mirror of
https://github.com/tiredofit/docker-collabora-online.git
synced 2024-04-27 12:21:53 +02:00
Release 2.0.0 - See CHANGELOG.md
This commit is contained in:
parent
9dcd66f56a
commit
37e2bce1ab
6
.gitignore
vendored
Normal file
6
.gitignore
vendored
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
/build-assets/container/*
|
||||||
|
!/build-assets/container/.empty
|
||||||
|
/build-assets/core/*
|
||||||
|
!/build-assets/core/.empty
|
||||||
|
/build-assets/online/*
|
||||||
|
!/build-assets/online/.empty
|
13
CHANGELOG.md
13
CHANGELOG.md
|
@ -1,7 +1,18 @@
|
||||||
|
## 2.0.0 2021-02-20 <dave at tiredofit dot ca>
|
||||||
|
|
||||||
|
### Added
|
||||||
|
- Refreshed Image = Lots more environment variables (See README)
|
||||||
|
- Debian Buster base
|
||||||
|
- Libreoffice 6.4-23
|
||||||
|
- Libreoffice Online 6.4.6-4
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- TLS Issues
|
||||||
|
|
||||||
## 1.6.1 2020-01-21 <joergmschulz at github>
|
## 1.6.1 2020-01-21 <joergmschulz at github>
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
- Misquote in the startup script
|
- Misquote in the startup script
|
||||||
|
|
||||||
## 1.6.0 2020-01-12 <dave at tiredofit dot ca>
|
## 1.6.0 2020-01-12 <dave at tiredofit dot ca>
|
||||||
|
|
||||||
|
|
261
Dockerfile
261
Dockerfile
|
@ -1,26 +1,42 @@
|
||||||
FROM tiredofit/debian:stretch as builder
|
FROM tiredofit/debian:buster as builder
|
||||||
LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
|
LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
|
||||||
|
|
||||||
### Set Environment Variables
|
### Buildtime arguments
|
||||||
ENV LIBREOFFICE_BRANCH=master \
|
ARG LIBREOFFICE_BRANCH
|
||||||
## cp-6.0.30
|
ARG LIBREOFFICE_VERSION
|
||||||
LIBREOFFICE_COMMIT=3ef1164bc3a13af481102e0abef06929c53bad8b \
|
ARG LIBREOFFICE_REPO_URL
|
||||||
LOOL_BRANCH=master \
|
ARG LOOL_BRANCH
|
||||||
## 4.0.4.1
|
ARG LOOL_VERSION
|
||||||
LOOL_COMMIT=a2132266584381c875fa707446417e259753e2f5 \
|
ARG LOOL_REPO_URL
|
||||||
MAX_CONNECTIONS=5000 \
|
ARG MAX_CONNECTIONS
|
||||||
|
ARG MAX_DOCUMENTS
|
||||||
|
|
||||||
|
### Environment Variables
|
||||||
|
ENV LIBREOFFICE_BRANCH=${LIBREOFFICE_BRANCH:-"master"} \
|
||||||
|
LIBREOFFICE_VERSION=${LIBREOFFICE_VERSION:-"cp-6.4-23"} \
|
||||||
|
LIBREOFFICE_REPO_URL=${LIBREOFFICE_REPO_URL:-"https://github.com/LibreOffice/core"} \
|
||||||
|
#
|
||||||
|
LOOL_BRANCH=${LOOL_BRANCH:-"master"} \
|
||||||
|
LOOL_VERSION=${LOOL_VERSION:-"cp-6.4.6-2"} \
|
||||||
|
LOOL_REPO_URL=${LOOL_REPO_URL:-"https://github.com/CollaboraOnline/online"} \
|
||||||
|
#
|
||||||
|
POCO_VERSION=${POCO_VERSION:-"poco-1.10.1-release.tar.gz"} \
|
||||||
|
POCO_URL=${POCO_URL:-"https://github.com/pocoproject/poco/archive/"} \
|
||||||
|
#
|
||||||
|
MAX_CONNECTIONS=${MAX_CONNECTIONS:-"5000"} \
|
||||||
## Uses Approximately 20mb per document open
|
## Uses Approximately 20mb per document open
|
||||||
MAX_DOCUMENTS=5000 \
|
MAX_DOCUMENTS=${MAX_DOCUMENTS:-"5000"}
|
||||||
POCO_VERSION=1.9.0
|
|
||||||
|
ADD build-assets /build-assets
|
||||||
|
|
||||||
### Get Updates
|
### Get Updates
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
### Add Repositories
|
### Add Repositories
|
||||||
apt-get update && \
|
apt-get update && \
|
||||||
apt-get -o Dpkg::Options::="--force-confold" upgrade -y && \
|
apt-get -o Dpkg::Options::="--force-confold" upgrade -y && \
|
||||||
echo "deb-src http://deb.debian.org/debian stretch main" >> /etc/apt/sources.list && \
|
echo "deb-src http://deb.debian.org/debian buster main" >> /etc/apt/sources.list && \
|
||||||
echo "deb http://deb.debian.org/debian stretch contrib" >> /etc/apt/sources.list && \
|
echo "deb http://deb.debian.org/debian buster contrib" >> /etc/apt/sources.list && \
|
||||||
curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
|
curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
|
||||||
\
|
\
|
||||||
### Setup Distribution
|
### Setup Distribution
|
||||||
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
|
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
|
||||||
|
@ -29,154 +45,121 @@ RUN set -x && \
|
||||||
useradd lool -G sudo && \
|
useradd lool -G sudo && \
|
||||||
chown lool:lool /home/lool -R && \
|
chown lool:lool /home/lool -R && \
|
||||||
\
|
\
|
||||||
## Add Build Dependencies
|
BUILD_DEPS=' \
|
||||||
apt-get install -y \
|
adduser \
|
||||||
|
automake \
|
||||||
|
build-essential \
|
||||||
cpio \
|
cpio \
|
||||||
|
default-jre \
|
||||||
|
devscripts \
|
||||||
|
fontconfig \
|
||||||
|
g++ \
|
||||||
git \
|
git \
|
||||||
|
inotify-tools \
|
||||||
libcap-dev \
|
libcap-dev \
|
||||||
|
libcap2-bin \
|
||||||
|
libcppunit-dev \
|
||||||
libghc-zlib-dev \
|
libghc-zlib-dev \
|
||||||
|
libkrb5-dev \
|
||||||
|
libpam-dev \
|
||||||
libpam0g-dev \
|
libpam0g-dev \
|
||||||
|
libpng16-16 \
|
||||||
libssl-dev \
|
libssl-dev \
|
||||||
libtool \
|
libtool \
|
||||||
|
libubsan1 \
|
||||||
|
locales-all \
|
||||||
|
m4 \
|
||||||
nasm \
|
nasm \
|
||||||
nodejs \
|
nodejs \
|
||||||
openssl \
|
openssl \
|
||||||
|
pkg-config \
|
||||||
|
procps \
|
||||||
|
python3-lxml \
|
||||||
|
python3-polib \
|
||||||
python-polib \
|
python-polib \
|
||||||
sudo \
|
sudo \
|
||||||
translate-toolkit \
|
translate-toolkit \
|
||||||
ttf-mscorefonts-installer \
|
ttf-mscorefonts-installer \
|
||||||
wget \
|
wget \
|
||||||
|
' && \
|
||||||
|
## Add Build Dependencies
|
||||||
|
apt-get install -y \
|
||||||
|
${BUILD_DEPS} \
|
||||||
&& \
|
&& \
|
||||||
\
|
\
|
||||||
apt-get build-dep -y \
|
apt-get build-dep -y \
|
||||||
libreoffice \
|
libreoffice \
|
||||||
&& \
|
&& \
|
||||||
\
|
\
|
||||||
### Build and Install Poco Libraries
|
### Build Poco
|
||||||
mkdir -p /usr/src/poco && \
|
mkdir -p /usr/src/poco && \
|
||||||
curl -sSL https://pocoproject.org/releases/poco-${POCO_VERSION}/poco-${POCO_VERSION}-all.tar.gz | tar xvfz - --strip 1 -C /usr/src/poco && \
|
curl -sSL ${POCO_URL}${POCO_VERSION} | tar xvfz - --strip 1 -C /usr/src/poco && \
|
||||||
cd /usr/src/poco && \
|
cd /usr/src/poco && \
|
||||||
./configure \
|
./configure \
|
||||||
--no-samples \
|
--static \
|
||||||
--no-tests \
|
--no-tests \
|
||||||
--prefix=/opt/poco \
|
--no-samples \
|
||||||
&& \
|
--no-sharedlibs \
|
||||||
|
--cflags="-fPIC" \
|
||||||
|
--omit=Zip,Data,Data/SQLite,Data/ODBC,Data/MySQL,MongoDB,PDF,CppParser,PageCompiler,Redis,Encodings \
|
||||||
|
--prefix=/opt/poco \
|
||||||
|
&& \
|
||||||
|
make -j$(nproc) && \
|
||||||
make install && \
|
make install && \
|
||||||
\
|
\
|
||||||
### Build Fetch LibreOffice - This will take a while..
|
### Build Fetch LibreOffice - This will take a while..
|
||||||
git clone -b ${LIBREOFFICE_BRANCH} https://github.com/LibreOffice/core.git /usr/src/libreoffice-core && \
|
git clone -b ${LIBREOFFICE_BRANCH} ${LIBREOFFICE_REPO_URL} /usr/src/libreoffice-core && \
|
||||||
cd /usr/src/libreoffice-core && \
|
cd /usr/src/libreoffice-core && \
|
||||||
echo "lo_sources_ver="`env | grep LIBREOFFICE_VERSION | cut -d'-' -f2` > sources.ver && \
|
git checkout ${LIBREOFFICE_VERSION} && \
|
||||||
git reset --hard ${LIBREOFFICE_COMMIT} && \
|
if [ -d "/build-assets/core/src" ] ; then cp -R /build-assets/core/src/* /usr/src/libreoffice-core ; fi; \
|
||||||
git submodule init && \
|
if [ -d "/build-assets/core/scripts" ] ; then for script in /build-assets/core/scripts/*.sh; do echo "** Applying $script"; bash $script; done && \ ; fi ; \
|
||||||
git submodule update translations && \
|
\
|
||||||
git submodule update dictionaries && \
|
echo "--prefix=/opt/libreoffice" >> /usr/src/libreoffice-core/distro-configs/CPLinux-LOKit.conf && \
|
||||||
cd /usr/src/libreoffice-core && \
|
./autogen.sh \
|
||||||
echo "--disable-dbus \n\
|
--with-distro="CPLinux-LOKit" \
|
||||||
--disable-dconf \n\
|
--disable-epm \
|
||||||
--disable-epm \n\
|
--without-package-format && \
|
||||||
--disable-evolution2 \n\
|
|
||||||
--disable-ext-nlpsolver \n\
|
|
||||||
--disable-ext-wiki-publisher \n\
|
|
||||||
--disable-firebird-sdbc \n\
|
|
||||||
--disable-gio \n\
|
|
||||||
--disable-gstreamer-0-10 \n\
|
|
||||||
--disable-gstreamer-1-0 \n\
|
|
||||||
--disable-gtk \n\
|
|
||||||
--disable-gtk3 \n\
|
|
||||||
--disable-kde4 \n\
|
|
||||||
--disable-odk \n\
|
|
||||||
--disable-online-update \n\
|
|
||||||
--disable-pdfimport \n\
|
|
||||||
--disable-postgresql-sdbc \n\
|
|
||||||
--disable-report-builder \n\
|
|
||||||
--disable-scripting-beanshell \n\
|
|
||||||
--disable-scripting-javascript \n\
|
|
||||||
--disable-sdremote \n\
|
|
||||||
--disable-sdremote-bluetooth \n\
|
|
||||||
--enable-extension-integration \n\
|
|
||||||
--enable-mergelibs \n\
|
|
||||||
--enable-python=internal \n\
|
|
||||||
--enable-release-build \n\
|
|
||||||
--with-external-dict-dir=/usr/share/hunspell \n\
|
|
||||||
--with-external-hyph-dir=/usr/share/hyphen \n\
|
|
||||||
--with-external-thes-dir=/usr/share/mythes \n\
|
|
||||||
--with-fonts \n\
|
|
||||||
--with-galleries=no \n\
|
|
||||||
--with-lang=en-GB en-US\n\
|
|
||||||
--with-linker-hash-style=both \n\
|
|
||||||
--with-system-dicts \n\
|
|
||||||
--with-system-zlib \n\
|
|
||||||
--with-theme=galaxy \n\
|
|
||||||
#--with-system-xmlsec \n\
|
|
||||||
--without-branding \n\
|
|
||||||
--without-help \n\
|
|
||||||
--without-java \n\
|
|
||||||
--without-junit \n\
|
|
||||||
--without-myspell-dicts \n\
|
|
||||||
--without-package-format \n\
|
|
||||||
--without-system-jars \n\
|
|
||||||
--without-system-jpeg \n\
|
|
||||||
--without-system-libpng \n\
|
|
||||||
--without-system-libxml \n\
|
|
||||||
--without-system-openssl \n\
|
|
||||||
--without-system-poppler \n\
|
|
||||||
--without-system-postgresql \n\
|
|
||||||
--prefix=/opt/libreoffice \n\
|
|
||||||
" > /usr/src/libreoffice-core/distro-configs/LibreOfficeOnline.conf && \
|
|
||||||
./autogen.sh --with-distro="LibreOfficeOnline" && \
|
|
||||||
cd /usr/src/libreoffice-core && \
|
|
||||||
sed -i "s/export XMLSEC_TARBALL := xmlsec1-1.2.26.tar.gz/export XMLSEC_TARBALL := xmlsec1-1.2.25.tar.gz/g" download.lst && \
|
|
||||||
chown -R lool /usr/src/libreoffice-core && \
|
chown -R lool /usr/src/libreoffice-core && \
|
||||||
sudo -u lool make && \
|
sudo -u lool make fetch && \
|
||||||
cd /usr/src/libreoffice-core && \
|
sudo -u lool make -j$(nproc) build-nocheck && \
|
||||||
mkdir -p /opt/libreoffice && \
|
mkdir -p /opt/libreoffice && \
|
||||||
chown -R lool /opt/libreoffice && \
|
chown -R lool /opt/libreoffice && \
|
||||||
sudo -u lool make install && \
|
|
||||||
cp -R /usr/src/libreoffice-core/instdir/* /opt/libreoffice/ && \
|
cp -R /usr/src/libreoffice-core/instdir/* /opt/libreoffice/ && \
|
||||||
\
|
\
|
||||||
### Build LibreOffice Online (Not as long as above)
|
### Build LibreOffice Online (Not as long as above)
|
||||||
git clone -b ${LOOL_BRANCH} https://github.com/LibreOffice/online.git /usr/src/libreoffice-online && \
|
git clone -b ${LOOL_BRANCH} ${LOOL_REPO_URL} /usr/src/libreoffice-online && \
|
||||||
cd /usr/src/libreoffice-online && \
|
cd /usr/src/libreoffice-online && \
|
||||||
git reset --hard ${LOOL_COMMIT} && \
|
git checkout ${LOOL_VERSION} && \
|
||||||
npm install -g \
|
if [ -d "/build-assets/online/src" ] ; then cp -R /build-assets/online/src/* /usr/src/libreoffice-online ; fi; \
|
||||||
bootstrap \
|
if [ -d "/build-assets/online/scripts" ] ; then for script in /build-assets/online/scripts/*.sh; do echo "** Applying $script"; bash $script; done && \ ; fi ; \
|
||||||
browserify-css \
|
|
||||||
d3 \
|
|
||||||
d3 \
|
|
||||||
eslint \
|
|
||||||
evol-colorpicker \
|
|
||||||
exorcist \
|
|
||||||
jake \
|
|
||||||
npm \
|
|
||||||
uglify-js \
|
|
||||||
&& \
|
|
||||||
\
|
|
||||||
./autogen.sh && \
|
./autogen.sh && \
|
||||||
./configure --enable-silent-rules \
|
./configure --enable-silent-rules \
|
||||||
--with-lokit-path=/usr/src/libreoffice-online/bundled/include \
|
--with-lokit-path="/usr/src/libreoffice-core/include" \
|
||||||
--with-lo-path=/opt/libreoffice \
|
--with-lo-path=/opt/libreoffice \
|
||||||
--with-max-connections=${MAX_CONNECTIONS} \
|
--with-max-connections=${MAX_CONNECTIONS} \
|
||||||
--with-max-documents=${MAX_DOCUMENTS} \
|
--with-max-documents=${MAX_DOCUMENTS} \
|
||||||
--with-poco-includes=/opt/poco/include \
|
|
||||||
--with-poco-libs=/opt/poco/lib \
|
|
||||||
--with-logfile=/var/log/lool/lool.log \
|
--with-logfile=/var/log/lool/lool.log \
|
||||||
--prefix=/opt/lool \
|
--prefix=/opt/lool \
|
||||||
--sysconfdir=/etc \
|
--sysconfdir=/etc \
|
||||||
--localstatedir=/var && \
|
--localstatedir=/var \
|
||||||
( cd loleaflet/po && ../../scripts/downloadpootle.sh ) && \
|
--with-poco-includes=/opt/poco/include \
|
||||||
( cd loleaflet && make l10n) || exit 1 && \
|
--with-poco-libs=/opt/poco/lib \
|
||||||
|
&& \
|
||||||
|
\
|
||||||
( scripts/locorestrings.py /usr/src/libreoffice-online /usr/src/libreoffice-core/translations ) && \
|
( scripts/locorestrings.py /usr/src/libreoffice-online /usr/src/libreoffice-core/translations ) && \
|
||||||
make -j`nproc` && \
|
( scripts/unocommands.py --update /usr/src/libreoffice-online /usr/src/libreoffice-core ) && \
|
||||||
|
( scripts/unocommands.py --translate /usr/src/libreoffice-online /usr/src/libreoffice-core/translations ) && \
|
||||||
|
make -j$(nproc) && \
|
||||||
mkdir -p /opt/lool && \
|
mkdir -p /opt/lool && \
|
||||||
chown -R lool /opt/lool && \
|
chown -R lool /opt/lool && \
|
||||||
cp -R loolwsd.xml /opt/lool/ && \
|
cp -R loolwsd.xml /opt/lool/ && \
|
||||||
cp -R loolkitconfig.xcu /opt/lool && \
|
cp -R loolkitconfig.xcu /opt/lool && \
|
||||||
make install && \
|
make install && \
|
||||||
|
\
|
||||||
|
### Cleanup
|
||||||
cd / && \
|
cd / && \
|
||||||
apt-get autoremove -y && \
|
apt-get autoremove -y && \
|
||||||
apt-get clean && \
|
apt-get clean && \
|
||||||
### Cleanup
|
|
||||||
rm -rf /usr/src/* && \
|
rm -rf /usr/src/* && \
|
||||||
rm -rf /usr/share/doc && \
|
rm -rf /usr/share/doc && \
|
||||||
rm -rf /usr/share/man && \
|
rm -rf /usr/share/man && \
|
||||||
|
@ -184,41 +167,49 @@ RUN set -x && \
|
||||||
rm -rf /var/lib/apt/lists/* && \
|
rm -rf /var/lib/apt/lists/* && \
|
||||||
rm -rf /var/log/*
|
rm -rf /var/log/*
|
||||||
|
|
||||||
FROM tiredofit/debian:stretch
|
FROM tiredofit/debian:buster
|
||||||
LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
|
LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
|
||||||
|
|
||||||
### Set Defaults
|
### Set Defaults
|
||||||
ENV ADMIN_USER=admin \
|
ENV ADMIN_USER=admin \
|
||||||
ADMIN_PASS=libreoffice \
|
ADMIN_PASS=libreoffice \
|
||||||
LOG_LEVEL=warning \
|
ENABLE_SMTP=false
|
||||||
DICTIONARIES="en_GB en_US" \
|
|
||||||
ENABLE_SMTP=false \
|
|
||||||
PYTHONWARNINGS=ignore
|
|
||||||
|
|
||||||
### Grab Compiled Assets from builder image
|
### Grab Compiled Assets from builder image
|
||||||
COPY --from=builder /opt/ /opt/
|
COPY --from=builder /opt/ /opt/
|
||||||
|
|
||||||
|
ADD build-assets /build-assets
|
||||||
|
|
||||||
### Install Dependencies
|
### Install Dependencies
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
adduser --quiet --system --group --home /opt/lool lool && \
|
adduser --quiet --system --group --home /opt/lool lool && \
|
||||||
\
|
\
|
||||||
### Add Repositories
|
### Add Repositories
|
||||||
echo "deb http://deb.debian.org/debian stretch contrib" >> /etc/apt/sources.list && \
|
echo "deb http://deb.debian.org/debian buster contrib" >> /etc/apt/sources.list && \
|
||||||
curl -sL https://deb.nodesource.com/setup_6.x | bash - && \
|
curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
|
||||||
\
|
\
|
||||||
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
|
echo ttf-mscorefonts-installer msttcorefonts/accepted-mscorefonts-eula select true | debconf-set-selections && \
|
||||||
apt-get -o Dpkg::Options::="--force-confold" upgrade -y && \
|
apt-get -o Dpkg::Options::="--force-confold" upgrade -y && \
|
||||||
apt-get install -y\
|
apt-get install -y\
|
||||||
adduser \
|
|
||||||
apt-transport-https \
|
apt-transport-https \
|
||||||
cpio \
|
cpio \
|
||||||
findutils \
|
findutils \
|
||||||
|
fontconfig \
|
||||||
fonts-droid-fallback \
|
fonts-droid-fallback \
|
||||||
|
fonts-hack \
|
||||||
|
fonts-liberation \
|
||||||
fonts-noto-cjk \
|
fonts-noto-cjk \
|
||||||
|
fonts-wqy-microhei \
|
||||||
|
fonts-wqy-zenhei \
|
||||||
|
fonts-ocr-a \
|
||||||
|
fonts-ocr-b \
|
||||||
|
fonts-open-sans \
|
||||||
hunspell \
|
hunspell \
|
||||||
hunspell-en-us \
|
hunspell-en-ca \
|
||||||
hunspell-en-gb \
|
hunspell-en-gb \
|
||||||
libcap2-bin \
|
hunspell-en-us \
|
||||||
|
inotify-tools \
|
||||||
|
libcap2-bin \
|
||||||
libcups2 \
|
libcups2 \
|
||||||
libfontconfig1 \
|
libfontconfig1 \
|
||||||
libfreetype6 \
|
libfreetype6 \
|
||||||
|
@ -226,16 +217,19 @@ RUN set -x && \
|
||||||
libpam0g \
|
libpam0g \
|
||||||
libpng16-16 \
|
libpng16-16 \
|
||||||
libsm6 \
|
libsm6 \
|
||||||
|
libubsan0 \
|
||||||
|
libubsan1 \
|
||||||
libxcb-render0 \
|
libxcb-render0 \
|
||||||
libxcb-shm0 \
|
libxcb-shm0 \
|
||||||
libxinerama1 \
|
libxinerama1 \
|
||||||
libxrender1 \
|
libxrender1 \
|
||||||
locales \
|
locales \
|
||||||
locales-all \
|
locales-all \
|
||||||
openssl \
|
openssl \
|
||||||
|
openssh-client \
|
||||||
|
procps \
|
||||||
python3-requests \
|
python3-requests \
|
||||||
python3-websocket \
|
python3-websocket \
|
||||||
sudo \
|
|
||||||
ttf-mscorefonts-installer \
|
ttf-mscorefonts-installer \
|
||||||
&& \
|
&& \
|
||||||
\
|
\
|
||||||
|
@ -244,19 +238,26 @@ RUN set -x && \
|
||||||
mv /opt/lool/loolwsd.xml /etc/loolwsd/ && \
|
mv /opt/lool/loolwsd.xml /etc/loolwsd/ && \
|
||||||
mv /opt/lool/loolkitconfig.xcu /etc/loolwsd/ && \
|
mv /opt/lool/loolkitconfig.xcu /etc/loolwsd/ && \
|
||||||
chown -R lool /etc/loolwsd && \
|
chown -R lool /etc/loolwsd && \
|
||||||
mkdir -p /opt/lool/jails && \
|
mkdir -p /opt/lool/child-roots && \
|
||||||
chown -R lool /opt/* && \
|
chown -R lool /opt/* && \
|
||||||
mkdir -p /var/cache/loolwsd && \
|
mkdir -p /var/cache/loolwsd && \
|
||||||
chown -R lool /var/cache/loolwsd && \
|
chown -R lool /var/cache/loolwsd && \
|
||||||
setcap cap_fowner,cap_mknod,cap_sys_chroot=ep /opt/lool/bin/loolforkit && \
|
setcap cap_fowner,cap_chown,cap_mknod,cap_sys_chroot=ep /opt/lool/bin/loolforkit && \
|
||||||
# setcap cap_sys_admin=ep /opt/lool/bin/loolmount && \
|
setcap cap_sys_admin=ep /opt/lool/bin/loolmount && \
|
||||||
mkdir -p /usr/share/hunspell && \
|
mkdir -p /usr/share/hunspell && \
|
||||||
mkdir -p /usr/share/hyphen && \
|
mkdir -p /usr/share/hyphen && \
|
||||||
mkdir -p /usr/share/mythes && \
|
mkdir -p /usr/share/mythes && \
|
||||||
|
mkdir -p /var/cache/loolwsd && \
|
||||||
|
chown -R lool /var/cache/loolwsd && \
|
||||||
|
mkdir -p /var/log/lool && \
|
||||||
|
touch /var/log/lool/loolwsd.log && \
|
||||||
|
chown -R lool /var/log/lool && \
|
||||||
\
|
\
|
||||||
### Setup LibreOffice Online Jails
|
### Setup LibreOffice Online Jails
|
||||||
sudo -u lool /opt/lool/bin/loolwsd-systemplate-setup /opt/lool/systemplate /opt/libreoffice && \
|
sudo -u lool /opt/lool/bin/loolwsd-systemplate-setup /opt/lool/systemplate /opt/libreoffice && \
|
||||||
\
|
\
|
||||||
|
if [ -d "/build-assets/container/src" ] ; then cp -R /build-assets/container/src/* /usr/src/libreoffice-container ; fi; \
|
||||||
|
if [ -d "/build-assets/container/scripts" ] ; then for script in /build-assets/container/scripts/*.sh; do echo "** Applying $script"; bash $script; done && \ ; fi ; \
|
||||||
apt-get autoremove -y && \
|
apt-get autoremove -y && \
|
||||||
apt-get clean && \
|
apt-get clean && \
|
||||||
\
|
\
|
||||||
|
@ -265,10 +266,8 @@ RUN set -x && \
|
||||||
rm -rf /usr/share/man && \
|
rm -rf /usr/share/man && \
|
||||||
rm -rf /var/lib/apt/lists/* && \
|
rm -rf /var/lib/apt/lists/* && \
|
||||||
rm -rf /var/log/* && \
|
rm -rf /var/log/* && \
|
||||||
rm -rf /tmp/* && \
|
rm -rf /build-assets && \
|
||||||
mkdir -p /var/log/lool && \
|
rm -rf /tmp/*
|
||||||
touch /var/log/lool/loolwsd.log && \
|
|
||||||
chown -R lool /var/log/lool
|
|
||||||
|
|
||||||
### Networking Configuration
|
### Networking Configuration
|
||||||
EXPOSE 9980
|
EXPOSE 9980
|
||||||
|
|
2
LICENSE
2
LICENSE
|
@ -1,6 +1,6 @@
|
||||||
The MIT License (MIT)
|
The MIT License (MIT)
|
||||||
|
|
||||||
Copyright (c) 2020 Dave Conroy
|
Copyright (c) 2021 Dave Conroy
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
|
149
README.md
149
README.md
|
@ -43,10 +43,10 @@ This image assumes that you are using a reverse proxy such as [jwilder/nginx-pro
|
||||||
|
|
||||||
# Installation
|
# Installation
|
||||||
|
|
||||||
Builds of the image are available on [Docker Hub](https://hub.docker.com/tiredofit/libreoffice-online) and is the
|
Builds of the image are available on [Docker Hub](https://hub.docker.com/tiredofit/libreoffice-online) and is the
|
||||||
recommended method of installation.
|
recommended method of installation.
|
||||||
|
|
||||||
If you decide to compile this, it will take quite a few hours.
|
If you decide to compile this, it will take quite a few hours even on the fastest computer due to the amount of data required to download to compile. At some stages this image will grow to 30GB large before sheeding most of it for it's final size.
|
||||||
|
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
@ -56,7 +56,8 @@ docker pull tiredofit/libreoffice-online
|
||||||
The following image tags are available:
|
The following image tags are available:
|
||||||
|
|
||||||
* `latest` - See most recent versioned tag
|
* `latest` - See most recent versioned tag
|
||||||
* `1.5` - Collabora Libreoffice 6.0.30 with Collabora Office Online 4.0.4-1
|
* `2.0` - Collabora Libreoffice 6.4-23 with Collabora Office Online 6.4.6-2
|
||||||
|
* `1.6` - Collabora Libreoffice 6.0.30 with Collabora Office Online 4.0.4-1
|
||||||
* `1.1` - Collabora Libreoffice 5.3.61 with Collabora Office Online 3.4.2.1
|
* `1.1` - Collabora Libreoffice 5.3.61 with Collabora Office Online 3.4.2.1
|
||||||
|
|
||||||
# Quick Start
|
# Quick Start
|
||||||
|
@ -73,62 +74,122 @@ The following image tags are available:
|
||||||
|
|
||||||
The following directories should be mapped for persistent storage in order to utilize the container effectively.
|
The following directories should be mapped for persistent storage in order to utilize the container effectively.
|
||||||
|
|
||||||
| Folder | Description |
|
| Folder | Description |
|
||||||
|-----------|-------------|
|
| -------------------- | ----------------------------------------------------------------------------------------------------------------------- |
|
||||||
| `/var/log/loolwsd` | Log files
|
| `/var/log/loolwsd` | Log files |
|
||||||
| `/assets/custom` | If you want to update the theme of LibreOffice online, dropping files in here will overwrite /opt/lool/share on startup |
|
| `/assets/custom` | If you want to update the theme of LibreOffice online, dropping files in here will overwrite /opt/lool/share on startup |
|
||||||
| `/etc/loolwsd/certs` | (Optional) If you would like to use your own certificates, map this volume and set appropriate variables |
|
| `/etc/loolwsd/certs` | (Optional) If you would like to use your own certificates, map this volume and set appropriate variables |
|
||||||
|
|
||||||
### Environment Variables
|
### Environment Variables
|
||||||
|
|
||||||
Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/debian), below is the complete list of available options that can be used to customize your installation.
|
Along with the Environment Variables from the [Base image](https://hub.docker.com/r/tiredofit/debian), below is the complete list of available options that can be used to customize your installation.
