diff --git a/deployments/continuous-deployment-config/ocis_traefik/latest.yml b/deployments/continuous-deployment-config/ocis_full/master.yml similarity index 60% rename from deployments/continuous-deployment-config/ocis_traefik/latest.yml rename to deployments/continuous-deployment-config/ocis_full/master.yml index cbdf59c87b6..b8181154271 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/latest.yml +++ b/deployments/continuous-deployment-config/ocis_full/master.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-traefik-latest +- name: continuous-deployment-ocis-master server: server_type: cx21 image: ubuntu-22.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-traefik.latest.owncloud.works" + - "*.ocis.master.owncloud.works" vars: ssh_authorized_keys: @@ -28,22 +28,26 @@ - name: ocis git_url: https://github.com/owncloud/ocis.git ref: master - docker_compose_path: deployments/examples/ocis_traefik + docker_compose_path: deployments/examples/ocis_full env: INSECURE: "false" TRAEFIK_ACME_MAIL: mbarz@owncloud.com - OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-traefik.latest.owncloud.works + OCIS_DOCKER_TAG: master + OCIS_DOCKER_IMAGE: owncloud/ocis-rolling + OCIS_DOMAIN: ocis.ocis.master.owncloud.works + COMPANION_DOMAIN: companion.ocis.master.owncloud.works + COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud + WOPISERVER_DOMAIN: wopiserver.ocis.master.owncloud.works + COLLABORA_DOMAIN: collabora.ocis.master.owncloud.works DEMO_USERS: "true" - INBUCKET_DOMAIN: mail.ocis-traefik.latest.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-traefik.latest.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis.master.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-traefik.latest.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-traefik-latest + TELEGRAF_SPECIFIC_CONFIG: ocis_full + OCIS_URL: ocis.ocis.master.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-master diff --git a/deployments/continuous-deployment-config/ocis_traefik/released.yml b/deployments/continuous-deployment-config/ocis_full/production.yml similarity index 57% rename from deployments/continuous-deployment-config/ocis_traefik/released.yml rename to deployments/continuous-deployment-config/ocis_full/production.yml index 76767fabbb1..05d7e4f0f60 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/released.yml +++ b/deployments/continuous-deployment-config/ocis_full/production.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-traefik-released +- name: continuous-deployment-ocis-production server: server_type: cx21 image: ubuntu-22.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-traefik.released.owncloud.works" + - "*.ocis.production.owncloud.works" vars: ssh_authorized_keys: @@ -27,23 +27,27 @@ docker_compose_projects: - name: ocis git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_traefik + ref: stable-5.0 + docker_compose_path: deployments/examples/ocis_wopi env: INSECURE: "false" TRAEFIK_ACME_MAIL: mbarz@owncloud.com - OCIS_DOCKER_TAG: 5.0.3 - OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works + OCIS_DOCKER_TAG: 5.0.5 + OCIS_DOMAIN: ocis.ocis.production.owncloud.works + COMPANION_DOMAIN: companion.ocis.production.owncloud.works + COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud + WOPISERVER_DOMAIN: wopiserver.ocis.production.owncloud.works + COLLABORA_DOMAIN: collabora.ocis.production.owncloud.works + ONLYOFFICE_DOMAIN: onlyoffice.ocis.production.owncloud.works DEMO_USERS: "true" - INBUCKET_DOMAIN: mail.ocis-traefik.released.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-traefik.released.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis.production.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-traefik.released.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-traefik-released + TELEGRAF_SPECIFIC_CONFIG: ocis_wopi + OCIS_URL: ocis.ocis.production.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-production diff --git a/deployments/continuous-deployment-config/ocis_traefik/daily.yml b/deployments/continuous-deployment-config/ocis_full/rolling.yml similarity index 61% rename from deployments/continuous-deployment-config/ocis_traefik/daily.yml rename to deployments/continuous-deployment-config/ocis_full/rolling.yml index 505693fb73e..19af01bf247 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/daily.yml +++ b/deployments/continuous-deployment-config/ocis_full/rolling.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-traefik-daily +- name: continuous-deployment-ocis-rolling server: server_type: cx21 image: ubuntu-22.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-traefik.daily.owncloud.works" + - "*.ocis.rolling.owncloud.works" vars: ssh_authorized_keys: @@ -28,22 +28,26 @@ - name: ocis git_url: https://github.com/owncloud/ocis.git ref: master - docker_compose_path: deployments/examples/ocis_traefik + docker_compose_path: deployments/examples/ocis_full env: INSECURE: "false" TRAEFIK_ACME_MAIL: mbarz@owncloud.com OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-traefik.daily.owncloud.works + OCIS_DOCKER_IMAGE: owncloud/ocis-rolling + OCIS_DOMAIN: ocis.ocis.rolling.owncloud.works + COMPANION_DOMAIN: companion.ocis.rolling.owncloud.works + COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud + WOPISERVER_DOMAIN: wopiserver.ocis.rolling.owncloud.works + COLLABORA_DOMAIN: collabora.ocis.rolling.owncloud.works DEMO_USERS: "true" - INBUCKET_DOMAIN: mail.ocis-traefik.daily.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-traefik.daily.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis.rolling.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-traefik.daily.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-traefik-daily + TELEGRAF_SPECIFIC_CONFIG: ocis_full + OCIS_URL: ocis.ocis.rolling.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-rolling diff --git a/deployments/continuous-deployment-config/ocis_s3/latest.yml b/deployments/continuous-deployment-config/ocis_s3/latest.yml deleted file mode 100644 index 629ab936ccd..00000000000 --- a/deployments/continuous-deployment-config/ocis_s3/latest.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: continuous-deployment-ocis-s3-latest - server: - server_type: cx21 - image: ubuntu-22.04 - location: nbg1 - initial_ssh_key_names: - - owncloud-ocis@drone.owncloud.com - labels: - owner: ocis-team - for: oCIS-continuous-deployment-examples - rebuild: $REBUILD - rebuild_carry_paths: - - /var/lib/docker/volumes/ocis_certs - - domains: - - "*.ocis-s3.latest.owncloud.works" - - vars: - ssh_authorized_keys: - - https://github.com/butonic.keys - - https://github.com/fschade.keys - - https://github.com/kulmann.keys - - https://github.com/micbar.keys - - https://github.com/rhafer.keys - - https://github.com/wkloucek.keys - docker_compose_projects: - - name: ocis - git_url: https://github.com/owncloud/ocis.git - ref: master - docker_compose_path: deployments/examples/ocis_s3 - env: - INSECURE: "false" - TRAEFIK_ACME_MAIL: mbarz@owncloud.com - OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-s3.latest.owncloud.works - MINIO_DOMAIN: minio.ocis-s3.latest.owncloud.works - DEMO_USERS: "true" - COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - - name: monitoring - git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git - ref: master - env: - NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.latest.owncloud.works - JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 - TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-s3.latest.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-s3-latest diff --git a/deployments/examples/ocis_clamav/README.md b/deployments/examples/ocis_clamav/README.md deleted file mode 100644 index 027d3b37e4e..00000000000 --- a/deployments/examples/ocis_clamav/README.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -document this deployment example in: docs/ocis/deployment/ocis_clamav.md ---- - -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_clamav/) -for instructions on how to run this scenario. diff --git a/deployments/examples/ocis_clamav/docker-compose.yml b/deployments/examples/ocis_clamav/docker-compose.yml deleted file mode 100644 index 1d3e9c2fe44..00000000000 --- a/deployments/examples/ocis_clamav/docker-compose.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -version: "3.7" - -services: - ocis: - image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - networks: - ocis-net: - entrypoint: - - /bin/sh - # run ocis init to initialize a configuration file with random secrets - # it will fail on subsequent runs, because the config file already exists - # therefore we ignore the error and then start the ocis server - command: [ "-c", "ocis init || true; ocis server" ] - environment: - # setup is for demonstration purposes only; - OCIS_INSECURE: "${INSECURE:-false}" - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} - # admin user password - IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file - # demo users - IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-true}" - # enable the antivirus service - OCIS_ADD_RUN_SERVICES: "antivirus" - # configure the antivirus service - POSTPROCESSING_STEPS: "virusscan" - ANTIVIRUS_SCANNER_TYPE: "clamav" - ANTIVIRUS_CLAMAV_SOCKET: "/var/run/clamav/clamd.sock" - volumes: - - "ocis-config:/etc/ocis" - - "ocis-data:/var/lib/ocis" - - "clamav-socket:/var/run/clamav" - ports: - - 9200:9200 - logging: - driver: "local" - restart: always - - clamav: - image: clamav/clamav:${CLAMAV_DOCKER_TAG:-latest} - networks: - ocis-net: - volumes: - - "clamav-socket:/tmp" - - "clamav-db:/var/lib/clamav" - logging: - driver: "local" - restart: always - -volumes: - clamav-socket: - clamav-db: - ocis-config: - ocis-data: - -networks: - ocis-net: diff --git a/deployments/examples/ocis_full/.env b/deployments/examples/ocis_full/.env new file mode 100644 index 00000000000..d5913ca1115 --- /dev/null +++ b/deployments/examples/ocis_full/.env @@ -0,0 +1,184 @@ +# Define the docker compose log driver used. +# Defaults to local +LOG_DRIVER= +# If you're on an internet facing server. comment out following line. +# It skips certificate validation for various parts of Infinite Scale and is +# needed when self signed certificates are used. +INSECURE=true + +### Traefik Settings ### +# Serve Traefik dashboard. +# Defaults to "false". +TRAEFIK_DASHBOARD= +# Domain of Traefik, where you can find the dashboard. +# Defaults to "traefik.owncloud.test" +TRAEFIK_DOMAIN= +# Basic authentication for the traefik dashboard. +# Defaults to user "admin" and password "admin" (written as: "admin:admin"). +TRAEFIK_BASIC_AUTH_USERS= +# Email address for obtaining LetsEncrypt certificates. +# Needs only be changed if this is a public facing server. +TRAEFIK_ACME_MAIL= +# Set to the following for testing to check the certificate process: +# "https://acme-staging-v02.api.letsencrypt.org/directory" +# With staging configured, there will be an SSL error in the browser. +# When certificates are displayed and are emitted by # "Fake LE Intermediate X1", +# the process went well and the envvar can be reset to empty to get valid certificates. +TRAEFIK_ACME_CASERVER= + + +### Infinite Scale Settings ### +# Beside Traefik, this service must stay enabled. +# Disable only for testing purposes. +OCIS=:ocis.yml +# The oCIS container image. +# Defaults to "owncloud/ocis" which contains the production releases. +OCIS_DOCKER_IMAGE= +# The oCIS container version. +# Defaults to "latest". This will point to the latest stable tag. +OCIS_DOCKER_TAG= +# Domain of oCIS, where you can find the frontend. +# Defaults to "ocis.owncloud.test" +OCIS_DOMAIN= +# oCIS admin user password. Defaults to "admin". +ADMIN_PASSWORD= +# Demo users should not be created on a production instance, +# because their passwords are public. Defaults to "false". +# Also see: https://doc.owncloud.com/ocis/latest/deployment/general/general-info.html#demo-users-and-groups +DEMO_USERS= +# Define the loglevel used. +# For more details see: +# https://doc.owncloud.com/ocis/latest/deployment/services/env-vars-special-scope.html +LOG_LEVEL= +# Define the kind of logging. +# The default log can be read by machines. +# Set this to true to make the log human readable +# LOG_PRETTY=true + +# S3 Storage configuration +# +# - optional +# +# Infinite Scale supports S3 storage as primary storage. +# Per default, S3 storage is disabled and we use the local filesystem. +# To enable S3 storage, uncomment the following lines and configure the S3 storage. +# The leading colon is required to enable the service. +#S3NG=:s3ng.yml +# Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes. +S3NG_ENDPOINT= +# S3 region. Defaults to "default". +S3NG_REGION= +# S3 access key. Defaults to "ocis" +S3NG_ACCESS_KEY= +# S3 secret. Defaults to "ocis-secret-key" +S3NG_SECRET_KEY= +# S3 bucket. Defaults to "ocis" +S3NG_BUCKET= +# Add local minio S3 storage to the docker-compose file. +# This is