diff --git a/deployments/examples/cs3_users_ocis/config/ldap/ldif/20_users.ldif b/deployments/examples/cs3_users_ocis/config/ldap/ldif/20_users.ldif index 289abd2338..6a0c8ad7c2 100644 --- a/deployments/examples/cs3_users_ocis/config/ldap/ldif/20_users.ldif +++ b/deployments/examples/cs3_users_ocis/config/ldap/ldif/20_users.ldif @@ -13,7 +13,7 @@ objectClass: top uid: einstein givenName: Albert sn: Einstein -cn: Albert Einstein +cn: einstein displayName: Albert Einstein description: A German-born theoretical physicist who developed the theory of relativity, one of the two pillars of modern physics (alongside quantum mechanics). mail: einstein@example.org @@ -33,7 +33,7 @@ objectClass: top uid: marie givenName: Marie sn: Curie -cn: Marie Curie +cn: marie displayName: Marie Skłodowska Curie description: A Polish and naturalized-French physicist and chemist who conducted pioneering research on radioactivity. mail: marie@example.org @@ -53,7 +53,7 @@ objectClass: top uid: richard givenName: Richard sn: Feynman -cn: Richard Feynman +cn: richard displayName: Richard Phillips Feynman description: An American theoretical physicist, known for his work in the path integral formulation of quantum mechanics, the theory of quantum electrodynamics, the physics of the superfluidity of supercooled liquid helium, as well as his work in particle physics for which he proposed the parton model. mail: richard@example.org diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yml b/deployments/examples/cs3_users_ocis/docker-compose.yml index 1f1e21a626..ba8967d014 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yml @@ -3,19 +3,25 @@ version: "3.7" services: traefik: - image: traefik:v2.4 + image: traefik:v2.5 networks: ocis-net: aliases: - ${OCIS_DOMAIN:-ocis.owncloud.test} command: - #- "--log.level=DEBUG" + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + # enable dasbhoard - "--api.dashboard=true" + # define entrypoints - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" ports: @@ -26,17 +32,12 @@ services: - "certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.routers.traefik.entrypoints=http" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - - "traefik.http.routers.traefik-secure.tls=true" - - "traefik.http.routers.traefik-secure.tls.certresolver=http" - - "traefik.http.routers.traefik-secure.service=api@internal" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" logging: driver: "local" restart: always @@ -81,15 +82,10 @@ services: - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=http" + - "traefik.http.routers.ocis.entrypoints=https" - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.ocis.middlewares=ocis-https-redirect" - - "traefik.http.routers.ocis-secure.entrypoints=https" - - "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis-secure.tls=true" - - "traefik.http.routers.ocis-secure.tls.certresolver=http" - - "traefik.http.routers.ocis-secure.service=ocis" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" logging: driver: "local" @@ -125,15 +121,10 @@ services: PHPLDAPADMIN_HTTPS: "false" labels: - "traefik.enable=true" - - "traefik.http.routers.ldap-manager.entrypoints=http" + - "traefik.http.routers.ldap-manager.entrypoints=https" - "traefik.http.routers.ldap-manager.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)" - - "traefik.http.middlewares.ldap-manager-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.ldap-manager.middlewares=ldap-manager-https-redirect" - - "traefik.http.routers.ldap-manager-secure.entrypoints=https" - - "traefik.http.routers.ldap-manager-secure.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)" - - "traefik.http.routers.ldap-manager-secure.tls=true" - - "traefik.http.routers.ldap-manager-secure.tls.certresolver=http" - - "traefik.http.routers.ldap-manager-secure.service=ldap-manager" + - "traefik.http.routers.ldap-manager.tls.certresolver=http" + - "traefik.http.routers.ldap-manager.service=ldap-manager" - "traefik.http.services.ldap-manager.loadbalancer.server.port=80" logging: driver: "local" diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml index 08cca54660..f4a662a8b3 100644 --- a/deployments/examples/ocis_hello/docker-compose.yml +++ b/deployments/examples/ocis_hello/docker-compose.yml @@ -3,19 +3,25 @@ version: "3.7" services: traefik: - image: traefik:v2.4 + image: traefik:v2.5 networks: ocis-net: aliases: - ${OCIS_DOMAIN:-ocis.owncloud.test} command: - #- "--log.level=DEBUG" + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + # enable dasbhoard - "--api.dashboard=true" + # define entrypoints - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" ports: @@ -26,17 +32,12 @@ services: - "certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.routers.traefik.entrypoints=http" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - - "traefik.http.routers.traefik-secure.tls=true" - - "traefik.http.routers.traefik-secure.tls.certresolver=http" - - "traefik.http.routers.traefik-secure.service=api@internal" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" logging: driver: "local" restart: always @@ -69,15 +70,10 @@ services: - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=http" + - "traefik.http.routers.ocis.entrypoints=https" - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.ocis.middlewares=ocis-https-redirect" - - "traefik.http.routers.ocis-secure.entrypoints=https" - - "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis-secure.tls=true" - - "traefik.http.routers.ocis-secure.tls.certresolver=http" - - "traefik.http.routers.ocis-secure.service=ocis" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" logging: driver: "local" diff --git a/deployments/examples/ocis_keycloak/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_keycloak/config/ocis/entrypoint-override.sh index 6aa00a723e..9db03de00e 100644 --- a/deployments/examples/ocis_keycloak/config/ocis/entrypoint-override.sh +++ b/deployments/examples/ocis_keycloak/config/ocis/entrypoint-override.sh @@ -5,14 +5,12 @@ set -e ocis server& sleep 10 +# stop builtin idp since we use Keycloak as a replacement +ocis kill idp + echo "##################################################" echo "change default secrets:" -# IDP -IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " IDP user UUID: $IDP_USER_UUID" -ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID - # REVA REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) echo " Reva user UUID: $REVA_USER_UUID" @@ -25,6 +23,11 @@ echo "##################################################" echo "delete demo users" # demo users are provided by keycloak set +e # accounts can only delete once, so it will fail the second time +# IDP +IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) +echo " IDP user UUID: $IDP_USER_UUID" +ocis accounts remove $IDP_USER_UUID + ocis accounts remove 4c510ada-c86b-4815-8820-42cdf82c3d51 ocis accounts remove ddc2004c-0977-11eb-9d3f-a793888cd0f8 ocis accounts remove 932b4540-8d16-481e-8ef4-588e4b6b151c diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index 59635a8355..6bd0c8fbdd 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -3,20 +3,26 @@ version: "3.7" services: traefik: - image: traefik:v2.4 + image: traefik:v2.5 networks: ocis-net: aliases: - ${OCIS_DOMAIN:-ocis.owncloud.test} - ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test} command: - #- "--log.level=DEBUG" + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + # enable dasbhoard - "--api.dashboard=true" + # define entrypoints - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" ports: @@ -27,17 +33,12 @@ services: - "certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.routers.traefik.entrypoints=http" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - - "traefik.http.routers.traefik-secure.tls=true" - - "traefik.http.routers.traefik-secure.tls.certresolver=http" - - "traefik.http.routers.traefik-secure.service=api@internal" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" logging: driver: "local" restart: always @@ -72,15 +73,10 @@ services: - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=http" + - "traefik.http.routers.ocis.entrypoints=https" - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.ocis.middlewares=ocis-https-redirect" - - "traefik.http.routers.ocis-secure.entrypoints=https" - - "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis-secure.tls=true" - - "traefik.http.routers.ocis-secure.tls.certresolver=http" - - "traefik.http.routers.ocis-secure.service=ocis" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" logging: driver: "local" @@ -122,27 +118,20 @@ services: KEYCLOAK_IMPORT: /opt/jboss/keycloak/ocis-realm.json labels: - "traefik.enable=true" - - "traefik.http.routers.keycloak.entrypoints=http" + - "traefik.http.routers.keycloak.entrypoints=https" - "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}`)" - - "traefik.http.middlewares.keycloak-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.keycloak.middlewares=keycloak-https-redirect" - - "traefik.http.routers.keycloak-secure.entrypoints=https" - - "traefik.http.routers.keycloak-secure.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}`)" - - "traefik.http.routers.keycloak-secure.tls=true" - - "traefik.http.routers.keycloak-secure.tls.certresolver=http" - - "traefik.http.routers.keycloak-secure.service=keycloak" + - "traefik.http.routers.keycloak.tls.certresolver=http" + - "traefik.http.routers.keycloak.service=keycloak" - "traefik.http.services.keycloak.loadbalancer.server.port=8080" - - "traefik.http.services.keycloak.loadbalancer.server.scheme=http" # let /.well-known/openid-configuration be served by Keycloak - - "traefik.http.routers.idp-wellknown-secure.entrypoints=https" - - "traefik.http.routers.idp-wellknown-secure.tls=true" - - "traefik.http.routers.idp-wellknown-secure.tls.certresolver=http" - - "traefik.http.routers.idp-wellknown-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`) && Path(`/.well-known/openid-configuration`)" - "traefik.http.middlewares.idp-headers.headers.customrequestheaders.X-Forwarded-Host=${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}" - "traefik.http.middlewares.idp-prefix.addprefix.prefix=/auth/realms/${KEYCLOAK_REALM:-oCIS}" - "traefik.http.middlewares.idp-override.chain.middlewares=idp-headers,idp-prefix" - - "traefik.http.routers.idp-wellknown-secure.middlewares=idp-override" - - "traefik.http.routers.idp-wellknown-secure.service=keycloak" + - "traefik.http.routers.idp-wellknown.entrypoints=https" + - "traefik.http.routers.idp-wellknown.tls.certresolver=http" + - "traefik.http.routers.idp-wellknown.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`) && Path(`/.well-known/openid-configuration`)" + - "traefik.http.routers.idp-wellknown.middlewares=idp-override" + - "traefik.http.routers.idp-wellknown.service=keycloak" depends_on: - postgres logging: diff --git a/deployments/examples/ocis_s3/docker-compose.yml b/deployments/examples/ocis_s3/docker-compose.yml index a5a273f088..fc3ae8fab2 100644 --- a/deployments/examples/ocis_s3/docker-compose.yml +++ b/deployments/examples/ocis_s3/docker-compose.yml @@ -3,19 +3,25 @@ version: "3.7" services: traefik: - image: traefik:v2.4 + image: traefik:v2.5 networks: ocis-net: aliases: - ${OCIS_DOMAIN:-ocis.owncloud.test} command: - #- "--log.level=DEBUG" + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + # enable dasbhoard - "--api.dashboard=true" + # define entrypoints - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" ports: @@ -26,17 +32,12 @@ services: - "certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.routers.traefik.entrypoints=http" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - - "traefik.http.routers.traefik-secure.tls=true" - - "traefik.http.routers.traefik-secure.tls.certresolver=http" - - "traefik.http.routers.traefik-secure.service=api@internal" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" logging: driver: "local" restart: always @@ -72,15 +73,10 @@ services: - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=http" + - "traefik.http.routers.ocis.entrypoints=https" - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.ocis.middlewares=ocis-https-redirect" - - "traefik.http.routers.ocis-secure.entrypoints=https" - - "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis-secure.tls=true" - - "traefik.http.routers.ocis-secure.tls.certresolver=http" - - "traefik.http.routers.ocis-secure.service=ocis" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" logging: driver: "local" @@ -93,7 +89,7 @@ services: entrypoint: - /bin/sh - -c - - "mkdir -p /data/${MINIO_BUCKET:-ocis-bucket} && minio server /data" + - "mkdir -p /data/${MINIO_BUCKET:-ocis-bucket} && minio server --console-address ':9001' /data" volumes: - minio-data:/data environment: @@ -101,16 +97,11 @@ services: MINIO_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key} labels: - "traefik.enable=true" - - "traefik.http.routers.minio.entrypoints=http" + - "traefik.http.routers.minio.entrypoints=https" - "traefik.http.routers.minio.rule=Host(`${MINIO_DOMAIN:-minio.owncloud.test}`)" - - "traefik.http.middlewares.minio-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.minio.middlewares=minio-https-redirect" - - "traefik.http.routers.minio-secure.entrypoints=https" - - "traefik.http.routers.minio-secure.rule=Host(`${MINIO_DOMAIN:-minio.owncloud.test}`)" - - "traefik.http.routers.minio-secure.tls=true" - - "traefik.http.routers.minio-secure.tls.certresolver=http" - - "traefik.http.routers.minio-secure.service=minio" - - "traefik.http.services.minio.loadbalancer.server.port=9000" + - "traefik.http.routers.minio.tls.certresolver=http" + - "traefik.http.routers.minio.service=minio" + - "traefik.http.services.minio.loadbalancer.server.port=9001" logging: driver: "local" restart: always diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index 43b03d2538..eafe663575 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -3,19 +3,25 @@ version: "3.7" services: traefik: - image: traefik:v2.4 + image: traefik:v2.5 networks: ocis-net: aliases: - ${OCIS_DOMAIN:-ocis.owncloud.test} command: - #- "--log.level=DEBUG" + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + # enable dasbhoard - "--api.dashboard=true" + # define entrypoints - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" ports: @@ -26,17 +32,12 @@ services: - "certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.routers.traefik.entrypoints=http" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - - "traefik.http.routers.traefik-secure.tls=true" - - "traefik.http.routers.traefik-secure.tls.certresolver=http" - - "traefik.http.routers.traefik-secure.service=api@internal" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" logging: driver: "local" restart: always @@ -62,15 +63,10 @@ services: - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=http" + - "traefik.http.routers.ocis.entrypoints=https" - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.ocis.middlewares=ocis-https-redirect" - - "traefik.http.routers.ocis-secure.entrypoints=https" - - "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis-secure.tls=true" - - "traefik.http.routers.ocis-secure.tls.certresolver=http" - - "traefik.http.routers.ocis-secure.service=ocis" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" logging: driver: "local" diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml index 4e2fe61701..ed0c7ce9b9 100644 --- a/deployments/examples/ocis_wopi/docker-compose.yml +++ b/deployments/examples/ocis_wopi/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.7" services: traefik: - image: traefik:v2.4 + image: traefik:v2.5 networks: ocis-net: aliases: @@ -11,13 +11,19 @@ services: - ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - ${COLLABORA_DOMAIN:-collabora.owncloud.test} command: - #- "--log.level=DEBUG" + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + # enable dasbhoard - "--api.dashboard=true" + # define entrypoints - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" ports: @@ -28,17 +34,12 @@ services: - "certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.routers.traefik.entrypoints=http" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - - "traefik.http.routers.traefik-secure.tls=true" - - "traefik.http.routers.traefik-secure.tls.certresolver=http" - - "traefik.http.routers.traefik-secure.service=api@internal" + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" logging: driver: "local" restart: always @@ -71,15 +72,10 @@ services: - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=http" + - "traefik.http.routers.ocis.entrypoints=https" - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.ocis.middlewares=ocis-https-redirect" - - "traefik.http.routers.ocis-secure.entrypoints=https" - - "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis-secure.tls=true" - - "traefik.http.routers.ocis-secure.tls.certresolver=http" - - "traefik.http.routers.ocis-secure.service=ocis" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" logging: driver: "local" @@ -119,15 +115,10 @@ services: - wopi-logs:/var/log/wopi labels: - "traefik.enable=true" - - "traefik.http.routers.wopiserver.entrypoints=http" + - "traefik.http.routers.wopiserver.entrypoints=https" - "traefik.http.routers.wopiserver.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" - - "traefik.http.middlewares.wopiserver-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.wopiserver.middlewares=wopiserver-https-redirect" - - "traefik.http.routers.wopiserver-secure.entrypoints=https" - - "traefik.http.routers.wopiserver-secure.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" - - "traefik.http.routers.wopiserver-secure.tls=true" - - "traefik.http.routers.wopiserver-secure.tls.certresolver=http" - - "traefik.http.routers.wopiserver-secure.service=wopiserver" + - "traefik.http.routers.wopiserver.tls.certresolver=http" + - "traefik.http.routers.wopiserver.service=wopiserver" - "traefik.http.services.wopiserver.loadbalancer.server.port=8880" logging: driver: "local" @@ -147,15 +138,10 @@ services: - MKNOD labels: - "traefik.enable=true" - - "traefik.http.routers.collabora.entrypoints=http" + - "traefik.http.routers.collabora.entrypoints=https" - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" - - "traefik.http.middlewares.collabora-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.collabora.middlewares=collabora-https-redirect" - - "traefik.http.routers.collabora-secure.entrypoints=https" - - "traefik.http.routers.collabora-secure.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" - - "traefik.http.routers.collabora-secure.tls=true" - - "traefik.http.routers.collabora-secure.tls.certresolver=http" - - "traefik.http.routers.collabora-secure.service=collabora" + - "traefik.http.routers.collabora.tls.certresolver=http" + - "traefik.http.routers.collabora.service=collabora" - "traefik.http.services.collabora.loadbalancer.server.port=9980" logging: driver: "local" diff --git a/deployments/examples/owncloud10_with_oc_web/.env b/deployments/examples/owncloud10_with_oc_web/.env deleted file mode 100644 index 365703c275..0000000000 --- a/deployments/examples/owncloud10_with_oc_web/.env +++ /dev/null @@ -1,29 +0,0 @@ -# If you're on a internet facing server please comment out following line. -# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. -INSECURE=true - -### Traefik settings ### -# Serve Treafik dashboard. Defaults to "false". -TRAEFIK_DASHBOARD= -# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" -TRAEFIK_DOMAIN= -# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" -TRAEFIK_BASIC_AUTH_USERS= -# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server -TRAEFIK_ACME_MAIL= - -### oCIS settings ### -# oCIS version. Defaults to "latest" -OCIS_DOCKER_TAG= -# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" -OCIS_DOMAIN= - -### oC10 ### -# Domain of ownCloud 10, where you can find the frontend. Defaults to "oc10.owncloud.test" -#OC10_DOMAIN= - - -# If you want to use debugging and tracing with this stack, -# you need uncomment following line. Please see documentation at -# https://owncloud.dev/ocis/deployment/monitoring-tracing/ -#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/owncloud10_with_oc_web/README.md b/deployments/examples/owncloud10_with_oc_web/README.md deleted file mode 100644 index a1573c3190..0000000000 --- a/deployments/examples/owncloud10_with_oc_web/README.