|
||||||
|
|
||||||
| Parameter | Description |
|
### General Usage
|
||||||
|-----------|-------------|
|
| Parameter | Description | Default |
|
||||||
| `ADMIN_PASS` | Password for accessing Administration Console - Default `libreoffice` |
|
| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | ------------- |
|
||||||
| `ADMIN_USER` | User for accessing Administration Console - Default `admin` |
|
| `SETUP_TYPE` | Automatically generate configuration with defaults. Set to `MANUAL` and map the configuration file to use your own | `AUTO` |
|
||||||
| `ALLOWED_HOSTS` | Set which domains which can access service - Example: `^(.*)\.example\.org` |
|
| `ALLOWED_HOSTS` | Set which domains which can access service Seperate Multiple with `,` - Example: `^(.*)\.example\.org` |
|
||||||
| `AUTO_SAVE` | The number of seconds after which document, if modified, should be saved - Default `300` |
|
| `DICTIONARIES` | Spell Check Languages - Available `en_GB en_US` | `en_GB en_US` |
|
||||||
| `DICTIONARIES` | Spell Check Languages - Available `en_GB en_US` - Default `en_GB en_US` |
|
| `EXTRA_OPTIONS` | If you want to pass additional arguments upon startup, add it here |
|
||||||
| `ENABLE_ADMIN_CONSOLE` | Enable Administration Console - Default `TRUE` |
|
| `INTERFACE` | Web interface type `classic` or `notebookbar` | `classic` |
|
||||||
| `ENABLE_TLS_CERT_GENERATE` | Enable Self Signed Certificate Generation | Default: `TRUE` |
|
| `WATERMARK_OPACITY | Watermark Opacity | `0.2` |
|
||||||
| `ENABLE_TLS_REVERSE_PROXY` | If using a Reverse SSL terminating proxy in front of this container Default: `FALSE` |
|
| `WATERMARK_TEXT` | Text to display for watermark | `` |
|
||||||
| `ENABLE_TLS` | Enable TLS - Default: `TRUE`
|
|
||||||
| `EXTRA_OPTIONS` | If you want to pass additional arguments upon startup, add it here |
|
#### Administration
|
||||||
| `FILE_SIZE_LIMIT` | The maximum file size allowed to each document process to write - Default `0` (unlimited) |
|
| Parameter | Description | Default |
|
||||||
| `IDLE_SAVE` | The number of idle seconds after which document, if modified, should be saved - Default `30` |
|
| ---------------------- | --------------------------------------------- | ------------- |
|
||||||
| `IDLE_UNLOAD_TIMEOUT` | The maximum number of seconds before unloading an idle documen - Default `3600` |
|
| `ENABLE_ADMIN_CONSOLE` | Enable Administration Console | `TRUE` |
|
||||||
| `LOG_ANONYMIZE_FILES` | Anonymize File information in Logs `TRUE` or `FALSE` - Default - `FALSE`
|
| `ADMIN_USER` | User for accessing Administration Console | `admin` |
|
||||||
| `LOG_ANONYMIZE_USERS` | Anonymize User information in Logs `TRUE` or `FALSE` - Default - `FALSE`
|
| `ADMIN_PASS` | Password for accessing Administration Console | `libreoffice` |
|
||||||
| `LOG_LEVEL` | Log Level - Available `none, fatal, critical, error, warning, notice, information, debug, trace` - Default `warning` |
|
|
||||||
| `LOG_TYPE` | Write Logs to `CONSOLE` or to `FILE` - Default `CONSOLE` |
|
#### Logging
|
||||||
| `MAX_FILE_LOAD_LIMIT` | Maximum number of seconds to wait for a document load to succeed - Default `100` |
|
| Parameter | Description | Default |
|
||||||
| `MAX_OPEN_FILES` | The maximum number of files allowed to each document process to open - Default `0` (unlimited) |
|
| -------------------- | ------------------------------------------------------------------------------------------------ | --------------- |
|
||||||
| `MAX_THREADS_DOCUMENT` | How many threads to use when opening a document - Default `4` |
|
| `LOG_TYPE` | Write Logs to `CONSOLE` or to `FILE` | `CONSOLE` |
|
||||||
| `MEMORY_DATA_LIMIT` | The maximum memory data segment allowed to each document process - Default `0` (unlimited) |
|
| `LOG_LEVEL` | Log Level - Available `none, fatal, critical, error, warning, notice, information, debug, trace` | `warning` |
|
||||||
| `MEMORY_STACK_LIMIT` | The maximum stack size allowed to each document process - Default `0` (unlimited) |
|
| `LOG_PATH` | Log Path | `/var/log/lool` |
|
||||||
| `MEMORY_USAGE_MAX` | Maximum percentage of system memory to be used - Default `80.0` |
|
| `LOG_FILE` | Log File | `lool.log` |
|
||||||
| `PRESPAWN_CHILD_PROCESSES` | Amount of Child processes to start upon container init - Default `1` |
|
| `LOG_ANONYMIZE` | Anonymize File+User information in Logs `TRUE` or `FALSE` | `FALSE` |
|
||||||
| `SETUP_TYPE` | Automatically generate configuration with defaults. Set to `FALSE` and map the configuration file to use your own - Default `TRUE` |
|
| `LOG_ANONYMIZE_SALT` | Salt for anonymizing log data | 8 char random |
|
||||||
| `TLS_CA_FILENAME` | TLS CA Cert filename with extension - Default: `ca-chain-cert.pem` |
|
| `LOG_CLIENT_CONSOLE` | Log in users browser console | `false` |
|
||||||
| `TLS_CERT_FILENAME` | TLS Certificate filename with extension - Default: `cert.pem` |
|
| `LOG_COLOURIZE` | Colourize the log entries in console | `true` |
|
||||||
| `TLS_CERT_PATH` | TLS certificates path - Default: `/etc/loolwsd/certs` |
|
| `LOG_LIBREOFFICE` | Log filter what Libreoffice entries | `-INFO-WARN` |
|
||||||
| `TLS_KEY_FILENAME` | TLS Private Key filename with extension - Default: `key.pem` |
|
| `LOG_FILE_FLUSH` | Flush Entries on each line to log file | `false` |
|
||||||
| `USER_IDLE_TIMEOUT` | The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus) - Default `900` |
|
|
||||||
| `USER_OUT_OF_FOCUS_TIMEOUT` | The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus - Default `60` |
|
|
||||||
|
#### TLS Settings
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
| -------------------------- | ------------------------------------------------------------------- | -------------------- |
|
||||||
|
| `ENABLE_TLS` | Enable TLS | `FALSE` |
|
||||||
|
| `ENABLE_TLS_CERT_GENERATE` | Enable Self Signed Certificate Generation | `TRUE` |
|
||||||
|
| `ENABLE_TLS_REVERSE_PROXY` | If using a Reverse SSL terminating proxy in front of this container | `TRUE` |
|
||||||
|
| `TLS_CA_FILENAME` | TLS CA Cert filename with extension | `ca-chain-cert.pem` |
|
||||||
|
| `TLS_CERT_FILENAME` | TLS Certificate filename with extension | `cert.pem` |
|
||||||
|
| `TLS_CERT_PATH` | TLS certificates path | `/etc/loolwsd/certs` |
|
||||||
|
| `TLS_KEY_FILENAME` | TLS Private Key filename with extension | `key.pem` |
|
||||||
|
|
||||||
|
#### Performance and Limits
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | --------------- |
|
||||||
|
| `AUTO_SAVE` | The number of seconds after which document, if modified, should be saved | `300` |
|
||||||
|
| `BATCH_PRIORITY` | A (lower) priority for use by batch convert to processes to avoid starving interactive ones | `5` |
|
||||||
|
| `CONNECTION_TIMEOUT` | Connection, Send, Receeive timeout in seconds for connections initiated by loolwsd | `30` |
|
||||||
|
| `FILE_SIZE_LIMIT` | The maximum file size allowed to each document process to write | `0` (unlimited) |
|
||||||
|
| `IDLE_SAVE` | The number of idle seconds after which document, if modified, should be saved | `30` |
|
||||||
|
| `IDLE_UNLOAD_TIMEOUT` | The maximum number of seconds before unloading an idle documen | `3600` |
|
||||||
|
| `MAX_CONVERT_LIMIT` | Maximum time in seconds to wait for a convert process to complete | `30` |
|
||||||
|
| `MAX_FILE_LOAD_LIMIT` | Maximum number of seconds to wait for a document load to succeed | `100` |
|
||||||
|
| `MAX_OPEN_FILES` | The maximum number of files allowed to each document process to open | `0` (unlimited) |
|
||||||
|
| `MAX_THREADS_DOCUMENT` | How many threads to use when opening a document | `4` |
|
||||||
|
| `MEMORY_DATA_LIMIT` | The maximum memory data segment allowed to each document process | `0` (unlimited) |
|
||||||
|
| `MEMORY_STACK_LIMIT` | The maximum stack size allowed to each document process | `0` (unlimited) |
|
||||||
|
| `MEMORY_USAGE_MAX` | Maximum percentage of system memory to be used | `80.0` |
|
||||||
|
| `MEMORY_VIRT_LIMIT` | Maximum virtual memory allowed to each document process | `0` |
|
||||||
|
| `PRESPAWN_CHILD_PROCESSES` | Amount of Child processes to start upon container init | `1` |
|
||||||
|
| `USER_IDLE_TIMEOUT` | The maximum number of seconds before dimming and stopping updates when the user is no longer active (even if the browser is in focus) | `900` |
|
||||||
|
| `USER_OUT_OF_FOCUS_TIMEOUT` | The maximum number of seconds before dimming and stopping updates when the browser tab is no longer in focus | `60` |
|
||||||
|
|
||||||
|
#### Cleanup
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
| ---------------------------- | ------------------------------------------------------------------------------- | ------- |
|
||||||
|
| `ENABLE_CLEANUP` | Enable Cleanup of documents and processes | `false` |
|
||||||
|
| `CLEANUP_INTERVAL` | Interval between cleanup checks | `10000` |
|
||||||
|
| `CLEANUP_BAD_BEHAVIOUR_TIME` | Minimum time period for a document to be in bad state before killing in seconds | `60` |
|
||||||
|
| `CLEANUP_IDLE_TIME` | Minimum idle time for a document to be candidate for bad state in seconds | `300` |
|
||||||
|
| `CLEANUP_LIMIT_DIRTY_MEMORY` | Minimum memory usage in MB for a document to be candidate for bad state | `3072` |
|
||||||
|
| `CLEANUP_LIMIT_CPU_PER` | Minimum CPU usage in percent for a document to be candidate for bad state | `85` |
|
||||||
|
|
||||||
|
#### Other Settings
|
||||||
|
| Parameter | Description | Default |
|
||||||
|
| ----------------------- | ------------------------------------------------------- | --------------- |
|
||||||
|
| `ALLOW_172_XX_SUBNET` | Allow 172.16.0.0/12 Subnet | `TRUE` |
|
||||||
|
| `ENABLE_CAPABILITIES` | Enable Capabilities | `TRUE` |
|
||||||
|
| `ENABLE_CONFIG_RELOAD` | Enable Reload of loolwsd if config changed in container | `TRUE` |
|
||||||
|
| `ENABLE_SECCOMP` | Enable Seccomp | `TRUE` |
|
||||||
|
| `LOLEAFLET_HTML` | Name of loleaflet.html to use | `loleafet.html` |
|
||||||
|
| `REDLINING_AS_COMMENTS` | Show red-lines as comments | `false` |
|
||||||
|
| `DOCUMENT_SIGNING_URL` | Endpoint URL of signing server | `` |
|
||||||
|
| `NETWORK_PROTOCOL` | Network Protocol `ipv4` `ipv6` `all` | `ipv4` |
|
||||||
|
| `ENABLE_WEBDAV` | Enable WebDav Storage | `FALSE` |
|
||||||
|
| `FILE_SERVER_ROOT_PATH` | Path to directory considered as root | `loleaflet/../` |
|
||||||
|
| `FRAME_ANCESTORS` | Hosts where interface van be hosted in Iframe | `` |
|
||||||
|
| `ENABLE_MOUNT_JAIL` | Enable mounting jails | `true` |
|
||||||
|
| `CHILD_ROOT_PATH` | Child root path | `child-roots` |
|
||||||
|
| `SYS_TEMPLATE_PATH` | System Template Path | `systemplate` |
|
||||||
|
|
||||||
|
|
||||||
### Networking
|
### Networking
|
||||||
|
|
||||||
The following ports are exposed.
