More work on OnlyOffice
This commit is contained in:
parent
604e6e6215
commit
5b96a674e0
|
@ -4,6 +4,12 @@ Sources = [
|
||||||
{
|
{
|
||||||
Name = "[[ .traefik.instance ]]"
|
Name = "[[ .traefik.instance ]]"
|
||||||
Permissions = [
|
Permissions = [
|
||||||
|
{
|
||||||
|
Action = "deny"
|
||||||
|
HTTP {
|
||||||
|
PathRegex = "^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(internal|info)(\\/.*)$"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Action = "allow"
|
Action = "allow"
|
||||||
HTTP {
|
HTTP {
|
|
@ -1,8 +1,27 @@
|
||||||
FROM [[ .docker.repo ]][[ .docker.base_images.alma9.image ]]
|
FROM [[ .docker.repo ]][[ .docker.base_images.alma9.image ]]
|
||||||
MAINTAINER [[ .docker.maintainer ]]
|
MAINTAINER [[ .docker.maintainer ]]
|
||||||
|
|
||||||
|
ARG OO_VERSION=7.5.1
|
||||||
|
|
||||||
ENV LANG=[[ .locale.lang ]] \
|
ENV LANG=[[ .locale.lang ]] \
|
||||||
TZ=[[ .locale.tz ]]
|
TZ=[[ .locale.tz ]] \
|
||||||
|
NGINX_LISTEN_IP=0.0.0.0 \
|
||||||
|
NODE_ENV=production-linux \
|
||||||
|
NODE_CONFIG_DIR=/etc/onlyoffice/documentserver \
|
||||||
|
NODE_DISABLE_COLORS=1 \
|
||||||
|
APPLICATION_NAME=onlyoffice \
|
||||||
|
OO_STORAGE_SECRET=changeme \
|
||||||
|
OO_JWT_TOKEN=changeme \
|
||||||
|
OO_USE_TOKEN=true \
|
||||||
|
OO_AUTOSAVE=true \
|
||||||
|
OO_AUTOSAVE_INTERVAL=5m \
|
||||||
|
OO_VERIFY_CERT=true \
|
||||||
|
OO_LOG4JS_CONFIG=/etc/onlyoffice/documentserver/log4js/production.json \
|
||||||
|
OO_DB_HOST=localhost \
|
||||||
|
OO_DB_PORT=5432 \
|
||||||
|
OO_DB_NAME=onlyoffice \
|
||||||
|
OO_DB_USER=onlyoffice \
|
||||||
|
OO_DB_PASS=onlyoffice
|
||||||
|
|
||||||
USER root
|
USER root
|
||||||
COPY root/etc/yum.repos.d/ /etc/yum.repos.d/
|
COPY root/etc/yum.repos.d/ /etc/yum.repos.d/
|
||||||
|
@ -10,19 +29,21 @@ RUN set -euxo pipefail &&\
|
||||||
dnf -y update &&\
|
dnf -y update &&\
|
||||||
rpm -i https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm &&\
|
rpm -i https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm &&\
|
||||||
dnf -y module disable postgresql &&\
|
dnf -y module disable postgresql &&\
|
||||||
|
addgroup -g 819 ds &&\
|
||||||
|
adduser --system --ingroup ds --disabled-password --uid 819 --home /var/www/onlyoffice/documentserver/ --shell /sbin/nologin ds &&\
|
||||||
dnf -y install \
|
dnf -y install \
|
||||||
|
dnf \
|
||||||
postgresql16 \
|
postgresql16 \
|
||||||
onlyoffice-documentserver \
|
onlyoffice-documentserver \
|
||||||
supervisor \
|
supervisor \
|
||||||
nginx \
|
nginx \
|
||||||
jq \
|
|
||||||
&&\
|
&&\
|
||||||
chown :ds /etc/onlyoffice/documentserver/* &&\
|
dnf clean all &&\
|
||||||
mkdir -p /data &&\
|
rm -rf /var/cache/dnf/* /var/cache/yum/* /var/log/dnf* /var/log/yum/* /var/lib/dnf/history*
|
||||||
chown ds:ds /data
|
|
||||||
COPY root/ /
|
COPY root/ /
|
||||||
|
|
||||||
EXPOSE 8084
|
EXPOSE 8819
|
||||||
|
|
||||||
USER ds
|
USER ds
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
echo "Replacing env variable in nginx config"
|
||||||
|
busybox awk -f /usr/local/bin/envsubst < /etc/nginx/nginx.conf > /tmp/nginx.conf
|
|
@ -1,5 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
mkdir -p /data/files /data/wopi /data/templates
|
|
|
@ -2,20 +2,11 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
function get_value(){
|
export PGHOST=${OO_DB_HOST}
|
||||||
local KEY=$1
|
export DGPORT=${OO_DB_PORT}
|
||||||
local VALUE=$(jq -r -s \
|
export PGDATABASE=${OO_DB_NAME}
|
||||||
" .[0].services.CoAuthoring.sql * .[1].services.CoAuthoring.sql | .${KEY}" \
|
export PGUSER=${OO_DB_USER}
|
||||||
/etc/onlyoffice/documentserver/default.json \
|
export PGPASSWORD=${OO_DB_PASS}
|
||||||
/etc/onlyoffice/documentserver/production-linux.json)
|
|
||||||
echo ${VALUE}
|
|
||||||
}
|
|
||||||
|
|
||||||
export PGHOST=$(get_value "dbHost")
|
|
||||||
export DGPORT=$(get_value "dbport")
|
|
||||||
export PGDATABASE=$(get_value "dbName")
|
|
||||||
export PGUSER=$(get_value "dbUser")
|
|
||||||
export PGPASSWORD=$(get_value "dbPass")
|
|
||||||
|
|
||||||
function init_db(){
|
function init_db(){
|
||||||
psql -f /var/www/onlyoffice/documentserver/server/schema/postgresql/createdb.sql
|
psql -f /var/www/onlyoffice/documentserver/server/schema/postgresql/createdb.sql
|
||||||
|
@ -26,21 +17,15 @@ function reset_db(){
|
||||||
}
|
}
|
||||||
|
|
||||||
function write_version(){
|
function write_version(){
|
||||||
