mirror of
https://github.com/ONLYOFFICE/Docker-CommunityServer.git
synced 2025-04-18 15:24:01 +03:00
1246 lines
52 KiB
Bash
1246 lines
52 KiB
Bash
#!/bin/bash
|
|
|
|
set -x
|
|
|
|
echo "##########################################################"
|
|
echo "######### Start container configuration ################"
|
|
echo "##########################################################"
|
|
|
|
|
|
SERVER_HOST=${SERVER_HOST:-""};
|
|
APP_DIR="/var/www/onlyoffice"
|
|
APP_DATA_DIR="${APP_DIR}/Data"
|
|
APP_INDEX_DIR="${APP_DATA_DIR}/Index/v${ELASTICSEARCH_VERSION}"
|
|
APP_PRIVATE_DATA_DIR="${APP_DATA_DIR}/.private"
|
|
APP_SERVICES_DIR="${APP_DIR}/Services"
|
|
APP_CONFIG_DIR="/etc/onlyoffice/communityserver"
|
|
APP_SQL_DIR="${APP_DIR}/Sql"
|
|
APP_ROOT_DIR="${APP_DIR}/WebStudio"
|
|
APP_APISYSTEM_DIR="/var/www/onlyoffice/ApiSystem"
|
|
APP_GOD_DIR="/etc/god/conf.d"
|
|
APP_MONOSERVER_PATH="/lib/systemd/system/monoserve.service";
|
|
APP_HYPERFASTCGI_PATH="/etc/hyperfastcgi/onlyoffice";
|
|
APP_MONOSERVE_COUNT=1;
|
|
APP_MODE=${APP_MODE:-"SERVER"};
|
|
APP_CRON_DIR="/etc/cron.d"
|
|
APP_CRON_PATH="/etc/cron.d/onlyoffice"
|
|
LICENSE_FILE_PATH="/var/www/onlyoffice/DocumentServerData/license.lic"
|
|
DOCKER_APP_SUBNET=$(ip -o -f inet addr show | awk '/scope global/ {print $4}' | head -1);
|
|
DOCKER_CONTAINER_IP=$(ip addr show eth0 | awk '/inet / {gsub(/\/.*/,"",$2); print $2}' | head -1);
|
|
DOCKER_CONTAINER_NAME="onlyoffice-community-server";
|
|
DOCKER_DOCUMENT_SERVER_CONTAINER_NAME="onlyoffice-document-server";
|
|
DOCKER_ENABLED=${DOCKER_ENABLED:-true};
|
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
NGINX_CONF_DIR="/etc/nginx/sites-enabled"
|
|
CPU_PROCESSOR_COUNT=${CPU_PROCESSOR_COUNT:-$(cat /proc/cpuinfo | grep -i processor | awk '{print $1}' | grep -i processor | wc -l)};
|
|
# Limiting the maximum number of simultaneous connections due to possible memory shortage
|
|
[ $(ulimit -n) -gt 1048576 ] && NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-1048576} || NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$(ulimit -n)}
|
|
NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1}
|
|
SERVICE_SSO_AUTH_HOST_ADDR=${SERVICE_SSO_AUTH_HOST_ADDR:-${CONTROL_PANEL_PORT_80_TCP_ADDR}};
|
|
DEFAULT_APP_CORE_MACHINEKEY="$(sudo sed -n '/"core.machinekey"/s!.*value\s*=\s*"\([^"]*\)".*!\1!p' ${APP_ROOT_DIR}/web.appsettings.config)";
|
|
IS_UPDATE="false"
|
|
WORKSPACE_ENTERPRISE=${WORKSPACE_ENTERPRISE:-false};
|
|
|
|
CreateAuthToken() {
|
|
local pkey="$1";
|
|
local machinekey=$(echo -n "$2");
|
|
local a=1
|
|
local LIMIT=10
|
|
|
|
while [ "$a" -le $LIMIT ]
|
|
do
|
|
local now=$(date +"%Y%m%d%H%M%S");
|
|
local authkey=$(echo -n -e "${now}\n${pkey}" | openssl dgst -sha1 -binary -mac HMAC -macopt key:"$machinekey");
|
|
authkey=$(echo -n "${authkey}" | base64);
|
|
|
|
local result="ASC ${pkey}:${now}:${authkey}";
|
|
a=$(($a + 1));
|
|
|
|
if [ -z "$(echo \"$result\" | grep ==)" ]; then
|
|
echo "$result"
|
|
exit 0;
|
|
fi
|
|
|
|
sleep 1s;
|
|
done
|
|
|
|
exit 1;
|
|
}
|
|
|
|
if [ ! -e "${APP_PRIVATE_DATA_DIR}/machinekey" ]; then
|
|
mkdir -p ${APP_PRIVATE_DATA_DIR};
|
|
|
|
APP_CORE_MACHINEKEY=${ONLYOFFICE_CORE_MACHINEKEY:-${APP_CORE_MACHINEKEY:-${DEFAULT_APP_CORE_MACHINEKEY}}};
|
|
echo "${APP_CORE_MACHINEKEY}" > ${APP_PRIVATE_DATA_DIR}/machinekey
|
|
else
|
|
APP_CORE_MACHINEKEY=$(head -n 1 ${APP_PRIVATE_DATA_DIR}/machinekey)
|
|
fi
|
|
|
|
RELEASE_DATE="$(sudo sed -n '/"version.number"/s!.*value\s*=\s*"\([^"]*\)".*!\1!p' ${APP_ROOT_DIR}/web.appsettings.config)";
|
|
RELEASE_DATE_SIGN="$(CreateAuthToken "${RELEASE_DATE}" "${APP_CORE_MACHINEKEY}" )";
|
|
|
|
sed -i '/version.release-date.sign/s!value="[^"]*"!value=\"'"$RELEASE_DATE_SIGN"'\"!g' ${APP_ROOT_DIR}/web.appsettings.config
|
|
|
|
|
|
PREV_RELEASE_DATE=$(head -n 1 ${APP_PRIVATE_DATA_DIR}/release_date)
|
|
|
|
if [ "${RELEASE_DATE}" != "${PREV_RELEASE_DATE}" ]; then
|
|
echo ${RELEASE_DATE} > ${APP_PRIVATE_DATA_DIR}/release_date
|
|
IS_UPDATE="true";
|
|
fi
|
|
|
|
|
|
chmod -R 444 ${APP_PRIVATE_DATA_DIR}
|
|
|
|
if cat /proc/1/cgroup | grep -qE "docker|lxc|kubepods|libpod"; then
|
|
DOCKER_ENABLED=true;
|
|
else
|
|
DOCKER_ENABLED=false;
|
|
fi
|
|
|
|
if [ ! -d "$NGINX_CONF_DIR" ]; then
|
|
mkdir -p $NGINX_CONF_DIR;
|
|
fi
|
|
|
|
if [ ! -d "${APP_DIR}/DocumentServerData" ]; then
|
|
mkdir -p ${APP_DIR}/DocumentServerData;
|
|
fi
|
|
|
|
NGINX_ROOT_DIR="/etc/nginx"
|
|
|
|
VALID_IP_ADDRESS_REGEX="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$";
|
|
|
|
LOG_DEBUG="";
|
|
|
|
LOG_DIR="/var/log/onlyoffice/"
|
|
|
|
APP_HTTPS=${APP_HTTPS:-false}
|
|
|
|
SSL_CERTIFICATES_DIR="${APP_DATA_DIR}/certs"
|
|
SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.crt}
|
|
SSL_KEY_PATH=${SSL_KEY_PATH:-${SSL_CERTIFICATES_DIR}/onlyoffice.key}
|
|
SSL_CERTIFICATE_PATH_PFX=${SSL_CERTIFICATE_PATH_PFX:-${SSL_CERTIFICATES_DIR}/onlyoffice.pfx}
|
|
SSL_CERTIFICATE_PATH_PFX_PWD="onlyoffice";
|
|
|
|
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-${SSL_CERTIFICATES_DIR}/dhparam.pem}
|
|
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
|
|
SSL_OCSP_CERTIFICATE_PATH=${SSL_OCSP_CERTIFICATE_PATH:-${SSL_CERTIFICATES_DIR}/stapling.trusted.crt}
|
|
CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-${SSL_CERTIFICATES_DIR}/ca.crt}
|
|
APP_HTTPS_HSTS_ENABLED=${APP_HTTPS_HSTS_ENABLED:-true}
|
|
APP_HTTPS_HSTS_MAXAGE=${APP_HTTPS_HSTS_MAXAGE:-63072000}
|
|
|
|
SYSCONF_TEMPLATES_DIR="${DIR}/config"
|
|
|
|
mkdir -p ${SYSCONF_TEMPLATES_DIR}/nginx;
|
|
|
|
SYSCONF_TOOLS_DIR="${DIR}/assets/tools"
|
|
|
|
APP_SERVICES_INTERNAL_HOST=${APP_SERVICES_PORT_9865_TCP_ADDR:-${APP_SERVICES_INTERNAL_HOST}}
|
|
APP_SERVICES_EXTERNAL=false
|
|
DOCUMENT_SERVER_ENABLED=false
|
|
|
|
DOCUMENT_SERVER_JWT_ENABLED=${DOCUMENT_SERVER_JWT_ENABLED:-false};
|
|
DOCUMENT_SERVER_JWT_SECRET=${DOCUMENT_SERVER_JWT_SECRET:-""};
|
|
DOCUMENT_SERVER_JWT_HEADER=${DOCUMENT_SERVER_JWT_HEADER:-""};
|
|
DOCUMENT_SERVER_HOST=${DOCUMENT_SERVER_HOST:-""};
|
|
DOCUMENT_SERVER_PROTOCOL=${DOCUMENT_SERVER_PROTOCOL:-"http"};
|
|
DOCUMENT_SERVER_API_URL="";
|
|
DOCUMENT_SERVER_HOST_IP="";
|
|
|
|
CONTROL_PANEL_ENABLED=false
|
|
MAIL_SERVER_ENABLED=false
|
|
|
|
set +x
|
|
|
|
MYSQL_SERVER_ROOT_PASSWORD=${MYSQL_SERVER_ROOT_PASSWORD:-""}
|
|
MYSQL_SERVER_HOST=${MYSQL_SERVER_HOST:-"127.0.0.1"}
|
|
MYSQL_SERVER_PORT=${MYSQL_SERVER_PORT:-"3306"}
|
|
MYSQL_SERVER_DB_NAME=${MYSQL_SERVER_DB_NAME:-"onlyoffice"}
|
|
MYSQL_SERVER_USER=${MYSQL_SERVER_USER:-"root"}
|
|
MYSQL_SERVER_PASS=${MYSQL_SERVER_PASS:-${MYSQL_SERVER_ROOT_PASSWORD}}
|
|
MYSQL_SERVER_EXTERNAL=${MYSQL_SERVER_EXTERNAL:-false};
|
|
|
|
mysql_config() {
|
|
cat << EOF > $1
|
|
[client]
|
|
host=$2
|
|
port=$3
|
|
user=$4
|
|
password=$5
|
|
EOF
|
|
}
|
|
|
|
MYSQL_CLIENT_CONFIG="/etc/mysql/conf.d/client.cnf"
|
|
MYSQL_ROOT_CONFIG="/etc/mysql/conf.d/root.cnf"
