From 3bb8bc08a598aad4a94d3f06099fbbef3079a2c3 Mon Sep 17 00:00:00 2001 From: Badanin Maksim Date: Tue, 26 Mar 2024 23:27:45 +0300 Subject: [PATCH] first commit --- README.md | 123 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..540ff5a --- /dev/null +++ b/README.md @@ -0,0 +1,123 @@ + + +#### dns +``` +npm.badms.ru 192.168.1.200 +auth.badms.ru 192.168.1.210 +docs.badms.ru 192.168.1.211 +office.badms.ru 192.168.1.212 +ca.badms.ru 192.168.1.216 +``` + +#### step-ca +``` +STEP_CA_FQDN=ca.badms.ru + +git clone https://git.badms.ru/bms/step-ca.git + +cd step-ca +mkdir data +chown 1000:1000 data +sed -i s/ca.example.com/$STEP_CA_FQDN/ .env + +docker compose up -d + +sleep 10 +docker exec step-ca step ca provisioner update acme --force-cn +docker compose restart +``` + +#### npm-step-ca +``` +STEP_CA_FQDN=ca.badms.ru +git clone https://git.badms.ru/bms/npm-step-ca.git +cd npm-step-ca + +sed -i s/ca.example.com/$STEP_CA_FQDN/ .env + +docker compose up -d + +# Зайти http://npm.badms.ru:81 +# сменить учетные данные +# добавить хосты +# выпустить сертификаты +``` + +#### documentserver +``` +git clone https://git.badms.ru/bms/documentserver +git clone https://git.badms.ru/bms/oo-unlim +cd documentserver + +STEP_CA_FQDN=ca.badms.ru +mkdir -p data/step_ca +wget --no-check-certificate https://$STEP_CA_FQDN/roots.pem -O ./data/step_ca/$STEP_CA_FQDN.crt + +sed s/JWT_SECRET=\/JWT_SECRET=$(pwgen -s 32 1)/ .env + +sed -i s/ca.example.com/$STEP_CA_FQDN/ config/supervisord.conf +sed -i s/ca.example.com/$STEP_CA_FQDN/ .env + +sed -i s/"\# STEP_CA_FQDN"/" STEP_CA_FQDN"/ .env +sed -i s/"\# - STEP_CA_FQDN"/" - STEP_CA_FQDN"/ docker-compose.yml +sed -i s/\#volumes/volumes/ docker-compose.yml +sed -i s/"\# - .\/data\/step_ca"/" - .\/data\/step_ca"/ docker-compose.yml +sed -i s/"\# - .\/config\/supervisord.conf"/" - .\/config\/supervisord.conf"/ docker-compose.yml + +docker compose up -d +``` + + +#### docspace +``` +git clone https://git.badms.ru/bms/docspace.git +cd docspace +mkdir -p data/{app_data,es_data,files_data,mysql_data,people_data,proxy_log,router_log,webroot_path,step_ca} +chown 1000 data/es_data +chown 999:999 data/mysql_data + +STEP_CA_FQDN=ca.badms.ru +DOMAIN_NAME=$(echo $STEP_CA_FQDN | sed s/ca.//) + +sed -i s/APP_URL_PORTAL=\/"APP_URL_PORTAL=https\:\/\/office.$DOMAIN_NAME"/ .env +sed -i s/DOCUMENT_SERVER_URL_EXTERNAL=\/"DOCUMENT_SERVER_URL_EXTERNAL=https\:\/\/docs.$DOMAIN_NAME"/ .env +sed -i s/APP_CORE_MACHINEKEY=\/APP_CORE_MACHINEKEY=$(pwgen -s 12 1)/ .env +sed -i s/MYSQL_ROOT_PASSWORD=\/MYSQL_ROOT_PASSWORD=$(pwgen -s 20 1)/ .env +sed -i s/MYSQL_PASSWORD=\/MYSQL_PASSWORD=$(pwgen -s 20 1)/ .env + + +#скопировать ключ из documentserver +JWT_SECRET=\ +sed -i s/DOCUMENT_SERVER_JWT_SECRET=\/DOCUMENT_SERVER_JWT_SECRET=$JWT_SECRET/ .env + +wget --no-check-certificate https://$STEP_CA_FQDN/roots.pem -O ./data/step_ca/$STEP_CA_FQDN.crt +cp ./data/step-ca/$STEP_CA_FQDN.crt /usr/local/share/ca-certificates/ +update-ca-certificates + +sed -i s/"\# STEP_CA_FQDN=ca.example.com"/"STEP_CA_FQDN=$STEP_CA_FQDN"/ .env +sed -i s/"\# NODE_EXTRA_CA_CERTS"/"NODE_EXTRA_CA_CERTS"/ .env +sed -i s/"\# STEP_CA_FQDN"/"STEP_CA_FQDN"/ docker-compose.yml +sed -i s/"\# NODE_EXTRA_CA_CERTS"/"NODE_EXTRA_CA_CERTS"/ docker-compose.yml +sed -i s/"\# - \/etc\/ssl"/"- \/etc\/ssl"/ docker-compose.yml +sed -i s/"\# - .\/data\/step_ca"/"- \/etc\/ssl"/ docker-compose.yml + +docker compose up -d +``` + + +#### authentik +``` +git clone https://git.badms.ru/bms/authentik.git +cd authentik +sed -i s/PG_PASS=\/PG_PASS=$(pwgen -s 40 1)/ .env +sed -i s/AUTHENTIK_SECRET_KEY=\/AUTHENTIK_SECRET_KEY=$(pwgen -s 40 1)/ .env + +docker compose up -d + +# Открыть https://auth.badms.ru/if/flow/initial-setup/ +# создать админскую учетку +# настроить соединение с LDAP +# настроить соединение с Onlyoffice +``` + +