IlyaSobolev/DocSpace-buildtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: IlyaSobolev:master
Branches Tags
IlyaSobolev:master
IlyaSobolev:develop
IlyaSobolev:feature/new-service-identity
IlyaSobolev:hotfix/v2.6.1
IlyaSobolev:feature/development-packages
IlyaSobolev:bugfix/fluent-https
IlyaSobolev:features/oci-ref
IlyaSobolev:feature/redesign-management
IlyaSobolev:feature/custom-build
IlyaSobolev:feature/oci-refactoring
IlyaSobolev:feature/oci-log
IlyaSobolev:feature/reusable-build
IlyaSobolev:feature/release-docker
IlyaSobolev:feature/build-from-commit
IlyaSobolev:feature/optimize-build-time
IlyaSobolev:bugfix/testing-docspace
IlyaSobolev:feature/another-package-name
IlyaSobolev:feature/proxy-cache
IlyaSobolev:feature/share-point
IlyaSobolev:bugfix/scheme
IlyaSobolev:feature/config-build-hotfix-branch
IlyaSobolev:feature/config-build-release-branch
IlyaSobolev:feature/config-build-develop-branch
IlyaSobolev:feature/connection-timeout
IlyaSobolev:feature/test-containers-before-push
IlyaSobolev:feature/independent-jobs
IlyaSobolev:feature/fix-workflow-dispatch
IlyaSobolev:bugfix/custom-dns
IlyaSobolev:feature/cache-build
IlyaSobolev:feature/merge-trigger-action
IlyaSobolev:feature/ffmpeg
IlyaSobolev:feature/fix-git-clone
IlyaSobolev:feature/merge-services
IlyaSobolev:feature/owasp-secure-headers
IlyaSobolev:bugfix/wrong-portal-name
IlyaSobolev:bugfix/oci-docker
IlyaSobolev:docker-api-origin/rc-v1.2.0
IlyaSobolev:feature/appserver-upstream
IlyaSobolev:v2.6.0-server
IlyaSobolev:v2.6.0-saas
IlyaSobolev:v2.5.1-saas
IlyaSobolev:v2.5.1-server
IlyaSobolev:v2.5.0-server
IlyaSobolev:v2.5.0-saas
IlyaSobolev:v2.0.5-saas
IlyaSobolev:v2.0.4-saas
IlyaSobolev:v2.0.2-server
IlyaSobolev:v2.0.0-server
IlyaSobolev:v2.0.0-saas
IlyaSobolev:v1.1.3-server
IlyaSobolev:v1.1.3-saas
IlyaSobolev:v1.1.1-server
IlyaSobolev:v1.0.1
IlyaSobolev:v1.0.0
IlyaSobolev:v1.0.0-pre
IlyaSobolev:personal-v1.2.0
IlyaSobolev:personal-v1.1.1
IlyaSobolev:personal-v1.1.0
IlyaSobolev:personal-v1.0.1
IlyaSobolev:personal-v1.0.0
..
compare: IlyaSobolev:feature/build-from-commit
Branches Tags
IlyaSobolev:develop
IlyaSobolev:feature/new-service-identity
IlyaSobolev:master
IlyaSobolev:hotfix/v2.6.1
IlyaSobolev:feature/development-packages
IlyaSobolev:bugfix/fluent-https
IlyaSobolev:features/oci-ref
IlyaSobolev:feature/redesign-management
IlyaSobolev:feature/custom-build
IlyaSobolev:feature/oci-refactoring
IlyaSobolev:feature/oci-log
IlyaSobolev:feature/reusable-build
IlyaSobolev:feature/release-docker
IlyaSobolev:feature/build-from-commit
IlyaSobolev:feature/optimize-build-time
IlyaSobolev:bugfix/testing-docspace
IlyaSobolev:feature/another-package-name
IlyaSobolev:feature/proxy-cache
IlyaSobolev:feature/share-point
IlyaSobolev:bugfix/scheme
IlyaSobolev:feature/config-build-hotfix-branch
IlyaSobolev:feature/config-build-release-branch
IlyaSobolev:feature/config-build-develop-branch
IlyaSobolev:feature/connection-timeout
IlyaSobolev:feature/test-containers-before-push
IlyaSobolev:feature/independent-jobs
IlyaSobolev:feature/fix-workflow-dispatch
IlyaSobolev:bugfix/custom-dns
IlyaSobolev:feature/cache-build
IlyaSobolev:feature/merge-trigger-action
IlyaSobolev:feature/ffmpeg
IlyaSobolev:feature/fix-git-clone
IlyaSobolev:feature/merge-services
IlyaSobolev:feature/owasp-secure-headers
IlyaSobolev:bugfix/wrong-portal-name
IlyaSobolev:bugfix/oci-docker
IlyaSobolev:docker-api-origin/rc-v1.2.0
IlyaSobolev:feature/appserver-upstream
IlyaSobolev:v2.6.0-server
IlyaSobolev:v2.6.0-saas
IlyaSobolev:v2.5.1-saas
IlyaSobolev:v2.5.1-server
IlyaSobolev:v2.5.0-server
IlyaSobolev:v2.5.0-saas
IlyaSobolev:v2.0.5-saas
IlyaSobolev:v2.0.4-saas
IlyaSobolev:v2.0.2-server
IlyaSobolev:v2.0.0-server
IlyaSobolev:v2.0.0-saas
IlyaSobolev:v1.1.3-server
IlyaSobolev:v1.1.3-saas
IlyaSobolev:v1.1.1-server
IlyaSobolev:v1.0.1
IlyaSobolev:v1.0.0
IlyaSobolev:v1.0.0-pre
IlyaSobolev:personal-v1.2.0
IlyaSobolev:personal-v1.1.1
IlyaSobolev:personal-v1.1.0
IlyaSobolev:personal-v1.0.1
IlyaSobolev:personal-v1.0.0

1 Commits
master ... feature/bu

Author SHA1 Message Date
Valeria Bagisheva
fcc5101360 Add git clone from specific commit 2024-06-13 10:24:03 +03:00
28 changed files with 263 additions and 470 deletions
Show Stats Expand all files Collapse all files

89
.github/scripts/release-docspace.sh vendored
View File

@ -1,89 +0,0 @@
#!/usr/bin/env bash
set -e
function get_colors() {
COLOR_BLUE=$'\e[34m'
COLOR_GREEN=$'\e[32m'
COLOR_RED=$'\e[31m'
COLOR_RESET=$'\e[0m'
COLOR_YELLOW=$'\e[33m'
export COLOR_BLUE
export COLOR_GREEN
export COLOR_RED
export COLOR_RESET
export COLOR_YELLOW
}
function release_service() {
# ex. service_source_tag=onlyoffice/4testing-docspace-service-name:2.5.1.1473
local service_source_tag=${1}
echo ${service_source_tag}
# ex. service_release_tag=onlyoffice/docspace-service-name:2.5.1.1
# NOTE: latest tag also will be updated
local service_release_tag
service_release_tag=$(echo ${service_source_tag%:*} | sed 's/4testing-//')
# If specifyed tag look like 2.5.1.1 it will release like 3 different tags: 2.5.1 2.5.1.1 latest
# Make new image manigest and push it to stable images repository
docker buildx imagetools create --tag ${service_release_tag}:${RELEASE_VERSION%.*} \
--tag ${service_release_tag}:${RELEASE_VERSION} \
--tag ${service_release_tag}:latest \
${service_source_tag} || local STATUS=$?
# Make alert
if [[ ! ${STATUS} ]]; then
RELEASED_SERVICES+=("${service_release_tag}")
else
UNRELEASED_SERVICES+=("${service_release_tag}")
fi
}
function main() {
# Import all colors
get_colors
# Make released|unreleased array
RELEASED_SERVICES=()
UNRELEASED_SERVICES=()
# REPO mean hub.docker repo owner ex. onlyoffice
: "${REPO:?Should be set}"
# DOCKER_TAG mean tag from 4testing ex. 2.6.1.3123
: "${DOCKER_TAG:?Should be set}"
# RELEASED_VERSION mean tag for stable repo 2.6.1.1
: "${RELEASE_VERSION:?Should be set}"
# DOCKER_IMAGE_PREFIX mean tag prefix ex. 4testing-docspace
: "${DOCKER_IMAGE_PREFIX:?Should be set}"
cd ${GITHUB_WORKSPACE}/install/docker
SERVICES=($(docker buildx bake -f build.yml --print | jq -r '.target | .[] | .tags[]'))
echo ${SERVICES[@]}
for service in ${SERVICES[@]}; do
release_service ${service}
done
# Output Result
echo "Released services"
for service in ${RELEASED_SERVICES[@]}; do
echo "${COLOR_GREEN}${service}${COLOR_RESET}"
done
# PANIC IF SOME SERVICE WASNT RELEASE
if [[ -n ${UNRELEASED_SERVICES} ]]; then
for service in ${UNRELEASED_SERVICES[@]}; do
echo "${COLOR_RED}PANIC: Service ${service} wasn't relese!${COLOR_RED}"
done
exit 1
fi
}
main

68
.github/workflows/ci-oci-docker-install.yml vendored
View File

@ -1,68 +0,0 @@
name: Install OneClickInstall Docker
on:
pull_request:
types: [opened, reopened, synchronize]
paths:
- '.github/workflows/ci-oci-docker-install.yml'
- 'install/OneClickInstall/install-Docker.sh'
workflow_dispatch:
inputs:
script-branch:
description: 'Branch for OCI script docker'
required: true
type: string
default: master
jobs:
Install-OneClickInstall-Docker:
runs-on: ubuntu-22.04
steps:
- name: Test OCI docker scripts
run: |
sudo docker image prune --all --force
BRANCH_NAME=$(
case "${{ github.event_name }}" in
pull_request) echo "${{ github.event.pull_request.head.ref }}";;
workflow_dispatch) echo "${{ github.event.inputs.script-branch }}";;
push) echo "${GITHUB_REF#refs/heads/}";;
esac
)
wget https://download.onlyoffice.com/docspace/docspace-install.sh
sed '/bash install-Docker.sh/i sed -i "1i set -x" install-Docker.sh' -i docspace-install.sh
sudo bash docspace-install.sh docker -skiphc true -noni true $([ $BRANCH_NAME != "master" ] && echo "-gb $BRANCH_NAME -s 4testing-") || exit $?
echo -n "Waiting for all containers to start..."
timeout 300 bash -c 'while docker ps | grep -q "starting"; do sleep 5; done' && echo "OK" || echo "container_status=timeout" >> $GITHUB_ENV
- name: Check container status
run: |
docker ps --all --format "{{.Names}}" | xargs -I {} sh -c '
status=$(docker inspect --format="{{if .State.Health}}{{.State.Health.Status}}{{else}}no healthcheck{{end}}" {});
case "$status" in
healthy) color="\033[0;32m" ;; # green
"no healthcheck") color="\033[0;33m" ;; # yellow
*) color="\033[0;31m"; echo "container_status=red" >> $GITHUB_ENV ;; # red
esac;
printf "%-30s ${color}%s\033[0m\n" "{}:" "$status";
'
- name: Print logs for crashed container
run: |
docker ps --all --format "{{.Names}}" | xargs -I {} sh -c '
status=$(docker inspect --format="{{if .State.Health}}{{.State.Health.Status}}{{else}}no healthcheck{{end}}" {});
case "$status" in
healthy | "no healthcheck") ;;
*)
echo "Logs for container {}:";
docker logs --tail 30 {} | sed "s/^/\t/g";
;;
esac;
'
case "${{ env.container_status }}" in
timeout) echo "Timeout reached. Not all containers are running."; exit 1 ;;
red) echo "One or more containers have status 'red'. Job will fail."; exit 1 ;;
esac

75
.github/workflows/oci-release.yml vendored
View File

@ -1,75 +0,0 @@
name: Upload OneСlickInstall scripts on S3
on:
push:
branches:
- master
paths:
- 'install/docker/*.yml'
- 'install/docker/*.env'
- 'install/docker/config/**'
- 'install/OneClickInstall/**'
workflow_dispatch:
env:
PRODUCT: docspace
jobs:
release:
name: Scripts release
runs-on: ubuntu-latest
env:
DOCKER_DIR: "${{ github.workspace }}/install/docker"
SCRIPT_DIR: "${{ github.workspace }}/install/OneClickInstall"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Creating an enterprise script
run: |
cp ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-install.sh ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-enterprise-install.sh
sed -i 's/\(PARAMETERS -it\).*";/\1 ENTERPRISE";/' ${{ env.SCRIPT_DIR }}/${{ env.PRODUCT }}-enterprise-install.sh
- name: Create Docker Tarball
run: |
cd ${{ env.DOCKER_DIR }}
tar -czvf ${{ env.SCRIPT_DIR }}/docker.tar.gz --exclude='config/supervisor*' *.yml .env config/
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_OCI }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_OCI }}
aws-region: us-east-1
- name: Upload scripts
run: |
cd ${{ env.SCRIPT_DIR }}
aws s3 cp . ${{ secrets.AWS_BUCKET_URL_OCI }}/ \
--recursive \
--acl public-read \
--content-type application/x-sh \
--metadata-directive REPLACE \
--exclude '*' \
--include="${{ env.PRODUCT }}-install.sh" \
--include="${{ env.PRODUCT }}-enterprise-install.sh" \
--include="install-RedHat.sh" \
--include="install-RedHat/*" \
--include="install-Debian.sh" \
--include="install-Debian/*" \
--include="install-Docker.sh" \
--include="docker.tar.gz"
- name: Invalidate AWS CloudFront cache
run: |
aws cloudfront create-invalidation \
--distribution-id ${{ secrets.AWS_DISTRIBUTION_ID_OCI }} \
--paths \
"/${{ env.PRODUCT }}/${{ env.PRODUCT }}-install.sh" \
"/${{ env.PRODUCT }}/${{ env.PRODUCT }}-enterprise-install.sh" \
"/${{ env.PRODUCT }}/install-RedHat.sh" \
"/${{ env.PRODUCT }}/install-RedHat/*" \
"/${{ env.PRODUCT }}/install-Debian.sh" \
"/${{ env.PRODUCT }}/install-Debian/*" \
"/${{ env.PRODUCT }}/install-Docker.sh" \
"/${{ env.PRODUCT }}/docker.tar.gz"

31
.github/workflows/release-docspace.yaml vendored
View File

@ -1,31 +0,0 @@
name: Release DocSpace
run-name: "Release Docker-DocSpace ${{ github.event.inputs.release_version }}"
on:
workflow_dispatch:
inputs:
repo:
description: 'hub.docker repo owner (ex. onlyoffice)'
type: string
required: true
default: 'onlyoffice'
release_version:
type: string
description: 'Tag for stable release (ex. 2.5.1.1)'
required: true
source_version:
type: string
description: '4testing tag from which the release will be created (ex. 2.5.1.2678)'
required: true
jobs:
docker-release:
uses: ONLYOFFICE/DocSpace-buildtools/.github/workflows/reusable-docspace-release.yaml@master
with:
repo: ${{ github.event.inputs.repo }}
release_version: ${{ github.event.inputs.release_version }}
source_version: ${{ github.event.inputs.source_version }}
secrets:
docker-username: ${{ secrets.DOCKERHUB_USERNAME }}
docker-usertoken: ${{ secrets.DOCKERHUB_TOKEN }}

