#!/usr/bin/with-contenv bash
source /assets/functions/00-container
prepare_service single
prepare_service 03-monitoring
PROCESS_NAME="collabora-online"
transform_file_var \
ADMIN_USER \
ADMIN_PASS \
DEEPL_API_URL \
DEEPL_AUTH_KEY \
LANGUAGE_TOOL_USER_NAME \
LANGUAGE_TOOL_REST_PROTOCOL
sanity_var "ALLOWED_HOSTS" "Allowed Hostnames"
print_debug "Creating directories and setting up logging"
mkdir -p "${LOG_PATH}"
touch "${LOG_PATH}"/"${LOG_FILE}"
chown -R cool "${LOG_PATH}"
print_debug "Setting up DNS Resolution"
rm /opt/cool/systemplate/etc/resolv.conf
cp /etc/hosts /opt/cool/systemplate/etc/
cp /etc/resolv.conf /opt/cool/systemplate/etc/
## Custom Dictionary Support
if [ -n "${DICTIONARIES}" ]; then
langs=$(echo "${DICTIONARIES}" | tr "," "\n")
print_notice "Setting up custom dictionary support - Please wait.."
silent apt-get update
for lang in $langs
do
print_notice "Adding dictionary for '${lang}' - Please wait.."
case "${lang}" in
"de" )
silent apt-get install -y hunspell-de-de
cp -R /usr/share/hunspell/de*.{aff,dic} /opt/libreoffice/share/extensions/dict-de/
;;
"en-au" )
silent apt-get install -y hunspell-en-au
cp -R /usr/share/hunspell/en*.{aff,dic} /opt/libreoffice/share/extensions/dict-en/
;;
"en-za" )
silent apt-get install -y hunspell-en-za
cp -R /usr/share/hunspell/en*.{aff,dic} /opt/libreoffice/share/extensions/dict-en/
;;
"pt-br" )
silent apt-get install -y hunspell-pt-br
cp -R /usr/share/hunspell/pt*.{aff,dic} /opt/libreoffice/share/extensions/dict-pt-BR/
;;
"pt-pt" )
silent apt-get install -y hunspell-pt-pt
cp -R /usr/share/hunspell/pt*.{aff,dic} /opt/libreoffice/share/extensions/dict-pt-PT/
;;
* )
silent apt-get install -y hunspell-"${lang}"
cp -R /usr/share/hunspell/"${lang}"*.{aff,dic} /opt/libreoffice/share/extensions/dict-"${lang}"/
;;
esac
done
silent apt-get clean
rm -rf /var/lib/apt/lists/*
chown -R cool. /opt/libreoffice/share/extensions/*
rm -rf /opt/cool/systemplate/*
silent sudo -u cool /opt/cool/bin/coolwsd-systemplate-setup /opt/cool/systemplate /opt/libreoffice
fi
custom_files "${CONTAINER_CUSTOM_PATH}" /opt/cool/share/ cool cool
custom_scripts
### Load Custom Fonts
if [ -d /assets/custom-fonts/ ] ; then
print_warn "Found Custom Fonts to insert"
chown -R cool /assets/custom-fonts
chmod +rx /assets/custom-fonts
ln -s /assets/custom-fonts /usr/share/fonts/truetype/custom
silent fc-cache -f -v
rm -rf /opt/cool/systemplate/*
silent sudo -u cool /opt/cool/bin/coolwsd-systemplate-setup /opt/cool/systemplate /opt/libreoffice
fi
if var_true "${ENABLE_TLS}" ; then
print_debug "TLS Enabled"
if [ ! -d "${TLS_CERT_PATH}" ] || [ ! -f "${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_FILENAME}" ] ; then
