ajout host autorisé / login pwd admin / logging file

README.md

@@ -14,6 +14,12 @@ rm -f repomd.xml.key
 apt update
 ```
 
+Genconfig
+```
+%%loolwsd_permhost
+%%loolwsd_pwd
+```
+
 Reconfigurer
 ```
 reconfigure
@@ -22,4 +28,7 @@ reconfigure
 Attention
 - certificat non autosigné sur collabora ou placer le certificat autosigné sur le serveur nextcloud
 - sur nextcloud s'il y a un proxy mais que collabora est sur le même réseau cela peut poser problème
+- possibilité d'ajouter des noproxy dans la configuration expert nextcloud_noproxy
+- indiquer via genconfig les hosts autorisés à se communiquer avec collabora %%loolwsd_permhost
+- indiquer via genconfig le password admin %%loolwsd_pwd de collabora console accéssible via https://mondomainecollabora/loleaflet/dist/admin/admin.html
 

dicos/20_loolwsd.xml

@@ -8,8 +8,15 @@
         <package>loolwsd</package>
         <package>code-brand</package>
     </files>
-    <!--variables>
+    <variables>
         <family name='Collabora Online' icon='edit'>
+            <variable name='loolwsd_permhost' type='string' description="Hosts autorisés à communiquer avec Collabora" multi="True" mandatory="True" />
+            <variable name='loolwsd_login' type='string' description="Login console admin" mandatory="True" >
+                <value>admin</value>
+            </variable>
+            <variable name='loolwsd_pwd' type='string' description="Password console admin" mandatory="True" />
+
+            <!--
             <variable name='loolwsd_privkey_file' type='filename' description="Emplacement de la clé" hidden="True">
                 <value>/etc/loolwsd/private/loolwsd.key</value>
             </variable>
@@ -19,6 +26,7 @@
             <variable name='loolwsd_ca_file' type='filename' description="Emplacement de la CA" hidden="True">
                 <value>/etc/ssl/certs/ca_local.crt</value>
             </variable>
+            -->
         </family>
-    </variables-->
+    </variables>
 </creole>

tmpl/loolwsd.xml

@@ -54,7 +54,7 @@
              See also: https://docs.libreoffice.org/sal/html/sal_log.html -->
         <lokit_sal_log type="string" desc="Fine tune log messages from LOKit. Default is to suppress log messages from LOKit." default="-INFO-WARN">-INFO-WARN</lokit_sal_log>
         <file enable="false">
-            <property name="path" desc="Log file path.">/var/log/loolwsd.log</property>
+            <property name="path" desc="Log file path.">/var/log/lool/loolwsd.log</property>
             <property name="rotation" desc="Log file rotation strategy. See Poco FileChannel.">never</property>
             <property name="archive" desc="Append either timestamp or number to the archived log filename.">timestamp</property>
             <property name="compress" desc="Enable/disable log file compression.">true</property>
@@ -69,7 +69,7 @@
         </anonymize>
     </logging>
 
-    <loleaflet_logging desc="Logging in the browser console" default="false">false</loleaflet_logging>
+    <loleaflet_logging desc="Logging in the browser console" default="false">true</loleaflet_logging>
 
     <trace desc="Dump commands and notifications for replay. When 'snapshot' is true, the source file is copied to the path first." enable="false">
         <path desc="Output path to hold trace file and docs. Use '%' for timestamp to avoid overwriting. For example: /some/path/to/looltrace-%.gz" compress="true" snapshot="false"></path>
@@ -97,7 +97,7 @@
         <host desc="The IPv4 private 172.17.0.0/16 subnet (Docker).">172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
         <host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.17\.[0-9]{1,3}\.[0-9]{1,3}</host>
       </post_allow>
-      <frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
+      <frame_ancestors desc="Specify who is allowed to embed the LO Online iframe (loolwsd and WOPI host are always allowed). Separate multiple hosts by space.">%%custom_join(%%loolwsd_permhost, ' ')"</frame_ancestors>
     </net>
 
     <ssl desc="SSL settings">
@@ -136,6 +136,9 @@
         <filesystem allow="false" />
         <wopi desc="Allow/deny wopi storage. Mutually exclusive with webdav." allow="true">
             <host desc="Regex pattern of hostname to allow or deny." allow="true">localhost</host>
+            %for %%host in %%loolwsd_permhost
+            <host desc="Regex pattern of hostname to allow or deny." allow="true">%%host</host>
+            %end for
             <host desc="Regex pattern of hostname to allow or deny." allow="true">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
             <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
             <host desc="Regex pattern of hostname to allow or deny." allow="true">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
@@ -148,8 +151,11 @@
                 <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
             </locking>
         </wopi>
-        <webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="false">
+        <webdav desc="Allow/deny webdav storage. Mutually exclusive with wopi." allow="true">
             <host desc="Hostname to allow" allow="false">localhost</host>
+            %for %%host in %%loolwsd_permhost
+            <host desc="Hostname to allow" allow="true">%%host</host>
+            %end for
         </webdav>
         <ssl desc="SSL settings">
 	    <as_scheme type="bool" default="true" desc="When set we exclusively use the WOPI URI's scheme to enable SSL for storage">true</as_scheme>
@@ -166,8 +172,8 @@
     <admin_console desc="Web admin console settings.">
         <enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
         <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
-        <username desc="The username of the admin console. Ignored if PAM is enabled."></username>
-        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password."></password>
+        <username desc="The username of the admin console. Ignored if PAM is enabled.">%%loolwsd_login</username>
+        <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or loolconfig to set up a secure password.">%%loolwsd_pwd</password>
     </admin_console>
 
     <monitors desc="Addresses of servers we connect to on start for monitoring">