deblan-mirror/docker-collabora-online
1
0
Fork 0
mirror of https://github.com/tiredofit/docker-collabora-online.git synced 2024-05-19 22:46:32 +02:00
Code Issues Packages Projects Releases Wiki Activity
docker-collabora-online/install/etc/cont-init.d/10-loolwsd
Dave Conroy e5efaa5ff4 Patchup for SSL
2019-07-16 14:02:58 -07:00

139 lines
8 KiB
Plaintext
Executable file
Raw Blame History

#!/usr/bin/with-contenv bash
### Set Debug Mode
if [ "$DEBUG_MODE" = "TRUE" ] || [ "$DEBUG_MODE" = "true" ]; then
set -x
fi
### Set Defaults
AUTO_SAVE=${AUTO_SAVE:-300}
ENABLE_ADMIN_CONSOLE=${ENABLE_ADMIN_CONSOLE:-"TRUE"}
ENABLE_TLS=${ENABLE_SSL:-"TRUE"}
ENABLE_TLS_CERT_GENERATE=${ENABLE_SSL_CERT_GENERATE:-"TRUE"}
ENABLE_TLS_REVERSE_PROXY=${ENABLE_SSL_REVERSE_PROXY:-"FALSE"}
FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-0}
IDLE_SAVE=${IDLE_SAVE:-30}
IDLE_UNLOAD_TIMEOUT=${IDLE_UNLOAD_TIMEOUT:-3600}
LOG_ANONYMIZE_FILES=${LOG_ANONYMIZE_FILES:-"FALSE"}
LOG_ANONYMIZE_USERS=${LOG_ANONYMIZE_USERS:-"FALSE"}
LOG_LEVEL=${LOG_LEVEL:-"information"}
LOG_TYPE=${LOG_TYPE:-"CONSOLE"}
MAX_FILE_LOAD_LIMIT=${MAX_FILE_LOAD_LIMIT:-100}
MAX_OPEN_FILES=${MAX_OPEN_FILES:-0}
MAX_THREADS_DOCUMENT=${MAX_THREADS_DOCUMENT:-4}
MEMORY_DATA_LIMIT=${MEMORY_DATA_LIMIT:-0}
MEMORY_STACK_LIMIT=${MEMORY_STACK_LIMIT:-8000}
MEMORY_USAGE_MAX=${MEMORY_USAGE_MAX:-"80.0"}
PRESPAWN_CHILD_PROCESSES=${PRESPAWN_CHILD_PROCESSES:-1}
SETUP_TYPE=${SETUP_TYPE:-"AUTO"}
TLS_CA_FILENAME=${TLS_CA_FILENAME:-"ca-chain.cert.pem"}
TLS_CERT_FILENAME=${TLS_CERT_FILENAME:-"cert.pem"}
TLS_CERT_PATH=${TLS_CERT_PATH:-"/etc/loolwsd/certs"}
TLS_KEY_FILENAME=${TLS_KEY_FILENAME:-"key.pem"}
USER_IDLE_TIMEOUT=${USER_IDLE_TIMEOUT:-900}
USER_OUT_OF_FOCUS_TIMEOUT=${USER_OUT_OF_FOCUS_TIMEOUT:-60}
mkdir -p /var/log/lool
touch /var/log/lool/loolwsd.log
chown -R lool /var/log/lool
rm /opt/lool/systemplate/etc/resolv.conf
ln -s /etc/resolv.conf /opt/lool/systemplate/etc/resolv.conf
### Custom File Support
if [ -d /assets/custom ] ; then
echo "** [libreoffice-online] Custom Files Found, Copying over top of Master.."
cp -R /assets/custom/* /opt/lool/share/
chown -R lool. /opt/lool/share/
fi
if [ "$ENABLE_SSL" = "TRUE" ]; then
if [ "$ENABLE_SSL_CERT_GENERATE" = "TRUE" ]; then
mkdir -p $TLS_CERT_PATH
# Generate new SSL certificate instead of using the default
echo "** [libreoffice-online] Auto Generating Self Signed Certificates"
mkdir -p /tmp/ssl/
cd /tmp/ssl/
mkdir -p certs/ca
openssl genrsa -out certs/ca/root.key.pem 2048
openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=XX/ST=XX/L=XX/O=Dummy
Authority/CN=Dummy Authority"
mkdir -p certs/{servers,tmp}
mkdir -p "certs/servers/localhost"
openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048
if test "${cert_domain-set}" == set; then
openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=localhost"
else
openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=${cert_domain}"
fi
openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131
mv certs/servers/localhost/privkey.pem ${TLS_CERT_PATH}/${TLS_KEY_FILENAME}
mv certs/servers/localhost/cert.pem ${TLS_CERT_PATH}/${TLS_KEY_FILENAME}
mv certs/ca/root.crt.pem ${TLS_CERT_PATH}/${TLS_CA_FILENAME}
rm -rf /tmp/ssl
chown -R lool ${TLS_CERT_PATH}
else
if [ ! -f "${TLS_CERT_PATH}/${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CERT_FILENAME}" ] ; then
echo ** [libreoffice-online] *** ERROR *** TLS Certificates missing. Please switch to autogenerate mode, or place your certifcates in the correct location.
