добавил конфигурацию для step-ca

.env

@@ -1,3 +1,7 @@
+# step-ca #
+    # STEP_CA_FQDN=<CHANGE_ME> # Example: ca.example.com
+    # NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt
+
 # docker-compose tags #
     PRODUCT=onlyoffice
     REPO=${PRODUCT}
@@ -48,7 +52,7 @@
 
     APP_KNOWN_PROXIES=""
     APP_KNOWN_NETWORKS=""
-    APP_CORE_MACHINEKEY=<CHANGE_ME> # CHANGE Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12
+    APP_CORE_MACHINEKEY=<CHANGE_ME> # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12
 
     CERTIFICATE_PATH=""
     CERTIFICATE_KEY_PATH=""
@@ -56,8 +60,8 @@
 
 # docs #
     DOCUMENT_CONTAINER_NAME=${CONTAINER_PREFIX}document-server
-    DOCUMENT_SERVER_URL_EXTERNAL=<CHANGE_ME> # CHANGE Example: "https://docs.example.com"
+    DOCUMENT_SERVER_URL_EXTERNAL=<CHANGE_ME> # Example: "https://docs.example.com"
-    DOCUMENT_SERVER_JWT_SECRET=<CHANGE_ME> # CHANGE Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32
+    DOCUMENT_SERVER_JWT_SECRET=<CHANGE_ME> # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32
     DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt
     DOCUMENT_SERVER_URL_PUBLIC=/ds-vpath/
 
@@ -80,10 +84,10 @@
     MYSQL_CONTAINER_NAME=${CONTAINER_PREFIX}mysql-server
     MYSQL_HOST=""
     MYSQL_PORT=3306
-    MYSQL_ROOT_PASSWORD=<CHANGE_ME> # CHANGE Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
+    MYSQL_ROOT_PASSWORD=<CHANGE_ME> #  Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
     MYSQL_DATABASE=docspace
     MYSQL_USER=${PRODUCT}_user
-    MYSQL_PASSWORD=<CHANGE_ME> # CHANGE Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
+    MYSQL_PASSWORD=<CHANGE_ME> #  Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
     DATABASE_MIGRATION=true
     MIGRATION_TYPE="SAAS"
 

README.md

@@ -6,31 +6,62 @@
 
 Плагины для DocSpace:
 
-[ONLYOFFICE DocSpace plugins](https://github.com/ONLYOFFICE/docspace-plugins)
+[ONLYOFFICE DocSpace plugins](https://github.com/ONLYOFFICE/docspace-plugins)  
-
 [Building plugin](https://api.onlyoffice.com/docspace/pluginssdk/buildingplugin)
 
 
 #### Заменить в файле `.env`:
 
 ```
-DOCUMENT_SERVER_IMAGE_NAME=<CHANGE_ME>      # onlyoffice/documentserver-unlim:7.5.1.1
+DOCUMENT_SERVER_IMAGE_NAME=<CHANGE_ME>		# onlyoffice/documentserver-unlim:7.5.1.1
-APP_URL_PORTAL=<CHANGE_ME>                  # Example: https://office.example.com
+APP_URL_PORTAL=<CHANGE_ME>			# Example: https://office.example.com
-APP_CORE_MACHINEKEY=<CHANGE_ME>             # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12
+APP_CORE_MACHINEKEY=<CHANGE_ME>			# Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 12
-DOCUMENT_SERVER_URL_EXTERNAL=<CHANGE_ME>    # Example: "https://docs.example.com"
+DOCUMENT_SERVER_URL_EXTERNAL=<CHANGE_ME>	# Example: "https://docs.example.com"
-DOCUMENT_SERVER_JWT_SECRET=<CHANGE_ME>      # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32
+DOCUMENT_SERVER_JWT_SECRET=<CHANGE_ME>		# Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32
-MYSQL_ROOT_PASSWORD=<CHANGE_ME>             # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
+MYSQL_ROOT_PASSWORD=<CHANGE_ME>			# Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
-MYSQL_PASSWORD=<CHANGE_ME>                  # Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
+MYSQL_PASSWORD=<CHANGE_ME>			# Example: cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 20
 ```
 
 #### Запуск:
 
 ```
-git clone https://git.badms.ru/bms/docspace
+git clone https://git.badms.ru/bms/docspace.git
 cd docspace
-mkdir -p data/{app_data,es_data,files_data,mysql_data,people_data,proxy_log,router_log,webroot_path}
+mkdir -p data/{app_data,es_data,files_data,mysql_data,people_data,proxy_log,router_log,webroot_path,step_ca}
 chown 1000 data/es_data
-# chmod 777 data/es_data
 chown 999:999 data/mysql_data
+
+# Заменить значения в файле .env
 docker compose up -d
 ```
+
+
+### Работа через локальный сервер сертификации `NPM` и `SPET-CA`
+
+Заранее подготовить [STEP-CA](https://git.badms.ru/bms/step-ca) и настроить проксирование на [NPM](https://git.badms.ru/bms/npm-step-ca).
+
+- #### на хостовой машине
+```
+STEP_CA_FQDN=<CHANGE> # Example: ca.example.com
+wget --no-check-certificate https://$STEP_CA_FQDN/roots.pem -O ./data/step_ca/$STEP_CA_FQDN.crt
+cp ./data/step-ca/$STEP_CA_FQDN.crt /usr/local/share/ca-certificates/
+update-ca-certificates
+````
+
+- #### раскомментировать и заменить в файле `.env`:
+```
+# step-ca #
+    STEP_CA_FQDN=<CHANGE_ME> 			   # Example: ca.example.com
+    NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt
+```
+
+- #### раскомментировать в файле `docker-compose.yml`:
+```
+    # added for STEP-CA
+    STEP_CA_FQDN: ${STEP_CA_FQDN}
+    NODE_EXTRA_CA_CERTS: ${NODE_EXTRA_CA_CERTS}
+	...
+    # added for STEP-CA
+    - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
+    - ./data/step_ca/${STEP_CA_FQDN}.crt:/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt
+```

docker-compose.yml

@@ -55,10 +55,16 @@ x-service:
     ROUTER_HOST: ${ROUTER_HOST}
     LOG_LEVEL: ${LOG_LEVEL}
     DEBUG_INFO: ${DEBUG_INFO}
+    # added for STEP-CA
+    # STEP_CA_FQDN: ${STEP_CA_FQDN}
+    # NODE_EXTRA_CA_CERTS: ${NODE_EXTRA_CA_CERTS}
   volumes:
     - ./data/app_data:/app/onlyoffice/data # changed
     - files_data:/var/www/products/ASC.Files/server/
     - people_data:/var/www/products/ASC.People/server/
+    # added for STEP-CA
+    # - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
+    # - ./data/step_ca/${STEP_CA_FQDN}.crt:/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt
   # added
   depends_on:
     onlyoffice-migration-runner: