Use embeddable ocdav go micro service (#3397)

* allow proxy to route to micro service Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * use go micre ocdav service instead of reva frontend Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add missing gateway default config Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update reva branch for testing Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add changelog Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add missing comands Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * bump reva version Signed-off-by: jkoberg <jkoberg@owncloud.com> * tidy Signed-off-by: jkoberg <jkoberg@owncloud.com> * bump reva again Signed-off-by: jkoberg <jkoberg@owncloud.com> * a blind mans config change Signed-off-by: jkoberg <jkoberg@owncloud.com> * add ocdav to must start extensions Signed-off-by: jkoberg <jkoberg@owncloud.com> * fail when neither backend nor service is set Signed-off-by: jkoberg <jkoberg@owncloud.com> Co-authored-by: jkoberg <jkoberg@owncloud.com>
2025-12-23 22:29:59 -05:00 · 2022-04-12 11:27:24 +02:00
parent a61d1ced9f
commit 0e88cb1bec
18 changed files with 310 additions and 69 deletions
--- a/.drone.star
+++ b/.drone.star
@@ -1696,7 +1696,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
            "OCIS_STORAGE_READ_ONLY": "false",
            # General oCIS config
            # OCIS_RUN_EXTENSIONS specifies to start all extensions except glauth, idp and accounts. These are replaced by external services
-            "OCIS_RUN_EXTENSIONS": "settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,nats",
+            "OCIS_RUN_EXTENSIONS": "settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,nats,ocdav",
            "OCIS_LOG_LEVEL": "error",
            "OCIS_URL": OCIS_URL,
            "PROXY_TLS": "true",
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -23,7 +23,7 @@
                "ACCOUNTS_DEMO_USERS_AND_GROUPS": "true",
                "IDM_CREATE_DEMO_USERS": "true"
                // OCIS_RUN_EXTENSIONS allows to start a subset of extensions even in the supervised mode
-                //"OCIS_RUN_EXTENSIONS": "settings,storage-metadata,glauth,graph,graph-explorer,idp,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,accounts,proxy",
+                //"OCIS_RUN_EXTENSIONS": "settings,storage-metadata,glauth,graph,graph-explorer,idp,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,accounts,proxy,ocdav",
            }
        }
    ]
--- a/changelog/unreleased/micro-ocdav.md
+++ b/changelog/unreleased/micro-ocdav.md
@@ -0,0 +1,5 @@
+Enhancement: Use embeddable ocdav go micro service
+
+We now use the reva `pgk/micro/ocdav` package that implements a go micro compatible version of the ocdav service.
+
+https://github.com/owncloud/ocis/pull/3397
--- a/changelog/unreleased/update-reva.md
+++ b/changelog/unreleased/update-reva.md
@@ -4,6 +4,7 @@ Updated reva to version 2.x.x. This update includes:

  * TODO

+https://github.com/owncloud/ocis/pull/3397
 https://github.com/owncloud/ocis/pull/3430
 https://github.com/owncloud/ocis/pull/3476
 https://github.com/owncloud/ocis/pull/3482
--- a/docs/extensions/idm/setup.md