|
|
MYSQL_MAIL_CONFIG="/etc/mysql/conf.d/mail.cnf"
|
|
|
|
mysql_config ${MYSQL_CLIENT_CONFIG} ${MYSQL_SERVER_HOST} ${MYSQL_SERVER_PORT} ${MYSQL_SERVER_USER} ${MYSQL_SERVER_PASS}
|
|
mysql_config ${MYSQL_ROOT_CONFIG} ${MYSQL_SERVER_HOST} ${MYSQL_SERVER_PORT} root ${MYSQL_SERVER_ROOT_PASSWORD}
|
|
|
|
set -x
|
|
|
|
mkdir -p "${SSL_CERTIFICATES_DIR}/.well-known/acme-challenge"
|
|
|
|
check_ip_is_internal(){
|
|
|
|
local IPRE='\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)';
|
|
local IP=($(echo "$1" | sed -ne 's:^'"$IPRE"'/.*$:\1 \2 \3 \4:p'));
|
|
local MASK=($(echo "$1" | sed -ne 's:^[^/]*/'"$IPRE"'$:\1 \2 \3 \4:p'))
|
|
|
|
if [ ${#MASK[@]} -ne 4 ]; then
|
|
local BITCNT=($(echo "$1" | sed -ne 's:^[^/]*/\([0-9]\+\)$:\1:p'))
|
|
BITCNT=$(( ((2**${BITCNT})-1) << (32-${BITCNT}) ))
|
|
for (( I=0; I<4; I++ )); do
|
|
MASK[$I]=$(( ($BITCNT >> (8 * (3 - $I))) & 255 ))
|
|
done
|
|
fi
|
|
|
|
local NETWORK=()
|
|
|
|
for (( I=0; I<4; I++ )); do
|
|
NETWORK[$I]=$(( ${IP[$I]} & ${MASK[$I]} ))
|
|
done
|
|
|
|
|
|
local INIP=($(echo "$2" | sed -ne 's:^'"$IPRE"'$:\1 \2 \3 \4:p'))
|
|
|
|
for (( I=0; I<4; I++ )); do
|
|
[[ $(( ${INIP[$I]} & ${MASK[$I]} )) -ne ${NETWORK[$I]} ]] && return 1; #false
|
|
done
|
|
|
|
return 0; #true
|
|
}
|
|
|
|
normalize_subnet(){
|
|
local IPRE='\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)\.\([0-9]\+\)';
|
|
local IP=($(echo "$1" | sed -ne 's:^'"$IPRE"'/.*$:\1 \2 \3 \4:p'));
|
|
|
|
local MASK=($(echo "$1" | sed -ne 's:^[^/]*/'"$IPRE"'$:\1 \2 \3 \4:p'))
|
|
|
|
if [ ${#MASK[@]} -ne 4 ]; then
|
|
local BITCNT=($(echo "$1" | sed -ne 's:^[^/]*/\([0-9]\+\)$:\1:p'))
|
|
BITCNT=$(( ((2**${BITCNT})-1) << (32-${BITCNT}) ))
|
|
for (( I=0; I<4; I++ )); do
|
|
MASK[$I]=$(( ($BITCNT >> (8 * (3 - $I))) & 255 ))
|
|
done
|
|
fi
|
|
|
|
local NETWORK=()
|
|
|
|
for (( I=0; I<4; I++ )); do
|
|
NETWORK[$I]=$(( ${IP[$I]} & ${MASK[$I]} ))
|
|
done
|
|
|
|
local IP_MASK=$(echo "$1" | sed -ne 's:^[^/]*/\([0-9]\+\)$:\1:p');
|
|
|
|
|
|
echo ${NETWORK[0]}.${NETWORK[1]}.${NETWORK[2]}.${NETWORK[3]}/$IP_MASK
|
|
}
|
|
|
|
if [ ${DOCKER_APP_SUBNET} ]; then
|
|
DOCKER_APP_SUBNET=$(normalize_subnet $DOCKER_APP_SUBNET);
|
|
fi
|
|
|
|
check_partnerdata(){
|
|
PARTNER_DATA_FILE="${APP_DATA_DIR}/json-data.txt";
|
|
|
|
if [ -f ${PARTNER_DATA_FILE} ]; then
|
|
for serverID in $(seq 1 ${APP_MONOSERVE_COUNT});
|
|
do
|
|
index=$serverID;
|
|
|
|
if [ $index == 1 ]; then
|
|
index="";
|
|
fi
|
|
|
|
cp ${PARTNER_DATA_FILE} ${APP_ROOT_DIR}${index}/App_Data/static/partnerdata/
|
|
done
|
|
fi
|
|
}
|
|
|
|
|
|
log_debug () {
|
|
echo "onlyoffice: [Debug] $1"
|
|
}
|
|
|
|
|
|
check_partnerdata
|
|
|
|
re='^[0-9]+$'
|
|
|
|
if ! [[ ${APP_MONOSERVE_COUNT} =~ $re ]] ; then
|
|
echo "error: APP_MONOSERVE_COUNT not a number";
|
|
APP_MONOSERVE_COUNT=2;
|
|
fi
|
|
|
|
# if [ "${APP_MONOSERVE_COUNT}" -eq "2" ] ; then
|
|
# KERNER_CPU=$(nproc);
|
|
|
|
# if [ "${KERNER_CPU}" -gt "${APP_MONOSERVE_COUNT}" ]; then
|
|
# APP_MONOSERVE_COUNT=${KERNER_CPU};
|
|
# fi
|
|
# fi
|
|
|
|
if [ ! -f /proc/net/if_inet6 ]; then
|
|
sed '/listen\s*\[::\]:80/d' -i ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-common-ssl.conf.template
|
|
sed '/listen\s*\[::\]:443/d' -i ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-common-ssl.conf.template
|
|
fi
|
|
|
|
cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-nginx.conf.template ${NGINX_ROOT_DIR}/nginx.conf
|
|
|
|
sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_ROOT_DIR}/nginx.conf
|
|
sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_ROOT_DIR}/nginx.conf
|
|
|
|
cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-common-init.conf.template ${NGINX_CONF_DIR}/onlyoffice
|
|
|
|
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
|
|
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${NGINX_CONF_DIR}/onlyoffice
|
|
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${NGINX_CONF_DIR}/onlyoffice
|
|
else
|
|
sed '/{{SSL_CERTIFICATE_PATH}}/d' -i ${NGINX_CONF_DIR}/onlyoffice
|
|
sed '/{{SSL_KEY_PATH}}/d' -i ${NGINX_CONF_DIR}/onlyoffice
|
|
sed '/listen\s*443/d' -i ${NGINX_CONF_DIR}/onlyoffice
|
|
fi
|
|
|
|
rm -f ${NGINX_ROOT_DIR}/conf.d/*.conf
|
|
|
|
service nginx restart
|
|
|
|
#if ! grep -q "thread_pool.index.size" /etc/elasticsearch/elasticsearch.yml; then
|
|
# echo "thread_pool.index.size: $CPU_PROCESSOR_COUNT" >> /etc/elasticsearch/elasticsearch.yml
|
|
#else
|
|
# sed -i "s/thread_pool.index.size.*/thread_pool.index.size: $CPU_PROCESSOR_COUNT/" /etc/elasticsearch/elasticsearch.yml
|
|
#fi
|
|
|
|
#if ! grep -q "thread_pool.write.size" /etc/elasticsearch/elasticsearch.yml; then
|
|
# echo "thread_pool.write.size: $CPU_PROCESSOR_COUNT" >> /etc/elasticsearch/elasticsearch.yml
|
|
#else
|
|
# sed -i "s/thread_pool.write.size.*/thread_pool.write.size: $CPU_PROCESSOR_COUNT/" /etc/elasticsearch/elasticsearch.yml
|
|
#fi
|
|
|
|
TOTAL_MEMORY=$(free -m | grep -oP '\d+' | head -n 1);
|
|
MEMORY_REQUIREMENTS=12228; #RAM ~4*3Gb
|
|
|
|
if [ ${TOTAL_MEMORY} -gt ${MEMORY_REQUIREMENTS} ]; then
|
|
if ! grep -q "[-]Xms1g" /etc/elasticsearch/jvm.options; then
|
|
echo "-Xms4g" >> /etc/elasticsearch/jvm.options
|
|
else
|
|
sed -i "s/-Xms1g/-Xms4g/" /etc/elasticsearch/jvm.options
|
|
fi
|
|
|
|
if ! grep -q "[-]Xmx1g" /etc/elasticsearch/jvm.options; then
|
|
echo "-Xmx4g" >> /etc/elasticsearch/jvm.options
|
|
else
|
|
sed -i "s/-Xmx1g/-Xmx4g/" /etc/elasticsearch/jvm.options
|
|
fi
|
|
fi
|
|
|
|
if [ ${APP_SERVICES_INTERNAL_HOST} ]; then
|
|
APP_SERVICES_EXTERNAL=true;
|
|
|
|
sed '/endpoint/s/http:\/\/localhost:9865\/teamlabJabber/http:\/\/'${APP_SERVICES_INTERNAL_HOST}':9865\/teamlabJabber/' -i ${APP_ROOT_DIR}/Web.config
|
|
sed '/endpoint/s/http:\/\/localhost:9866\/teamlabSearcher/http:\/\/'${APP_SERVICES_INTERNAL_HOST}':9866\/teamlabSearcher/' -i ${APP_ROOT_DIR}/Web.config
|
|
sed '/endpoint/s/http:\/\/localhost:9871\/teamlabNotify/http:\/\/'${APP_SERVICES_INTERNAL_HOST}':9871\/teamlabNotify/' -i ${APP_ROOT_DIR}/Web.config
|
|
sed '/endpoint/s/http:\/\/localhost:9882\/teamlabBackup/http:\/\/'${APP_SERVICES_INTERNAL_HOST}':9882\/teamlabBackup/' -i ${APP_ROOT_DIR}/Web.config
|
|
|
|
sed '/BoshPath/s!\(value\s*=\s*\"\)[^\"]*\"!\1http:\/\/'${APP_SERVICES_INTERNAL_HOST}':5280\/http-poll\/\"!' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
|
|
sed '/<endpoint/s!\"netTcpBinding\"!\"basicHttpBinding\"!' -i ${APP_ROOT_DIR}/Web.config;
|
|
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "Change connections for ${1} then ${2}";
|
|
fi
|
|
|
|
if [ "${DOCKER_ENABLED}" == "true" ]; then
|
|
while ! bash ${SYSCONF_TOOLS_DIR}/wait-for-it.sh ${APP_SERVICES_INTERNAL_HOST}:9871 --quiet -s -- echo "ONLYOFFICE SERVICES is up"; do
|
|
sleep 1
|
|
done
|
|
fi
|
|
|
|
fi
|
|
|
|
if [ ${DOCUMENT_SERVER_HOST} ]; then
|
|
DOCUMENT_SERVER_ENABLED=true;
|
|
