Add ability run as non-root user

2025-04-18 15:04:02 +03:00 · 2020-01-24 15:25:30 +03:00 · 2020-01-24 15:25:30 +03:00 · 2e8adabd2b
commit 2e8adabd2b
parent 1579917515
11 changed files with 188 additions and 230 deletions
--- a/.env
+++ b/.env
@ -0,0 +1 @@
+COMPANY_NAME=onlyoffice
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+var/*
--- a/30
+++ b/30
@ -3,25 +3,39 @@ FROM centos:7
 LABEL maintainer Ascensio System SIA <support@onlyoffice.com>

 ARG COMPANY_NAME=onlyoffice
-ARG PRODUCT_NAME=documentserver
+ARG PRODUCT_URL=http://download.onlyoffice.com/install/documentserver/linux/onlyoffice-documentserver-ie.x86_64.rpm

 ENV COMPANY_NAME=$COMPANY_NAME

 RUN yum -y install \
-        http://download.onlyoffice.com/repo/centos/main/noarch/onlyoffice-repo.noarch.rpm && \
-    yum -y install \
        epel-release \
+        curl \
        sudo && \
+    curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \
    yum -y updateinfo && \
+    groupadd --system --gid 101 ds && \
+    useradd --system -g ds --no-create-home --shell /sbin/nologin --uid 101 ds && \
    yum -y install \
-        $COMPANY_NAME-$PRODUCT_NAME \
-        nc
+        $PRODUCT_URL \
+        nc && \
+    chmod a+r /etc/$COMPANY_NAME/documentserver*/*.json && \
+    chmod a+r /etc/$COMPANY_NAME/documentserver/log4js/*.json && \
+    sed '/user=.*/d' -i /etc/supervisord.d/ds-*.ini && \
+    sed 's,\(listen.\+:\)\([0-9]\+\)\(.*;\),'"\18888\3"',' \
+        -i /etc/nginx/conf.d/ds.conf

-COPY config /app/ds/setup/config/
+RUN chmod 755 /var/log/nginx && \
+    ln -sf /dev/stderr /var/log/nginx/error.log
+
+COPY config/nginx/includes/http-common.conf /etc/nginx/includes/http-common.conf
+COPY config/nginx/nginx.conf /etc/nginx/nginx.conf
+COPY config/supervisor/supervisord.conf /etc/supervisord.conf
 COPY run-document-server.sh /app/ds/run-document-server.sh

-EXPOSE 8000 8080 3000
+EXPOSE 8000 8080 3000 8888

-VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/$COMPANY_NAME/Data /usr/share/fonts/truetype/custom
+VOLUME /var/log/$COMPANY_NAME /var/lib/$COMPANY_NAME /var/www/onlyoffice/$COMPANY_NAME-example/public/files /var/log/nginx
+
+USER 101

 ENTRYPOINT /app/ds/run-document-server.sh
--- a/46
+++ b/46
@ -0,0 +1,46 @@
+COMPANY_NAME ?= onlyoffice
+GIT_BRANCH ?= develop
+PRODUCT_NAME ?= documentserver-ie
+PRODUCT_VERSION ?= 0.0.0
+BUILD_NUMBER ?= 0
+
+PACKAGE_VERSION := $(PRODUCT_VERSION)-$(BUILD_NUMBER)
+
+PRODUCT_URL := "http://repo-doc-onlyoffice-com.s3-eu-west-1.amazonaws.com/centos/7/$(COMPANY_NAME)-$(PRODUCT_NAME)/$(GIT_BRANCH)/$(PACKAGE_VERSION)/$(COMPANY_NAME)-$(PRODUCT_NAME)-$(PACKAGE_VERSION).x86_64.rpm"
+
+UPDATE_LATEST := false
+
+ifneq (,$(findstring develop,$(GIT_BRANCH)))
+DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))
+DOCKER_TAGS += latest
+else ifneq (,$(findstring release,$(GIT_BRANCH)))
+DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))
+else ifneq (,$(findstring hotfix,$(GIT_BRANCH)))
+DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))
+else
+DOCKER_TAGS += $(subst -,.,$(PACKAGE_VERSION))-$(subst /,-,$(GIT_BRANCH))
+endif
+
+DOCKER_REPO = $(subst -,,$(COMPANY_NAME))/4testing-$(PRODUCT_NAME)-base
+
+COLON := __colon__
+DOCKER_TARGETS := $(foreach TAG,$(DOCKER_TAGS),$(DOCKER_REPO)$(COLON)$(TAG))
+
+.PHONY: all clean clean-docker deploy docker
+
+$(DOCKER_TARGETS): $(DEB_REPO_DATA)
+
+	sudo docker build --build-arg PRODUCT_URL=$(PRODUCT_URL) --build-arg COMPANY_NAME=$(COMPANY_NAME) -t $(subst $(COLON),:,$@) . &&\
+	mkdir -p $$(dirname $@) &&\
+	echo "Done" > $@
+
+all: $(DOCKER_TARGETS)
+
+clean:
+	rm -rfv $(DOCKER_TARGETS)
+		
+clean-docker:
+	sudo docker rmi -f $$(sudo docker images -q $(COMPANY_NAME)/*) || exit 0
+
+deploy: $(DOCKER_TARGETS)
+	$(foreach TARGET,$(DOCKER_TARGETS),sudo docker push $(subst $(COLON),:,$(TARGET));)
--- a/config/nginx/includes/http-common.conf
+++ b/config/nginx/includes/http-common.conf
@ -0,0 +1,27 @@
+include /etc/nginx/includes/http-upstream.conf;
+map $http_host $this_host {
+    "" $host;
+    default $http_host;
+}
+
+map $http_x_forwarded_proto $the_scheme {
+     default $http_x_forwarded_proto;
+     "" $scheme;
+}
+
+map $http_x_forwarded_host $the_host {
+    default $http_x_forwarded_host;
+    "" $this_host;
+}
+
+map $http_upgrade $proxy_connection {
+  default upgrade;
+  "" close;
+}
+
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection $proxy_connection;
+proxy_set_header X-Forwarded-Host $the_host;
+proxy_set_header X-Forwarded-Proto $the_scheme;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@ -1,7 +1,6 @@
-user nginx;
 worker_processes 1;
-error_log /var/log/nginx/error.log;
-pid /run/nginx.pid;
+error_log /tmp/nginx.error.log;
+pid /tmp/nginx.pid;

 # Load dynamic modules. See /usr/share/nginx/README.dynamic.
 include /usr/share/nginx/modules/*.conf;
@ -26,6 +25,12 @@ http {
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

+    client_body_temp_path /tmp/client_temp;
+    proxy_temp_path       /tmp/proxy_temp_path;
+    fastcgi_temp_path     /tmp/fastcgi_temp;
+    uwsgi_temp_path       /tmp/uwsgi_temp;
+    scgi_temp_path        /tmp/scgi_temp;
+
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
--- a/config/supervisor/supervisord.conf
+++ b/config/supervisor/supervisord.conf
@ -4,9 +4,10 @@
 port = 127.0.0.1:9001

 [supervisord]
-logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
-pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
-childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)
+logfile=/dev/stdout ; (main log file;default $CWD/supervisord.log)
+logfile_maxbytes = 0 ; (disable log rotation for none seekable file)
+pidfile=/tmp/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
+; childlogdir=/var/log/supervisor            ; ('AUTO' child log dir, default $TEMP)

 ; the below section must remain in the config file for RPC
 ; (supervisorctl/web interface) to work, additional interfaces may be
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,42 +1,38 @@
 version: '2'
 services:
-  onlyoffice-documentserver-data:
-    container_name: onlyoffice-documentserver-data
-    image: onlyoffice/documentserver-base:latest
+  proxy:
+    container_name: proxy
+    build:
+      context: .
    environment:
-      - ONLYOFFICE_DATA_CONTAINER=true
-      - ONLYOFFICE_DS_NODE_HOST=onlyoffice-documentserver-node
-      - DB_HOST=onlyoffice-postgresql
-      - DB_PORT=5432
-      - DB_NAME=onlyoffice
-      - DB_USER=onlyoffice
-      - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq
-      - REDIS_SERVER_HOST=onlyoffice-redis
-      - REDIS_SERVER_PORT=6379
+      - DATA_CONTAINER=true
    stdin_open: true
    restart: always

    ports:
-      - '80:80'
-      - '443:443'
+      - '80:8888'
    volumes:
-       - /etc/onlyoffice
-       - /var/www/onlyoffice/Data
-       - /var/log/onlyoffice
-       - /var/lib/onlyoffice/documentserver/App_Data/cache/files
-       - /var/www/onlyoffice/documentserver-example/public/files
+       - /etc/${COMPANY_NAME}
+       - /var/www/${COMPANY_NAME}/Data
+      # - ./var/log/ds:/var/log/${COMPANY_NAME}
+      # - ./var/lib/ds:/var/lib/${COMPANY_NAME}
+      # - ./var/log/nginx:/var/log/nginx
+      # - ./var/lib/example:/var/www/${COMPANY_NAME}/documentserver-example/public/files
       - /usr/share/fonts
+       - ./local.json:/etc/${COMPANY_NAME}/documentserver/local.json
+       - ./http-upstream.conf:/etc/nginx/includes/http-upstream.conf
       
-  onlyoffice-documentserver:
-    image: onlyoffice/documentserver-base:latest
-    container_name: onlyoffice-documentserver-node
+  ds:
+    build:
+      context: .
+    container_name: ds
    depends_on:
-      - onlyoffice-documentserver-data
-      - onlyoffice-postgresql
-      - onlyoffice-redis
-      - onlyoffice-rabbitmq
+      - proxy
+      - postgresql
+      - redis
+      - rabbitmq
    environment:
-      - ONLYOFFICE_DATA_CONTAINER_HOST=onlyoffice-documentserver-data
+      - DATA_CONTAINER_HOST=proxy
    stdin_open: true
    restart: always
    expose:
@ -44,28 +40,28 @@ services:
      - '8000'
      - '8080'
    volumes_from:
-     - onlyoffice-documentserver-data
+     - proxy

-  onlyoffice-redis:
-    container_name: onlyoffice-redis
+  redis:
+    container_name: redis
    image: redis
    restart: always
    expose:
      - '6379'

-  onlyoffice-rabbitmq:
-    container_name: onlyoffice-rabbitmq
+  rabbitmq:
+    container_name: rabbitmq
    image: rabbitmq
    restart: always
    expose:
      - '5672'

-  onlyoffice-postgresql:
-    container_name: onlyoffice-postgresql
+  postgresql:
+    container_name: postgresql
    image: postgres:9.5
    environment:
-      - POSTGRES_DB=onlyoffice
-      - POSTGRES_USER=onlyoffice
+      - POSTGRES_DB=mydb
+      - POSTGRES_USER=myuser
    restart: always
    expose:
      - '5432'
--- a/http-upstream.conf
+++ b/http-upstream.conf
@ -0,0 +1,11 @@
+upstream docservice {  
+  server ds:8000;
+}
+
+upstream spellchecker {  
+  server ds:8080;
+}
+
+upstream example {  
+  server ds:3000;
+}
--- a/local.json
+++ b/local.json
@ -0,0 +1,20 @@
+{
+    "services": {
+        "CoAuthoring": {
+            "sql": {
+            "dbHost": "postgresql",
+            "dbPort": "5432",
+            "dbName": "mydb",
+            "dbUser": "myuser",
+            "dbPass": ""
+            },
+            "redis": {
+            "host": "redis",
+            "port": "6379"
+            }
+        }
+    },
+    "rabbitmq": {
+      "url": "amqp://guest:guest@rabbitmq"
+    }
+}  
--- a/run-document-server.sh
+++ b/run-document-server.sh
@ -4,87 +4,33 @@
 shopt -s globstar

 APP_DIR="/var/www/${COMPANY_NAME}/documentserver"
-DATA_DIR="/var/www/${COMPANY_NAME}/Data"
 LOG_DIR="/var/log/${COMPANY_NAME}"
 DS_LOG_DIR="${LOG_DIR}/documentserver"
 LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"

-ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
-ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
-ONLYOFFICE_DS_NODE_HOST=${ONLYOFFICE_DS_NODE_HOST:-localhost}
-ONLYOFFICE_DATA_CONTAINER_PORT=80
+DATA_CONTAINER=${DATA_CONTAINER:-false}
+DATA_CONTAINER_HOST=${DATA_CONTAINER_HOST:-localhost}
+DATA_CONTAINER_PORT=8888

-SYSCONF_TEMPLATES_DIR="/app/ds/setup/config"
-
-NGINX_ONLYOFFICE_PATH="${CONF_DIR}/nginx"
-NGINX_ONLYOFFICE_CONF="${NGINX_ONLYOFFICE_PATH}/ds.conf"
-NGINX_ONLYOFFICE_EXAMPLE_PATH="${CONF_DIR}-example/nginx"
-NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-example.conf"
-
-NGINX_CONFIG_PATH="/etc/nginx/nginx.conf"
-
-JWT_ENABLED=${JWT_ENABLED:-false}
-JWT_SECRET=${JWT_SECRET:-secret}
-JWT_HEADER=${JWT_HEADER:-Authorization}
-
-ONLYOFFICE_DEFAULT_CONFIG=${CONF_DIR}/local.json
-ONLYOFFICE_LOG4JS_CONFIG=${CONF_DIR}/log4js/production.json
-ONLYOFFICE_EXAMPLE_CONFIG=${CONF_DIR}-example/local.json
+DEFAULT_CONFIG=${CONF_DIR}/local.json

 JSON_BIN=${APP_DIR}/npm/node_modules/.bin/json
-JSON="${JSON_BIN} -q -f ${ONLYOFFICE_DEFAULT_CONFIG}"
-JSON_LOG="${JSON_BIN} -q -f ${ONLYOFFICE_LOG4JS_CONFIG}"
-JSON_EXAMPLE="${JSON_BIN} -q -f ${ONLYOFFICE_EXAMPLE_CONFIG}"
-
-create_local_configs(){
-	for i in $ONLYOFFICE_DEFAULT_CONFIG $ONLYOFFICE_EXAMPLE_CONFIG; do
-		if [ ! -f ${i} ]; then
-      install -m 640 -D /dev/null ${i}
-			echo {} > ${i}
-		fi
-  	done
-}
-
-tune_local_configs(){
-	for i in $ONLYOFFICE_DEFAULT_CONFIG $ONLYOFFICE_EXAMPLE_CONFIG $ONLYOFFICE_LOG4JS_CONFIG; do
-		if [ -f ${i} ]; then
-			chown ds:ds -R ${i}
-		fi
-  	done
-}
-
-
-init_setting(){
-  DB_HOST=${DB_HOST:-localhost}
-  DB_PORT=${DB_PORT:-5432}
-  DB_NAME=${DB_NAME:-onlyoffice}
-  DB_USER=${DB_USER:-onlyoffice}
-  
-  AMQP_URI=${AMQP_URI:-"amqp://guest:guest@localhost"}
-  parse_rabbitmq_url
-
-  REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-localhost}
-  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
-
-  DS_LOG_LEVEL=${DS_LOG_LEVEL:-all}
-}
+JSON="${JSON_BIN} -q -f ${DEFAULT_CONFIG}"

 read_setting(){
-  DB_HOST=${DB_HOST:-$(${JSON} services.CoAuthoring.sql.dbHost)}
-  DB_PORT=${DB_PORT:-5432}
-  DB_NAME=${DB_NAME:-$(${JSON} services.CoAuthoring.sql.dbName)}
-  DB_USER=${DB_USER:-$(${JSON} services.CoAuthoring.sql.dbUser)}
-  DB_PASS=${DB_PASS:-$(${JSON} services.CoAuthoring.sql.dbPass)}
+  DB_HOST=$(${JSON} services.CoAuthoring.sql.dbHost)
+  DB_PORT=$(${JSON} services.CoAuthoring.sql.dbPort)
+  DB_NAME=$(${JSON} services.CoAuthoring.sql.dbName)
+  DB_USER=$(${JSON} services.CoAuthoring.sql.dbUser)
+  DB_PASS=$(${JSON} services.CoAuthoring.sql.dbPass)

