Merge branch 'develop' into feature/redesign-management

Add rootless mode (#299 )
Add optional user to router
2024-08-13 23:44:56 +03:00 · 2024-08-12 17:15:39 +03:00 · 2024-08-11 16:30:25 +03:00 · 2024-08-10 17:27:34 +03:00 · 2024-08-09 16:33:24 +04:00 · 2024-08-09 16:33:11 +04:00
24 changed files with 557 additions and 272 deletions
--- a/.github/workflows/ci-oci-install.yml
+++ b/.github/workflows/ci-oci-install.yml
@ -5,9 +5,10 @@ on:
    types: [opened, reopened, synchronize]
    paths:
      - '.github/workflows/ci-oci-install.yml'
-      - 'install/OneClickInstall/**'
-      - '!install/OneClickInstall/install-Docker.sh'
-      - '!install/OneClickInstall/docspace-install.sh'
+      - 'install/OneClickInstall/install-Debian/**'
+      - 'install/OneClickInstall/install-RedHat/**'
+      - 'install/OneClickInstall/install-Debian.sh'
+      - 'install/OneClickInstall/install-RedHat.sh'

  schedule:
    - cron: '00 20 * * 6'  # At 23:00 on Saturday.
@ -57,6 +58,19 @@ jobs:
    outputs:
      matrix: ${{ steps.set-matrix.outputs.matrix }}
    steps:
+      - name: Checkout code
+        if: github.event_name == 'pull_request'
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Determine affected distributions
+        id: determine-distros
+        if: github.event_name == 'pull_request'
+        run: |
+          CHANGED_FILES=$(git diff --name-only ${{ github.event.pull_request.base.sha }} ${{ github.sha }})
+          echo "debian_changed=$(echo "$CHANGED_FILES" | grep -q 'install-Debian' && echo true || echo false)" >> $GITHUB_ENV
+          echo "redhat_changed=$(echo "$CHANGED_FILES" | grep -q 'install-RedHat' && echo true || echo false)" >> $GITHUB_ENV 

      - name: Set matrix names
        id: set-matrix
@ -69,11 +83,20 @@ jobs:
              {"execute": '${{ github.event.inputs.debian12 || true }}', "name": "Debian12", "os": "debian12", "distr": "generic"},
              {"execute": '${{ github.event.inputs.ubuntu2004 || true }}', "name": "Ubuntu20.04", "os": "ubuntu2004", "distr": "generic"},
              {"execute": '${{ github.event.inputs.ubuntu2204 || true }}', "name": "Ubuntu22.04", "os": "ubuntu2204", "distr": "generic"},
-              {"execute": '${{ github.event.inputs.ubuntu2204 || true }}', "name": "Ubuntu24.04", "os": "ubuntu-24.04", "distr": "bento"},            
+              {"execute": '${{ github.event.inputs.ubuntu2404 || true }}', "name": "Ubuntu24.04", "os": "ubuntu-24.04", "distr": "bento"},
              {"execute": '${{ github.event.inputs.fedora39 || true }}', "name": "Fedora39", "os": "39-cloud-base", "distr": "fedora"},
              {"execute": '${{ github.event.inputs.fedora40 || true }}', "name": "Fedora40", "os": "fedora-40", "distr": "bento"}
            ]
-          }' | jq -c '{include: [.include[] | select(.execute == true)]}')
+          }' | jq -c '.include')
+
+          matrix=$(jq -c --arg REDHAT_CHANGED "${{ env.redhat_changed }}" --arg DEBIAN_CHANGED "${{ env.debian_changed }}" '
+            { include: [.[] | select(
+                ($REDHAT_CHANGED == "true" and $DEBIAN_CHANGED == "true" and .execute == true) or
+                ($REDHAT_CHANGED == "true" and (.name | test("CentOS|Fedora"))) or
+                ($DEBIAN_CHANGED == "true" and (.name | test("Debian|Ubuntu"))) or
+                ($REDHAT_CHANGED == "false" and $DEBIAN_CHANGED == "false" and .execute == true))]
+            }' <<< "$matrix")
+
          echo "matrix=${matrix}" >> $GITHUB_OUTPUT

  vagrant-up:
--- a/build.backend.docker.py
+++ b/build.backend.docker.py
@ -11,13 +11,14 @@ def help():
    # Display Help
    print("Build and run backend and working environment. (Use 'yarn start' to run client -> https://github.com/ONLYOFFICE/DocSpace-client)")
    print()
-    print("Syntax: available params [-h|f|s|c|d|]")
+    print("Syntax: available params [-h|f|s|c|d|i")
    print("options:")
    print("h     Print this Help.")
    print("f     Force rebuild base images.")
    print("s     Run as SAAS otherwise as STANDALONE.")
    print("c     Run as COMMUNITY otherwise ENTERPRISE.")
    print("d     Run dnsmasq.")
+    print("i     Run identity (oauth2).")
    print()


@ -37,6 +38,8 @@ if local_ip == "127.0.0.1":
 doceditor = f"{local_ip}:5013"
 login = f"{local_ip}:5011"
 client = f"{local_ip}:5001"
+identity_auth = f"{local_ip}:8080"
+identity_api = f"{local_ip}:9090"
 management = f"{local_ip}:5015"
 portal_url = f"http://{local_ip}"

@ -44,13 +47,14 @@ force = False
 dns = False
 standalone = True
 community = False
+identity = False

 migration_type = "STANDALONE" # SAAS
 installation_type = "ENTERPRISE"
 document_server_image_name = "onlyoffice/documentserver-de:latest"

 # Get the options
-opts, args = getopt.getopt(sys.argv[1:], "hfscd")
+opts, args = getopt.getopt(sys.argv[1:], "hfscdi")
 for opt, arg in opts:
    if opt == "-h":
        help()
@ -63,6 +67,8 @@ for opt, arg in opts:
        community = arg if arg else True
    elif opt == "-d":
        dns = arg if arg else True
+    elif opt == "-i":
+        identity = arg if arg else True
    else:
        print("Error: Invalid '-" + opt + "' option")
        sys.exit()
@ -80,6 +86,7 @@ print(f"DOCSPACE_APP_URL: {portal_url}")
 print()
 print("FORCE REBUILD BASE IMAGES:", force)
 print("Run dnsmasq:", dns)
+print("Run identity:", identity)

 if standalone == False:
    migration_type = "SAAS"
@ -182,6 +189,8 @@ os.environ["SERVICE_DOCEDITOR"] = doceditor
 os.environ["SERVICE_LOGIN"] = login
 os.environ["SERVICE_MANAGEMENT"] = management
 os.environ["SERVICE_CLIENT"] = client
+os.environ["SERVICE_IDENTITY"] = identity_auth
+os.environ["SERVICE_IDENTITY_API"] = identity_api
 os.environ["ROOT_DIR"] = dir
 os.environ["BUILD_PATH"] = "/var/www"
 os.environ["SRC_PATH"] = os.path.join(dir, "publish/services")
@ -191,6 +200,10 @@ os.environ["MIGRATION_TYPE"] = migration_type
 subprocess.run(["docker", "compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join(
    dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"])

+if identity:
+    print("Run identity")
+    subprocess.run(["docker-compose", "-f",os.path.join(dockerDir, "identity.yml"), "up", "-d" ])
+
 print()
 print("Run script directory:", dir)
 print("Root directory:", dir)
--- a/build.backend.dotnet.bat
+++ b/build.backend.dotnet.bat
@ -0,0 +1,26 @@
+@echo off
+
+echo Start build backend...
+echo.
+
+cd /D "%~dp0"
+call runasadmin.bat "%~dpnx0"
+
+if %errorlevel% == 0 (
+call start\stop.bat nopause
+dotnet build ..\server\asc.web.slnf  /fl1 /flp1:logfile=asc.web.log;verbosity=normal
+echo.
+)
+
+if %errorlevel% == 0 (
+call start\start.bat nopause
+)
+
+echo.
+
+if "%1"=="nopause" goto end
+pause
+
+
+
+:end
--- a/clear.backend.docker.py
+++ b/clear.backend.docker.py
@ -31,6 +31,10 @@ if containers or images:
    db_command = f"docker compose -f {os.path.join(docker_dir, 'db.yml')} down --volumes"
    subprocess.run(db_command, shell=True)

+    print("Remove docker contatiners 'Identity'")
+    identity_command = f"docker compose -f {os.path.join(docker_dir, 'identity.yml')} down --volumes"
+    subprocess.run(identity_command, shell=True)
+
    print("Remove docker volumes")
    volumes_command = f"docker volume prune -fa"
    subprocess.run(volumes_command, shell=True)
--- a/config/appsettings.json
+++ b/config/appsettings.json
@ -38,7 +38,10 @@
    },
    "themelimit": "9",
    "oidc": {
-      "authority": ""
+      "authority": "",
+      "disableValidateToken": "true",
+      "requireHttps": "false",
+      "showPII": "true"
    },
    "server-root": "",
    "username": {
@ -123,7 +126,7 @@
    "api-system": "",
    "api-cache": "",
    "images": "static/images",
-    "hide-settings": "Monitoring,LdapSettings,DocService,MailService,PublicPortal,ProxyHttpContent,SpamSubscription,FullTextSearch",
+    "hide-settings": "Monitoring,LdapSettings,DocService,MailService,PublicPortal,ProxyHttpContent,SpamSubscription,FullTextSearch,IdentityServer",
    "hub": {
      "url": "/socket.io",
      "internal": "http://localhost:9899/"
--- a/config/dnsmasq.conf
+++ b/config/dnsmasq.conf
@ -9,6 +9,6 @@ server=8.8.4.4
 server=8.8.8.8
 strict-order
 #serve all .company queries using a specific nameserver
-server=/site/127.0.0.1
+server=/site/192.168.0.18
 #explicitly define host-ip mappings
-address=/docspace.site/127.0.0.1
+address=/docspace.site/192.168.0.18
--- a/config/nginx/includes/server-dashboards.conf
+++ b/config/nginx/includes/server-dashboards.conf
@ -0,0 +1,12 @@
+location ^~ /dashboards/ {
+    auth_basic "Restricted Access";
+    auth_basic_user_file /etc/nginx/.htpasswd_dashboards;
+    
+    rewrite ^/dashboards(/.*)$ $1 break;
+    proxy_pass http://127.0.0.1:5601;
+    proxy_redirect off;
+    proxy_buffering off;
+
+    proxy_set_header Connection "Keep-Alive";
+    proxy_set_header Proxy-Connection "Keep-Alive";
+}
--- a/config/nginx/onlyoffice.conf
+++ b/config/nginx/onlyoffice.conf
@ -54,6 +54,13 @@ map $request_uri $content_security_policy {
        ~*\/(ds-vpath)\/ "default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; img-src * data:; style-src * 'unsafe-inline' data:; font-src * data:; frame-src * ascdesktop:; object-src; connect-src * ascdesktop:;";
 }

+map $request_time $request_time_ms {
+    ~^0\.000$ 0;
+    ~^0\.(?:0*)([^0].*)$ $1;
+    ~^([^0][^.]*)\.(.*)$ $1$2;
+}
+
+
 include /etc/nginx/includes/onlyoffice-*.conf;

 server_names_hash_bucket_size 128;
@ -158,18 +165,7 @@ server {
 		
 	}
 	
-	location ^~ /dashboards/ {
-		auth_basic "Restricted Access";
-		auth_basic_user_file /etc/nginx/.htpasswd_dashboards;
-		
-		rewrite ^/dashboards(/.*)$ $1 break;
-		proxy_pass http://127.0.0.1:5601;
-		proxy_redirect off;
-		proxy_buffering off;
-
-		proxy_set_header Connection "Keep-Alive";
-		proxy_set_header Proxy-Connection "Keep-Alive";
-	}
+	include /etc/nginx/includes/server-*.conf;

 	location / {
 		proxy_pass http://127.0.0.1:5001;
@ -239,19 +235,9 @@ server {
 		proxy_pass http://127.0.0.1:5015;
 		proxy_redirect off;

-		location ~* /static/favicon.ico {
-			try_files /$basename /index.html =404;
-		}
-
-		location ~* /static/images/(.*)$ {
+		location ~* /_next/public/images/(.*)$ {
 			try_files /images/$1 /index.html =404;
 		}
-
-		location ~* /static/fonts/(?<content>[^/]+) {
-			try_files /fonts/$content/$basename /index.html =404;
-		}
-		
-		rewrite management/(.*) /$1  break;
 	}

 	location ~* /static/fonts/(?<content>[^/]+) {
@ -288,6 +274,9 @@ server {
 	}
 	
 	location /api/2.0 {
+        add_header Trailer Server-Timing;
+        add_header Server-Timing "proxy-request-time;dur=${request_time_ms}";
+		
 		location ~* /(files|privacyroom) {
 			 proxy_pass http://127.0.0.1:5007;
 		}
@ -323,8 +312,27 @@ server {
        location ~* /migration {
 			 proxy_pass http://127.0.0.1:5034;
 		}
+
+		location ~* /(clients|scopes) {
+			 proxy_pass http://127.0.0.1:9090;
+		}
+
+		location ~* /oauth2 {
+			rewrite api/2.0/(.*) /$1  break;
+			proxy_redirect off;
+			proxy_pass http://127.0.0.1:8080;
+		}
    }
 	
+	location /oauth2/.well-known/openid-configuration {
+		rewrite oauth2/(.*) /$1  break;
+		proxy_pass http://127.0.0.1:8080;
+	}
+
+	location /oauth2 {
+		proxy_pass http://127.0.0.1:8080;
+	}
+
 	location /sso {
 		rewrite sso/(.*) /$1  break;
 		proxy_pass http://127.0.0.1:9834;
--- a/install/OneClickInstall/install-RedHat/install-preq.sh
+++ b/install/OneClickInstall/install-RedHat/install-preq.sh
@ -39,7 +39,7 @@ yum localinstall -y --nogpgcheck https://download1.rpmfusion.org/free/$RPMFUSION

 [ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1 && ${package_manager} -y install xorg-x11-font-utils
 [ "$DIST" = "centos" ] && TESTING_REPO="--enablerepo=$( [ "$REV" = "9" ] && echo "crb" || echo "powertools" )"
-[ "$DIST" = "redhat" ] && /usr/bin/crb enable
+[ "$DIST" = "redhat" ] && { /usr/bin/crb enable && yum repolist enabled | grep -qi -e crb -e codeready || echo "Failed to enable or verify CRB repository."; exit 1; }

 #add rabbitmq & erlang repo
 curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | bash
--- a/install/OneClickInstall/install-RedHat/tools.sh
+++ b/install/OneClickInstall/install-RedHat/tools.sh
@ -71,8 +71,9 @@ read_unsupported_installation () {
 	esac
 }

-DIST=$(rpm -q --queryformat '%{NAME}' centos-release redhat-release fedora-release | awk -F'[- ]|package' '{print tolower($1)}' | tr -cd '[:alpha:]')
-[ -z $DIST ] && DIST=$(cat /etc/redhat-release | awk -F 'Linux|release| ' '{print tolower($1)}')
+DIST=$(rpm -qa --queryformat '%{NAME}\n' | grep -E 'centos-release|redhat-release|fedora-release' | awk -F '-' '{print $1}' | head -n 1)
+DIST=${DIST:-$(awk -F= '/^ID=/ {gsub(/"/, "", $2); print tolower($2)}' /etc/os-release)}; 
+[[ "$DIST" =~ ^(centos|redhat|fedora)$ ]] || DIST="centos"
 REV=$(sed -n 's/.*release\ \([0-9]*\).*/\1/p' /etc/redhat-release)
 REV=${REV:-"7"}

--- a/install/docker/.env
+++ b/install/docker/.env
@ -13,7 +13,8 @@
    DOCKERFILE=Dockerfile.app
    APP_DOTNET_ENV=""
    EXTERNAL_PORT="80"
-
+    UID="root"
+    GID="root" 
 # opensearch stack #
    ELK_VERSION=2.11.1
    ELK_CONTAINER_NAME=${CONTAINER_PREFIX}opensearch
@ -101,6 +102,24 @@
    MANAGEMENT_HOST={CONTAINER_PREFIX}management
    HELTHCHECKS_HOST=${CONTAINER_PREFIX}healthchecks

+# identity #
+    IDENTITY_DOCKERFILE=/Dockerfile
+
+    JDBC_USER_NAME=root
+    JDBC_PASSWORD=${MYSQL_ROOT_PASSWORD}
+    JDBC_URL=${MYSQL_CONTAINER_NAME}
+    JDBC_DATABASE=${MYSQL_DATABASE}
+
+    IDENTITY_PROFILE="dev"
+    
+    IDENTITY_MIGRATION_CONTAINER_NAME=${CONTAINER_PREFIX}identity_migration
+    IDENTITY_MIGRATION_SERVER_PORT=8081
+    IDENTITY_AUTHORIZATION_CONTAINER_NAME=${CONTAINER_PREFIX}identity-authorization
+    IDENTITY_AUTHORIZATION_SERVER_PORT=8080
+    IDENTITY_API_CONTAINER_NAME=${CONTAINER_PREFIX}identity-api
+    IDENTITY_API_SERVER_PORT=9090
+
+    REDIS_ADDRESSES=redis://onlyoffice-redis:6379
 # router upstream environment #
    SERVICE_API_SYSTEM=${API_SYSTEM_HOST}:${SERVICE_PORT}
    SERVICE_BACKUP=${BACKUP_HOST}:${SERVICE_PORT}
@ -121,6 +140,8 @@
    SERVICE_LOGIN=${LOGIN_HOST}:5011
    SERVICE_MANAGEMENT={MANAGEMENT_HOST}:${SERVICE_PORT}
    SERVICE_HELTHCHECKS=${HELTHCHECKS_HOST}:${SERVICE_PORT}
+    SERVICE_IDENTITY_API=${IDENTITY_API_CONTAINER_NAME}:${IDENTITY_API_SERVER_PORT}
+    SERVICE_IDENTITY=${IDENTITY_AUTHORIZATION_CONTAINER_NAME}:${IDENTITY_AUTHORIZATION_SERVER_PORT}

    NETWORK_NAME=${PRODUCT}

--- a/install/docker/Dockerfile
+++ b/install/docker/Dockerfile
@ -28,7 +28,7 @@ ARG PRODUCT_VERSION=0.0.0
 ARG BUILD_NUMBER=0

 LABEL onlyoffice.appserver.release-date="${RELEASE_DATE}" \
-      maintainer="Ascensio System SIA <support@onlyoffice.com>"
+    maintainer="Ascensio System SIA <support@onlyoffice.com>"

 ENV LANG=en_US.UTF-8 \
    LANGUAGE=en_US:en \
@ -40,10 +40,10 @@ COPY . .

 RUN apt-get -y update && \
    apt-get install -yq \
-        sudo \
-        locales \
-        git \
-        npm  && \
+    sudo \
+    locales \
+    git \
+    npm  && \
    locale-gen en_US.UTF-8 && \
    npm install --global yarn && \
    echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
@ -98,11 +98,11 @@ RUN mkdir -p /var/log/onlyoffice && \
    chown onlyoffice:onlyoffice /var/www -R && \
    apt-get -y update && \
    apt-get install -yq \
-        python3-pip \
-        nano \
-        curl \
-        vim \
-        libgdiplus && \
+    python3-pip \
+    nano \
+    curl \
+    vim \
+    libgdiplus && \
    pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces && \
    rm -rf /var/lib/apt/lists/*

@ -127,10 +127,10 @@ RUN mkdir -p /var/log/onlyoffice && \
    chown onlyoffice:onlyoffice /var/www -R && \
    apt-get -y update && \
    apt-get install -yq \ 
-            nano \
-            curl \
-            vim \
-            python3-pip && \
+    nano \
+    curl \
+    vim \
+    python3-pip && \
    pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
    rm -rf /var/lib/apt/lists/*

@ -176,6 +176,8 @@ RUN chown nginx:nginx /etc/nginx/* -R && \
    sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
    if [[ -z "${SERVICE_CLIENT}" ]] ; then sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
    if [[ -z "${SERVICE_MANAGEMENT}" ]] ; then sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
    sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \
--- a/install/docker/Dockerfile.app
+++ b/install/docker/Dockerfile.app
@ -17,7 +17,7 @@ ARG DEBUG_INFO="true"
 ARG PUBLISH_CNF="Release"

 LABEL onlyoffice.appserver.release-date="${RELEASE_DATE}" \
-      maintainer="Ascensio System SIA <support@onlyoffice.com>"
+    maintainer="Ascensio System SIA <support@onlyoffice.com>"

 ENV LANG=en_US.UTF-8 \
    LANGUAGE=en_US:en \
@ -25,11 +25,11 @@ ENV LANG=en_US.UTF-8 \

 RUN apt-get -y update && \
    apt-get install -yq \
-        sudo \
-        locales \
-        git \
-        python3-pip \
-        npm  && \
+    sudo \
+    locales \
+    git \
+    python3-pip \
+    npm  && \
    locale-gen en_US.UTF-8 && \
    npm install --global yarn && \
    echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
@ -52,7 +52,7 @@ RUN cd ${SRC_PATH} && \
    cd ${SRC_PATH} && \
    cp buildtools/config/*.config /app/onlyoffice/config/ && \
    mkdir -p /etc/nginx/conf.d && cp -f buildtools/config/nginx/onlyoffice*.conf /etc/nginx/conf.d/ && \
-    mkdir -p /etc/nginx/includes/ && cp -f buildtools/config/nginx/includes/onlyoffice*.conf /etc/nginx/includes/ && \
+    mkdir -p /etc/nginx/includes/ && cp -f buildtools/config/nginx/includes/onlyoffice*.conf /etc/nginx/includes/ && cp -f buildtools/config/nginx/includes/server-*.conf /etc/nginx/includes/ && \
    sed -i "s/\"number\".*,/\"number\": \"${PRODUCT_VERSION}.${BUILD_NUMBER}\",/g" /app/onlyoffice/config/appsettings.json && \
    sed -e 's/#//' -i /etc/nginx/conf.d/onlyoffice.conf && \
    cd ${SRC_PATH}/buildtools/install/common/ && \
@ -67,7 +67,7 @@ RUN cd ${SRC_PATH} && \
    rm -rf ${SRC_PATH}/server/products/ASC.Files/Service/* && \
    rm -rf ${SRC_PATH}/server/products/ASC.People/Server/* 

-COPY config/mysql/conf.d/mysql.cnf /etc/mysql/conf.d/mysql.cnf
+COPY --chown=onlyoffice:onlyoffice config/mysql/conf.d/mysql.cnf /etc/mysql/conf.d/mysql.cnf

 FROM $DOTNET_RUN as dotnetrun
 ARG BUILD_PATH
@ -85,18 +85,18 @@ RUN mkdir -p /var/log/onlyoffice && \
    chown onlyoffice:onlyoffice /var/www -R && \
    apt-get -y update && \
    apt-get install -yq \
-        sudo \
-        nano \
-        curl \
-        vim \
-        python3-pip \
-        libgdiplus && \
+    sudo \
+    nano \
+    curl \
+    vim \
+    python3-pip \
+    libgdiplus && \
    pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
    rm -rf /var/lib/apt/lists/*

 COPY --from=base --chown=onlyoffice:onlyoffice /app/onlyoffice/config/* /app/onlyoffice/config/

-#USER onlyoffice
+USER onlyoffice
 EXPOSE 5050
 ENTRYPOINT ["python3", "docker-entrypoint.py"]

@ -115,16 +115,16 @@ RUN mkdir -p /var/log/onlyoffice && \
    chown onlyoffice:onlyoffice /var/www -R && \
    apt-get -y update && \
    apt-get install -yq \ 
-        sudo \
-        nano \
-        curl \
-        vim \
-        python3-pip && \
-        pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
+    sudo \
+    nano \
+    curl \
+    vim \
+    python3-pip && \
+    pip3 install --upgrade --break-system-packages jsonpath-ng multipledispatch netaddr netifaces && \
    rm -rf /var/lib/apt/lists/*

 COPY --from=base --chown=onlyoffice:onlyoffice /app/onlyoffice/config/* /app/onlyoffice/config/
-
+USER onlyoffice
 EXPOSE 5050
 ENTRYPOINT ["python3", "docker-entrypoint.py"]

@ -139,25 +139,32 @@ ENV DNS_NAMESERVER=127.0.0.11 \

 RUN apt-get -y update && \
    apt-get install -yq vim && \
+    mkdir -p /var/log/nginx/ && \
    addgroup --system --gid 107 onlyoffice && \
    adduser -uid 104 --quiet --home /var/www/onlyoffice --system --gid 107 onlyoffice && \
    rm -rf /var/lib/apt/lists/* && \
-    rm -rf /usr/share/nginx/html/* 
+    rm -rf /usr/share/nginx/html/* && \
+    chown -R onlyoffice:onlyoffice /etc/nginx/ && \
+    chown -R onlyoffice:onlyoffice /var/ && \
+    chown -R onlyoffice:onlyoffice /usr/ && \
+    chown -R onlyoffice:onlyoffice /run/ && \
+    chown -R onlyoffice:onlyoffice /var/log/nginx/

 # copy static services files and config values 
-COPY --from=base /etc/nginx/conf.d /etc/nginx/conf.d
-COPY --from=base /etc/nginx/includes /etc/nginx/includes
-COPY --from=base ${SRC_PATH}/publish/web/client ${BUILD_PATH}/client
-COPY --from=base ${SRC_PATH}/publish/web/public ${BUILD_PATH}/public
-COPY --from=base ${SRC_PATH}/campaigns/src/campaigns ${BUILD_PATH}/public/campaigns
-COPY --from=base ${SRC_PATH}/publish/web/management ${BUILD_PATH}/management
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/config/nginx/docker-entrypoint.d /docker-entrypoint.d
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/upstream.conf.template /etc/nginx/templates/upstream.conf.template
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/nginx.conf.template /etc/nginx/nginx.conf.template
-COPY --from=base ${SRC_PATH}/buildtools/config/nginx/html /etc/nginx/html
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/prepare-nginx-router.sh /docker-entrypoint.d/prepare-nginx-router.sh
-COPY --from=base ${SRC_PATH}/buildtools/install/docker/config/nginx/docker-entrypoint.sh /docker-entrypoint.sh
+COPY --from=base --chown=onlyoffice:onlyoffice /etc/nginx/conf.d /etc/nginx/conf.d
+COPY --from=base --chown=onlyoffice:onlyoffice /etc/nginx/includes /etc/nginx/includes
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/publish/web/client ${BUILD_PATH}/client
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/publish/web/public ${BUILD_PATH}/public
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/campaigns/src/campaigns ${BUILD_PATH}/public/campaigns
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/publish/web/management ${BUILD_PATH}/management
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/config/nginx/docker-entrypoint.d /docker-entrypoint.d
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/upstream.conf.template /etc/nginx/templates/upstream.conf.template
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/config/nginx/templates/nginx.conf.template /etc/nginx/nginx.conf.template
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/config/nginx/html /etc/nginx/html
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/prepare-nginx-router.sh /docker-entrypoint.d/prepare-nginx-router.sh
+COPY --from=base --chown=onlyoffice:onlyoffice ${SRC_PATH}/buildtools/install/docker/config/nginx/docker-entrypoint.sh /docker-entrypoint.sh

+USER onlyoffice

 # changes for upstream configure
 RUN sed -i 's/127.0.0.1:5010/$service_api_system/' /etc/nginx/conf.d/onlyoffice.conf && \
@ -170,10 +177,12 @@ RUN sed -i 's/127.0.0.1:5010/$service_api_system/' /etc/nginx/conf.d/onlyoffice.
    sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
    if [[ -z "${SERVICE_CLIENT}" ]] ; then sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
    if [[ -z "${SERVICE_MANAGEMENT}" ]] ; then sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf; fi && \
    sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \
-    sed -i 's/127.0.0.1:5601/$dashboards_host:5601/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:5601/$dashboards_host:5601/' /etc/nginx/includes/server-dashboards.conf && \
    sed -i 's/$public_root/\/var\/www\/public\//' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/http:\/\/172.*/$document_server;/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i '/client_body_temp_path/ i \ \ \ \ $MAP_HASH_BUCKET_SIZE' /etc/nginx/nginx.conf.template && \
@ -251,14 +260,14 @@ CMD ["ASC.Files.dll", "ASC.Files"]
 FROM dotnetrun AS files_services
 ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64
 WORKDIR ${BUILD_PATH}/products/ASC.Files/service/
-
+USER root
 RUN  echo "deb http://security.ubuntu.com/ubuntu focal-security main" | tee /etc/apt/sources.list && \
-     apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \
-     apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \
-     apt-get -y update && \
-     apt-get install -yq libssl1.1 && \
-     rm -rf /var/lib/apt/lists/*
-
+    apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \
+    apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \
+    apt-get -y update && \
+    apt-get install -yq libssl1.1 && \
+    rm -rf /var/lib/apt/lists/*
+USER onlyoffice
 COPY --chown=onlyoffice:onlyoffice docker-entrypoint.py ./docker-entrypoint.py
 COPY --from=base --chown=onlyoffice:onlyoffice ${BUILD_PATH}/services/ASC.Files.Service/service/ .
 COPY --from=onlyoffice/ffvideo:6.0 --chown=onlyoffice:onlyoffice /usr/local /usr/local/
@ -344,6 +353,9 @@ ARG BUILD_PATH
 ARG SRC_PATH 
 ENV BUILD_PATH=${BUILD_PATH}
 ENV SRC_PATH=${SRC_PATH}
+RUN addgroup --system --gid 107 onlyoffice && \
+    adduser -uid 104 --quiet --home /var/www/onlyoffice --system --gid 107 onlyoffice
+USER onlyoffice
 WORKDIR ${BUILD_PATH}/services/ASC.Migration.Runner/
 COPY  ./docker-migration-entrypoint.sh ./docker-migration-entrypoint.sh
 COPY --from=base ${SRC_PATH}/server/ASC.Migration.Runner/service/ .
@ -356,15 +368,17 @@ RUN mkdir -p /app/ASC.Files/server && \
    mkdir -p /app/ASC.People/server && \
    addgroup --system --gid 107 onlyoffice && \
    adduser -u 104 onlyoffice --home /var/www/onlyoffice --system -G onlyoffice
-
-COPY bin-share-docker-entrypoint.sh /app/docker-entrypoint.sh
-COPY --from=base /var/www/products/ASC.Files/server/ /app/ASC.Files/server/
-COPY --from=base /var/www/products/ASC.People/server/ /app/ASC.People/server/
+USER onlyoffice
+COPY --chown=onlyoffice:onlyoffice bin-share-docker-entrypoint.sh /app/docker-entrypoint.sh
+COPY --from=base --chown=onlyoffice:onlyoffice /var/www/products/ASC.Files/server/ /app/ASC.Files/server/
+COPY --from=base --chown=onlyoffice:onlyoffice /var/www/products/ASC.People/server/ /app/ASC.People/server/
 ENTRYPOINT ["./app/docker-entrypoint.sh"]

