jotbe/ansible-role-onlyoffice-document-server-docker
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Compare commits

merge into: jotbe:master
Branches Tags
jotbe:master
jotbe:feature/multitenancy
jotbe:feature/dict-vars-and-install-paths
...
pull from: jotbe:feature/multitenancy
Branches Tags
jotbe:feature/multitenancy
jotbe:feature/dict-vars-and-install-paths
jotbe:master
Sign in to create a new pull request.

2 commits
master ... feature/mu

Author SHA1 Message Date
Joschka Seydell
da24f66926 Adjusted variables and docker-compose file to account for multitenancy setups. 2020-11-30 13:40:48 -08:00
Joschka Seydell
525a7336f2 Consolidated var usage and added install path var. 2020-11-29 03:42:42 -08:00
5 changed files with 45 additions and 36 deletions
Show stats Expand all files Collapse all files

17
README.md
View file

@ -26,14 +26,15 @@ Requirements
Role Variables
--------------
| Variable | Description | Default |
| --------------------------- | ------------------------------------------------------------------------------- | ------------------ |
| docker_user | The user who is going to manage/run the Docker Compose services | deploy |
| onlyoffice_virtual_host | The host under which ONLYOFFICE is available from the outside (e.g. docsrv.example.org) | localhost |
| onlyoffice_allow_origin_list | Satisfy [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) [Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin): <br>A comma-separated list of hosts incl. scheme, e.g. https://nextcloud.example.tld | localhost |
| onlyoffice_jwt_enabled | Whether JWT authentication should be used | "false" |
| onlyoffice_jwt_secret | A shared secret used by ONLYOFFICE and the integrator apps, e.g. Nextcloud | "secret" |
| Variable | Description | Default |
| --------------------------- | ------------------------------------------------------------------------------- | ------------------ |
| onlyoffice_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user } |
| onlyoffice_install_path | The location where the service should be deployed | /home/{{ onlyoffice_install_user }} |
| onlyoffice_virtual_host | The host under which ONLYOFFICE is available from the outside (e.g. docsrv.example.org) | localhost |
| onlyoffice_allow_origin_list | Satisfy [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) [Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin): <br>A comma-separated list of hosts incl. scheme, e.g. https://nextcloud.example.tld | localhost |
| onlyoffice_jwt_enabled | Whether JWT authentication should be used | false |
| onlyoffice_jwt_secret | A shared secret used by ONLYOFFICE and the integrator apps, e.g. Nextcloud | "secret" |
| onlyoffice_jwt_header | The authorization header included in the JWT token | "Authorization" |
Dependencies
------------

9
defaults/main.yml
View file

@ -1,4 +1,11 @@
---
# defaults file for ONLYOFFICE Document Server
docker_user: deploy
onlyoffice_install_user: '{{ ansible_user }}' # This user must be present on the host
onlyoffice_install_path: '/home/{{ onlyoffice_install_user }}'
onlyoffice_multitenant_label:
onlyoffice_virtual_host: localhost
onlyoffice_jwt_enabled: false
onlyoffice_jwt_secret: 'secret'
onlyoffice_jwt_header: 'Authorization'
# Internal variables
onlyoffice_multitenant_postfix: "{{ '_' + onlyoffice_multitenant_label if (onlyoffice_multitenant_label) else '' }}"

