diff --git a/config/ds-ssl.conf.tmpl b/config/ds-ssl.conf.tmpl deleted file mode 100644 index 2e31120..0000000 --- a/config/ds-ssl.conf.tmpl +++ /dev/null @@ -1,193 +0,0 @@ -map $http_host $this_host { - "" $host; - default $http_host; -} -map $http_x_forwarded_proto $the_scheme { - default $http_x_forwarded_proto; - "" $scheme; -} -map $http_x_forwarded_host $the_host { - default $http_x_forwarded_host; - "" $this_host; -} -map $http_upgrade $proxy_connection { - default upgrade; - "" close; -} -proxy_set_header Host $http_host; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $proxy_connection; -proxy_set_header X-Forwarded-Host $the_host; -proxy_set_header X-Forwarded-Proto $the_scheme; - -## Normal HTTP host -server { - listen 0.0.0.0:DS_PORT; - listen [::]:DS_PORT default_server; - server_name _; - server_tokens off; - - ## Redirects all traffic to the HTTPS host - root /nowhere; ## root doesn't have to be a valid path since we are redirecting - rewrite ^ https://$host$request_uri? permanent; -} - -#HTTP host for internal services -server { - listen 127.0.0.1:DS_PORT; - listen [::1]:DS_PORT; - server_name localhost; - server_tokens off; - - client_max_body_size 100m; - - gzip on; - gzip_vary on; - gzip_types text/plain - text/xml - text/css - text/csv - font/ttf - application/xml - application/javascript - application/x-javascript - application/json - application/octet-stream - application/x-font-ttf - application/rtf - application/wasm; - - #welcome page - rewrite ^/$ $the_scheme://$the_host/welcome/ redirect; - - #support old version - rewrite ^\/OfficeWeb(\/apps\/.*)$ $the_scheme://$the_host/0.0.0-0/web-apps$1 redirect; - - #script caching protection - rewrite ^(\/web-apps\/apps\/(?!api\/).*)$ $the_scheme://$the_host/0.0.0-0$1 redirect; - - #disable caching for api.js - location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps\/apps\/api\/documents\/api\.js)$ { - expires -1; - # gzip_static on; - alias /snap/onlyoffice-ds/current/var/www/onlyoffice/documentserver/$2; - } - - #suppress logging the unsupported locale error in web-apps - location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps)(\/.*\.json)$ { - expires 365d; - error_log /dev/null crit; - # gzip_static on; - alias /snap/onlyoffice-ds/current/var/www/onlyoffice/documentserver/$2$3; - } - - #suppress logging the unsupported locale error in plugins - location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(sdkjs-plugins)(\/.*\.json)$ { - expires 365d; - error_log /dev/null crit; - # gzip_static on; - alias /snap/onlyoffice-ds/current/var/www/onlyoffice/documentserver/$2$3; - } - - location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$ { - expires 365d; - # gzip_static on; - alias /snap/onlyoffice-ds/current/var/www/onlyoffice/documentserver/$2$3; - } - - location ~* ^(\/cache\/files.*)(\/.*) { - alias /var/snap/onlyoffice-ds/common/var/lib/onlyoffice/documentserver/App_Data$1; - add_header Content-Disposition "attachment; filename*=UTF-8''$arg_filename"; - - set $secret_string verysecretstring; - secure_link $arg_md5,$arg_expires; - secure_link_md5 "$secure_link_expires$uri$secret_string"; - - if ($secure_link = "") { - return 403; - } - - if ($secure_link = "0") { - return 410; - } - } - - # Allow internal service only from 127.0.0.1 - location ~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info|internal)(\/.*)$ { - allow 127.0.0.1; - deny all; - proxy_pass http://localhost:8000/$2$3; - } - - location / { - proxy_pass http://localhost:8000; - } - - location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?(\/doc\/.*) { - proxy_pass http://localhost:8000$2; - proxy_http_version 1.1; - } - - location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(dictionaries)(\/.*)$ { - expires 365d; - alias /snap/onlyoffice-ds/current/var/www/onlyoffice/documentserver/$2$3; - } -} - -server { - listen 0.0.0.0:DSS_PORT ssl; - listen [::]:DSS_PORT ssl default_server; - server_tokens off; - - ## Strong SSL Security - ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html - ssl on; - ssl_certificate {{SSL_CERTIFICATE_PATH}}; - ssl_certificate_key {{SSL_KEY_PATH}}; - ssl_verify_client off; - - ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_session_cache builtin:1000 shared:SSL:10m; - - ssl_prefer_server_ciphers on; - - add_header Strict-Transport-Security max-age=31536000; - # add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - - ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL. - ## Replace with your ssl_trusted_certificate. For more info see: - ## - https://medium.com/devops-programming/4445f4862461 - ## - https://www.ruby-forum.com/topic/4419319 - ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx - # ssl_stapling on; - # ssl_stapling_verify on; - # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; - # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired - # resolver_timeout 10s; - - ## [Optional] Generate a stronger DHE parameter: - ## cd /etc/ssl/certs - ## sudo openssl dhparam -out dhparam.pem 4096 - ## - # ssl_dhparam /etc/ssl/certs/dhparam.pem; - - rewrite ^/$ $the_scheme://$the_host/welcome/ redirect; - location / { - proxy_pass http://localhost:8000; - proxy_http_version 1.1; - } - location ~ ^\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$ { - expires -1; - alias /snap/onlyoffice-ds/current/var/www/onlyoffice/documentserver/$1$2; - } - location /example/ { - proxy_pass http://localhost:3000/; - proxy_set_header Host $the_host/example; - proxy_set_header X-Forwarded-Proto $the_scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - client_max_body_size 100m; -} diff --git a/config/ds.conf.tmpl b/config/ds.conf.tmpl deleted file mode 100644 index 28d40b8..0000000 --- a/config/ds.conf.tmpl +++ /dev/null @@ -1,47 +0,0 @@ -map $http_host $this_host { - "" $host; - default $http_host; -} -map $http_x_forwarded_proto $the_scheme { - default $http_x_forwarded_proto; - "" $scheme; -} -map $http_x_forwarded_host $the_host { - default $http_x_forwarded_host; - "" $this_host; -} -map $http_upgrade $proxy_connection { - default upgrade; - "" close; -} -proxy_set_header Host $http_host; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $proxy_connection; -proxy_set_header X-Forwarded-Host $the_host; -proxy_set_header X-Forwarded-Proto $the_scheme; -server { - listen 0.0.0.0:DS_PORT; - listen [::]:DS_PORT default_server; - server_tokens off; - rewrite ^/$ $the_scheme://$the_host/welcome/ redirect; - location / { - proxy_pass http://localhost:8000; - proxy_http_version 1.1; - } - location ~ ^\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$ { - expires -1; - alias /snap/onlyoffice-ds/current/var/www/onlyoffice/documentserver/$1$2; - } - location /example/ { - proxy_pass http://localhost:3000/; - proxy_set_header Host $the_host/example; - proxy_set_header X-Forwarded-Proto $the_scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(dictionaries)(\/.*)$ { - expires 365d; - alias /snap/onlyoffice-ds/current/var/www/onlyoffice/documentserver/$2$3; - } - client_max_body_size 100m; -} - diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 9529ae3..5b7e8b8 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -97,6 +97,14 @@ parts: /usr/lib/update-notifier/package-data-downloader fi cp -r /usr/share/fonts/truetype/msttcorefonts $SNAPCRAFT_PART_INSTALL/usr/share/fonts/truetype + #temporary + rm -r $SNAPCRAFT_PART_INSTALL/core-fonts + rm -r $SNAPCRAFT_PART_INSTALL/sdkjs + rm -r $SNAPCRAFT_PART_INSTALL/sdkjs-plugins + rm -r $SNAPCRAFT_PART_INSTALL/server + rm -r $SNAPCRAFT_PART_INSTALL/web-apps + rm -r $SNAPCRAFT_PART_INSTALL/example + # DIR="$SNAPCRAFT_PART_INSTALL/var/www/onlyoffice/documentserver" rm -r $DIR/server/welcome DIR_ETC="$SNAPCRAFT_PART_INSTALL/etc/onlyoffice/documentserver" @@ -120,6 +128,10 @@ parts: ln -s -f $OUTDIR/sdkjs/slide/themes $DIR/sdkjs/slide/themes ln -s -f $OUTDIR/sdkjs/common/Images/themes_thumbnail.png $DIR/sdkjs/common/Images/themes_thumbnail.png ln -s -f $OUTDIR/sdkjs/common/Images/themes_thumbnail@2x.png $DIR/sdkjs/common/Images/themes_thumbnail@2x.png + #package version + BUILD_VERSION=`cat var/www/onlyoffice/documentserver/server/Common/sources/commondefines.js | grep "const buildVersion" | grep -o "[0-9.]*"` + BUILD_NUMBER=`cat var/www/onlyoffice/documentserver/server/Common/sources/commondefines.js | grep "const buildNumber" | grep -o "[0-9]*"` + echo $BUILD_VERSION-$BUILD_NUMBER > $SNAPCRAFT_STAGE/version node: plugin: dump @@ -271,11 +283,14 @@ parts: source: src/common/ ds-package: + after: + - server plugin: nil source: https://github.com/ONLYOFFICE/document-server-package.git source-type: git override-build: | snapcraftctl build + PACKAGE_VERSION=`cat $SNAPCRAFT_STAGE/version` #welcome page mkdir -p $SNAPCRAFT_PART_INSTALL/var/www/onlyoffice/documentserver/server/welcome cp -r common/documentserver-example/welcome/css $SNAPCRAFT_PART_INSTALL/var/www/onlyoffice/documentserver/server/welcome @@ -284,7 +299,33 @@ parts: sed -i -e 's/sudo supervisorctl start ds:example/sudo snap set onlyoffice-ds onlyoffice.example-enabled=true/' $SNAPCRAFT_PART_INSTALL/var/www/onlyoffice/documentserver/server/welcome/index.html sed -i -e '/

Add it to the autostart/d' $SNAPCRAFT_PART_INSTALL/var/www/onlyoffice/documentserver/server/welcome/index.html sed -i -e '/
sudo sed/d' $SNAPCRAFT_PART_INSTALL/var/www/onlyoffice/documentserver/server/welcome/index.html
-
+      #nginx configs
+      NGINX_DIR=$SNAPCRAFT_PART_INSTALL/etc/onlyoffice/documentserver/nginx
+      mkdir -p $NGINX_DIR/includes
+      ##ds.conf.tmpl
+      cp common/documentserver/nginx/ds.conf.tmpl.m4 $NGINX_DIR/ds.conf.tmpl
+      sed -i -e 's/M4_NGINX_CONF/\/snap\/onlyoffice-ds\/current\/etc\/onlyoffice\/documentserver\/nginx\/includes/' $NGINX_DIR/ds.conf.tmpl
+      sed -i -e 's/80/DS_PORT/' $NGINX_DIR/ds.conf.tmpl
+      ##ds-ssl.conf.tmpl
+      cp common/documentserver/nginx/ds-ssl.conf.tmpl.m4 $NGINX_DIR/ds-ssl.conf.tmpl
+      sed -i -e 's/M4_NGINX_CONF/\/snap\/onlyoffice-ds\/current\/etc\/onlyoffice\/documentserver\/nginx\/includes/' $NGINX_DIR/ds-ssl.conf.tmpl
+      sed -i -e 's/80/DS_PORT/' $NGINX_DIR/ds-ssl.conf.tmpl
+      sed -i -e 's/443/DSS_PORT/' $NGINX_DIR/ds-ssl.conf.tmpl
+      ##ds-common.conf
+      cp common/documentserver/nginx/includes/ds-common.conf.m4 $NGINX_DIR/includes/ds-common.conf
+      sed -i -e 's/M4_NGINX_LOG/\/var\/snap\/onlyoffice-ds\/current\/var\/log\/nginx/' $NGINX_DIR/includes/ds-common.conf
+      ##ds-docservice.conf
+      cp common/documentserver/nginx/includes/ds-docservice.conf.m4 $NGINX_DIR/includes/ds-docservice.conf
+      sed -i -e 's/M4_DS_ROOT/\/snap\/onlyoffice-ds\/current\/var\/www\/onlyoffice\/documentserver/' $NGINX_DIR/includes/ds-docservice.conf
+      sed -i -e "s/M4_PACKAGE_VERSION/$PACKAGE_VERSION/" $NGINX_DIR/includes/ds-docservice.conf
+      sed -i -e 's/M4_DEV_NULL/\/dev\/null/' $NGINX_DIR/includes/ds-docservice.conf
+      sed -i -e 's/M4_DS_FILES/\/var\/snap\/onlyoffice-ds\/common\/var\/lib\/onlyoffice\/documentserver/' $NGINX_DIR/includes/ds-docservice.conf
+      ##http-common.conf
+      cp common/documentserver/nginx/includes/http-common.conf.m4 $NGINX_DIR/includes/http-common.conf
+      ##ds-example.conf
+      cp common/documentserver-example/nginx/includes/ds-example.conf.m4 $NGINX_DIR/includes/ds-example.conf
+      sed -i -e 's/M4_PLATFORM/index/' $NGINX_DIR/includes/ds-example.conf
+      sed -i -e 's/M4_DS_EXAMLE/\/snap\/onlyoffice-ds\/current\/var\/www\/onlyoffice\/documentserver\/server/' $NGINX_DIR/includes/ds-example.conf
 
   starter:
     plugin: dump
@@ -296,8 +337,6 @@ parts:
       ds-converter.conf: etc/supervisor/conf.d/ds-converter.conf
       ds-example.conf: etc/supervisor/conf.d/ds-example.conf
       ds.conf: etc/supervisor/conf.d/ds.conf
-      ds.conf.tmpl: etc/onlyoffice/documentserver/nginx/ds.conf.tmpl
-      ds-ssl.conf.tmpl: etc/onlyoffice/documentserver/nginx/ds-ssl.conf.tmpl
 
   bin:
     plugin: dump