 ## image for k8s wait-bin-share ##
 FROM busybox:latest AS wait_bin_share
-RUN mkdir /app
-
-COPY wait-bin-share-docker-entrypoint.sh /app/docker-entrypoint.sh
+RUN addgroup --system --gid 107 onlyoffice && \
+    adduser -u 104 onlyoffice --home /var/www/onlyoffice --system -G onlyoffice && \
+    mkdir /app
+USER onlyoffice
+COPY --chown=onlyoffice:onlyoffice wait-bin-share-docker-entrypoint.sh /app/docker-entrypoint.sh
 ENTRYPOINT ["./app/docker-entrypoint.sh"]
--- a/install/docker/Dockerfile.runtime
+++ b/install/docker/Dockerfile.runtime
@ -36,11 +36,11 @@ RUN mkdir -p /var/log/onlyoffice && \
    chown onlyoffice:onlyoffice /var/www -R && \
    apt-get -y update && \
    apt-get install -yq \
-        python3-pip \
-        nano \
-        curl \
-        vim \
-        libgdiplus && \
+    python3-pip \
+    nano \
+    curl \
+    vim \
+    libgdiplus && \
    pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
    rm -rf /var/lib/apt/lists/*

@ -64,10 +64,10 @@ RUN mkdir -p /var/log/onlyoffice && \
    chown onlyoffice:onlyoffice /var/www -R && \
    apt-get -y update && \
    apt-get install -yq \ 
-            nano \
-            curl \
-            vim \
-            python3-pip && \
+    nano \
+    curl \
+    vim \
+    python3-pip && \
    pip3 install --upgrade jsonpath-ng multipledispatch netaddr netifaces --break-system-packages && \
    rm -rf /var/lib/apt/lists/*

@ -122,6 +122,8 @@ RUN chown onlyoffice:onlyoffice /etc/nginx/* -R && \
    sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:9090/$service_identity_api/' /etc/nginx/conf.d/onlyoffice.conf && \
+    sed -i 's/127.0.0.1:8080/$service_identity/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5015/$service_management/' /etc/nginx/conf.d/onlyoffice.conf && \
    sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \
--- a/install/docker/bin-share-docker-entrypoint.sh
+++ b/install/docker/bin-share-docker-entrypoint.sh
@ -5,6 +5,5 @@ echo "#####    Run preparation for launching DocSpace services     #####"
 echo "##################################################################"
 cp -r /app/ASC.Files/server/* /var/www/products/ASC.Files/server/
 cp -r /app/ASC.People/server/* /var/www/products/ASC.People/server/
-chown -R onlyoffice:onlyoffice /var/www/products/
 echo "Ok" > /var/www/products/ASC.Files/server/status.txt
 echo "Preparation for launching DocSpace services is complete"
--- a/install/docker/config/nginx/templates/upstream.conf.template
+++ b/install/docker/config/nginx/templates/upstream.conf.template
@ -54,6 +54,18 @@ map $SERVICE_API $service_api {
    default $SERVICE_API;
 }

+map $SERVICE_IDENTITY_API $service_identity_api {
+    volatile;
+    "" 127.0.0.1:9090;
+    default $SERVICE_IDENTITY_API;
+}
+
+map $SERVICE_IDENTITY $service_identity {
+    volatile;
+    "" 127.0.0.1:8080;
+    default $SERVICE_IDENTITY;
+}
+
 map $SERVICE_STUDIO $service_studio {
    volatile;
    "" 127.0.0.1:5003;
--- a/install/docker/docspace.overcome.yml
+++ b/install/docker/docspace.overcome.yml
@ -150,7 +150,12 @@ services:
    <<: *x-profiles-local
    image: ${Baseimage_Dotnet_Run}
    working_dir: ${BUILD_PATH}/studio/ASC.Web.Studio/    
-    command: ["ASC.Web.Studio.dll", "ASC.Web.Studio"]
+    command:
+     [
+       "ASC.Web.Studio.dll",
+       "ASC.Web.Studio",
+       "core:eventBus:subscriptionClientName=asc_event_bus_webstudio_queue",
+     ]
    volumes:
      - ${SRC_PATH}/ASC.Web.Studio/service:${BUILD_PATH}/studio/ASC.Web.Studio/
      - ${SRC_PATH}/ASC.Files/service/:${BUILD_PATH}/products/ASC.Files/server/
--- a/install/docker/docspace.profiles.yml
+++ b/install/docker/docspace.profiles.yml
@ -264,6 +264,8 @@ services:
      - SERVICE_NOTIFY=${SERVICE_NOTIFY}
      - SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER}
      - SERVICE_SOCKET=${SERVICE_SOCKET}
+      - SERVICE_IDENTITY_API=${SERVICE_IDENTITY_API}
+      - SERVICE_IDENTITY=${SERVICE_IDENTITY}
      - SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY}
      - SERVICE_API=${SERVICE_API}
      - SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM}
--- a/install/docker/docspace.yml
+++ b/install/docker/docspace.yml
@ -1,5 +1,5 @@
-x-healthcheck:
-  &x-healthcheck
+version: "3.8"
+x-healthcheck: &x-healthcheck
  test: curl --fail http://127.0.0.1 || exit 1
  interval: 60s
  retries: 5
@ -8,6 +8,7 @@ x-healthcheck:

 x-service: &x-service-base
  container_name: base
+  user: "${UID}:${GID}"
  restart: always
  expose:
    - ${SERVICE_PORT}
@ -64,48 +65,48 @@ services:
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup-background:${DOCKER_TAG}"
    container_name: ${BACKUP_BACKGRUOND_TASKS_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1

  onlyoffice-backup:
    <<: *x-service-base
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup:${DOCKER_TAG}"
    container_name: ${BACKUP_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1

  onlyoffice-clear-events:
    <<: *x-service-base
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-clear-events:${DOCKER_TAG}"
    container_name: ${CLEAR_EVENTS_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1

  onlyoffice-files:
    <<: *x-service-base
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files:${DOCKER_TAG}"
    container_name: ${FILES_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_FILES}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_FILES}/health/ || exit 1

  onlyoffice-files-services:
    <<: *x-service-base
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files-services:${DOCKER_TAG}"
    container_name: ${FILES_SERVICES_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1

  onlyoffice-people-server:
    <<: *x-service-base
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-people-server:${DOCKER_TAG}"
    container_name: ${PEOPLE_SERVER_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1

