From 3c5f2f40a6bd78c6a4443478d940f9789b1e7423 Mon Sep 17 00:00:00 2001 From: Nasrullo Nurullaev Date: Thu, 10 Jul 2025 15:51:32 +0500 Subject: [PATCH 01/14] Add workflow to enforce Docker Hub README size limit --- .../workflows/dockerhub-description-size.yml | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/dockerhub-description-size.yml diff --git a/.github/workflows/dockerhub-description-size.yml b/.github/workflows/dockerhub-description-size.yml new file mode 100644 index 0000000..03ce2ba --- /dev/null +++ b/.github/workflows/dockerhub-description-size.yml @@ -0,0 +1,30 @@ +name: Check DockerHub README limit + +on: + push: + paths: + - README.md + +env: + MAX_BYTES: "25000" + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Measure size + id: measure + run: | + BYTES=$(wc -c < README.md | tr -d '[:space:]') + echo "BYTES=$BYTES" >> "$GITHUB_OUTPUT" + + - name: Fail if oversize + run: | + BYTES='${{ steps.measure.outputs.BYTES }}' + echo "README.md size: $BYTES bytes (limit $MAX_BYTES)" + if [ "$BYTES" -gt "$MAX_BYTES" ]; then + echo "::error::README.md exceeds Docker Hub 25 KB limit" + exit 1 + fi \ No newline at end of file From 2273e0498002d7139309213fd26e8776556d6590 Mon Sep 17 00:00:00 2001 From: Nasrullo Nurullaev Date: Thu, 10 Jul 2025 16:13:41 +0500 Subject: [PATCH 02/14] Update README file --- README.md | 61 ++++++------------------------------------------------- 1 file changed, 6 insertions(+), 55 deletions(-) diff --git a/README.md b/README.md index ee6c4f7..ee9d1d2 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ ONLYOFFICE Docs (Document Server) is an open-source office suite that comprises Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It has [three editions](https://github.com/ONLYOFFICE/DocumentServer#onlyoffice-docs-editions). With this image, you will install the free Community version. -ONLYOFFICE Docs can be used as a part of [ONLYOFFICE DocSpace](https://www.onlyoffice.com/docspace.aspx) and ONLYOFFICE Workspace, or with [third-party sync&share solutions](https://www.onlyoffice.com/all-connectors.aspx) (e.g. Odoo, Moodle, Nextcloud, ownCloud, Seafile, etc.) to enable collaborative editing within their interface. +ONLYOFFICE Docs can be used as a part of [ONLYOFFICE DocSpace](https://www.onlyoffice.com/docspace.aspx) and ONLYOFFICE Workspace, or with [third-party sync&share solutions](https://www.onlyoffice.com/all-connectors.aspx) (e.g. Odoo, Moodle, Nextcloud, ownCloud, Seafile, etc.) to enable collaborative editing within their interface. ***Important*** Please update `docker-engine` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it @@ -39,16 +39,15 @@ Take advantage of the powerful editors included in ONLYOFFICE Docs: * [ONLYOFFICE PDF Editor](https://www.onlyoffice.com/pdf-editor.aspx) * [ONLYOFFICE Diagram Viewer](https://www.onlyoffice.com/diagram-viewer.aspx) -The editors empower you to create, edit, save, and export text documents, spreadsheets, presentations, PDFs, create and fill out PDF forms, open diagrams, all while offering additional advanced features such as: +The editors empower you to create, edit, save, and export text docs, sheets, presentations, PDFs, create and fill out PDF forms, open diagrams, all while offering additional advanced features such as: * Collaborative editing (review & track changes, comments, chat) * [AI-powered assistants](https://www.onlyoffice.com/ai-assistants.aspx) * Spell-checking -* Accessibility * Scalable UI options (including dark mode) -* [Security tools and services](https://www.onlyoffice.com/security.aspx) +* [Security tools & services](https://www.onlyoffice.com/security.aspx) -ONLYOFFICE Docs offer support for plugins allowing developers to add specific features to the editors that are not directly related to the OOXML format. For more information, see [our API](https://api.onlyoffice.com/docs/plugin-and-macros/get-started/overview/) or visit the [GitHub plugins repo](https://github.com/ONLYOFFICE/onlyoffice.github.io). Would like to explore the existing plugins in details? You are welcome to visit the [Marketplace](https://www.onlyoffice.com/app-directory). +ONLYOFFICE Docs offer support for plugins allowing you to add specific features to the editors that are not directly related to the OOXML format. For more details, see [our API](https://api.onlyoffice.com/docs/plugin-and-macros/get-started/overview/) or visit the [plugins repo](https://github.com/ONLYOFFICE/onlyoffice.github.io). Would like to explore the existing plugins? Open the [Marketplace](https://www.onlyoffice.com/app-directory). ## Recommended System Requirements @@ -297,32 +296,14 @@ The additional parameters for mail server are available [here](https://github.co To learn more, refer to the [ONLYOFFICE Mail Server documentation](https://github.com/ONLYOFFICE/Docker-MailServer "ONLYOFFICE Mail Server documentation"). -<<<<<<< HEAD **STEP 6**: Install ONLYOFFICE Community Server ```bash sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 --cgroupns=host \ -======= -**STEP 5**: Install ONLYOFFICE Control Panel - -```bash -docker run --net onlyoffice -i -t -d --restart=always --name onlyoffice-control-panel \ --v /var/run/docker.sock:/var/run/docker.sock \ --v /app/onlyoffice/CommunityServer/data:/app/onlyoffice/CommunityServer/data \ --v /app/onlyoffice/ControlPanel/data:/var/www/onlyoffice/Data \ --v /app/onlyoffice/ControlPanel/logs:/var/log/onlyoffice onlyoffice/controlpanel -``` - -**STEP 6**: Install ONLYOFFICE Community Server - -```bash -sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name onlyoffice-community-server -p 80:80 -p 443:443 -p 5222:5222 \ ->>>>>>> 1b10049c5ad75bb749ae2db968eabb4422a73a34 -e MYSQL_SERVER_ROOT_PASSWORD=my-secret-pw \ -e MYSQL_SERVER_DB_NAME=onlyoffice \ -e MYSQL_SERVER_HOST=onlyoffice-mysql-server \ -e MYSQL_SERVER_USER=onlyoffice_user \ -<<<<<<< HEAD -e MYSQL_SERVER_PASS=onlyoffice_pass \ -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \ @@ -330,10 +311,6 @@ sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name o -e DOCUMENT_SERVER_JWT_SECRET=${JWT_SECRET} \ -e DOCUMENT_SERVER_JWT_HEADER=AuthorizationJwt \ -======= - -e MYSQL_SERVER_PASS=onlyoffice_pass \ - -e DOCUMENT_SERVER_PORT_80_TCP_ADDR=onlyoffice-document-server \ ->>>>>>> 1b10049c5ad75bb749ae2db968eabb4422a73a34 -e MAIL_SERVER_API_HOST=${MAIL_SERVER_IP} \ -e MAIL_SERVER_DB_HOST=onlyoffice-mysql-server \ -e MAIL_SERVER_DB_NAME=onlyoffice_mailserver \ @@ -345,11 +322,7 @@ sudo docker run --net onlyoffice -i -t -d --privileged --restart=always --name o -v /app/onlyoffice/CommunityServer/data:/var/www/onlyoffice/Data \ -v /app/onlyoffice/CommunityServer/logs:/var/log/onlyoffice \ -v /app/onlyoffice/CommunityServer/letsencrypt:/etc/letsencrypt \ -<<<<<<< HEAD -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ -======= - -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ ->>>>>>> 1b10049c5ad75bb749ae2db968eabb4422a73a34 onlyoffice/communityserver ``` @@ -375,29 +348,7 @@ workspace-install.sh -md yourdomain.com Or, use [docker-compose](https://docs.docker.com/compose/install "docker-compose"). First you need to clone this [GitHub repository](https://github.com/ONLYOFFICE/Docker-CommunityServer/): ```bash -<<<<<<< HEAD wget https://raw.githubusercontent.com/ONLYOFFICE/Docker-CommunityServer/master/docker-compose.groups.yml -======= -git clone https://github.com/ONLYOFFICE/Docker-CommunityServer -``` - -After that switch to the repository folder: - -```bash -cd Docker-CommunityServer -``` - -For the mail server correct work, open one of the files depending on the product you use: - -* [docker-compose.yml](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.groups.yml) for Community Server (distributed as ONLYOFFICE Groups) -* [docker-compose.yml](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace.yml) for ONLYOFFICE Workspace Community Edition -* [docker-compose.yml](https://github.com/ONLYOFFICE/Docker-CommunityServer/blob/master/docker-compose.workspace_enterprise.yml) for ONLYOFFICE Workspace Enterprise Edition - -Then replace the `${MAIL_SERVER_HOSTNAME}` variable with your own hostname for the **Mail Server**. After that, assuming you have docker-compose installed, execute the following command: - -```bash -cd link-to-your-modified-docker-compose ->>>>>>> 1b10049c5ad75bb749ae2db968eabb4422a73a34 docker-compose up -d ``` @@ -457,9 +408,9 @@ Free version vs commercial builds comparison: https://github.com/ONLYOFFICE/Docu ## User Feedback and Support -If you face any issues or have questions about this image, please visit our official forum: [forum.onlyoffice.com][1]. +If you face any issues or have questions about this image, visit our official forum: [forum.onlyoffice.com][1]. -You are also welcome to ask and answer ONLYOFFICE development questions on [Stack Overflow][2], as well as share your thoughts and suggestions on [feedback.onlyoffice.com](https://feedback.onlyoffice.com/forums/966080-your-voice-matters). +You are also welcome to ask and answer ONLYOFFICE development questions on [Stack Overflow][2], as well as share your suggestions on [feedback.onlyoffice.com](https://feedback.onlyoffice.com/forums/966080-your-voice-matters). Join [our Discord community](https://discord.gg/Hcgtf5n4uF) for connecting with fellow developers. From 0671c294433a4379a4745bf6de5058d97cc428b4 Mon Sep 17 00:00:00 2001 From: danilapog Date: Fri, 1 Aug 2025 17:29:07 +0300 Subject: [PATCH 03/14] Add SBOM generation to Docker buildx bake steps --- .github/workflows/4testing-build.yml | 2 +- .github/workflows/stable-build.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/4testing-build.yml b/.github/workflows/4testing-build.yml index 5b6deb1..7869e83 100644 --- a/.github/workflows/4testing-build.yml +++ b/.github/workflows/4testing-build.yml @@ -155,7 +155,7 @@ jobs: ### ==>> Build and push images at this step ### - docker buildx bake -f docker-bake.hcl "${IMAGE}" --push + docker buildx bake --sbom=true -f docker-bake.hcl "${IMAGE}" --push echo "DONE: Build success" ### Set output for Zap scanner diff --git a/.github/workflows/stable-build.yml b/.github/workflows/stable-build.yml index dae253c..8f3abbf 100644 --- a/.github/workflows/stable-build.yml +++ b/.github/workflows/stable-build.yml @@ -64,7 +64,7 @@ jobs: export TAG=${VERSION%.*}.${RELEASE_NUMBER} export SHORTER_TAG=${VERSION%.*} export SHORTEST_TAG=${VERSION%.*.*} - docker buildx bake -f docker-bake.hcl "${TARGET}" --push + docker buildx bake --sbom=true -f docker-bake.hcl "${TARGET}" --push echo "DONE: Build success >> exit with 0" exit 0 shell: bash @@ -110,7 +110,7 @@ jobs: set -eux export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER} export TAG=${VERSION%.*}.${RELEASE_NUMBER} - docker buildx bake -f docker-bake.hcl "${TARGET}" --push + docker buildx bake --sbom=true -f docker-bake.hcl "${TARGET}" --push shell: bash build-ucs-ubuntu20: @@ -148,5 +148,5 @@ jobs: export PACKAGE_SUFFIX= export TAG=${VERSION%.*}.${RELEASE_NUMBER} export PACKAGE_VERSION=$( echo ${VERSION} | sed -E 's/(.*)\./\1-/') - docker buildx bake -f docker-bake.hcl documentserver-ucs --push + docker buildx bake --sbom=true -f docker-bake.hcl documentserver-ucs --push shell: bash From 38946cb641cf2f9e16201f2c81df0a29df47ad04 Mon Sep 17 00:00:00 2001 From: danilapog Date: Mon, 4 Aug 2025 13:47:08 +0300 Subject: [PATCH 04/14] Add provenance information to bake build steps --- .github/workflows/4testing-build.yml | 2 +- .github/workflows/stable-build.yml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/4testing-build.yml b/.github/workflows/4testing-build.yml index 7869e83..b38a5d8 100644 --- a/.github/workflows/4testing-build.yml +++ b/.github/workflows/4testing-build.yml @@ -155,7 +155,7 @@ jobs: ### ==>> Build and push images at this step ### - docker buildx bake --sbom=true -f docker-bake.hcl "${IMAGE}" --push + docker buildx bake --sbom=true --provenance=mode=max -f docker-bake.hcl "${IMAGE}" --push echo "DONE: Build success" ### Set output for Zap scanner diff --git a/.github/workflows/stable-build.yml b/.github/workflows/stable-build.yml index 8f3abbf..e3995f1 100644 --- a/.github/workflows/stable-build.yml +++ b/.github/workflows/stable-build.yml @@ -64,7 +64,7 @@ jobs: export TAG=${VERSION%.*}.${RELEASE_NUMBER} export SHORTER_TAG=${VERSION%.*} export SHORTEST_TAG=${VERSION%.*.*} - docker buildx bake --sbom=true -f docker-bake.hcl "${TARGET}" --push + docker buildx bake --sbom=true --provenance=mode=max -f docker-bake.hcl "${TARGET}" --push echo "DONE: Build success >> exit with 0" exit 0 shell: bash @@ -110,7 +110,7 @@ jobs: set -eux export PULL_TAG=${VERSION%.*}.${RELEASE_NUMBER} export TAG=${VERSION%.*}.${RELEASE_NUMBER} - docker buildx bake --sbom=true -f docker-bake.hcl "${TARGET}" --push + docker buildx bake --sbom=true --provenance=mode=max -f docker-bake.hcl "${TARGET}" --push shell: bash build-ucs-ubuntu20: @@ -148,5 +148,5 @@ jobs: export PACKAGE_SUFFIX= export TAG=${VERSION%.*}.${RELEASE_NUMBER} export PACKAGE_VERSION=$( echo ${VERSION} | sed -E 's/(.*)\./\1-/') - docker buildx bake --sbom=true -f docker-bake.hcl documentserver-ucs --push + docker buildx bake --sbom=true --provenance=mode=max -f docker-bake.hcl documentserver-ucs --push shell: bash From c533386cd9484876ec50c8959c00b8d0186bbebf Mon Sep 17 00:00:00 2001 From: Sergey Konovalov Date: Thu, 4 Sep 2025 17:29:14 +0300 Subject: [PATCH 05/14] Feature/Add supervisor admin-panel services --- config/supervisor/ds/ds-adminpanel.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 config/supervisor/ds/ds-adminpanel.conf diff --git a/config/supervisor/ds/ds-adminpanel.conf b/config/supervisor/ds/ds-adminpanel.conf new file mode 100644 index 0000000..0b2cac0 --- /dev/null +++ b/config/supervisor/ds/ds-adminpanel.conf @@ -0,0 +1,13 @@ +[program:adminpanel] +command=/var/www/COMPANY_NAME/documentserver/server/AdminPanel/server/adminpanel +directory=/var/www/COMPANY_NAME/documentserver/server/AdminPanel +user=ds +environment=NODE_ENV=production-linux,NODE_CONFIG_DIR=/etc/COMPANY_NAME/documentserver,NODE_DISABLE_COLORS=1,APPLICATION_NAME=COMPANY_NAME +stdout_logfile=/var/log/COMPANY_NAME/documentserver/adminpanel/out.log +stdout_logfile_backups=0 +stdout_logfile_maxbytes=0 +stderr_logfile=/var/log/COMPANY_NAME/documentserver/adminpanel/err.log +stderr_logfile_backups=0 +stderr_logfile_maxbytes=0 +autostart=true +autorestart=true From 289ce658d9dc17d1b54d72ef8c142110002d9af8 Mon Sep 17 00:00:00 2001 From: Sergey Konovalov Date: Sat, 6 Sep 2025 15:33:54 +0300 Subject: [PATCH 06/14] Fix Docker startup; Add adminpanel log dir creation --- config/supervisor/ds/ds.conf | 2 +- run-document-server.