needed for testing purposes. +# The leading colon is required to enable the service. +#S3NG_MINIO=:minio.yml +# Minio domain. Defaults to "minio.owncloud.test". +MINIO_DOMAIN= + +# Define SMPT settings if you would like to send Infinite Scale email notifications. +# For more details see: +# https://doc.owncloud.com/ocis/latest/deployment/services/s-list/notifications.html +# NOTE: this doesn't work if you are using inbucket. +# SMTP host to connect to. +SMTP_HOST= +# Port of the SMTP host to connect to. +SMTP_PORT= +# An eMail address that is used for sending Infinite Scale notification eMails +# like "ocis notifications ". +SMTP_SENDER= +# Username for the SMTP host to connect to. +SMTP_USERNAME= +# Password for the SMTP host to connect to. +SMTP_PASSWORD= +# Authentication method for the SMTP communication. +SMTP_AUTHENTICATION= +# Allow insecure connections to the SMTP server. Defaults to false. +SMTP_INSECURE= + +## Default Enabled Services ## + +### Apache Tika Content Analysis Toolkit ### +# Tika (search) is enabled by default, comment if not required. +# The leading colon is required to enable the service. +TIKA=:tika.yml +# Set the desired docker image tag or digest. +# Defaults to "latest" +TIKA_IMAGE= + +### Collabora Settings ### +# Collabora web office is default enabled, comment if not required. +# The leading colon is required to enable the service. +COLLABORA=:collabora.yml +# Domain of Collabora, where you can find the frontend. +# Defaults to "collabora.owncloud.test" +COLLABORA_DOMAIN= +# Domain of the wopiserver which handles OnlyOffice. +# Defaults to "wopiserver.owncloud.test" +WOPISERVER_DOMAIN= +# Admin user for Collabora. +# Defaults to "admin". +# Collabora Admin Panel URL: +# https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html +COLLABORA_ADMIN_USER= +# Admin password for Collabora. +# Defaults to "admin". +COLLABORA_ADMIN_PASSWORD= + +### Supplemental Configurations ### +# If you want to use supplemental configurations, +# you need to uncomment lines containing :path/file.yml +# and configure the service if required. + +## Debugging - Monitoring ## +# Please see documentation at: https://owncloud.dev/ocis/deployment/monitoring-tracing/ +# The leading colon is required to enable the service. +#MONITORING=:monitoring_tracing/monitoring.yml + +## Uppy Companion Settings ## +# The leading colon is required to enable the service. +#CLOUD_IMPORTER=:cloudimporter.yml +## The docker image to be used for uppy companion. +# owncloud has built a container with public link import support. +COMPANION_IMAGE= +# Domain of Uppy Companion. Defaults to "companion.owncloud.test". +COMPANION_DOMAIN= +# Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference. +# Empty by default, which disables providers. +COMPANION_ONEDRIVE_KEY= +COMPANION_ONEDRIVE_SECRET= + +## Virusscanner Settings ## +# The leading colon is required to enable the service. +# CLAMAV=:clamav.yml +# Image version of the ClamAV container. +# Defaults to "latest" +CLAMAV_DOCKER_TAG= + +## OnlyOffice Settings ## +# The leading colon is required to enable the service. +#ONLYOFFICE=:onlyoffice.yml +# Domain for OnlyOffice. Defaults to "onlyoffice.owncloud.test". +ONLYOFFICE_DOMAIN= +# Domain for the wopiserver which handles OnlyOffice. +WOPISERVER_ONLYOFFICE_DOMAIN= + +## Inbucket Settings ## +# Inbucket is a mail catcher tool for testing purposes. +# DO NOT use in Production. +# The leading colon is required to enable the service. +#INBUCKET=:inbucket.yml +# email server (in this case inbucket acts as mail catcher). +# Domain for Inbucket. Defaults to "mail.owncloud.test". +INBUCKET_DOMAIN= + +### IMPORTANT ### +# This MUST be the last line as it assembles the supplemental compose files to be used. +# ALL supplemental configs must be added here, whether commented or not. +# Each var must either be empty or contain :path/file.yml +COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${CLOUD_IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-} diff --git a/deployments/examples/ocis_wopi/README.md b/deployments/examples/ocis_full/README.md similarity index 72% rename from deployments/examples/ocis_wopi/README.md rename to deployments/examples/ocis_full/README.md index 9a346f65057..5c2c07c9776 100644 --- a/deployments/examples/ocis_wopi/README.md +++ b/deployments/examples/ocis_full/README.md @@ -1,10 +1,10 @@ --- -document this deployment example in: docs/ocis/deployment/ocis_wopi.md +document this deployment example in: docs/ocis/deployment/ocis_full.md --- # Infinite Scale WOPI Deployment Example -This deployment example is documented in the [developer documentation](https://owncloud.dev/ocis/deployment/ocis_wopi/). +This deployment example is documented in the [developer documentation](https://owncloud.dev/ocis/deployment/ocis_full/). See the link for more details and instructions on how to deploy this scenario. Also see the [Admin Documentation](https://doc.owncloud.com/ocis/latest/index.html) for administrative and more configuration details. diff --git a/deployments/examples/ocis_full/clamav.yml b/deployments/examples/ocis_full/clamav.yml new file mode 100644 index 00000000000..a5f07b12a16 --- /dev/null +++ b/deployments/examples/ocis_full/clamav.yml @@ -0,0 +1,29 @@ +--- +services: + ocis: + environment: + ANTIVIRUS_SCANNER_TYPE: "clamav" + ANTIVIRUS_CLAMAV_SOCKET: "/var/run/clamav/clamd.sock" + # enable the antivirus service + OCIS_ADD_RUN_SERVICES: "antivirus" + # configure the antivirus service + POSTPROCESSING_STEPS: "virusscan" + # PROXY_TLS is set to "false", the download url has no https + STORAGE_USERS_DATA_GATEWAY_URL: http://ocis:9200/data + volumes: + - "clamav-socket:/var/run/clamav" + + clamav: + image: clamav/clamav:${CLAMAV_DOCKER_TAG:-latest} + networks: + ocis-net: + volumes: + - "clamav-socket:/tmp" + - "clamav-db:/var/lib/clamav" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + clamav-socket: + clamav-db: diff --git a/deployments/examples/ocis_full/cloudimporter.yml b/deployments/examples/ocis_full/cloudimporter.yml new file mode 100644 index 00000000000..7438a8baa94 --- /dev/null +++ b/deployments/examples/ocis_full/cloudimporter.yml @@ -0,0 +1,40 @@ +--- +services: + traefik: + networks: + ocis-net: + aliases: + - ${COMPANION_DOMAIN:-companion.owncloud.test} + ocis: + volumes: + # the cloud importer needs to be enabled in the web.yaml + - ./config/ocis/web.yaml:/etc/ocis/web.yaml + + companion: + image: ${COMPANION_IMAGE:-owncloud/uppy-companion:3.12.13-owncloud} + networks: + - ocis-net + environment: + NODE_ENV: production + NODE_TLS_REJECT_UNAUTHORIZED: 0 + COMPANION_DATADIR: /tmp/companion/ + COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} + COMPANION_PROTOCOL: https + COMPANION_UPLOAD_URLS: "^https://${OCIS_DOMAIN:-ocis.owncloud.test}/" + COMPANION_ONEDRIVE_KEY: "${COMPANION_ONEDRIVE_KEY}" + COMPANION_ONEDRIVE_SECRET: "${COMPANION_ONEDRIVE_SECRET}" + volumes: + - companion-data:/tmp/companion/ + labels: + - "traefik.enable=true" + - "traefik.http.routers.companion.entrypoints=https" + - "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.owncloud.test}`)" + - "traefik.http.routers.companion.tls.certresolver=http" + - "traefik.http.routers.companion.service=companion" + - "traefik.http.services.companion.loadbalancer.server.port=3020" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + companion-data: diff --git a/deployments/examples/ocis_full/collabora.yml b/deployments/examples/ocis_full/collabora.yml new file mode 100644 index 00000000000..3fdbdb36085 --- /dev/null +++ b/deployments/examples/ocis_full/collabora.yml @@ -0,0 +1,74 @@ +--- +services: + traefik: + networks: + ocis-net: + aliases: + - ${COLLABORA_DOMAIN:-collabora.owncloud.test} + - ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + ocis: + environment: + # make collabora the secure view app + FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.collaboration + + collaboration: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + depends_on: + ocis: + condition: service_started + collabora: + condition: service_healthy + entrypoint: + - /bin/sh + command: [ "-c", "ocis collaboration server" ] + environment: + COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 + COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "ocis:9233" + COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + COLLABORATION_APP_NAME: "Collabora" + COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} + COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}/favicon.ico + COLLABORATION_APP_INSECURE: "${INSECURE:-true}" + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" + COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} + volumes: + - ocis-config:/etc/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.collaboration.entrypoints=https" + - "traefik.http.routers.collaboration.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" + - "traefik.http.routers.collaboration.tls.certresolver=http" + - "traefik.http.routers.collaboration.service=collaboration" + - "traefik.http.services.collaboration.loadbalancer.server.port=9300" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + collabora: + image: collabora/code:23.05.7.5.1 + networks: + ocis-net: + environment: + aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}:443 + DONT_GEN_SSL_CERT: "YES" + extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test} + username: ${COLLABORA_ADMIN_USER:-admin} + password: ${COLLABORA_ADMIN_PASSWORD:-admin} + cap_add: + - MKNOD + labels: + - "traefik.enable=true" + - "traefik.http.routers.collabora.entrypoints=https" + - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" + - "traefik.http.routers.collabora.tls.certresolver=http" + - "traefik.http.routers.collabora.service=collabora" + - "traefik.http.services.collabora.loadbalancer.server.port=9980" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ] diff --git a/deployments/examples/ocis_wopi/config/ocis/app-registry.yaml b/deployments/examples/ocis_full/config/ocis/app-registry.yaml similarity index 100% rename from deployments/examples/ocis_wopi/config/ocis/app-registry.yaml rename to deployments/examples/ocis_full/config/ocis/app-registry.yaml diff --git a/deployments/examples/ocis_traefik/config/ocis/banned-password-list.txt b/deployments/examples/ocis_full/config/ocis/banned-password-list.txt similarity index 100% rename from deployments/examples/ocis_traefik/config/ocis/banned-password-list.txt rename to deployments/examples/ocis_full/config/ocis/banned-password-list.txt diff --git a/deployments/examples/ocis_wopi/config/ocis/csp.yaml b/deployments/examples/ocis_full/config/ocis/csp.yaml similarity index 88% rename from deployments/examples/ocis_wopi/config/ocis/csp.yaml rename to deployments/examples/ocis_full/config/ocis/csp.yaml index 9852ebeae90..be7aef26201 100644 --- a/deployments/examples/ocis_wopi/config/ocis/csp.yaml +++ b/deployments/examples/ocis_full/config/ocis/csp.yaml @@ -3,6 +3,8 @@ directives: - '''self''' connect-src: - '''self''' + - 'https://${COMPANION_DOMAIN|companion.owncloud.test}/' + - 'wss://${COMPANION_DOMAIN|companion.owncloud.test}/' default-src: - '''none''' font-src: diff --git a/deployments/examples/ocis_wopi/config/ocis/web.yaml b/deployments/examples/ocis_full/config/ocis/web.yaml similarity index 100% rename from deployments/examples/ocis_wopi/config/ocis/web.yaml rename to deployments/examples/ocis_full/config/ocis/web.yaml diff --git a/deployments/examples/ocis_wopi/config/onlyoffice/entrypoint-override.sh b/deployments/examples/ocis_full/config/onlyoffice/entrypoint-override.sh similarity index 100% rename from deployments/examples/ocis_wopi/config/onlyoffice/entrypoint-override.sh rename to deployments/examples/ocis_full/config/onlyoffice/entrypoint-override.sh diff --git a/deployments/examples/ocis_wopi/config/onlyoffice/local.json b/deployments/examples/ocis_full/config/onlyoffice/local.json similarity index 100% rename from deployments/examples/ocis_wopi/config/onlyoffice/local.json rename to deployments/examples/ocis_full/config/onlyoffice/local.json diff --git a/deployments/examples/ocis_full/docker-compose.yml b/deployments/examples/ocis_full/docker-compose.yml new file mode 100644 index 00000000000..f58a6836587 --- /dev/null +++ b/deployments/examples/ocis_full/docker-compose.yml @@ -0,0 +1,52 @@ +--- +version: "3.7" + +services: + traefik: + image: traefik:v3.0.3 + networks: + ocis-net: + command: + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" + - "--certificatesResolvers.http.acme.storage=/certs/acme.json" + - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + - "--certificatesresolvers.http.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}" + # enable dashboard + - "--api.dashboard=true" + # define entrypoints + - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" + - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.exposedByDefault=false" + # access log + - "--accessLog=true" + - "--accessLog.format=json" + - "--accessLog.fields.headers.names.X-Request-Id=keep" + ports: + - "80:80" + - "443:443" + volumes: + - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro" + - "certs:/certs" + labels: + - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + certs: + +networks: + ocis-net: diff --git a/deployments/examples/ocis_full/inbucket.yml b/deployments/examples/ocis_full/inbucket.yml new file mode 100644 index 00000000000..47e1d288985 --- /dev/null +++ b/deployments/examples/ocis_full/inbucket.yml @@ -0,0 +1,32 @@ +--- +services: + ocis: + environment: + NOTIFICATIONS_SMTP_HOST: inbucket + NOTIFICATIONS_SMTP_PORT: 2500 + NOTIFICATIONS_SMTP_SENDER: oCIS notifications + NOTIFICATIONS_SMTP_USERNAME: notifications@${OCIS_DOMAIN:-ocis.owncloud.test} + NOTIFICATIONS_SMTP_INSECURE: "true" # the mail catcher uses self signed certificates + + inbucket: + image: inbucket/inbucket + networks: + - ocis-net + entrypoint: + - /bin/sh + command: [ "-c", "apk add openssl; openssl req -subj '/CN=inbucket.test' -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/server.key -out /tmp/server.crt; /start-inbucket.sh" ] + environment: + INBUCKET_SMTP_TLSENABLED: "true" + INBUCKET_SMTP_TLSPRIVKEY: /tmp/server.key + INBUCKET_SMTP_TLSCERT: /tmp/server.crt + INBUCKET_STORAGE_MAILBOXMSGCAP: 1000 + labels: + - "traefik.enable=true" + - "traefik.http.routers.inbucket.entrypoints=https" + - "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.owncloud.test}`)" + - "traefik.http.routers.inbucket.tls.certresolver=http" + - "traefik.http.routers.inbucket.service=inbucket" + - "traefik.http.services.inbucket.loadbalancer.server.port=9000" + logging: + driver: ${LOG_DRIVER:-local} + restart: always diff --git a/deployments/examples/ocis_full/minio.yml b/deployments/examples/ocis_full/minio.yml new file mode 100644 index 00000000000..a004f0d9e92 --- /dev/null +++ b/deployments/examples/ocis_full/minio.yml @@ -0,0 +1,31 @@ +--- +services: + minio: + image: minio/minio:latest + networks: + ocis-net: + entrypoint: + - /bin/sh + command: + [ + "-c", + "mkdir -p /data/${S3NG_BUCKET:-ocis-bucket} && minio server --console-address ':9001' /data", + ] + volumes: + - minio-data:/data + environment: + MINIO_ACCESS_KEY: ${S3NG_ACCESS_KEY:-ocis} + MINIO_SECRET_KEY: ${S3NG_SECRET_KEY:-ocis-secret-key} + labels: + - "traefik.enable=true" + - "traefik.http.routers.minio.entrypoints=https" + - "traefik.http.routers.minio.rule=Host(`${MINIO_DOMAIN:-minio.owncloud.test}`)" + - "traefik.http.routers.minio.tls.certresolver=http" + - "traefik.http.routers.minio.service=minio" + - "traefik.http.services.minio.loadbalancer.server.port=9001" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + minio-data: diff --git a/deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_full/monitoring_tracing/monitoring.yml similarity index 65% rename from deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml rename to deployments/examples/ocis_full/monitoring_tracing/monitoring.yml index 47839287163..0ae8c79af89 100644 --- a/deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_full/monitoring_tracing/monitoring.yml @@ -13,23 +13,14 @@ services: # will expose the same metrics, so it's sufficient to query one endpoint PROXY_DEBUG_ADDR: 0.0.0.0:9205 - ocis-appprovider-collabora: + collaboration: environment: # tracing OCIS_TRACING_ENABLED: "true" OCIS_TRACING_TYPE: "jaeger" OCIS_TRACING_ENDPOINT: jaeger-agent:6831 # metrics - APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 - - ocis-appprovider-onlyoffice: - environment: - # tracing - OCIS_TRACING_ENABLED: "true" - OCIS_TRACING_TYPE: "jaeger" - OCIS_TRACING_ENDPOINT: jaeger-agent:6831 - # metrics - APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 + COLLABORATION_DEBUG_ADDR: 0.0.0.0:9304 networks: ocis-net: diff --git a/deployments/examples/ocis_full/ocis.yml b/deployments/examples/ocis_full/ocis.yml new file mode 100644 index 00000000000..674adf01c66 --- /dev/null +++ b/deployments/examples/ocis_full/ocis.yml @@ -0,0 +1,69 @@ +--- +services: + traefik: + networks: + ocis-net: + aliases: + - ${OCIS_DOMAIN:-ocis.owncloud.test} + ocis: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + entrypoint: + - /bin/sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] + environment: + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${LOG_LEVEL:-info} + OCIS_LOG_COLOR: "${LOG_PRETTY:-false}" + OCIS_LOG_PRETTY: "${LOG_PRETTY:-false}" + PROXY_TLS: "false" # do not use SSL between Traefik and oCIS + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: "${INSECURE:-false}" + # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) + PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file + # demo users + IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" + # email server (if configured) + NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}" + NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}" + NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER}" + NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}" + NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}" + # make the registry available to the app provider containers + MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233 + NATS_NATS_HOST: 0.0.0.0 + NATS_NATS_PORT: 9233 + PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml + # these three vars are needed to the csp config file to include the web office apps and the importer + COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} + ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} + # enable to allow using the banned passwords list + OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt + volumes: + - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml + - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml + - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt + - ocis-config:/etc/ocis + - ocis-data:/var/lib/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.ocis.entrypoints=https" + - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" + - "traefik.http.services.ocis.loadbalancer.server.port=9200" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + ocis-config: + ocis-data: diff --git a/deployments/examples/ocis_full/onlyoffice.yml b/deployments/examples/ocis_full/onlyoffice.yml new file mode 100644 index 00000000000..e50062bfdcf --- /dev/null +++ b/deployments/examples/ocis_full/onlyoffice.yml @@ -0,0 +1,76 @@ +--- +services: + traefik: + networks: + ocis-net: + aliases: + - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + - ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test} + + collaboration-oo: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + depends_on: + ocis: + condition: service_started + onlyoffice: + condition: service_healthy + entrypoint: + - /bin/sh + command: [ "-c", "ocis collaboration server" ] + environment: + COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 + COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "ocis:9233" + COLLABORATION_WOPI_SRC: https://${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test} + COLLABORATION_APP_NAME: "OnlyOffice" + COLLABORATION_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + COLLABORATION_APP_ICON: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico + COLLABORATION_APP_INSECURE: "${INSECURE:-true}" + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" + COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} + volumes: + - ocis-config:/etc/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.collaboration-oo.entrypoints=https" + - "traefik.http.routers.collaboration-oo.rule=Host(`${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test}`)" + - "traefik.http.routers.collaboration-oo.tls.certresolver=http" + - "traefik.http.routers.collaboration-oo.service=collaboration-oo" + - "traefik.http.services.collaboration-oo.loadbalancer.server.port=9300" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + onlyoffice: + image: onlyoffice/documentserver:8.0.1 + networks: + ocis-net: + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + WOPI_ENABLED: "true" + # self-signed certificates + USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" + volumes: + # paths are relative to the main compose file + - ./config/onlyoffice/entrypoint-override.sh:/entrypoint-override.sh + - ./config/onlyoffice/local.json:/etc/onlyoffice/documentserver/local.dist.json + labels: + - "traefik.enable=true" + - "traefik.http.routers.onlyoffice.entrypoints=https" + - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)" + - "traefik.http.routers.onlyoffice.tls.certresolver=http" + - "traefik.http.routers.onlyoffice.service=onlyoffice" + - "traefik.http.services.onlyoffice.loadbalancer.server.port=80" + # websockets can't be opened when this is omitted + - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.onlyoffice.middlewares=onlyoffice" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost/hosting/discovery"] diff --git a/deployments/examples/ocis_full/s3ng.yml b/deployments/examples/ocis_full/s3ng.yml new file mode 100644 index 00000000000..914ba9e4535 --- /dev/null +++ b/deployments/examples/ocis_full/s3ng.yml @@ -0,0 +1,13 @@ +--- +services: + ocis: + environment: + # activate s3ng storage driver + STORAGE_USERS_DRIVER: s3ng + STORAGE_SYSTEM_DRIVER: ocis # keep system data on ocis storage since this are only small files atm + # s3ng specific settings + STORAGE_USERS_S3NG_ENDPOINT: ${S3NG_ENDPOINT:-http://minio:9000} + STORAGE_USERS_S3NG_REGION: ${S3NG_REGION:-default} + STORAGE_USERS_S3NG_ACCESS_KEY: ${S3NG_ACCESS_KEY:-ocis} + STORAGE_USERS_S3NG_SECRET_KEY: ${S3NG_SECRET_KEY:-ocis-secret-key} + STORAGE_USERS_S3NG_BUCKET: ${S3NG_BUCKET:-ocis-bucket} diff --git a/deployments/examples/ocis_full/tika.yml b/deployments/examples/ocis_full/tika.yml new file mode 100644 index 00000000000..ef745377cba --- /dev/null +++ b/deployments/examples/ocis_full/tika.yml @@ -0,0 +1,16 @@ +--- +services: + tika: + image: ${TIKA_IMAGE:-apache/tika:latest-full} + networks: + ocis-net: + restart: always + logging: + driver: ${LOG_DRIVER:-local} + + ocis: + environment: + # fulltext search + SEARCH_EXTRACTOR_TYPE: tika + SEARCH_EXTRACTOR_TIKA_TIKA_URL: http://tika:9998 + FRONTEND_FULL_TEXT_SEARCH_ENABLED: "true" diff --git a/deployments/examples/ocis_traefik/.env b/deployments/examples/ocis_traefik/.env deleted file mode 100644 index 54dba3cf73e..00000000000 --- a/deployments/examples/ocis_traefik/.env +++ /dev/null @@ -1,33 +0,0 @@ -# If you're on a internet facing server please comment out following line. -# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. -INSECURE=true - -### Traefik settings ### -# Serve Traefik dashboard. Defaults to "false". -TRAEFIK_DASHBOARD= -# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" -TRAEFIK_DOMAIN= -# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" -TRAEFIK_BASIC_AUTH_USERS= -# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server -TRAEFIK_ACME_MAIL= - -### oCIS settings ### -# oCIS version. Defaults to "latest" -OCIS_DOCKER_TAG= -# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" -OCIS_DOMAIN= -# oCIS admin user password. Defaults to "admin". -ADMIN_PASSWORD= -# The demo users should not be created on a production instance -# because their passwords are public. Defaults to "false". -DEMO_USERS= - -### Email / Inbucket settings ### -# Inbucket / Mail domain. Defaults to "mail.owncloud.test" -INBUCKET_DOMAIN= - -# If you want to use debugging and tracing with this stack, -# you need uncomment following line. Please see documentation at -# https://owncloud.dev/ocis/deployment/monitoring-tracing/ -#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/ocis_traefik/README.md b/deployments/examples/ocis_traefik/README.md deleted file mode 100644 index ba85d13dfe5..00000000000 --- a/deployments/examples/ocis_traefik/README.