Release 2.0.0 - See CHANGELOG.md

This commit is contained in:
Dave Conroy 2021-02-19 18:51:09 -08:00
parent 9dcd66f56a
commit 37e2bce1ab
16 changed files with 508 additions and 289 deletions

6
.gitignore vendored Normal file
View File

@ -0,0 +1,6 @@
/build-assets/container/*
!/build-assets/container/.empty
/build-assets/core/*
!/build-assets/core/.empty
/build-assets/online/*
!/build-assets/online/.empty

View File

@ -1,7 +1,18 @@
## 2.0.0 2021-02-20 <dave at tiredofit dot ca>
### Added
- Refreshed Image = Lots more environment variables (See README)
- Debian Buster base
- Libreoffice 6.4-23
- Libreoffice Online 6.4.6-4
### Fixed
- TLS Issues
## 1.6.1 2020-01-21 <joergmschulz at github>
### Fixed
- Misquote in the startup script
- Misquote in the startup script
## 1.6.0 2020-01-12 <dave at tiredofit dot ca>

View File

@ -1,26 +1,42 @@
FROM tiredofit/debian:stretch as builder
FROM tiredofit/debian:buster as builder
LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
### Set Environment Variables
ENV LIBREOFFICE_BRANCH=master \
## cp-6.0.30
LIBREOFFICE_COMMIT=3ef1164bc3a13af481102e0abef06929c53bad8b \
LOOL_BRANCH=master \
## 4.0.4.1
LOOL_COMMIT=a2132266584381c875fa707446417e259753e2f5 \
MAX_CONNECTIONS=5000 \
### Buildtime arguments
ARG LIBREOFFICE_BRANCH
ARG LIBREOFFICE_VERSION
ARG LIBREOFFICE_REPO_URL
ARG LOOL_BRANCH
ARG LOOL_VERSION
ARG LOOL_REPO_URL
ARG MAX_CONNECTIONS
ARG MAX_DOCUMENTS
### Environment Variables
ENV LIBREOFFICE_BRANCH=${LIBREOFFICE_BRANCH:-"master"} \
LIBREOFFICE_VERSION=${LIBREOFFICE_VERSION:-"cp-6.4-23"} \
LIBREOFFICE_REPO_URL=${LIBREOFFICE_REPO_URL:-"https://github.com/LibreOffice/core"} \
#
LOOL_BRANCH=${LOOL_BRANCH:-"master"} \
LOOL_VERSION=${LOOL_VERSION:-"cp-6.4.6-2"} \
LOOL_REPO_URL=${LOOL_REPO_URL:-"https://github.com/CollaboraOnline/online"} \
#
POCO_VERSION=${POCO_VERSION:-"poco-1.10.1-release.tar.gz"} \
POCO_URL=${POCO_URL:-"https://github.com/pocoproject/poco/archive/"} \
#
MAX_CONNECTIONS=${MAX_CONNECTIONS:-"5000"} \
## Uses Approximately 20mb per document open
MAX_DOCUMENTS=5000 \
POCO_VERSION=1.9.0
MAX_DOCUMENTS=${MAX_DOCUMENTS:-"5000"}
ADD build-assets /build-assets
### Get Updates
RUN set -x && \
### Add Repositories
apt-get update && \
apt-get -o Dpkg::Options::="--force-confold" upgrade -y && \
echo "deb-src http://deb.debian.org/debian stretch main" >> /etc/apt/sources.list && \
echo "deb http://deb.debian.org/debian stretch contrib" >> /etc/apt/sources.list && \
curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
echo "deb-src http://deb.debian.org/debian buster main" >> /etc/apt/sources.list && \
echo "deb http://deb.debian.org/debian buster contrib" >> /etc/apt/sources.list && \
curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
\
### Setup Distribution
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
@ -29,154 +45,121 @@ RUN set -x && \
useradd lool -G sudo && \
chown lool:lool /home/lool -R && \
\
## Add Build Dependencies
apt-get install -y \
BUILD_DEPS=' \
adduser \
automake \
build-essential \
cpio \
default-jre \
devscripts \
fontconfig \
g++ \
git \
inotify-tools \
libcap-dev \
libcap2-bin \
libcppunit-dev \
libghc-zlib-dev \
libkrb5-dev \
libpam-dev \
libpam0g-dev \
libpng16-16 \
libssl-dev \
libtool \
libubsan1 \
locales-all \
m4 \
nasm \
nodejs \
openssl \
pkg-config \
procps \
python3-lxml \
python3-polib \
python-polib \
sudo \
translate-toolkit \
ttf-mscorefonts-installer \
wget \
' && \
## Add Build Dependencies
apt-get install -y \
${BUILD_DEPS} \
&& \
\
apt-get build-dep -y \
libreoffice \
&& \
\
### Build and Install Poco Libraries
### Build Poco
mkdir -p /usr/src/poco && \
curl -sSL https://pocoproject.org/releases/poco-${POCO_VERSION}/poco-${POCO_VERSION}-all.tar.gz | tar xvfz - --strip 1 -C /usr/src/poco && \
curl -sSL ${POCO_URL}${POCO_VERSION} | tar xvfz - --strip 1 -C /usr/src/poco && \
cd /usr/src/poco && \
./configure \
--no-samples \
--no-tests \
--prefix=/opt/poco \
&& \
--static \
--no-tests \
--no-samples \
--no-sharedlibs \
--cflags="-fPIC" \
--omit=Zip,Data,Data/SQLite,Data/ODBC,Data/MySQL,MongoDB,PDF,CppParser,PageCompiler,Redis,Encodings \
--prefix=/opt/poco \
&& \
make -j$(nproc) && \
make install && \
\
### Build Fetch LibreOffice - This will take a while..
git clone -b ${LIBREOFFICE_BRANCH} https://github.com/LibreOffice/core.git /usr/src/libreoffice-core && \
### Build Fetch LibreOffice - This will take a while..
git clone -b ${LIBREOFFICE_BRANCH} ${LIBREOFFICE_REPO_URL} /usr/src/libreoffice-core && \
cd /usr/src/libreoffice-core && \
echo "lo_sources_ver="`env | grep LIBREOFFICE_VERSION | cut -d'-' -f2` > sources.ver && \
git reset --hard ${LIBREOFFICE_COMMIT} && \
git submodule init && \
git submodule update translations && \
git submodule update dictionaries && \
cd /usr/src/libreoffice-core && \
echo "--disable-dbus \n\
--disable-dconf \n\
--disable-epm \n\
--disable-evolution2 \n\
--disable-ext-nlpsolver \n\
--disable-ext-wiki-publisher \n\
--disable-firebird-sdbc \n\
--disable-gio \n\
--disable-gstreamer-0-10 \n\
--disable-gstreamer-1-0 \n\
--disable-gtk \n\
--disable-gtk3 \n\
--disable-kde4 \n\
--disable-odk \n\
--disable-online-update \n\
--disable-pdfimport \n\
--disable-postgresql-sdbc \n\
--disable-report-builder \n\
--disable-scripting-beanshell \n\
--disable-scripting-javascript \n\
--disable-sdremote \n\
--disable-sdremote-bluetooth \n\
--enable-extension-integration \n\
--enable-mergelibs \n\
--enable-python=internal \n\
--enable-release-build \n\
--with-external-dict-dir=/usr/share/hunspell \n\
--with-external-hyph-dir=/usr/share/hyphen \n\
--with-external-thes-dir=/usr/share/mythes \n\
--with-fonts \n\
--with-galleries=no \n\
--with-lang=en-GB en-US\n\
--with-linker-hash-style=both \n\
--with-system-dicts \n\
--with-system-zlib \n\
--with-theme=galaxy \n\
#--with-system-xmlsec \n\
--without-branding \n\
--without-help \n\
--without-java \n\
--without-junit \n\
--without-myspell-dicts \n\
--without-package-format \n\
--without-system-jars \n\
--without-system-jpeg \n\
--without-system-libpng \n\
--without-system-libxml \n\
--without-system-openssl \n\
--without-system-poppler \n\
--without-system-postgresql \n\
--prefix=/opt/libreoffice \n\
" > /usr/src/libreoffice-core/distro-configs/LibreOfficeOnline.conf && \
./autogen.sh --with-distro="LibreOfficeOnline" && \
cd /usr/src/libreoffice-core && \
sed -i "s/export XMLSEC_TARBALL := xmlsec1-1.2.26.tar.gz/export XMLSEC_TARBALL := xmlsec1-1.2.25.tar.gz/g" download.lst && \