echo $(rpm -q onlyoffice-documentserver --qf "%{VERSION}-%{RELEASE}") > /data/onlyoffice.version
|
echo $(rpm -q onlyoffice-documentserver --qf "%{VERSION}-%{RELEASE}") > /var/lib/onlyoffice/documentserver/App_Data/onlyoffice.version
|
||||||
}
|
}
|
||||||
|
|
||||||
export PGHOST=$(get_value "dbHost")
|
if [ ! -e "/var/lib/onlyoffice/documentserver/App_Data/onlyoffice.version" ]; then
|
||||||
export DGPORT=$(get_value "dbport")
|
echo "File /var/lib/onlyoffice/documentserver/App_Data/onlyoffice.version doesn't exist, initializing database"
|
||||||
export PGDATABASE=$(get_value "dbName")
|
|
||||||
export PGUSER=$(get_value "dbUser")
|
|
||||||
export PGPASSWORD=$(get_value "dbPass")
|
|
||||||
|
|
||||||
if [ ! -e "/data/onlyoffice.version" ]; then
|
|
||||||
echo "File /data/onlyoffice.version doesn't exist, initializing database"
|
|
||||||
init_db
|
init_db
|
||||||
write_version
|
write_version
|
||||||
else
|
else
|
||||||
PREVIOUS_VERSION=$(head -n 1 /data/onlyoffice.version)
|
PREVIOUS_VERSION=$(head -n 1 /var/lib/onlyoffice/documentserver/App_Data/onlyoffice.version)
|
||||||
CURRENT_VERSION=$(rpm -q onlyoffice-documentserver --qf "%{VERSION}-%{RELEASE}")
|
CURRENT_VERSION=$(rpm -q onlyoffice-documentserver --qf "%{VERSION}-%{RELEASE}")
|
||||||
if [ "${CURRENT_VERSION}" != "${PREVIOUS_VERSION}" ]; then
|
if [ "${CURRENT_VERSION}" != "${PREVIOUS_VERSION}" ]; then
|
||||||
echo "Running ${CURRENT_VERSION} while previous version was ${PREVIOUS_VERSION}. Reinitializing database"
|
echo "Running ${CURRENT_VERSION} while previous version was ${PREVIOUS_VERSION}. Reinitializing database"
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
error_log /dev/stderr warn;
|
error_log /dev/stderr warn;
|
||||||
pid /tmp/nginx.pid;
|
pid /tmp/nginx.pid;
|
||||||
|
daemon off;
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
@ -19,30 +20,52 @@ http {
|
||||||
sendfile on;
|
sendfile on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
|
|
||||||
include /etc/onlyoffice/documentserver/nginx/includes/http-common.conf;
|
upstream docservice {
|
||||||
|
server unix:/tmp/oods.sock max_fails=0 fail_timeout=0s;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $http_host $this_host {
|
||||||
|
"" $host;
|
||||||
|
default $http_host;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $http_x_forwarded_proto $the_scheme {
|
||||||
|
default $http_x_forwarded_proto;
|
||||||
|
"" $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $http_x_forwarded_host $the_host {
|
||||||
|
default $http_x_forwarded_host;
|
||||||
|
"" $this_host;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $http_upgrade $proxy_connection {
|
||||||
|
default upgrade;
|
||||||
|
"" close;
|
||||||
|
}
|
||||||
|
|
||||||
|
map $http_x_forwarded_prefix $the_prefix {
|
||||||
|
default $http_x_forwarded_prefix;
|
||||||
|
}
|
||||||
|
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $proxy_connection;
|
||||||
|
proxy_set_header X-Forwarded-Host $the_host;
|
||||||
|
proxy_set_header X-Forwarded-Proto $the_scheme;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
client_max_body_size 100m;
|
||||||
|
|
||||||
|
set_real_ip_from 127.0.0.1;
|
||||||
|
real_ip_header X-Forwarded-For;
|
||||||
|
real_ip_recursive on;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 0.0.0.0:8084;
|
listen ${NGINX_LISTEN_IP}:8819 default_server;
|
||||||
server_name _;
|
server_tokens off;
|
||||||
|
|
||||||
client_max_body_size 100m;
|
set $secure_link_secret ${OO_STORAGE_SECRET};
|
||||||
|
include /etc/nginx/includes/ds-docservice.conf;
|
||||||
set_real_ip_from 127.0.0.1;
|
include /etc/nginx/includes/ds-mime.types.conf;
|
||||||
real_ip_header X-Forwarded-For;
|
|
||||||
real_ip_recursive on;
|
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "Upgrade";
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
|
|
||||||
# Override the fonts endpoint to add a Content-Type so reverse proxies can handle caching corectly
|
|
||||||
location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/fonts(\/.*)$ {
|
|
||||||
add_header Content-Type font/opentype;
|
|
||||||
expires 365d;
|
|
||||||
alias /var/www/onlyoffice/documentserver/fonts$2;
|
|
||||||
}
|
|
||||||
set $secure_link_secret verysecretstring;
|
|
||||||
include /etc/onlyoffice/documentserver/nginx/includes/ds-docservice.conf;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"filePath": "OO_LOG4JS_CONFIG"
|
||||||
|
},
|
||||||
|
"storage": {
|
||||||
|
"fs": {
|
||||||
|
"secretString": "OO_STORAGE_SECRET"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"services": {
|
||||||
|
"CoAuthoring": {
|
||||||
|
"secret": {
|
||||||
|
"inbox": {
|
||||||
|
"string": "OO_JWT_TOKEN"
|
||||||
|
},
|
||||||
|
"outbox": {
|
||||||
|
"string": "OO_JWT_TOKEN"
|
||||||
|
},
|
||||||
|
"session": {
|
||||||
|
"string": "OO_JWT_TOKEN"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"token": {
|
||||||
|
"browser": "OO_USE_TOKEN",
|
||||||
|
"request": {
|
||||||
|
"inbox": "OO_USE_TOKEN",
|
||||||
|
"outbox": "OO_USE_TOKEN"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"requestDefaults": {
|
||||||
|
"rejectUnauthorized": "OO_VERIFY_CERT"
|
||||||
|
},
|
||||||
|
"sql": {
|
||||||
|
"type": "OO_DB_TYPE",
|
||||||
|
"dbHost": "OO_DB_HOST",
|
||||||
|
"dbPort": "OO_DB_PORT",
|
||||||
|
"dbName": "OO_DB_NAME",
|
||||||
|
"dbUser": "OO_DB_USER",
|
||||||
|
"dbPass": "OO_DB_PASS"
|
||||||
|
},
|
||||||
|
"autoAssembly": {
|
||||||
|
"enable": "OO_AUTOSAVE",
|
||||||
|
"interval": "OO_AUTOSAVE_INTERVAL"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
"services": {
|
||||||
|
"CoAuthoring": {
|
||||||
|
"server": {
|
||||||
|
"port": "/tmp/oods.sock"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,74 +0,0 @@
|
||||||
{
|
|
||||||
"log": {
|
|
||||||
"filePath": "/etc/onlyoffice/documentserver/log4js/production.json"
|
|
||||||
},
|
|
||||||
"storage": {
|
|
||||||
"fs": {
|
|
||||||
"folderPath": "/data/files"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"wopi": {
|
|
||||||
"htmlTemplate" : "/data/wopi"
|
|
||||||
},
|
|
||||||
"services": {
|
|
||||||
"CoAuthoring": {
|
|
||||||
"server": {
|
|
||||||
"newFileTemplate" : "/data/templates",
|
|
||||||
"static_content": {
|
|
||||||
"/fonts": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/fonts",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/sdkjs": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/sdkjs",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/web-apps": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/web-apps",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/welcome": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/server/welcome",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/info": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/server/info",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/sdkjs-plugins": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/sdkjs-plugins",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/dictionaries": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/dictionaries",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"utils": {
|
|
||||||
"utils_common_fontdir": "/usr/share/fonts"
|
|
||||||
},
|
|
||||||
"sockjs": {
|
|
||||||
"sockjs_url": "/web-apps/vendor/sockjs/sockjs.min.js"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"license": {
|
|
||||||
"license_file": "/var/www/onlyoffice/documentserver/../Data/license.lic",
|
|
||||||
"warning_limit_percents": 70,
|
|
||||||
"packageType": 0
|
|
||||||
},
|
|
||||||
"FileConverter": {
|
|
||||||
"converter": {
|
|
||||||
"fontDir": "/usr/share/fonts",
|
|
||||||
"presentationThemesDir": "/var/www/onlyoffice/documentserver/sdkjs/slide/themes",
|
|
||||||
"x2tPath": "/var/www/onlyoffice/documentserver/server/FileConverter/bin/x2t",
|
|
||||||
"docbuilderPath": "/var/www/onlyoffice/documentserver/server/FileConverter/bin/docbuilder"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"SpellChecker": {
|
|
||||||
"server": {
|
|
||||||
"dictDir": "/var/www/onlyoffice/documentserver/dictionaries"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,8 +1,6 @@
|
||||||
[program:converter]
|
[program:converter]
|
||||||
command=/var/www/onlyoffice/documentserver/server/FileConverter/converter
|
command=/var/www/onlyoffice/documentserver/server/FileConverter/converter
|
||||||
directory=/var/www/onlyoffice/documentserver/server/FileConverter
|
directory=/var/www/onlyoffice/documentserver/server/FileConverter
|
||||||
;user=ds
|
|
||||||
environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/onlyoffice/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=onlyoffice
|
|
||||||
stdout_logfile=/proc/self/fd/1
|
stdout_logfile=/proc/self/fd/1
|
||||||
stdout_logfile_backups=0
|
stdout_logfile_backups=0
|
||||||
stdout_logfile_maxbytes=0
