diff --git a/Dockerfile b/Dockerfile index 900d0bc..3fa28a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,11 +5,12 @@ ENV domain localhost ENV LC_CTYPE en_US.UTF-8 # Setup scripts for LibreOffice Online -ADD /scripts/install-libreoffice.sh / -ADD /scripts/start-libreoffice.sh / -RUN bash install-libreoffice.sh +COPY /scripts/*.sh / +RUN /install-libreoffice.sh + +# Entry point +ENTRYPOINT ["/docker-entrypoint.sh"] EXPOSE 9980 -# Entry point -CMD bash start-libreoffice.sh +CMD ["/start-libreoffice.sh"] diff --git a/scripts/docker-entrypoint.sh b/scripts/docker-entrypoint.sh new file mode 100755 index 0000000..b8dcf88 --- /dev/null +++ b/scripts/docker-entrypoint.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +if [ "$1" = '/start-libreoffice.sh' ]; then + # Fix domain name resolution from jails + cp /etc/resolv.conf /etc/hosts /opt/lool/systemplate/etc/ + + if test "${DONT_GEN_SSL_CERT-set}" == set; then + # Generate new SSL certificate instead of using the default + mkdir -p /opt/ssl/ + cd /opt/ssl/ + mkdir -p certs/ca + openssl genrsa -out certs/ca/root.key.pem 2048 + openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=Dummy Authority" + mkdir -p certs/{servers,tmp} + mkdir -p "certs/servers/localhost" + openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048 -key "certs/servers/localhost/privkey.pem" + if test "${cert_domain-set}" == set; then + openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost" + else + openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=${cert_domain}" + fi + openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131 + mv certs/servers/localhost/privkey.pem /etc/loolwsd/key.pem + mv certs/servers/localhost/cert.pem /etc/loolwsd/cert.pem + mv certs/ca/root.crt.pem /etc/loolwsd/ca-chain.cert.pem + fi + + # Replace trusted host and set admin username and password + perl -pi -e "s/localhost<\/host>/${domain}<\/host>/g" /etc/loolwsd/loolwsd.xml + perl -pi -e "s/.*<\/username>/${username}<\/username>/" /etc/loolwsd/loolwsd.xml + perl -pi -e "s/.*<\/password>/${password}<\/password>/" /etc/loolwsd/loolwsd.xml + perl -pi -e "s/.*<\/server_name>/${server_name}<\/server_name>/" /etc/loolwsd/loolwsd.xml + perl -pi -e "s/.*<\/allowed_languages>/${dictionaries:-de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru}<\/allowed_languages>/" /etc/loolwsd/loolwsd.xml +fi + +exec "$@" diff --git a/scripts/install-libreoffice.sh b/scripts/install-libreoffice.sh old mode 100644 new mode 100755 diff --git a/scripts/start-libreoffice.sh b/scripts/start-libreoffice.sh old mode 100644 new mode 100755 index 97f6d2a..e59c0f7 --- a/scripts/start-libreoffice.sh +++ b/scripts/start-libreoffice.sh @@ -1,36 +1,5 @@ #!/bin/sh -# Fix domain name resolution from jails -cp /etc/resolv.conf /etc/hosts /opt/lool/systemplate/etc/ - -if test "${DONT_GEN_SSL_CERT-set}" == set; then -# Generate new SSL certificate instead of using the default -mkdir -p /opt/ssl/ -cd /opt/ssl/ -mkdir -p certs/ca -openssl genrsa -out certs/ca/root.key.pem 2048 -openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=Dummy Authority" -mkdir -p certs/{servers,tmp} -mkdir -p "certs/servers/localhost" -openssl genrsa -out "certs/servers/localhost/privkey.pem" 2048 -key "certs/servers/localhost/privkey.pem" -if test "${cert_domain-set}" == set; then -openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost" -else -openssl req -key "certs/servers/localhost/privkey.pem" -new -sha256 -out "certs/tmp/localhost.csr.pem" -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=${cert_domain}" -fi -openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131 -mv certs/servers/localhost/privkey.pem /etc/loolwsd/key.pem -mv certs/servers/localhost/cert.pem /etc/loolwsd/cert.pem -mv certs/ca/root.crt.pem /etc/loolwsd/ca-chain.cert.pem -fi - -# Replace trusted host and set admin username and password -perl -pi -e "s/localhost<\/host>/${domain}<\/host>/g" /etc/loolwsd/loolwsd.xml -perl -pi -e "s/.*<\/username>/${username}<\/username>/" /etc/loolwsd/loolwsd.xml -perl -pi -e "s/.*<\/password>/${password}<\/password>/" /etc/loolwsd/loolwsd.xml -perl -pi -e "s/.*<\/server_name>/${server_name}<\/server_name>/" /etc/loolwsd/loolwsd.xml -perl -pi -e "s/.*<\/allowed_languages>/${dictionaries:-de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru}<\/allowed_languages>/" /etc/loolwsd/loolwsd.xml - # Restart when /etc/loolwsd/loolwsd.xml changes [ -x /usr/bin/inotifywait -a /usr/bin/killall ] && ( /usr/bin/inotifywait -e modify /etc/loolwsd/loolwsd.xml