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -document this deployment example in: docs/ocis/deployment/owncloud10_with_oc_web.md ---- - -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/owncloud10_with_oc_web/) -for instructions on how to deploy this scenario. diff --git a/deployments/examples/owncloud10_with_oc_web/config/oc10/config.php b/deployments/examples/owncloud10_with_oc_web/config/oc10/config.php deleted file mode 100644 index ac605f8f5a..0000000000 --- a/deployments/examples/owncloud10_with_oc_web/config/oc10/config.php +++ /dev/null @@ -1,558 +0,0 @@ - [ - 0 => [ - "path" => OC::$SERVERROOT . "/apps", - "url" => "/apps", - "writable" => false - ], - 1 => [ - "path" => OC::$SERVERROOT . "/custom", - "url" => "/custom", - "writable" => true - ] - ], - - 'trusted_domains' => [ - 0 => $domain - ], - 'openid-connect' => [ - 'provider-url' => getenv('OCIS_URL'), - 'client-id' => 'oc10', - 'client-secret' => 'super', - 'loginButtonName' => 'OpenId Connect', - 'search-attribute' => 'preferred_username', - 'mode' => 'userid', - 'autoRedirectOnLoginPage' => true, - 'insecure' => true, - 'post_logout_redirect_uri' => getenv('OWNCLOUD_DOMAIN') . '/', - ], - 'datadirectory' => getenv('OWNCLOUD_VOLUME_FILES'), - 'dbtype' => getenv('OWNCLOUD_DB_TYPE'), - 'dbhost' => getenv('OWNCLOUD_DB_HOST'), - 'dbname' => getenv('OWNCLOUD_DB_NAME'), - 'dbuser' => getenv('OWNCLOUD_DB_USERNAME'), - 'dbpassword' => getenv('OWNCLOUD_DB_PASSWORD'), - 'dbtableprefix' => getenv('OWNCLOUD_DB_PREFIX'), - - 'web.baseUrl' => getenv('OCIS_URL'), - 'cors.allowed-domains' => [getenv('OCIS_URL')], - - 'log_type' => 'owncloud', - - 'supportedDatabases' => [ - 'sqlite', - 'mysql', - 'pgsql', - ], - - 'upgrade.disable-web' => true, - ]; - - if (getenv('OWNCLOUD_CORS_ALLOWED_DOMAINS') != '') { - $config['cors.allowed-domains'] = explode(',', getenv('OWNCLOUD_CORS_ALLOWED_DOMAINS')); - } - - if (getenv('OWNCLOUD_VERSION_HIDE') != '') { - $config['version.hide'] = getenv('OWNCLOUD_VERSION_HIDE') == 'true'; - } - - if (getenv('OWNCLOUD_SHOW_SERVER_HOSTNAME') != '') { - $config['show_server_hostname'] = getenv('OWNCLOUD_SHOW_SERVER_HOSTNAME') == 'true'; - } - - if (getenv('OWNCLOUD_DEFAULT_LANGUAGE') != '') { - $config['default_language'] = getenv('OWNCLOUD_DEFAULT_LANGUAGE'); - } - - if (getenv('OWNCLOUD_DEFAULT_APP') != '') { - $config['defaultapp'] = getenv('OWNCLOUD_DEFAULT_APP'); - } - - if (getenv('OWNCLOUD_KNOWLEDGEBASE_ENABLED') != '') { - $config['knowledgebaseenabled'] = getenv('OWNCLOUD_KNOWLEDGEBASE_ENABLED') == 'true'; - } - - if (getenv('OWNCLOUD_ENABLE_AVATARS') != '') { - $config['enable_avatars'] = getenv('OWNCLOUD_ENABLE_AVATARS') == 'true'; - } - - if (getenv('OWNCLOUD_ALLOW_USER_TO_CHANGE_DISPLAY_NAME') != '') { - $config['allow_user_to_change_display_name'] = getenv('OWNCLOUD_ALLOW_USER_TO_CHANGE_DISPLAY_NAME') == 'true'; - } - - if (getenv('OWNCLOUD_REMEMBER_LOGIN_COOKIE_LIFETIME') != '') { - $config['remember_login_cookie_lifetime'] = (int) getenv('OWNCLOUD_REMEMBER_LOGIN_COOKIE_LIFETIME'); - } - - if (getenv('OWNCLOUD_SESSION_LIFETIME') != '') { - $config['session_lifetime'] = (int) getenv('OWNCLOUD_SESSION_LIFETIME'); - } - - if (getenv('OWNCLOUD_SESSION_KEEPALIVE') != '') { - $config['session_keepalive'] = getenv('OWNCLOUD_SESSION_KEEPALIVE') == 'true'; - } - - if (getenv('OWNCLOUD_TOKEN_AUTH_ENFORCED') != '') { - $config['token_auth_enforced'] = getenv('OWNCLOUD_TOKEN_AUTH_ENFORCED') == 'true'; - } - - if (getenv('OWNCLOUD_CSRF_DISABLED') != '') { - $config['csrf.disabled'] = getenv('OWNCLOUD_CSRF_DISABLED') == 'true'; - } - - if (getenv('OWNCLOUD_SKELETON_DIRECTORY') != '') { - $config['skeletondirectory'] = getenv('OWNCLOUD_SKELETON_DIRECTORY'); - } - - if (getenv('OWNCLOUD_LOST_PASSWORD_LINK') != '') { - $config['lost_password_link'] = getenv('OWNCLOUD_LOST_PASSWORD_LINK'); - } - - if (getenv('OWNCLOUD_ACCOUNTS_ENABLE_MEDIAL_SEARCH') != '') { - $config['accounts.enable_medial_search'] = getenv('OWNCLOUD_ACCOUNTS_ENABLE_MEDIAL_SEARCH') == 'true'; - } - - if (getenv('OWNCLOUD_USER_SEARCH_MIN_LENGTH') != '') { - $config['user.search_min_length'] = (int) getenv('OWNCLOUD_USER_SEARCH_MIN_LENGTH'); - } - - if (getenv('OWNCLOUD_MAIL_DOMAIN') != '') { - $config['mail_domain'] = getenv('OWNCLOUD_MAIL_DOMAIN'); - } - - if (getenv('OWNCLOUD_MAIL_FROM_ADDRESS') != '') { - $config['mail_from_address'] = getenv('OWNCLOUD_MAIL_FROM_ADDRESS'); - } - - if (getenv('OWNCLOUD_MAIL_SMTP_DEBUG') != '') { - $config['mail_smtpdebug'] = getenv('OWNCLOUD_MAIL_SMTP_DEBUG') == 'true'; - } - - if (getenv('OWNCLOUD_MAIL_SMTP_MODE') != '') { - $config['mail_smtpmode'] = getenv('OWNCLOUD_MAIL_SMTP_MODE'); - } - - if (getenv('OWNCLOUD_MAIL_SMTP_HOST') != '') { - $config['mail_smtphost'] = getenv('OWNCLOUD_MAIL_SMTP_HOST'); - } - - if (getenv('OWNCLOUD_MAIL_SMTP_PORT') != '') { - $config['mail_smtpport'] = (int) getenv('OWNCLOUD_MAIL_SMTP_PORT'); - } - - if (getenv('OWNCLOUD_MAIL_SMTP_TIMEOUT') != '') { - $config['mail_smtptimeout'] = (int) getenv('OWNCLOUD_MAIL_SMTP_TIMEOUT'); - } - - if (getenv('OWNCLOUD_MAIL_SMTP_SECURE') != '') { - $config['mail_smtpsecure'] = getenv('OWNCLOUD_MAIL_SMTP_SECURE'); - } - - if (getenv('OWNCLOUD_MAIL_SMTP_AUTH') != '') { - $config['mail_smtpauth'] = getenv('OWNCLOUD_MAIL_SMTP_AUTH') == 'true'; - } - - if (getenv('OWNCLOUD_MAIL_SMTP_AUTH_TYPE') != '') { - $config['mail_smtpauthtype'] = getenv('OWNCLOUD_MAIL_SMTP_AUTH_TYPE'); - } - - if (getenv('OWNCLOUD_MAIL_SMTP_NAME') != '') { - $config['mail_smtpname'] = getenv('OWNCLOUD_MAIL_SMTP_NAME'); - } - - if (getenv('OWNCLOUD_MAIL_SMTP_PASSWORD') != '') { - $config['mail_smtppassword'] = getenv('OWNCLOUD_MAIL_SMTP_PASSWORD'); - } - - if (getenv('OWNCLOUD_OVERWRITE_HOST') != '') { - $config['overwritehost'] = getenv('OWNCLOUD_OVERWRITE_HOST'); - } - - if (getenv('OWNCLOUD_OVERWRITE_PROTOCOL') != '') { - $config['overwriteprotocol'] = getenv('OWNCLOUD_OVERWRITE_PROTOCOL'); - } - - if (getenv('OWNCLOUD_OVERWRITE_WEBROOT') != '') { - $config['overwritewebroot'] = getenv('OWNCLOUD_OVERWRITE_WEBROOT'); - } - - if (getenv('OWNCLOUD_OVERWRITE_COND_ADDR') != '') { - $config['overwritecondaddr'] = getenv('OWNCLOUD_OVERWRITE_COND_ADDR'); - } - - if (getenv('OWNCLOUD_OVERWRITE_CLI_URL') != '') { - $config['overwrite.cli.url'] = getenv('OWNCLOUD_OVERWRITE_CLI_URL'); - } - - if (getenv('OWNCLOUD_HTACCESS_REWRITE_BASE') != '') { - $config['htaccess.RewriteBase'] = getenv('OWNCLOUD_HTACCESS_REWRITE_BASE'); - } - - if (getenv('OWNCLOUD_PROXY') != '') { - $config['proxy'] = getenv('OWNCLOUD_PROXY'); - } - - if (getenv('OWNCLOUD_PROXY_USERPWD') != '') { - $config['proxyuserpwd'] = getenv('OWNCLOUD_PROXY_USERPWD'); - } - - if (getenv('OWNCLOUD_TRASHBIN_RETENTION_OBLIGATION') != '') { - $config['trashbin_retention_obligation'] = getenv('OWNCLOUD_TRASHBIN_RETENTION_OBLIGATION'); - } - - if (getenv('OWNCLOUD_TRASHBIN_PURGE_LIMIT') != '') { - $config['trashbin_purge_limit'] = (int) getenv('OWNCLOUD_TRASHBIN_PURGE_LIMIT'); - } - - if (getenv('OWNCLOUD_VERSIONS_RETENTION_OBLIGATION') != '') { - $config['versions_retention_obligation'] = getenv('OWNCLOUD_VERSIONS_RETENTION_OBLIGATION'); - } - - if (getenv('OWNCLOUD_UPDATE_CHECKER') != '') { - $config['updatechecker'] = getenv('OWNCLOUD_UPDATE_CHECKER') == 'true'; - } - - if (getenv('OWNCLOUD_UPDATER_SERVER_URL') != '') { - $config['updater.server.url'] = getenv('OWNCLOUD_UPDATER_SERVER_URL'); - } - - if (getenv('OWNCLOUD_HAS_INTERNET_CONNECTION') != '') { - $config['has_internet_connection'] = getenv('OWNCLOUD_HAS_INTERNET_CONNECTION') == 'true'; - } - - if (getenv('OWNCLOUD_CHECK_FOR_WORKING_WELLKNOWN_SETUP') != '') { - $config['check_for_working_wellknown_setup'] = getenv('OWNCLOUD_CHECK_FOR_WORKING_WELLKNOWN_SETUP') == 'true'; - } - - if (getenv('OWNCLOUD_OPERATION_MODE') != '') { - $config['operation.mode'] = getenv('OWNCLOUD_OPERATION_MODE'); - } - - if (getenv('OWNCLOUD_LOG_FILE') != '') { - $config['logfile'] = getenv('OWNCLOUD_LOG_FILE'); - } - - if (getenv('OWNCLOUD_LOG_LEVEL') != '') { - $config['loglevel'] = (int) getenv('OWNCLOUD_LOG_LEVEL'); - } - - if (getenv('OWNCLOUD_LOG_DATE_FORMAT') != '') { - $config['logdateformat'] = getenv('OWNCLOUD_LOG_DATE_FORMAT'); - } - - if (getenv('OWNCLOUD_LOG_TIMEZONE') != '') { - $config['logtimezone'] = getenv('OWNCLOUD_LOG_TIMEZONE'); - } - - if (getenv('OWNCLOUD_CRON_LOG') != '') { - $config['cron_log'] = getenv('OWNCLOUD_CRON_LOG') == 'true'; - } - - if (getenv('OWNCLOUD_LOG_ROTATE_SIZE') != '') { - $config['log_rotate_size'] = (int) getenv('OWNCLOUD_LOG_ROTATE_SIZE'); - } - - if (getenv('OWNCLOUD_ENABLE_PREVIEWS') != '') { - $config['enable_previews'] = getenv('OWNCLOUD_ENABLE_PREVIEWS') == 'true'; - } - - if (getenv('OWNCLOUD_PREVIEW_MAX_X') != '') { - $config['preview_max_x'] = (int) getenv('OWNCLOUD_PREVIEW_MAX_X'); - } - - if (getenv('OWNCLOUD_PREVIEW_MAX_Y') != '') { - $config['preview_max_y'] = (int) getenv('OWNCLOUD_PREVIEW_MAX_Y'); - } - - if (getenv('OWNCLOUD_PREVIEW_MAX_SCALE_FACTOR') != '') { - $config['preview_max_scale_factor'] = (int) getenv('OWNCLOUD_PREVIEW_MAX_SCALE_FACTOR'); - } - - if (getenv('OWNCLOUD_PREVIEW_MAX_FILESIZE_IMAGE') != '') { - $config['preview_max_filesize_image'] = getenv('OWNCLOUD_PREVIEW_MAX_FILESIZE_IMAGE'); - } - - if (getenv('OWNCLOUD_PREVIEW_LIBREOFFICE_PATH') != '') { - $config['preview_libreoffice_path'] = getenv('OWNCLOUD_PREVIEW_LIBREOFFICE_PATH'); - } - - if (getenv('OWNCLOUD_PREVIEW_OFFICE_CL_PARAMETERS') != '') { - $config['preview_office_cl_parameters'] = getenv('OWNCLOUD_PREVIEW_OFFICE_CL_PARAMETERS'); - } - - if (getenv('OWNCLOUD_ENABLED_PREVIEW_PROVIDERS') != '') { - $config['enabledPreviewProviders'] = explode(',', getenv('OWNCLOUD_ENABLED_PREVIEW_PROVIDERS')); - } - - if (getenv('OWNCLOUD_COMMENTS_MANAGER_FACTORY') != '') { - $config['comments.managerFactory'] = getenv('OWNCLOUD_COMMENTS_MANAGER_FACTORY'); - } - - if (getenv('OWNCLOUD_SYSTEMTAGS_MANAGER_FACTORY') != '') { - $config['systemtags.managerFactory'] = getenv('OWNCLOUD_SYSTEMTAGS_MANAGER_FACTORY'); - } - - if (getenv('OWNCLOUD_MAINTENANCE') != '') { - $config['maintenance'] = getenv('OWNCLOUD_MAINTENANCE') == 'true'; - } - - if (getenv('OWNCLOUD_SINGLEUSER') != '') { - $config['singleuser'] = getenv('OWNCLOUD_SINGLEUSER'); - } - - if (getenv('OWNCLOUD_ENABLE_CERTIFICATE_MANAGEMENT') != '') { - $config['enable_certificate_management'] = getenv('OWNCLOUD_ENABLE_CERTIFICATE_MANAGEMENT'); - } - - if (getenv('OWNCLOUD_MEMCACHE_LOCAL') != '') { - $config['memcache.local'] = getenv('OWNCLOUD_MEMCACHE_LOCAL'); - } - - if (getenv('OWNCLOUD_CACHE_PATH') != '') { - $config['cache_path'] = getenv('OWNCLOUD_CACHE_PATH'); - } - - if (getenv('OWNCLOUD_CACHE_CHUNK_GC_TTL') != '') { - $config['cache_chunk_gc_ttl'] = (int) getenv('OWNCLOUD_CACHE_CHUNK_GC_TTL'); - } - - if (getenv('OWNCLOUD_DAV_CHUNK_BASE_DIR') != '') { - $config['dav.chunk_base_dir'] = getenv('OWNCLOUD_DAV_CHUNK_BASE_DIR'); - } - - if (getenv('OWNCLOUD_SHARING_MANAGER_FACTORY') != '') { - $config['sharing.managerFactory'] = getenv('OWNCLOUD_SHARING_MANAGER_FACTORY'); - } - - if (getenv('OWNCLOUD_SHARING_FEDERATION_ALLOW_HTTP_FALLBACK') != '') { - $config['sharing.federation.allowHttpFallback'] = getenv('OWNCLOUD_SHARING_FEDERATION_ALLOW_HTTP_FALLBACK') == 'true'; - } - - if (getenv('OWNCLOUD_SQLITE_JOURNAL_MODE') != '') { - $config['sqlite.journal_mode'] = getenv('OWNCLOUD_SQLITE_JOURNAL_MODE'); - } - - if (getenv('OWNCLOUD_MYSQL_UTF8MB4') != '') { - $config['mysql.utf8mb4'] = getenv('OWNCLOUD_MYSQL_UTF8MB4') == 'true'; - } - - if (getenv('OWNCLOUD_TEMP_DIRECTORY') != '') { - $config['tempdirectory'] = getenv('OWNCLOUD_TEMP_DIRECTORY'); - } - - if (getenv('OWNCLOUD_HASHING_COST') != '') { - $config['hashingCost'] = (int) getenv('OWNCLOUD_HASHING_COST'); - } - - if (getenv('OWNCLOUD_BLACKLISTED_FILES') != '') { - $config['blacklisted_files'] = explode(',', getenv('OWNCLOUD_BLACKLISTED_FILES')); - } - - if (getenv('OWNCLOUD_EXCLUDED_DIRECTORIES') != '') { - $config['excluded_directories'] = explode(',', getenv('OWNCLOUD_EXCLUDED_DIRECTORIES')); - } - - if (getenv('OWNCLOUD_INTEGRITY_EXCLUDED_FILES') != '') { - $config['integrity.excluded.files'] = explode(',', getenv('OWNCLOUD_INTEGRITY_EXCLUDED_FILES')); - } - - if (getenv('OWNCLOUD_INTEGRITY_IGNORE_MISSING_APP_SIGNATURE') != '') { - $config['integrity.ignore.missing.app.signature'] = explode(',', getenv('OWNCLOUD_INTEGRITY_IGNORE_MISSING_APP_SIGNATURE')); - } - - if (getenv('OWNCLOUD_SHARE_FOLDER') != '') { - $config['share_folder'] = getenv('OWNCLOUD_SHARE_FOLDER'); - } - - if (getenv('OWNCLOUD_CIPHER') != '') { - $config['cipher'] = getenv('OWNCLOUD_CIPHER'); - } - - if (getenv('OWNCLOUD_MINIMUM_SUPPORTED_DESKTOP_VERSION') != '') { - $config['minimum.supported.desktop.version'] = getenv('OWNCLOUD_MINIMUM_SUPPORTED_DESKTOP_VERSION'); - } - - if (getenv('OWNCLOUD_QUOTA_INCLUDE_EXTERNAL_STORAGE') != '') { - $config['quota_include_external_storage'] = getenv('OWNCLOUD_QUOTA_INCLUDE_EXTERNAL_STORAGE') == 'true'; - } - - if (getenv('OWNCLOUD_FILESYSTEM_CHECK_CHANGES') != '') { - $config['filesystem_check_changes'] = (int) getenv('OWNCLOUD_FILESYSTEM_CHECK_CHANGES'); - } - - if (getenv('OWNCLOUD_PART_FILE_IN_STORAGE') != '') { - $config['part_file_in_storage'] = getenv('OWNCLOUD_PART_FILE_IN_STORAGE') == 'true'; - } - - if (getenv('OWNCLOUD_MOUNT_FILE') != '') { - $config['mount_file'] = getenv('OWNCLOUD_MOUNT_FILE'); - } - - if (getenv('OWNCLOUD_FILESYSTEM_CACHE_READONLY') != '') { - $config['filesystem_cache_readonly'] = getenv('OWNCLOUD_FILESYSTEM_CACHE_READONLY') == 'true'; - } - - if (getenv('OWNCLOUD_SECRET') != '') { - $config['secret'] = getenv('OWNCLOUD_SECRET'); - } - - if (getenv('OWNCLOUD_TRUSTED_PROXIES') != '') { - $config['trusted_proxies'] = explode(',', getenv('OWNCLOUD_TRUSTED_PROXIES')); - } - - if (getenv('OWNCLOUD_FORWARDED_FOR_HEADERS') != '') { - $config['forwarded_for_headers'] = explode(',', getenv('OWNCLOUD_FORWARDED_FOR_HEADERS')); - } - - if (getenv('OWNCLOUD_MAX_FILESIZE_ANIMATED_GIFS_PUBLIC_SHARING') != '') { - $config['max_filesize_animated_gifs_public_sharing'] = (int) getenv('OWNCLOUD_MAX_FILESIZE_ANIMATED_GIFS_PUBLIC_SHARING'); - } - - if (getenv('OWNCLOUD_FILELOCKING_ENABLED') != '') { - $config['filelocking.enabled'] = getenv('OWNCLOUD_FILELOCKING_ENABLED') == 'true'; - } - - if (getenv('OWNCLOUD_FILELOCKING_TTL') != '') { - $config['filelocking.ttl'] = getenv('OWNCLOUD_FILELOCKING_TTL'); - } - - if (getenv('OWNCLOUD_MEMCACHE_LOCKING') != '') { - $config['memcache.locking'] = getenv('OWNCLOUD_MEMCACHE_LOCKING'); - } - - if (getenv('OWNCLOUD_UPGRADE_AUTOMATIC_APP_UPDATES') != '') { - $config['upgrade.automatic-app-update'] = getenv('OWNCLOUD_UPGRADE_AUTOMATIC_APP_UPDATES') == 'true'; - } - - if (getenv('OWNCLOUD_DEBUG') != '') { - $config['debug'] = getenv('OWNCLOUD_DEBUG') == 'true'; - } - - if (getenv('OWNCLOUD_FILES_EXTERNAL_ALLOW_NEW_LOCAL') != '') { - $config['files_external_allow_create_new_local'] = getenv('OWNCLOUD_FILES_EXTERNAL_ALLOW_NEW_LOCAL') == 'true'; - } - - if (getenv('OWNCLOUD_SMB_LOGGING_ENABLE') != '') { - $config['smb.logging.enable'] = getenv('OWNCLOUD_SMB_LOGGING_ENABLE'); - } - - if (getenv('OWNCLOUD_DAV_ENABLE_ASYNC') != '') { - $config['dav.enable.async'] = getenv('OWNCLOUD_DAV_ENABLE_ASYNC'); - } - - if (getenv('OWNCLOUD_LICENSE_KEY') != '') { - $config['license-key'] = getenv('OWNCLOUD_LICENSE_KEY'); - } - - if (getenv('OWNCLOUD_MARKETPLACE_KEY') != '') { - $config['marketplace.key'] = getenv('OWNCLOUD_MARKETPLACE_KEY'); - } - - if (getenv('OWNCLOUD_MARKETPLACE_CA') != '') { - $config['marketplace.ca'] = getenv('OWNCLOUD_MARKETPLACE_CA'); - } - - if (getenv('OWNCLOUD_APPSTORE_URL') != '') { - $config['appstoreurl'] = getenv('OWNCLOUD_APPSTORE_URL'); - } - - if (getenv('OWNCLOUD_LOGIN_ALTERNATIVES') != '') { - $rows = explode(',', getenv('OWNCLOUD_LOGIN_ALTERNATIVES')); - - foreach ($rows as $key => $value) { - parse_str($value, $opts); - $config['login.alternatives'][$key] = $opts; - } - } - - switch (true) { - case getenv('OWNCLOUD_REDIS_ENABLED') && getenv('OWNCLOUD_REDIS_ENABLED') == 'true': - $config = array_merge_recursive($config, [ - 'memcache.distributed' => '\OC\Memcache\Redis', - 'memcache.locking' => '\OC\Memcache\Redis', - ]); - switch (true) { - case getenv('OWNCLOUD_REDIS_SEEDS') != '': - $config['redis.cluster']['seeds'] = explode(',', getenv('OWNCLOUD_REDIS_SEEDS')); - - if (getenv('OWNCLOUD_REDIS_TIMEOUT') != '') { - $config['redis.cluster']['timeout'] = (float) getenv('OWNCLOUD_REDIS_TIMEOUT'); - } - - if (getenv('OWNCLOUD_REDIS_READ_TIMEOUT') != '') { - $config['redis.cluster']['read_timeout'] = (float) getenv('OWNCLOUD_REDIS_READ_TIMEOUT'); - } - - if (getenv('OWNCLOUD_REDIS_FAILOVER_MODE') != '') { - switch (getenv('OWNCLOUD_REDIS_FAILOVER_MODE')) { - case 'FAILOVER_NONE': - $config['redis.cluster']['failover_mode'] = \RedisCluster::FAILOVER_NONE; - case 'FAILOVER_ERROR': - $config['redis.cluster']['failover_mode'] = \RedisCluster::FAILOVER_ERROR; - case 'FAILOVER_DISTRIBUTE': - $config['redis.cluster']['failover_mode'] = \RedisCluster::FAILOVER_DISTRIBUTE; - } - } - - case getenv('OWNCLOUD_REDIS_HOST') != '': - $config['redis']['host'] = getenv('OWNCLOUD_REDIS_HOST'); - $config['redis']['port'] = getenv('OWNCLOUD_REDIS_PORT'); - - if (getenv('OWNCLOUD_REDIS_DB') != '') { - $config['redis']['dbindex'] = getenv('OWNCLOUD_REDIS_DB'); - } - - if (getenv('OWNCLOUD_REDIS_PASSWORD') != '') { - $config['redis']['password'] = getenv('OWNCLOUD_REDIS_PASSWORD'); - } - - if (getenv('OWNCLOUD_REDIS_TIMEOUT') != '') { - $config['redis']['timeout'] = (float) getenv('OWNCLOUD_REDIS_TIMEOUT'); - } - } - - break; - case getenv('OWNCLOUD_MEMCACHED_ENABLED') && getenv('OWNCLOUD_MEMCACHED_ENABLED') == 'true': - $config = array_merge_recursive($config, [ - 'memcache.distributed' => '\OC\Memcache\Memcached', - 'memcache.locking' => '\OC\Memcache\Memcached', - - 'memcached_servers' => [ - [ - getenv('OWNCLOUD_MEMCACHED_HOST'), - getenv('OWNCLOUD_MEMCACHED_PORT'), - ], - ], - ]); - - if (getenv('OWNCLOUD_MEMCACHED_OPTIONS') != '') { - parse_str(getenv('OWNCLOUD_MEMCACHED_OPTIONS'), $opts); - - foreach($opts as $key => $value) { - $config['memcached_options'][constant($key)] = $value; - } - } - - break; - } - - return $config; -} - -$CONFIG = getConfigFromEnv(); diff --git a/deployments/examples/owncloud10_with_oc_web/config/ocis/.gitignore b/deployments/examples/owncloud10_with_oc_web/config/ocis/.gitignore deleted file mode 100644 index 77c5784c1c..0000000000 --- a/deployments/examples/owncloud10_with_oc_web/config/ocis/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -config.json -identifier-registration.yaml -proxy-config.json diff --git a/deployments/examples/owncloud10_with_oc_web/config/ocis/config.dist.json b/deployments/examples/owncloud10_with_oc_web/config/ocis/config.dist.json deleted file mode 100644 index cea136ddb6..0000000000 --- a/deployments/examples/owncloud10_with_oc_web/config/ocis/config.dist.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "server": "https://ocis.owncloud.test", - "theme": "owncloud", - "version": "0.1.0", - "openIdConnect": { - "metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration", - "authority": "https://ocis.owncloud.test", - "client_id": "web", - "response_type": "code", - "scope": "openid profile email" - }, - "applications": [ - { - "title": { - "en": "Classic Design", - "de": "Klassisches ownCloud" - }, - "icon": "switch_ui", - "url": "https://oc10.owncloud.test", - "target": "_self" - }, - { - "title": { - "en": "Settings", - "de": "Einstellungen" - }, - "icon": "application", - "url": "https://oc10.owncloud.test/index.php/settings/personal", - "target": "_self", - "menu": "user" - } - ], - "apps": ["files", "draw-io", "markdown-editor", "media-viewer"] -} diff --git a/deployments/examples/owncloud10_with_oc_web/config/ocis/identifier-registration.dist.yaml b/deployments/examples/owncloud10_with_oc_web/config/ocis/identifier-registration.dist.yaml deleted file mode 100644 index 09f94fc7ba..0000000000 --- a/deployments/examples/owncloud10_with_oc_web/config/ocis/identifier-registration.dist.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# OpenID Connect client registry. -clients: - - id: web - name: OCIS - application_type: web - trusted: yes - redirect_uris: - - https://ocis.owncloud.test/ - - https://ocis.owncloud.test/oidc-callback.html - - https://ocis.owncloud.test/oidc-silent-redirect.html - origins: - - https://ocis.owncloud.test - - - id: oc10 - name: OC10 - application_type: web - secret: super - trusted: yes - redirect_uris: - - https://oc10.owncloud.test/ - - https://oc10.owncloud.test/apps/openidconnect/redirect - origins: - - https://oc10.owncloud.test - - - id: ocis-explorer.js - name: OCIS Graph Explorer - trusted: yes - application_type: web - - - id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69 - secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh - name: ownCloud desktop app - application_type: native - redirect_uris: - - http://127.0.0.1 - - http://localhost - - - id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD - secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD - name: ownCloud Android app - application_type: native - redirect_uris: - - oc://android.owncloud.com - - - id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1 - secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx - name: ownCloud iOS app - application_type: native - redirect_uris: - - oc://ios.owncloud.com - - oc.ios://ios.owncloud.com diff --git a/deployments/examples/owncloud10_with_oc_web/config/ocis/proxy-config.dist.json b/deployments/examples/owncloud10_with_oc_web/config/ocis/proxy-config.dist.json deleted file mode 100644 index 64cab50195..0000000000 --- a/deployments/examples/owncloud10_with_oc_web/config/ocis/proxy-config.dist.