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/supervisor/ds/ds.conf b/config/supervisor/ds/ds.conf index c9179df..5e0c16b 100644 --- a/config/supervisor/ds/ds.conf +++ b/config/supervisor/ds/ds.conf @@ -1,2 +1,2 @@ [group:ds] -programs=docservice,converter,metrics,example +programs=docservice,converter,metrics,example,adminpanel diff --git a/run-document-server.sh b/run-document-server.sh index 2d43099..f467f47 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -639,7 +639,7 @@ update_release_date(){ } # create base folders -for i in converter docservice metrics; do +for i in converter docservice metrics adminpanel; do mkdir -p "${DS_LOG_DIR}/$i" done From d937c9aa89f852384f42c6a5cdcacdf0b22ecebb Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Mon, 15 Sep 2025 19:50:43 +0200 Subject: [PATCH 07/14] Add the ability to specify additional redis parameters --- README.md | 2 ++ run-document-server.sh | 9 +++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ee9d1d2..ff165a6 100644 --- a/README.md +++ b/README.md @@ -195,7 +195,9 @@ Below is the complete list of parameters that can be set using environment varia - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`. - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running. - **REDIS_SERVER_PORT**: The Redis server port number. +- **REDIS_SERVER_USER**: The Redis server username. The username is not set by default. - **REDIS_SERVER_PASS**: The Redis server password. The password is not set by default. +- **REDIS_SERVER_DB**: The Redis database index number to select. Defaults to `0`. - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. - **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`. diff --git a/run-document-server.sh b/run-document-server.sh index f467f47..a733a62 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -374,10 +374,11 @@ update_redis_settings(){ ${JSON} -I -e "this.services.CoAuthoring.redis.host = '${REDIS_SERVER_HOST}'" ${JSON} -I -e "this.services.CoAuthoring.redis.port = '${REDIS_SERVER_PORT}'" - if [ -n "${REDIS_SERVER_PASS}" ]; then - ${JSON} -I -e "this.services.CoAuthoring.redis.options = {'password':'${REDIS_SERVER_PASS}'}" - fi - + ${JSON} -I -e "this.services.CoAuthoring.redis.options = { + ${REDIS_SERVER_USER:+username: '${REDIS_SERVER_USER}',} + ${REDIS_SERVER_PASS:+password: '${REDIS_SERVER_PASS}',} + ${REDIS_SERVER_DB:+database: '${REDIS_SERVER_DB}',} + }" } update_ds_settings(){ From 1197520921c2e22f47f8778f5b9ab45126c9c9e1 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Thu, 4 Sep 2025 15:08:48 +0200 Subject: [PATCH 08/14] Add support for specifying schema in psql --- README.md | 3 +++ run-document-server.sh | 42 +++++++++++++++++++++++++++++++++--------- 2 files changed, 36 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index ff165a6..8983bc1 100644 --- a/README.md +++ b/README.md @@ -191,6 +191,9 @@ Below is the complete list of parameters that can be set using environment varia - **DB_NAME**: The name of a database to use. Should be existing on container startup. - **DB_USER**: The new user name with superuser permissions for the database account. - **DB_PWD**: The password set for the database account. +- **DB_SCHEMA**: Database schema name (optional). + - **PostgreSQL** — schema for [search_path](https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATH), default `public`. + - **MSSQL** — schema to set as [DEFAULT_SCHEMA](https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-user-transact-sql?view=sql-server-ver17#default_schema---schema_name--null-), default `dbo`. - **AMQP_URI**: The [AMQP URI](https://www.rabbitmq.com/uri-spec.html "RabbitMQ URI Specification") to connect to message broker server. - **AMQP_TYPE**: The message broker type. Supported values are `rabbitmq` or `activemq`. Defaults to `rabbitmq`. - **REDIS_SERVER_HOST**: The IP address or the name of the host where the Redis server is running. diff --git a/run-document-server.sh b/run-document-server.sh index a733a62..8945804 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -450,9 +450,7 @@ create_postgresql_db(){ } create_mssql_db(){ - MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT" - - $MSSQL -U $DB_USER -P "$DB_PWD" -C -Q "IF NOT EXISTS (SELECT * FROM sys.databases WHERE name = '$DB_NAME') BEGIN CREATE DATABASE $DB_NAME; END" + ${MSSQL/ -d $DB_NAME/} -b -Q "IF NOT EXISTS (SELECT * FROM sys.databases WHERE name = '$DB_NAME') BEGIN CREATE DATABASE [$DB_NAME]; END" } create_db_tbl() { @@ -489,6 +487,22 @@ upgrade_db_tbl() { esac } +postgresql_check_schema(){ + DB_SCHEMA=${DB_SCHEMA:-$(${JSON} services.CoAuthoring.sql.pgPoolExtraOptions.options 2>/dev/null | sed -n 's/.*search_path=\([^, ]*\).*/\1/p')} + if [ -n "${DB_SCHEMA}" ]; then + export PGOPTIONS="-c search_path=${DB_SCHEMA}" + $PSQL -c "CREATE SCHEMA IF NOT EXISTS ${DB_SCHEMA};" >/dev/null 2>&1 + ${JSON} -I -e "this.services.CoAuthoring.sql.pgPoolExtraOptions.options = '${PGOPTIONS}'" + fi +} + +mssql_check_schema(){ + if [ -n "${DB_SCHEMA}" ]; then + ${MSSQL} -b -Q "DECLARE @s sysname=N'${DB_SCHEMA}'; IF SCHEMA_ID(@s) IS NULL BEGIN DECLARE @sql nvarchar(max); SET @sql=N'CREATE SCHEMA '+QUOTENAME(@s)+N' AUTHORIZATION '+QUOTENAME(N'${DB_USER}'); EXEC(@sql); END" + ${MSSQL} -b -Q "DECLARE @s sysname=N'${DB_SCHEMA}'; DECLARE @u sysname=N'${DB_USER}'; IF USER_ID(@u) IS NOT NULL BEGIN DECLARE @sql nvarchar(max); SET @sql=N'ALTER USER '+QUOTENAME(@u)+N' WITH DEFAULT_SCHEMA = '+QUOTENAME(@s); EXEC(@sql); END" + fi +} + upgrade_postgresql_tbl() { if [ -n "$DB_PWD" ]; then export PGPASSWORD=$DB_PWD @@ -496,6 +510,7 @@ upgrade_postgresql_tbl() { PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w" + postgresql_check_schema $PSQL -f "$APP_DIR/server/schema/postgresql/removetbl.sql" $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql" } @@ -509,9 +524,13 @@ upgrade_mysql_tbl() { } upgrade_mssql_tbl() { - CONN_PARAMS="-d $DB_NAME -U $DB_USER -P "$DB_PWD" -C" - MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT $CONN_PARAMS" + if [ -n "$DB_PWD" ]; then + export SQLCMDPASSWORD=$DB_PWD + fi + MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT -d $DB_NAME -U $DB_USER -C" + + mssql_check_schema $MSSQL < "$APP_DIR/server/schema/mssql/removetbl.sql" >/dev/null 2>&1 $MSSQL < "$APP_DIR/server/schema/mssql/createdb.sql" >/dev/null 2>&1 } @@ -529,6 +548,8 @@ create_postgresql_tbl() { fi PSQL="psql -q -h$DB_HOST -p$DB_PORT -d$DB_NAME -U$DB_USER -w" + + postgresql_check_schema $PSQL -f "$APP_DIR/server/schema/postgresql/createdb.sql" } @@ -543,11 +564,14 @@ create_mysql_tbl() { } create_mssql_tbl() { + if [ -n "$DB_PWD" ]; then + export SQLCMDPASSWORD=$DB_PWD + fi + + MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT -d $DB_NAME -U $DB_USER -C" + create_mssql_db - - CONN_PARAMS="-d $DB_NAME -U $DB_USER -P "$DB_PWD" -C" - MSSQL="/opt/mssql-tools18/bin/sqlcmd -S $DB_HOST,$DB_PORT $CONN_PARAMS" - + mssql_check_schema $MSSQL < "$APP_DIR/server/schema/mssql/createdb.sql" >/dev/null 2>&1 } From b42b6628e6d77989fe506c06d342628022b7efe1 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Thu, 25 Sep 2025 19:35:33 +0200 Subject: [PATCH 09/14] Add the missing field secret.browser.string --- run-document-server.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/run-document-server.sh b/run-document-server.sh index 8945804..23fee10 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -389,6 +389,7 @@ update_ds_settings(){ ${JSON} -I -e "this.services.CoAuthoring.secret.inbox.string = '${JWT_SECRET}'" ${JSON} -I -e "this.services.CoAuthoring.secret.outbox.string = '${JWT_SECRET}'" ${JSON} -I -e "this.services.CoAuthoring.secret.session.string = '${JWT_SECRET}'" + ${JSON} -I -e "this.services.CoAuthoring.secret.browser.string = '${JWT_SECRET}'" ${JSON} -I -e "this.services.CoAuthoring.token.inbox.header = '${JWT_HEADER}'" ${JSON} -I -e "this.services.CoAuthoring.token.outbox.header = '${JWT_HEADER}'" From fce9f747a23d97ad80d49395e0342b23e722cee7 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 3 Oct 2025 15:16:26 +0200 Subject: [PATCH 10/14] Disable automatic startup of the adminpanel service after installation --- config/supervisor/ds/ds-adminpanel.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config/supervisor/ds/ds-adminpanel.conf b/config/supervisor/ds/ds-adminpanel.conf index 0b2cac0..82fe349 100644 --- a/config/supervisor/ds/ds-adminpanel.conf +++ b/config/supervisor/ds/ds-adminpanel.conf @@ -9,5 +9,5 @@ stdout_logfile_maxbytes=0 stderr_logfile=/var/log/COMPANY_NAME/documentserver/adminpanel/err.log stderr_logfile_backups=0 stderr_logfile_maxbytes=0 -autostart=true -autorestart=true +autostart=false +autorestart=false From 1e6815a0c0c476092aae48519c7543553b7dbf5b Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Fri, 3 Oct 2025 17:46:02 +0200 Subject: [PATCH 11/14] Fix the error of missing pgPoolExtraOptions when installing DB_SCHEMA --- run-document-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-document-server.sh b/run-document-server.sh index 23fee10..27e386f 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -493,7 +493,7 @@ postgresql_check_schema(){ if [ -n "${DB_SCHEMA}" ]; then export PGOPTIONS="-c search_path=${DB_SCHEMA}" $PSQL -c "CREATE SCHEMA IF NOT EXISTS ${DB_SCHEMA};" >/dev/null 2>&1 - ${JSON} -I -e "this.services.CoAuthoring.sql.pgPoolExtraOptions.options = '${PGOPTIONS}'" + ${JSON} -I -e "this.services.CoAuthoring.sql.pgPoolExtraOptions ||= {}; this.services.CoAuthoring.sql.pgPoolExtraOptions.options = '${PGOPTIONS}'" fi } From 5da9390fe635f5afb8f66c5792b95b1721001ed2 Mon Sep 17 00:00:00 2001 From: Evgeniy Antonyuk Date: Tue, 7 Oct 2025 13:17:07 +0200 Subject: [PATCH 12/14] fix Bug 77296 - Correct the display of adminpanel logs --- run-document-server.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run-document-server.sh b/run-document-server.sh index 27e386f..9369f72 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -666,10 +666,10 @@ update_release_date(){ # create base folders for i in converter docservice metrics adminpanel; do - mkdir -p "${DS_LOG_DIR}/$i" + mkdir -p "$DS_LOG_DIR/$i" && touch "$DS_LOG_DIR/$i"/{out,err}.log done -mkdir -p ${DS_LOG_DIR}-example +mkdir -p "${DS_LOG_DIR}-example" && touch "${DS_LOG_DIR}-example"/{out,err}.log # create app folders for i in ${DS_LIB_DIR}/App_Data/cache/files ${DS_LIB_DIR}/App_Data/docbuilder ${DS_LIB_DIR}-example/files; do @@ -819,4 +819,4 @@ start_process documentserver-static-gzip.sh ${ONLYOFFICE_DATA_CONTAINER} echo "${JWT_MESSAGE}" -start_process find "$DS_LOG_DIR" "$DS_LOG_DIR-example" -type f -name "*.log" | xargs tail -f +start_process find "$DS_LOG_DIR" "$DS_LOG_DIR-example" -type f -name "*.log" | xargs tail -F From a26d08992a73246799f8e9431a146d828e2c7f9b Mon Sep 17 00:00:00 2001 From: Vladimir Ischenko Date: Tue, 7 Oct 2025 12:00:52 +0000 Subject: [PATCH 13/14] Fix bug 70360 - Add `NGINX_ACCESS_LOG` to