mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-23 22:29:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

refactor: debrand docker compose deployments -S

Browse Source
This commit is contained in:
Michael Barz
2025-01-15 21:00:17 +01:00
parent 85fa7441b0
commit 8730584067
102 changed files with 246 additions and 8332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.codacy.yml
View File

@@ -18,5 +18,5 @@ exclude_paths:
- 'tests/acceptance/TestHelpers/**'
- 'tests/acceptance/run.sh'
- 'vendor/**/*'
- 'tests/ociswrapper/vendor/**'
- 'tests/ocwrapper/vendor/**'
...

90
.github/settings.yml vendored
View File

@@ -1,90 +0,0 @@
---
_extends: gh-labels
repository:
name: ocis
description: ':atom_symbol: ownCloud Infinite Scale Stack'
homepage: 'https://doc.owncloud.com/ocis/next/'
topics: reva, ocis
private: false
has_issues: true
has_projects: true
has_wiki: false
has_downloads: false
default_branch: master
allow_squash_merge: true
allow_merge_commit: true
allow_rebase_merge: true
labels:
- name: OCIS-Fastlane
color: "#deadbf"
description: Planned outside of the sprint
- name: Storage:EOS
color: "#3F7A62"
- name: Storage:S3NG
color: "#3F7A62"
- name: Storage:CephFS
color: "#3F7A62"
- name: Storage:OCIS
color: "#3F7A62"
- name: Storage:POSIX
color: "#3F7A62"
- name: Storage:ownCloudSQL
color: "#3F7A62"
teams:
- name: ci
permission: admin
- name: employees
permission: push
- name: cern
permission: triage
- name: ocis-contractors
permission: push
branches:
- name: master
protection:
required_pull_request_reviews:
required_approving_review_count: 1
dismiss_stale_reviews: false
require_code_owner_reviews: false
required_status_checks:
strict: false
contexts:
- continuous-integration/drone/pr
enforce_admins: null
restrictions:
apps: []
users:
- dependabot
teams:
- ci
- employees
- ocis-contractors
- name: stable-*
protection:
required_pull_request_reviews:
required_approving_review_count: 2
dismiss_stale_reviews: false
require_code_owner_reviews: false
required_status_checks:
strict: false
contexts:
- continuous-integration/drone/pr
enforce_admins: null
restrictions:
apps: []
users:
- dependabot
teams:
- ci
- employees
- ocis-contractors
...

4
.make/release.mk
View File

@@ -10,8 +10,8 @@ release-dirs:
@mkdir -p $(DIST)/binaries $(DIST)/release
# docker specific packaging flags
DOCKER_LDFLAGS += -X "$(OC_REPO)/ocis-pkg/config/defaults.BaseDataPathType=path" -X "$(OC_REPO)/ocis-pkg/config/defaults.BaseDataPathValue=/var/lib/ocis"
DOCKER_LDFLAGS += -X "$(OC_REPO)/ocis-pkg/config/defaults.BaseConfigPathType=path" -X "$(OC_REPO)/ocis-pkg/config/defaults.BaseConfigPathValue=/etc/ocis"
DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathValue=/var/lib/opencloud"
DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathValue=/etc/opencloud"
# We can't link statically when vips is enabled but we still
# prefer static linking where possible

52
deployments/continuous-deployment-config/ocis_full/master.yml
View File

@@ -1,52 +0,0 @@
---
- name: continuous-deployment-ocis-master
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: ocis-team
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis.master.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/kobergj.keys
- https://github.com/2403905.keys
- https://github.com/d7oc.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_full
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
OC_DOCKER_TAG: master
OC_DOCKER_IMAGE: owncloud/ocis-rolling
OC_DOMAIN: ocis.ocis.master.owncloud.works
COMPANION_DOMAIN: companion.ocis.master.owncloud.works
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
WOPISERVER_DOMAIN: wopiserver.ocis.master.owncloud.works
COLLABORA_DOMAIN: collabora.ocis.master.owncloud.works
INBUCKET_DOMAIN: mail.ocis.master.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis.master.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_full
OC_URL: ocis.ocis.master.owncloud.works
OC_DEPLOYMENT_ID: continuous-deployment-ocis-master

52
deployments/continuous-deployment-config/ocis_full/onlyoffice-master.yml
View File

@@ -1,52 +0,0 @@
---
- name: continuous-deployment-ocis-onlyoffice-master
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: ocis-team
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis-onlyoffice.master.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/kobergj.keys
- https://github.com/2403905.keys
- https://github.com/d7oc.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_full
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
OC_DOCKER_TAG: master
OC_DOCKER_IMAGE: owncloud/ocis-rolling
OC_DOMAIN: ocis.ocis-onlyoffice.master.owncloud.works
COMPANION_DOMAIN: companion.ocis-onlyoffice.master.owncloud.works
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
WOPISERVER_ONLYOFFICE_DOMAIN: wopiserver-oo.ocis-onlyoffice.master.owncloud.works
ONLYOFFICE_DOMAIN: onlyoffice.ocis-onlyoffice.master.owncloud.works
INBUCKET_DOMAIN: mail.ocis-onlyoffice.master.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:onlyoffice.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring-oo.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-onlyoffice.master.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_onlyoffice
OC_URL: ocis.ocis-onlyoffice.master.owncloud.works
OC_DEPLOYMENT_ID: continuous-deployment-ocis-onlyoffice-master

52
deployments/continuous-deployment-config/ocis_full/onlyoffice-rolling.yml
View File

@@ -1,52 +0,0 @@
---
- name: continuous-deployment-ocis-onlyoffice-rolling
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: ocis-team
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis-onlyoffice.rolling.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/kobergj.keys
- https://github.com/2403905.keys
- https://github.com/d7oc.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_full
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
OC_DOCKER_TAG: 6.6.1
OC_DOCKER_IMAGE: owncloud/ocis-rolling
OC_DOMAIN: ocis.ocis-onlyoffice.rolling.owncloud.works
COMPANION_DOMAIN: companion.ocis-onlyoffice.rolling.owncloud.works
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
WOPISERVER_ONLYOFFICE_DOMAIN: wopiserver-oo.ocis-onlyoffice.rolling.owncloud.works
ONLYOFFICE_DOMAIN: onlyoffice.ocis-onlyoffice.rolling.owncloud.works
INBUCKET_DOMAIN: mail.ocis-onlyoffice.rolling.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:onlyoffice.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring-oo.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-onlyoffice.rolling.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_onlyoffice
OC_URL: ocis.ocis-onlyoffice.rolling.owncloud.works
OC_DEPLOYMENT_ID: continuous-deployment-ocis-onlyoffice-rolling

51
deployments/continuous-deployment-config/ocis_full/production.yml
View File

@@ -1,51 +0,0 @@
---
- name: continuous-deployment-ocis-production
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: ocis-team
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis.production.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/kobergj.keys
- https://github.com/2403905.keys
- https://github.com/d7oc.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_full
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
OC_DOCKER_TAG: 7.0.0
OC_DOMAIN: ocis.ocis.production.owncloud.works
COMPANION_DOMAIN: companion.ocis.production.owncloud.works
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
WOPISERVER_DOMAIN: wopiserver.ocis.production.owncloud.works
COLLABORA_DOMAIN: collabora.ocis.production.owncloud.works
INBUCKET_DOMAIN: mail.ocis.production.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis.production.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_wopi
OC_URL: ocis.ocis.production.owncloud.works
OC_DEPLOYMENT_ID: continuous-deployment-ocis-production

52
deployments/continuous-deployment-config/ocis_full/rolling.yml
View File

@@ -1,52 +0,0 @@
---
- name: continuous-deployment-ocis-rolling
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: ocis-team
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis.rolling.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/kobergj.keys
- https://github.com/2403905.keys
- https://github.com/d7oc.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_full
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
OC_DOCKER_TAG: 6.6.1
OC_DOCKER_IMAGE: owncloud/ocis-rolling
OC_DOMAIN: ocis.ocis.rolling.owncloud.works
COMPANION_DOMAIN: companion.ocis.rolling.owncloud.works
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
WOPISERVER_DOMAIN: wopiserver.ocis.rolling.owncloud.works
COLLABORA_DOMAIN: collabora.ocis.rolling.owncloud.works
INBUCKET_DOMAIN: mail.ocis.rolling.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:ocis.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis.rolling.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_full
OC_URL: ocis.ocis.rolling.owncloud.works
OC_DEPLOYMENT_ID: continuous-deployment-ocis-rolling

53
deployments/continuous-deployment-config/ocis_full/s3-rolling.yml
View File

@@ -1,53 +0,0 @@
---
- name: continuous-deployment-ocis-s3-rolling
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: ocis-team
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis-s3.rolling.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/kobergj.keys
- https://github.com/2403905.keys
- https://github.com/d7oc.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_full
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
OC_DOCKER_TAG: 6.6.1
OC_DOCKER_IMAGE: owncloud/ocis-rolling
OC_DOMAIN: ocis.ocis-s3.rolling.owncloud.works
COMPANION_DOMAIN: companion.ocis-s3.rolling.owncloud.works
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
WOPISERVER_DOMAIN: wopiserver.ocis-s3.rolling.owncloud.works
COLLABORA_DOMAIN: collabora.ocis-s3.rolling.owncloud.works
INBUCKET_DOMAIN: mail.ocis-s3.rolling.owncloud.works
MINIO_DOMAIN: minio.ocis-s3.rolling.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:ocis.yml:s3ng.yml:minio.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.rolling.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_full
OC_URL: ocis.ocis-s3.rolling.owncloud.works
OC_DEPLOYMENT_ID: continuous-deployment-ocis-s3-rolling

47
deployments/continuous-deployment-config/ocis_keycloak/rolling.yml
View File

@@ -1,47 +0,0 @@
---
- name: continuous-deployment-ocis-keycloak-rolling
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: ocis-team
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis-keycloak.rolling.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/kobergj.keys
- https://github.com/2403905.keys
- https://github.com/d7oc.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_keycloak
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
OC_DOCKER_TAG: 6.6.1
OC_DOCKER_IMAGE: owncloud/ocis-rolling
OC_DOMAIN: ocis.ocis-keycloak.rolling.owncloud.works
KEYCLOAK_DOMAIN: keycloak.ocis-keycloak.rolling.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-keycloak.rolling.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OC_URL: ocis.ocis-keycloak.rolling.owncloud.works
OC_DEPLOYMENT_ID: continuous-deployment-ocis-keycloak-rolling

47
deployments/continuous-deployment-config/ocis_ldap/rolling.yml
View File

@@ -1,47 +0,0 @@
---
- name: continuous-deployment-ocis-ldap-rolling
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: ocis-team
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis-ldap.rolling.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/kobergj.keys
- https://github.com/2403905.keys
- https://github.com/d7oc.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_ldap
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
OC_DOCKER_TAG: 6.6.1
OC_DOCKER_IMAGE: owncloud/ocis-rolling
OC_DOMAIN: ocis.ocis-ldap.rolling.owncloud.works
LDAP_MANAGER_DOMAIN: ldap.ocis-ldap.rolling.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-ldap.rolling.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OC_URL: ocis.ocis-ldap.rolling.owncloud.works
OC_DEPLOYMENT_ID: continuous-deployment-ocis-ldap-rolling

49
deployments/continuous-deployment-config/opencloud_full/master.yml Normal file
View File

@@ -0,0 +1,49 @@
---
- name: continuous-deployment-opencloud-master
server:
server_type: cx22
image: ubuntu-24.04
location: nbg1
initial_ssh_key_names:
- opencloud@drone.opencloud.com
labels:
owner: ocis-team
for: opencloud-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/opencloud_certs
domains:
- "*.ocis.main.opencloud.works"
vars:
ssh_authorized_keys:
- https://github.com/micbar.keys
docker_compose_projects:
- name: opencloud
git_url: https://github.com/opencloud-eu/opencloud.git
ref: main
docker_compose_path: deployments/examples/opencloud_full
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: devops@opencloud.eu
OC_DOCKER_TAG: main
OC_DOCKER_IMAGE: opencloud-eu/opencloud-rolling:main
OC_DOMAIN: cloud.main.opencloud.rocks
COMPANION_DOMAIN: companion.main.opencloud.rocks
COMPANION_IMAGE: transloadit/companion:5.5.0
WOPISERVER_DOMAIN: wopiserver.main.opencloud.rocks
COLLABORA_DOMAIN: collabora.main.opencloud.rocks
INBUCKET_DOMAIN: mail.main.opencloud.rocks
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:opencloud.yml:tika.yml:collabora.yml:web_extensions/extensions.yml:web_extensions/unzip.yml:web_extensions/importer.yml:inbucket.yml:monitoring_tracing/monitoring.yml
- name: monitoring
git_url: https://github.com/opencloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: opencloud-net
TELEMETRY_SERVE_DOMAIN: telemetry.main.opencloud.rocks
JAEGER_COLLECTOR: jaeger-collector.infra.opencloud.works:443
TELEGRAF_SPECIFIC_CONFIG: opencloud_full
OC_URL: opencloud.main.opencloud.rocks
OC_DEPLOYMENT_ID: continuous-deployment-opencloud-master

69
deployments/examples/oc10_ocis_parallel/.env
View File

@@ -1,69 +0,0 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
# The demo users should not be created on a production instance
# because their passwords are public
DEMO_USERS=false
### Traefik settings ###
TRAEFIK_LOG_LEVEL=
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### shared oCIS / oC10 settings ###
# Domain of oCIS / oC10, where you can find the frontend. Defaults to "cloud.owncloud.test"
CLOUD_DOMAIN=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OC_DOCKER_TAG=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OC_JWT_SECRET=
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
STORAGE_TRANSFER_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
OC_MACHINE_AUTH_API_KEY=
### oCIS settings ###
# oC10 version. Defaults to "latest"
OC10_DOCKER_TAG=
# client secret which the openidconnect app uses to authenticate to Keycloak. Defaults to "oc10-oidc-secret"
OC10_OIDC_CLIENT_SECRET=
# app which will be shown when opening the ownCloud 10 UI. Defaults to "files" but also could be set to "web"
OWNCLOUD_DEFAULT_APP=
# if set to "false" (default) links will be opened in the classic UI, if set to "true" ownCloud Web is used
OWNCLOUD_WEB_REWRITE_LINKS=
### LDAP settings ###
# password for the LDAP admin user "cn=admin,dc=owncloud,dc=com", defaults to "admin"
LDAP_ADMIN_PASSWORD=
# Domain of the LDAP management frontend. Defaults to "ldap.owncloud.test"
LDAP_MANAGER_DOMAIN=
### Keycloak ###
# Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test"
KEYCLOAK_DOMAIN=
# Realm which to be used with oCIS. Defaults to "oCIS"
KEYCLOAK_REALM=
# Admin user login name. Defaults to "admin"
KEYCLOAK_ADMIN_USER=
# Admin user login password. Defaults to "admin"
KEYCLOAK_ADMIN_PASSWORD=
# If you want to use debugging and tracing with this stack,
# you need uncomment following line. Please see documentation at
# https://owncloud.dev/ocis/deployment/monitoring-tracing/
#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
# If you want to use the testsuite with this stack,
# you need uncomment following line. Please see documentation at
# https://owncloud.dev/ocis/development/testing/
#COMPOSE_FILE=docker-compose.yml:testing/docker-compose-additions.yml

6
deployments/examples/oc10_ocis_parallel/README.md
View File

@@ -1,6 +0,0 @@
---
document this deployment example in docs/ocis/deployment/oc10_ocis_parallel.md
---
Please refer to [our documentation](https://owncloud.dev/ocis/deployment/oc10_ocis_parallel/)
for instructions on how to deploy this scenario.

63
deployments/examples/oc10_ocis_parallel/config/keycloak/clients/android_app.json
View File

@@ -1,63 +0,0 @@
{
"clientId": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD",
"name": "ownCloud Android app",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret" : "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD",
"redirectUris": [
"oc://android.owncloud.com"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"owncloud",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

64
deployments/examples/oc10_ocis_parallel/config/keycloak/clients/desktop_client.json
View File

@@ -1,64 +0,0 @@
{
"clientId": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
"name": "ownCloud desktop client",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret" : "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh",
"redirectUris": [
"http://127.0.0.1:*",
"http://localhost:*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"owncloud",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

63
deployments/examples/oc10_ocis_parallel/config/keycloak/clients/ios_app.json
View File

@@ -1,63 +0,0 @@
{
"clientId": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1",
"name": "ownCloud iOS app",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret" : "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx",
"redirectUris": [
"oc://ios.owncloud.com"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"owncloud",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

69
deployments/examples/oc10_ocis_parallel/config/keycloak/clients/oc10-web.json
View File

@@ -1,69 +0,0 @@
{
"clientId": "oc10-web",
"rootUrl": "https://cloud.owncloud.test",
"adminUrl": "https://cloud.owncloud.test",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://cloud.owncloud.test/*"
],
"webOrigins": [
"https://cloud.owncloud.test"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"id.token.as.detached.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"exclude.session.state.from.auth.response": "false",
"oidc.ciba.grant.enabled": "false",
"saml.artifact.binding": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"owncloud",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

69
deployments/examples/oc10_ocis_parallel/config/keycloak/clients/oc10.json
View File

@@ -1,69 +0,0 @@
{
"clientId": "oc10",
"rootUrl": "https://cloud.owncloud.test",
"adminUrl": "https://cloud.owncloud.test",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://cloud.owncloud.test/*"
],
"webOrigins": [
"https://cloud.owncloud.test"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"id.token.as.detached.signature": "false",
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"use.refresh.tokens": "true",
"exclude.session.state.from.auth.response": "false",
"oidc.ciba.grant.enabled": "false",
"saml.artifact.binding": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"owncloud",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

65
deployments/examples/oc10_ocis_parallel/config/keycloak/clients/ocis-web.json
View File

@@ -1,65 +0,0 @@
{
"clientId": "ocis-web",
"rootUrl": "https://cloud.owncloud.test",
"adminUrl": "https://cloud.owncloud.test",
"baseUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://cloud.owncloud.test/*"
],
"webOrigins": [
"https://cloud.owncloud.test"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"owncloud",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

12
deployments/examples/oc10_ocis_parallel/config/keycloak/docker-entrypoint-override.sh
View File

@@ -1,12 +0,0 @@
#!/bin/bash
printenv
# replace owncloud domain in keycloak realm import
cp /opt/jboss/keycloak/owncloud-realm.dist.json /opt/jboss/keycloak/owncloud-realm.json
sed -i "s/cloud.owncloud.test/${CLOUD_DOMAIN}/g" /opt/jboss/keycloak/owncloud-realm.json
sed -i "s/oc10-oidc-secret/${OC10_OIDC_CLIENT_SECRET}/g" /opt/jboss/keycloak/owncloud-realm.json
sed -i "s/ldap-bind-credential/${LDAP_ADMIN_PASSWORD}/g" /opt/jboss/keycloak/owncloud-realm.json
# run original docker-entrypoint
/opt/jboss/tools/docker-entrypoint.sh

2204
deployments/examples/oc10_ocis_parallel/config/keycloak/owncloud-realm.dist.json
View File

File diff suppressed because it is too large Load Diff

32
deployments/examples/oc10_ocis_parallel/config/ldap/ldif/10_owncloud_schema.ldif
View File

@@ -1,32 +0,0 @@
# This LDIF files describes the ownCloud schema
dn: cn=owncloud,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: owncloud
olcObjectIdentifier: ownCloudOid 1.3.6.1.4.1.39430
olcAttributeTypes: ( ownCloudOid:1.1.2 NAME 'ownCloudUUID'
DESC 'A non-reassignable and persistent account ID)'
EQUALITY uuidMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE )
olcAttributeTypes: ( ownCloudOid:1.1.3 NAME 'oCExternalIdentity'
DESC 'A triple separated by "$" representing the objectIdentity resource type of the Graph API ( signInType $ issuer $ issuerAssignedId )'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( ownCloudOid:1.1.4 NAME 'ownCloudUserEnabled'
DESC 'A boolean value indicating if ownCloudUser is enabled'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
olcAttributeTypes: ( ownCloudOid:1.1.5 NAME 'ownCloudUserType'
DESC 'User type (e.g. Member or Guest)'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: ( ownCloudOid:1.2.1 NAME 'ownCloud'
DESC 'ownCloud LDAP Schema'
AUXILIARY
MAY ( ownCloudUUID ) )
olcObjectClasses: ( ownCloudOid:1.2.2 NAME 'ownCloudUser'
DESC 'ownCloud User LDAP Schema'
SUP ownCloud
AUXILIARY
MAY ( ocExternalIdentity $ ownCloudUserEnabled $ ownCloudUserType ) )

109
deployments/examples/oc10_ocis_parallel/config/ldap/ldif/20_users.ldif
View File

@@ -1,109 +0,0 @@
dn: ou=users,dc=owncloud,dc=com
objectClass: organizationalUnit
ou: users
# Start dn with uid (user identifier / login), not cn (Firstname + Surname)
dn: uid=einstein,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloud
objectClass: person
objectClass: posixAccount
objectClass: top
uid: einstein
givenName: Albert
sn: Einstein
cn: einstein
displayName: Albert Einstein
description: A German-born theoretical physicist who developed the theory of relativity, one of the two pillars of modern physics (alongside quantum mechanics).
mail: einstein@example.org
uidNumber: 20000
gidNumber: 30000
homeDirectory: /home/einstein
ownCloudUUID:: NGM1MTBhZGEtYzg2Yi00ODE1LTg4MjAtNDJjZGY4MmMzZDUx
userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ==
ownCloudSelector: ocis
dn: uid=marie,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloud
objectClass: person
objectClass: posixAccount
objectClass: top
uid: marie
givenName: Marie
sn: Curie
cn: marie
displayName: Marie Skłodowska Curie
description: A Polish and naturalized-French physicist and chemist who conducted pioneering research on radioactivity.
mail: marie@example.org
uidNumber: 20001
gidNumber: 30000
homeDirectory: /home/marie
ownCloudUUID:: ZjdmYmY4YzgtMTM5Yi00Mzc2LWIzMDctY2YwYThjMmQwZDlj
userPassword:: e1NTSEF9UmFvQWs3TU9jRHBIUWY3bXN3MGhHNnVraFZQWnRIRlhOSUNNZEE9PQ==
ownCloudSelector: oc10
dn: uid=richard,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloud
objectClass: person
objectClass: posixAccount
objectClass: top
uid: richard
givenName: Richard
sn: Feynman
cn: richard
displayName: Richard Phillips Feynman
description: An American theoretical physicist, known for his work in the path integral formulation of quantum mechanics, the theory of quantum electrodynamics, the physics of the superfluidity of supercooled liquid helium, as well as his work in particle physics for which he proposed the parton model.
mail: richard@example.org
uidNumber: 20002
gidNumber: 30000
homeDirectory: /home/richard
ownCloudUUID:: OTMyYjQ1NDAtOGQxNi00ODFlLThlZjQtNTg4ZTRiNmIxNTFj
userPassword:: e1NTSEF9Z05LZTRreHdmOGRUREY5eHlhSmpySTZ3MGxSVUM1d1RGcWROTVE9PQ==
ownCloudSelector: ocis
dn: uid=moss,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloud
objectClass: person
objectClass: posixAccount
objectClass: top
uid: moss
givenName: Maurice
sn: Moss
cn: moss
displayName: Maurice Moss
description: A worker in the IT Department of Reynholm Industries. Of all the working staff in the IT Department, he is the most hard-working, the most experienced, and the most capable of doing his job well. He puts a lot of effort into his work, however he does not get the credit he deserves.
mail: moss@example.org
uidNumber: 20003
gidNumber: 30000
homeDirectory: /home/moss
ownCloudUUID:: MDU4YmZmOTUtNjcwOC00ZmU1LTkxZTQtOWVhM2QzNzc1ODhi
userPassword:: e1NTSEF9N0hEdTRoMkFDVExFWWt4U0RtSDZVQjhmUlpKRExDZDc=
ownCloudSelector: ocis
dn: uid=admin,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloud
objectClass: person
objectClass: posixAccount
objectClass: top
uid: admin
givenName: Admin
sn: Admin
cn: admin
displayName: Admin
description: An admin for this oCIS instance.
mail: admin@example.org
uidNumber: 20004
gidNumber: 30000
homeDirectory: /home/admin
ownCloudUUID:: ZGRjMjAwNGMtMDk3Ny0xMWViLTlkM2YtYTc5Mzg4OGNkMGY4
userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo=
ownCloudSelector: oc10

81
deployments/examples/oc10_ocis_parallel/config/ldap/ldif/30_groups.ldif
View File

@@ -1,81 +0,0 @@
dn: ou=groups,dc=owncloud,dc=com
objectClass: organizationalUnit
ou: groups
dn: cn=users,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: users
description: Users
ownCloudUUID:: NTA5YTlkY2QtYmIzNy00ZjRmLWEwMWEtMTlkY2EyN2Q5Y2Zh
member: uid=einstein,ou=users,dc=owncloud,dc=com
member: uid=marie,ou=users,dc=owncloud,dc=com
member: uid=richard,ou=users,dc=owncloud,dc=com
member: uid=moss,ou=users,dc=owncloud,dc=com
member: uid=admin,ou=users,dc=owncloud,dc=com
dn: cn=sailing-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: sailing-lovers
description: Sailing lovers
ownCloudUUID:: NjA0MGFhMTctOWM2NC00ZmVmLTliZDAtNzcyMzRkNzFiYWQw
member: uid=einstein,ou=users,dc=owncloud,dc=com
dn: cn=violin-haters,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: violin-haters
description: Violin haters
ownCloudUUID:: ZGQ1OGU1ZWMtODQyZS00OThiLTg4MDAtNjFmMmVjNmY5MTFm
member: uid=einstein,ou=users,dc=owncloud,dc=com
dn: cn=radium-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: radium-lovers
description: Radium lovers
ownCloudUUID:: N2I4N2ZkNDktMjg2ZS00YTVmLWJhZmQtYzUzNWQ1ZGQ5OTdh
member: uid=marie,ou=users,dc=owncloud,dc=com
dn: cn=polonium-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: polonium-lovers
description: Polonium lovers
ownCloudUUID:: Y2VkYzIxYWEtNDA3Mi00NjE0LTg2NzYtZmE5MTY1ZjU5OGZm
member: uid=marie,ou=users,dc=owncloud,dc=com
dn: cn=quantum-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: quantum-lovers
description: Quantum lovers
ownCloudUUID:: YTE3MjYxMDgtMDFmOC00YzMwLTg4ZGYtMmIxYTlkMWNiYTFh
member: uid=richard,ou=users,dc=owncloud,dc=com
dn: cn=philosophy-haters,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: philosophy-haters
description: Philosophy haters
ownCloudUUID:: MTY3Y2JlZTItMDUxOC00NTVhLWJmYjItMDMxZmUwNjIxZTVk
member: uid=richard,ou=users,dc=owncloud,dc=com
dn: cn=physics-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: physics-lovers
description: Physics lovers
ownCloudUUID:: MjYyOTgyYzEtMjM2Mi00YWZhLWJmZGYtOGNiZmVmNjRhMDZl
member: uid=einstein,ou=users,dc=owncloud,dc=com
member: uid=marie,ou=users,dc=owncloud,dc=com
member: uid=richard,ou=users,dc=owncloud,dc=com

40
deployments/examples/oc10_ocis_parallel/config/oc10/10-custom-config.sh
View File

@@ -1,40 +0,0 @@
#!/usr/bin/env bash
echo "Writing custom config files..."
# openidconnect
gomplate \
-f /etc/templates/oidc.config.php \
-o ${OWNCLOUD_VOLUME_CONFIG}/oidc.config.php
# we need at least version 2.1.0 of the openidconnect app
occ market:upgrade --major openidconnect
occ app:enable openidconnect
# user LDAP
gomplate \
-f /etc/templates/ldap-config.tmpl.json \
-o ${OWNCLOUD_VOLUME_CONFIG}/ldap-config.json
CONFIG=$(cat ${OWNCLOUD_VOLUME_CONFIG}/ldap-config.json)
occ config:import <<< $CONFIG
occ ldap:test-config "s01"
occ app:enable user_ldap
/bin/bash -c 'occ user:sync "OCA\User_LDAP\User_Proxy" -r -m remove'
cp /tmp/ldap-sync-cron /etc/cron.d
chown root:root /etc/cron.d/ldap-sync-cron
# ownCloud Web
gomplate \
-f /etc/templates/web.config.php \
-o ${OWNCLOUD_VOLUME_CONFIG}/web.config.php
gomplate \
-f /etc/templates/web-config.tmpl.json \
-o ${OWNCLOUD_VOLUME_CONFIG}/config.json
occ market:upgrade --major web
occ app:enable web
true

8
deployments/examples/oc10_ocis_parallel/config/oc10/11-testing-app.sh
View File

@@ -1,8 +0,0 @@
#!/usr/bin/env bash
# enable testing app
echo "Cloning and enabling testing app..."
git clone --depth 1 https://github.com/owncloud/testing.git /var/www/owncloud/apps/testing
occ app:enable testing
true

53
deployments/examples/oc10_ocis_parallel/config/oc10/ldap-config.tmpl.json
View File

