368 строки
12 KiB
Bash
368 строки
12 KiB
Bash
#!/bin/bash
|
|
|
|
# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
|
|
|
|
true
|
|
SCRIPT_NAME="OnlyOffice (Docker)"
|
|
SCRIPT_EXPLAINER="This script will install the OnlyOffice Document Server bundled with Docker"
|
|
# shellcheck source=lib.sh
|
|
source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
|
|
|
# Check for errors + debug code and abort if something isn't right
|
|
# 1 = ON
|
|
# 0 = OFF
|
|
DEBUG=0
|
|
debug_mode
|
|
|
|
# Check if root
|
|
root_check
|
|
|
|
# TODO: remove all functions with NC21.0.3 release
|
|
remove_all_office_apps() {
|
|
# remove OnlyOffice-documentserver if installed
|
|
if is_app_installed documentserver_community
|
|
then
|
|
nextcloud_occ app:remove documentserver_community
|
|
fi
|
|
|
|
# Disable OnlyOffice App if installed
|
|
if is_app_installed onlyoffice
|
|
then
|
|
nextcloud_occ app:remove onlyoffice
|
|
fi
|
|
|
|
# remove richdocumentscode-documentserver if installed
|
|
if is_app_installed richdocumentscode
|
|
then
|
|
nextcloud_occ app:remove richdocumentscode
|
|
fi
|
|
|
|
# Disable RichDocuments (Collabora App) if installed
|
|
if is_app_installed richdocuments
|
|
then
|
|
nextcloud_occ app:remove richdocuments
|
|
fi
|
|
}
|
|
add_to_trusted_domains() {
|
|
local element="$1"
|
|
local count=0
|
|
print_text_in_color "$ICyan" "Adding $element to trusted domains..."
|
|
while [ "$count" -le 10 ]
|
|
do
|
|
if [ "$(nextcloud_occ_no_check config:system:get trusted_domains "$count")" = "$element" ]
|
|
then
|
|
break
|
|
elif [ -z "$(nextcloud_occ_no_check config:system:get trusted_domains "$count")" ]
|
|
then
|
|
nextcloud_occ_no_check config:system:set trusted_domains "$count" --value="$element"
|
|
break
|
|
else
|
|
count=$((count+1))
|
|
fi
|
|
done
|
|
}
|
|
remove_from_trusted_domains() {
|
|
local element="$1"
|
|
local count=0
|
|
print_text_in_color "$ICyan" "Removing $element from trusted domains..."
|
|
while [ "$count" -lt 10 ]
|
|
do
|
|
if [ "$(nextcloud_occ_no_check config:system:get trusted_domains "$count")" = "$element" ]
|
|
then
|
|
nextcloud_occ_no_check config:system:delete trusted_domains "$count"
|
|
break
|
|
else
|
|
count=$((count+1))
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Check if collabora is already installed
|
|
if ! does_this_docker_exist 'onlyoffice/documentserver'
|
|
then
|
|
# Ask for installing
|
|
install_popup "$SCRIPT_NAME"
|
|
else
|
|
# Ask for removal or reinstallation
|
|
reinstall_remove_menu "$SCRIPT_NAME"
|
|
# Removal
|
|
# Check if Collabora is previously installed
|
|
# If yes, then stop and prune the docker container
|
|
docker_prune_this 'onlyoffice/documentserver'
|
|
# Revoke LE
|
|
SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for OnlyOffice, e.g: office.yourdomain.com")
|
|
if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ]
|
|
then
|
|
yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem"
|
|
REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")"
|
|
for remove in $REMOVE_OLD
|
|
do rm -rf "$remove"
|
|
done
|
|
fi
|
|
# Remove Apache2 config
|
|
if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ]
|
|
then
|
|
a2dissite "$SUBDOMAIN".conf
|
|
restart_webserver
|
|
rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf"
|
|
fi
|
|
# Remove trusted domain
|
|
remove_from_trusted_domains "$SUBDOMAIN"
|
|
# Show successful uninstall if applicable
|
|
removal_popup "$SCRIPT_NAME"
|
|
fi
|
|
|
|
# Check if collabora is installed and remove every trace of it
|
|
if does_this_docker_exist 'collabora/code'
|
|
then
|
|
msg_box "You can't run both Collabora and OnlyOffice on the same VM. We will now remove Collabora from the server."
|
|
# Remove docker image
|
|
docker_prune_this 'collabora/code'
|
|
# Revoke LE
|
|
SUBDOMAIN=$(input_box_flow "Please enter the subdomain you are using for Collabora, e.g: office.yourdomain.com")
|
|
if [ -f "$CERTFILES/$SUBDOMAIN/cert.pem" ]
|
|
then
|
|
yes no | certbot revoke --cert-path "$CERTFILES/$SUBDOMAIN/cert.pem"
|
|
REMOVE_OLD="$(find "$LETSENCRYPTPATH/" -name "$SUBDOMAIN*")"
|
|
for remove in $REMOVE_OLD
|
|
do rm -rf "$remove"
|
|
done
|
|
fi
|
|
# Remove Apache2 config
|
|
if [ -f "$SITES_AVAILABLE/$SUBDOMAIN.conf" ]
|
|
then
|
|
a2dissite "$SUBDOMAIN".conf
|
|
restart_webserver
|
|
rm -f "$SITES_AVAILABLE/$SUBDOMAIN.conf"
|
|
fi
|
|
# Remove trusted domain
|
|
remove_from_trusted_domains "$SUBDOMAIN"
|
|
fi
|
|
|
|
# Remove all office apps
|
|
remove_all_office_apps
|
|
|
|
# Check if apache2 evasive-mod is enabled and disable it because of compatibility issues
|
|
if [ "$(apache2ctl -M | grep evasive)" != "" ]
|
|
then
|
|
msg_box "We noticed that 'mod_evasive' is installed which is the DDOS protection for webservices. \
|
|
It has compatibility issues with OnlyOffice and you can now choose to disable it."
|
|
if ! yesno_box_yes "Do you want to disable DDOS protection?"
|
|
then
|
|
print_text_in_color "$ICyan" "Keeping mod_evasive active."
|
|
else
|
|
a2dismod evasive
|
|
# a2dismod mod-evasive # not needed, but existing in the Extra Security script.
|
|
apt-get purge libapache2-mod-evasive -y
|
|
systemctl restart apache2
|
|
fi
|
|
fi
|
|
|
|
# Ask for the domain for OnlyOffice
|
|
SUBDOMAIN=$(input_box_flow "OnlyOffice subdomain e.g: office.yourdomain.com
|
|
NOTE: This domain must be different than your Nextcloud domain. \
|
|
They can however be hosted on the same server, but would require separate DNS entries.")
|
|
|
|
# Nextcloud Main Domain
|
|
NCDOMAIN=$(nextcloud_occ_no_check config:system:get overwrite.cli.url | sed 's|https://||;s|/||')
|
|
|
|
true
|
|
# shellcheck source=lib.sh
|
|
source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
|
|
|
|
# Get all needed variables from the library
|
|
nc_update
|
|
|
|
# Notification
|
|
msg_box "Before continuing, please make sure that you have you have \
|
|
edited the DNS settings for $SUBDOMAIN, and opened port 80 and 443 \
|
|
directly to this servers IP. A full extensive guide can be found here:
|
|
https://www.techandme.se/open-port-80-443
|
|
|
|
This can be done automatically if you have UPNP enabled in your firewall/router. \
|
|
You will be offered to use UPNP in the next step.
|
|
|
|
PLEASE NOTE:
|
|
Using other ports than the default 80 and 443 is not supported, \
|
|
though it may be possible with some custom modification:
|
|
https://help.nextcloud.com/t/domain-refused-to-connect-collabora/91303/17"
|
|
|
|
if yesno_box_no "Do you want to use UPNP to open port 80 and 443?"
|
|
then
|
|
unset FAIL
|
|
open_port 80 TCP
|
|
open_port 443 TCP
|
|
cleanup_open_port
|
|
fi
|
|
|
|
# Get the latest packages
|
|
apt update -q4 & spinner_loading
|
|
|
|
# Check if Nextcloud is installed
|
|
print_text_in_color "$ICyan" "Checking if Nextcloud is installed..."
|
|
if ! curl -s https://"$NCDOMAIN"/status.php | grep -q 'installed":true'
|
|
then
|
|
msg_box "It seems like Nextcloud is not installed or that you don't use https on:
|
|
$NCDOMAIN.
|
|
Please install Nextcloud and make sure your domain is reachable, or activate TLS
|
|
on your domain to be able to run this script.
|
|
If you use the Nextcloud VM you can use the Let's Encrypt script to get TLS and activate your Nextcloud domain.
|
|
When TLS is activated, run these commands from your CLI:
|
|
sudo curl -sLO $APP/onlyoffice_docker.sh
|
|
sudo bash onlyoffice_docker.sh"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if $SUBDOMAIN exists and is reachable
|
|
print_text_in_color "$ICyan" "Checking if $SUBDOMAIN exists and is reachable..."
|
|
domain_check_200 "$SUBDOMAIN"
|
|
|
|
# Check open ports with NMAP
|
|
check_open_port 80 "$SUBDOMAIN"
|
|
check_open_port 443 "$SUBDOMAIN"
|
|
|
|
# Test RAM size (2GB min) + CPUs (min 2)
|
|
ram_check 2 OnlyOffice
|
|
cpu_check 2 OnlyOffice
|
|
|
|
# Check if Nextcloud is installed with TLS
|
|
check_nextcloud_https "OnlyOffice (Docker)"
|
|
|
|
# Install Docker
|
|
install_docker
|
|
|
|
# Install Onlyoffice docker
|
|
docker pull onlyoffice/documentserver:latest
|
|
docker run -i -t -d -p 127.0.0.3:9090:80 --restart always --name onlyoffice onlyoffice/documentserver
|
|
|
|
# Licensed version
|
|
# https://helpcenter.onlyoffice.com/server/integration-edition/docker/docker-installation.aspx
|
|
# docker run -i -t -d -p 127.0.0.3:9090:80 --restart=always --name onlyoffice \
|
|
# -v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data onlyoffice/documentserver-ie
|
|
|
|
# Install apache2
|
|
install_if_not apache2
|
|
|
|
# Enable Apache2 module's
|
|
a2enmod proxy
|
|
a2enmod proxy_wstunnel
|
|
a2enmod proxy_http
|
|
a2enmod ssl
|
|
a2enmod headers
|
|
|
|
# Only add TLS 1.3 on Ubuntu later than 20.04
|
|
if version 20.04 "$DISTRO" 20.04.10
|
|
then
|
|
TLS13="+TLSv1.3"
|
|
fi
|
|
|
|
if [ -f "$HTTPS_CONF" ]
|
|
then
|
|
a2dissite "$SUBDOMAIN.conf"
|
|
rm -f "$HTTPS_CONF"
|
|
fi
|
|
|
|
# Create Vhost for OnlyOffice Docker online in Apache2
|
|
if [ ! -f "$HTTPS_CONF" ];
|
|
then
|
|
cat << HTTPS_CREATE > "$HTTPS_CONF"
|
|
<VirtualHost *:443>
|
|
ServerName $SUBDOMAIN:443
|
|
|
|
SSLCertificateChainFile $CERTFILES/$SUBDOMAIN/chain.pem
|
|
SSLCertificateFile $CERTFILES/$SUBDOMAIN/cert.pem
|
|
SSLCertificateKeyFile $CERTFILES/$SUBDOMAIN/privkey.pem
|
|
SSLOpenSSLConfCmd DHParameters $DHPARAMS_SUB
|
|
|
|
# Intermediate configuration
|
|
SSLEngine on
|
|
SSLCompression off
|
|
SSLProtocol -all +TLSv1.2 $TLS13
|
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
|
SSLHonorCipherOrder off
|
|
SSLSessionTickets off
|
|
ServerSignature off
|
|
|
|
# Logs
|
|
LogLevel warn
|
|
CustomLog \${APACHE_LOG_DIR}/access.log combined
|
|
ErrorLog \${APACHE_LOG_DIR}/error.log
|
|
|
|
# Just in case - see below
|
|
SSLProxyEngine On
|
|
SSLProxyVerify None
|
|
SSLProxyCheckPeerCN Off
|
|
SSLProxyCheckPeerName Off
|
|
|
|
# Improve security settings
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
|
Header set X-Content-Type-Options nosniff
|
|
Header set Content-Security-Policy "frame-ancestors 'self' $NCDOMAIN"
|
|
|
|
# contra mixed content warnings
|
|
RequestHeader set X-Forwarded-Proto "https"
|
|
|
|
# basic proxy settings
|
|
ProxyRequests off
|
|
|
|
ProxyPassMatch (.*)(\/websocket)$ "ws://127.0.0.3:9090/$1$2"
|
|
ProxyPass / "http://127.0.0.3:9090/"
|
|
ProxyPassReverse / "http://127.0.0.3:9090/"
|
|
|
|
<Location />
|
|
ProxyPassReverse /
|
|
</Location>
|
|
</VirtualHost>
|
|
HTTPS_CREATE
|
|
|
|
if [ -f "$HTTPS_CONF" ];
|
|
then
|
|
print_text_in_color "$IGreen" "$HTTPS_CONF was successfully created."
|
|
sleep 1
|
|
else
|
|
print_text_in_color "$IRed" "Unable to create vhost, exiting..."
|
|
print_text_in_color "$IRed" "Please report this issue here $ISSUES"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Install certbot (Let's Encrypt)
|
|
install_certbot
|
|
|
|
# Generate certs
|
|
if generate_cert "$SUBDOMAIN"
|
|
then
|
|
# Generate DHparams cipher
|
|
if [ ! -f "$DHPARAMS_SUB" ]
|
|
then
|
|
openssl dhparam -dsaparam -out "$DHPARAMS_SUB" 4096
|
|
fi
|
|
print_text_in_color "$IGreen" "Certs are generated!"
|
|
a2ensite "$SUBDOMAIN.conf"
|
|
restart_webserver
|
|
# Install OnlyOffice
|
|
install_and_enable_app onlyoffice
|
|
else
|
|
last_fail_tls "$SCRIPTS"/apps/onlyoffice.sh
|
|
exit 1
|
|
fi
|
|
|
|
# Set config for OnlyOffice
|
|
if [ -d "$NC_APPS_PATH"/onlyoffice ]
|
|
then
|
|
nextcloud_occ config:app:set onlyoffice DocumentServerUrl --value=https://"$SUBDOMAIN/"
|
|
chown -R www-data:www-data "$NC_APPS_PATH"
|
|
# Appending the new domain to trusted domains
|
|
add_to_trusted_domains "$SUBDOMAIN"
|
|
# Add prune command
|
|
add_dockerprune
|
|
# Restart Docker
|
|
print_text_in_color "$ICyan" "Restarting Docker..."
|
|
docker restart onlyoffice
|
|
msg_box "OnlyOffice Docker is now successfully installed.
|
|
Please be aware that the container is currently starting which can take a few minutes."
|
|
fi
|
|
|
|
exit
|