commit 4df5c9fdf86f9a4e5b820b8d55560df664fa96dd Author: Dave Conroy Date: Sat Mar 24 13:07:22 2018 -0700 Initial Commit to Github diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..1c15adf --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,7 @@ +## 0.2 2018-03-19 + +* Working LibreOffice online 5.37.2 + +## 0.1 2018-03-18 + +* Initial Release diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..48e035b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,321 @@ +FROM tiredofit/debian:stretch +LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)" + +### Set Environment Variables +ENV ADMIN_USER=admin \ + ADMIN_PASS=libreoffice \ + LIBREOFFICE_BRANCH=master \ + LIBREOFFICE_COMMIT=376eaac300a303c4ad2193fb7f6a7522caf550b9 \ + LOOL_BRANCH=master \ + LOOL_COMMIT=fba8488b2549f531fcc0d4e1e7228a7345c2f57d \ + MAX_CONNECTIONS=2000 \ + MAX_DOCUMENTS=1000 \ + POCO_VERSION=1.9.0 + +### Add User Accounts +RUN useradd lool -G sudo && \ + mkdir /home/lool && \ + chown lool:lool /home/lool -R && \ + +### Add Repositories + echo "deb http://ftp.us.debian.org/debian/ jessie-backports main" >>/etc/apt/sources.list && \ + echo "deb-src http://ftp.us.debian.org/debian/ jessie-backports main" >>/etc/apt/sources.list && \ + echo "deb http://deb.debian.org/debian stretch contrib" >> /etc/apt/sources.list && \ + curl -sL https://deb.nodesource.com/setup_6.x | bash - && \ + +### Downgrade LibSSL + echo "Package: openssl libssl1.0.0 libssl-dev libssl-doc" >> /etc/apt/preferences.d/00_ssl && \ + echo "Pin: release a=jessie-backports" >> /etc/apt/preferences.d/00_ssl && \ + echo "Pin-Priority: 1001" >> /etc/apt/preferences.d/00_ssl && \ + apt-get update && \ + apt-get install openssl libssl-dev locales -y --allow-downgrades && \ + +### Setup Distribution + echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \ + apt-get upgrade -y && \ + apt-get install -y \ + ant \ + automake \ + bison \ + build-essential \ + ccache \ + cpio \ + doxygen \ + flex \ + g++ \ + git \ + gperf \ + graphviz \ + junit4 \ + libcap2-bin \ + libcap-dev \ + libcppunit-dev \ + libcppunit-doc \ + libcunit1 \ + libcunit1-dev \ + libcups2-dev \ + libegl1-mesa-dev \ + libfontconfig1-dev \ + libgl1-mesa-dev \ + libgstreamer1.0-dev \ + libgstreamer-plugins-base1.0-dev \ + libgtk2.0-dev \ + libgtk-3-dev \ + libkrb5-dev \ + libpam0g-dev \ + libpcap0.8 \ + libpcap0.8-dev \ + libpng16.16 \ + libpng-dev \ + libssl-dev \ + libtool \ + libxml2-utils \ + libxrandr-dev \ + libxrender-dev \ + libxslt1-dev \ + libxt-dev \ + lsof \ + m4 \ + make \ + nasm \ + nodejs \ + openjdk-8-jdk \ + openssl \ + pkg-config \ + procps \ + python3-dev \ + python-dev \ + python-lxml \ + python-polib \ + sudo \ + ttf-mscorefonts-installer \ + uuid-runtime \ + wget \ + xsltproc \ + zip \ + && \ + + apt-get build-dep -y \ + libreoffice \ + && \ + + +### Build and Install Poco Libraries + mkdir -p /usr/src/poco && \ + curl -sSL https://pocoproject.org/releases/poco-${POCO_VERSION}/poco-${POCO_VERSION}-all.tar.gz | tar xvfz - --strip 1 -C /usr/src/poco && \ + cd /usr/src/poco && \ + ./configure --prefix=/opt/poco && \ + make install + +### Build and Install Libreoffice (This'll take a while) +RUN git