLIC=/ds-vpath/
+
+# redis # 
+    REDIS_CONTAINER_NAME=${CONTAINER_PREFIX}redis
+    REDIS_HOST=""
+    REDIS_PORT=6379
+    REDIS_USER_NAME=""
+    REDIS_PASSWORD=""
+
+# rabbitmq # 
+    RABBIT_CONTAINER_NAME=${CONTAINER_PREFIX}rabbitmq
+    RABBIT_PROTOCOL=""
+    RABBIT_HOST=""
+    RABBIT_PORT=5672
+    RABBIT_VIRTUAL_HOST=/
+    RABBIT_USER_NAME=guest
+    RABBIT_PASSWORD=guest
+
+# mysql # 
+    MYSQL_CONTAINER_NAME=${CONTAINER_PREFIX}mysql-server
+    MYSQL_HOST=""
+    MYSQL_PORT=3306
+    MYSQL_ROOT_PASSWORD=my-secret-pw
+    MYSQL_DATABASE=docspace
+    MYSQL_USER=${PRODUCT}_user
+    MYSQL_PASSWORD=${PRODUCT}_pass
+    DATABASE_MIGRATION=false
+    MIGRATION_TYPE="SAAS"
+
+# service host #
+    API_SYSTEM_HOST=${CONTAINER_PREFIX}api-system
+    BACKUP_HOST=${CONTAINER_PREFIX}backup
+    BACKUP_BACKGRUOND_TASKS_HOST=${CONTAINER_PREFIX}backup-background-tasks
+    CLEAR_EVENTS_HOST=${CONTAINER_PREFIX}clear-events
+    FILES_HOST=${CONTAINER_PREFIX}files
+    FILES_SERVICES_HOST=${CONTAINER_PREFIX}files-services
+    STORAGE_MIGRATION_HOST=${CONTAINER_PREFIX}storage-migration
+    NOTIFY_HOST=${CONTAINER_PREFIX}notify
+    PEOPLE_SERVER_HOST=${CONTAINER_PREFIX}people-server
+    SOCKET_HOST=${CONTAINER_PREFIX}socket
+    STUDIO_NOTIFY_HOST=${CONTAINER_PREFIX}studio-notify
+    API_HOST=${CONTAINER_PREFIX}api
+    STUDIO_HOST=${CONTAINER_PREFIX}studio
+    SSOAUTH_HOST=${CONTAINER_PREFIX}ssoauth
+    TELEGRAMREPORTS_HOST=${CONTAINER_PREFIX}telegramreports
+    MIGRATION_RUNNER_HOST=${CONTAINER_PREFIX}migration-runner
+    PROXY_HOST=${CONTAINER_PREFIX}proxy
+    ROUTER_HOST=${CONTAINER_PREFIX}router
+    DOCEDITOR_HOST=${CONTAINER_PREFIX}doceditor
+    LOGIN_HOST=${CONTAINER_PREFIX}login
+    MANAGEMENT_HOST={CONTAINER_PREFIX}management
+    HELTHCHECKS_HOST=${CONTAINER_PREFIX}healthchecks
+
+# identity #
+    IDENTITY_PROFILE="dev"
+    IDENTITY_MIGRATION_CONTAINER_NAME=${CONTAINER_PREFIX}identity-migration
+    IDENTITY_MIGRATION_SERVER_PORT=8081
+    IDENTITY_AUTHORIZATION_CONTAINER_NAME=${CONTAINER_PREFIX}identity-authorization
+    IDENTITY_AUTHORIZATION_SERVER_PORT=8080
+    IDENTITY_API_CONTAINER_NAME=${CONTAINER_PREFIX}identity-api
+    IDENTITY_API_SERVER_PORT=9090
+
+# router upstream environment #
+    SERVICE_API_SYSTEM=${API_SYSTEM_HOST}:${SERVICE_PORT}
+    SERVICE_BACKUP=${BACKUP_HOST}:${SERVICE_PORT}
+    SERVICE_BACKUP_BACKGRUOND_TASKS=${BACKUP_BACKGRUOND_TASKS_HOST}:${SERVICE_PORT}
+    SERVICE_CLEAR_EVENTS=${CLEAR_EVENTS_HOST}:${SERVICE_PORT}
+    SERVICE_FILES=${FILES_HOST}:${SERVICE_PORT}
+    SERVICE_FILES_SERVICES=${FILES_SERVICES_HOST}:${SERVICE_PORT}
+    SERVICE_STORAGE_MIGRATION=${STORAGE_MIGRATION_HOST}:${SERVICE_PORT}
+    SERVICE_NOTIFY=${NOTIFY_HOST}:${SERVICE_PORT}
+    SERVICE_PEOPLE_SERVER=${PEOPLE_SERVER_HOST}:${SERVICE_PORT}
+    SERVICE_SOCKET=${SOCKET_HOST}:${SERVICE_PORT}
+    SERVICE_STUDIO_NOTIFY=${STUDIO_NOTIFY_HOST}:${SERVICE_PORT}
+    SERVICE_API=${API_HOST}:${SERVICE_PORT}
+    SERVICE_STUDIO=${STUDIO_HOST}:${SERVICE_PORT}
+    SERVICE_SSOAUTH=${SSOAUTH_HOST}:${SERVICE_PORT}
+    SERVICE_TELEGRAMREPORTS=${TELEGRAMREPORTS_HOST}:${SERVICE_PORT}
+    SERVICE_DOCEDITOR=${DOCEDITOR_HOST}:5013
+    SERVICE_LOGIN=${LOGIN_HOST}:5011
+    SERVICE_MANAGEMENT={MANAGEMENT_HOST}:${SERVICE_PORT}
+    SERVICE_HELTHCHECKS=${HELTHCHECKS_HOST}:${SERVICE_PORT}
+    SERVICE_IDENTITY_API=${IDENTITY_API_CONTAINER_NAME}:${IDENTITY_API_SERVER_PORT}
+    SERVICE_IDENTITY=${IDENTITY_AUTHORIZATION_CONTAINER_NAME}:${IDENTITY_AUTHORIZATION_SERVER_PORT}
+
+    NETWORK_NAME=${PRODUCT}
+
+    COMPOSE_IGNORE_ORPHANS=True

install/docker/Dockerfile

@@ -28,7 +28,7 @@ ARG PRODUCT_VERSION=0.0.0
 ARG BUILD_NUMBER=0
 
 LABEL onlyoffice.appserver.release-date="${RELEASE_DATE}" \
-      maintainer="Ascensio System SIA <support@onlyoffice.com>"
+    maintainer="Ascensio System SIA <support@onlyoffice.com>"
 
 ENV LANG=en_US.UTF-8 \
     LANGUAGE=en_US:en \
@@ -40,10 +40,10 @@ COPY . .
 
 RUN apt-get -y update && \
     apt-get install -yq \
-        sudo \
-        locales \
-        git \
-        npm  && \
+    sudo \
+    locales \
+    git \
+    npm  && \
     locale-gen en_US.UTF-8 && \
     npm install --global yarn && \
     echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
@@ -81,7 +81,7 @@ RUN mkdir -p /app/onlyoffice/ && \
     rm -rf ${SRC_PATH}/products/ASC.Files/Service/* && \
     rm -rf ${SRC_PATH}/products/ASC.Files/Server/* && \
     rm -rf ${SRC_PATH}/products/ASC.People/Server/* 
-  
+
 FROM $DOTNET_RUN as dotnetrun
 ARG BUILD_PATH
 ARG SRC_PATH
@@ -98,16 +98,16 @@ RUN mkdir -p /var/log/onlyoffice && \
     chown onlyoffice:onlyoffice /var/www -R && \
     apt-get -y update && \
     apt-get install -yq \
-        python3-pip \
-        nano \
-        curl \
-        vim \
-        libgdiplus && \
+    python3-pip \
+    nano \
+    curl \
+    vim \
+    libgdiplus && \
     pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces && \
     rm -rf /var/lib/apt/lists/*
 
 COPY --from=base --chown=onlyoffice:onlyoffice /app/onlyoffice/config/* /app/onlyoffice/config/
-        
+
 #USER onlyoffice
 EXPOSE 5050
 ENTRYPOINT ["python3", "docker-entrypoint.py"]
@@ -127,10 +127,10 @@ RUN mkdir -p /var/log/onlyoffice && \
     chown onlyoffice:onlyoffice /var/www -R && \
     apt-get -y update && \
     apt-get install -yq \ 
-            nano \
-            curl \
-            vim \
-            python3-pip && \
+    nano \
+    curl \
+    vim \
+    python3-pip && \
     pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
     rm -rf /var/lib/apt/lists/*
 
@@ -176,6 +176,8 @@ RUN chown nginx:nginx /etc/nginx/* -R && \
     sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
     if [[ -z "${SERVICE_CLIENT}" ]] ; then sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
     if [[ -z "${SERVICE_MANAGEMENT}" ]] ; then sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
     sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \

install/docker/Dockerfile.app

@@ -17,7 +17,7 @@ ARG DEBUG_INFO="true"
 ARG PUBLISH_CNF="Release"
 
 LABEL onlyoffice.appserver.release-date="${RELEASE_DATE}" \
-      maintainer="Ascensio System SIA <support@onlyoffice.com>"
+    maintainer="Ascensio System SIA <support@onlyoffice.com>"
 
 ENV LANG=en_US.UTF-8 \
     LANGUAGE=en_US:en \
@@ -25,13 +25,16 @@ ENV LANG=en_US.UTF-8 \
 
 RUN apt-get -y update && \
     apt-get install -yq \
-        sudo \
-        locales \
-        git \
-        python3-pip \
-        npm  && \
+    sudo \
+    locales \
+    git \
+    python3-pip \
+    maven \
+    npm  && \
     locale-gen en_US.UTF-8 && \
     npm install --global yarn && \
+    wget -O openjdk-21-jdk.deb https://download.oracle.com/java/21/latest/jdk-21_linux-x64_bin.deb && \
+    dpkg -i openjdk-21-jdk.deb && apt-get install -f && \
     echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
     curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/nodesource.gpg --import && \
     chmod 644 /usr/share/keyrings/nodesource.gpg && \
@@ -52,7 +55,7 @@ RUN cd ${SRC_PATH} && \
     cd ${SRC_PATH} && \
     cp buildtools/config/*.config /app/onlyoffice/config/ && \
     mkdir -p /etc/nginx/conf.d && cp -f buildtools/config/nginx/onlyoffice*.conf /etc/nginx/conf.d/ && \
-    mkdir -p /etc/nginx/includes/ && cp -f buildtools/config/nginx/includes/onlyoffice*.conf /etc/nginx/includes/ && \
+    mkdir -p /etc/nginx/includes/ && cp -f buildtools/config/nginx/includes/onlyoffice*.conf /etc/nginx/includes/ && cp -f buildtools/config/nginx/includes/server-*.conf /etc/nginx/includes/ && \
     sed -i "s/\"number\".*,/\"number\": \"${PRODUCT_VERSION}.${BUILD_NUMBER}\",/g" /app/onlyoffice/config/appsettings.json && \
     sed -e 's/#//' -i /etc/nginx/conf.d/onlyoffice.conf && \
     cd ${SRC_PATH}/buildtools/install/common/ && \
@@ -66,10 +69,10 @@ RUN cd ${SRC_PATH} && \
     rm -rf ${SRC_PATH}/server/products/ASC.Files/Server/* && \
     rm -rf ${SRC_PATH}/server/products/ASC.Files/Service/* && \
     rm -rf ${SRC_PATH}/server/products/ASC.People/Server/* 
-  
-COPY config/mysql/conf.d/mysql.cnf /etc/mysql/conf.d/mysql.cnf
 
-FROM $DOTNET_RUN as dotnetrun
+COPY --chown=onlyoffice:onlyoffice config/mysql/conf.d/mysql.cnf /etc/mysql/conf.d/mysql.cnf
+
+FROM $DOTNET_RUN AS dotnetrun
 ARG BUILD_PATH
 ARG SRC_PATH
 ENV BUILD_PATH=${BUILD_PATH}
@@ -85,22 +88,22 @@ RUN mkdir -p /var/log/onlyoffice && \
     chown onlyoffice:onlyoffice /var/www -R && \
     apt-get -y update && \
     apt-get install -yq \
-        sudo \
-        nano \
-        curl \
-        vim \
-        python3-pip \
-        libgdiplus && \
+    sudo \
+    nano \
+    curl \
+    vim \
+    python3-pip \
+    libgdiplus && \
     pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
     rm -rf /var/lib/apt/lists/*
 
 COPY --from=base --chown=onlyoffice:onlyoffice /app/onlyoffice/config/* /app/onlyoffice/config/
-        
-#USER onlyoffice
+
+USER onlyoffice
 EXPOSE 5050
 ENTRYPOINT ["python3", "docker-entrypoint.py"]
 
-FROM node:20-slim as noderun
+FROM node:20-slim AS noderun
 ARG BUILD_PATH
 ARG SRC_PATH 
 ENV BUILD_PATH=${BUILD_PATH}
@@ -115,19 +118,35 @@ RUN mkdir -p /var/log/onlyoffice && \
     chown onlyoffice:onlyoffice /var/www -R && \
     apt-get -y update && \
     apt-get install -yq \ 
-        sudo \
-        nano \
-        curl \
-        vim \
-        python3-pip && \
-        pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
+    sudo \
+    nano \
+    curl \
+    vim \
+    python3-pip && \
+    pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
     rm -rf /var/lib/apt/lists/*
 
 COPY --from=base --chown=onlyoffice:onlyoffice /app/onlyoffice/config/* /app/onlyoffice/config/
-
+USER onlyoffice
 EXPOSE 5050
 ENTRYPOINT ["python3", "docker-entrypoint.py"]
 
+FROM eclipse-temurin:21-jre-alpine AS javarun
+ARG BUILD_PATH
+ENV BUILD_PATH=${BUILD_PATH}
+
+RUN mkdir -p /var/log/onlyoffice && \
+    mkdir -p /var/www/onlyoffice && \
+    addgroup -S -g 107 onlyoffice && \
+    adduser -S -u 104 -h /var/www/onlyoffice -G onlyoffice onlyoffice && \
+    chown onlyoffice:onlyoffice /var/log -R  && \
+    chown onlyoffice:onlyoffice /var/www -R && \
+    apk add --no-cache sudo bash nano curl 
+
+COPY ./docker-identity-entrypoint.sh /usr/bin/docker-identity-entrypoint.sh
+USER onlyoffice
+ENTRYPOINT ["bash", "/usr/bin/docker-identity-entrypoint.sh"]
+
 ## Nginx image ##
 FROM openresty/openresty:focal AS router
 ARG SRC_PATH
@@ -139,25 +158,32 @@ ENV DNS_NAMESERVER=127.0.0.11 \
 
 RUN apt-get -y update && \
     apt-get install -yq vim && \
+    mkdir -p /var/log/nginx/ && \
     addgroup --system --gid 107 onlyoffice && \
     adduser -uid 104 --quiet --home /var/www/onlyoffice --system --gid 107 onlyoffice && \
     rm -rf /var/lib/apt/lists/* && \
-    rm -rf /usr/share/nginx/html/* 
+    rm -rf /usr/share/nginx/html/* && \
+    chown -R onlyoffice:onlyoffice /etc/nginx/ && \
+    chown -R onlyoffice:onlyoffice /var/ && \
+    chown -R onlyoffice:onlyoffice /usr/ && \
+    chown -R onlyoffice:onlyoffice /run/ && \
+    chown -R onlyoffice:onlyoffice /var/log/nginx/
 
