mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-30 17:00:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1008 from owncloud/streamline_example_deployments

Browse Source 
[docs-only] streamline example deployments
This commit is contained in:
Willy Kloucek
2020-12-07 11:58:47 +01:00
committed by GitHub
parent d3fe8b2bfc 664bbe0018
commit 5373eb93c4
39 changed files with 968 additions and 1212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deployments/examples/ocis_external_konnectd/README.md
View File

@@ -1,2 +0,0 @@
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/ocis_external_konnectd/)
for instructions on how to deploy this scenario.

2
deployments/examples/ocis_external_konnectd/idpnode/.env
View File

@@ -1,2 +0,0 @@
OCIS_DOMAIN=ocis.domain.com
IDP_DOMAIN=idp.domain.com

18
deployments/examples/ocis_external_konnectd/idpnode/config/identifier-registration.yml
View File

@@ -1,18 +0,0 @@
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com

67
deployments/examples/ocis_external_konnectd/idpnode/docker-compose.yml
View File

@@ -1,67 +0,0 @@
version: '3.7'
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
networks:
- idpnet
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.idp.acme.tlschallenge=true"
- "--certificatesresolvers.idp.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.idp.acme.email=postmaster@${IDP_DOMAIN}"
- "--certificatesresolvers.idp.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
konnectd:
container_name: konnectd
image: owncloud/ocis-konnectd:latest
networks:
- idpnet
ports:
- "9130:9130"
volumes:
- ./config:/etc/ocis
environment:
OCIS_LOG_LEVEL: debug
KONNECTD_ISS: https://${IDP_DOMAIN}
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/etc/ocis/identifier-registration.yml"
KONNECTD_LOG_LEVEL: debug
KONNECTD_TLS: '0'
LDAP_URI: ldap://${OCIS_DOMAIN}:9125
LDAP_BINDDN: cn=konnectd,ou=sysusers,dc=example,dc=org
LDAP_BINDPW: konnectd
LDAP_BASEDN: ou=users,dc=example,dc=org
LDAP_SCOPE: sub
LDAP_LOGIN_ATTRIBUTE: cn
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_NAME_ATTRIBUTE=: n
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: (objectClass=posixaccount)
labels:
- "traefik.enable=true"
- "traefik.http.services.idp.loadbalancer.server.port=9200"
- "traefik.docker.network=idpnet"
- "traefik.port=9130"
- "traefik.protocol=https"
# ssl config
- "traefik.http.routers.idp.rule=Host(`${IDP_DOMAIN}`)"
- "traefik.http.routers.idp.entrypoints=websecure"
- "traefik.http.routers.idp.tls.certresolver=idp"
# http -> https forwarding
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.idp-redirs.rule=Host(`${IDP_DOMAIN}`)"
- "traefik.http.routers.idp-redirs.entrypoints=web"
- "traefik.http.routers.idp-redirs.middlewares=redirect-to-https"

2
deployments/examples/ocis_external_konnectd/ocisnode/.env
View File

@@ -1,2 +0,0 @@
OCIS_DOMAIN=ocis.domain.com
IDP_DOMAIN=idp.domain.com

68
deployments/examples/ocis_external_konnectd/ocisnode/docker-compose.yml
View File

@@ -1,68 +0,0 @@
version: '3.7'
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
networks:
- ocisnet
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.ocis.acme.email=postmaster@${OCIS_DOMAIN}"
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
ocis:
container_name: ocis
image: owncloud/ocis:latest
tty: true
privileged: true
stdin_open: true
ports:
- 9200:9200
- 9125:9125
hostname: ocis
networks:
- ocisnet
environment:
OCIS_DOMAIN: ${OCIS_DOMAIN}
PROXY_OIDC_ISSUER: https://${IDP_DOMAIN}
PROXY_OIDC_INSECURE: "true"
PROXY_TLS: "false"
GRAPH_OIDC_ENDPOINT: https://${IDP_DOMAIN}
REVA_OIDC_ISSUER: https://${IDP_DOMAIN}
REVA_LDAP_IDP: https://${IDP_DOMAIN}
PHOENIX_OIDC_AUTHORITY: https://${IDP_DOMAIN}
PHOENIX_OIDC_METADATA_URL: https://${IDP_DOMAIN}/.well-known/openid-configuration
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN}
OCIS_LOG_LEVEL: debug
REVA_TRANSFER_EXPIRES: 86400
REVA_FRONTEND_URL: https://${OCIS_DOMAIN}
REVA_DATAGATEWAY_URL: https://${OCIS_DOMAIN}/data
labels:
- "traefik.enable=true"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.docker.network=ocisnet"
- "traefik.protocol=https"
# ssl config
- "traefik.http.routers.idp.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis.entrypoints=websecure"
- "traefik.http.routers.ocis.tls.certresolver=idp"
# http -> https forwarding
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.ocis-redirs.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis-redirs.entrypoints=web"
- "traefik.http.routers.ocis-redirs.middlewares=redirect-to-https"

29
deployments/examples/ocis_keycloak/.env Normal file
View File

@@ -0,0 +1,29 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# owncloud Web openid connect client id. Defaults to "ocis-phoenix"
OCIS_OIDC_CLIENT_ID=
### Keycloak ###
# Domain of Keycloak, where you can find the managment and authentication frontend. Defaults to "keycloak.owncloud.test"
KEYCLOAK_DOMAIN=
# Realm which to be used with oCIS. Defaults to "master"
KEYCLOAK_REALM=
# Admin user login name. Defaults to "admin"
KEYCLOAK_ADMIN_USER=
# Admin user login password. Defaults to "admin"
KEYCLOAK_ADMIN_PASSWORD=

6
deployments/examples/ocis_keycloak/README.md Normal file
View File

@@ -0,0 +1,6 @@
---
document this deployment example in docs/ocis/deployment/ocis_keycloak.md
---
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/ocis_keycloak/)
for instructions on how to deploy this scenario.

136
deployments/examples/ocis_keycloak/docker-compose.yml Normal file
View File

@@ -0,0 +1,136 @@
---
version: "3.7"
services:
traefik:
image: "traefik:v2.3"
networks:
default:
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
- ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
command:
#- "--log.level=DEBUG"
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-'example@example.org'}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
- "--api.dashboard=true"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
restart: always
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
networks:
default:
environment:
# general config
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: error
# proxy config
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_OIDC_INSECURE: "${INSECURE:-false}"
PROXY_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}
PROXY_TLS: "false"
# phoenix config
PHOENIX_OIDC_AUTHORITY: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}
PHOENIX_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-ocis-phoenix}
PHOENIX_OIDC_METADATA_URL: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}/.well-known/openid-configuration
PHOENIX_WEB_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
# storage config
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
STORAGE_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
STORAGE_METADATA_ROOT: /opt/ocis-metadata
STORAGE_DRIVER_OCIS_ROOT: /opt/ocis-storage
# store config
STORE_DATA_PATH: /opt/ocis-store
# settings config
SETTINGS_DATA_PATH: /opt/ocis-settings
volumes:
- ocis-storage:/opt/ocis-storage
- ocis-metadata:/opt/ocis-metadata
- ocis-store:/opt/ocis-store
- ocis-settings:/opt/ocis-settings
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=http"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.ocis.middlewares=ocis-https-redirect"
- "traefik.http.routers.ocis-secure.entrypoints=https"
- "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis-secure.tls=true"
- "traefik.http.routers.ocis-secure.tls.certresolver=http"
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
restart: always
postgres:
image: postgres:alpine
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
restart: always
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: keycloak
KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin}
KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
PROXY_ADDRESS_FORWARDING: "true"
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.entrypoints=http"
- "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}`)"
- "traefik.http.middlewares.keycloak-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.keycloak.middlewares=keycloak-https-redirect"
- "traefik.http.routers.keycloak-secure.entrypoints=https"
- "traefik.http.routers.keycloak-secure.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}`)"
- "traefik.http.routers.keycloak-secure.tls=true"
- "traefik.http.routers.keycloak-secure.tls.certresolver=http"
- "traefik.http.routers.keycloak-secure.service=keycloak"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.services.keycloak.loadbalancer.server.scheme=http"
depends_on:
- postgres
restart: always
volumes:
certs:
ocis-storage:
ocis-metadata:
ocis-store:
ocis-settings:
keycloak_postgres_data:

4
deployments/examples/ocis_oc10_backend/.env
View File

@@ -1,4 +0,0 @@
COMPOSE_PROJECT_NAME=bridge
OCIS_DOMAIN=ocis.example.org
OC10_DOMAIN=oc10.example.org
INSECURE=false

2
deployments/examples/ocis_oc10_backend/README.md
View File

@@ -1,2 +0,0 @@
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/ocis_oc10_backend/)
for instructions on how to deploy this scenario.

186
deployments/examples/ocis_oc10_backend/docker-compose.yml
View File

@@ -1,186 +0,0 @@
version: '3.7'
volumes:
files:
driver: local
mysql:
driver: local
backup:
driver: local
redis:
driver: local
tmp:
driver: local
letsencrypt:
driver: local
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--serverstransport.insecureskipverify=true"
# Ocis certificate resolver
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.ocis.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme-ocis.json"
# OC10 certificate resolver
- "--certificatesresolvers.oc10.acme.tlschallenge=true"
- "--certificatesresolvers.oc10.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.oc10.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.oc10.acme.storage=/letsencrypt/acme-oc10.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
default:
aliases:
- ${OC10_DOMAIN}
- ${OCIS_DOMAIN}
owncloud:
build:
context: ./oc10
dockerfile: Dockerfile
expose:
- "8080"
depends_on:
- db
- redis
environment:
OCIS_DOMAIN: ${OCIS_DOMAIN}
PROXY_LOG_LEVEL: debug
OWNCLOUD_DOMAIN: ${OC10_DOMAIN}
OWNCLOUD_DB_TYPE: mysql
OWNCLOUD_DB_NAME: owncloud
OWNCLOUD_DB_USERNAME: owncloud
OWNCLOUD_DB_PASSWORD: owncloud
OWNCLOUD_DB_HOST: db
OWNCLOUD_ADMIN_USERNAME: admin
OWNCLOUD_ADMIN_PASSWORD: admin
OWNCLOUD_MYSQL_UTF8MB4: "true"
OWNCLOUD_REDIS_ENABLED: "true"
OWNCLOUD_REDIS_HOST: redis
OWNCLOUD_TRUSTED_PROXIES: ${OC10_DOMAIN}
OWNCLOUD_OVERWRITE_PROTOCOL: https
OWNCLOUD_OVERWRITE_HOST: ${OC10_DOMAIN}
OWNCLOUD_APPS_ENABLE: "openidconnect,oauth2,user_ldap,graphapi"
OWNCLOUD_LOG_LEVEL: 0
volumes:
- files:/mnt/data
- tmp:/tmp/shared
labels:
- "traefik.enable=true"
- "traefik.http.services.oc10.loadbalancer.server.port=8080"
- "traefik.docker.network=ocisnet"
- "traefik.protocol=https"
# ssl config
- "traefik.http.routers.oc10.rule=Host(`${OC10_DOMAIN}`)"
- "traefik.http.routers.oc10.entrypoints=websecure"
- "traefik.http.routers.oc10.tls.certresolver=oc10"
# http -> https forwarding
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.oc10-redirs.rule=Host(`${OC10_DOMAIN}`)"
- "traefik.http.routers.oc10-redirs.entrypoints=web"
- "traefik.http.routers.oc10-redirs.middlewares=redirect-to-https"
ocis:
build:
context: ./ocis
dockerfile: Dockerfile
args:
OCIS_DOMAIN: ${OCIS_DOMAIN}
OC10_DOMAIN: ${OC10_DOMAIN}
ports:
- 9200:9200
environment:
OCIS_LOG_LEVEL: debug
# proxy
PROXY_CONFIG_FILE: "/config/proxy-config.json"
PROXY_TLS: "false"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN}
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_OIDC_INSECURE: "${INSECURE}"
PROXY_ENABLE_PRESIGNEDURLS: "false"
# konnectd - binddn must exist as oc10 admin user
KONNECTD_ISS: https://${OCIS_DOMAIN}
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
KONNECTD_TLS: 0
KONNECTD_SIGNING_KID: super
KONNECTD_INSECURE: "${INSECURE}"
LDAP_URI: ldap://localhost:9125
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
LDAP_BINDPW: "admin"
LDAP_BASEDN: "dc=example,dc=org"
LDAP_SCOPE: sub
LDAP_LOGIN_ATTRIBUTE: uid
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_NAME_ATTRIBUTE: givenName
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: "(objectClass=posixaccount)"
# glauth
GLAUTH_BACKEND_DATASTORE: owncloud
GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN}/apps/graphapi/v1.0
GLAUTH_BACKEND_INSECURE: "${INSECURE}"
# graph
GRAPH_OIDC_ENDPOINT: https://${OC10_DOMAIN}/apps/graphapi/v1.0
# web ui
PHOENIX_WEB_CONFIG: "/config/web/config.json"
# storage - although not used, yet
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN}
STORAGE_OIDC_INSECURE: "${INSECURE}"
STORAGE_TRANSFER_EXPIRES: 86400
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN}
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN}/data
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN}
volumes:
- ./ocis/config/proxy-config.json:/etc/ocis/proxy.json
labels:
- "traefik.enable=true"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.docker.network=ocisnet"
- "traefik.protocol=https"
# ssl config
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis.entrypoints=websecure"
- "traefik.http.routers.ocis.tls.certresolver=ocis"
# http -> https forwarding
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.ocis-redirs.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis-redirs.entrypoints=web"
- "traefik.http.routers.ocis-redirs.middlewares=redirect-to-https"
db:
image: webhippie/mariadb:latest
restart: always
environment:
MARIADB_ROOT_PASSWORD: owncloud
MARIADB_USERNAME: owncloud
MARIADB_PASSWORD: owncloud
MARIADB_DATABASE: owncloud
MARIADB_MAX_ALLOWED_PACKET: 128M
MARIADB_INNODB_LOG_FILE_SIZE: 256M
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- mysql:/var/lib/mysql
- backup:/var/lib/backup
redis:
image: webhippie/redis:latest
environment:
- REDIS_DATABASES=1
volumes:
- redis:/var/lib/redis

3
deployments/examples/ocis_oc10_backend/oc10/Dockerfile
View File

@@ -1,3 +0,0 @@
FROM owncloud/server:10.6.0-beta1
ADD apps/graphapi-0.1.0.tar.gz /var/www/owncloud/apps/
COPY overlay /

BIN
deployments/examples/ocis_oc10_backend/oc10/apps/graphapi-0.1.0.tar.gz
View File

Binary file not shown.

11
deployments/examples/ocis_oc10_backend/ocis/Dockerfile
View File

@@ -1,11 +0,0 @@
FROM owncloud/ocis:latest
ARG OCIS_DOMAIN
ENV OCIS_DOMAIN $OCIS_DOMAIN
ARG OC10_DOMAIN
ENV OC10_DOMAIN $OC10_DOMAIN
ADD config /config
RUN sed -i "s/ocis.example.org/${OCIS_DOMAIN}/g" /config/web/config.json \
&& sed -i "s/ocis.example.org/${OCIS_DOMAIN}/g" /config/identifier-registration.yaml \
&& sed -i "s/oc10.example.org/${OC10_DOMAIN}/g" /config/identifier-registration.yaml \

122
deployments/examples/ocis_oc10_backend/ocis/config/identifier-registration.yaml
View File

@@ -1,122 +0,0 @@
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- https://ocis.example.org/
- https://ocis.example.org/oidc-callback.html
- https://ocis.example.org/oidc-silent-redirect.html
origins:
- https://ocis.example.org
- id: oc10
name: OC10
application_type: web
secret: super
insecure: yes
trusted: yes
redirect_uris:
- https://oc10.example.org/
- https://oc10.example.org/apps/openidconnect/redirect
origins:
- https://oc10.example.org
- id: ocis-explorer.js
name: OCIS Graph Explorer
trusted: yes
application_type: web
insecure: yes
- id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
application_type: native
insecure: true
- id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
application_type: native
redirect_uris:
- oc://android.owncloud.com
- id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
application_type: native
redirect_uris:
- oc://ios.owncloud.com
- oc.ios://ios.owncloud.com
# - id: playground-trusted.js
# name: Trusted OIDC Playground
# trusted: yes
# application_type: web
# redirect_uris:
# - https://my-host:8509/
# origins:
# - https://my-host:8509
# - id: playground-trusted.js
# name: Trusted Insecure OIDC Playground
# trusted: yes
# application_type: web
# insecure: yes
# - id: client-with-keys
# secret: super
# application_type: native
# redirect_uris:
# - http://localhost
# trusted_scopes:
# - konnect/guestok
# - kopano/kwm
# jwks:
# keys:
# - kty: EC
# use: sig
# kid: client-with-keys-key-1
# crv: P-256
# x: RTZpWoRbjwX1YavmSHVBj6Cy3Yzdkkp6QLvTGB22D0c
# y: jeavjwcX0xlDSchFcBMzXSU7wGs2VPpNxWCwmxFvmF0
# request_object_signing_alg: ES256
# - id: first
# secret: lala
# application_type: native
# redirect_uris:
# - my://app
# - id: second
# secret: lulu
# application_type: native
# redirect_uris:
# - http://localhost
# External authority registry.
authorities:
# - id: my-univention
# name: Univention
# client_id: kopano-konnect
# authority_type: oidc
# jwks:
# keys:
# - kty: EC
# use: sig
# kid: example-key-1
# crv: P-256
# x: RTZpWoRbjwX1YavmSHVBj6Cy3Yzdkkp6QLvTGB22D0c
# y: jeavjwcX0xlDSchFcBMzXSU7wGs2VPpNxWCwmxFvmF0
# default: yes
# authorization_endpoint: https://my-univention/signin/v1/identifier/_/authorize
# response_type: id_token
# scopes:
# - openid
# - profile
# identity_claim_name: preferred_username
# identity_aliases:
# external-user-a: local-user-a
# external-user-b: local-user-b
# identity_alias_required: true

18
deployments/examples/ocis_traefik/.env
View File

@@ -1 +1,17 @@
OCIS_DOMAIN=ocis.domain.com
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=

6
deployments/examples/ocis_traefik/README.md
View File

@@ -1,2 +1,6 @@
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/)
---
document this deployment example in docs/ocis/deployment/owncloud10_with_ocis_web.md
---
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/owncloud10_with_ocis_web/)
for instructions on how to deploy this scenario.

1
deployments/examples/ocis_traefik/config/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
identifier-registration.yaml

41
deployments/examples/ocis_traefik/config/identifier-registration.dist.yaml Normal file
View File

@@ -0,0 +1,41 @@
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- https://ocis.owncloud.test/
- https://ocis.owncloud.test/oidc-callback.html
- https://ocis.owncloud.test/oidc-silent-redirect.html
origins:
- https://ocis.owncloud.test
- id: ocis-explorer.js
name: oCIS Graph Explorer
trusted: yes
insecure: yes
- id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
name: ownCloud desktop app
application_type: native
insecure: true
- id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
name: ownCloud Android app
application_type: native
redirect_uris:
- oc://android.owncloud.com
- id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
name: ownCloud iOS app
application_type: native
redirect_uris:
- oc://ios.owncloud.com
- oc.ios://ios.owncloud.com

18
deployments/examples/ocis_traefik/config/identifier-registration.yml
View File

@@ -1,18 +0,0 @@
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com

150
deployments/examples/ocis_traefik/docker-compose.yml
View File

@@ -1,73 +1,105 @@
---
version: "3.7"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
image: "traefik:v2.3"
networks:
- ocisnet
default:
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--serverstransport.insecureskipverify=true"
# Ocis certificate resolver
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.ocis.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme-ocis.json"
#- "--log.level=DEBUG"
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-'example@example.org'}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
- "--api.dashboard=true"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
ocis:
container_name: ocis
image: owncloud/ocis:latest
ports:
- 9200:9200
hostname: ocis
networks:
- ocisnet
volumes:
- ./config:/etc/ocis
environment:
OCIS_DOMAIN: ${OCIS_DOMAIN}
PROXY_TLS: "false"
PROXY_HTTP_ADDR: 0.0.0.0:9200
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN}
PROXY_OIDC_INSECURE: "true"
KONNECTD_ISS: https://${OCIS_DOMAIN}
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/etc/ocis/identifier-registration.yml"
KONNECTD_TLS: 1
GRAPH_OIDC_ENDPOINT: https://${OCIS_DOMAIN}
PHOENIX_OIDC_AUTHORITY: https://${OCIS_DOMAIN}
PHOENIX_OIDC_METADATA_URL: https://${OCIS_DOMAIN}/.well-known/openid-configuration
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN}
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN}
STORAGE_TRANSFER_EXPIRES: 86400
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN}
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN}/data
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN}
- "certs:/certs"
labels:
- "traefik.enable=true"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.docker.network=ocisnet"
- "traefik.protocol=https"
# ssl config
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis.entrypoints=websecure"
- "traefik.http.routers.ocis.tls.certresolver=ocis"
# http -> https forwarding
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.ocis-redirs.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis-redirs.entrypoints=web"
- "traefik.http.routers.ocis-redirs.middlewares=redirect-to-https"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
restart: always
networks:
ocisnet:
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
entrypoint:
- /bin/sh
- -c
- | # as long as https://github.com/owncloud/product/issues/15 is open we need this step to template konnectd config
cp /config/identifier-registration.dist.yaml /config/identifier-registration.yaml
sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/identifier-registration.yaml
ocis server
networks:
default:
environment:
# general config
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: error
# proxy config
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_OIDC_INSECURE: "${INSECURE:-false}"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
PROXY_TLS: "false"
# phoenix config
PHOENIX_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test}
PHOENIX_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/.well-known/openid-configuration
PHOENIX_WEB_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
# storage config
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
STORAGE_METADATA_ROOT: /opt/ocis-metadata
STORAGE_DRIVER_OCIS_ROOT: /opt/ocis-storage
# store config
STORE_DATA_PATH: /opt/ocis-store
# settings config
SETTINGS_DATA_PATH: /opt/ocis-settings
# idp config
KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
KONNECTD_TLS: 'false'
volumes:
- ./config:/config
- ocis-storage:/opt/ocis-storage
- ocis-metadata:/opt/ocis-metadata
- ocis-store:/opt/ocis-store
- ocis-settings:/opt/ocis-settings
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=http"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.ocis.middlewares=ocis-https-redirect"
- "traefik.http.routers.ocis-secure.entrypoints=https"
- "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis-secure.tls=true"
- "traefik.http.routers.ocis-secure.tls.certresolver=http"
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
restart: always
volumes:
certs:
ocis-storage:
ocis-metadata:
ocis-store:
ocis-settings:

21
deployments/examples/owncloud10_with_oc_web/.env Normal file
View File

@@ -0,0 +1,21 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
### oC10 ###
# Domain of ownCloud 10, where you can find the frontend. Defaults to "oc10.owncloud.test"
#OC10_DOMAIN=

6
deployments/examples/owncloud10_with_oc_web/README.md Normal file
View File

@@ -0,0 +1,6 @@
---
document this deployment example in docs/ocis/deployment/ocis_oc10_backend.md
---
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/owncloud10_with_oc_web/)
for instructions on how to deploy this scenario.

8
deployments/examples/ocis_oc10_backend/oc10/overlay/etc/templates/config.php → deployments/examples/owncloud10_with_oc_web/config/oc10/config.php
View File

@@ -32,7 +32,7 @@ function getConfigFromEnv() {
0 => $domain
],
'openid-connect' => [
'provider-url' => 'https://' . getenv('OCIS_DOMAIN'),
'provider-url' => getenv('OCIS_DOMAIN'),
'client-id' => 'oc10',
'client-secret' => 'super',
'loginButtonName' => 'OpenId Connect',
@@ -40,7 +40,7 @@ function getConfigFromEnv() {
'mode' => 'userid',
'autoRedirectOnLoginPage' => true,
'insecure' => true,
'post_logout_redirect_uri' => 'https://' . getenv('OWNCLOUD_DOMAIN') . '/',
'post_logout_redirect_uri' => getenv('OWNCLOUD_DOMAIN') . '/',
],
'datadirectory' => getenv('OWNCLOUD_VOLUME_FILES'),
'dbtype' => getenv('OWNCLOUD_DB_TYPE'),
@@ -50,8 +50,8 @@ function getConfigFromEnv() {
'dbpassword' => getenv('OWNCLOUD_DB_PASSWORD'),
'dbtableprefix' => getenv('OWNCLOUD_DB_PREFIX'),
'phoenix.baseUrl' => 'https://'. getenv('OCIS_DOMAIN'),
'cors.allowed-domains' => ['https://'. getenv('OCIS_DOMAIN')],
'phoenix.baseUrl' => getenv('OCIS_DOMAIN'),
'cors.allowed-domains' => [getenv('OCIS_DOMAIN')],
'log_type' => 'owncloud',

3
deployments/examples/owncloud10_with_oc_web/config/ocis/.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
config.json
identifier-registration.yaml
proxy-config.json

17
deployments/examples/ocis_oc10_backend/ocis/config/web/config.json → deployments/examples/owncloud10_with_oc_web/config/ocis/config.dist.json
View File

@@ -1,10 +1,10 @@
{
"server": "https://ocis.example.org",
"server": "https://ocis.owncloud.test",
"theme": "owncloud",
"version": "0.1.0",
"openIdConnect": {
"metadata_url": "https://ocis.example.org/.well-known/openid-configuration",
"authority": "https://ocis.example.org",
"metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration",
"authority": "https://ocis.owncloud.test",
"client_id": "phoenix",
"response_type": "code",
"scope": "openid profile email"
@@ -16,7 +16,7 @@
"de": "Klassisches ownCloud"
},
"icon": "switch_ui",
"url": "https://oc10.example.org",
"url": "https://oc10.owncloud.test",
"target": "_self"
},
{
@@ -25,15 +25,10 @@
"de": "Einstellungen"
},
"icon": "application",
"url": "https://oc10.example.org/index.php/settings/personal",
"url": "https://oc10.owncloud.test/index.php/settings/personal",
"target": "_self",
"menu": "user"
}
],
"apps": [
"files",
"draw-io",
"markdown-editor",
"media-viewer"
]
"apps": ["files", "draw-io", "markdown-editor", "media-viewer"]
}

50
deployments/examples/owncloud10_with_oc_web/config/ocis/identifier-registration.dist.yaml Normal file
View File

@@ -0,0 +1,50 @@
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- https://ocis.owncloud.test/
- https://ocis.owncloud.test/oidc-callback.html
- https://ocis.owncloud.test/oidc-silent-redirect.html
origins:
- https://ocis.owncloud.test
- id: oc10
name: OC10
application_type: web
secret: super
insecure: yes
trusted: yes
redirect_uris:
- https://oc10.owncloud.test/
- https://oc10.owncloud.test/apps/openidconnect/redirect
origins:
- https://oc10.owncloud.test
- id: ocis-explorer.js
name: OCIS Graph Explorer
trusted: yes
application_type: web
insecure: yes
- id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
application_type: native
insecure: true
- id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
application_type: native
redirect_uris:
- oc://android.owncloud.com
- id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
application_type: native
redirect_uris:
- oc://ios.owncloud.com
- oc.ios://ios.owncloud.com

20
deployments/examples/ocis_oc10_backend/ocis/config/proxy-config.json → deployments/examples/owncloud10_with_oc_web/config/ocis/proxy-config.dist.json
View File

@@ -1,15 +1,15 @@
{
"HTTP": {
"Namespace": "works.owncloud"
"Namespace": "ocis_oc10_backend"
},
"policy_selector": {
"static": {
"policy": "oc10"
"policy": "ocis_oc10_backend"
}
},
"policies": [
{
"name": "oc10",
"name": "ocis_oc10_backend",
"routes": [
{
"endpoint": "/",
@@ -29,31 +29,33 @@
},
{
"endpoint": "/ocs/",
"backend": "http://owncloud:8080",
"backend": "https://oc10.owncloud.test",
"apache-vhost": true
},
{
"endpoint": "/remote.php/",
"backend": "http://owncloud:8080",
"backend": "https://oc10.owncloud.test",
"apache-vhost": true
},
{
"endpoint": "/dav/",
"backend": "http://owncloud:8080",
"backend": "https://oc10.owncloud.test",
"apache-vhost": true
},
{
"endpoint": "/webdav/",
"backend": "http://owncloud:8080",
"backend": "https://oc10.owncloud.test",
"apache-vhost": true
},
{
"endpoint": "/status.php",
"backend": "http://owncloud:8080"
"backend": "https://oc10.owncloud.test",
"apache-vhost": true
},
{
"endpoint": "/index.php/",
"backend": "http://owncloud:8080"
"backend": "https://oc10.owncloud.test",
"apache-vhost": true
}
]
}

220
deployments/examples/owncloud10_with_oc_web/docker-compose.yml Normal file
View File

@@ -0,0 +1,220 @@
---
version: "3.7"
services:
traefik:
image: "traefik:v2.3"
networks:
default:
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
- ${OC10_DOMAIN:-oc10.owncloud.test}
command:
#- "--log.level=DEBUG"
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-'example@example.org'}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
- "--api.dashboard=true"
- "--entryPoints.http.address=:80"
- "--entryPoints.https.address=:443"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
restart: always
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
entrypoint:
- /bin/sh
- -c
- |
cp /config/identifier-registration.dist.yaml /config/identifier-registration.yaml
sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/identifier-registration.yaml
sed -i 's/oc10.owncloud.test/${OC10_DOMAIN:-oc10.owncloud.test}/g' /config/identifier-registration.yaml
cp /config/config.dist.json /config/config.json
sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/config.json
sed -i 's/oc10.owncloud.test/${OC10_DOMAIN:-oc10.owncloud.test}/g' /config/config.json
cp /config/proxy-config.dist.json /config/proxy-config.json
sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/proxy-config.json
sed -i 's/oc10.owncloud.test/${OC10_DOMAIN:-oc10.owncloud.test}/g' /config/proxy-config.json
ocis server
networks:
default:
environment:
# general config
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: error
# proxy
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_INSECURE_BACKENDS: "${INSECURE:-false}"
PROXY_OIDC_INSECURE: "${INSECURE:-false}"
PROXY_CONFIG_FILE: "/config/proxy-config.json"
PROXY_ENABLE_PRESIGNEDURLS: "false"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
PROXY_TLS: "false"
# konnectd - binddn must exist as oc10 admin user
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
KONNECTD_INSECURE: "${INSECURE:-false}"
KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
KONNECTD_SIGNING_KID: super
KONNECTD_TLS: 0
LDAP_BASEDN: "dc=example,dc=org"
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
LDAP_BINDPW: "admin"
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_FILTER: "(objectClass=posixaccount)"
LDAP_LOGIN_ATTRIBUTE: uid
LDAP_NAME_ATTRIBUTE: givenName
LDAP_SCOPE: sub
LDAP_URI: ldap://localhost:9125
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_UUID_ATTRIBUTE: uid
# glauth
GLAUTH_BACKEND_DATASTORE: owncloud
GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN:-oc10.owncloud.test}/apps/graphapi/v1.0
GLAUTH_BACKEND_INSECURE: "${INSECURE:-false}"
# graph
GRAPH_OIDC_ENDPOINT: https://${OC10_DOMAIN:-oc10.owncloud.test}/apps/graphapi/v1.0
# web ui
PHOENIX_WEB_CONFIG: "/config/config.json"
# storage - although not used, yet
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
STORAGE_TRANSFER_EXPIRES: 86400
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
STORAGE_METADATA_ROOT: /opt/ocis-metadata
STORAGE_DRIVER_OCIS_ROOT: /opt/ocis-storage
# store config
STORE_DATA_PATH: /opt/ocis-store
# settings config
SETTINGS_DATA_PATH: /opt/ocis-settings
volumes:
- ./config/ocis:/config
- ocis-storage:/opt/ocis-storage
- ocis-metadata:/opt/ocis-metadata
- ocis-store:/opt/ocis-store
- ocis-settings:/opt/ocis-settings
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=http"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.ocis.middlewares=ocis-https-redirect"
- "traefik.http.routers.ocis-secure.entrypoints=https"
- "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis-secure.tls=true"
- "traefik.http.routers.ocis-secure.tls.certresolver=http"
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
restart: always
oc10:
image: owncloud/server:10.6.0-rc1
depends_on:
- db
- redis
environment:
PROXY_LOG_LEVEL: debug
OCIS_DOMAIN: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OWNCLOUD_DOMAIN: ${OC10_DOMAIN:-oc10.owncloud.test}
OWNCLOUD_DB_TYPE: mysql
OWNCLOUD_DB_NAME: owncloud
OWNCLOUD_DB_USERNAME: owncloud
OWNCLOUD_DB_PASSWORD: owncloud
OWNCLOUD_DB_HOST: db
OWNCLOUD_ADMIN_USERNAME: admin
OWNCLOUD_ADMIN_PASSWORD: admin
OWNCLOUD_MYSQL_UTF8MB4: "true"
OWNCLOUD_REDIS_ENABLED: "true"
OWNCLOUD_REDIS_HOST: redis
OWNCLOUD_TRUSTED_PROXIES: ${OC10_DOMAIN:-oc10.owncloud.test}
OWNCLOUD_OVERWRITE_PROTOCOL: https
OWNCLOUD_OVERWRITE_HOST: ${OC10_DOMAIN:-oc10.owncloud.test}
OWNCLOUD_APPS_ENABLE: "openidconnect,oauth2,user_ldap,graphapi"
OWNCLOUD_LOG_LEVEL: 0
volumes:
- ./config/oc10/config.php:/etc/templates/config.php
- files:/mnt/data
- tmp:/tmp/shared
labels:
- "traefik.enable=true"
- "traefik.http.routers.oc10.entrypoints=http"
- "traefik.http.routers.oc10.rule=Host(`${OC10_DOMAIN:-oc10.owncloud.test}`)"
- "traefik.http.middlewares.oc10-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.oc10.middlewares=oc10-https-redirect"
- "traefik.http.routers.oc10-secure.entrypoints=https"
- "traefik.http.routers.oc10-secure.rule=Host(`${OC10_DOMAIN:-oc10.owncloud.test}`)"
- "traefik.http.routers.oc10-secure.tls=true"
- "traefik.http.routers.oc10-secure.tls.certresolver=http"
- "traefik.http.routers.oc10-secure.service=oc10"
- "traefik.http.services.oc10.loadbalancer.server.port=8080"
restart: always
db:
image: webhippie/mariadb:latest
environment:
MARIADB_ROOT_PASSWORD: owncloud
MARIADB_USERNAME: owncloud
MARIADB_PASSWORD: owncloud
MARIADB_DATABASE: owncloud
MARIADB_MAX_ALLOWED_PACKET: 128M
MARIADB_INNODB_LOG_FILE_SIZE: 256M
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- mysql:/var/lib/mysql
- backup:/var/lib/backup
restart: always
redis:
image: webhippie/redis:latest
environment:
- REDIS_DATABASES=1
volumes:
- redis:/var/lib/redis
restart: always
volumes:
certs:
ocis-storage:
ocis-metadata:
ocis-store:
ocis-settings:
files:
driver: local
mysql:
driver: local
backup:
driver: local
redis:
driver: local
tmp:
driver: local

4
docs/extensions/ocis-phoenix/_index.md
View File

@@ -1,5 +1,5 @@
---
title: "oCIS Web"
title: "ownCloud Web"
date: 2018-05-02T00:00:00+00:00
weight: 20
geekdocRepo: https://github.com/owncloud/ocis
@@ -7,6 +7,6 @@ geekdocEditPath: edit/master/docs/extensions/ocis-phoenix
geekdocFilePath: _index.md
---
Note: Work in progress to rename Phoenix to oCIS Web.
Note: Work in progress to rename Phoenix to ownCloud Web.
This service embeds [Phoenix](https://github.com/owncloud/phoenix) to provide a UI for ownCloud Infinite Scale.

9
docs/ocis/deployment/_index.md
View File

@@ -10,19 +10,18 @@ geekdocFilePath: _index.md
{{< toc >}}
## Deployments scenarios and examples
This section handles deployments and operations for admins. If want to just try oCIS you may also follow [Getting started]({{< ref "../getting-started.md" >}}).
This section handles deployments and operations for admins and people who are interested in how versatile oCIS is. If you want to just try oCIS you may also follow [Getting started]({{< ref "../getting-started.md" >}}).
### Setup oCIS on your server
oCIS deployments are super simple, yet there are many configurations possible for advanced setups.
- [Basic oCIS setup]({{< ref "basic-remote-setup.md" >}}) - configure domain, certificates and port
- [oCIS setup with Traefik for ssl termination]({{< ref "ocis_traefik.md" >}})
- [oCIS setup with external OIDC IDP]({{< ref "ocis_external_idp.md" >}})
- [oCIS setup with Traefik for SSL termination]({{< ref "ocis_traefik.md" >}})
- [oCIS setup with Keycloak as identity provider]({{< ref "ocis_keycloak.md" >}})
### Migrate an existing ownCloud 10
You can run ownCloud 10 and oCIS together. This allows you to use new parts of oCIS already with ownCloud 10 and also to have a smooth transition for users from ownCloud 10 to oCIS.
- ownCloud 10 with oCIS IDP
- Switch on the new front end "oCIS web" with ownCloud 10
- [ownCloud 10 setup with oCIS serving ownCloud Web and acting as OIDC provider]({{< ref "owncloud10_with_oc_web.md" >}}) - This allows you to switch between the traditional ownCloud 10 frontend and the new ownCloud Web frontend
- Run ownCloud 10 and oCIS in parallel - together
- Migrate users from ownCloud 10 to oCIS

4
docs/ocis/deployment/basic-remote-setup.md
View File

@@ -54,7 +54,7 @@ In this example we do not change the default port (`9200`). But this could be ch
### Start the ocis fullstack server
You need to configure `your-host` in some services to provide the needed public resources. When using the owncloud storage driver (which is the default) oCIS currently needs a running Redis Server reachable locally on the machine at the default port (`localhost:6379`). You can change this using the following option `STORAGE_DRIVER_OWNCLOUD_REDIS_ADDR=some-host:6379`.
You need to configure `your-host` in some services to provide the needed public resources.
```bash
PROXY_HTTP_ADDR=0.0.0.0:9200 \
@@ -98,7 +98,5 @@ OCIS_HTTP_PORT=9200
OCIS_DOCKER_TAG=latest
EOF
docker-compose -f ocis.yml -f ../cache/redis-ocis.yml up -d
curl -k https://192.168.103.195:9200/status.php
```

