#!/bin/bash set -e PRODUCT="docspace" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DOCKERCOMPOSE=$(dirname "$DIR") LETSENCRYPT="/etc/letsencrypt/live"; DHPARAM_FILE="/etc/ssl/certs/dhparam.pem" WEBROOT_PATH="/letsencrypt" # Check if configuration files are present if [ -f "/app/onlyoffice/.env" -a -f "/app/onlyoffice/proxy.yml" -a -f "/app/onlyoffice/proxy-ssl.yml" ]; then DOCKERCOMPOSE="/app/onlyoffice" DIR="/app/onlyoffice/config" elif [ -f "${DOCKERCOMPOSE}/.env" -a -f "${DOCKERCOMPOSE}/proxy.yml" -a -f "${DOCKERCOMPOSE}/proxy-ssl.yml" ]; then : else echo "Error: configuration files not found." && exit 1 fi help(){ echo "" echo "This script provided to automatically setup SSL Certificates for DocSpace" echo "Automatically get Let's Encrypt SSL Certificates:" echo " docspace-ssl-setup EMAIL DOMAIN" echo " EMAIL Email used for registration and recovery contact." echo " Use comma to register multiple emails, ex:" echo " u1@example.com,u2@example.com." echo " DOMAIN Domain name to apply" echo "" echo "Using your own certificates via the -f or --file parameter:" echo " docspace-ssl-setup --file DOMAIN CERTIFICATE PRIVATEKEY" echo " DOMAIN Domain name to apply." echo " CERTIFICATE Path to the certificate file for the domain." echo " PRIVATEKEY Path to the private key file for the certificate." echo "" echo "Return to the default proxy configuration using the -d or --default parameter:" echo " docspace-ssl-setup --default" echo "" exit 0 } case $1 in -f | --file ) if [ -n "$2" ] && [ -n "$3" ] && [ -n "$4" ]; then echo "Using specified files to configure SSL..." DOMAIN=$2 CERTIFICATE_FILE=$3 PRIVATEKEY_FILE=$4 else help fi ;; -d | --default ) echo "Return to the default proxy configuration..." if [ -z "$(awk -F '=' '/^\s*DOCUMENT_SERVER_URL_EXTERNAL/{gsub(/^[[:space:]]*"|"[[:space:]]*$/, "", $2); print $2}' ${DOCKERCOMPOSE}/.env)" ]; then sed "s#\(APP_URL_PORTAL=\).*#\1\"http://onlyoffice-router:8092\"#g" -i ${DOCKERCOMPOSE}/.env else sed "s#\(APP_URL_PORTAL=\).*#\1\"http://$(curl -s ifconfig.me)\"#g" -i ${DOCKERCOMPOSE}/.env fi [[ -f "${DIR}/${PRODUCT}-renew-letsencrypt" ]] && rm -rf "${DIR}/${PRODUCT}-renew-letsencrypt" if docker ps -f "name=onlyoffice-proxy" --format '{{.Names}}' | grep -q "onlyoffice-proxy"; then if docker ps -f "name=onlyoffice-proxy" --format "{{.Ports}}" | grep -q "443"; then docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml down fi fi docker-compose -f ${DOCKERCOMPOSE}/proxy.yml up -d docker-compose -f ${DOCKERCOMPOSE}/docspace.yml restart onlyoffice-files echo "OK" exit 0 ;; * ) if [ "$#" -ge "2" ]; then MAIL=$1 DOMAIN=$2 LETSENCRYPT_ENABLE="true" if ! docker volume inspect "onlyoffice_webroot_path" &> /dev/null; then echo "Error: missing webroot_path volume" && exit 1 fi if ! docker ps -f "name=onlyoffice-proxy" --format '{{.Names}}' | grep -q "onlyoffice-proxy"; then echo "Error: the proxy container is not running" && exit 1 fi echo "Generating Let's Encrypt SSL Certificates..." # Request and generate Let's Encrypt SSL certificate docker run -it --rm \ -v /etc/letsencrypt:/etc/letsencrypt \ -v /var/lib/letsencrypt:/var/lib/letsencrypt \ -v /var/log:/var/log \ -v onlyoffice_webroot_path:${WEBROOT_PATH} \ certbot/certbot certonly \ --expand --webroot -w ${WEBROOT_PATH} \ --cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAIN} else help fi ;; esac [[ ! -f "${DHPARAM_FILE}" ]] && openssl dhparam -out ${DHPARAM_FILE} 2048 CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${PRODUCT}/fullchain.pem"}" PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}" if [ -f "${CERTIFICATE_FILE}" ]; then if [ -f "${PRIVATEKEY_FILE}" ]; then docker-compose -f ${DOCKERCOMPOSE}/proxy.yml down docker-compose -f ${DOCKERCOMPOSE}/docspace.yml stop onlyoffice-files sed -i "s~\(APP_URL_PORTAL=\).*~\1\"https://${DOMAIN}\"~g" ${DOCKERCOMPOSE}/.env sed -i "s~\(CERTIFICATE_PATH=\).*~\1\"${CERTIFICATE_FILE}\"~g" ${DOCKERCOMPOSE}/.env sed -i "s~\(CERTIFICATE_KEY_PATH=\).*~\1\"${PRIVATEKEY_FILE}\"~g" ${DOCKERCOMPOSE}/.env sed -i "s~\(DHPARAM_PATH=\).*~\1\"${DHPARAM_FILE}\"~g" ${DOCKERCOMPOSE}/.env if [[ "${LETSENCRYPT_ENABLE}" = "true" ]]; then # Create and set permissions for docspace-renew-letsencrypt echo '#!/bin/bash' > ${DIR}/${PRODUCT}-renew-letsencrypt echo "docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml down" >> ${DIR}/${PRODUCT}-renew-letsencrypt echo 'docker run -it --rm \' >> ${DIR}/${PRODUCT}-renew-letsencrypt echo ' -v /etc/letsencrypt:/etc/letsencrypt \' >> ${DIR}/${PRODUCT}-renew-letsencrypt echo ' -v /var/lib/letsencrypt:/var/lib/letsencrypt \' >> ${DIR}/${PRODUCT}-renew-letsencrypt echo ' certbot/certbot renew' >> ${DIR}/${PRODUCT}-renew-letsencrypt echo "docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml up -d" >> ${DIR}/${PRODUCT}-renew-letsencrypt chmod a+x ${DIR}/${PRODUCT}-renew-letsencrypt # Add cron job if /etc/cron.d directory exists if [ -d /etc/cron.d ]; then echo -e "@weekly root ${DIR}/${PRODUCT}-renew-letsencrypt" | tee /etc/cron.d/${PRODUCT}-letsencrypt fi fi docker-compose -f ${DOCKERCOMPOSE}/proxy-ssl.yml up -d docker-compose -f ${DOCKERCOMPOSE}/docspace.yml up -d onlyoffice-files echo "OK" else echo "Error: private key file at path ${PRIVATEKEY_FILE} not found." && exit 1 fi else echo "Error: certificate file at path ${CERTIFICATE_FILE} not found." && exit 1 fi