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -document this deployment example in: docs/ocis/deployment/ocis_traefik.md ---- - -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_traefik/) -for instructions on how to deploy this scenario. diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml deleted file mode 100644 index 31c0d38196b..00000000000 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -version: "3.7" - -services: - traefik: - image: traefik:v2.9.1 - networks: - ocis-net: - aliases: - - ${OCIS_DOMAIN:-ocis.owncloud.test} - command: - - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" - # letsencrypt configuration - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - # enable dashboard - - "--api.dashboard=true" - # define entrypoints - - "--entryPoints.http.address=:80" - - "--entryPoints.http.http.redirections.entryPoint.to=https" - - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - - "--entryPoints.https.address=:443" - # docker provider (get configuration from container labels) - - "--providers.docker.endpoint=unix:///var/run/docker.sock" - # access log - - "--accessLog=true" - - "--accessLog.format=json" - - "--accessLog.fields.headers.names.X-Request-Id=keep" - ports: - - "80:80" - - "443:443" - volumes: - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - "certs:/certs" - labels: - - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik.middlewares=traefik-auth" - - "traefik.http.routers.traefik.tls.certresolver=http" - - "traefik.http.routers.traefik.service=api@internal" - logging: - driver: "local" - restart: always - - ocis: - image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - networks: - ocis-net: - entrypoint: - - /bin/sh - # run ocis init to initialize a configuration file with random secrets - # it will fail on subsequent runs, because the config file already exists - # therefore we ignore the error and then start the ocis server - command: ["-c", "ocis init || true; ocis server"] - environment: - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} - OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" - PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OCIS_INSECURE: "${INSECURE:-false}" - # basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect) - PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" - # admin user password - IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file - # demo users - IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" - # email server (in this case inbucket acts as mail catcher) - NOTIFICATIONS_SMTP_HOST: inbucket - NOTIFICATIONS_SMTP_PORT: 2500 - NOTIFICATIONS_SMTP_SENDER: oCIS notifications - NOTIFICATIONS_SMTP_USERNAME: notifications@${OCIS_DOMAIN:-ocis.owncloud.test} - NOTIFICATIONS_SMTP_INSECURE: "true" # the mail catcher uses self-signed certificates - # password policies - OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt" - volumes: - - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt - - ocis-config:/etc/ocis - - ocis-data:/var/lib/ocis - labels: - - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=https" - - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis.tls.certresolver=http" - - "traefik.http.routers.ocis.service=ocis" - - "traefik.http.services.ocis.loadbalancer.server.port=9200" - logging: - driver: "local" - restart: always - - inbucket: - image: inbucket/inbucket - networks: - ocis-net: - entrypoint: - - /bin/sh - command: ["-c", "apk add openssl; openssl req -subj '/CN=inbucket.test' -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/server.key -out /tmp/server.crt; /start-inbucket.sh"] - environment: - INBUCKET_SMTP_TLSENABLED: "true" - INBUCKET_SMTP_TLSPRIVKEY: /tmp/server.key - INBUCKET_SMTP_TLSCERT: /tmp/server.crt - INBUCKET_STORAGE_MAILBOXMSGCAP: 1000 - labels: - - "traefik.enable=true" - - "traefik.http.routers.inbucket.entrypoints=https" - - "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.owncloud.test}`)" - - "traefik.http.routers.inbucket.tls.certresolver=http" - - "traefik.http.routers.inbucket.service=inbucket" - - "traefik.http.services.inbucket.loadbalancer.server.port=9000" - logging: - driver: "local" - restart: always - -volumes: - certs: - ocis-config: - ocis-data: - -networks: - ocis-net: diff --git a/deployments/examples/ocis_traefik/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_traefik/monitoring_tracing/docker-compose-additions.yml deleted file mode 100644 index f531406974c..00000000000 --- a/deployments/examples/ocis_traefik/monitoring_tracing/docker-compose-additions.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -version: "3.7" - -services: - ocis: - environment: - # tracing - OCIS_TRACING_ENABLED: "true" - OCIS_TRACING_TYPE: "jaeger" - OCIS_TRACING_ENDPOINT: jaeger-agent:6831 - # metrics - # if oCIS runs as a single process, all /metrics endpoints - # will expose the same metrics, so it's sufficient to query one endpoint - PROXY_DEBUG_ADDR: 0.0.0.0:9205 - -networks: - ocis-net: - external: true diff --git a/deployments/examples/ocis_wopi/.env b/deployments/examples/ocis_wopi/.env deleted file mode 100644 index b7616b8c944..00000000000 --- a/deployments/examples/ocis_wopi/.env +++ /dev/null @@ -1,73 +0,0 @@ -# If you're on a internet facing server please comment out following line. -# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. -INSECURE=true - -### Traefik settings ### -# Serve Traefik dashboard. Defaults to "false". -TRAEFIK_DASHBOARD= -# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" -TRAEFIK_DOMAIN= -# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" (written as: "admin:admin"). -TRAEFIK_BASIC_AUTH_USERS= -# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server -TRAEFIK_ACME_MAIL= -# Defaults to "https://acme-v02.api.letsencrypt.org/directory". -# Set to: "https://acme-staging-v02.api.letsencrypt.org/directory" for testing to check the certificate process. -# With staging, there will be an SSL error in the browser. When certificates are displayed and are emitted by -# "Fake LE Intermediate X1", the process went well and the envvar can be reset to empty to get valid certificates. -TRAEFIK_ACME_CASERVER= - -### oCIS settings ### -# oCIS version. Defaults to "latest" -OCIS_DOCKER_TAG= -# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" -OCIS_DOMAIN= -# oCIS admin user password. Defaults to "admin". -ADMIN_PASSWORD= -# The demo users should not be created on a production instance -# because their passwords are public. Defaults to "false". -DEMO_USERS= -# Log level for OCIS_DOCKER_TAG -OCIS_LOG_LEVEL= - -### Wopi server settings ### -# cs3org wopi server version. Defaults to "v10.4.0" -WOPISERVER_DOCKER_TAG= -# cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" -WOPISERVER_DOMAIN= -# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567" -WOPI_JWT_SECRET= - -### Collabora settings ### -# Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test" -COLLABORA_DOMAIN= -# Admin user for Collabora. Defaults to blank, provide one to enable access. Collabora Admin Panel URL: https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html -COLLABORA_ADMIN_USER= -# Admin password for Collabora. Defaults to blank, provide one to enable access -COLLABORA_ADMIN_PASSWORD= - -### OnlyOffice settings ### -# Domain of OnlyOffice, where you can find the frontend. Defaults to "onlyoffice.owncloud.test" -ONLYOFFICE_DOMAIN= - -### Email / Inbucket settings ### -# Inbucket / Mail domain. Defaults to "mail.owncloud.test" -INBUCKET_DOMAIN= - -### Apache Tika Content analysis toolkit ### -# Set the desired docker image tag or digest, defaults to "latest" -TIKA_IMAGE= - -# If you want to use debugging and tracing with this stack, -# you need uncomment following line. Please see documentation at -# https://owncloud.dev/ocis/deployment/monitoring-tracing/ -#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - -### Uppy Companion settings ### -# Domain of Uppy Companion. Defaults to "companion.owncloud.test" -COMPANION_IMAGE= -COMPANION_DOMAIN= -COMPANION_WEB_CONFIG_FILE_NAME= -# Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference. Empty by default, which disables providers. -COMPANION_ONEDRIVE_KEY= -COMPANION_ONEDRIVE_SECRET= diff --git a/deployments/examples/ocis_wopi/config/ocis/banned-password-list.txt b/deployments/examples/ocis_wopi/config/ocis/banned-password-list.txt deleted file mode 100644 index aff7475f220..00000000000 --- a/deployments/examples/ocis_wopi/config/ocis/banned-password-list.txt +++ /dev/null @@ -1,5 +0,0 @@ -password -12345678 -123 -ownCloud -ownCloud-1 diff --git a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh deleted file mode 100755 index 6fbb2a9b4db..00000000000 --- a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -set -e - -echo "${WOPISECRET}" > /etc/wopi/wopisecret - -cp /etc/wopi/wopiserver.conf.dist /etc/wopi/wopiserver.conf -sed -i 's/wopiserver.owncloud.test/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf - -if [ "$WOPISERVER_INSECURE" = "true" ]; then - sed -i 's/sslverify\s=\sTrue/sslverify = False/g' /etc/wopi/wopiserver.conf -fi - -/app/wopiserver.py diff --git a/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist b/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist deleted file mode 100644 index d3f21ed0a78..00000000000 --- a/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist +++ /dev/null @@ -1,128 +0,0 @@ -# -# This config is based on https://github.com/cs3org/wopiserver/blob/master/wopiserver.conf -# -# wopiserver.conf -# -# Default configuration file for the WOPI server for oCIS -# -############################################################## - -[general] -# Storage access layer to be loaded in order to operate this WOPI server -# only "cs3" is supported with oCIS -storagetype = cs3 - -# Port where to listen for WOPI requests -port = 8880 - -# Logging level. Debug enables the Flask debug mode as well. -# Valid values are: Debug, Info, Warning, Error. -loglevel = Error -loghandler = stream -logdest = stdout - -# URL of your WOPI server or your HA proxy in front of it -wopiurl = https://wopiserver.owncloud.test - -# URL for direct download of files. The complete URL that is sent -# to clients will include the access_token argument -downloadurl = https://wopiserver.owncloud.test/wopi/iop/download - -# The internal server engine to use (defaults to flask). -# Set to waitress for production installations. -internalserver = waitress - -# List of file extensions deemed incompatible with LibreOffice: -# interoperable locking will be disabled for such files -nonofficetypes = .md .zmd .txt .epd - -# List of file extensions to be supported by Collabora (deprecated) -codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key - -# WOPI access token expiration time [seconds] -tokenvalidity = 86400 - -# WOPI lock expiration time [seconds] -wopilockexpiration = 3600 - -# WOPI lock strict check: if True (default), WOPI locks will be compared according to specs, -# that is their representation must match. False allows for a more relaxed comparison, -# which compensates incorrect lock requests from Microsoft Office Online 2016-2018 -# on-premise setups. -#wopilockstrictcheck = True - -# Enable support of rename operations from WOPI apps. This is currently -# disabled by default as it has been observed that both MS Office and Collabora -# Online do not play well with this feature. -# Not supported with oCIS, must always be set to "False" -enablerename = False - -# Detection of external Microsoft Office or LibreOffice locks. By default, lock files -# compatible with Office for Desktop applications are detected, assuming that the -# underlying storage can be mounted as a remote filesystem: in this case, WOPI GetLock -# and SetLock operations return such locks and prevent online apps from entering edit mode. -# This feature can be disabled in order to operate a pure WOPI server for online apps. -# Not supported with oCIS, must always be set to "False" -detectexternallocks = False - -# Location of the webconflict files. By default, such files are stored in the same path -# as the original file. If that fails (e.g. because of missing permissions), -# an attempt is made to store such files in this path if specified, otherwise -# the system falls back to the recovery space (cf. io|recoverypath). -# The keywords and are replaced with the actual username's -# initial letter and the actual username, respectively, so you can use e.g. -# /your_storage/home/user_initial/username -#conflictpath = / - -# ownCloud's WOPI proxy configuration. Disabled by default. -#wopiproxy = https://external-wopi-proxy.com -#wopiproxysecretfile = /path/to/your/shared-key-file -#proxiedappname = Name of your proxied app - -[security] -# Location of the secret files. Requires a restart of the -# WOPI server when either the files or their content change. -wopisecretfile = /etc/wopi/wopisecret -# iop secret is not used for cs3 storage type -#iopsecretfile = /etc/wopi/iopsecret - -# Use https as opposed to http (requires certificate) -usehttps = no - -# Certificate and key for https. Requires a restart -# to apply a change. -wopicert = /etc/grid-security/host.crt -wopikey = /etc/grid-security/host.key - -[bridge] -# SSL certificate check for the connected apps -sslverify = True - -# Minimal time interval between two consecutive save operations [seconds] -#saveinterval = 200 - -# Minimal time interval before a closed file is WOPI-unlocked [seconds] -#unlockinterval = 90 - -# CodiMD: disable creating zipped bundles when files contain pictures -#disablezip = False - -[io] -# Size used for buffered reads [bytes] -chunksize = 4194304 - -# Path to a recovery space in case of I/O errors when reaching to the remote storage. -# This is expected to be a local path, and it is provided in order to ease user support. -# Defaults to the indicated spool folder. -recoverypath = /var/spool/wopirecovery - -[cs3] -# Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint -revagateway = ocis:9142 - -# Reva/gRPC authentication token expiration time [seconds] -# The default value matches Reva's default -authtokenvalidity = 3600 - -# SSL certificate check for Reva -sslverify = True diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml deleted file mode 100644 index e8c8532fcc9..00000000000 --- a/deployments/examples/ocis_wopi/docker-compose.yml +++ /dev/null @@ -1,325 +0,0 @@ ---- -version: "3.7" - -services: - traefik: - image: traefik:v2.9.1 - networks: - ocis-net: - aliases: - - ${OCIS_DOMAIN:-ocis.owncloud.test} - - ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - - ${COLLABORA_DOMAIN:-collabora.owncloud.test} - - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} - - ${COMPANION_DOMAIN:-companion.owncloud.test} - command: - - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" - # letsencrypt configuration - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - - "--certificatesresolvers.http.