  onlyoffice-socket:
    <<: *x-service-base
@ -119,32 +120,32 @@ services:
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio-notify:${DOCKER_TAG}"
    container_name: ${STUDIO_NOTIFY_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1

  onlyoffice-api:
    <<: *x-service-base
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api:${DOCKER_TAG}"
    container_name: ${API_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_API}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_API}/health/ || exit 1

  onlyoffice-api-system:
    <<: *x-service-base
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api-system:${DOCKER_TAG}"
    container_name: ${API_SYSTEM_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1

  onlyoffice-studio:
    <<: *x-service-base
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio:${DOCKER_TAG}"
    container_name: ${STUDIO_HOST}
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1

  onlyoffice-ssoauth:
    <<: *x-service-base
@ -161,8 +162,8 @@ services:
    expose:
      - "5013"
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_DOCEDITOR}/doceditor/health || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_DOCEDITOR}/doceditor/health || exit 1

  onlyoffice-login:
    <<: *x-service-base
@ -171,16 +172,17 @@ services:
    expose:
      - "5011"
    healthcheck:
-     <<: *x-healthcheck
-     test: curl --fail http://${SERVICE_LOGIN}/login/health || exit 1
+      <<: *x-healthcheck
+      test: curl --fail http://${SERVICE_LOGIN}/login/health || exit 1

