deblan-mirror/docker-collabora-online
1
0
Fork 0
mirror of https://github.com/tiredofit/docker-collabora-online.git synced 2026-03-14 14:25:49 +01:00
Code Issues Projects Releases Packages Wiki Activity

Release 24.04.8-2.1 - See CHANGELOG.md

Browse source
This commit is contained in:
dave@tiredofit.ca 2024-10-16 10:55:55 -07:00
commit 988d0dad42
6 changed files with 48 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

12
CHANGELOG.md
View file

@ -1,3 +1,15 @@
## 24.04.8-2.1 2024-10-16 <dave at tiredofit dot ca>
### Added
- Add accessibility toggle
- Add nss certificates path option
- Add document signing toggle
- Enable In APP config restart
### Changed
- Fix issue with capabilities and child processes
## 24.04.8-2 2024-10-09 <dave at tiredofit dot ca>
### Added

2
Dockerfile
View file

@ -247,7 +247,7 @@ RUN source /assets/functions/00-container && \
chown -R cool /opt/* && \
mkdir -p /var/cache/coolwsd && \
chown -R cool /var/cache/coolwsd && \
setcap cap_fowner,cap_chown,cap_mknod,cap_sys_chroot=ep /opt/cool/bin/coolforkit && \
setcap cap_fowner,cap_chown,cap_mknod,cap_sys_chroot=ep /opt/cool/bin/coolforkit-caps && \
setcap cap_sys_admin=ep /opt/cool/bin/coolmount && \
mkdir -p /usr/share/hunspell && \
mkdir -p /usr/share/hyphen && \

2
LICENSE
View file

@ -1,6 +1,6 @@
The MIT License (MIT)
Copyright (c) 2023 Dave Conroy
Copyright (c) 2024 Dave Conroy
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

6
README.md
View file

@ -142,6 +142,7 @@ Be sure to view the following repositories to understand all the customizable op
| `GROUP_DOWNLOAD_AS` | Group Download as Icons into dropdown in notebookbar view | `TRUE` |
| `WATERMARK_OPACITY` | Watermark Opacity | `0.2` |
| `WATERMARK_TEXT` | Text to display for watermark | `` |
| `ENABLE_DOCUMENT_SIGNING` | Enable Document Signing Settings | `TRUE` |
| `ENABLE_MACROS` | Enable Macros | `FALSE` |
| `MACRO_SECURITY_LEVEL` | Macro Security Level `1` Medium `0` Low | `1` |
| `ENABLE_METRICS_UNAUTHENTICATED` | Enable Unauthenticated Metrics | `FALSE` |
@ -326,15 +327,18 @@ Dont forget to add the according languages to the [`LANGUAGE`](#languages-for
#### Other Settings
| Parameter | Description | Default |
| ------------------------------ | ----------------------------------------------------------------------------------------------------------------- | ------------- |
| `CERTIFICATES_PATH` | Path to the NSS certificates that are available to all users | `` |
| `CHILD_ROOT_PATH` | Child root path | `child-roots` |
| `CONTENT_SECURITY_POLICY` | Content Security Policy | `` |
| `DOCUMENT_SIGNING_URL` | Endpoint URL of signing server | `` |
| `ENABLE_ACCESSIBILITY` | Enable Accessibility settings | `FALSE` |
| `ENABLE_CAPABILITIES` | Enable Capabilities | `TRUE` |
| `ENABLE_CONFIG_RELOAD` | Enable Reload of coolwsd if config changed in container | `TRUE` |
| `ENABLE_EXPERIMENTAL_FEATURES` | Enable experimental features | `FALSE` |
| `ENABLE_MOUNT_JAIL` | Enable mounting jails | `true` |
| `ENABLE_SECCOMP` | Enable Seccomp | `TRUE` |
| `FILE_SERVER_ROOT_PATH` | Path to directory considered as root | `browser/../` |
| `FRAME_ANCESTORS` | Hosts where interface can be hosted in Iframe | `` |
| `FRAME_ANCESTORS` | Hosts where interface can be hosted in IFrame *OBSOLETE* | `` |
| `HEXIFY_EMBEDDED_URLS` | Hexify Embedded URLS (useful for Azure deployments) | `FALSE` |
| `INDIRECTION_ENDPOINT` | URL endpoint to server which zervers routeToken in json format | |
| `PDF_RESOLUTION_DPI` | PDF Resolution DPI when rendering PDF documents as image | `96` |