172
docs/ocis/deployment/ocis_external_idp.md
View File

@@ -1,172 +0,0 @@
---
title: "oCIS with external IDP"
date: 2020-10-12T14:39:00+01:00
weight: 26
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis/deployment
geekdocFilePath: ocis_external_idp.md
---
{{< toc >}}
This scenario shows how to setup oCIS and konnectd as external IDP (identity provider). Both have separate domains and will be configured to work together.
## Overview
* Server 1: oCIS running behind traefik as reverse proxy
* Server 2: IDP running behind traefik as reverse proxy
* Valid ssl certificates for the domains for ssl termination
[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_external_konnectd)
## Server Deployment
### Requirements
* 2 Linux servers, each with docker and docker-compose installed
* Two domains set up and pointing to the target server
See also [example server setup]({{< ref "preparing_server.md" >}})
### Install oCIS server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example sub folder for ocisnode to /opt
`cp deployment/examples/ocis_external_konnectd/ocisnode /opt/`
* Overwrite OCIS_DOMAIN and IDP_DOMAIN in .env with your-ocis.domain.com and your-idp.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocisnode/.env`
`sed -i 's/idp.domain.com/your-idp.domain.com/g' /opt/ocisnode/.env`
* Change into deployment folder
`cd /opt/ocisnode`
* Start application stack
`docker-compose up -d`
### Install IDP server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example sub folder for idpnode to /opt
`cp deployment/examples/ocis_external_konnectd/idpnode /opt/`
* Overwrite OCIS_DOMAIN and IDP_DOMAIN in .env with your-ocis.domain.com and your-idp.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/idpnode/.env`
`sed -i 's/idp.domain.com/your-idp.domain.com/g' /opt/idpnode/.env`
* Overwrite redirect uri with your-ocis.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/idpnode/config/identifier-registration.yml`
* Change into deployment folder
`cd /opt/idpnode`
* Start application stack
`docker-compose up -d`
### Configuration
#### Repository structure
```bash
ocis_external_konnectd # rootfolder
└───ocisnode
│ │ docker-compose.yml
│ │ .env
└───idpnode
│ docker-compose.yml
│ .env
└───config
│ identifier-registration.yml
```
Both subfolders contain the dockr-compose files including additionaly conf files if required. The content of both folders has to be deployed on each node.
#### Traefik
Traefik is set up similar to the traefik example on both nodes.
The certificate resolvers are named similar to their services and behave exactly like in the other examples.
#### Konnectd
Konnectd as Openid provider needs the redirect url's to point to ocis.
```yaml
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com
```
Behind traefik, http is used to communicate between the services. Setting KONNECTD_TLS enforces it.
```yaml
KONNECTD_TLS: '0'
```
In order to resolve users from glauth service on ocis node, Konnectd needs ldap settings to work properly.
```yaml
LDAP_URI: ldap://${OCIS_DOMAIN}:9125
LDAP_BINDDN: cn=konnectd,ou=sysusers,dc=example,dc=org
LDAP_BINDPW: konnectd
LDAP_BASEDN: ou=users,dc=example,dc=org
LDAP_SCOPE: sub
LDAP_LOGIN_ATTRIBUTE: cn
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_NAME_ATTRIBUTE=: n
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: (objectClass=posixaccount)
```
#### ocis
On the ocis node, the setting is following a standard scenario, except, that port 9125 needs to be exposed for the idp node to resolve ldap querries from Konnectd.
```yaml
ocis:
...
ports:
- 9200:9200
- 9125:9125
...
```
## Local setup
For simple local ocis setup see [Getting started]({{< ref "../getting-started.md" >}})
Local setup coming soon

137
docs/ocis/deployment/ocis_keycloak.md Normal file
View File

@@ -0,0 +1,137 @@
---
title: "oCIS with Keycloak"
date: 2020-10-12T14:04:00+01:00
weight: 24
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis/deployment
geekdocFilePath: ocis_keycloak.md
---
{{< toc >}}
## Overview
* oCIS and Keycloak running behind Traefik as reverse proxy
* Keycloak acting as the IDP for oCIS
* Traefik generating self signed certificates for local setup or obtaining valid SSL certificates for a server setup
[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_keycloak)
The docker stack consists 4 containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network.
Keykloak add two containers: Keycloak itself and a PostgreSQL as database. Keycloak will be configured as oCIS' IDP instead of the internal IDP [Konnectd]({{< ref "../../extensions/konnectd/_index.md" >}})
The other container is oCIS itself running all extensions in one container. In this example oCIS uses [oCIS storage driver]({{< ref "../../extensions/storage/storages.md#storage-drivers" >}})
## Server Deployment
### Requirements
* Linux server with docker and docker-compose installed
* Three domains set up and pointing to your server
- ocis.* for serving oCIS
- keycloak.* for serving Keycloak
- traefik.* for serving the Traefik dashboard
See also [example server setup]({{< ref "preparing_server.md" >}})
### Install oCIS and Traefik
* Clone oCIS repository
`git clone https://github.com/owncloud/ocis.git`
* Go to the deployment example
`cd ocis/deployment/examples/ocis_keycloak`
* Open the `.env` file in a text editor
The file by default looks like this:
```bash
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# ownCloud Web openid connect client id. Defaults to "ocis-phoenix"
OCIS_OIDC_CLIENT_ID=
### Keycloak ###
# Domain of Keycloak, where you can find the managment and authentication frontend. Defaults to "keycloak.owncloud.test"
KEYCLOAK_DOMAIN=
# Realm which to be used with oCIS. Defaults to "master"
KEYCLOAK_REALM=
# Admin user login name. Defaults to "admin"
KEYCLOAK_ADMIN_USER=
# Admin user login password. Defaults to "admin"
KEYCLOAK_ADMIN_PASSWORD=
```
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`.
Set your domain for the Traefik dasboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
The Traefik dasboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool).
Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`.
By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated).
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`.
If you want to change the OIDC client id of th ownCloud Web frontend, you can do this by setting the name to `OCIS_OIDC_CLIENT_ID=`.
Set your domain for the Keycloak adminstration panel and authentication endpoints to `KEYCLOAK_DOMAIN=` eg. `KEYCLOAK_DOMAIN=keycloak.owncloud.test`.
Changing the used Keycloak realm can be done by setting `KEYCLOAK_REALM=`. This defaults to the master realm `KEYCLOAK_REALM=master`.
You probably should secure your Keycloak admin account by setting `KEYCLOAK_ADMIN_USER=` and `KEYCLOAK_ADMIN_PASSWORD=` to values other than `admin`.
Now you have configured everything and can save the file.
* Start the docker stack
`docker-compose up -d`
* Visit the Keycloak administration console on your configured domain. Go to clients settings and add a client. The client id is `ocis-phoenix` or the one you changed it to. The client protocol is openid-connect. The root url for the client is the url you selected for oCIS. Then save the client.
* You may also add users to Keycloak
* You now can visit oCIS and Traefik dashboard on your configured domains
## Local setup
For a more simple local ocis setup see [Getting started]({{< ref "../getting-started.md" >}})
This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer.
On Linux and macOS you can add them to your `/etc/hosts` files like this:
```
127.0.0.1 ocis.owncloud.test
127.0.0.1 traefik.owncloud.test
127.0.0.1 keycloak.owncloud.test
```
After that you're ready to start the application stack:
`docker-compose up -d`
Open https://keycloak.owncloud.test in your browser and accept the invalid certificate warning.
Go to clients settings and add a client. The client id is `ocis-phoenix` or the one you changed it to. The client protocol is openid-connect. THe root url for the client is `https://ocis.owncloud.test`. Then save the client.
* You may also add users to Keycloak
Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the admin user of keycloak and additional users you created.

356
docs/ocis/deployment/ocis_oc10_backend.md
View File

@@ -1,356 +0,0 @@
---
title: "ownCloud Web with ownCloud 10"
date: 2020-10-12T14:04:00+01:00
weight: 25
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis/deployment
geekdocFilePath: ocis_frontend_oc10_backend.md
---
{{< toc >}}
This deployment scenario shows how to use ownCloud Web as frontend for an existing ownCloud 10 production installation. It enables
ownCloud 10 users to log in and work with their files using the new ownCloud Web. While the scenario includes
an ownCloud 10 instance, it only exists to show the necessary configuration for your already existing ownCloud 10
installation.
## Overview
* oCIS setup serving ownCloud Web
* ownCloud 10 setup connected to oCIS
* DNS is resolving one domain for ocis and one for oc10
* Valid ssl certificates for the domains for ssl termination
[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_external_konnectd)
## Server Deployment
### Requirements
* Linux server(s) with docker and docker-compose installed
* Two domains set up and pointing to your server(s)
See also [example server setup]({{< ref "preparing_server.md" >}})
### Setup on server
The application stack is separated in docker containers. One is a traefik proxy which is terminating ssl and forwards the https requests to the internal docker network. Additionally, traefik is creating two certificates that are stored in the file `letsencrypt/acme.json` of the users home directory. In a local setup, this traefik is not included.
The next container is the ocis server which is exposing the webservice on port 9200 to traefik and provides the oidc provider `konnectd` to owncloud.
oc10 is running as a three container setup out of owncloud-server, a db container and a redis container as memcache storage.
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example folder to /opt
`cp -r deployments/examples/ocis_oc10_backend /opt/`
* Change into deployment folder
`cd /opt/ocis_oc10_backend`
* Overwrite OCIS_DOMAIN and OC10_DOMAIN in .env with your-ocis.example.org and your-oc10.example.org
`sed -i 's/ocis.example.org/your-ocis.example.org/g' /opt/ocis_oc10_backend/.env`
`sed -i 's/oc10.example.org/your-oc10.example.org/g' /opt/ocis_oc10_backend/.env`
* Start application stack
`docker-compose up -d`
The domains from your `.env` will be used for building the configuration files during the docker start.
### Config
#### Repository structure
```bash
ocis_oc10_backend # rootfolder
│ .env
│ docker-compose.yml
└───ocis #ocis related config files
│ └───config
│ │ └───web
│ │ │ └───config.json
│ │ │ identifier-registration.yaml
│ │ │ proxy-config.json
│ └───Dockerfile
└───oc10 #owncloud 10 related files
└───apps
│ └───graphapi-0.1.0.tar.gz
└───overlay
│ └───etc
│ └───templates
│ └───config.php
└───Dockerfile
```
#### Traefik
In this deployment scenario, traefik requests letsencrypt to issue 2 ssl certificates, so two certificate resolvers are needed. These are named according to the services, ocis for the ocis container and oc10 for the oc10 container.
```yaml
...
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
...
# Ocis certificate resolver
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.ocis.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme-ocis.json"
# OC10 certificate resolver
- "--certificatesresolvers.oc10.acme.tlschallenge=true"
- "--certificatesresolvers.oc10.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.oc10.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.oc10.acme.storage=/letsencrypt/acme-oc10.json"
...
```
Both containers' traefik labels have to match the correct resolvers and domains
```yaml
ocis:
...
labels:
...
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
...
```
```yaml
oc10:
...
labels:
...
- "traefik.http.routers.oc10.rule=Host(`${OC10_DOMAIN}`)"
...
```
A folder for letsencypt to store the certificate needs to be created
`$ mkdir ~/letsencrypt`
This folder is bound to the docker container and the certificate is persisted into it.
#### ocis
We will make use of some services from the ocis server package:
- `konnectd` for OpenID Connect (oidc). Your ownCloud 10 will need to switch the login method to oidc (see oc10 section), but user credentials remain the same.
- `proxy` a reverse proxy which decides where to route your requests to.
- `ocis-phoenix` serves the new ownCloud Web frontend.
- `accounts` learns your oc10 users and groups and will allow us to handle migration on a per-user basis later on.
Three config file templates are provided for ocis. All of them contain placeholder URLs which are replaced with
the URLs from your `.env` file during the docker build step. This section describes the configuration in detail, so
that you can make changes for your environment if necessary.
```bash
└───ocis #ocis related config files
│ └───web
│ │ └───config.json
│ │ identifier-registration.yaml
│ │ proxy-config.json
```
##### web/config.json
This is the configuration file for the new ownCloud Web frontend. The *server* domain needs to point to your ocis container,
since the `proxy` will take care of routing all requests - including oc10 backend requests - to the correct endpoints.
The *openIdConnect* block contains information required for ownCloud Web for retrieving users from your Identity Provider (IdP, in this case konnectd).
With the *applications* block you can define URLs which appear in either the `application switcher` or the `user menu` in ownCloud Web. For this deployment
we preconfigured it with a link to the classic web frontend, if users need access to applications which have not been ported to the new ownCloud Web frontend, yet.
The *apps* block contains the list of built in ownCloud Web extensions that are supposed to be enabled. Please note that the *files* extension is required at all times.
More options for ownCloud Web config can be found in the [developer documentation](https://owncloud.github.io/clients/web/).
```json
{
"server": "https://ocis.example.org",
"theme": "owncloud",
"version": "0.1.0",
"openIdConnect": {
"metadata_url": "https://ocis.example.org/.well-known/openid-configuration",
"authority": "https://ocis.example.org",
"client_id": "phoenix",
"response_type": "code",
"scope": "openid profile email"
},
"applications": [
{
"title": {
"en": "Classic Design",
"de": "Klassisches ownCloud"
},
"icon": "switch_ui",
"url": "https://ocis.example.org",
"target": "_self"
},
{
"title": {
"en": "Settings",
"de": "Einstellungen"
},
"icon": "application",
"url": "https://ocis.example.org/index.php/settings/personal",
"target": "_self",
"menu": "user"
}
],
"apps": [
"files",
"draw-io",
"markdown-editor",
"media-viewer"
]
}
```
##### identifier-registration.yaml
The `identifier registration` configuration registers clients for oidc, namely phoenix (which is ownCloud Web) and
ownCloud 10. There is also dynamic client registration available if needed.
```yaml
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.example.org/
- https://ocis.example.org/
- http://ocis.example.org/oidc-callback.html
- https://ocis.example.org/oidc-callback.html
- http://ocis.example.org/oidc-silent-redirect.html
- https://ocis.example.org/oidc-silent-redirect.html
origins:
- http://ocis.example.org
- https://ocis.example.org
- id: oc10
name: OC10
application_type: web
secret: super
insecure: yes
trusted: yes
redirect_uris:
- http://oc10.example.org/apps/openidconnect/redirect
- https://oc10.example.org/apps/openidconnect/redirect
origins:
- http://oc10.example.org
- https://oc10.example.org
```
##### proxy-config.json
With the `proxy config` you can configure endpoints of internal services for the ocis reverse proxy. Since we only have
one backend without any migration so far, we can use a static proxy policy selector.
```yaml
{
"HTTP": {
"Namespace": "works.owncloud"
},
"policy_selector": {
"static": {
"policy": "oc10"
}
},
"policies": [
{
"name": "oc10",
"routes": [
{
"endpoint": "/",
"backend": "http://localhost:9100"
},
{
....
```
##### Environment variables in docker-compose.yaml
There are some environment variables needed for the used ocis services. The most important part is that oidc connects
to the user backend of ownCloud 10. This is achieved by exposing the user backend with the `graph` api plugin
in ownCloud 10 and connecting to it with `glauth` in ocis.
Glauth needs to be configured to utilize oc10 as primary user backend:
```yaml
GLAUTH_BACKEND_DATASTORE: owncloud
GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN}/apps/graphapi/v1.0
```
To allow konnectd to connect to glauth, ldap needs to be configured:
```yaml
# Konnectd ldap setup
LDAP_URI: ldap://localhost:9125
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
LDAP_BINDPW: "admin"
LDAP_BASEDN: "dc=example,dc=org"
LDAP_SCOPE: sub
LDAP_LOGIN_ATTRIBUTE: uid
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_NAME_ATTRIBUTE: givenName
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: "(objectClass=posixaccount)"
```
#### oc10
OwnCloud 10 needs the graph api extensions to work in this setup. This extension is needed for Glauth to get oc10 users. It's necessary to add an image build step which extends owncloud/server:latest docker image with the app. The app is provided as tarball in the folder oc10/apps.
```bash
└───oc10
│ │ Dockerfile
│ │
│ └───apps
│ │ │ graphapi-0.1.0.tar.gz
```
The docker file is pretty simple
```Dockerfile
# Take the latest owncloud/server image as base
FROM owncloud/server:latest
# Add the provided tarballs into oc10's apps folder
ADD apps/graphapi-0.1.0.tar.gz /var/www/owncloud/apps/
```
The build is triggered by the terminal command `docker-compose build` from the root folder.
Constraints: In this setup it's mandatory that the user has an email address set and is assigned to at least one group in oc10.
Especially the default admin user doesn't have an email assigned. If your admin user doesn't have an email address, yet, please
set one: `docker-compose exec owncloud occ user:modify admin email "admin@example.org"`
## Local setup
For simple local ocis setup see [Getting started]({{< ref "../getting-started.md" >}})
If you want to start the bridge setup on your local development machine, there are a few steps necessary:
### Domains
Instead of replacing the domains in the config files you can add `ocis.example.org` and `oc10.example.org` as localhost
aliases to your `/etc/hosts` file:
```
127.0.0.1 oc10.example.org
127.0.0.1 ocis.example.org
```
### Disable certificate checks
The `docker-compose.yml` file contains some `*INSECURE` environment variables for enabling or disabling certificate checks.
To disable certificate checks, set `INSECURE=true` in your `.env` file.