git checkout ${LIBREOFFICE_VERSION} && \
if [ -d "/build-assets/core/src" ] ; then cp -R /build-assets/core/src/* /usr/src/libreoffice-core ; fi; \
if [ -d "/build-assets/core/scripts" ] ; then for script in /build-assets/core/scripts/*.sh; do echo "** Applying $script"; bash $script; done && \ ; fi ; \
\
echo "--prefix=/opt/libreoffice" >> /usr/src/libreoffice-core/distro-configs/CPLinux-LOKit.conf && \
./autogen.sh \
--with-distro="CPLinux-LOKit" \
--disable-epm \
--without-package-format && \
chown -R lool /usr/src/libreoffice-core && \
sudo -u lool make && \
cd /usr/src/libreoffice-core && \
sudo -u lool make fetch && \
sudo -u lool make -j$(nproc) build-nocheck && \
mkdir -p /opt/libreoffice && \
chown -R lool /opt/libreoffice && \
sudo -u lool make install && \
cp -R /usr/src/libreoffice-core/instdir/* /opt/libreoffice/ && \
\
### Build LibreOffice Online (Not as long as above)
git clone -b ${LOOL_BRANCH} https://github.com/LibreOffice/online.git /usr/src/libreoffice-online && \
### Build LibreOffice Online (Not as long as above)
git clone -b ${LOOL_BRANCH} ${LOOL_REPO_URL} /usr/src/libreoffice-online && \
cd /usr/src/libreoffice-online && \
git reset --hard ${LOOL_COMMIT} && \
npm install -g \
bootstrap \
browserify-css \
d3 \
d3 \
eslint \
evol-colorpicker \
exorcist \
jake \
npm \
uglify-js \
&& \
\
git checkout ${LOOL_VERSION} && \
if [ -d "/build-assets/online/src" ] ; then cp -R /build-assets/online/src/* /usr/src/libreoffice-online ; fi; \
if [ -d "/build-assets/online/scripts" ] ; then for script in /build-assets/online/scripts/*.sh; do echo "** Applying $script"; bash $script; done && \ ; fi ; \
./autogen.sh && \
./configure --enable-silent-rules \
--with-lokit-path=/usr/src/libreoffice-online/bundled/include \
--with-lokit-path="/usr/src/libreoffice-core/include" \
--with-lo-path=/opt/libreoffice \
--with-max-connections=${MAX_CONNECTIONS} \
--with-max-documents=${MAX_DOCUMENTS} \
--with-poco-includes=/opt/poco/include \
--with-poco-libs=/opt/poco/lib \
--with-logfile=/var/log/lool/lool.log \
--prefix=/opt/lool \
--sysconfdir=/etc \
--localstatedir=/var && \
( cd loleaflet/po && ../../scripts/downloadpootle.sh ) && \
( cd loleaflet && make l10n) || exit 1 && \
--localstatedir=/var \
--with-poco-includes=/opt/poco/include \
--with-poco-libs=/opt/poco/lib \
&& \
\
( scripts/locorestrings.py /usr/src/libreoffice-online /usr/src/libreoffice-core/translations ) && \
make -j`nproc` && \
( scripts/unocommands.py --update /usr/src/libreoffice-online /usr/src/libreoffice-core ) && \
( scripts/unocommands.py --translate /usr/src/libreoffice-online /usr/src/libreoffice-core/translations ) && \
make -j$(nproc) && \
mkdir -p /opt/lool && \
chown -R lool /opt/lool && \
cp -R loolwsd.xml /opt/lool/ && \
cp -R loolkitconfig.xcu /opt/lool && \
make install && \
\
### Cleanup
cd / && \
apt-get autoremove -y && \
apt-get clean && \
### Cleanup
rm -rf /usr/src/* && \
rm -rf /usr/share/doc && \
rm -rf /usr/share/man && \
@ -184,41 +167,49 @@ RUN set -x && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/log/*
FROM tiredofit/debian:stretch
FROM tiredofit/debian:buster
LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
### Set Defaults
ENV ADMIN_USER=admin \
ADMIN_PASS=libreoffice \
LOG_LEVEL=warning \
DICTIONARIES="en_GB en_US" \
ENABLE_SMTP=false \
PYTHONWARNINGS=ignore
ENABLE_SMTP=false
### Grab Compiled Assets from builder image
COPY --from=builder /opt/ /opt/
ADD build-assets /build-assets
### Install Dependencies
RUN set -x && \
adduser --quiet --system --group --home /opt/lool lool && \
\
### Add Repositories
echo "deb http://deb.debian.org/debian stretch contrib" >> /etc/apt/sources.list && \
curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
echo "deb http://deb.debian.org/debian buster contrib" >> /etc/apt/sources.list && \
curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
\
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
apt-get -o Dpkg::Options::="--force-confold" upgrade -y && \
apt-get install -y\
adduser \
apt-transport-https \
cpio \
findutils \
fontconfig \
fonts-droid-fallback \
fonts-hack \
fonts-liberation \
fonts-noto-cjk \
fonts-wqy-microhei \
fonts-wqy-zenhei \
fonts-ocr-a \
fonts-ocr-b \
fonts-open-sans \
hunspell \
hunspell-en-us \
hunspell-en-ca \
hunspell-en-gb \
libcap2-bin \
hunspell-en-us \
inotify-tools \
libcap2-bin \
libcups2 \
libfontconfig1 \
libfreetype6 \
@ -226,16 +217,19 @@ RUN set -x && \
libpam0g \
libpng16-16 \
libsm6 \
libubsan0 \
libubsan1 \
libxcb-render0 \
libxcb-shm0 \
libxinerama1 \
libxrender1 \
locales \
locales-all \
openssl \
openssl \
openssh-client \
procps \
python3-requests \
python3-websocket \
sudo \
ttf-mscorefonts-installer \
&& \
\
@ -244,19 +238,26 @@ RUN set -x && \
mv /opt/lool/loolwsd.xml /etc/loolwsd/ && \
mv /opt/lool/loolkitconfig.xcu /etc/loolwsd/ && \
chown -R lool /etc/loolwsd && \
mkdir -p /opt/lool/jails && \
mkdir -p /opt/lool/child-roots && \
chown -R lool /opt/* && \
mkdir -p /var/cache/loolwsd && \
chown -R lool /var/cache/loolwsd && \
setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /opt/lool/bin/loolforkit && \
# setcap cap_sys_admin=ep /opt/lool/bin/loolmount && \
setcap cap_fowner,cap_chown,cap_mknod,cap_sys_chroot=ep /opt/lool/bin/loolforkit && \
setcap cap_sys_admin=ep /opt/lool/bin/loolmount && \
mkdir -p /usr/share/hunspell && \
mkdir -p /usr/share/hyphen && \
mkdir -p /usr/share/mythes && \
mkdir -p /var/cache/loolwsd && \
chown -R lool /var/cache/loolwsd && \
mkdir -p /var/log/lool && \
touch /var/log/lool/loolwsd.log && \
chown -R lool /var/log/lool && \
\
### Setup LibreOffice Online Jails
sudo -u lool /opt/lool/bin/loolwsd-systemplate-setup /opt/lool/systemplate /opt/libreoffice && \
\
if [ -d "/build-assets/container/src" ] ; then cp -R /build-assets/container/src/* /usr/src/libreoffice-container ; fi; \
if [ -d "/build-assets/container/scripts" ] ; then for script in /build-assets/container/scripts/*.sh; do echo "** Applying $script"; bash $script; done && \ ; fi ; \
apt-get autoremove -y && \
apt-get clean && \
\
@ -265,10 +266,8 @@ RUN set -x && \
rm -rf /usr/share/man && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/log/* && \
rm -rf /tmp/* && \
mkdir -p /var/log/lool && \
touch /var/log/lool/loolwsd.log && \
chown -R lool /var/log/lool
rm -rf /build-assets && \
rm -rf /tmp/*
### Networking Configuration
EXPOSE 9980

View File

@ -1,6 +1,6 @@
The MIT License (MIT)
Copyright (c) 2020 Dave Conroy
Copyright (c) 2021 Dave Conroy
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

149
README.md
View File

@ -43,10 +43,10 @@ This image assumes that you are using a reverse proxy such as [jwilder/nginx-pro
# Installation
Builds of the image are available on [Docker Hub](https://hub.docker.com/tiredofit/libreoffice-online) and is the
Builds of the image are available on [Docker Hub](https://hub.docker.com/tiredofit/libreoffice-online) and is the
recommended method of installation.
If you decide to compile this, it will take quite a few hours.
If you decide to compile this, it will take quite a few hours even on the fastest computer due to the amount of data required to download to compile. At some stages this image will grow to 30GB large before sheeding most of it for it's final size.
```bash
@ -56,7 +56,8 @@ docker pull tiredofit/libreoffice-online
The following image tags are available:
* `latest` - See most recent versioned tag
* `1.5` - Collabora Libreoffice 6.0.30 with Collabora Office Online 4.0.4-1
* `2.0` - Collabora Libreoffice 6.4-23 with Collabora Office Online 6.4.6-2
* `1.6` - Collabora Libreoffice 6.0.30 with Collabora Office Online 4.0.4-1
* `1.1` - Collabora Libreoffice 5.3.61 with Collabora Office Online 3.4.2.1
# Quick Start
@ -73,62 +74,122 @@ The following image tags are available:
The following directories should be mapped for persistent storage in order to utilize the container effectively.
| Folder | Description |
|-----------|-------------|
| `/var/log/loolwsd` | Log files
| `/assets/custom` | If you want to update the theme of LibreOffice online, dropping files in here will overwrite /opt/lool/share on startup |
| `/etc/loolwsd/certs` | (Optional) If you would like to use your own certificates, map this volume and set appropriate variables |
| Folder | Description |
| -------------------- | ----------------------------------------------------------------------------------------------------------------------- |
| `/var/log/loolwsd` | Log files |
| `/assets/custom` | If you want to update the theme of LibreOffice online, dropping files in here will overwrite /opt/lool/share on startup |
| `/etc/loolwsd/certs` | (Optional) If you would like to use your own certificates, map this volume and set appropriate variables |
### Environment Variables
Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/debian), below is the complete list of available options that can be used to customize your installation.
| Parameter | Description |
|-----------|-------------|
| `ADMIN_PASS` | Password for accessing Administration Console - Default `libreoffice` |
| `ADMIN_USER` | User for accessing Administration Console - Default `admin` |
| `ALLOWED_HOSTS` | Set which domains which can access service - Example: `^(.*)\.example\.org` |
| `AUTO_SAVE` | The number of seconds after which document, if modified, should be saved - Default `300` |
| `DICTIONARIES` | Spell Check Languages - Available `en_GB en_US` - Default `en_GB en_US` |
| `ENABLE_ADMIN_CONSOLE` | Enable Administration Console - Default `TRUE` |
| `ENABLE_TLS_CERT_GENERATE` | Enable Self Signed Certificate Generation | Default: `TRUE` |
| `ENABLE_TLS_REVERSE_PROXY` | If using a Reverse SSL terminating proxy in front of this container Default: `FALSE` |
| `ENABLE_TLS` | Enable TLS - Default: `TRUE`
| `EXTRA_OPTIONS` | If you want to pass additional arguments upon startup, add it here |
| `FILE_SIZE_LIMIT` | The maximum file size allowed to each document process to write - Default `0` (unlimited) |
| `IDLE_SAVE` | The number of idle seconds after which document, if modified, should be saved - Default `30` |
| `IDLE_UNLOAD_TIMEOUT` | The maximum number of seconds before unloading an idle documen - Default `3600` |
| `LOG_ANONYMIZE_FILES` | Anonymize File information in Logs `TRUE` or `FALSE` - Default - `FALSE`
| `LOG_ANONYMIZE_USERS` | Anonymize User information in Logs `TRUE` or `FALSE` - Default - `FALSE`
| `LOG_LEVEL` | Log Level - Available `none, fatal, critical, error, warning, notice, information, debug, trace` - Default `warning` |
| `LOG_TYPE` | Write Logs to `CONSOLE` or to `FILE` - Default `CONSOLE` |
| `MAX_FILE_LOAD_LIMIT` | Maximum number of seconds to wait for a document load to succeed - Default `100` |
| `MAX_OPEN_FILES` | The maximum number of files allowed to each document process to open - Default `0` (unlimited) |
| `MAX_THREADS_DOCUMENT` | How many threads to use when opening a document - Default `4` |
| `MEMORY_DATA_LIMIT` | The maximum memory data segment allowed to each document process - Default `0` (unlimited) |
| `MEMORY_STACK_LIMIT` | The maximum stack size allowed to each document process - Default `0` (unlimited) |
| `MEMORY_USAGE_MAX` | Maximum percentage of system memory to be used - Default `80.0` |
| `PRESPAWN_CHILD_PROCESSES` | Amount of Child processes to start upon container init - Default `1` |
| `SETUP_TYPE` | Automatically generate configuration with defaults. Set to `FALSE` and map the configuration file to use your own - Default `TRUE` |
| `TLS_CA_FILENAME` | TLS CA Cert filename with extension - Default: `ca-chain-cert.pem` |
| `TLS_CERT_FILENAME` | TLS Certificate filename with extension - Default: `cert.pem` |
| `TLS_CERT_PATH` | TLS certificates path - Default: `/etc/loolwsd/certs` |
| `TLS_KEY_FILENAME` | TLS Private Key filename with extension - Default: `key.pem` |
| `USER_IDLE_TIMEOUT` | The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus) - Default `900` |
| `USER_OUT_OF_FOCUS_TIMEOUT` | The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus - Default `60` |
### General Usage
| Parameter | Description | Default |
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------- |
| `SETUP_TYPE` | Automatically generate configuration with defaults. Set to `MANUAL` and map the configuration file to use your own | `AUTO` |
| `ALLOWED_HOSTS` | Set which domains which can access service Seperate Multiple with `,` - Example: `^(.*)\.example\.org` |
| `DICTIONARIES` | Spell Check Languages - Available `en_GB en_US` | `en_GB en_US` |
| `EXTRA_OPTIONS` | If you want to pass additional arguments upon startup, add it here |
| `INTERFACE` | Web interface type `classic` or `notebookbar` | `classic` |
| `WATERMARK_OPACITY | Watermark Opacity | `0.2` |
| `WATERMARK_TEXT` | Text to display for watermark | `` |
#### Administration
| Parameter | Description | Default |
| ---------------------- | --------------------------------------------- | ------------- |
| `ENABLE_ADMIN_CONSOLE` | Enable Administration Console | `TRUE` |
| `ADMIN_USER` | User for accessing Administration Console | `admin` |
| `ADMIN_PASS` | Password for accessing Administration Console | `libreoffice` |
#### Logging
| Parameter | Description | Default |
| -------------------- | ------------------------------------------------------------------------------------------------ | --------------- |
| `LOG_TYPE` | Write Logs to `CONSOLE` or to `FILE` | `CONSOLE` |
| `LOG_LEVEL` | Log Level - Available `none, fatal, critical, error, warning, notice, information, debug, trace` | `warning` |
| `LOG_PATH` | Log Path | `/var/log/lool` |
| `LOG_FILE` | Log File | `lool.log` |
| `LOG_ANONYMIZE` | Anonymize File+User information in Logs `TRUE` or `FALSE` | `FALSE` |
| `LOG_ANONYMIZE_SALT` | Salt for anonymizing log data | 8 char random |
| `LOG_CLIENT_CONSOLE` | Log in users browser console | `false` |
| `LOG_COLOURIZE` | Colourize the log entries in console | `true` |
| `LOG_LIBREOFFICE` | Log filter what Libreoffice entries | `-INFO-WARN` |
| `LOG_FILE_FLUSH` | Flush Entries on each line to log file | `false` |
#### TLS Settings
| Parameter | Description | Default |
| -------------------------- | ------------------------------------------------------------------- | -------------------- |
| `ENABLE_TLS` | Enable TLS | `FALSE` |
| `ENABLE_TLS_CERT_GENERATE` | Enable Self Signed Certificate Generation | `TRUE` |
| `ENABLE_TLS_REVERSE_PROXY` | If using a Reverse SSL terminating proxy in front of this container | `TRUE` |
| `TLS_CA_FILENAME` | TLS CA Cert filename with extension | `ca-chain-cert.pem` |
| `TLS_CERT_FILENAME` | TLS Certificate filename with extension | `cert.pem` |
| `TLS_CERT_PATH` | TLS certificates path | `/etc/loolwsd/certs` |
| `TLS_KEY_FILENAME` | TLS Private Key filename with extension | `key.pem` |
#### Performance and Limits
| Parameter | Description | Default |
| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
| `AUTO_SAVE` | The number of seconds after which document, if modified, should be saved | `300` |
| `BATCH_PRIORITY` | A (lower) priority for use by batch convert to processes to avoid starving interactive ones | `5` |
| `CONNECTION_TIMEOUT` | Connection, Send, Receeive timeout in seconds for connections initiated by loolwsd | `30` |
| `FILE_SIZE_LIMIT` | The maximum file size allowed to each document process to write | `0` (unlimited) |
| `IDLE_SAVE` | The number of idle seconds after which document, if modified, should be saved | `30` |
| `IDLE_UNLOAD_TIMEOUT` | The maximum number of seconds before unloading an idle documen | `3600` |
| `MAX_CONVERT_LIMIT` | Maximum time in seconds to wait for a convert process to complete | `30` |
| `MAX_FILE_LOAD_LIMIT` | Maximum number of seconds to wait for a document load to succeed | `100` |
| `MAX_OPEN_FILES` | The maximum number of files allowed to each document process to open | `0` (unlimited) |
| `MAX_THREADS_DOCUMENT` | How many threads to use when opening a document | `4` |
| `MEMORY_DATA_LIMIT` | The maximum memory data segment allowed to each document process | `0` (unlimited) |
| `MEMORY_STACK_LIMIT` | The maximum stack size allowed to each document process | `0` (unlimited) |
| `MEMORY_USAGE_MAX` | Maximum percentage of system memory to be used | `80.0` |
| `MEMORY_VIRT_LIMIT` | Maximum virtual memory allowed to each document process | `0` |
| `PRESPAWN_CHILD_PROCESSES` | Amount of Child processes to start upon container init | `1` |
| `USER_IDLE_TIMEOUT` | The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus) | `900` |
| `USER_OUT_OF_FOCUS_TIMEOUT` | The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus | `60` |
#### Cleanup
| Parameter | Description | Default |
| ---------------------------- | ------------------------------------------------------------------------------- | ------- |
| `ENABLE_CLEANUP` | Enable Cleanup of documents and processes | `false` |
| `CLEANUP_INTERVAL` | Interval between cleanup checks | `10000` |
| `CLEANUP_BAD_BEHAVIOUR_TIME` | Minimum time period for a document to be in bad state before killing in seconds | `60` |
| `CLEANUP_IDLE_TIME` | Minimum idle time for a document to be candidate for bad state in seconds | `300` |
| `CLEANUP_LIMIT_DIRTY_MEMORY` | Minimum memory usage in MB for a document to be candidate for bad state | `3072` |
| `CLEANUP_LIMIT_CPU_PER` | Minimum CPU usage in percent for a document to be candidate for bad state | `85` |
#### Other Settings
| Parameter | Description | Default |
| ----------------------- | ------------------------------------------------------- | --------------- |
| `ALLOW_172_XX_SUBNET` | Allow 172.16.0.0/12 Subnet | `TRUE` |
| `ENABLE_CAPABILITIES` | Enable Capabilities | `TRUE` |
| `ENABLE_CONFIG_RELOAD` | Enable Reload of loolwsd if config changed in container | `TRUE` |
| `ENABLE_SECCOMP` | Enable Seccomp | `TRUE` |
| `LOLEAFLET_HTML` | Name of loleaflet.html to use | `loleafet.html` |
| `REDLINING_AS_COMMENTS` | Show red-lines as comments | `false` |
| `DOCUMENT_SIGNING_URL` | Endpoint URL of signing server | `` |
| `NETWORK_PROTOCOL` | Network Protocol `ipv4` `ipv6` `all` | `ipv4` |
| `ENABLE_WEBDAV` | Enable WebDav Storage | `FALSE` |
| `FILE_SERVER_ROOT_PATH` | Path to directory considered as root | `loleaflet/../` |
| `FRAME_ANCESTORS` | Hosts where interface van be hosted in Iframe | `` |
| `ENABLE_MOUNT_JAIL` | Enable mounting jails | `true` |
| `CHILD_ROOT_PATH` | Child root path | `child-roots` |
| `SYS_TEMPLATE_PATH` | System Template Path | `systemplate` |
### Networking
The following ports are exposed.
| Port | Description |
|-----------|-------------|
| Port | Description |
| ------ | ------------------------ |
| `9980` | Libreoffice Web Services |
# Maintenance
#### Shell Access
For debugging and maintenance purposes you may want access the containers shell.
For debugging and maintenance purposes you may want access the containers shell.
```bash
docker exec -it (whatever your container name is e.g. libreoffice-online) bash

