Adds external konnectd deployment

2026-04-10 18:38:05 -04:00 · 2020-10-14 13:03:36 +02:00
parent a7b08a4c29
commit 6a075c6750
5 changed files with 140 additions and 0 deletions
--- a/deployments/examples/ocis_external_konnectd/idpnode/.env
+++ b/deployments/examples/ocis_external_konnectd/idpnode/.env
@@ -0,0 +1,2 @@
+OCIS_DOMAIN=ocis.domain.com
+IDP_DOMAIN=idp.domain.com
--- a/deployments/examples/ocis_external_konnectd/idpnode/config/identifier-registration.yml
+++ b/deployments/examples/ocis_external_konnectd/idpnode/config/identifier-registration.yml
@@ -0,0 +1,16 @@
+---
+# OpenID Connect client registry.
+clients:
+  - id: phoenix
+    name: OCIS
+    application_type: web
+    insecure: yes
+    trusted: yes
+    redirect_uris:
+      - http://ocis.domain.com/oidc-callback.html
+      - http://ocis.domain.com/
+      - https://ocis.domain.com/
+      - https://ocis.domain.com/oidc-callback.html
+    origins:
+      - http://ocis.domain.com
+      - https://ocis.domain.com
--- a/deployments/examples/ocis_external_konnectd/idpnode/docker-compose.yml
+++ b/deployments/examples/ocis_external_konnectd/idpnode/docker-compose.yml
@@ -0,0 +1,59 @@
+version: '3.7'
+
+services:
+
+  traefik:
+    image: "traefik:v2.2"
+    container_name: "traefik"
+    networks:
+      - idpnet
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.idp.acme.tlschallenge=true"
+      - "--certificatesresolvers.idp.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.idp.acme.email=postmaster@${IDP_DOMAIN}"
+      - "--certificatesresolvers.idp.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "~/letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  konnectd:
+    container_name: konnectd
+    image: owncloud/ocis-konnectd:latest
+    networks:
+      - idpnet
+    ports:
+      - "9130:9130"
+    volumes:
+      - ./config:/etc/ocis
+    environment:
+      OCIS_LOG_LEVEL: debug
+      KONNECTD_ISS: https://${IDP_DOMAIN}
+      KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/etc/ocis/identifier-registration.yml"
+      KONNECTD_LOG_LEVEL: debug
+      KONNECTD_TLS: '0'
+      LDAP_URI: ldap://${OCIS_DOMAIN}:9125
+      LDAP_BINDDN: cn=konnectd,ou=sysusers,dc=example,dc=org
+      LDAP_BINDPW: konnectd
+      LDAP_BASEDN: ou=users,dc=example,dc=org
+      LDAP_SCOPE: sub
+      LDAP_LOGIN_ATTRIBUTE: cn
+      LDAP_EMAIL_ATTRIBUTE: mail
+      LDAP_NAME_ATTRIBUTE=: n
+      LDAP_UUID_ATTRIBUTE: uid
+      LDAP_UUID_ATTRIBUTE_TYPE: text
+      LDAP_FILTER: (objectClass=posixaccount)
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.idp.rule=Host(`${IDP_DOMAIN}`)"
+      - "traefik.http.routers.idp.entrypoints=websecure"
+      - "traefik.http.routers.idp.tls.certresolver=idp"
+      - "traefik.docker.network=idpnet"
+      - "traefik.port=9130"
+      - "traefik.protocol=https"
--- a/deployments/examples/ocis_external_konnectd/ocisnode/.env
+++ b/deployments/examples/ocis_external_konnectd/ocisnode/.env
@@ -0,0 +1,2 @@
+OCIS_DOMAIN=ocis.domain.com
+IDP_DOMAIN=idp.domain.com
--- a/deployments/examples/ocis_external_konnectd/ocisnode/docker-compose.yml
+++ b/deployments/examples/ocis_external_konnectd/ocisnode/docker-compose.yml
@@ -0,0 +1,61 @@
+version: '3.7'
+
+services:
+
+  traefik:
+    image: "traefik:v2.2"
+    container_name: "traefik"
+    networks:
+      - ocisnet
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.ocis.acme.tlschallenge=true"
+      - "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.ocis.acme.email=postmaster@${OCIS_DOMAIN}"
+      - "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "~/letsencrypt:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+
+  ocis:
+    container_name: ocis
+    image: owncloud/ocis:latest
+    tty: true
+    privileged: true
+    stdin_open: true
+    ports:
+      - 9200:9200
+      - 9125:9125
+    hostname: ocis
+    networks:
+      - ocisnet
+    environment:
+      OCIS_DOMAIN: ${OCIS_DOMAIN}
+      PROXY_OIDC_ISSUER: https://${IDP_DOMAIN}
+      PROXY_OIDC_INSECURE: "true"
+      PROXY_TLS: "false"
+      GRAPH_OIDC_ENDPOINT: https://${IDP_DOMAIN}
+      REVA_OIDC_ISSUER: https://${IDP_DOMAIN}
+      REVA_LDAP_IDP: https://${IDP_DOMAIN}
+      PHOENIX_OIDC_AUTHORITY: https://${IDP_DOMAIN}
+      PHOENIX_OIDC_METADATA_URL: https://${IDP_DOMAIN}/.well-known/openid-configuration
+      PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN}
+      OCIS_LOG_LEVEL: debug
+      REVA_TRANSFER_EXPIRES: 86400
+      REVA_FRONTEND_URL: https://${OCIS_DOMAIN}
+      REVA_DATAGATEWAY_URL: https://${OCIS_DOMAIN}/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
+      - "traefik.http.routers.ocis.entrypoints=websecure"
+      - "traefik.http.routers.ocis.tls.certresolver=ocis"
+      - "traefik.http.services.ocis.loadbalancer.server.port=9200"
+      - "traefik.docker.network=ocisnet"
+      - "traefik.port=9200"
+      - "traefik.protocol=https"