@@ -1,53 +0,0 @@
{
"apps": {
"user_ldap": {
"s01has_memberof_filter_support": "0",
"s01home_folder_naming_rule": "",
"s01last_jpegPhoto_lookup": "0",
"s01ldap_agent_password": "{{ .Env.STORAGE_LDAP_BIND_PASSWORD | base64.Encode }}",
"s01ldap_attributes_for_group_search": "",
"s01ldap_attributes_for_user_search": "{{ .Env.LDAP_USERATTRIBUTEFILTERS }}",
"s01ldap_backup_host": "",
"s01ldap_backup_port": "",
"s01ldap_base_groups": "{{ .Env.LDAP_BASE_DN }}",
"s01ldap_base_users": "{{ .Env.LDAP_BASE_DN }}",
"s01ldap_base": "{{ .Env.LDAP_BASE_DN }}",
"s01ldap_cache_ttl": "60",
"s01ldap_configuration_active": "1",
"s01ldap_display_name": "{{ .Env.LDAP_USER_SCHEMA_DISPLAYNAME }}",
"s01ldap_dn": "{{ .Env.STORAGE_LDAP_BIND_DN }}",
"s01ldap_dynamic_group_member_url": "",
"s01ldap_email_attr": "{{ .Env.LDAP_USER_SCHEMA_MAIL }}",
"s01ldap_experienced_admin": "1",
"s01ldap_expert_username_attr": "{{ .Env.LDAP_USER_SCHEMA_NAME_ATTR }}",
"s01ldap_expert_uuid_group_attr": "",
"s01ldap_expert_uuid_user_attr": "{{ .Env.LDAP_USER_SCHEMA_UID }}",
"s01ldap_group_display_name": "{{ .Env.LDAP_GROUP_SCHEMA_DISPLAYNAME }}",
"s01ldap_group_filter_mode": "0",
"s01ldap_group_filter": "{{ .Env.LDAP_GROUP_FILTER }}",
"s01ldap_group_member_assoc_attribute": "{{ .Env.LDAP_GROUP_MEMBER_ASSOC_ATTR }}",
"s01ldap_groupfilter_groups": "",
"s01ldap_groupfilter_objectclass": "",
"s01ldap_host": "{{ .Env.LDAP_HOST }}",
"s01ldap_login_filter_mode": "0",
"s01ldap_login_filter": "{{ .Env.LDAP_LOGINFILTER }}",
"s01ldap_loginfilter_attributes": "",
"s01ldap_loginfilter_email": "1",
"s01ldap_loginfilter_username": "1",
"s01ldap_nested_groups": "0",
"s01ldap_override_main_server": "",
"s01ldap_paging_size": "100",
"s01ldap_port": "{{ .Env.LDAP_PORT }}",
"s01ldap_quota_attr": "",
"s01ldap_quota_def": "",
"s01ldap_tls": "0",
"s01ldap_turn_off_cert_check": "0",
"s01ldap_user_display_name_2": "",
"s01ldap_user_filter_mode": "0",
"s01ldap_userfilter_groups": "",
"s01ldap_userfilter_objectclass": "",
"s01ldap_userlist_filter": "{{ .Env.LDAP_USER_FILTER }}",
"s01use_memberof_to_detect_membership": "1"
}
}
}

1
deployments/examples/oc10_ocis_parallel/config/oc10/ldap-sync-cron
View File

@@ -1 +0,0 @@
*/1 * * * * www-data /bin/bash -c 'occ user:sync "OCA\User_LDAP\User_Proxy" -r -m remove'

22
deployments/examples/oc10_ocis_parallel/config/oc10/oidc.config.php
View File

@@ -1,22 +0,0 @@
<?php
# reference: https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/
function getOIDCConfigFromEnv() {
$config = [
'openid-connect' => [
'provider-url' => getenv('IDP_OIDC_ISSUER'),
'client-id' => 'oc10',
'client-secret' => getenv('IDP_OIDC_CLIENT_SECRET'),
'loginButtonName' => 'OpenId Connect',
'search-attribute' => 'preferred_username',
'mode' => 'userid',
'autoRedirectOnLoginPage' => true,
'insecure' => true,
'post_logout_redirect_uri' => 'https://' . getenv('CLOUD_DOMAIN'),
],
];
return $config;
}
$CONFIG = getOIDCConfigFromEnv();

35
deployments/examples/oc10_ocis_parallel/config/oc10/web-config.tmpl.json
View File

@@ -1,35 +0,0 @@
{
"server": "https://{{ .Env.CLOUD_DOMAIN }}",
"theme": "owncloud",
"openIdConnect": {
"metadata_url": "{{ .Env.IDP_OIDC_ISSUER }}/.well-known/openid-configuration",
"authority": "{{ .Env.IDP_OIDC_ISSUER }}",
"client_id": "oc10-web",
"response_type": "code",
"scope": "openid profile email"
},
"apps": ["files", "media-viewer", "search"],
"applications": [
{
"icon": "switch_ui",
"target": "_self",
"title": {
"en": "Classic Design",
"de": "Dateien",
"fr": "Fichiers",
"zh_CN": "文件"
},
"url": "https://{{ .Env.CLOUD_DOMAIN }}/index.php/apps/files"
},
{
"icon": "application",
"menu": "user",
"target": "_self",
"title": {
"de": "Einstellungen",
"en": "Settings"
},
"url": "https://{{ .Env.CLOUD_DOMAIN }}/index.php/settings/personal"
}
]
}

14
deployments/examples/oc10_ocis_parallel/config/oc10/web.config.php
View File

@@ -1,14 +0,0 @@
<?php
# reference: https://owncloud.dev/clients/web/deployments/oc10-app/
function getWebConfigFromEnv() {
$config = [
'web.baseUrl' => 'https://' . getenv('CLOUD_DOMAIN') . '/index.php/apps/web',
'web.rewriteLinks' => getenv('OWNCLOUD_WEB_REWRITE_LINKS') == 'true',
];
return $config;
}
$CONFIG = getWebConfigFromEnv();

61
deployments/examples/oc10_ocis_parallel/config/ocis/proxy.yaml
View File

@@ -1,61 +0,0 @@
---
policy_selector:
claims:
default_policy: oc10
unauthenticated_policy: oc10
policies:
- name: ocis
routes:
- endpoint: /
backend: http://localhost:9100
- endpoint: /.well-known/
backend: http://localhost:9130
- endpoint: /konnect/
backend: http://localhost:9130
- endpoint: /signin/
backend: http://localhost:9130
- endpoint: /archiver
backend: http://localhost:9140
- type: regex
endpoint: /ocs/v[12].php/cloud/user/signing-key
backend: http://localhost:9110
- endpoint: /ocs/
backend: http://localhost:9140
- type: query
endpoint: /remote.php/?preview=1
backend: http://localhost:9115
- method: REPORT
endpoint: /remote.php/dav/
backend: http://localhost:9115
- type: query
endpoint: /dav/?preview=1
backend: http://localhost:9115
- type: query
endpoint: /webdav/?preview=1
backend: http://localhost:9115
- endpoint: /remote.php/
service: eu.opencloud.web.ocdav
- endpoint: /dav/
service: eu.opencloud.web.ocdav
- endpoint: /webdav/
service: eu.opencloud.web.ocdav
- endpoint: /status.php
service: eu.opencloud.web.ocdav
- endpoint: /index.php/
service: eu.opencloud.web.ocdav
- endpoint: /apps/
service: eu.opencloud.web.ocdav
- endpoint: /data
backend: http://localhost:9140
- endpoint: /app/
backend: http://localhost:9140
- endpoint: /graph/
backend: http://localhost:9120
- endpoint: /api/v0/settings
backend: http://localhost:9190
- name: oc10
routes:
- endpoint: "/"
backend: http://oc10:8080
- endpoint: "/data"
backend: http://localhost:9140

345
deployments/examples/oc10_ocis_parallel/docker-compose.yml
View File

@@ -1,345 +0,0 @@
---
version: "3.7"
services:
traefik:
image: traefik:v2.9.1
networks:
ocis-net:
aliases:
- ${CLOUD_DOMAIN:-cloud.owncloud.test}
- ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# letsencrypt configuration
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
# enable dashboard
- "--api.dashboard=true"
# define entrypoints
- "--entryPoints.http.address=:80"
- "--entryPoints.http.http.redirections.entryPoint.to=https"
- "--entryPoints.http.http.redirections.entryPoint.scheme=https"
- "--entryPoints.https.address=:443"
# docker provider (get configuration from container labels)
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
# access log
- "--accessLog=true"
- "--accessLog.format=json"
- "--accessLog.fields.headers.names.X-Request-Id=keep"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.routers.traefik.tls.certresolver=http"
- "traefik.http.routers.traefik.service=api@internal"
logging:
driver: "local"
restart: always
ocis-init-volumes:
image: busybox
entrypoint:
- /bin/sh
# prepare the oCIS config volume for oCIS
command: ["-c", "chown -R 33:33 /etc/ocis /var/lib/ocis"]
volumes:
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
ocis:
image: owncloud/ocis:${OC_DOCKER_TAG:-latest}
networks:
ocis-net:
user: "33:33" # equals the user "www-data" for oC10
entrypoint:
- /bin/sh
# run ocis init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: ["-c", "ocis init || true; ocis server"]
#entrypoint:
# - /bin/sh
# - /entrypoint-override.sh
environment:
# Keycloak IDP specific configuration
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud}
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
WEB_OIDC_CLIENT_ID: ocis-web
WEB_OIDC_SCOPE: openid profile email owncloud
# external ldap is supposed to be read-only
GRAPH_IDENTITY_BACKEND: ldap
GRAPH_LDAP_SERVER_WRITE_ENABLED: "false"
# LDAP bind
OC_LDAP_URI: "ldaps://openldap"
OC_LDAP_INSECURE: "true"
OC_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
OC_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
# LDAP user settings
PROXY_USER_OIDC_CLAIM: ocis.user.uuid # claim was added in Keycloak
PROXY_USER_CS3_CLAIM: userid # equals LDAP_USER_SCHEMA_ID
OC_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
OC_LDAP_GROUP_SCHEMA_ID: "ownclouduuid"
OC_LDAP_GROUP_FILTER: "(objectclass=owncloud)"
OC_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
OC_LDAP_USER_SCHEMA_ID: "ownclouduuid"
OC_LDAP_USER_FILTER: "(objectclass=owncloud)"
# ownCloudSQL storage driver
STORAGE_USERS_DRIVER: "owncloudsql"
STORAGE_USERS_OWNCLOUDSQL_DATADIR: "/mnt/data/files"
STORAGE_USERS_OWNCLOUDSQL_SHARE_FOLDER: "/Shares"
STORAGE_USERS_OWNCLOUDSQL_LAYOUT: "{{.Username}}"
STORAGE_USERS_OWNCLOUDSQL_DB_USERNAME: "owncloud"
STORAGE_USERS_OWNCLOUDSQL_DB_PASSWORD: "owncloud"
STORAGE_USERS_OWNCLOUDSQL_DB_HOST: "oc10-db"
STORAGE_USERS_OWNCLOUDSQL_DB_PORT: 3306
STORAGE_USERS_OWNCLOUDSQL_DB_NAME: "owncloud"
# ownCloudSQL sharing driver
SHARING_USER_DRIVER: "owncloudsql"
SHARING_USER_OWNCLOUDSQL_DB_USERNAME: "owncloud"
SHARING_USER_OWNCLOUDSQL_DB_PASSWORD: "owncloud"
SHARING_USER_OWNCLOUDSQL_DB_HOST: "oc10-db"
SHARING_USER_OWNCLOUDSQL_DB_PORT: 3306
SHARING_USER_OWNCLOUDSQL_DB_NAME: "owncloud"
# ownCloud storage readonly
OC_STORAGE_READ_ONLY: "false" # TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303
# General oCIS config
# OC_RUN_SERVICES specifies to start all fullstack services except idm and idp. These are replaced by external services
OC_RUN_SERVICES: app-registry,app-provider,auth-basic,auth-machine,frontend,gateway,graph,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
OC_LOG_COLOR: "${OC_LOG_COLOR:-false}"
OC_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test}
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# INSECURE: needed if oCIS / Traefik is using self generated certificates
OC_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# password policies
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
volumes:
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
- ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
# shared volume with oC10
- oc10-data:/mnt/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=https"
- "traefik.http.routers.ocis.rule=Host(`${CLOUD_DOMAIN:-cloud.owncloud.test}`)"
- "traefik.http.routers.ocis.tls.certresolver=http"
- "traefik.http.routers.ocis.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: "local"
restart: always
oc10:
image: owncloud/server:${OC10_DOCKER_TAG:-latest}
networks:
ocis-net:
environment:
# make ownCloud Web the default frontend
OWNCLOUD_DEFAULT_APP: ${OWNCLOUD_DEFAULT_APP:-files} # can be switched to "web"
OWNCLOUD_WEB_REWRITE_LINKS: ${OWNCLOUD_WEB_REWRITE_LINKS:-false}
# script / config variables
IDP_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud}
IDP_OIDC_CLIENT_SECRET: ${OC10_OIDC_CLIENT_SECRET:-oc10-oidc-secret}
CLOUD_DOMAIN: ${CLOUD_DOMAIN:-cloud.owncloud.test}
# LDAP bind configuration
LDAP_HOST: "openldap"
LDAP_PORT: 389
STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
STORAGE_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
# LDAP user configuration
LDAP_BASE_DN: "dc=owncloud,dc=com"
LDAP_USER_SCHEMA_DISPLAYNAME: "displayname"
LDAP_LOGINFILTER: "(&(objectclass=owncloud)(|(uid=%uid)(mail=%uid)))"
LDAP_GROUP_SCHEMA_DISPLAYNAME: "cn"
LDAP_USER_SCHEMA_NAME_ATTR: "uid"
LDAP_GROUP_FILTER: "(&(objectclass=groupOfNames)(objectclass=owncloud))"
LDAP_USER_SCHEMA_UID: "ownclouduuid"
LDAP_USERATTRIBUTEFILTERS: "" #"ownclouduuid;cn;uid;mail"
LDAP_USER_SCHEMA_MAIL: "mail"
LDAP_USER_FILTER: "(&(objectclass=owncloud))"
LDAP_GROUP_MEMBER_ASSOC_ATTR: "uniqueMember"
# ownCloud config
OWNCLOUD_DB_TYPE: mysql
OWNCLOUD_DB_NAME: owncloud
OWNCLOUD_DB_USERNAME: owncloud
OWNCLOUD_DB_PASSWORD: owncloud
OWNCLOUD_DB_HOST: oc10-db
OWNCLOUD_ADMIN_USERNAME: admin
OWNCLOUD_ADMIN_PASSWORD: admin
OWNCLOUD_MYSQL_UTF8MB4: "true"
OWNCLOUD_REDIS_ENABLED: "true"
OWNCLOUD_REDIS_HOST: redis
OWNCLOUD_TRUSTED_PROXIES: ${CLOUD_DOMAIN:-cloud.owncloud.test}
OWNCLOUD_OVERWRITE_PROTOCOL: https
OWNCLOUD_OVERWRITE_HOST: ${CLOUD_DOMAIN:-cloud.owncloud.test}
OWNCLOUD_APPS_ENABLE: "openidconnect,oauth2,user_ldap,graphapi"
OWNCLOUD_LOG_LEVEL: 0
OWNCLOUD_LOG_FILE: /dev/stdout
volumes:
# oidc, ldap and web config
- ./config/oc10/oidc.config.php:/etc/templates/oidc.config.php
- ./config/oc10/ldap-config.tmpl.json:/etc/templates/ldap-config.tmpl.json
- ./config/oc10/ldap-sync-cron:/tmp/ldap-sync-cron
- ./config/oc10/web.config.php:/etc/templates/web.config.php
- ./config/oc10/web-config.tmpl.json:/etc/templates/web-config.tmpl.json
# config load script
- ./config/oc10/10-custom-config.sh:/etc/pre_server.d/10-custom-config.sh
# data persistence
- oc10-data:/mnt/data
logging:
driver: "local"
restart: always
keycloak:
# Keycloak WildFly distribution, Quarkus is not ready yet for automatic setup https://github.com/keycloak/keycloak/issues/10216
image: quay.io/keycloak/keycloak:legacy
networks:
ocis-net:
entrypoint: ["/bin/sh", "/opt/jboss/tools/docker-entrypoint-override.sh"]
volumes:
- ./config/keycloak/docker-entrypoint-override.sh:/opt/jboss/tools/docker-entrypoint-override.sh
- ./config/keycloak/owncloud-realm.dist.json:/opt/jboss/keycloak/owncloud-realm.dist.json
environment:
CLOUD_DOMAIN: ${CLOUD_DOMAIN:-cloud.owncloud.test}
OC10_OIDC_CLIENT_SECRET: ${OC10_OIDC_CLIENT_SECRET:-oc10-oidc-secret}
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
DB_VENDOR: POSTGRES
DB_ADDR: keycloak-db
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: keycloak
KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin}
KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
PROXY_ADDRESS_FORWARDING: "true"
KEYCLOAK_IMPORT: /opt/jboss/keycloak/owncloud-realm.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.entrypoints=https"
- "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}`)"
- "traefik.http.routers.keycloak.tls.certresolver=http"
- "traefik.http.routers.keycloak.service=keycloak"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
logging:
driver: "local"
restart: always
openldap:
image: osixia/openldap:latest
networks:
ocis-net:
command: --copy-service --loglevel debug
environment:
LDAP_TLS_VERIFY_CLIENT: never
LDAP_DOMAIN: owncloud.com
LDAP_ORGANISATION: ownCloud
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
LDAP_RFC2307BIS_SCHEMA: "true"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
volumes:
- ./config/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
logging:
driver: "local"
restart: always
ldap-manager:
image: osixia/phpldapadmin:0.9.0
networks:
ocis-net:
environment:
PHPLDAPADMIN_LDAP_HOSTS: openldap
PHPLDAPADMIN_HTTPS: "false"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ldap-manager.entrypoints=https"
- "traefik.http.routers.ldap-manager.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)"
- "traefik.http.routers.ldap-manager.tls.certresolver=http"
- "traefik.http.routers.ldap-manager.service=ldap-manager"
- "traefik.http.services.ldap-manager.loadbalancer.server.port=80"
logging:
driver: "local"
restart: always
keycloak-db:
image: postgres:alpine
networks:
ocis-net:
volumes:
- keycloak-postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
logging:
driver: "local"
restart: always
oc10-db:
image: mariadb:10.6
networks:
ocis-net:
environment:
- MYSQL_ROOT_PASSWORD=owncloud
- MYSQL_USER=owncloud
- MYSQL_PASSWORD=owncloud
- MYSQL_DATABASE=owncloud
command:
[
"--max-allowed-packet=128M",
"--innodb-log-file-size=64M",
"--innodb-read-only-compressed=OFF",
]
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=owncloud"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- oc10-mysql-data:/var/lib/mysql
logging:
driver: "local"
restart: always
redis:
networks:
ocis-net:
image: redis:6
command: ["--databases", "1"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
volumes:
- oc10-redis-data:/data
logging:
driver: "local"
restart: always
volumes:
certs:
ocis-config:
ocis-data:
keycloak-postgres-data:
oc10-mysql-data:
oc10-redis-data:
oc10-data:
oc10-tmp:
networks:
ocis-net:

13
deployments/examples/oc10_ocis_parallel/keycloak-export.sh
View File

@@ -1,13 +0,0 @@
#! /bin/bash
docker-compose exec keycloak \
sh -c "cd /opt/jboss/keycloak && \
timeout 60 bin/standalone.sh \
-Djboss.httin/standalone.sh \
-Djboss.socket.binding.port-offset=100 \
-Dkeycloak.migration.action=export \
-Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.realmName=owncloud \
-Dkeycloak.migration.file=owncloud-realm.json"
docker-compose exec keycloak \
cp /opt/jboss/keycloak/owncloud-realm.json /opt/jboss/keycloak/owncloud-realm.dist.json

18
deployments/examples/oc10_ocis_parallel/monitoring_tracing/docker-compose-additions.yml
View File

@@ -1,18 +0,0 @@
---
version: "3.7"
services:
ocis:
environment:
# tracing
OC_TRACING_ENABLED: "true"
OC_TRACING_TYPE: "jaeger"
OC_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
# if oCIS runs as a single process, all <debug>/metrics endpoints
# will expose the same metrics, so it's sufficient to query one endpoint
PROXY_DEBUG_ADDR: 0.0.0.0:9205
networks:
ocis-net:
external: true

19
deployments/examples/oc10_ocis_parallel/testing/docker-compose-additions.yml
View File

@@ -1,19 +0,0 @@
---
version: "3.7"
services:
ocis:
environment:
LDAP_GROUP_BASE_DN: "ou=TestGroups,dc=owncloud,dc=com"
LDAP_USER_BASE_DN: "ou=TestUsers,dc=owncloud,dc=com"
PROXY_ENABLE_BASIC_AUTH: "true"
oc10:
ports:
- 8080:8080
volumes:
- ./config/oc10/11-testing-app.sh:/etc/pre_server.d/11-testing-app.sh
openldap:
ports:
- 636:636

5
deployments/examples/ocis_full/config/ocis/banned-password-list.txt
View File

@@ -1,5 +0,0 @@
password
12345678
123
ownCloud
ownCloud-1

7
deployments/examples/ocis_full/debug-ocis.yml
View File

@@ -1,7 +0,0 @@
---
services:
ocis:
command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ]
ports:
- 40000:40000

14
deployments/examples/ocis_full/s3ng.yml
View File

@@ -1,14 +0,0 @@
---
services:
ocis:
environment:
# activate s3ng storage driver
STORAGE_USERS_DRIVER: s3ng
# keep system data on ocis storage since this are only small files atm
STORAGE_SYSTEM_DRIVER: ocis
# s3ng specific settings
STORAGE_USERS_S3NG_ENDPOINT: ${S3NG_ENDPOINT:-http://minio:9000}
STORAGE_USERS_S3NG_REGION: ${S3NG_REGION:-default}
STORAGE_USERS_S3NG_ACCESS_KEY: ${S3NG_ACCESS_KEY:-ocis}
STORAGE_USERS_S3NG_SECRET_KEY: ${S3NG_SECRET_KEY:-ocis-secret-key}
STORAGE_USERS_S3NG_BUCKET: ${S3NG_BUCKET:-ocis-bucket}

7
deployments/examples/ocis_full/web_extensions/extensions.yml
View File

@@ -1,7 +0,0 @@
services:
ocis:
volumes:
- ocis-apps:/var/lib/ocis/web/assets/apps
volumes:
ocis-apps:

33
deployments/examples/ocis_hello/.env
View File

@@ -1,33 +0,0 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OC_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OC_DOMAIN=
# oCIS admin user password. Defaults to "admin".
ADMIN_PASSWORD=
# The demo users should not be created on a production instance
# because their passwords are public. Defaults to "false".
DEMO_USERS=
### oCIS Hello settings ###
# oCIS Hello version. Defaults to "latest"
OC_HELLO_DOCKER_TAG=
# If you want to use debugging and tracing with this stack,
# you need uncomment following line. Please see documentation at
# https://owncloud.dev/ocis/deployment/monitoring-tracing/
#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

6
deployments/examples/ocis_hello/README.md
View File

@@ -1,6 +0,0 @@
---
document this deployment example in: docs/ocis/deployment/ocis_hello.md
---
Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_hello/)
for instructions on how to deploy this scenario.

5
deployments/examples/ocis_hello/config/ocis/banned-password-list.txt
View File

@@ -1,5 +0,0 @@
password
12345678
123
ownCloud
ownCloud-1

60
deployments/examples/ocis_hello/config/ocis/proxy.yaml
View File

@@ -1,60 +0,0 @@
policy_selector:
static:
policy: ocis
policies:
- name: ocis
routes:
# defaults, taken from https://owncloud.dev/services/proxy/configuration/
- endpoint: /
backend: http://localhost:9100
- endpoint: /.well-known/
backend: http://localhost:9130
- endpoint: /konnect/
backend: http://localhost:9130
- endpoint: /signin/
backend: http://localhost:9130
- endpoint: /archiver
backend: http://localhost:9140
- type: regex
endpoint: /ocs/v[12].php/cloud/user/signing-key
backend: http://localhost:9110
- endpoint: /ocs/
backend: http://localhost:9140
- type: query
endpoint: /remote.php/?preview=1
backend: http://localhost:9115
- method: REPORT
endpoint: /remote.php/dav/
backend: http://localhost:9115
- type: query
endpoint: /dav/?preview=1
backend: http://localhost:9115
- type: query
endpoint: /webdav/?preview=1
backend: http://localhost:9115
- endpoint: /remote.php/
service: eu.opencloud.web.ocdav
- endpoint: /dav/
service: eu.opencloud.web.ocdav
- endpoint: /webdav/
service: eu.opencloud.web.ocdav
- endpoint: /status.php
service: eu.opencloud.web.ocdav
- endpoint: /index.php/
service: eu.opencloud.web.ocdav
- endpoint: /apps/
service: eu.opencloud.web.ocdav
- endpoint: /data
backend: http://localhost:9140
- endpoint: /app/
backend: http://localhost:9140
- endpoint: /graph/
backend: http://localhost:9120
- endpoint: /api/v0/settings
backend: http://localhost:9190
# oCIS Hello specific routes
- endpoint: "/api/v0/greet"
backend: http://ocis-hello:9105
- endpoint: "/hello.js"
backend: http://ocis-hello:9105

5
deployments/examples/ocis_hello/config/ocis/web.yaml
View File

@@ -1,5 +0,0 @@
web:
config:
external_apps:
- id: hello
path: /hello.js

109
deployments/examples/ocis_hello/docker-compose.yml
View File

@@ -1,109 +0,0 @@
---
version: "3.7"
services:
traefik:
image: traefik:v2.9.1
networks:
ocis-net:
aliases:
- ${OC_DOMAIN:-ocis.owncloud.test}
command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# letsencrypt configuration
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
# enable dashboard
- "--api.dashboard=true"
# define entrypoints
- "--entryPoints.http.address=:80"
- "--entryPoints.http.http.redirections.entryPoint.to=https"
- "--entryPoints.http.http.redirections.entryPoint.scheme=https"
- "--entryPoints.https.address=:443"
# docker provider (get configuration from container labels)
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
# access log
- "--accessLog=true"
- "--accessLog.format=json"
- "--accessLog.fields.headers.names.X-Request-Id=keep"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.routers.traefik.tls.certresolver=http"
- "traefik.http.routers.traefik.service=api@internal"
logging:
driver: "local"
restart: always
ocis:
image: owncloud/ocis:${OC_DOCKER_TAG:-latest}
networks:
ocis-net:
entrypoint:
- /bin/sh
# run ocis init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: ["-c", "ocis init || true; ocis server"]
environment:
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
OC_LOG_COLOR: "${OC_LOG_COLOR:-false}"
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# make settings service available to oCIS Hello
SETTINGS_GRPC_ADDR: 0.0.0.0:9191
# INSECURE: needed if oCIS / Traefik is using self generated certificates
OC_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# admin user password
IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
# demo users
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
# password policies
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
volumes:
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
- ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
- ./config/ocis/web.yaml:/etc/ocis/web.yaml
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=https"
- "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis.tls.certresolver=http"
- "traefik.http.routers.ocis.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: "local"
restart: always
ocis-hello:
image: owncloud/ocis-hello:${OC_HELLO_DOCKER_TAG:-latest}
networks:
ocis-net:
environment:
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
logging:
driver: "local"
restart: always
volumes:
certs:
ocis-config:
ocis-data:
networks:
ocis-net:

18
deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml
View File

@@ -1,18 +0,0 @@
---
version: "3.7"
services:
ocis:
environment:
# tracing
OC_TRACING_ENABLED: "true"
OC_TRACING_TYPE: "jaeger"
OC_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
# if oCIS runs as a single process, all <debug>/metrics endpoints
# will expose the same metrics, so it's sufficient to query one endpoint
PROXY_DEBUG_ADDR: 0.0.0.0:9205
networks:
ocis-net:
external: true

41
deployments/examples/ocis_keycloak/.env
View File

@@ -1,41 +0,0 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
# The demo users should not be created on a production instance
# because their passwords are public
DEMO_USERS=false
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OC_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OC_DOMAIN=
# owncloud Web openid connect client id. Defaults to "web"
OC_OIDC_CLIENT_ID=
### Keycloak ###
# Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test"
KEYCLOAK_DOMAIN=
# Realm which to be used with oCIS. Defaults to "oCIS"
KEYCLOAK_REALM=
# Admin user login name. Defaults to "admin"
KEYCLOAK_ADMIN_USER=
# Admin user login password. Defaults to "admin"
KEYCLOAK_ADMIN_PASSWORD=
# If you want to use debugging and tracing with this stack,
# you need uncomment following line. Please see documentation at
# https://owncloud.dev/ocis/deployment/monitoring-tracing/
#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

6
deployments/examples/ocis_keycloak/README.md
View File

@@ -1,6 +0,0 @@
---
document this deployment example in: docs/ocis/deployment/ocis_keycloak.md
---
Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_keycloak/)
for instructions on how to deploy this scenario.