+++ b/docs/extensions/idm/setup.md
@@ -50,7 +50,7 @@ export STORAGE_LDAP_USERATTRIBUTEFILTER='(&(objectclass=owncloud)({{attr}}={{val
 export STORAGE_LDAP_USERFINDFILTER='(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
 export STORAGE_LDAP_USERGROUPFILER='(&(objectclass=groupOfNames)(member={{query}}*))'
 export STORAGE_LDAP_GROUPFILTER='(&(objectclass=groupOfNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
-export OCIS_RUN_EXTENSIONS=settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,idp,nats,idm
+export OCIS_RUN_EXTENSIONS=settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,idp,nats,idm,ocdav
 export OCIS_INSECURE=true
 bin/ocis server
 ```
--- a/go.mod
+++ b/go.mod
@@ -15,14 +15,14 @@ require (
 	github.com/asim/go-micro/plugins/registry/mdns/v4 v4.0.0-20220118152736-9e0be6c85d75
 	github.com/asim/go-micro/plugins/registry/nats/v4 v4.0.0-20220118152736-9e0be6c85d75
 	github.com/asim/go-micro/plugins/server/grpc/v4 v4.0.0-20220118152736-9e0be6c85d75
-	github.com/asim/go-micro/plugins/server/http/v4 v4.0.0-20220118152736-9e0be6c85d75
+	github.com/asim/go-micro/plugins/server/http/v4 v4.0.0-20220317022205-c6d352c83291
 	github.com/asim/go-micro/plugins/wrapper/breaker/gobreaker/v4 v4.0.0-20220118152736-9e0be6c85d75
 	github.com/asim/go-micro/plugins/wrapper/monitoring/prometheus/v4 v4.0.0-20220118152736-9e0be6c85d75
 	github.com/asim/go-micro/plugins/wrapper/trace/opencensus/v4 v4.0.0-20220118152736-9e0be6c85d75
 	github.com/blevesearch/bleve/v2 v2.3.2
 	github.com/coreos/go-oidc/v3 v3.1.0
 	github.com/cs3org/go-cs3apis v0.0.0-20220328105952-297bef33e13f
-	github.com/cs3org/reva/v2 v2.0.0-20220411161034-134ed5a0801f
+	github.com/cs3org/reva/v2 v2.0.0-20220411200520-865ba723f25a
 	github.com/disintegration/imaging v1.6.2
 	github.com/glauth/glauth/v2 v2.0.0-20211021011345-ef3151c28733
 	github.com/go-chi/chi/v5 v5.0.7
--- a/go.sum
+++ b/go.sum
@@ -181,8 +181,8 @@ github.com/asim/go-micro/plugins/registry/nats/v4 v4.0.0-20220118152736-9e0be6c8
 github.com/asim/go-micro/plugins/registry/nats/v4 v4.0.0-20220118152736-9e0be6c85d75/go.mod h1:n4K0361IySJ/hmIfaIg8q2NDNAVDL9DUC6Bh7gS4ihg=
 github.com/asim/go-micro/plugins/server/grpc/v4 v4.0.0-20220118152736-9e0be6c85d75 h1:miPpSGbTA6L2hsHccRNxNSXpIYo6YtlTkoi+fvEHJbw=
 github.com/asim/go-micro/plugins/server/grpc/v4 v4.0.0-20220118152736-9e0be6c85d75/go.mod h1:uQACKU+/RcWKEMdX6/Ewd+TxCPLIsLPt9ym6++B1X68=
-github.com/asim/go-micro/plugins/server/http/v4 v4.0.0-20220118152736-9e0be6c85d75 h1:ULuhDMrHjkEkj0dxWS+ZM9MD/9ywFPM7kaoEs4OjhSc=
-github.com/asim/go-micro/plugins/server/http/v4 v4.0.0-20220118152736-9e0be6c85d75/go.mod h1:LEsuhy4ZF3UGT9VSOoj/ZP0MZt4brlgwJVG7/LAac+I=
+github.com/asim/go-micro/plugins/server/http/v4 v4.0.0-20220317022205-c6d352c83291 h1:l1l3pUleHu66DNRmaPwfgyXfVXT7UmyzNXD0uQp9SQE=
+github.com/asim/go-micro/plugins/server/http/v4 v4.0.0-20220317022205-c6d352c83291/go.mod h1:LEsuhy4ZF3UGT9VSOoj/ZP0MZt4brlgwJVG7/LAac+I=
 github.com/asim/go-micro/plugins/transport/grpc/v4 v4.0.0-20211019191242-9edc569e68bb h1:rCIGzR4YRddwaWM4pZkbxHIkhFbbuGZOqivnxyKNQz8=
 github.com/asim/go-micro/plugins/transport/grpc/v4 v4.0.0-20211019191242-9edc569e68bb/go.mod h1:dzSEAsAqQ4mRaYPJ07KcAt6rIjYUJ9w55UXvnyGx4VE=
 github.com/asim/go-micro/plugins/wrapper/breaker/gobreaker/v4 v4.0.0-20220118152736-9e0be6c85d75 h1:8wLNrBKfdRl6uryUFW6qlBZWNeIbPUYKYkwLG9bI58k=
@@ -335,8 +335,8 @@ github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3p
 github.com/crewjam/saml v0.4.6 h1:XCUFPkQSJLvzyl4cW9OvpWUbRf0gE7VUpU8ZnilbeM4=
 github.com/crewjam/saml v0.4.6/go.mod h1:ZBOXnNPFzB3CgOkRm7Nd6IVdkG+l/wF+0ZXLqD96t1A=
 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
-github.com/cs3org/reva/v2 v2.0.0-20220411161034-134ed5a0801f h1:SNQSbtvhsQ6KvdDJlW536pUMq8RzghQMDCkYYKEFn8c=
-github.com/cs3org/reva/v2 v2.0.0-20220411161034-134ed5a0801f/go.mod h1:rE2wCGoiGiUuQ3zj6aD7sZ+BhboLyNsNQ3z3auunWm4=
+github.com/cs3org/reva/v2 v2.0.0-20220411200520-865ba723f25a h1:/3filuu6As9ZMznQ3ddShjveqNr0NrjfZynQT3LyTmQ=
+github.com/cs3org/reva/v2 v2.0.0-20220411200520-865ba723f25a/go.mod h1:l1dhodFXCp88/Lc0VhzSeaLSQUTn2AdwwkTFtaLCJhk=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
 github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
--- a/ocis/pkg/command/ocdav.go
+++ b/ocis/pkg/command/ocdav.go
@@ -0,0 +1,28 @@
+package command
+
+import (
+	"github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis/pkg/register"
+	"github.com/owncloud/ocis/storage/pkg/command"
+	"github.com/urfave/cli/v2"
+)
+
+// OCDavCommand is the entrypoint for the ocdav command.
+func OCDavCommand(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:     "ocdav",
+		Usage:    "start ocdav",
+		Category: "extensions",
+		Before: func(ctx *cli.Context) error {
+			return ParseStorageCommon(ctx, cfg)
+		},
+		Action: func(c *cli.Context) error {
+			origCmd := command.OCDav(cfg.Storage)
+			return handleOriginalAction(c, origCmd)
+		},
+	}
+}
+
+func init() {
+	register.AddCommand(OCDavCommand)
+}
--- a/ocis/pkg/runtime/service/service.go
+++ b/ocis/pkg/runtime/service/service.go
@@ -108,6 +108,7 @@ func NewService(options ...Option) (*Service, error) {
 	s.ServicesRegistry["web"] = web.NewSutureService
 	s.ServicesRegistry["webdav"] = webdav.NewSutureService
 	s.ServicesRegistry["storage-frontend"] = storage.NewFrontend
+	s.ServicesRegistry["ocdav"] = storage.NewOCDav
 	s.ServicesRegistry["storage-gateway"] = storage.NewGateway
 	s.ServicesRegistry["storage-userprovider"] = storage.NewUserProvider
 	s.ServicesRegistry["storage-groupprovider"] = storage.NewGroupProvider
--- a/proxy/pkg/config/config.go
+++ b/proxy/pkg/config/config.go
@@ -43,12 +43,15 @@ type Policy struct {
 	Routes []Route `yaml:"routes"`
 }

-// Route define forwarding routes
+// Route defines forwarding routes
 type Route struct {
-	Type        RouteType `yaml:"type"`
-	Endpoint    string    `yaml:"endpoint"`
-	Backend     string    `yaml:"backend"`
-	ApacheVHost bool      `yaml:"apache-vhost"`
+	Type     RouteType `yaml:"type"`
+	Endpoint string    `yaml:"endpoint"`
+	// Backend is a static URL to forward the request to
+	Backend string `yaml:"backend"`
+	// Service name to look up in the registry
+	Service     string `yaml:"service"`
+	ApacheVHost bool   `yaml:"apache-vhost"`
 }

 // RouteType defines the type of a route
--- a/proxy/pkg/config/defaults/defaultconfig.go
+++ b/proxy/pkg/config/defaults/defaultconfig.go
@@ -96,30 +96,34 @@ func DefaultPolicies() []config.Policy {
 				},
 				{
 					Endpoint: "/remote.php/",
-					Backend:  "http://localhost:9140",
+					Service:  "ocdav",
 				},
 				{
 					Endpoint: "/dav/",
-					Backend:  "http://localhost:9140",
+					Service:  "ocdav",
 				},
 				{
 					Endpoint: "/webdav/",
-					Backend:  "http://localhost:9140",
+					Service:  "ocdav",
 				},
 				{
 					Endpoint: "/status.php",
-					Backend:  "http://localhost:9140",
+					Service:  "ocdav",
 				},
 				{
 					Endpoint: "/index.php/",
-					Backend:  "http://localhost:9140",
+					Service:  "ocdav",
+				},
+				{
+					Endpoint: "/apps/",
+					Service:  "ocdav",
 				},
 				{
 					Endpoint: "/data",
 					Backend:  "http://localhost:9140",
 				},
 				{
-					Endpoint: "/app/",
+					Endpoint: "/app/", // /app or /apps? ocdav only handles /apps
 					Backend:  "http://localhost:9140",
 				},
 				{
--- a/proxy/pkg/proxy/proxy.go
+++ b/proxy/pkg/proxy/proxy.go
@@ -12,10 +12,12 @@ import (
 	"time"

 	chimiddleware "github.com/go-chi/chi/v5/middleware"
+	"go-micro.dev/v4/selector"

 	"go.opentelemetry.io/otel/attribute"

 	"github.com/owncloud/ocis/ocis-pkg/log"
+	"github.com/owncloud/ocis/ocis-pkg/registry"
 	pkgtrace "github.com/owncloud/ocis/ocis-pkg/tracing"
 	"github.com/owncloud/ocis/proxy/pkg/config"
 	"github.com/owncloud/ocis/proxy/pkg/proxy/policy"
@@ -86,6 +88,10 @@ func NewMultiHostReverseProxy(opts ...Option) *MultiHostReverseProxy {
 	for _, pol := range options.Config.Policies {
 		for _, route := range pol.Routes {
 			rp.logger.Debug().Str("fwd: ", route.Endpoint)
+
+			if route.Backend == "" && route.Service == "" {
+				rp.logger.Fatal().Interface("route", route).Msg("neither Backend nor Service is set")
+			}
 			uri, err2 := url.Parse(route.Backend)
 			if err2 != nil {
 				rp.logger.
@@ -95,6 +101,7 @@ func NewMultiHostReverseProxy(opts ...Option) *MultiHostReverseProxy {
 					Msg("malformed url")
 			}

+			// here the backend is used as a uri
 			rp.AddHost(pol.Name, uri, route)
 		}
 	}
@@ -184,9 +191,31 @@ func (p *MultiHostReverseProxy) AddHost(policy string, target *url.URL, rt confi
 	if p.Directors[policy][routeType] == nil {
 		p.Directors[policy][routeType] = make(map[string]func(req *http.Request))
 	}
+
+	reg := registry.GetRegistry()
+	sel := selector.NewSelector(selector.Registry(reg))
+
 	p.Directors[policy][routeType][rt.Endpoint] = func(req *http.Request) {
-		req.URL.Scheme = target.Scheme
-		req.URL.Host = target.Host
+		if rt.Service != "" {
+			// select next node
+			next, err := sel.Select(rt.Service)
+			if err != nil {
+				fmt.Println(fmt.Errorf("could not select %s service from the registry: %v", rt.Service, err))
+				return // TODO error? fallback to target.Host & Scheme?
+			}
+			node, err := next()
+			if err != nil {
+				fmt.Println(fmt.Errorf("could not select next node for service %s: %v", rt.Service, err))
+				return // TODO error? fallback to target.Host & Scheme?
+			}
+			req.URL.Host = node.Address
+			req.URL.Scheme = node.Metadata["protocol"] // TODO check property exists?
+
+		} else {
+			req.URL.Host = target.Host
+			req.URL.Scheme = target.Scheme
+		}
+
 		// Apache deployments host addresses need to match on req.Host and req.URL.Host
 		// see https://stackoverflow.com/questions/34745654/golang-reverseproxy-with-apache2-sni-hostname-error
 		if rt.ApacheVHost {
--- a/storage/pkg/command/frontend.go
+++ b/storage/pkg/command/frontend.go
@@ -186,14 +186,6 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
 					"timeout":                86400,
 					"insecure":               true,
 				},
-				"ocdav": map[string]interface{}{
-					"prefix":           cfg.Reva.Frontend.OCDavPrefix,
-					"files_namespace":  cfg.Reva.OCDav.DavFilesNamespace,
-					"webdav_namespace": cfg.Reva.OCDav.WebdavNamespace,
-					"timeout":          86400,
-					"insecure":         cfg.Reva.Frontend.OCDavInsecure,
-					"public_url":       cfg.Reva.Frontend.PublicURL,
-				},
 				"ocs": map[string]interface{}{
 					"storage_registry_svc":      cfg.Reva.Gateway.Endpoint,
 					"share_prefix":              cfg.Reva.Frontend.OCSSharePrefix,
--- a/storage/pkg/command/ocdav.go
+++ b/storage/pkg/command/ocdav.go
@@ -0,0 +1,134 @@
+package command
+
+import (
+	"context"
+	"flag"
+
+	"github.com/cs3org/reva/v2/pkg/micro/ocdav"
+	"github.com/oklog/run"
+	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/storage/pkg/config"
+	"github.com/owncloud/ocis/storage/pkg/server/debug"
+	"github.com/owncloud/ocis/storage/pkg/tracing"
+	"github.com/thejerf/suture/v4"
+	"github.com/urfave/cli/v2"
+)
+
+// OCDav is the entrypoint for the ocdav command.
+// TODO move ocdav cmd to a separate service
+func OCDav(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:  "ocdav",
+		Usage: "start ocdav service",
+		Before: func(c *cli.Context) error {
+			if err := loadUserAgent(c, cfg); err != nil {
+				return err
+			}
+			return ParseConfig(c, cfg, "ocdav")
+		},
+		Action: func(c *cli.Context) error {
+			logger := NewLogger(cfg)
+
+			tracing.Configure(cfg, logger)
+
+			gr := run.Group{}
+			ctx, cancel := context.WithCancel(context.Background())
+			//metrics     = metrics.New()
+
+			defer cancel()
+
+			gr.Add(func() error {
+				s, err := ocdav.Service(
+					ocdav.Context(ctx),
+					ocdav.Logger(logger.Logger),
+					ocdav.Address(cfg.OCDav.Addr),
+					ocdav.FilesNamespace(cfg.OCDav.FilesNamespace),
+					ocdav.WebdavNamespace(cfg.OCDav.WebdavNamespace),
+					ocdav.SharesNamespace(cfg.OCDav.SharesNamespace),
+					ocdav.Timeout(cfg.OCDav.Timeout),
+					ocdav.Insecure(cfg.OCDav.Insecure),
+					ocdav.PublicURL(cfg.OCDav.PublicURL),
+					ocdav.Prefix(cfg.OCDav.Prefix),
+					ocdav.GatewaySvc(cfg.OCDav.GatewaySVC),
+					ocdav.JWTSecret(cfg.OCDav.JWTSecret),
+					// ocdav.FavoriteManager() // FIXME needs a proper persistence implementation
+					// ocdav.LockSystem(), // will default to the CS3 lock system
+					// ocdav.TLSConfig() // tls config for the http server
+				)
+				if err != nil {
+					return err
+				}
+
+				return s.Run()
+			}, func(err error) {
+				logger.Info().Err(err).Str("server", c.Command.Name).Msg("Shutting down server")
+				cancel()
+			})
+
+			{
+				server, err := debug.Server(
+					debug.Name(c.Command.Name+"-debug"),
+					debug.Addr(cfg.OCDav.DebugAddr),
+					debug.Logger(logger),
+					debug.Context(ctx),
+					debug.Config(cfg),
+				)
+
+				if err != nil {
+					logger.Info().
+						Err(err).
+						Str("server", "debug").
+						Msg("Failed to initialize server")
+
+					return err
+				}
+
+				gr.Add(server.ListenAndServe, func(_ error) {
+					cancel()
+				})
+			}
+
+			if !cfg.Reva.Frontend.Supervised {
+				sync.Trap(&gr, cancel)
+			}
+
+			return gr.Run()
+		},
+	}
+}
+
+// OCDavSutureService allows for the ocdav command to be embedded and supervised by a suture supervisor tree.
