├── .github
├── dependabot.yml
└── workflows
│ ├── pr-tasks-notif.yml
│ └── publish.yaml
├── conf
└── nginx.conf
├── docker-compose.yml
├── Dockerfile
├── README.md
└── scripts
└── setenv-docker-customize.sh
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | # Set update schedule for GitHub Actions
2 |
3 | version: 2
4 | updates:
5 |
6 | - package-ecosystem: "github-actions"
7 | directory: "/"
8 | schedule:
9 | # Check for updates to GitHub Actions every week
10 | interval: "weekly"
11 |
--------------------------------------------------------------------------------
/.github/workflows/pr-tasks-notif.yml:
--------------------------------------------------------------------------------
1 | name: Pull Request Task Notifications
2 |
3 | on:
4 | pull_request:
5 | types: [opened, reopened, closed, review_requested]
6 | pull_request_review:
7 | types: [submitted]
8 |
9 | jobs:
10 | notify_tribe_tasks:
11 | name: Notify Tribe Tasks
12 | runs-on: ubuntu-latest
13 | steps:
14 | - name: Notify Tribe Tasks
15 | uses: Green-Hub-Tools/notifs-task@v1
16 | with:
17 | TASKS_REGEX_FILTER: ${{ vars.TRIBE_TASKS_REGEX_FILTER }}
18 | SERVER_URL: ${{ vars.TRIBE_TASKS_SERVER_URL }}
19 | SERVER_DEFAULT_SITENAME: ${{ vars.TRIBE_TASKS_DEFAULT_SITENAME }}
20 | SERVER_USERNAME: ${{ secrets.TRIBE_USERNAME }}
21 | SERVER_PASSWORD: ${{ secrets.TRIBE_PASSWORD }}
22 |
23 | notify_builders_tasks:
24 | name: Notify Builders Tasks
25 | runs-on: ubuntu-latest
26 | steps:
27 | - name: Notify Builders Tasks
28 | uses: Green-Hub-Tools/notifs-task@v1
29 | with:
30 | TASKS_REGEX_FILTER: ${{ vars.BUILDERS_TASKS_REGEX_FILTER }}
31 | SERVER_URL: ${{ vars.BUILDERS_TASKS_SERVER_URL }}
32 | SERVER_DEFAULT_SITENAME: ${{ vars.BUILDERS_TASKS_DEFAULT_SITENAME }}
33 | SERVER_USERNAME: ${{ secrets.BUILDERS_USERNAME }}
34 | SERVER_PASSWORD: ${{ secrets.BUILDERS_PASSWORD }}
35 |
--------------------------------------------------------------------------------
/conf/nginx.conf:
--------------------------------------------------------------------------------
1 | user nginx;
2 | worker_processes 1;
3 |
4 | events {
5 | worker_connections 512;
6 | }
7 | http {
8 | include mime.types;
9 | server_tokens off;
10 |
11 | gzip on;
12 | gzip_proxied any;
13 | gzip_http_version 1.1;
14 | gzip_comp_level 6;
15 | gzip_types text/plain text/css text/javascript application/json application/x-javascript text/xml application/xml application/xml+rss;
16 | gzip_disable msie6;
17 |
18 | upstream meeds-app {
19 | server meeds:8080;
20 | }
21 |
22 | server {
23 | listen 80 default_server;
24 | #server_name my.server.name;
25 |
26 | # Pass the client informations the the backend
27 | proxy_set_header X-Real-IP $remote_addr;
28 | proxy_set_header Host $host;
29 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
30 |
31 | client_max_body_size 0;
32 |
33 | # Websocket for Cometd
34 | location /cometd/cometd {
35 | proxy_pass http://meeds-app;
36 | proxy_http_version 1.1;
37 | proxy_set_header Upgrade $http_upgrade;
38 | proxy_set_header Connection "upgrade";
39 | }
40 |
41 |
42 | location / {
43 | proxy_pass http://meeds-app;
44 | }
45 |
46 | # Custom error handling
47 | error_page 502 = @refresh_502;
48 |
49 | location @refresh_502 {
50 | root /usr/share/nginx/html;
51 | internal;
52 | add_header Content-Type text/html;
53 | return 200 "502 Bad Gateway
Refreshing in 30 seconds...
";
54 | }
55 |
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of the Meeds project (https://meeds.io/).
3 | # Copyright (C) 2020 Meeds Association
4 | # contact@meeds.io
5 | # This program is free software; you can redistribute it and/or
6 | # modify it under the terms of the GNU Lesser General Public
7 | # License as published by the Free Software Foundation; either
8 | # version 3 of the License, or (at your option) any later version.
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | # Lesser General Public License for more details.
13 | # You should have received a copy of the GNU Lesser General Public License
14 | # along with this program; if not, write to the Free Software Foundation,
15 | # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 | #
17 | # version: '2' # Uncomment for legacy docker compose versions
18 | name: 'meeds'
19 | services:
20 | web:
21 | image: nginx:1.26-alpine
22 | expose:
23 | - "80"
24 | ports:
25 | - "80:80"
26 | volumes:
27 | - ./conf/nginx.conf:/etc/nginx/nginx.conf:ro
28 | links:
29 | - meeds
30 | meeds:
31 | image: ghcr.io/meeds-io/meeds/meeds-io:develop
32 | environment:
33 | MEEDS_PROXY_VHOST: localhost
34 | MEEDS_PROXY_PORT: 80
35 | MEEDS_PROXY_SSL: "false"
36 | MEEDS_DB_NAME: meeds
37 | MEEDS_DB_USER: meeds
38 | MEEDS_DB_PASSWORD: my-secret-pw
39 | MEEDS_ADDONS_LIST:
40 | MEEDS_JVM_LOG_GC_ENABLED: "true"
41 | MEEDS_ES_SCHEME: http
42 | MEEDS_ES_HOST: es
43 | MEEDS_ES_PORT: 9200
44 | volumes:
45 | - meeds_data:/srv/meeds
46 | - meeds_codec:/etc/meeds/codec
47 | - meeds_logs:/var/log/meeds
48 | es:
49 | image: elasticsearch:8.14.3
50 | volumes:
51 | - search_data:/usr/share/elasticsearch/data
52 | environment:
53 | - ES_JAVA_OPTS=-Xms2048m -Xmx2048m
54 | - node.name=meeds
55 | - cluster.name=meeds
56 | - cluster.initial_master_nodes=meeds
57 | - network.host=_site_
58 | - xpack.security.enabled=false
59 | volumes:
60 | meeds_data:
61 | meeds_codec:
62 | meeds_logs:
63 | search_data:
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of the Meeds project (https://meeds.io/).
3 | # Copyright (C) 2020 Meeds Association
4 | # contact@meeds.io
5 | # This program is free software; you can redistribute it and/or
6 | # modify it under the terms of the GNU Lesser General Public
7 | # License as published by the Free Software Foundation; either
8 | # version 3 of the License, or (at your option) any later version.
9 | # This program is distributed in the hope that it will be useful,
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 | # Lesser General Public License for more details.
13 | # You should have received a copy of the GNU Lesser General Public License
14 | # along with this program; if not, write to the Free Software Foundation,
15 | # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 | #
17 | # Dockerizing base image for Meeds with:
18 | #
19 | # - Libre Office
20 | # - Meeds
21 |
22 | # Build: docker build -t meeds-io/meeds .
23 | #
24 | # Run: docker run -p 8080:8080 meeds-io/meeds
25 | # docker run -d -p 8080:8080 meeds-io/meeds
26 | # docker run -d --rm -p 8080:8080 -v meeds_data:/srv/meeds meeds-io/meeds
27 | # docker run -d -p 8080:8080 -v $(pwd)/setenv-customize.sh:/opt/meeds/bin/setenv-customize.sh:ro meeds-io/meeds
28 |
29 | FROM exoplatform/jdk:openjdk-21-ubuntu-2404
30 | LABEL maintainer="Meeds "
31 |
32 | # Install the needed packages
33 | RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections && \
34 | apt-get -y update && \
35 | apt-get -y install apt-utils --no-install-recommends && \
36 | apt-get -y install libfreetype6 --no-install-recommends && \
37 | apt-get -y install fontconfig --no-install-recommends && \
38 | apt-get -y install fonts-dejavu --no-install-recommends && \
39 | apt-get -y upgrade ${_APT_OPTIONS} && \
40 | apt-get -y install ${_APT_OPTIONS} xmlstarlet && \
41 | apt-get -y autoremove && \
42 | apt-get -y clean && \
43 | rm -rf /var/lib/apt/lists/*
44 |
45 | # Build Arguments and environment variables
46 | ARG MEEDS_VERSION=7.2.0-M01
47 |
48 | # this allow to specify a Meeds download url
49 | ARG DOWNLOAD_URL
50 | # this allow to specifiy a user to download a protected binary
51 | ARG DOWNLOAD_USER
52 | # allow to override the list of addons to package by default
53 | ARG ADDONS="meeds-jdbc-driver-mysql:2.1.0 meeds-jdbc-driver-postgresql:2.5.1"
54 | # Default base directory on the plf archive
55 | ARG ARCHIVE_BASE_DIR=meeds-community-${MEEDS_VERSION}
56 | ARG ARCHIVE_DOWNLOAD_PATH=/srv/downloads/meeds-${MEEDS_VERSION}.zip
57 |
58 | ENV MEEDS_APP_DIR=/opt/meeds
59 | ENV MEEDS_CONF_DIR=/etc/meeds
60 | ENV MEEDS_CODEC_DIR=/etc/meeds/codec
61 | ENV MEEDS_DATA_DIR=/srv/meeds
62 | ENV MEEDS_LOG_DIR=/var/log/meeds
63 | ENV MEEDS_TMP_DIR=/tmp/meeds-tmp
64 |
65 | ENV MEEDS_USER=meeds
66 | ENV MEEDS_GROUP=${MEEDS_USER}
67 |
68 | # Customise system
69 |
70 | # add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
71 | # giving all rights to 'meeds' user
72 | # (we use 999 as uid like in official Docker images)
73 | RUN useradd --create-home -u 999 --user-group --shell /bin/bash ${MEEDS_USER}
74 |
75 | # Create needed directories
76 | RUN mkdir -p ${MEEDS_DATA_DIR} && chown ${MEEDS_USER}:${MEEDS_GROUP} ${MEEDS_DATA_DIR} \
77 | && mkdir -p ${MEEDS_TMP_DIR} && chown ${MEEDS_USER}:${MEEDS_GROUP} ${MEEDS_TMP_DIR} \
78 | && mkdir -p ${MEEDS_LOG_DIR} && chown ${MEEDS_USER}:${MEEDS_GROUP} ${MEEDS_LOG_DIR}
79 |
80 | RUN if [ -n "${DOWNLOAD_USER}" ]; then PARAMS="-u ${DOWNLOAD_USER}"; fi && \
81 | echo "Building an image with Meeds version : ${MEEDS_VERSION}" && \
82 | if [ ! -n "${DOWNLOAD_URL}" ]; then \
83 | DOWNLOAD_URL="https://repository.exoplatform.org/service/local/artifact/maven/redirect?r=public&g=io.meeds.distribution&a=plf-community-tomcat-standalone&v=${MEEDS_VERSION}&p=zip"; \
84 | fi && \
85 | echo "Downloading Meeds server distribution version : ${MEEDS_VERSION} ..." && \
86 | if [ ! -f "${ARCHIVE_DOWNLOAD_PATH}" ]; then curl ${PARAMS} -S -L -o ${ARCHIVE_DOWNLOAD_PATH} ${DOWNLOAD_URL}; fi && \
87 | rm -rf /srv/downloads/${ARCHIVE_BASE_DIR} && \
88 | echo "Unpacking Downloaded Meeds server" && \
89 | unzip -q ${ARCHIVE_DOWNLOAD_PATH} -d /srv/downloads/ && \
90 | rm -rf ${MEEDS_APP_DIR} && \
91 | mv /srv/downloads/${ARCHIVE_BASE_DIR} ${MEEDS_APP_DIR} && \
92 | chown -R ${MEEDS_USER}:${MEEDS_GROUP} ${MEEDS_APP_DIR} && \
93 | ln -s ${MEEDS_APP_DIR}/gatein/conf /etc/meeds && \
94 | mkdir -p ${MEEDS_CODEC_DIR} && chown ${MEEDS_USER}:${MEEDS_GROUP} ${MEEDS_CODEC_DIR} && \
95 | rm -rf ${MEEDS_APP_DIR}/logs && ln -s ${MEEDS_LOG_DIR} ${MEEDS_APP_DIR}/logs && \
96 | rm -f ${ARCHIVE_DOWNLOAD_PATH}
97 |
98 | # Install Docker customization file
99 | ADD scripts/setenv-docker-customize.sh ${MEEDS_APP_DIR}/bin/setenv-docker-customize.sh
100 | RUN chmod 755 ${MEEDS_APP_DIR}/bin/setenv-docker-customize.sh && \
101 | chown ${MEEDS_USER}:${MEEDS_GROUP} ${MEEDS_APP_DIR}/bin/setenv-docker-customize.sh && \
102 | sed -i '/# Load custom settings/i \
103 | \# Load custom settings for docker environment\n\
104 | [ -r "$CATALINA_BASE/bin/setenv-docker-customize.sh" ] \
105 | && . "$CATALINA_BASE/bin/setenv-docker-customize.sh" \
106 | || echo "No Docker Meeds customization file : $CATALINA_BASE/bin/setenv-docker-customize.sh"\n\
107 | ' ${MEEDS_APP_DIR}/bin/setenv.sh && \
108 | grep 'setenv-docker-customize.sh' ${MEEDS_APP_DIR}/bin/setenv.sh
109 |
110 | USER ${MEEDS_USER}
111 | EXPOSE 8080
112 | VOLUME ["/srv/meeds", "/etc/meeds/codec"]
113 |
114 | # INSTALLING Meeds addons
115 | RUN for a in ${ADDONS}; do echo "Installing addon $a"; /opt/meeds/addon install $a; done
116 |
117 | WORKDIR ${MEEDS_LOG_DIR}
118 | ENTRYPOINT ["/usr/local/bin/tini", "--"]
119 | # Health Check
120 | HEALTHCHECK CMD curl --fail http://localhost:8080/ || exit 1
121 | CMD [ "/opt/meeds/start_eXo.sh" ]
122 |
--------------------------------------------------------------------------------
/.github/workflows/publish.yaml:
--------------------------------------------------------------------------------
1 | name: Create and publish a Docker image
2 |
3 | on:
4 | push:
5 | tags:
6 | - '*'
7 | branches: [ develop ]
8 | env:
9 | BRANCH_BUILD_TAGS: "latest,develop"
10 | jobs:
11 | parse-docker-build-env:
12 | name: 'Parse Docker Build Environment'
13 | runs-on: ubuntu-latest
14 | outputs:
15 | buildTags: ${{ steps.detect-push-event.outputs.buildTags }}
16 | steps:
17 | - name: Check if push is a tag or branch
18 | id: detect-push-event
19 | run: |
20 | if [[ $GITHUB_REF == refs/tags/* ]]; then
21 | echo "This is a tag push (${GITHUB_REF#refs/tags/})"
22 | echo "Building docker tag: ${GITHUB_REF#refs/tags/}"
23 | echo "buildTags=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
24 | elif [[ $GITHUB_REF == refs/heads/* ]]; then
25 | echo "This is a branch push (${GITHUB_REF#refs/heads/})"
26 | echo "Building docker tags: ${{ env.BRANCH_BUILD_TAGS }}"
27 | echo "buildTags=${{ env.BRANCH_BUILD_TAGS }}" >> $GITHUB_OUTPUT
28 | else
29 | echo "Unknown push type"
30 | exit 1
31 | fi
32 | # dockerhub docker image build
33 | build-dockerhub-image:
34 | permissions:
35 | contents: read
36 | packages: write
37 | id-token: write
38 | attestations: write
39 | name: "Build Docker Images and push them to DockerHub Registry"
40 | runs-on: ubuntu-latest
41 | outputs:
42 | tags: ${{ steps.build-docker-image.outputs.tags }}
43 | digest: ${{ steps.build-docker-image.outputs.digest }}
44 | timeout-minutes: 120
45 | needs: parse-docker-build-env
46 | steps:
47 | - name: build docker image
48 | uses: exo-actions/buildDockerImage-action/build-and-push-image@v1
49 | id: build-docker-image
50 | with:
51 | dockerImage: "meedsio/meeds"
52 | dockerImageTag: ${{ needs.parse-docker-build-env.outputs.buildTags }}
53 | DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
54 | DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
55 |
56 | sign-dockerhub-image:
57 | permissions:
58 | contents: read
59 | packages: write
60 | id-token: write
61 | strategy:
62 | fail-fast: false
63 | max-parallel: 1
64 | matrix:
65 | tags: ${{ fromJson(needs.build-dockerhub-image.outputs.tags) }}
66 | name: "sign-docker-image"
67 | runs-on: ubuntu-latest
68 | timeout-minutes: 120
69 | needs: build-dockerhub-image
70 | steps:
71 | - name: sign docker image
72 | uses: exo-actions/buildDockerImage-action/sign-image@v1
73 | id: sign-docker-image
74 | with:
75 | dockerImage: "meedsio/meeds"
76 | dockerImageTag: ${{needs.build-dockerhub-image.outputs.tags}}
77 | DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
78 | DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
79 | DOCKER_PRIVATE_KEY_ID: ${{secrets.DOCKER_PRIVATE_KEY_ID}}
80 | DOCKER_PRIVATE_KEY: ${{secrets.DOCKER_PRIVATE_KEY}}
81 | DOCKER_PRIVATE_KEY_PASSPHRASE: ${{secrets.DOCKER_PRIVATE_KEY_PASSPHRASE}}
82 | attest-dockerhub-image:
83 | permissions:
84 | contents: read
85 | packages: write
86 | id-token: write
87 | attestations: write
88 | name: "attest-docker-image"
89 | runs-on: ubuntu-latest
90 | timeout-minutes: 120
91 | needs: build-dockerhub-image
92 | steps:
93 | - name: attest docker image
94 | uses: exo-actions/buildDockerImage-action/attest-image@v1
95 | id: attest-docker-image
96 | with:
97 | dockerImage: "meedsio/meeds"
98 | dockerImageDigest: ${{ needs.build-dockerhub-image.outputs.digest }}
99 | DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
100 | DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
101 | attestImage: "true"
102 |
103 | cosign-dockerhub-image:
104 | permissions:
105 | contents: read
106 | packages: write
107 | id-token: write
108 | attestations: write
109 | name: "cosign-docker-image"
110 | runs-on: ubuntu-latest
111 | timeout-minutes: 120
112 | needs: build-dockerhub-image
113 | steps:
114 | - name: attest docker image
115 | uses: exo-actions/buildDockerImage-action/cosign-image@v1
116 | id: cosign-docker-image
117 | with:
118 | dockerImage: "meedsio/meeds"
119 | dockerImageTag: ${{ needs.build-dockerhub-image.outputs.tags }}
120 | dockerImageDigest: ${{ needs.build-dockerhub-image.outputs.digest }}
121 | DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
122 | DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
123 | cosignImage: "true"
124 | cosignOidcImage: "true"
125 | COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
126 | COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
127 |
128 | # ghcr docker image build
129 |
130 | build-ghcr-image:
131 | permissions:
132 | contents: read
133 | packages: write
134 | id-token: write
135 | attestations: write
136 | name: "Build Docker Images and push them to ghcr Registry"
137 | runs-on: ubuntu-latest
138 | outputs:
139 | tags: ${{ steps.build-ghcr-image.outputs.tags }}
140 | digest: ${{ steps.build-ghcr-image.outputs.digest }}
141 | timeout-minutes: 120
142 | needs: parse-docker-build-env
143 | steps:
144 | - name: build docker image
145 | uses: exo-actions/buildDockerImage-action/build-and-push-image@v1
146 | id: build-ghcr-image
147 | with:
148 | dockerImage: "meeds-io/meeds/meeds-io"
149 | dockerImageTag: ${{ needs.parse-docker-build-env.outputs.buildTags }}
150 | DOCKER_USERNAME: ${{ secrets.SWF_ACTOR }}
151 | DOCKER_PASSWORD: ${{ secrets.SWF_TOKEN }}
152 | dockerRegistry: "ghcr.io"
153 |
154 | sign-ghcr-image:
155 | permissions:
156 | contents: read
157 | packages: write
158 | id-token: write
159 | strategy:
160 | fail-fast: false
161 | max-parallel: 1
162 | matrix:
163 | tags: ${{ fromJson(needs.build-ghcr-image.outputs.tags) }}
164 | name: "sign-docker-image"
165 | runs-on: ubuntu-latest
166 | timeout-minutes: 120
167 | needs: build-ghcr-image
168 | steps:
169 | - name: sign docker image
170 | uses: exo-actions/buildDockerImage-action/sign-image@v1
171 | id: sign-docker-image
172 | with:
173 | dockerImage: "meeds-io/meeds/meeds-io"
174 | dockerImageTag: ${{needs.build-ghcr-image.outputs.tags}}
175 | DOCKER_USERNAME: ${{ secrets.SWF_ACTOR }}
176 | DOCKER_PASSWORD: ${{ secrets.SWF_TOKEN }}
177 | DOCKER_PRIVATE_KEY_ID: ${{secrets.DOCKER_PRIVATE_KEY_ID}}
178 | DOCKER_PRIVATE_KEY: ${{secrets.DOCKER_PRIVATE_KEY}}
179 | DOCKER_PRIVATE_KEY_PASSPHRASE: ${{secrets.DOCKER_PRIVATE_KEY_PASSPHRASE}}
180 | dockerRegistry: "ghcr.io"
181 |
182 | attest-ghcr-image:
183 | permissions:
184 | contents: read
185 | packages: write
186 | id-token: write
187 | attestations: write
188 | name: "attest-docker-image"
189 | runs-on: ubuntu-latest
190 | timeout-minutes: 120
191 | needs: build-ghcr-image
192 | steps:
193 | - name: attest docker image
194 | uses: exo-actions/buildDockerImage-action/attest-image@v1
195 | id: attest-docker-image
196 | with:
197 | dockerImage: "meeds-io/meeds/meeds-io"
198 | dockerImageDigest: ${{ needs.build-ghcr-image.outputs.digest }}
199 | DOCKER_USERNAME: ${{ secrets.SWF_TOKEN }}
200 | DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
201 | attestImage: "true"
202 | dockerRegistry: "ghcr.io"
203 | attestImageRegistry: "ghcr.io"
204 |
205 | cosign-ghcr-image:
206 | permissions:
207 | contents: read
208 | packages: write
209 | id-token: write
210 | attestations: write
211 | name: "cosign-docker-image"
212 | runs-on: ubuntu-latest
213 | timeout-minutes: 120
214 | needs: build-ghcr-image
215 | steps:
216 | - name: attest docker image
217 | uses: exo-actions/buildDockerImage-action/cosign-image@v1
218 | id: cosign-docker-image
219 | with:
220 | dockerImage: "meeds-io/meeds/meeds-io"
221 | dockerImageTag: ${{ needs.build-ghcr-image.outputs.tags }}
222 | dockerImageDigest: ${{ needs.build-ghcr-image.outputs.digest }}
223 | DOCKER_USERNAME: ${{ secrets.SWF_ACTOR }}
224 | DOCKER_PASSWORD: ${{ secrets.SWF_TOKEN }}
225 | cosignImage: "true"
226 | cosignOidcImage: "true"
227 | COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
228 | COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
229 | dockerRegistry: "ghcr.io"
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Meeds Docker image
2 |
3 | Official Meeds Docker image
4 |
5 | The image is compatible with the following databases system: `MySQL` (default) / `HSQLDB` / `PostgreSQL`
6 |
7 |  - 
8 |
9 | - [Configuration options](#configuration-options)
10 | - [Add-ons](#add-ons)
11 | - [Patches](#patches)
12 | - [JVM](#jvm)
13 | - [Frontend proxy](#frontend-proxy)
14 | - [Tomcat](#tomcat)
15 | - [Data on disk](#data-on-disk)
16 | - [Database](#database)
17 | - [MySQL](#mysql)
18 | - [ElasticSearch](#elasticsearch)
19 | - [Matrix](#matrix)
20 | - [LDAP / Active Directory](#ldap--active-directory)
21 | - [Mail](#mail)
22 | - [JMX](#jmx)
23 | - [Remote Debugging](#remote-debugging)
24 | - [Rememberme Token Expiration](#rememberme-token-expiration)
25 | - [Cluster](#cluster)
26 | - [Reward Wallet](#reward-wallet)
27 | - [How to](#how-to)
28 | - [Configure Meeds Server behind a reverse-proxy](#configure-Meeds-Server-behind-a-reverse-proxy)
29 | - [See Meeds Server logs](#see-Meeds-Server-logs)
30 | - [Customize some Meeds Server settings](#customize-some-Meeds-Server-settings)
31 | - [Image Build](#image-build)
32 |
33 | ## Configuration options
34 |
35 | All the following options can be defined with the standard Docker `-e` parameter
36 |
37 | ```bash
38 | docker run -e MY_ENV_VARIABLE="value" ... meedsio/meeds
39 | ```
40 |
41 | or Docker Compose way of defining environment variables
42 |
43 | ```yaml
44 | version: '2'
45 | services:
46 | ...
