From 3eb9e122a4b90ddd1d82bdacbe34a3f8f86c0926 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 23 Dec 2020 23:36:00 +0100 Subject: [PATCH 1/2] remove unneeded settings --- .../cs3_users_ocis/config/ocis/.gitignore | 1 - .../ocis/identifier-registration.dist.yaml | 41 ------------------- .../config/ocis/proxy-config.json | 8 ++-- .../cs3_users_ocis/docker-compose.yaml | 22 +++------- .../examples/ocis_keycloak/docker-compose.yml | 18 ++++---- .../examples/ocis_traefik/config/.gitignore | 1 - .../config/identifier-registration.dist.yaml | 41 ------------------- .../examples/ocis_traefik/docker-compose.yml | 25 ++--------- 8 files changed, 20 insertions(+), 137 deletions(-) delete mode 100644 deployments/examples/cs3_users_ocis/config/ocis/.gitignore delete mode 100644 deployments/examples/cs3_users_ocis/config/ocis/identifier-registration.dist.yaml delete mode 100644 deployments/examples/ocis_traefik/config/.gitignore delete mode 100644 deployments/examples/ocis_traefik/config/identifier-registration.dist.yaml diff --git a/deployments/examples/cs3_users_ocis/config/ocis/.gitignore b/deployments/examples/cs3_users_ocis/config/ocis/.gitignore deleted file mode 100644 index 0d81f1fbe9..0000000000 --- a/deployments/examples/cs3_users_ocis/config/ocis/.gitignore +++ /dev/null @@ -1 +0,0 @@ -identifier-registration.yaml diff --git a/deployments/examples/cs3_users_ocis/config/ocis/identifier-registration.dist.yaml b/deployments/examples/cs3_users_ocis/config/ocis/identifier-registration.dist.yaml deleted file mode 100644 index 2c425242f7..0000000000 --- a/deployments/examples/cs3_users_ocis/config/ocis/identifier-registration.dist.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -# OpenID Connect client registry. -clients: - - id: web - name: OCIS - application_type: web - insecure: yes - trusted: yes - redirect_uris: - - https://ocis.owncloud.test/ - - https://ocis.owncloud.test/oidc-callback.html - - https://ocis.owncloud.test/oidc-silent-redirect.html - origins: - - https://ocis.owncloud.test - - - id: ocis-explorer.js - name: oCIS Graph Explorer - trusted: yes - insecure: yes - - - id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 - secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh - name: ownCloud desktop app - application_type: native - insecure: true - - - id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD - secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD - name: ownCloud Android app - application_type: native - redirect_uris: - - oc://android.owncloud.com - - - id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1 - secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx - name: ownCloud iOS app - application_type: native - redirect_uris: - - oc://ios.owncloud.com - - oc.ios://ios.owncloud.com diff --git a/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json b/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json index 5c9dec3d8b..2952efc99f 100644 --- a/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json +++ b/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json @@ -62,13 +62,13 @@ }, { "endpoint": "/api/v0/settings", - "backend": "http://localhost:9190" + "backend": "http://localhost:9190" }, { "endpoint": "/settings.js", - "backend": "http://localhost:9190" - }, - { + "backend": "http://localhost:9190" + }, + { "endpoint": "/api/v0/greet", "backend": "http://localhost:9105" }, diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yaml b/deployments/examples/cs3_users_ocis/docker-compose.yaml index 04b02f7249..334bd722fe 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yaml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yaml @@ -18,6 +18,7 @@ services: - "--entryPoints.https.address=:443" - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" + - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate ports: - "80:80" - "443:443" @@ -41,17 +42,10 @@ services: ocis: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - entrypoint: - - /bin/sh - - -c - - | # as long as https://github.com/owncloud/product/issues/15 is open we need this step to template konnectd config - cp /config/identifier-registration.dist.yaml /config/identifier-registration.yaml - sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/identifier-registration.yaml - ocis server depends_on: - ldap-server environment: - # CS3 users frpm ldap specific config + # CS3 users from ldap specific configuration PROXY_CONFIG_FILE: "/config/proxy-config.json" LDAP_FILTER: "(&(objectclass=inetOrgPerson)(objectClass=owncloud))" LDAP_URI: ldap://ldap-server:389 @@ -74,17 +68,10 @@ services: STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))' # General ocis config OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: error - # proxy config + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_OIDC_INSECURE: "${INSECURE:-false}" - PROXY_TLS: "false" - # web config - WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer - # storage config - # idp config - KONNECTD_TLS: 'false' volumes: - - ./config/ocis:/config + - ./config/ocis/proxy-config.json:/config/proxy-config.json - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" @@ -98,6 +85,7 @@ services: - "traefik.http.routers.ocis-secure.tls.certresolver=http" - "traefik.http.routers.ocis-secure.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" + - "traefik.http.services.ocis.loadbalancer.server.scheme=https" restart: always ldap-server: diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index 685511b175..029f9ecce7 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -38,6 +38,7 @@ services: - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=http" - "traefik.http.routers.traefik-secure.service=api@internal" + - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate restart: always ocis: @@ -45,24 +46,18 @@ services: networks: default: environment: - # general config - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} - # proxy config + # Keycloak IDP specific configuration PROXY_AUTOPROVISION_ACCOUNTS: "true" - PROXY_OIDC_INSECURE: "${INSECURE:-false}" PROXY_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master} - PROXY_TLS: "false" - # ownCloud Web config WEB_OIDC_AUTHORITY: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master} WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web} WEB_OIDC_METADATA_URL: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}/.well-known/openid-configuration - WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer - # storage config STORAGE_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test} STORAGE_LDAP_IDP: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test} - # thumbnail config - THUMBNAILS_WEBDAVSOURCE_BASEURL: http://localhost:9200/remote.php/webdav/ + # general config + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates volumes: - ocis-data:/var/tmp/ocis labels: @@ -77,6 +72,7 @@ services: - "traefik.http.routers.ocis-secure.tls.certresolver=http" - "traefik.http.routers.ocis-secure.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" + - "traefik.http.services.ocis.loadbalancer.server.scheme=https" restart: always postgres: diff --git a/deployments/examples/ocis_traefik/config/.gitignore b/deployments/examples/ocis_traefik/config/.gitignore deleted file mode 100644 index 0d81f1fbe9..0000000000 --- a/deployments/examples/ocis_traefik/config/.gitignore +++ /dev/null @@ -1 +0,0 @@ -identifier-registration.yaml diff --git a/deployments/examples/ocis_traefik/config/identifier-registration.dist.yaml b/deployments/examples/ocis_traefik/config/identifier-registration.dist.yaml deleted file mode 100644 index 2c425242f7..0000000000 --- a/deployments/examples/ocis_traefik/config/identifier-registration.dist.yaml +++ /dev/null @@ -1,41 +0,0 @@ ---- - -# OpenID Connect client registry. -clients: - - id: web - name: OCIS - application_type: web - insecure: yes - trusted: yes - redirect_uris: - - https://ocis.owncloud.test/ - - https://ocis.owncloud.test/oidc-callback.html - - https://ocis.owncloud.test/oidc-silent-redirect.html - origins: - - https://ocis.owncloud.test - - - id: ocis-explorer.js - name: oCIS Graph Explorer - trusted: yes - insecure: yes - - - id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 - secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh - name: ownCloud desktop app - application_type: native - insecure: true - - - id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD - secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD - name: ownCloud Android app - application_type: native - redirect_uris: - - oc://android.owncloud.com - - - id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1 - secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx - name: ownCloud iOS app - application_type: native - redirect_uris: - - oc://ios.owncloud.com - - oc.ios://ios.owncloud.com diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index c4e02aef79..7afac8155a 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -18,6 +18,7 @@ services: - "--entryPoints.https.address=:443" - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" + - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate ports: - "80:80" - "443:443" @@ -41,32 +42,13 @@ services: ocis: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - entrypoint: - - /bin/sh - - -c - - | # as long as https://github.com/owncloud/product/issues/15 is open we need this step to template konnectd config - cp /config/identifier-registration.dist.yaml /config/identifier-registration.yaml - sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/identifier-registration.yaml - ocis server networks: default: environment: - # general config OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} - # proxy config - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - PROXY_TLS: "false" - # web config - WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer - # storage config - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - # idp config - KONNECTD_TLS: 'false' - # thumbnail config - THUMBNAILS_WEBDAVSOURCE_BASEURL: http://localhost:9200/remote.php/webdav/ + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates volumes: - - ./config:/config - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" @@ -80,6 +62,7 @@ services: - "traefik.http.routers.ocis-secure.tls.certresolver=http" - "traefik.http.routers.ocis-secure.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" + - "traefik.http.services.ocis.loadbalancer.server.scheme=https" restart: always volumes: From c7a620c4d531bfd645dc25a192c94c2e01dd199e Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Mon, 28 Dec 2020 07:36:08 +0100 Subject: [PATCH 2/2] add more --- deployments/examples/cs3_users_ocis/docker-compose.yaml | 4 ++-- deployments/examples/ocis_keycloak/docker-compose.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yaml b/deployments/examples/cs3_users_ocis/docker-compose.yaml index 334bd722fe..7193df4e29 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yaml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yaml @@ -10,7 +10,7 @@ services: - ${OCIS_DOMAIN:-ocis.owncloud.test} command: #- "--log.level=DEBUG" - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-'example@example.org'}" + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - "--api.dashboard=true" @@ -69,7 +69,7 @@ services: # General ocis config OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - PROXY_OIDC_INSECURE: "${INSECURE:-false}" + PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates volumes: - ./config/ocis/proxy-config.json:/config/proxy-config.json - ocis-data:/var/tmp/ocis diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index 029f9ecce7..4918fa4f6d 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -19,6 +19,7 @@ services: - "--entryPoints.https.address=:443" - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" + - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate ports: - "80:80" - "443:443" @@ -38,7 +39,6 @@ services: - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=http" - "traefik.http.routers.traefik-secure.service=api@internal" - - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate restart: always ocis: