diff --git a/.env.sample b/.env.sample index d75e31d..13898b4 100644 --- a/.env.sample +++ b/.env.sample @@ -1,3 +1,13 @@ TYPE=onlyoffice -DOMAIN=onlyoffice.example.com LETS_ENCRYPT_ENV=production +DOMAIN=onlyoffice.example.com + +SECRET_DB_PASSWORD_VERSION=v1 + +AUTO_ASSEMBLY_ENABLED=false +AUTO_ASSEMBLY_INTERVAL=5min +AUTO_ASSEMBLY_STEP=1min +# +# Uncomment to enable JWT Secret +# COMPOSE_FILE=compose.yml:compose.jwt.yml +# SECRET_JWT_SECRET_VERSION=v1 diff --git a/README.md b/README.md index 3a57018..0cd8bf7 100644 --- a/README.md +++ b/README.md @@ -20,4 +20,4 @@ 1. Deploy [`coop-cloud/traefik`](https://git.autonomic.zone/coop-cloud/traefik) 1. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to your Docker swarm box -1. `abra app YOURAPPDOMAIN deploy` +1. `abra app YOURAPPDOMAIN deploy` \ No newline at end of file diff --git a/abra.sh b/abra.sh index e69de29..dd23d60 100644 --- a/abra.sh +++ b/abra.sh @@ -0,0 +1,5 @@ +export LOCAL_JSON_VERSION=v1 + +prepare_shutdown () { + documentserver-prepare4shutdown.sh +} diff --git a/compose.jwt.yml b/compose.jwt.yml new file mode 100644 index 0000000..2ff8c2e --- /dev/null +++ b/compose.jwt.yml @@ -0,0 +1,14 @@ +version: '3.8' +services: + app: + environment: + - JWT_ENABLED=true + - JWT_HEADER=Authorization + - JWT_IN_BODY=true + secrets: + - jwt_secret + +secrets: + jwt_secret: + external: true + name: ${STACK_NAME}_jwt_secret_${SECRET_JWT_SECRET_VERSION} diff --git a/compose.yml b/compose.yml index 68a329a..1e6b7fd 100644 --- a/compose.yml +++ b/compose.yml @@ -1,20 +1,96 @@ -version: "3.8" +version: '3.8' services: app: - image: "onlyoffice/documentserver:6.3" + image: onlyoffice/documentserver:7.1.1 + depends_on: + - db + - rabbitmq + stdin_open: true networks: - proxy + - internal + environment: + DB_TYPE: postgres + DB_HOST: db + DB_PORT: 5432 + DB_NAME: onlyoffice + DB_USER: onlyoffice + AMQP_URI: amqp://guest:guest@rabbitmq + AUTO_ASSEMBLY_ENABLED: + AUTO_ASSEMBLY_INTERVAL: + AUTO_ASSEMBLY_STEP: + secrets: + - db_password + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost/welcome"] + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m + configs: + - source: local_json + target: /etc/onlyoffice/documentserver/local.json deploy: update_config: failure_action: rollback order: start-first labels: - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - coop-cloud.${STACK_NAME}.app.version=6.3- + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-fwdproto" + - "traefik.http.middlewares.${STACK_NAME}-fwdproto.headers.customRequestHeaders.X-Forwarded-Proto=https" + - "coop-cloud.${STACK_NAME}.app.version=0.1.0+7.1.1" + + rabbitmq: + image: rabbitmq:3.9.5 + networks: + - internal + healthcheck: + test: rabbitmq-diagnostics -q ping + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m + + db: + image: postgres:9.5 + environment: + POSTGRES_DB: onlyoffice + POSTGRES_USER: onlyoffice + POSTGRES_PASSWORD_FILE: /run/secrets/db_password + volumes: + - db:/var/lib/postgresql/data + secrets: + - db_password + networks: + - internal + healthcheck: + test: ["CMD", "pg_isready"] + interval: 30s + timeout: 10s + retries: 10 + start_period: 1m + +volumes: + db: + networks: proxy: external: true + internal: + +secrets: + db_password: + external: true + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} + +configs: + local_json: + name: ${STACK_NAME}_local_json_${LOCAL_JSON_VERSION} + file: local.json.tmpl + template_driver: golang + diff --git a/local.json.tmpl b/local.json.tmpl new file mode 100644 index 0000000..046baa9 --- /dev/null +++ b/local.json.tmpl @@ -0,0 +1,55 @@ +{ + "services": { + "CoAuthoring": { + "sql": { + "type": "{{ env "DB_TYPE" }}", + "dbHost": "{{ env "DB_HOST" }}", + "dbPort": "{{ env "DB_PORT" }}", + "dbName": "{{ env "DB_NAME" }}", + "dbUser": "{{ env "DB_USER" }}", + "dbPass": "{{ secret "db_password" }}" + }, + {{ if eq (env "JWT_ENABLED") "true" }} + "token": { + "enable": { + "request": { + "inbox": true, + "outbox": true + }, + "browser": true + }, + "inbox": { + "header": "Authorization", + "inBody": true + }, + "outbox": { + "header": "Authorization", + "inBody": true + } + }, + "secret": { + "inbox": { + "string": "{{ secret "jwt_secret" }}" + }, + "outbox": { + "string": "{{ secret "jwt_secret" }}" + }, + "session": { + "string": "{{ secret "jwt_secret" }}" + } + }, + {{ end }} + "autoAssembly" : { + "enable": {{ env "AUTO_ASSEMBLY_ENABLED" }}, + "interval": "{{ env "AUTO_ASSEMBLY_INTERVAL" }}", + "step": "{{ env "AUTO_ASSEMBLY_STEP" }}" + } + } + }, + "rabbitmq": { + "url": "amqp://guest:guest@rabbitmq" + }, + "queue": { + "type": "rabbitmq" + } +} diff --git a/releases/0.1.0+7.1.1 b/releases/0.1.0+7.1.1 new file mode 100644 index 0000000..efd0807 --- /dev/null +++ b/releases/0.1.0+7.1.1 @@ -0,0 +1,18 @@ +This release upgrades onlyoffice to v7, adds a seperate postgresdb + rabbitmq +and adds env variables for the forcesave option. + +Please add this to your .env file: + +``` +SECRET_DB_PASSWORD_VERSION=v1 + +AUTO_ASSEMBLY_ENABLED=false +AUTO_ASSEMBLY_INTERVAL=5min +AUTO_ASSEMBLY_STEP=1min +``` + +If you like to use the forcesave option, set `AUTO_ASSEMBLY_ENABLED=true`. + +Don't forget to generate or insert a new db secret: `abra app secret generate onlyoffice.example.org db_password v1` + +@yksflip