admin/mcp-docx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
899963a14cc4febe1c2c73e7b0985d50e176e81f
mcp-docx/DEPLOYMENT.md
T
akadmin f655336757
Continuous Integration / Test Suite (macos-latest, nightly) (push) Has been cancelled
Details
Continuous Integration / Test Suite (macos-latest, stable) (push) Has been cancelled
Details
Continuous Integration / Test Suite (ubuntu-latest, 1.70.0) (push) Has been cancelled
Details
Continuous Integration / Test Suite (ubuntu-latest, beta) (push) Has been cancelled
Details
Continuous Integration / Test Suite (ubuntu-latest, nightly) (push) Has been cancelled
Details
Continuous Integration / Test Suite (ubuntu-latest, stable) (push) Has been cancelled
Details
Continuous Integration / Test Suite (windows-latest, stable) (push) Has been cancelled
Details
Continuous Integration / Security Audit (push) Has been cancelled
Details
Continuous Integration / Code Coverage (push) Has been cancelled
Details
Continuous Integration / Performance Benchmarks (push) Has been cancelled
Details
Continuous Integration / Memory Safety Check (push) Has been cancelled
Details
Continuous Integration / Docker Build Test (push) Has been cancelled
Details
Continuous Integration / Release Readiness (push) Has been cancelled
Details
Continuous Integration / Integration Tests (push) Has been cancelled
Details
Continuous Integration / Stress Testing (push) Has been cancelled
Details
Continuous Integration / Notify Results (push) Has been cancelled
Details
Add HTTP interface, templates, generate_from_template, unified Dockerfile
2026-06-13 00:22:02 +00:00

339 lines
9.9 KiB
Markdown
Raw Blame History

# docx-mcp Server - Deployment Guide
## Server Architecture
This MCP server supports:
- **stdio mode** (default): stdin/stdout for MCP clients.
- **HTTP mode**: Web interface for HTML/browser access over LAN.
- **Templates directory**: User-provided .docx templates for reuse and fill-in generation.
- **High-fidelity PDF conversion**: Via LibreOffice (included in Docker image).
```
┌─────────────────────────────────────────────────────────────────────────┐
│ DEPLOYMENT MODES │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ Mode 1: stdio (Local MCP Clients) │
│ ┌───────────┐ stdio ┌──────────────────┐ │
│ │ MCP │ ◄────────► │ docx-mcp │ │
│ │ Client │ │ (container) │ │
│ └───────────┘ └──────────────────┘ │
│ │
│ Mode 2: HTTP (HTML Interface - LAN) │
│ ┌───────────┐ HTTP:3000 ┌──────────────────┐ │
│ │ Browser │ ◄────────────►│ docx-mcp │ │
│ │ (HTML) │ │ (container) │ │
│ └───────────┘ └──────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
```
## Docker Image
There is now a single, unified Dockerfile that includes:
- HTTP server (HTML interface)
- stdio MCP transport
- LibreOffice (high-fidelity PDF conversion)
- Templates directory support
- Sandboxed, non-root configuration
Build:
```bash
docker build -t docx-mcp:full .
```
## Deployment
### HTTP Mode (HTML Interface - LAN)
Run the HTTP server with templates and output directories mounted:
```bash
docker run --rm \
--name docx-mcp-http \
-p 3000:3000 \
-v /host/path/templates:/templates:ro \
-v /host/path/output:/out \
-e DOCX_MCP_HTTP=true \
-e DOCX_MCP_HTTP_ADDRESS=0.0.0.0:3000 \
-e DOCX_MCP_TEMPLATES_DIR=/templates \
-e DOCX_MCP_MAX_SIZE=104857600 \
-e DOCX_MCP_MAX_DOCS=30 \
--memory 1g \
--cpus 1.5 \
docx-mcp:full
```
Access:
- HTML Interface: http://your-server-ip:3000
- API: http://your-server-ip:3000/api/tools
- WebSocket: ws://your-server-ip:3000/ws
### stdio Mode (for MCP Clients)
Useful when launched by an MCP client (e.g., Claude Desktop, Cursor).