  onlyoffice-router:
    image: "${REPO}/${DOCKER_IMAGE_PREFIX}-router:${DOCKER_TAG}"
    container_name: ${ROUTER_HOST}
+    user: "${UID}:${GID}"
    restart: always
    healthcheck:
-     <<: *x-healthcheck
-     test: nginx -t || exit 1
+      <<: *x-healthcheck
+      test: nginx -t || exit 1
    expose:
      - "8081"
      - "8099"
@ -208,6 +210,8 @@ services:
      - SERVICE_NOTIFY=${SERVICE_NOTIFY}
      - SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER}
      - SERVICE_SOCKET=${SERVICE_SOCKET}
+      - SERVICE_IDENTITY_API=${SERVICE_IDENTITY_API}
+      - SERVICE_IDENTITY=${SERVICE_IDENTITY}
      - SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY}
      - SERVICE_API=${SERVICE_API}
      - SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM}
--- a/install/docker/identity.yml
+++ b/install/docker/identity.yml
@ -0,0 +1,69 @@
+version: "3.8"
+
+services:
+  onlyoffice-identity-authorization:
+    build:
+      context: ../../../server/common/ASC.Identity
+      dockerfile: ${IDENTITY_DOCKERFILE}
+      args: 
+        - MODULE=authorization/authorization-container
+    container_name: ${IDENTITY_AUTHORIZATION_CONTAINER_NAME}
+    restart: always
+    ports:
+      - 8080:8080
+    environment:
+      - SPRING_PROFILES_ACTIVE=${IDENTITY_PROFILE}
+      - SPRING_APPLICATION_NAME=ASC.Identity.Authorization
+      - SERVER_PORT=${IDENTITY_AUTHORIZATION_SERVER_PORT}
+      - JDBC_PASSWORD=${JDBC_PASSWORD}
+      - JDBC_URL=${JDBC_URL}
+      - JDBC_USER_NAME=${JDBC_USER_NAME}
+      - JDBC_DATABASE=${JDBC_DATABASE}
+      - RABBIT_HOST=onlyoffice-rabbitmq
+      - REDIS_HOST=onlyoffice-redis
+    depends_on:
+      - onlyoffice-identity-migration
+
+  onlyoffice-identity-api:
+    build:
+      context: ../../../server/common/ASC.Identity
+      dockerfile: ${IDENTITY_DOCKERFILE}
+      args: 
+        - MODULE=registration/registration-container
+    container_name: ${IDENTITY_API_CONTAINER_NAME}
+    ports:
+      - 9090:9090
+    environment:
+      - SPRING_PROFILES_ACTIVE=${PROFILE}
+      - SPRING_APPLICATION_NAME=ASC.Identity.Registration
+       - SERVER_PORT=${IDENTITY_API_SERVER_PORT}
+      - JDBC_PASSWORD=${JDBC_PASSWORD}
+      - JDBC_URL=${JDBC_URL}
+      - JDBC_USER_NAME=${JDBC_USER_NAME}
+      - JDBC_DATABASE=${JDBC_DATABASE}
+      - RABBIT_HOST=onlyoffice-rabbitmq
+      - REDIS_HOST=onlyoffice-redis
+    depends_on:
+      - onlyoffice-identity-migration
+
+  onlyoffice-identity-migration:
+    build:
+      context: ../../../server/common/ASC.Identity
+      dockerfile: ${IDENTITY_DOCKERFILE}
+      args: 
+        - MODULE=infrastructure/infrastructure-migration-runner
+    container_name: ${IDENTITY_MIGRATION_CONTAINER_NAME} 
+    restart: "no"
+    ports:
+      - 8081:8081
+    environment:
+      - JDBC_PASSWORD=${JDBC_PASSWORD}
+      - JDBC_URL=${JDBC_URL}
+      - JDBC_USER_NAME=${JDBC_USER_NAME}
+      - JDBC_DATABASE=${JDBC_DATABASE}
+      - RABBIT_HOST=onlyoffice-rabbitmq
+      - REDIS_HOST=onlyoffice-redis
+networks:
+  default:
+    name: ${NETWORK_NAME}
+    external: true
--- a/run/IdentityApi.xml
+++ b/run/IdentityApi.xml
@ -0,0 +1,12 @@
+<service>
+  <id>OnlyofficeIdentityApi</id>
+  <name>ONLYOFFICE IdentityApi</name>
+  <startmode>manual</startmode>
+  <executable>java</executable>
+  <env name="LOG_FILE_PATH" value="../../Logs/identity-api.log"/>
+  <env name="SPRING_PROFILES_ACTIVE" value=""/>
+  <arguments>-jar ../../server/common/ASC.Identity/registration/registration-container/target/registration-container-1.0.0.jar</arguments>
+  <log mode="none"/>
+  <delayedAutoStart>true</delayedAutoStart>
+  <onfailure action="restart" delay="5 sec" />
+</service>
--- a/run/IdentityMigration.xml
+++ b/run/IdentityMigration.xml
@ -0,0 +1,12 @@
+<service>
+  <id>OnlyofficeIdentityMigration</id>
+  <name>ONLYOFFICE IdentityMigration</name>
+  <startmode>manual</startmode>
+  <executable>java</executable>
+  <env name="LOG_FILE_PATH" value="../../Logs/identity-migration.log"/>
+  <env name="SPRING_PROFILES_ACTIVE" value="dev"/>
+  <arguments>-jar ../../server/common/ASC.Identity/infrastructure/infrastructure-migration-runner/target/infrastructure-migration-runner-1.0.0.jar</arguments>
+  <log mode="none"/>
+  <delayedAutoStart>true</delayedAutoStart>
+  <onfailure action="restart" delay="5 sec" />
+</service>
--- a/run/IdentityService.xml
+++ b/run/IdentityService.xml
@ -0,0 +1,13 @@
+<service>
+  <id>OnlyofficeIdentityService</id>
+  <name>ONLYOFFICE IdentityService</name>
+  <startmode>manual</startmode>
+  <executable>java</executable>
+  <env name="LOG_FILE_PATH" value="../../Logs/identity-authorization.log"/>
+  <env name="SERVER_PORT" value="8080"/>
+  <env name="SPRING_PROFILES_ACTIVE" value=""/>
+  <arguments>-jar ../../server/common/ASC.Identity/authorization/authorization-container/target/authorization-container-1.0.0.jar</arguments>
+  <log mode="none"/>
+  <delayedAutoStart>true</delayedAutoStart>
+  <onfailure action="restart" delay="5 sec" />
+</service>
--- a/scripts/identity.bat
+++ b/scripts/identity.bat
@ -0,0 +1,28 @@
+PUSHD %~dp0..
+
+cd %~dp0../../server/common/ASC.Identity/
+
+echo Start build ASC.Identity project...
+echo.
+
+echo ASC.Identity: resolves all project dependencies...
+echo.
+
+call mvn dependency:go-offline -q
+
+if %errorlevel% == 0 (
+
+echo ASC.Identity: take the compiled code and package it in its distributable format, such as a JAR...
+call mvn package -DskipTests -q
+
+)
+
+if %errorlevel% == 0 (
+
+echo ASC.Identity: build completed
+echo.
+
+)
+
+
+POPD
Author	SHA1	Message	Date
Viktor Fomin	e5d569da54	Merge branch 'develop' into feature/redesign-management	2024-08-13 23:44:56 +03:00
Sergey Kirichenko	290778650c	Add rootless mode (#299 )	2024-08-12 17:15:39 +03:00
Valeria Bagisheva	c1730c2ad2	Add optional user to router	2024-08-11 16:30:25 +03:00
Valeria Bagisheva	f4220983f1	Fix USER in dotnetrun image	2024-08-10 17:27:34 +03:00
Alexey Safronov	0cc49730f3	Merge branch 'hotfix/v2.6.1' into develop	2024-08-09 16:33:24 +04:00
Alexey Safronov	566171800f	Merge branch 'master' into develop	2024-08-09 16:33:11 +04:00
Alexey Bannov	b43d9a5cda	docker: WebStudio: support self queue	2024-08-08 20:10:15 +03:00
Valeria Bagisheva	f0e44bf6a6	Remove ownership change command	2024-08-07 11:26:36 +03:00
Valeria Bagisheva	57db3d548c	Add onlyoffice user	2024-08-07 11:23:38 +03:00
Alexey Safronov	3c2f1bf458	Merge branch 'hotfix/v2.6.1' into develop	2024-08-07 11:48:52 +04:00
Evgeniy Antonyuk	a090e14a30	Add a check to enable the CRB repository (#298 )	2024-08-07 10:31:15 +03:00
Valeria Bagisheva	12ab50d3a5	Add choose user options	2024-08-07 09:12:29 +03:00
Evgeniy Antonyuk	84a7d52c1b	Implement a separate OCI test run for debian\redhat (#297 )	2024-08-06 16:52:57 +03:00
Evgeniy Antonyuk	2c892e1a6c	Fix OCI installation on AlmaLinux, Rocky Linux and other Use CentOS install flow for default on RedHat-based distributions	2024-08-02 17:55:46 +03:00
Alexey Safronov	48e047e660	Merge branch 'master' into develop	2024-08-02 12:46:54 +04:00
Alexey Golubev	cb39bacffb	Merge release/v2.6.0 into develop (#294 )	2024-08-01 13:57:05 +03:00
Valeria Bagisheva	859a3bb009	Fix rename dashboards for release (#291 )	2024-08-01 11:17:34 +03:00
Alexey Safronov	4c7376852a	Merge branch 'release/v2.6.0' into hotfix/v2.6.1	2024-07-31 16:59:21 +04:00
Alexey Bannov	ecb6cba47e	refactoring	2024-07-29 17:03:26 +03:00
Alexey Bannov	dc1f9020fc	refactoring header value	2024-07-29 16:22:23 +03:00
Alexey Bannov	a376f1f5ed	added Server-Timing header nginx level	2024-07-29 16:15:19 +03:00
Alexey Safronov	c11d0f6123	Merge branch 'release/v2.6.0' into develop	2024-07-29 15:24:35 +04:00
Sergey Kirichenko	7b9928be7e	Add services identity to env	2024-07-25 16:23:09 +03:00
Alexey Safronov	01c919d7ca	Merge branch 'release/v2.6.0' into develop # Conflicts: # config/nginx/onlyoffice.conf	2024-07-22 12:06:05 +04:00