DOCUMENT_SERVER_API_URL="${DOCUMENT_SERVER_PROTOCOL}:\/\/${DOCUMENT_SERVER_HOST}";
|
|
elif [ ${DOCUMENT_SERVER_PORT_80_TCP_ADDR} ]; then
|
|
DOCUMENT_SERVER_ENABLED=true;
|
|
DOCUMENT_SERVER_HOST=${DOCUMENT_SERVER_PORT_80_TCP_ADDR};
|
|
DOCUMENT_SERVER_API_URL="\/ds-vpath";
|
|
fi
|
|
|
|
if [ "${DOCUMENT_SERVER_ENABLED}" == "true" ] && [ $DOCKER_APP_SUBNET ] && [ -z "$SERVER_HOST" ]; then
|
|
DOCUMENT_SERVER_HOST_IP=$(dig +short ${DOCUMENT_SERVER_HOST});
|
|
|
|
if check_ip_is_internal $DOCKER_APP_SUBNET $DOCUMENT_SERVER_HOST_IP; then
|
|
_DOCKER_CONTAINER_IP=$(dig +short ${DOCKER_CONTAINER_NAME});
|
|
|
|
if [ "${DOCKER_CONTAINER_IP}" == "${_DOCKER_CONTAINER_IP}" ]; then
|
|
SERVER_HOST=${DOCKER_CONTAINER_NAME};
|
|
else
|
|
SERVER_HOST=${DOCKER_CONTAINER_IP};
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if [ "${DOCKER_ENABLED}" == "true" ] && [ "${DOCUMENT_SERVER_HOST}" == "${DOCKER_DOCUMENT_SERVER_CONTAINER_NAME}" ]; then
|
|
while ! bash ${SYSCONF_TOOLS_DIR}/wait-for-it.sh $DOCKER_DOCUMENT_SERVER_CONTAINER_NAME:8000 --quiet -s -- echo "Document Server is up"; do
|
|
sleep 1
|
|
done
|
|
|
|
DOCKER_DOCUMENT_SERVER_PACKAGE_TYPE=$(curl -s http://$DOCKER_DOCUMENT_SERVER_CONTAINER_NAME:8000/info/info.json | jq '.licenseInfo.packageType');
|
|
|
|
if [ -n "$DOCKER_DOCUMENT_SERVER_PACKAGE_TYPE" ] && [ "$DOCKER_DOCUMENT_SERVER_PACKAGE_TYPE" -gt 0 ]; then
|
|
WORKSPACE_ENTERPRISE="true";
|
|
fi
|
|
fi
|
|
|
|
if [ ${MYSQL_SERVER_HOST} != "localhost" ] && [ ${MYSQL_SERVER_HOST} != "127.0.0.1" ]; then
|
|
MYSQL_SERVER_EXTERNAL=true;
|
|
fi
|
|
|
|
if [ ${MYSQL_SERVER_PORT_3306_TCP} ]; then
|
|
MYSQL_SERVER_EXTERNAL=true;
|
|
|
|
set +x
|
|
|
|
MYSQL_SERVER_HOST=${MYSQL_SERVER_PORT_3306_TCP_ADDR};
|
|
MYSQL_SERVER_PORT=${MYSQL_SERVER_PORT_3306_TCP_PORT};
|
|
MYSQL_SERVER_DB_NAME=${MYSQL_SERVER_ENV_MYSQL_DATABASE:-${MYSQL_SERVER_DB_NAME}};
|
|
MYSQL_SERVER_USER=${MYSQL_SERVER_ENV_MYSQL_USER:-${MYSQL_SERVER_USER}};
|
|
MYSQL_SERVER_PASS=${MYSQL_SERVER_ENV_MYSQL_PASSWORD:-${MYSQL_SERVER_ENV_MYSQL_ROOT_PASSWORD:-${MYSQL_SERVER_PASS}}};
|
|
|
|
mysql_config ${MYSQL_CLIENT_CONFIG} ${MYSQL_SERVER_HOST} ${MYSQL_SERVER_PORT} ${MYSQL_SERVER_USER} ${MYSQL_SERVER_PASS}
|
|
mysql_config ${MYSQL_ROOT_CONFIG} ${MYSQL_SERVER_HOST} ${MYSQL_SERVER_PORT} root ${MYSQL_SERVER_ROOT_PASSWORD}
|
|
|
|
set -x
|
|
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "MYSQL_SERVER_HOST: ${MYSQL_SERVER_HOST}";
|
|
log_debug "MYSQL_SERVER_PORT: ${MYSQL_SERVER_PORT}";
|
|
log_debug "MYSQL_SERVER_DB_NAME: ${MYSQL_SERVER_DB_NAME}";
|
|
log_debug "MYSQL_SERVER_USER: ${MYSQL_SERVER_USER}";
|
|
log_debug "MYSQL_SERVER_PASS: ${MYSQL_SERVER_PASS}";
|
|
fi
|
|
fi
|
|
|
|
|
|
if [ ${CONTROL_PANEL_PORT_80_TCP} ]; then
|
|
CONTROL_PANEL_ENABLED=true;
|
|
fi
|
|
|
|
set +x
|
|
|
|
MAIL_SERVER_API_PORT=${MAIL_SERVER_API_PORT:-${MAIL_SERVER_PORT_8081_TCP_PORT:-8081}};
|
|
MAIL_SERVER_API_HOST=${MAIL_SERVER_API_HOST:-${MAIL_SERVER_PORT_8081_TCP_ADDR}};
|
|
MAIL_SERVER_DB_HOST=${MAIL_SERVER_DB_HOST:-${MAIL_SERVER_PORT_3306_TCP_ADDR}};
|
|
MAIL_SERVER_DB_PORT=${MAIL_SERVER_DB_PORT:-${MAIL_SERVER_PORT_3306_TCP_PORT:-3306}};
|
|
MAIL_SERVER_DB_NAME=${MAIL_SERVER_DB_NAME:-"onlyoffice_mailserver"};
|
|
MAIL_SERVER_DB_USER=${MAIL_SERVER_DB_USER:-"mail_admin"};
|
|
MAIL_SERVER_DB_PASS=${MAIL_SERVER_DB_PASS:-"Isadmin123"};
|
|
|
|
mysql_config ${MYSQL_MAIL_CONFIG} ${MAIL_SERVER_DB_HOST} ${MAIL_SERVER_DB_PORT} ${MAIL_SERVER_DB_USER} ${MAIL_SERVER_DB_PASS}
|
|
|
|
set -x
|
|
|
|
if [ ${MAIL_SERVER_DB_HOST} ]; then
|
|
MAIL_SERVER_ENABLED=true;
|
|
|
|
if [ -z "${MAIL_SERVER_API_HOST}" ]; then
|
|
if [[ $MAIL_SERVER_DB_HOST =~ $VALID_IP_ADDRESS_REGEX ]]; then
|
|
MAIL_SERVER_API_HOST=${MAIL_SERVER_DB_HOST};
|
|
elif [[ "$(dig +short $MAIL_SERVER_DB_HOST)" =~ $VALID_IP_ADDRESS_REGEX ]]; then
|
|
MAIL_SERVER_API_HOST=$(dig +short ${MAIL_SERVER_DB_HOST});
|
|
else
|
|
echo "MAIL_SERVER_API_HOST is empty";
|
|
exit 502;
|
|
fi
|
|
else
|
|
if [[ ! $MAIL_SERVER_API_HOST =~ $VALID_IP_ADDRESS_REGEX ]]; then
|
|
MAIL_SERVER_API_HOST=$(dig +short ${MAIL_SERVER_API_HOST});
|
|
fi
|
|
|
|
if [ -z "${MAIL_SERVER_API_HOST}" ]; then
|
|
echo "MAIL_SERVER_API_HOST not correct";
|
|
|
|
exit 502;
|
|
fi
|
|
|
|
fi
|
|
fi
|
|
|
|
MAIL_IMAPSYNC_START_DATE=${MAIL_IMAPSYNC_START_DATE:-$(date +"%Y-%m-%dT%H:%M:%S")};
|
|
sed 's_\(\"ImapSyncStartDate":\).*,_\1 "'${MAIL_IMAPSYNC_START_DATE}'",_' -i ${APP_CONFIG_DIR}/mail.production.json
|
|
sed "/mail\.imap-sync-start-date/s/value=\"\S*\"/value=\"${MAIL_IMAPSYNC_START_DATE}\"/g" -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
|
|
if [ ${MAIL_SERVER_API_HOST} ]; then
|
|
if [ ! bash ${SYSCONF_TOOLS_DIR}/wait-for-it.sh ${MAIL_SERVER_API_HOST}:25 --timeout=300 --quiet -s -- echo "MailServer is up" ]; then
|
|
unset MAIL_SERVER_DB_HOST;
|
|
unset MAIL_SERVER_PORT_3306_TCP_ADDR;
|
|
MAIL_SERVER_DB_HOST="";
|
|
echo "";
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
REDIS_SERVER_HOST=${REDIS_SERVER_PORT_3306_TCP_ADDR:-${REDIS_SERVER_HOST}};
|
|
REDIS_SERVER_CACHEPORT=${REDIS_SERVER_PORT_3306_TCP_PORT:-${REDIS_SERVER_CACHEPORT:-"6379"}};
|
|
REDIS_SERVER_PASSWORD=${REDIS_SERVER_PASSWORD:-""};
|
|
REDIS_SERVER_SSL=${REDIS_SERVER_SSL:-"false"};
|
|
REDIS_SERVER_DATABASE=${REDIS_SERVER_DATABASE:-"0"};
|
|
REDIS_SERVER_CONNECT_TIMEOUT=${REDIS_SERVER_CONNECT_TIMEOUT:-"5000"};
|
|
REDIS_SERVER_EXTERNAL=false;
|
|
REDIS_SERVER_SYNC_TIMEOUT=${REDIS_SERVER_SYNC_TIMEOUT:-"60000"}
|
|
|
|
if [ ${REDIS_SERVER_HOST} ]; then
|
|
sed 's/<add\s*host=".*"\s*cachePort="[0-9]*"\s*\/>/<add host="'${REDIS_SERVER_HOST}'" cachePort="'${REDIS_SERVER_CACHEPORT}'" \/>/' -i ${APP_ROOT_DIR}/Web.config
|
|
sed -E 's/<redisCacheClient\s*ssl="(false|true)"\s*connectTimeout="[0-9]*"\s*syncTimeout="[0-9]*"\s*database="[0-9]*"\s*password=".*">/<redisCacheClient ssl="'${REDIS_SERVER_SSL}'" connectTimeout="'${REDIS_SERVER_CONNECT_TIMEOUT}'" syncTimeout="'${REDIS_SERVER_SYNC_TIMEOUT}'" database="'${REDIS_SERVER_DATABASE}'" password="'${REDIS_SERVER_PASSWORD}'">/' -i ${APP_ROOT_DIR}/Web.config
|
|
|
|
sed 's/<add\s*host=".*"\s*cachePort="[0-9]*"\s*\/>/<add host="'${REDIS_SERVER_HOST}'" cachePort="'${REDIS_SERVER_CACHEPORT}'" \/>/' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
sed -E 's/<redisCacheClient\s*ssl="(false|true)"\s*connectTimeout="[0-9]*"\s*syncTimeout="[0-9]*"\s*database="[0-9]*"\s*password=".*">/<redisCacheClient ssl="'${REDIS_SERVER_SSL}'" connectTimeout="'${REDIS_SERVER_CONNECT_TIMEOUT}'" syncTimeout="'${REDIS_SERVER_SYNC_TIMEOUT}'" database="'${REDIS_SERVER_DATABASE}'" password="'${REDIS_SERVER_PASSWORD}'">/' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
|
|