```bash
docker run --rm \
--name docx-mcp-stdio \
-v /host/path/templates:/templates:ro \
-v /host/path/output:/out \
-e DOCX_MCP_TEMPLATES_DIR=/templates \
-e DOCX_MCP_MAX_SIZE=104857600 \
-e DOCX_MCP_MAX_DOCS=30 \
--memory 1g \
--cpus 1.5 \
docx-mcp:full
```
In MCP client config, point "command" to "docker run" with these flags.
## Server Configuration
### Command Line Arguments
| Argument | Environment Variable | Description |
|----------|---------------------|-------------|
| `--http-mode` | `DOCX_MCP_HTTP=true` | Enable HTTP server mode |
| `--http-address` | `DOCX_MCP_HTTP_ADDRESS` | HTTP server address (default: 0.0.0.0:3000) |
| `--templates-dir` | `DOCX_MCP_TEMPLATES_DIR` | Directory with template .docx files (default: /templates) |
| `--readonly` | `DOCX_MCP_READONLY=true` | Enable readonly mode |
| `--sandbox` | `DOCX_MCP_SANDBOX=true` | Enable sandbox mode |
| `--no-external-tools` | `DOCX_MCP_NO_EXTERNAL_TOOLS=true` | Disable external tools (e.g., LibreOffice) |
| `--no-network` | `DOCX_MCP_NO_NETWORK=true` | Disable network operations |
| `--max-size` | `DOCX_MCP_MAX_SIZE` | Max document size in bytes |
| `--max-docs` | `DOCX_MCP_MAX_DOCS` | Max concurrent open documents |
| `--whitelist` | `DOCX_MCP_WHITELIST` | Allowed tools (comma-separated) |
| `--blacklist` | `DOCX_MCP_BLACKLIST` | Blocked tools (comma-separated) |
### Example Configurations
- HTTP mode with templates:
```bash
docker run --rm \
-p 3000:3000 \
-v /host/path/templates:/templates:ro \
-e DOCX_MCP_HTTP=true \
-e DOCX_MCP_TEMPLATES_DIR=/templates \
docx-mcp:full
```
- Readonly HTTP mode (limited tools):
```bash
docker run --rm \
-p 3000:3000 \
-e DOCX_MCP_HTTP=true \
-e DOCX_MCP_READONLY=true \
-e DOCX_MCP_WHITELIST="list_templates,open_template,extract_text,get_metadata,search_text" \
docx-mcp:full
```
## API Endpoints
### HTML Interface
- GET / — Web interface (tool browser + templates panel)
### REST API
- GET /api/tools — List available tools
- POST /api/call — Call a tool
### WebSocket
- WS /ws — Real-time communication
### API Examples
- List tools:
```bash
curl http://localhost:3000/api/tools
```
- Call a tool:
```bash
curl -X POST http://localhost:3000/api/call \
-H "Content-Type: application/json" \
-d '{
"name": "create_document",
"arguments": {}
}'
```
- List templates:
```bash
curl -X POST http://localhost:3000/api/call \
-H "Content-Type: application/json" \
-d '{
"name": "list_templates",
"arguments": {}
}'
```
- Open a template:
```bash
curl -X POST http://localhost:3000/api/call \
-H "Content-Type: application/json" \
-d '{
"name": "open_template",
"arguments": { "name": "nda_template.docx" }
}'
```
- Generate from template with fill-in fields:
```bash
curl -X POST http://localhost:3000/api/call \
-H "Content-Type: application/json" \
-d '{
"name": "generate_from_template",
"arguments": {
"template_name": "nda_template.docx",
"output_path": "/out/nda_acme.docx",
"fields": {
"CLIENT_NAME": "Acme Corp",
"EFFECTIVE_DATE": "2025-11-09"
}
}
}'
```
## Docker Compose (Production)
Example with HTTP mode, templates, and output volumes:
```yaml
version: '3.8'
services:
docx-mcp:
image: docx-mcp:full
build:
context: .
dockerfile: Dockerfile
read_only: true
cap_drop:
- ALL
tmpfs:
- /tmp/docx-mcp:rw,noexec,nosuid,size=200m
volumes:
- ./templates:/templates:ro
- ./output:/out
ports:
- "3000:3000"
environment:
- RUST_LOG=info
- DOCX_MCP_HTTP=true
- DOCX_MCP_HTTP_ADDRESS=0.0.0.0:3000
- DOCX_MCP_TEMPLATES_DIR=/templates
- DOCX_MCP_MAX_SIZE=104857600
- DOCX_MCP_MAX_DOCS=30
deploy:
resources:
limits:
memory: 1G
cpus: '1.5'
restart: unless-stopped
healthcheck:
test: ["CMD", "/usr/local/bin/docx-mcp", "--version"]
interval: 30s
timeout: 5s
retries: 3
```
## Security Configuration
### Environment Variables
| Variable | Default | Description |
|----------|---------|-------------|
| `DOCX_MCP_HTTP` | `false` | Enable HTTP mode |
| `DOCX_MCP_HTTP_ADDRESS` | `0.0.0.0:3000` | HTTP server address |
| `DOCX_MCP_TEMPLATES_DIR` | `/templates` | Templates directory |
| `DOCX_MCP_READONLY` | `false` | Restrict to read-only operations |
| `DOCX_MCP_SANDBOX` | `true` | Restrict file operations to temp |
| `DOCX_MCP_NO_EXTERNAL_TOOLS` | `true` | Disable external tools |
| `DOCX_MCP_NO_NETWORK` | `true` | Disable network access |
| `DOCX_MCP_MAX_SIZE` | `104857600` | Max document size (bytes) |
| `DOCX_MCP_MAX_DOCS` | `30` | Max concurrent documents |
| `DOCX_MCP_WHITELIST` | - | Allowed tools (comma-separated) |
| `DOCX_MCP_BLACKLIST` | - | Blocked tools (comma-separated) |
### Security Profiles
- Readonly HTTP mode:
```bash
docker run --rm \
-p 3000:3000 \
-e DOCX_MCP_HTTP=true \
-e DOCX_MCP_READONLY=true \
-e DOCX_MCP_WHITELIST="list_templates,open_template,extract_text,get_metadata,search_text" \
docx-mcp:full
```
- Maximum security:
```bash
docker run --rm \
-p 3000:3000 \
--read-only \
--cap-drop ALL \
--tmpfs /tmp/docx-mcp \
-e DOCX_MCP_HTTP=true \
-e DOCX_MCP_READONLY=true \
-e DOCX_MCP_SANDBOX=true \
-e DOCX_MCP_NO_EXTERNAL_TOOLS=true \
-e DOCX_MCP_NO_NETWORK=true \
docx-mcp:full
```
## Monitoring
```bash
# View logs
docker logs -f docx-mcp-http
# Check resource usage
docker stats docx-mcp-http
# Verify security
docker inspect --format='{{.HostConfig.ReadOnly}}' docx-mcp-http # Should be true
```
## Troubleshooting
### Common Issues
1. Port already in use:
- Use a different port:
- -p 8080:8080 -e DOCX_MCP_HTTP_ADDRESS=0.0.0.0:8080
2. Permission denied on temp directory:
- Ensure temp directory is writable:
- --tmpfs /tmp/docx-mcp:rw
3. Out of memory:
- Increase memory:
- --memory 2g
4. CORS issues in browser:
- CORS is enabled for all origins on LAN by default.
- For production, restrict to specific origins as needed.
## API Key
No API key is required. Security relies on:
- OS-level access controls
- Container isolation
- Built-in command security (whitelist/blacklist)
For LAN deployments, rely on:
- Network-level access controls
- Firewall rules
- Application-level authentication at the bridge
Reference in New Issue View Git Blame Copy Permalink