diff --git a/deployments/continuous-deployment-config/ocis_hello/latest.yml b/deployments/continuous-deployment-config/ocis_hello/latest.yml index d4b38625fb..584d50db87 100644 --- a/deployments/continuous-deployment-config/ocis_hello/latest.yml +++ b/deployments/continuous-deployment-config/ocis_hello/latest.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-s3-latest +- name: continuous-deployment-ocis-hello-latest server: server_type: cx21 image: ubuntu-20.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-s3.latest.owncloud.works" + - "*.ocis-hello.latest.owncloud.works" vars: ssh_authorized_keys: @@ -29,21 +29,21 @@ - name: ocis git_url: https://github.com/owncloud/ocis.git ref: master - docker_compose_path: deployments/examples/ocis_s3 + docker_compose_path: deployments/examples/ocis_hello env: INSECURE: "false" TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-s3.latest.owncloud.works - MINIO_DOMAIN: minio.ocis-s3.latest.owncloud.works + OCIS_DOMAIN: ocis.ocis-hello.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.latest.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-hello.latest.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-s3.latest.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-s3-latest + OCIS_URL: ocis.ocis-hello.latest.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-hello-latest diff --git a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml index b4c7273c8c..76428fa94b 100644 --- a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml +++ b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml @@ -36,6 +36,7 @@ OCIS_DOCKER_TAG: latest OCIS_SCALE: 6 OCIS_DOMAIN: ocis.ocis-individual-services.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/continuous-deployment-config/ocis_s3/latest.yml b/deployments/continuous-deployment-config/ocis_s3/latest.yml index 76d8fcb7e6..ad3586759b 100644 --- a/deployments/continuous-deployment-config/ocis_s3/latest.yml +++ b/deployments/continuous-deployment-config/ocis_s3/latest.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-hello-latest +- name: continuous-deployment-ocis-s3-latest server: server_type: cx21 image: ubuntu-20.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-hello.latest.owncloud.works" + - "*.ocis-s3.latest.owncloud.works" vars: ssh_authorized_keys: @@ -29,20 +29,22 @@ - name: ocis git_url: https://github.com/owncloud/ocis.git ref: master - docker_compose_path: deployments/examples/ocis_hello + docker_compose_path: deployments/examples/ocis_s3 env: INSECURE: "false" TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-hello.latest.owncloud.works + OCIS_DOMAIN: ocis.ocis-s3.latest.owncloud.works + MINIO_DOMAIN: minio.ocis-s3.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-hello.latest.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.latest.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-hello.latest.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-hello-latest + OCIS_URL: ocis.ocis-s3.latest.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-s3-latest diff --git a/deployments/continuous-deployment-config/ocis_traefik/latest.yml b/deployments/continuous-deployment-config/ocis_traefik/latest.yml index 0f5e22d517..e6f76b5aa3 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/latest.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/latest.yml @@ -35,6 +35,7 @@ TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: latest OCIS_DOMAIN: ocis.ocis-traefik.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/continuous-deployment-config/ocis_traefik/released.yml b/deployments/continuous-deployment-config/ocis_traefik/released.yml index 93053a7c5b..0e29e582b7 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/released.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/released.yml @@ -35,6 +35,7 @@ TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: 1 OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/continuous-deployment-config/ocis_wopi/latest.yml b/deployments/continuous-deployment-config/ocis_wopi/latest.yml index f44c59e707..d8e8f2d508 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/latest.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/latest.yml @@ -39,6 +39,7 @@ COLLABORA_DOMAIN: collabora.ocis-wopi.latest.owncloud.works ONLYOFFICE_DOMAIN: onlyoffice.ocis-wopi.latest.owncloud.works CODIMD_DOMAIN: codimd.ocis-wopi.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/continuous-deployment-config/ocis_wopi/released.yml b/deployments/continuous-deployment-config/ocis_wopi/released.yml index 701583d592..994b071a7e 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/released.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/released.yml @@ -38,6 +38,7 @@ WOPISERVER_DOMAIN: wopiserver.ocis-wopi.released.owncloud.works COLLABORA_DOMAIN: collabora.ocis-wopi.released.owncloud.works ONLYOFFICE_DOMAIN: onlyoffice.ocis-wopi.released.owncloud.works + DEMO_USERS: "true" CODIMD_DOMAIN: codimd.ocis-wopi.released.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring diff --git a/deployments/examples/ocis_hello/.env b/deployments/examples/ocis_hello/.env index 856e2b6bd4..78aa04d875 100644 --- a/deployments/examples/ocis_hello/.env +++ b/deployments/examples/ocis_hello/.env @@ -2,10 +2,6 @@ # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. INSECURE=true -# The demo users should not be created on a production instance -# because their passwords are public -DEMO_USERS=true - ### Traefik settings ### # Serve Traefik dashboard. Defaults to "false". TRAEFIK_DASHBOARD= @@ -21,16 +17,11 @@ TRAEFIK_ACME_MAIL= OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= -# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". -IDP_LDAP_BIND_PASSWORD= -# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". -STORAGE_LDAP_BIND_PASSWORD= -# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" -OCIS_JWT_SECRET= -# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" -STORAGE_TRANSFER_SECRET= -# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" -OCIS_MACHINE_AUTH_API_KEY= +# oCIS admin user password. Defaults to "admin". +ADMIN_PASSWORD= +# The demo users should not be created on a production instance +# because their passwords are public. Defaults to "false". +DEMO_USERS= ### oCIS Hello settings ### # oCIS Hello version. Defaults to "latest" diff --git a/deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh deleted file mode 100644 index 6cd8f27182..0000000000 --- a/deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -set -e - -mkdir -p /var/tmp/ocis/.config/ -cp /config/web-config.dist.json /var/tmp/ocis/.config/web-config.json -sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN:-ocis.owncloud.test}'/g' /var/tmp/ocis/.config/web-config.json - -ocis server& -sleep 10 - -echo "##################################################" -echo "change default secrets:" - -# IDP -IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " IDP user UUID: $IDP_USER_UUID" -ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID - -# REVA -REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " Reva user UUID: $REVA_USER_UUID" -ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID - -echo "default secrets changed" -echo "##################################################" - -wait # wait for oCIS to exit diff --git a/deployments/examples/ocis_hello/config/ocis/proxy.yaml b/deployments/examples/ocis_hello/config/ocis/proxy.yaml index 432398165f..0eef29b573 100644 --- a/deployments/examples/ocis_hello/config/ocis/proxy.yaml +++ b/deployments/examples/ocis_hello/config/ocis/proxy.yaml @@ -1,55 +1,151 @@ ---- policy_selector: static: policy: ocis + policies: - - name: ocis - routes: - - endpoint: "/" - backend: http://localhost:9100 - - endpoint: "/.well-known/" - backend: http://localhost:9130 - - endpoint: "/konnect/" - backend: http://localhost:9130 - - endpoint: "/signin/" - backend: http://localhost:9130 - - type: regex - endpoint: "/ocs/v[12].php/cloud/(users?|groups)" - backend: http://localhost:9110 - - endpoint: "/ocs/" - backend: http://localhost:9140 - - type: query - endpoint: "/remote.php/?preview=1" - backend: http://localhost:9115 - - endpoint: "/remote.php/" - backend: http://localhost:9140 - - endpoint: "/dav/" - backend: http://localhost:9140 - - endpoint: "/webdav/" - backend: http://localhost:9140 - - endpoint: "/status.php" - backend: http://localhost:9140 - - endpoint: "/index.php/" - backend: http://localhost:9140 - - endpoint: "/data" - backend: http://localhost:9140 - - endpoint: "/app/" - backend: http://localhost:9140 - - endpoint: "/archiver" - backend: http://localhost:9140 - - endpoint: "/graph/" - backend: http://localhost:9120 - - endpoint: "/graph-explorer/" - backend: http://localhost:9135 - - endpoint: "/api/v0/accounts" - backend: http://localhost:9181 - - endpoint: "/accounts.js" - backend: http://localhost:9181 - - endpoint: "/api/v0/settings" - backend: http://localhost:9190 - - endpoint: "/settings.js" - backend: http://localhost:9190 - - endpoint: "/api/v0/greet" - backend: http://ocis-hello:9105 - - endpoint: "/hello.js" - backend: http://ocis-hello:9105 +- name: ocis + routes: + # defaults, taken from https://owncloud.dev/extensions/proxy/configuration/ + - type: "" + method: "" + endpoint: / + backend: http://localhost:9100 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /.well-known/ + backend: http://localhost:9130 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /konnect/ + backend: http://localhost:9130 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /signin/ + backend: http://localhost:9130 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /archiver + backend: http://localhost:9140 + service: "" + apache_vhost: false + - type: regex + method: "" + endpoint: /ocs/v[12].php/cloud/(users?|groups) + backend: http://localhost:9110 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /ocs/ + backend: http://localhost:9140 + service: "" + apache_vhost: false + - type: query + method: "" + endpoint: /remote.php/?preview=1 + backend: http://localhost:9115 + service: "" + apache_vhost: false + - type: "" + method: REPORT + endpoint: /remote.php/dav/ + backend: http://localhost:9115 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /remote.php/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /dav/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /webdav/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /status.php + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /index.php/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /apps/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /data + backend: http://localhost:9140 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /app/ + backend: http://localhost:9140 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /graph/ + backend: http://localhost:9120 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /graph-explorer + backend: http://localhost:9135 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /api/v0/accounts + backend: http://localhost:9181 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /accounts.js + backend: http://localhost:9181 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /api/v0/settings + backend: http://localhost:9190 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /settings.js + backend: http://localhost:9190 + service: "" + apache_vhost: false + # oCIS Hello specific routes + - endpoint: "/api/v0/greet" + backend: http://ocis-hello:9105 + - endpoint: "/hello.js" + backend: http://ocis-hello:9105 diff --git a/deployments/examples/ocis_hello/config/ocis/web-config.dist.json b/deployments/examples/ocis_hello/config/ocis/web-config.dist.json deleted file mode 100644 index 1a8b7f8b85..0000000000 --- a/deployments/examples/ocis_hello/config/ocis/web-config.dist.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "server": "https://ocis.owncloud.test", - "theme": "https://ocis.owncloud.test/themes/owncloud/theme.json", - "version": "0.1.0", - "openIdConnect": { - "metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration", - "authority": "https://ocis.owncloud.test", - "client_id": "web", - "response_type": "code", - "scope": "openid profile email" - }, - "apps": ["files"], - "external_apps": [ - { - "id": "settings", - "path": "/settings.js" - }, - { - "id": "accounts", - "path": "/accounts.js" - }, - { - "id": "hello", - "path": "/hello.js" - } - ], - "options": { - "hideSearchBar": true - } -} diff --git a/deployments/examples/ocis_hello/config/ocis/web.yaml b/deployments/examples/ocis_hello/config/ocis/web.yaml new file mode 100644 index 0000000000..3100332956 --- /dev/null +++ b/deployments/examples/ocis_hello/config/ocis/web.yaml @@ -0,0 +1,5 @@ +web: + config: + external_apps: + - id: hello + path: /hello.js diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml index a9ff638e16..3387db06e8 100644 --- a/deployments/examples/ocis_hello/docker-compose.yml +++ b/deployments/examples/ocis_hello/docker-compose.yml @@ -48,33 +48,30 @@ services: ocis-net: entrypoint: - /bin/sh - - /entrypoint-override.sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - # web ui - WEB_UI_CONFIG: "/var/tmp/ocis/.config/web-config.json" # make settings service available to oCIS Hello SETTINGS_GRPC_ADDR: 0.0.0.0:9191 # INSECURE: needed if oCIS / Traefik is using self generated certificates OCIS_INSECURE: "${INSECURE:-false}" # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file # demo users - ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" + + OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - - ./config/ocis/web-config.dist.json:/config/web-config.dist.json - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml + - ./config/ocis/web.yaml:/etc/ocis/web.yaml + - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: - "traefik.enable=true" @@ -99,6 +96,7 @@ services: volumes: certs: + ocis-config: ocis-data: networks: diff --git a/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh deleted file mode 100644 index b5befa04aa..0000000000 --- a/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -set -e - -ocis init || true # will only initialize once -ocis server diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index fc1133e5dc..456d3187ed 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -48,7 +48,10 @@ services: ocis-net: entrypoint: - /bin/sh - - /entrypoint-override.sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose @@ -62,7 +65,6 @@ services: # demo users IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" volumes: - - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: diff --git a/docs/ocis/deployment/ocis_hello.md b/docs/ocis/deployment/ocis_hello.md index 312939a73a..25e2a47fd9 100644 --- a/docs/ocis/deployment/ocis_hello.md +++ b/docs/ocis/deployment/ocis_hello.md @@ -48,39 +48,34 @@ See also [example server setup]({{< ref "preparing_server" >}}) The file by default looks like this: ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true - ### Traefik settings ### - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= + ### Traefik settings ### + # Serve Traefik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". - IDP_LDAP_BIND_PASSWORD= - # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". - STORAGE_LDAP_BIND_PASSWORD= - # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" - OCIS_JWT_SECRET= - # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" - STORAGE_TRANSFER_SECRET= - # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" - OCIS_MACHINE_AUTH_API_KEY= + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # oCIS admin user password. Defaults to "admin". + ADMIN_PASSWORD= + # The demo users should not be created on a production instance + # because their passwords are public. Defaults to "false". + DEMO_USERS= - ### oCIS Hello settings ### - # oCIS Hello version. Defaults to "latest" - OCIS_HELLO_DOCKER_TAG= + ### oCIS Hello settings ### + # oCIS Hello version. Defaults to "latest" + OCIS_HELLO_DOCKER_TAG= ``` You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. @@ -95,6 +90,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. + Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. + By default the oCIS Hello extension will be started in the `latest` version. If you want to start a specific version of oCIS Hello set the version to `OCIS_HELLO_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis-hello/tags?page=1&ordering=last_updated). Now you have configured everything and can save the file.