sed -e "s/\"Host\": \"[^\"]*\"/\"Host\": \"${REDIS_SERVER_HOST}\"/" -e "s/\"Port\": \"[^\"]*\"/\"Port\": \"${REDIS_SERVER_CACHEPORT}\"/" -e "s/\"Ssl\": [^,]*,/\"Ssl\": ${REDIS_SERVER_SSL},/" -e "s/\"Database\": [^,]*,/\"Database\": ${REDIS_SERVER_DATABASE},/" -e "s/\"ConnectTimeout\": [^,]*,/\"ConnectTimeout\": ${REDIS_SERVER_CONNECT_TIMEOUT},/" -e "s/\"SyncTimeout\": [^,]*,/\"SyncTimeout\": ${REDIS_SERVER_SYNC_TIMEOUT},/" -i ${APP_CONFIG_DIR}/mail.json
|
|
|
|
[ -n "$REDIS_SERVER_PASSWORD" ] && sed "/\"Port\": \"${REDIS_SERVER_CACHEPORT}\"/a \ \"Password\": \"${REDIS_SERVER_PASSWORD}\"," -i "${APP_CONFIG_DIR}/mail.json"
|
|
|
|
APP_SERVICES_SOCKET_IO_PATH=${APP_SERVICES_DIR}/ASC.Socket.IO/config/config.UNIX.SERVER.json
|
|
|
|
jq '.redis |= . + {"host":"'"$REDIS_SERVER_HOST"'","port":'"$REDIS_SERVER_CACHEPORT"',"db":"'"$REDIS_SERVER_DATABASE"'","pass":"'"$REDIS_SERVER_PASSWORD"'"}' ${APP_SERVICES_SOCKET_IO_PATH} > ${APP_SERVICES_SOCKET_IO_PATH}.tmp && mv ${APP_SERVICES_SOCKET_IO_PATH}.tmp ${APP_SERVICES_SOCKET_IO_PATH}
|
|
|
|
REDIS_SERVER_EXTERNAL=true;
|
|
fi
|
|
|
|
if [ "${REDIS_SERVER_EXTERNAL}" == "false" ]; then
|
|
if [ -e /etc/redis/redis.conf ]; then
|
|
sed -i "s/bind .*/bind 127.0.0.1/g" /etc/redis/redis.conf
|
|
fi
|
|
fi
|
|
|
|
ELASTICSEARCH_SERVER_HOST=${ELASTICSEARCH_SERVER_ADDR:-${ELASTICSEARCH_SERVER_HOST}};
|
|
ELASTICSEARCH_SERVER_HTTPPORT=${ELASTICSEARCH_SERVER_HTTP_PORT:-${ELASTICSEARCH_SERVER_HTTPPORT:-"9200"}};
|
|
|
|
if grep -q '<section name="elastic" type="ASC.ElasticSearch.Config.ElasticSection, ASC.ElasticSearch" />' ${APP_ROOT_DIR}/Web.config; then
|
|
echo "This entry is already there"
|
|
else
|
|
if [ ${ELASTICSEARCH_SERVER_HOST} ]; then
|
|
sed -i '/<section name="redisCacheClient" type="StackExchange.Redis.Extensions.LegacyConfiguration.RedisCachingSectionHandler, StackExchange.Redis.Extensions.LegacyConfiguration" \/>/a <section name="elastic" type="ASC.ElasticSearch.Config.ElasticSection, ASC.ElasticSearch" \/>' ${APP_ROOT_DIR}/Web.config
|
|
sed -i 's/<section name="elastic" type="ASC.ElasticSearch.Config.ElasticSection, ASC.ElasticSearch" \/>/ <section name="elastic" type="ASC.ElasticSearch.Config.ElasticSection, ASC.ElasticSearch" \/>/' ${APP_ROOT_DIR}/Web.config
|
|
sed -i '/<section name="redisCacheClient" type="StackExchange.Redis.Extensions.LegacyConfiguration.RedisCachingSectionHandler, StackExchange.Redis.Extensions.LegacyConfiguration" \/>/a <section name="elastic" type="ASC.ElasticSearch.Config.ElasticSection, ASC.ElasticSearch" \/>' ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
sed -i 's/<section name="elastic" type="ASC.ElasticSearch.Config.ElasticSection, ASC.ElasticSearch" \/>/ <section name="elastic" type="ASC.ElasticSearch.Config.ElasticSection, ASC.ElasticSearch" \/>/' ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
|
|
if [ ${ELASTICSEARCH_SERVER_HTTPPORT} ]; then
|
|
sed -i '/<\/configSections>/a <elastic scheme="http" host="'${ELASTICSEARCH_SERVER_HOST}'" port="'${ELASTICSEARCH_SERVER_HTTPPORT}'" \/>' ${APP_ROOT_DIR}/Web.config
|
|
sed -i 's/<elastic scheme="http" host="'${ELASTICSEARCH_SERVER_HOST}'" port="'${ELASTICSEARCH_SERVER_HTTPPORT}'" \/>/ <elastic scheme="http" host="'${ELASTICSEARCH_SERVER_HOST}'" port="'${ELASTICSEARCH_SERVER_HTTPPORT}'" \/>/' ${APP_ROOT_DIR}/Web.config
|
|
|
|
sed -i '/<\/configSections>/a <elastic scheme="http" host="'${ELASTICSEARCH_SERVER_HOST}'" port="'${ELASTICSEARCH_SERVER_HTTPPORT}'" \/>' ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
sed -i 's/<elastic scheme="http" host="'${ELASTICSEARCH_SERVER_HOST}'" port="'${ELASTICSEARCH_SERVER_HTTPPORT}'" \/>/ <elastic scheme="http" host="'${ELASTICSEARCH_SERVER_HOST}'" port="'${ELASTICSEARCH_SERVER_HTTPPORT}'" \/>/' ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
|
|
sed -i "s/\"Host\": \"127.0.0.1\"/\"Host\": \"${ELASTICSEARCH_SERVER_HOST}\"/g" ${APP_CONFIG_DIR}/elastic.production.json
|
|
sed -i "s/\"Port\": \"9200\"/\"Port\": \"${ELASTICSEARCH_SERVER_HTTPPORT}\"/g" ${APP_CONFIG_DIR}/elastic.production.json
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
mysql_scalar_exec(){
|
|
local queryResult="";
|
|
|
|
if [ "$2" == "opt_ignore_db_name" ]; then
|
|
queryResult=$(mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -e "$1");
|
|
else
|
|
queryResult=$(mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -D ${MYSQL_SERVER_DB_NAME} -e "$1");
|
|
fi
|
|
echo $queryResult;
|
|
}
|
|
|
|
mysql_list_exec(){
|
|
local queryResult="";
|
|
|
|
if [ "$2" == "opt_ignore_db_name" ]; then
|
|
queryResult=$(mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -e "$1");
|
|
else
|
|
queryResult=$(mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -D ${MYSQL_SERVER_DB_NAME} -e "$1");
|
|
fi
|
|
|
|
read -ra vars <<< ${queryResult};
|
|
for i in "${vars[0][@]}"; do
|
|
echo $i
|
|
done
|
|
}
|
|
|
|
mysql_batch_exec(){
|
|
mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -D ${MYSQL_SERVER_DB_NAME} < "$1";
|
|
}
|
|
|
|
mysql_check_connection() {
|
|
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "Mysql check connection for ${MYSQL_SERVER_HOST}";
|
|
fi
|
|
|
|
|
|
while ! mysqladmin --defaults-extra-file="$MYSQL_CLIENT_CONFIG" ping; do
|
|
sleep 1
|
|
done
|
|
}
|
|
|
|
|
|
change_connections(){
|
|
set +x
|
|
sed '/'${1}'/s/\(connectionString\s*=\s*\"\)[^\"]*\"/\1Server='${MYSQL_SERVER_HOST}';Port='${MYSQL_SERVER_PORT}';Database='${MYSQL_SERVER_DB_NAME}';User ID='${MYSQL_SERVER_USER}';Password='${MYSQL_SERVER_PASS}';Pooling=true;Character Set=utf8;AutoEnlist=false;SSL Mode=none;AllowPublicKeyRetrieval=true;Connection Timeout=30;Maximum Pool Size=300;\"/' -i ${2}
|
|
set -x
|
|
}
|
|
|
|
if [ "${MYSQL_SERVER_EXTERNAL}" == "false" ]; then
|
|
if [ ! -f /var/lib/mysql/ibdata1 ]; then
|
|
mysql_install_db || true
|
|
fi
|
|
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "Fix docker bug volume mapping for mysql";
|
|
fi
|
|
|
|
systemctl enable mysql.service
|
|
service mysql start
|
|
|
|
if [ -n "$MYSQL_SERVER_ROOT_PASSWORD" ] && mysqladmin --defaults-extra-file="$MYSQL_ROOT_CONFIG" ping | grep -q "mysqld is alive" ; then
|
|
mysql --defaults-extra-file="$MYSQL_ROOT_CONFIG" <<EOF
|
|
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY "$MYSQL_SERVER_ROOT_PASSWORD";
|
|
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
|
|
DELETE FROM mysql.user WHERE User='';
|
|
DELETE FROM mysql.db WHERE Db='test' OR Db='test_%';
|
|
FLUSH PRIVILEGES;
|
|
EOF
|
|
|
|
|
|
|
|
if [ "$MYSQL_SERVER_USER" != "root" ]; then
|
|
mysql --defaults-extra-file="$MYSQL_ROOT_CONFIG" <<EOF
|
|
CREATE USER IF NOT EXISTS "$MYSQL_SERVER_USER"@"localhost" IDENTIFIED WITH mysql_native_password BY "$MYSQL_SERVER_PASS";
|
|
GRANT ALL PRIVILEGES ON *.* TO "$MYSQL_SERVER_USER"@'localhost';
|
|
FLUSH PRIVILEGES;
|
|
EOF
|
|
|
|
fi
|
|
fi
|
|
|
|
DEBIAN_SYS_MAINT_PASS=$(grep "password" /etc/mysql/debian.cnf | head -1 | sed 's/password\s*=\s*//' | tr -d '[[:space:]]');
|
|
mysql_scalar_exec "GRANT ALL PRIVILEGES ON *.* TO 'debian-sys-maint'@'localhost';"
|
|
set -x
|
|
else
|
|
mysqladmin shutdown
|
|
systemctl disable mysql.service
|
|
fi
|
|
|
|
mysql_check_connection;
|
|
|
|
DB_IS_EXIST=$(mysql_scalar_exec "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='${MYSQL_SERVER_DB_NAME}'" "opt_ignore_db_name");
|
|
DB_CHARACTER_SET_NAME=$(mysql_scalar_exec "SELECT DEFAULT_CHARACTER_SET_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='${MYSQL_SERVER_DB_NAME}'" "opt_ignore_db_name");
|
|
DB_COLLATION_NAME=$(mysql_scalar_exec "SELECT DEFAULT_COLLATION_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME='${MYSQL_SERVER_DB_NAME}'" "opt_ignore_db_name");
|
|
DB_TABLES_COUNT=$(mysql_scalar_exec "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema='${MYSQL_SERVER_DB_NAME}'");
|
|
|
|
if [ -z ${DB_IS_EXIST} ]; then
|
|
mysql_scalar_exec "CREATE DATABASE ${MYSQL_SERVER_DB_NAME} CHARACTER SET utf8 COLLATE utf8_general_ci" "opt_ignore_db_name";
|
|
DB_CHARACTER_SET_NAME="utf8";
|
|
DB_COLLATION_NAME="utf8_general_ci";
|
|
DB_TABLES_COUNT=0;
|
|
|
|
fi
|
|
|
|
if [ ${DB_CHARACTER_SET_NAME} != "utf8" ]; then
|
|
mysql_scalar_exec "ALTER DATABASE ${MYSQL_SERVER_DB_NAME} CHARACTER SET utf8 COLLATE utf8_general_ci";
|
|
fi
|
|
|
|
# change mysql config files
|
|
change_connections "default" "${APP_ROOT_DIR}/web.connections.config";
|
|
change_connections "teamlabsite" "${APP_ROOT_DIR}/web.connections.config";
|
|
change_connections "default" "${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config";
|
|
change_connections "default" "${APP_SERVICES_DIR}/Jabber/ASC.Xmpp.Server.Launcher.exe.config";
|
|
change_connections "default" "${APP_APISYSTEM_DIR}/Web.config";
|
|
|
|
set +x
|
|
|
|
find "${APP_SERVICES_DIR}/ASC.UrlShortener/config" -type f -name "*.json" -exec sed -i \
|
|
-e "s!\(\"host\":\).*,!\1 \"${MYSQL_SERVER_HOST}\",!" \
|
|
-e "/\"sql\": {/,/}/ s!\(\"port\":\).*,!\1 ${MYSQL_SERVER_PORT},!" \
|
|
-e "s!\(\"user\":\).*,!\1 \"${MYSQL_SERVER_USER}\",!" \
|
|
-e "s!\(\"password\":\).*,!\1 \"${MYSQL_SERVER_PASS//!/\\!}\",!" \
|
|
-e "s!\(\"database\":\).*!\1 \"${MYSQL_SERVER_DB_NAME}\"!" {} \;
|
|
|
|
sed -i "s/Server=.*/Server=${MYSQL_SERVER_HOST};Port=${MYSQL_SERVER_PORT};Database=${MYSQL_SERVER_DB_NAME};User ID=${MYSQL_SERVER_USER};Password=${MYSQL_SERVER_PASS};Pooling=true;Character Set=utf8;AutoEnlist=false;SSL Mode=none;AllowPublicKeyRetrieval=true;Connection Timeout=30;Maximum Pool Size=300;\",/g" ${APP_CONFIG_DIR}/appsettings.production.json
|
|
|
|
set -x
|
|
|
|
if [ "${DB_TABLES_COUNT}" -eq "0" ]; then
|
|
mysql_batch_exec ${APP_SQL_DIR}/onlyoffice.sql
|
|
mysql_batch_exec ${APP_SQL_DIR}/onlyoffice.data.sql
|
|
mysql_batch_exec ${APP_SQL_DIR}/onlyoffice.resources.sql
|
|
elif [ "${IS_UPDATE}" == "true" ]; then
|
|
# update mysql db
|
|
for i in $(ls ${APP_SQL_DIR}/onlyoffice.upgrade*); do
|
|
mysql_batch_exec ${i};
|
|
done
|
|
fi
|
|
|
|
mysql_scalar_exec "DELETE FROM webstudio_settings WHERE id='5C699566-34B1-4714-AB52-0E82410CE4E5';"
|
|
|
|
# setup HTTPS
|
|
if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then
|
|
cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-common-ssl.conf.template ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
|
|
mkdir -p ${LOG_DIR}/nginx
|
|
|
|
# configure nginx
|
|
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
|
|
sed "s/TLSv1.2;/TLSv1.2 TLSv1.3;/" -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
|
|
# if dhparam path is valid, add to the config, otherwise remove the option
|
|
if [ ! -f ${SSL_DHPARAM_PATH} ]; then
|
|
sudo openssl dhparam -out dhparam.pem 2048
|
|
mv dhparam.pem ${SSL_DHPARAM_PATH};
|
|
fi
|
|
|
|
sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
|
|
if [ ! -f ${SSL_CERTIFICATE_PATH_PFX} ]; then
|
|
openssl pkcs12 -export -out ${SSL_CERTIFICATE_PATH_PFX} -inkey ${SSL_KEY_PATH} -in ${SSL_CERTIFICATE_PATH} -password pass:${SSL_CERTIFICATE_PATH_PFX_PWD};
|
|
chown onlyoffice:onlyoffice ${SSL_CERTIFICATE_PATH_PFX}
|
|
fi
|
|
|
|
# if dhparam path is valid, add to the config, otherwise remove the option
|
|
if [ -r "${SSL_OCSP_CERTIFICATE_PATH}" ]; then
|
|
sed 's,{{SSL_OCSP_CERTIFICATE_PATH}},'"${SSL_OCSP_CERTIFICATE_PATH}"',' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
else
|
|
sed '/ssl_stapling/d' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
sed '/ssl_stapling_verify/d' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
sed '/ssl_trusted_certificate/d' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
sed '/resolver/d' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
sed '/resolver_timeout/d' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
fi
|
|
|
|
|
|
sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
|
|
if [ -f "${CA_CERTIFICATES_PATH}" ]; then
|
|
sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
else
|
|
sed '/{{CA_CERTIFICATES_PATH}}/d' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
fi
|
|
|
|
sed '/certificate"/s!\(value\s*=\s*\"\).*\"!\1'${SSL_CERTIFICATE_PATH_PFX}'\"!' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
sed '/certificatePassword/s/\(value\s*=\s*\"\).*\"/\1'${SSL_CERTIFICATE_PATH_PFX_PWD}'\"/' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
sed '/startTls/s/\(value\s*=\s*\"\).*\"/\1optional\"/' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config;
|
|
|
|
sed "s/\"DefaultApiSchema\": \"http\"/\"DefaultApiSchema\": \"https\"/g" -i ${APP_CONFIG_DIR}/mail.production.json
|
|
|
|
else
|
|
cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-common.conf.template ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice;
|
|
fi
|
|
|
|
|
|
sed -i '1d' /etc/logrotate.d/nginx
|
|
sed '1 i\/var/log/nginx/*.log /var/log/onlyoffice/nginx.*.log {' -i /etc/logrotate.d/nginx
|
|
|
|
if [ ${DOCKER_APP_SUBNET} ]; then
|
|
sed 's,{{DOCKER_APP_SUBNET}},'"${DOCKER_APP_SUBNET}"',' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
else
|
|
sed '/{{DOCKER_APP_SUBNET}}/d' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice
|
|
fi
|
|
|
|
if [ ${APP_SERVICES_INTERNAL_HOST} ]; then
|
|
sed "s/localhost/${APP_SERVICES_INTERNAL_HOST}/" -i ${NGINX_CONF_DIR}/includes/onlyoffice-communityserver-services.conf
|
|
fi
|
|
|
|
if [ "${DOCUMENT_SERVER_JWT_ENABLED}" == "true" ]; then
|
|
sed '/files\.docservice\.secret/s!\(value\s*=\s*\"\)[^\"]*\"!\1'${DOCUMENT_SERVER_JWT_SECRET}'\"!' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
sed '/files\.docservice\.secret.header/s!\(value\s*=\s*\"\)[^\"]*\"!\1'${DOCUMENT_SERVER_JWT_HEADER}'\"!' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
sed '/files\.docservice\.secret/s!\(value\s*=\s*\"\)[^\"]*\"!\1'${DOCUMENT_SERVER_JWT_SECRET}'\"!' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
sed '/files\.docservice\.secret.header/s!\(value\s*=\s*\"\)[^\"]*\"!\1'${DOCUMENT_SERVER_JWT_HEADER}'\"!' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
fi
|
|
|
|
if [ "${DOCUMENT_SERVER_ENABLED}" == "true" ]; then
|
|
|
|
cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-proxy-to-documentserver.conf.template ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-proxy-to-documentserver.conf;
|
|
|
|
sed 's,{{DOCUMENT_SERVER_HOST_ADDR}},'"${DOCUMENT_SERVER_PROTOCOL}:\/\/${DOCUMENT_SERVER_HOST}"',' -i ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-proxy-to-documentserver.conf;
|
|
|
|
# change web.appsettings link to editor
|
|
sed '/files\.docservice\.url\.internal/s!\(value\s*=\s*\"\)[^\"]*\"!\1'${DOCUMENT_SERVER_PROTOCOL}':\/\/'${DOCUMENT_SERVER_HOST}'\/\"!' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
sed '/files\.docservice\.url\.public/s!\(value\s*=\s*\"\)[^\"]*\"!\1'${DOCUMENT_SERVER_API_URL}'\/\"!' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
|
|
sed '/files\.docservice\.url\.internal/s!\(value\s*=\s*\"\)[^\"]*\"!\1'${DOCUMENT_SERVER_PROTOCOL}':\/\/'${DOCUMENT_SERVER_HOST}'\/\"!' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
sed '/files\.docservice\.url\.public/s!\(value\s*=\s*\"\)[^\"]*\"!\1'${DOCUMENT_SERVER_API_URL}'\/\"!' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
|
|
if [ -n "${DOCKER_APP_SUBNET}" ] && [ -n "${SERVER_HOST}" ]; then
|
|
sed '/files\.docservice\.url\.portal/s!\(value\s*=\s*\"\)[^\"]*\"!\1http:\/\/'${SERVER_HOST}'\"!' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
sed '/files\.docservice\.url\.portal/s!\(value\s*=\s*\"\)[^\"]*\"!\1http:\/\/'${SERVER_HOST}'\"!' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config
|
|
fi
|
|
|
|
if [ "$WORKSPACE_ENTERPRISE" == "true" ]; then
|
|
sed "/license\.file\.path/s!value=\".*\"!value=\"${LICENSE_FILE_PATH}\"!g" -i ${APP_ROOT_DIR}/web.appsettings.config;
|
|
sed "/license\.file\.path/s!value=\".*\"!value=\"${LICENSE_FILE_PATH}\"!g" -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config;
|
|
|
|
if [ ! -f ${LICENSE_FILE_PATH} ]; then
|
|
|
|
mysql --defaults-extra-file="$MYSQL_CLIENT_CONFIG" --skip-column-names -D ${MYSQL_SERVER_DB_NAME} <<EOF || true
|
|
INSERT IGNORE INTO tenants_quota (tenant, name, max_file_size, max_total_size, active_users, features)
|
|
SELECT -1000, 'start_trial', max_file_size, max_total_size, active_users, CONCAT(features, ',trial')
|
|
FROM tenants_quota
|
|
WHERE tenant = -1;
|
|
INSERT IGNORE INTO tenants_tariff (id, tenant, tariff, stamp) VALUES ('1000','-1', '-1000', NOW() + INTERVAL 30 DAY);
|
|
EOF
|
|
|
|
fi
|
|
|
|
|
|
|
|
fi
|
|
fi
|
|
|
|
if [ "${MAIL_SERVER_ENABLED}" == "true" ]; then
|
|
|
|
timeout=120;
|
|
interval=10;
|
|
|
|
while [ "$interval" -lt "$timeout" ] ; do
|
|
interval=$((${interval} + 10));
|
|
|
|
MAIL_SERVER_HOSTNAME=$(mysql --defaults-extra-file="$MYSQL_MAIL_CONFIG" --skip-column-names \
|
|
-D "${MAIL_SERVER_DB_NAME}" -e "SELECT Comment from greylisting_whitelist where Source='SenderIP:${MAIL_SERVER_API_HOST}' limit 1;");
|
|
if [[ "$?" -eq "0" ]] && [[ -n ${MAIL_SERVER_HOSTNAME} ]]; then
|
|
break;
|
|
fi
|
|
|
|
sleep 10;
|
|
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "Waiting MAIL SERVER DB...";
|
|
fi
|
|
|
|
done
|
|
|
|
# change web.appsettings
|
|
sed -r '/web\.hide-settings/s/,AdministrationPage//' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
|
|
MYSQL_MAIL_SERVER_ID=$(mysql_scalar_exec "select id from mail_server_server where mx_record='${MAIL_SERVER_HOSTNAME}' limit 1");
|
|
|
|
|
|
echo "MYSQL mail server id '${MYSQL_MAIL_SERVER_ID}'";
|
|
|
|
SENDER_IP="";
|
|
|
|
if check_ip_is_internal $DOCKER_APP_SUBNET $MAIL_SERVER_API_HOST; then
|
|
SENDER_IP=$(hostname -i);
|
|
if [[ -n ${MAIL_DOMAIN_NAME} ]]; then
|
|
echo "$(dig +short myip.opendns.com @resolver1.opendns.com) ${MAIL_DOMAIN_NAME}" >> /etc/hosts
|
|
fi
|
|
elif [[ "$(dig +short myip.opendns.com @resolver1.opendns.com)" =~ $VALID_IP_ADDRESS_REGEX ]]; then
|
|
SENDER_IP=$(dig +short myip.opendns.com @resolver1.opendns.com);
|
|
log_debug "External ip $SENDER_IP is valid";
|
|
else
|
|
SENDER_IP=$(hostname -i);
|
|
fi
|
|
|
|
|
|
mysql --defaults-extra-file="$MYSQL_MAIL_CONFIG" --skip-column-names -D "${MAIL_SERVER_DB_NAME}" \
|
|
-e "DELETE FROM greylisting_whitelist WHERE Comment='onlyoffice-community-server';";
|
|
|
|
mysql --defaults-extra-file="$MYSQL_MAIL_CONFIG" --skip-column-names -D "${MAIL_SERVER_DB_NAME}" \
|
|
-e "REPLACE INTO greylisting_whitelist (Source, Comment, Disabled) VALUES (\"SenderIP:${SENDER_IP}\", 'onlyoffice-community-server', 0);";
|
|
|
|
if [ -z ${MYSQL_MAIL_SERVER_ID} ]; then
|
|
|
|
|
|
mysql_scalar_exec <<END
|
|
ALTER TABLE mail_server_server CHANGE COLUMN connection_string connection_string TEXT NOT NULL AFTER mx_record;
|
|
ALTER TABLE mail_server_domain ADD COLUMN date_checked DATETIME NOT NULL DEFAULT '1975-01-01 00:00:00' AFTER date_added;
|
|
ALTER TABLE mail_server_domain ADD COLUMN is_verified TINYINT(1) UNSIGNED NOT NULL DEFAULT '0' AFTER date_checked;
|
|
END
|
|
|
|
id1=$(mysql_scalar_exec "INSERT INTO mail_mailbox_server (id_provider, type, hostname, port, socket_type, username, authentication, is_user_data) VALUES (-1, 'imap', '${MAIL_SERVER_HOSTNAME}', 143, 'STARTTLS', '%EMAILADDRESS%', '', 0);SELECT LAST_INSERT_ID();");
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "id1 is '${id1}'";
|
|
fi
|
|
|
|
id2=$(mysql_scalar_exec "INSERT INTO mail_mailbox_server (id_provider, type, hostname, port, socket_type, username, authentication, is_user_data) VALUES (-1, 'smtp', '${MAIL_SERVER_HOSTNAME}', 587, 'STARTTLS', '%EMAILADDRESS%', '', 0);SELECT LAST_INSERT_ID();");
|
|
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "id2 is '${id2}'";
|
|
fi
|
|
|
|
else
|
|
id1=$(mysql_scalar_exec "select imap_settings_id from mail_server_server where mx_record='${MAIL_SERVER_HOSTNAME}' limit 1");
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "id1 is '${id1}'";
|
|
fi
|
|
|
|
id2=$(mysql_scalar_exec "select smtp_settings_id from mail_server_server where mx_record='${MAIL_SERVER_HOSTNAME}' limit 1");
|
|
if [ ${LOG_DEBUG} ]; then
|
|
log_debug "id2 is '${id2}'";
|
|
fi
|
|
|
|
mysql_scalar_exec <<END
|
|
UPDATE mail_mailbox_server SET id_provider=-1, hostname='${MAIL_SERVER_HOSTNAME}' WHERE id in (${id1}, ${id2});
|
|
END
|
|
fi
|
|
|
|
interval=10;
|
|
while [ "$interval" -lt "$timeout" ] ; do
|
|
interval=$((${interval} + 10));
|
|
|
|
MYSQL_MAIL_SERVER_ACCESS_TOKEN=$(mysql --defaults-extra-file="$MYSQL_MAIL_CONFIG" --skip-column-names \
|
|
-D "${MAIL_SERVER_DB_NAME}" -e "select access_token from api_keys where id=1;");
|
|
if [[ "$?" -eq "0" ]] && [[ -n ${MYSQL_MAIL_SERVER_ACCESS_TOKEN} ]]; then
|
|
break;
|
|
fi
|
|
sleep 10;
|
|
done
|
|
|
|
if [ ${LOG_DEBUG} ]; then
|
|
echo "mysql mail server access token is ${MYSQL_MAIL_SERVER_ACCESS_TOKEN}";
|
|
fi
|
|
|
|
MAIL_SERVER_API_HOST_ADDRESS=${MAIL_SERVER_API_HOST};
|
|
if [[ $MAIL_SERVER_DB_HOST == "onlyoffice-mail-server" ]]; then
|
|