|
The following ports are exposed.
|
||||||
|
|
||||||
| Port | Description |
|
| Port | Description |
|
||||||
|-----------|-------------|
|
| ------ | ------------------------ |
|
||||||
| `9980` | Libreoffice Web Services |
|
| `9980` | Libreoffice Web Services |
|
||||||
|
|
||||||
# Maintenance
|
# Maintenance
|
||||||
#### Shell Access
|
#### Shell Access
|
||||||
|
|
||||||
For debugging and maintenance purposes you may want access the containers shell.
|
For debugging and maintenance purposes you may want access the containers shell.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker exec -it (whatever your container name is e.g. libreoffice-online) bash
|
docker exec -it (whatever your container name is e.g. libreoffice-online) bash
|
||||||
|
|
0
build-assets/container/.empty
Normal file
0
build-assets/container/.empty
Normal file
0
build-assets/core/.empty
Normal file
0
build-assets/core/.empty
Normal file
0
build-assets/online/.empty
Normal file
0
build-assets/online/.empty
Normal file
|
@ -2,7 +2,7 @@ version: '3.7'
|
||||||
services:
|
services:
|
||||||
|
|
||||||
libreoffice-app:
|
libreoffice-app:
|
||||||
image: tiredofit/libreoffice-online
|
image: tiredofit/libreoffice-online:latest
|
||||||
container_name: libreoffice-app
|
container_name: libreoffice-app
|
||||||
expose:
|
expose:
|
||||||
- 9980
|
- 9980
|
||||||
|
|
61
install/assets/defaults/10-loolwsd
Executable file
61
install/assets/defaults/10-loolwsd
Executable file
|
@ -0,0 +1,61 @@
|
||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
### Set Defaults
|
||||||
|
ALWAYS_SAVE_ON_EXIT=${ALWAYS_SAVE_ON_EXIT:-"false"}
|
||||||
|
ALLOW_172_XX_SUBNET=${ALLOW_172_XX_SUBNET:-"TRUE"}
|
||||||
|
AUTO_SAVE=${AUTO_SAVE:-300}
|
||||||
|
BATCH_PRIORITY=${BATCH_PRIORITY:-"5"}
|
||||||
|
CHILD_ROOT_PATH=${CHILD_ROOT_PATH:-"child-roots"}
|
||||||
|
CLEANUP_BAD_BEHAVIOUR_TIME=${CLEANUP_BAD_BEHAVIOUR_TIME:-60}
|
||||||
|
CLEANUP_IDLE_TIME=${CLEANUP_IDLE_TIME:-300}
|
||||||
|
CLEANUP_INTERVAL=${CLEANUP_INTERVAL:-"10000"}
|
||||||
|
CLEANUP_LIMIT_CPU_PER=${CLEANUP_LIMIT_CPU_PER:-85}
|
||||||
|
CLEANUP_LIMIT_DIRTY_MEMORY=${CLEANUP_LIMIT_DIRTY_MEMORY:-3072}
|
||||||
|
CONNECTION_TIMEOUT=${CONNECTION_TIMEOUT:-30}
|
||||||
|
ENABLE_ADMIN_CONSOLE=${ENABLE_ADMIN_CONSOLE:-"TRUE"}
|
||||||
|
ENABLE_CAPABILITIES=${ENABLE_CAPABILITIES:-"true"}
|
||||||
|
ENABLE_CLEANUP=${ENABLE_CLEANUP:-"false"}
|
||||||
|
ENABLE_CONFIG_RELOAD=${ENABLE_CONFIG_RELOAD:-"TRUE"}
|
||||||
|
ENABLE_MOUNT_JAIL=${ENABLE_MOUNT_JAIL:-"true"}
|
||||||
|
ENABLE_SECCOMP=${ENABLE_SECCOMP:-"true"}
|
||||||
|
ENABLE_TLS=${ENABLE_TLS:-"FALSE"}
|
||||||
|
ENABLE_TLS_CERT_GENERATE=${ENABLE_TLS_CERT_GENERATE:-"TRUE"}
|
||||||
|
ENABLE_TLS_REVERSE_PROXY=${ENABLE_TLS_REVERSE_PROXY:-"TRUE"}
|
||||||
|
ENABLE_WEBDAV=${ENABLE_WEBDAV:-"FALSE"}
|
||||||
|
FILE_SERVER_ROOT_PATH=${FILE_SERVER_ROOT_PATH:-"loleaflet/../"}
|
||||||
|
FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-0}
|
||||||
|
IDLE_SAVE=${IDLE_SAVE:-30}
|
||||||
|
IDLE_UNLOAD_TIMEOUT=${IDLE_UNLOAD_TIMEOUT:-3600}
|
||||||
|
INTERFACE=${INTERFACE:-"classic"}
|
||||||
|
LOG_ANONYMIZE=${LOG_ANONYMIZE:-"FALSE"}
|
||||||
|
LOG_ANONYMIZE_SALT=${LOG_ANONYMIZE_SALT:-"$(date +%s%N | cut -b12-19)"}
|
||||||
|
LOG_CLIENT_CONSOLE=${LOG_CLIENT_CONSOLE:-"false"}
|
||||||
|
LOG_COLOURIZE=${LOG_COLOURIZE:-"true"}
|
||||||
|
LOG_FILE=${LOG_FILE:-"lool.log"}
|
||||||
|
LOG_FILE_FLUSH=${LOG_FILE_FLUSH:-"false"}
|
||||||
|
LOG_LEVEL=${LOG_LEVEL:-"warning"}
|
||||||
|
LOG_LIBREOFFICE=${LOG_LIBREOFFICE:-"-INFO-WARN"}
|
||||||
|
LOG_PATH=${LOG_PATH:-"/var/log/lool/"}
|
||||||
|
LOG_TYPE=${LOG_TYPE:-"CONSOLE"}
|
||||||
|
LOLEAFLET_HTML=${LOLEAFLET_HTML:-"loleaflet.html"}
|
||||||
|
MAX_CONVERT_LIMIT=${MAX_CONVERT_LIMIT:-100}
|
||||||
|
MAX_FILE_LOAD_LIMIT=${MAX_FILE_LOAD_LIMIT:-100}
|
||||||
|
MAX_OPEN_FILES=${MAX_OPEN_FILES:-0}
|
||||||
|
MAX_THREADS_DOCUMENT=${MAX_THREADS_DOCUMENT:-4}
|
||||||
|
MEMORY_DATA_LIMIT=${MEMORY_DATA_LIMIT:-0}
|
||||||
|
MEMORY_STACK_LIMIT=${MEMORY_STACK_LIMIT:-8000}
|
||||||
|
MEMORY_USAGE_MAX=${MEMORY_USAGE_MAX:-"80.0"}
|
||||||
|
MEMORY_VIRT_LIMIT=${MEMORY_VIRT_LIMIT:-0}
|
||||||
|
NETWORK_PROTOCOL=${NETWORK_PROTOCOL:-"ipv4"}
|
||||||
|
PATH_PREFIX=${PATH_PREFIX:-"/opt/lool/"}
|
||||||
|
PRESPAWN_CHILD_PROCESSES=${PRESPAWN_CHILD_PROCESSES:-1}
|
||||||
|
REDLINING_AS_COMMENTS=${REDLINING_AS_COMMENTS:-"false"}
|
||||||
|
SETUP_TYPE=${SETUP_TYPE:-"AUTO"}
|
||||||
|
SYS_TEMPLATE_PATH=${SYS_TEMPLATE_PATH:-"systemplate"}
|
||||||
|
TLS_CA_FILENAME=${TLS_CA_FILENAME:-"ca-chain.cert.pem"}
|
||||||
|
TLS_CERT_FILENAME=${TLS_CERT_FILENAME:-"cert.pem"}
|
||||||
|
TLS_CERT_PATH=${TLS_CERT_PATH:-"/etc/loolwsd/certs"}
|
||||||
|
TLS_KEY_FILENAME=${TLS_KEY_FILENAME:-"key.pem"}
|
||||||
|
USER_IDLE_TIMEOUT=${USER_IDLE_TIMEOUT:-900}
|
||||||
|
USER_OUT_OF_FOCUS_TIMEOUT=${USER_OUT_OF_FOCUS_TIMEOUT:-60}
|
||||||
|
WATERMARK_OPACITY=${WATERMARK_OPACITY:-"0.2"}
|
|
@ -1,29 +1,6 @@
|
||||||
#!/usr/bin/with-contenv bash
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
### Set Defaults
|
set_config() {
|
||||||
AUTO_SAVE=${AUTO_SAVE:-300}
|
print_debug "Setting: '${1}' with value: '${2}'"
|
||||||
ENABLE_ADMIN_CONSOLE=${ENABLE_ADMIN_CONSOLE:-"TRUE"}
|
/opt/lool/bin/loolconfig set ${1} ""${2}""
|
||||||
ENABLE_TLS=${ENABLE_SSL:-"TRUE"}
|
}
|
||||||
ENABLE_TLS_CERT_GENERATE=${ENABLE_SSL_CERT_GENERATE:-"TRUE"}
|
|
||||||
ENABLE_TLS_REVERSE_PROXY=${ENABLE_SSL_REVERSE_PROXY:-"FALSE"}
|
|
||||||
FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-0}
|
|
||||||
IDLE_SAVE=${IDLE_SAVE:-30}
|
|
||||||
IDLE_UNLOAD_TIMEOUT=${IDLE_UNLOAD_TIMEOUT:-3600}
|
|
||||||
LOG_ANONYMIZE_FILES=${LOG_ANONYMIZE_FILES:-"FALSE"}
|
|
||||||
LOG_ANONYMIZE_USERS=${LOG_ANONYMIZE_USERS:-"FALSE"}
|
|
||||||
LOG_LEVEL=${LOG_LEVEL:-"information"}
|
|
||||||
LOG_TYPE=${LOG_TYPE:-"CONSOLE"}
|
|
||||||
MAX_FILE_LOAD_LIMIT=${MAX_FILE_LOAD_LIMIT:-100}
|
|
||||||
MAX_OPEN_FILES=${MAX_OPEN_FILES:-0}
|
|
||||||
MAX_THREADS_DOCUMENT=${MAX_THREADS_DOCUMENT:-4}
