incorporate requested changes

Signed-off-by: Christian Richter <crichter@owncloud.com>
2026-01-05 11:51:16 -06:00 · 2022-05-18 15:29:23 +02:00
parent 398df817b4
commit 47af5214a3
2 changed files with 58 additions and 19 deletions
--- a/deployments/examples/ocis_individual_services/.env
+++ b/deployments/examples/ocis_individual_services/.env
@@ -8,7 +8,7 @@ DEMO_USERS=true

 ### Traefik settings ###
 # Serve Traefik dashboard. Defaults to "false".
-TRAEFIK_DASHBOARD=true
+TRAEFIK_DASHBOARD=
 # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
 TRAEFIK_DOMAIN=
 # Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
@@ -36,13 +36,22 @@ SYSTEM_USER_API_KEY=
 # Number of services to run for extensions, that currently can be easily scaled. Defaults to 1.
 OCIS_SCALE=

-# Service user ids and a passwords, set to random strings, defaults to "changeme"
+# IDM service user password, set to a random string, defaults to "changeme"
 IDM_SVC_PASSWORD=
+# IDM Reva service user password, set to a random string, defaults to "changeme"
 IDM_REVASVC_PASSWORD=
+# IDM IDP service user password, set to a random string, defaults to "changeme"
 IDM_IDPSVC_PASSWORD=
+# OCIS system user id, set to a random string, defaults to "changeme"
 OCIS_SYSTEM_USER_ID=
+# System user id, set to a random string, defaults to "changeme"
 SYSTEM_USER_ID=
-SYSTEM_ADMIN_USER_ID=
+# Admin user id, set to a random UUIDv4 defaults to "-09246a85-682a-4cd5-996d-8e8d2aca50af"
+ADMIN_USER_ID=
+# Admin user password, set to random string defaults to "changeme"
+ADMIN_USER_PASSWORD=
+# Enable basic auth for proxy, set to bool, defaults to "true"
+PROXY_ENABLE_BASIC_AUTH=

 # If you want to use debugging and tracing with this stack,
 # you need uncomment following line. Please see documentation at
--- a/deployments/examples/ocis_individual_services/docker-compose.yml
+++ b/deployments/examples/ocis_individual_services/docker-compose.yml
@@ -7,7 +7,11 @@ volumes:
  ocis-store: null
  ocis-storage-system: null
  ocis-storage-users: null
-  ocis-storage-sharing: null
+  ocis-sharing: null
+  ocis-thumbnails: null
+  ocis-idm: null
+  ocis-nats: null
+  ocis-search: null

 networks:
  ocis-net:
@@ -97,6 +101,9 @@ services:

      REVA_GATEWAY: gateway:9142
      APP_PROVIDER_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
+    logging:
+      driver: "local"
+    restart: always

  notifications:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
@@ -116,13 +123,18 @@ services:
      REVA_GATEWAY: gateway:9142
      NOTIFICATIONS_EVENTS_ENDPOINT: nats:9233
      NOTIFICATIONS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-changeme}
+    logging:
+      driver: "local"
+    restart: always

  idm:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
    deploy:
-      replicas: ${OCIS_SCALE:-1}
+      replicas: 1
    networks:
      ocis-net:
+    volumes:
+      - ocis-idm:/var/lib/ocis
    entrypoint:
      - ocis
      - idm
@@ -134,15 +146,18 @@ services:

      IDM_LDAPS_ADDR: 0.0.0.0:9235
      IDM_ADMIN_USER_ID: ${ADMIN_USER_ID:-09246a85-682a-4cd5-996d-8e8d2aca50af}
-      IDM_ADMIN_PASSWORD: "admin" #TODO: change me
+      IDM_ADMIN_PASSWORD: ${ADMIN_USER_PASSWORD:-"changeme"}
      IDM_SVC_PASSWORD: ${IDM_SVC_PASSWORD:-changeme}
      IDM_REVASVC_PASSWORD:  ${IDM_REVASVC_PASSWORD:-changeme}
      IDM_IDPSVC_PASSWORD:  ${IDM_IDPSVC_PASSWORD:-changeme}


-      IDM_CREATE_DEMO_USERS: ${DEM_USERS:-true}
+      IDM_CREATE_DEMO_USERS: ${DEMO_USERS:-false}

      IDM_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
+    logging:
+      driver: "local"
+    restart: always

  ocdav:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
@@ -165,6 +180,10 @@ services:

      REVA_GATEWAY: gateway:9142
      OCDAV_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
+    logging:
+      driver: "local"
+    restart: always
+
  graph-explorer:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
    deploy:
@@ -183,11 +202,14 @@ services:
      GRAPH_EXPLORER_HTTP_ADDR: 0.0.0.0:9135
      GRAPH_EXPLORER_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
      GRAPH_EXPLORER_GRAPH_URL_BASE: https://${OCIS_DOMAIN:-ocis.owncloud.test}
+    logging:
+      driver: "local"
+    restart: always

  audit:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
    deploy:
-      replicas: ${OCIS_SCALE:-1}
+      replicas: 1
    networks:
      ocis-net:
    entrypoint:
@@ -200,6 +222,9 @@ services:
      AUDIT_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"

      AUDIT_EVENTS_ENDPOINT: nats:9233
+    logging:
+      driver: "local"
+    restart: always

  proxy:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
@@ -229,7 +254,7 @@ services:
      PROXY_INSECURE_BACKENDS: true
      PROXY_HTTP_ADDR: 0.0.0.0:9200

-      PROXY_ENABLE_BASIC_AUTH: true
+      PROXY_ENABLE_BASIC_AUTH: ${PROXY_ENABLE_BASIC_AUTH:-true}

    volumes:
      - "./config/proxy/proxy.yaml:/etc/ocis/proxy.yaml"
@@ -251,6 +276,8 @@ services:
      replicas: 1
    networks:
      ocis-net:
+    volumes:
+      - "ocis-nats:/var/lib/ocis"      
    entrypoint:
      - ocis
      - nats
@@ -323,9 +350,11 @@ services:
  search:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
    deploy:
-      replicas: 1
+      replicas: ${OCIS_SCALE:-1}
    networks:
      ocis-net:
+    volumes:
+      - "ocis-search:/var/lib/ocis"
    entrypoint:
      - ocis
      - search
@@ -343,6 +372,9 @@ services:
      OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-changeme}
      OCIS_SYSTEM_USER_API_KEY: ${SYSTEM_USER_API_KEY:-changme}
      OCIS_SYSTEM_USER_ID: ${SYSTEM_USER_ID:-changeme}
+    logging:
+      driver: "local"
+    restart: always

  settings:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
@@ -363,11 +395,9 @@ services:
      SETTINGS_GRPC_ADDR: 0.0.0.0:9191

      SETTINGS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
-      #STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-changeme}

      OCIS_SYSTEM_USER_API_KEY: ${SYSTEM_USER_API_KEY:-changeme}
      OCIS_SYSTEM_USER_ID: ${SYSTEM_USER_ID:-changeme}
-      #OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-changeme}

      SETTINGS_ADMIN_USER_ID: ${ADMIN_USER_ID:-09246a85-682a-4cd5-996d-8e8d2aca50af}

@@ -402,7 +432,7 @@ services:
      OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-changeme}

    volumes:
-      - "ocis-settings:/var/lib/ocis"
+      - "ocis-store:/var/lib/ocis"
    logging:
      driver: "local"
    restart: always
@@ -430,7 +460,7 @@ services:

    volumes:
      # optional shared thumbnail cache between services
-      - "ocis-settings:/var/lib/ocis"
+      - "ocis-thumbnails:/var/lib/ocis"
    logging:
      driver: "local"
    restart: always
@@ -501,9 +531,9 @@ services:
      GRAPH_HTTP_ADDR: 0.0.0.0:9120
      GRAPH_SPACES_WEBDAV_BASE: https://${OCIS_DOMAIN:-ocis.owncloud.test}

-      GRAPH_LDAP_URI: ldaps://localhost:9235
+      GRAPH_LDAP_URI: ldaps://idm:9235
      GRAPH_LDAP_BIND_PASSWORD: ${IDM_SVC_PASSWORD:-changeme}
-
+      GRAPH_LDAP_INSECURE: true # TODO: fix me https://github.com/owncloud/ocis/issues/3818
      REVA_GATEWAY: gateway:9142

      GRAPH_EVENTS_ENDPOINT: nats:9233
@@ -575,7 +605,7 @@ services:
      AUTH_BASIC_LDAP_CACERT: ""
      AUTH_BASIC_LDAP_INSECURE: "true"
      AUTH_BASIC_LDAP_BIND_PASSWORD: ${IDM_REVASVC_PASSWORD:-changeme}
-      AUTH_BASIC_IDP_URL: ${OCIS_DOMAIN}
+      AUTH_BASIC_IDP_URL: https://${OCIS_DOMAIN}

    logging:
      driver: "local"
@@ -741,7 +771,7 @@ services:
      SHARING_USER_DRIVER: json
      SHARING_PUBLIC_DRIVER: json
    volumes:
-      - "ocis-storage-sharing:/var/lib/ocis"
+      - "ocis-sharing:/var/lib/ocis"
    logging:
      driver: "local"
    restart: always
@@ -866,5 +896,5 @@ services:
      GATEWAY_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
      STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-changeme}
    logging:
-        driver: "local"
+      driver: "local"
    restart: always