47 | meeds:
48 | image: meedsio/meeds
49 | environment:
50 | ...
51 | MEEDS_ADDONS_LIST: meeds-poll
52 | MEEDS_PATCHES_LIST:
53 | MEEDS_PATCHES_CATALOG_URL:
54 | MEEDS_ES_HOST: search
55 | ...
56 | ```
57 |
58 |
59 | ### Add-ons
60 |
61 | Some add-ons are already installed in the Meeds image but you can install other ones or remove some of the pre-installed ones:
62 |
63 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
64 | |------------------------|-----------|---------------|-------------------------------------------------------------------------------------------|
65 | | MEEDS_ADDONS_LIST | NO | - | commas separated list of add-ons to install (ex: meeds-wallet,meeds-perk-store:2.0.x-SNAPSHOT) |
66 | | MEEDS_ADDONS_REMOVE_LIST | NO | - | commas separated list of add-ons to uninstall |
67 | | MEEDS_ADDONS_CATALOG_URL | NO | - | The URL of a valid Meeds addons Catalog |
68 | | MEEDS_ADDONS_CONFLICT_MODE | NO | - | decision to make in case of file conflicts (overwrite, ignore or fail) |
69 | | MEEDS_ADDONS_NOCOMPAT_MODE | NO | false | decision to allow to install incompatible addon |
70 |
71 | ### Patches
72 |
73 | Patches can be deployed in Meeds image :
74 |
75 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
76 | | ----------------------- | --------- | ------------- | ------------------------------------------------------------------------------------------------ |
77 | | MEEDS_PATCHES_LIST | NO | - | commas separated list of patches to install (ex: patch-1.3.0:1,patch-1.3.0:2) |
78 | | MEEDS_PATCHES_CATALOG_URL | YES | - | The URL of a valid Meeds Patches Catalog (mandatory if something is specified in MEEDS_PATCHES_LIST) |
79 |
80 |
81 | ### JVM
82 |
83 | The standard Meeds Server environment variables can be used :
84 |
85 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
86 | |----------------------------|-----------|---------------|--------------------------------------------------------------------------------------------------|
87 | | MEEDS_JVM_SIZE_MIN | NO | `512m` | specify the JVM minimum allocated memory size (-Xms parameter) |
88 | | MEEDS_JVM_SIZE_MAX | NO | `3g` | specify the JVM maximum allocated memory size (-Xmx parameter) |
89 | | MEEDS_JVM_PERMSIZE_MAX | NO | `256m` | (Java 7) specify the JVM maximum allocated memory to Permgen (-XX:MaxPermSize parameter) |
90 | | MEEDS_JVM_METASPACE_SIZE_MAX | NO | `512m` | (Java 8+) specify the JVM maximum allocated memory to MetaSpace (-XX:MaxMetaspaceSize parameter) |
91 | | MEEDS_JVM_USER_LANGUAGE | NO | `en` | specify the JVM locale for language (-Duser.language parameter) |
92 | | MEEDS_JVM_USER_REGION | NO | `US` | specify the JVM local for region (-Duser.region parameter) |
93 | | MEEDS_JVM_LOG_GC_ENABLED | NO | `false` | activate the JVM GC log file generation (location: $MEEDS_LOG_DIR/platform-gc.log) (1.0.0+) |
94 |
95 | INFO: This list is not exhaustive (see ${MEEDS_HOME}/bin/setenv.sh for more parameters)
96 |
97 | ### Frontend proxy
98 |
99 | The following environment variables must be passed to the container to configure Tomcat proxy settings:
100 |
101 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
102 | |-----------------|-----------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------|
103 | | MEEDS_PROXY_VHOST | NO | `localhost` | specify the virtual host name to reach Meeds Server |
104 | | MEEDS_PROXY_PORT | NO | - | Which port should be used on the proxy server? if empty it will automatically defined regarding MEEDS_PROXY_SSL value (true => 443 / false => 8080) |
105 | | MEEDS_PROXY_SSL | NO | `false` | is ssl activated on the proxy server ? (true/false) |
106 |
107 | ### Tomcat
108 |
109 | The following environment variables can be passed to the container to configure Tomcat settings
110 |
111 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
112 | |------------------------|-----------|---------------|------------------------------------------------------------------------------|
113 | | MEEDS_HTTP_THREAD_MAX | NO | `200` | maximum number of threads in the tomcat HTTP connector |
114 | | MEEDS_HTTP_THREAD_MIN | NO | `10` | minimum number of threads ready in the tomcat HTTP connector |
115 | | MEEDS_ACCESS_LOG_ENABLED | NO | `false` | Activate Tomcat access log with combined format and a daily log file rotation |
116 | | MEEDS_GZIP_ENABLED | NO | `true` | activate Tomcat Gzip compression for assets mime-types
117 | | MEEDS_CONNECTION_TIMEOUT | NO | `20000` | Tomcat Connection timeout |
118 |
119 | #### Valves and Listeners
120 |
121 | A file containing the list of valves and listeners can be attached to the container in the path {{/etc/meeds/host.yml}}. The default valves and listeners configuration will be overridden if a file is specified.
122 |
123 | The file format is :
124 |
125 | ```yaml
126 | components:
127 | - type: Valve
128 | className: org.acme.myvalves.WithoutAttributes
129 | - type: Valve
130 | className: org.acme.myvalves.WithAttributes
131 | attributes:
132 | - name: param1
133 | value: value1
134 | - name: param2
135 | value: value2
136 | - type: Listener
137 | className: org.acme.mylistener.WthAttributes
138 | attributes:
139 | - name: param1
140 | value: value1
141 | - name: param2
142 | value: value2
143 | ```
144 |
145 | #### Data on disk
146 |
147 | The following environment variables must be passed to the container to work :
148 |
149 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
150 | |----------------------------|-----------|------------------------------|----------------------------------------------------------------------------------------------|
151 | | MEEDS_DATA_DIR | NO | `/srv/meeds` | the directory to store Meeds Server data |
152 | | MEEDS_FILE_STORAGE_DIR | NO | `${MEEDS_DATA_DIR}/files` | the directory to store Meeds Server data |
153 | | MEEDS_FILE_STORAGE_RETENTION | NO | `30` | the number of days to keep deleted files on disk before definitively removing it from the disk |
154 | | MEEDS_UPLOAD_MAX_FILE_SIZE | NO | `200` | maximum authorized size for file upload in MB. |
155 | | MEEDS_FILE_UMASK | NO | `0022` | the umask used for files generated by Meeds |
156 |
157 | ### Database
158 |
159 | The following environment variables must be passed to the container to work :
160 |
161 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
162 | |---------------------------|-----------|---------------|---------------------------------------------------------------------------------------|
163 | | MEEDS_DB_TYPE | NO | `hsqldb` | Meeds server uses hsqldb by default. Possible values: `mysql`, `postgresql` or `hsqldb` |
164 | | MEEDS_DB_POOL_IDM_INIT_SIZE | NO | `5` | the init size of IDM data source pool
165 | | MEEDS_DB_HOST | NO | `db` | Meeds database server host. This is needed only when `MEEDS_DB_TYPE` is set to `mysql` or `postgresql` |
166 | | MEEDS_DB_PORT | NO | `` | the port to connect to the database server |
167 | | MEEDS_DB_NAME | NO | `` | the name of the database/schema to use |
168 | | MEEDS_DB_USER | NO | `` | the username to connect to the database |
169 | | MEEDS_DB_PASSWORD | YES | - | the password to connect to the database |
170 | | MEEDS_DB_POOL_IDM_MAX_SIZE | NO | `20` | the max size of IDM data source pool |
171 | | MEEDS_DB_POOL_JCR_INIT_SIZE | NO | `5` | the init size of JCR data source pool |
172 | | MEEDS_DB_POOL_JCR_MAX_SIZE | NO | `20` | the max size of JCR data source pool |
173 | | MEEDS_DB_POOL_JPA_INIT_SIZE | NO | `5` | the init size of JPA data source pool |
174 | | MEEDS_DB_POOL_JPA_MAX_SIZE | NO | `20` | the max size of JPA data source pool |
175 | | MEEDS_DB_TIMEOUT | NO | `60` | the number of seconds to wait for database availability before canceling Meeds startup |
176 |
177 | #### MySQL
178 |
179 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
180 | | -------------------- | --------- | ------------- | ------------------------------------------------------------------------------------------------- |
181 | | MEEDS_DB_MYSQL_USE_SSL | NO | `false` | connecting securely to MySQL using SSL (see MySQL Connector/J documentation for useSSL parameter) |
182 |
183 | ### ElasticSearch
184 |
185 | The following environment variables should be passed to the container to configure the search feature on an external Elastic Search server:
186 |
187 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
188 | |-------------------------|-----------|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
189 | | MEEDS_ES_SCHEME | NO | `http` | the Elasticsearch server scheme to use from the Meeds Server JVM perspective (HTTP / HTTPS). |
190 | | MEEDS_ES_HOST | NO | `localhost` | the Elasticsearch server hostname to use from the Meeds Server JVM perspective. |
191 | | MEEDS_ES_PORT | NO | `9200` | the Elasticsearch server port from the Meeds Server JVM perspective. |
192 | | MEEDS_ES_USERNAME | NO | - | the username to connect to the Elasticsearch server (if authentication is activated on the external Elasticsearch). |
193 | | MEEDS_ES_PASSWORD | NO | - | the password to connect to the Elasticsearch server (if authentication is activated on the external Elasticsearch). |
194 | | MEEDS_ES_INDEX_REPLICA_NB | NO | `0` | the number of replicas for Elasticsearch indexes (leave 0 if you don't have an Elasticsearch cluster). |
195 | | MEEDS_ES_INDEX_SHARD_NB | NO | `0` | the number of shard for elasticsearch indexes. |
196 | | MEEDS_ES_TIMEOUT | NO | `60` | the number of seconds to wait for Elasticsearch availability before canceling Meeds startup |
197 |
198 | ### Matrix
199 |
200 | The following environment variables should be passed to the container in order to configure the matrix chat feature :
201 |
202 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
203 | | --------------------- | --------- | ------------- | -------------------------------------------------------------------------------------------- |
204 | | `MEEDS_WAIT_FOR_MATRIX` | No | `false` | Enables or disables the wait check for Matrix server availability during startup.
205 | | `MEEDS_MATRIX_HOST` | No | `matrix` | Hostname or IP address of the Matrix server.
206 | | `MEEDS_MATRIX_PORT` | No | `8008` | Port for the Matrix client API (non-TLS).
207 | | `MEEDS_MATRIX_TIMEOUT` | No | `30` | Maximum number of seconds to wait for the Matrix server to become available before aborting. |
208 |
209 | ### LDAP / Active Directory
210 |
211 | The following environment variables should be passed to the container to configure the LDAP connection pool:
212 |
213 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
214 | | ---------------------- | --------- | ------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
215 | | MEEDS_LDAP_POOL_DEBUG | NO | - | the level of debug output to produce. Valid values are "fine" (trace connection creation and removal) and "all" (all debugging information). |
216 | | MEEDS_LDAP_POOL_TIMEOUT | NO | `60000` | the number of milliseconds that an idle connection may remain in the pool without being closed and removed from the pool. |
217 | | MEEDS_LDAP_POOL_MAX_SIZE | NO | `100` | the maximum number of connections per connection identity that can be maintained concurrently.
218 |
219 | ### Mail
220 |
221 | The following environment variables should be passed to the container to configure the mail server configuration to use :
222 |
223 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
224 | |------------------------|-----------|---------------------------|-----------------------------------------------------|
225 | | MEEDS_MAIL_FROM | NO | `noreply@example.com` | "from" field of emails sent by Meeds Server |
226 | | MEEDS_MAIL_SMTP_HOST | NO | `localhost` | SMTP Server hostname |
227 | | MEEDS_MAIL_SMTP_PORT | NO | `25` | SMTP Server port |
228 | | MEEDS_MAIL_SMTP_STARTTLS | NO | `false` | true to enable the secure (TLS) SMTP. See RFC 3207. |
229 | | MEEDS_MAIL_SMTP_USERNAME | NO | - | authentication username for SMTP server (if needed) |
230 | | MEEDS_MAIL_SMTP_PASSWORD | NO | - | authentication password for SMTP server (if needed) |
231 |
232 | ### JMX
233 |
234 | The following environment variables should be passed to the container to configure JMX :
235 |
236 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
237 | |-----------------------------|-----------|---------------|-------------------------------------------------------------------------------------------------------------------------------------------|
238 | | MEEDS_JMX_ENABLED | NO | `true` | activate JMX listener |
239 | | MEEDS_JMX_RMI_REGISTRY_PORT | NO | `10001` | JMX RMI Registry port |
240 | | MEEDS_JMX_RMI_SERVER_PORT | NO | `10002` | JMX RMI Server port |
241 | | MEEDS_JMX_RMI_SERVER_HOSTNAME | NO | `localhost` | JMX RMI Server hostname |
242 | | MEEDS_JMX_USERNAME | NO | - | a username for JMX connection (if no username is provided, the JMX access is unprotected) |
243 | | MEEDS_JMX_PASSWORD | NO | - | a password for JMX connection (if no password is specified a random one will be generated and stored in /opt/meeds/conf/jmxremote.password) |
244 |
245 | With the default parameters, you can connect to JMX with `service:jmx:rmi://localhost:10002/jndi/rmi://localhost:10001/jmxrmi` without authentication.
246 |
247 | ### Remote Debugging
248 |
249 | The following environment variables should be passed to the container to enable remote debugging mode :
250 |
251 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
252 | | --------------------------- | --------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
253 | | MEEDS_DEBUG_ENABLED | NO | `false` | enable remote debugging listener |
254 | | MEEDS_DEBUG_PORT | NO | `8000` | Remote debugging port
255 |
256 | ### Remember me Token Expiration
257 |
258 | The following environment variables should be passed to the container to specify the `rememberme` token expiration :
259 |
260 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
261 | | ------------------------------------------------| --------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------- |
262 | | MEEDS_TOKEN_REMEMBERME_EXPIRATION_VALUE | NO | `7` | Number of unit expiration delay |
263 | | MEEDS_TOKEN_REMEMBERME_EXPIRATION_UNIT | NO | `DAY` | Unit of token expiration `DAY`, `HOUR`, `MINUTE`, `SECOND`
264 |
265 | ### Cluster
266 |
267 | The following environment variables should be passed to the container to configure the cluster :
268 |
269 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
270 | | --------------------- | --------- | ---------------- | -------------------------------------------------------------------------------------------------------------- |
271 | | MEEDS_CLUSTER | NO | `false` | Activate the cluster mode |
272 | | MEEDS_CLUSTER_NODE_NAME | NO | the container id | Node name to use in the cluster for this node (ex: node1) |
273 | | MEEDS_CLUSTER_HOSTS | NO | - | space-separated list of cluster hosts definitions (ex: name=node1,http_protocol=http,address=node1.cluster.local,http_port=8080,tcp1_port=7800,tcp2_port=7900 name=node2,http_protocol=http,address=node1.cluster.local,http_port=8080,tcp1_port=7800,tcp2_port=7900) |
274 |
275 | ### Reward Wallet
276 |
277 | The following environment variables should be passed to the container to configure the Meeds Rewards wallet:
278 |
279 | | VARIABLE | MANDATORY | DEFAULT VALUE | DESCRIPTION |
280 | |-----------------------------------------------|-----------|------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
281 | | MEEDS_REWARDS_WALLET_ADMIN_KEY | YES | `changeThisKey` | password used to encrypt the Admin wallet’s private key stored in the database. If its value is modified after server startup, the private key of the admin wallet won’t be decrypted anymore, preventing all administrative operations |
282 | | MEEDS_REWARDS_WALLET_ACCESS_PERMISSION | NO | `/platform/users` | to restrict access to wallet application to a group of users (ex: member:/spaces/internal_space) |
283 | | MEEDS_REWARDS_WALLET_NETWORK_ID | NO | `1` (mainnet) | ID of the Ethereum network to use (see: ) |
284 | | MEEDS_REWARDS_WALLET_NETWORK_ENDPOINT_HTTP | NO | `https://mainnet.infura.io/v3/a1ac85aea9ce4be88e9e87dad7c01d40` | HTTPS URL to access to the Ethereum API for the chosen network id |
285 | | MEEDS_REWARDS_WALLET_NETWORK_ENDPOINT_WEBSOCKET | NO | `wss://mainnet.infura.io/ws/v3/a1ac85aea9ce4be88e9e87dad7c01d40` | WSS URL to access to the Ethereum API for the chosen network id |
286 | | MEEDS_REWARDS_WALLET_TOKEN_ADDRESS | NO | `0xc76987d43b77c45d51653b6eb110b9174acce8fb` | address of the contract for the official rewarding token promoted by Meeds | |
287 |
288 | ## How-to
289 |
290 | ### Configure Meeds Server behind a reverse-proxy
291 |
292 | You have to specify the following environment variables to configure Meeds Server (see upper section for more parameters and details) :
293 |
294 | ```bash
295 | docker run -d \
296 | -p 8080:8080 \
297 | -e MEEDS_PROXY_VHOST="my.public-facing-hostname.org" \
298 | meedsio/meeds
299 | ```
300 |
301 | You can also use Docker Compose (see the provided `docker-compose.yml` file as an example).
302 |
303 | ### See Meeds Server logs
304 |
305 | ```bash
306 | docker logs --follow
307 | ```
308 | ### Customize some Meeds Server settings
309 |
310 | All previously mentioned [environment variables](#configuration-options) can be defined in a standard Docker way with `-e ENV_VARIABLE="value"` parameters :
311 |
312 | ```bash
313 | docker run -d \
314 | -p 8080:8080 \
315 | -e MEEDS_JVM_SIZE_MAX="8g" \
316 | meedsio/meeds
317 | ```
318 |
319 | Some Meeds configuration properties can also be defined in an `exo.properties` file. In this case, simply create this file and mount it in the Docker container:
320 |
321 | ```bash
322 | docker run -d \
323 | -p 8080:8080 \
324 | -v /absolute/path/to/exo.properties:/etc/meeds/exo.properties:ro \
325 | meedsio/meeds
326 | ```
327 |
328 | ## Image build
329 |
330 | The simplest way to build this image is to use default values :
331 |
332 | ```bash
333 | docker build -t meedsio/meeds .
334 | ```
335 |
336 | This will produce an image with the current Meeds Server.
337 |
--------------------------------------------------------------------------------
/scripts/setenv-docker-customize.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -eu
2 | #
3 | # This file is part of the Meeds project (https://meeds.io/).
4 | # Copyright (C) 2020 Meeds Association
5 | # contact@meeds.io
6 | # This program is free software; you can redistribute it and/or
7 | # modify it under the terms of the GNU Lesser General Public
8 | # License as published by the Free Software Foundation; either
9 | # version 3 of the License, or (at your option) any later version.
10 | # This program is distributed in the hope that it will be useful,
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | # Lesser General Public License for more details.
14 | # You should have received a copy of the GNU Lesser General Public License
15 | # along with this program; if not, write to the Free Software Foundation,
16 | # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 | #
18 | # -----------------------------------------------------------------------------
19 | #
20 | # Settings customization
21 | #
22 | # -----------------------------------------------------------------------------
23 | # This file contains customizations related to Docker environment.
24 | # -----------------------------------------------------------------------------
25 |
26 | replace_in_file() {
27 | local _tmpFile=$(mktemp /tmp/replace.XXXXXXXXXX) || { echo "Failed to create temp file"; exit 1; }
28 | mv $1 ${_tmpFile}
29 | sed "s|$2|$3|g" ${_tmpFile} > $1
30 | rm ${_tmpFile}
31 | }
32 |
33 | # $1 : the full line content to insert at the end of Meeds configuration file
34 | add_in_meeds_configuration() {
35 | local MEEDS_CONFIG_FILE="/etc/meeds/docker.properties"
36 | local P1="$1"
37 | if [ ! -f ${MEEDS_CONFIG_FILE} ]; then
38 | echo "Creating Meeds Docker configuration file [${MEEDS_CONFIG_FILE}]"
39 | touch ${MEEDS_CONFIG_FILE}
40 | if [ $? != 0 ]; then
41 | echo "Problem during Meeds Docker configuration file creation, startup aborted !"
42 | exit 1
43 | fi
44 | fi
45 | # Ensure the content will be added on a new line
46 | tail -c1 ${MEEDS_CONFIG_FILE} | read -r _ || echo >> ${MEEDS_CONFIG_FILE}
47 | echo "${P1}" >> ${MEEDS_CONFIG_FILE}
48 | }
49 |
50 | # -----------------------------------------------------------------------------
51 | # Check configuration variables and add default values when needed
52 | # -----------------------------------------------------------------------------
53 | set +u # DEACTIVATE unbound variable check
54 |
55 | # revert Tomcat umask change (before Tomcat 8.5 = 0022 / starting from Tomcat 8.5 = 0027)
56 | # see https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.0_(markt)
57 | [ -z "${MEEDS_FILE_UMASK}" ] && UMASK="0022" || UMASK="${MEEDS_FILE_UMASK}"
58 |
59 | [ -z "${MEEDS_PROXY_VHOST}" ] && MEEDS_PROXY_VHOST="localhost"
60 | [ -z "${MEEDS_PROXY_SSL}" ] && MEEDS_PROXY_SSL="false"
61 | [ -z "${MEEDS_PROXY_PORT}" ] && {
62 | case "${MEEDS_PROXY_SSL}" in
63 | true) MEEDS_PROXY_PORT="443";;
64 | false) MEEDS_PROXY_PORT="8080";;
65 | *) MEEDS_PROXY_PORT="8080";;
66 | esac
67 | }
68 | [ -z "${MEEDS_DATA_DIR}" ] && MEEDS_DATA_DIR="/srv/meeds"
69 | [ -z "${MEEDS_JCR_STORAGE_DIR}" ] && MEEDS_JCR_STORAGE_DIR="${MEEDS_DATA_DIR}/jcr/values"
70 | [ -z "${MEEDS_FILE_STORAGE_DIR}" ] && MEEDS_FILE_STORAGE_DIR="${MEEDS_DATA_DIR}/files"
71 | [ -z "${MEEDS_FILE_STORAGE_RETENTION}" ] && MEEDS_FILE_STORAGE_RETENTION="30"
72 |
73 | [ -z "${MEEDS_DB_TIMEOUT}" ] && MEEDS_DB_TIMEOUT="60"
74 | [ -z "${MEEDS_DB_TYPE}" ] && MEEDS_DB_TYPE="hsqldb"
75 | case "${MEEDS_DB_TYPE}" in
76 | hsqldb)
77 | echo "################################################################################"
78 | echo "# WARNING: you are using HSQLDB which is not recommanded for production purpose."
79 | echo "################################################################################"
80 | sleep 2
81 | ;;
82 | mysql)
83 | [ -z "${MEEDS_DB_NAME}" ] && MEEDS_DB_NAME="meeds"
84 | [ -z "${MEEDS_DB_USER}" ] && MEEDS_DB_USER="meeds"
85 | [ -z "${MEEDS_DB_PASSWORD}" ] && { echo "ERROR: you must provide a database password with MEEDS_DB_PASSWORD environment variable"; exit 1;}
86 | [ -z "${MEEDS_DB_HOST}" ] && MEEDS_DB_HOST="db"
87 | [ -z "${MEEDS_DB_PORT}" ] && MEEDS_DB_PORT="3306"
88 | [ -z "${MEEDS_DB_MYSQL_USE_SSL}" ] && MEEDS_DB_MYSQL_USE_SSL="false"
89 | ;;
90 | pgsql|postgres|postgresql)
91 | [ -z "${MEEDS_DB_NAME}" ] && MEEDS_DB_NAME="meeds"
92 | [ -z "${MEEDS_DB_USER}" ] && MEEDS_DB_USER="meeds"
93 | [ -z "${MEEDS_DB_PASSWORD}" ] && { echo "ERROR: you must provide a database password with MEEDS_DB_PASSWORD environment variable"; exit 1;}
94 | [ -z "${MEEDS_DB_HOST}" ] && MEEDS_DB_HOST="db"
95 | [ -z "${MEEDS_DB_PORT}" ] && MEEDS_DB_PORT="5432"
96 | ;;
97 | *)
98 | echo "ERROR: you must provide a supported database type with MEEDS_DB_TYPE environment variable (current value is '${MEEDS_DB_TYPE}')"
99 | echo "ERROR: supported database types are :"
100 | echo "ERROR: HSQLDB (MEEDS_DB_TYPE = hsqldb) (default)"
101 | echo "ERROR: MySQL (MEEDS_DB_TYPE = mysql)"
102 | echo "ERROR: Postgresql (MEEDS_DB_TYPE = pgsql)"
103 | exit 1;;
104 | esac
105 | [ -z "${MEEDS_DB_POOL_IDM_INIT_SIZE}" ] && MEEDS_DB_POOL_IDM_INIT_SIZE="5"
106 | [ -z "${MEEDS_DB_POOL_IDM_MAX_SIZE}" ] && MEEDS_DB_POOL_IDM_MAX_SIZE="20"
107 | [ -z "${MEEDS_DB_POOL_JCR_INIT_SIZE}" ] && MEEDS_DB_POOL_JCR_INIT_SIZE="5"
108 | [ -z "${MEEDS_DB_POOL_JCR_MAX_SIZE}" ] && MEEDS_DB_POOL_JCR_MAX_SIZE="20"
109 | [ -z "${MEEDS_DB_POOL_JPA_INIT_SIZE}" ] && MEEDS_DB_POOL_JPA_INIT_SIZE="5"
110 | [ -z "${MEEDS_DB_POOL_JPA_MAX_SIZE}" ] && MEEDS_DB_POOL_JPA_MAX_SIZE="20"
111 |
112 | [ -z "${MEEDS_UPLOAD_MAX_FILE_SIZE}" ] && MEEDS_UPLOAD_MAX_FILE_SIZE="200"
113 |
114 | [ -z "${MEEDS_HTTP_THREAD_MIN}" ] && MEEDS_HTTP_THREAD_MIN="10"
115 | [ -z "${MEEDS_HTTP_THREAD_MAX}" ] && MEEDS_HTTP_THREAD_MAX="200"
116 |
117 | [ -z "${MEEDS_MAIL_FROM}" ] && MEEDS_MAIL_FROM="noreply@example.com"
118 | [ -z "${MEEDS_MAIL_SMTP_HOST}" ] && MEEDS_MAIL_SMTP_HOST="localhost"
119 | [ -z "${MEEDS_MAIL_SMTP_PORT}" ] && MEEDS_MAIL_SMTP_PORT="25"
120 | [ -z "${MEEDS_MAIL_SMTP_STARTTLS}" ] && MEEDS_MAIL_SMTP_STARTTLS="false"
121 | [ -z "${MEEDS_MAIL_SMTP_USERNAME}" ] && MEEDS_MAIL_SMTP_USERNAME="-"
122 | [ -z "${MEEDS_MAIL_SMTP_PASSWORD}" ] && MEEDS_MAIL_SMTP_PASSWORD="-"
123 |
124 | [ -z "${MEEDS_JVM_LOG_GC_ENABLED}" ] && MEEDS_JVM_LOG_GC_ENABLED="false"
125 |
126 | [ -z "${MEEDS_JMX_ENABLED}" ] && MEEDS_JMX_ENABLED="true"
127 | [ -z "${MEEDS_JMX_RMI_REGISTRY_PORT}" ] && MEEDS_JMX_RMI_REGISTRY_PORT="10001"
128 | [ -z "${MEEDS_JMX_RMI_SERVER_PORT}" ] && MEEDS_JMX_RMI_SERVER_PORT="10002"
129 | [ -z "${MEEDS_JMX_RMI_SERVER_HOSTNAME}" ] && MEEDS_JMX_RMI_SERVER_HOSTNAME="localhost"
130 | [ -z "${MEEDS_JMX_USERNAME}" ] && MEEDS_JMX_USERNAME="-"
131 | [ -z "${MEEDS_JMX_PASSWORD}" ] && MEEDS_JMX_PASSWORD="-"
132 |
133 | [ -z "${MEEDS_ACCESS_LOG_ENABLED}" ] && MEEDS_ACCESS_LOG_ENABLED="false"
134 |
135 | [ -z "${MEEDS_ES_TIMEOUT}" ] && MEEDS_ES_TIMEOUT="60"
136 | [ -z "${MEEDS_ES_SCHEME}" ] && MEEDS_ES_SCHEME="http"
137 | [ -z "${MEEDS_ES_HOST}" ] && MEEDS_ES_HOST="localhost"
138 | [ -z "${MEEDS_ES_PORT}" ] && MEEDS_ES_PORT="9200"
139 | MEEDS_ES_URL="${MEEDS_ES_SCHEME}://${MEEDS_ES_HOST}:${MEEDS_ES_PORT}"
140 | [ -z "${MEEDS_ES_USERNAME}" ] && MEEDS_ES_USERNAME="-"
141 | [ -z "${MEEDS_ES_PASSWORD}" ] && MEEDS_ES_PASSWORD="-"
142 | [ -z "${MEEDS_ES_INDEX_REPLICA_NB}" ] && MEEDS_ES_INDEX_REPLICA_NB="1"
143 | [ -z "${MEEDS_ES_INDEX_SHARD_NB}" ] && MEEDS_ES_INDEX_SHARD_NB="5"
144 |
145 | [ -z "${MEEDS_WAIT_FOR_MATRIX}" ] && MEEDS_WAIT_FOR_MATRIX="false"
146 | [ -z "${MEEDS_MATRIX_HOST}" ] && MEEDS_MATRIX_HOST="matrix"
147 | [ -z "${MEEDS_MATRIX_PORT}" ] && MEEDS_MATRIX_PORT="8008"
148 | [ -z "${MEEDS_MATRIX_TIMEOUT}" ] && MEEDS_MATRIX_TIMEOUT="30"
149 |
150 | [ -z "${MEEDS_LDAP_POOL_TIMEOUT}" ] && MEEDS_LDAP_POOL_TIMEOUT="60000"
151 | [ -z "${MEEDS_LDAP_POOL_MAX_SIZE}" ] && MEEDS_LDAP_POOL_MAX_SIZE="100"
152 |
153 | [ -z "${MEEDS_JODCONVERTER_PORTS}" ] && MEEDS_JODCONVERTER_PORTS="2002"
154 |
155 | [ -z "${MEEDS_REWARDS_WALLET_ADMIN_KEY}" ] && MEEDS_REWARDS_WALLET_ADMIN_KEY="changeThisKey"
156 | [ -z "${MEEDS_REWARDS_WALLET_ACCESS_PERMISSION}" ] && MEEDS_REWARDS_WALLET_ACCESS_PERMISSION="/platform/users"
157 | [ -z "${MEEDS_REWARDS_WALLET_NETWORK_ID}" ] && MEEDS_REWARDS_WALLET_NETWORK_ID="1"
158 | [ -z "${MEEDS_REWARDS_WALLET_NETWORK_ENDPOINT_HTTP}" ] && MEEDS_REWARDS_WALLET_NETWORK_ENDPOINT_HTTP="https://mainnet.infura.io/v3/a1ac85aea9ce4be88e9e87dad7c01d40"
159 | [ -z "${MEEDS_REWARDS_WALLET_NETWORK_ENDPOINT_WEBSOCKET}" ] && MEEDS_REWARDS_WALLET_NETWORK_ENDPOINT_WEBSOCKET="wss://mainnet.infura.io/ws/v3/a1ac85aea9ce4be88e9e87dad7c01d40"
160 | [ -z "${MEEDS_REWARDS_WALLET_TOKEN_ADDRESS}" ] && MEEDS_REWARDS_WALLET_TOKEN_ADDRESS="0xc76987d43b77c45d51653b6eb110b9174acce8fb"
161 |
162 | [ -z "${MEEDS_ADDONS_CONFLICT_MODE}" ] && MEEDS_ADDONS_CONFLICT_MODE=""
163 | [ -z "${MEEDS_ADDONS_NOCOMPAT_MODE}" ] && MEEDS_ADDONS_NOCOMPAT_MODE="false"
164 |
165 | [ -z "${MEEDS_CLUSTER_NODE_NAME}" ] && MEEDS_CLUSTER_NODE_NAME=""
166 |
167 | [ -z "${MEEDS_TOKEN_REMEMBERME_EXPIRATION_VALUE}" ] && MEEDS_TOKEN_REMEMBERME_EXPIRATION_VALUE="7"
168 | [ -z "${MEEDS_TOKEN_REMEMBERME_EXPIRATION_UNIT}" ] && MEEDS_TOKEN_REMEMBERME_EXPIRATION_UNIT="DAY"
169 |
170 |
171 | [ -z "${MEEDS_GZIP_ENABLED}" ] && MEEDS_GZIP_ENABLED="true"
172 |
173 | # Mapping with sentenv.sh
174 | [ ! -z "${MEEDS_JVM_SIZE_MAX}" ] && EXO_JVM_SIZE_MAX="${MEEDS_JVM_SIZE_MAX}"
175 | [ ! -z "${MEEDS_JVM_SIZE_MAX}" ] && EXO_JVM_SIZE_MAX="${MEEDS_JVM_SIZE_MAX}"
176 | [ ! -z "${MEEDS_DATA_DIR}" ] && EXO_DATA_DIR="${MEEDS_DATA_DIR}"
177 |
178 |
179 | set -u # REACTIVATE unbound variable check
180 |
181 | # -----------------------------------------------------------------------------
182 | # Update some configuration files when the container is created for the first time
183 | # -----------------------------------------------------------------------------
184 | if [ -f /opt/meeds/_done.configuration ]; then
185 | echo "INFO: Configuration already done! skipping this step."
