diff --git a/CHANGELOG.md b/CHANGELOG.md index d20c13b..e22499a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## 2.3.2 2021-12-03 + + ### Added + - Allow abilities to use macros + - Allow unauthenticated metrics gathering + - Fix for Log rotation when LOG_TYPE=FILES + - Allow setting Admin JWT token lifetime + + ## 2.3.0 2021-12-02 ### Added diff --git a/README.md b/README.md index 9580594..f171954 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ This will build a Docker image for [Collabora Online](https://www.collaboraoffic - [Installation](#installation) - [Build from Source](#build-from-source) - [Prebuilt Images](#prebuilt-images) - - [Multi Architecture](#multi-archictecture) + - [Multi Architecture](#multi-architecture) - [Configuration](#configuration) - [Quick Start](#quick-start) - [Persistent Storage](#persistent-storage) @@ -80,14 +80,14 @@ docker pull tiredofit/collabora-online:(imagetag) The following image tags are available along with their taged release based on what's written in the [Changelog](CHANGELOG.md): -| LibreOffice version | Collabora Online version | Tag | -| ------------------- | ------------------------- | -------- | -| `2021` | `21.11.0` | `latest` | -| `2021` | `21.11.0` | `2.3.0` | -| `6.4.x` | `6.4.x` | `2.1` | -| `6.4.x` | `6.4.x` | `2.0` | -| `6.0.x` | `4.0.x` | `1.6` | -| `5.3.x` | `3.4.x` | `1.1` | +| LibreOffice version | Collabora Online version | Tag | +| ------------------- | ------------------------ | -------- | +| `2021` | `21.11.0` | `latest` | +| `2021` | `21.11.0` | `2.3.0` | +| `6.4.x` | `6.4.x` | `2.1` | +| `6.4.x` | `6.4.x` | `2.0` | +| `6.0.x` | `4.0.x` | `1.6` | +| `5.3.x` | `3.4.x` | `1.1` | #### Multi Architecture Images are built primarily for `amd64` architecture, and may also include builds for `arm/v6`, `arm/v7`, `arm64` and others. These variants are all unsupported. Consider [sponsoring](https://github.com/sponsors/tiredofit) my work so that I can work with various hardware. To see if this image supports multiple architecures, type `docker manifest (image):(tag)` @@ -104,13 +104,13 @@ Images are built primarily for `amd64` architecture, and may also include builds The following directories should be mapped for persistent storage in order to utilize the container effectively. -| Folder | Description | -| ------------------------ | ----------------------------------------------------------------------------------------------------------------------- | -| `/logs/` | Log files | +| Folder | Description | +| ------------------------ | --------------------------------------------------------------------------------------------------------------------- | +| `/logs/` | Log files | | `/assets/custom` | If you want to update the theme of Collabora online, dropping files in here will overwrite /opt/cool/share on startup | -| `/assets/custom-fonts` | (Optional) If you want to include custom truetype fonts, place them in this folder | -| `/assets/custom-scripts` | (Optional) If you want to execute a bash script before the application starts, drop your files here | -| `/etc/coolwsd/certs` | (Optional) If you would like to use your own certificates, map this volume and set appropriate variables | +| `/assets/custom-fonts` | (Optional) If you want to include custom truetype fonts, place them in this folder | +| `/assets/custom-scripts` | (Optional) If you want to execute a bash script before the application starts, drop your files here | +| `/etc/coolwsd/certs` | (Optional) If you would like to use your own certificates, map this volume and set appropriate variables | ### Environment Variables @@ -125,14 +125,18 @@ Be sure to view the following repositories to understand all the customizable op | [OS Base](https://github.com/tiredofit/docker-debian/) | Customized Image based on Debian Linux | #### General Usage -| Parameter | Description | Default | -| ------------------- | ------------------------------------------------------------------------------------------------------------------ | --------- | -| `SETUP_TYPE` | Automatically generate configuration with defaults. Set to `MANUAL` and map the configuration file to use your own | `AUTO` | -| `ALLOWED_HOSTS` | Set which domains which can access service Seperate Multiple with `,` - Example: `^(.