ajout host autorisé / login pwd admin / logging file

This commit is contained in:
afornerot 2020-08-21 14:05:48 +02:00
parent 5162d6173a
commit 646c9b97c4
3 changed files with 31 additions and 8 deletions

View File

@ -14,6 +14,12 @@ rm -f repomd.xml.key
apt update apt update
``` ```
Genconfig
```
%%loolwsd_permhost
%%loolwsd_pwd
```
Reconfigurer Reconfigurer
``` ```
reconfigure reconfigure
@ -22,4 +28,7 @@ reconfigure
Attention Attention
- certificat non autosigné sur collabora ou placer le certificat autosigné sur le serveur nextcloud - certificat non autosigné sur collabora ou placer le certificat autosigné sur le serveur nextcloud
- sur nextcloud s'il y a un proxy mais que collabora est sur le même réseau cela peut poser problème - sur nextcloud s'il y a un proxy mais que collabora est sur le même réseau cela peut poser problème
- possibilité d'ajouter des noproxy dans la configuration expert nextcloud_noproxy
- indiquer via genconfig les hosts autorisés à se communiquer avec collabora %%loolwsd_permhost
- indiquer via genconfig le password admin %%loolwsd_pwd de collabora console accéssible via https://mondomainecollabora/loleaflet/dist/admin/admin.html

View File

@ -8,8 +8,15 @@
<package>loolwsd</package> <package>loolwsd</package>
<package>code-brand</package> <package>code-brand</package>
</files> </files>
<!--variables> <variables>
<family name='Collabora Online' icon='edit'> <family name='Collabora Online' icon='edit'>
<variable name='loolwsd_permhost' type='string' description="Hosts autorisés à communiquer avec Collabora" multi="True" mandatory="True" />
<variable name='loolwsd_login' type='string' description="Login console admin" mandatory="True" >
<value>admin</value>
</variable>
<variable name='loolwsd_pwd' type='string' description="Password console admin" mandatory="True" />
<!--
<variable name='loolwsd_privkey_file' type='filename' description="Emplacement de la clé" hidden="True"> <variable name='loolwsd_privkey_file' type='filename' description="Emplacement de la clé" hidden="True">
<value>/etc/loolwsd/private/loolwsd.key</value> <value>/etc/loolwsd/private/loolwsd.key</value>
</variable> </variable>
@ -19,6 +26,7 @@
<variable name='loolwsd_ca_file' type='filename' description="Emplacement de la CA" hidden="True"> <variable name='loolwsd_ca_file' type='filename' description="Emplacement de la CA" hidden="True">
<value>/etc/ssl/certs/ca_local.crt</value> <value>/etc/ssl/certs/ca_local.crt</value>
</variable> </variable>
-->
</family> </family>
</variables--> </variables>
</creole> </creole>

View File

@ -54,7 +54,7 @@
See also: https://docs.libreoffice.org/sal/html/sal_log.html --> See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
<lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log> <lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log>
<file enable="false"> <file enable="false">
<property name="path" desc="Log file path.">/var/log/loolwsd.log</property> <property name="path" desc="Log file path.">/var/log/lool/loolwsd.log</property>
<property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property> <property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
<property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property> <property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
<property name="compress" desc="Enable/disable log file compression.">true</property> <property name="compress" desc="Enable/disable log file compression.">true</property>
@ -69,7 +69,7 @@
</anonymize> </anonymize>
</logging> </logging>
<loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging> <loleaflet_logging desc="Logging in the browser console" default="false">true</loleaflet_logging>
<trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false"> <trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
<path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path> <path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
@ -97,7 +97,7 @@
<host desc="The IPv4 private 172.17.0.0/16 subnet (Docker).">172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="The IPv4 private 172.17.0.0/16 subnet (Docker).">172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
</post_allow> </post_allow>
<frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors> <frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space.">%%custom_join(%%loolwsd_permhost, ' ')"</frame_ancestors>
</net> </net>
<ssl desc="SSL settings"> <ssl desc="SSL settings">
@ -136,6 +136,9 @@
<filesystem allow="false" /> <filesystem allow="false" />
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true"> <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
<host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
%for %%host in %%loolwsd_permhost
<host desc="Regex pattern of hostname to allow or deny." allow="true">%%host</host>
%end for
<host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
@ -148,8 +151,11 @@
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh> <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
</locking> </locking>
</wopi> </wopi>
<webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false"> <webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="true">
<host desc="Hostname to allow" allow="false">localhost</host> <host desc="Hostname to allow" allow="false">localhost</host>
%for %%host in %%loolwsd_permhost
<host desc="Hostname to allow" allow="true">%%host</host>
%end for
</webdav> </webdav>
<ssl desc="SSL settings"> <ssl desc="SSL settings">
<as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme> <as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
@ -166,8 +172,8 @@
<admin_console desc="Web admin console settings."> <admin_console desc="Web admin console settings.">
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable> <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam> <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the admin console. Ignored if PAM is enabled."></username> <username desc="The username of the admin console. Ignored if PAM is enabled.">%%loolwsd_login</username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password."></password> <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">%%loolwsd_pwd</password>
</admin_console> </admin_console>
<monitors desc="Addresses of servers we connect to on start for monitoring"> <monitors desc="Addresses of servers we connect to on start for monitoring">