186 | else
187 |
188 |
189 | # Jcr storage configuration
190 | add_in_meeds_configuration "exo.jcr.storage.data.dir=${MEEDS_JCR_STORAGE_DIR}"
191 |
192 | # File storage configuration
193 | add_in_meeds_configuration "# File storage configuration"
194 | add_in_meeds_configuration "exo.files.binaries.storage.type=fs"
195 | add_in_meeds_configuration "exo.files.storage.dir=${MEEDS_FILE_STORAGE_DIR}"
196 | add_in_meeds_configuration "exo.commons.FileStorageCleanJob.retention-time=${MEEDS_FILE_STORAGE_RETENTION}"
197 |
198 | # Database configuration
199 | case "${MEEDS_DB_TYPE}" in
200 | hsqldb)
201 | cat /opt/meeds/conf/server-hsqldb.xml > /opt/meeds/conf/server.xml
202 | ;;
203 | mysql)
204 | cat /opt/meeds/conf/server-mysql.xml > /opt/meeds/conf/server.xml
205 | replace_in_file /opt/meeds/conf/server.xml "jdbc:mysql://localhost:3306/plf?autoReconnect=true" "jdbc:mysql://${MEEDS_DB_HOST}:${MEEDS_DB_PORT}/${MEEDS_DB_NAME}?autoReconnect=true\&useSSL=${MEEDS_DB_MYSQL_USE_SSL}\&allowPublicKeyRetrieval=true"
206 | replace_in_file /opt/meeds/conf/server.xml 'username="plf" password="plf"' 'username="'${MEEDS_DB_USER}'" password="'${MEEDS_DB_PASSWORD}'"'
207 | ;;
208 | pgsql|postgres|postgresql)
209 | cat /opt/meeds/conf/server-postgres.xml > /opt/meeds/conf/server.xml
210 | replace_in_file /opt/meeds/conf/server.xml "jdbc:postgresql://localhost:5432/plf" "jdbc:postgresql://${MEEDS_DB_HOST}:${MEEDS_DB_PORT}/${MEEDS_DB_NAME}"
211 | replace_in_file /opt/meeds/conf/server.xml 'username="plf" password="plf"' 'username="'${MEEDS_DB_USER}'" password="'${MEEDS_DB_PASSWORD}'"'
212 | ;;
213 | *) echo "ERROR: you must provide a supported database type with MEEDS_DB_TYPE environment variable (current value is '${MEEDS_DB_TYPE}')";
214 | exit 1
215 | ;;
216 | esac
217 |
218 | ## Remove file comments
219 | xmlstarlet ed -L -d "//comment()" /opt/meeds/conf/server.xml || {
220 | echo "ERROR during xmlstarlet processing (xml comments removal)"
221 | exit 1
222 | }
223 |
224 | # Update IDM datasource settings
225 | xmlstarlet ed -L -u "/Server/GlobalNamingResources/Resource[@name='exo-idm_portal']/@initialSize" -v "${MEEDS_DB_POOL_IDM_INIT_SIZE}" \
226 | -u "/Server/GlobalNamingResources/Resource[@name='exo-idm_portal']/@minIdle" -v "${MEEDS_DB_POOL_IDM_INIT_SIZE}" \
227 | -u "/Server/GlobalNamingResources/Resource[@name='exo-idm_portal']/@maxIdle" -v "${MEEDS_DB_POOL_IDM_INIT_SIZE}" \
228 | -u "/Server/GlobalNamingResources/Resource[@name='exo-idm_portal']/@maxActive" -v "${MEEDS_DB_POOL_IDM_MAX_SIZE}" \
229 | /opt/meeds/conf/server.xml || {
230 | echo "ERROR during xmlstarlet processing (configuring datasource exo-idm_portal)"
231 | exit 1
232 | }
233 |
234 | # Update JCR datasource settings
235 | xmlstarlet ed -L -u "/Server/GlobalNamingResources/Resource[@name='exo-jcr_portal']/@initialSize" -v "${MEEDS_DB_POOL_JCR_INIT_SIZE}" \
236 | -u "/Server/GlobalNamingResources/Resource[@name='exo-jcr_portal']/@minIdle" -v "${MEEDS_DB_POOL_JCR_INIT_SIZE}" \
237 | -u "/Server/GlobalNamingResources/Resource[@name='exo-jcr_portal']/@maxIdle" -v "${MEEDS_DB_POOL_JCR_INIT_SIZE}" \
238 | -u "/Server/GlobalNamingResources/Resource[@name='exo-jcr_portal']/@maxActive" -v "${MEEDS_DB_POOL_JCR_MAX_SIZE}" \
239 | /opt/meeds/conf/server.xml || {
240 | echo "ERROR during xmlstarlet processing (configuring datasource exo-jcr_portal)"
241 | exit 1
242 | }
243 |
244 | # Update JPA datasource settings
245 | xmlstarlet ed -L -u "/Server/GlobalNamingResources/Resource[@name='exo-jpa_portal']/@initialSize" -v "${MEEDS_DB_POOL_JPA_INIT_SIZE}" \
246 | -u "/Server/GlobalNamingResources/Resource[@name='exo-jpa_portal']/@minIdle" -v "${MEEDS_DB_POOL_JPA_INIT_SIZE}" \
247 | -u "/Server/GlobalNamingResources/Resource[@name='exo-jpa_portal']/@maxIdle" -v "${MEEDS_DB_POOL_JPA_INIT_SIZE}" \
248 | -u "/Server/GlobalNamingResources/Resource[@name='exo-jpa_portal']/@maxActive" -v "${MEEDS_DB_POOL_JPA_MAX_SIZE}" \
249 | /opt/meeds/conf/server.xml || {
250 | echo "ERROR during xmlstarlet processing (configuring datasource exo-jpa_portal)"
251 | exit 1
252 | }
253 |
254 | ## Remove AJP connector
255 | xmlstarlet ed -L -d '//Connector[@protocol="AJP/1.3"]' /opt/meeds/conf/server.xml || {
256 | echo "ERROR during xmlstarlet processing (AJP connector removal)"
257 | exit 1
258 | }
259 |
260 | ## Add jvmRoute in server.xml, useful for Load balancing in cluster configuration
261 | if [ -n "${MEEDS_CLUSTER_NODE_NAME}" ]; then
262 | xmlstarlet ed -L -d "/Server/Service/Engine/@jvmRoute" /opt/meeds/conf/server.xml && \
263 | xmlstarlet ed -L -s "/Server/Service/Engine" -t attr -n "jvmRoute" -v "${MEEDS_CLUSTER_NODE_NAME}" /opt/meeds/conf/server.xml || {
264 | echo "ERROR during xmlstarlet processing (jvmRoute definition)"
265 | exit 1
266 | }
267 | fi
268 |
269 | ## Force JSESSIONID to be added in cookie instead of URL
270 | xmlstarlet ed -L -d "/Context/@cookies" /opt/meeds/conf/context.xml && \
271 | xmlstarlet ed -L -s "/Context" -t attr -n "cookies" -v "true" /opt/meeds/conf/context.xml || {
272 | echo "ERROR during xmlstarlet processing (cookies definition)"
273 | exit 1
274 | }
275 |
276 | # Proxy configuration
277 | xmlstarlet ed -L -s "/Server/Service/Connector" -t attr -n "proxyName" -v "${MEEDS_PROXY_VHOST}" /opt/meeds/conf/server.xml || {
278 | echo "ERROR during xmlstarlet processing (adding Connector proxyName)"
279 | exit 1
280 | }
281 |
282 | if [ "${MEEDS_PROXY_SSL}" = "true" ]; then
283 | xmlstarlet ed -L -s "/Server/Service/Connector" -t attr -n "scheme" -v "https" \
284 | -s "/Server/Service/Connector" -t attr -n "secure" -v "true" \
285 | -s "/Server/Service/Connector" -t attr -n "proxyPort" -v "${MEEDS_PROXY_PORT}" \
286 | /opt/meeds/conf/server.xml || {
287 | echo "ERROR during xmlstarlet processing (configuring Connector proxy ssl)"
288 | exit 1
289 | }
290 | if [ "${MEEDS_PROXY_PORT}" = "443" ]; then
291 | add_in_meeds_configuration "exo.base.url=https://${MEEDS_PROXY_VHOST}"
292 | else
293 | add_in_meeds_configuration "exo.base.url=https://${MEEDS_PROXY_VHOST}:${MEEDS_PROXY_PORT}"
294 | fi
295 | else
296 | xmlstarlet ed -L -s "/Server/Service/Connector" -t attr -n "scheme" -v "http" \
297 | -s "/Server/Service/Connector" -t attr -n "secure" -v "false" \
298 | -s "/Server/Service/Connector" -t attr -n "proxyPort" -v "${MEEDS_PROXY_PORT}" \
299 | /opt/meeds/conf/server.xml || {
300 | echo "ERROR during xmlstarlet processing (configuring Connector proxy)"
301 | exit 1
302 | }
303 | if [ "${MEEDS_PROXY_PORT}" = "80" ]; then
304 | add_in_meeds_configuration "exo.base.url=http://${MEEDS_PROXY_VHOST}"
305 | else
306 | add_in_meeds_configuration "exo.base.url=http://${MEEDS_PROXY_VHOST}:${MEEDS_PROXY_PORT}"
307 | fi
308 | fi
309 |
310 | # Upload size
311 | add_in_meeds_configuration "exo.ecms.connector.drives.uploadLimit=${MEEDS_UPLOAD_MAX_FILE_SIZE}"
312 | add_in_meeds_configuration "exo.social.activity.uploadLimit=${MEEDS_UPLOAD_MAX_FILE_SIZE}"
313 | add_in_meeds_configuration "wiki.attachment.uploadLimit=${MEEDS_UPLOAD_MAX_FILE_SIZE}"
314 | add_in_meeds_configuration "exo.uploadLimit=${MEEDS_UPLOAD_MAX_FILE_SIZE}"
315 |
316 | # Tomcat HTTP Thread pool configuration
317 | xmlstarlet ed -L -s "/Server/Service/Connector" -t attr -n "maxThreads" -v "${MEEDS_HTTP_THREAD_MAX}" \
318 | -s "/Server/Service/Connector" -t attr -n "minSpareThreads" -v "${MEEDS_HTTP_THREAD_MIN}" \
319 | /opt/meeds/conf/server.xml || {
320 | echo "ERROR during xmlstarlet processing (adding Connector proxyName)"
321 | exit 1
322 | }
323 |
324 | # Tomcat valves and listeners configuration
325 | if [ -e /etc/meeds/host.yml ]; then
326 | echo "Override default valves and listeners configuration"
327 |
328 | # Remove the default configuration
329 | xmlstarlet ed -L -d "/Server/Service/Engine/Host/Valve" \
330 | -d "/Server/Service/Engine/Host/Listener" \
331 | /opt/meeds/conf/server.xml || {
332 | echo "ERROR during xmlstarlet processing (Remove default host configuration)"
333 | exit 1
334 | }
335 |
336 | i=0
337 | while [ $i -ge 0 ]; do
338 | # Declare component
339 | type=$(yq read /etc/meeds/host.yml components[$i].type)
340 | if [ "${type}" != "null" ]; then
341 | className=$(yq read /etc/meeds/host.yml components[$i].className)
342 | echo "Declare ${type} ${className}"
343 | xmlstarlet ed -L -s "/Server/Service/Engine/Host" -t elem -n "${type}TMP" -v "" \
344 | -i "//${type}TMP" -t attr -n "className" -v "${className}" \
345 | /opt/meeds/conf/server.xml || {
346 | echo "ERROR during xmlstarlet processing (adding ${className})"
347 | exit 1
348 | }
349 |
350 | # Add component attributes
351 | j=0
352 | while [ $j -ge 0 ]; do
353 | attributeName=$(yq read /etc/meeds/host.yml components[$i].attributes[$j].name)
354 | if [ "${attributeName}" != "null" ]; then
355 | attributeValue=$(yq read /etc/meeds/host.yml components[$i].attributes[$j].value | tr -d "'")
356 | xmlstarlet ed -L -i "//${type}TMP" -t attr -n "${attributeName}" -v "${attributeValue}" \
357 | /opt/meeds/conf/server.xml || {
358 | echo "ERROR during xmlstarlet processing (adding ${className} / ${attributeName})"
359 | }
360 |
361 | j=$(($j + 1))
362 | else
363 | j=-1
364 | fi
365 | done
366 |