|
|
||||||
MEMORY_DATA_LIMIT=${MEMORY_DATA_LIMIT:-0}
|
|
||||||
MEMORY_STACK_LIMIT=${MEMORY_STACK_LIMIT:-8000}
|
|
||||||
MEMORY_USAGE_MAX=${MEMORY_USAGE_MAX:-"80.0"}
|
|
||||||
PRESPAWN_CHILD_PROCESSES=${PRESPAWN_CHILD_PROCESSES:-1}
|
|
||||||
SETUP_TYPE=${SETUP_TYPE:-"AUTO"}
|
|
||||||
TLS_CA_FILENAME=${TLS_CA_FILENAME:-"ca-chain.cert.pem"}
|
|
||||||
TLS_CERT_FILENAME=${TLS_CERT_FILENAME:-"cert.pem"}
|
|
||||||
TLS_CERT_PATH=${TLS_CERT_PATH:-"/etc/loolwsd/certs"}
|
|
||||||
TLS_KEY_FILENAME=${TLS_KEY_FILENAME:-"key.pem"}
|
|
||||||
USER_IDLE_TIMEOUT=${USER_IDLE_TIMEOUT:-900}
|
|
||||||
USER_OUT_OF_FOCUS_TIMEOUT=${USER_OUT_OF_FOCUS_TIMEOUT:-60}
|
|
|
@ -1,14 +1,21 @@
|
||||||
#!/usr/bin/with-contenv bash
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
for s in /assets/functions/*; do source $s; done
|
source /assets/functions/00-container
|
||||||
|
prepare_service single
|
||||||
PROCESS_NAME="libreoffice-online"
|
PROCESS_NAME="libreoffice-online"
|
||||||
|
|
||||||
mkdir -p /var/log/lool
|
sanity_var "ALLOWED_HOSTS" "Allowed Hostnames"
|
||||||
touch /var/log/lool/loolwsd.log
|
|
||||||
chown -R lool /var/log/lool
|
|
||||||
|
|
||||||
|
print_debug "Creating directories and setting up logging"
|
||||||
|
mkdir -p "${LOG_PATH}"
|
||||||
|
touch "${LOG_PATH}"/"${LOG_FILE}"
|
||||||
|
chown -R lool "${LOG_PATH}"
|
||||||
|
|
||||||
|
print_debug "Setting up DNS Resolution"
|
||||||
rm /opt/lool/systemplate/etc/resolv.conf
|
rm /opt/lool/systemplate/etc/resolv.conf
|
||||||
ln -s /etc/resolv.conf /opt/lool/systemplate/etc/resolv.conf
|
cp /etc/hosts /opt/lool/systemplate/etc/
|
||||||
|
cp /etc/resolv.conf /opt/lool/systemplate/etc/
|
||||||
|
|
||||||
|
|
||||||
### Custom File Support
|
### Custom File Support
|
||||||
if [ -d /assets/custom ] ; then
|
if [ -d /assets/custom ] ; then
|
||||||
|
@ -17,91 +24,159 @@ if [ -d /assets/custom ] ; then
|
||||||
chown -R lool. /opt/lool/share/
|
chown -R lool. /opt/lool/share/
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$ENABLE_SSL" = "TRUE" ]; then
|
### Execute Custom Scripts if exist to modify parts of the system
|
||||||
if [ "$ENABLE_SSL_CERT_GENERATE" = "TRUE" ]; then
|
if [ -d /assets/custom-scripts/ ] ; then
|
||||||
mkdir -p $TLS_CERT_PATH
|
print_warn "Found Custom Scripts to Execute"
|
||||||
# Generate new SSL certificate instead of using the default
|
for f in $(find /assets/custom-scripts/ -name \*.sh -type f); do
|
||||||
print_notice "Auto Generating Self Signed Certificates"
|
print_warn "Running Script ${f}"
|
||||||
mkdir -p /tmp/ssl/
|
chmod +x "${f}"
|
||||||
cd /tmp/ssl/
|
${f}
|
||||||
mkdir -p certs/ca
|
done
|
||||||
openssl genrsa -out certs/ca/root.key.pem 2048
|
fi
|
||||||
openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=XX/ST=XX/L=XX/O=Dummy
|
|
||||||
Authority/CN=Dummy Authority"
|
if var_true "${ENABLE_TLS}" ; then
|
||||||
mkdir -p certs/{servers,tmp}
|
print_debug "TLS Enabled"
|
||||||
mkdir -p "certs/servers/localhost"
|
if [ ! -d "${TLS_CERT_PATH}" ] || [ ! -f "${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_FILENAME}" ] ; then
|
||||||
openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048
|
print_debug "No TLS Certificates found"
|
||||||
if test "${cert_domain-set}" == set; then
|
if var_true "${ENABLE_TLS_CERT_GENERATE}" ; then
|
||||||
openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=localhost"
|
print_debug "TLS Certificate Autogeneration"
|
||||||
|
mkdir -p "$TLS_CERT_PATH"
|
||||||
|
# Generate new SSL certificate instead of using the default
|
||||||
|
print_notice "Auto Generating Self Signed Certificates"
|
||||||
|
mkdir -p /tmp/ssl/
|
||||||
|
cd /tmp/ssl/
|
||||||
|
mkdir -p certs/ca
|
||||||
|
silent openssl genrsa -out certs/ca/root.key.pem 2048
|
||||||
|
silent openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=XX/ST=XX/L=XX/O=Dummy
|
||||||
|
Authority/CN=Dummy Authority"
|
||||||
|
mkdir -p certs/{servers,tmp}
|
||||||
|
mkdir -p "certs/servers/localhost"
|
||||||
|
silent openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048
|
||||||
|
if test "${cert_domain-set}" == set; then
|
||||||
|
silent openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=localhost"
|
||||||
|
else
|
||||||
|
silent openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=${cert_domain}"
|
||||||
|
fi
|
||||||
|
silent openssl x509 -req -in "certs/tmp/localhost.csr.pem" -CA "certs/ca/root.crt.pem" -CAkey "certs/ca/root.key.pem" -CAcreateserial -out "certs/servers/localhost/cert.pem" -days 9131
|
||||||
|
cp -R certs/servers/localhost/privkey.pem "${TLS_CERT_PATH}"/"${TLS_KEY_FILENAME}"
|
||||||
|
cp -R certs/servers/localhost/cert.pem "${TLS_CERT_PATH}"/"${TLS_CERT_FILENAME}"
|
||||||
|
cp -R certs/ca/root.crt.pem "${TLS_CERT_PATH}"/"${TLS_CA_FILENAME}"
|
||||||
|
rm -rf /tmp/ssl
|
||||||
|
chown -R lool "${TLS_CERT_PATH}"
|
||||||
else
|
else
|
||||||
openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=XX/ST=XX/L=XX/O=Dummy Authority/CN=${cert_domain}"
|
if [ ! -f "${TLS_CERT_PATH}/${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CERT_FILENAME}" ] ; then
|
||||||
|
print_error "TLS Certificates missing... Please switch to autogenerate mode, or place your certifcates in the correct location."
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131
|
|
||||||
mv certs/servers/localhost/privkey.pem ${TLS_CERT_PATH}/${TLS_KEY_FILENAME}
|
|
||||||
mv certs/servers/localhost/cert.pem ${TLS_CERT_PATH}/${TLS_KEY_FILENAME}
|
|
||||||
mv certs/ca/root.crt.pem ${TLS_CERT_PATH}/${TLS_CA_FILENAME}
|
|
||||||
rm -rf /tmp/ssl
|
|
||||||
chown -R lool ${TLS_CERT_PATH}
|
|
||||||
else
|
|
||||||
if [ ! -f "${TLS_CERT_PATH}/${TLS_KEY_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CA_FILENAME}" ] || [ ! -f "${TLS_CERT_PATH}/${TLS_CERT_FILENAME}" ] ; then
|
|
||||||
echo ** [libreoffice-online] *** ERROR *** TLS Certificates missing. Please switch to autogenerate mode, or place your certifcates in the correct location.
