From ac496b82a2f51cb97099ca388595dbf2843ec31f Mon Sep 17 00:00:00 2001 From: Timofey Boyko Date: Fri, 22 Sep 2023 15:38:11 +0300 Subject: [PATCH] Add oauth service proxy --- build/build.backend.docker.ps1 | 3 + build/install/docker/.env | 4 +- build/install/docker/Dockerfile | 1 + build/install/docker/Dockerfile.app | 1 + build/install/docker/Dockerfile.runtime | 1 + .../nginx/templates/upstream.conf.template | 6 ++ build/install/docker/docspace.profiles.yml | 1 + build/install/docker/docspace.yml | 56 +++++++++---------- build/start/start.backend.docker.ps1 | 2 + config/nginx/onlyoffice.conf | 8 +++ 10 files changed, 54 insertions(+), 29 deletions(-) diff --git a/build/build.backend.docker.ps1 b/build/build.backend.docker.ps1 index b956267f68..d7a09fe53d 100644 --- a/build/build.backend.docker.ps1 +++ b/build/build.backend.docker.ps1 @@ -13,6 +13,7 @@ $LocalIp = (Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where $Doceditor = ($LocalIp + ":5013") $Login = ($LocalIp + ":5011") $Client = ($LocalIp + ":5001") +$Oauth = ($LocalIp + ":9090") $PortalUrl = ("http://" + $LocalIp) $ProxyVersion="v1.0.0" @@ -92,6 +93,7 @@ $Env:Baseimage_Proxy_Run="onlyoffice/4testing-docspace-proxy-runtime:$ProxyVersi $Env:SERVICE_DOCEDITOR=$Doceditor $Env:SERVICE_LOGIN=$Login $Env:SERVICE_CLIENT=$Client +$Env:SERVICE_OAUTH=$Oauth $Env:ROOT_DIR=$RootDir $Env:BUILD_PATH="/var/www" $Env:SRC_PATH="$RootDir\publish\services" @@ -105,6 +107,7 @@ Write-Host "LOCAL IP: $LocalIp" -ForegroundColor Blue Write-Host "SERVICE_DOCEDITOR: $Env:SERVICE_DOCEDITOR" -ForegroundColor Blue Write-Host "SERVICE_LOGIN: $Env:SERVICE_LOGIN" -ForegroundColor Blue Write-Host "SERVICE_CLIENT: $Env:SERVICE_CLIENT" -ForegroundColor Blue +Write-Host "SERVICE_OAUTH: $Env:SERVICE_OAUTH" -ForegroundColor Blue Write-Host "INSTALLATION_TYPE: $Env:INSTALLATION_TYPE" -ForegroundColor Blue Set-Location -Path $PSScriptRoot \ No newline at end of file diff --git a/build/install/docker/.env b/build/install/docker/.env index cb1d433c15..ae626f42ed 100644 --- a/build/install/docker/.env +++ b/build/install/docker/.env @@ -105,6 +105,7 @@ DOCEDITOR_HOST=${CONTAINER_PREFIX}doceditor LOGIN_HOST=${CONTAINER_PREFIX}login HELTHCHECKS_HOST=${CONTAINER_PREFIX}healthchecks + OAUTH_HOST=${CONTAINER_PREFIX}oauth # router upstream environment # SERVICE_API_SYSTEM=${API_SYSTEM_HOST}:${SERVICE_PORT} @@ -124,7 +125,8 @@ SERVICE_DOCEDITOR=${DOCEDITOR_HOST}:5013 SERVICE_LOGIN=${LOGIN_HOST}:5011 SERVICE_HELTHCHECKS=${HELTHCHECKS_HOST}:${SERVICE_PORT} - + SERVICE_OAUTH=${OAUTH_HOST}:9090 + NETWORK_NAME=${PRODUCT} COMPOSE_IGNORE_ORPHANS=True diff --git a/build/install/docker/Dockerfile b/build/install/docker/Dockerfile index 3bb935b739..b6d466d29e 100644 --- a/build/install/docker/Dockerfile +++ b/build/install/docker/Dockerfile @@ -176,6 +176,7 @@ RUN chown nginx:nginx /etc/nginx/* -R && \ sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \ + sed -i 's/127.0.0.1:9090/$service_oauth/' /etc/nginx/conf.d/onlyoffice.conf && \ if [[ -z "${SERVICE_CLIENT}" ]] ; then sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf; fi && \ sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/$public_root/\/var\/www\/public\//' /etc/nginx/conf.d/onlyoffice.conf && \ diff --git a/build/install/docker/Dockerfile.app b/build/install/docker/Dockerfile.app index da0fba648a..f207117f21 100644 --- a/build/install/docker/Dockerfile.app +++ b/build/install/docker/Dockerfile.app @@ -163,6 +163,7 @@ RUN sed -i 's/127.0.0.1:5010/$service_api_system/' /etc/nginx/conf.d/onlyoffice. sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \ + sed -i 's/127.0.0.1:9090/$service_oauth/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/$public_root/\/var\/www\/public\//' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/http:\/\/172.