clone -b ${LIBREOFFICE_BRANCH} https://github.com/LibreOffice/core.git /usr/src/libreoffice-core && \ + cd /usr/src/libreoffice-core && \ + git reset --hard ${LIBREOFFICE_COMMIT} && \ + chown -R lool /usr/src/libreoffice-core && \ + echo "--disable-dbus \n\ +--disable-dconf \n\ +--disable-epm \n\ +--disable-evolution2 \n\ +--disable-ext-nlpsolver \n\ +--disable-ext-wiki-publisher \n\ +--disable-firebird-sdbc \n\ +--disable-gio \n\ +--disable-gstreamer-0-10 \n\ +--disable-gstreamer-1-0 \n\ +--disable-gtk \n\ +--disable-gtk3 \n\ +--disable-kde4 \n\ +--disable-odk \n\ +--disable-online-update \n\ +--disable-pdfimport \n\ +--disable-postgresql-sdbc \n\ +--disable-report-builder \n\ +--disable-scripting-beanshell \n\ +--disable-scripting-javascript \n\ +--disable-sdremote \n\ +--disable-sdremote-bluetooth \n\ +--enable-extension-integration \n\ +--enable-mergelibs \n\ +--enable-python=internal \n\ +--enable-release-build \n\ +--with-external-dict-dir=/usr/share/hunspell \n\ +--with-external-hyph-dir=/usr/share/hyphen \n\ +--with-external-thes-dir=/usr/share/mythes \n\ +--with-fonts \n\ +--with-galleries=no \n\ +--with-lang=\n\ +--with-linker-hash-style=both \n\ +--with-system-dicts \n\ +--with-system-zlib \n\ +--with-theme=tango \n\ +--without-branding \n\ +--without-help \n\ +--without-java \n\ +--without-junit \n\ +--without-myspell-dicts \n\ +--without-package-format \n\ +--without-system-jars \n\ +--without-system-jpeg \n\ +--without-system-libpng \n\ +--without-system-libxml \n\ +--without-system-openssl \n\ +--without-system-poppler \n\ +--without-system-postgresql \n\ +--prefix=/opt/libreoffice \n\ +" > /usr/src/libreoffice-core/distro-configs/LibreOfficeOnline.conf && \ + sudo -u lool ./autogen.sh --with-distro="LibreOfficeOnline" && \ + sudo -u lool make && \ + cd /usr/src/libreoffice-core && \ + mkdir -p /opt/libreoffice && \ + chown -R lool /opt/libreoffice && \ + sudo -u lool make install && \ + sudo -u lool cp -R /usr/src/libreoffice-core/instdir /opt/libreoffice/ && \ + cd /usr/src + +### Build LibreOffice Online (Not as long as above) +RUN git clone -b ${LOOL_BRANCH} https://github.com/LibreOffice/online.git /usr/src/libreoffice-online && \ + npm install -g npm && \ + npm install -g jake && \ + chown -R lool /usr/src/libreoffice-online && \ + cd /usr/src/libreoffice-online && \ + sudo -u lool git reset --hard ${LOOL_COMMIT} && \ + sudo -u lool ./autogen.sh && \ + sudo -u lool ./configure --enable-silent-rules \ + --with-lokit-path=/usr/src/libreoffice-online/bundled/include \ + --with-lo-path=/usr/src/libreoffice-online/instdir \ + --with-max-connections=${MAX_CONNECTIONS} \ + --with-max-documents=${MAX_DOCUMENTS} \ + --with-poco-includes=/opt/poco/include \ + --with-poco-libs=/opt/poco/lib \ + --with-logfile=/var/log/lool/lool.log \ + --prefix=/opt/lool \ + --sysconfdir=/etc \ + --localstatedir=/var && \ + sudo -u lool make -j$cpu && \ + mkdir -p /opt/lool && \ + chown -R lool /opt/lool && \ + sudo -u lool make install && \ + cd /usr/src && \ + +### Setup Directories and Permissions + mkdir -p /opt/lool/jails && \ + chown -R lool /opt/* && \ + mkdir -p /var/cache/loolwsd && \ + chown -R lool /var/cache/loolwsd && \ + mkdir -p /var/log/lool && \ + chown -R lool /var/log/lool && \ + setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /opt/lool/bin/loolforkit && \ + setcap cap_sys_admin=ep /opt/lool/bin/loolmount && \ + mkdir -p /usr/share/hunspell && \ + mkdir -p /usr/share/hyphen && \ + mkdir -p /usr/share/mythes && \ + +### Setup LibreOffice Online Jails + sudo -u lool /opt/lool/bin/loolwsd-systemplate-setup /opt/lool/systemplate /opt/libreoffice/instdir/ + +### Cleanup +RUN npm uninstall -g npm jake && \ + apt-get purge -y \ + ant \ + automake \ + binutils-mingw-w64-i686 \ + bison \ + build-essential \ + ccache \ + coinor-libcbc-dev \ + coinor-libcoinmp-dev \ + flex \ + g++ \ + gcc \ + gcc-6 \ + git \ + gperf \ + graphviz \ + java-common \ + junit4 \ + libcap-dev \ + libcppunit-dev \ + libcppunit-doc \ + libcunit1-dev \ + libegl1-mesa-dev \ + libfontconfig1-dev \ + libgl1-mesa-dev \ + libgtk-3-dev \ + libgtk2.0-dev \ + libkrb5-dev \ + libpam0g-dev \ + libpcap0.8 \ + libpcap0.8-dev \ + libpng-dev \ + librevenge-dev \ + libsane-dev \ + libssl-dev \ + libstdc++-6-dev \ + libvisio-dev \ + libwpg-dev \ + libxrandr-dev \ + libxrender-dev \ + libxslt1-dev \ + libxt-dev \ + linux-libc-dev \ + m4 \ + make \ + manpages \ + manpages-dev \ + mingw-w64-i686-dev \ + nasm \ + nodejs \ + openjdk-8-jdk \ + perl \ + pkg-config \ + python \ + python-dev \ + python-lxml \ + python-polib \ + python2.7-minimal \ + python3 \ + python3-dev \ + unixodbc-dev \ + wget \ + x11-* \ + zlib1g-dev \ + doxygen \ + libx11-doc \ + ucpp \ + libapache-pom-java \ + libx11-dev \ + libxdmcp-dev \ + libc-l10n \ + locales \ + lp-solve \ + fastjar \ + x11proto-core-dev \ + && \ + + apt-get purge --auto-remove -y && \ + +## Install Last little bit of packages that may have been removed during cleanup + apt-get install -y \ + cups \ + libgl1-mesa-glx \ + libsm6 \ + libx11-6 \ + && \ + + apt-get clean && \ + +## Filesystem Cleanup + rm -rf /usr/src/* && \ + rm -rf /home/lool/.npm /root/.npm && \ + rm -rf /home/lool/.ccache /root/.ccache && \ + rm -rf /usr/share/doc && \ + rm -rf /usr/share/man && \ + rm -rf /usr/share/locale && \ + rm -rf /var/lib/apt/lists/* && \ + rm -rf /var/log/* + +### Networking Configuration +EXPOSE 9980 + +### Assets +ADD install / diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..90cb01a --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2018 Dave Conroy + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..a6316bc --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +Dockerized LibreOffice Online using same variables as the CODE version. However Document Restrictions and User Restrictions have been +raised. Better Documentation coming. + diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml new file mode 100644 index 0000000..55d2917 --- /dev/null +++ b/examples/docker-compose.yml @@ -0,0 +1,25 @@ + libreoffice-app: + image: tiredofit/libreoffice-online + container_name: libreoffice-app + expose: + - 9980 + cap_add: + - MKNOD + environment: + - domain=allowedhostname.example.com + - VIRTUAL_HOST=libreoffice.example.com + - VIRTUAL_NETWORK=nginx-proxy + - VIRTUAL_PORT=9980 + - VIRTUAL_PROTO=https + - LETSENCRYPT_HOST=code.example.com + - LETSENCRYPT_EMAIL=techsupport@example.com + + - ZABBIX_HOSTNAME=libreoffice-app + networks: + - proxy-tier + +networks: + proxy-tier: + external: + name: nginx-proxy + diff --git a/install/etc/cont-init.d/10-loolwsd b/install/etc/cont-init.d/10-loolwsd new file mode 100755 index 0000000..ca2276e --- /dev/null +++ b/install/etc/cont-init.d/10-loolwsd @@ -0,0 +1,40 @@ +#!/usr/bin/with-contenv bash + +rm /opt/lool/systemplate/etc/resolv.conf +ln -s /etc/resolv.conf /opt/lool/systemplate/etc/resolv.conf + +if test "${DONT_GEN_SSL_CERT-set}" == set; then + +# Generate new SSL certificate instead of using the default +mkdir -p /tmp/ssl/ +cd /tmp/ssl/ +mkdir -p certs/ca +openssl genrsa -out certs/ca/root.key.pem 2048 +openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=XX/ST=XX/L=XX/O=Dummy +Authority/CN=Dummy Authority" +mkdir -p certs/{servers,tmp} +mkdir -p "certs/servers/localhost" +openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048 -key "certs/servers/localhost/privkey.pem" +if test "${cert_domain-set}" == set; then + openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=localhost" +else + openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=${cert_domain}" +fi +openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131 +mv certs/servers/localhost/privkey.pem /etc/loolwsd/key.pem +mv certs/servers/localhost/cert.pem /etc/loolwsd/cert.pem +mv certs/ca/root.crt.pem /etc/loolwsd/ca-chain.cert.pem +rm -rf /tmp/ssl +fi + +# Replace trusted host and set admin username and password +perl -pi -e "s/localhost<\/host>/${domain}<\/host>/g" /etc/loolwsd/loolwsd.xml +perl -pi -e "s/.*<\/username>/${username}<\/username>/" /etc/loolwsd/loolwsd.xml +perl -pi -e "s/.*<\/password>/${password}<\/password>/" /etc/loolwsd/loolwsd.xml +perl -pi -e "s/.*<\/server_name>/${server_name}<\/server_name>/" /etc/loolwsd/loolwsd.xml + +mkdir -p /var/log/lool +chown -R lool /var/log/lool + +mkdir -p /tmp/state +echo 'Initialization Complete' >/tmp/state/10-loolwsd-init diff --git a/install/etc/logrotate.d/loolwsd b/install/etc/logrotate.d/loolwsd new file mode 100644 index 0000000..a3c1fe3 --- /dev/null +++ b/install/etc/logrotate.d/loolwsd @@ -0,0 +1,13 @@ +/var/log/lool/*.log { + daily + ifempty + rotate 7 + missingok + compress + dateext + sharedscripts + postrotate + s6-svc -h /var/run/s6/services/10-loolwsd + endscript +} + diff --git a/install/etc/s6/services/10-loolwsd/run b/install/etc/s6/services/10-loolwsd/run new file mode 100755 index 0000000..d2af968 --- /dev/null +++ b/install/etc/s6/services/10-loolwsd/run @@ -0,0 +1,14 @@ +#!/usr/bin/with-contenv bash + +while [ ! -f /tmp/state/10-loolwsd-init ] +do + sleep 1 +done + +if [ ! -f /tmp/state/10-loolwsd ]; then + touch /tmp/state/10-loolwsd +fi + +echo '**' +echo '** [libreoffice-online] Starting loolwsd' +exec s6-setuidgid lool /opt/lool/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:lo_template_path=/opt/libreoffice/instdir --o:child_root_path=/opt/lool/jails --o:file_server_root_path=/opt/lool/share/loolwsd storage.filesystem[@allow]=true --o:admin_console.username=${ADMIN_USER} --o:admin_console.password=${ADMIN_PASS} > /var/log/lool/loolwsd.log