Small adjustments
This commit is contained in:
parent
5b96a674e0
commit
a17e8c05e6
|
@ -41,7 +41,7 @@ job [[ .oo.instance | toJSON ]] {
|
|||
timeout = "8s"
|
||||
|
||||
check_restart {
|
||||
limit = 90
|
||||
limit = 30
|
||||
grace = "2m"
|
||||
}
|
||||
}
|
||||
|
@ -74,10 +74,9 @@ job [[ .oo.instance | toJSON ]] {
|
|||
pids_limit = 200
|
||||
readonly_rootfs = true
|
||||
volumes = [
|
||||
"local/:/tmp",
|
||||
"local/metrics.js:/var/www/onlyoffice/documentserver/server/Metrics/config/config.js:ro"
|
||||
]
|
||||
[[ template "common/tmpfs.tpl" dict "target" "/tmp" "size" 3000000 ]]
|
||||
|
||||
}
|
||||
|
||||
vault {
|
||||
|
|
|
@ -1,14 +1,25 @@
|
|||
---
|
||||
|
||||
oo:
|
||||
|
||||
# Name of this instance. Will control the name of the service and of various default settings (like DB name etc.)
|
||||
# You must use different instance names if you want to run several copies on the same cluster
|
||||
instance: onlyoffice
|
||||
|
||||
# Document Services
|
||||
ds:
|
||||
# Docker image to use
|
||||
image: danielberteaud/onlyoffice-docserver:latest
|
||||
|
||||
# Resource allocation for OnlyOffice itself
|
||||
resources:
|
||||
cpu: 200
|
||||
memory: 512
|
||||
|
||||
# The URL where OnlyOffice is available
|
||||
public_url: https://oods.example.org
|
||||
|
||||
# Additional env vars to set in the container
|
||||
env:
|
||||
OO_STORAGE_SECRET: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .oo.instance ]]" }}{{ .Data.data.storage_secret }}{{ end }}'
|
||||
OO_JWT_TOKEN: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .oo.instance ]]" }}{{ .Data.data.jwt_token }}{{ end }}'
|
||||
|
@ -17,42 +28,62 @@ oo:
|
|||
OO_DB_NAME: '[[ .oo.instance ]]'
|
||||
OO_DB_USER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .oo.instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||
OO_DB_PASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .oo.instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||
|
||||
# Controls how the service will be exposed with Traefik
|
||||
traefik:
|
||||
enabled: true
|
||||
|
||||
# OnlyOffice needs some specific CSP rules
|
||||
csp:
|
||||
default-src: "'self'"
|
||||
img-src: "'self' data: https://*"
|
||||
script-src: "'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net"
|
||||
style-src: "'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com"
|
||||
script-src: "'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io"
|
||||
style-src: "'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io"
|
||||
font-src: "'self' data: https://fonts.googleapis.com https://fonts.gstatic.com"
|
||||
connect-src: "'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io"
|
||||
media-src: "'self' https://code.responsivevoice.org"
|
||||
frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"
|
||||
|
||||
# Override base_middlewares to remove csp-relaxed@file
|
||||
base_middlewares:
|
||||
- rate-limit-std@file
|
||||
- inflight-std@file
|
||||
- rate-limit-high@file
|
||||
- inflight-high@file
|
||||
- security-headers@file
|
||||
- hsts@file
|
||||
- compression@file
|
||||
|
||||
# Wait for the database server to be ready before starting
|
||||
wait_for:
|
||||
- service: 'master.postgres[[ .consul.suffix ]]'
|
||||
|
||||
# Connect to the database server with the mesh
|
||||
consul:
|
||||
connect:
|
||||
upstreams:
|
||||
- destination_name: 'postgres[[ .consul.suffix ]]'
|
||||
local_bind_port: 5432
|
||||
|
||||
# Rabbitmq service
|
||||
rabbitmq:
|
||||
# Docker image to use
|
||||
image: rabbitmq:alpine
|
||||
|
||||
# Additional env vars to set in the container
|
||||
env: {}
|
||||
|
||||
# Resource allocation
|
||||
resources:
|
||||
cpu: 80
|
||||
memory: 156
|
||||
|
||||
# Volume used
|
||||
volumes:
|
||||
# This is for DocumentServer Data
|
||||
data:
|
||||
type: csi
|
||||
source: '[[ .oo.instance ]]-data'
|
||||
|
||||
# This is for RabbitMQ
|
||||
rabbitmq:
|
||||
type: csi
|
||||
source: '[[ .oo.instance ]]-rabbitmq'
|
||||
|
|
Loading…
Reference in New Issue