mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-03-01 10:30:40 -06:00
change secrets on deploy
This commit is contained in:
Willy Kloucek
@@ -17,6 +17,8 @@ TRAEFIK_ACME_MAIL=
|
||||
OCIS_DOCKER_TAG=
|
||||
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
|
||||
OCIS_DOMAIN=
|
||||
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
|
||||
OCIS_JWT_SECRET=
|
||||
|
||||
|
||||
### LDAP server settings ###
|
||||
|
||||
@@ -51,14 +51,14 @@ services:
|
||||
environment:
|
||||
# CS3 users from ldap specific configuration
|
||||
PROXY_CONFIG_FILE: "/config/proxy-config.json"
|
||||
LDAP_FILTER: "(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
|
||||
LDAP_URI: ldap://ldap-server:389
|
||||
LDAP_BINDDN: "cn=admin,dc=owncloud,dc=com"
|
||||
LDAP_BINDPW: ${LDAP_ADMIN_PASSWORD:-admin}
|
||||
LDAP_BASEDN: "dc=owncloud,dc=com"
|
||||
LDAP_LOGIN_ATTRIBUTE: uid
|
||||
LDAP_UUID_ATTRIBUTE: "ownclouduuid"
|
||||
LDAP_UUID_ATTRIBUTE_TYPE: binary
|
||||
IDP_LDAP_FILTER: "(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
|
||||
IDP_LDAP_URI: ldap://ldap-server:389
|
||||
IDP_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
|
||||
IDP_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
|
||||
IDP_LDAP_BASE_DN: "dc=owncloud,dc=com"
|
||||
IDP_LDAP_LOGIN_ATTRIBUTE: uid
|
||||
IDP_LDAP_UUID_ATTRIBUTE: "ownclouduuid"
|
||||
IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary
|
||||
PROXY_ACCOUNT_BACKEND_TYPE: cs3
|
||||
STORAGE_LDAP_HOSTNAME: ldap-server
|
||||
STORAGE_LDAP_PORT: 636
|
||||
@@ -74,6 +74,8 @@ services:
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
|
||||
PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
|
||||
# change default secrets
|
||||
OCIS_JWT_SECRET: ${STORAGE_JWT_SECRET:-Pive-Fumkiu4}
|
||||
volumes:
|
||||
- ./config/ocis/proxy-config.json:/config/proxy-config.json
|
||||
- ocis-data:/var/tmp/ocis
|
||||
|
||||
@@ -19,6 +19,12 @@ OCIS_DOCKER_TAG=
|
||||
OCIS_DOMAIN=
|
||||
# owncloud Web openid connect client id. Defaults to "web"
|
||||
OCIS_OIDC_CLIENT_ID=
|
||||
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
|
||||
IDP_LDAP_BIND_PASSWORD=
|
||||
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
|
||||
STORAGE_LDAP_BIND_PASSWORD=
|
||||
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
|
||||
OCIS_JWT_SECRET=
|
||||
|
||||
### Keycloak ###
|
||||
# Domain of Keycloak, where you can find the managment and authentication frontend. Defaults to "keycloak.owncloud.test"
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -evx
|
||||
|
||||
ocis server&
|
||||
sleep 10
|
||||
|
||||
echo "##################################################"
|
||||
echo "change default secrets:"
|
||||
|
||||
# IDP
|
||||
IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
|
||||
echo " IDP user UUID: $IDP_USER_UUID"
|
||||
ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID
|
||||
|
||||
# REVA
|
||||
REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
|
||||
echo " Reva user UUID: $REVA_USER_UUID"
|
||||
ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID
|
||||
|
||||
killall ocis
|
||||
echo "default serets changed"
|
||||
echo "##################################################"
|
||||
|
||||
ocis server
|
||||
@@ -47,6 +47,9 @@ services:
|
||||
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
entrypoint:
|
||||
- /bin/sh
|
||||
- /entrypoint-override.sh
|
||||
environment:
|
||||
# Keycloak IDP specific configuration
|
||||
PROXY_AUTOPROVISION_ACCOUNTS: "true"
|
||||
@@ -60,7 +63,12 @@ services:
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
|
||||
PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
|
||||
# change default secrets
|
||||
IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
|
||||
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
|
||||
OCIS_JWT_SECRET: ${STORAGE_JWT_SECRET:-Pive-Fumkiu4}
|
||||
volumes:
|
||||
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
|
||||
- ocis-data:/var/tmp/ocis
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
||||
@@ -17,7 +17,12 @@ TRAEFIK_ACME_MAIL=
|
||||
OCIS_DOCKER_TAG=
|
||||
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
|
||||
OCIS_DOMAIN=
|
||||
|
||||
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
|
||||
IDP_LDAP_BIND_PASSWORD=
|
||||
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
|
||||
STORAGE_LDAP_BIND_PASSWORD=
|
||||
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
|
||||
OCIS_JWT_SECRET=
|
||||
|
||||
# If you want to use debugging and tracing with this stack,
|
||||
# you need uncomment following line. Please see documentation at
|
||||
|
||||
@@ -0,0 +1,25 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -evx
|
||||
|
||||
ocis server&
|
||||
sleep 10
|
||||
|
||||
echo "##################################################"
|
||||
echo "change default secrets:"
|
||||
|
||||
# IDP
|
||||
IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
|
||||
echo " IDP user UUID: $IDP_USER_UUID"
|
||||
ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID
|
||||
|
||||
# REVA
|
||||
REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
|
||||
echo " Reva user UUID: $REVA_USER_UUID"
|
||||
ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID
|
||||
|
||||
killall ocis
|
||||
echo "default serets changed"
|
||||
echo "##################################################"
|
||||
|
||||
ocis server
|
||||
@@ -46,11 +46,19 @@ services:
|
||||
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
entrypoint:
|
||||
- /bin/sh
|
||||
- /entrypoint-override.sh
|
||||
environment:
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
|
||||
PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
|
||||
# change default secrets
|
||||
IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
|
||||
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
|
||||
OCIS_JWT_SECRET: ${STORAGE_JWT_SECRET:-Pive-Fumkiu4}
|
||||
volumes:
|
||||
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
|
||||
- ocis-data:/var/tmp/ocis
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
||||
Reference in New Issue
Block a user