Update install/bentopdf-install.sh

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
2026-04-10 12:32:16 +00:00 · 2026-04-10 13:34:19 +02:00 · 2026-04-10 13:34:09 +02:00 · 2026-04-10 08:25:05 +02:00 · 2026-04-10 08:22:31 +02:00 · 2026-04-10 08:20:19 +02:00
2 changed files with 162 additions and 12 deletions
--- a/ct/bentopdf.sh
+++ b/ct/bentopdf.sh
@@ -42,7 +42,6 @@ function update_script() {
    msg_info "Updating BentoPDF"
    cd /opt/bentopdf
    $STD npm ci --no-audit --no-fund
-    $STD npm install http-server -g
    if [[ -f /opt/production.env ]]; then
      mv /opt/production.env ./.env.production
    else
@@ -52,15 +51,97 @@ function update_script() {
    export SIMPLE_MODE=true
    export VITE_USE_CDN=true
    $STD npm run build:all
+    if [[ ! -f /opt/bentopdf/dist/config.json ]]; then
+      cat <<'EOF' >/opt/bentopdf/dist/config.json
+{}
+EOF
+    fi
    msg_ok "Updated BentoPDF"

    msg_info "Starting Service"
-    if grep -q '8080' /etc/systemd/system/bentopdf.service; then
-      sed -i -e 's|/bentopdf|/bentopdf/dist|' \
-        -e 's|npx.*|npx http-server -g -b -d false -r --no-dotfiles|' \
-        /etc/systemd/system/bentopdf.service
-      systemctl daemon-reload
+    ensure_dependencies nginx openssl
+    if [[ ! -f /etc/ssl/private/bentopdf-selfsigned.key || ! -f /etc/ssl/certs/bentopdf-selfsigned.crt ]]; then
+      CERT_CN="$(hostname -I | awk '{print $1}')"
+      $STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
+      -keyout /etc/ssl/private/bentopdf-selfsigned.key \
+      -out /etc/ssl/certs/bentopdf-selfsigned.crt \
+      -subj "/CN=${CERT_CN}"
    fi
+    cat <<'EOF' >/etc/nginx/sites-available/bentopdf
+server {
+    listen 8080;
+    server_name _;
+    return 301 https://$host:8443$request_uri;
+  }
+
+  server {
+    listen 8443 ssl;
+    server_name _;
+    ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key;
+    root /opt/bentopdf/dist;
+    index index.html;
+
+    # Required for LibreOffice WASM (Word/Excel/PowerPoint to PDF via SharedArrayBuffer)
+    add_header Cross-Origin-Opener-Policy "same-origin" always;
+    add_header Cross-Origin-Embedder-Policy "require-corp" always;
+    add_header Cross-Origin-Resource-Policy "cross-origin" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+
+    gzip_static on;
+
+    location ~* /libreoffice-wasm/soffice\.wasm\.gz$ {
+      gzip off;
+      types {} default_type application/wasm;
+      add_header Content-Encoding gzip;
+      add_header Vary "Accept-Encoding";
+      add_header Cache-Control "public, immutable";
+    }
+
+    location ~* /libreoffice-wasm/soffice\.data\.gz$ {
+      gzip off;
+      types {} default_type application/octet-stream;
+      add_header Content-Encoding gzip;
+      add_header Vary "Accept-Encoding";
+      add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.wasm$ {
+      types {} default_type application/wasm;
+      expires 1y;
+      add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.(wasm\.gz|data\.gz|data)$ {
+      expires 1y;
+      add_header Cache-Control "public, immutable";
+    }
+
+    location / {
+        try_files $uri $uri/ $uri.html =404;
+    }
+
+    error_page 404 /404.html;
+}
+EOF
+    rm -f /etc/nginx/sites-enabled/default
+    ln -sf /etc/nginx/sites-available/bentopdf /etc/nginx/sites-enabled/bentopdf
+    cat <<'EOF' >/etc/systemd/system/bentopdf.service
+[Unit]
+Description=BentoPDF Service
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/nginx -g "daemon off;"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+    systemctl daemon-reload
    systemctl start bentopdf
    msg_ok "Started Service"
    msg_ok "Updated successfully!"
@@ -75,4 +156,4 @@ description
 msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:8443${CL}"
--- a/install/bentopdf-install.sh
+++ b/install/bentopdf-install.sh
@@ -13,32 +13,101 @@ setting_up_container
 network_check
 update_os

+ensure_dependencies nginx openssl
+
 NODE_VERSION="24" setup_nodejs
 fetch_and_deploy_gh_release "bentopdf" "alam00000/bentopdf" "tarball" "latest" "/opt/bentopdf"

 msg_info "Setup BentoPDF"
 cd /opt/bentopdf
 $STD npm ci --no-audit --no-fund
-$STD npm install http-server -g
 cp ./.env.example ./.env.production
 export NODE_OPTIONS="--max-old-space-size=3072"
 export SIMPLE_MODE=true
 export VITE_USE_CDN=true
 $STD npm run build:all
+cat <<'EOF' >/opt/bentopdf/dist/config.json
+{}
+EOF
 msg_ok "Setup BentoPDF"

 msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/bentopdf.service
+CERT_CN="$(hostname -I | awk '{print $1}')"
+$STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
+    -keyout /etc/ssl/private/bentopdf-selfsigned.key \
+    -out /etc/ssl/certs/bentopdf-selfsigned.crt \
+    -subj "/CN=${CERT_CN}"
+
+cat <<'EOF' >/etc/nginx/sites-available/bentopdf
+server {
+    listen 8080;
+    server_name _;
+    return 301 https://$host:8443$request_uri;
+}
+
+server {
+    listen 8443 ssl;
+    server_name _;
+    ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key;
+    root /opt/bentopdf/dist;
+    index index.html;
+
+    # Required for LibreOffice WASM (Word/Excel/PowerPoint to PDF via SharedArrayBuffer)
+    add_header Cross-Origin-Opener-Policy "same-origin" always;
+    add_header Cross-Origin-Embedder-Policy "require-corp" always;
+    add_header Cross-Origin-Resource-Policy "cross-origin" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+
+    gzip_static on;
+
+    location ~* /libreoffice-wasm/soffice\.wasm\.gz$ {
+        gzip off;
+        types {} default_type application/wasm;
+        add_header Content-Encoding gzip;
+        add_header Vary "Accept-Encoding";
+        add_header Cache-Control "public, immutable";
+    }
+
+    location ~* /libreoffice-wasm/soffice\.data\.gz$ {
+        gzip off;
+        types {} default_type application/octet-stream;
+        add_header Content-Encoding gzip;
+        add_header Vary "Accept-Encoding";
+        add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.wasm$ {
+        types {} default_type application/wasm;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.(wasm\.gz|data\.gz|data)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location / {
+        try_files $uri $uri/ $uri.html =404;
+    }
+
+    error_page 404 /404.html;
+}
+EOF
+rm -f /etc/nginx/sites-enabled/default
+ln -sf /etc/nginx/sites-available/bentopdf /etc/nginx/sites-enabled/bentopdf
+cat <<'EOF' >/etc/systemd/system/bentopdf.service
 [Unit]
 Description=BentoPDF Service
 After=network.target

 [Service]
 Type=simple
-WorkingDirectory=/opt/bentopdf/dist
-ExecStart=/usr/bin/npx http-server -g -b -d false -r --no-dotfiles
+ExecStart=/usr/sbin/nginx -g "daemon off;"
+ExecReload=/bin/kill -HUP $MAINPID
 Restart=always
-RestartSec=10

 [Install]
 WantedBy=multi-user.target
Author	SHA1	Message	Date
CanbiZ (MickLesk)	086e282a33	Update install/bentopdf-install.sh Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>	2026-04-10 13:34:19 +02:00
CanbiZ (MickLesk)	88d0d8b4a9	Update install/bentopdf-install.sh Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>	2026-04-10 13:34:09 +02:00
CanbiZ (MickLesk)	0205717cb9	fix(bentopdf): create default config.json to avoid runtime 404 BentoPDF fetches /config.json at runtime. In our build/deploy flow this file may be missing, causing noisy 404 errors in the browser console. Create a minimal default config.json ({}), only when absent, during install and update so custom configs are not overwritten.	2026-04-10 08:25:05 +02:00
CanbiZ (MickLesk)	fbf73b6e23	fix(bentopdf): enforce https for SharedArrayBuffer on LAN LibreOffice WASM requires crossOriginIsolated + secure context. LAN HTTP origins (http://192.168.x.x) are not trustworthy, so Office conversion fails with DataCloneError on SharedArrayBuffer transfer. - generate self-signed TLS cert (idempotent) - add HTTPS server on :8443 - redirect HTTP :8080 to HTTPS :8443 - keep WASM gzip/mime handling - update post-install URL hint to https://IP:8443	2026-04-10 08:22:31 +02:00
CanbiZ (MickLesk)	c0d12a797a	fix(bentopdf): serve libreoffice wasm gz with correct nginx headers Fix Word/Excel conversion hang by serving /libreoffice-wasm assets with proper MIME types and Content-Encoding. - serve soffice.wasm.gz as application/wasm + Content-Encoding: gzip - serve soffice.data.gz as octet-stream + Content-Encoding: gzip - add immutable caching for wasm/data assets - always refresh nginx site+service during update to migrate existing installs - switch install script dependency handling to ensure_dependencies nginx	2026-04-10 08:20:19 +02:00
Tobias	9120546c26	Install nginx as a dependency	2026-04-09 19:19:16 +02:00
CanbiZ (MickLesk)	c768da0cb1	fix(bentopdf): replace http-server with nginx for COOP/COEP headers Word/Excel/PowerPoint to PDF conversion uses LibreOffice WASM which requires SharedArrayBuffer. SharedArrayBuffer only works when the server sends Cross-Origin-Opener-Policy: same-origin and Cross-Origin-Embedder-Policy: require-corp headers. The previous http-server setup did not send these headers, causing WASM initialization to time out for office-format conversions. Fix: replace http-server with nginx and configure COOP/COEP headers in the nginx site config, matching the upstream Docker image's nginx.conf. Also adds a one-time migration path in update_script for existing installs running the old http-server service.	2026-04-09 18:26:20 +02:00