enable nginx access logs (#49) Co-authored-by: Vladimir Ischenko Co-committed-by: Vladimir Ischenko --- README.md | 1 + run-document-server.sh | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8983bc1..e2a83e9 100644 --- a/README.md +++ b/README.md @@ -203,6 +203,7 @@ Below is the complete list of parameters that can be set using environment varia - **REDIS_SERVER_DB**: The Redis database index number to select. Defaults to `0`. - **NGINX_WORKER_PROCESSES**: Defines the number of nginx worker processes. - **NGINX_WORKER_CONNECTIONS**: Sets the maximum number of simultaneous connections that can be opened by a nginx worker process. +- **NGINX_ACCESS_LOG**: Defines whether access logging is enabled. Defaults to `false`. - **SECURE_LINK_SECRET**: Defines secret for the nginx config directive [secure_link_md5](https://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link_md5). Defaults to `random string`. - **JWT_ENABLED**: Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Document Server. Defaults to `true`. - **JWT_SECRET**: Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Document Server. Defaults to random value. diff --git a/run-document-server.sh b/run-document-server.sh index 9369f72..e9cb578 100644 --- a/run-document-server.sh +++ b/run-document-server.sh @@ -103,6 +103,7 @@ NGINX_ONLYOFFICE_EXAMPLE_CONF="${NGINX_ONLYOFFICE_EXAMPLE_PATH}/includes/ds-exam NGINX_CONFIG_PATH="/etc/nginx/nginx.conf" NGINX_WORKER_PROCESSES=${NGINX_WORKER_PROCESSES:-1} +NGINX_ACCESS_LOG=${NGINX_ACCESS_LOG:-false} # Limiting the maximum number of simultaneous connections due to possible memory shortage LIMIT=$(ulimit -n); [ $LIMIT -gt 1048576 ] && LIMIT=1048576 NGINX_WORKER_CONNECTIONS=${NGINX_WORKER_CONNECTIONS:-$LIMIT} @@ -604,7 +605,13 @@ update_nginx_settings(){ # Set up nginx sed 's/^worker_processes.*/'"worker_processes ${NGINX_WORKER_PROCESSES};"'/' -i ${NGINX_CONFIG_PATH} sed 's/worker_connections.*/'"worker_connections ${NGINX_WORKER_CONNECTIONS};"'/' -i ${NGINX_CONFIG_PATH} - sed 's/access_log.*/'"access_log off;"'/' -i ${NGINX_CONFIG_PATH} + + if [ "${NGINX_ACCESS_LOG}" = "true" ]; then + touch "${DS_LOG_DIR}/nginx.access.log" + sed -ri 's|^\s*access_log\b.*;|access_log '"${DS_LOG_DIR}"'/nginx.access.log;|' "${NGINX_CONFIG_PATH}" "${NGINX_ONLYOFFICE_PATH}/includes/ds-common.conf" 2>/dev/null + else + sed -ri 's|^\s*access_log\b.*;|access_log off;|' "${NGINX_CONFIG_PATH}" + fi # setup HTTPS if [ -f "${SSL_CERTIFICATE_PATH}" -a -f "${SSL_KEY_PATH}" ]; then From ba4961c28f860daae38c27d40fc399f3bb59decb Mon Sep 17 00:00:00 2001 From: Alexey Golubev Date: Wed, 15 Oct 2025 12:15:01 +0000 Subject: [PATCH 14/14] Update important notice --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e2a83e9..03866e9 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Starting from version 6.0, Document Server is distributed as ONLYOFFICE Docs. It ONLYOFFICE Docs can be used as a part of [ONLYOFFICE DocSpace](https://www.onlyoffice.com/docspace.aspx) and ONLYOFFICE Workspace, or with [third-party sync&share solutions](https://www.onlyoffice.com/all-connectors.aspx) (e.g. Odoo, Moodle, Nextcloud, ownCloud, Seafile, etc.) to enable collaborative editing within their interface. -***Important*** Please update `docker-engine` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:22.04` as base image and it older versions of docker have compatibility problems with it +***Important*** Please update `docker-engine` to latest version (`20.10.21` as of writing this doc) before using it. We use `ubuntu:24.04` as base image and it older versions of docker have compatibility problems with it ## Functionality ##