initial commit of file from CVS for smeserver-onlyoffice on Sat Sep 7 20:48:46 AEST 2024
This commit is contained in:
Trevor Batley
165
root/etc/e-smith/events/actions/smeserver-onlyoffice-conf
Normal file
165
root/etc/e-smith/events/actions/smeserver-onlyoffice-conf
Normal file
@@ -0,0 +1,165 @@
|
||||
#!/bin/bash
|
||||
|
||||
[ -f /etc/nginx/conf.d/onlyoffice-documentserver.conf ] && rm -f /etc/nginx/conf.d/onlyoffice-documentserver.conf
|
||||
[ -f /etc/nginx/includes/onlyoffice-http.conf ] && rm -f /etc/nginx/includes/onlyoffice-http.conf
|
||||
[ -e /etc/nginx/includes/ds-example.conf ] && rm -f /etc/nginx/includes/ds-example.conf
|
||||
|
||||
# NB if token less than 32 webtop will fail
|
||||
|
||||
# get fqdn and dshost
|
||||
export fqdn=$(/sbin/e-smith/config getprop onlyoffice VirtualHost || echo `config get SystemName`.`config get DomainName`)
|
||||
export dshost=$fqdn
|
||||
export dsport=$(/sbin/e-smith/config getprop onlyoffice TCPPort || echo "8082")
|
||||
secretString=$(/sbin/e-smith/config getprop onlyoffice secretString || /usr/bin/openssl rand -base64 60 | tr -c -d '[:alnum:]' )
|
||||
fulladdress="$dshost:$dsport"
|
||||
[ $(/sbin/e-smith/config getprop onlyoffice VirtualHost) ] && fulladdress=$(/sbin/e-smith/config getprop onlyoffice VirtualHost)
|
||||
|
||||
# configure onlyoffice
|
||||
DIR="/var/www/onlyoffice"
|
||||
DEFAULT_CONFIG="/etc/onlyoffice/documentserver/default.json"
|
||||
EXAMPLE_CONFIG="/etc/onlyoffice/documentserver-example/default.json"
|
||||
SAVED_DEFAULT_CONFIG="$DEFAULT_CONFIG.rpmsave"
|
||||
PSQL=""
|
||||
CREATEDB=""
|
||||
DS_PORT=${DS_PORT:-$dsport}
|
||||
# DOCSERVICE_PORT=${DOCSERVICE_PORT:-8000}
|
||||
# SPELLCHECKER_PORT=${SPELLCHECKER_PORT:-8080}
|
||||
# EXAMPLE_PORT=${EXAMPLE_PORT:-3000}
|
||||
JWT_ENABLED=${JWT_ENABLED:-true}
|
||||
JWT_SECRET=${JWT_SECRET:-secret}
|
||||
JWT_HEADER=${JWT_HEADER:-Authorization}
|
||||
JWT_SECRET=`/sbin/e-smith/config getprop onlyoffice token`
|
||||
|
||||
# get reject unauthorized ssl config
|
||||
REJECT_UNAUTHORIZED=`/sbin/e-smith/config getprop onlyoffice RejectUnauthorized || echo "true"`
|
||||
verify_peer_off="false";
|
||||
if [[ "$REJECT_UNAUTHORIZED" == "false" ]]; then verify_peer_off="true"; fi
|
||||
|
||||
# create database if not exist
|
||||
export PGPASSWORD=`/sbin/e-smith/config getprop onlyoffice dbpass || echo 'onlyoffice'`
|
||||
PGUSER=`/sbin/e-smith/config getprop onlyoffice dbuser || echo 'onlyoffice'`
|
||||
PGNAME=`/sbin/e-smith/config getprop onlyoffice dbname || echo 'onlyoffice'`
|
||||
CONNECTION_PARAMS="-hlocalhost -U$PGUSER -w"
|
||||
psql="/usr/pgsql-13/bin/psql"
|
||||
PSQL="$psql -q $CONNECTION_PARAMS"
|
||||
CREATEDB="createdb -q $CONNECTION_PARAMS"
|
||||
|
||||
su - postgres -c "$psql -lqt | cut -d \| -f 1 | grep -q -w $PGNAME"
|
||||
if [ $? -eq 1 ]; then # database do not exists
|
||||
su - postgres -c "$psql -c \"CREATE DATABASE $PGNAME;\""
|
||||
su - postgres -c "$psql -c \"CREATE USER $PGUSER WITH password '$PGPASSWORD';\""
|
||||
su - postgres -c "$psql -c \"GRANT ALL privileges ON DATABASE $PGNAME TO $PGUSER;\""
|
||||
else
|
||||
su - postgres -c "$psql -c \"ALTER USER $PGUSER WITH password '$PGPASSWORD';\""
|
||||
fi
|
||||
|
||||
# check if db works correctly
|
||||
$PSQL -c ";" >/dev/null 2>&1 || { echo "FAILURE"; exit 1; }
|
||||
|
||||
# db schema
|
||||
$PSQL -d "$PGNAME" -f "$DIR/documentserver/server/schema/postgresql/createdb.sql" >/dev/null 2>&1
|
||||
|
||||
# change port 8080 to 48080 for spellchecker to not conflict with tomcat
|
||||
jq -r ".SpellChecker.server.port = 48080" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# change port 8000 to 48000 for coauth to not conflict with webvirtmgr
|
||||
jq -r ".services.CoAuthoring.server.port = 48000" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# postgres db settings
|
||||
jq -r ".services.CoAuthoring.sql.dbHost = \"localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.sql.dbName= \"onlyoffice\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.sql.dbUser = \"onlyoffice\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.sql.dbPass = \"${PGPASSWORD}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# RabbitMQ
|
||||
