diff --git a/.env b/.env index f457d98..f654fa6 100644 --- a/.env +++ b/.env @@ -1,3 +1,7 @@ +# step-ca # + # STEP_CA_FQDN= # Example: ca.example.com + # NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt + # docker-compose tags # PRODUCT=onlyoffice REPO=${PRODUCT} @@ -48,7 +52,7 @@ APP_KNOWN_PROXIES="" APP_KNOWN_NETWORKS="" - APP_CORE_MACHINEKEY= # CHANGE Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12 + APP_CORE_MACHINEKEY= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12 CERTIFICATE_PATH="" CERTIFICATE_KEY_PATH="" @@ -56,8 +60,8 @@ # docs # DOCUMENT_CONTAINER_NAME=${CONTAINER_PREFIX}document-server - DOCUMENT_SERVER_URL_EXTERNAL= # CHANGE Example: "https://docs.example.com" - DOCUMENT_SERVER_JWT_SECRET= # CHANGE Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 + DOCUMENT_SERVER_URL_EXTERNAL= # Example: "https://docs.example.com" + DOCUMENT_SERVER_JWT_SECRET= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt DOCUMENT_SERVER_URL_PUBLIC=/ds-vpath/ @@ -80,10 +84,10 @@ MYSQL_CONTAINER_NAME=${CONTAINER_PREFIX}mysql-server MYSQL_HOST="" MYSQL_PORT=3306 - MYSQL_ROOT_PASSWORD= # CHANGE Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 + MYSQL_ROOT_PASSWORD= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 MYSQL_DATABASE=docspace MYSQL_USER=${PRODUCT}_user - MYSQL_PASSWORD= # CHANGE Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 + MYSQL_PASSWORD= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 DATABASE_MIGRATION=true MIGRATION_TYPE="SAAS" diff --git a/README.md b/README.md index 9dae21c..6841f46 100644 --- a/README.md +++ b/README.md @@ -6,31 +6,62 @@ Плагины для DocSpace: -[ONLYOFFICE DocSpace plugins](https://github.com/ONLYOFFICE/docspace-plugins) - +[ONLYOFFICE DocSpace plugins](https://github.com/ONLYOFFICE/docspace-plugins) [Building plugin](https://api.onlyoffice.com/docspace/pluginssdk/buildingplugin) #### Заменить в файле `.env`: ``` -DOCUMENT_SERVER_IMAGE_NAME= # onlyoffice/documentserver-unlim:7.5.1.1 -APP_URL_PORTAL= # Example: https://office.example.com -APP_CORE_MACHINEKEY= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12 -DOCUMENT_SERVER_URL_EXTERNAL= # Example: "https://docs.example.com" -DOCUMENT_SERVER_JWT_SECRET= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 -MYSQL_ROOT_PASSWORD= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 -MYSQL_PASSWORD= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 +DOCUMENT_SERVER_IMAGE_NAME= # onlyoffice/documentserver-unlim:7.5.1.1 +APP_URL_PORTAL= # Example: https://office.example.com +APP_CORE_MACHINEKEY= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12 +DOCUMENT_SERVER_URL_EXTERNAL= # Example: "https://docs.example.com" +DOCUMENT_SERVER_JWT_SECRET= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32 +MYSQL_ROOT_PASSWORD= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 +MYSQL_PASSWORD= # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20 ``` #### Запуск: ``` -git clone https://git.badms.ru/bms/docspace +git clone https://git.badms.ru/bms/docspace.git cd docspace -mkdir -p data/{app_data,es_data,files_data,mysql_data,people_data,proxy_log,router_log,webroot_path} +mkdir -p data/{app_data,es_data,files_data,mysql_data,people_data,proxy_log,router_log,webroot_path,step_ca} chown 1000 data/es_data -# chmod 777 data/es_data chown 999:999 data/mysql_data + +# Заменить значения в файле .env docker compose up -d ``` + + +### Работа через локальный сервер сертификации `NPM` и `SPET-CA` + +Заранее подготовить [STEP-CA](https://git.badms.ru/bms/step-ca) и настроить проксирование на [NPM](https://git.badms.ru/bms/npm-step-ca). + +- #### на хостовой машине +``` +STEP_CA_FQDN= # Example: ca.example.com +wget --no-check-certificate https://$STEP_CA_FQDN/roots.pem -O ./data/step_ca/$STEP_CA_FQDN.crt +cp ./data/step-ca/$STEP_CA_FQDN.crt /usr/local/share/ca-certificates/ +update-ca-certificates +```` + +- #### раскомментировать и заменить в файле `.env`: +``` +# step-ca # + STEP_CA_FQDN= # Example: ca.example.com + NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt +``` + +- #### раскомментировать в файле `docker-compose.yml`: +``` + # added for STEP-CA + STEP_CA_FQDN: ${STEP_CA_FQDN} + NODE_EXTRA_CA_CERTS: ${NODE_EXTRA_CA_CERTS} + ... + # added for STEP-CA + - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + - ./data/step_ca/${STEP_CA_FQDN}.crt:/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt +``` diff --git a/docker-compose.yml b/docker-compose.yml index a226eac..a3b57d9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -55,10 +55,16 @@ x-service: ROUTER_HOST: ${ROUTER_HOST} LOG_LEVEL: ${LOG_LEVEL} DEBUG_INFO: ${DEBUG_INFO} + # added for STEP-CA + # STEP_CA_FQDN: ${STEP_CA_FQDN} + # NODE_EXTRA_CA_CERTS: ${NODE_EXTRA_CA_CERTS} volumes: - ./data/app_data:/app/onlyoffice/data # changed - files_data:/var/www/products/ASC.Files/server/ - people_data:/var/www/products/ASC.People/server/ + # added for STEP-CA + # - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + # - ./data/step_ca/${STEP_CA_FQDN}.crt:/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt # added depends_on: onlyoffice-migration-runner: