diff --git a/.env.example b/.env.example index a57ec8013081be68cd38174734c6ac576a6f4082..aa681b5e3fdb9fb1a3a412ff74902b7f873be6a9 100644 --- a/.env.example +++ b/.env.example @@ -35,6 +35,18 @@ OVERWRITEPROTOCOL= SENTRY_DSN= SENTRY_PUBLIC_DSN= +# OnlyOffice +ONLYOFFICE_DB_HOST=db +ONLYOFFICE_DB_PORT=5432 +ONLYOFFICE_DB_NAME=onlyoffice +ONLYOFFICE_DB_USER=onlyoffice +ONLYOFFICE_DB_PASSWORD=123456 +ONLYOFFICE_DOCUMENT_SERVER_URL=http://localhost:8081 # Internal Docker URL (auto-adjusts to https in staging/prod via env) +ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://documentserver/ +ONLYOFFICE_STORAGE_URL=http://nginx/ +ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32) # Generate: openssl rand -hex 32 +ONLYOFFICE_JWT_HEADER=Authorization + # nginx NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest diff --git a/.gitignore b/.gitignore index d6588b0eb1266a2c365264c0ca12c307894d9025..9756529c1d92115a49b1170799ca1a357f0d70d8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .idea files +.env \ No newline at end of file diff --git a/config/nextcloud/onlyoffice.config.php b/config/nextcloud/onlyoffice.config.php new file mode 100644 index 0000000000000000000000000000000000000000..fb9a44b6babef5c1649f3c4720ca13b01221b93f --- /dev/null +++ b/config/nextcloud/onlyoffice.config.php @@ -0,0 +1,12 @@ + array( + 'DocumentServerUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_URL') ?: 'http://localhost:8081/', + 'DocumentServerInternalUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL') ?: 'http://documentserver/', + 'StorageUrl' => getenv('ONLYOFFICE_STORAGE_URL') ?: 'http://nginx', + 'jwt_secret' => getenv('ONLYOFFICE_JWT_SECRET') ?: '', + 'jwt_header' => getenv('ONLYOFFICE_JWT_HEADER') ?: 'Authorization', + ), + ); +} diff --git a/config/postgres/init-onlyoffice.sh b/config/postgres/init-onlyoffice.sh new file mode 100755 index 0000000000000000000000000000000000000000..e07ba72ff9cf5e31d5d10876d174011bb493b818 --- /dev/null +++ b/config/postgres/init-onlyoffice.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -euo pipefail # Exit on error, undefined vars, pipe failures + +# Helper: Run psql command (uses POSTGRES_USER/DB for auth) +run_psql() { + psql -v ON_ERROR_STOP=1 -U "${POSTGRES_USER}" "$@" +} + +echo "Starting OnlyOffice DB init..." + +# Create user if not exists (transaction-safe) +if ! run_psql -tAc "SELECT 1 FROM pg_roles WHERE rolname = '${ONLYOFFICE_DB_USER}'" | grep -q 1; then + run_psql -c "CREATE USER ${ONLYOFFICE_DB_USER} WITH PASSWORD '${ONLYOFFICE_DB_PASSWORD}';" + echo "Created user '${ONLYOFFICE_DB_USER}'." +else + echo "User '${ONLYOFFICE_DB_USER}' already exists." +fi + +# Create DB if not exists (non-transactional: check first, then create) +if ! run_psql -tAc "SELECT 1 FROM pg_database WHERE datname = '${ONLYOFFICE_DB_NAME}'" | grep -q 1; then + # Temp connect as superuser to create DB + run_psql -c "CREATE DATABASE ${ONLYOFFICE_DB_NAME} OWNER ${ONLYOFFICE_DB_USER};" + echo "Created DB '${ONLYOFFICE_DB_NAME}'." +else + echo "DB '${ONLYOFFICE_DB_NAME}' already exists." +fi + +# Grant privileges (safe to re-run) +run_psql -c "GRANT ALL PRIVILEGES ON DATABASE ${ONLYOFFICE_DB_NAME} TO ${ONLYOFFICE_DB_USER};" + +echo "OnlyOffice DB and user initialized successfully." diff --git a/docker-compose.local.yml b/docker-compose.local.yml index cc75125451f951dca1eee394a93b7a18bbb08687..a0baee97c2fbb9f9b5f7a0292faaab3e7a5f5edb 100644 --- a/docker-compose.local.yml +++ b/docker-compose.local.yml @@ -6,8 +6,12 @@ services: - POSTGRES_DB=${DB_NAME} - POSTGRES_USER=${DB_USER} - POSTGRES_PASSWORD=${DB_PASSWORD} + - ONLYOFFICE_DB_NAME=${ONLYOFFICE_DB_NAME} + - ONLYOFFICE_DB_USER=${ONLYOFFICE_DB_USER} + - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD} volumes: - db:/var/lib/postgresql/data + - ./config/postgres/init-onlyoffice.sh:/docker-entrypoint-initdb.d/10-onlyoffice.sh:ro healthcheck: test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"] interval: 10s @@ -58,11 +62,41 @@ services: - "8000:80" depends_on: - nextcloud + + documentserver: + image: onlyoffice/documentserver:9.1 + restart: unless-stopped + depends_on: + db: + condition: service_healthy + environment: + - DB_HOST=${ONLYOFFICE_DB_HOST} + - DB_PORT=${ONLYOFFICE_DB_PORT} + - DB_NAME=${ONLYOFFICE_DB_NAME} + - DB_USER=${ONLYOFFICE_DB_USER} + - DB_PWD=${ONLYOFFICE_DB_PASSWORD} + - JWT_SECRET=${ONLYOFFICE_JWT_SECRET} + - JWT_HEADER=${ONLYOFFICE_JWT_HEADER} + ports: + - "8081:80" + volumes: + - onlyoffice_data:/var/www/onlyoffice/Data + - onlyoffice_logs:/var/log/onlyoffice + healthcheck: + test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/healthcheck"] + interval: 10s + timeout: 5s + retries: 5 + start_period: 30s + networks: + - worker-network volumes: !override db: nextcloud-config: nextcloud-data: + onlyoffice_data: + onlyoffice_logs: networks: proxy-network: diff --git a/docker-compose.yml b/docker-compose.yml index 5afbcf51c480bfa576fd0601113d2c9cc0b336ce..f3e281099febf9cf60fb6e3ce699f10a90063668 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -33,6 +33,11 @@ services: - OBJECTSTORE_S3_USEPATH_STYLE=${OBJECTSTORE_S3_USEPATH_STYLE} - OBJECTSTORE_S3_OBJECT_PREFIX=${OBJECTSTORE_S3_OBJECT_PREFIX} - OBJECTSTORE_S3_AUTOCREATE=${OBJECTSTORE_S3_AUTOCREATE} + - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL} + - ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL} + - ONLYOFFICE_STORAGE_URL=${ONLYOFFICE_STORAGE_URL} + - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET} + - ONLYOFFICE_JWT_HEADER=${ONLYOFFICE_JWT_HEADER} volumes: - nextcloud-config:/var/www/html/config - nextcloud-data:/var/www/html/data diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh index c828e7b7ecce964e95cfd0dc30245102e33195c4..78e8b4e3c80106964dc13ef7c4379cb2ba143b2f 100755 --- a/hooks.d/post-installation/murena-config.sh +++ b/hooks.d/post-installation/murena-config.sh @@ -18,6 +18,7 @@ occ app:enable oidc_login occ app:enable notes occ app:enable tasks occ app:enable sentry +occ app:enable onlyoffice occ app:disable firstrunwizard occ app:disable logreader @@ -30,3 +31,9 @@ occ maintenance:repair --include-expensive # Set background jobs to use system cron occ background:cron + +# config +occ config:app:set onlyoffice preview --value=false +occ config:app:set onlyoffice customization_plugins --value=false +occ config:app:set onlyoffice customizationChat --value=false +occ config:app:set onlyoffice customizationFeedback --value=false diff --git a/samples/onlyoffice/presentation.pptx b/samples/onlyoffice/presentation.pptx new file mode 100644 index 0000000000000000000000000000000000000000..5e94b45f3691a67cefd064472702e6ce4994a15c Binary files /dev/null and b/samples/onlyoffice/presentation.pptx differ diff --git a/samples/onlyoffice/sheet.xlsx b/samples/onlyoffice/sheet.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..78277555781e914440857813ff7fcc7b94a51368 Binary files /dev/null and b/samples/onlyoffice/sheet.xlsx differ diff --git a/samples/onlyoffice/welcome.docx b/samples/onlyoffice/welcome.docx new file mode 100644 index 0000000000000000000000000000000000000000..835a1c2bf6da56da36da1d6d7d3423a20eddcaff Binary files /dev/null and b/samples/onlyoffice/welcome.docx differ diff --git a/slim.Dockerfile b/slim.Dockerfile index db04d1f6bd45f2e8931b32aa536430ebe1a52920..bffb1344a37488fc9ab5bb6e60fc24c4abab76db 100644 --- a/slim.Dockerfile +++ b/slim.Dockerfile @@ -17,6 +17,7 @@ ARG OIDC_LOGIN_URL="https://gitlab.e.foundation/api/v4/projects/1496/packages/ge ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz" ARG TASKS_URL="https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz" ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.15.15/sentry-v8.15.15.tar.gz" +ARG ONLYOFFICE_URL="https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.11.0/onlyoffice.tar.gz" ARG THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/315/packages/generic/eCloud/v30.0.3/eCloud-v30.0.3.tar.gz" ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packages/generic/snappymail/v4.0.5/snappymail-v4.0.5.tar.gz" @@ -28,8 +29,8 @@ RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \ && mkdir -p ${BASE_DIR}/core/skeleton/Documents \ && mkdir -p ${BASE_DIR}/core/skeleton/Images \ && mkdir -p ${BASE_DIR}/themes/Murena +COPY --chown=www-data:www-data samples/onlyoffice/ ${BASE_DIR}/core/skeleton/Documents/ -# Install unzip for unzipping artifacts RUN apt-get update && apt-get install -y unzip ffmpeg syslog-ng # Murena apps @@ -45,6 +46,7 @@ RUN curl -sL ${OIDC_LOGIN_URL} | tar xzf - -C ${BASE_DIR}/custom_apps RUN curl -sL ${NOTES_URL} | tar xzf - -C ${BASE_DIR}/custom_apps RUN curl -sL ${TASKS_URL} | tar xzf - -C ${BASE_DIR}/custom_apps RUN curl -sL ${SENTRY_URL} | tar xzf - -C ${BASE_DIR}/custom_apps +RUN curl -sL ${ONLYOFFICE_URL} | tar xzf - -C ${BASE_DIR}/custom_apps # Murena theme RUN curl -sL ${THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes