Merge branch 'development'

Author: maxim-voronko

Dockerfile

@@ -4,7 +4,7 @@ USER root
 
 RUN apt-get update && \
     apt-get upgrade -y perl && \
-    apt-get install -y --no-install-recommends nginx default-jre && \
+    apt-get install -y --no-install-recommends nginx default-jre openssl && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* && \
     rm -rf /etc/nginx/sites-enabled/default /var/www/html/* && \
@@ -165,8 +165,8 @@ COPY --from=wpr_installer --chown=${WPR_FILE_OWNER} $WPR_DICTIONARIES_DIR $WPR_D
 COPY --from=wpr_installer --chown=${WPR_FILE_OWNER} /etc/nginx/conf.d/wscservice.conf /etc/nginx/conf.d/wscservice.conf
 COPY --from=wpr_installer --chown=${WPR_FILE_OWNER} /etc/nginx/nginx.conf /etc/nginx/nginx.conf
 
-COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/certificate/$WPR_CERT_KEY_NAME $WPR_CERT_DIR/$WPR_CERT_KEY_NAME
-COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/certificate/$WPR_CERT_FILE_NAME $WPR_CERT_DIR/$WPR_CERT_FILE_NAME
+RUN mkdir -p $WPR_CERT_DIR && chown ${WPR_FILE_OWNER} $WPR_CERT_DIR
+COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/certificate/ $WPR_CERT_DIR/
 COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/configure* $WPR_APP_SERVER_DIR/
 COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/startService.sh $WPR_APP_SERVER_DIR
 

Dockerfile.redhat

@@ -6,7 +6,8 @@ RUN yum update -y --skip-broken && \
     yum module enable nginx:1.24 -y && \
     yum install -y nginx \
         java-17-openjdk-devel \
-        perl && \
+        perl \
+        openssl && \
     yum remove -y webkit2gtk3-jsc \
         python-setuptools \
         python-urllib3 \
@@ -170,8 +171,8 @@ COPY --from=wpr_installer --chown=${WPR_FILE_OWNER} $WPR_DICTIONARIES_DIR $WPR_D
 COPY --from=wpr_installer --chown=${WPR_FILE_OWNER} /etc/nginx/conf.d/wscservice.conf /etc/nginx/conf.d/wscservice.conf
 COPY --from=wpr_installer --chown=${WPR_FILE_OWNER} /etc/nginx/nginx.conf /etc/nginx/nginx.conf
 
-COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/certificate/$WPR_CERT_KEY_NAME $WPR_CERT_DIR/$WPR_CERT_KEY_NAME
-COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/certificate/$WPR_CERT_FILE_NAME $WPR_CERT_DIR/$WPR_CERT_FILE_NAME
+RUN mkdir -p $WPR_CERT_DIR && chown ${WPR_FILE_OWNER} $WPR_CERT_DIR
+COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/certificate/ $WPR_CERT_DIR/
 COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/configure* $WPR_APP_SERVER_DIR/
 COPY --chown=${WPR_FILE_OWNER} $WPR_FILES_DIR/startService.sh $WPR_APP_SERVER_DIR
 

Dockerfile.ubuntu-prebuilt

@@ -61,7 +61,7 @@ USER root
 
 RUN apt-get update && \
     apt-get upgrade -y perl && \
-    apt-get install -y --no-install-recommends nginx default-jre && \
+    apt-get install -y --no-install-recommends nginx default-jre openssl && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* && \
     rm -rf /etc/nginx/sites-enabled/default /var/www/html/* && \
@@ -164,7 +164,7 @@ COPY --from=wpr_install_languages --chown=${WPR_USER_ID}:${WPR_GROUP_ID} /var/li
 COPY --from=wpr_install_languages --chown=${WPR_USER_ID}:${WPR_GROUP_ID} /etc/nginx/conf.d/wscservice.conf /etc/nginx/conf.d/wscservice.conf
 COPY --from=wpr_install_languages --chown=${WPR_USER_ID}:${WPR_GROUP_ID} /etc/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY --from=wpr_install_languages --chown=${WPR_USER_ID}:${WPR_GROUP_ID} /dictionaries ${WPR_DICTIONARIES_DIR}
-COPY --from=wpr_install_languages --chown=${WPR_USER_ID}:${WPR_GROUP_ID} /certificate ${WPR_CERT_DIR}
+RUN mkdir -p $WPR_CERT_DIR && chown ${WPR_USER_ID}:${WPR_GROUP_ID} $WPR_CERT_DIR
 
 RUN mkdir -p /var/run/nginx && \
     chown -R ${WPR_USER_ID}:${WPR_GROUP_ID} /etc/nginx \

README.md

@@ -29,8 +29,6 @@ ARG WPR_WEB_PORT
 ARG WPR_DOMAIN_NAME=localhost
 ARG WPR_VIRTUAL_DIR=wscservice
 ARG WPR_LICENSE_TICKET_ID
-ARG WPR_PRODUCTS=4
-ARG WPR_INSTALL_SAMPLES=1
 ```
 * Choose languages to be installed:
 ```
@@ -69,7 +67,7 @@ ARG WPR_PROXY_PASSWORD=password
 
 For details on the available options, refer to [Automated Installing WebSpellChecker on Linux](https://docs.webspellchecker.net/display/WebSpellCheckerServer55x/Automated+Installing+WebSpellChecker+on+Linux) guide.
 
