bms
/
docspace-stack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '16af4d1fd1'
${ noResults }
docspace-stack/README.md

124 lines
3.6 KiB
Markdown
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#### dns
```
npm.badms.ru 192.168.1.200
auth.badms.ru 192.168.1.210
docs.badms.ru 192.168.1.211
office.badms.ru 192.168.1.212
ca.badms.ru 192.168.1.216
```
#### step-ca
```
STEP_CA_FQDN=ca.badms.ru
git clone https://git.badms.ru/bms/step-ca.git
cd step-ca
mkdir data
chown 1000:1000 data
sed -i s/ca.example.com/$STEP_CA_FQDN/ .env
docker compose up -d
sleep 10
docker exec step-ca step ca provisioner update acme --force-cn
docker compose restart
```
#### npm-step-ca
```
STEP_CA_FQDN=ca.badms.ru
git clone https://git.badms.ru/bms/npm-step-ca.git
cd npm-step-ca
sed -i s/ca.example.com/$STEP_CA_FQDN/ .env
docker compose up -d
# Зайти http://npm.badms.ru:81
# сменить учетные данные
# добавить хосты
# выпустить сертификаты
```
#### documentserver
```
git clone https://git.badms.ru/bms/documentserver
git clone https://git.badms.ru/bms/oo-unlim
cd documentserver
STEP_CA_FQDN=ca.badms.ru
mkdir -p data/step_ca
wget --no-check-certificate https://$STEP_CA_FQDN/roots.pem -O ./data/step_ca/$STEP_CA_FQDN.crt
sed s/JWT_SECRET=\<CHANGE\>/JWT_SECRET=$(pwgen -s 32 1)/ .env
sed -i s/ca.example.com/$STEP_CA_FQDN/ config/supervisord.conf
sed -i s/ca.example.com/$STEP_CA_FQDN/ .env
sed -i s/"\# STEP_CA_FQDN"/" STEP_CA_FQDN"/ .env
sed -i s/"\# - STEP_CA_FQDN"/" - STEP_CA_FQDN"/ docker-compose.yml
sed -i s/\#volumes/volumes/ docker-compose.yml
sed -i s/"\# - .\/data\/step_ca"/" - .\/data\/step_ca"/ docker-compose.yml
sed -i s/"\# - .\/config\/supervisord.conf"/" - .\/config\/supervisord.conf"/ docker-compose.yml
docker compose up -d
```
#### docspace
```
git clone https://git.badms.ru/bms/docspace.git
cd docspace
mkdir -p data/{app_data,es_data,files_data,mysql_data,people_data,proxy_log,router_log,webroot_path,step_ca}
chown 1000 data/es_data
chown 999:999 data/mysql_data
STEP_CA_FQDN=ca.badms.ru
DOMAIN_NAME=$(echo $STEP_CA_FQDN | sed s/ca.//)
sed -i s/APP_URL_PORTAL=\<CHANGE_ME\>/"APP_URL_PORTAL=https\:\/\/office.$DOMAIN_NAME"/ .env
sed -i s/DOCUMENT_SERVER_URL_EXTERNAL=\<CHANGE_ME\>/"DOCUMENT_SERVER_URL_EXTERNAL=https\:\/\/docs.$DOMAIN_NAME"/ .env
sed -i s/APP_CORE_MACHINEKEY=\<CHANGE_ME\>/APP_CORE_MACHINEKEY=$(pwgen -s 12 1)/ .env
sed -i s/MYSQL_ROOT_PASSWORD=\<CHANGE_ME\>/MYSQL_ROOT_PASSWORD=$(pwgen -s 20 1)/ .env
sed -i s/MYSQL_PASSWORD=\<CHANGE_ME\>/MYSQL_PASSWORD=$(pwgen -s 20 1)/ .env
#скопировать ключ из documentserver
JWT_SECRET=\<CHANGE\>
sed -i s/DOCUMENT_SERVER_JWT_SECRET=\<CHANGE_ME\>/DOCUMENT_SERVER_JWT_SECRET=$JWT_SECRET/ .env
wget --no-check-certificate https://$STEP_CA_FQDN/roots.pem -O ./data/step_ca/$STEP_CA_FQDN.crt
cp ./data/step-ca/$STEP_CA_FQDN.crt /usr/local/share/ca-certificates/
update-ca-certificates
sed -i s/"\# STEP_CA_FQDN=ca.example.com"/"STEP_CA_FQDN=$STEP_CA_FQDN"/ .env
sed -i s/"\# NODE_EXTRA_CA_CERTS"/"NODE_EXTRA_CA_CERTS"/ .env
sed -i s/"\# STEP_CA_FQDN"/"STEP_CA_FQDN"/ docker-compose.yml
sed -i s/"\# NODE_EXTRA_CA_CERTS"/"NODE_EXTRA_CA_CERTS"/ docker-compose.yml
sed -i s/"\# - \/etc\/ssl"/"- \/etc\/ssl"/ docker-compose.yml
sed -i s/"\# - .\/data\/step_ca"/"- .\/data\/step_ca"/ docker-compose.yml
docker compose up -d
```
#### authentik
```
git clone https://git.badms.ru/bms/authentik.git
cd authentik
sed -i s/PG_PASS=\<CHANGE\>/PG_PASS=$(pwgen -s 40 1)/ .env
sed -i s/AUTHENTIK_SECRET_KEY=\<CHANGE\>/AUTHENTIK_SECRET_KEY=$(pwgen -s 40 1)/ .env
docker compose up -d
# Открыть https://auth.badms.ru/if/flow/initial-setup/
# создать админскую учетку
# настроить соединение с LDAP
# настроить соединение с Onlyoffice
```
Reference in New Issue View Git Blame Copy Permalink