367 | # Rename the component to its final type
368 | xmlstarlet ed -L -r "//${type}TMP" -v "${type}" \
369 | /opt/meeds/conf/server.xml || {
370 | echo "ERROR during xmlstarlet processing (renaming ${type}TMP)"
371 | exit 1
372 | }
373 |
374 | i=$(($i + 1))
375 | else
376 | i=-1
377 | fi
378 | done
379 | fi
380 |
381 | # Mail configuration
382 | add_in_meeds_configuration "# Mail configuration"
383 | add_in_meeds_configuration "exo.email.smtp.from=${MEEDS_MAIL_FROM}"
384 | add_in_meeds_configuration "gatein.email.smtp.from=${MEEDS_MAIL_FROM}"
385 | add_in_meeds_configuration "exo.email.smtp.host=${MEEDS_MAIL_SMTP_HOST}"
386 | add_in_meeds_configuration "exo.email.smtp.port=${MEEDS_MAIL_SMTP_PORT}"
387 | add_in_meeds_configuration "exo.email.smtp.starttls.enable=${MEEDS_MAIL_SMTP_STARTTLS}"
388 | if [ "${MEEDS_MAIL_SMTP_USERNAME:-}" = "-" ]; then
389 | add_in_meeds_configuration "exo.email.smtp.auth=false"
390 | add_in_meeds_configuration "#exo.email.smtp.username="
391 | add_in_meeds_configuration "#exo.email.smtp.password="
392 | else
393 | add_in_meeds_configuration "exo.email.smtp.auth=true"
394 | add_in_meeds_configuration "exo.email.smtp.username=${MEEDS_MAIL_SMTP_USERNAME}"
395 | add_in_meeds_configuration "exo.email.smtp.password=${MEEDS_MAIL_SMTP_PASSWORD}"
396 | fi
397 | add_in_meeds_configuration "exo.email.smtp.socketFactory.port="
398 | add_in_meeds_configuration "exo.email.smtp.socketFactory.class="
399 | # SMTP TLS Version, Example: TLSv1.2
400 | if [ ! -z "${MEEDS_SMTP_SSL_PROTOCOLS:-}" ]; then
401 | add_in_meeds_configuration "mail.smtp.ssl.protocols=${MEEDS_SMTP_SSL_PROTOCOLS}"
402 | fi
403 |
404 | # JMX configuration
405 | if [ "${MEEDS_JMX_ENABLED}" = "true" ]; then
406 | # Create the security files if required
407 | if [ "${MEEDS_JMX_USERNAME:-}" != "-" ]; then
408 | if [ "${MEEDS_JMX_PASSWORD:-}" = "-" ]; then
409 | MEEDS_JMX_PASSWORD="$(tr -dc '[:alnum:]' < /dev/urandom | dd bs=2 count=6 2>/dev/null)"
410 | fi
411 | # /opt/meeds/conf/jmxremote.password
412 | echo "${MEEDS_JMX_USERNAME} ${MEEDS_JMX_PASSWORD}" > /opt/meeds/conf/jmxremote.password
413 | # /opt/meeds/conf/jmxremote.access
414 | echo "${MEEDS_JMX_USERNAME} readwrite" > /opt/meeds/conf/jmxremote.access
415 | fi
416 | fi
417 |
418 | # Access log configuration
419 | if [ "${MEEDS_ACCESS_LOG_ENABLED}" = "true" ]; then
420 | # Add a new valve (just before the end of Host)
421 | xmlstarlet ed -L -s "/Server/Service/Engine/Host" -t elem -n "ValveTMP" -v "" \
422 | -i "//ValveTMP" -t attr -n "className" -v "org.apache.catalina.valves.AccessLogValve" \
423 | -i "//ValveTMP" -t attr -n "pattern" -v "combined" \
424 | -i "//ValveTMP" -t attr -n "directory" -v "logs" \
425 | -i "//ValveTMP" -t attr -n "prefix" -v "access" \
426 | -i "//ValveTMP" -t attr -n "suffix" -v ".log" \
427 | -i "//ValveTMP" -t attr -n "rotatable" -v "true" \
428 | -i "//ValveTMP" -t attr -n "renameOnRotate" -v "true" \
429 | -i "//ValveTMP" -t attr -n "fileDateFormat" -v ".yyyy-MM-dd" \
430 | -r "//ValveTMP" -v Valve \
431 | /opt/meeds/conf/server.xml || {
432 | echo "ERROR during xmlstarlet processing (adding AccessLogValve)"
433 | exit 1
434 | }
435 | fi
436 | # Gzip compression
437 | if [ "${MEEDS_GZIP_ENABLED}" = "true" ]; then
438 | xmlstarlet ed -L -u "/Server/Service/Connector/@compression" -v "on" /opt/meeds/conf/server.xml || {
439 | echo "ERROR during xmlstarlet processing (configuring Connector compression)"
440 | exit 1
441 | }
442 | fi
443 |
444 | # Connection timeout
445 | xmlstarlet ed -L -u "/Server/Service/Connector/@connectionTimeout" -v "${MEEDS_CONNECTION_TIMEOUT:-20000}" /opt/meeds/conf/server.xml || {
446 | echo "ERROR during xmlstarlet processing (configuring Connector connectionTimeout)"
447 | exit 1
448 | }
449 |
450 | # Elasticsearch configuration
451 | add_in_meeds_configuration "# Elasticsearch configuration"
452 | add_in_meeds_configuration "exo.es.embedded.enabled=false"
453 |
454 | add_in_meeds_configuration "exo.es.search.server.url=${MEEDS_ES_URL}"
455 | add_in_meeds_configuration "exo.es.index.server.url=${MEEDS_ES_URL}"
456 |
457 | if [ "${MEEDS_ES_USERNAME:-}" != "-" ]; then
458 | add_in_meeds_configuration "exo.es.index.server.username=${MEEDS_ES_USERNAME}"
459 | add_in_meeds_configuration "exo.es.index.server.password=${MEEDS_ES_PASSWORD}"
460 | add_in_meeds_configuration "exo.es.search.server.username=${MEEDS_ES_USERNAME}"
461 | add_in_meeds_configuration "exo.es.search.server.password=${MEEDS_ES_PASSWORD}"
462 | else
463 | add_in_meeds_configuration "#exo.es.index.server.username="
464 | add_in_meeds_configuration "#exo.es.index.server.password="
465 | add_in_meeds_configuration "#exo.es.search.server.username="
466 | add_in_meeds_configuration "#exo.es.search.server.password="
467 | fi
468 |
469 | add_in_meeds_configuration "exo.es.indexing.replica.number.default=${MEEDS_ES_INDEX_REPLICA_NB}"
470 | add_in_meeds_configuration "exo.es.indexing.shard.number.default=${MEEDS_ES_INDEX_SHARD_NB}"
471 |
472 | # JOD Converter
473 | add_in_meeds_configuration "exo.jodconverter.portnumbers=${MEEDS_JODCONVERTER_PORTS}"
474 |
475 | # Meeds Rewards
476 | add_in_meeds_configuration "# Rewards configuration"
477 | add_in_meeds_configuration "exo.wallet.admin.key=${MEEDS_REWARDS_WALLET_ADMIN_KEY}"
478 | add_in_meeds_configuration "exo.wallet.accessPermission=${MEEDS_REWARDS_WALLET_ACCESS_PERMISSION}"
479 | add_in_meeds_configuration "exo.wallet.blockchain.networkId=${MEEDS_REWARDS_WALLET_NETWORK_ID}"
480 | add_in_meeds_configuration "exo.wallet.blockchain.network.http=${MEEDS_REWARDS_WALLET_NETWORK_ENDPOINT_HTTP}"
481 | add_in_meeds_configuration "exo.wallet.blockchain.network.websocket=${MEEDS_REWARDS_WALLET_NETWORK_ENDPOINT_WEBSOCKET}"
482 | add_in_meeds_configuration "exo.wallet.blockchain.token.address=${MEEDS_REWARDS_WALLET_TOKEN_ADDRESS}"
483 | [ ! -z "${MEEDS_REWARDS_WALLET_ADMIN_PRIVATE_KEY:-}" ] && add_in_meeds_configuration "exo.wallet.admin.privateKey=${MEEDS_REWARDS_WALLET_ADMIN_PRIVATE_KEY}"
484 | [ ! -z "${MEEDS_REWARDS_WALLET_NETWORK_CRYPTOCURRENCY:-}" ] && add_in_meeds_configuration "exo.wallet.blockchain.network.cryptocurrency=${MEEDS_REWARDS_WALLET_NETWORK_CRYPTOCURRENCY}"
485 | [ ! -z "${MEEDS_REWARDS_WALLET_TOKEN_SYMBOL:-}" ] && add_in_meeds_configuration "exo.wallet.blockchain.token.symbol=${MEEDS_REWARDS_WALLET_TOKEN_SYMBOL}"
486 |
487 | # Rememberme Token expiration
488 | add_in_meeds_configuration "exo.token.rememberme.expiration.value=${MEEDS_TOKEN_REMEMBERME_EXPIRATION_VALUE}"
489 | add_in_meeds_configuration "exo.token.rememberme.expiration.unit=${MEEDS_TOKEN_REMEMBERME_EXPIRATION_UNIT}"
490 |
491 | # put a file to avoid doing the configuration twice
492 | touch /opt/meeds/_done.configuration
493 | fi
494 |
495 | # -----------------------------------------------------------------------------
496 | # Install add-ons if needed when the container is created for the first time
497 | # -----------------------------------------------------------------------------
498 | if [ -f /opt/meeds/_done.addons ]; then
499 | echo "INFO: add-ons installation already done! skipping this step."
500 | else
501 | echo "# ------------------------------------ #"
502 | echo "# Meeds add-ons management start ..."
503 | echo "# ------------------------------------ #"
504 |
505 | if [ ! -z "${MEEDS_ADDONS_CATALOG_URL:-}" ]; then
506 | echo "The add-on manager catalog url was overriden with : ${MEEDS_ADDONS_CATALOG_URL}"
507 | _ADDON_MGR_OPTION_CATALOG="--catalog=${MEEDS_ADDONS_CATALOG_URL}"
508 | fi
509 |
510 | if [ ! -z "${MEEDS_PATCHES_CATALOG_URL:-}" ]; then
511 | echo "The add-on manager patches catalog url was defined with : ${MEEDS_PATCHES_CATALOG_URL}"
512 | _ADDON_MGR_OPTION_PATCHES_CATALOG="--catalog=${MEEDS_PATCHES_CATALOG_URL}"
513 | fi
514 |
515 | # add-ons removal
516 | if [ -z "${MEEDS_ADDONS_REMOVE_LIST:-}" ]; then
517 | echo "# no add-on to uninstall from MEEDS_ADDONS_REMOVE_LIST environment variable."
518 | else
519 | echo "# uninstalling default add-ons from MEEDS_ADDONS_REMOVE_LIST environment variable:"
520 | echo ${MEEDS_ADDONS_REMOVE_LIST} | tr ',' '\n' | while read _addon ; do
521 | if [ -n "${_addon}" ]; then
522 | # Uninstall addon
523 | ${MEEDS_APP_DIR}/addon uninstall ${_addon}
524 | if [ $? != 0 ]; then
525 | echo "[ERROR] Problem during add-on [${_addon}] uninstall."
526 | exit 1
527 | fi
528 | fi
529 | done
530 | if [ $? != 0 ]; then
531 | echo "[ERROR] An error during add-on uninstallation phase aborted Meeds startup !"
532 | exit 1
533 | fi
534 | fi
535 |
536 | echo "# ------------------------------------ #"
537 |
538 | # add-on installation options
539 | if [ "${MEEDS_ADDONS_CONFLICT_MODE:-}" = "overwrite" ] || [ "${MEEDS_ADDONS_CONFLICT_MODE:-}" = "ignore" ]; then
540 | _ADDON_MGR_OPTIONS="${_ADDON_MGR_OPTIONS:-} --conflict=${MEEDS_ADDONS_CONFLICT_MODE}"
541 | fi
542 |
543 | if [ "${MEEDS_ADDONS_NOCOMPAT_MODE:-false}" = "true" ]; then
544 | _ADDON_MGR_OPTIONS="${_ADDON_MGR_OPTIONS:-} --no-compat"
545 | fi
546 |
547 | # add-on installation
548 | if [ -z "${MEEDS_ADDONS_LIST:-}" ]; then
549 | echo "# no add-on to install from MEEDS_ADDONS_LIST environment variable."
550 | else
551 | echo "# installing add-ons from MEEDS_ADDONS_LIST environment variable:"
552 | _ADDON_COUNTER=0
553 | echo ${MEEDS_ADDONS_LIST} | tr ',' '\n' | while read _addon ; do
554 | if [ -n "${_addon}" ]; then
555 | _ADDON_COUNTER=$((_ADDON_COUNTER+1))
556 | # Install addon
557 | if [ ${_ADDON_COUNTER} -eq "1" ]; then
558 | ${MEEDS_APP_DIR}/addon install ${_ADDON_MGR_OPTIONS:-} ${_ADDON_MGR_OPTION_CATALOG:-} ${_addon} --force --batch-mode --no-cache
559 | else
560 | ${MEEDS_APP_DIR}/addon install ${_ADDON_MGR_OPTIONS:-} ${_ADDON_MGR_OPTION_CATALOG:-} ${_addon} --force --batch-mode
561 | fi
562 | if [ $? != 0 ]; then
563 | echo "[ERROR] Problem during add-on [${_addon}] install."
564 | exit 1
565 | fi
566 | fi
567 | done
568 | if [ $? != 0 ]; then
569 | echo "[ERROR] An error during add-on installation phase aborted Meeds startup !"
570 | exit 1
571 | fi
572 | fi
573 | echo "# ------------------------------------ #"
574 | echo "# Meeds add-ons management done."
575 | echo "# ------------------------------------ #"
576 |
577 | # put a file to avoid doing the configuration twice
578 | touch /opt/meeds/_done.addons
579 | fi
580 |
581 | # -----------------------------------------------------------------------------
582 | # Install patches if needed when the container is created for the first time
583 | # -----------------------------------------------------------------------------
584 | if [ -f /opt/meeds/_done.patches ]; then
585 | echo "INFO: patches installation already done! skipping this step."
586 | else
587 | echo "# ------------------------------------ #"
588 | echo "# Meeds patches management start ..."
589 | echo "# ------------------------------------ #"
590 |
591 | # patches installation
592 | if [ -z "${MEEDS_PATCHES_LIST:-}" ]; then
593 | echo "# no patches to install from MEEDS_PATCHES_LIST environment variable."
594 | else
595 | echo "# installing patches from MEEDS_PATCHES_LIST environment variable:"
596 | if [ -z "${_ADDON_MGR_OPTION_PATCHES_CATALOG:-}" ]; then
597 | echo "[ERROR] you must configure a patches catalog url with _ADDON_MGR_OPTION_PATCHES_CATALOG variable for patches installation."
598 | echo "[ERROR] An error during patches installation phase aborted Meeds startup !"
599 | exit 1
600 | fi
601 | echo ${MEEDS_PATCHES_LIST} | tr ',' '\n' | while read _patche ; do
602 | if [ -n "${_patche}" ]; then
603 | # Install patch
604 | ${MEEDS_APP_DIR}/addon install --conflict=overwrite ${_ADDON_MGR_OPTION_PATCHES_CATALOG:-} ${_patche} --force --batch-mode
605 | if [ $? != 0 ]; then
606 | echo "[ERROR] Problem during patch [${_patche}] install."
607 | exit 1
608 | fi
609 | fi
610 | done
611 | if [ $? != 0 ]; then
612 | echo "[ERROR] An error during patches installation phase aborted Meeds startup !"
613 | exit 1
614 | fi
615 | fi
616 | echo "# ------------------------------------ #"
617 | echo "# Meeds patches management done."
618 | echo "# ------------------------------------ #"
619 |
620 | # put a file to avoid doing the configuration twice
621 | touch /opt/meeds/_done.patches
622 | fi
623 |
624 | # -----------------------------------------------------------------------------
625 | # Fix CVE-2021-44228
626 | # -----------------------------------------------------------------------------
627 | CATALINA_OPTS="${CATALINA_OPTS:-} -Dlog4j2.formatMsgNoLookups=true"
628 |
629 | # Enable Debug Mode
630 | if [ "${MEEDS_DEBUG_ENABLED:-false}" = "true" ]; then
631 | CATALINA_OPTS="${CATALINA_OPTS} -agentlib:jdwp=transport=dt_socket,address=*:${MEEDS_DEBUG_PORT:-8000},server=y,suspend=n"
632 | fi
633 |
634 | # -----------------------------------------------------------------------------
635 | # LDAP configuration
636 | # -----------------------------------------------------------------------------
637 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.jndi.ldap.connect.pool.timeout=${MEEDS_LDAP_POOL_TIMEOUT}"
638 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.jndi.ldap.connect.pool.maxsize=${MEEDS_LDAP_POOL_MAX_SIZE}"
639 | if [ ! -z "${MEEDS_LDAP_POOL_DEBUG:-}" ]; then
640 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.jndi.ldap.connect.pool.debug=${MEEDS_LDAP_POOL_DEBUG}"
641 | fi
642 |
643 | # -----------------------------------------------------------------------------
644 | # JMX configuration
645 | # -----------------------------------------------------------------------------
646 | if [ "${MEEDS_JMX_ENABLED}" = "true" ]; then
647 | CATALINA_OPTS="${CATALINA_OPTS:-} -Dcom.sun.management.jmxremote=true"
648 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
649 | CATALINA_OPTS="${CATALINA_OPTS} -Djava.rmi.server.hostname=${MEEDS_JMX_RMI_SERVER_HOSTNAME}"
650 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.port=${MEEDS_JMX_RMI_REGISTRY_PORT}"
651 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.rmi.port=${MEEDS_JMX_RMI_SERVER_PORT}"
652 | if [ "${MEEDS_JMX_USERNAME:-}" = "-" ]; then
653 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
654 | else
655 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.authenticate=true"
656 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.password.file=/opt/meeds/conf/jmxremote.password"
657 | CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.access.file=/opt/meeds/conf/jmxremote.access"
658 | fi
659 | fi
660 |
661 | # -----------------------------------------------------------------------------
662 | # LOG GC configuration
663 | # -----------------------------------------------------------------------------
664 | if [ "${MEEDS_JVM_LOG_GC_ENABLED}" = "true" ]; then
665 | MEEDS_JVM_LOG_GC_OPTS="-Xlog:gc=info:file=${MEEDS_LOG_DIR}/platform-gc.log:time"
666 | echo "Enabling Meeds JVM GC logs with [${MEEDS_JVM_LOG_GC_OPTS}] options ..."
667 | CATALINA_OPTS="${CATALINA_OPTS} ${MEEDS_JVM_LOG_GC_OPTS}"
668 | # log rotation to backup previous log file (we don't use GC Log file rotation options because they are not suitable)
669 | # create the directory for older GC log file
670 | [ ! -d ${MEEDS_LOG_DIR}/platform-gc/ ] && mkdir ${MEEDS_LOG_DIR}/platform-gc/
671 | if [ -f ${MEEDS_LOG_DIR}/platform-gc.log ]; then
672 | MEEDS_JVM_LOG_GC_ARCHIVE="${MEEDS_LOG_DIR}/platform-gc/platform-gc_$(date -u +%F_%H%M%S%z).log"
673 | mv ${MEEDS_LOG_DIR}/platform-gc.log ${MEEDS_JVM_LOG_GC_ARCHIVE}
674 | echo "previous Meeds JVM GC log file archived to ${MEEDS_JVM_LOG_GC_ARCHIVE}."
675 | fi
676 | echo "Meeds JVM GC logs configured and available at ${MEEDS_LOG_DIR}/platform-gc.log"
677 | fi
678 |
679 | # -----------------------------------------------------------------------------
680 | # Create the DATA directories if needed
681 | # -----------------------------------------------------------------------------
682 | if [ ! -d "${MEEDS_DATA_DIR}" ]; then
683 | mkdir -p "${MEEDS_DATA_DIR}"
684 | fi
685 |
686 | if [ ! -d "${MEEDS_FILE_STORAGE_DIR}" ]; then
687 | mkdir -p "${MEEDS_FILE_STORAGE_DIR}"
688 | fi
689 |
690 | # Change the device for antropy generation
691 | CATALINA_OPTS="${CATALINA_OPTS:-} -Djava.security.egd=file:/dev/./urandom"
692 |
693 | # Wait for database availability
694 | case "${MEEDS_DB_TYPE}" in
695 | mysql)
696 | echo "Waiting for database ${MEEDS_DB_TYPE} availability at ${MEEDS_DB_HOST}:${MEEDS_DB_PORT} ..."
697 | wait-for ${MEEDS_DB_HOST}:${MEEDS_DB_PORT} -s -t ${MEEDS_DB_TIMEOUT}
698 | if [ $? != 0 ]; then
699 | echo "[ERROR] The ${MEEDS_DB_TYPE} database ${MEEDS_DB_HOST}:${MEEDS_DB_PORT} was not available within ${MEEDS_DB_TIMEOUT}s ! Meeds startup aborted ..."
700 | exit 1
701 | else
702 | echo "Database ${MEEDS_DB_TYPE} is available, continue starting..."
703 | fi
704 | ;;
705 | pgsql|postgres|postgresql)
706 | echo "Waiting for database ${MEEDS_DB_TYPE} availability at ${MEEDS_DB_HOST}:${MEEDS_DB_PORT} ..."
707 | wait-for ${MEEDS_DB_HOST}:${MEEDS_DB_PORT} -s -t ${MEEDS_DB_TIMEOUT}
708 | if [ $? != 0 ]; then
709 | echo "[ERROR] The ${MEEDS_DB_TYPE} database ${MEEDS_DB_HOST}:${MEEDS_DB_PORT} was not available within ${MEEDS_DB_TIMEOUT}s ! Meeds startup aborted ..."
710 | exit 1
711 | else
712 | echo "Database ${MEEDS_DB_TYPE} is available, continue starting..."
713 | fi
714 | ;;
715 | esac
716 |
717 | # Wait for elasticsearch availability
718 | echo "Waiting for external elastic search availability at ${MEEDS_ES_HOST}:${MEEDS_ES_PORT} ..."
719 | wait-for ${MEEDS_ES_HOST}:${MEEDS_ES_PORT} -s -t ${MEEDS_ES_TIMEOUT}
720 | if [ $? != 0 ]; then
721 | echo "[ERROR] The external elastic search ${MEEDS_ES_HOST}:${MEEDS_ES_PORT} was not available within ${MEEDS_ES_TIMEOUT}s ! Meeds startup aborted ..."
722 | exit 1
723 | fi
724 |
725 | # Wait for Matrix availability
726 | if [ "${MEEDS_WAIT_FOR_MATRIX}" = "true" ]; then
727 | echo "Waiting for Matrix server availability at ${MEEDS_MATRIX_HOST}:${MEEDS_MATRIX_PORT} ..."
728 | wait-for ${MEEDS_MATRIX_HOST}:${MEEDS_MATRIX_PORT} -s -t ${MEEDS_MATRIX_TIMEOUT}
729 | if [ $? != 0 ]; then
730 | echo "[ERROR] The Matrix server at ${MEEDS_MATRIX_HOST}:${MEEDS_MATRIX_PORT} was not available within ${MEEDS_MATRIX_TIMEOUT}s! Meeds startup aborted ..."
731 | exit 1
732 | else
733 | echo "Matrix is available, continue starting..."
734 | fi
735 | else
736 | echo "Skipping Matrix availability check (MEEDS_WAIT_FOR_MATRIX=${MEEDS_WAIT_FOR_MATRIX})"
737 | fi
738 |
739 | set +u # DEACTIVATE unbound variable check
740 |
--------------------------------------------------------------------------------