+type OCDavSutureService struct {
+	cfg *config.Config
+}
+
+// NewOCDav creates a new ocdav.OCDavSutureService
+func NewOCDav(cfg *ociscfg.Config) suture.Service {
+	cfg.Storage.Commons = cfg.Commons
+	return OCDavSutureService{
+		cfg: cfg.Storage,
+	}
+}
+
+func (s OCDavSutureService) Serve(ctx context.Context) error {
+	s.cfg.Reva.Frontend.Context = ctx
+	f := &flag.FlagSet{}
+	cmdFlags := OCDav(s.cfg).Flags
+	for k := range cmdFlags {
+		if err := cmdFlags[k].Apply(f); err != nil {
+			return err
+		}
+	}
+	cliCtx := cli.NewContext(nil, f, nil)
+	if OCDav(s.cfg).Before != nil {
+		if err := OCDav(s.cfg).Before(cliCtx); err != nil {
+			return err
+		}
+	}
+	if err := OCDav(s.cfg).Action(cliCtx); err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/storage/pkg/command/users.go
+++ b/storage/pkg/command/users.go
@@ -19,7 +19,7 @@ import (
 	"github.com/urfave/cli/v2"
 )

-// Users is the entrypoint for the sharing command.
+// Users is the entrypoint for the users command.
 func Users(cfg *config.Config) *cli.Command {
 	return &cli.Command{
 		Name:  "users",
--- a/storage/pkg/config/config.go
+++ b/storage/pkg/config/config.go
@@ -165,8 +165,6 @@ type FrontendPort struct {
 	DatagatewayPrefix          string     `yaml:"data_gateway_prefix"`
 	Favorites                  bool       `yaml:"favorites"`
 	ProjectSpaces              bool       `yaml:"project_spaces"`
-	OCDavInsecure              bool       `yaml:"ocdav_insecure"`
-	OCDavPrefix                string     `yaml:"ocdav_prefix"`
 	OCSPrefix                  string     `yaml:"ocs_prefix"`
 	OCSSharePrefix             string     `yaml:"ocs_share_prefix"`
 	OCSHomeNamespace           string     `yaml:"ocs_home_namespace"`
@@ -433,8 +431,26 @@ type LDAPGroupSchema struct {

 // OCDav defines the available ocdav configuration.
 type OCDav struct {
-	WebdavNamespace   string `yaml:"webdav_namespace"`
-	DavFilesNamespace string `yaml:"dav_files_namespace"`
+	// Addr to listen to with the http server for the ocdav service
+	Addr            string `yaml:"addr"`
+	Prefix          string `yaml:"prefix"`
+	WebdavNamespace string `yaml:"webdav_namespace"`
+	FilesNamespace  string `yaml:"files_namespace"`
+	SharesNamespace string `yaml:"shares_namespace"`
+	// PublicURL used to redirect /s/{token} URLs to
+	PublicURL string `yaml:"public_url"`
+
+	// Addr to listen to with the debug http server
+	DebugAddr string `yaml:"debug_addr"`
+
+	// GatewaySVC to forward CS3 requests to TODO use registry
+	GatewaySVC string `yaml:"gateway_svc"`
+	// JWTSecret used to verify reva access token
+	JWTSecret string `yaml:"jwt_secret"`
+	// Insecure certificates allowed when making requests to the gateway
+	Insecure bool `yaml:"insecure"`
+	// Timeout in seconds when making requests to the gateway
+	Timeout int64 `yaml:"timeout"`
 }

 // Archiver defines the available archiver configuration.
@@ -455,7 +471,6 @@ type Reva struct {
 	LDAP                  LDAP            `yaml:"ldap"`
 	UserGroupRest         UserGroupRest   `yaml:"user_group_rest"`
 	UserOwnCloudSQL       UserOwnCloudSQL `yaml:"user_owncloud_sql"`
-	OCDav                 OCDav           `yaml:"ocdav"`
 	Archiver              Archiver        `yaml:"archiver"`
 	UserStorage           StorageConfig   `yaml:"user_storage"`
 	MetadataStorage       StorageConfig   `yaml:"metadata_storage"`
@@ -483,7 +498,7 @@ type Reva struct {
 	// Services and Ports will be ignored if this is used
 	Configs map[string]interface{} `yaml:"configs"`
 	// chunking and resumable upload config (TUS)
-	UploadMaxChunkSize       int    `yaml:"uppload_max_chunk_size"`
+	UploadMaxChunkSize       int    `yaml:"upload_max_chunk_size"`
 	UploadHTTPMethodOverride string `yaml:"upload_http_method_override"`
 	// checksumming capabilities
 	ChecksumSupportedTypes      []string `yaml:"checksum_supported_types"`
@@ -512,6 +527,7 @@ type Config struct {
 	File    string      `yaml:"file"`
 	Log     *shared.Log `yaml:"log"`
 	Debug   Debug       `yaml:"debug"`
+	OCDav   OCDav       `yaml:"ocdav"`
 	Reva    Reva        `yaml:"reva"`
 	Tracing Tracing     `yaml:"tracing"`
 	Asset   Asset       `yaml:"asset"`
@@ -567,10 +583,6 @@ func structMappings(cfg *Config) []shared.EnvBinding {
 			EnvVars:     []string{"OCIS_INSECURE", "STORAGE_FRONTEND_ARCHIVER_INSECURE"},
 			Destination: &cfg.Reva.Frontend.ArchiverInsecure,
 		},
-		{
-			EnvVars:     []string{"OCIS_INSECURE", "STORAGE_FRONTEND_OCDAV_INSECURE"},
-			Destination: &cfg.Reva.Frontend.OCDavInsecure,
-		},
 		{
 			EnvVars:     []string{"OCIS_INSECURE", "STORAGE_OIDC_INSECURE"},
 			Destination: &cfg.Reva.OIDC.Insecure,
@@ -773,18 +785,6 @@ func structMappings(cfg *Config) []shared.EnvBinding {
 			EnvVars:     []string{"STORAGE_TRANSFER_SECRET"},
 			Destination: &cfg.Reva.TransferSecret,
 		},
-		{
-			EnvVars:     []string{"STORAGE_CHUNK_FOLDER"},
-			Destination: &cfg.Reva.OCDav.WebdavNamespace,
-		},
-		{
-			EnvVars:     []string{"STORAGE_WEBDAV_NAMESPACE"},
-			Destination: &cfg.Reva.OCDav.WebdavNamespace,
-		},
-		{
-			EnvVars:     []string{"STORAGE_DAV_FILES_NAMESPACE"},
-			Destination: &cfg.Reva.OCDav.DavFilesNamespace,
-		},
 		{
 			EnvVars:     []string{"STORAGE_ARCHIVER_MAX_NUM_FILES"},
 			Destination: &cfg.Reva.Archiver.MaxNumFiles,
@@ -821,10 +821,6 @@ func structMappings(cfg *Config) []shared.EnvBinding {
 			EnvVars:     []string{"STORAGE_FRONTEND_PROJECT_SPACES"},
 			Destination: &cfg.Reva.Frontend.ProjectSpaces,
 		},
-		{
-			EnvVars:     []string{"STORAGE_FRONTEND_OCDAV_PREFIX"},
-			Destination: &cfg.Reva.Frontend.OCDavPrefix,
-		},
 		{
 			EnvVars:     []string{"STORAGE_FRONTEND_OCS_PREFIX"},
 			Destination: &cfg.Reva.Frontend.OCSPrefix,
@@ -1810,5 +1806,43 @@ func structMappings(cfg *Config) []shared.EnvBinding {
 			EnvVars:     []string{"STORAGE_PERMISSIONS_ENDPOINT"},
 			Destination: &cfg.Reva.Permissions.Endpoint,
 		},
+
+		// ocdav
+		{
+			EnvVars:     []string{"OCDAV_ADDR"},
+			Destination: &cfg.OCDav.Addr,
+		},
+		{
+			EnvVars:     []string{"OCDAV_DEBUG_ADDR"},
+			Destination: &cfg.OCDav.DebugAddr,
+		},
+		{
+			EnvVars:     []string{"OCDAV_PREFIX"},
+			Destination: &cfg.OCDav.Prefix,
+		},
+		{
+			EnvVars:     []string{"OCDAV_WEBDAV_NAMESPACE"},
+			Destination: &cfg.OCDav.WebdavNamespace,
+		},
+		{
+			EnvVars:     []string{"OCDAV_FILES_NAMESPACE"},
+			Destination: &cfg.OCDav.FilesNamespace,
+		},
+		{
+			EnvVars:     []string{"OCDAV_SHARES_NAMESPACE"},
+			Destination: &cfg.OCDav.SharesNamespace,
+		},
+		{
+			EnvVars:     []string{"OCIS_URL", "OCDAV_PUBLIC_URL"},
+			Destination: &cfg.OCDav.PublicURL,
+		},
+		{
+			EnvVars:     []string{"OCIS_INSECURE", "OCDAV_INSECURE"},
+			Destination: &cfg.OCDav.Insecure,
+		},
+		{
+			EnvVars:     []string{"OCIS_JWT_SECRET", "OCDAV_JWT_SECRET"},
+			Destination: &cfg.OCDav.JWTSecret,
+		},
 	}
 }
--- a/storage/pkg/config/defaults/defaultconfig.go
+++ b/storage/pkg/config/defaults/defaultconfig.go
@@ -91,10 +91,6 @@ func DefaultConfig() *config.Config {
 				JoinOwnCloudUUID:   false,
 				EnableMedialSearch: false,
 			},
-			OCDav: config.OCDav{
-				WebdavNamespace:   defaultStorageNamespace,
-				DavFilesNamespace: defaultStorageNamespace,
-			},
 			Archiver: config.Archiver{
 				MaxNumFiles: 10000,
 				MaxSize:     1073741824,
@@ -235,7 +231,7 @@ func DefaultConfig() *config.Config {
 					Protocol:    "",
 					Endpoint:    "",
 					DebugAddr:   "127.0.0.1:9141",
-					Services:    []string{"datagateway", "ocdav", "ocs", "appprovider"},
+					Services:    []string{"datagateway", "ocs", "appprovider"},
 					Config:      nil,
 					Context:     nil,
 					Supervised:  false,
@@ -247,8 +243,6 @@ func DefaultConfig() *config.Config {
 				DatagatewayPrefix:          "data",
 				Favorites:                  false,
 				ProjectSpaces:              true,
-				OCDavInsecure:              false, // true?
-				OCDavPrefix:                "",
 				OCSPrefix:                  "ocs",
 				OCSSharePrefix:             defaultShareFolder,
 				OCSHomeNamespace:           defaultStorageNamespace,
@@ -445,6 +439,20 @@ func DefaultConfig() *config.Config {
 			ChecksumPreferredUploadType: "",
 			DefaultUploadProtocol:       "tus",
 		},
+		// TODO move ocdav config to a separate service
+		OCDav: config.OCDav{
+			Addr:            "127.0.0.1:0", // :0 to pick any local free port
+			DebugAddr:       "127.0.0.1:9163",
+			WebdavNamespace: defaultStorageNamespace,
+			FilesNamespace:  defaultStorageNamespace,
+			SharesNamespace: defaultShareFolder,
+			PublicURL:       defaultPublicURL,
+			Prefix:          "",
+			GatewaySVC:      defaultGatewayAddr,
+			Insecure:        false, // true?
+			Timeout:         84300,
+			JWTSecret:       "Pive-Fumkiu4",
+		},
 		Tracing: config.Tracing{
 			Service: "storage",
 			Type:    "jaeger",
--- a/tests/parallelDeployAcceptance/drone/ocis/proxy.yaml
+++ b/tests/parallelDeployAcceptance/drone/ocis/proxy.yaml
@@ -19,15 +19,17 @@ policies:
        endpoint: "/remote.php/?preview=1"
        backend: http://localhost:9115
      - endpoint: "/remote.php/"
-        backend: http://localhost:9140
+        service: "ocdav"
      - endpoint: "/dav/"
-        backend: http://localhost:9140
+        service: "ocdav"
      - endpoint: "/webdav/"
-        backend: http://localhost:9140
+        service: "ocdav"
      - endpoint: "/status.php"
-        backend: http://localhost:9140
+        service: "ocdav"
      - endpoint: "/index.php/"
-        backend: http://localhost:9140
+        service: "ocdav"
+      - endpoint: "/apps/"
+        service: "ocdav"
      - endpoint: "/index.php/login"
        backend: http://localhost:9100
      - endpoint: "/login"