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "HTTP": { - "Namespace": "ocis_oc10_backend" - }, - "policy_selector": { - "static": { - "policy": "ocis_oc10_backend" - } - }, - "policies": [ - { - "name": "ocis_oc10_backend", - "routes": [ - { - "endpoint": "/", - "backend": "http://localhost:9100" - }, - { - "endpoint": "/.well-known/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/konnect/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/signin/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/ocs/", - "backend": "https://oc10.owncloud.test", - "apache-vhost": true - }, - { - "endpoint": "/remote.php/", - "backend": "https://oc10.owncloud.test", - "apache-vhost": true - }, - { - "endpoint": "/dav/", - "backend": "https://oc10.owncloud.test", - "apache-vhost": true - }, - { - "endpoint": "/webdav/", - "backend": "https://oc10.owncloud.test", - "apache-vhost": true - }, - { - "endpoint": "/status.php", - "backend": "https://oc10.owncloud.test", - "apache-vhost": true - }, - { - "endpoint": "/index.php/", - "backend": "https://oc10.owncloud.test", - "apache-vhost": true - } - ] - } - ] -} diff --git a/deployments/examples/owncloud10_with_oc_web/docker-compose.yml b/deployments/examples/owncloud10_with_oc_web/docker-compose.yml deleted file mode 100644 index ef43039321..0000000000 --- a/deployments/examples/owncloud10_with_oc_web/docker-compose.yml +++ /dev/null @@ -1,212 +0,0 @@ ---- -version: "3.7" - -services: - traefik: - image: traefik:v2.4 - networks: - default: - aliases: - - ${OCIS_DOMAIN:-ocis.owncloud.test} - - ${OC10_DOMAIN:-oc10.owncloud.test} - command: - #- "--log.level=DEBUG" - - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - - "--api.dashboard=true" - - "--entryPoints.http.address=:80" - - "--entryPoints.https.address=:443" - - "--providers.docker.endpoint=unix:///var/run/docker.sock" - - "--providers.docker.exposedByDefault=false" - ports: - - "80:80" - - "443:443" - volumes: - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - "certs:/certs" - labels: - - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - - "traefik.http.routers.traefik.entrypoints=http" - - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - - "traefik.http.routers.traefik-secure.tls=true" - - "traefik.http.routers.traefik-secure.tls.certresolver=http" - - "traefik.http.routers.traefik-secure.service=api@internal" - logging: - driver: "local" - restart: always - - ocis: - image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - entrypoint: - - /bin/sh - - -c - - | - cp /config/identifier-registration.dist.yaml /config/identifier-registration.yaml - sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/identifier-registration.yaml - sed -i 's/oc10.owncloud.test/${OC10_DOMAIN:-oc10.owncloud.test}/g' /config/identifier-registration.yaml - - cp /config/config.dist.json /config/config.json - sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/config.json - sed -i 's/oc10.owncloud.test/${OC10_DOMAIN:-oc10.owncloud.test}/g' /config/config.json - - cp /config/proxy-config.dist.json /config/proxy-config.json - sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/proxy-config.json - sed -i 's/oc10.owncloud.test/${OC10_DOMAIN:-oc10.owncloud.test}/g' /config/proxy-config.json - - ocis server - networks: - default: - environment: - # general config - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} - # proxy - PROXY_AUTOPROVISION_ACCOUNTS: "true" - PROXY_INSECURE_BACKENDS: "${INSECURE:-false}" - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - PROXY_CONFIG_FILE: "/config/proxy-config.json" - PROXY_ENABLE_PRESIGNEDURLS: "false" - PROXY_TLS: "false" - # idp - binddn must exist as oc10 admin user - IDP_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml" - IDP_INSECURE: "${INSECURE:-false}" - IDP_SIGNING_KID: super - IDP_TLS: 0 - LDAP_BASEDN: "dc=example,dc=org" - LDAP_BINDDN: "cn=admin,dc=example,dc=org" - LDAP_BINDPW: "admin" - LDAP_EMAIL_ATTRIBUTE: mail - LDAP_FILTER: "(objectClass=posixaccount)" - LDAP_LOGIN_ATTRIBUTE: uid - LDAP_NAME_ATTRIBUTE: givenName - LDAP_SCOPE: sub - LDAP_URI: ldap://localhost:9125 - LDAP_UUID_ATTRIBUTE_TYPE: text - LDAP_UUID_ATTRIBUTE: uid - # glauth - GLAUTH_BACKEND_DATASTORE: owncloud - GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN:-oc10.owncloud.test}/apps/graphapi/v1.0 - GLAUTH_BACKEND_INSECURE: "${INSECURE:-false}" - # graph - GRAPH_OIDC_ENDPOINT: https://${OC10_DOMAIN:-oc10.owncloud.test}/apps/graphapi/v1.0 - # web ui - WEB_UI_CONFIG: "/config/config.json" - # storage - although not used, yet - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - STORAGE_TRANSFER_EXPIRES: 86400 - volumes: - - ./config/ocis:/config - - ocis-data:/var/tmp/ocis - labels: - - "traefik.enable=true" - - "traefik.http.routers.ocis.entrypoints=http" - - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.ocis.middlewares=ocis-https-redirect" - - "traefik.http.routers.ocis-secure.entrypoints=https" - - "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - - "traefik.http.routers.ocis-secure.tls=true" - - "traefik.http.routers.ocis-secure.tls.certresolver=http" - - "traefik.http.routers.ocis-secure.service=ocis" - - "traefik.http.services.ocis.loadbalancer.server.port=9200" - logging: - driver: "local" - restart: always - - oc10: - image: owncloud/server:10.6.0-rc1 - depends_on: - - db - - redis - environment: - PROXY_LOG_LEVEL: debug - OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OWNCLOUD_DOMAIN: ${OC10_DOMAIN:-oc10.owncloud.test} - OWNCLOUD_DB_TYPE: mysql - OWNCLOUD_DB_NAME: owncloud - OWNCLOUD_DB_USERNAME: owncloud - OWNCLOUD_DB_PASSWORD: owncloud - OWNCLOUD_DB_HOST: db - OWNCLOUD_ADMIN_USERNAME: admin - OWNCLOUD_ADMIN_PASSWORD: admin - OWNCLOUD_MYSQL_UTF8MB4: "true" - OWNCLOUD_REDIS_ENABLED: "true" - OWNCLOUD_REDIS_HOST: redis - OWNCLOUD_TRUSTED_PROXIES: ${OC10_DOMAIN:-oc10.owncloud.test} - OWNCLOUD_OVERWRITE_PROTOCOL: https - OWNCLOUD_OVERWRITE_HOST: ${OC10_DOMAIN:-oc10.owncloud.test} - OWNCLOUD_APPS_ENABLE: "openidconnect,oauth2,user_ldap,graphapi" - OWNCLOUD_LOG_LEVEL: 0 - volumes: - - ./config/oc10/config.php:/etc/templates/config.php - - files:/mnt/data - - tmp:/tmp/shared - labels: - - "traefik.enable=true" - - "traefik.http.routers.oc10.entrypoints=http" - - "traefik.http.routers.oc10.rule=Host(`${OC10_DOMAIN:-oc10.owncloud.test}`)" - - "traefik.http.middlewares.oc10-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.oc10.middlewares=oc10-https-redirect" - - "traefik.http.routers.oc10-secure.entrypoints=https" - - "traefik.http.routers.oc10-secure.rule=Host(`${OC10_DOMAIN:-oc10.owncloud.test}`)" - - "traefik.http.routers.oc10-secure.tls=true" - - "traefik.http.routers.oc10-secure.tls.certresolver=http" - - "traefik.http.routers.oc10-secure.service=oc10" - - "traefik.http.services.oc10.loadbalancer.server.port=8080" - logging: - driver: "local" - restart: always - - db: - image: mariadb:10.5 - environment: - - MYSQL_ROOT_PASSWORD=owncloud - - MYSQL_USER=owncloud - - MYSQL_PASSWORD=owncloud - - MYSQL_DATABASE=owncloud - command: ["--max-allowed-packet=128M", "--innodb-log-file-size=64M"] - healthcheck: - test: ["CMD", "mysqladmin", "ping", "-u", "root", "--password=owncloud"] - interval: 10s - timeout: 5s - retries: 5 - volumes: - - mysql:/var/lib/mysql - logging: - driver: "local" - restart: always - - redis: - image: redis:6 - command: ["--databases", "1"] - healthcheck: - test: ["CMD", "redis-cli", "ping"] - interval: 10s - timeout: 5s - retries: 5 - volumes: - - redis:/data - logging: - driver: "local" - restart: always - -volumes: - certs: - ocis-data: - files: - driver: local - mysql: - driver: local - backup: - driver: local - redis: - driver: local - tmp: - driver: local diff --git a/docs/ocis/deployment/_index.md b/docs/ocis/deployment/_index.md index 8ba2edfb3d..f8fd37f764 100644 --- a/docs/ocis/deployment/_index.md +++ b/docs/ocis/deployment/_index.md @@ -21,13 +21,6 @@ oCIS deployments are super simple, yet there are many configurations possible fo - [oCIS setup with Keycloak as identity provider]({{< ref "ocis_keycloak" >}}) - [oCIS setup with WOPI server to open office documents in your browser]({{< ref "ocis_wopi" >}}) -### Migrate an existing ownCloud 10 -You can run ownCloud 10 and oCIS together. This allows you to use new parts of oCIS already with ownCloud 10 and also to have a smooth transition for users from ownCloud 10 to oCIS. - -- [ownCloud 10 setup with oCIS serving ownCloud Web and acting as OIDC provider]({{< ref "owncloud10_with_oc_web" >}}) - This allows you to switch between the traditional ownCloud 10 frontend and the new ownCloud Web frontend -- Run ownCloud 10 and oCIS in parallel - together -- Migrate users from ownCloud 10 to oCIS - ## Secure an oCIS instance diff --git a/docs/ocis/deployment/owncloud10_with_oc_web.md b/docs/ocis/deployment/owncloud10_with_oc_web.md deleted file mode 100644 index cee617fe9f..0000000000 --- a/docs/ocis/deployment/owncloud10_with_oc_web.md +++ /dev/null @@ -1,121 +0,0 @@ ---- -title: "ownCloud 10 with ownCloud Web" -date: 2020-10-12T14:04:00+01:00 -weight: 25 -geekdocRepo: https://github.com/owncloud/ocis -geekdocEditPath: edit/master/docs/ocis/deployment -geekdocFilePath: owncloud10_with_oc_web.md ---- - -{{< toc >}} - -This deployment scenario shows how to use ownCloud Web as frontend for an existing ownCloud 10 production installation. It enables ownCloud 10 users to log in and work with their files using the new ownCloud Web. While the scenario includes an ownCloud 10 instance, it only exists to show the necessary configuration for your already existing ownCloud 10 installation. - -## Overview - -* oCIS setup serving ownCloud Web -* oCIS acting as OIDC IDP on the ownCloud 10 user database -* ownCloud 10 setup connected to oCIS -* DNS is resolving one domain for ocis and one for oc10 -* Valid ssl certificates for the domains for ssl termination - -[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/owncloud10_with_oc_web) - -{{< hint info >}} -In this setup it's mandatory that the users in ownCloud 10 are assigned to at least one group. -{{< /hint >}} - -{{< hint info >}} -In this setup relies on graph-api app to be installed in ownCloud 10. This app is included by default beginning with ownCloud 10.6. If you are on a lower version, please install it manually. -{{< /hint >}} - -## Server Deployment - -### Requirements - -* Linux server with docker and docker-compose installed -* Three domains set up and pointing to your server - - ocis.* for serving oCIS - - oc10.* for serving - - traefik.* for serving the Traefik dashboard - -See also [example server setup]({{< ref "preparing_server" >}}) - -### Install oCIS and Traefik - -* Clone oCIS repository - - `git clone https://github.com/owncloud/ocis.git` - -* Go to the deployment example - - `cd ocis/deployment/examples/ocis_oc10_backend` - -* Open the `.env` file in a text editor - The file by default looks like this: - ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - # Serve Treafik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - - ### oC10 ### - # Domain of ownCloud 10, where you can find the frontend. Defaults to "oc10.owncloud.test" - #OC10_DOMAIN= - ``` - - You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. - - If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`. - - The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). - - Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. - - By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). - - Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - - Set your domain for the ownCloud 10 frontend in `OC10_DOMAIN=` eg. `OC10_DOMAIN=oc10.owncloud.test`. - - Now you have configured everything and can save the file. - -* Start the docker stack - - `docker-compose up -d` - -* You now can visit oCIS and Traefik dashboard on your configured domains - - -## Local setup -For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}}) - -This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. - -On Linux and macOS you can add them to your `/etc/hosts` files like this: -``` -127.0.0.1 ocis.owncloud.test -127.0.0.1 oc10.owncloud.test -127.0.0.1 traefik.owncloud.test -``` - -After that you're ready to start the application stack: - -`docker-compose up -d` - -Open https://oc10.owncloud.test in your browser and accept the invalid certificate warning. You now can login with the ownCloud 10 default user "admin" and password "admin". As you might have noticed, you did not see the login prompt of ownCloud 10. This was the login prompt of oCIS. When you go to application you can both in ownCloud Web and ownCloud 10 see a switch to switch vice versa. diff --git a/docs/ocis/migration.md b/docs/ocis/migration.md index 91455d2131..ef57ce1336 100644 --- a/docs/ocis/migration.md +++ b/docs/ocis/migration.md @@ -36,7 +36,7 @@ Install and introduce [ownCloud Web](https://github.com/owncloud/web/) and let u #### Steps Deploy web and enable switching to and from it. -For more details see: [ownCloud 10 with ownCloud Web]({{< ref "deployment/owncloud10_with_oc_web.md" >}}) +For more details see: [ownCloud 10 with ownCloud Web](https://owncloud.dev/clients/web/deployments/oc10-app/)
@@ -742,4 +742,4 @@ The problem is that the username in owncloud 10 and in oCIS also need to be the The [data_exporter](https://github.com/owncloud/data_exporter) has logic that allows exporting and importing users, including shares. The [model classes](https://github.com/owncloud/data_exporter/tree/master/lib/Model) contain the exact mapping. -
\ No newline at end of file + diff --git a/docs/ocis/release_notes.md b/docs/ocis/release_notes.md index 222bbf2bdf..05166f30c0 100644 --- a/docs/ocis/release_notes.md +++ b/docs/ocis/release_notes.md @@ -372,7 +372,7 @@ For the product transition phase, ownCloud Infinite Scale comes with an operatio - The [Graph API](https://marketplace.owncloud.com/apps/graphapi) app is installed on ownCloud Server - The latest client versions are rolled-out to users (required for OpenID Connect support). See the [documentation](https://doc.owncloud.com/server/admin_manual/configuration/user/oidc/#owncloud-desktop-and-mobile-clients) for more information. -See the [documentation]({{< ref "./deployment/owncloud10_with_oc_web" >}}) on how to deploy Infinite Scale in bridge mode. +See the [documentation]({{< ref "./deployment/bridge" >}}) on how to deploy Infinite Scale in bridge mode. {{< hint "warning" >}} **Technology Preview**