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}" - # enable dashboard - - "--api.dashboard=true" - # define entrypoints - - "--entryPoints.http.address=:80" - - "--entryPoints.http.http.redirections.entryPoint.to=https" - - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - - "--entryPoints.https.address=:443" - # docker provider (get configuration from container labels) - - "--providers.docker.endpoint=unix:///var/run/docker.sock" - - "--providers.docker.exposedByDefault=false" - # access log - - "--accessLog=true" - - "--accessLog.format=json" - - "--accessLog.fields.headers.names.X-Request-Id=keep" - ports: - - "80:80" - - "443:443" - volumes: - - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro" - - "certs:/certs" - labels: - - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.routers.traefik.entrypoints=https" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik.middlewares=traefik-auth" - - "traefik.http.routers.traefik.tls.certresolver=http" - - "traefik.http.routers.traefik.service=api@internal" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - ocis: - image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - networks: - ocis-net: - entrypoint: - - /bin/sh - # run ocis init to initialize a configuration file with random secrets - # it will fail on subsequent runs, because the config file already exists - # therefore we ignore the error and then start the ocis server - command: ["-c", "ocis init || true; ocis server"] - environment: - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} - OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" - PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers - # INSECURE: needed if oCIS / Traefik is using self generated certificates - OCIS_INSECURE: "${INSECURE:-false}" - # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) - PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" - # admin user password - IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file - # demo users - IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" - # fulltext search - SEARCH_EXTRACTOR_TYPE: tika - SEARCH_EXTRACTOR_TIKA_TIKA_URL: http://tika:9998 - FRONTEND_FULL_TEXT_SEARCH_ENABLED: "true" - # email server (in this case inbucket acts as mail catcher) - NOTIFICATIONS_SMTP_HOST: inbucket - NOTIFICATIONS_SMTP_PORT: 2500 - NOTIFICATIONS_SMTP_SENDER: oCIS notifications - NOTIFICATIONS_SMTP_USERNAME: notifications@${OCIS_DOMAIN:-ocis.owncloud.test} - NOTIFICATIONS_SMTP_INSECURE: "true" # the mail catcher uses self signed certificates - # make the registry available to the app provider containers - MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233 - NATS_NATS_HOST: 0.0.0.0 - NATS_NATS_PORT: 9233 - PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml - COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} - ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} - # make collabora the secure view app - FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.app-provider-collabora - volumes: - - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml - - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml - - ./config/ocis/web.yaml:/etc/ocis/web.yaml - - ocis-config:/etc/ocis - - ocis-data:/var/lib/ocis - labels: - - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=https" - - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis.tls.certresolver=http" - - "traefik.http.routers.ocis.service=ocis" - - "traefik.http.services.ocis.loadbalancer.server.port=9200" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - ocis-appprovider-collabora: - image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - networks: - ocis-net: - command: app-provider server - environment: - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} - # use the internal service name of the gateway - REVA_GATEWAY: ${REVA_GATEWAY:-com.owncloud.api.gateway} - APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164 - # configure the service name to avoid collision with onlyoffice - APP_PROVIDER_SERVICE_NAME: app-provider-collabora - # use the internal service name - APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-collabora - APP_PROVIDER_DRIVER: wopi - APP_PROVIDER_WOPI_APP_NAME: Collabora - APP_PROVIDER_WOPI_APP_ICON_URI: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}/favicon.ico - APP_PROVIDER_WOPI_APP_URL: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} - APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" - APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - # share the registry with the ocis container - MICRO_REGISTRY_ADDRESS: ocis:9233 - volumes: - - ocis-config:/etc/ocis - logging: - driver: ${LOG_DRIVER:-local} - restart: always - depends_on: - ocis: - condition: service_started - collabora: - condition: service_healthy - - ocis-appprovider-onlyoffice: - image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - networks: - ocis-net: - command: app-provider server - environment: - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} - # use the internal service name of the gateway - REVA_GATEWAY: ${REVA_GATEWAY:-com.owncloud.api.gateway} - APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164 - # configure the service name to avoid collision with collabora - APP_PROVIDER_SERVICE_NAME: app-provider-onlyoffice - # use the internal service name - APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-onlyoffice - APP_PROVIDER_DRIVER: wopi - APP_PROVIDER_WOPI_APP_NAME: OnlyOffice - APP_PROVIDER_WOPI_APP_ICON_URI: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico - APP_PROVIDER_WOPI_APP_URL: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} - APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" - APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - # share the registry with the ocis container - MICRO_REGISTRY_ADDRESS: ocis:9233 - volumes: - - ocis-config:/etc/ocis - logging: - driver: ${LOG_DRIVER:-local} - restart: always - depends_on: - ocis: - condition: service_started - onlyoffice: - condition: service_healthy - - wopiserver: - image: cs3org/wopiserver:${WOPISERVER_DOCKER_TAG:-v10.4.0} - networks: - ocis-net: - entrypoint: - - /bin/sh - - /entrypoint-override.sh - environment: - WOPISERVER_INSECURE: "${INSECURE:-false}" - WOPISECRET: ${WOPI_JWT_SECRET:-LoremIpsum567} - WOPISERVER_DOMAIN: ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - volumes: - - ./config/wopiserver/entrypoint-override.sh:/entrypoint-override.sh - - ./config/wopiserver/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist - - wopi-recovery:/var/spool/wopirecovery - labels: - - "traefik.enable=true" - - "traefik.http.routers.wopiserver.entrypoints=https" - - "traefik.http.routers.wopiserver.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" - - "traefik.http.routers.wopiserver.tls.certresolver=http" - - "traefik.http.routers.wopiserver.service=wopiserver" - - "traefik.http.services.wopiserver.loadbalancer.server.port=8880" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - collabora: - image: collabora/code:23.05.5.2.1 - networks: - ocis-net: - environment: - aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}:443 - DONT_GEN_SSL_CERT: "YES" - extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test} - username: ${COLLABORA_ADMIN_USER} - password: ${COLLABORA_ADMIN_PASSWORD} - cap_add: - - MKNOD - labels: - - "traefik.enable=true" - - "traefik.http.routers.collabora.entrypoints=https" - - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" - - "traefik.http.routers.collabora.tls.certresolver=http" - - "traefik.http.routers.collabora.service=collabora" - - "traefik.http.services.collabora.loadbalancer.server.port=9980" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:9980/hosting/discovery"] - - onlyoffice: - image: onlyoffice/documentserver:7.5.0 - networks: - ocis-net: - entrypoint: - - /bin/sh - - /entrypoint-override.sh - environment: - WOPI_ENABLED: "true" - USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" # self signed certificates - volumes: - - ./config/onlyoffice/entrypoint-override.sh:/entrypoint-override.sh - - ./config/onlyoffice/local.json:/etc/onlyoffice/documentserver/local.dist.json - labels: - - "traefik.enable=true" - - "traefik.http.routers.onlyoffice.entrypoints=https" - - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)" - - "traefik.http.routers.onlyoffice.tls.certresolver=http" - - "traefik.http.routers.onlyoffice.service=onlyoffice" - - "traefik.http.services.onlyoffice.loadbalancer.server.port=80" - # websockets can't be opened when this is ommitted - - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https" - - "traefik.http.routers.onlyoffice.middlewares=onlyoffice" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost/hosting/discovery"] - - tika: - image: ${TIKA_IMAGE:-apache/tika:latest-full} - networks: - ocis-net: - restart: always - - companion: - image: ${COMPANION_IMAGE:-transloadit/companion:4.5.1} - networks: - ocis-net: - environment: - NODE_ENV: production - NODE_TLS_REJECT_UNAUTHORIZED: 0 - COMPANION_DATADIR: /tmp/companion/ - COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} - COMPANION_PROTOCOL: https - COMPANION_UPLOAD_URLS: "^https://${OCIS_DOMAIN:-ocis.owncloud.test}/" - COMPANION_ONEDRIVE_KEY: "${COMPANION_ONEDRIVE_KEY}" - COMPANION_ONEDRIVE_SECRET: "${COMPANION_ONEDRIVE_SECRET}" - volumes: - - companion-data:/tmp/companion/ - labels: - - "traefik.enable=true" - - "traefik.http.routers.companion.entrypoints=https" - - "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.owncloud.test}`)" - - "traefik.http.routers.companion.tls.certresolver=http" - - "traefik.http.routers.companion.service=companion" - - "traefik.http.services.companion.loadbalancer.server.port=3020" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - - inbucket: - image: inbucket/inbucket - networks: - ocis-net: - entrypoint: - - /bin/sh - command: [ "-c", "apk add openssl; openssl req -subj '/CN=inbucket.test' -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/server.key -out /tmp/server.crt; /start-inbucket.sh" ] - environment: - INBUCKET_SMTP_TLSENABLED: "true" - INBUCKET_SMTP_TLSPRIVKEY: /tmp/server.key - INBUCKET_SMTP_TLSCERT: /tmp/server.crt - INBUCKET_STORAGE_MAILBOXMSGCAP: 1000 - labels: - - "traefik.enable=true" - - "traefik.http.routers.inbucket.entrypoints=https" - - "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.owncloud.test}`)" - - "traefik.http.routers.inbucket.tls.certresolver=http" - - "traefik.http.routers.inbucket.service=inbucket" - - "traefik.http.services.inbucket.loadbalancer.server.port=9000" - logging: - driver: ${LOG_DRIVER:-local} - restart: always - -volumes: - certs: - ocis-config: - ocis-data: - wopi-recovery: - companion-data: - -networks: - ocis-net: diff --git a/docs/ocis/deployment/_index.md b/docs/ocis/deployment/_index.md index 7da501f392b..0ddd1a10e9f 100644 --- a/docs/ocis/deployment/_index.md +++ b/docs/ocis/deployment/_index.md @@ -17,11 +17,9 @@ This section handles deployments and operations for admins and people who are in oCIS deployments are super simple, yet there are many configurations possible for advanced setups. - [Basic oCIS setup]({{< ref "basic-remote-setup" >}}) - configure domain, certificates and port -- [oCIS setup with Traefik for SSL termination]({{< ref "ocis_traefik" >}}) - [oCIS setup with Keycloak as identity provider]({{< ref "ocis_keycloak" >}}) -- [oCIS setup with WOPI server to open office documents in your browser]({{< ref "ocis_wopi" >}}) +- [Flexible oCIS setup with WebOffice and Search capabilities]({{< ref "ocis_full" >}}) - [Parallel deployment of oC10 and oCIS]({{< ref "oc10_ocis_parallel" >}}) -- [oCIS with S3 storage backend (MinIO)]({{< ref "ocis_s3" >}}) - [oCIS with the Hello extension example]({{< ref "ocis_hello" >}}) diff --git a/docs/ocis/deployment/ocis_clamav.md b/docs/ocis/deployment/ocis_clamav.md deleted file mode 100644 index bb74c9e0cc6..00000000000 --- a/docs/ocis/deployment/ocis_clamav.