93 lines
3.3 KiB
YAML
93 lines
3.3 KiB
YAML
---
|
|
|
|
# Name of this instance. Will control the name of the service and of various default settings (like DB name etc.)
|
|
# You must use different instance names if you want to run several copies on the same cluster
|
|
instance: onlyoffice
|
|
|
|
oo:
|
|
|
|
# Document Services
|
|
ds:
|
|
|
|
# Version of OnlyOffice
|
|
version: 9.3.1
|
|
|
|
# Docker image to use
|
|
image: '[[ .docker.repo ]]onlyoffice-docserver:[[ .oo.ds.version ]]-1'
|
|
|
|
# Resource allocation for OnlyOffice itself
|
|
resources:
|
|
cpu: 300
|
|
memory: 768
|
|
memory_max: 1024
|
|
|
|
# The URL where OnlyOffice is available
|
|
public_url: https://oods.example.org
|
|
|
|
vault:
|
|
# Random secrets to generate
|
|
rand_secrets:
|
|
fields:
|
|
- jwt_token
|
|
- storage_secret
|
|
|
|
# Additional env vars to set in the container
|
|
env:
|
|
OO_STORAGE_SECRET: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.storage_secret }}{{ end }}'
|
|
OO_JWT_TOKEN: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.jwt_token }}{{ end }}'
|
|
# OO_BLOCK_PRIVATE_IP: false
|
|
|
|
# Controls how the service will be exposed with Traefik
|
|
traefik:
|
|
enabled: true
|
|
|
|
middlewares:
|
|
# Use the high rate limit as OnlyOffice needs to load a lot of assets
|
|
rate-limit: rate-limit-high@file
|
|
|
|
# OnlyOffice needs some specific CSP rules
|
|
csp:
|
|
img-src: "'self' data: https://*"
|
|
script-src: "'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io"
|
|
style-src: "'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io"
|
|
font-src: "'self' data: https://fonts.googleapis.com https://fonts.gstatic.com"
|
|
connect-src: "'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io https://api.openai.com https://generativelanguage.googleapis.com https://api.anthropic.com https://api.mistral.ai https://api.x.ai https://api.stability.ai https://api.deepseek.com https://api.together.xyz https://api.groq.com https://openrouter.ai"
|
|
media-src: "'self' https://code.responsivevoice.org"
|
|
frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"
|
|
|
|
# Wait for the database server to be ready before starting
|
|
wait_for:
|
|
primary.postgres[[ .consul.suffix ]]:
|
|
|
|
# Connect to the database server with the mesh
|
|
consul:
|
|
connect:
|
|
upstreams:
|
|
postgres[[ .consul.suffix ]]:
|
|
local_bind_port: 5432
|
|
|
|
# Rabbitmq service
|
|
rabbitmq:
|
|
# Docker image to use
|
|
image: rabbitmq:alpine
|
|
|
|
# Additional env vars to set in the container
|
|
env: {}
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 200
|
|
memory: 180
|
|
memory_max: 256
|
|
|
|
# Volume used
|
|
volumes:
|
|
# This is for DocumentServer Data
|
|
data:
|
|
type: csi
|
|
source: '[[ .instance ]]-data'
|
|
destination: /var/lib/onlyoffice/documentserver/App_Data/
|
|
owner: 819
|
|
group: 819
|
|
|