diff --git a/README.md b/README.md index 885b474..cf2f4f5 100644 --- a/README.md +++ b/README.md @@ -26,14 +26,13 @@ Requirements Role Variables -------------- -| Variable | Description | Default | -| --------------------------- | ------------------------------------------------------------------------------- | ------------------ | -| docker_user | The user who is going to manage/run the Docker Compose services | deploy | -| onlyoffice_document_server_virtual_host | The host under which ONLYOFFICE is available from the outside (e.g. docsrv.example.org) | localhost | -| onlyoffice_document_server_http_port | HTTP port | 80 | -| onlyoffice_document_server_https_port | HTTPS port | 443 | -| onlyoffice_document_server_jwt_enabled | Whether JWT authentication should be used | "false" | -| onlyoffice_document_server_jwt_secret | A shared secret used by ONLYOFFICE and the integrator apps, e.g. Nextcloud | "secret" | +| Variable | Description | Default | +| --------------------------- | ------------------------------------------------------------------------------- | ------------------ | +| docker_user | The user who is going to manage/run the Docker Compose services | deploy | +| onlyoffice_virtual_host | The host under which ONLYOFFICE is available from the outside (e.g. docsrv.example.org) | localhost | +| onlyoffice_allow_origin_list | Satisfy [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) [Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin):
A comma-separated list of hosts incl. scheme, e.g. https://nextcloud.example.tld | localhost | +| onlyoffice_jwt_enabled | Whether JWT authentication should be used | "false" | +| onlyoffice_jwt_secret | A shared secret used by ONLYOFFICE and the integrator apps, e.g. Nextcloud | "secret" | Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index 6bfadbe..b0b61f7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,4 @@ --- # defaults file for ONLYOFFICE Document Server docker_user: deploy -onlyoffice_document_server_http_port: 80 -onlyoffice_document_server_https_port: 443 -onlyoffice_document_server_virtual_host: localhost +onlyoffice_virtual_host: localhost diff --git a/tasks/main.yml b/tasks/main.yml index 5abe017..d4d51d8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -55,7 +55,7 @@ - name: "Test whether the service is healthy from the public internet" become: false uri: - url: https://{{ onlyoffice_document_server_virtual_host }} + url: https://{{ onlyoffice_virtual_host }} timeout: 300 validate_certs: no register: url_check diff --git a/templates/docker-compose.onlyoffice-document-server.yml.j2 b/templates/docker-compose.onlyoffice-document-server.yml.j2 index 265f21b..574ff83 100644 --- a/templates/docker-compose.onlyoffice-document-server.yml.j2 +++ b/templates/docker-compose.onlyoffice-document-server.yml.j2 @@ -5,9 +5,6 @@ services: container_name: onlyoffice-document-server image: onlyoffice/documentserver restart: unless-stopped - ports: - - "{{ onlyoffice_document_server_http_port }}:80" - - "{{ onlyoffice_document_server_https_port }}:443" environment: - JWT_ENABLED - JWT_SECRET @@ -17,11 +14,15 @@ services: labels: - "traefik.enable=true" - "traefik.docker.network=traefik_public" - - "traefik.http.routers.onlyoffice-document-server.rule=Host(`{{ onlyoffice_document_server_virtual_host }}`)" - - "traefik.port=8282" - - "traefik.http.routers.onlyoffice-document-server.entrypoints=websecure" - - "traefik.http.routers.onlyoffice-document-server.tls=true" - - "traefik.http.routers.onlyoffice-document-server.tls.certresolver=defaultresolver" + - "traefik.http.routers.onlyoffice.rule=Host(`{{ onlyoffice_virtual_host }}`)" + - "traefik.http.routers.onlyoffice.entrypoints=websecure" + - "traefik.http.routers.onlyoffice.tls=true" + - "traefik.http.routers.onlyoffice.tls.certresolver=defaultresolver" +{% if onlyoffice_allow_origin_list %} + - "traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist={{ onlyoffice_allow_origin_list }}" +{% endif %} + - "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers" networks: public: diff --git a/templates/env.onlyoffice-document-server.j2 b/templates/env.onlyoffice-document-server.j2 index 7208edd..7875271 100644 --- a/templates/env.onlyoffice-document-server.j2 +++ b/templates/env.onlyoffice-document-server.j2 @@ -1,3 +1,3 @@ -JWT_ENABLED={{ onlyoffice_document_server_jwt_enabled | default('false')}} -JWT_SECRET={{ onlyoffice_document_server_jwt_secret | default('secret') }} -JWT_HEADER={{ onlyoffice_document_server_jwt_header | default('Authorization') }} \ No newline at end of file +JWT_ENABLED={{ onlyoffice_jwt_enabled | default('false')}} +JWT_SECRET={{ onlyoffice_jwt_secret | default('secret') }} +JWT_HEADER={{ onlyoffice_jwt_header | default('Authorization') }} \ No newline at end of file