From 050451e0c4fe3ee733afa41f07031025e00816b9 Mon Sep 17 00:00:00 2001 From: "Urko." Date: Mon, 25 Dec 2023 12:03:59 +0100 Subject: [PATCH] fix: add missing config --- .../entrypoint-override.sh | 19 +++ config/ocis/app-registry.yaml | 65 +++++++++ config/ocis/banned-password-list.txt | 5 + config/onlyoffice/entrypoint-override.sh | 7 + config/onlyoffice/local.json | 71 ++++++++++ config/wopiserver/entrypoint-override.sh | 13 ++ config/wopiserver/wopiserver.conf.dist | 128 ++++++++++++++++++ 7 files changed, 308 insertions(+) create mode 100644 config/ocis-appprovider-onlyoffice/entrypoint-override.sh create mode 100644 config/ocis/app-registry.yaml create mode 100644 config/ocis/banned-password-list.txt create mode 100644 config/onlyoffice/entrypoint-override.sh create mode 100644 config/onlyoffice/local.json create mode 100644 config/wopiserver/entrypoint-override.sh create mode 100644 config/wopiserver/wopiserver.conf.dist diff --git a/config/ocis-appprovider-onlyoffice/entrypoint-override.sh b/config/ocis-appprovider-onlyoffice/entrypoint-override.sh new file mode 100644 index 0000000..b06960d --- /dev/null +++ b/config/ocis-appprovider-onlyoffice/entrypoint-override.sh @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +apk add curl + +#TODO: app driver itself should try again until OnlyOffice is up... + +retries=10 +while [[ $retries -gt 0 ]]; do + if curl --silent --show-error --fail http://onlyoffice/hosting/discovery > /dev/null; then + ocis app-provider server + else + echo "OnlyOffice is not yet available, trying again in 10 seconds" + sleep 10 + retries=$((retries - 1)) + fi +done +echo 'OnlyOffice was not available after 100 seconds' +exit 1 \ No newline at end of file diff --git a/config/ocis/app-registry.yaml b/config/ocis/app-registry.yaml new file mode 100644 index 0000000..d5e7a8c --- /dev/null +++ b/config/ocis/app-registry.yaml @@ -0,0 +1,65 @@ +app_registry: + mimetypes: + - mime_type: application/pdf + extension: pdf + name: PDF + description: PDF document + icon: '' + default_app: '' + allow_creation: false + - mime_type: application/vnd.oasis.opendocument.text + extension: odt + name: OpenDocument + description: OpenDocument text document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.oasis.opendocument.spreadsheet + extension: ods + name: OpenSpreadsheet + description: OpenDocument spreadsheet document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.oasis.opendocument.presentation + extension: odp + name: OpenPresentation + description: OpenDocument presentation document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document + extension: docx + name: Microsoft Word + description: Microsoft Word document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.form + extension: docxf + name: Form Document + description: Form Document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + extension: xlsx + name: Microsoft Excel + description: Microsoft Excel document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation + extension: pptx + name: Microsoft PowerPoint + description: Microsoft PowerPoint document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.jupyter + extension: ipynb + name: Jupyter Notebook + description: Jupyter Notebook + icon: '' + default_app: '' + allow_creation: true \ No newline at end of file diff --git a/config/ocis/banned-password-list.txt b/config/ocis/banned-password-list.txt new file mode 100644 index 0000000..13ff171 --- /dev/null +++ b/config/ocis/banned-password-list.txt @@ -0,0 +1,5 @@ +password +12345678 +123 +ownCloud +ownCloud-1 \ No newline at end of file diff --git a/config/onlyoffice/entrypoint-override.sh b/config/onlyoffice/entrypoint-override.sh new file mode 100644 index 0000000..41e80c5 --- /dev/null +++ b/config/onlyoffice/entrypoint-override.sh @@ -0,0 +1,7 @@ +#!/bin/sh +set -e + +# we can't mount it directly because the run-document-server.sh script wants to move it +cp /etc/onlyoffice/documentserver/local.dist.json /etc/onlyoffice/documentserver/local.json + +/app/ds/run-document-server.sh \ No newline at end of file diff --git a/config/onlyoffice/local.json b/config/onlyoffice/local.json new file mode 100644 index 0000000..b59c94d --- /dev/null +++ b/config/onlyoffice/local.json @@ -0,0 +1,71 @@ +{ + "services": { + "CoAuthoring": { + "sql": { + "type": "postgres", + "dbHost": "localhost", + "dbPort": "5432", + "dbName": "onlyoffice", + "dbUser": "onlyoffice", + "dbPass": "onlyoffice" + }, + "token": { + "enable": { + "request": { + "inbox": true, + "outbox": true + }, + "browser": true + }, + "inbox": { + "header": "Authorization" + }, + "outbox": { + "header": "Authorization" + } + }, + "secret": { + "inbox": { + "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu" + }, + "outbox": { + "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu" + }, + "session": { + "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu" + } + } + } + }, + "rabbitmq": { + "url": "amqp://guest:guest@localhost" + }, + "FileConverter": { + "converter": { + "inputLimits": [ + { + "type": "docx;dotx;docm;dotm", + "zip": { + "uncompressed": "1GB", + "template": "*.xml" + } + }, + { + "type": "xlsx;xltx;xlsm;xltm", + "zip": { + "uncompressed": "1GB", + "template": "*.xml" + } + }, + { + "type": "pptx;ppsx;potx;pptm;ppsm;potm", + "zip": { + "uncompressed": "1GB", + "template": "*.xml" + } + } + ] + } + } + + } \ No newline at end of file diff --git a/config/wopiserver/entrypoint-override.sh b/config/wopiserver/entrypoint-override.sh new file mode 100644 index 0000000..33bc91c --- /dev/null +++ b/config/wopiserver/entrypoint-override.