align with the upstream docker-compose (#5)

This upgrades onlyoffice to v7, adds a seperate postgresdb + rabbitmq and adds env variables for the forcesave option.

Co-authored-by: Philipp Rothmann <philipprothmann@posteo.de>
Reviewed-on: #5

.env.sample

@@ -1,3 +1,13 @@
 TYPE=onlyoffice
-DOMAIN=onlyoffice.example.com
 LETS_ENCRYPT_ENV=production
+DOMAIN=onlyoffice.example.com
+
+SECRET_DB_PASSWORD_VERSION=v1
+
+AUTO_ASSEMBLY_ENABLED=false
+AUTO_ASSEMBLY_INTERVAL=5min
+AUTO_ASSEMBLY_STEP=1min
+#
+# Uncomment to enable JWT Secret
+# COMPOSE_FILE=compose.yml:compose.jwt.yml
+# SECRET_JWT_SECRET_VERSION=v1

README.md

@@ -20,4 +20,4 @@
 1. Deploy [`coop-cloud/traefik`](https://git.autonomic.zone/coop-cloud/traefik)
 1. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
    your Docker swarm box
-1. `abra app YOURAPPDOMAIN deploy`
+1. `abra app YOURAPPDOMAIN deploy`

abra.sh

@@ -0,0 +1,5 @@
+export LOCAL_JSON_VERSION=v1
+
+prepare_shutdown () {
+  documentserver-prepare4shutdown.sh    
+}

compose.jwt.yml

@@ -0,0 +1,14 @@
+version: '3.8'
+services:
+  app:
+    environment:
+      - JWT_ENABLED=true
+      - JWT_HEADER=Authorization
+      - JWT_IN_BODY=true
+    secrets:
+      - jwt_secret
+
+secrets:
+  jwt_secret:
+    external: true
+    name: ${STACK_NAME}_jwt_secret_${SECRET_JWT_SECRET_VERSION}

compose.yml

@@ -1,20 +1,96 @@
-version: "3.8"
+version: '3.8'
 services:
   app:
-    image: "onlyoffice/documentserver:6.3"
+    image: onlyoffice/documentserver:7.1.1
+    depends_on:
+      - db
+      - rabbitmq
+    stdin_open: true
     networks:
       - proxy
+      - internal 
+    environment:
+      DB_TYPE: postgres
+      DB_HOST: db
+      DB_PORT: 5432
+      DB_NAME: onlyoffice
+      DB_USER: onlyoffice
+      AMQP_URI: amqp://guest:guest@rabbitmq
+      AUTO_ASSEMBLY_ENABLED: 
+      AUTO_ASSEMBLY_INTERVAL: 
+      AUTO_ASSEMBLY_STEP: 
+    secrets:
+      - db_password
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost/welcome"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+    configs:
+      - source: local_json
+        target: /etc/onlyoffice/documentserver/local.json
     deploy:
       update_config:
         failure_action: rollback
         order: start-first
       labels:
         - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - coop-cloud.${STACK_NAME}.app.version=6.3-
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-fwdproto"
+        - "traefik.http.middlewares.${STACK_NAME}-fwdproto.headers.customRequestHeaders.X-Forwarded-Proto=https"
+        - "coop-cloud.${STACK_NAME}.app.version=0.1.0+7.1.1"
+        
+  rabbitmq:
+    image: rabbitmq:3.9.5
+    networks:
+      - internal
+    healthcheck:
+      test: rabbitmq-diagnostics -q ping
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+    
+  db:
+    image: postgres:9.5
+    environment:
+      POSTGRES_DB: onlyoffice
+      POSTGRES_USER: onlyoffice
+      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
+    volumes:
+      - db:/var/lib/postgresql/data
+    secrets:
+      - db_password
+    networks:
+      - internal
+    healthcheck:
+      test: ["CMD", "pg_isready"]
+      interval: 30s
+      timeout: 10s
+      retries: 10
+      start_period: 1m
+
+volumes:
+  db:
+
 networks:
   proxy:
     external: true
+  internal:
+
+secrets:
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+
+configs:
+  local_json:
+    name: ${STACK_NAME}_local_json_${LOCAL_JSON_VERSION}
+    file: local.json.tmpl 
+    template_driver: golang
+

local.json.tmpl

@@ -0,0 +1,55 @@
+{
+  "services": {
+    "CoAuthoring": {
+      "sql": {
+       "type": "{{ env "DB_TYPE" }}",
+        "dbHost": "{{ env "DB_HOST" }}",
+        "dbPort": "{{ env "DB_PORT" }}",
+        "dbName": "{{ env "DB_NAME" }}",
+        "dbUser": "{{ env "DB_USER" }}",
+        "dbPass": "{{ secret  "db_password" }}"
+      },
+  {{ if eq (env "JWT_ENABLED") "true" }}
+      "token": {
+        "enable": {
+          "request": {
+            "inbox": true,
+            "outbox": true
+          },
+          "browser": true
+        },
+        "inbox": {
+          "header": "Authorization",
+          "inBody": true
+        },
+        "outbox": {
+          "header": "Authorization",
+          "inBody": true
+        }
+      },
+      "secret": {
+        "inbox": {
+          "string": "{{ secret "jwt_secret" }}"
+        },
+        "outbox": {
+          "string": "{{ secret "jwt_secret" }}"
+        },
+        "session": {
+          "string": "{{ secret "jwt_secret" }}"
+        }
+      },
+    {{ end }}
+    "autoAssembly" : {
+      "enable": {{ env "AUTO_ASSEMBLY_ENABLED" }},
+      "interval": "{{ env "AUTO_ASSEMBLY_INTERVAL" }}",
+      "step": "{{ env "AUTO_ASSEMBLY_STEP" }}"
+      }
+    }
+  },
+  "rabbitmq": {
+    "url": "amqp://guest:guest@rabbitmq"
+  },
+  "queue": {
+    "type": "rabbitmq"
+  }
+}

releases/0.1.0+7.1.1

@@ -0,0 +1,18 @@
+This release upgrades onlyoffice to v7, adds a seperate postgresdb + rabbitmq
+and adds env variables for the forcesave option.
+
+Please add this to your .env file:
+
+```
+SECRET_DB_PASSWORD_VERSION=v1
+
+AUTO_ASSEMBLY_ENABLED=false
+AUTO_ASSEMBLY_INTERVAL=5min
+AUTO_ASSEMBLY_STEP=1min
+```
+
+If you like to use the forcesave option, set `AUTO_ASSEMBLY_ENABLED=true`.
+
+Don't forget to generate or insert a new db secret: `abra app secret generate onlyoffice.example.org db_password v1`
+
+@yksflip