 # copy static services files and config values 
-COPY --from=base /etc/nginx/conf.d /etc/nginx/conf.d
-COPY --from=base /etc/nginx/includes /etc/nginx/includes
-COPY --from=base ${SRC_PATH}/publish/web/client ${BUILD_PATH}/client
-COPY --from=base ${SRC_PATH}/publish/web/public ${BUILD_PATH}/public
-COPY --from=base ${SRC_PATH}/campaigns/src/campaigns ${BUILD_PATH}/public/campaigns
-COPY --from=base ${SRC_PATH}/publish/web/management ${BUILD_PATH}/management
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/config/nginx/docker-entrypoint.d /docker-entrypoint.d
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/upstream.conf.template /etc/nginx/templates/upstream.conf.template
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/nginx.conf.template /etc/nginx/nginx.conf.template
-COPY --from=base ${SRC_PATH}/buildtools/config/nginx/html /etc/nginx/html
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/prepare-nginx-router.sh /docker-entrypoint.d/prepare-nginx-router.sh
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/config/nginx/docker-entrypoint.sh /docker-entrypoint.sh
+COPY --from=base --chown=onlyoffice:onlyoffice /etc/nginx/conf.d /etc/nginx/conf.d
+COPY --from=base --chown=onlyoffice:onlyoffice /etc/nginx/includes /etc/nginx/includes
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/publish/web/client ${BUILD_PATH}/client
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/publish/web/public ${BUILD_PATH}/public
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/campaigns/src/campaigns ${BUILD_PATH}/public/campaigns
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/publish/web/management ${BUILD_PATH}/management
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/config/nginx/docker-entrypoint.d /docker-entrypoint.d
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/upstream.conf.template /etc/nginx/templates/upstream.conf.template
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/nginx.conf.template /etc/nginx/nginx.conf.template
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/config/nginx/html /etc/nginx/html
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/prepare-nginx-router.sh /docker-entrypoint.d/prepare-nginx-router.sh
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/config/nginx/docker-entrypoint.sh /docker-entrypoint.sh
 
+USER onlyoffice
 
 # changes for upstream configure
 RUN sed -i 's/127.0.0.1:5010/$service_api_system/' /etc/nginx/conf.d/onlyoffice.conf && \
@@ -170,10 +196,12 @@ RUN sed -i 's/127.0.0.1:5010/$service_api_system/' /etc/nginx/conf.d/onlyoffice.
     sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
     if [[ -z "${SERVICE_CLIENT}" ]] ; then sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
     if [[ -z "${SERVICE_MANAGEMENT}" ]] ; then sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
     sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \
-    sed -i 's/127.0.0.1:5601/$dashboards_host:5601/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:5601/$dashboards_host:5601/' /etc/nginx/includes/server-dashboards.conf && \
     sed -i 's/$public_root/\/var\/www\/public\//' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/http:\/\/172.*/$document_server;/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i '/client_body_temp_path/ i \ \ \ \ $MAP_HASH_BUCKET_SIZE' /etc/nginx/nginx.conf.template && \
@@ -185,7 +213,7 @@ ENTRYPOINT  [ "/docker-entrypoint.sh" ]
 CMD ["/usr/local/openresty/bin/openresty", "-g", "daemon off;"]
 
 ## Doceditor ##
-FROM noderun as doceditor
+FROM noderun AS doceditor
 WORKDIR ${BUILD_PATH}/products/ASC.Editors/editor
 
 COPY --chown=onlyoffice:onlyoffice docker-entrypoint.py ./docker-entrypoint.py
@@ -194,7 +222,7 @@ COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/publish/web/editor/ .
 CMD ["server.js", "ASC.Editors"]
 
 ## Login ##
-FROM noderun as login
+FROM noderun AS login
 WORKDIR ${BUILD_PATH}/products/ASC.Login/login
 
 COPY --chown=onlyoffice:onlyoffice docker-entrypoint.py ./docker-entrypoint.py
@@ -251,14 +279,14 @@ CMD ["ASC.Files.dll", "ASC.Files"]
 FROM dotnetrun AS files_services
 ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64
 WORKDIR ${BUILD_PATH}/products/ASC.Files/service/
-
+USER root
 RUN  echo "deb http://security.ubuntu.com/ubuntu focal-security main" | tee /etc/apt/sources.list && \
-     apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \
-     apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \
-     apt-get -y update && \
-     apt-get install -yq libssl1.1 && \
-     rm -rf /var/lib/apt/lists/*
-
+    apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \
+    apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \
+    apt-get -y update && \
+    apt-get install -yq libssl1.1 && \
+    rm -rf /var/lib/apt/lists/*
+USER onlyoffice
 COPY --chown=onlyoffice:onlyoffice docker-entrypoint.py ./docker-entrypoint.py
 COPY --from=base --chown=onlyoffice:onlyoffice ${BUILD_PATH}/services/ASC.Files.Service/service/ .
 COPY --from=onlyoffice/ffvideo:6.0 --chown=onlyoffice:onlyoffice /usr/local /usr/local/
@@ -344,27 +372,50 @@ ARG BUILD_PATH
 ARG SRC_PATH 
 ENV BUILD_PATH=${BUILD_PATH}
 ENV SRC_PATH=${SRC_PATH}
+RUN addgroup --system --gid 107 onlyoffice && \
+    adduser -uid 104 --quiet --home /var/www/onlyoffice --system --gid 107 onlyoffice
+USER onlyoffice
 WORKDIR ${BUILD_PATH}/services/ASC.Migration.Runner/
 COPY  ./docker-migration-entrypoint.sh ./docker-migration-entrypoint.sh
 COPY --from=base ${SRC_PATH}/server/ASC.Migration.Runner/service/ .
 
 ENTRYPOINT ["./docker-migration-entrypoint.sh"]
 
+## ASC.Identity.Authorization ##
+FROM javarun AS identity-authorization
+WORKDIR ${BUILD_PATH}/services/ASC.Identity.Authorization/
+COPY --from=base --chown=onlyoffice:onlyoffice ${BUILD_PATH}/services/ASC.Identity.Authorization/service/ .
+CMD ["ASC.Identity.Authorization"]
+
+## ASC.Identity.Registration ##
+FROM javarun AS identity-api
+WORKDIR ${BUILD_PATH}/services/ASC.Identity.Registration/
+COPY --from=base --chown=onlyoffice:onlyoffice  ${BUILD_PATH}/services/ASC.Identity.Registration/service/ .
+CMD ["ASC.Identity.Registration"]
+
+## ASC.Identity.Migration ##
+FROM javarun AS identity-migration
+WORKDIR ${BUILD_PATH}/services/ASC.Identity.Migration/
+COPY --from=base --chown=onlyoffice:onlyoffice  ${BUILD_PATH}/services/ASC.Identity.Migration/service/ .
+CMD ["ASC.Identity.Migration"]
+
 ## image for k8s bin-share ##
 FROM busybox:latest AS bin_share
 RUN mkdir -p /app/ASC.Files/server && \
     mkdir -p /app/ASC.People/server && \
     addgroup --system --gid 107 onlyoffice && \
     adduser -u 104 onlyoffice --home /var/www/onlyoffice --system -G onlyoffice
-
-COPY bin-share-docker-entrypoint.sh /app/docker-entrypoint.sh
-COPY --from=base /var/www/products/ASC.Files/server/ /app/ASC.Files/server/
-COPY --from=base /var/www/products/ASC.People/server/ /app/ASC.People/server/
+USER onlyoffice
+COPY --chown=onlyoffice:onlyoffice bin-share-docker-entrypoint.sh /app/docker-entrypoint.sh
+COPY --from=base --chown=onlyoffice:onlyoffice /var/www/products/ASC.Files/server/ /app/ASC.Files/server/
+COPY --from=base --chown=onlyoffice:onlyoffice /var/www/products/ASC.People/server/ /app/ASC.People/server/
 ENTRYPOINT ["./app/docker-entrypoint.sh"]
 