View File

0
build-assets/core/.empty Normal file
View File

View File

View File

@ -2,7 +2,7 @@ version: '3.7'
services:
libreoffice-app:
image: tiredofit/libreoffice-online
image: tiredofit/libreoffice-online:latest
container_name: libreoffice-app
expose:
- 9980

View File

@ -0,0 +1,61 @@
#!/usr/bin/with-contenv bash
### Set Defaults
ALWAYS_SAVE_ON_EXIT=${ALWAYS_SAVE_ON_EXIT:-"false"}
ALLOW_172_XX_SUBNET=${ALLOW_172_XX_SUBNET:-"TRUE"}
AUTO_SAVE=${AUTO_SAVE:-300}
BATCH_PRIORITY=${BATCH_PRIORITY:-"5"}
CHILD_ROOT_PATH=${CHILD_ROOT_PATH:-"child-roots"}
CLEANUP_BAD_BEHAVIOUR_TIME=${CLEANUP_BAD_BEHAVIOUR_TIME:-60}
CLEANUP_IDLE_TIME=${CLEANUP_IDLE_TIME:-300}
CLEANUP_INTERVAL=${CLEANUP_INTERVAL:-"10000"}
CLEANUP_LIMIT_CPU_PER=${CLEANUP_LIMIT_CPU_PER:-85}
CLEANUP_LIMIT_DIRTY_MEMORY=${CLEANUP_LIMIT_DIRTY_MEMORY:-3072}
CONNECTION_TIMEOUT=${CONNECTION_TIMEOUT:-30}
ENABLE_ADMIN_CONSOLE=${ENABLE_ADMIN_CONSOLE:-"TRUE"}
ENABLE_CAPABILITIES=${ENABLE_CAPABILITIES:-"true"}
ENABLE_CLEANUP=${ENABLE_CLEANUP:-"false"}
ENABLE_CONFIG_RELOAD=${ENABLE_CONFIG_RELOAD:-"TRUE"}
ENABLE_MOUNT_JAIL=${ENABLE_MOUNT_JAIL:-"true"}
ENABLE_SECCOMP=${ENABLE_SECCOMP:-"true"}
ENABLE_TLS=${ENABLE_TLS:-"FALSE"}
ENABLE_TLS_CERT_GENERATE=${ENABLE_TLS_CERT_GENERATE:-"TRUE"}
ENABLE_TLS_REVERSE_PROXY=${ENABLE_TLS_REVERSE_PROXY:-"TRUE"}
ENABLE_WEBDAV=${ENABLE_WEBDAV:-"FALSE"}
FILE_SERVER_ROOT_PATH=${FILE_SERVER_ROOT_PATH:-"loleaflet/../"}
FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-0}
IDLE_SAVE=${IDLE_SAVE:-30}
IDLE_UNLOAD_TIMEOUT=${IDLE_UNLOAD_TIMEOUT:-3600}
INTERFACE=${INTERFACE:-"classic"}
LOG_ANONYMIZE=${LOG_ANONYMIZE:-"FALSE"}
LOG_ANONYMIZE_SALT=${LOG_ANONYMIZE_SALT:-"$(date +%s%N | cut -b12-19)"}
LOG_CLIENT_CONSOLE=${LOG_CLIENT_CONSOLE:-"false"}
LOG_COLOURIZE=${LOG_COLOURIZE:-"true"}
LOG_FILE=${LOG_FILE:-"lool.log"}
LOG_FILE_FLUSH=${LOG_FILE_FLUSH:-"false"}
LOG_LEVEL=${LOG_LEVEL:-"warning"}
LOG_LIBREOFFICE=${LOG_LIBREOFFICE:-"-INFO-WARN"}
LOG_PATH=${LOG_PATH:-"/var/log/lool/"}
LOG_TYPE=${LOG_TYPE:-"CONSOLE"}
LOLEAFLET_HTML=${LOLEAFLET_HTML:-"loleaflet.html"}
MAX_CONVERT_LIMIT=${MAX_CONVERT_LIMIT:-100}
MAX_FILE_LOAD_LIMIT=${MAX_FILE_LOAD_LIMIT:-100}
MAX_OPEN_FILES=${MAX_OPEN_FILES:-0}
MAX_THREADS_DOCUMENT=${MAX_THREADS_DOCUMENT:-4}
MEMORY_DATA_LIMIT=${MEMORY_DATA_LIMIT:-0}
MEMORY_STACK_LIMIT=${MEMORY_STACK_LIMIT:-8000}
MEMORY_USAGE_MAX=${MEMORY_USAGE_MAX:-"80.0"}
MEMORY_VIRT_LIMIT=${MEMORY_VIRT_LIMIT:-0}
NETWORK_PROTOCOL=${NETWORK_PROTOCOL:-"ipv4"}
PATH_PREFIX=${PATH_PREFIX:-"/opt/lool/"}
PRESPAWN_CHILD_PROCESSES=${PRESPAWN_CHILD_PROCESSES:-1}
REDLINING_AS_COMMENTS=${REDLINING_AS_COMMENTS:-"false"}
SETUP_TYPE=${SETUP_TYPE:-"AUTO"}
SYS_TEMPLATE_PATH=${SYS_TEMPLATE_PATH:-"systemplate"}
TLS_CA_FILENAME=${TLS_CA_FILENAME:-"ca-chain.cert.pem"}
TLS_CERT_FILENAME=${TLS_CERT_FILENAME:-"cert.pem"}
TLS_CERT_PATH=${TLS_CERT_PATH:-"/etc/loolwsd/certs"}
TLS_KEY_FILENAME=${TLS_KEY_FILENAME:-"key.pem"}
USER_IDLE_TIMEOUT=${USER_IDLE_TIMEOUT:-900}
USER_OUT_OF_FOCUS_TIMEOUT=${USER_OUT_OF_FOCUS_TIMEOUT:-60}
WATERMARK_OPACITY=${WATERMARK_OPACITY:-"0.2"}

View File

@ -1,29 +1,6 @@
#!/usr/bin/with-contenv bash
### Set Defaults
AUTO_SAVE=${AUTO_SAVE:-300}
ENABLE_ADMIN_CONSOLE=${ENABLE_ADMIN_CONSOLE:-"TRUE"}
ENABLE_TLS=${ENABLE_SSL:-"TRUE"}
ENABLE_TLS_CERT_GENERATE=${ENABLE_SSL_CERT_GENERATE:-"TRUE"}
ENABLE_TLS_REVERSE_PROXY=${ENABLE_SSL_REVERSE_PROXY:-"FALSE"}
FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-0}
IDLE_SAVE=${IDLE_SAVE:-30}
IDLE_UNLOAD_TIMEOUT=${IDLE_UNLOAD_TIMEOUT:-3600}
LOG_ANONYMIZE_FILES=${LOG_ANONYMIZE_FILES:-"FALSE"}
LOG_ANONYMIZE_USERS=${LOG_ANONYMIZE_USERS:-"FALSE"}
LOG_LEVEL=${LOG_LEVEL:-"information"}
LOG_TYPE=${LOG_TYPE:-"CONSOLE"}
MAX_FILE_LOAD_LIMIT=${MAX_FILE_LOAD_LIMIT:-100}
MAX_OPEN_FILES=${MAX_OPEN_FILES:-0}
MAX_THREADS_DOCUMENT=${MAX_THREADS_DOCUMENT:-4}
MEMORY_DATA_LIMIT=${MEMORY_DATA_LIMIT:-0}
MEMORY_STACK_LIMIT=${MEMORY_STACK_LIMIT:-8000}
MEMORY_USAGE_MAX=${MEMORY_USAGE_MAX:-"80.0"}
PRESPAWN_CHILD_PROCESSES=${PRESPAWN_CHILD_PROCESSES:-1}
SETUP_TYPE=${SETUP_TYPE:-"AUTO"}
TLS_CA_FILENAME=${TLS_CA_FILENAME:-"ca-chain.cert.pem"}
TLS_CERT_FILENAME=${TLS_CERT_FILENAME:-"cert.pem"}
TLS_CERT_PATH=${TLS_CERT_PATH:-"/etc/loolwsd/certs"}
TLS_KEY_FILENAME=${TLS_KEY_FILENAME:-"key.pem"}
USER_IDLE_TIMEOUT=${USER_IDLE_TIMEOUT:-900}
USER_OUT_OF_FOCUS_TIMEOUT=${USER_OUT_OF_FOCUS_TIMEOUT:-60}
set_config() {
print_debug "Setting: '${1}' with value: '${2}'"
/opt/lool/bin/loolconfig set ${1} ""${2}""
}