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: "oCIS with clamav" -date: 2024-05-21T14:04:00+01:00 -weight: 101 -geekdocRepo: https://github.com/owncloud/ocis -geekdocEditPath: edit/master/docs/ocis/deployment -geekdocFilePath: ocis_clamav.md ---- - -{{< toc >}} - -## Overview - -- oCIS with standard clamav setup - -[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_clamav) - -The docker stack contains the following services: - -oCIS itself, without any proxy in front of it, keep in mind, -the example is for demonstration purposes only and should not be used in production. - -A pre-configured clamav container to virus scan files uploaded to oCIS. - -## Server Deployment - -The provided docker compose file is for local demonstration purposes only. -It is not recommended to use this setup in production. - -## Local setup - -`docker-compose up -d` - -once all containers are up and running, you can access the oCIS instance at `https://localhost:9200`, -clamav could take some time to start up, so please be patient. diff --git a/docs/ocis/deployment/ocis_full.md b/docs/ocis/deployment/ocis_full.md new file mode 100644 index 00000000000..0ddce1c35f8 --- /dev/null +++ b/docs/ocis/deployment/ocis_full.md @@ -0,0 +1,390 @@ +--- +title: "Full modular oCIS with WebOffice" +date: 2024-06-25T00:00:00+01:00 +weight: 24 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/ocis/deployment +geekdocFilePath: ocis_full.md +--- + +{{< toc >}} + +## Overview + +* oCIS, the collaboration service, Collabora or OnlyOffice running behind Traefik as reverse proxy +* Collabora or OnlyOffice enable you to edit office documents in your browser +* The collaboration server acts as a bridge to make the oCIS storage accessible to Collabora and OnlyOffice +* Traefik generating self-signed certificates for local setup or obtaining valid SSL certificates for a server setup +* The whole deployment acts as a modular toolkit to use different flavors of office suites and ocis features + +[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_full) + +## Easy Default + +The Infinite Scale Team and product management are providing a default setup for oCIS. + +### Goal: + - provide a good starting point for a production deployment + - minimal effort to get started with an opinionated setup + - keep it adjustable it to your needs. + +### Default components + +- Infinite Scale +- Full Text Search +- Collabora Online Web Office +- LetsEncrypt for SSL certificates via Traefik Reverse Proxy + +### Optional components + +- ClamAV Virusscanner +- Cloud Importer (Experimental) +- OnlyOffice as an alternative to Collabora +- S3 Storage config to connect to an S3 storage backend +- S3 Minio Server as a local S3 storage backend for debugging and development + +## Server Deployment + +### Requirements + +* Linux server with docker and docker-compose installed +* Three domains set up and pointing to your server + * ocis.* for serving oCIS + * collabora.* for serving Collabora + * onlyoffice.* for serving OnlyOffice + * wopiserver.* for serving the WOPI server + * traefik.* for serving the Traefik dashboard + * companion.* for serving the uppy companion app + +See also [example server setup]({{< ref "preparing_server" >}}) + +### Install oCIS and Traefik + +* Clone oCIS repository + + `git clone https://github.com/owncloud/ocis.git --depth 1` + +* Go to the deployment example + + `cd ocis/deployments/examples/ocis_full` + +* Open the `.env` file in a text editor. + + The file by default looks like this: + + ```shell {linenos=table,hl_lines=[7,21,42,44,120,123]} + # Define the docker compose log driver used. + # Defaults to local + LOG_DRIVER= + # If you're on an internet facing server. comment out following line. + # It skips certificate validation for various parts of Infinite Scale and is + # needed when self signed certificates are used. + INSECURE=true + + ### Traefik Settings ### + # Serve Traefik dashboard. + # Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. + # Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the traefik dashboard. + # Defaults to user "admin" and password "admin" (written as: "admin:admin"). + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates. + # Needs only be changed if this is a public facing server. + TRAEFIK_ACME_MAIL= + # Set to the following for testing to check the certificate process: + # "https://acme-staging-v02.api.letsencrypt.org/directory" + # With staging configured, there will be an SSL error in the browser. + # When certificates are displayed and are emitted by # "Fake LE Intermediate X1", + # the process went well and the envvar can be reset to empty to get valid certificates. + TRAEFIK_ACME_CASERVER= + + + ### Infinite Scale Settings ### + # Beside Traefik, this service must stay enabled. + # Disable only for testing purposes. + OCIS=:ocis.yml + # The oCIS container image. + # Defaults to "owncloud/ocis" which contains the production releases. + OCIS_DOCKER_IMAGE= + # The oCIS container version. + # Defaults to "latest". This will point to the latest stable tag. + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. + # Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # oCIS admin user password. Defaults to "admin". + ADMIN_PASSWORD= + # Demo users should not be created on a production instance, + # because their passwords are public. Defaults to "false". + # Also see: https://doc.owncloud.com/ocis/latest/deployment/general/general-info.html#demo-users-and-groups + DEMO_USERS= + # Define the loglevel used. + # For more details see: + # https://doc.owncloud.com/ocis/latest/deployment/services/env-vars-special-scope.html + LOG_LEVEL= + # Define the kind of logging. + # The default log can be read by machines. + # Set this to true to make the log human readable + # LOG_PRETTY=true + + # S3 Storage configuration + # + # - optional + # + # Infinite Scale supports S3 storage as primary storage. + # Per default, S3 storage is disabled and we use the local filesystem. + # To enable S3 storage, uncomment the following lines and configure the S3 storage. + # The leading colon is required to enable the service. + # S3NG=:s3ng.yml + # Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes. + S3NG_ENDPOINT= + # S3 region. Defaults to "default". + S3NG_REGION= + # S3 access key. Defaults to "ocis" + S3NG_ACCESS_KEY= + # S3 secret. Defaults to "ocis-secret-key" + S3NG_SECRET_KEY= + # S3 bucket. Defaults to "ocis" + S3NG_BUCKET= + # Add local minio S3 storage to the docker-compose file. + # This is needed for testing purposes. + # The leading colon is required to enable the service. + # S3NG_MINIO=:minio.yml + # Minio domain. Defaults to "minio.owncloud.test". + MINIO_DOMAIN= + + # Define SMPT settings if you would like to send Infinite Scale email notifications. + # For more details see: + # https://doc.owncloud.com/ocis/latest/deployment/services/s-list/notifications.html + # NOTE: this doesn't work if you are using inbucket. + # SMTP host to connect to. + SMTP_HOST= + # Port of the SMTP host to connect to. + SMTP_PORT= + # An eMail address that is used for sending Infinite Scale notification eMails + # like "ocis notifications ". + SMTP_SENDER= + # Username for the SMTP host to connect to. + SMTP_USERNAME= + # Password for the SMTP host to connect to. + SMTP_PASSWORD= + # Authentication method for the SMTP communication. + SMTP_AUTHENTICATION= + # Allow insecure connections to the SMTP server. Defaults to false. + SMTP_INSECURE= + + ## Default Enabled Services ## + + ### Apache Tika Content Analysis Toolkit ### + # Tika (search) is enabled by default, comment if not required. + # The leading colon is required to enable the service. + TIKA=:tika.yml + # Set the desired docker image tag or digest. + # Defaults to "latest" + TIKA_IMAGE= + + ### Collabora Settings ### + # Collabora web office is default enabled, comment if not required. + # The leading colon is required to enable the service. + COLLABORA=:collabora.yml + # Domain of Collabora, where you can find the frontend. + # Defaults to "collabora.owncloud.test" + COLLABORA_DOMAIN= + # Domain of the wopiserver which handles OnlyOffice. + # Defaults to "wopiserver.owncloud.test" + WOPISERVER_DOMAIN= + # Admin user for Collabora. + # Defaults to "admin". + # Collabora Admin Panel URL: + # https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html + COLLABORA_ADMIN_USER= + # Admin password for Collabora. + # Defaults to "admin". + COLLABORA_ADMIN_PASSWORD= + ... + ``` + #### Reverse Proxy and SSL + + {{< hint type=important >}} + **Domains and SSL**\ + Though it may sound strange, most of the setups are failing due to a misconfiguration regarding domains and SSL. Please make sure that you have set up the domains correctly and that they are pointing to your server. Also, make sure that you have set up the email address for the LetsEncrypt certificates in `TRAEFIK_ACME_MAIL=`. + {{< /hint >}} + + You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. + + Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. + + #### Infinite Scale Release and Version + By default oCIS will be started in the `latest` production version. + You can change it to use the oCIS rolling releases by setting `OCIS_DOCKER_IMAGE=owncloud/ocis-rolling`. This will always use the latest rolling release. + + If you want to use a specific version of oCIS, set the version to a dedicated tag like `OCIS_DOCKER_TAG=5.0.1`. Available production versions can be found on [Docker Hub Production](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated) and available rolling releases can be found on [Docker Hub Rolling](https://hub.docker.com/r/owncloud/ocis-rolling/tags?page=1&ordering=last_updated) + + {{< hint type=info title="oCIS Releases" >}} + You can read more about the different oCIS releases in the [oCIS Release Lifecycle](../release_roadmap.md). + {{< /hint >}} + + Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. + + Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. + + Web Office needs a public domain for the WOPI server to be set in `WOPISERVER_DOMAIN=`, where the office suite can work on the files via the WOPI protocol. + + Now it's time to set up Collabora and you need to configure the domain of Collabora in `COLLABORA_DOMAIN=`. + + If you want to use the Collabora admin panel you need to set the username and password for the administrator in `COLLABORA_ADMIN_USER=` and `COLLABORA_ADMIN_PASSWORD=`. + +* Start the docker stack + + `docker-compose up -d` + +* You now can visit oCIS and are able to open an office document in your browser. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. + +## Local setup + +This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self-signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. + +On Linux and macOS you can add them to your `/etc/hosts` file and on Windows to `C:\Windows\System32\Drivers\etc\hosts` file like this: + +``` +127.0.0.1 ocis.owncloud.test +127.0.0.1 traefik.owncloud.test +127.0.0.1 collabora.owncloud.test +127.0.0.1 onlyoffice.owncloud.test +127.0.0.1 wopiserver.owncloud.test +127.0.0.1 mail.owncloud.test +127.0.0.1 companion.owncloud.test +127.0.0.1 minio.owncloud.test +``` + +After that, you're ready to start the application stack: + +`docker-compose pull && docker-compose up -d` + +Open https://collabora.owncloud.test in your browser and accept the invalid certificate warning. + +Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You are now able to open an office document in your browser. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. + +## Additional services + +### Clamav Virusscanner + +You can add a Clamav Virusscanner to the stack. The service is disabled by default. To enable it, uncomment the `CLAMAV` line in the `.env` file. + +```shell {linenos=table,hl_lines=[3]} +## Clamav Settings ## +# The leading colon is required to enable the service. +CLAMAV=:clamav.yml +``` + +After enabling that service, you can add the service to the stack with `docker-compose up -d` again. + +### Traefik dashboard + +If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` e.g. `TRAEFIK_DOMAIN=traefik.owncloud.test`. + +The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (e.g. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). + +```shell {linenos=table,hl_lines=[4,7,10]} +### Traefik Settings ### +# Serve Traefik dashboard. +# Defaults to "false". +TRAEFIK_DASHBOARD=true +# Domain of Traefik, where you can find the dashboard. +# Defaults to "traefik.owncloud.test" +TRAEFIK_DOMAIN= +# Basic authentication for the traefik dashboard. +# Defaults to user "admin" and password "admin" (written as: "admin:admin"). +TRAEFIK_BASIC_AUTH_USERS= +``` +### Cloud Importer + +Cloud importer can provide an Upload Interface to your oCIS instance. It is a separate service that can be enabled in the `.env` file. + +```shell {linenos=table,hl_lines=[3]} +## Uppy Companion Settings ## +# The leading colon is required to enable the service. +CLOUD_IMPORTER=:cloudimporter.yml +## The docker image to be used for uppy companion. +# owncloud has built a container with public link import support. +COMPANION_IMAGE= +# Domain of Uppy Companion. Defaults to "companion.owncloud.test". +COMPANION_DOMAIN= +# Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference. +# Empty by default, which disables providers. +COMPANION_ONEDRIVE_KEY= +COMPANION_ONEDRIVE_SECRET= +``` + +After Enabling that servive by uncommenting the `CLOUD_IMPORTER` line, you can add the service to the stack with `docker-compose up -d` again. + +### S3 Storage + +You can use an S3 compatible Storage as the primary data store. The metadatata of the files will still be stored on the local filesystem. + +{{}} +The endpoint, region and keys for your S3 Server need to be provided by the service or company who operates it. Normally you can get these via web portal. +{{}} + +```shell {linenos=table,hl_lines=[9,11,13,15,17,19]} +# S3 Storage configuration +# +# - optional +# +# Infinite Scale supports S3 storage as primary storage. +# Per default, S3 storage is disabled and we use the local filesystem. +# To enable S3 storage, uncomment the following lines and configure the S3 storage. +# The leading colon is required to enable the service. +S3NG=:s3ng.yml +# Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes. +S3NG_ENDPOINT= +# S3 region. Defaults to "default". +S3NG_REGION= +# S3 access key. Defaults to "ocis" +S3NG_ACCESS_KEY= +# S3 secret. Defaults to "ocis-secret-key" +S3NG_SECRET_KEY= +# S3 bucket. Defaults to "ocis" +S3NG_BUCKET= +``` + +#### Use a local minio S3 storage backend + +For testing purposes, you can use a local minio S3 storage backend. To enable it, uncomment the `S3NG_MINIO` line in the `.env` file. + +The frontend for the minio server is available at `http://minio.owncloud.test` and the access key is `ocis` and the secret key is `ocis-secret`. + +## Local setup for web development + +In case you want to run ownCloud Web from a development branch together with this deployment example (e.g. for feature development for the app provider frontend) you can use this deployment example with the local setup and some additional steps as described below. + +1. Clone the [ownCloud Web repository](https://github.com/owncloud/web) on your development machine. +2. Run `pnpm i && pnpm build:w` for `web`, so that it creates and continuously updates the `dist` folder for web. +3. Add the dist folder as read only volume to `volumes` section of the `ocis` service in the `docker-compose.yml` file: + ```yaml + - /your/local/path/to/web/dist/:/web/dist:ro + ``` + Make sure to point to the `dist` folder inside your local copy of the web repository. +4. Set the oCIS environment variables `WEB_ASSET_CORE_PATH` and `WEB_ASSET_APPS_PATH` in the `environment` section of the `ocis` service, so that it uses your mounted dist folder for the web assets, instead of the assets that are embedded into oCIS. + ```yaml + WEB_ASSET_CORE_PATH: "/web/dist" + WEB_ASSET_APPS_PATH: "/web/dist" + ``` +5. Start the deployment example as described above in the `Local setup` section. + +For app provider frontend development in `web` you can find the source code in `web/packages/web-app-external`. Some parts of the integration live in `web/packages/web-app-files`. + +## Using Podman + +Podman doesn't have a "local" log driver. Also it's docker-compatibility socket does live in a different location, especially when running a rootless podman. + +Using the following settings you can run the deployment with a recent podman version: + +```bash +LOG_DRIVER=journald \ +DOCKER_SOCKET_PATH=/run/user/1000/podman/podman.sock \ +podman compose start +``` diff --git a/docs/ocis/deployment/ocis_hello.md b/docs/ocis/deployment/ocis_hello.md index 16f8bd782ff..84f0d8434af 100644 --- a/docs/ocis/deployment/ocis_hello.md +++ b/docs/ocis/deployment/ocis_hello.md @@ -19,8 +19,6 @@ geekdocFilePath: ocis_hello.md The docker stack consists of 3 containers. One of them is Traefik, a proxy which is terminating SSL and forwards the requests to oCIS in the internal docker network. -The next container is oCIS itself in a configuration like the [oCIS with Traefik example]({{< ref "ocis_traefik" >}}), except that for this example a custom proxy and web UI configuration is used to enable the oCIS Hello extension. - The oCIS Hello extension is running in another container and enables you to use its functionality from within ownCloud Web. ## Server Deployment diff --git a/docs/ocis/deployment/ocis_s3.md b/docs/ocis/deployment/ocis_s3.md deleted file mode 100644 index 77abee61c4c..00000000000 --- a/docs/ocis/deployment/ocis_s3.md +++ /dev/null @@ -1,136 +0,0 @@ ---- -title: "oCIS with S3 storage backend (MinIO)" -date: 2020-10-12T14:04:00+01:00 -weight: 24 -geekdocRepo: https://github.com/owncloud/ocis -geekdocEditPath: edit/master/docs/ocis/deployment -geekdocFilePath: ocis_s3.md ---- - -{{< toc >}} - -## Overview - -* oCIS running behind Traefik as reverse proxy -* MinIO as S3 compatible storage provider -* oCIS is configured to use S3 as user storage provider -* Traefik generating self-signed certificates for local setup or obtaining valid SSL certificates for a server setup - -[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_s3) - -The docker stack consists 3 containers. One of them is Traefik, a proxy which is terminating SSL and forwards the requests to oCIS in the internal docker network. - -The next container is oCIS itself in a configuration like the [oCIS with Traefik example]({{< ref "ocis_traefik" >}}), except that it will use S3 as user storage. - -The last container is MinIO, providing a S3 compatible API, where oCIS will store its data. - -## Server Deployment - -### Requirements - -* Linux server with docker and docker-compose installed -* Three domains set up and pointing to your server - - ocis.* for serving oCIS - - minio.* for accessing the MinIO S3 bucket in the browser - - traefik.* for serving the Traefik dashboard - -See also [example server setup]({{< ref "preparing_server" >}}) - - -### Install oCIS and Traefik - -* Clone oCIS repository - - `git clone https://github.com/owncloud/ocis.git` - -* Go to the deployment example - - `cd deployments/examples/ocis_s3` - -* Open the `.env` file in a text editor. - - The file by default looks like this: - - ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - # oCIS admin user password. Defaults to "admin". - ADMIN_PASSWORD= - # The demo users should not be created on a production instance - # because their passwords are public. Defaults to "false". - DEMO_USERS= - - ### MINIO / S3 settings ### - # Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". - MINIO_DOMAIN= - # S3 bucket name, where oCIS stores its data in. Defaults to "ocis-bucket". - MINIO_BUCKET= - # S3 bucket access key, which oCIS uses to authenticate. Defaults to "ocis". - MINIO_ACCESS_KEY= - # S3 bucket access key secret, which oCIS uses to authenticate. Defaults to "ocis-secret-key". - MINIO_SECRET_KEY= - ``` - - You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. - - If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` e.g. `TRAEFIK_DOMAIN=traefik.owncloud.test`. - - The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (e.g. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). - - Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. - - By default oCIS will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). - - Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. - - Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. - - Set your domain for the MinIO frontend in `MINIO_DOMAIN=`, e.g. `MINIO_DOMAIN=minio.owncloud.test`. If you are using other S3-compatible providers you need to configure the respective endpoint here. - - If you like you can change the default name of the S3 bucket by setting `MINIO_BUCKET=` to a different value. - - You also must override the S3 bucket credentials in `MINIO_ACCESS_KEY` and `MINIO_SECRET_KEY` in order to secure your MinIO instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. - - Now you have configured everything and can save the file. - -* Start the docker stack - - `docker-compose up -d` - -* You now can visit oCIS and are able to use it just normally. If you log into the web UI of MinIO, you will see blobs of files you uploaded. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. - -## Local setup -For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}}) - -This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self-signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. - -On Linux and macOS you can add them to your `/etc/hosts` file and on Windows to `C:\Windows\System32\Drivers\etc\hosts` file like this: - -``` -127.0.0.1 ocis.owncloud.test -127.0.0.1 traefik.owncloud.test -127.0.0.1 minio.owncloud.test -``` - -After that you're ready to start the application stack: - -`docker-compose up -d` - - Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can use oCIS normally and should now upload a file. Open https://minio.owncloud.test in your browser and accept the invalid certificate warning, after that you will see blobs of files you have uploaded to oCIS. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. diff --git a/docs/ocis/deployment/ocis_traefik.md b/docs/ocis/deployment/ocis_traefik.md deleted file mode 100644 index 3463d4154b3..00000000000 --- a/docs/ocis/deployment/ocis_traefik.md +++ /dev/null @@ -1,122 +0,0 @@ ---- -title: "oCIS with Traefik" -date: 2020-10-12T14:04:00+01:00 -weight: 24 -geekdocRepo: https://github.com/owncloud/ocis -geekdocEditPath: edit/master/docs/ocis/deployment -geekdocFilePath: ocis_traefik.md ---- - -{{< toc >}} - -## Overview - -* oCIS running behind Traefik as reverse proxy -* Traefik generating self-signed certificates for local setup or obtaining valid SSL certificates for a server setup - -[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_traefik) - -The docker stack consists of three containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network. - -The other one is oCIS itself running all extensions in one container. In this example, oCIS uses its internal IDP [LibreGraph Connect]({{< ref "../../services/idp" >}}) and the [oCIS storage driver]({{< ref "../storage/storagedrivers" >}}) - -The last one is [Inbucket](https://inbucket.org) a mail service to view the notification mails oCIS generates. - -## Server Deployment - -### Requirements - -* Linux server with docker and docker-compose installed -* Three domains set up and pointing to your server - - ocis.* for serving oCIS - - traefik.* for serving the Traefik dashboard - - mail.* for serving the Inbucket mail service - -See also [example server setup]({{< ref "preparing_server" >}}) - - -### Install oCIS and Traefik - -* Clone oCIS repository - - `git clone https://github.com/owncloud/ocis.git` - -* Go to the deployment example - - `cd ocis/deployments/examples/ocis_traefik` - -* Open the `.env` file in a text editor. - - The file by default looks like this: - - ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - # oCIS admin user password. Defaults to "admin". - ADMIN_PASSWORD= - # The demo users should not be created on a production instance - # because their passwords are public. Defaults to "false". - DEMO_USERS= - - ### Email / Inbucket settings ### - # Inbucket / Mail domain. Defaults to "mail.owncloud.test" - INBUCKET_DOMAIN= - ``` - - You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. - - If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` e.g. `TRAEFIK_DOMAIN=traefik.owncloud.test`. - - The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (e.g. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). - - Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. - - By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). - - Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. - - Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. - - Now you have configured everything and can save the file. - -* Start the docker stack - - `docker-compose up -d` - -* You now can visit oCIS, Traefik dashboard and Inbucket on your configured domains. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. - -## Local setup -For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}}) - -This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self-signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. - -On Linux and macOS you can add them to your `/etc/hosts` file and on Windows to `C:\Windows\System32\Drivers\etc\hosts` file like this: - -``` -127.0.0.1 ocis.owncloud.test -127.0.0.1 traefik.owncloud.test -127.0.0.1 mail.owncloud.test -``` - -After that you're ready to start the application stack: - -`docker-compose up -d` - -Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the default users, which also can be found here: [Getting started]({{< ref "../getting-started#login-to-ocis-web" >}}). You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. diff --git a/docs/ocis/deployment/ocis_wopi.md b/docs/ocis/deployment/ocis_wopi.md deleted file mode 100644 index c70b2ad677e..00000000000 --- a/docs/ocis/deployment/ocis_wopi.md +++ /dev/null @@ -1,221 +0,0 @@ ---- -title: "oCIS with WOPI server" -date: 2020-10-12T14:04:00+01:00 -weight: 24 -geekdocRepo: https://github.com/owncloud/ocis -geekdocEditPath: edit/master/docs/ocis/deployment -geekdocFilePath: ocis_wopi.md ---- - -{{< toc >}} - -## Overview - -* oCIS, Wopi server, Collabora and OnlyOffice running behind Traefik as reverse proxy -* Collabora and OnlyOffice enable you to edit documents in your browser -* Wopi server acts as a bridge to make the oCIS storage accessible to Collabora and OnlyOffice -* Traefik generating self-signed certificates for local setup or obtaining valid SSL certificates for a server setup - -[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_wopi) - -The docker stack consists of 10 containers. One of them is Traefik, a proxy which is terminating SSL and forwards the requests to oCIS in the internal docker network. - -The next container is oCIS itself in a configuration like the [oCIS with Traefik example]({{< ref "ocis_traefik" >}}), except that for this example a custom mimetype configuration is used. - -There are three oCIS app driver containers that register Collabora and OnlyOffice at the app registry. - -The last four containers are the WOPI server, Collabora and OnlyOffice. - -## Overview Image - -{{< figure src="/ocis/deployment/ocis_and_wopi_drawio.svg" >}} - -## Server Deployment - -### Requirements - -* Linux server with docker and docker-compose installed -* Three domains set up and pointing to your server - * ocis.* for serving oCIS - * collabora.* for serving Collabora - * onlyoffice.* for serving OnlyOffice - * wopiserver.* for serving the WOPI server - * traefik.* for serving the Traefik dashboard - * companion.* for serving the uppy companion app - -See also [example server setup]({{< ref "preparing_server" >}}) - -### Install oCIS and Traefik - -* Clone oCIS repository - - `git clone https://github.com/owncloud/ocis.git` - -* Go to the deployment example - - `cd ocis/deployments/examples/ocis_wopi` - -* Open the `.env` file in a text editor. - - The file by default looks like this: - - ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" (written as: "admin:admin"). - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - # oCIS admin user password. Defaults to "admin". - ADMIN_PASSWORD= - # The demo users should not be created on a production instance - # because their passwords are public. Defaults to "false". - DEMO_USERS= - # Log level for oCIS. Defaults to "info". - OCIS_LOG_LEVEL= - - ### Wopi server settings ### - # cs3org wopi server version. Defaults to "v8.3.3" - WOPISERVER_DOCKER_TAG= - # cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" - WOPISERVER_DOMAIN= - # JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567" - WOPI_JWT_SECRET= - - ### Collabora settings ### - # Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test" - COLLABORA_DOMAIN= - # Admin user for Collabora. Defaults to blank, provide one to enable access. Collabora Admin Panel URL: https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html - COLLABORA_ADMIN_USER= - # Admin password for Collabora. Defaults to blank, provide one to enable access - COLLABORA_ADMIN_PASSWORD= - - ### OnlyOffice settings ### - # Domain of OnlyOffice, where you can find the frontend. Defaults to "onlyoffice.owncloud.test" - ONLYOFFICE_DOMAIN= - - ### Email / Inbucket settings ### - # Inbucket / Mail domain. Defaults to "mail.owncloud.test" - INBUCKET_DOMAIN= - - ### Apache Tika Content analysis toolkit ### - # Set the desired docker image tag or digest, defaults to "latest" - TIKA_IMAGE= - - # If you want to use debugging and tracing with this stack, - # you need uncomment following line. Please see documentation at - # https://owncloud.dev/ocis/deployment/monitoring-tracing/ - #COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - - ### Uppy Companion settings ### - # Domain of Uppy Companion. Defaults to "companion.owncloud.test" - COMPANION_IMAGE= - COMPANION_DOMAIN= - # Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference. Empty by default, which disables providers. - COMPANION_ONEDRIVE_KEY= - COMPANION_ONEDRIVE_SECRET= - ``` - - You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. - - If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` e.g. `TRAEFIK_DOMAIN=traefik.owncloud.test`. - - The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (e.g. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). - - Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. - - By default oCIS will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). - - Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. - - Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. - - By default the CS3Org WOPI server will also be started in the `latest` version. If you want to start a specific version of it, you can set the version to `WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/cs3org/wopiserver/tags?page=1&ordering=last_updated). - - Set your domain for the CS3Org WOPI server in `WOPISERVER_DOMAIN=`, where all office suites can download the files via the WOPI protocol. - - You also must override the default WOPI JWT secret in order to have a secure setup. Do this by setting `WOPI_JWT_SECRET` to a long and random string. - - Now it's time to set up Collabora and you need to configure the domain of Collabora in `COLLABORA_DOMAIN=`. - - If you want to use the Collabora admin panel you need to set the username and password for the administrator in `COLLABORA_ADMIN_USER=` and `COLLABORA_ADMIN_PASSWORD=`. - - Next up is OnlyOffice, which also needs a domain in `ONLYOFFICE_DOMAIN=`. - - Now you have configured everything and can save the file. - -* Start the docker stack - - `docker-compose up -d` - -* You now can visit oCIS and are able to open an office document in your browser. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. - -## Local setup -For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}}) - -This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self-signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. - -On Linux and macOS you can add them to your `/etc/hosts` file and on Windows to `C:\Windows\System32\Drivers\etc\hosts` file like this: - -``` -127.0.0.1 ocis.owncloud.test -127.0.0.1 traefik.owncloud.test -127.0.0.1 collabora.owncloud.test -127.0.0.1 onlyoffice.owncloud.test -127.0.0.1 wopiserver.owncloud.test -127.0.0.1 mail.owncloud.test -127.0.0.1 companion.owncloud.test -``` - -After that you're ready to start the application stack: - -`docker-compose up -d` - -Open https://collabora.owncloud.test, https://onlyoffice.owncloud.test and https://wopiserver.owncloud.test in your browser and accept the invalid certificate warning. - -Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You are now able to open an office document in your browser. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. - -## Local setup for web development - -In case you want to run ownCloud Web from a development branch together with this deployment example (e.g. for feature development for the app provider frontend) you can use this deployment example with the local setup and some additional steps as described below. - -1. Clone the [ownCloud Web repository](https://github.com/owncloud/web) on your development machine. -2. Run `pnpm i && pnpm build:w` for `web`, so that it creates and continuously updates the `dist` folder for web. -3. Add the dist folder as read only volume to `volumes` section of the `ocis` service in the `docker-compose.yml` file: - ```yaml - - /your/local/path/to/web/dist/:/web/dist:ro - ``` - Make sure to point to the `dist` folder inside your local copy of the web repository. -4. Set the oCIS environment variables `WEB_ASSET_CORE_PATH` and `WEB_ASSET_APPS_PATH` in the `environment` section of the `ocis` service, so that it uses your mounted dist folder for the web assets, instead of the assets that are embedded into oCIS. - ```yaml - WEB_ASSET_CORE_PATH: "/web/dist" - WEB_ASSET_APPS_PATH: "/web/dist" - ``` -5. Start the deployment example as described above in the `Local setup` section. - -For app provider frontend development in `web` you can find the source code in `web/packages/web-app-external`. Some parts of the integration live in `web/packages/web-app-files`. - -## Using Podman - -Podman doesn't have a "local" log driver. Also it's docker-compatibility socket does live in a different location, especially when running a rootless podman. - -Using the following settings you can run the deployment with a recent podman version: - -```bash -LOG_DRIVER=journald \ -DOCKER_SOCKET_PATH=/run/user/1000/podman/podman.sock \ -podman compose start -``` diff --git a/docs/ocis/development/debugging.md b/docs/ocis/development/debugging.md index 3d9c25add3d..eb1f3ee3093 100644 --- a/docs/ocis/development/debugging.md +++ b/docs/ocis/development/debugging.md @@ -136,7 +136,7 @@ bin/ocis --log-level=$LOG_LEVEL proxy & ### Debugging the ocis in a docker container -Remote debugging is the debug mode commonly used to work with a debugger and target running on a remote machine or a container for example a wopi stack `deployments/examples/ocis_wopi/docker-compose.yml`. +Remote debugging is the debug mode commonly used to work with a debugger and target running on a remote machine or a container for example a wopi stack `deployments/examples/ocis_full/docker-compose.yml`. Below we describe the steps how to build the image, run the docker-compose and connect via remote debugger. 1. Build the image: ```bash @@ -147,11 +147,11 @@ make debug-docker ```bash export OCIS_DOCKER_TAG=debug ``` -3. Change the docker-compose `ocis` or `ocis-appprovider-collabora` or `ocis-appprovider-onlyoffice` depends on what do you want to debug: -For example `deployments/examples/ocis_wopi/docker-compose.yml` +3. Change the docker-compose `ocis` or `collaboration` depends on what do you want to debug: +For example `deployments/examples/ocis_full/ocis.yml` ```yaml ocis: - image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} networks: ocis-net: entrypoint: diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go index 74a9695b1c7..14c88214dc3 100644 --- a/ocis/pkg/init/init.go +++ b/ocis/pkg/init/init.go @@ -157,12 +157,16 @@ type Clientlog struct { } type WopiApp struct { - Insecure bool `yaml:"insecure"` - Secret string `yaml:"secret"` + Secret string `yaml:"secret"` +} + +type App struct { + Insecure bool `yaml:"insecure"` } type Collaboration struct { WopiApp WopiApp `yaml:"wopi"` + App App `yaml:"app"` } type Nats struct { @@ -445,7 +449,7 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin cfg.AuthBearer = AuthbearerService{ AuthProviders: AuthProviderSettings{Oidc: _insecureService}, } - cfg.Collaboration.WopiApp.Insecure = true + cfg.Collaboration.App.Insecure = true cfg.Frontend.AppHandler = _insecureService cfg.Frontend.Archiver = _insecureService cfg.Graph.Spaces = _insecureService diff --git a/services/app-registry/README.md b/services/app-registry/README.md index 03645512b01..80105e401c1 100644 --- a/services/app-registry/README.md +++ b/services/app-registry/README.md @@ -12,7 +12,7 @@ Administrators can set default applications for each MIME type and also allow th ### MIME Type Configuration -Modifing the MIME type config can only be achieved via a yaml configuration. Using environment variables is not possible. For an example, see the `ocis_wopi/config/ocis/app-registry.yaml` at [docker-compose example](https://github.com/owncloud/ocis/tree/master/deployments/examples). The following is a brief structure and a field description: +Modifing the MIME type config can only be achieved via a yaml configuration. Using environment variables is not possible. For an example, see the `ocis_full/config/ocis/app-registry.yaml` at [docker-compose example](https://github.com/owncloud/ocis/tree/master/deployments/examples). The following is a brief structure and a field description: **Structure** diff --git a/services/search/README.md b/services/search/README.md index fb735e91b8c..fb53a3c8f10 100644 --- a/services/search/README.md +++ b/services/search/README.md @@ -74,7 +74,7 @@ When extracting content, you can specify whether [stop words](https://en.wikiped When using the Tika container and docker-compose, consider the following: -* See the [ocis_wopi](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_wopi) example. +* See the [ocis_full](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_full) example. * Containers for the linked service are reachable at a hostname identical to the alias or the service name if no alias was specified. If using the `tika` extractor, make sure to also set `FRONTEND_FULL_TEXT_SEARCH_ENABLED` in the frontend service to `true`. This will tell the webclient that full-text search has been enabled.