From 25c516ab67c5c9183b04c7933cf1b2721fd703f1 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 24 Nov 2021 15:25:31 +0100 Subject: [PATCH 1/4] rename cs3_users_ocis deployment example to ocis_ldap --- .drone.star | 4 ++-- .../{cs3_users_ocis => ocis_ldap}/latest.yml | 16 ++++++++-------- .../{cs3_users_ocis => ocis_ldap}/released.yml | 16 ++++++++-------- .../examples/{cs3_users_ocis => ocis_ldap}/.env | 0 .../{cs3_users_ocis => ocis_ldap}/README.md | 4 ++-- .../config/ldap/ldif/10_owncloud_schema.ldif | 0 .../config/ldap/ldif/20_users.ldif | 0 .../config/ldap/ldif/30_groups.ldif | 0 .../config/ocis/entrypoint-override.sh | 0 .../config/ocis/proxy.json | 0 .../config/ocis/web-config.dist.json | 0 .../docker-compose.yml | 0 .../docker-compose-additions.yml | 0 docs/ocis/deployment/continuous_deployment.md | 10 +++++----- docs/ocis/deployment/ocis_ldap.md | 12 ++++++++++++ 15 files changed, 37 insertions(+), 25 deletions(-) rename deployments/continuous-deployment-config/{cs3_users_ocis => ocis_ldap}/latest.yml (72%) rename deployments/continuous-deployment-config/{cs3_users_ocis => ocis_ldap}/released.yml (71%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/.env (100%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/README.md (54%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/config/ldap/ldif/10_owncloud_schema.ldif (100%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/config/ldap/ldif/20_users.ldif (100%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/config/ldap/ldif/30_groups.ldif (100%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/config/ocis/entrypoint-override.sh (100%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/config/ocis/proxy.json (100%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/config/ocis/web-config.dist.json (100%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/docker-compose.yml (100%) rename deployments/examples/{cs3_users_ocis => ocis_ldap}/monitoring_tracing/docker-compose-additions.yml (100%) create mode 100644 docs/ocis/deployment/ocis_ldap.md diff --git a/.drone.star b/.drone.star index e982c75b5..b912505fc 100644 --- a/.drone.star +++ b/.drone.star @@ -1589,7 +1589,7 @@ def skipIfUnchanged(ctx, type): def example_deploys(ctx): latest_configs = [ - "cs3_users_ocis/latest.yml", + "ocis_ldap/latest.yml", "ocis_keycloak/latest.yml", "ocis_traefik/latest.yml", "ocis_wopi/latest.yml", @@ -1598,7 +1598,7 @@ def example_deploys(ctx): "oc10_ocis_parallel/latest.yml", ] released_configs = [ - "cs3_users_ocis/released.yml", + "ocis_ldap/released.yml", "ocis_keycloak/released.yml", "ocis_traefik/released.yml", "ocis_wopi/released.yml", diff --git a/deployments/continuous-deployment-config/cs3_users_ocis/latest.yml b/deployments/continuous-deployment-config/ocis_ldap/latest.yml similarity index 72% rename from deployments/continuous-deployment-config/cs3_users_ocis/latest.yml rename to deployments/continuous-deployment-config/ocis_ldap/latest.yml index fcef5ec52..26348b942 100644 --- a/deployments/continuous-deployment-config/cs3_users_ocis/latest.yml +++ b/deployments/continuous-deployment-config/ocis_ldap/latest.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-cs3-users-latest +- name: continuous-deployment-ocis-ldap-latest server: server_type: cx21 image: ubuntu-20.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-cs3-users.latest.owncloud.works" + - "*.ocis-ldap.latest.owncloud.works" vars: ssh_authorized_keys: @@ -31,21 +31,21 @@ - name: ocis git_url: https://github.com/owncloud/ocis.git ref: master - docker_compose_path: deployments/examples/cs3_users_ocis + docker_compose_path: deployments/examples/ocis_ldap env: INSECURE: "false" TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-cs3-users.latest.owncloud.works - LDAP_MANAGER_DOMAIN: ldap.ocis-cs3-users.latest.owncloud.works + OCIS_DOMAIN: ocis.ocis-ldap.latest.owncloud.works + LDAP_MANAGER_DOMAIN: ldap.ocis-ldap.latest.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-cs3-users.latest.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-ldap.latest.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-cs3-users.latest.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-cs3-users-latest + OCIS_URL: ocis.ocis-ldap.latest.