jq -r ".rabbitmq.url = \"amqp://guest:guest@localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# redis
|
||||
jq -r ".services.CoAuthoring.redis.host = \"localhost\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# enable jwt token for browser, inbox and outbox
|
||||
jq -r ".services.CoAuthoring.token.enable.browser = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.token.enable.request.inbox = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.token.enable.request.outbox = ${JWT_ENABLED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# set secret for session, inbox and outbox
|
||||
jq -r ".services.CoAuthoring.secret.inbox.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.secret.outbox.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.secret.session.string = \"${JWT_SECRET}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# set header, define in JWT_HEADER
|
||||
jq -r ".services.CoAuthoring.token.inbox.header = \"${JWT_HEADER}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
jq -r ".services.CoAuthoring.token.outbox.header = \"${JWT_HEADER}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# Allow unauthorized SSL if enabled
|
||||
jq -r ".services.CoAuthoring.requestDefaults.rejectUnauthorized = ${REJECT_UNAUTHORIZED}" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
#add very secret string https://forum.onlyoffice.com/t/onlyoffice-7-2-secure-link-secret-error/2806/4
|
||||
jq -r ".storage.fs.secretString = \"${secretString}\"" $DEFAULT_CONFIG > temp.json && mv -f temp.json $DEFAULT_CONFIG
|
||||
|
||||
# configure nextcloud
|
||||
if [ -f /usr/share/nextcloud/occ ]; then # check if nextcloud is installed
|
||||
# Install onlyoffice app
|
||||
/usr/bin/occ app:install onlyoffice
|
||||
|
||||
# Set DocumentServerUrl
|
||||
/usr/bin/occ config:app:set onlyoffice DocumentServerUrl --value="https://$fulladdress/"
|
||||
|
||||
# Set token secret
|
||||
/usr/bin/occ config:app:set onlyoffice jwt_secret --value="$JWT_SECRET"
|
||||
|
||||
# Enable onlyoffice app
|
||||
/usr/bin/occ app:enable onlyoffice
|
||||
|
||||
# allow self-signed cert make it conditional
|
||||
/usr/bin/occ config:app:set onlyoffice verify_peer_off --value="$verify_peer_off"
|
||||
fi
|
||||
|
||||
# check if webtop5 db is present to add onlyoffice config and restart webtop
|
||||
su - postgres -c "$psql -lqt | cut -d \| -f 1 | grep -q -w webtop5"
|
||||
if [ $? -eq 0 ]; then
|
||||
su - postgres -c "$psql webtop5" <<EOF
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.secret.in', '$JWT_SECRET'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.secret.in'
|
||||
);
|
||||
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.secret.out', '$JWT_SECRET'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.secret.out'
|
||||
);
|
||||
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.loopback.url', 'https://$fqdn/webtop'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.loopback.url'
|
||||
);
|
||||
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.public.url', 'https://$fulladdress'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.public.url'
|
||||
);
|
||||
|
||||
INSERT INTO core.settings(service_id, key, value)
|
||||
SELECT 'com.sonicle.webtop.core', 'documentserver.enabled', 'true'
|
||||
WHERE NOT EXISTS (
|
||||
SELECT 1 FROM core.settings WHERE key='documentserver.enabled'
|
||||
);
|
||||
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.secret.in', value='$JWT_SECRET' WHERE key='documentserver.secret.in';
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.secret.out', value='$JWT_SECRET' WHERE key='documentserver.secret.out';
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.loopback.url', value='https://$fqdn/webtop' WHERE key='documentserver.loopback.url';
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.public.url', value='https://$fulladdress' WHERE key='documentserver.public.url';
|
||||
UPDATE core.settings SET service_id='com.sonicle.webtop.core', key='documentserver.enabled', value='true' WHERE key='documentserver.enabled';
|
||||
EOF
|
||||
|
||||
systemctl restart tomcat8@webtop
|
||||
|
||||
fi
|
||||
|
||||
# set owner of config file to onlyoffice
|
||||
|
||||
chown ds:ds $DEFAULT_CONFIG
|
||||
Reference in New Issue
Block a user