|
stdout_logfile_maxbytes=0
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
[program:docservice]
|
[program:docservice]
|
||||||
command=/var/www/onlyoffice/documentserver/server/DocService/docservice
|
command=/var/www/onlyoffice/documentserver/server/DocService/docservice
|
||||||
directory=/var/www/onlyoffice/documentserver/server/DocService
|
directory=/var/www/onlyoffice/documentserver/server/DocService
|
||||||
;user=ds
|
|
||||||
environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/onlyoffice/documentserver,NODE_DISABLE_COLORS=1
|
|
||||||
stdout_logfile=/proc/self/fd/1
|
stdout_logfile=/proc/self/fd/1
|
||||||
stdout_logfile_backups=0
|
stdout_logfile_backups=0
|
||||||
stdout_logfile_maxbytes=0
|
stdout_logfile_maxbytes=0
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
[program:metrics]
|
[program:metrics]
|
||||||
command=/var/www/onlyoffice/documentserver/server/Metrics/metrics ./config/config.js
|
command=/var/www/onlyoffice/documentserver/server/Metrics/metrics ./config/config.js
|
||||||
directory=/var/www/onlyoffice/documentserver/server/Metrics
|
directory=/var/www/onlyoffice/documentserver/server/Metrics
|
||||||
;user=ds
|
|
||||||
environment=NODE_DISABLE_COLORS=1
|
|
||||||
stdout_logfile=/proc/self/fd/1
|
stdout_logfile=/proc/self/fd/1
|
||||||
stdout_logfile_backups=0
|
stdout_logfile_backups=0
|
||||||
stdout_logfile_maxbytes=0
|
stdout_logfile_maxbytes=0
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
[program:nginx]
|
[program:nginx]
|
||||||
command=/usr/sbin/nginx -g "daemon off;"
|
command=/usr/sbin/nginx -c /tmp/nginx.conf
|
||||||
directory=/
|
directory=/
|
||||||
;user=nginx
|
|
||||||
stdout_logfile=/proc/self/fd/1
|
stdout_logfile=/proc/self/fd/1
|
||||||
stdout_logfile_backups=0
|
stdout_logfile_backups=0
|
||||||
stdout_logfile_maxbytes=0
|
stdout_logfile_maxbytes=0
|
||||||
|
|
|
@ -12,26 +12,33 @@ job [[ .oo.instance | toJSON ]] {
|
||||||
hostname = "[[ .oo.instance ]][[ $c.consul.suffix ]]"
|
hostname = "[[ .oo.instance ]][[ $c.consul.suffix ]]"
|
||||||
}
|
}
|
||||||
|
|
||||||
volume "ds" {
|
volume "data" {
|
||||||
type = [[ .oo.volumes.ds.type | toJSON ]]
|
type = [[ .oo.volumes.data.type | toJSON ]]
|
||||||
source = [[ .oo.volumes.ds.source | toJSON ]]
|
source = [[ .oo.volumes.data.source | toJSON ]]
|
||||||
access_mode = "single-node-writer"
|
access_mode = "single-node-writer"
|
||||||
|
attachment_mode = "file-system"
|
||||||
|
}
|
||||||
|
|
||||||
|
volume "rabbitmq" {
|
||||||
|
type = [[ .oo.volumes.rabbitmq.type | toJSON ]]
|
||||||
|
source = [[ .oo.volumes.rabbitmq.source | toJSON ]]
|
||||||
|
access_mode = "single-node-writer"
|
||||||
attachment_mode = "file-system"
|
attachment_mode = "file-system"
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
service {
|
||||||
name = "[[ .oo.instance ]][[ $c.consul.suffix ]]"
|
name = "[[ .oo.instance ]][[ $c.consul.suffix ]]"
|
||||||
port = 8084
|
port = 8819
|
||||||
|
|
||||||
[[ template "common/connect.tpl" $c ]]
|
[[ template "common/connect.tpl" $c ]]
|
||||||
|
|
||||||
check {
|
check {
|
||||||
name = "health"
|
name = "health"
|
||||||
type = "http"
|
type = "http"
|
||||||
path = "/healthcheck"
|
path = "/healthcheck"
|
||||||
expose = true
|
expose = true
|
||||||
interval = "10s"
|
interval = "10s"
|
||||||
timeout = "5s"
|
timeout = "8s"
|
||||||
|
|
||||||
check_restart {
|
check_restart {
|
||||||
limit = 90
|
limit = 90
|
||||||
|
@ -45,40 +52,43 @@ job [[ .oo.instance | toJSON ]] {
|
||||||
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .oo.ds.public_url).Hostname ]]`)
|
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].rule=Host(`[[ (urlParse .oo.ds.public_url).Hostname ]]`)
|
||||||
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]] && PathPrefix(`[[ (urlParse .oo.ds.public_url).Path ]]`)[[ end ]]",
|
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]] && PathPrefix(`[[ (urlParse .oo.ds.public_url).Path ]]`)[[ end ]]",
|
||||||
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].entrypoints=[[ join $c.traefik.entrypoints "," ]]",
|
||||||
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]]-headers[[ $c.consul.suffix ]].headers.contentsecuritypolicy=[[ range $k, $v := $c.traefik.csp ]][[ $k ]] [[ $v ]];[[ end ]]",
|
||||||
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]]-headers[[ $c.consul.suffix ]].headers.customrequestheaders.X-Forwarded-Proto=https",