49
.github/workflows/reusable-docspace-release.yaml vendored
View File

@ -1,49 +0,0 @@
name: "<reusable> release Docker-DocSpace"
on:
workflow_call:
inputs:
repo:
type: string
required: true
description: 'hub.docker repo owner (ex. onlyoffice)'
release_version:
type: string
required: true
description: 'Tag for stable release (ex. 1.0.0.1)'
source_version:
type: string
required: true
description: '4testing tag from which the release will be created (ex. 2.5.1.5678)'
secrets:
docker-username:
required: true
description: "hub.docker username"
docker-usertoken:
description: "hub.docker token"
required: true
jobs:
Release:
name: "Release Docker-DocSpace"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
repository: 'ONLYOFFICE/DocSpace-buildtools'
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.docker-username }}
password: ${{ secrets.docker-usertoken }}
- name: "Release Docker-DocSpace"
shell: bash
env:
REPO: ${{ inputs.repo }}
DOCKER_TAG: ${{ inputs.source_version }}
RELEASE_VERSION: ${{ inputs.release_version }}
DOCKER_IMAGE_PREFIX: "4testing-docspace"
run: |
${GITHUB_WORKSPACE}/.github/scripts/release-docspace.sh

3
build.backend.docker.py
View File

@ -188,8 +188,7 @@ os.environ["SRC_PATH"] = os.path.join(dir, "publish/services")
os.environ["DATA_DIR"] = os.path.join(dir, "data")
os.environ["APP_URL_PORTAL"] = portal_url
os.environ["MIGRATION_TYPE"] = migration_type
subprocess.run(["docker", "compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join(
dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"])
subprocess.run(["docker-compose", "-f", os.path.join(dockerDir, "docspace.profiles.yml"), "-f", os.path.join(dockerDir, "docspace.overcome.yml"), "--profile", "migration-runner", "--profile", "backend-local", "up", "-d"])
print()
print("Run script directory:", dir)

22
config/appsettings.json
View File

@ -110,8 +110,7 @@
"path": "/api/upload",
"ext": ".pdf",
"dashboard": "/dashboard/api"
},
"signature": "ONLYOFFICEFORM"
}
}
},
"web": {
@ -128,10 +127,7 @@
"url": "/socket.io",
"internal": "http://localhost:9899/"
},
"cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Cyrl-RS,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR",
"logo": {
"custom-cultures": ["zh-CN"]
},
"cultures": "az,cs,de,en-GB,en-US,es,fr,it,lv,nl,pl,pt-BR,pt,ro,sk,sl,fi,vi,tr,el-GR,bg,ru,sr-Latn-RS,uk-UA,hy-AM,ar-SA,si,lo-LA,zh-CN,ja-JP,ko-KR",
"controlpanel": {
"url": ""
},
@ -160,10 +156,6 @@
"recaptcha": {
"public-key": "",
"private-key": ""
},
"hcaptcha" : {
"public-key": "",
"private-key": ""
}
},
"ConnectionStrings": {
@ -257,12 +249,6 @@
"oform": {
"img": ["static-oforms.teamlab.info"],
"connect": ["cmsoforms.teamlab.info", "oforms.teamlab.info"]
},
"captcha": {
"script": ["*.google.com", "*.gstatic.com", "hcaptcha.com", "*.hcaptcha.com"],
"style": ["hcaptcha.com", "*.hcaptcha.com"],
"frame": ["*.google.com", "hcaptcha.com", "*.hcaptcha.com"],
"connect": ["hcaptcha.com", "*.hcaptcha.com"]
}
},
"logocolors": [
@ -330,9 +316,5 @@
"asc.files": "/openapi/asc.files/common.yaml",
"asc.data.backup": "/openapi/asc.data.backup/common.yaml"
}
},
"urlShortener":{
"length": 15,
"alphabet": "5XzpDt6wZRdsTrJkSY_cgPyxN4j-fnb9WKBF8vh3GH72QqmLVCM"
}
}

10
config/nginx/onlyoffice.conf
View File

@ -104,6 +104,16 @@ server {
local accept_header = ngx.req.get_headers()["Accept"]
if ngx.req.get_method() == "GET" and accept_header ~= nil and string.find(accept_header, "html") and not ngx.re.match(ngx.var.request_uri, "ds-vpath|/api/") then
if not ngx.re.match(ngx.var.request_uri, "login|thirdparty|confirm|error|wizard|preparation-portal|unavailable|share=.|rooms/share(.*)key=.|/s/*") then
if ngx.var.http_cookie == nil or not string.find(ngx.var.http_cookie, "asc_auth_key") then
if ngx.var.request_uri == "/" then
return ngx.redirect("/login")
else
return ngx.redirect("/login?referenceUrl=" .. ngx.var.request_uri)
end
end
end
local key = string.format("csp:%s",ngx.var.host)
local redis = require "resty.redis"
local red = redis:new()

14
install/OneClickInstall/docspace-install.sh
View File

@ -156,27 +156,27 @@ fi
if [ "$DOCKER" == "true" ]; then
if [ "$LOCAL_SCRIPTS" == "true" ]; then
bash install-Docker.sh ${PARAMETERS} || EXIT_CODE=$?
bash install-Docker.sh ${PARAMETERS}
else
curl -s -O ${DOWNLOAD_URL_PREFIX}/install-Docker.sh
bash install-Docker.sh ${PARAMETERS} || EXIT_CODE=$?
bash install-Docker.sh ${PARAMETERS}
rm install-Docker.sh
fi
else
if [ -f /etc/redhat-release ] ; then
if [ "$LOCAL_SCRIPTS" == "true" ]; then
bash install-RedHat.sh ${PARAMETERS} || EXIT_CODE=$?
bash install-RedHat.sh ${PARAMETERS}
else
curl -s -O ${DOWNLOAD_URL_PREFIX}/install-RedHat.sh
bash install-RedHat.sh ${PARAMETERS} || EXIT_CODE=$?
bash install-RedHat.sh ${PARAMETERS}
rm install-RedHat.sh
fi
elif [ -f /etc/debian_version ] ; then
if [ "$LOCAL_SCRIPTS" == "true" ]; then
bash install-Debian.sh ${PARAMETERS} || EXIT_CODE=$?
bash install-Debian.sh ${PARAMETERS}
else
curl -s -O ${DOWNLOAD_URL_PREFIX}/install-Debian.sh
bash install-Debian.sh ${PARAMETERS} || EXIT_CODE=$?
bash install-Debian.sh ${PARAMETERS}
rm install-Debian.sh
fi
else
@ -184,5 +184,3 @@ else
exit 1;
fi
fi
exit ${EXIT_CODE:-0}

8
install/OneClickInstall/install-Debian/install-preq.sh
View File

@ -10,8 +10,6 @@ cat<<EOF
EOF
hold_package_version
if [ "$DIST" = "debian" ] && [ $(apt-cache search ttf-mscorefonts-installer | wc -l) -eq 0 ]; then
echo "deb http://ftp.uk.debian.org/debian/ $DISTRIB_CODENAME main contrib" >> /etc/apt/sources.list
echo "deb-src http://ftp.uk.debian.org/debian/ $DISTRIB_CODENAME main contrib" >> /etc/apt/sources.list
@ -35,13 +33,13 @@ locale-gen en_US.UTF-8
# add opensearch repo
curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" > /etc/apt/sources.list.d/opensearch-2.x.list
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" >> /etc/apt/sources.list.d/opensearch-2.x.list
ELASTIC_VERSION="2.11.1"
#add opensearch dashboards repo
if [ ${INSTALL_FLUENT_BIT} == "true" ]; then
curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-keyring
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" > /etc/apt/sources.list.d/opensearch-dashboards-2.x.list
echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.x/apt stable main" >> /etc/apt/sources.list.d/opensearch-dashboards-2.x.list
DASHBOARDS_VERSION="2.11.1"
fi
@ -146,3 +144,5 @@ if which apparmor_parser && [ ! -f /etc/apparmor.d/disable/usr.sbin.mysqld ] &&
ln -sf /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/;
apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld;
fi
hold_package_version "dotnet-*" "aspnetcore-*" opensearch redis-server rabbitmq-server opensearch-dashboards fluent-bit

24
install/OneClickInstall/install-Debian/tools.sh
View File

@ -26,23 +26,13 @@ command_exists () {
# Function to prevent package auto-update
hold_package_version() {
packages=("dotnet-*" "aspnetcore-*" opensearch redis-server rabbitmq-server opensearch-dashboards fluent-bit)
for package in "${packages[@]}"; do
command -v apt-mark >/dev/null 2>&1 && apt-mark showhold | grep -q "^$package" && apt-mark unhold "$package"
done
UNATTENDED_UPGRADES_FILE="/etc/apt/apt.conf.d/50unattended-upgrades"
if [ -f ${UNATTENDED_UPGRADES_FILE} ] && grep -q "Package-Blacklist" ${UNATTENDED_UPGRADES_FILE}; then
for package in "${packages[@]}"; do
if ! grep -q "$package" ${UNATTENDED_UPGRADES_FILE}; then
sed -i "/Package-Blacklist/a \\\t\"$package\";" ${UNATTENDED_UPGRADES_FILE}
fi
done
if systemctl list-units --type=service --state=running | grep -q "unattended-upgrades"; then
systemctl restart unattended-upgrades
fi
fi
for package in "$@"; do
if command -v apt-mark >/dev/null 2>&1 &&
dpkg-query -l "$package" >/dev/null 2>&1
then
apt-mark hold "$package"
fi
done
}
check_hardware () {

9
install/OneClickInstall/install-RedHat/install-preq.sh
View File

@ -37,9 +37,12 @@ fi
rpm -ivh https://rpms.remirepo.net/$REMI_DISTR_NAME/remi-release-$REV.rpm || true
yum localinstall -y --nogpgcheck https://download1.rpmfusion.org/free/$RPMFUSION_DISTR_NAME/rpmfusion-free-release-$REV.noarch.rpm
[ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1 && ${package_manager} -y install xorg-x11-font-utils
[ "$DIST" = "centos" ] && TESTING_REPO="--enablerepo=$( [ "$REV" = "9" ] && echo "crb" || echo "powertools" )"
[ "$DIST" = "redhat" ] && /usr/bin/crb enable
[ "$REV" = "9" ] && update-crypto-policies --set DEFAULT:SHA1
if [ "$DIST" == "centos" ]; then
[ "$REV" = "9" ] && TESTING_REPO="--enablerepo=crb" || POWERTOOLS_REPO="--enablerepo=powertools"
elif [ "$DIST" == "redhat" ]; then
/usr/bin/crb enable
fi
#add rabbitmq & erlang repo
curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | bash

2
install/common/product-configuration
View File

@ -26,7 +26,7 @@ APP_PORT="80"
ELK_SHEME="http"
ELK_HOST="localhost"
ELK_PORT="9200"
OPENSEARCH_INDEX="${PACKAGE_SYSNAME}-fluent-bit"
OPENSEARCH_INDEX="${PACKAGE_SYSNAME}-${PRODUCT}-logs"
RABBITMQ_HOST="localhost"
RABBITMQ_USER="guest"

16
install/common/product-ssl-setup
View File

@ -8,8 +8,7 @@ LETSENCRYPT="/etc/letsencrypt/live";
OPENRESTY="/etc/openresty/conf.d"
DHPARAM_FILE="/etc/ssl/certs/dhparam.pem"
WEBROOT_PATH="/var/www/${PRODUCT}"
CONFIG_DIR="/etc/onlyoffice/${PRODUCT}"
SYSTEMD_DIR=$(dirname $($(command -v dpkg-query &> /dev/null && echo "dpkg-query -L" || echo "rpm -ql") ${PRODUCT}-api | grep systemd/system/))
SYSTEMD_DIR="/usr/lib/systemd/system"
# Check if configuration files are present
if [ ! -f "${OPENRESTY}/onlyoffice-proxy-ssl.conf.template" -a ! -f "${OPENRESTY}/onlyoffice-proxy.conf.template" ]; then
@ -48,8 +47,6 @@ case $1 in
DOMAIN=$2
CERTIFICATE_FILE=$3
PRIVATEKEY_FILE=$4
[[ $DOMAIN =~ ^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$ ]] || { echo "Error: domain name '$DOMAIN' is incorrect." >&2; exit 1; }
else
help
fi
@ -62,7 +59,7 @@ case $1 in
sed "s!\(worker_connections\).*;!\1 $(ulimit -n);!" -i "${OPENRESTY}/onlyoffice-proxy.conf"
[[ -f "${DIR}/${PRODUCT}-renew-letsencrypt" ]] && rm -rf "${DIR}/${PRODUCT}-renew-letsencrypt"
[ $(pgrep -x ""systemd"" | wc -l) -gt 0 ] && systemctl reload openresty || service openresty reload
sed -i "s/\(\"portal\":\).*/\1 \"http:\/\/localhost:80\"/" ${CONFIG_DIR}/appsettings.$(grep -oP 'ENVIRONMENT=\K.*' ${SYSTEMD_DIR}/${PRODUCT}-api.service).json
SYSTEMD_NODE_FILES=$(grep -l "NODE_EXTRA_CA_CERTS" ${SYSTEMD_DIR}/${PRODUCT}-*.service ${SYSTEMD_DIR}/ds-*.service || true)
if [ -n "$SYSTEMD_NODE_FILES" ]; then
sed -i '/NODE_EXTRA_CA_CERTS/d' ${SYSTEMD_NODE_FILES}
@ -94,8 +91,8 @@ case $1 in
echo "Generating Let's Encrypt SSL Certificates..."
# Request and generate Let's Encrypt SSL certificate
echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log
certbot certonly --expand --webroot -w ${WEBROOT_PATH} --key-type rsa --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log
echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-start.log
certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAINS[@]} > /var/log/le-new.log
else
help
fi
@ -109,7 +106,10 @@ PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}"
if [ -f "${CERTIFICATE_FILE}" ]; then
if [ -f "${PRIVATEKEY_FILE}" ]; then
cp -f ${OPENRESTY}/onlyoffice-proxy-ssl.conf.template ${OPENRESTY}/onlyoffice-proxy.conf
sed -i "s/\(\"portal\":\).*/\1 \"https:\/\/${DOMAIN}\"/" ${CONFIG_DIR}/appsettings.$(grep -oP 'ENVIRONMENT=\K.*' ${SYSTEMD_DIR}/${PRODUCT}-api.service).json
PACKAGE_FILE_CHECKER=$(command -v dpkg-query &> /dev/null && echo "dpkg-query -L" || echo "rpm -ql")
ENVIRONMENT=$(grep -oP 'ENVIRONMENT=\K.*' $(dirname $(${PACKAGE_FILE_CHECKER} ${PRODUCT}-api | grep systemd/system/))/${PRODUCT}-api.service)
sed -i "s/\(\"portal\":\).*/\1 \"https:\/\/${DOMAIN}\"/" /etc/onlyoffice/docspace/appsettings.$ENVIRONMENT.json
sed -i "s~\(ssl_certificate \).*;~\1${CERTIFICATE_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
sed -i "s~\(ssl_certificate_key \).*;~\1${PRIVATEKEY_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf
sed -i "s~\(ssl_dhparam \).*;~\1${DHPARAM_FILE};~g" ${OPENRESTY}/onlyoffice-proxy.conf

2
install/deb/debian/rules
View File

@ -88,7 +88,7 @@ override_dh_auto_build: check_archives
sed -i '/^\[OUTPUT\]/i\[INPUT]' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\ Name exec' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\ Interval_Sec 86400' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\''' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\'' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\\' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
for i in ${PRODUCT} $$(ls ${CURDIR}/debian/*.install | grep -oP 'debian/\K.*' | grep -o '^[^.]*'); do \

15
install/docker/Dockerfile.app
View File

@ -16,6 +16,11 @@ ARG DEPLOY_ARGS="deploy"
ARG DEBUG_INFO="true"
ARG PUBLISH_CNF="Release"
ARG BUILDTOOLS_COMMIT=""
ARG SERVER_COMMIT=""
ARG CLIENT_COMMIT=""
ARG CAMPAIGNS_COMMIT=""
LABEL onlyoffice.appserver.release-date="${RELEASE_DATE}" \
maintainer="Ascensio System SIA <support@onlyoffice.com>"
@ -41,9 +46,13 @@ RUN apt-get -y update && \
ADD https://api.github.com/repos/ONLYOFFICE/DocSpace-buildtools/git/refs/heads/${GIT_BRANCH} version.json
RUN git clone -b ${GIT_BRANCH} https://github.com/ONLYOFFICE/DocSpace-buildtools.git ${SRC_PATH}/buildtools && \
if [ -n "${BUILDTOOLS_COMMIT}" ]; then git -C ${SRC_PATH}/buildtools checkout ${BUILDTOOLS_COMMIT}; fi && \
git clone --recurse-submodules -b ${GIT_BRANCH} https://github.com/ONLYOFFICE/DocSpace-Server.git ${SRC_PATH}/server && \
if [ -n "${SERVER_COMMIT}" ]; then git -C ${SRC_PATH}/server checkout ${SERVER_COMMIT}; fi && \
git clone -b ${GIT_BRANCH} https://github.com/ONLYOFFICE/DocSpace-Client.git ${SRC_PATH}/client && \
git clone -b "master" --depth 1 https://github.com/ONLYOFFICE/ASC.Web.Campaigns.git ${SRC_PATH}/campaigns
if [ -n "${CLIENT_COMMIT}" ]; then git -C ${SRC_PATH}/client checkout ${CLIENT_COMMIT}; fi && \
git clone -b "master" --depth 1 https://github.com/ONLYOFFICE/ASC.Web.Campaigns.git ${SRC_PATH}/campaigns && \
if [ -n "${CAMPAIGNS_COMMIT}" ]; then git -C ${SRC_PATH}/campaigns checkout ${CAMPAIGNS_COMMIT}; fi
RUN cd ${SRC_PATH} && \
mkdir -p /app/onlyoffice/config/ && \
@ -253,8 +262,8 @@ ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64
WORKDIR ${BUILD_PATH}/products/ASC.Files/service/
RUN echo "deb http://security.ubuntu.com/ubuntu focal-security main" | tee /etc/apt/sources.list && \
apt-key adv --keyserver keys.gnupg.net --recv-keys 3B4FE6ACC0B21F32 && \
apt-key adv --keyserver keys.gnupg.net --recv-keys 871920D1991BC93C && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 && \
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 871920D1991BC93C && \
apt-get -y update && \
apt-get install -yq libssl1.1 && \
rm -rf /var/lib/apt/lists/*

2
install/docker/config/docspace-ssl-setup
View File

@ -109,7 +109,7 @@ case $1 in
-v /var/log:/var/log \
-v onlyoffice_webroot_path:${WEBROOT_PATH} \
certbot/certbot certonly \
--expand --webroot -w ${WEBROOT_PATH} --key-type rsa \
--expand --webroot -w ${WEBROOT_PATH} \
--cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAINS[@]}
else
help

2
install/docker/config/nginx/onlyoffice-proxy-ssl.conf
View File

@ -57,7 +57,7 @@ server {
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_protocols TLSv1.3;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;

2
install/install.bat
View File

@ -1,7 +1,5 @@
@echo off
chcp 65001 > nul
PUSHD %~dp0..
call runasadmin.bat "%~dpnx0"

2
install/rpm/SPECS/build.spec
View File

@ -34,7 +34,7 @@ sed -i "s#\(/var/log/onlyoffice/\)#\1%{product}#" install/docker/config/fluent-b
sed -i '/^\[OUTPUT\]/i\[INPUT]' install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\ Name exec' install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\ Interval_Sec 86400' install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\''' install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H '\''Content-Type: application/json'\'' -d '\''{"query": {"range": {"@timestamp": {"lt": "now-30d"}}}}'\'' ${BUILDTOOLS_PATH}/install/docker/config/fluent-bit.conf
sed -i '/^\[OUTPUT\]/i\\' install/docker/config/fluent-bit.conf
find %{_builddir}/server/publish/ \

2
install/rpm/SPECS/install.spec
View File

@ -25,7 +25,6 @@ mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/server/DocStore/"
mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/editor/"
# Hidden folders are not copied when applying a mask * (only in RPM), so we explicitly copy .next directory in this way
mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/editor/.next/"
mkdir -p "%{buildroot}%{buildpath}/products/ASC.Login/login/.next/"
mkdir -p "%{buildroot}%{buildpath}/products/ASC.Files/client/"
mkdir -p "%{buildroot}%{buildpath}/client/"
mkdir -p "%{buildroot}%{buildpath}/management/"
@ -41,7 +40,6 @@ mkdir -p "%{buildroot}%{_bindir}/"
cp -rf %{_builddir}/publish/web/public/* "%{buildroot}%{buildpath}/public/"
cp -rf %{_builddir}/campaigns/src/campaigns/* "%{buildroot}%{buildpath}/public/campaigns"
cp -rf %{_builddir}/publish/web/login/* "%{buildroot}%{buildpath}/products/ASC.Login/login/"
cp -rf %{_builddir}/publish/web/login/.next/* "%{buildroot}%{buildpath}/products/ASC.Login/login/.next/"
cp -rf %{_builddir}/publish/web/editor/* "%{buildroot}%{buildpath}/products/ASC.Files/editor/"
cp -rf %{_builddir}/publish/web/editor/.next/* "%{buildroot}%{buildpath}/products/ASC.Files/editor/.next/"
cp -rf %{_builddir}/server/products/ASC.Files/Server/DocStore/* "%{buildroot}%{buildpath}/products/ASC.Files/server/DocStore/"

5
install/win/DocSpace.aip
View File

@ -56,7 +56,7 @@
<ROW Property="MySQLConnector" Value="MySQL Connector/ODBC 8.0.21 x86"/>
<ROW Property="NEED_REINDEX_OPENSEARCH" Value="FALSE" ValueLocId="-"/>
<ROW Property="OPENSEARCH_HOST" Value="localhost" ValueLocId="-"/>
<ROW Property="OPENSEARCH_INDEX" Value="onlyoffice-fluent-bit" ValueLocId="-"/>
<ROW Property="OPENSEARCH_INDEX" Value="fluentbit" ValueLocId="-"/>
<ROW Property="OPENSEARCH_MSG" Value="Unable to connect to remote OpenSearch server at "/>
<ROW Property="OPENSEARCH_PORT" Value="9200" ValueLocId="-"/>
<ROW Property="OPENSEARCH_SCHEME" Value="http" ValueLocId="-"/>
@ -366,7 +366,6 @@
</COMPONENT>
<COMPONENT cid="caphyon.advinst.msicomp.JsonPropertyComponent">
<ROW JsonProperty="ConnectionString" Parent="__1" Name="ConnectionString" Condition="1" Order="0" Flags="57" Value="Server=[DB_HOST];Database=[DB_NAME];User ID=[DB_USER];Password=[DB_PWD]"/>
<ROW JsonProperty="ConnectionString_1" Parent="__2" Name="ConnectionString" Condition="1" Order="0" Flags="57" Value="Server=[DB_HOST];Database=[DB_NAME];User ID=[DB_USER];Password=[DB_PWD]"/>
<ROW JsonProperty="ConnectionStrings" Parent="Root_12" Name="ConnectionStrings" Condition="1" Order="1" Flags="60"/>
<ROW JsonProperty="ConnectionStrings_1" Parent="Root_1" Name="ConnectionStrings" Condition="1" Order="0" Flags="60"/>
<ROW JsonProperty="Host" Parent="elastic" Name="Host" Condition="1" Order="0" Flags="57" Value="[OPENSEARCH_HOST]"/>
@ -394,12 +393,10 @@
<ROW JsonProperty="Root_7" Name="Root" Condition="1" Order="0" Flags="60"/>
<ROW JsonProperty="Root_9" Name="Root" Condition="1" Order="0" Flags="60"/>
<ROW JsonProperty="Scheme" Parent="elastic" Name="Scheme" Condition="1" Order="1" Flags="57" Value="[OPENSEARCH_SCHEME]"/>
<ROW JsonProperty="TeamlabsiteProviders" Parent="options" Name="TeamlabsiteProviders" Condition="1" Order="1" Flags="61"/>
<ROW JsonProperty="UserName" Parent="RabbitMQ" Name="UserName" Condition="1" Order="1" Flags="57" Value="[AMQP_USER]"/>
<ROW JsonProperty="VirtualHost" Parent="RabbitMQ" Name="VirtualHost" Condition="1" Order="4" Flags="57" Value="[AMQP_VHOST]"/>
<ROW JsonProperty="_" Parent="Hosts" Name="0" Condition="1" Order="0" Flags="60"/>
<ROW JsonProperty="__1" Parent="Providers" Name="0" Condition="1" Order="0" Flags="60"/>
<ROW JsonProperty="__2" Parent="TeamlabsiteProviders" Name="0" Condition="1" Order="0" Flags="60"/>
<ROW JsonProperty="app" Parent="Root_6" Name="app" Condition="1" Order="0" Flags="60"/>
<ROW JsonProperty="app_1" Parent="Root_7" Name="app" Condition="1" Order="0" Flags="60"/>
<ROW JsonProperty="app_3" Parent="Root_9" Name="app" Condition="1" Order="0" Flags="60"/>

6
install/win/build-batch.bat
View File

@ -61,18 +61,16 @@ REM echo ######## SSL configs ########
%sed% -i "s/ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/#ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
%sed% -i "/quic\|alt-svc/Id" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
%sed% -i "s_\(.*root\).*;_\1 \"{APPDIR}letsencrypt\";_g" -i buildtools\install\win\Files\nginx\conf\includes\letsencrypt.conf
%sed% -i "s#/var/log/nginx/#logs/#g" buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf buildtools\install\win\Files\nginx\conf\onlyoffice-proxy.conf.tmpl buildtools\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
%sed% -i "s#/etc/nginx/html#conf/html#g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf
%sed% -i "s/\/etc\/nginx\/\.htpasswd_dashboards/\.htpasswd_dashboards/g" buildtools\install\win\Files\nginx\conf\onlyoffice.conf
REM echo ######## Configure fluent-bit config for windows ########
%sed% -i -e "s|/var/log/onlyoffice/|{APPDIR}Logs\\|g" -e "s|\*\*/|\*\*\\|g" -e "s#DocSpace\Logs\**\#DocumentServer\Log\#g" buildtools\install\win\Files\config\fluent-bit.conf
%sed% -i -e "s|/var/log/onlyoffice/|{APPDIR}Logs\\|g" -e "s|\*\*/|\*\*\\|g" buildtools\install\win\Files\config\fluent-bit.conf
%sed% -i "/^\[OUTPUT\]/i\[INPUT]" buildtools\install\win\Files\config\fluent-bit.conf
%sed% -i "/^\[OUTPUT\]/i\ Name exec" buildtools\install\win\Files\config\fluent-bit.conf
%sed% -i "/^\[OUTPUT\]/i\ Interval_Sec 86400" buildtools\install\win\Files\config\fluent-bit.conf
%sed% -i "/^\[OUTPUT\]/i\ Command curl -s -X POST OPENSEARCH_SCHEME://OPENSEARCH_HOST:OPENSEARCH_PORT/OPENSEARCH_INDEX/_delete_by_query -H 'Content-Type: application/json' -d '{\"query\": {\"range\": {\"@timestamp\": {\"lt\": \"now-30d\"}}}}'" buildtools\install\win\Files\config\fluent-bit.conf
%sed% -i -e "s/\"/\\\\\"/g" -e "s/'/\"/g" buildtools\install\win\Files\config\fluent-bit.conf
%sed% -i "/\[OUTPUT\]/i\\n" buildtools\install\win\Files\config\fluent-bit.conf
%sed% -i "/^\[OUTPUT\]/i\ " buildtools\install\win\Files\config\fluent-bit.conf
REM echo ######## Delete test and dev configs ########
del /f /q buildtools\install\win\Files\config\*.test.json

19
install/win/sbin/docspace-ssl-setup.ps1
View File

@ -28,7 +28,6 @@ if ( -not $certbot_path )
exit
}
$product = "docspace"
$letsencrypt_root_dir = "$env:SystemDrive\Certbot\live"
$app = Resolve-Path -Path ".\..\"
$root_dir = "${app}\letsencrypt"
@ -47,17 +46,17 @@ if ( $args.Count -ge 2 )
}
else {
$letsencrypt_mail = $args[0] -JOIN ","
$letsencrypt_domain = $args[1] -JOIN ","
$letsencrypt_mail = $args[0]
$letsencrypt_domain = $args[1]
[void](New-Item -ItemType "directory" -Path "${root_dir}\Logs" -Force)
"certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log"
cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --key-type rsa --cert-name ${product} --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log"
"certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-start.log"
cmd.exe /c "certbot certonly --expand --webroot -w `"${root_dir}`" --noninteractive --agree-tos --email ${letsencrypt_mail} -d ${letsencrypt_domain}" > "${app}\letsencrypt\Logs\le-new.log"
pushd "${letsencrypt_root_dir}\${product}"
$ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\fullchain.pem").Target).ToString().Replace('\', '/')
$ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${product}\privkey.pem").Target).ToString().Replace('\', '/')
pushd "${letsencrypt_root_dir}\${letsencrypt_domain}"
$ssl_cert = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\fullchain.pem").Target).ToString().Replace('\', '/')
$ssl_key = (Resolve-Path -Path (Get-Item "${letsencrypt_root_dir}\${letsencrypt_domain}\privkey.pem").Target).ToString().Replace('\', '/')
popd
}
@ -69,7 +68,7 @@ if ( $args.Count -ge 2 )
if ($letsencrypt_domain)
{
$acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${product}"
$acl = Get-Acl -Path "$env:SystemDrive\Certbot\archive\${letsencrypt_domain}"
$acl.SetSecurityDescriptorSddlForm('O:LAG:S-1-5-21-4011186057-2202358572-2315966083-513D:PAI(A;;0x1200a9;;;WD)(A;;FA;;;SY)(A;OI;0x1200a9;;;LS)(A;;FA;;;BA)(A;;FA;;;LA)')
Set-Acl -Path $acl.path -ACLObject $acl
}
@ -108,8 +107,6 @@ else
Write-Output " comma to register multiple emails, ex: "
Write-Output " u1@example.com,u2@example.com. "
Write-Output " DOMAIN Domain name to apply "
Write-Output " Use comma to register multiple domains, ex: "
Write-Output " example.com,s1.example.com,s2.example.com. "
Write-Output " "
Write-Output " Using your own certificates via the -f parameter: "
Write-Output " usage: "

