ajout host autorisé / login pwd admin / logging file
This commit is contained in:
parent
5162d6173a
commit
646c9b97c4
|
@ -14,6 +14,12 @@ rm -f repomd.xml.key
|
|||
apt update
|
||||
```
|
||||
|
||||
Genconfig
|
||||
```
|
||||
%%loolwsd_permhost
|
||||
%%loolwsd_pwd
|
||||
```
|
||||
|
||||
Reconfigurer
|
||||
```
|
||||
reconfigure
|
||||
|
@ -22,4 +28,7 @@ reconfigure
|
|||
Attention
|
||||
- certificat non autosigné sur collabora ou placer le certificat autosigné sur le serveur nextcloud
|
||||
- sur nextcloud s'il y a un proxy mais que collabora est sur le même réseau cela peut poser problème
|
||||
- possibilité d'ajouter des noproxy dans la configuration expert nextcloud_noproxy
|
||||
- indiquer via genconfig les hosts autorisés à se communiquer avec collabora %%loolwsd_permhost
|
||||
- indiquer via genconfig le password admin %%loolwsd_pwd de collabora console accéssible via https://mondomainecollabora/loleaflet/dist/admin/admin.html
|
||||
|
||||
|
|
|
@ -8,8 +8,15 @@
|
|||
<package>loolwsd</package>
|
||||
<package>code-brand</package>
|
||||
</files>
|
||||
<!--variables>
|
||||
<variables>
|
||||
<family name='Collabora Online' icon='edit'>
|
||||
<variable name='loolwsd_permhost' type='string' description="Hosts autorisés à communiquer avec Collabora" multi="True" mandatory="True" />
|
||||
<variable name='loolwsd_login' type='string' description="Login console admin" mandatory="True" >
|
||||
<value>admin</value>
|
||||
</variable>
|
||||
<variable name='loolwsd_pwd' type='string' description="Password console admin" mandatory="True" />
|
||||
|
||||
<!--
|
||||
<variable name='loolwsd_privkey_file' type='filename' description="Emplacement de la clé" hidden="True">
|
||||
<value>/etc/loolwsd/private/loolwsd.key</value>
|
||||
</variable>
|
||||
|
@ -19,6 +26,7 @@
|
|||
<variable name='loolwsd_ca_file' type='filename' description="Emplacement de la CA" hidden="True">
|
||||
<value>/etc/ssl/certs/ca_local.crt</value>
|
||||
</variable>
|
||||
-->
|
||||
</family>
|
||||
</variables-->
|
||||
</variables>
|
||||
</creole>
|
||||
|
|
|
@ -54,7 +54,7 @@
|
|||
See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
|
||||
<lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log>
|
||||
<file enable="false">
|
||||
<property name="path" desc="Log file path.">/var/log/loolwsd.log</property>
|
||||
<property name="path" desc="Log file path.">/var/log/lool/loolwsd.log</property>
|
||||
<property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
|
||||
<property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
|
||||
<property name="compress" desc="Enable/disable log file compression.">true</property>
|
||||
|
@ -69,7 +69,7 @@
|
|||
</anonymize>
|
||||
</logging>
|
||||
|
||||
<loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging>
|
||||
<loleaflet_logging desc="Logging in the browser console" default="false">true</loleaflet_logging>
|
||||
|
||||
<trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
|
||||
<path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
|
||||
|
@ -97,7 +97,7 @@
|
|||
<host desc="The IPv4 private 172.17.0.0/16 subnet (Docker).">172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
|
||||
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
|
||||
</post_allow>
|
||||
<frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
|
||||
<frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space.">%%custom_join(%%loolwsd_permhost, ' ')"</frame_ancestors>
|
||||
</net>
|
||||
|
||||
<ssl desc="SSL settings">
|
||||
|
@ -136,6 +136,9 @@
|
|||
<filesystem allow="false" />
|
||||
<wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
|
||||
<host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
|
||||
%for %%host in %%loolwsd_permhost
|
||||
<host desc="Regex pattern of hostname to allow or deny." allow="true">%%host</host>
|
||||
%end for
|
||||
<host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
|
||||
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
|
||||
<host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
|
||||
|
@ -148,8 +151,11 @@
|
|||
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
|
||||
</locking>
|
||||
</wopi>
|
||||
<webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
|
||||
<webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="true">
|
||||
<host desc="Hostname to allow" allow="false">localhost</host>
|
||||
%for %%host in %%loolwsd_permhost
|
||||
<host desc="Hostname to allow" allow="true">%%host</host>
|
||||
%end for
|
||||
</webdav>
|
||||
<ssl desc="SSL settings">
|
||||
<as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
|
||||
|
@ -166,8 +172,8 @@
|
|||
<admin_console desc="Web admin console settings.">
|
||||
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
|
||||
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
|
||||
<username desc="The username of the admin console. Ignored if PAM is enabled."></username>
|
||||
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password."></password>
|
||||
<username desc="The username of the admin console. Ignored if PAM is enabled.">%%loolwsd_login</username>
|
||||
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">%%loolwsd_pwd</password>
|
||||
</admin_console>
|
||||
|
||||
<monitors desc="Addresses of servers we connect to on start for monitoring">
|
||||
|
|
Loading…
Reference in New Issue