24
tasks/main.yml
View file

@ -2,23 +2,23 @@
# tasks file for ONLYOFFICE Document Server
- name: Ensure ONLYOFFICE Document Server config directory exists
file:
path: /home/{{ docker_user }}/onlyoffice-document-server
path: "{{ onlyoffice_install_path }}/onlyoffice-document-server"
state: directory
owner: '{{ docker_user }}'
group: '{{ docker_user }}'
owner: '{{ onlyoffice_install_user }}'
group: '{{ onlyoffice_install_user }}'
tags: config
- name: Provide docker-compose.yml
template:
src: templates/docker-compose.onlyoffice-document-server.yml.j2
dest: /home/{{ docker_user }}/onlyoffice-document-server/docker-compose.yml
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ onlyoffice_install_path }}/onlyoffice-document-server/docker-compose.yml"
owner: "{{ onlyoffice_install_user }}"
group: "{{ onlyoffice_install_user }}"
mode: '0644'
tags: config
- name: Output docker-compose.yml
shell: cat /home/{{ docker_user }}/onlyoffice-document-server/docker-compose.yml
shell: cat {{ onlyoffice_install_path }}/onlyoffice-document-server/docker-compose.yml
register: output
tags: config
@ -28,21 +28,21 @@
- name: Provide env vars
template:
src: templates/env.onlyoffice-document-server.j2
dest: /home/{{ docker_user }}/onlyoffice-document-server/.env
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ onlyoffice_install_path }}/onlyoffice-document-server/.env"
owner: "{{ onlyoffice_install_user }}"
group: "{{ onlyoffice_install_user }}"
mode: '0640'
tags: config
- name: "docker-compose: Teardown existing service"
docker_compose:
project_src: "/home/{{ docker_user }}/onlyoffice-document-server/"
project_src: "{{ onlyoffice_install_path }}/onlyoffice-document-server/"
state: absent
tags: ['never', 'teardown']
- name: "docker-compose: Bootstrap service"
docker_compose:
project_src: "/home/{{ docker_user }}/onlyoffice-document-server/"
project_src: "{{ onlyoffice_install_path }}/onlyoffice-document-server/"
register: output
- debug:

25
templates/docker-compose.onlyoffice-document-server.yml.j2
View file

@ -2,33 +2,34 @@ version: '3'
services:
onlyoffice-document-server:
container_name: onlyoffice-document-server
image: onlyoffice/documentserver
container_name: onlyoffice-document-server{{ onlyoffice_multitenant_label }}
hostname: onlyoffice-document-server{{ onlyoffice_multitenant_label }}
restart: unless-stopped
environment:
- JWT_ENABLED
- JWT_SECRET
volumes:
- document_data:/var/www/onlyoffice/Data
- document_log:/var/log/onlyoffice
- document_data{{ onlyoffice_multitenant_label }}:/var/www/onlyoffice/Data
- document_log{{ onlyoffice_multitenant_label }}:/var/log/onlyoffice
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_public"
- "traefik.http.routers.onlyoffice.rule=Host(`{{ onlyoffice_virtual_host }}`)"
- "traefik.http.routers.onlyoffice.entrypoints=websecure"
- "traefik.http.routers.onlyoffice.tls=true"
- "traefik.http.routers.onlyoffice.tls.certresolver=defaultresolver"
- "traefik.http.routers.onlyoffice{{ onlyoffice_multitenant_label }}.rule=Host(`{{ onlyoffice_virtual_host }}`)"
- "traefik.http.routers.onlyoffice{{ onlyoffice_multitenant_label }}.entrypoints=websecure"
- "traefik.http.routers.onlyoffice{{ onlyoffice_multitenant_label }}.tls=true"
- "traefik.http.routers.onlyoffice{{ onlyoffice_multitenant_label }}.tls.certresolver=defaultresolver"
{% if onlyoffice_allow_origin_list %}
- "traefik.http.middlewares.onlyoffice-headers.headers.accesscontrolalloworiginlist={{ onlyoffice_allow_origin_list }}"
- "traefik.http.middlewares.onlyoffice{{ onlyoffice_multitenant_label }}-headers.headers.accesscontrolalloworiginlist={{ onlyoffice_allow_origin_list }}"
{% endif %}
- "traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.onlyoffice.middlewares=onlyoffice-headers"
- "traefik.http.middlewares.onlyoffice{{ onlyoffice_multitenant_label }}-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.onlyoffice{{ onlyoffice_multitenant_label }}.middlewares=onlyoffice{{ onlyoffice_multitenant_label }}-headers"
networks:
public:
volumes:
document_data:
document_log:
document_data{{ onlyoffice_multitenant_label }}:
document_log{{ onlyoffice_multitenant_label }}:
networks:
public:

6
templates/env.onlyoffice-document-server.j2
View file

@ -1,3 +1,3 @@
JWT_ENABLED={{ onlyoffice_jwt_enabled | default('false')}}
JWT_SECRET={{ onlyoffice_jwt_secret | default('secret') }}
JWT_HEADER={{ onlyoffice_jwt_header | default('Authorization') }}
JWT_ENABLED={{ onlyoffice_jwt_enabled }}
JWT_SECRET={{ onlyoffice_jwt_secret }}
JWT_HEADER={{ onlyoffice_jwt_header }}