MAIL_SERVER_API_HOST_ADDRESS=${MAIL_SERVER_DB_HOST};
|
|
fi
|
|
|
|
mysql_scalar_exec "DELETE FROM mail_server_server;"
|
|
mysql_scalar_exec "INSERT INTO mail_server_server (mx_record, connection_string, server_type, smtp_settings_id, imap_settings_id) \
|
|
VALUES ('${MAIL_SERVER_HOSTNAME}', '{\"DbConnection\" : \"Server=${MAIL_SERVER_DB_HOST};Database=${MAIL_SERVER_DB_NAME};User ID=${MAIL_SERVER_DB_USER};Password=${MAIL_SERVER_DB_PASS};Pooling=True;Character Set=utf8;AutoEnlist=false;SSL Mode=None;Connection Timeout=30;Maximum Pool Size=300;\", \"Api\":{\"Protocol\":\"http\", \"Server\":\"${MAIL_SERVER_API_HOST_ADDRESS}\", \"Port\":\"${MAIL_SERVER_API_PORT}\", \"Version\":\"v1\",\"Token\":\"${MYSQL_MAIL_SERVER_ACCESS_TOKEN}\"}}', 2, '${id2}', '${id1}');"
|
|
fi
|
|
|
|
if [ "${CONTROL_PANEL_ENABLED}" == "true" ]; then
|
|
cp ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-proxy-to-controlpanel.conf.template ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-proxy-to-controlpanel.conf;
|
|
sed 's,{{CONTROL_PANEL_HOST_ADDR}},'"${CONTROL_PANEL_PORT_80_TCP_ADDR}"',' -i ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-proxy-to-controlpanel.conf;
|
|
sed 's,{{SERVICE_SSO_AUTH_HOST_ADDR}},'"${SERVICE_SSO_AUTH_HOST_ADDR}"',' -i ${NGINX_ROOT_DIR}/includes/onlyoffice-communityserver-proxy-to-controlpanel.conf;
|
|
|
|
# change web.appsettings link to controlpanel
|
|
sed '/web\.controlpanel\.url/s/\(value\s*=\s*\"\)[^\"]*\"/\1\/controlpanel\/\"/' -i ${APP_ROOT_DIR}/web.appsettings.config;
|
|
sed '/web\.controlpanel\.url/s/\(value\s*=\s*\"\)[^\"]*\"/\1\/controlpanel\/\"/' -i ${APP_SERVICES_DIR}/TeamLabSvc/TeamLabSvc.exe.config;
|
|
fi
|
|
|
|
if [ "${APP_MODE}" == "SERVER" ]; then
|
|
|
|
|
|
for serverID in $(seq 1 ${APP_MONOSERVE_COUNT});
|
|
do
|
|
if [ $serverID == 1 ]; then
|
|
sed '/web.warmup.count/s/value=\"\S*\"/value=\"'${APP_MONOSERVE_COUNT}'\"/g' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
sed '/web.warmup.domain/s/value=\"\S*\"/value=\"localhost\/warmup\"/g' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
|
|
sed "s^\(machine_key\)\s*=.*^\1 = ${APP_CORE_MACHINEKEY//^/\\^}^g" -i ${APP_SERVICES_DIR}/TeamLabSvc/radicale.config
|
|
|
|
binDirs=("$APP_APISYSTEM_DIR" "$APP_SERVICES_DIR" "$APP_ROOT_DIR" "$APP_CONFIG_DIR")
|
|
for i in "${!binDirs[@]}"; do
|
|
find "${binDirs[$i]}" -type f -name "*.[cC]onfig" -exec sed -i "/core.\machinekey/s_\(value\s*=\s*\"\)[^\"]*\"_\1${APP_CORE_MACHINEKEY//_/\\_}\"_" {} \;
|
|
find "${binDirs[$i]}" -type f -name "*.json" -exec sed -i "s_\(\"core.machinekey\":\|\"machinekey\":\).*,_\1 \"${APP_CORE_MACHINEKEY//_/\\_}\",_" {} \;
|
|
done
|
|
|
|
continue;
|
|
fi
|
|
|
|
rm -rfd ${APP_ROOT_DIR}$serverID;
|
|
|
|
if [ -d "${APP_ROOT_DIR}$serverID" ]; then
|
|
rm -rfd ${APP_ROOT_DIR}$serverID;
|
|
fi
|
|
|
|
cp -R ${APP_ROOT_DIR} ${APP_ROOT_DIR}$serverID;
|
|
chown -R onlyoffice:onlyoffice ${APP_ROOT_DIR}$serverID;
|
|
|
|
sed '/web.warmup.count/s/value=\"\S*\"/value=\"'${APP_MONOSERVE_COUNT}'\"/g' -i ${APP_ROOT_DIR}$serverID/web.appsettings.config
|
|
sed '/web.warmup.domain/s/value=\"\S*\"/value=\"localhost\/warmup'${serverID}'\"/g' -i ${APP_ROOT_DIR}$serverID/web.appsettings.config
|
|
|
|
sed '/conversionPattern\s*value=\"%folder{LogDirectory}/s!web!web'${serverID}'!g' -i ${APP_ROOT_DIR}$serverID/web.log4net.config;
|
|
|
|
|
|
cp ${APP_MONOSERVER_PATH} ${APP_MONOSERVER_PATH}$serverID;
|
|
|
|
sed 's/monoserve/monoserve'${serverID}'/g' -i ${APP_MONOSERVER_PATH}$serverID;
|
|
sed 's/onlyoffice\.socket/onlyoffice'${serverID}'\.socket/g' -i ${APP_MONOSERVER_PATH}$serverID;
|
|
sed 's/\/etc\/hyperfastcgi\/onlyoffice/\/etc\/hyperfastcgi\/onlyoffice'${serverID}'/g' -i ${APP_MONOSERVER_PATH}$serverID;
|
|
|
|
cp ${APP_HYPERFASTCGI_PATH} ${APP_HYPERFASTCGI_PATH}$serverID;
|
|
|
|
sed 's,'${APP_ROOT_DIR}','${APP_ROOT_DIR}''${serverID}',g' -i ${APP_HYPERFASTCGI_PATH}$serverID;
|
|
sed 's/onlyoffice\.socket/onlyoffice'${serverID}'\.socket/g' -i ${APP_HYPERFASTCGI_PATH}$serverID;
|
|
|
|
cp ${APP_GOD_DIR}/monoserve.god ${APP_GOD_DIR}/monoserve$serverID.god;
|
|
sed 's/onlyoffice\.socket/onlyoffice'${serverID}'\.socket/g' -i ${APP_GOD_DIR}/monoserve$serverID.god;
|
|
sed 's/monoserve/monoserve'${serverID}'/g' -i ${APP_GOD_DIR}/monoserve$serverID.god;
|
|
|
|
sed '/onlyoffice'${serverID}'.socket/d' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice;
|
|
sed '/onlyoffice'${serverID}'.socket/d' -i ${NGINX_CONF_DIR}/onlyoffice;
|
|
|
|
grepLine="$(sed -n 's/onlyoffice\.socket/onlyoffice'${serverID}'.socket/p' ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice | tr -d '\t' | tr -d '\n')";
|
|
|
|
sed '/fastcgi_backend\s*{/ a '"${grepLine}"'' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice;
|
|
sed '/fastcgi_backend\s*{/ a '"${grepLine}"'' -i ${NGINX_CONF_DIR}/onlyoffice;
|
|
|
|
sed '/monoserve'${serverID}'/d' -i ${APP_CRON_PATH};
|
|
sed '/warmup'${serverID}'/d' -i ${APP_CRON_PATH};
|
|
|
|
grepLine="$(sed -n 's/monoserve\s*restart/monoserve'${serverID}' restart/p' ${APP_CRON_PATH} | tr -d '\t' | tr -d '\n')";
|
|
|
|
sed '$a\'"${grepLine}"'' -i ${APP_CRON_PATH};
|
|
|
|
grepLine="$(sed -n 's/warmup1/warmup'${serverID}'/p' ${APP_CRON_PATH} | tr -d '\t' | tr -d '\n')";
|
|
|
|
sed '$a\'"${grepLine}"'' -i ${APP_CRON_PATH};
|
|
done
|
|
|
|
|
|
fi
|
|
|
|
sed 's/{{APP_NIGNX_KEEPLIVE}}/'$((32*${APP_MONOSERVE_COUNT}))'/g' -i ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice;
|
|
|
|
bash -c 'echo "onlyoffice ALL=(ALL) NOPASSWD: /usr/sbin/service" | (EDITOR="tee -a" visudo)'
|
|
|
|
|
|
ping_onlyoffice() {
|
|
timeout=6;
|
|
interval=1;
|
|
|
|
while [ "$interval" -le "$timeout" ] ; do
|
|
interval=$((${interval} + 1));
|
|
status_code=$(curl -LI $1 -o /dev/null -w '%{http_code}\n' -s);
|
|
|
|
echo "ping monoserve get status_code: $status_code";
|
|
|
|
if [ "$status_code" == "200" ]; then
|
|
wget -qO- --retry-connrefused --no-check-certificate --waitretry=15 -t 0 --continue $1 &> /dev/null;
|
|
break;
|
|
fi
|
|
|
|
sleep 5s;
|
|
done
|
|
|
|
}
|
|
|
|
if [ "${REDIS_SERVER_EXTERNAL}" == "true" ]; then
|
|
sed '/redis-cli/d' -i ${APP_CRON_PATH}
|
|
|
|
service redis-server stop
|
|
systemctl disable redis-server.service
|
|
rm -f /lib/systemd/system/redis-server.service
|
|
rm -f /etc/init.d/redis-server
|
|
else
|
|
systemctl enable redis-server.service
|
|
service redis-server start
|
|
|
|
redis-cli config set save ""
|
|
redis-cli config rewrite
|
|
redis-cli flushall
|
|
|
|
service redis-server stop
|
|
fi
|
|
|
|
if [ "${APP_MODE}" == "SERVICES" ]; then
|
|
systemctl disable nginx.service
|
|
systemctl disable monoserveApiSystem.service
|
|
|
|
rm -f "${APP_GOD_DIR}"/monoserveApiSystem.god;
|
|
rm -f /lib/systemd/system.d/monoserveApiSystem.service
|
|
|
|
for serverID in $(seq 1 ${APP_MONOSERVE_COUNT});
|
|
do
|
|
index=$serverID;
|
|
|
|
if [ $index == 1 ]; then