 ## image for k8s wait-bin-share ##
 FROM busybox:latest AS wait_bin_share
-RUN mkdir /app
-
-COPY wait-bin-share-docker-entrypoint.sh /app/docker-entrypoint.sh
+RUN addgroup --system --gid 107 onlyoffice && \
+    adduser -u 104 onlyoffice --home /var/www/onlyoffice --system -G onlyoffice && \
+    mkdir /app
+USER onlyoffice
+COPY --chown=onlyoffice:onlyoffice wait-bin-share-docker-entrypoint.sh /app/docker-entrypoint.sh
 ENTRYPOINT ["./app/docker-entrypoint.sh"]

install/docker/Dockerfile.runtime

@@ -36,11 +36,11 @@ RUN mkdir -p /var/log/onlyoffice && \
     chown onlyoffice:onlyoffice /var/www -R && \
     apt-get -y update && \
     apt-get install -yq \
-        python3-pip \
-        nano \
-        curl \
-        vim \
-        libgdiplus && \
+    python3-pip \
+    nano \
+    curl \
+    vim \
+    libgdiplus && \
     pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
     rm -rf /var/lib/apt/lists/*
 
@@ -64,10 +64,10 @@ RUN mkdir -p /var/log/onlyoffice && \
     chown onlyoffice:onlyoffice /var/www -R && \
     apt-get -y update && \
     apt-get install -yq \ 
-            nano \
-            curl \
-            vim \
-            python3-pip && \
+    nano \
+    curl \
+    vim \
+    python3-pip && \
     pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
     rm -rf /var/lib/apt/lists/*
 
@@ -122,6 +122,8 @@ RUN chown onlyoffice:onlyoffice /etc/nginx/* -R && \
     sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf && \
     sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \

install/docker/bin-share-docker-entrypoint.sh

@@ -5,6 +5,5 @@ echo "#####    Run preparation for launching DocSpace services     #####"
 echo "##################################################################"
 cp -r /app/ASC.Files/server/* /var/www/products/ASC.Files/server/
 cp -r /app/ASC.People/server/* /var/www/products/ASC.People/server/
-chown -R onlyoffice:onlyoffice /var/www/products/
 echo "Ok" > /var/www/products/ASC.Files/server/status.txt
 echo "Preparation for launching DocSpace services is complete"

install/docker/build-identity.yml

@@ -0,0 +1,65 @@
+x-build: &x-build
+  context: ../../../server/common/ASC.Identity
+  dockerfile: Dockerfile
+  
+x-common-environment: &x-common-environment
+  JDBC_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+  JDBC_URL: ${MYSQL_HOST}
+  JDBC_USER_NAME: root
+  JDBC_DATABASE: ${MYSQL_DATABASE}
+  RABBIT_HOST: ${RABBIT_CONTAINER_NAME}
+  REDIS_HOST: ${REDIS_CONTAINER_NAME}
+
+services:
+  onlyoffice-identity-authorization:
+    build: 
+      <<: *x-build
+      args: 
+        - MODULE=authorization/authorization-container
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-identity-authorization:${DOCKER_TAG}"
+    container_name: ${IDENTITY_AUTHORIZATION_CONTAINER_NAME}
+    restart: always
+    ports:
+      - "${IDENTITY_AUTHORIZATION_SERVER_PORT}:${IDENTITY_AUTHORIZATION_SERVER_PORT}"
+    environment:
+      <<: *x-common-environment
+      SPRING_PROFILES_ACTIVE: ${IDENTITY_PROFILE}
+      SPRING_APPLICATION_NAME: ASC.Identity.Authorization
+      SERVER_PORT: ${IDENTITY_AUTHORIZATION_SERVER_PORT}
+    depends_on:
+      - onlyoffice-identity-migration
+
+  onlyoffice-identity-api:
+    build:
+      <<: *x-build
+      args: 
+        - MODULE=registration/registration-container
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-identity-api:${DOCKER_TAG}"
+    container_name: ${IDENTITY_API_CONTAINER_NAME}
+    ports:
+      - "${IDENTITY_API_SERVER_PORT}:${IDENTITY_API_SERVER_PORT}"
+    environment:
+      <<: *x-common-environment
+      SPRING_PROFILES_ACTIVE: ${IDENTITY_PROFILE}
+      SPRING_APPLICATION_NAME: ASC.Identity.Registration
+      SERVER_PORT: ${IDENTITY_API_SERVER_PORT}
+    depends_on:
+      - onlyoffice-identity-migration
+
+  onlyoffice-identity-migration:
+    build:
+      <<: *x-build
+      args: 
+        - MODULE=infrastructure/infrastructure-migration-runner
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-identity-migration:${DOCKER_TAG}"
+    container_name: ${IDENTITY_MIGRATION_CONTAINER_NAME} 
+    restart: "no"
+    ports:
+      - "${IDENTITY_MIGRATION_SERVER_PORT}:${IDENTITY_MIGRATION_SERVER_PORT}"
+    environment:
+      <<: *x-common-environment
+
+networks:
+  default:
+    name: ${NETWORK_NAME}
+    external: true

install/docker/build.yml

@@ -138,3 +138,24 @@ services:
       dockerfile: "${DOCKERFILE}"
       target: healthchecks
     image: "${REPO}/${DOCKER_IMAGE_PREFIX}-healthchecks:${DOCKER_TAG}"
+
+  onlyoffice-identity-authorization:
+    build:
+      context:  ./
+      dockerfile: "${DOCKERFILE}"
+      target: identity-authorization
+    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-identity-authorization:${DOCKER_TAG}"
+
+  onlyoffice-identity-api:
+    build:
+      context:  ./
+      dockerfile: "${DOCKERFILE}"
+      target: identity-api
+    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-identity-api:${DOCKER_TAG}"
+
+  onlyoffice-identity-migration:
+    build:
+      context:  ./
+      dockerfile: "${DOCKERFILE}"
+      target: identity-migration
+    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-identity-migration:${DOCKER_TAG}"

install/docker/config/docspace-ssl-setup

@@ -103,7 +103,7 @@ case $1 in
       echo "Generating Let's Encrypt SSL Certificates..."
 
       # Request and generate Let's Encrypt SSL certificate
-      docker run -it --rm \
+      docker run --rm \
       -v /etc/letsencrypt:/etc/letsencrypt \
       -v /var/lib/letsencrypt:/var/lib/letsencrypt \
       -v /var/log:/var/log \
@@ -132,7 +132,7 @@ if [ -f "${CERTIFICATE_FILE}" ]; then
       # Create and set permissions for docspace-renew-letsencrypt
       echo '#!/bin/bash' > ${DIR}/${PRODUCT}-renew-letsencrypt
       echo "docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml down" >> ${DIR}/${PRODUCT}-renew-letsencrypt
-      echo 'docker run -it --rm \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
+      echo 'docker run --rm \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
       echo '    -v /etc/letsencrypt:/etc/letsencrypt \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
       echo '    -v /var/lib/letsencrypt:/var/lib/letsencrypt \' >> ${DIR}/${PRODUCT}-renew-letsencrypt
       echo '    certbot/certbot renew' >> ${DIR}/${PRODUCT}-renew-letsencrypt

install/docker/config/mysql/conf.d/mysql.cnf

@@ -3,3 +3,4 @@ sql_mode = 'NO_ENGINE_SUBSTITUTION'
 max_connections = 1000
 max_allowed_packet = 1048576000
 group_concat_max_len = 2048
+log_bin_trust_function_creators = 1

install/docker/config/nginx/onlyoffice-proxy.conf

@@ -1,7 +1,7 @@
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection $proxy_connection;
 proxy_set_header Host $this_host;
-proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host:$proxy_x_forwarded_port;
+proxy_set_header X-Forwarded-Host $proxy_x_forwarded_host;
 proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_hide_header 'Server';

install/docker/config/nginx/templates/proxy.upstream.conf.template

@@ -16,8 +16,8 @@ map $http_x_forwarded_host $proxy_x_forwarded_host {
 }
 
 map $http_x_forwarded_port $proxy_x_forwarded_port {
-  default $EXTERNAL_PORT;
-  ~^(.*)$ $1;
+  default $http_x_forwarded_port;
+  '' $server_port;
 }
 
