mirror of
https://github.com/documenso/documenso.git
synced 2026-06-22 04:12:06 +10:00
Lucas Smith
bc184d445f
Uploaded .docx files are converted to PDF on the server using a Gotenberg sidecar before entering the normal envelope pipeline. The feature is opt-in via NEXT_PRIVATE_DOCUMENT_CONVERSION_URL; when unset, only PDF uploads are accepted. A per-process circuit breaker opens for 30s after a conversion failure to shed load. Ships a dev Dockerfile that layers Microsoft Core Fonts and additional language fonts onto the upstream Gotenberg image for better fidelity. Co-authored-by: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com> Co-authored-by: Ephraim Duncan <55143799+ephraimduncan@users.noreply.github.com>
101 lines
2.9 KiB
YAML
101 lines
2.9 KiB
YAML
name: documenso-development
|
|
|
|
services:
|
|
database:
|
|
image: postgres:15
|
|
container_name: database
|
|
volumes:
|
|
- documenso_database:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ['CMD-SHELL', 'pg_isready -U ${POSTGRES_USER}']
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
environment:
|
|
- POSTGRES_USER=documenso
|
|
- POSTGRES_PASSWORD=password
|
|
- POSTGRES_DB=documenso
|
|
ports:
|
|
- 54320:5432
|
|
|
|
inbucket:
|
|
image: inbucket/inbucket
|
|
container_name: mailserver
|
|
ports:
|
|
- 9000:9000
|
|
- 2500:2500
|
|
- 1100:1100
|
|
|
|
redis:
|
|
image: redis:8-alpine
|
|
container_name: redis
|
|
ports:
|
|
- 63790:6379
|
|
volumes:
|
|
- redis:/data
|
|
|
|
minio:
|
|
image: minio/minio
|
|
container_name: minio
|
|
ports:
|
|
- 9002:9002
|
|
- 9001:9001
|
|
volumes:
|
|
- minio:/data
|
|
environment:
|
|
MINIO_ROOT_USER: documenso
|
|
MINIO_ROOT_PASSWORD: password
|
|
entrypoint: sh
|
|
command: -c 'mkdir -p /data/documenso && minio server /data --console-address ":9001" --address ":9002"'
|
|
|
|
gotenberg:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.gotenberg
|
|
image: documenso-dev-gotenberg:latest
|
|
container_name: gotenberg
|
|
restart: unless-stopped
|
|
ports:
|
|
- 3005:3000
|
|
environment:
|
|
# Basic auth credentials Gotenberg checks when `--api-enable-basic-auth`
|
|
# is passed. Dev defaults are non-secret — match
|
|
# `NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME` / `_PASSWORD` in `.env`.
|
|
GOTENBERG_API_BASIC_AUTH_USERNAME: documenso
|
|
GOTENBERG_API_BASIC_AUTH_PASSWORD: password
|
|
command:
|
|
- gotenberg
|
|
# Require basic auth on every API route — prevents anyone with network
|
|
# access to the container from invoking conversions.
|
|
- --api-enable-basic-auth
|
|
# SSRF defence in depth: reject any outbound fetch LibreOffice tries to
|
|
# make to a private/loopback/link-local/cloud-metadata address while
|
|
# processing an uploaded document. Mitigates CVE-2026-42591 (malicious
|
|
# docx files embedding `TargetMode="External"` references to internal
|
|
# services). Added in Gotenberg 8.32.0.
|
|
- --libreoffice-deny-private-ips
|
|
# Generous server-side timeout; the Node client aborts at 30 s by
|
|
# default, so this is just a safety net.
|
|
- --api-timeout=500s
|
|
# Pre-warm LibreOffice at boot so the first request isn't cold.
|
|
- --libreoffice-auto-start
|
|
- --libreoffice-start-timeout=300s
|
|
# Disable surfaces we don't use to shrink the attack surface.
|
|
- --pdfengines-disable-routes
|
|
- --webhook-disable
|
|
# Verbose logs for the dev compose only.
|
|
- --log-level=debug
|
|
healthcheck:
|
|
# `/health` is exempt from `--api-enable-basic-auth` so the check
|
|
# doesn't need to authenticate.
|
|
test: ['CMD', 'curl', '-fsS', 'http://localhost:3000/health']
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 20s
|
|
|
|
volumes:
|
|
minio:
|
|
redis:
|
|
documenso_database:
|