5
install/assets/defaults/10-coolwsd
View file

@ -4,6 +4,7 @@ ADMIN_JWT_EXPIRY=${ADMIN_JWT_EXPIRY:-"1800"}
ALWAYS_SAVE_ON_EXIT=${ALWAYS_SAVE_ON_EXIT:-"false"}
AUTO_SAVE=${AUTO_SAVE:-300}
BATCH_PRIORITY=${BATCH_PRIORITY:-"5"}
CERTIFICATES_PATH=${CERTIFICATES_PATH:-""}
CHILD_ROOT_PATH=${CHILD_ROOT_PATH:-"child-roots"}
CLEANUP_BAD_BEHAVIOUR_TIME=${CLEANUP_BAD_BEHAVIOUR_TIME:-60}
CLEANUP_IDLE_TIME=${CLEANUP_IDLE_TIME:-300}
@ -11,13 +12,16 @@ CLEANUP_INTERVAL=${CLEANUP_INTERVAL:-"10000"}
CLEANUP_LIMIT_CPU_PER=${CLEANUP_LIMIT_CPU_PER:-85}
CLEANUP_LIMIT_DIRTY_MEMORY=${CLEANUP_LIMIT_DIRTY_MEMORY:-3072}
CONNECTION_TIMEOUT=${CONNECTION_TIMEOUT:-30}
CONTENT_SECURITY_POLICY=${CONTENT_SECURITY_POLICY:-""}
DEEPL_API_URL=${DEEPL_API_URL:-""}
DEEPL_AUTH_KEY=${DEEPL_AUTH_KEY:-""}
ENABLE_ACCESSIBILITY=${ENABLE_ACCESSIBILITY:-"FALSE"}
ENABLE_ADMIN_CONSOLE=${ENABLE_ADMIN_CONSOLE:-"TRUE"}
ENABLE_CAPABILITIES=${ENABLE_CAPABILITIES:-"true"}
ENABLE_CLEANUP=${ENABLE_CLEANUP:-"false"}
ENABLE_CONFIG_RELOAD=${ENABLE_CONFIG_RELOAD:-"TRUE"}
ENABLE_DEEPL=${ENABLE_DEEPL:-"FALSE"}
ENABLE_DOCUMENT_SIGNING=${ENABLE_DOCUMENT_SIGNING:-"TRUE"}
ENABLE_DOCUMENT_STATISTICS=${ENABLE_DOCUMENT_STATISTICS:-"FALSE"}
ENABLE_EXPERIMENTAL_FEATURES=${ENABLE_EXPERIMENTAL_FEATURES:-"false"}
ENABLE_FILES_QUARANTINE=${ENABLE_FILES_QUARANTINE:-"FALSE"}
@ -84,6 +88,7 @@ PDF_RESOLUTION_DPI=${PDF_RESOLUTION_DPI:-"96"}
PRESPAWN_CHILD_PROCESSES=${PRESPAWN_CHILD_PROCESSES:-1}
REDLINING_AS_COMMENTS=${REDLINING_AS_COMMENTS:-"false"}
REMOTE_FONT_URL=${REMOTE_FONT_URL:-""}
RESTART_CONFIG_EDIT=${RESTART_CONFIG_EDIT:-"TRUE"}
SETUP_TYPE=${SETUP_TYPE:-"AUTO"}
SYS_TEMPLATE_PATH=${SYS_TEMPLATE_PATH:-"systemplate"}
TLS_CA_FILENAME=${TLS_CA_FILENAME:-"ca-chain.cert.pem"}

29
install/etc/cont-init.d/10-coolwsd
View file

@ -132,7 +132,13 @@ fi
if [ "${SETUP_TYPE,,}" = "auto" ]; then
print_notice "Autogenerating Configuration File"
### Replace Configuration directives
sed -i -e "s|<allowed_languages \(.*\)>.*</allowed_languages>|<allowed_languages \1>${LANGUAGE}</allowed_languages>|g" /etc/coolwsd/coolwsd.xml
sed -i \
-e "s|<enable type=\"bool\" desc=\"Controls whether accessibility\"\(.*\)>.*</enable>|<enable type=\"bool\" desc=\"Controls whether accessibility\1>${ENABLE_ACCESSIBILITY,,}</enable>|" \
/etc/coolwsd/coolwsd.xml
sed -i \
-e "s|<allowed_languages \(.*\)>.*</allowed_languages>|<allowed_languages \1>${LANGUAGE}</allowed_languages>|g" \
/etc/coolwsd/coolwsd.xml
## Language Tool
sed -i \
@ -152,10 +158,13 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
/etc/coolwsd/coolwsd.xml
sed -i -e "s|<sys_template_path \(.*\)>.*</sys_template_path>|<sys_template_path \1>${SYS_TEMPLATE_PATH}</sys_template_path>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|<child_root_path \(.*\)>.*</child_root_path>|<child_root_path \1>${CHILD_ROOT_PATH}</child_root_path>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|<mount_jail_tree \(.*\)>.*</mount_jail_tree>|<mount_jail_tree \1>${ENABLE_MOUNT_JAIL,,}</mount_jail_tree>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|<server_name \(.*\)>.*</server_name>|<server_name \1>${HOSTNAME}</server_name>|" /etc/coolwsd/coolwsd.xml
sed -i \
-e "s|<sys_template_path \(.*\)>.*</sys_template_path>|<sys_template_path \1>${SYS_TEMPLATE_PATH}</sys_template_path>|" \
-e "s|<child_root_path \(.*\)>.*</child_root_path>|<child_root_path \1>${CHILD_ROOT_PATH}</child_root_path>|" \
-e "s|<mount_jail_tree \(.*\)>.*</mount_jail_tree>|<mount_jail_tree \1>${ENABLE_MOUNT_JAIL,,}</mount_jail_tree>|" \
/etc/coolwsd/coolwsd.xml
sed -i -e "s|<server_name \(.*\)>.*</server_name>|<server_name \1>${HOSTNAME}</server_name>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|<file_server_root_path \(.*\)>.*</file_server_root_path>|<file_server_root_path \1>${FILE_SERVER_ROOT_PATH}</file_server_root_path>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|<hexify_embedded_urls \(.*\)>.*<\/hexify_embedded_urls>|<hexify_embedded_urls \1>${HEXIFY_EMBEDDED_URLS,,}<\/hexify_embedded_urls>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|<experimental_features \(.*\)>.*<\/experimental_features>|<experimental_features \1>${ENABLE_EXPERIMENTAL_FEATURES,,}<\/experimental_features>|" /etc/coolwsd/coolwsd.xml
@ -245,6 +254,7 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
sed -i "/<alias_groups .*>/a \ <group><host desc=\"hostname to allow or deny.\" allow=\"true\">${host}</host></group>" /etc/coolwsd/coolwsd.xml
done
sed -i \
-e "s|<content_security_policy \(.*\)>.*<\/content_security_policy>|<content_security_policy \1>${CONTENT_SECURITY_POLICY}<\/content_security_policy>|" \
-e "s|<frame_ancestors \(.*\)>.*<\/frame_ancestors>|<frame_ancestors \1>${FRAME_ANCESTORS}<\/frame_ancestors>|" \
-e "s|<connection_timeout \(.*\)>.*<\/connection_timeout>|<connection_timeout \1>${CONNECTION_TIMEOUT}<\/connection_timeout>|" \
/etc/coolwsd/coolwsd.xml
@ -276,6 +286,10 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
-e "s|<enable_metrics_unauthenticated \(.*\)>.*<\/enable_metrics_unauthenticated>|<enable_metrics_unauthenticated \1>${ENABLE_METRICS_UNAUTHENTICATED,,}<\/enable_metrics_unauthenticated>|" \
/etc/coolwsd/coolwsd.xml
sed -i \
-e "s|<database_path\(.*\)>.*<\/database_path>|<database_path \1>${CERTIFICATES_PATH}<\/database_path>|" \
/etc/coolwsd/coolwsd.xml
## Watermark
sed -i \
-e "s|<opacity \(.*\)>.*<\/opacity>|<opacity \1>${WATERMARK_OPACITY}<\/opacity>|" \
@ -309,6 +323,9 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
## Remote Config
sed -i -e "s|<remote_url desc=\(.*\)>.*<\/remote_url>|<remote_url desc=\1>${REMOTE_URL}<\/remote_url>|" /etc/coolwsd/coolwsd.xml
## Stop and restart on Config Change
sed -i -e "s|<stop_on_config_change desc=\(.*\)>.*<\/stop_on_config_change>|<stop_on_config_change desc=\1>${ENABLE_CONFIG_RELOAD,,}<\/stop_on_config_change>|" /etc/coolwsd/coolwsd.xml
## Remote Fonts
sed -i -e "s|<url desc=\"URL of optional JSON\(.*\)>.*<\/url>|<url desc=\"URL of optional JSON\1>${REMOTE_FONT_URL}<\/url>|" /etc/coolwsd/coolwsd.xml
@ -336,6 +353,8 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
-e "s|<force .*=\"When enabled, all requests are redirected to WASM\(.*\)>.*<\/force>|<force desc=\"When enabled, all requests are redirected to WASM\1>${FORCE_WASM}<\/force>|" \
/etc/coolwsd/coolwsd.xml
## Document Signing
sed -i -e "s|<enable .*=\"Enable document signing\(.*\)>.*<\/enable>|<enable desc=\"Enable document signing\1>${ENABLE_DOCUMENT_SIGNING}<\/enable>|" /etc/coolwsd/coolwsd.xml
fi
# Generate WOPI proof key