 map $http_upgrade $proxy_connection {

install/docker/config/nginx/templates/upstream.conf.template

@@ -54,6 +54,18 @@ map $SERVICE_API $service_api {
     default $SERVICE_API;
 }
 
+map $SERVICE_IDENTITY_API $service_identity_api {
+    volatile;
+    "" 127.0.0.1:9090;
+    default $SERVICE_IDENTITY_API;
+}
+
+map $SERVICE_IDENTITY $service_identity {
+    volatile;
+    "" 127.0.0.1:8080;
+    default $SERVICE_IDENTITY;
+}
+
 map $SERVICE_STUDIO $service_studio {
     volatile;
     "" 127.0.0.1:5003;

install/docker/dashboards.yml

@@ -1,6 +1,6 @@
 services:
   onlyoffice-opensearch-dashboards:
-    image: opensearchproject/opensearch-dashboards:${DASHBOARDS_VERSION}
+    image: ${HUB}${DASHBOARDS_IMAGE_NAME}
     container_name: ${DASHBOARDS_CONTAINER_NAME}
     restart: always
     environment:
@@ -9,6 +9,12 @@ services:
       - "SERVER_BASEPATH=/dashboards"
     expose:
       - "5601"
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:5601/api/status"]
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
 
 networks:
   default:

install/docker/db.yml

@@ -1,6 +1,6 @@
 services:
   onlyoffice-mysql-server:
-    image: ${MYSQL_IMAGE}
+    image: ${HUB}${MYSQL_IMAGE}
     cap_add:
       - SYS_NICE
     container_name: ${MYSQL_CONTAINER_NAME}
@@ -17,9 +17,10 @@ services:
       MYSQL_USER: ${MYSQL_USER}
       MYSQL_PASSWORD: ${MYSQL_PASSWORD}
     healthcheck:
-      test: ["CMD-SHELL", "mysqladmin ping --silent"]
+      test: ["CMD", "mysql", "-u", "${MYSQL_USER}", "--password=${MYSQL_PASSWORD}", "-e", ";"]
       interval: 10s
       timeout: 5s
+      start_period: 10s
       retries: 3
     volumes:
       - mysql_data:/var/lib/mysql

install/docker/docker-entrypoint.py

@@ -69,13 +69,18 @@ REDIS_PASSWORD = {"Password": os.environ["REDIS_PASSWORD"]} if environ.get("REDI
 REDIS_CONNECTION_HOST = REDIS_HOST if REDIS_HOST else REDIS_CONTAINER_NAME
 
 RABBIT_CONTAINER_NAME = os.environ["RABBIT_CONTAINER_NAME"] if environ.get("RABBIT_CONTAINER_NAME") else "onlyoffice-rabbitmq"
+RABBIT_PROTOCOL = os.environ["RABBIT_PROTOCOL"] if environ.get("RABBIT_PROTOCOL") else "amqp"
 RABBIT_HOST = os.environ["RABBIT_HOST"] if environ.get("RABBIT_HOST") else None
 RABBIT_USER_NAME = os.environ["RABBIT_USER_NAME"] if environ.get("RABBIT_USER_NAME") else "guest"
 RABBIT_PASSWORD = os.environ["RABBIT_PASSWORD"] if environ.get("RABBIT_PASSWORD") else "guest"
 RABBIT_PORT =  os.environ["RABBIT_PORT"] if environ.get("RABBIT_PORT") else "5672"
 RABBIT_VIRTUAL_HOST = os.environ["RABBIT_VIRTUAL_HOST"] if environ.get("RABBIT_VIRTUAL_HOST") else "/"
-RABBIT_URI = {"Uri": os.environ["RABBIT_URI"]} if environ.get("RABBIT_URI") else None
 RABBIT_CONNECTION_HOST = RABBIT_HOST if RABBIT_HOST else RABBIT_CONTAINER_NAME
+RABBIT_URI = (
+    {"Uri": os.environ["RABBIT_URI"]} if os.environ.get("RABBIT_URI")
+    else {"Uri": f"{RABBIT_PROTOCOL}://{RABBIT_USER_NAME}:{RABBIT_PASSWORD}@{RABBIT_HOST}:{RABBIT_PORT}{RABBIT_VIRTUAL_HOST}"}
+    if RABBIT_PROTOCOL == "amqps" and RABBIT_HOST else None
+)
 
 class RunServices:
     def __init__(self, SERVICE_PORT, PATH_TO_CONF):

install/docker/docker-identity-entrypoint.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+export SPRING_APPLICATION_NAME="${1}"
+
+export JDBC_URL=${MYSQL_HOST:-${MYSQL_CONTAINER_NAME}}
+export JDBC_DATABASE=${MYSQL_DATABASE:-"onlyoffice"}
+export JDBC_USER_NAME=${MYSQL_USER:-"onlyoffice_user"}
+export JDBC_PASSWORD=${MYSQL_PASSWORD:-"onlyoffice_pass"}
+
+export REDIS_HOST=${REDIS_HOST:-${REDIS_CONTAINER_NAME}}
+export REDIS_PORT=${REDIS_PORT:-"6379"}
+export REDIS_USERNAME=${REDIS_USER_NAME}
+export REDIS_PASSWORD=${REDIS_PASSWORD}
+
+export RABBIT_PROTOCOL=${RABBIT_PROTOCOL:-"amqp"}
+export RABBIT_HOST=${RABBIT_HOST:-${RABBIT_CONTAINER_NAME}}
+export RABBIT_USER_NAME=${RABBIT_USER_NAME:-"guest"}
+export RABBIT_PASSWORD=${RABBIT_PASSWORD:-"guest"}
+export RABBIT_VIRTUAL_HOST=${RABBIT_VIRTUAL_HOST:-"/"}
+export RABBIT_URI="${RABBIT_PROTOCOL}://${RABBIT_USER_NAME}:${RABBIT_PASSWORD}@${RABBIT_HOST}${RABBIT_VIRTUAL_HOST}"
+
+export LOG_FILE_PATH="${LOG_DIR:-"/var/log/onlyoffice"}/${SPRING_APPLICATION_NAME}.log"
+
+java -jar ${BUILD_PATH}/services/${SPRING_APPLICATION_NAME}/app.jar

install/docker/docspace.overcome.yml

@@ -149,8 +149,13 @@ services:
   onlyoffice-studio:
     <<: *x-profiles-local
     image: ${Baseimage_Dotnet_Run}
-    working_dir: ${BUILD_PATH}/studio/ASC.Web.Studio/
-    command: ["ASC.Web.Studio.dll", "ASC.Web.Studio"]
+    working_dir: ${BUILD_PATH}/studio/ASC.Web.Studio/    
+    command:
+     [
+       "ASC.Web.Studio.dll",
+       "ASC.Web.Studio",
+       "core:eventBus:subscriptionClientName=asc_event_bus_webstudio_queue",
+     ]
     volumes:
       - ${SRC_PATH}/ASC.Web.Studio/service:${BUILD_PATH}/studio/ASC.Web.Studio/
       - ${SRC_PATH}/ASC.Files/service/:${BUILD_PATH}/products/ASC.Files/server/

install/docker/docspace.profiles.yml

@@ -45,6 +45,7 @@ x-service: &x-service-base
     ELK_HOST: ${ELK_HOST}
     ELK_PORT: ${ELK_PORT}
     REDIS_CONTAINER_NAME: ${REDIS_CONTAINER_NAME}
+    RABBIT_PROTOCOL: ${RABBIT_PROTOCOL}
     REDIS_HOST: ${REDIS_HOST}
     REDIS_PORT: ${REDIS_PORT}
     REDIS_USER_NAME: ${REDIS_USER_NAME}
@@ -264,6 +265,8 @@ services:
       - SERVICE_NOTIFY=${SERVICE_NOTIFY}
       - SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER}
       - SERVICE_SOCKET=${SERVICE_SOCKET}
+      - SERVICE_IDENTITY_API=${SERVICE_IDENTITY_API}
+      - SERVICE_IDENTITY=${SERVICE_IDENTITY}
       - SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY}
       - SERVICE_API=${SERVICE_API}
       - SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM}