Alexey Safronov	c523250337	Merge branch 'release/v2.6.0' into develop # Conflicts: # config/nginx/onlyoffice.conf # install/OneClickInstall/install-RedHat/install-preq.sh # run/Login.xml	2024-07-12 10:34:33 +04:00
Alexey Bannov	c312ba632b	Feature/oauth2 client (#276 )	2024-07-09 16:24:04 +03:00
Timofey Boyko	13f67192bf	Rename oauth to identity, add flag for build in dev mode	2024-07-09 15:41:51 +03:00
Alexey Bannov	a9d9ba70a8	added IdentityServer to hide settings	2024-07-09 12:04:49 +03:00
Sergey Kirichenko	2813bd572f	Separate dashboards location (#259 )	2024-07-09 10:22:27 +03:00
Alexey Bannov	1cd5d9a2e9	ASC.Identity: fixed runner	2024-07-04 16:01:28 +03:00
Evgeniy Antonyuk	6d0c14ebc3	Fix the .next folder packing for login service	2024-07-01 13:38:51 +03:00
Evgeniy Antonyuk	33ac365992	Fix package build substitution errors	2024-07-01 12:17:20 +03:00
Elbakyan Shirak	9d9e76acb1	fix Bug 68851 - Fix packages conflict for RabbirMQ: mkfontscale (#265 )	2024-06-28 18:02:30 +03:00
Evgeniy Antonyuk	26f8014056	Fix update of held dependencies (#262 )	2024-06-28 17:48:56 +03:00
Timofey Boyko	aff3c13d5c	Fix build oauth	2024-06-28 13:36:14 +03:00
Valeria Bagisheva	58f8ef4d27	Rename dashboards and mentionings to server-dashboards	2024-06-26 00:11:03 +03:00
Timofey Boyko	415fe6e605	Merge branch 'develop' into feature/oauth2-client	2024-06-24 14:31:26 +03:00
Timofey Boyko	3f2087a60c	Update docker build for oauth services	2024-06-24 14:15:03 +03:00
Timofey Boyko	5c567ad109	Install:Docker: fix env	2024-06-19 18:13:52 +03:00
Timofey Boyko	f4e91b7b3d	Merge branch 'develop' into feature/oauth2-client	2024-06-19 15:16:18 +03:00
Valeria Bagisheva	9f88fc61f0	Brush up some spaces	2024-06-14 17:22:33 +03:00
Timofey Boyko	0cb0448c44	Delete useless	2024-06-14 13:00:35 +03:00
Timofey Boyko	191ab2db6f	Merge branch 'develop' into feature/oauth2-client	2024-06-14 12:27:01 +03:00
Timofey Boyko	3545708a25	Nginx: fix for oauth2	2024-05-30 12:14:17 +03:00
Timofey Boyko	5aa3339a6f	Run: fix start Login SSR	2024-05-30 10:15:35 +03:00
Timofey Boyko	c959e430f2	Merge branch 'develop' into feature/oauth2-client	2024-05-23 18:42:26 +03:00
Valeria Bagisheva	dc099c3eb1	Separate dashboards location	2024-05-13 17:01:07 +03:00
Viktor Fomin	babd83dc2c	Config: fix nginx	2024-04-20 14:57:37 +03:00
Alexey Bannov	bbd4d8013d	identity: added LOG_FILE_PATH to startup service	2024-02-19 14:35:04 +03:00
Alexey Bannov	2ee869d9bb	identity: added LOG_FILE_PATH to startup service	2024-02-15 19:09:55 +03:00
Alexey Bannov	3d8d1c5e21	oauth2: fixed config	2024-02-12 17:59:00 +03:00
Timofey Boyko	b567e10880	Merge branch 'develop' into feature/oauth2-client	2024-02-12 16:45:54 +03:00
Timofey Boyko	1517c48add	Fix oauth build	2024-01-22 11:43:49 +03:00
Timofey Boyko	e248c9d317	Install:Docker: fix build oauth	2023-12-14 10:37:57 +03:00
Timofey Boyko	bbc46c5676	Merge branch 'develop' into feature/oauth2-client	2023-11-29 10:26:01 +03:00
Alexey Bannov	893e3dca78	identity: change path	2023-11-28 20:39:56 +03:00
Timofey Boyko	bb30917778	Buildtools: change ASC.OAuth to ASC.Identity	2023-11-17 15:33:39 +03:00
Timofey Boyko	4a3b1d943e	Fix	2023-11-10 16:42:23 +03:00
Timofey Boyko	e1c2632e09	Fix after merge	2023-11-10 13:16:01 +03:00
Timofey Boyko	67821b7297	Merge branch 'develop' into feature/oauth2-client	2023-11-10 12:11:17 +03:00
Timofey Boyko	5edc87293a	Merge branch 'develop' into feature/oauth2-client	2023-10-31 10:47:18 +03:00
Timofey Boyko	40d19b1746	Fix nginx oauth config	2023-10-27 12:29:25 +03:00
Timofey Boyko	f745a71e43	Fix nginx; fix build oauth containers	2023-10-25 11:41:13 +03:00
Timofey Boyko	8f0ed06219	Build: fix oauth build	2023-10-23 11:02:31 +03:00
Timofey Boyko	d4efd04825	Fix nginx config and oauth.yml	2023-10-19 18:08:18 +03:00
Alexey Bannov	d8eff9bdb8	identity: added starter for windows	2023-10-19 16:43:09 +03:00
Timofey Boyko	242340255b	Merge branch 'develop' into feature/oauth2-client	2023-10-04 15:13:25 +03:00
Timofey Boyko	d7ea6fad02	Merge branch 'develop' into feature/oauth2-client	2023-10-04 13:49:47 +03:00
Timofey Boyko	ad047bc372	Merge branch 'develop' into feature/oauth2-client	2023-10-02 10:05:58 +03:00
Ilya Oleshko	e02510be1d	Build: Docker: Fixed docker build scripts and .env	2023-09-29 16:50:36 +03:00
Ilya Oleshko	bb5b8cccdd	Common: OAuth: Migration: Fixed sql script	2023-09-29 16:48:46 +03:00
Alexey Bannov	ba23f9bb7b	fixed migration	2023-09-29 14:39:22 +03:00
Alexey Bannov	84afb50b66	merge from develop	2023-09-29 14:28:10 +03:00
Timofey Boyko	aa6545bfe1	Build: add build docker oauth2 services for unix	2023-09-28 17:59:35 +03:00
Timofey Boyko	4b888c6640	Build: add build docker oauth2 services	2023-09-28 17:42:06 +03:00
Timofey Boyko	a34bedef1e	Web:Client:OAUth: add preview	2023-09-28 14:36:53 +03:00
Timofey Boyko	f6dca051ac	Rename oauth service to oauth_api_service, add new oauth service	2023-09-28 13:26:00 +03:00
Timofey Boyko	ca73c5b0c4	Web:Client:OAuth: add row view	2023-09-28 10:21:43 +03:00
Timofey Boyko	807215a0cb	Web:Client:OAuth: fix mobx warning, add infinity list for table view	2023-09-27 18:13:07 +03:00
Dmitrii Vershinin	2381fcf68f	chore: remove react client	2023-09-27 18:14:30 +05:00
Dmitrii Vershinin	8ee516850b	fix: use server side templates	2023-09-27 18:14:21 +05:00
Dmitrii Vershinin	0f9d61b9f0	fix: server side resources	2023-09-27 18:13:54 +05:00
Timofey Boyko	bbce172bba	Move ASC.OAuth from web to common	2023-09-27 14:05:59 +03:00
Timofey Boyko	5f8718c78d	Add yarn.lock for ASC.OAuth client	2023-09-27 14:02:16 +03:00
Timofey Boyko	76e439bad3	Merge branch 'feature/oauth2' into feature/oauth2-client	2023-09-27 14:01:10 +03:00
Timofey Boyko	d8a535432d	Web:Client:PortalSettings:OAuth: add table view	2023-09-27 14:00:11 +03:00
Timofey Boyko	6956adc231	Web:Client:PortalSettings: fix create and edit oauth client	2023-09-26 11:47:27 +03:00
Timofey Boyko	310f2d5dc5	Web:Client:PortalSettings: add OAuth edit and create page	2023-09-26 10:31:22 +03:00
Timofey Boyko	61c920555b	Nginx: fix /api/scopes for OAuth	2023-09-25 17:04:55 +03:00
Timofey Boyko	8b0bca3a44	Web:Client:Routes: fix OAuth create and edit routes	2023-09-25 17:04:30 +03:00
Timofey Boyko	74e94c0a10	Web:Client:Store: rewrite OAuth store to typescipt	2023-09-25 17:03:57 +03:00
Timofey Boyko	dc1274fb88	Web:Client:PortalSettings: add OAuth empty page	2023-09-25 17:03:25 +03:00
Timofey Boyko	3b9c56c5f4	Web:Common:OAuth: add new utils, new interfaces	2023-09-25 17:02:28 +03:00
Timofey Boyko	a56a46236c	Web:Client:PortalSettings: add OAuth page	2023-09-25 10:09:24 +03:00
Timofey Boyko	17f6195d8c	Merge branch 'develop' into feature/oauth2-client	2023-09-25 08:54:25 +03:00
Timofey Boyko	31bf677340	Merge branch 'develop' into feature/oauth2-client	2023-09-22 17:31:22 +03:00
Timofey Boyko	8e751923d9	Web:OAuth2: add CRUD	2023-09-22 17:28:37 +03:00
Timofey Boyko	ebdffb55ea	Update yarn.lock	2023-09-22 15:38:32 +03:00
Timofey Boyko	ac496b82a2	Add oauth service proxy	2023-09-22 15:38:11 +03:00
Alexey Bannov	6d6116c5ce	merge from develop	2023-09-22 13:39:24 +03:00
Dmitrii Vershinin	11c322f03b	chore: client url	2023-09-13 17:41:05 +05:00
Dmitrii Vershinin	2a36d19707	feat: authorization server	2023-09-13 16:10:28 +05:00
Alexey Bannov	4a7f1710de	merge from develop	2023-08-15 19:50:23 +03:00
Ilya Oleshko	a4d69eebe8	Web: Client: OAuth: Fixed DTO and client view styles	2023-07-18 12:36:44 +03:00
Ilya Oleshko	e173c5932d	Web: Client: OAuth: Added view page	2023-07-18 12:36:44 +03:00
Ilya Oleshko	fbaace1941	Web: Client: PortalSettings: Fixed OAuth settings page	2023-07-18 12:36:44 +03:00
Ilya Oleshko	a0b9e56097	Web: Client: PortalSettings: Added base OAuth page	2023-07-18 12:36:44 +03:00
Alexey Bannov	06c63bdb6f	ASC.MigrationPersonalToDocspace: fixed	2023-07-06 19:40:10 +03:00
Alexey Bannov	d5b009554e	backend: update JWT dll. Added authorize via JWT token	2023-06-29 20:47:47 +03:00
Alexey Bannov	eefb4b5e2e	refactoring:Authorization replace mvc filter to route	2023-06-16 19:46:14 +03:00