print_debug "No TLS Certificates found"
if var_true "${ENABLE_TLS_CERT_GENERATE}" ; then
print_debug "TLS Certificate Autogeneration"
mkdir -p "$TLS_CERT_PATH"
# Generate new SSL certificate instead of using the default
print_notice "Auto Generating Self Signed Certificates"
mkdir -p /tmp/ssl/
cd /tmp/ssl/
mkdir -p certs/ca
silent openssl genrsa -out certs/ca/root.key.pem 2048
silent openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=XX/ST=XX/L=XX/O=Dummy
Authority/CN=Dummy Authority"
mkdir -p certs/{servers,tmp}
mkdir -p "certs/servers/localhost"
silent openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048
if test "${cert_domain-set}" == set; then
silent openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=localhost"
else
silent openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=${cert_domain}"
fi
silent openssl x509 -req -in "certs/tmp/localhost.csr.pem" -CA "certs/ca/root.crt.pem" -CAkey "certs/ca/root.key.pem" -CAcreateserial -out "certs/servers/localhost/cert.pem" -days 9131
cp -R certs/servers/localhost/privkey.pem "${TLS_CERT_PATH}"/"${TLS_KEY_FILENAME}"
cp -R certs/servers/localhost/cert.pem "${TLS_CERT_PATH}"/"${TLS_CERT_FILENAME}"
cp -R certs/ca/root.crt.pem "${TLS_CERT_PATH}"/"${TLS_CA_FILENAME}"
rm -rf /tmp/ssl
chown -R cool "${TLS_CERT_PATH}"
else
if [ ! -f "${TLS_CERT_PATH}"/"${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}"/"${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}"/"${TLS_CERT_FILENAME}" ] ; then
print_error "TLS Certificates missing... Please switch to autogenerate mode, or place your certifcates in the correct location."
exit 1
fi
fi
fi
fi
if [ "${SETUP_TYPE,,}" = "auto" ]; then
print_notice "Autogenerating Configuration File"
### Replace Configuration directives
sed -i -e "s|.*|${LANGUAGE}|g" /etc/coolwsd/coolwsd.xml
## Language Tool
sed -i \
-e "s|.*|${ENABLE_LANGUAGE_TOOL,,}|g" \
-e "s|.*<\/base_url>|${LANGUAGE_TOOL_BASE_URL}<\/base_url>|" \
-e "s|.*<\/user_name>|${LANGUAGE_TOOL_USER_NAME}<\/user_name>|" \
-e "s|.*<\/api_key>|${LANGUAGE_TOOL_API_KEY}<\/api_key>|" \
-e "s|.*<\/ssl_verification>|${LANGUAGE_TOOL_SSL_VERIFY,,}<\/ssl_verification>|" \
-e "s|.*<\/rest_protocol>|${LANGUAGE_TOOL_REST_PROTOCOL,,}<\/rest_protocol>|" \
/etc/coolwsd/coolwsd.xml
## DeepL
sed -i \
-e "s|.*|${ENABLE_DEEPL,,}|g" \
-e "s|.*<\/api_url>|${DEEPL_API_URL}<\/api_url>|" \
-e "s|.*<\/auth_key>|${DEEPL_AUTH_KEY}<\/auth_key>|g" \
/etc/coolwsd/coolwsd.xml
