diff --git a/ct/bentopdf.sh b/ct/bentopdf.sh index c07f95bb6..f4662bee9 100644 --- a/ct/bentopdf.sh +++ b/ct/bentopdf.sh @@ -42,7 +42,6 @@ function update_script() { msg_info "Updating BentoPDF" cd /opt/bentopdf $STD npm ci --no-audit --no-fund - $STD npm install http-server -g if [[ -f /opt/production.env ]]; then mv /opt/production.env ./.env.production else @@ -52,15 +51,97 @@ function update_script() { export SIMPLE_MODE=true export VITE_USE_CDN=true $STD npm run build:all + if [[ ! -f /opt/bentopdf/dist/config.json ]]; then + cat <<'EOF' >/opt/bentopdf/dist/config.json +{} +EOF + fi msg_ok "Updated BentoPDF" msg_info "Starting Service" - if grep -q '8080' /etc/systemd/system/bentopdf.service; then - sed -i -e 's|/bentopdf|/bentopdf/dist|' \ - -e 's|npx.*|npx http-server -g -b -d false -r --no-dotfiles|' \ - /etc/systemd/system/bentopdf.service - systemctl daemon-reload + ensure_dependencies nginx openssl + if [[ ! -f /etc/ssl/private/bentopdf-selfsigned.key || ! -f /etc/ssl/certs/bentopdf-selfsigned.crt ]]; then + CERT_CN="$(hostname -I | awk '{print $1}')" + $STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \ + -keyout /etc/ssl/private/bentopdf-selfsigned.key \ + -out /etc/ssl/certs/bentopdf-selfsigned.crt \ + -subj "/CN=${CERT_CN}" fi + cat <<'EOF' >/etc/nginx/sites-available/bentopdf +server { + listen 8080; + server_name _; + return 301 https://$host:8443$request_uri; + } + + server { + listen 8443 ssl; + server_name _; + ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key; + root /opt/bentopdf/dist; + index index.html; + + # Required for LibreOffice WASM (Word/Excel/PowerPoint to PDF via SharedArrayBuffer) + add_header Cross-Origin-Opener-Policy "same-origin" always; + add_header Cross-Origin-Embedder-Policy "require-corp" always; + add_header Cross-Origin-Resource-Policy "cross-origin" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + + gzip_static on; + + location ~* /libreoffice-wasm/soffice\.wasm\.gz$ { + gzip off; + types {} default_type application/wasm; + add_header Content-Encoding gzip; + add_header Vary "Accept-Encoding"; + add_header Cache-Control "public, immutable"; + } + + location ~* /libreoffice-wasm/soffice\.data\.gz$ { + gzip off; + types {} default_type application/octet-stream; + add_header Content-Encoding gzip; + add_header Vary "Accept-Encoding"; + add_header Cache-Control "public, immutable"; + } + + location ~* \.wasm$ { + types {} default_type application/wasm; + expires 1y; + add_header Cache-Control "public, immutable"; + } + + location ~* \.(wasm\.gz|data\.gz|data)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + } + + location / { + try_files $uri $uri/ $uri.html =404; + } + + error_page 404 /404.html; +} +EOF + rm -f /etc/nginx/sites-enabled/default + ln -sf /etc/nginx/sites-available/bentopdf /etc/nginx/sites-enabled/bentopdf + cat <<'EOF' >/etc/systemd/system/bentopdf.service +[Unit] +Description=BentoPDF Service +After=network.target + +[Service] +Type=simple +ExecStart=/usr/sbin/nginx -g "daemon off;" +ExecReload=/bin/kill -HUP $MAINPID +Restart=always + +[Install] +WantedBy=multi-user.target +EOF + systemctl daemon-reload systemctl start bentopdf msg_ok "Started Service" msg_ok "Updated successfully!" @@ -75,4 +156,4 @@ description msg_ok "Completed successfully!\n" echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" echo -e "${INFO}${YW} Access it using the following URL:${CL}" -echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}" +echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:8443${CL}" diff --git a/install/bentopdf-install.sh b/install/bentopdf-install.sh index f447eec76..6985607e0 100644 --- a/install/bentopdf-install.sh +++ b/install/bentopdf-install.sh @@ -13,32 +13,105 @@ setting_up_container network_check update_os +msg_info "Installing Dependencies" +$STD apt install -y \ + nginx \ + openssl +msg_ok "Installed Dependencies" + NODE_VERSION="24" setup_nodejs fetch_and_deploy_gh_release "bentopdf" "alam00000/bentopdf" "tarball" "latest" "/opt/bentopdf" msg_info "Setup BentoPDF" cd /opt/bentopdf $STD npm ci --no-audit --no-fund -$STD npm install http-server -g cp ./.env.example ./.env.production export NODE_OPTIONS="--max-old-space-size=3072" export SIMPLE_MODE=true export VITE_USE_CDN=true $STD npm run build:all +cat <<'EOF' >/opt/bentopdf/dist/config.json +{} +EOF msg_ok "Setup BentoPDF" msg_info "Creating Service" -cat </etc/systemd/system/bentopdf.service +CERT_CN="$(hostname -I | awk '{print $1}')" +$STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \ + -keyout /etc/ssl/private/bentopdf-selfsigned.key \ + -out /etc/ssl/certs/bentopdf-selfsigned.crt \ + -subj "/CN=${CERT_CN}" + +cat <<'EOF' >/etc/nginx/sites-available/bentopdf +server { + listen 8080; + server_name _; + return 301 https://$host:8443$request_uri; +} + +server { + listen 8443 ssl; + server_name _; + ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key; + root /opt/bentopdf/dist; + index index.html; + + # Required for LibreOffice WASM (Word/Excel/PowerPoint to PDF via SharedArrayBuffer) + add_header Cross-Origin-Opener-Policy "same-origin" always; + add_header Cross-Origin-Embedder-Policy "require-corp" always; + add_header Cross-Origin-Resource-Policy "cross-origin" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "SAMEORIGIN" always; + + gzip_static on; + + location ~* /libreoffice-wasm/soffice\.wasm\.gz$ { + gzip off; + types {} default_type application/wasm; + add_header Content-Encoding gzip; + add_header Vary "Accept-Encoding"; + add_header Cache-Control "public, immutable"; + } + + location ~* /libreoffice-wasm/soffice\.data\.gz$ { + gzip off; + types {} default_type application/octet-stream; + add_header Content-Encoding gzip; + add_header Vary "Accept-Encoding"; + add_header Cache-Control "public, immutable"; + } + + location ~* \.wasm$ { + types {} default_type application/wasm; + expires 1y; + add_header Cache-Control "public, immutable"; + } + + location ~* \.(wasm\.gz|data\.gz|data)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + } + + location / { + try_files $uri $uri/ $uri.html =404; + } + + error_page 404 /404.html; +} +EOF +rm -f /etc/nginx/sites-enabled/default +ln -sf /etc/nginx/sites-available/bentopdf /etc/nginx/sites-enabled/bentopdf +cat <<'EOF' >/etc/systemd/system/bentopdf.service [Unit] Description=BentoPDF Service After=network.target [Service] Type=simple -WorkingDirectory=/opt/bentopdf/dist -ExecStart=/usr/bin/npx http-server -g -b -d false -r --no-dotfiles +ExecStart=/usr/sbin/nginx -g "daemon off;" +ExecReload=/bin/kill -HUP $MAINPID Restart=always -RestartSec=10 [Install] WantedBy=multi-user.target