install/docker/docspace.yml

@@ -1,5 +1,4 @@
-x-healthcheck:
-  &x-healthcheck
+x-healthcheck: &x-healthcheck
   test: curl --fail http://127.0.0.1 || exit 1
   interval: 60s
   retries: 5
@@ -8,6 +7,7 @@ x-healthcheck:
 
 x-service: &x-service-base
   container_name: base
+  user: "${UID}:${GID}"
   restart: always
   expose:
     - ${SERVICE_PORT}
@@ -42,6 +42,7 @@ x-service: &x-service-base
     REDIS_USER_NAME: ${REDIS_USER_NAME}
     REDIS_PASSWORD: ${REDIS_PASSWORD}
     RABBIT_CONTAINER_NAME: ${RABBIT_CONTAINER_NAME}
+    RABBIT_PROTOCOL: ${RABBIT_PROTOCOL}
     RABBIT_HOST: ${RABBIT_HOST}
     RABBIT_PORT: ${RABBIT_PORT}
     RABBIT_VIRTUAL_HOST: ${RABBIT_VIRTUAL_HOST}
@@ -61,94 +62,94 @@ x-service: &x-service-base
 services:
   onlyoffice-backup-background-tasks:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup-background:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-backup-background:${DOCKER_TAG}"
     container_name: ${BACKUP_BACKGRUOND_TASKS_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1
 
   onlyoffice-backup:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-backup:${DOCKER_TAG}"
     container_name: ${BACKUP_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1
 
   onlyoffice-clear-events:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-clear-events:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-clear-events:${DOCKER_TAG}"
     container_name: ${CLEAR_EVENTS_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1
 
   onlyoffice-files:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-files:${DOCKER_TAG}"
     container_name: ${FILES_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_FILES}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_FILES}/health/ || exit 1
 
   onlyoffice-files-services:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files-services:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-files-services:${DOCKER_TAG}"
     container_name: ${FILES_SERVICES_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1
 
   onlyoffice-people-server:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-people-server:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-people-server:${DOCKER_TAG}"
     container_name: ${PEOPLE_SERVER_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1
 
   onlyoffice-socket:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-socket:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-socket:${DOCKER_TAG}"
     container_name: ${SOCKET_HOST}
     expose:
       - ${SERVICE_PORT}
 
   onlyoffice-studio-notify:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio-notify:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-studio-notify:${DOCKER_TAG}"
     container_name: ${STUDIO_NOTIFY_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1
 
   onlyoffice-api:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-api:${DOCKER_TAG}"
     container_name: ${API_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_API}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_API}/health/ || exit 1
 
   onlyoffice-api-system:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api-system:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-api-system:${DOCKER_TAG}"
     container_name: ${API_SYSTEM_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1
 
   onlyoffice-studio:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-studio:${DOCKER_TAG}"
     container_name: ${STUDIO_HOST}
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1
 
   onlyoffice-ssoauth:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-ssoauth:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-ssoauth:${DOCKER_TAG}"
     container_name: ${SSOAUTH_HOST}
     expose:
       - ${SERVICE_PORT}
@@ -156,31 +157,32 @@ services:
 
   onlyoffice-doceditor:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-doceditor:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-doceditor:${DOCKER_TAG}"
     container_name: ${DOCEDITOR_HOST}
     expose:
       - "5013"
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_DOCEDITOR}/doceditor/health || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_DOCEDITOR}/doceditor/health || exit 1
 
   onlyoffice-login:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-login:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-login:${DOCKER_TAG}"
     container_name: ${LOGIN_HOST}
     expose:
       - "5011"
     healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_LOGIN}/login/health || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_LOGIN}/login/health || exit 1
 
   onlyoffice-router:
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-router:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-router:${DOCKER_TAG}"
     container_name: ${ROUTER_HOST}
+    user: "${UID}:${GID}"
     restart: always
     healthcheck:
-     <<: *x-healthcheck
-     test: nginx -t || exit 1
+      <<: *x-healthcheck
+      test: nginx -t || exit 1
     expose:
       - "8081"
       - "8099"
@@ -208,6 +210,8 @@ services:
       - SERVICE_NOTIFY=${SERVICE_NOTIFY}
       - SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER}
       - SERVICE_SOCKET=${SERVICE_SOCKET}
+      - SERVICE_IDENTITY_API=${SERVICE_IDENTITY_API}
+      - SERVICE_IDENTITY=${SERVICE_IDENTITY}
       - SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY}
       - SERVICE_API=${SERVICE_API}
       - SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM}

install/docker/ds.yml

@@ -1,6 +1,6 @@
 services:
   onlyoffice-document-server:
-    image: "${DOCUMENT_SERVER_IMAGE_NAME}"
+    image: "${HUB}${DOCUMENT_SERVER_IMAGE_NAME}"
     container_name: ${DOCUMENT_CONTAINER_NAME}
     # Strings below enable the JSON Web Token validation.
     environment:
@@ -16,6 +16,12 @@ services:
     stdin_open: true
     restart: always
     stop_grace_period: 60s
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"]
+      interval: 30s
+      retries: 5
+      start_period: 60s
+      timeout: 10s
 
 networks:
   default:

install/docker/fluent.yml

@@ -1,6 +1,6 @@
 services:
   fluent-bit:
-    image: fluent/fluent-bit:${FLUENT_BIT_VERSION}
+    image: ${HUB}${FLUENT_BIT_IMAGE_NAME}
     container_name: ${FLUENT_BIT_CONTAINER_NAME}
     restart: always
     environment:

install/docker/healthchecks.yml

@@ -13,7 +13,7 @@ x-service:
 services:
   onlyoffice-health-checks-ui:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-healthchecks:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-healthchecks:${DOCKER_TAG}"
     container_name: ${HELTHCHECKS_HOST}
 
 networks:

install/docker/identity.yml

@@ -0,0 +1,79 @@
+x-healthcheck: &x-healthcheck
+  interval: 60s
+  retries: 5
+  start_period: 20s
+  timeout: 10s
+
+x-common-environment: &x-common-environment
+  SPRING_PROFILES_ACTIVE: ${IDENTITY_PROFILE}
+  MYSQL_CONTAINER_NAME: ${MYSQL_CONTAINER_NAME}
+  MYSQL_HOST: ${MYSQL_HOST}
+  MYSQL_DATABASE: ${MYSQL_DATABASE}
+  MYSQL_USER: ${MYSQL_USER}
+  MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+  RABBIT_CONTAINER_NAME: ${RABBIT_CONTAINER_NAME}
+  RABBIT_PROTOCOL: ${RABBIT_PROTOCOL}
+  RABBIT_HOST: ${RABBIT_HOST}
+  RABBIT_USER_NAME: ${RABBIT_USER_NAME}
+  RABBIT_PASSWORD: ${RABBIT_PASSWORD}
+  RABBIT_VIRTUAL_HOST: ${RABBIT_VIRTUAL_HOST}
+  REDIS_HOST: ${REDIS_HOST}
+  REDIS_PORT: ${REDIS_PORT}
+  REDIS_USERNAME: ${REDIS_USER_NAME}
+  REDIS_PASSWORD: ${REDIS_PASSWORD}
+  REDIS_CONTAINER_NAME: ${REDIS_CONTAINER_NAME}
+
+services:
+  onlyoffice-identity-authorization:
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-identity-authorization:${DOCKER_TAG}"
+    container_name: ${IDENTITY_AUTHORIZATION_CONTAINER_NAME}
+    user: "${UID}:${GID}"
+    restart: always
+    ports:
+      - "${IDENTITY_AUTHORIZATION_SERVER_PORT}:${IDENTITY_AUTHORIZATION_SERVER_PORT}"
+    environment:
+      <<: *x-common-environment
+      SERVER_PORT: ${IDENTITY_AUTHORIZATION_SERVER_PORT}
+    healthcheck:
+      <<: *x-healthcheck
+      test: curl --fail ${SERVICE_IDENTITY}/health/ || exit 1
+    volumes:
+      - log_data:/var/log/onlyoffice
+    depends_on:
+      - onlyoffice-identity-migration
+
+  onlyoffice-identity-api:
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-identity-api:${DOCKER_TAG}"
+    container_name: ${IDENTITY_API_CONTAINER_NAME}
+    user: "${UID}:${GID}"
+    restart: always
+    expose:
+      - "${IDENTITY_API_SERVER_PORT}"
+    environment:
+      <<: *x-common-environment
+      SERVER_PORT: ${IDENTITY_API_SERVER_PORT}
+    healthcheck:
+      <<: *x-healthcheck
+      test: curl --fail ${SERVICE_IDENTITY_API}/health/ || exit 1
+    volumes:
+      - log_data:/var/log/onlyoffice
+    depends_on:
+      - onlyoffice-identity-migration
+
+  onlyoffice-identity-migration:
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-identity-migration:${DOCKER_TAG}"
+    container_name: ${IDENTITY_MIGRATION_CONTAINER_NAME}
+    user: "${UID}:${GID}"
+    restart: on-failure
+    expose:
+      - "${IDENTITY_MIGRATION_SERVER_PORT}"
+    environment:
+      <<: *x-common-environment
+
+networks:
+  default:
+    name: ${NETWORK_NAME}
+    external: true
+
+volumes:
+  log_data:

install/docker/migration-runner.yml

@@ -1,8 +1,8 @@
 services:
   onlyoffice-migration-runner:
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-migration-runner:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-migration-runner:${DOCKER_TAG}"
     container_name: ${MIGRATION_RUNNER_HOST}
-    restart: "no"
+    restart: "on-failure"
     environment:
       MYSQL_CONTAINER_NAME: ${MYSQL_CONTAINER_NAME}
       MYSQL_HOST: ${MYSQL_HOST}

install/docker/notify.yml

@@ -43,6 +43,7 @@ x-service:
       REDIS_USER_NAME: ${REDIS_USER_NAME}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
       RABBIT_CONTAINER_NAME: ${RABBIT_CONTAINER_NAME}
+      RABBIT_PROTOCOL: ${RABBIT_PROTOCOL}
       RABBIT_HOST: ${RABBIT_HOST}
       RABBIT_PORT: ${RABBIT_PORT}
       RABBIT_VIRTUAL_HOST: ${RABBIT_VIRTUAL_HOST}
@@ -61,7 +62,7 @@ x-service:
 services:
   onlyoffice-notify:
     <<: *x-service-base
-    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-notify:${DOCKER_TAG}"
+    image: "${HUB}${REPO}/${DOCKER_IMAGE_PREFIX}-notify:${DOCKER_TAG}"
     container_name: ${NOTIFY_HOST}
     healthcheck:
      <<: *x-healthcheck

install/docker/opensearch.yml

@@ -1,6 +1,6 @@
 services:
   onlyoffice-opensearch:
-    image: onlyoffice/opensearch:${ELK_VERSION}
+    image: ${HUB}${ELK_IMAGE_NAME}
     container_name: ${ELK_CONTAINER_NAME}
     restart: always
     environment:
@@ -25,6 +25,12 @@ services:
       - "9600" # required for Performance Analyzer
     ports:
       - 127.0.0.1:9200:9200
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9200/_cluster/health?pretty"]
+      interval: 30s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
   
 networks:
   default:

install/docker/proxy-ssl.yml

@@ -8,7 +8,7 @@ x-healthcheck:
 
 services:
   onlyoffice-proxy:
-    image: nginx
+    image: ${HUB}${PROXY_IMAGE_NAME}
     container_name: ${PROXY_HOST}
     restart: always
     healthcheck:
@@ -20,7 +20,6 @@ services:
       - 443:443/udp
     environment:
       - ROUTER_HOST=${ROUTER_HOST}
-      - EXTERNAL_PORT=${EXTERNAL_PORT}
     volumes:
       - webroot_path:/letsencrypt
       - log_data:/var/log/nginx

install/docker/proxy.yml

@@ -8,7 +8,7 @@ x-healthcheck:
 
 services:
   onlyoffice-proxy:
-    image: nginx
+    image: ${HUB}${PROXY_IMAGE_NAME}
     container_name: ${PROXY_HOST}
     restart: always
     healthcheck:
@@ -18,7 +18,6 @@ services:
       - ${EXTERNAL_PORT}:80
     environment:
       - ROUTER_HOST=${ROUTER_HOST}
-      - EXTERNAL_PORT=${EXTERNAL_PORT}
     volumes:
       - webroot_path:/letsencrypt
       - log_data:/var/log/nginx

install/docker/rabbitmq.yml

@@ -1,11 +1,18 @@
 services:
   onlyoffice-rabbitmq:
-    image: rabbitmq:3
+    image: ${HUB}${RABBITMQ_IMAGE_NAME}
     container_name: ${RABBIT_CONTAINER_NAME}
     restart: always
     expose:
       - "5672"
       - "80"
+    healthcheck:
+      test: ["CMD", "rabbitmq-diagnostics", "status"]
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
+
 networks:
   default:
     name: ${NETWORK_NAME}

install/docker/redis.yml

@@ -1,10 +1,17 @@
 services:
   onlyoffice-redis:
-    image: redis:7
+    image: ${HUB}${REDIS_IMAGE_NAME}
     container_name: ${REDIS_CONTAINER_NAME}
     restart: always
     expose:
       - "6379"
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      retries: 3
+      start_period: 10s
+      timeout: 10s
+
 networks:
   default:
     name: ${NETWORK_NAME}

install/rpm/SPECS/build.spec

@@ -27,7 +27,7 @@ sed 's/teamlab.info/onlyoffice.com/g' -i config/autofac.consumers.json
 sed -e 's_etc/nginx_etc/openresty_g' -e 's/listen\s\+\([0-9]\+\);/listen 127.0.0.1:\1;/g' -i config/nginx/*.conf
 sed -i "s#\$public_root#/var/www/%{product}/public/#g" config/nginx/onlyoffice.conf
 sed -E 's_(http://)[^:]+(:5601)_\1localhost\2_g' -i config/nginx/onlyoffice.conf
-sed -e 's/$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's/proxy_x_forwarded_port/server_port/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i install/docker/config/nginx/onlyoffice-proxy*.conf
+sed -e 's/$router_host/127.0.0.1/g' -e 's/this_host\|proxy_x_forwarded_host/host/g' -e 's/proxy_x_forwarded_proto/scheme/g' -e 's_includes_/etc/openresty/includes_g' -e '/quic\|alt-svc/Id' -i install/docker/config/nginx/onlyoffice-proxy*.conf
 sed -e '/.pid/d' -e '/temp_path/d' -e 's_etc/nginx_etc/openresty_g' -e 's/\.log/-openresty.log/g' -i install/docker/config/nginx/templates/nginx.conf.template
 sed -i "s_\(.*root\).*;_\1 \"/var/www/%{product}\";_g" -i install/docker/config/nginx/letsencrypt.conf
 sed -i "s#\(/var/log/onlyoffice/\)#\1%{product}#" install/docker/config/fluent-bit.conf

install/rpm/SPECS/files.spec

@@ -131,6 +131,24 @@
 /usr/lib/systemd/system/%{product}-ssoauth.service
 %dir %{buildpath}/services/
 
+%files identity-api
+%defattr(-, onlyoffice, onlyoffice, -)
+%{buildpath}/services/ASC.Identity.Registration
+/usr/lib/systemd/system/%{product}-identity-api.service
+%dir %{buildpath}/services/
+
+%files identity-migration
+%defattr(-, onlyoffice, onlyoffice, -)
+%{buildpath}/services/ASC.Identity.Migration
+/usr/lib/systemd/system/%{product}-identity-migration.service
+%dir %{buildpath}/services/
+
+%files identity-authorization
+%defattr(-, onlyoffice, onlyoffice, -)
+%{buildpath}/services/ASC.Identity.Authorization
+/usr/lib/systemd/system/%{product}-identity-authorization.service
+%dir %{buildpath}/services/
+
 %files clear-events
 %defattr(-, onlyoffice, onlyoffice, -)
 %{buildpath}/services/ASC.ClearEvents/

install/rpm/SPECS/install.spec

@@ -8,6 +8,9 @@ mkdir -p "%{buildroot}%{buildpath}/studio/ASC.Web.Api/"
 mkdir -p "%{buildroot}%{buildpath}/services/ASC.Web.HealthChecks.UI/"
 mkdir -p "%{buildroot}%{buildpath}/services/ASC.Studio.Notify/"
 mkdir -p "%{buildroot}%{buildpath}/services/ASC.SsoAuth/"
+mkdir -p "%{buildroot}%{buildpath}/services/ASC.Identity.Authorization/"
+mkdir -p "%{buildroot}%{buildpath}/services/ASC.Identity.Registration/"
+mkdir -p "%{buildroot}%{buildpath}/services/ASC.Identity.Migration/"
 mkdir -p "%{buildroot}%{buildpath}/services/ASC.Socket.IO/"
 mkdir -p "%{buildroot}%{buildpath}/services/ASC.Notify/"
 mkdir -p "%{buildroot}%{buildpath}/services/ASC.Migration.Runner/"
@@ -52,6 +55,9 @@ cp -rf %{_builddir}/server/publish/services/ASC.Web.HealthChecks.UI/service/* "%
 cp -rf %{_builddir}/server/publish/services/ASC.Web.Api/service/* "%{buildroot}%{buildpath}/studio/ASC.Web.Api/"
 cp -rf %{_builddir}/server/publish/services/ASC.Studio.Notify/service/* "%{buildroot}%{buildpath}/services/ASC.Studio.Notify/"
 cp -rf %{_builddir}/server/publish/services/ASC.SsoAuth/service/* "%{buildroot}%{buildpath}/services/ASC.SsoAuth/"
+cp -rf %{_builddir}/server/publish/services/ASC.Identity.Authorization/service/* "%{buildroot}%{buildpath}/services/ASC.Identity.Authorization/"
+cp -rf %{_builddir}/server/publish/services/ASC.Identity.Registration/service/* "%{buildroot}%{buildpath}/services/ASC.Identity.Registration/"
+cp -rf %{_builddir}/server/publish/services/ASC.Identity.Migration/service/* "%{buildroot}%{buildpath}/services/ASC.Identity.Migration/"
 cp -rf %{_builddir}/server/publish/services/ASC.Socket.IO/service/* "%{buildroot}%{buildpath}/services/ASC.Socket.IO/"
 cp -rf %{_builddir}/server/publish/services/ASC.Notify/service/* "%{buildroot}%{buildpath}/services/ASC.Notify/"
 cp -rf %{_builddir}/server/publish/services/ASC.Files.Service/service/* "%{buildroot}%{buildpath}/products/ASC.Files/service/"

install/rpm/SPECS/package.spec

@@ -157,6 +157,36 @@ The service responsible for enabling and configuring
 SAML-based single sign-on (SSO) authentication to provide a more quick, 
 easy and secure way to access DocSpace for users
 
+%package        identity-migration
+Packager:       %{packager}
+Summary:        Identity-Migration
+Group:          Applications/Internet
+Requires:       %name-common  = %version-%release
+Requires:       java > 21
+AutoReqProv:    no
+BuildArch:      noarch
+%description    identity-migration
+
+%package        identity-authorization
+Packager:       %{packager}
+Summary:        Identity-Authorization
+Group:          Applications/Internet
+Requires:       %name-common  = %version-%release
+Requires:       java > 21
+AutoReqProv:    no
+BuildArch:      noarch
+%description    identity-authorization
+
+%package        identity-api
+Packager:       %{packager}
+Summary:        Identity-Api
+Group:          Applications/Internet
+Requires:       %name-common  = %version-%release
+Requires:       java > 21
+AutoReqProv:    no
+BuildArch:      noarch
+%description    identity-api
+
 %package        clear-events
 Packager:       %{packager}
 Summary:        Clear-events

install/rpm/SPECS/product.spec

@@ -51,6 +51,9 @@ Requires:       %name-proxy = %version-%release
 Requires:       %name-radicale = %version-%release
 Requires:       %name-socket = %version-%release
 Requires:       %name-ssoauth = %version-%release
+Requires:       %name-identity-migration = %version-%release
+Requires:       %name-identity-authorization = %version-%release
+Requires:       %name-identity-api = %version-%release
 Requires:       %name-studio = %version-%release
 Requires:       %name-studio-notify = %version-%release
 Requires:       openssl

run/IdentityApi.xml

@@ -0,0 +1,12 @@
+<service>
+  <id>OnlyofficeIdentityApi</id>
+  <name>ONLYOFFICE IdentityApi</name>
+  <startmode>manual</startmode>
+  <executable>java</executable>
+  <env name="LOG_FILE_PATH" value="../../Logs/identity-api.log"/>
+  <env name="SPRING_PROFILES_ACTIVE" value=""/>
+  <arguments>-jar ../../server/common/ASC.Identity/registration/registration-container/target/registration-container-1.0.0.jar</arguments>
+  <log mode="none"/>
+  <delayedAutoStart>true</delayedAutoStart>
+  <onfailure action="restart" delay="5 sec" />
+</service>

run/IdentityMigration.xml

@@ -0,0 +1,12 @@
+<service>
+  <id>OnlyofficeIdentityMigration</id>
+  <name>ONLYOFFICE IdentityMigration</name>
+  <startmode>manual</startmode>
+  <executable>java</executable>
+  <env name="LOG_FILE_PATH" value="../../Logs/identity-migration.log"/>
+  <env name="SPRING_PROFILES_ACTIVE" value="dev"/>
+  <arguments>-jar ../../server/common/ASC.Identity/infrastructure/infrastructure-migration-runner/target/infrastructure-migration-runner-1.0.0.jar</arguments>
+  <log mode="none"/>
+  <delayedAutoStart>true</delayedAutoStart>
+  <onfailure action="restart" delay="5 sec" />
+</service>

run/IdentityService.xml

@@ -0,0 +1,13 @@
+<service>
+  <id>OnlyofficeIdentityService</id>
+  <name>ONLYOFFICE IdentityService</name>
+  <startmode>manual</startmode>
+  <executable>java</executable>
+  <env name="LOG_FILE_PATH" value="../../Logs/identity-authorization.log"/>
+  <env name="SERVER_PORT" value="8080"/>
+  <env name="SPRING_PROFILES_ACTIVE" value=""/>
+  <arguments>-jar ../../server/common/ASC.Identity/authorization/authorization-container/target/authorization-container-1.0.0.jar</arguments>
+  <log mode="none"/>
+  <delayedAutoStart>true</delayedAutoStart>
+  <onfailure action="restart" delay="5 sec" />
+</service>

runMigrations.standalone.bat

@@ -5,6 +5,6 @@ cd /D "%~dp0"
 call start\stop.bat nopause
 dotnet build ..\server\asc.web.slnf
 dotnet build ..\server\ASC.Migrations.sln
-PUSHD %~dp0..\server\common\Tools\ASC.Migration.Runner\bin\Debug\net7.0
+PUSHD %~dp0..\server\common\Tools\ASC.Migration.Runner\bin\Debug\
 dotnet ASC.Migration.Runner.dll standalone=true
 pause

scripts/identity.bat

@@ -0,0 +1,28 @@
+PUSHD %~dp0..
+
+cd %~dp0../../server/common/ASC.Identity/
+
+echo Start build ASC.Identity project...
+echo.
+
+echo ASC.Identity: resolves all project dependencies...
+echo.
+
+call mvn dependency:go-offline -q
+
+if %errorlevel% == 0 (
+
+echo ASC.Identity: take the compiled code and package it in its distributable format, such as a JAR...
+call mvn package -DskipTests -q
+
+)
+
+if %errorlevel% == 0 (
+
+echo ASC.Identity: build completed
+echo.
+
+)
+
+
+POPD