diff --git a/docker/collabora/Dockerfile b/docker/collabora/Dockerfile
index 7ecf369d..cce58bcf 100644
--- a/docker/collabora/Dockerfile
+++ b/docker/collabora/Dockerfile
@@ -1,70 +1,71 @@
FROM almalinux:8
LABEL maintainer="contact@apheleia-it.ch"
LABEL dist=centos8
LABEL tier=${TIER}
ENV DISTRO=centos8
ENV LANG=en_US.utf8
ENV LC_ALL=en_US.utf8
# Add EPEL.
RUN dnf -y install dnf-plugin-config-manager && \
dnf config-manager --set-enabled powertools && \
dnf -y install epel-release && \
dnf -y install iputils vim-enhanced bind-utils && \
dnf clean all
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
ARG REPOSITORY
RUN id cool || (groupadd -g 1001 cool && useradd -d /opt/cool/ -u 1001 -g 1001 cool)
RUN rpm --import "$REPOSITORY/repodata/repomd.xml.key" && \
dnf config-manager --add-repo "$REPOSITORY" && \
dnf -y --setopt tsflags= install \
openssl \
xmlstarlet \
collabora-online-brand \
coolwsd \
collaboraoffice-dict-de \
collaboraofficebasis-de \
collaboraoffice-dict-en \
collaboraofficebasis-en-GB \
collaboraoffice-dict-es \
collaboraofficebasis-es \
collaboraoffice-dict-fr \
collaboraofficebasis-fr \
collaboraoffice-dict-it \
collaboraofficebasis-it \
collaboraoffice-dict-nl \
collaboraofficebasis-nl \
collaboraoffice-dict-pt-BR \
collaboraofficebasis-pt-BR \
collaboraoffice-dict-pt-PT \
collaboraofficebasis-pt \
collaboraoffice-dict-ru \
collaboraofficebasis-ru && \
dnf clean all
RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
RUN setcap cap_fowner,cap_chown,cap_mknod,cap_sys_chroot=ep /usr/bin/coolforkit && \
setcap cap_sys_admin=ep /usr/bin/coolmount
WORKDIR /opt/cool/
ADD init.sh /init.sh
ADD coolwsd.xml /etc/coolwsd/coolwsd.xml
RUN chown -R 1001:0 /etc/coolwsd /opt/ && \
chmod -R g=u /etc/coolwsd /opt/
USER 1001
#Space separated list of hosts (where the service is running)
ENV ALLOWED_HOSTS="\.\*"
+ENV SERVER_NAME=""
CMD ["/init.sh"]
EXPOSE 9980
diff --git a/docker/collabora/coolwsd.xml b/docker/collabora/coolwsd.xml
index a9565395..65fea70b 100644
--- a/docker/collabora/coolwsd.xml
+++ b/docker/collabora/coolwsd.xml
@@ -1,301 +1,301 @@
false
de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru
false
-
+ SERVER_NAME
false
1
4
5
false
96
3600
30
300
false
0
8000
0
0
100
5
100
500
5000
10000
60
300
3072
85
120
true
120
900
true
warning
trace
notice
fatal
false
-INFO-WARN
/var/log/coolwsd.log
never
timestamp
true
10 days
10
true
false
false
82589933
false
false
/var/log/coolwsd.trace.json
false
false
all
any
192\.168\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}
127\.0\.0\.1
::ffff:127\.0\.0\.1
::1
172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
false
true
/etc/coolwsd/cert.pem
/etc/coolwsd/key.pem
/etc/coolwsd/ca-chain.cert.pem
1000
false
31536000
true
true
1800
false
1
false
false
default
true
0
900
ALLOWED_HOSTS_GROUPS
true
false
false
true
true
true
true
false
false
log
localhost
10\.0-9{1,3}\.0-9{1,3}\.0-9{1,3}
172\.301\.0-9{1,3}\.0-9{1,3}
false
.uno:DataDataPilotRun .uno:RecalcPivotTable .uno:DeletePivotTable .uno:SamplingDialog .uno:DescriptiveStatisticsDialog .uno:AnalysisOfVarianceDialog .uno:CorrelationDialog .uno:CovarianceDialog .uno:ExponentialSmoothingDialog .uno:MovingAverageDialog .uno:RegressionDialog .uno:TTestDialog .uno:FTestDialog .uno:ZTestDialog .uno:ChiSquareTestDialog .uno:FourierAnalysisDialog .uno:Validation .uno:DataFilterSpecialFilter .uno:TrackChanges .uno:AcceptTrackedChanges .uno:InsertReferenceField .uno:Watermark .uno:InsertIndexesEntry .uno:InsertMultiIndex .uno:SlideMasterPage exportepub downloadas-rtf masterslidebutton
Unlock your potential
https://www.collaboraoffice.com/subscriptions/
Head over to the details page and discover all the features:
Review and write with ease
Get a better picture of your data
Nail your next presentation
Draw and get organized
true
https://help.collaboraoffice.com/help.html?
true
diff --git a/docker/collabora/init.sh b/docker/collabora/init.sh
index 6b289e32..87bd94ec 100755
--- a/docker/collabora/init.sh
+++ b/docker/collabora/init.sh
@@ -1,31 +1,47 @@
#!/bin/sh
GROUPSSTRING=""
for HOST in $ALLOWED_HOSTS; do
- GROUPSSTRING="$GROUPSSTRING$HOST\n"
+ GROUPSSTRING=$(cat <
+ $HOST
+ roundcube
+
+EOF
+)
done
sed -i -e "s|ALLOWED_HOSTS_GROUPS|$GROUPSSTRING|" /etc/coolwsd/coolwsd.xml
+
+if [ -z "$SERVER_NAME" ]; then
+ SERVER_NAME=''
+else
+ SERVER_NAME="$SERVER_NAME"
+fi
+
+sed -i -e "s|SERVER_NAME|$SERVER_NAME|" /etc/coolwsd/coolwsd.xml
+
mkdir -p /tmp/ssl/
pushd /tmp/ssl/
mkdir -p certs/ca
openssl rand -writerand /opt/cool/.rnd
openssl genrsa -out certs/ca/root.key.pem 2048
openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=Dummy Authority"
mkdir -p certs/tmp
mkdir -p certs/servers/localhost
openssl genrsa -out certs/servers/localhost/privkey.pem 2048
if test "${cert_domain-set}" = set; then
openssl req -key certs/servers/localhost/privkey.pem -new -sha256 -out certs/tmp/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost"
else
openssl req -key certs/servers/localhost/privkey.pem -new -sha256 -out certs/tmp/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=${cert_domain}"
fi
openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131
mv -f certs/servers/localhost/privkey.pem /etc/coolwsd/key.pem
mv -f certs/servers/localhost/cert.pem /etc/coolwsd/cert.pem
mv -f certs/ca/root.crt.pem /etc/coolwsd/ca-chain.cert.pem
popd
exec /usr/bin/coolwsd --version --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/opt/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd --o:logging.color=false --o:stop_on_config_change=true
diff --git a/docker/roundcube/rootfs/opt/app-root/src/roundcubemail-config-templates/chwala.inc.php b/docker/roundcube/rootfs/opt/app-root/src/roundcubemail-config-templates/chwala.inc.php
index 75fd37d7..32bc4c43 100644
--- a/docker/roundcube/rootfs/opt/app-root/src/roundcubemail-config-templates/chwala.inc.php
+++ b/docker/roundcube/rootfs/opt/app-root/src/roundcubemail-config-templates/chwala.inc.php
@@ -1,160 +1,163 @@
array(
'driver' => 'seafile',
'host' => 'seacloud.cc',
// when username is set to '%u' current user name and password
// will be used to authenticate to this storage source
'username' => '%u',
),
'Public-Files' => array(
'driver' => 'webdav',
'baseuri' => 'https://some.host.tld/Files',
'username' => 'admin',
'password' => 'pass',
),
);
*/
// $config['fileapi_sources'] = array(
// 'Public-Files' => array(
// 'driver' => 'webdav',
// 'baseuri' => 'https://kolab.local/dav/drive/user/admin@kolab.local/',
// 'username' => '%u',
// 'password' => 'simple123',
// ),
// );
// Default values for sources configuration dialog.