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$SETUP_TYPE" = "AUTO" ]; then
|
if [ "$SETUP_TYPE" = "AUTO" ]; then
|
||||||
print_notice "Autogenerating Configuration File"
|
print_notice "Autogenerating Configuration File"
|
||||||
### Replace Configuration directives
|
### Replace Configuration directives
|
||||||
perl -pi -e "s/<allowed_languages (.*)>.*<\/allowed_languages>/<allowed_languages \1>${DICTIONARIES}<\/allowed_languages>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<allowed_languages \(.*\)>.*</allowed_languages>|<allowed_languages \1>${DICTIONARIES}</allowed_languages>|g" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<autosave_duration_secs (.*)>.*<\/autosave_duration_secs>/<autosave_duration_secs \1>${AUTO_SAVE}<\/autosave_duration_secs>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<sys_template_path \(.*\)>.*</sys_template_path>|<sys_template_path \1>${SYS_TEMPLATE_PATH}</sys_template_path>|g" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<ca_file_path (.*)>.*<\/ca_file_path>/<ca_file_path \1>${TLS_CERT_PATH}/${TLS_CA_FILENAME}<\/key_file_path>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<child_root_path \(.*\)>.*</child_root_path>|<child_root_path \1>${CHILD_ROOT_PATH}</child_root_path>|g" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<cert_file_path (.*)>.*<\/cert_file_path>/<cert_file_path \1>${TLS_CERT_PATH}/${TLS_CERT_FILENAME}<\/cert_file_path>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<mount_jail_tree \(.*\)>.*</mount_jail_tree>|<mount_jail_tree \1>${ENABLE_MOUNT_JAIL}</mount_jail_tree>|g" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<idle_timeout_secs (.*)>.*<\/idle_timeout_secs>/<idle_timeout_secs \1>${IDLE_UNLOAD_TIMEOUT}<\/idle_timeout_secs>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<server_name \(.*\)>.*</server_name>|<server_name \1>${HOSTNAME}</server_name>|g" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<idle_timeout_secs (.*)>.*<\/idle_timeout_secs>/<idle_timeout_secs \1>${USER_IDLE_TIMEOUT}<\/idle_timeout_secs>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<file_server_root_path \(.*\)>.*</file_server_root_path>|<file_server_root_path \1>${FILE_SERVER_ROOT_PATH}</file_server_root_path>|g" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<idlesave_duration_secs (.*)>.*<\/idlesave_duration_secs>/<idlesave_duration_secs \1>${IDLE_SAVE}<\/idlesave_duration_secs>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<memproportion \(.*\)>.*</memproportion>|<memproportion \1>${MEMORY_USAGE_MAX}</memproportion>|g" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<key_file_path (.*)>.*<\/key_file_path>/<key_file_path \1>${TLS_CERT_PATH}/${TLS_KEY_FILENAME}<\/key_file_path>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<num_prespawn_children \(.*\)>.*</num_prespawn_children>|<num_prespawn_children \1>${PRESPAWN_CHILD_PROCESSES}</num_prespawn_children>|g" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<level (.*)>.*<\/level>/<level \1>${LOG_LEVEL}<\/level>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<max_concurrency \(.*\)>.*<\/max_concurrency>|<max_concurrency \1>${MAX_THREADS_DOCUMENT}<\/max_concurrency>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<limit_data_mem_kb (.*)>.*<\/limit_data_mem_kb>/<limit_data_mem_kb \1>${MEMORY_DATA_LIMIT}<\/limit_data_mem_kb>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<batch_priority \(.*\)>.*<\/batch_priority>|<batch_priority \1>${BATCH_PRIORITY}<\/batch_priority>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<limit_file_size_mb (.*)>.*<\/limit_file_size_mb>/<limit_file_size_mb \1>${FILE_SIZE_LIMIT}<\/limit_file_size_mb>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<document_signing_url \(.*\)>.*<\/document_signing_url>|<document_signing_url \1>${DOCUMENT_SIGNING_URL}<\/document_signing_url>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<limit_load_secs (.*)>.*<\/limit_load_secs>/<limit_load_secs \1>${MAX_FILE_LOAD_LIMIT}<\/limit_load_secs>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<redlining_as_comments \(.*\)>.*<\/redlining_as_comments>|<redlining_as_comments \1>${REDLINING_AS_COMMENTS}<\/redlining_as_comments>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<limit_num_open_files (.*)>.*<\/limit_num_open_files>/<limit_num_open_files \1>${MAX_OPEN_FILES}<\/limit_num_open_files>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<idle_timeout_secs \(.*\)>.*<\/idle_timeout_secs>|<idle_timeout_secs \1>${IDLE_UNLOAD_TIMEOUT}<\/idle_timeout_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<limit_stack_mem_kb (.*)>.*<\/limit_stack_mem_kb>/<limit_stack_mem_kb \1>${MEMORY_STACK_LIMIT}<\/limit_stack_mem_kb>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<idlesave_duration_secs \(.*\)>.*<\/idlesave_duration_secs>|<idlesave_duration_secs \1>${IDLE_SAVE}<\/idlesave_duration_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<max_concurrency (.*)>.*<\/max_concurrency>/<max_concurrency \1>${MAX_THREADS_DOCUMENT}<\/max_concurrency>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<autosave_duration_secs \(.*\)>.*<\/autosave_duration_secs>|<autosave_duration_secs \1>${AUTO_SAVE}<\/autosave_duration_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<memproportion (.*)>.*<\/memproportion>/<memproportion \1>${MEMORY_USAGE_MAX}<\/memproportion>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<always_save_on_exit \(.*\)>.*<\/always_save_on_exit>|<always_save_on_exit \1>${ALWAYS_SAVE_ON_EXIT}<\/always_save_on_exit>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<num_prespawn_children (.*)>.*<\/num_prespawn_children>/<num_prespawn_children \1>${PRESPAWN_CHILD_PROCESSES}<\/num_prespawn_children>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<limit_virt_mem_mb \(.*\)>.*<\/limit_virt_mem_mb>|<limit_virt_mem_mb \1>${MEMORY_VIRT_LIMIT}<\/limit_virt_mem_mb>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<out_of_focus_timeout_secs (.*)>.*<\/out_of_focus_timeout_secs>/<out_of_focus_timeout_secs \1>${USER_OUT_OF_FOCUS_TIMEOUT}<\/out_of_focus_timeout_secs>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<limit_stack_mem_kb \(.*\)>.*<\/limit_stack_mem_kb>|<limit_stack_mem_kb \1>${MEMORY_STACK_LIMIT}<\/limit_stack_mem_kb>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<password (.*)>.*<\/password>/<password \1>${ADMIN_PASS}<\/password>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<limit_file_size_mb \(.*\)>.*<\/limit_file_size_mb>|<limit_file_size_mb \1>${FILE_SIZE_LIMIT}<\/limit_file_size_mb>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<server_name (.*)>.*<\/server_name>/<server_name \1>${HOSTNAME}<\/server_name>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<limit_num_open_files \(.*\)>.*<\/limit_num_open_files>|<limit_num_open_files \1>${MAX_OPEN_FILES}<\/limit_num_open_files>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<username (.*)>.*<\/username>/<username \1>${ADMIN_USER}<\/username>/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<limit_load_secs \(.*\)>.*<\/limit_load_secs>|<limit_load_secs \1>${MAX_FILE_LOAD_LIMIT}<\/limit_load_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/localhost<\/host>/${ALLOWED_HOSTS}<\/host>/g" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<limit_convert_secs \(.*\)>.*<\/limit_convert_secs>|<limit_convert_secs \1>${MAX_CONVERT_LIMIT}<\/limit_convert_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<cleanup desc=\(.*\)>.*>|<cleanup desc=\1>${ENABLE_CLEANUP}>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<cleanup_interval_ms \(.*\)>.*<\/cleanup_interval_ms>|<cleanup_interval_ms \1>${CLEANUP_INTERVAL}<\/cleanup_interval_ms>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<bad_behavior_period_secs \(.*\)>.*<\/bad_behavior_period_secs>|<bad_behavior_period_secs \1>${CLEANUP_BAD_BEHAVIOUR_TIME}<\/bad_behavior_period_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<idle_time_secs \(.*\)>.*<\/<idle_time_secs>|<<idle_time_secs \1>${CLEANUP_IDLE_TIME}<\/<idle_time_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<limit_dirty_mem_mb \(.*\)>.*<\/limit_dirty_mem_mb>|<limit_dirty_mem_mb \1>${CLEANUP_LIMIT_DIRTY_MEMORY}<\/limit_dirty_mem_mb>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<limit_cpu_per \(.*\)>.*<\/limit_cpu_per>|<limit_cpu_per \1>${CLEANUP_LIMIT_CPU_PER}<\/limit_cpu_per>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<out_of_focus_timeout_secs \(.*\)>.*<\/out_of_focus_timeout_secs>|<out_of_focus_timeout_secs \1>${USER_OUT_OF_FOCUS_TIMEOUT}<\/out_of_focus_timeout_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<idle_timeout_secs \(.*\)>.*<\/idle_timeout_secs>|<idle_timeout_secs \1>${USER_IDLE_TIMEOUT}<\/idle_timeout_secs>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<loleaflet_html \(.*\)>.*<\/loleaflet_html>|<loleaflet_html \1>${LOLEAFLET_HTML}<\/loleaflet_html>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<color \(.*\)>.*<\/color>|<color \1>${LOG_COLOURIZE}<\/color>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<level \(.*\)>.*<\/level>|<level \1>${LOG_LEVEL}<\/level>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<protocol \(.*\)>.*<\/protocol>|<protocol \1>${LOG_CLIENT_CONSOLE}<\/protocol>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<lokit_sal_log \(.*\)>.*<\/lokit_sal_log>|<lokit_sal_log \1>${LOG_LIBREOFFICE}<\/lokit_sal_log>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<loleaflet_logging \(.*\)>.*<\/loleaflet_logging>|<loleaflet_logging \1>${LOG_CLIENT_CONSOLE}<\/loleaflet_logging>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<proto \(.*\)>.*<\/proto>|<proto \1>${NETWORK_PROTOCOL}<\/proto>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<frame_ancestors \(.*\)>.*<\/frame_ancestors>|<frame_ancestors \1>${FRAME_ANCESTORS}<\/frame_ancestors>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
#sed -i -e "s|localhost<\/host>|${ALLOWED_HOSTS}<\/host>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<connection_timeout \(.*\)>.*<\/connection_timeout>|<connection_timeout \1>${CONNECTION_TIMEOUT}<\/connection_timeout>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<ca_file_path \(.*\) relative=\"false\">.*<\/ca_file_path>|<ca_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_CA_FILENAME}<\/ca_file_path>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<cert_file_path \(.*\) relative=\"false\">.*<\/cert_file_path>|<cert_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_CERT_FILENAME}<\/cert_file_path>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<key_file_path \(.*\) relative=\"false\">.*<\/key_file_path>|<key_file_path \1 relative=\"false\">${TLS_CERT_PATH}/${TLS_KEY_FILENAME}<\/key_file_path>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<seccomp \(.*\)>.*<\/seccomp>|<seccomp \1>${ENABLE_SECCOMP}<\/seccomp>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<capabilities \(.*\)>.*<\/capabilities>|<capabilities \1>${ENABLE_CAPABILITIES}<\/capabilities>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<opacity \(.*\)>.*<\/opacity>|<opacity \1>${WATERMARK_OPACITY}<\/opacity>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<text \(.*\)>.*<\/text>|<text \1>${WATERMARK_TEXT}<\/text>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<mode \(.*\)>.*<\/mode>|<mode \1>${INTERFACE}<\/mode>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<webdav desc=\(.*\) allow=\".*\">|<webdav desc=\1 allow=\"${ENABLE_WEBDAV}\">|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<enable desc=\(.*\)>.*<\/enable>|<enable desc=\1>${ENABLE_ADMIN_CONSOLE}<\/enable>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<username \(.*\)>.*<\/username>|<username \1>${ADMIN_USER}<\/username>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<password \(.*\)>.*<\/password>|<password \1>${ADMIN_PASS}<\/password>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<limit_data_mem_kb \(.*\)>.*<\/limit_data_mem_kb>|<limit_data_mem_kb \1>${MEMORY_DATA_LIMIT}<\/limit_data_mem_kb>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
|
||||||
if [ "$ENABLE_ADMIN_CONSOLE" != "TRUE" ]; then
|
if var_false "${ENABLE_TLS}" ; then
|
||||||
perl -pi -e "s/<enable desc=\"Enable the admin (.*)>.*<\/enable>/<enable \1>true<\/enable>/" /etc/loolwsd/loolwsd.xml
|
sed -i -E "s|<enable type=\"bool\" desc=\"Controls(.*)>.*<\/enable>|<enable type=\"bool\" desc=\"Controls\1>false<\/enable>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
fi
|
||||||
|
|
||||||
|
if var_true "${ENABLE_TLS_REVERSE_PROXY}" ; then
|
||||||
|
sed -i -E "s|<termination \(.*\)>.*<\/termination>|<termination \1>true<\/termination>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
fi
|
||||||
|
|
||||||
|
if var_true "${LOG_ANONYMIZE}"; then
|
||||||
|
sed -i -e "s|<anonymize_user_data \(.*\)>.*<\/anonymize_user_data>|<anonymize_user_data \1>${LOG_ANONYMIZE}<\/anonymize_user_data>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<anonymization_salt \(.*\)>.*<\/anonymization_salt>|<anonymization_salt \1>${LOG_ANONYMIZE_SALT}<\/anonymization_salt>|" /etc/loolwsd/loolwsd.xml
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$LOG_TYPE" = "FILE" ]; then
|
if [ "$LOG_TYPE" = "FILE" ]; then
|
||||||
perl -pi -e "s/<file enable=\"false\"/<file enable=\"true\"/" /etc/loolwsd/loolwsd.xml
|
sed -i -e "s|<file enable=\"false\"|<file enable=\"true\"|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<property name=\"path\"\(.*\)>.*<\/property>|<property name=\"path\" \1>${LOG_PATH}/${LOG_FILE}<\/property>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i -e "s|<property name=\"flush\"\(.*\)>.*<\/property>|<property name=\"flush\" \1>${LOG_FILE_FLUSH}<\/property>|" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i "s|<LOG_PATH>|${LOG_PATH}|g" /etc/logrotate.d/loolwsd
|
||||||
|
else
|
||||||
|
print_debug "Log: Console"
|
||||||
|
rm -rf /etc/logrotate.d/loolwsd
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$ENABLE_SSL" != "TRUE" ]; then
|
### Allowed Hosts
|
||||||
perl -pi -e "s/<enable type=\"bool\" desc=\"Controls(.*)>.*<\/enable>/<enable type=\"bool\" desc=\"Controls\1>false<\/enable>/" /etc/loolwsd/loolwsd.xml
|
allowed_hosts=$(echo "${ALLOWED_HOSTS}" | tr "," "\n")
|
||||||
fi
|
for host in $allowed_hosts
|
||||||
|
do
|
||||||
|
print_info "Adding Allowed Host: ${host}"
|
||||||
|
sed -i "/>localhost<\/host>/a \ \ \ \ \ \ \ \ \ \ \ \ \<host desc=\"Docker\ added\ regex\ pattern\ of\ hostname\ to\ allow\ or\ deny.\"\ allow=\"true\">${host}</host>" /etc/loolwsd/loolwsd.xml
|
||||||
|
done
|
||||||
|
|
||||||
if [ "$ENABLE_SSL_REVERSE_PROXY" != "FALSE" ]; then
|
if var_true "${ALLOW_172_XX_SUBNET}" ; then
|
||||||
perl -pi -e "s/<termination (.*)>.*<\/termination>/<termination \1>true<\/termination>/" /etc/loolwsd/loolwsd.xml
|
print_debug "Allowing 172.16.0.0/12 Subnet"
|
||||||
fi
|
sed -i "/<\/post_allow>/i \ \ \ \ \ \ \ \ <host\ desc=\"Additional\ Docker\ Networks to allow\">172\\.1\[6789\]\.\[0-9\]\{1,3\}\.\[0-9\]\{1,3\}<\/host>" /etc/loolwsd/loolwsd.xml
|
||||||
|
sed -i "/<\/post_allow>/i \ \ \ \ \ \ \ \ <host\ desc=\"Additional\ Docker\ Networks to allow\">172\\.2\[0-9\]\\.\[0-9\]\{1,3\}\\.\[0-9\]\{1,3\}<\/host>" /etc/loolwsd/loolwsd.xml
|
||||||
if [ "$LOG_ANONYMIZE_USERS" != "FALSE" ]; then
|
sed -i "/<\/post_allow>/i \ \ \ \ \ \ \ \ <host\ desc=\"Additional\ Docker\ Networks to allow\">172\\.3\[01\]\\.\[0-9\]\{1,3\}\\.\[0-9\]\{1,3\}<\/host>" /etc/loolwsd/loolwsd.xml
|
||||||
perl -pi -e "s/<usernames (.*)>.*<\/usernames>/<usernames \1>true<\/usernames>/" /etc/loolwsd/loolwsd.xml
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$LOG_ANONYMIZE_FILES" != "FALSE" ]; then
|
|
||||||
perl -pi -e "s/<filenames (.*)>.*<\/filenames>/<filenames \1>true<\/filenames>/" /etc/loolwsd/loolwsd.xml
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$LOG_TYPE" = "FILE" ]; then
|
|
||||||
perl -pi -e "s/<file enable=\"false\"/<file enable=\"true\"/" /etc/loolwsd/loolwsd.xml
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Generate WOPI proof key
|
||||||
|
if [ ! -f /etc/loolwsd/proof_key.pub ]; then
|
||||||
|
silent /opt/lool/bin/loolwsd-generate-proof-key
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Enable Config Reload (Restart when /etc/loolwsd/loolwsd.xml changes)
|
||||||
|
if var_false "${ENABLE_CONFIG_RELOAD}" ; then
|
||||||
|
print_debug "Disabling Automatic Configuration Reloader"
|
||||||
|
rm -rf /etc/services.available/11-inotify
|
||||||
|
fi
|
||||||
|
|
||||||
|
print_info "Container Initialization Complete"
|
||||||
liftoff
|
liftoff
|
|
@ -1,4 +1,4 @@
|
||||||
/var/log/lool/*.log {
|
<LOG_PATH>/*.log {
|
||||||
daily
|
daily
|
||||||
ifempty
|
ifempty
|
||||||
rotate 7
|
rotate 7
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
#!/usr/bin/with-contenv bash
|
|
||||||
|
|
||||||
for s in /assets/functions/*; do source $s; done
|
|
||||||
PROCESS_NAME="libreoffice-online"
|
|
||||||
check_container_initialized
|
|
||||||
check_service_initialized init
|
|
||||||
|
|
||||||
print_info "Starting Libreoffice Online Web Services daemon"
|
|
||||||
exec s6-setuidgid lool /opt/lool/bin/loolwsd --version --o:sys_template_path=/opt/lool/systemplate --o:lo_template_path=/opt/libreoffice --o:child_root_path=/opt/lool/jails --o:file_server_root_path=/opt/lool/share/loolwsd storage.filesystem[@allow]=true --o:admin_console.username=${ADMIN_USER} --o:admin_console.password=${ADMIN_PASS} ${EXTRA_OPTIONS} >> /var/log/lool/loolwsd.log
|
|
22
install/etc/services.available/10-loolwsd/run
Executable file
22
install/etc/services.available/10-loolwsd/run
Executable file
|
@ -0,0 +1,22 @@
|
||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
source /assets/functions/00-container
|
||||||
|
prepare_service defaults single
|
||||||
|
PROCESS_NAME="libreoffice-online"
|
||||||
|
|
||||||
|
check_container_initialized
|
||||||
|
check_service_initialized init
|
||||||
|
liftoff
|
||||||
|
|
||||||
|
export LC_CTYPE=en_US.UTF-8
|
||||||
|
|
||||||
|
print_info "Starting Libreoffice Online Web Services daemon"
|
||||||
|
exec sudo -u lool /opt/lool/bin/loolwsd \
|
||||||
|
--version \
|
||||||
|
--o:sys_template_path=/opt/lool/systemplate \
|
||||||
|
--o:lo_template_path=/opt/libreoffice \
|
||||||
|
--o:child_root_path=/opt/lool/child-roots \
|
||||||
|
--o:file_server_root_path=/opt/lool/share/loolwsd storage.filesystem[@allow]=true \
|
||||||
|
--o:admin_console.username=${ADMIN_USER} \
|
||||||
|
--o:admin_console.password=${ADMIN_PASS} \
|
||||||
|
${EXTRA_OPTIONS} >> /var/log/lool/loolwsd.log
|
16
install/etc/services.available/11-inotify/run
Executable file
16
install/etc/services.available/11-inotify/run
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/usr/bin/with-contenv bash
|
||||||
|
|
||||||
|
source /assets/functions/00-container
|
||||||
|
prepare_service defaults single
|
||||||
|
PROCESS_NAME="config-reloader"
|
||||||
|
|
||||||
|
check_container_initialized
|
||||||
|
check_service_initialized init 10-loolwsd
|
||||||
|
liftoff
|
||||||
|
|
||||||
|
while inotifywait -q -e create,delete,modify,attrib /etc/loolwsd/loolwsd.xml
|
||||||
|
do
|
||||||
|
print_info "Reloading loolwsd configuration do to a detected certificate change"
|
||||||
|
pkill -f --signal 1 loolwsd
|
||||||
|
exit 0
|
||||||
|
done
|
Loading…
Reference in a new issue