64
deployments/examples/ocis_keycloak/config/keycloak/clients/android_app.json
View File

@@ -1,64 +0,0 @@
{
"clientId": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD",
"name": "ownCloud Android app",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD",
"redirectUris": [
"oc://android.owncloud.com"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"post.logout.redirect.uris": "+",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"groups",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

67
deployments/examples/ocis_keycloak/config/keycloak/clients/cyberduck.json
View File

@@ -1,67 +0,0 @@
{
"clientId": "3keLfua0olYvW1zKXTDB3OjAMPEYWEQNuiscli395GKJOiPnPURNQWGvGCJZf4Hw",
"name": "Cyberduck",
"description": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "yoqICbLIeYbpZPqDH4D8k4NKb04HqnrWBntEeVZEQ5gO1RmaUlln0Aqu1dj2UoF4",
"redirectUris": [
"x-cyberduck-action:oauth",
"x-mountainduck-action:oauth"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"groups",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

65
deployments/examples/ocis_keycloak/config/keycloak/clients/desktop_client.json
View File

@@ -1,65 +0,0 @@
{
"clientId": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
"name": "ownCloud Desktop Client",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh",
"redirectUris": [
"http://127.0.0.1:*",
"http://localhost:*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"post.logout.redirect.uris": "+",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"groups",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

64
deployments/examples/ocis_keycloak/config/keycloak/clients/ios_app.json
View File

@@ -1,64 +0,0 @@
{
"clientId": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1",
"name": "ownCloud iOS app",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx",
"redirectUris": [
"oc://ios.owncloud.com"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"post.logout.redirect.uris": "+",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"groups",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

72
deployments/examples/ocis_keycloak/config/keycloak/clients/web.json
View File

@@ -1,72 +0,0 @@
{
"clientId": "web",
"name": "",
"description": "",
"rootUrl": "https://ocis.owncloud.test",
"adminUrl": "https://ocis.owncloud.test",
"baseUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://ocis.owncloud.test/*"
],
"webOrigins": [
"https://ocis.owncloud.test"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"post.logout.redirect.uris": "+",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.url": "https://ocis.owncloud.test/backchannel_logout",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"groups",
"basic",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

8
deployments/examples/ocis_keycloak/config/keycloak/docker-entrypoint-override.sh
View File

@@ -1,8 +0,0 @@
#!/bin/bash
printenv
# replace oCIS domain in keycloak realm import
mkdir /opt/keycloak/data/import
sed -e "s/ocis.owncloud.test/${OC_DOMAIN}/g" /opt/keycloak/data/import-dist/ocis-realm.json > /opt/keycloak/data/import/ocis-realm.json
# run original docker-entrypoint
/opt/keycloak/bin/kc.sh "$@"

2793
deployments/examples/ocis_keycloak/config/keycloak/ocis-realm.dist.json
View File

File diff suppressed because it is too large Load Diff

5
deployments/examples/ocis_keycloak/config/ocis/banned-password-list.txt
View File

@@ -1,5 +0,0 @@
password
12345678
123
ownCloud
ownCloud-1

37
deployments/examples/ocis_keycloak/config/ocis/csp.yaml
View File

@@ -1,37 +0,0 @@
directives:
child-src:
- '''self'''
connect-src:
- '''self'''
- 'blob:'
- 'https://raw.githubusercontent.com/owncloud/awesome-ocis/'
# In contrary to bash and docker the default is given after the | character
- 'https://${KEYCLOAK_DOMAIN|keycloak.owncloud.test}/'
default-src:
- '''none'''
font-src:
- '''self'''
frame-ancestors:
- '''none'''
frame-src:
- '''self'''
- 'blob:'
- 'https://embed.diagrams.net/'
img-src:
- '''self'''
- 'data:'
- 'blob:'
- 'https://raw.githubusercontent.com/owncloud/awesome-ocis/'
manifest-src:
- '''self'''
media-src:
- '''self'''
object-src:
- '''self'''
- 'blob:'
script-src:
- '''self'''
- '''unsafe-inline'''
style-src:
- '''self'''
- '''unsafe-inline'''

153
deployments/examples/ocis_keycloak/docker-compose.yml
View File

@@ -1,153 +0,0 @@
---
version: "3.7"
services:
traefik:
image: traefik:v2.9.1
networks:
ocis-net:
aliases:
- ${OC_DOMAIN:-ocis.owncloud.test}
- ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# letsencrypt configuration
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
# enable dashboard
- "--api.dashboard=true"
# define entrypoints
- "--entryPoints.http.address=:80"
- "--entryPoints.http.http.redirections.entryPoint.to=https"
- "--entryPoints.http.http.redirections.entryPoint.scheme=https"
- "--entryPoints.https.address=:443"
# docker provider (get configuration from container labels)
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
# access log
- "--accessLog=true"
- "--accessLog.format=json"
- "--accessLog.fields.headers.names.X-Request-Id=keep"
ports:
- "80:80"
- "443:443"
volumes:
- "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.routers.traefik.tls.certresolver=http"
- "traefik.http.routers.traefik.service=api@internal"
logging:
driver: ${LOG_DRIVER:-local}
restart: always
ocis:
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
networks:
ocis-net:
entrypoint:
- /bin/sh
# run ocis init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: ["-c", "ocis init || true; ocis server"]
environment:
# Keycloak IDP specific configuration
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/realms/${KEYCLOAK_REALM:-oCIS}
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
# general config
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
OC_LOG_COLOR: "${OC_LOG_COLOR:-false}"
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
PROXY_USER_OIDC_CLAIM: "preferred_username"
PROXY_USER_CS3_CLAIM: "username"
# INSECURE: needed if oCIS / Traefik is using self generated certificates
OC_INSECURE: "${INSECURE:-false}"
OC_ADMIN_USER_ID: ""
OC_EXCLUDE_RUN_SERVICES: "idp"
GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
GRAPH_USERNAME_MATCH: "none"
# password policies
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml
KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
volumes:
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
- ./config/ocis/csp.yaml:/etc/ocis/csp.yaml
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=https"
- "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis.tls.certresolver=http"
- "traefik.http.routers.ocis.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: ${LOG_DRIVER:-local}
restart: always
postgres:
image: postgres:alpine
networks:
ocis-net:
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
logging:
driver: ${LOG_DRIVER:-local}
restart: always
keycloak:
image: quay.io/keycloak/keycloak:25.0.0
networks:
ocis-net:
command: ["start", "--proxy=edge", "--spi-connections-http-client-default-disable-trust-manager=${INSECURE:-false}", "--import-realm"]
entrypoint: ["/bin/sh", "/opt/keycloak/bin/docker-entrypoint-override.sh"]
volumes:
- "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh"
- "./config/keycloak/ocis-realm.dist.json:/opt/keycloak/data/import-dist/ocis-realm.json"
environment:
OC_DOMAIN: ${OC_DOMAIN:-ocis.owncloud.test}
KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
KC_DB: postgres
KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: keycloak
KC_FEATURES: impersonation
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER:-admin}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.entrypoints=https"
- "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}`)"
- "traefik.http.routers.keycloak.tls.certresolver=http"
- "traefik.http.routers.keycloak.service=keycloak"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
depends_on:
- postgres
logging:
driver: ${LOG_DRIVER:-local}
restart: always
volumes:
certs:
ocis-config:
ocis-data:
keycloak_postgres_data:
networks:
ocis-net:

18
deployments/examples/ocis_keycloak/monitoring_tracing/docker-compose-additions.yml
View File

@@ -1,18 +0,0 @@
---
version: "3.7"
services:
ocis:
environment:
# tracing
OC_TRACING_ENABLED: "true"
OC_TRACING_TYPE: "jaeger"
OC_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
# if oCIS runs as a single process, all <debug>/metrics endpoints
# will expose the same metrics, so it's sufficient to query one endpoint
PROXY_DEBUG_ADDR: 0.0.0.0:9205
networks:
ocis-net:
external: true

43
deployments/examples/ocis_ldap/.env
View File

@@ -1,43 +0,0 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
# The demo users should not be created on a production instance
# because their passwords are public
DEMO_USERS=true
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OC_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OC_DOMAIN=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OC_JWT_SECRET=
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
STORAGE_TRANSFER_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
OC_MACHINE_AUTH_API_KEY=
### LDAP server settings ###
# Password of LDAP user "cn=admin,dc=owncloud,dc=com". Defaults to "admin"
LDAP_ADMIN_PASSWORD=
### LDAP manager settings ###
# Domain of LDAP manager. Defaults to "ldap.owncloud.test"
LDAP_MANAGER_DOMAIN=
# If you want to use debugging and tracing with this stack,
# you need uncomment following line. Please see documentation at
# https://owncloud.dev/ocis/deployment/monitoring-tracing/
#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

6
deployments/examples/ocis_ldap/README.md
View File

@@ -1,6 +0,0 @@
---
document this deployment example in docs/ocis/deployment/ocis_ldap.md
---
Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_ldap/)
for instructions on how to deploy this scenario.

9
deployments/examples/ocis_ldap/config/ldap/docker-entrypoint-override.sh
View File

@@ -1,9 +0,0 @@
#!/bin/bash
printenv
if [ ! -f /opt/bitnami/openldap/share/openldap.key ]
then
openssl req -x509 -newkey rsa:4096 -keyout /opt/bitnami/openldap/share/openldap.key -out /opt/bitnami/openldap/share/openldap.crt -sha256 -days 365 -batch -nodes
fi
# run original docker-entrypoint
/opt/bitnami/scripts/openldap/entrypoint.sh "$@"

13
deployments/examples/ocis_ldap/config/ldap/ldif/10_base.ldif
View File

@@ -1,13 +0,0 @@
dn: dc=owncloud,dc=com
objectClass: organization
objectClass: dcObject
dc: owncloud
o: ownCloud
dn: ou=users,dc=owncloud,dc=com
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=owncloud,dc=com
objectClass: organizationalUnit
ou: groups

100
deployments/examples/ocis_ldap/config/ldap/ldif/20_users.ldif
View File

@@ -1,100 +0,0 @@
# Start dn with uid (user identifier / login), not cn (Firstname + Surname)
dn: uid=einstein,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloudUser
objectClass: person
objectClass: posixAccount
objectClass: top
uid: einstein
givenName: Albert
sn: Einstein
cn: einstein
displayName: Albert Einstein
description: A German-born theoretical physicist who developed the theory of relativity, one of the two pillars of modern physics (alongside quantum mechanics).
mail: einstein@example.org
uidNumber: 20000
gidNumber: 30000
homeDirectory: /home/einstein
ownCloudUUID: 4c510ada-c86b-4815-8820-42cdf82c3d51
userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ==
dn: uid=marie,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloudUser
objectClass: person
objectClass: posixAccount
objectClass: top
uid: marie
givenName: Marie
sn: Curie
cn: marie
displayName: Marie Skłodowska Curie
description: A Polish and naturalized-French physicist and chemist who conducted pioneering research on radioactivity.
mail: marie@example.org
uidNumber: 20001
gidNumber: 30000
homeDirectory: /home/marie
ownCloudUUID: f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c
userPassword:: e1NTSEF9UmFvQWs3TU9jRHBIUWY3bXN3MGhHNnVraFZQWnRIRlhOSUNNZEE9PQ==
dn: uid=richard,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloudUser
objectClass: person
objectClass: posixAccount
objectClass: top
uid: richard
givenName: Richard
sn: Feynman
cn: richard
displayName: Richard Phillips Feynman
description: An American theoretical physicist, known for his work in the path integral formulation of quantum mechanics, the theory of quantum electrodynamics, the physics of the superfluidity of supercooled liquid helium, as well as his work in particle physics for which he proposed the parton model.
mail: richard@example.org
uidNumber: 20002
gidNumber: 30000
homeDirectory: /home/richard
ownCloudUUID: 932b4540-8d16-481e-8ef4-588e4b6b151c
userPassword:: e1NTSEF9Z05LZTRreHdmOGRUREY5eHlhSmpySTZ3MGxSVUM1d1RGcWROTVE9PQ==
dn: uid=moss,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloudUser
objectClass: person
objectClass: posixAccount
objectClass: top
uid: moss
givenName: Maurice
sn: Moss
cn: moss
displayName: Maurice Moss
description: A worker in the IT Department of Reynholm Industries. Of all the working staff in the IT Department, he is the most hard-working, the most experienced, and the most capable of doing his job well. He puts a lot of effort into his work, however he does not get the credit he deserves.
mail: moss@example.org
uidNumber: 20003
gidNumber: 30000
homeDirectory: /home/moss
ownCloudUUID: 058bff95-6708-4fe5-91e4-9ea3d377588b
userPassword:: e1NTSEF9N0hEdTRoMkFDVExFWWt4U0RtSDZVQjhmUlpKRExDZDc=
dn: uid=admin,ou=users,dc=owncloud,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: ownCloudUser
objectClass: person
objectClass: posixAccount
objectClass: top
uid: admin
givenName: Admin
sn: Admin
cn: admin
displayName: Admin
description: An admin for this oCIS instance.
mail: admin@example.org
uidNumber: 20004
gidNumber: 30000
homeDirectory: /home/admin
ownCloudUUID: ddc2004c-0977-11eb-9d3f-a793888cd0f8
userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo=

77
deployments/examples/ocis_ldap/config/ldap/ldif/30_groups.ldif
View File

@@ -1,77 +0,0 @@
dn: cn=users,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: users
description: Users
ownCloudUUID: 509a9dcd-bb37-4f4f-a01a-19dca27d9cfa
member: uid=einstein,ou=users,dc=owncloud,dc=com
member: uid=marie,ou=users,dc=owncloud,dc=com
member: uid=richard,ou=users,dc=owncloud,dc=com
member: uid=moss,ou=users,dc=owncloud,dc=com
member: uid=admin,ou=users,dc=owncloud,dc=com
dn: cn=sailing-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: sailing-lovers
description: Sailing lovers
ownCloudUUID: 6040aa17-9c64-4fef-9bd0-77234d71bad0
member: uid=einstein,ou=users,dc=owncloud,dc=com
dn: cn=violin-haters,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: violin-haters
description: Violin haters
ownCloudUUID: dd58e5ec-842e-498b-8800-61f2ec6f911f
member: uid=einstein,ou=users,dc=owncloud,dc=com
dn: cn=radium-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: radium-lovers
description: Radium lovers
ownCloudUUID: 7b87fd49-286e-4a5f-bafd-c535d5dd997a
member: uid=marie,ou=users,dc=owncloud,dc=com
dn: cn=polonium-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: polonium-lovers
description: Polonium lovers
ownCloudUUID: cedc21aa-4072-4614-8676-fa9165f598ff
member: uid=marie,ou=users,dc=owncloud,dc=com
dn: cn=quantum-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: quantum-lovers
description: Quantum lovers
ownCloudUUID: a1726108-01f8-4c30-88df-2b1a9d1cba1a
member: uid=richard,ou=users,dc=owncloud,dc=com
dn: cn=philosophy-haters,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: philosophy-haters
description: Philosophy haters
ownCloudUUID: 167cbee2-0518-455a-bfb2-031fe0621e5d
member: uid=richard,ou=users,dc=owncloud,dc=com
dn: cn=physics-lovers,ou=groups,dc=owncloud,dc=com
objectClass: groupOfNames
objectClass: ownCloud
objectClass: top
cn: physics-lovers
description: Physics lovers
ownCloudUUID: 262982c1-2362-4afa-bfdf-8cbfef64a06e
member: uid=einstein,ou=users,dc=owncloud,dc=com
member: uid=marie,ou=users,dc=owncloud,dc=com
member: uid=richard,ou=users,dc=owncloud,dc=com

37
deployments/examples/ocis_ldap/config/ldap/schemas/10_owncloud_schema.ldif
View File

@@ -1,37 +0,0 @@
# This LDIF files describes the ownCloud schema
dn: cn=owncloud,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: owncloud
olcObjectIdentifier: ownCloudOid 1.3.6.1.4.1.39430
olcAttributeTypes: ( ownCloudOid:1.1.2 NAME 'ownCloudUUID'
DESC 'A non-reassignable and persistent account ID)'
EQUALITY uuidMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE )
olcAttributeTypes: ( ownCloudOid:1.1.3 NAME 'oCExternalIdentity'
DESC 'A triple separated by "$" representing the objectIdentity resource type of the Graph API ( signInType $ issuer $ issuerAssignedId )'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( ownCloudOid:1.1.4 NAME 'ownCloudUserEnabled'
DESC 'A boolean value indicating if ownCloudUser is enabled'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE)
olcAttributeTypes: ( ownCloudOid:1.1.5 NAME 'ownCloudUserType'
DESC 'User type (e.g. Member or Guest)'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( ownCloudOid:1.1.6 NAME 'ocLastSignInTimestamp'
DESC 'The timestamp of the last sign-in'
EQUALITY generalizedTimeMatch
ORDERING generalizedTimeOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
olcObjectClasses: ( ownCloudOid:1.2.1 NAME 'ownCloud'
DESC 'ownCloud LDAP Schema'
AUXILIARY
MAY ( ownCloudUUID ) )
olcObjectClasses: ( ownCloudOid:1.2.2 NAME 'ownCloudUser'
DESC 'ownCloud User LDAP Schema'
SUP ownCloud
AUXILIARY
MAY ( ocExternalIdentity $ ownCloudUserEnabled $ ownCloudUserType $ ocLastSignInTimestamp) )

5
deployments/examples/ocis_ldap/config/ocis/banned-password-list.txt
View File

@@ -1,5 +0,0 @@
password
12345678
123
ownCloud
ownCloud-1

162
deployments/examples/ocis_ldap/docker-compose.yml
View File

@@ -1,162 +0,0 @@
---
version: "3.7"
services:
traefik:
image: traefik:v2.9.1
networks:
ocis-net:
aliases:
- ${OC_DOMAIN:-ocis.owncloud.test}
command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# letsencrypt configuration
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
# enable dashboard
- "--api.dashboard=true"
# define entrypoints
- "--entryPoints.http.address=:80"
- "--entryPoints.http.http.redirections.entryPoint.to=https"
- "--entryPoints.http.http.redirections.entryPoint.scheme=https"
- "--entryPoints.https.address=:443"
# docker provider (get configuration from container labels)
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
# access log
- "--accessLog=true"
- "--accessLog.format=json"
- "--accessLog.fields.headers.names.X-Request-Id=keep"
ports:
- "80:80"
- "443:443"
volumes:
- "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.routers.traefik.tls.certresolver=http"
- "traefik.http.routers.traefik.service=api@internal"
logging:
driver: ${LOG_DRIVER:-local}
restart: always
ocis:
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
networks:
ocis-net:
depends_on:
- ldap-server
entrypoint:
- /bin/sh
# run ocis init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: [ "-c", "ocis init || true; ocis server" ]
environment:
# users/groups from ldap
OC_LDAP_URI: ldaps://ldap-server:1636
OC_LDAP_INSECURE: "true"
OC_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
OC_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
OC_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
OC_LDAP_GROUP_FILTER: "(objectclass=owncloud)"
OC_LDAP_GROUP_OBJECTCLASS: "groupOfNames"
OC_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
OC_LDAP_USER_FILTER: "(objectclass=owncloud)"
OC_LDAP_USER_OBJECTCLASS: "inetOrgPerson"
LDAP_LOGIN_ATTRIBUTES: "uid"
OC_ADMIN_USER_ID: "ddc2004c-0977-11eb-9d3f-a793888cd0f8"
IDP_LDAP_LOGIN_ATTRIBUTE: "uid"
IDP_LDAP_UUID_ATTRIBUTE: "ownclouduuid"
IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary
GRAPH_LDAP_SERVER_WRITE_ENABLED: "true" # assuming the external ldap is writable
GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled.
# OC_RUN_SERVICES specifies to start all services except glauth, idm and accounts. These are replaced by external services
OC_EXCLUDE_RUN_SERVICES: idm
# General oCIS config
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
OC_LOG_COLOR: "${OC_LOG_COLOR:-false}"
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# INSECURE: needed if oCIS / Traefik is using self generated certificates
OC_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# password policies
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
volumes:
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=https"
- "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis.tls.certresolver=http"
- "traefik.http.routers.ocis.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: ${LOG_DRIVER:-local}
restart: always
ldap-server:
image: bitnami/openldap:2.6
networks:
ocis-net:
entrypoint: ["/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ]
environment:
BITNAMI_DEBUG: true
LDAP_TLS_VERIFY_CLIENT: never
LDAP_ENABLE_TLS: "yes"
LDAP_TLS_CA_FILE: /opt/bitnami/openldap/share/openldap.crt
LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/share/openldap.crt
LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/share/openldap.key
LDAP_ROOT: "dc=owncloud,dc=com"
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
ports:
- "127.0.0.1:389:1389"
- "127.0.0.1:636:1636"
volumes:
- ./config/ldap/ldif:/ldifs
- ./config/ldap/schemas:/schemas
- ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
- ldap-certs:/opt/bitnami/openldap/share
- ldap-data:/bitnami/openldap
logging:
driver: ${LOG_DRIVER:-local}
restart: always
ldap-manager:
image: osixia/phpldapadmin:latest
networks:
ocis-net:
environment:
PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap-server': [{'server': [{'port': 1389}]}]}]"
PHPLDAPADMIN_HTTPS: "false"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ldap-manager.entrypoints=https"
- "traefik.http.routers.ldap-manager.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)"
- "traefik.http.routers.ldap-manager.tls.certresolver=http"
- "traefik.http.routers.ldap-manager.service=ldap-manager"
- "traefik.http.services.ldap-manager.loadbalancer.server.port=80"
logging:
driver: ${LOG_DRIVER:-local}
restart: always
volumes:
certs:
ldap-certs:
ocis-config:
ocis-data:
ldap-data:
networks:
ocis-net:

18
deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml
View File

@@ -1,18 +0,0 @@
---
version: "3.7"
services:
ocis:
environment:
# tracing
OC_TRACING_ENABLED: "true"
OC_TRACING_TYPE: "jaeger"
OC_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
# if oCIS runs as a single process, all <debug>/metrics endpoints
# will expose the same metrics, so it's sufficient to query one endpoint
PROXY_DEBUG_ADDR: 0.0.0.0:9205
networks:
ocis-net:
external: true

82
deployments/examples/ocis_full/.env → deployments/examples/opencloud_full/.env
View File

@@ -14,7 +14,7 @@ INSECURE=true
# Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard.
# Defaults to "traefik.owncloud.test"
# Defaults to "traefik.opencloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the traefik dashboard.
# Defaults to user "admin" and password "admin" (written as: "admin:admin").
@@ -34,76 +34,76 @@ TRAEFIK_ACME_CASERVER=
# Beside Traefik, this service must stay enabled.
# Disable only for testing purposes.
# Note: the leading colon is required to enable the service.
OCIS=:ocis.yml
# The oCIS container image.
# For production releases: "owncloud/ocis"
# For rolling releases: "owncloud/ocis-rolling"
OPENCLOUD=:opencloud.yml
# The opencloud container image.
# For production releases: "opencloud-eu/opencloud"
# For rolling releases: "opencloud-eu/opencloud-rolling"
# Defaults to production if not set otherwise
OC_DOCKER_IMAGE=owncloud/ocis-rolling
# The oCIS container version.
OC_DOCKER_IMAGE=opencloud-eu/opencloud
# The openCloud container version.
# Defaults to "latest" and points to the latest stable tag.
OC_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend.
# Defaults to "ocis.owncloud.test"
OC_DOCKER_TAG=dev
# Domain of openCloud, where you can find the frontend.
# Defaults to "cloud.opencloud.test"
OC_DOMAIN=
# oCIS admin user password. Defaults to "admin".
# openCloud admin user password. Defaults to "admin".
ADMIN_PASSWORD=
# Demo users should not be created on a production instance,
# because their passwords are public. Defaults to "false".
# Also see: https://doc.owncloud.com/ocis/latest/deployment/general/general-info.html#demo-users-and-groups
# Also see: https://doc.opencloud.eu/opencloud/latest/deployment/general/general-info.html#demo-users-and-groups
DEMO_USERS=
# Define the oCIS loglevel used.
# Define the openCloud loglevel used.
# For more details see:
# https://doc.owncloud.com/ocis/latest/deployment/services/env-vars-special-scope.html
# https://doc.opencloud.eu/opencloud/latest/deployment/services/env-vars-special-scope.html
LOG_LEVEL=
# Define the kind of logging.
# The default log can be read by machines.
# Set this to true to make the log human readable.
# LOG_PRETTY=true
#
# Define the oCIS storage location. Set the paths for config and data to a local path.
# Define the openCloud storage location. Set the paths for config and data to a local path.
# Note that especially the data directory can grow big.
# Leaving it default stores data in docker internal volumes.
# For more details see:
# https://doc.owncloud.com/ocis/next/deployment/general/general-info.html#default-paths
# OC_CONFIG_DIR=/your/local/ocis/config
# OC_DATA_DIR=/your/local/ocis/data
# https://doc.opencloud.eu/opencloud/next/deployment/general/general-info.html#default-paths
# OC_CONFIG_DIR=/your/local/opencloud/config
# OC_DATA_DIR=/your/local/opencloud/data
# S3 Storage configuration - optional
# Infinite Scale supports S3 storage as primary storage.
# Per default, S3 storage is disabled and the local filesystem is used.
# To enable S3 storage, uncomment the following line and configure the S3 storage.
# For more details see:
# https://doc.owncloud.com/ocis/next/deployment/storage/s3.html
# https://doc.opencloud.eu/opencloud/next/deployment/storage/s3.html
# Note: the leading colon is required to enable the service.
#S3NG=:s3ng.yml
# Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes.
S3NG_ENDPOINT=
# S3 region. Defaults to "default".
S3NG_REGION=
# S3 access key. Defaults to "ocis"
# S3 access key. Defaults to "opencloud"
S3NG_ACCESS_KEY=
# S3 secret. Defaults to "ocis-secret-key"
# S3 secret. Defaults to "opencloud-secret-key"
S3NG_SECRET_KEY=
# S3 bucket. Defaults to "ocis"
# S3 bucket. Defaults to "opencloud"
S3NG_BUCKET=
#
# For testing purposes, add local minio S3 storage to the docker-compose file.
# The leading colon is required to enable the service.
#S3NG_MINIO=:minio.yml
# Minio domain. Defaults to "minio.owncloud.test".
# Minio domain. Defaults to "minio.opencloud.test".
MINIO_DOMAIN=
# Define SMPT settings if you would like to send Infinite Scale email notifications.
# For more details see:
# https://doc.owncloud.com/ocis/latest/deployment/services/s-list/notifications.html
# https://doc.opencloud.eu/opencloud/latest/deployment/services/s-list/notifications.html
# NOTE: when configuring Inbucket, these settings have no effect, see inbucket.yml for details.
# SMTP host to connect to.
SMTP_HOST=
# Port of the SMTP host to connect to.
SMTP_PORT=
# An eMail address that is used for sending Infinite Scale notification eMails
# like "ocis notifications <noreply@yourdomain.com>".
# like "opencloud notifications <noreply@yourdomain.com>".
SMTP_SENDER=
# Username for the SMTP host to connect to.
SMTP_USERNAME=
@@ -114,7 +114,7 @@ SMTP_AUTHENTICATION=
# Allow insecure connections to the SMTP server. Defaults to false.
SMTP_INSECURE=
# Addititional services to be started on ocis startup
# Addititional services to be started on opencloud startup
# The following list of services is not startet automatically and must be
# manually defined for startup:
# IMPORTANT: The notification service is MANDATORY, do not delete!
@@ -122,29 +122,29 @@ SMTP_INSECURE=
START_ADDITIONAL_SERVICES="notifications"
## oCIS Web Extensions ##
# It is possible to use the oCIS Web Extensions to add custom functionality to the oCIS frontend.
# For more details see https://github.com/owncloud/web-extensions/blob/main/README.md
## openCloud Web Extensions ##
# It is possible to use the openCloud Web Extensions to add custom functionality to the openCloud frontend.
# For more details see https://github.com/opencloud-eu/web-extensions/blob/main/README.md
# Note: the leading colon is required to enable the service.
# Enable this to create a new named volume
#EXTENSIONS=:web_extensions/extensions.yml
# Enable the desired extensions by uncommenting the following lines.
# Note: the leading colon is required to enable the service.
# Note: if you want to remove a web extension, you must delete the ocis-apps volume. It will be properly recreated on docker compose startup.
# Note: if you want to remove a web extension, you must delete the opencloud-apps volume. It will be properly recreated on docker compose startup.
#UNZIP=:web_extensions/unzip.yml
#DRAWIO=:web_extensions/drawio.yml
#JSONVIEWER=:web_extensions/jsonviewer.yml
#PROGRESSBARS=:web_extensions/progressbars.yml
#EXTERNALSITES=:web_extensions/externalsites.yml
# External Sites needs additional config, see the following files for more details.
# - config/ocis/apps.yaml
# - config/ocis/csp.yaml
# - config/opencloud/apps.yaml
# - config/opencloud/csp.yaml
#IMPORTER=:web_extensions/importer.yml
# The importer needs additional config, see the following lines for more details.
## The docker image to be used for uppy companion.
# owncloud has built a container with public link import support.
# opencloud has built a container with public link import support.
COMPANION_IMAGE=
# Domain of Uppy Companion. Defaults to "companion.owncloud.test".
# Domain of Uppy Companion. Defaults to "companion.opencloud.test".
COMPANION_DOMAIN=
# Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference.
# Empty by default, which disables providers.
@@ -157,7 +157,7 @@ COMPANION_ONEDRIVE_SECRET=
### Apache Tika Content Analysis Toolkit ###
# Tika (search) is enabled by default, comment if not required.
# Note: the leading colon is required to enable the service.
TIKA=:tika.yml
#TIKA=:tika.yml
# Set the desired docker image tag or digest.
# Defaults to "latest"
TIKA_IMAGE=
@@ -172,10 +172,10 @@ TIKA_IMAGE=
# Note: the leading colon is required to enable the service.
COLLABORA=:collabora.yml
# Domain of Collabora, where you can find the frontend.
# Defaults to "collabora.owncloud.test"
# Defaults to "collabora.opencloud.test"
COLLABORA_DOMAIN=
# Domain of the wopiserver which handles OnlyOffice.
# Defaults to "wopiserver.owncloud.test"
# Defaults to "wopiserver.opencloud.test"
WOPISERVER_DOMAIN=
# Admin user for Collabora.
# Defaults to "admin".
@@ -199,7 +199,7 @@ COLLABORA_SSL_VERIFICATION=false
### Debugging - Monitoring ###
# Please see documentation at: https://owncloud.dev/ocis/deployment/monitoring-tracing/
# Please see documentation at: https://opencloud.dev/opencloud/deployment/monitoring-tracing/
# Note: the leading colon is required to enable the service.
#MONITORING=:monitoring_tracing/monitoring.yml
@@ -217,7 +217,7 @@ CLAMAV_DOCKER_TAG=
### OnlyOffice Settings ###
# Note: the leading colon is required to enable the service.
#ONLYOFFICE=:onlyoffice.yml
# Domain for OnlyOffice. Defaults to "onlyoffice.owncloud.test".
# Domain for OnlyOffice. Defaults to "onlyoffice.opencloud.test".
ONLYOFFICE_DOMAIN=
# Domain for the wopiserver which handles OnlyOffice.
WOPISERVER_ONLYOFFICE_DOMAIN=
@@ -229,7 +229,7 @@ WOPISERVER_ONLYOFFICE_DOMAIN=
# Note: the leading colon is required to enable the service.
#INBUCKET=:inbucket.yml
# email server (in this case inbucket acts as mail catcher).
# Domain for Inbucket. Defaults to "mail.owncloud.test".
# Domain for Inbucket. Defaults to "mail.opencloud.test".
INBUCKET_DOMAIN=
@@ -237,4 +237,4 @@ INBUCKET_DOMAIN=
# This MUST be the last line as it assembles the supplemental compose files to be used.
# ALL supplemental configs must be added here, whether commented or not.
# Each var must either be empty or contain :path/file.yml
COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}
COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}

2
deployments/examples/ocis_full/README.md → deployments/examples/opencloud_full/README.md
View File

@@ -1,5 +1,5 @@
---
document this deployment example in: docs/ocis/deployment/ocis_full.md
document this deployment example in: docs/ocis/deployment/opencloud_full.md
---
# Infinite Scale WOPI Deployment Example

8
deployments/examples/ocis_full/clamav.yml → deployments/examples/opencloud_full/clamav.yml
View File

@@ -1,14 +1,14 @@
---
services:
ocis:
opencloud:
environment:
ANTIVIRUS_SCANNER_TYPE: "clamav"
ANTIVIRUS_CLAMAV_SOCKET: "/var/run/clamav/clamd.sock"
# the antivirus service needs manual startup, see .env and ocis.yaml for START_ADDITIONAL_SERVICES
# the antivirus service needs manual startup, see .env and opencloud.yaml for START_ADDITIONAL_SERVICES
# configure the antivirus service
POSTPROCESSING_STEPS: "virusscan"
# PROXY_TLS is set to "false", the download url has no https
STORAGE_USERS_DATA_GATEWAY_URL: http://ocis:9200/data
STORAGE_USERS_DATA_GATEWAY_URL: http://opencloud:9200/data
volumes:
- "clamav-socket:/var/run/clamav"
@@ -16,7 +16,7 @@ services:
image: clamav/clamav:${CLAMAV_DOCKER_TAG:-latest}
# release notes: https://blog.clamav.net
networks:
ocis-net:
opencloud-net:
volumes:
- "clamav-socket:/tmp"
- "clamav-db:/var/lib/clamav"

38
deployments/examples/ocis_full/collabora.yml → deployments/examples/opencloud_full/collabora.yml
View File

@@ -2,49 +2,49 @@
services:
traefik:
networks:
ocis-net:
opencloud-net:
aliases:
- ${COLLABORA_DOMAIN:-collabora.owncloud.test}
- ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}
ocis:
- ${COLLABORA_DOMAIN:-collabora.opencloud.test}
- ${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}
opencloud:
environment:
# make collabora the secure view app
FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration.CollaboraOnline
GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6"
collaboration:
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
image: ${OC_DOCKER_IMAGE:-opencloud-eu/opencloud}:${OC_DOCKER_TAG:-latest}
networks:
ocis-net:
opencloud-net:
depends_on:
ocis:
opencloud:
condition: service_started
collabora:
condition: service_healthy
entrypoint:
- /bin/sh
command: [ "-c", "ocis collaboration server" ]
command: [ "-c", "opencloud collaboration server" ]
environment:
COLLABORATION_GRPC_ADDR: 0.0.0.0:9301
COLLABORATION_HTTP_ADDR: 0.0.0.0:9300
MICRO_REGISTRY: "nats-js-kv"
MICRO_REGISTRY_ADDRESS: "ocis:9233"
COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}
MICRO_REGISTRY_ADDRESS: "opencloud:9233"
COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}
COLLABORATION_APP_NAME: "CollaboraOnline"
COLLABORATION_APP_PRODUCT: "Collabora"
COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}
COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}/favicon.ico
COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}
COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}/favicon.ico
COLLABORATION_APP_INSECURE: "${INSECURE:-true}"
COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info}
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}
volumes:
# configure the .env file to use own paths instead of docker internal volumes
- ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis
- ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
labels:
- "traefik.enable=true"
- "traefik.http.routers.collaboration.entrypoints=https"
- "traefik.http.routers.collaboration.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)"
- "traefik.http.routers.collaboration.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}`)"
- "traefik.http.routers.collaboration.tls.certresolver=http"
- "traefik.http.routers.collaboration.service=collaboration"
- "traefik.http.services.collaboration.loadbalancer.server.port=9300"
@@ -56,16 +56,16 @@ services:
image: collabora/code:24.04.11.1.1
# release notes: https://www.collaboraonline.com/release-notes/
networks:
ocis-net:
opencloud-net:
environment:
aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}:443
aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}:443
DONT_GEN_SSL_CERT: "YES"
extra_params: |
--o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \
--o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \
--o:ssl.termination=true \
--o:welcome.enable=false \
--o:net.frame_ancestors=${OC_DOMAIN:-ocis.owncloud.test}
--o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test}
username: ${COLLABORA_ADMIN_USER:-admin}
password: ${COLLABORA_ADMIN_PASSWORD:-admin}
cap_add:
@@ -73,7 +73,7 @@ services:
labels:
- "traefik.enable=true"
- "traefik.http.routers.collabora.entrypoints=https"
- "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)"
- "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.opencloud.test}`)"
- "traefik.http.routers.collabora.tls.certresolver=http"
- "traefik.http.routers.collabora.service=collabora"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"

0
deployments/examples/ocis_full/config/onlyoffice/entrypoint-override.sh → deployments/examples/opencloud_full/config/onlyoffice/entrypoint-override.sh
View File

0
deployments/examples/ocis_full/config/onlyoffice/local.json → deployments/examples/opencloud_full/config/onlyoffice/local.json
View File

0
deployments/examples/ocis_full/config/ocis/app-registry.yaml → deployments/examples/opencloud_full/config/opencloud/app-registry.yaml
View File

0
deployments/examples/ocis_full/config/ocis/apps.yaml → deployments/examples/opencloud_full/config/opencloud/apps.yaml
View File

0
deployments/examples/oc10_ocis_parallel/config/ocis/banned-password-list.txt → deployments/examples/opencloud_full/config/opencloud/banned-password-list.txt
View File

18
deployments/examples/ocis_full/config/ocis/csp.yaml → deployments/examples/opencloud_full/config/opencloud/csp.yaml
View File

@@ -4,9 +4,9 @@ directives:
connect-src:
- '''self'''
- 'blob:'
- 'https://${COMPANION_DOMAIN|companion.owncloud.test}/'
- 'wss://${COMPANION_DOMAIN|companion.owncloud.test}/'
- 'https://raw.githubusercontent.com/owncloud/awesome-ocis/'
- 'https://${COMPANION_DOMAIN|companion.opencloud.test}/'
- 'wss://${COMPANION_DOMAIN|companion.opencloud.test}/'
- 'https://raw.githubusercontent.com/opencloud/awesome-apps/'
default-src:
- '''none'''
font-src:
@@ -18,18 +18,18 @@ directives:
- 'blob:'
- 'https://embed.diagrams.net/'
# In contrary to bash and docker the default is given after the | character
- 'https://${ONLYOFFICE_DOMAIN|onlyoffice.owncloud.test}/'
- 'https://${COLLABORA_DOMAIN|collabora.owncloud.test}/'
- 'https://${ONLYOFFICE_DOMAIN|onlyoffice.opencloud.test}/'
- 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
# This is needed for the external-sites web extension when embedding sites
- 'https://owncloud.dev'
- 'https://opencloud.dev'
img-src:
- '''self'''
- 'data:'
- 'blob:'
- 'https://raw.githubusercontent.com/owncloud/awesome-ocis/'
- 'https://raw.githubusercontent.com/opencloud/awesome-apps/'
# In contrary to bash and docker the default is given after the | character
- 'https://${ONLYOFFICE_DOMAIN|onlyoffice.owncloud.test}/'
- 'https://${COLLABORA_DOMAIN|collabora.owncloud.test}/'
- 'https://${ONLYOFFICE_DOMAIN|onlyoffice.opencloud.test}/'
- 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
manifest-src:
- '''self'''
media-src:

2
deployments/examples/ocis_full/debug-collaboration-collabora.yml → deployments/examples/opencloud_full/debug-collaboration-collabora.yml
View File

@@ -2,7 +2,7 @@
services:
collaboration:
command: [ "-c", "dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ]
command: [ "-c", "dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/opencloud collaboration server" ]
environment:
COLLABORATION_LOG_LEVEL: debug
ports:

2
deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml → deployments/examples/opencloud_full/debug-collaboration-onlyoffice.yml
View File

@@ -2,7 +2,7 @@
services:
collaboration-oo:
command: [ "-c", "dlv --listen=:40002 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ]
command: [ "-c", "dlv --listen=:40002 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/opencloud collaboration server" ]
environment:
COLLABORATION_LOG_LEVEL: debug
ports:

7
deployments/examples/opencloud_full/debug-ocis.yml Normal file
View File

@@ -0,0 +1,7 @@
---
services:
opencloud:
command: [ "-c", "opencloud init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/opencloud server" ]
ports:
- 40000:40000

6
deployments/examples/ocis_full/docker-compose.yml → deployments/examples/opencloud_full/docker-compose.yml
View File

@@ -4,7 +4,7 @@ services:
image: traefik:v3.3.1
# release notes: https://github.com/traefik/traefik/releases
networks:
ocis-net:
opencloud-net:
command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# letsencrypt configuration
@@ -42,7 +42,7 @@ services:
# defaults to admin:admin
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.opencloud.test}`)"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.routers.traefik.tls.certresolver=http"
- "traefik.http.routers.traefik.service=api@internal"
@@ -54,4 +54,4 @@ volumes:
certs:
networks:
ocis-net:
opencloud-net:

10
deployments/examples/ocis_full/inbucket.yml → deployments/examples/opencloud_full/inbucket.yml
View File

@@ -1,11 +1,11 @@
---
services:
ocis:
opencloud:
environment:
NOTIFICATIONS_SMTP_HOST: inbucket
NOTIFICATIONS_SMTP_PORT: 2500
NOTIFICATIONS_SMTP_SENDER: oCIS notifications <notifications@${OC_DOMAIN:-ocis.owncloud.test}>
NOTIFICATIONS_SMTP_USERNAME: notifications@${OC_DOMAIN:-ocis.owncloud.test}
NOTIFICATIONS_SMTP_SENDER: oCIS notifications <notifications@${OC_DOMAIN:-cloud.opencloud.test}>
NOTIFICATIONS_SMTP_USERNAME: notifications@${OC_DOMAIN:-cloud.opencloud.test}
# the mail catcher uses self signed certificates
NOTIFICATIONS_SMTP_INSECURE: "true"
@@ -13,7 +13,7 @@ services:
image: inbucket/inbucket
# changelog: https://github.com/inbucket/inbucket/blob/main/CHANGELOG.md
networks:
- ocis-net
- opencloud-net
entrypoint:
- /bin/sh
command: [ "-c", "apk add openssl; openssl req -subj '/CN=inbucket.test' -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/server.key -out /tmp/server.crt; /start-inbucket.sh" ]
@@ -25,7 +25,7 @@ services:
labels:
- "traefik.enable=true"
- "traefik.http.routers.inbucket.entrypoints=https"
- "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.owncloud.test}`)"
- "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.opencloud.test}`)"
- "traefik.http.routers.inbucket.tls.certresolver=http"
- "traefik.http.routers.inbucket.service=inbucket"
- "traefik.http.services.inbucket.loadbalancer.server.port=9000"

10
deployments/examples/ocis_full/minio.yml → deployments/examples/opencloud_full/minio.yml
View File

@@ -4,23 +4,23 @@ services:
image: minio/minio:latest
# release notes: https://github.com/minio/minio/releases
networks:
ocis-net:
opencloud-net:
entrypoint:
- /bin/sh
command:
[
"-c",
"mkdir -p /data/${S3NG_BUCKET:-ocis-bucket} && minio server --console-address ':9001' /data",
"mkdir -p /data/${S3NG_BUCKET:-opencloud-bucket} && minio server --console-address ':9001' /data",
]
volumes:
- minio-data:/data
environment:
MINIO_ACCESS_KEY: ${S3NG_ACCESS_KEY:-ocis}
MINIO_SECRET_KEY: ${S3NG_SECRET_KEY:-ocis-secret-key}
MINIO_ACCESS_KEY: ${S3NG_ACCESS_KEY:-opencloud}
MINIO_SECRET_KEY: ${S3NG_SECRET_KEY:-opencloud-secret-key}
labels:
- "traefik.enable=true"
- "traefik.http.routers.minio.entrypoints=https"
- "traefik.http.routers.minio.rule=Host(`${MINIO_DOMAIN:-minio.owncloud.test}`)"
- "traefik.http.routers.minio.rule=Host(`${MINIO_DOMAIN:-minio.opencloud.test}`)"
- "traefik.http.routers.minio.tls.certresolver=http"
- "traefik.http.routers.minio.service=minio"
- "traefik.http.services.minio.loadbalancer.server.port=9001"

4
deployments/examples/ocis_full/monitoring_tracing/monitoring-oo.yml → deployments/examples/opencloud_full/monitoring_tracing/monitoring-oo.yml
View File

@@ -1,7 +1,7 @@
---
services:
ocis:
opencloud:
environment:
# tracing
OC_TRACING_ENABLED: "true"
@@ -22,5 +22,5 @@ services:
COLLABORATION_DEBUG_ADDR: 0.0.0.0:9304
networks:
ocis-net:
opencloud-net:
external: true

4
deployments/examples/ocis_full/monitoring_tracing/monitoring.yml → deployments/examples/opencloud_full/monitoring_tracing/monitoring.yml
View File

@@ -1,7 +1,7 @@
---
services:
ocis:
opencloud:
environment:
# tracing
OC_TRACING_ENABLED: "true"
@@ -22,5 +22,5 @@ services:
COLLABORATION_DEBUG_ADDR: 0.0.0.0:9304
networks:
ocis-net:
opencloud-net:
external: true

32
deployments/examples/ocis_full/onlyoffice.yml → deployments/examples/opencloud_full/onlyoffice.yml
View File

@@ -2,45 +2,45 @@
services:
traefik:
networks:
ocis-net:
opencloud-net:
aliases:
- ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
- ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test}
- ${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}
- ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test}
collaboration-oo:
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
image: ${OC_DOCKER_IMAGE:-opencloud-eu/opencloud}:${OC_DOCKER_TAG:-latest}
networks:
ocis-net:
opencloud-net:
depends_on:
ocis:
opencloud:
condition: service_started
onlyoffice:
condition: service_healthy
entrypoint:
- /bin/sh
command: [ "-c", "ocis collaboration server" ]
command: [ "-c", "opencloud collaboration server" ]
environment:
COLLABORATION_GRPC_ADDR: 0.0.0.0:9301
COLLABORATION_HTTP_ADDR: 0.0.0.0:9300
MICRO_REGISTRY: "nats-js-kv"
MICRO_REGISTRY_ADDRESS: "ocis:9233"
COLLABORATION_WOPI_SRC: https://${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test}
MICRO_REGISTRY_ADDRESS: "opencloud:9233"
COLLABORATION_WOPI_SRC: https://${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test}
COLLABORATION_APP_NAME: "OnlyOffice"
COLLABORATION_APP_PRODUCT: "OnlyOffice"
COLLABORATION_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
COLLABORATION_APP_ICON: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico
COLLABORATION_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}
COLLABORATION_APP_ICON: https://${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico
COLLABORATION_APP_INSECURE: "${INSECURE:-true}"
COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info}
COLLABORATION_APP_PROOF_DISABLE: "true"
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}
volumes:
# configure the .env file to use own paths instead of docker internal volumes
- ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis
- ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
labels:
- "traefik.enable=true"
- "traefik.http.routers.collaboration-oo.entrypoints=https"
- "traefik.http.routers.collaboration-oo.rule=Host(`${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test}`)"
- "traefik.http.routers.collaboration-oo.rule=Host(`${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.opencloud.test}`)"
- "traefik.http.routers.collaboration-oo.tls.certresolver=http"
- "traefik.http.routers.collaboration-oo.service=collaboration-oo"
- "traefik.http.services.collaboration-oo.loadbalancer.server.port=9300"
@@ -54,7 +54,7 @@ services:
image: onlyoffice/documentserver:8.2.2
# changelog https://github.com/ONLYOFFICE/DocumentServer/releases
networks:
ocis-net:
opencloud-net:
entrypoint:
- /bin/sh
- /entrypoint-override.sh
@@ -72,7 +72,7 @@ services:
labels:
- "traefik.enable=true"
- "traefik.http.routers.onlyoffice.entrypoints=https"
- "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)"
- "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}`)"
- "traefik.http.routers.onlyoffice.tls.certresolver=http"
- "traefik.http.routers.onlyoffice.service=onlyoffice"
- "traefik.http.services.onlyoffice.loadbalancer.server.port=80"

56
deployments/examples/ocis_full/ocis.yml → deployments/examples/opencloud_full/opencloud.yml
View File

@@ -2,25 +2,25 @@
services:
traefik:
networks:
ocis-net:
opencloud-net:
aliases:
- ${OC_DOMAIN:-ocis.owncloud.test}
ocis:
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
# changelog: https://github.com/owncloud/ocis/tree/master/changelog
# release notes: https://doc.owncloud.com/ocis_release_notes.html
- ${OC_DOMAIN:-cloud.opencloud.test}
opencloud:
image: ${OC_DOCKER_IMAGE:-opencloud-eu/opencloud}:${OC_DOCKER_TAG:-latest}
# changelog: https://github.com/opencloud-eu/opencloud/tree/master/changelog
# release notes: https://doc.owncloud.com/opencloud_release_notes.html
networks:
ocis-net:
opencloud-net:
entrypoint:
- /bin/sh
# run ocis init to initialize a configuration file with random secrets
# run opencloud init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: ["-c", "ocis init || true; ocis server"]
# therefore we ignore the error and then start the opencloud server
command: ["-c", "opencloud init || true; opencloud server"]
environment:
# enable services that are not started automatically
OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES}
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}
OC_LOG_LEVEL: ${LOG_LEVEL:-info}
OC_LOG_COLOR: "${LOG_PRETTY:-false}"
OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
@@ -39,38 +39,38 @@ services:
# email server (if configured)
NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}"
NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}"
NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-oCIS notifications <notifications@${OC_DOMAIN:-ocis.owncloud.test}>}"
NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-oCIS notifications <notifications@${OC_DOMAIN:-cloud.opencloud.test}>}"
NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}"
NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}"
# make the registry available to the app provider containers
MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233
NATS_NATS_HOST: 0.0.0.0
NATS_NATS_PORT: 9233
PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml
PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml
# these three vars are needed to the csp config file to include the web office apps and the importer
COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test}
ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test}
COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.opencloud.test}
ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.opencloud.test}
COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.opencloud.test}
# enable to allow using the banned passwords list
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
volumes:
- ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml
- ./config/ocis/csp.yaml:/etc/ocis/csp.yaml
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
- ./config/opencloud/app-registry.yaml:/etc/opencloud/app-registry.yaml
- ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml
- ./config/opencloud/banned-password-list.txt:/etc/opencloud/banned-password-list.txt
# configure the .env file to use own paths instead of docker internal volumes
- ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis
- ${OC_DATA_DIR:-ocis-data}:/var/lib/ocis
- ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
- ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=https"
- "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis.tls.certresolver=http"
- "traefik.http.routers.ocis.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.http.routers.opencloud.entrypoints=https"
- "traefik.http.routers.opencloud.rule=Host(`${OC_DOMAIN:-cloud.opencloud.test}`)"
- "traefik.http.routers.opencloud.tls.certresolver=http"
- "traefik.http.routers.opencloud.service=opencloud"
- "traefik.http.services.opencloud.loadbalancer.server.port=9200"
logging:
driver: ${LOG_DRIVER:-local}
restart: always
volumes:
ocis-config:
ocis-data:
opencloud-config:
opencloud-data:

14
deployments/examples/opencloud_full/s3ng.yml Normal file
View File

@@ -0,0 +1,14 @@
---
services:
opencloud:
environment:
# activate s3ng storage driver
STORAGE_USERS_DRIVER: s3ng
# keep system data on opencloud storage since this are only small files atm
STORAGE_SYSTEM_DRIVER: ocis
# s3ng specific settings
STORAGE_USERS_S3NG_ENDPOINT: ${S3NG_ENDPOINT:-http://minio:9000}
STORAGE_USERS_S3NG_REGION: ${S3NG_REGION:-default}
STORAGE_USERS_S3NG_ACCESS_KEY: ${S3NG_ACCESS_KEY:-opencloud}
STORAGE_USERS_S3NG_SECRET_KEY: ${S3NG_SECRET_KEY:-opencloud-secret-key}
STORAGE_USERS_S3NG_BUCKET: ${S3NG_BUCKET:-opencloud-bucket}

4
deployments/examples/ocis_full/tika.yml → deployments/examples/opencloud_full/tika.yml
View File

@@ -4,12 +4,12 @@ services:
image: ${TIKA_IMAGE:-apache/tika:latest-full}
# release notes: https://tika.apache.org
networks:
ocis-net:
opencloud-net:
restart: always
logging:
driver: ${LOG_DRIVER:-local}
ocis:
opencloud:
environment:
# fulltext search
SEARCH_EXTRACTOR_TYPE: tika

6
deployments/examples/ocis_full/web_extensions/drawio.yml → deployments/examples/opencloud_full/web_extensions/drawio.yml
View File

@@ -1,15 +1,15 @@
---
services:
ocis:
opencloud:
depends_on:
drawio-init:
condition: service_completed_successfully
drawio-init:
image: owncloud/web-extensions:draw-io-0.3.0
image: opencloud-eu/web-extensions:draw-io-0.3.0
user: root
volumes:
- ocis-apps:/apps
- opencloud-apps:/apps
entrypoint:
- /bin/sh
command: ["-c", "cp -R /var/lib/nginx/html/draw-io/ /apps"]

7
deployments/examples/opencloud_full/web_extensions/extensions.yml Normal file
View File

@@ -0,0 +1,7 @@
services:
opencloud:
volumes:
- opencloud-apps:/var/lib/opencloud/web/assets/apps
volumes:
opencloud-apps:

6
deployments/examples/ocis_full/web_extensions/externalsites.yml → deployments/examples/opencloud_full/web_extensions/externalsites.yml
View File

@@ -1,15 +1,15 @@
---
services:
ocis:
opencloud:
depends_on:
externalsites-init:
condition: service_completed_successfully
externalsites-init:
image: owncloud/web-extensions:external-sites-0.3.0
image: opencloud-eu/web-extensions:external-sites-0.3.0
user: root
volumes:
- ocis-apps:/apps
- opencloud-apps:/apps
entrypoint:
- /bin/sh
command: ["-c", "cp -R /var/lib/nginx/html/external-sites/ /apps"]

22
deployments/examples/ocis_full/web_extensions/importer.yml → deployments/examples/opencloud_full/web_extensions/importer.yml
View File

@@ -2,37 +2,37 @@
services:
traefik:
networks:
ocis-net:
opencloud-net:
aliases:
- ${COMPANION_DOMAIN:-companion.owncloud.test}
ocis:
- ${COMPANION_DOMAIN:-companion.opencloud.test}
opencloud:
volumes:
# the cloud importer needs to be enabled in the web.yaml
- ./config/ocis/apps.yaml:/etc/ocis/apps.yaml
- ./config/opencloud/apps.yaml:/etc/opencloud/apps.yaml
depends_on:
importer-init:
condition: service_completed_successfully
importer-init:
image: owncloud/web-extensions:importer-0.1.0
image: opencloud-eu/web-extensions:importer-0.3.0
user: root
volumes:
- ocis-apps:/apps
- opencloud-apps:/apps
entrypoint:
- /bin/sh
command: [ "-c", "cp -R /var/lib/nginx/html/importer/ /apps" ]
companion:
image: ${COMPANION_IMAGE:-owncloud/uppy-companion:3.12.13-owncloud}
image: ${COMPANION_IMAGE:-transloadit/companion:5.5.0}
networks:
- ocis-net
- opencloud-net
environment:
NODE_ENV: production
NODE_TLS_REJECT_UNAUTHORIZED: 0
COMPANION_DATADIR: /tmp/companion/
COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test}
COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.opencloud.test}
COMPANION_PROTOCOL: https
COMPANION_UPLOAD_URLS: "^https://${OC_DOMAIN:-ocis.owncloud.test}/"
COMPANION_UPLOAD_URLS: "^https://${OC_DOMAIN:-cloud.opencloud.test}/"
COMPANION_ONEDRIVE_KEY: "${COMPANION_ONEDRIVE_KEY}"
COMPANION_ONEDRIVE_SECRET: "${COMPANION_ONEDRIVE_SECRET}"
volumes:
@@ -40,7 +40,7 @@ services:
labels:
- "traefik.enable=true"
- "traefik.http.routers.companion.entrypoints=https"
- "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.owncloud.test}`)"
- "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.opencloud.test}`)"
- "traefik.http.routers.companion.tls.certresolver=http"
- "traefik.http.routers.companion.service=companion"
- "traefik.http.services.companion.loadbalancer.server.port=3020"

6
deployments/examples/ocis_full/web_extensions/jsonviewer.yml → deployments/examples/opencloud_full/web_extensions/jsonviewer.yml
View File

@@ -1,15 +1,15 @@
---
services:
ocis:
opencloud:
depends_on:
jsonviewer-init:
condition: service_completed_successfully
jsonviewer-init:
image: owncloud/web-extensions:json-viewer-0.3.0
image: opencloud-eu/web-extensions:json-viewer-0.3.0
user: root
volumes:
- ocis-apps:/apps
- opencloud-apps:/apps
entrypoint:
- /bin/sh
command: ["-c", "cp -R /var/lib/nginx/html/json-viewer/ /apps"]

4
deployments/examples/ocis_full/web_extensions/progressbars.yml → deployments/examples/opencloud_full/web_extensions/progressbars.yml
View File

@@ -1,12 +1,12 @@
---
services:
ocis:
opencloud:
depends_on:
progressbars-init:
condition: service_completed_successfully
progressbars-init:
image: owncloud/web-extensions:progress-bars-0.3.0
image: opencloud-eu/web-extensions:progress-bars-0.3.0
user: root
volumes:
- ocis-apps:/apps

6
deployments/examples/ocis_full/web_extensions/unzip.yml → deployments/examples/opencloud_full/web_extensions/unzip.yml
View File

@@ -1,15 +1,15 @@
---
services:
ocis:
opencloud:
depends_on:
unzip-init:
condition: service_completed_successfully
unzip-init:
image: owncloud/web-extensions:unzip-0.4.0
image: opencloud-eu/web-extensions:unzip-0.4.0
user: root
volumes:
- ocis-apps:/apps
- opencloud-apps:/apps
entrypoint:
- /bin/sh
command: ["-c", "cp -R /var/lib/nginx/html/unzip/ /apps"]

Some files were not shown because too many files have changed in this diff Show More