mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-05-07 20:15:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

add hello and s3 deplyoment example

Browse Source
This commit is contained in:
Willy Kloucek
2021-06-15 08:32:24 +02:00
parent d3a7c3fc2b
commit 2755f04938
19 changed files with 894 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deployments/examples/ocis_hello/.env
+34
View File
@@ -0,0 +1,34 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OCIS_JWT_SECRET=
### oCIS Hello settings ###
# oCIS Hello version. Defaults to "latest"
OCIS_HELLO_DOCKER_TAG=
# If you want to use debugging and tracing with this stack,
# you need uncomment following line. Please see documentation at
# https://owncloud.dev/ocis/deployment/monitoring-tracing/
#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
deployments/examples/ocis_hello/README.md
+6
View File
@@ -0,0 +1,6 @@
---
document this deployment example in: docs/ocis/deployment/ocis_wopi.md
---
Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_wopi/)
for instructions on how to deploy this scenario.
deployments/examples/ocis_hello/config/ocis/config.dist.json
+30
View File
@@ -0,0 +1,30 @@
{
"server": "https://ocis.owncloud.test",
"theme": "owncloud",
"version": "0.1.0",
"openIdConnect": {
"metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration",
"authority": "https://ocis.owncloud.test",
"client_id": "web",
"response_type": "code",
"scope": "openid profile email"
},
"apps": ["files"],
"external_apps": [
{
"id": "settings",
"path": "/settings.js"
},
{
"id": "accounts",
"path": "/accounts.js"
},
{
"id": "hello",
"path": "/hello.js"
}
],
"options": {
"hideSearchBar": true
}
}
deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh
+31
View File
@@ -0,0 +1,31 @@
#!/bin/sh
set -e
cp /config/config.dist.json /config/config.json
sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN:-ocis.owncloud.test}'/g' /config/config.json
ocis server&
sleep 10
echo "##################################################"
echo "change default secrets:"
# IDP
IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " IDP user UUID: $IDP_USER_UUID"
ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID
# REVA
REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " Reva user UUID: $REVA_USER_UUID"
ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID
echo "default secrets changed"
echo "##################################################"
ocis kill proxy
sleep 10
ocis proxy server # workaround for loading proxy configuration
wait # wait for oCIS to exit
deployments/examples/ocis_hello/config/ocis/proxy-config.json
+107
View File
@@ -0,0 +1,107 @@
{
"HTTP": {
"Namespace": "com.owncloud"
},
"policy_selector": {
"static": {
"policy": "ocis"
}
},
"policies": [
{
"name": "ocis",
"routes": [
{
"endpoint": "/",
"backend": "http://localhost:9100"
},
{
"endpoint": "/.well-known/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/konnect/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/signin/",
"backend": "http://localhost:9130"
},
{
"type": "regex",
"endpoint": "/ocs/v[12].php/cloud/(users?|groups)",
"backend": "http://localhost:9110"
},
{
"endpoint": "/ocs/",
"backend": "http://localhost:9140"
},
{
"type": "query",
"endpoint": "/remote.php/?preview=1",
"backend": "http://localhost:9115"
},
{
"endpoint": "/remote.php/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/dav/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/webdav/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/status.php",
"backend": "http://localhost:9140"
},
{
"endpoint": "/index.php/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/data",
"backend": "http://localhost:9140"
},
{
"endpoint": "/graph/",
"backend": "http://localhost:9120"
},
{
"endpoint": "/graph-explorer/",
"backend": "http://localhost:9135"
},
{
"endpoint": "/api/v0/accounts",
"backend": "http://localhost:9181"
},
{
"endpoint": "/accounts.js",
"backend": "http://localhost:9181"
},
{
"endpoint": "/api/v0/settings",
"backend": "http://localhost:9190"
},
{
"endpoint": "/settings.js",
"backend": "http://localhost:9190"
},
{
"endpoint": "/onlyoffice.js",
"backend": "http://localhost:9220"
},
{
"endpoint": "/api/v0/greet",
"backend": "http://ocis-hello:9105"
},
{
"endpoint": "/hello.js",
"backend": "http://ocis-hello:9105"
}
]
}
]
}
deployments/examples/ocis_hello/docker-compose.yml
+101
View File
@@ -0,0 +1,101 @@
---
version: "3.7"
services:
traefik:
image: traefik:v2.4
networks:
ocis-net:
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
command:
#- "--log.level=DEBUG"
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
- "--api.dashboard=true"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
logging:
driver: "local"
restart: always
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
networks:
ocis-net:
entrypoint:
- /bin/sh
- /entrypoint-override.sh
environment:
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# change default secrets
IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
# web ui
WEB_UI_CONFIG: "/config/config.json"
# proxy
PROXY_CONFIG_FILE: "/config/proxy-config.json"
volumes:
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
- ./config/ocis/config.dist.json:/config/config.dist.json
- ./config/ocis/proxy-config.json:/config/proxy-config.json
- ocis-data:/var/tmp/ocis
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=http"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.ocis.middlewares=ocis-https-redirect"
- "traefik.http.routers.ocis-secure.entrypoints=https"
- "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis-secure.tls=true"
- "traefik.http.routers.ocis-secure.tls.certresolver=http"
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: "local"
restart: always
ocis-hello:
image: owncloud/ocis-hello:${OCIS_HELLO_DOCKER_TAG:-latest}
networks:
ocis-net:
environment:
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
logging:
driver: "local"
restart: always
volumes:
certs:
ocis-data:
networks:
ocis-net:
deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml
+12
View File
@@ -0,0 +1,12 @@
---
version: "3.7"
services:
ocis:
environment:
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
networks:
ocis-net:
external: true
deployments/examples/ocis_s3/.env
+40
View File
@@ -0,0 +1,40 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OCIS_JWT_SECRET=
### MINIO / S3 settings ###
# Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test".
MINIO_DOMAIN=
# S3 bucket name, where oCIS stores its data in. Defaults to "ocis-bucket".
MINIO_BUCKET=
# S3 bucket access key, which oCIS uses to authenticate. Defaults to "ocis".
MINIO_ACCESS_KEY=
# S3 bucket access key secret, which oCIS uses to authenticate. Defaults to "ocis-secret-key".
MINIO_SECRET_KEY=
# If you want to use debugging and tracing with this stack,
# you need uncomment following line. Please see documentation at
# https://owncloud.dev/ocis/deployment/monitoring-tracing/
#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
deployments/examples/ocis_s3/README.md
+6
View File
@@ -0,0 +1,6 @@
---
document this deployment example in: docs/ocis/deployment/ocis_traefik.md
---
Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_traefik/)
for instructions on how to deploy this scenario.
deployments/examples/ocis_s3/config/ocis/entrypoint-override.sh
+24
View File
@@ -0,0 +1,24 @@
#!/bin/sh
set -e
ocis server&
sleep 10
echo "##################################################"
echo "change default secrets:"
# IDP
IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " IDP user UUID: $IDP_USER_UUID"
ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID
# REVA
REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " Reva user UUID: $REVA_USER_UUID"
ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID
echo "default secrets changed"
echo "##################################################"
wait # wait for oCIS to exit
deployments/examples/ocis_s3/docker-compose.yml
+124
View File
@@ -0,0 +1,124 @@
---
version: "3.7"
services:
traefik:
image: traefik:v2.4
networks:
ocis-net:
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
command:
#- "--log.level=DEBUG"
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
- "--api.dashboard=true"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
logging:
driver: "local"
restart: always
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
networks:
ocis-net:
entrypoint:
- /bin/sh
- /entrypoint-override.sh
environment:
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# change default secrets
IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
# activate s3ng storage driver
STORAGE_HOME_DRIVER: s3ng
STORAGE_USERS_DRIVER: s3ng
STORAGE_METADATA_DRIVER: ocis # keep metadata on ocis storage since this are only small files atm
# s3ng specific settings
STORAGE_DRIVER_S3NG_ENDPOINT: http://minio:9000
STORAGE_DRIVER_S3NG_REGION: default
STORAGE_DRIVER_S3NG_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis}
STORAGE_DRIVER_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key}
STORAGE_DRIVER_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket}
volumes:
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
- ocis-data:/var/tmp/ocis
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=http"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.ocis.middlewares=ocis-https-redirect"
- "traefik.http.routers.ocis-secure.entrypoints=https"
- "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis-secure.tls=true"
- "traefik.http.routers.ocis-secure.tls.certresolver=http"
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: "local"
restart: always
minio:
image: minio/minio:latest
networks:
ocis-net:
entrypoint:
- /bin/sh
- -c
- "mkdir -p /data/${MINIO_BUCKET:-ocis-bucket} && minio server /data"
volumes:
- minio-data:/data
environment:
MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis}
MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key}
labels:
- "traefik.enable=true"
- "traefik.http.routers.minio.entrypoints=http"
- "traefik.http.routers.minio.rule=Host(`${MINIO_DOMAIN:-minio.owncloud.test}`)"
- "traefik.http.middlewares.minio-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.minio.middlewares=minio-https-redirect"
- "traefik.http.routers.minio-secure.entrypoints=https"
- "traefik.http.routers.minio-secure.rule=Host(`${MINIO_DOMAIN:-minio.owncloud.test}`)"
- "traefik.http.routers.minio-secure.tls=true"
- "traefik.http.routers.minio-secure.tls.certresolver=http"
- "traefik.http.routers.minio-secure.service=minio"
- "traefik.http.services.minio.loadbalancer.server.port=9000"
logging:
driver: "local"
restart: always
volumes:
certs:
ocis-data:
minio-data:
networks:
ocis-net:
deployments/examples/ocis_s3/monitoring_tracing/docker-compose-additions.yml
+12
View File
@@ -0,0 +1,12 @@
---
version: "3.7"
services:
ocis:
environment:
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
networks:
ocis-net:
external: true