9
run.translations.tests.bat
View File

@ -1,5 +1,4 @@
PUSHD %~dp0\..
set dir=%cd%
echo %dir%
dotnet test %dir%\client\common\Tests\Frontend.Translations.Tests\Frontend.Translations.Tests.csproj --filter "TestCategory=Locales" -l:html --environment "BASE_DIR=%dir%\client" --results-directory "%dir%\TestsResults"
pause
PUSHD %~dp0\..
set dir="%cd%"
echo %dir%
dotnet test %dir%\client\common\Tests\Frontend.Translations.Tests\Frontend.Translations.Tests.csproj --filter "TestCategory=Locales" -l:html --environment "BASE_DIR=%dir%" --results-directory "%dir%\TestsResults"

3
run/Login.xml
View File

@ -3,8 +3,7 @@
<name>ONLYOFFICE Login SSR</name>
<startmode>manual</startmode>
<executable>node</executable>
<arguments>server.js</arguments>
<workingdirectory>%BASE%\..\..\client\packages\login</workingdirectory>
<arguments>../../publish/web/login/server.js</arguments>
<log mode="none"/>
<delayedAutoStart>true</delayedAutoStart>
<onfailure action="none" />

1
tests/vagrant/Vagrantfile vendored
View File

@ -15,7 +15,6 @@ Vagrant.configure("2") do |config|
config.vm.provision "file", source: "../../../DocSpace-buildtools/install/OneClickInstall/.", destination: "/tmp/docspace/"
end
config.vm.provision "file", source: "../../../DocSpace-buildtools/install/common/systemd/build.sh", destination: "/tmp/docspace/build.sh"
config.vm.provision "shell", path: './install.sh', :args => "#{ENV['DOWNLOAD_SCRIPT']} #{ENV['TEST_REPO']} #{ENV['ARGUMENTS']}"
# Prevent SharedFoldersEnableSymlinksCreate errors

243
tests/vagrant/install.sh
View File

@ -1,45 +1,91 @@
#!/bin/bash
set -e
set -ex
while [ "$1" != "" ]; do
case $1 in
-ds | --download-scripts )
if [ "$2" != "" ]; then
DOWNLOAD_SCRIPTS=$2
shift
fi
;;
case $1 in
-arg | --arguments )
if [ "$2" != "" ]; then
ARGUMENTS=$2
shift
fi
;;
-ds | --download-scripts )
if [ "$2" != "" ]; then
DOWNLOAD_SCRIPTS=$2
shift
fi
;;
-li | --local-install )
if [ "$2" != "" ]; then
LOCAL_INSTALL=$2
shift
fi
;;
-arg | --arguments )
if [ "$2" != "" ]; then
ARGUMENTS=$2
shift
fi
;;
-tr | --test-repo )
if [ "$2" != "" ]; then
TEST_REPO_ENABLE=$2
shift
fi
;;
esac
shift
-pi | --production-install )
if [ "$2" != "" ]; then
PRODUCTION_INSTALL=$2
shift
fi
;;
-li | --local-install )
if [ "$2" != "" ]; then
LOCAL_INSTALL=$2
shift
fi
;;
-lu | --local-update )
if [ "$2" != "" ]; then
LOCAL_UPDATE=$2
shift
fi
;;
-tr | --test-repo )
if [ "$2" != "" ]; then
TEST_REPO_ENABLE=$2
shift
fi
;;
esac
shift
done
export TERM=xterm-256color^M
SERVICES_SYSTEMD=(
"docspace-api.service"
"docspace-doceditor.service"
"docspace-studio-notify.service"
"docspace-files.service"
"docspace-notify.service"
"docspace-studio.service"
"docspace-backup-background.service"
"docspace-files-services.service"
"docspace-people-server.service"
"docspace-backup.service"
"docspace-healthchecks.service"
"docspace-socket.service"
"docspace-clear-events.service"
"docspace-login.service"
"docspace-ssoauth.service"
"ds-converter.service"
"ds-docservice.service"
"ds-metrics.service")
function common::get_colors() {
export LINE_SEPARATOR="-----------------------------------------"
export COLOR_BLUE=$'\e[34m' COLOR_GREEN=$'\e[32m' COLOR_RED=$'\e[31m' COLOR_RESET=$'\e[0m' COLOR_YELLOW=$'\e[33m'
COLOR_BLUE=$'\e[34m'
COLOR_GREEN=$'\e[32m'
COLOR_RED=$'\e[31m'
COLOR_RESET=$'\e[0m'
COLOR_YELLOW=$'\e[33m'
export COLOR_BLUE
export COLOR_GREEN
export COLOR_RED
export COLOR_RESET
export COLOR_YELLOW
}
#############################################################################################
@ -52,10 +98,13 @@ function common::get_colors() {
# None
#############################################################################################
function check_hw() {
echo "${COLOR_RED} $(free -h) ${COLOR_RESET}"
echo "${COLOR_RED} $(nproc) ${COLOR_RESET}"
local FREE_RAM=$(free -h)
local FREE_CPU=$(nproc)
echo "${COLOR_RED} ${FREE_RAM} ${COLOR_RESET}"
echo "${COLOR_RED} ${FREE_CPU} ${COLOR_RESET}"
}
#############################################################################################
# Add nexus repositories for test packages for .deb and .rpm packages
# Globals: None
@ -100,8 +149,12 @@ function prepare_vm() {
;;
debian)
[ "$VERSION_CODENAME" == "bookworm" ] && apt-get update -y && apt install -y curl gnupg
apt-get remove postfix -y && echo "${COLOR_GREEN}☑ PREPAVE_VM: Postfix was removed${COLOR_RESET}"
if [ "$VERSION_CODENAME" == "bookworm" ]; then
apt-get update -y
apt install -y curl gnupg
fi
apt-get remove postfix -y
echo "${COLOR_GREEN}☑ PREPAVE_VM: Postfix was removed${COLOR_RESET}"
[[ "${TEST_REPO_ENABLE}" == 'true' ]] && add-repo-deb
;;
@ -110,7 +163,10 @@ function prepare_vm() {
;;
centos)
[ "$VERSION_ID" == "8" ] && sed -i 's|^mirrorlist=|#&|; s|^#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|' /etc/yum.repos.d/CentOS-*
if [ "$VERSION_ID" == "9" ]; then
update-crypto-policies --set LEGACY
echo "${COLOR_GREEN}☑ PREPAVE_VM: sha1 gpg key chek enabled${COLOR_RESET}"
fi
[[ "${TEST_REPO_ENABLE}" == 'true' ]] && add-repo-rpm
yum -y install centos*-release
;;
@ -119,16 +175,21 @@ function prepare_vm() {
echo "${COLOR_RED}Failed to determine Linux dist${COLOR_RESET}"; exit 1
;;
esac
else
echo "${COLOR_RED}File /etc/os-release doesn't exist${COLOR_RESET}"; exit 1
fi
# Clean up home folder
rm -rf /home/vagrant/*
[ -d /tmp/docspace ] && mv /tmp/docspace/* /home/vagrant
if [ -d /tmp/docspace ]; then
mv /tmp/docspace/* /home/vagrant
fi
echo '127.0.0.1 host4test' | sudo tee -a /etc/hosts
echo "${COLOR_GREEN}☑ PREPAVE_VM: Hostname was setting up${COLOR_RESET}"
}
#############################################################################################
@ -141,23 +202,34 @@ function prepare_vm() {
# Script log
#############################################################################################
function install_docspace() {
[[ "${DOWNLOAD_SCRIPTS}" == 'true' ]] && wget https://download.onlyoffice.com/docspace/docspace-install.sh || sed 's/set -e/set -xe/' -i *.sh
bash docspace-install.sh package ${ARGUMENTS} || { echo "Exit code non-zero. Exit with 1."; exit 1; }
echo "Exit code 0. Continue..."
if [ "${DOWNLOAD_SCRIPTS}" == 'true' ]; then
wget https://download.onlyoffice.com/docspace/docspace-install.sh
else
sed 's/set -e/set -xe/' -i *.sh
fi
printf "N\nY\nY" | bash docspace-install.sh ${ARGUMENTS}
if [[ $? != 0 ]]; then
echo "Exit code non-zero. Exit with 1."
exit 1
else
echo "Exit code 0. Continue..."
fi
}
#############################################################################################
# Healthcheck function for systemd services
# Globals:
# None
# SERVICES_SYSTEMD
# Arguments:
# None
# Outputs:
# Message about service status
#############################################################################################
function healthcheck_systemd_services() {
for service in ${SERVICES_SYSTEMD[@]}; do
[[ "$service" == "docspace-migration-runner.service" ]] && continue;
for service in ${SERVICES_SYSTEMD[@]}
do
if systemctl is-active --quiet ${service}; then
echo "${COLOR_GREEN}☑ OK: Service ${service} is running${COLOR_RESET}"
else
@ -167,6 +239,7 @@ function healthcheck_systemd_services() {
done
}
#############################################################################################
# Set output if some services failed
# Globals:
@ -188,7 +261,7 @@ function healthcheck_general_status() {
#############################################################################################
# Get logs for all services
# Globals:
# None
# $SERVICES_SYSTEMD
# Arguments:
# None
# Outputs:
@ -199,27 +272,83 @@ function healthcheck_general_status() {
# This function succeeds even if the file for cat was not found. For that use ${SKIP_EXIT} variable
#############################################################################################
function services_logs() {
SERVICES_SYSTEMD=($(awk '/SERVICE_NAME=\(/{flag=1; next} /\)/{flag=0} flag' "build.sh" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//' | sed 's/^/docspace-/' | sed 's/$/.service/'))
SERVICES_SYSTEMD+=("ds-converter.service" "ds-docservice.service" "ds-metrics.service")
for service in ${SERVICES_SYSTEMD[@]}; do
echo $LINE_SEPARATOR && echo "${COLOR_GREEN}Check logs for systemd service: $service${COLOR_RESET}" && echo $LINE_SEPARATOR
journalctl -u $service -n 30 || true
echo -----------------------------------------
echo "${COLOR_GREEN}Check logs for systemd service: $service${COLOR_RESET}"
echo ---------------------- -------------------
EXIT_CODE=0
journalctl -u $service || true
done
local DOCSPACE_LOGS_DIR="/var/log/onlyoffice/docspace"
local DOCUMENTSERVER_LOGS_DIR="/var/log/onlyoffice/documentserver"
local MAIN_LOGS_DIR="/var/log/onlyoffice"
local DOCSPACE_LOGS_DIR="${MAIN_LOGS_DIR}/docspace"
local DOCUMENTSERVER_LOGS_DIR="${MAIN_LOGS_DIR}/documentserver"
local DOCSERVICE_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/docservice"
local CONVERTER_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/converter"
local METRICS_LOGS_DIR="${DOCUMENTSERVER_LOGS_DIR}/metrics"
ARRAY_MAIN_SERVICES_LOGS=($(ls ${MAIN_LOGS_DIR} | grep log | sed 's/web.sql.log//;s/web.api.log//;s/nginx.*//' ))
ARRAY_DOCSPACE_LOGS=($(ls ${DOCSPACE_LOGS_DIR}))
ARRAY_DOCSERVICE_LOGS=($(ls ${DOCSERVICE_LOGS_DIR}))
ARRAY_CONVERTER_LOGS=($(ls ${CONVERTER_LOGS_DIR}))
ARRAY_METRICS_LOGS=($(ls ${METRICS_LOGS_DIR}))
echo "-----------------------------------"
echo "${COLOR_YELLOW} Check logs for main services ${COLOR_RESET}"
echo "-----------------------------------"
for file in ${ARRAY_MAIN_SERVICES_LOGS[@]}; do
echo ---------------------------------------
echo "${COLOR_GREEN}logs from file: ${file}${COLOR_RESET}"
echo ---------------------------------------
cat ${MAIN_LOGS_DIR}/${file} || true
done
echo "-----------------------------------"
echo "${COLOR_YELLOW} Check logs for Docservice ${COLOR_RESET}"
echo "-----------------------------------"
for file in ${ARRAY_DOCSERVICE_LOGS[@]}; do
echo ---------------------------------------
echo "${COLOR_GREEN}logs from file: ${file}${COLOR_RESET}"
echo ---------------------------------------
cat ${DOCSERVICE_LOGS_DIR}/${file} || true
done
echo "-----------------------------------"
echo "${COLOR_YELLOW} Check logs for Converter ${COLOR_RESET}"
echo "-----------------------------------"
for file in ${ARRAY_CONVERTER_LOGS[@]}; do
echo ---------------------------------------
echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
echo ---------------------------------------
cat ${CONVERTER_LOGS_DIR}/${file} || true
done
echo "-----------------------------------"
echo "${COLOR_YELLOW} Start logs for Metrics ${COLOR_RESET}"
echo "-----------------------------------"
for file in ${ARRAY_METRICS_LOGS[@]}; do
echo ---------------------------------------
echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
echo ---------------------------------------
cat ${METRICS_LOGS_DIR}/${file} || true
done
for LOGS_DIR in "${DOCSPACE_LOGS_DIR}" "${DOCUMENTSERVER_LOGS_DIR}"; do
echo $LINE_SEPARATOR && echo "${COLOR_YELLOW}Check logs for $(basename "${LOGS_DIR}"| tr '[:lower:]' '[:upper:]') ${COLOR_RESET}" && echo $LINE_SEPARATOR
find "${LOGS_DIR}" -type f -name "*.log" ! -name "*sql*" ! -name "*nginx*" | while read -r FILE; do
echo $LINE_SEPARATOR && echo "${COLOR_GREEN}Logs from file: ${FILE}${COLOR_RESET}" && echo $LINE_SEPARATOR
tail -30 "${FILE}" || true
done
echo "-----------------------------------"
echo "${COLOR_YELLOW} Start logs for DocSpace ${COLOR_RESET}"
echo "-----------------------------------"
for file in ${ARRAY_DOCSPACE_LOGS[@]}; do
echo ---------------------------------------
echo "${COLOR_GREEN}logs from file ${file}${COLOR_RESET}"
echo ---------------------------------------
cat ${DOCSPACE_LOGS_DIR}/${file} || true
done
}
function healthcheck_docker_installation() {
exit 0
}
main() {
common::get_colors
prepare_vm