sed -i -e "s|.*|${SYS_TEMPLATE_PATH}|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*|${CHILD_ROOT_PATH}|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*|${ENABLE_MOUNT_JAIL,,}|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*|${HOSTNAME}|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*|${FILE_SERVER_ROOT_PATH}|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*<\/hexify_embedded_urls>|${HEXIFY_EMBEDDED_URLS,,}<\/hexify_embedded_urls>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*<\/experimental_features>|${ENABLE_EXPERIMENTAL_FEATURES,,}<\/experimental_features>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*|${MEMORY_USAGE_MAX}|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*|${PRESPAWN_CHILD_PROCESSES}|" /etc/coolwsd/coolwsd.xml
## Per Document
sed -i \
-e "s|.*<\/max_concurrency>|${MAX_THREADS_DOCUMENT}<\/max_concurrency>|" \
-e "s|.*<\/batch_priority>|${BATCH_PRIORITY}<\/batch_priority>|" \
-e "s|.*<\/document_signing_url>|${DOCUMENT_SIGNING_URL}<\/document_signing_url>|" \
-e "s|.*<\/redlining_as_comments>|${REDLINING_AS_COMMENTS}<\/redlining_as_comments>|" \
-e "s|.*<\/pdf_resolution_dpi>|${PDF_RESOLUTION_DPI}<\/pdf_resolution_dpi>|" \
-e "s|.*<\/idle_timeout_secs>|${IDLE_UNLOAD_TIMEOUT}<\/idle_timeout_secs>|" \
-e "s|.*<\/idlesave_duration_secs>|${IDLE_SAVE}<\/idlesave_duration_secs>|" \
-e "s|.*<\/autosave_duration_secs>|${AUTO_SAVE}<\/autosave_duration_secs>|" \
-e "s|.*<\/always_save_on_exit>|${ALWAYS_SAVE_ON_EXIT}<\/always_save_on_exit>|" \
-e "s|.*<\/limit_virt_mem_mb>|${MEMORY_VIRT_LIMIT}<\/limit_virt_mem_mb>|" \
-e "s|.*<\/limit_stack_mem_kb>|${MEMORY_STACK_LIMIT}<\/limit_stack_mem_kb>|" \
-e "s|.*<\/limit_file_size_mb>|${FILE_SIZE_LIMIT}<\/limit_file_size_mb>|" \
-e "s|.*<\/limit_num_open_files>|${MAX_OPEN_FILES}<\/limit_num_open_files>|" \
-e "s|.*<\/limit_load_secs>|${MAX_FILE_LOAD_LIMIT}<\/limit_load_secs>|" \
-e "s|.*<\/limit_convert_secs>|${MAX_CONVERT_LIMIT}<\/limit_convert_secs>|" \
-e "s|.*<\/min_time_between_saves_ms>|${MIN_TIME_BETWEEN_SAVES}<\/min_time_between_saves_ms>|" \
-e "s|.*<\/min_time_between_uploads_ms>|${MIN_TIME_BETWEEN_UPLOADS}<\/min_time_between_uploads_ms>|" \
/etc/coolwsd/coolwsd.xml
## Cleanup
sed -i \
-e "s|.*>|${ENABLE_CLEANUP},,>|" \
-e "s|.*<\/cleanup_interval_ms>|${CLEANUP_INTERVAL}<\/cleanup_interval_ms>|" \
-e "s|.*<\/bad_behavior_period_secs>|${CLEANUP_BAD_BEHAVIOUR_TIME}<\/bad_behavior_period_secs>|" \
-e "s|.*<\/|<${CLEANUP_IDLE_TIME}<\/|" \
-e "s|.*<\/limit_dirty_mem_mb>|${CLEANUP_LIMIT_DIRTY_MEMORY}<\/limit_dirty_mem_mb>|" \
-e "s|.*<\/limit_cpu_per>|${CLEANUP_LIMIT_CPU_PER}<\/limit_cpu_per>|" \
/etc/coolwsd/coolwsd.xml
## Per View Settings
sed -i \
-e "s|.*<\/group_download_as>|${GROUP_DOWNLOAD_AS,,}<\/group_download_as>|" \
-e "s|.*<\/out_of_focus_timeout_secs>|${USER_OUT_OF_FOCUS_TIMEOUT}<\/out_of_focus_timeout_secs>|" \