|
|
index="";
|
|
fi
|
|
|
|
rm -f "${APP_GOD_DIR}"/monoserve$index.god;
|
|
systemctl stop monoserve$index
|
|
systemctl disable monoserve$index.service
|
|
|
|
rm -f /lib/systemd/system/monoserve$index.service
|
|
done
|
|
|
|
sed '/monoserve/d' -i ${APP_CRON_PATH}
|
|
sed '/warmup/d' -i ${APP_CRON_PATH}
|
|
|
|
else
|
|
systemctl enable monoserveApiSystem.service
|
|
|
|
for serverID in $(seq 1 ${APP_MONOSERVE_COUNT});
|
|
do
|
|
index=$serverID;
|
|
|
|
if [ $index == 1 ]; then
|
|
index="";
|
|
fi
|
|
|
|
systemctl enable monoserve$index.service
|
|
done
|
|
|
|
chown -R onlyoffice:onlyoffice /var/log/onlyoffice
|
|
chown -R onlyoffice:onlyoffice ${APP_DIR}/DocumentServerData
|
|
|
|
if [ "$(ls -alhd ${APP_DATA_DIR} | awk '{ print $3 }')" != "onlyoffice" ]; then
|
|
chown -R onlyoffice:onlyoffice ${APP_DATA_DIR}
|
|
fi
|
|
|
|
if [ ! -d "$APP_INDEX_DIR" ]; then
|
|
mysql_scalar_exec "TRUNCATE webstudio_index";
|
|
fi
|
|
|
|
mkdir -p "$LOG_DIR/Index"
|
|
mkdir -p "$APP_INDEX_DIR"
|
|
|
|
if [ "$(ls -alhd $APP_INDEX_DIR | awk '{ print $3 }')" != "elasticsearch" ]; then
|
|
chown -R elasticsearch:elasticsearch "$APP_INDEX_DIR"
|
|
fi
|
|
|
|
chown -R elasticsearch:elasticsearch "$LOG_DIR/Index"
|
|
fi
|
|
|
|
|
|
# setup xmppserver
|
|
if dpkg -l | grep -q "onlyoffice-xmppserver"; then
|
|
sed '/web\.talk/s/value=\"\S*\"/value=\"true\"/g' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
sed '/web\.chat/s/value=\"\S*\"/value=\"false\"/g' -i ${APP_ROOT_DIR}/web.appsettings.config
|
|
fi
|
|
|
|
systemctl stop onlyofficeRadicale
|
|
systemctl stop onlyofficeTelegram
|
|
systemctl stop onlyofficeSocketIO
|
|
systemctl stop onlyofficeThumb
|
|
systemctl stop onlyofficeFeed
|
|
systemctl stop onlyofficeIndex
|
|
systemctl stop onlyofficeJabber
|
|
systemctl stop onlyofficeMailAggregator
|
|
systemctl stop onlyofficeMailWatchdog
|
|
systemctl stop onlyofficeMailCleaner
|
|
systemctl stop onlyofficeMailImap
|
|
systemctl stop onlyofficeNotify
|
|
systemctl stop onlyofficeBackup
|
|
systemctl stop onlyofficeStorageMigrate
|
|
systemctl stop onlyofficeStorageEncryption
|
|
systemctl stop onlyofficeUrlShortener
|
|
systemctl stop onlyofficeThumbnailBuilder
|
|
systemctl stop onlyofficeFilesTrashCleaner
|
|
|
|
systemctl stop god
|
|
systemctl enable god
|
|
|
|
systemctl stop elasticsearch
|
|
systemctl stop redis-server
|
|
mysqladmin shutdown
|
|
systemctl stop nginx
|
|
|
|
systemctl stop monoserveApiSystem.service
|
|
systemctl enable monoserveApiSystem.service
|
|
|
|
for serverID in $(seq 1 ${APP_MONOSERVE_COUNT});
|
|
do
|
|
index=$serverID;
|
|
|
|
if [ $index == 1 ]; then
|
|
index="";
|
|
fi
|
|
|
|
|
|
systemctl stop monoserve$index.service
|
|
systemctl enable monoserve$index.service
|
|
done
|
|
|
|
if [ "${APP_SERVICES_EXTERNAL}" == "true" ]; then
|
|
rm -f "${APP_GOD_DIR}"/onlyoffice.god;
|
|
rm -f "${APP_GOD_DIR}"/mail.god;
|
|
|
|
systemctl disable onlyofficeRadicale.service
|
|
systemctl disable onlyofficeTelegram.service
|
|
systemctl disable onlyofficeSocketIO.service
|
|
systemctl disable onlyofficeThumb.service
|
|
systemctl disable onlyofficeFeed.service
|
|
systemctl disable onlyofficeIndex.service
|
|
systemctl disable onlyofficeJabber.service
|
|
systemctl disable onlyofficeMailAggregator.service
|
|
systemctl disable onlyofficeMailWatchdog.service
|
|
systemctl disable onlyofficeMailCleaner.service
|
|
systemctl disable onlyofficeMailImap.service
|
|
systemctl disable onlyofficeNotify.service
|
|
systemctl disable onlyofficeBackup.service
|
|
systemctl disable onlyofficeStorageMigrate.service
|
|
systemctl disable onlyofficeStorageEncryption.service
|
|
systemctl disable onlyofficeUrlShortener.service
|
|
systemctl disable onlyofficeThumbnailBuilder.service
|
|
systemctl disable onlyofficeFilesTrashCleaner.service
|
|
|
|
rm -f /lib/systemd/system/onlyofficeRadicale.service
|
|
rm -f /lib/systemd/system/onlyofficeTelegram.service
|
|
rm -f /lib/systemd/system/onlyofficeSocketIO.service
|
|
rm -f /lib/systemd/system/onlyofficeThumb.service
|
|
rm -f /lib/systemd/system/onlyofficeFeed.service
|
|
rm -f /lib/systemd/system/onlyofficeIndex.service
|
|
rm -f /lib/systemd/system/onlyofficeJabber.service
|
|
rm -f /lib/systemd/system/onlyofficeMailAggregator.service
|
|
rm -f /lib/systemd/system/onlyofficeMailWatchdog.service
|
|
rm -f /lib/systemd/system/onlyofficeMailCleaner.service
|
|
rm -f /lib/systemd/system/onlyofficeMailImap.service
|
|
rm -f /lib/systemd/system/onlyofficeNotify.service
|
|
rm -f /lib/systemd/system/onlyofficeBackup.service
|
|
rm -f /lib/systemd/system/onlyofficeStorageMigrate.sevice
|
|
rm -f /lib/systemd/system/onlyofficeStorageEncryption.sevice
|
|
rm -f /lib/systemd/system/onlyofficeUrlShortener.service
|
|
rm -f /lib/systemd/system/onlyofficeThumbnailBuilder.service
|
|
rm -f /lib/systemd/system/onlyofficeFilesTrashCleaner.service
|
|
|
|
sed '/onlyoffice/d' -i ${APP_CRON_PATH}
|
|
else
|
|
systemctl enable onlyofficeRadicale.service
|
|
systemctl enable onlyofficeTelegram.service
|
|
systemctl enable onlyofficeSocketIO.service
|
|
systemctl enable onlyofficeThumb.service
|
|
systemctl enable onlyofficeFeed.service
|
|
systemctl enable onlyofficeIndex.service
|
|
systemctl enable onlyofficeJabber.service
|
|
systemctl enable onlyofficeMailAggregator.service
|
|
systemctl enable onlyofficeMailWatchdog.service
|
|
systemctl enable onlyofficeMailCleaner.service
|
|
systemctl enable onlyofficeMailImap.service
|
|
systemctl enable onlyofficeNotify.service
|
|
systemctl enable onlyofficeBackup.service
|
|
systemctl enable onlyofficeStorageMigrate.service
|
|
systemctl enable onlyofficeStorageEncryption.service
|
|
systemctl enable onlyofficeUrlShortener.service
|
|
systemctl enable onlyofficeThumbnailBuilder.service
|
|
systemctl enable onlyofficeFilesTrashCleaner.service
|
|
fi
|
|
|
|
if [ "${APP_MODE}" == "SERVER" ]; then
|
|
mv ${SYSCONF_TEMPLATES_DIR}/nginx/prepare-onlyoffice ${NGINX_CONF_DIR}/onlyoffice
|
|
service nginx stop
|
|
systemctl enable nginx.service
|
|
fi
|
|
|
|
PID=$(ps auxf | grep cron | grep -v grep | awk '{print $2}')
|
|
|
|
if [ ${ELASTICSEARCH_SERVER_HOST} ]; then
|
|
service elasticsearch stop
|
|
systemctl disable elasticsearch.service
|
|
rm -f /usr/lib/systemd/system/elasticsearch.service
|
|
rm -f /etc/init.d/elasticsearch
|
|
else
|
|
sed "s,\(\TimeoutStartSec=\).*,\1"300"," -i /usr/lib/systemd/system/elasticsearch.service #Fix error 'Failed with result timeout'
|
|
systemctl daemon-reload
|
|
systemctl enable elasticsearch.service
|
|
fi
|
|
|
|
if [ -n "$PID" ]; then
|
|
kill -9 $PID
|
|
fi
|
|
|
|
# clear nginx & mono cache
|
|
rm -dfr /tmp/onlyoffice* || true
|
|
rm -dfr /var/run/onlyoffice/* || true
|
|
rm -dfr /var/cache/nginx/onlyoffice/* || true
|
|
|
|
|
|
if [ "${DOCKER_ENABLED}" == "true" ]; then
|
|
exec /lib/systemd/systemd
|
|
fi
|