fi
fi
fi
if [ "$SETUP_TYPE" = "AUTO" ]; then
echo '** [libreoffice-online] Autogenerating Configuration File'
### Replace Configuration directives
perl -pi -e "s/<allowed_languages (.*)>.*<\/allowed_languages>/<allowed_languages \1>${DICTIONARIES}<\/allowed_languages>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<autosave_duration_secs (.*)>.*<\/autosave_duration_secs>/<autosave_duration_secs \1>${AUTO_SAVE}<\/autosave_duration_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<ca_file_path (.*)>.*<\/ca_file_path>/<ca_file_path \1>${TLS_CERT_PATH}/${TLS_CA_FILENAME}<\/key_file_path>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<cert_file_path (.*)>.*<\/cert_file_path>/<cert_file_path \1>${TLS_CERT_PATH}/${TLS_CERT_FILENAME}<\/cert_file_path>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<idle_timeout_secs (.*)>.*<\/idle_timeout_secs>/<idle_timeout_secs \1>${IDLE_UNLOAD_TIMEOUT}<\/idle_timeout_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<idle_timeout_secs (.*)>.*<\/idle_timeout_secs>/<idle_timeout_secs \1>${USER_IDLE_TIMEOUT}<\/idle_timeout_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<idlesave_duration_secs (.*)>.*<\/idlesave_duration_secs>/<idlesave_duration_secs \1>${IDLE_SAVE}<\/idlesave_duration_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<key_file_path (.*)>.*<\/key_file_path>/<key_file_path \1>${TLS_CERT_PATH}/${TLS_KEY_FILENAME}<\/key_file_path>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<level (.*)>.*<\/level>/<level \1>${LOG_LEVEL}<\/level>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_data_mem_kb (.*)>.*<\/limit_data_mem_kb>/<limit_data_mem_kb \1>${MEMORY_DATA_LIMIT}<\/limit_data_mem_kb>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_file_size_mb (.*)>.*<\/limit_file_size_mb>/<limit_file_size_mb \1>${FILE_SIZE_LIMIT}<\/limit_file_size_mb>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_load_secs (.*)>.*<\/limit_load_secs>/<limit_load_secs \1>${MAX_FILE_LOAD_LIMIT}<\/limit_load_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_num_open_files (.*)>.*<\/limit_num_open_files>/<limit_num_open_files \1>${MAX_OPEN_FILES}<\/limit_num_open_files>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_stack_mem_kb (.*)>.*<\/limit_stack_mem_kb>/<limit_stack_mem_kb \1>${MEMORY_STACK_LIMIT}<\/limit_stack_mem_kb>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<max_concurrency (.*)>.*<\/max_concurrency>/<max_concurrency \1>${MAX_THREADS_DOCUMENT}<\/max_concurrency>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<memproportion (.*)>.*<\/memproportion>/<memproportion \1>${MEMORY_USAGE_MAX}<\/memproportion>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<num_prespawn_children (.*)>.*<\/num_prespawn_children>/<num_prespawn_children \1>${PRESPAWN_CHILD_PROCESSES}<\/num_prespawn_children>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<out_of_focus_timeout_secs (.*)>.*<\/out_of_focus_timeout_secs>/<out_of_focus_timeout_secs \1>${USER_OUT_OF_FOCUS_TIMEOUT}<\/out_of_focus_timeout_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<password (.*)>.*<\/password>/<password \1>${ADMIN_PASS}<\/password>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<server_name (.*)>.*<\/server_name>/<server_name \1>${HOSTNAME}<\/server_name>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<username (.*)>.*<\/username>/<username \1>${ADMIN_USER}<\/username>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/localhost<\/host>/${ALLOWED_HOSTS}<\/host>/g" /etc/loolwsd/loolwsd.xml
if [ "$ENABLE_ADMIN_CONSOLE" != "TRUE" ]; then
perl -pi -e "s/<enable desc=\"Enable the admin (.*)>.*<\/enable>/<enable \1>true<\/enable>/" /etc/loolwsd/loolwsd.xml
fi
if [ "$LOG_TYPE" = "FILE" ]; then
perl -pi -e "s/<file enable=\"false\"/<file enable=\"true\"/" /etc/loolwsd/loolwsd.xml
fi
if [ "$ENABLE_SSL" != "TRUE" ]; then
perl -pi -e "s/<enable type=\"bool\" desc=\"Controls(.*)>.*<\/enable>/<enable type=\"bool\" desc=\"Controls\1>false<\/enable>/" /etc/loolwsd/loolwsd.xml
fi
if [ "$ENABLE_SSL_REVERSE_PROXY" != "FALSE" ]; then
perl -pi -e "s/<termination (.*)>.*<\/termination>/<termination \1>true<\/termination>/" /etc/loolwsd/loolwsd.xml
fi
if [ "$LOG_ANONYMIZE_USERS" != "FALSE" ]; then
perl -pi -e "s/<usernames (.*)>.*<\/usernames>/<usernames \1>true<\/usernames>/" /etc/loolwsd/loolwsd.xml
fi
if [ "$LOG_ANONYMIZE_FILES" != "FALSE" ]; then
perl -pi -e "s/<filenames (.*)>.*<\/filenames>/<filenames \1>true<\/filenames>/" /etc/loolwsd/loolwsd.xml
fi
if [ "$LOG_TYPE" = "FILE" ]; then
perl -pi -e "s/<file enable=\"false\"/<file enable=\"true\"/" /etc/loolwsd/loolwsd.xml
fi
fi
mkdir -p /tmp/state
echo 'Initialization Complete' >/tmp/state/10-loolwsd-init
Reference in a new issue View git blame Copy permalink