|
||||||
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]]
|
[[- if not (regexp.Match "^/?$" (urlParse .oo.ds.public_url).Path) ]]
|
||||||
"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .oo.ds.public_url).Path ]]",
|
"[[ $c.traefik.instance ]].http.middlewares.[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix.stripprefix.prefixes=[[ (urlParse .oo.ds.public_url).Path ]]",
|
||||||
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]]-headers[[ $c.consul.suffix ]],[[ .oo.instance ]][[ $c.consul.suffix ]]-prefix,[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
||||||
[[- else ]]
|
[[- else ]]
|
||||||
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
"[[ $c.traefik.instance ]].http.routers.[[ .oo.instance ]][[ $c.consul.suffix ]].middlewares=[[ .oo.instance ]]-headers[[ $c.consul.suffix ]],[[ template "common/traefik_middlewares.tpl" $c.traefik ]]",
|
||||||
[[- end ]]
|
[[- end ]]
|
||||||
[[- end ]]
|
[[- end ]]
|
||||||
]
|
]
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
task "documentserver" {
|
task "docserver" {
|
||||||
driver = [[ $c.nomad.driver | toJSON ]]
|
driver = [[ $c.nomad.driver | toJSON ]]
|
||||||
leader = true
|
leader = true
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = [[ .oo.ds.image | toJSON ]]
|
image = [[ .oo.ds.image | toJSON ]]
|
||||||
pids_limit = 100
|
pids_limit = 200
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
volumes = [
|
volumes = [
|
||||||
"secrets/production-linux.json:/etc/onlyoffice/documentserver/production-linux.json:ro",
|
"local/metrics.js:/var/www/onlyoffice/documentserver/server/Metrics/config/config.js:ro"
|
||||||
"local/metrics.js:/var/www/onlyoffice/documentserver/server/Metrics/config/config.js:ro",
|
|
||||||
"secrets/nginx.conf:/etc/nginx/nginx.conf:ro"
|
|
||||||
]
|
]
|
||||||
[[ template "common/tmpfs.tpl" "/tmp" ]]
|
[[ template "common/tmpfs.tpl" dict "target" "/tmp" "size" 3000000 ]]
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
vault {
|
vault {
|
||||||
policies = ["[[ .oo.instance ]][[ $c.consul.suffix ]]"]
|
policies = ["[[ .oo.instance ]][[ $c.consul.suffix ]]"]
|
||||||
disable_file = true
|
disable_file = true
|
||||||
env = false
|
env = false
|
||||||
}
|
}
|
||||||
|
|
||||||
env {
|
env {
|
||||||
|
NGINX_LISTEN_IP = "127.0.0.1"
|
||||||
|
APPLICATION_NAME = "[[ .oo.instance ]][[ .consul.suffix ]]"
|
||||||
[[ template "common/proxy_env.tpl" $c ]]
|
[[ template "common/proxy_env.tpl" $c ]]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -86,34 +96,14 @@ job [[ .oo.instance | toJSON ]] {
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data =<<_EOT
|
data =<<_EOT
|
||||||
[[ template "onlyoffice-documentserver/production-linux.json.tpl" . ]]
|
[[ template "onlyoffice-docserver/metrics.js.tpl" . ]]
|
||||||
_EOT
|
|
||||||
destination = "secrets/production-linux.json"
|
|
||||||
uid = 100000
|
|
||||||
gid = 100990
|
|
||||||
perms = 640
|
|
||||||
}
|
|
||||||
|
|
||||||
template {
|
|
||||||
data =<<_EOT
|
|
||||||
[[ template "onlyoffice-documentserver/metrics.js.tpl" . ]]
|
|
||||||
_EOT
|
_EOT
|
||||||
destination = "local/metrics.js"
|
destination = "local/metrics.js"
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
|
||||||
data =<<_EOT
|
|
||||||
[[ template "onlyoffice-documentserver/nginx.conf.tpl" . ]]
|
|
||||||
_EOT
|
|
||||||
destination = "secrets/nginx.conf"
|
|
||||||
uid = 100000
|
|
||||||
gid = 100990
|
|
||||||
perms = 640
|
|
||||||
}
|
|
||||||
|
|
||||||
volume_mount {
|
volume_mount {
|
||||||
volume = "ds"
|
volume = "data"
|
||||||
destination = "/data"
|
destination = "/var/lib/onlyoffice/documentserver/App_Data/"
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ template "common/resources.tpl" $c.resources ]]
|
[[ template "common/resources.tpl" $c.resources ]]
|
||||||
|
@ -124,18 +114,18 @@ _EOT
|
||||||
|
|
||||||
task "redis" {
|
task "redis" {
|
||||||
driver = [[ $c.nomad.driver | toJSON ]]
|
driver = [[ $c.nomad.driver | toJSON ]]
|
||||||
user = 2967
|
user = 2967
|
||||||
|
|
||||||
lifecycle {
|
lifecycle {
|
||||||
hook = "prestart"
|
hook = "prestart"
|
||||||
sidecar = true
|
sidecar = true
|
||||||
}
|
}
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "redis:alpine"
|
image = "redis:alpine"
|
||||||
pids_limit = 20
|
pids_limit = 20
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
args = ["/local/redis.conf"]
