diff --git a/server-ce/Dockerfile b/server-ce/Dockerfile index eec0bbf961..fd3fdc582c 100644 --- a/server-ce/Dockerfile +++ b/server-ce/Dockerfile @@ -37,6 +37,9 @@ RUN node genScript compile | bash # -------------------------------------------------- ADD server-ce/runit /etc/service +# Copy runit global settings to its location +# ------------------------------------------ +ADD server-ce/config/env.sh /etc/overleaf/env.sh # Configure nginx # --------------- diff --git a/server-ce/config/env.sh b/server-ce/config/env.sh new file mode 100644 index 0000000000..2dee36a151 --- /dev/null +++ b/server-ce/config/env.sh @@ -0,0 +1,14 @@ +export CHAT_HOST=127.0.0.1 +export CLSI_HOST=127.0.0.1 +export CONTACTS_HOST=127.0.0.1 +export DOCSTORE_HOST=127.0.0.1 +export DOCUMENT_UPDATER_HOST=127.0.0.1 +export DOCUPDATER_HOST=127.0.0.1 +export FILESTORE_HOST=127.0.0.1 +export HISTORY_V1_HOST=127.0.0.1 +export NOTIFICATIONS_HOST=127.0.0.1 +export PROJECT_HISTORY_HOST=127.0.0.1 +export REALTIME_HOST=127.0.0.1 +export SPELLING_HOST=127.0.0.1 +export WEB_HOST=127.0.0.1 +export WEB_API_HOST=127.0.0.1 diff --git a/server-ce/config/settings.js b/server-ce/config/settings.js index 12e6296353..2c13a22f74 100644 --- a/server-ce/config/settings.js +++ b/server-ce/config/settings.js @@ -256,16 +256,16 @@ const settings = { apis: { web: { - url: 'http://localhost:3000', + url: 'http://127.0.0.1:3000', user: httpAuthUser, pass: httpAuthPass, }, project_history: { sendProjectStructureOps: true, - url: 'http://localhost:3054', + url: 'http://127.0.0.1:3054', }, v1_history: { - url: process.env.V1_HISTORY_URL || 'http://localhost:3100/api', + url: process.env.V1_HISTORY_URL || 'http://127.0.0.1:3100/api', user: 'staging', pass: process.env.STAGING_PASSWORD, requestTimeout: parseInt( @@ -409,7 +409,7 @@ if ( if (parse(process.env.OVERLEAF_IS_SERVER_PRO) === true) { settings.bypassPercentageRollouts = true - settings.apis.references = { url: 'http://localhost:3040' } + settings.apis.references = { url: 'http://127.0.0.1:3040' } } // Compiler diff --git a/server-ce/cron/deactivate-projects.sh b/server-ce/cron/deactivate-projects.sh index b5c5083d95..fab0fbfbf6 100755 --- a/server-ce/cron/deactivate-projects.sh +++ b/server-ce/cron/deactivate-projects.sh @@ -14,7 +14,7 @@ if [[ "${ENABLE_CRON_RESOURCE_DELETION:-null}" != "true" ]]; then exit 0 fi -WEB_URL='http://localhost:3000' +WEB_URL='http://127.0.0.1:3000' USER=$(cat /etc/container_environment/WEB_API_USER) PASS=$(cat /etc/container_environment/WEB_API_PASSWORD) diff --git a/server-ce/cron/delete-projects.sh b/server-ce/cron/delete-projects.sh index e4127a87fc..e1ea5ac5e6 100755 --- a/server-ce/cron/delete-projects.sh +++ b/server-ce/cron/delete-projects.sh @@ -14,7 +14,7 @@ if [[ "${ENABLE_CRON_RESOURCE_DELETION:-null}" != "true" ]]; then exit 0 fi -WEB_URL='http://localhost:3000' +WEB_URL='http://127.0.0.1:3000' USER=$(cat /etc/container_environment/WEB_API_USER) PASS=$(cat /etc/container_environment/WEB_API_PASSWORD) diff --git a/server-ce/cron/delete-users.sh b/server-ce/cron/delete-users.sh index ae015e751d..fe97bffeea 100755 --- a/server-ce/cron/delete-users.sh +++ b/server-ce/cron/delete-users.sh @@ -14,7 +14,7 @@ if [[ "${ENABLE_CRON_RESOURCE_DELETION:-null}" != "true" ]]; then exit 0 fi -WEB_URL='http://localhost:3000' +WEB_URL='http://127.0.0.1:3000' USER=$(cat /etc/container_environment/WEB_API_USER) PASS=$(cat /etc/container_environment/WEB_API_PASSWORD) diff --git a/server-ce/cron/project-history-periodic-flush.sh b/server-ce/cron/project-history-periodic-flush.sh index 48d8cff8d7..76feae410e 100755 --- a/server-ce/cron/project-history-periodic-flush.sh +++ b/server-ce/cron/project-history-periodic-flush.sh @@ -7,6 +7,6 @@ echo "Flush project-history queue" echo "--------------------------" date -PROJECT_HISTORY_URL='http://localhost:3054' +PROJECT_HISTORY_URL='http://127.0.0.1:3054' curl -X POST "${PROJECT_HISTORY_URL}/flush/old?timeout=3600000&limit=5000&background=1" diff --git a/server-ce/cron/project-history-retry-hard.sh b/server-ce/cron/project-history-retry-hard.sh index 2abcd4f3d4..651a6615f2 100755 --- a/server-ce/cron/project-history-retry-hard.sh +++ b/server-ce/cron/project-history-retry-hard.sh @@ -7,6 +7,6 @@ echo "Retry project-history errors (hard)" echo "-----------------------------------" date -PROJECT_HISTORY_URL='http://localhost:3054' +PROJECT_HISTORY_URL='http://127.0.0.1:3054' curl -X POST "${PROJECT_HISTORY_URL}/retry/failures?failureType=hard&timeout=3600000&limit=10000" diff --git a/server-ce/cron/project-history-retry-soft.sh b/server-ce/cron/project-history-retry-soft.sh index 32f7bce169..70c597021b 100755 --- a/server-ce/cron/project-history-retry-soft.sh +++ b/server-ce/cron/project-history-retry-soft.sh @@ -6,6 +6,6 @@ echo "-----------------------------------" echo "Retry project-history errors (soft)" echo "-----------------------------------" -PROJECT_HISTORY_URL='http://localhost:3054' +PROJECT_HISTORY_URL='http://127.0.0.1:3054' curl -X POST "${PROJECT_HISTORY_URL}/retry/failures?failureType=soft&timeout=3600000&limit=10000" diff --git a/server-ce/nginx/overleaf.conf b/server-ce/nginx/overleaf.conf index 68b6737cfa..a860087087 100644 --- a/server-ce/nginx/overleaf.conf +++ b/server-ce/nginx/overleaf.conf @@ -10,7 +10,7 @@ server { } location / { - proxy_pass http://localhost:4000; + proxy_pass http://127.0.0.1:4000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -22,7 +22,7 @@ server { } location /socket.io { - proxy_pass http://localhost:3026; + proxy_pass http://127.0.0.1:3026; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -48,22 +48,22 @@ server { # handle output files for specific users location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.([a-z]+)$ { - proxy_pass http://localhost:8080; # clsi-nginx.conf + proxy_pass http://127.0.0.1:8080; # clsi-nginx.conf proxy_http_version 1.1; } # handle output files for anonymous users location ~ ^/project/([0-9a-f]+)/build/([0-9a-f-]+)/output/output\.([a-z]+)$ { - proxy_pass http://localhost:8080; # clsi-nginx.conf + proxy_pass http://127.0.0.1:8080; # clsi-nginx.conf proxy_http_version 1.1; } # PDF range for specific users location ~ ^/project/([0-9a-f]+)/user/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ { - proxy_pass http://localhost:8080; # clsi-nginx.conf + proxy_pass http://127.0.0.1:8080; # clsi-nginx.conf proxy_http_version 1.1; } # PDF range for anonymous users location ~ ^/project/([0-9a-f]+)/content/([0-9a-f-]+/[0-9a-f]+)$ { - proxy_pass http://localhost:8080; # clsi-nginx.conf + proxy_pass http://127.0.0.1:8080; # clsi-nginx.conf proxy_http_version 1.1; } diff --git a/server-ce/runit/chat-overleaf/run b/server-ce/runit/chat-overleaf/run index 6dcc090203..ea9175340e 100755 --- a/server-ce/runit/chat-overleaf/run +++ b/server-ce/runit/chat-overleaf/run @@ -6,4 +6,7 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:30100" fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node $NODE_PARAMS /overleaf/services/chat/app.js >> /var/log/overleaf/chat.log 2>&1 diff --git a/server-ce/runit/clsi-overleaf/run b/server-ce/runit/clsi-overleaf/run index c9f9ca5934..cb365ec75b 100755 --- a/server-ce/runit/clsi-overleaf/run +++ b/server-ce/runit/clsi-overleaf/run @@ -15,4 +15,7 @@ if [ -e '/var/run/docker.sock' ]; then usermod -aG dockeronhost www-data fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node $NODE_PARAMS /overleaf/services/clsi/app.js >> /var/log/overleaf/clsi.log 2>&1 diff --git a/server-ce/runit/contacts-overleaf/run b/server-ce/runit/contacts-overleaf/run index 533395e057..8844f66bf4 100755 --- a/server-ce/runit/contacts-overleaf/run +++ b/server-ce/runit/contacts-overleaf/run @@ -6,4 +6,7 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:30360" fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node $NODE_PARAMS /overleaf/services/contacts/app.js >> /var/log/overleaf/contacts.log 2>&1 diff --git a/server-ce/runit/docstore-overleaf/run b/server-ce/runit/docstore-overleaf/run index fb385e511a..b8166d15ac 100755 --- a/server-ce/runit/docstore-overleaf/run +++ b/server-ce/runit/docstore-overleaf/run @@ -6,4 +6,7 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:30160" fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node $NODE_PARAMS /overleaf/services/docstore/app.js >> /var/log/overleaf/docstore.log 2>&1 diff --git a/server-ce/runit/document-updater-overleaf/run b/server-ce/runit/document-updater-overleaf/run index 5f1f23215b..0cd485bc23 100755 --- a/server-ce/runit/document-updater-overleaf/run +++ b/server-ce/runit/document-updater-overleaf/run @@ -6,4 +6,7 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:30030" fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node $NODE_PARAMS /overleaf/services/document-updater/app.js >> /var/log/overleaf/document-updater.log 2>&1 diff --git a/server-ce/runit/filestore-overleaf/run b/server-ce/runit/filestore-overleaf/run index 17845ebd22..66329e9b4a 100755 --- a/server-ce/runit/filestore-overleaf/run +++ b/server-ce/runit/filestore-overleaf/run @@ -1,2 +1,6 @@ #!/bin/bash + +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node /overleaf/services/filestore/app.js >> /var/log/overleaf/filestore.log 2>&1 diff --git a/server-ce/runit/notifications-overleaf/run b/server-ce/runit/notifications-overleaf/run index 4cfde03997..1d0f2c8e00 100755 --- a/server-ce/runit/notifications-overleaf/run +++ b/server-ce/runit/notifications-overleaf/run @@ -6,4 +6,7 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:30420" fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node $NODE_PARAMS /overleaf/services/notifications/app.js >> /var/log/overleaf/notifications.log 2>&1 diff --git a/server-ce/runit/project-history-overleaf/run b/server-ce/runit/project-history-overleaf/run index 7b9ce623dc..fe1a6bd06f 100755 --- a/server-ce/runit/project-history-overleaf/run +++ b/server-ce/runit/project-history-overleaf/run @@ -6,4 +6,7 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:30540" fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node $NODE_PARAMS /overleaf/services/project-history/app.js >> /var/log/overleaf/project-history.log 2>&1 diff --git a/server-ce/runit/real-time-overleaf/run b/server-ce/runit/real-time-overleaf/run index 39672368d9..8081dd7cb3 100755 --- a/server-ce/runit/real-time-overleaf/run +++ b/server-ce/runit/real-time-overleaf/run @@ -1,2 +1,6 @@ #!/bin/bash + +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node /overleaf/services/real-time/app.js >> /var/log/overleaf/real-time.log 2>&1 diff --git a/server-ce/runit/spelling-overleaf/run b/server-ce/runit/spelling-overleaf/run index 99c9e7a9da..65ef61cd64 100755 --- a/server-ce/runit/spelling-overleaf/run +++ b/server-ce/runit/spelling-overleaf/run @@ -6,4 +6,7 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:30050" fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 + exec /sbin/setuser www-data /usr/bin/node $NODE_PARAMS /overleaf/services/spelling/app.js >> /var/log/overleaf/spelling.log 2>&1 diff --git a/server-ce/runit/web-api-overleaf/run b/server-ce/runit/web-api-overleaf/run index d53b958286..a2f1d0834d 100755 --- a/server-ce/runit/web-api-overleaf/run +++ b/server-ce/runit/web-api-overleaf/run @@ -6,6 +6,7 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:30000" fi +source /etc/overleaf/env.sh export LISTEN_ADDRESS=0.0.0.0 export ENABLED_SERVICES="api" export METRICS_APP_NAME="web-api" diff --git a/server-ce/runit/web-overleaf/run b/server-ce/runit/web-overleaf/run index c3d3ee7603..723e04d1ee 100755 --- a/server-ce/runit/web-overleaf/run +++ b/server-ce/runit/web-overleaf/run @@ -6,6 +6,8 @@ if [ "$DEBUG_NODE" == "true" ]; then NODE_PARAMS="--inspect=0.0.0.0:40000" fi +source /etc/overleaf/env.sh +export LISTEN_ADDRESS=127.0.0.1 export ENABLED_SERVICES="web" export WEB_PORT="4000"