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-ldap-latest diff --git a/deployments/continuous-deployment-config/cs3_users_ocis/released.yml b/deployments/continuous-deployment-config/ocis_ldap/released.yml similarity index 71% rename from deployments/continuous-deployment-config/cs3_users_ocis/released.yml rename to deployments/continuous-deployment-config/ocis_ldap/released.yml index 7f0c1f5d2..c59d000a9 100644 --- a/deployments/continuous-deployment-config/cs3_users_ocis/released.yml +++ b/deployments/continuous-deployment-config/ocis_ldap/released.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-cs3-users-released +- name: continuous-deployment-ocis-ldap-released server: server_type: cx21 image: ubuntu-20.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-cs3-users.released.owncloud.works" + - "*.ocis-ldap.released.owncloud.works" vars: ssh_authorized_keys: @@ -31,21 +31,21 @@ - name: ocis git_url: https://github.com/owncloud/ocis.git ref: master - docker_compose_path: deployments/examples/cs3_users_ocis + docker_compose_path: deployments/examples/ocis_ldap env: INSECURE: "false" TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: 1 - OCIS_DOMAIN: ocis.ocis-cs3-users.released.owncloud.works - LDAP_MANAGER_DOMAIN: ldap.ocis-cs3-users.released.owncloud.works + OCIS_DOMAIN: ocis.ocis-ldap.released.owncloud.works + LDAP_MANAGER_DOMAIN: ldap.ocis-ldap.released.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-cs3-users.released.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-ldap.released.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-cs3-users.released.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-cs3-users-released + OCIS_URL: ocis.ocis-ldap.released.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-ldap-released diff --git a/deployments/examples/cs3_users_ocis/.env b/deployments/examples/ocis_ldap/.env similarity index 100% rename from deployments/examples/cs3_users_ocis/.env rename to deployments/examples/ocis_ldap/.env diff --git a/deployments/examples/cs3_users_ocis/README.md b/deployments/examples/ocis_ldap/README.md similarity index 54% rename from deployments/examples/cs3_users_ocis/README.md rename to deployments/examples/ocis_ldap/README.md index 4a00b040f..bcdbaeec1 100644 --- a/deployments/examples/cs3_users_ocis/README.md +++ b/deployments/examples/ocis_ldap/README.md @@ -1,6 +1,6 @@ --- -document this deployment example in docs/ocis/deployment/cs3_users_ocis.md +document this deployment example in docs/ocis/deployment/ocis_ldap.md --- -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/cs3_users_ocis/) +Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_ldap/) for instructions on how to deploy this scenario. diff --git a/deployments/examples/cs3_users_ocis/config/ldap/ldif/10_owncloud_schema.ldif b/deployments/examples/ocis_ldap/config/ldap/ldif/10_owncloud_schema.ldif similarity index 100% rename from deployments/examples/cs3_users_ocis/config/ldap/ldif/10_owncloud_schema.ldif rename to deployments/examples/ocis_ldap/config/ldap/ldif/10_owncloud_schema.ldif diff --git a/deployments/examples/cs3_users_ocis/config/ldap/ldif/20_users.ldif b/deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif similarity index 100% rename from deployments/examples/cs3_users_ocis/config/ldap/ldif/20_users.ldif rename to deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif diff --git a/deployments/examples/cs3_users_ocis/config/ldap/ldif/30_groups.ldif b/deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif similarity index 100% rename from deployments/examples/cs3_users_ocis/config/ldap/ldif/30_groups.ldif rename to deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif diff --git a/deployments/examples/cs3_users_ocis/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_ldap/config/ocis/entrypoint-override.sh similarity index 100% rename from deployments/examples/cs3_users_ocis/config/ocis/entrypoint-override.sh rename to deployments/examples/ocis_ldap/config/ocis/entrypoint-override.sh diff --git a/deployments/examples/cs3_users_ocis/config/ocis/proxy.json b/deployments/examples/ocis_ldap/config/ocis/proxy.json similarity index 100% rename from deployments/examples/cs3_users_ocis/config/ocis/proxy.json rename to deployments/examples/ocis_ldap/config/ocis/proxy.json diff --git a/deployments/examples/cs3_users_ocis/config/ocis/web-config.dist.json b/deployments/examples/ocis_ldap/config/ocis/web-config.dist.json similarity index 100% rename from deployments/examples/cs3_users_ocis/config/ocis/web-config.dist.json rename to deployments/examples/ocis_ldap/config/ocis/web-config.dist.json diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yml b/deployments/examples/ocis_ldap/docker-compose.yml similarity index 100% rename from deployments/examples/cs3_users_ocis/docker-compose.yml rename to deployments/examples/ocis_ldap/docker-compose.yml diff --git a/deployments/examples/cs3_users_ocis/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml similarity index 100% rename from deployments/examples/cs3_users_ocis/monitoring_tracing/docker-compose-additions.yml rename to deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml diff --git a/docs/ocis/deployment/continuous_deployment.md b/docs/ocis/deployment/continuous_deployment.md index 1961aee69..0308619a5 100644 --- a/docs/ocis/deployment/continuous_deployment.md +++ b/docs/ocis/deployment/continuous_deployment.md @@ -115,7 +115,7 @@ Credentials: - oCIS: [ocis.ocis-s3.latest.owncloud.works](https://ocis.ocis-s3.latest.owncloud.works) - MinIO: [minio.ocis-s3.latest.owncloud.works](https://minio.ocis-s3.latest.owncloud.works) -# oCIS with CS3 users +# oCIS with LDAP for users and groups Credentials: @@ -126,10 +126,10 @@ Credentials: ## Latest -- oCIS: [ocis.ocis-cs3-users.latest.owncloud.works](https://ocis.ocis-cs3-users.latest.owncloud.works) -- LDAP admin: [ldap.ocis-cs3-users.latest.owncloud.works](https://ldap.ocis-cs3-users.latest.owncloud.works) +- oCIS: [ocis.ocis-ldap.latest.owncloud.works](https://ocis.ocis-ldap.latest.owncloud.works) +- LDAP admin: [ldap.ocis-ldap.latest.owncloud.works](https://ldap.ocis-ldap.latest.owncloud.works) ## Released -- oCIS: [ocis.ocis-cs3-users.released.owncloud.works](https://ocis.ocis-cs3-users.released.owncloud.works) -- LDAP admin: [ldap.ocis-cs3-users.released.owncloud.works](https://ldap.ocis-cs3-users.released.owncloud.works) +- oCIS: [ocis.ocis-ldap.released.owncloud.works](https://ocis.ocis-ldap.released.owncloud.works) +- LDAP admin: [ldap.ocis-ldap.released.owncloud.works](https://ldap.ocis-ldap.released.owncloud.works) diff --git a/docs/ocis/deployment/ocis_ldap.md b/docs/ocis/deployment/ocis_ldap.md new file mode 100644 index 000000000..a75f46ae4 --- /dev/null +++ b/docs/ocis/deployment/ocis_ldap.md @@ -0,0 +1,12 @@ +--- +title: "oCIS with LDAP" +date: 2020-10-12T14:04:00+01:00 +weight: 24 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/ocis/deployment +geekdocFilePath: ocis_ldap.md +--- + +{{< toc >}} + +TODO From 7fb85fdecfe80dc354c9c025a3e34b1df8117533 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 24 Nov 2021 15:56:17 +0100 Subject: [PATCH 2/4] add missing demo users and groups to ldap example --- .../ocis_ldap/config/ldap/ldif/20_users.ldif | 40 +++++++++++++++++++ .../ocis_ldap/config/ldap/ldif/30_groups.ldif | 2 + 2 files changed, 42 insertions(+) diff --git a/deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif b/deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif index 6a0c8ad7c..42c8ebd26 100644 --- a/deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif +++ b/deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif @@ -62,3 +62,43 @@ gidNumber: 30000 homeDirectory: /home/richard ownCloudUUID:: OTMyYjQ1NDAtOGQxNi00ODFlLThlZjQtNTg4ZTRiNmIxNTFj userPassword:: e1NTSEF9Z05LZTRreHdmOGRUREY5eHlhSmpySTZ3MGxSVUM1d1RGcWROTVE9PQ== + +dn: uid=moss,ou=users,dc=owncloud,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: ownCloud +objectClass: person +objectClass: posixAccount +objectClass: top +uid: moss +givenName: Maurice +sn: Moss +cn: moss +displayName: Maurice Moss +description: A worker in the IT Department of Reynholm Industries. Of all the working staff in the IT Department, he is the most hard-working, the most experienced, and the most capable of doing his job well. He puts a lot of effort into his work, however he does not get the credit he deserves. +mail: moss@example.org +uidNumber: 20003 +gidNumber: 30000 +homeDirectory: /home/moss +ownCloudUUID:: MDU4YmZmOTUtNjcwOC00ZmU1LTkxZTQtOWVhM2QzNzc1ODhi +userPassword:: e1NTSEF9N0hEdTRoMkFDVExFWWt4U0RtSDZVQjhmUlpKRExDZDc= + +dn: uid=admin,ou=users,dc=owncloud,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: ownCloud +objectClass: person +objectClass: posixAccount +objectClass: top +uid: admin +givenName: Admin +sn: Admin +cn: admin +displayName: Admin +description: An admin for this oCIS instance. +mail: admin@example.org +uidNumber: 20004 +gidNumber: 30000 +homeDirectory: /home/admin +ownCloudUUID:: ZGRjMjAwNGMtMDk3Ny0xMWViLTlkM2YtYTc5Mzg4OGNkMGY4 +userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo= diff --git a/deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif b/deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif index f1c820c86..8617b977f 100644 --- a/deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif +++ b/deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif @@ -14,6 +14,8 @@ ownCloudUUID:: NTA5YTlkY2QtYmIzNy00ZjRmLWEwMWEtMTlkY2EyN2Q5Y2Zh uniqueMember: uid=einstein,ou=users,dc=owncloud,dc=com uniqueMember: uid=marie,ou=users,dc=owncloud,dc=com uniqueMember: uid=richard,ou=users,dc=owncloud,dc=com +uniqueMember: uid=moss,ou=users,dc=owncloud,dc=com +uniqueMember: uid=admin,ou=users,dc=owncloud,dc=com dn: cn=sailing-lovers,ou=groups,dc=owncloud,dc=com objectClass: groupOfUniqueNames From 6d8517db75cf0f0fffa749937b7fdcec9631446d Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 24 Nov 2021 15:58:21 +0100 Subject: [PATCH 3/4] add all demo users to the parallel deployment example --- .../config/ldap/ldif/20_users.ldif | 43 ++++++++++++++++++- .../config/ldap/ldif/30_groups.ldif | 2 + 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/20_users.ldif b/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/20_users.ldif index 8cf9f8007..ceca5125c 100644 --- a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/20_users.ldif +++ b/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/20_users.ldif @@ -24,7 +24,6 @@ ownCloudUUID:: NGM1MTBhZGEtYzg2Yi00ODE1LTg4MjAtNDJjZGY4MmMzZDUx userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ== ownCloudSelector: ocis - dn: uid=marie,ou=users,dc=owncloud,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson @@ -66,3 +65,45 @@ homeDirectory: /home/richard ownCloudUUID:: OTMyYjQ1NDAtOGQxNi00ODFlLThlZjQtNTg4ZTRiNmIxNTFj userPassword:: e1NTSEF9Z05LZTRreHdmOGRUREY5eHlhSmpySTZ3MGxSVUM1d1RGcWROTVE9PQ== ownCloudSelector: ocis + +dn: uid=moss,ou=users,dc=owncloud,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: ownCloud +objectClass: person +objectClass: posixAccount +objectClass: top +uid: moss +givenName: Maurice +sn: Moss +cn: moss +displayName: Maurice Moss +description: A worker in the IT Department of Reynholm Industries. Of all the working staff in the IT Department, he is the most hard-working, the most experienced, and the most capable of doing his job well. He puts a lot of effort into his work, however he does not get the credit he deserves. +mail: moss@example.org +uidNumber: 20003 +gidNumber: 30000 +homeDirectory: /home/moss +ownCloudUUID:: MDU4YmZmOTUtNjcwOC00ZmU1LTkxZTQtOWVhM2QzNzc1ODhi +userPassword:: e1NTSEF9N0hEdTRoMkFDVExFWWt4U0RtSDZVQjhmUlpKRExDZDc= +ownCloudSelector: ocis + +dn: uid=admin,ou=users,dc=owncloud,dc=com +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: ownCloud +objectClass: person +objectClass: posixAccount +objectClass: top +uid: admin +givenName: Admin +sn: Admin +cn: admin +displayName: Admin +description: An admin for this oCIS instance. +mail: admin@example.org +uidNumber: 20004 +gidNumber: 30000 +homeDirectory: /home/admin +ownCloudUUID:: ZGRjMjAwNGMtMDk3Ny0xMWViLTlkM2YtYTc5Mzg4OGNkMGY4 +userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo= +ownCloudSelector: oc10 diff --git a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/30_groups.ldif b/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/30_groups.ldif index f1c820c86..8617b977f 100644 --- a/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/30_groups.ldif +++ b/deployments/examples/oc10_ocis_parallel/config/ldap/ldif/30_groups.ldif @@ -14,6 +14,8 @@ ownCloudUUID:: NTA5YTlkY2QtYmIzNy00ZjRmLWEwMWEtMTlkY2EyN2Q5Y2Zh uniqueMember: uid=einstein,ou=users,dc=owncloud,dc=com uniqueMember: uid=marie,ou=users,dc=owncloud,dc=com uniqueMember: uid=richard,ou=users,dc=owncloud,dc=com +uniqueMember: uid=moss,ou=users,dc=owncloud,dc=com +uniqueMember: uid=admin,ou=users,dc=owncloud,dc=com dn: cn=sailing-lovers,ou=groups,dc=owncloud,dc=com objectClass: groupOfUniqueNames From 2e0c072d4a326d80c6e372909b0af17ddaabe3e4 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 25 Nov 2021 14:11:50 +0100 Subject: [PATCH 4/4] add ldap deployment example docs --- docs/ocis/deployment/ocis_ldap.md | 119 +++++++++++++++++++++++++++++- 1 file changed, 118 insertions(+), 1 deletion(-) diff --git a/docs/ocis/deployment/ocis_ldap.md b/docs/ocis/deployment/ocis_ldap.md index a75f46ae4..05f035e97 100644 --- a/docs/ocis/deployment/ocis_ldap.md +++ b/docs/ocis/deployment/ocis_ldap.md @@ -7,6 +7,123 @@ geekdocEditPath: edit/master/docs/ocis/deployment geekdocFilePath: ocis_ldap.md --- + {{< toc >}} -TODO +## Overview + +- Traefik generating self signed certificates for local setup or obtaining valid SSL certificates for a server setup +- OpenLDAP server with demo users +- LDAP admin interface to edit users +- oCIS running behind Traefik as reverse proxy + - oCIS is using the LDAP server as user backend + +[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_ldap) + +## Server Deployment + +### Requirements + +- Linux server with docker and docker-compose installed +- four domains set up and pointing to your server + - ocis.\* for serving oCIS + - ldap .\* for serving the LDAP managment UI + - traefik.\* for serving the Traefik dashboard + +See also [example server setup]({{< ref "preparing_server" >}}) + +### Install this example + +- Clone oCIS repository + + `git clone https://github.com/owncloud/ocis.git` + +- Go to the deployment example + + `cd ocis/deployment/examples/ocis_ldap` + +- Open the `.env` file in a text editor + The file by default looks like this: + + ```bash + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + # Serve Treafik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" + OCIS_JWT_SECRET= + # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" + STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= + + ### LDAP server settings ### + # Password of LDAP user "cn=admin,dc=owncloud,dc=com". Defaults to "admin" + LDAP_ADMIN_PASSWORD= + + ### LDAP manager settings ### + # Domain of LDAP manager. Defaults to "ldap.owncloud.test" + LDAP_MANAGER_DOMAIN= + ``` + + You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. + + If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`. + + The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). + + Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. + + By default oCIS will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). + + Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=cloud.owncloud.test`. + + You also must override the default secrets in `STORAGE_TRANSFER_SECRET` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + + The OpenLDAP server in this example deployment has an admin users, which is also used as bind user in order to keep theses examples simple. You can change the default password "admin" to a different one by setting it to `LDAP_ADMIN_PASSWORD=...`. + + Set your domain for the LDAP manager UI in `LDAP_MANAGER_DOMAIN=`, eg. `ldap.owncloud.test`. + + Now you have configured everything and can save the file. + +- Start the docker stack + + `docker-compose up -d` + +- You now can visit oCIS and Traefik dashboard on your configured domains. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. + +## Local setup + +For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}}) + +This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. + +On Linux and macOS you can add them to your `/etc/hosts` files like this: + +``` +127.0.0.1 cloud.owncloud.test +127.0.0.1 keycloak.owncloud.test +127.0.0.1 ldap.owncloud.test +127.0.0.1 traefik.owncloud.test +``` + +After that you're ready to start the application stack: + +`docker-compose up -d` + +Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the default users, which also can be found here: [Getting started]({{< ref "../getting-started#login-to-ocis-web" >}}). You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time.