-  AMQP_URI=${AMQP_URI:-$(${JSON} rabbitmq.url)}
+  AMQP_URI=$(${JSON} rabbitmq.url)
  parse_rabbitmq_url

-  REDIS_SERVER_HOST=${REDIS_SERVER_HOST:-$(${JSON} services.CoAuthoring.redis.host)}
-  REDIS_SERVER_PORT=${REDIS_SERVER_PORT:-6379}
-
-  DS_LOG_LEVEL=${DS_LOG_LEVEL:-$(${JSON_LOG} categories.default.level)}
+  REDIS_SERVER_HOST=$(${JSON} services.CoAuthoring.redis.host)
+  REDIS_SERVER_PORT=6379
 }

 parse_rabbitmq_url(){
@ -147,72 +93,7 @@ waiting_for_redis(){
  waiting_for_connection ${REDIS_SERVER_HOST} ${REDIS_SERVER_PORT} "redis"
 }
 waiting_for_datacontainer(){
-  waiting_for_connection ${ONLYOFFICE_DATA_CONTAINER_HOST} ${ONLYOFFICE_DATA_CONTAINER_PORT} "data"
-}
-update_postgresql_settings(){
-	${JSON} -I -e "if(this.services===undefined)this.services={};"
-	${JSON} -I -e "if(this.services.CoAuthoring===undefined)this.services.CoAuthoring={};"
-	${JSON} -I -e "if(this.services.CoAuthoring.sql===undefined)this.services.CoAuthoring.sql={};"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbHost = '${DB_HOST}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPort = '${DB_PORT}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'"
-  ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PASS}'"
-}
-
-update_rabbitmq_setting(){
-  ${JSON} -I -e "if(this.rabbitmq===undefined)this.rabbitmq={};"
-  ${JSON} -I -e "this.rabbitmq.url = '${AMQP_URI}'"
-}
-
-update_redis_settings(){
-	${JSON} -I -e "if(this.services===undefined)this.services={};"
-	${JSON} -I -e "if(this.services.CoAuthoring===undefined)this.services.CoAuthoring={};"
-	${JSON} -I -e "if(this.services.CoAuthoring.redis===undefined)this.services.CoAuthoring.redis={};"
-  ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'"
-  ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'"
-}
-
-update_jwt_settings(){
-  ${JSON} -I -e "if(this.services===undefined)this.services={};"
-	${JSON} -I -e "if(this.services.CoAuthoring===undefined)this.services.CoAuthoring={};"
-	${JSON} -I -e "if(this.services.CoAuthoring.token===undefined)this.services.CoAuthoring.token={};"
-
-  if [ "${JWT_ENABLED}" == "true" -o "${JWT_ENABLED}" == "false" ]; then
-  	${JSON} -I -e "if(this.services.CoAuthoring.token.enable===undefined)this.services.CoAuthoring.token.enable={};"
-		${JSON} -I -e "if(this.services.CoAuthoring.token.enable.request===undefined)this.services.CoAuthoring.token.enable.request={};"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}"
-    ${JSON} -I -e "this.services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}"
-  fi
-
-	${JSON} -I -e "if(this.services.CoAuthoring.secret===undefined)this.services.CoAuthoring.secret={};"
-
-	${JSON} -I -e "if(this.services.CoAuthoring.secret.inbox===undefined)this.services.CoAuthoring.secret.inbox={};"
-	${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'"
-
-	${JSON} -I -e "if(this.services.CoAuthoring.secret.outbox===undefined)this.services.CoAuthoring.secret.outbox={};"
-	${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'"
-
-	${JSON} -I -e "if(this.services.CoAuthoring.secret.session===undefined)this.services.CoAuthoring.secret.session={};"
-	${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'"
-
-	${JSON} -I -e "if(this.services.CoAuthoring.token.inbox===undefined)this.services.CoAuthoring.token.inbox={};"
-	${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'"
-
-	${JSON} -I -e "if(this.services.CoAuthoring.token.outbox===undefined)this.services.CoAuthoring.token.outbox={};"
-	${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'"
-
-  if [ -f "${ONLYOFFICE_EXAMPLE_CONFIG}" ]; then
-		${JSON_EXAMPLE} -I -e "if(this.server===undefined)this.server={};"
-		${JSON_EXAMPLE} -I -e "if(this.server.token===undefined)this.server.token={};"
-
-		if [ "${JWT_ENABLED}" == "true" -o "${JWT_ENABLED}" == "false" ]; then
-			${JSON_EXAMPLE} -I -e "this.server.token.enable = ${JWT_ENABLED}"
-		fi
-		${JSON_EXAMPLE} -I -e "this.server.token.secret = '${JWT_SECRET}'"
-		${JSON_EXAMPLE} -I -e "this.server.token.authorizationHeader = '${JWT_HEADER}'"
-  fi
+  waiting_for_connection ${DATA_CONTAINER_HOST} ${DATA_CONTAINER_PORT} "data"
 }

 create_postgresql_tbl(){
@ -226,33 +107,6 @@ create_postgresql_tbl(){
  $PSQL -d "${DB_NAME}" -f "${APP_DIR}/server/schema/postgresql/createdb.sql"
 }

-update_nginx_settings(){
-
-  # Set up nginx
-  cp ${SYSCONF_TEMPLATES_DIR}/nginx/nginx.conf ${NGINX_CONFIG_PATH}
-
-  sed 's/\(server \)localhost\(.*\)/'"\1${ONLYOFFICE_DS_NODE_HOST}\2"'/' \
-    -i ${NGINX_ONLYOFFICE_PATH}/includes/http-common.conf
-
-  ln -sf ${NGINX_ONLYOFFICE_PATH}/ds.conf.tmpl ${NGINX_ONLYOFFICE_CONF}
-
-  if [ -f "${NGINX_ONLYOFFICE_EXAMPLE_CONF}" ]; then
-    sed 's/linux/docker/' -i ${NGINX_ONLYOFFICE_EXAMPLE_CONF}
-  fi
-}
-
-update_supervisor_settings(){
-  # Copy modified supervisor config
-  cp ${SYSCONF_TEMPLATES_DIR}/supervisor/supervisord.conf /etc/supervisord.conf
-}
-
-update_log_settings(){
-   ${JSON_LOG} -I -e "this.categories.default.level = '${DS_LOG_LEVEL}'"
-}
-
-update_logrotate_settings(){
-  sed 's|\(^su\b\).*|\1 root root|' -i /etc/logrotate.conf
-}

 # create base folders
 for i in converter docservice spellchecker metrics gc; do
@ -266,31 +120,14 @@ for i in App_Data/cache/files App_Data/docbuilder; do
  mkdir -p "${DS_LIB_DIR}/$i"
 done

-# change folder rights
-for i in ${LOG_DIR} ${LIB_DIR} ${DATA_DIR}; do
-  chown -R ds:ds "$i"
-  chmod -R 755 "$i"
-done
-
 documentserver-generate-allfonts.sh true

-if [ ${ONLYOFFICE_DATA_CONTAINER} = "true" ]; then
-  create_local_configs
-  init_setting
+if [ ${DATA_CONTAINER} = "true" ]; then
+  read_setting

-  update_log_settings
-  update_jwt_settings
-
-  update_postgresql_settings
  waiting_for_postgresql
  create_postgresql_tbl

-  update_rabbitmq_setting
-  update_redis_settings
-
-  tune_local_configs
-
-  update_nginx_settings
  nginx -g 'daemon off;'
 else
  waiting_for_datacontainer
@ -300,6 +137,5 @@ else
  waiting_for_rabbitmq
  waiting_for_redis

-  update_supervisor_settings
  supervisord -n -c /etc/supervisord.conf
 fi