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +echo "${WOPISECRET}" > /etc/wopi/wopisecret + +cp /etc/wopi/wopiserver.conf.dist /etc/wopi/wopiserver.conf +sed -i 's/wopiserver.owncloud.test/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf + +if [ "$WOPISERVER_INSECURE" = "true" ]; then + sed -i 's/sslverify\s=\sTrue/sslverify = False/g' /etc/wopi/wopiserver.conf +fi + +/app/wopiserver.py \ No newline at end of file diff --git a/config/wopiserver/wopiserver.conf.dist b/config/wopiserver/wopiserver.conf.dist new file mode 100644 index 0000000..2ba904e --- /dev/null +++ b/config/wopiserver/wopiserver.conf.dist @@ -0,0 +1,128 @@ +# +# This config is based on https://github.com/cs3org/wopiserver/blob/master/wopiserver.conf +# +# wopiserver.conf +# +# Default configuration file for the WOPI server for oCIS +# +############################################################## + +[general] +# Storage access layer to be loaded in order to operate this WOPI server +# only "cs3" is supported with oCIS +storagetype = cs3 + +# Port where to listen for WOPI requests +port = 8880 + +# Logging level. Debug enables the Flask debug mode as well. +# Valid values are: Debug, Info, Warning, Error. +loglevel = Error +loghandler = stream +logdest = stdout + +# URL of your WOPI server or your HA proxy in front of it +wopiurl = https://wopiserver.urkob.com + +# URL for direct download of files. The complete URL that is sent +# to clients will include the access_token argument +downloadurl = https://wopiserver.urkob.com/wopi/iop/download + +# The internal server engine to use (defaults to flask). +# Set to waitress for production installations. +internalserver = waitress + +# List of file extensions deemed incompatible with LibreOffice: +# interoperable locking will be disabled for such files +nonofficetypes = .md .zmd .txt .epd + +# List of file extensions to be supported by Collabora (deprecated) +codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key + +# WOPI access token expiration time [seconds] +tokenvalidity = 86400 + +# WOPI lock expiration time [seconds] +wopilockexpiration = 3600 + +# WOPI lock strict check: if True (default), WOPI locks will be compared according to specs, +# that is their representation must match. False allows for a more relaxed comparison, +# which compensates incorrect lock requests from Microsoft Office Online 2016-2018 +# on-premise setups. +#wopilockstrictcheck = True + +# Enable support of rename operations from WOPI apps. This is currently +# disabled by default as it has been observed that both MS Office and Collabora +# Online do not play well with this feature. +# Not supported with oCIS, must always be set to "False" +enablerename = False + +# Detection of external Microsoft Office or LibreOffice locks. By default, lock files +# compatible with Office for Desktop applications are detected, assuming that the +# underlying storage can be mounted as a remote filesystem: in this case, WOPI GetLock +# and SetLock operations return such locks and prevent online apps from entering edit mode. +# This feature can be disabled in order to operate a pure WOPI server for online apps. +# Not supported with oCIS, must always be set to "False" +detectexternallocks = False + +# Location of the webconflict files. By default, such files are stored in the same path +# as the original file. If that fails (e.g. because of missing permissions), +# an attempt is made to store such files in this path if specified, otherwise +# the system falls back to the recovery space (cf. io|recoverypath). +# The keywords and are replaced with the actual username's +# initial letter and the actual username, respectively, so you can use e.g. +# /your_storage/home/user_initial/username +#conflictpath = / + +# ownCloud's WOPI proxy configuration. Disabled by default. +#wopiproxy = https://external-wopi-proxy.com +#wopiproxysecretfile = /path/to/your/shared-key-file +#proxiedappname = Name of your proxied app + +[security] +# Location of the secret files. Requires a restart of the +# WOPI server when either the files or their content change. +wopisecretfile = /etc/wopi/wopisecret +# iop secret is not used for cs3 storage type +#iopsecretfile = /etc/wopi/iopsecret + +# Use https as opposed to http (requires certificate) +usehttps = no + +# Certificate and key for https. Requires a restart +# to apply a change. +wopicert = /etc/grid-security/host.crt +wopikey = /etc/grid-security/host.key + +[bridge] +# SSL certificate check for the connected apps +sslverify = True + +# Minimal time interval between two consecutive save operations [seconds] +#saveinterval = 200 + +# Minimal time interval before a closed file is WOPI-unlocked [seconds] +#unlockinterval = 90 + +# CodiMD: disable creating zipped bundles when files contain pictures +#disablezip = False + +[io] +# Size used for buffered reads [bytes] +chunksize = 4194304 + +# Path to a recovery space in case of I/O errors when reaching to the remote storage. +# This is expected to be a local path, and it is provided in order to ease user support. +# Defaults to the indicated spool folder. +recoverypath = /var/spool/wopirecovery + +[cs3] +# Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint +revagateway = ocis:9142 + +# Reva/gRPC authentication token expiration time [seconds] +# The default value matches Reva's default +authtokenvalidity = 3600 + +# SSL certificate check for Reva +sslverify = True \ No newline at end of file