View File

@ -1,14 +1,21 @@
#!/usr/bin/with-contenv bash
for s in /assets/functions/*; do source $s; done
source /assets/functions/00-container
prepare_service single
PROCESS_NAME="libreoffice-online"
mkdir -p /var/log/lool
touch /var/log/lool/loolwsd.log
chown -R lool /var/log/lool
sanity_var "ALLOWED_HOSTS" "Allowed Hostnames"
print_debug "Creating directories and setting up logging"
mkdir -p "${LOG_PATH}"
touch "${LOG_PATH}"/"${LOG_FILE}"
chown -R lool "${LOG_PATH}"
print_debug "Setting up DNS Resolution"
rm /opt/lool/systemplate/etc/resolv.conf
ln -s /etc/resolv.conf /opt/lool/systemplate/etc/resolv.conf
cp /etc/hosts /opt/lool/systemplate/etc/
cp /etc/resolv.conf /opt/lool/systemplate/etc/
### Custom File Support
if [ -d /assets/custom ] ; then
@ -17,91 +24,159 @@ if [ -d /assets/custom ] ; then
chown -R lool. /opt/lool/share/
fi
if [ "$ENABLE_SSL" = "TRUE" ]; then
if [ "$ENABLE_SSL_CERT_GENERATE" = "TRUE" ]; then
mkdir -p $TLS_CERT_PATH
# Generate new SSL certificate instead of using the default
print_notice "Auto Generating Self Signed Certificates"
mkdir -p /tmp/ssl/
cd /tmp/ssl/
mkdir -p certs/ca
openssl genrsa -out certs/ca/root.key.pem 2048
openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=XX/ST=XX/L=XX/O=Dummy
Authority/CN=Dummy Authority"
mkdir -p certs/{servers,tmp}
mkdir -p "certs/servers/localhost"
openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048
if test "${cert_domain-set}" == set; then
openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=localhost"
### Execute Custom Scripts if exist to modify parts of the system
if [ -d /assets/custom-scripts/ ] ; then
print_warn "Found Custom Scripts to Execute"
for f in $(find /assets/custom-scripts/ -name \*.sh -type f); do
print_warn "Running Script ${f}"
chmod +x "${f}"
${f}
done
fi
if var_true "${ENABLE_TLS}" ; then
print_debug "TLS Enabled"
if [ ! -d "${TLS_CERT_PATH}" ] || [ ! -f "${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_FILENAME}" ] ; then
print_debug "No TLS Certificates found"
if var_true "${ENABLE_TLS_CERT_GENERATE}" ; then
print_debug "TLS Certificate Autogeneration"
mkdir -p "$TLS_CERT_PATH"
# Generate new SSL certificate instead of using the default
print_notice "Auto Generating Self Signed Certificates"
mkdir -p /tmp/ssl/
cd /tmp/ssl/
mkdir -p certs/ca
silent openssl genrsa -out certs/ca/root.key.pem 2048
silent openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=XX/ST=XX/L=XX/O=Dummy
Authority/CN=Dummy Authority"
mkdir -p certs/{servers,tmp}
mkdir -p "certs/servers/localhost"
silent openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048
if test "${cert_domain-set}" == set; then
silent openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=localhost"
else
silent openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=${cert_domain}"
fi
silent openssl x509 -req -in "certs/tmp/localhost.csr.pem" -CA "certs/ca/root.crt.pem" -CAkey "certs/ca/root.key.pem" -CAcreateserial -out "certs/servers/localhost/cert.pem" -days 9131
cp -R certs/servers/localhost/privkey.pem "${TLS_CERT_PATH}"/"${TLS_KEY_FILENAME}"
cp -R certs/servers/localhost/cert.pem "${TLS_CERT_PATH}"/"${TLS_CERT_FILENAME}"
cp -R certs/ca/root.crt.pem "${TLS_CERT_PATH}"/"${TLS_CA_FILENAME}"
rm -rf /tmp/ssl
chown -R lool "${TLS_CERT_PATH}"
else
openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=${cert_domain}"
if [ ! -f "${TLS_CERT_PATH}/${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CERT_FILENAME}" ] ; then
print_error "TLS Certificates missing... Please switch to autogenerate mode, or place your certifcates in the correct location."
fi
fi
openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131
mv certs/servers/localhost/privkey.pem ${TLS_CERT_PATH}/${TLS_KEY_FILENAME}
mv certs/servers/localhost/cert.pem ${TLS_CERT_PATH}/${TLS_KEY_FILENAME}
mv certs/ca/root.crt.pem ${TLS_CERT_PATH}/${TLS_CA_FILENAME}
rm -rf /tmp/ssl
chown -R lool ${TLS_CERT_PATH}
else
if [ ! -f "${TLS_CERT_PATH}/${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CERT_FILENAME}" ] ; then
echo ** [libreoffice-online] *** ERROR *** TLS Certificates missing. Please switch to autogenerate mode, or place your certifcates in the correct location.
fi
fi
fi
if [ "$SETUP_TYPE" = "AUTO" ]; then
print_notice "Autogenerating Configuration File"
### Replace Configuration directives
perl -pi -e "s/<allowed_languages (.*)>.*<\/allowed_languages>/<allowed_languages \1>${DICTIONARIES}<\/allowed_languages>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<autosave_duration_secs (.*)>.*<\/autosave_duration_secs>/<autosave_duration_secs \1>${AUTO_SAVE}<\/autosave_duration_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<ca_file_path (.*)>.*<\/ca_file_path>/<ca_file_path \1>${TLS_CERT_PATH}/${TLS_CA_FILENAME}<\/key_file_path>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<cert_file_path (.*)>.*<\/cert_file_path>/<cert_file_path \1>${TLS_CERT_PATH}/${TLS_CERT_FILENAME}<\/cert_file_path>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<idle_timeout_secs (.*)>.*<\/idle_timeout_secs>/<idle_timeout_secs \1>${IDLE_UNLOAD_TIMEOUT}<\/idle_timeout_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<idle_timeout_secs (.*)>.*<\/idle_timeout_secs>/<idle_timeout_secs \1>${USER_IDLE_TIMEOUT}<\/idle_timeout_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<idlesave_duration_secs (.*)>.*<\/idlesave_duration_secs>/<idlesave_duration_secs \1>${IDLE_SAVE}<\/idlesave_duration_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<key_file_path (.*)>.*<\/key_file_path>/<key_file_path \1>${TLS_CERT_PATH}/${TLS_KEY_FILENAME}<\/key_file_path>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<level (.*)>.*<\/level>/<level \1>${LOG_LEVEL}<\/level>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_data_mem_kb (.*)>.*<\/limit_data_mem_kb>/<limit_data_mem_kb \1>${MEMORY_DATA_LIMIT}<\/limit_data_mem_kb>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_file_size_mb (.*)>.*<\/limit_file_size_mb>/<limit_file_size_mb \1>${FILE_SIZE_LIMIT}<\/limit_file_size_mb>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_load_secs (.*)>.*<\/limit_load_secs>/<limit_load_secs \1>${MAX_FILE_LOAD_LIMIT}<\/limit_load_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_num_open_files (.*)>.*<\/limit_num_open_files>/<limit_num_open_files \1>${MAX_OPEN_FILES}<\/limit_num_open_files>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<limit_stack_mem_kb (.*)>.*<\/limit_stack_mem_kb>/<limit_stack_mem_kb \1>${MEMORY_STACK_LIMIT}<\/limit_stack_mem_kb>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<max_concurrency (.*)>.*<\/max_concurrency>/<max_concurrency \1>${MAX_THREADS_DOCUMENT}<\/max_concurrency>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<memproportion (.*)>.*<\/memproportion>/<memproportion \1>${MEMORY_USAGE_MAX}<\/memproportion>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<num_prespawn_children (.*)>.*<\/num_prespawn_children>/<num_prespawn_children \1>${PRESPAWN_CHILD_PROCESSES}<\/num_prespawn_children>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<out_of_focus_timeout_secs (.*)>.*<\/out_of_focus_timeout_secs>/<out_of_focus_timeout_secs \1>${USER_OUT_OF_FOCUS_TIMEOUT}<\/out_of_focus_timeout_secs>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<password (.*)>.*<\/password>/<password \1>${ADMIN_PASS}<\/password>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<server_name (.*)>.*<\/server_name>/<server_name \1>${HOSTNAME}<\/server_name>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/<username (.*)>.*<\/username>/<username \1>${ADMIN_USER}<\/username>/" /etc/loolwsd/loolwsd.xml
perl -pi -e "s/localhost<\/host>/${ALLOWED_HOSTS}<\/host>/g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<allowed_languages \(.*\)>.*</allowed_languages>|<allowed_languages \1>${DICTIONARIES}</allowed_languages>|g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<sys_template_path \(.*\)>.*</sys_template_path>|<sys_template_path \1>${SYS_TEMPLATE_PATH}</sys_template_path>|g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<child_root_path \(.*\)>.*</child_root_path>|<child_root_path \1>${CHILD_ROOT_PATH}</child_root_path>|g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<mount_jail_tree \(.*\)>.*</mount_jail_tree>|<mount_jail_tree \1>${ENABLE_MOUNT_JAIL}</mount_jail_tree>|g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<server_name \(.*\)>.*</server_name>|<server_name \1>${HOSTNAME}</server_name>|g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<file_server_root_path \(.*\)>.*</file_server_root_path>|<file_server_root_path \1>${FILE_SERVER_ROOT_PATH}</file_server_root_path>|g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<memproportion \(.*\)>.*</memproportion>|<memproportion \1>${MEMORY_USAGE_MAX}</memproportion>|g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<num_prespawn_children \(.*\)>.*</num_prespawn_children>|<num_prespawn_children \1>${PRESPAWN_CHILD_PROCESSES}</num_prespawn_children>|g" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<max_concurrency \(.*\)>.*<\/max_concurrency>|<max_concurrency \1>${MAX_THREADS_DOCUMENT}<\/max_concurrency>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<batch_priority \(.*\)>.*<\/batch_priority>|<batch_priority \1>${BATCH_PRIORITY}<\/batch_priority>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<document_signing_url \(.*\)>.*<\/document_signing_url>|<document_signing_url \1>${DOCUMENT_SIGNING_URL}<\/document_signing_url>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<redlining_as_comments \(.*\)>.*<\/redlining_as_comments>|<redlining_as_comments \1>${REDLINING_AS_COMMENTS}<\/redlining_as_comments>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<idle_timeout_secs \(.*\)>.*<\/idle_timeout_secs>|<idle_timeout_secs \1>${IDLE_UNLOAD_TIMEOUT}<\/idle_timeout_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<idlesave_duration_secs \(.*\)>.*<\/idlesave_duration_secs>|<idlesave_duration_secs \1>${IDLE_SAVE}<\/idlesave_duration_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<autosave_duration_secs \(.*\)>.*<\/autosave_duration_secs>|<autosave_duration_secs \1>${AUTO_SAVE}<\/autosave_duration_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<always_save_on_exit \(.*\)>.*<\/always_save_on_exit>|<always_save_on_exit \1>${ALWAYS_SAVE_ON_EXIT}<\/always_save_on_exit>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_virt_mem_mb \(.*\)>.*<\/limit_virt_mem_mb>|<limit_virt_mem_mb \1>${MEMORY_VIRT_LIMIT}<\/limit_virt_mem_mb>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_stack_mem_kb \(.*\)>.*<\/limit_stack_mem_kb>|<limit_stack_mem_kb \1>${MEMORY_STACK_LIMIT}<\/limit_stack_mem_kb>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_file_size_mb \(.*\)>.*<\/limit_file_size_mb>|<limit_file_size_mb \1>${FILE_SIZE_LIMIT}<\/limit_file_size_mb>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_num_open_files \(.*\)>.*<\/limit_num_open_files>|<limit_num_open_files \1>${MAX_OPEN_FILES}<\/limit_num_open_files>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_load_secs \(.*\)>.*<\/limit_load_secs>|<limit_load_secs \1>${MAX_FILE_LOAD_LIMIT}<\/limit_load_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_convert_secs \(.*\)>.*<\/limit_convert_secs>|<limit_convert_secs \1>${MAX_CONVERT_LIMIT}<\/limit_convert_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<cleanup desc=\(.*\)>.*>|<cleanup desc=\1>${ENABLE_CLEANUP}>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<cleanup_interval_ms \(.*\)>.*<\/cleanup_interval_ms>|<cleanup_interval_ms \1>${CLEANUP_INTERVAL}<\/cleanup_interval_ms>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<bad_behavior_period_secs \(.*\)>.*<\/bad_behavior_period_secs>|<bad_behavior_period_secs \1>${CLEANUP_BAD_BEHAVIOUR_TIME}<\/bad_behavior_period_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<idle_time_secs \(.*\)>.*<\/<idle_time_secs>|<<idle_time_secs \1>${CLEANUP_IDLE_TIME}<\/<idle_time_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_dirty_mem_mb \(.*\)>.*<\/limit_dirty_mem_mb>|<limit_dirty_mem_mb \1>${CLEANUP_LIMIT_DIRTY_MEMORY}<\/limit_dirty_mem_mb>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_cpu_per \(.*\)>.*<\/limit_cpu_per>|<limit_cpu_per \1>${CLEANUP_LIMIT_CPU_PER}<\/limit_cpu_per>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<out_of_focus_timeout_secs \(.*\)>.*<\/out_of_focus_timeout_secs>|<out_of_focus_timeout_secs \1>${USER_OUT_OF_FOCUS_TIMEOUT}<\/out_of_focus_timeout_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<idle_timeout_secs \(.*\)>.*<\/idle_timeout_secs>|<idle_timeout_secs \1>${USER_IDLE_TIMEOUT}<\/idle_timeout_secs>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<loleaflet_html \(.*\)>.*<\/loleaflet_html>|<loleaflet_html \1>${LOLEAFLET_HTML}<\/loleaflet_html>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<color \(.*\)>.*<\/color>|<color \1>${LOG_COLOURIZE}<\/color>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<level \(.*\)>.*<\/level>|<level \1>${LOG_LEVEL}<\/level>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<protocol \(.*\)>.*<\/protocol>|<protocol \1>${LOG_CLIENT_CONSOLE}<\/protocol>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<lokit_sal_log \(.*\)>.*<\/lokit_sal_log>|<lokit_sal_log \1>${LOG_LIBREOFFICE}<\/lokit_sal_log>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<loleaflet_logging \(.*\)>.*<\/loleaflet_logging>|<loleaflet_logging \1>${LOG_CLIENT_CONSOLE}<\/loleaflet_logging>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<proto \(.*\)>.*<\/proto>|<proto \1>${NETWORK_PROTOCOL}<\/proto>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<frame_ancestors \(.*\)>.*<\/frame_ancestors>|<frame_ancestors \1>${FRAME_ANCESTORS}<\/frame_ancestors>|" /etc/loolwsd/loolwsd.xml
#sed -i -e "s|localhost<\/host>|${ALLOWED_HOSTS}<\/host>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<connection_timeout \(.*\)>.*<\/connection_timeout>|<connection_timeout \1>${CONNECTION_TIMEOUT}<\/connection_timeout>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<ca_file_path \(.*\) relative=\"false\">.*<\/ca_file_path>|<ca_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_CA_FILENAME}<\/ca_file_path>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<cert_file_path \(.*\) relative=\"false\">.*<\/cert_file_path>|<cert_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_CERT_FILENAME}<\/cert_file_path>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<key_file_path \(.*\) relative=\"false\">.*<\/key_file_path>|<key_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_KEY_FILENAME}<\/key_file_path>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<seccomp \(.*\)>.*<\/seccomp>|<seccomp \1>${ENABLE_SECCOMP}<\/seccomp>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<capabilities \(.*\)>.*<\/capabilities>|<capabilities \1>${ENABLE_CAPABILITIES}<\/capabilities>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<opacity \(.*\)>.*<\/opacity>|<opacity \1>${WATERMARK_OPACITY}<\/opacity>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<text \(.*\)>.*<\/text>|<text \1>${WATERMARK_TEXT}<\/text>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<mode \(.*\)>.*<\/mode>|<mode \1>${INTERFACE}<\/mode>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<webdav desc=\(.*\) allow=\".*\">|<webdav desc=\1 allow=\"${ENABLE_WEBDAV}\">|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<enable desc=\(.*\)>.*<\/enable>|<enable desc=\1>${ENABLE_ADMIN_CONSOLE}<\/enable>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<username \(.*\)>.*<\/username>|<username \1>${ADMIN_USER}<\/username>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<password \(.*\)>.*<\/password>|<password \1>${ADMIN_PASS}<\/password>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<limit_data_mem_kb \(.*\)>.*<\/limit_data_mem_kb>|<limit_data_mem_kb \1>${MEMORY_DATA_LIMIT}<\/limit_data_mem_kb>|" /etc/loolwsd/loolwsd.xml
if [ "$ENABLE_ADMIN_CONSOLE" != "TRUE" ]; then
perl -pi -e "s/<enable desc=\"Enable the admin (.*)>.*<\/enable>/<enable \1>true<\/enable>/" /etc/loolwsd/loolwsd.xml
if var_false "${ENABLE_TLS}" ; then
sed -i -E "s|<enable type=\"bool\" desc=\"Controls(.*)>.*<\/enable>|<enable type=\"bool\" desc=\"Controls\1>false<\/enable>|" /etc/loolwsd/loolwsd.xml
fi
if var_true "${ENABLE_TLS_REVERSE_PROXY}" ; then
sed -i -E "s|<termination \(.*\)>.*<\/termination>|<termination \1>true<\/termination>|" /etc/loolwsd/loolwsd.xml
fi
if var_true "${LOG_ANONYMIZE}"; then
sed -i -e "s|<anonymize_user_data \(.*\)>.*<\/anonymize_user_data>|<anonymize_user_data \1>${LOG_ANONYMIZE}<\/anonymize_user_data>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<anonymization_salt \(.*\)>.*<\/anonymization_salt>|<anonymization_salt \1>${LOG_ANONYMIZE_SALT}<\/anonymization_salt>|" /etc/loolwsd/loolwsd.xml
fi
if [ "$LOG_TYPE" = "FILE" ]; then
perl -pi -e "s/<file enable=\"false\"/<file enable=\"true\"/" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<file enable=\"false\"|<file enable=\"true\"|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<property name=\"path\"\(.*\)>.*<\/property>|<property name=\"path\" \1>${LOG_PATH}/${LOG_FILE}<\/property>|" /etc/loolwsd/loolwsd.xml
sed -i -e "s|<property name=\"flush\"\(.*\)>.*<\/property>|<property name=\"flush\" \1>${LOG_FILE_FLUSH}<\/property>|" /etc/loolwsd/loolwsd.xml
sed -i "s|<LOG_PATH>|${LOG_PATH}|g" /etc/logrotate.d/loolwsd
else
print_debug "Log: Console"
rm -rf /etc/logrotate.d/loolwsd
fi
if [ "$ENABLE_SSL" != "TRUE" ]; then
perl -pi -e "s/<enable type=\"bool\" desc=\"Controls(.*)>.*<\/enable>/<enable type=\"bool\" desc=\"Controls\1>false<\/enable>/" /etc/loolwsd/loolwsd.xml
fi
### Allowed Hosts
allowed_hosts=$(echo "${ALLOWED_HOSTS}" | tr "," "\n")
for host in $allowed_hosts
do
print_info "Adding Allowed Host: ${host}"
sed -i "/>localhost<\/host>/a \ \ \ \ \ \ \ \ \ \ \ \ \<host desc=\"Docker\ added\ regex\ pattern\ of\ hostname\ to\ allow\ or\ deny.\"\ allow=\"true\">${host}</host>" /etc/loolwsd/loolwsd.xml
done
if [ "$ENABLE_SSL_REVERSE_PROXY" != "FALSE" ]; then
perl -pi -e "s/<termination (.*)>.*<\/termination>/<termination \1>true<\/termination>/" /etc/loolwsd/loolwsd.xml
fi
if [ "$LOG_ANONYMIZE_USERS" != "FALSE" ]; then
perl -pi -e "s/<usernames (.*)>.*<\/usernames>/<usernames \1>true<\/usernames>/" /etc/loolwsd/loolwsd.xml
fi
if [ "$LOG_ANONYMIZE_FILES" != "FALSE" ]; then
perl -pi -e "s/<filenames (.*)>.*<\/filenames>/<filenames \1>true<\/filenames>/" /etc/loolwsd/loolwsd.xml
fi
if [ "$LOG_TYPE" = "FILE" ]; then
perl -pi -e "s/<file enable=\"false\"/<file enable=\"true\"/" /etc/loolwsd/loolwsd.xml
if var_true "${ALLOW_172_XX_SUBNET}" ; then
print_debug "Allowing 172.16.0.0/12 Subnet"
sed -i "/<\/post_allow>/i \ \ \ \ \ \ \ \ <host\ desc=\"Additional\ Docker\ Networks to allow\">172\\.1\[6789\]\.\[0-9\]\{1,3\}\.\[0-9\]\{1,3\}<\/host>" /etc/loolwsd/loolwsd.xml
sed -i "/<\/post_allow>/i \ \ \ \ \ \ \ \ <host\ desc=\"Additional\ Docker\ Networks to allow\">172\\.2\[0-9\]\\.\[0-9\]\{1,3\}\\.\[0-9\]\{1,3\}<\/host>" /etc/loolwsd/loolwsd.xml
sed -i "/<\/post_allow>/i \ \ \ \ \ \ \ \ <host\ desc=\"Additional\ Docker\ Networks to allow\">172\\.3\[01\]\\.\[0-9\]\{1,3\}\\.\[0-9\]\{1,3\}<\/host>" /etc/loolwsd/loolwsd.xml
fi
fi
# Generate WOPI proof key
if [ ! -f /etc/loolwsd/proof_key.pub ]; then
silent /opt/lool/bin/loolwsd-generate-proof-key
fi
# Enable Config Reload (Restart when /etc/loolwsd/loolwsd.xml changes)
if var_false "${ENABLE_CONFIG_RELOAD}" ; then
print_debug "Disabling Automatic Configuration Reloader"
rm -rf /etc/services.available/11-inotify
fi
print_info "Container Initialization Complete"
liftoff

View File

@ -1,4 +1,4 @@
/var/log/lool/*.log {
<LOG_PATH>/*.log {
daily
ifempty
rotate 7

View File

@ -1,9 +0,0 @@
#!/usr/bin/with-contenv bash
for s in /assets/functions/*; do source $s; done
PROCESS_NAME="libreoffice-online"
check_container_initialized
check_service_initialized init
print_info "Starting Libreoffice Online Web Services daemon"
exec s6-setuidgid lool /opt/lool/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:lo_template_path=/opt/libreoffice --o:child_root_path=/opt/lool/jails --o:file_server_root_path=/opt/lool/share/loolwsd storage.filesystem[@allow]=true --o:admin_console.username=${ADMIN_USER} --o:admin_console.password=${ADMIN_PASS} ${EXTRA_OPTIONS} >> /var/log/lool/loolwsd.log

View File

@ -0,0 +1,22 @@
#!/usr/bin/with-contenv bash
source /assets/functions/00-container
prepare_service defaults single
PROCESS_NAME="libreoffice-online"
check_container_initialized
check_service_initialized init
liftoff
export LC_CTYPE=en_US.UTF-8
print_info "Starting Libreoffice Online Web Services daemon"
exec sudo -u lool /opt/lool/bin/loolwsd \
--version \
--o:sys_template_path=/opt/lool/systemplate \
--o:lo_template_path=/opt/libreoffice \
--o:child_root_path=/opt/lool/child-roots \
--o:file_server_root_path=/opt/lool/share/loolwsd storage.filesystem[@allow]=true \
--o:admin_console.username=${ADMIN_USER} \
--o:admin_console.password=${ADMIN_PASS} \
${EXTRA_OPTIONS} >> /var/log/lool/loolwsd.log

View File

@ -0,0 +1,16 @@
#!/usr/bin/with-contenv bash
source /assets/functions/00-container
prepare_service defaults single
PROCESS_NAME="config-reloader"
check_container_initialized
check_service_initialized init 10-loolwsd
liftoff
while inotifywait -q -e create,delete,modify,attrib /etc/loolwsd/loolwsd.xml
do
print_info "Reloading loolwsd configuration do to a detected certificate change"
pkill -f --signal 1 loolwsd
exit 0
done