diff --git a/compose/production/traefik/traefik.toml b/compose/production/traefik/traefik.toml index 1a1ce2b..68ff1a5 100644 --- a/compose/production/traefik/traefik.toml +++ b/compose/production/traefik/traefik.toml @@ -58,7 +58,7 @@ defaultEntryPoints = ["http"] [backends.onlyoffice] [backends.onlyoffice.servers.server1] - url = "http://onlyoffice:80" + url = "http://onlyoffice-community-server:80" [backends.bitwarden] [backends.bitwarden.servers.server1] diff --git a/extra/onlyoffice.yml b/extra/onlyoffice.yml index 63a54a7..b72887b 100644 --- a/extra/onlyoffice.yml +++ b/extra/onlyoffice.yml @@ -1,20 +1,61 @@ version: '3' services: - onlyoffice: - container_name: mistborn_production_onlyoffice + onlyoffice-document-server: + container_name: mistborn_production_onlyoffice_documentserver image: onlyoffice/documentserver:latest volumes: - - ../../mistborn_volumes/extra/onlyoffice/logs:/var/log/onlyoffice - - ../../mistborn_volumes/extra/onlyoffice/cache:/var/lib/onlyoffice + - ../../mistborn_volumes/extra/onlyoffice/documentserver-data:/var/www/onlyoffice/Data + - ../../mistborn_volumes/extra/onlyoffice/documentserver-logs:/var/log/onlyoffice env_file: - ../.envs/.production/.onlyoffice + networks: + onlyoffice_net: + restart: unless-stopped + + onlyoffice-mail-server: + container_name: mistborn_production_onlyoffice_mailserver + privileged: true + image: onlyoffice/mailserver:latest + volumes: + - ../../mistborn_volumes/extra/onlyoffice/mailserver-data:/var/vmail + - ../../mistborn_volumes/extra/onlyoffice/mailserver-certs:/etc/pki/tls/mailserver + - ../../mistborn_volumes/extra/onlyoffice/mailserver-logs:/var/log + - ../../mistborn_volumes/extra/onlyoffice/mailserver-mysql:/var/lib/mysql + hostname: mistborn + networks: + onlyoffice_net: + ports: + - "25:25/tcp" + - "143:143/tcp" + - "587:587/tcp" + restart: unless-stopped + + onlyoffice-community-server: + container_name: mistborn_production_onlyoffice_community_server + image: onlyoffice/communityserver + environment: + - DOCUMENT_SERVER_PORT_80_TCP_ADDR=mistborn_production_onlyoffice_documentserver + - MAIL_SERVER_DB_HOST=mistborn_production_onlyoffice_mailserver + volumes: + - ../../mistborn_volumes/extra/onlyoffice/communityserver-data:/var/www/onlyoffice/Data + - ../../mistborn_volumes/extra/onlyoffice/communityserver-mysql:/var/lib/mysql + - ../../mistborn_volumes/extra/onlyoffice/communityserver-logs:/var/log/onlyoffice + - ../../mistborn_volumes/extra/onlyoffice/documentserver-data:/var/www/onlyoffice/DocumentServerData labels: - "traefik.enable=true" - "traefik.port=80" + networks: + onlyoffice_net: + ports: + - "5222:5222/tcp" restart: unless-stopped + networks: default: external: name: mistborn_default + + onlyoffice_net: + driver: bridge diff --git a/scripts/services/Mistborn-onlyoffice.service b/scripts/services/Mistborn-onlyoffice.service index 421912e..c7c3aa9 100644 --- a/scripts/services/Mistborn-onlyoffice.service +++ b/scripts/services/Mistborn-onlyoffice.service @@ -10,12 +10,21 @@ Group=docker PermissionsStartOnly=true # Shutdown container (if running) when unit is stopped ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down +ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build +ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 25 -j MISTBORN_LOG_DROP +ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 143 -j MISTBORN_LOG_DROP +ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 587 -j MISTBORN_LOG_DROP +ExecStartPre=/sbin/iptables -I DOCKER-USER -i DIFACE -p tcp --dport 5222 -j MISTBORN_LOG_DROP # Start container when unit is started -ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up --build +ExecStart=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml up # Stop container when unit is stopped ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/onlyoffice.yml down # Post stop +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 25 -j MISTBORN_LOG_DROP +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 143 -j MISTBORN_LOG_DROP +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 587 -j MISTBORN_LOG_DROP +ExecStopPost=/sbin/iptables -D DOCKER-USER -i DIFACE -p tcp --dport 5222 -j MISTBORN_LOG_DROP [Install] WantedBy=multi-user.target