|
args = ["/local/redis.conf"]
|
||||||
}
|
}
|
||||||
|
|
||||||
template {
|
template {
|
||||||
|
@ -150,7 +140,7 @@ _EOT
|
||||||
}
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 10
|
cpu = 10
|
||||||
memory = 20
|
memory = 20
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -159,33 +149,38 @@ _EOT
|
||||||
|
|
||||||
task "rabbitmq" {
|
task "rabbitmq" {
|
||||||
driver = [[ $c.nomad.driver | toJSON ]]
|
driver = [[ $c.nomad.driver | toJSON ]]
|
||||||
user = 100
|
#user = 100
|
||||||
|
|
||||||
lifecycle {
|
lifecycle {
|
||||||
hook = "prestart"
|
hook = "prestart"
|
||||||
sidecar = true
|
sidecar = true
|
||||||
}
|
}
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = [[ $c.image | toJSON ]]
|
image = [[ $c.image | toJSON ]]
|
||||||
pids_limit = 100
|
pids_limit = 100
|
||||||
readonly_rootfs = true
|
readonly_rootfs = true
|
||||||
volumes = [
|
volumes = [
|
||||||
"local/rabbitmq.conf:/etc/rabbitmq/conf.d/30-oods.conf"
|
"local/rabbitmq.conf:/etc/rabbitmq/conf.d/30-oods.conf"
|
||||||
]
|
]
|
||||||
[[ template "common/tmpfs.tpl" dict "target" "/var/lib/rabbitmq" "size" 20000000]]
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[[ template "common/file_env.tpl" $c.env ]]
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = <<_EOT
|
data = <<_EOT
|
||||||
listeners.tcp.1 = 127.0.0.1:5672
|
listeners.tcp.1 = 127.0.0.1:5672
|
||||||
# Set watermark to 70% of the mem allocated to the container
|
# Set watermark to 95% of the mem allocated to the container
|
||||||
vm_memory_high_watermark.absolute = [[ mul .oo.rabbitmq.resources.memory 734003 ]]
|
#vm_memory_high_watermark.absolute = [[ mul .oo.rabbitmq.resources.memory 996147 ]]
|
||||||
|
vm_memory_high_watermark.relative = 0.999
|
||||||
_EOT
|
_EOT
|
||||||
destination = "local/rabbitmq.conf"
|
destination = "local/rabbitmq.conf"
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ template "common/file_env.tpl" $c.env ]]
|
volume_mount {
|
||||||
|
volume = "rabbitmq"
|
||||||
|
destination = "/var/lib/rabbitmq"
|
||||||
|
}
|
||||||
|
|
||||||
[[ template "common/resources.tpl" $c.resources ]]
|
[[ template "common/resources.tpl" $c.resources ]]
|
||||||
}
|
}
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "onlyoffice-docserver" .oo.instance) ]]
|
[[ template "common/mv_conf.sh.tpl" dict "ctx" . "services" (dict "onlyoffice" .oo.instance) ]]
|
||||||
|
|
|
@ -6,11 +6,11 @@ set -euo pipefail
|
||||||
|
|
||||||
if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .oo.instance ]]$'; then
|
if ! vault kv list [[ .vault.prefix ]]kv/service 2>/dev/null | grep -q -E '^[[ .oo.instance ]]$'; then
|
||||||
vault kv put [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] \
|
vault kv put [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] \
|
||||||
secret_key=$(pwgen -s -n 50 1) \
|
jwt_token=$(pwgen -s -n 50 1) \
|
||||||
link_secret=$(pwgen -s -n 50 1)
|
storage_secret=$(pwgen -s -n 50 1)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for PWD in secret_key link_secret; do
|
for PWD in jwt_token storage_secret; do
|
||||||
if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] >/dev/null 2>&1; then
|
if ! vault kv get -field ${PWD} [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] >/dev/null 2>&1; then
|
||||||
vault kv patch [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] \
|
vault kv patch [[ .vault.prefix ]]kv/service/[[ .oo.instance ]] \
|
||||||
${PWD}=$(pwgen -s -n 50 1)
|
${PWD}=$(pwgen -s -n 50 1)
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
{
|
||||||
|
"log": {
|
||||||
|
"filePath": "/etc/onlyoffice/documentserver/log4js/development.json"
|
||||||
|
},
|
||||||
|
"storage": {
|
||||||
|
"fs": {
|
||||||
|
"secretString": "[[ .oo.ds.link_secret ]]"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"services": {
|
||||||
|
"CoAuthoring": {
|
||||||
|
[[- if and (has .oo.ds "secret_key") (ne .oo.ds.secret_key "") ]]
|
||||||
|
"secret": {
|
||||||
|
"inbox": {
|
||||||
|
"string": "[[ .oo.ds.secret_key ]]"
|
||||||
|
},
|
||||||
|
"outbox": {
|
||||||
|
"string": "[[ .oo.ds.secret_key ]]"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"token": {
|
||||||
|
"enable": {
|
||||||
|
"browser": true,
|
||||||
|
"request": {
|
||||||
|
"inbox": true,
|
||||||
|
"outbox": true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
[[- end ]]
|
||||||
|
"sql": {
|
||||||
|