-4. If you need to use SSL (access the service via HTTPS), put your SSL certificate and key files to the `wproofreader-docker/files/certificate` directory. You need to rename your certificate files to `cert.pem` and `key.pem` accordingly.
+4. SSL certificates (optional). If you need to use SSL (access the service via HTTPS) with your own certificates, put your SSL certificate and key files in the `wproofreader-docker/files/certificate` directory. By default, the expected filenames are `cert.pem` and `key.pem`, but you can customize them with the `WPR_CERT_FILE_NAME` and `WPR_CERT_KEY_NAME` build arguments. The files will be baked into the image at build time. Alternatively, you can mount certificates at runtime (see [Create and run Docker container](#create-and-run-docker-container)). If HTTPS is enabled and no certificates are provided, self-signed certificates will be generated automatically at container startup.
 
 5. Build a Docker image using the command below:
 
@@ -146,8 +144,10 @@ where:
 
 * `-d` start a container in detached mode.
 * `-p 80:8080` map the host port `80:` and the exposed port of container `8080`, where port `8080` is a web server port (by default, NGINX). With the SSL connection, you must use port `443` like `-p 443:8443`. 
-* `-v <shared_dictionaries_directory>:/dictionaries` mount a shared directory where user and company custom dictionaries will be created and stored. Upon initial launch, the mounted directory may be empty. All essential subdirectories and files will be generated during initialization of the container. This is required to save the dictionaries among different containers. **Note!** The container user needs to have read and write permissions to the shared dictionary directory.
-* `-v <certificate_directory_path>:/certificate` mount a shared directory where your SSL certificates are located. Use this option if you plan to work under SSL and you want to use a specific certificate for this container. The names of the files must be `cert.pem` and `key.pem`. If not specified, the default test SSL certificate (e.g. `ssl-cert-snakeoil`) shipped with Ubuntu will be used.  **Note!** The container user must have read permissions for the certificate files.
+* `-v <shared_dictionaries_directory>:/dictionaries` mount a shared directory where user and company custom dictionaries will be created and stored. Upon initial launch, the mounted directory may be empty. All essential subdirectories and files will be generated during initialization of the container. This is required to save the dictionaries among different containers. 
+Note: The container user needs to have read and write permissions to the shared dictionary directory.
+* `-v <certificate_directory_path>:/certificate` mount a shared directory where your SSL certificates are located. Use this option if you plan to work under SSL and you want to use a specific certificate for this container. By default, the expected filenames are `cert.pem` and `key.pem` (configurable via `WPR_CERT_FILE_NAME` and `WPR_CERT_KEY_NAME`). If no certificates are provided (neither baked in at build time nor mounted at runtime), self-signed certificates will be generated automatically when the container starts with HTTPS enabled.  
+Note: The container user must have read permissions for the certificate files.
 * `local/wsc_app:x.x.x` the tag of WebSpellChecker Server Docker image.
 
 Alternatively, these parameters can be changed on the container running by passing them as environment variables:
@@ -292,7 +292,7 @@ Notes:
       - WPR_DOMAIN_NAME=localhost
       - WPR_VIRTUAL_DIR=wscservice
 ```
-3. For HTTPS communication you have to provide your certificate file and key, as a pair of files named `cert.pem` and `key.pem`, respectively. If, for instance, they are kept in a folder `/home/user/certificate`, one should add the following section to `docker-compose.yml`:
+3. For HTTPS communication you can provide your certificate file and key, as a pair of files named `cert.pem` and `key.pem` by default (configurable via `WPR_CERT_FILE_NAME` and `WPR_CERT_KEY_NAME`). If no certificates are mounted, self-signed certificates will be generated automatically at startup. To use your own certificates — for instance, if they are kept in a folder `/home/user/certificate` — add the following section to `docker-compose.yml`:
  ```yaml
     volumes:
       - /home/user/certificate:/certificate

files/certificate/.gitkeep

@@ -25,6 +25,19 @@ if ! [ -f "${LicenseFile}" ]; then
    ./AppServerX -activateLicense ${WPR_LICENSE_TICKET_ID} -y
 fi
 
+# Generate self-signed certificates if HTTPS is enabled and no certs are provided
+if [ "$WPR_PROTOCOL" = "1" ]; then
+    if [ ! -f "${WPR_CERT_DIR}/${WPR_CERT_FILE_NAME}" ] || [ ! -f "${WPR_CERT_DIR}/${WPR_CERT_KEY_NAME}" ]; then
+        echo "$(date '+%m/%d/%y:%H:%M:%S.%3N')   No SSL certificates found. Generating self-signed certificate for CN=${WPR_DOMAIN_NAME:-localhost}..."
+        openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+            -keyout "${WPR_CERT_DIR}/${WPR_CERT_KEY_NAME}" \
+            -out "${WPR_CERT_DIR}/${WPR_CERT_FILE_NAME}" \
+            -subj "/CN=${WPR_DOMAIN_NAME:-localhost}" 2>/dev/null
+        echo "$(date '+%m/%d/%y:%H:%M:%S.%3N')   Self-signed certificate created: ${WPR_CERT_DIR}/${WPR_CERT_FILE_NAME}, ${WPR_CERT_DIR}/${WPR_CERT_KEY_NAME}"
+        echo "$(date '+%m/%d/%y:%H:%M:%S.%3N')   For production, mount real certificates to ${WPR_CERT_DIR}/"
+    fi
+fi
+
 #start NGINX for Ubuntu or Centos
 nginx