-e "s|.*<\/idle_timeout_secs>|${USER_IDLE_TIMEOUT}<\/idle_timeout_secs>|" \
/etc/coolwsd/coolwsd.xml
sed -i -e "s|.*<\/ver_suffix>|${VERSION_SUFFIX}<\/ver_suffix>|" /etc/coolwsd/coolwsd.xml
## Logging
sed -i \
-e "s|.*<\/color>|${LOG_COLOURIZE}<\/color>|" \
-e "s|.*<\/level>|${LOG_LEVEL,,}<\/level>|" \
-e "s|.*<\/protocol>|${LOG_CLIENT_CONSOLE}<\/protocol>|" \
-e "s|.*<\/lokit_sal_log>|${LOG_LIBREOFFICE}<\/lokit_sal_log>|" \
-e "s|.*<\/browser_logging>|${LOG_CLIENT_CONSOLE}<\/browser_logging>|" \
-e "s|.*<\/protocol>|${LOG_PROTOCOL,,}<\/protocol>|" \
-e "s|.*<\/most_verbose_level_settable_from_client>|${LOG_LEVEL_CLIENT_MOST_VERBOSE}<\/most_verbose_level_settable_from_client>|" \
-e "s|.*<\/least_verbose_level_settable_from_client>|${LOG_LEVEL_CLIENT_LEAST_VERBOSE}<\/least_verbose_level_settable_from_client>|" \
/etc/coolwsd/coolwsd.xml
if [ "${LOG_TYPE,,}" = "file" ]; then
sed -i \
-e "s|.*<\/property>|${LOG_PATH}/${LOG_FILE}<\/property>|" \
-e "s|.*<\/property>|${LOG_FILE_FLUSH}<\/property>|" \
-e "s|.*<\/property>|false<\/property>|" \
/etc/coolwsd/coolwsd.xml
create_logrotate cool "${LOG_PATH}"/"${LOG_FILE}" none cool cool
else
print_debug "Log: Console"
fi
if var_true "${LOG_ANONYMIZE}"; then
sed -i \
-e "s|.*<\/anonymize_user_data>|${LOG_ANONYMIZE}<\/anonymize_user_data>|" \
-e "s|.*<\/anonymization_salt>|${LOG_ANONYMIZE_SALT}<\/anonymization_salt>|" \
/etc/coolwsd/coolwsd.xml
fi
sed -i -e "s|.*<\/docstats>|${ENABLE_DOCUMENT_STATISTICS,,}<\/docstats>|" /etc/coolwsd/coolwsd.xml
sed -i -e "s|.*<\/userstats>|${ENABLE_USER_STATISTICS,,}<\/userstats>|" /etc/coolwsd/coolwsd.xml
## Network
### Allowed Hosts
sed -i -e 's|||' /etc/coolwsd/coolwsd.xml
allowed_hosts=$(echo "${ALLOWED_HOSTS}" | tr "," "\n")
for host in $allowed_hosts; do
print_info "Adding Allowed Host: ${host}"
sed -i "//a \ ${host}" /etc/coolwsd/coolwsd.xml
done
sed -i \
-e "s|.*<\/frame_ancestors>|${FRAME_ANCESTORS}<\/frame_ancestors>|" \
-e "s|.*<\/connection_timeout>|${CONNECTION_TIMEOUT}<\/connection_timeout>|" \
/etc/coolwsd/coolwsd.xml
## SSL
if var_false "${ENABLE_TLS}" ; then
sed -i -E "s|.*<\/enable>|false<\/enable>|" /etc/coolwsd/coolwsd.xml
fi
if var_true "${ENABLE_TLS_REVERSE_PROXY}" ; then
sed -i -e "s|.*<\/termination>|true<\/termination>|" /etc/coolwsd/coolwsd.xml
else
sed -i -e "s|.*<\/termination>|false<\/termination>|" /etc/coolwsd/coolwsd.xml
fi
sed -i \
-e "s|.*<\/ca_file_path>|${TLS_CERT_PATH}/${TLS_CA_FILENAME}<\/ca_file_path>|" \
-e "s|.*<\/cert_file_path>|${TLS_CERT_PATH}/${TLS_CERT_FILENAME}<\/cert_file_path>|" \
-e "s|.*<\/key_file_path>|${TLS_CERT_PATH}/${TLS_KEY_FILENAME}<\/key_file_path>|" \
/etc/coolwsd/coolwsd.xml
## Security
sed -i \
-e "s|.*<\/seccomp>|${ENABLE_SECCOMP,,}<\/seccomp>|" \
-e "s|.*<\/capabilities>|${ENABLE_CAPABILITIES,,}<\/capabilities>|" \
-e "s|.*<\/jwt_expiry_secs>|${ADMIN_JWT_EXPIRY}<\/jwt_expiry_secs>|" \
-e "s|.*<\/enable_macros_execution>|${ENABLE_MACROS,,}<\/enable_macros_execution>|" \
-e "s|.*<\/macro_security_level>|${MACRO_SECURITY_LEVEL}<\/macro_security_level>|" \
-e "s|.*<\/enable_metrics_unauthenticated>|${ENABLE_METRICS_UNAUTHENTICATED,,}<\/enable_metrics_unauthenticated>|" \
/etc/coolwsd/coolwsd.xml
## Watermark
sed -i \
-e "s|.*<\/opacity>|${WATERMARK_OPACITY}<\/opacity>|" \
-e "s|.*<\/text>|${WATERMARK_TEXT}<\/text>|" \
/etc/coolwsd/coolwsd.xml
## User Interface
sed -i \
-e "s|.*<\/mode>|${INTERFACE}<\/mode>|" \
-e "s|.*<\/use_integration_theme>|${USE_INTEGRATOR_THEME,,}<\/use_integration_theme>|" \
/etc/coolwsd/coolwsd.xml
sed -i -e "s|.*<\/tile_cache_persistent>|${ENABLE_TILES_CACHE,,}<\/tile_cache_persistent>|" /etc/coolwsd/coolwsd.xml
## Admin Console
sed -i \
-e "s|.*<\/enable>|${ENABLE_ADMIN_CONSOLE,,}<\/enable>|" \
-e "s|.*<\/username>|${ADMIN_USER}<\/username>|" \
-e "s|.*<\/password>|${ADMIN_PASS}<\/password>|" \
/etc/coolwsd/coolwsd.xml
## Quarantine Files
sed -i \
-e "s|| enable=\"${ENABLE_FILES_QUARANTINE,,}\">|" \
-e "s|.*<\/limit_dir_size_mb>|${FILES_QUARANTINE_DIRECTORY_SIZE_LIMIT}<\/limit_dir_size_mb>|" \
-e "s|.*<\/path>|${FILES_QUARANTINE_PATH}<\/path>|" \
-e "s|.*<\/max_versions_to_maintain>|${FILES_QUARANTINE_MAX_VERSIONS}<\/max_versions_to_maintain>|" \
-e "s|.*<\/expiry_min>|${FILES_QUARANTINE_EXPIRY}<\/expiry_min>|" \
/etc/coolwsd/coolwsd.xml
## Remote Config
sed -i -e "s|.*<\/remote_url>|${REMOTE_URL}<\/remote_url>|" /etc/coolwsd/coolwsd.xml
## Remote Fonts
sed -i -e "s|.*<\/url>|${REMOTE_FONT_URL}<\/url>|" /etc/coolwsd/coolwsd.xml
## Home Mode
sed -i -e "s|.*<\/enable>|${ENABLE_HOME_MODE,,}<\/enable>|g" /etc/coolwsd/coolwsd.xml
## Fonts Missing
sed -i -e "s|.*<\/handling>|${FONTS_MISSING_ACTION}<\/handling>|" /etc/coolwsd/coolwsd.xml
## Indirection Endpoint
sed -i -e "s|.*<\/url>|${INDIRECTION_ENDPOINT}<\/url>|" /etc/coolwsd/coolwsd.xml
## Zotero
sed -i -e "s|.*<\/url>|${ENABLE_ZOTERO}<\/enable>|" /etc/coolwsd/coolwsd.xml
fi
# Generate WOPI proof key
if [ ! -f /etc/coolwsd/proof_key.pub ]; then
silent /opt/cool/bin/coolwsd-generate-proof-key
fi
# Enable Config Reload (Restart when /etc/coolwsd/coolwsd.xml changes)
if var_false "${ENABLE_CONFIG_RELOAD}" ; then
print_debug "Disabling Automatic Configuration Reloader"
rm -rf /etc/services.available/11-inotify
fi
print_info "Container Initialization Complete"
liftoff