*/$document_server;/' /etc/nginx/conf.d/onlyoffice.conf && \ diff --git a/build/install/docker/Dockerfile.runtime b/build/install/docker/Dockerfile.runtime index b10fa0aa6d..b6bbfa4110 100644 --- a/build/install/docker/Dockerfile.runtime +++ b/build/install/docker/Dockerfile.runtime @@ -120,6 +120,7 @@ RUN chown onlyoffice:onlyoffice /etc/nginx/* -R && \ sed -i 's/127.0.0.1:9834/$service_sso/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5013/$service_doceditor/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5011/$service_login/' /etc/nginx/conf.d/onlyoffice.conf && \ + sed -i 's/127.0.0.1:9090/$service_oauth/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5001/$service_client/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/127.0.0.1:5033/$service_healthchecks/' /etc/nginx/conf.d/onlyoffice.conf && \ sed -i 's/$public_root/\/var\/www\/public\//' /etc/nginx/conf.d/onlyoffice.conf && \ diff --git a/build/install/docker/config/nginx/templates/upstream.conf.template b/build/install/docker/config/nginx/templates/upstream.conf.template index 54e70d9b2a..49a6825c7a 100644 --- a/build/install/docker/config/nginx/templates/upstream.conf.template +++ b/build/install/docker/config/nginx/templates/upstream.conf.template @@ -48,6 +48,12 @@ map $SERVICE_API $service_api { default $SERVICE_API; } +map $SERVICE_OAUTH $service_oauth { + volatile; + "" 127.0.0.1:9090; + default $SERVICE_OAUTH; +} + map $SERVICE_STUDIO $service_studio { volatile; "" 127.0.0.1:5003; diff --git a/build/install/docker/docspace.profiles.yml b/build/install/docker/docspace.profiles.yml index feaa046128..f16c2bcfc2 100644 --- a/build/install/docker/docspace.profiles.yml +++ b/build/install/docker/docspace.profiles.yml @@ -261,6 +261,7 @@ services: - SERVICE_NOTIFY=${SERVICE_NOTIFY} - SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER} - SERVICE_SOCKET=${SERVICE_SOCKET} + - SERVICE_OAUTH=${SERVICE_OAUTH} - SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY} - SERVICE_API=${SERVICE_API} - SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM} diff --git a/build/install/docker/docspace.yml b/build/install/docker/docspace.yml index 091b9a8395..8decb941fa 100644 --- a/build/install/docker/docspace.yml +++ b/build/install/docker/docspace.yml @@ -1,6 +1,5 @@ version: "3.8" -x-healthcheck: - &x-healthcheck +x-healthcheck: &x-healthcheck test: curl --fail http://127.0.0.1 || exit 1 interval: 60s retries: 5 @@ -64,48 +63,48 @@ services: image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup-background:${DOCKER_TAG}" container_name: ${BACKUP_BACKGRUOND_TASKS_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1 onlyoffice-backup: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup:${DOCKER_TAG}" container_name: ${BACKUP_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1 onlyoffice-clear-events: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-clear-events:${DOCKER_TAG}" container_name: ${CLEAR_EVENTS_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1 onlyoffice-files: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files:${DOCKER_TAG}" container_name: ${FILES_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_FILES}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_FILES}/health/ || exit 1 onlyoffice-files-services: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files-services:${DOCKER_TAG}" container_name: ${FILES_SERVICES_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1 onlyoffice-people-server: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-people-server:${DOCKER_TAG}" container_name: ${PEOPLE_SERVER_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1 onlyoffice-socket: <<: *x-service-base @@ -119,32 +118,32 @@ services: image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio-notify:${DOCKER_TAG}" container_name: ${STUDIO_NOTIFY_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1 onlyoffice-api: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api:${DOCKER_TAG}" container_name: ${API_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_API}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_API}/health/ || exit 1 onlyoffice-api-system: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api-system:${DOCKER_TAG}" container_name: ${API_SYSTEM_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1 onlyoffice-studio: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio:${DOCKER_TAG}" container_name: ${STUDIO_HOST} healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1 onlyoffice-ssoauth: <<: *x-service-base @@ -161,8 +160,8 @@ services: expose: - "5013" healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_DOCEDITOR}/health || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_DOCEDITOR}/health || exit 1 onlyoffice-login: <<: *x-service-base @@ -171,16 +170,16 @@ services: expose: - "5011" healthcheck: - <<: *x-healthcheck - test: curl --fail http://${SERVICE_LOGIN}/health || exit 1 + <<: *x-healthcheck + test: curl --fail http://${SERVICE_LOGIN}/health || exit 1 onlyoffice-router: image: "${REPO}/${DOCKER_IMAGE_PREFIX}-router:${DOCKER_TAG}" container_name: ${ROUTER_HOST} restart: always healthcheck: - <<: *x-healthcheck - test: nginx -t || exit 1 + <<: *x-healthcheck + test: nginx -t || exit 1 expose: - "8081" - "8099" @@ -208,6 +207,7 @@ services: - SERVICE_NOTIFY=${SERVICE_NOTIFY} - SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER} - SERVICE_SOCKET=${SERVICE_SOCKET} + - SERVICE_OAUTH=${SERVICE_OAUTH} - SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY} - SERVICE_API=${SERVICE_API} - SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM} diff --git a/build/start/start.backend.docker.ps1 b/build/start/start.backend.docker.ps1 index b864499a2a..74f37213c8 100644 --- a/build/start/start.backend.docker.ps1 +++ b/build/start/start.backend.docker.ps1 @@ -13,6 +13,7 @@ $LocalIp = (Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration | Where $Doceditor = ($LocalIp + ":5013") $Login = ($LocalIp + ":5011") $Client = ($LocalIp + ":5001") +$Oauth = ($LocalIp + ":9090") Set-Location -Path $DockerDir @@ -25,6 +26,7 @@ $Env:DOCUMENT_SERVER_IMAGE_NAME="onlyoffice/documentserver-de:latest" $Env:SERVICE_DOCEDITOR=$Doceditor $Env:SERVICE_LOGIN=$Login $Env:SERVICE_CLIENT=$Client +$Env:SERVICE_OAUTH=$Oauth $Env:ROOT_DIR=$RootDir $Env:BUILD_PATH="/var/www" $Env:SRC_PATH="$RootDir\publish\services" diff --git a/config/nginx/onlyoffice.conf b/config/nginx/onlyoffice.conf index e35743d718..4a0ba719d9 100644 --- a/config/nginx/onlyoffice.conf +++ b/config/nginx/onlyoffice.conf @@ -265,10 +265,18 @@ server { } } + location /api/clients { + proxy_pass http://127.0.0.1:9090; + + proxy_set_header X-API-Version 1; + proxy_set_header X-Tenant 1; + } + location /sso { rewrite sso/(.*) /$1 break; proxy_pass http://127.0.0.1:9834; } + location ~* /(ssologin.ashx|login.ashx|storage) { proxy_pass http://127.0.0.1:5003; }