*)\.example\.org` | `` | -| `EXTRA_OPTIONS` | If you want to pass additional arguments upon startup, add it here | `` | -| `INTERFACE` | Web interface type `classic` or `notebookbar` | `classic` | -| `WATERMARK_OPACITY` | Watermark Opacity | `0.2` | -| `WATERMARK_TEXT` | Text to display for watermark | `` | +| Parameter | Description | Default | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------ | --------- | +| `SETUP_TYPE` | Automatically generate configuration with defaults. Set to `MANUAL` and map the configuration file to use your own | `AUTO` | +| `ALLOWED_HOSTS` | Set which domains which can access service Seperate Multiple with `,` - Example: `^(.*)\.example\.org` | `` | +| `EXTRA_OPTIONS` | If you want to pass additional arguments upon startup, add it here | `` | +| `INTERFACE` | Web interface type `classic` or `notebookbar` | `classic` | +| `WATERMARK_OPACITY` | Watermark Opacity | `0.2` | +| `WATERMARK_TEXT` | Text to display for watermark | `` | +| `ENABLE_MACROS` | Enable Macros | `FALSE` | +| `MACRO_SECURITY_LEVEL` | Macro Security Level `1` Medium `0` Low | `1` | +| `ENABLE_METRICS_UNAUTHENTICATED` | Enable Unauthenticated Metrics | `FALSE` | + #### Administration | Parameter | Description | Default | @@ -140,6 +144,8 @@ Be sure to view the following repositories to understand all the customizable op | `ENABLE_ADMIN_CONSOLE` | Enable Administration Console | `TRUE` | | `ADMIN_USER` | User for accessing Administration Console | `admin` | | `ADMIN_PASS` | Password for accessing Administration Console | `collaboraonline` | +| `ADMIN_JWT_EXPIRY` | Admin JWT Expiry in seconds | `1800` | + #### Logging | Parameter | Description | Default | @@ -205,6 +211,8 @@ The image comes with English (US, GB, Canada variants) baked into the image, how | | `tr` | Turkish | | | `uk` | Ukranian | | | `vi` | Vietnamese | + + #### TLS Settings | Parameter | Description | Default | | -------------------------- | ------------------------------------------------------------------- | -------------------- | @@ -254,12 +262,12 @@ The image comes with English (US, GB, Canada variants) baked into the image, how | `ENABLE_CAPABILITIES` | Enable Capabilities | `TRUE` | | `ENABLE_CONFIG_RELOAD` | Enable Reload of coolwsd if config changed in container | `TRUE` | | `ENABLE_SECCOMP` | Enable Seccomp | `TRUE` | -| `LOLEAFLET_HTML` | Name of browser.html to use | `loleafet.html` | +| `LOLEAFLET_HTML` | Name of browser.html to use | `loleafet.html` | | `REDLINING_AS_COMMENTS` | Show red-lines as comments | `false` | | `DOCUMENT_SIGNING_URL` | Endpoint URL of signing server | `` | | `NETWORK_PROTOCOL` | Network Protocol `ipv4` `ipv6` `all` | `ipv4` | | `ENABLE_WEBDAV` | Enable WebDav Storage | `FALSE` | -| `FILE_SERVER_ROOT_PATH` | Path to directory considered as root | `browser/../` | +| `FILE_SERVER_ROOT_PATH` | Path to directory considered as root | `browser/../` | | `FRAME_ANCESTORS` | Hosts where interface van be hosted in Iframe | `` | | `ENABLE_MOUNT_JAIL` | Enable mounting jails | `true` | | `CHILD_ROOT_PATH` | Child root path | `child-roots` | @@ -273,9 +281,9 @@ This image comes with some highly opninionated default fonts by the LibreOffice The following ports are exposed. -| Port | Description | -| ------ | ------------------------ | -| `9980` | Collabora Web Services | +| Port | Description | +| ------ | ---------------------- | +| `9980` | Collabora Web Services | * * * ## Maintenance diff --git a/install/assets/defaults/10-coolwsd b/install/assets/defaults/10-coolwsd index 121ee44..1274fd0 100755 --- a/install/assets/defaults/10-coolwsd +++ b/install/assets/defaults/10-coolwsd @@ -1,8 +1,8 @@ #!/usr/bin/with-contenv bash -### Set Defaults -ALWAYS_SAVE_ON_EXIT=${ALWAYS_SAVE_ON_EXIT:-"false"} +ADMIN_JWT_EXPIRY=${ADMIN_JWT_EXPIRY:-"1800"} ALLOW_172_XX_SUBNET=${ALLOW_172_XX_SUBNET:-"TRUE"} +ALWAYS_SAVE_ON_EXIT=${ALWAYS_SAVE_ON_EXIT:-"false"} AUTO_SAVE=${AUTO_SAVE:-300} BATCH_PRIORITY=${BATCH_PRIORITY:-"5"} CHILD_ROOT_PATH=${CHILD_ROOT_PATH:-"child-roots"} @@ -16,6 +16,8 @@ ENABLE_ADMIN_CONSOLE=${ENABLE_ADMIN_CONSOLE:-"TRUE"} ENABLE_CAPABILITIES=${ENABLE_CAPABILITIES:-"true"} ENABLE_CLEANUP=${ENABLE_CLEANUP:-"false"} ENABLE_CONFIG_RELOAD=${ENABLE_CONFIG_RELOAD:-"TRUE"} +ENABLE_MACROS=${ENABLE_MACROS:-"FALSE"} +ENABLE_METRICS_UNAUTHENTICATED=${ENABLE_METRICS_UNAUTHENTICATED:-"FALSE"} ENABLE_MOUNT_JAIL=${ENABLE_MOUNT_JAIL:-"true"} ENABLE_SECCOMP=${ENABLE_SECCOMP:-"true"} ENABLE_TLS=${ENABLE_TLS:-"FALSE"} @@ -27,7 +29,7 @@ FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-0} IDLE_SAVE=${IDLE_SAVE:-30} IDLE_UNLOAD_TIMEOUT=${IDLE_UNLOAD_TIMEOUT:-3600} INTERFACE=${INTERFACE:-"classic"} -LANGUAGE=${LANGUAGE:-''} +LANGUAGE=${LANGUAGE:-'en_GB en_US'} LOG_ANONYMIZE=${LOG_ANONYMIZE:-"FALSE"} LOG_ANONYMIZE_SALT=${LOG_ANONYMIZE_SALT:-"$(date +%s%N | cut -b12-19)"} LOG_CLIENT_CONSOLE=${LOG_CLIENT_CONSOLE:-"false"} @@ -39,6 +41,7 @@ LOG_LIBREOFFICE=${LOG_LIBREOFFICE:-"-INFO-WARN"} LOG_PATH=${LOG_PATH:-"/logs/"} LOG_TYPE=${LOG_TYPE:-"CONSOLE"} LOLEAFLET_HTML=${LOLEAFLET_HTML:-"browser.html"} +MACRO_SECURITY_LEVEL=${MACRO_SECURITY_LEVEL:-"1"} MAX_CONVERT_LIMIT=${MAX_CONVERT_LIMIT:-100} MAX_FILE_LOAD_LIMIT=${MAX_FILE_LOAD_LIMIT:-100} MAX_OPEN_FILES=${MAX_OPEN_FILES:-0} @@ -59,4 +62,4 @@ TLS_CERT_PATH=${TLS_CERT_PATH:-"/etc/coolwsd/certs"} TLS_KEY_FILENAME=${TLS_KEY_FILENAME:-"key.pem"} USER_IDLE_TIMEOUT=${USER_IDLE_TIMEOUT:-900} USER_OUT_OF_FOCUS_TIMEOUT=${USER_OUT_OF_FOCUS_TIMEOUT:-60} -WATERMARK_OPACITY=${WATERMARK_OPACITY:-"0.2"} +WATERMARK_OPACITY=${WATERMARK_OPACITY:-"0.2"} \ No newline at end of file diff --git a/install/etc/cont-init.d/10-coolwsd b/install/etc/cont-init.d/10-coolwsd index d221c78..1a6f146 100755 --- a/install/etc/cont-init.d/10-coolwsd +++ b/install/etc/cont-init.d/10-coolwsd @@ -171,6 +171,10 @@ if [ "$SETUP_TYPE" = "AUTO" ]; then sed -i -e "s|.*<\/key_file_path>|${TLS_CERT_PATH}/${TLS_KEY_FILENAME}<\/key_file_path>|" /etc/coolwsd/coolwsd.xml sed -i -e "s|.*<\/seccomp>|${ENABLE_SECCOMP}<\/seccomp>|" /etc/coolwsd/coolwsd.xml sed -i -e "s|.*<\/capabilities>|${ENABLE_CAPABILITIES}<\/capabilities>|" /etc/coolwsd/coolwsd.xml + sed -i -e "s|.*<\/jwt_expiry_secs>|${ADMIN_JWT_EXPIRY}<\/jwt_expiry_secs>|" /etc/coolwsd/coolwsd.xml + sed -i -e "s|.*<\/enable_macros_execution>|${ENABLE_MACROS}<\/enable_macros_execution>|" /etc/coolwsd/coolwsd.xml + sed -i -e "s|.*<\/macro_security_level>|${MACRO_SECURITY_LEVEL}<\/macro_security_level>|" /etc/coolwsd/coolwsd.xml + sed -i -e "s|.*<\/enable_metrics_unauthenticated>|${ENABLE_METRICS_UNAUTHENTICATED}<\/enable_metrics_unauthenticated>|" /etc/coolwsd/coolwsd.xml sed -i -e "s|.*<\/opacity>|${WATERMARK_OPACITY}<\/opacity>|" /etc/coolwsd/coolwsd.xml sed -i -e "s|.*<\/text>|${WATERMARK_TEXT}<\/text>|" /etc/coolwsd/coolwsd.xml sed -i -e "s|.*<\/mode>|${INTERFACE}<\/mode>|" /etc/coolwsd/coolwsd.xml @@ -199,6 +203,7 @@ if [ "$SETUP_TYPE" = "AUTO" ]; then sed -i -e "s|.*<\/property>|${LOG_PATH}/${LOG_FILE}<\/property>|" /etc/coolwsd/coolwsd.xml sed -i -e "s|.*<\/property>|${LOG_FILE_FLUSH}<\/property>|" /etc/coolwsd/coolwsd.xml + sed -i -e "s|.*<\/property>|false<\/property>|" /etc/coolwsd/coolwsd.xml sed -i "s||${LOG_PATH}|g" /etc/logrotate.d/coolwsd else print_debug "Log: Console"