// Note: use driver names as the array keys.
// Note: %u variable will be resolved to the current username.
/*
$config['fileapi_presets'] = array(
'seafile' => array(
'host' => 'seacloud.cc',
'username' => '%u',
),
'webdav' => array(
'baseuri' => 'https://some.host.tld/Files',
'username' => '%u',
),
);
*/
// Disables listing folders from the backend storage.
// This is useful when you configured an external source(s) and
// you want to use it exclusively, ignoring Kolab folders.
$config['fileapi_backend_storage_disabled'] = false;
// Manticore service URL. Enables use of WebODF collaborative editor.
// Note: this URL should be accessible from Chwala host and Roundcube host as well.
$config['fileapi_manticore'] = null;
// WOPI/Office service URL. Enables use of collaborative editor supporting WOPI.
-// Note: this URL should be accessible from Chwala host and Roundcube host as well.
+// Note: this URL should be accessible from the Chwala host
$config['fileapi_wopi_office'] = getenv('FILEAPI_WOPI_OFFICE');
// Name of the user interface skin.
$config['file_api_skin'] = 'default';
// Chwala UI communicates with Chwala API via HTTP protocol
// The URL here is a location of Chwala API service. By default
// the UI location is used with addition of /api/ suffix.
# Force https if we're behind a proxy. Browsers don't allow mixed content.
-$config['file_api_url'] = 'https://' . ($_SERVER['HTTP_HOST'] ?? null) . '/chwala/api/';
+$config['file_api_url'] = getenv('FILE_API_URL') ?? 'https://' . ($_SERVER['HTTP_HOST'] ?? null) . '/chwala/api/';
+
+// URL for the wopi service to connect back to us (instead of file_api_url)
+$config['file_api_server_url'] = getenv('FILE_API_SERVER_URL');
// Type of Chwala cache. Supported values: 'db', 'apc' and 'memcache'.
// Note: This is only for some additional data like WOPI capabilities.
$config['fileapi_cache'] = 'db';
// lifetime of Chwala cache
// possible units: s, m, h, d, w
$config['fileapi_cache_ttl'] = '1d';
// LDAP addressbook that would be searched for user names autocomplete.
// That should be an array refering to the Roundcube's $config['ldap_public']
// array key or complete addressbook configuration array.
// FIXME: replace with non ldap solution
// $config['fileapi_users_source'] = 'kolab_addressbook';
// The LDAP attribute which will be used as ACL user identifier
// $config['fileapi_users_field'] = 'mail';
// The LDAP search filter will be combined with search queries
// $config['fileapi_users_filter'] = '';
// Include groups in searching
// $config['fileapi_groups'] = false;
// Prefix added to the group name to build IMAP ACL identifier
// $config['fileapi_group_prefix'] = 'group:';
// The LDAP attribute (or field name) which will be used as ACL group identifier
// $config['fileapi_group_field'] = 'name';
// ------------------------------------------------
// SeaFile driver settings
// ------------------------------------------------
// Enables SeaFile Web API conversation log
$config['fileapi_seafile_debug'] = false;
// Enables caching of some SeaFile information e.g. folders list
// Note: 'db', 'apc' and 'memcache' are supported
$config['fileapi_seafile_cache'] = 'db';
// Expiration time of SeaFile cache entries
$config['fileapi_seafile_cache_ttl'] = '7d';
// Default SeaFile Web API host
// Note: http:// and https:// (default) prefixes can be used here
$config['fileapi_seafile_host'] = 'localhost';
// Enables SSL certificates validation when connecting
// with any SeaFile server
$config['fileapi_seafile_ssl_verify_host'] = false;
$config['fileapi_seafile_ssl_verify_peer'] = false;
// To support various Seafile configurations when fetching a file
// from Seafile server we proxy it via Chwala server.
// Enable this option to allow direct downloading of files
// from Seafile server to user browser.
$config['fileapi_seafile_allow_redirects'] = false;
// ------------------------------------------------
// WebDAV driver settings
// ------------------------------------------------
// Default URI location for WebDAV storage
$config['fileapi_webdav_baseuri'] = 'https://imap/dav';
?>