"type": "[[ .oo.ds.database.type ]]",
|
||||||
|
"dbHost": "[[ .oo.ds.database.host ]]",
|
||||||
|
"dbPort": [[ .oo.ds.database.port ]],
|
||||||
|
"dbName": "[[ .oo.ds.database.name ]]",
|
||||||
|
"dbUser": "[[ .oo.ds.database.user ]]",
|
||||||
|
"dbPass": "[[ .oo.ds.database.password ]]"
|
||||||
|
},
|
||||||
|
"autoAssembly": {
|
||||||
|
"enable": true,
|
||||||
|
"interval": "5m"
|
||||||
|
},
|
||||||
|
"server": {
|
||||||
|
"port": "/tmp/oods.sock"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,6 +1,7 @@
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
error_log /dev/stderr info;
|
error_log /dev/stderr info;
|
||||||
pid /tmp/nginx.pid;
|
pid /tmp/nginx.pid;
|
||||||
|
daemon off;
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
}
|
}
|
||||||
|
@ -20,7 +21,7 @@ http {
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
|
|
||||||
upstream docservice {
|
upstream docservice {
|
||||||
server unix:/tmp/oods.sock;
|
server unix:/tmp/oods.sock max_fails=0 fail_timeout=0s;
|
||||||
}
|
}
|
||||||
|
|
||||||
map $http_host $this_host {
|
map $http_host $this_host {
|
||||||
|
@ -53,7 +54,7 @@ http {
|
||||||
proxy_set_header X-Forwarded-Proto $the_scheme;
|
proxy_set_header X-Forwarded-Proto $the_scheme;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
proxy_socket_keepalive on;
|
#proxy_socket_keepalive on;
|
||||||
|
|
||||||
client_max_body_size 100m;
|
client_max_body_size 100m;
|
||||||
|
|
||||||
|
@ -64,8 +65,8 @@ http {
|
||||||
server {
|
server {
|
||||||
listen 127.0.0.1:8084 default_server;
|
listen 127.0.0.1:8084 default_server;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
||||||
set $secure_link_secret [[ .oo.ds.link_secret ]];
|
set $secure_link_secret [[ .oo.ds.env.OO_STORAGE_SECRET ]];
|
||||||
include /etc/nginx/includes/ds-docservice.conf;
|
include /etc/nginx/includes/ds-docservice.conf;
|
||||||
include /etc/nginx/includes/ds-mime.types.conf;
|
include /etc/nginx/includes/ds-mime.types.conf;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,107 +0,0 @@
|
||||||
{
|
|
||||||
"log": {
|
|
||||||
"filePath": "/etc/onlyoffice/documentserver/log4js/development.json"
|
|
||||||
},
|
|
||||||
"storage": {
|
|
||||||
"fs": {
|
|
||||||
"folderPath": "/data/files",
|
|
||||||
"secretString": "[[ .oo.ds.link_secret ]]"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"wopi": {
|
|
||||||
"htmlTemplate" : "/data/wopi"
|
|
||||||
},
|
|
||||||
"services": {
|
|
||||||
"CoAuthoring": {
|
|
||||||
[[- if and (has .oo.ds "secret_key") (ne .oo.ds.secret_key "") ]]
|
|
||||||
"secret": {
|
|
||||||
"inbox": {
|
|
||||||
"string": "[[ .oo.ds.secret_key ]]"
|
|
||||||
},
|
|
||||||
"outbox": {
|
|
||||||
"string": "[[ .oo.ds.secret_key ]]"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"token": {
|
|
||||||
"enable": {
|
|
||||||
"browser": true,
|
|
||||||
"request": {
|
|
||||||
"inbox": true,
|
|
||||||
"outbox": true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
[[- end ]]
|
|
||||||
"sql": {
|
|
||||||
"type": "[[ .oo.ds.database.type ]]",
|
|
||||||
"dbHost": "[[ .oo.ds.database.host ]]",
|
|
||||||
"dbPort": [[ .oo.ds.database.port ]],
|
|
||||||
"dbName": "[[ .oo.ds.database.name ]]",
|
|
||||||
"dbUser": "[[ .oo.ds.database.user ]]",
|
|
||||||
"dbPass": "[[ .oo.ds.database.password ]]"
|
|
||||||
},
|
|
||||||
"autoAssembly": {
|
|
||||||
"enable": true,
|
|
||||||
"interval": "5m"
|
|
||||||
},
|
|
||||||
"server": {
|
|
||||||
"port": "/tmp/oods.sock",
|
|
||||||
"newFileTemplate" : "/data/templates",
|
|
||||||
"static_content": {
|
|
||||||
"/fonts": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/fonts",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/sdkjs": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/sdkjs",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/web-apps": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/web-apps",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/welcome": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/server/welcome",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/info": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/server/info",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/sdkjs-plugins": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/sdkjs-plugins",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
},
|
|
||||||
"/dictionaries": {
|
|
||||||
"path": "/var/www/onlyoffice/documentserver/dictionaries",
|
|
||||||
"options": {"maxAge": "7d"}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"utils": {
|
|
||||||
"utils_common_fontdir": "/usr/share/fonts"
|
|
||||||
},
|
|
||||||
"sockjs": {
|
|
||||||
"sockjs_url": "/web-apps/vendor/sockjs/sockjs.min.js"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"license": {
|
|
||||||
"license_file": "/var/www/onlyoffice/documentserver/../Data/license.lic",
|
|
||||||
"warning_limit_percents": 70,
|
|
||||||
"packageType": 0
|
|
||||||
},
|
|
||||||
"FileConverter": {
|
|
||||||
"converter": {
|
|
||||||
"fontDir": "/usr/share/fonts",
|
|
||||||
"presentationThemesDir": "/var/www/onlyoffice/documentserver/sdkjs/slide/themes",
|
|
||||||
"x2tPath": "/var/www/onlyoffice/documentserver/server/FileConverter/bin/x2t",
|
|
||||||
"docbuilderPath": "/var/www/onlyoffice/documentserver/server/FileConverter/bin/docbuilder"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"SpellChecker": {
|
|
||||||
"server": {
|
|
||||||
"dictDir": "/var/www/onlyoffice/documentserver/dictionaries"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,33 +1,39 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
oo:
|
oo:
|
||||||
instance: onlyoffice-docserver
|
instance: onlyoffice
|
||||||
|
|
||||||
ds:
|
ds:
|
||||||
image: danielberteaud/onlyoffice-docserver:latest
|
image: danielberteaud/onlyoffice-docserver:latest
|
||||||
env: {}
|
|
||||||
resources:
|
resources:
|
||||||
cpu: 200
|
cpu: 200
|
||||||
memory: 512
|
memory: 512
|
||||||
public_url: https://oods.example.org
|
public_url: https://oods.example.org
|
||||||
secret_key: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .oo.instance ]]" }}{{ .Data.data.secret_key }}{{ end }}'
|
env:
|
||||||
link_secret: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .oo.instance ]]" }}{{ .Data.data.link_secret }}{{ end }}'
|
OO_STORAGE_SECRET: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .oo.instance ]]" }}{{ .Data.data.storage_secret }}{{ end }}'
|
||||||
database:
|
OO_JWT_TOKEN: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .oo.instance ]]" }}{{ .Data.data.jwt_token }}{{ end }}'
|
||||||
type: postgres
|
OO_DB_HOST: 127.0.0.1
|
||||||
host: localhost
|
OO_DB_PORT: 5432
|
||||||
port: 5432
|
OO_DB_NAME: '[[ .oo.instance ]]'
|
||||||
name: '[[ .oo.instance ]]'
|
OO_DB_USER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .oo.instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||||
user: '{{- with secret "[[ .vault.prefix ]]database/creds/[[ .oo.instance ]]" }}{{ .Data.username }}{{ end }}'
|
OO_DB_PASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .oo.instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||||
password: '{{- with secret "[[ .vault.prefix ]]database/creds/[[ .oo.instance ]]" }}{{ .Data.password }}{{ end }}'
|
|
||||||
traefik:
|
traefik:
|
||||||
enabled: true
|
enabled: true
|
||||||
base_middlewares: []
|
csp:
|
||||||
#- rate-limit-std@file
|
default-src: "'self'"
|
||||||
#- inflight-std@file
|
img-src: "'self' data: https://*"
|
||||||
#- security-headers@file
|
script-src: "'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net"
|
||||||
#- forward-headers@file
|
style-src: "'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com"
|
||||||
#- hsts@file
|
font-src: "'self' data: https://fonts.googleapis.com https://fonts.gstatic.com"
|
||||||
#- compression@file
|
connect-src: "'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io"
|
||||||
|
media-src: "'self' https://code.responsivevoice.org"
|
||||||
|
frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"
|
||||||
|
base_middlewares:
|
||||||
|
- rate-limit-std@file
|
||||||
|
- inflight-std@file
|
||||||
|
- security-headers@file
|
||||||
|
- hsts@file
|
||||||
|
- compression@file
|
||||||
wait_for:
|
wait_for:
|
||||||
- service: 'master.postgres[[ .consul.suffix ]]'
|
- service: 'master.postgres[[ .consul.suffix ]]'
|
||||||
consul:
|
consul:
|
||||||
|
@ -41,9 +47,12 @@ oo:
|
||||||
env: {}
|
env: {}
|
||||||
resources:
|
resources:
|
||||||
cpu: 80
|
cpu: 80
|
||||||
memory: 128
|
memory: 156
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
ds:
|
data:
|
||||||
type: csi
|
type: csi
|
||||||
source: '[[ .oo.instance ]]-data'
|
source: '[[ .oo.instance ]]-data'
|
||||||
|
rabbitmq:
|
||||||
|
type: csi
|
||||||
|
source: '[[ .oo.instance ]]-rabbitmq'
|
||||||
|
|
Loading…
Reference in New Issue