140
docs/ocis/deployment/ocis_traefik.md
View File

@@ -11,118 +11,92 @@ geekdocFilePath: ocis_traefik.md
## Overview
* oCIS running behind traefik as reverse proxy
* Valid ssl certificates for the domains for ssl termination
* oCIS running behind Traefik as reverse proxy
* Traefik generating self signed certificates for local setup or obtaining valid SSL certificates for a server setup
[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_traefik)
The docker stack consists of two containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network.
The other one is oCIS itself running all extensions in one container. In this example oCIS uses its internal IDP [Konnectd]({{< ref "../../extensions/konnectd/_index.md" >}}) and the [oCIS storage driver]({{< ref "../../extensions/storage/storages.md#storage-drivers" >}})
## Server Deployment
### Requirements
* Linux server(s) with docker and docker-compose installed
* Two domains set up and pointing to your server(s)
* Linux server with docker and docker-compose installed
* Two domains set up and pointing to your server
- ocis.* for serving oCIS
- traefik.* for serving the Traefik dashboard
See also [example server setup]({{< ref "preparing_server.md" >}})
### Install oCIS and Traefik
The application stack contains two containers. The first one is a traefik proxy which is terminating ssl and forwards the requests to the internal docker network. Additional, traefik is creating a certificate that is stored in `acme.json` in the folder `letsencrypt` inside the users home directory.
The second one is th ocis server which is exposing the webservice on port 9200 to traefik.
* Clone ocis repository
* Clone oCIS repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example folder to /opt
* Go to the deployment example
`cp deployment/examples/ocis_traefik /opt/`
`cd ocis/deployment/examples/ocis_traefik`
* Overwrite OCIS_DOMAIN in .env with your.domain.com
* Open the `.env` file in a text editor
The file by default looks like this:
```bash
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
`sed -i 's/ocis.domain.com/your.domain.com/g' /opt/ocis_traefik/.env`
### Traefik settings ###
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
* Overwrite redirect uri with your.domain.com in identifier-registration.yml
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
```
`sed -i 's/ocis.domain.com/your.domain.com/g' /opt/ocis_traefik/config/identifier-registration.yml`
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`.
* Change into deployment folder
Set your domain for the Traefik dasboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
`cd /opt/ocis_traefik`
The Traefik dasboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool).
* Start application stack
Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`.
By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated).
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`.
Now you have configured everything and can save the file.
* Start the docker stack
`docker-compose up -d`
### Configuration
Edit docker-compose.yml file to fit your domain setup
```yaml
...
traefik:
image: "traefik:v2.2"
...
labels:
...
# Email address is neccesary for certificate creation
- "--certificatesresolvers.ocisresolver.acme.email=username@${OCIS_DOMAIN}"
...
```
```yaml
ocis:
container_name: ocis
...
labels:
...
# This is the domain for which traefik is creating the certificate from letsencrypt
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
...
```
In this example, ssl is terminated from traefik while inside of the docker network the services are comunicating via http. For this `PROXY_TLS: "false"` as environment parameter for ocis has to be set.
For ocis to work properly it's neccesary to provide one config file.
Change identifier-registration.yml to match your domain.
```yaml
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com
```
To make it availible for ocis inside of the container, `config` hast to be mounted as volume.
```yaml
...
volumes:
- ./config:/etc/ocis
environment:
...
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/etc/ocis/identifier-registration.yml"
...
```
* You now can visit oCIS and Traefik dashboard on your configured domains
## Local setup
For simple local ocis setup see [Getting started]({{< ref "../getting-started.md" >}})
For a more simple local ocis setup see [Getting started]({{< ref "../getting-started.md" >}})
Local setup with Traefik coming soon
This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer.
On Linux and macOS you can add them to your `/etc/hosts` files like this:
```
127.0.0.1 ocis.owncloud.test
127.0.0.1 traefik.owncloud.test
```
After that you're ready to start the application stack:
`docker-compose up -d`
Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the default users, which also can be found here: [Getting started]({{< ref "../getting-started.md#login-to-ocis-web" >}})

119
docs/ocis/deployment/owncloud10_with_oc_web.md Normal file
View File

@@ -0,0 +1,119 @@
---
title: "ownCloud 10 with ownCloud Web"
date: 2020-10-12T14:04:00+01:00
weight: 25
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis/deployment
geekdocFilePath: owncloud10_with_oc_web.md
---
{{< toc >}}
This deployment scenario shows how to use ownCloud Web as frontend for an existing ownCloud 10 production installation. It enables ownCloud 10 users to log in and work with their files using the new ownCloud Web. While the scenario includes an ownCloud 10 instance, it only exists to show the necessary configuration for your already existing ownCloud 10 installation.
## Overview
* oCIS setup serving ownCloud Web
* oCIS acting as OIDC IDP on the ownCloud 10 user database
* ownCloud 10 setup connected to oCIS
* DNS is resolving one domain for ocis and one for oc10
* Valid ssl certificates for the domains for ssl termination
[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/owncloud10_with_oc_web)
{{< hint info >}}
In this setup it's mandatory that the users in ownCloud 10 are assigned to at least one group.
{{< /hint >}}
{{< hint info >}}
In this setup relies on graph-api app to be installed in ownCloud 10. This app is included by default beginning with ownCloud 10.6. If you are on a lower version, please install it manually.
{{< /hint >}}
## Server Deployment
### Requirements
* Linux server with docker and docker-compose installed
* Three domains set up and pointing to your server
- ocis.* for serving oCIS
- oc10.* for serving
- traefik.* for serving the Traefik dashboard
See also [example server setup]({{< ref "preparing_server.md" >}})
### Install oCIS and Traefik
* Clone oCIS repository
`git clone https://github.com/owncloud/ocis.git`
* Go to the deployment example
`cd ocis/deployment/examples/ocis_oc10_backend`
* Open the `.env` file in a text editor
The file by default looks like this:
```bash
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
### oC10 ###
# Domain of ownCloud 10, where you can find the frontend. Defaults to "oc10.owncloud.test"
#OC10_DOMAIN=
```
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`.
Set your domain for the Traefik dasboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
The Traefik dasboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool).
Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`.
By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated).
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`.
Set your domain for the ownCloud 10 frontend in `OC10_DOMAIN=` eg. `OC10_DOMAIN=oc10.owncloud.test`.
Now you have configured everything and can save the file.
* Start the docker stack
`docker-compose up -d`
* You now can visit oCIS and Traefik dashboard on your configured domains
## Local setup
For a more simple local ocis setup see [Getting started]({{< ref "../getting-started.md" >}})
This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer.
On Linux and macOS you can add them to your `/etc/hosts` files like this:
```
127.0.0.1 ocis.owncloud.test
127.0.0.1 oc10.owncloud.test
127.0.0.1 traefik.owncloud.test
```
After that you're ready to start the application stack:
`docker-compose up -d`
Open https://oc10.owncloud.test in your browser and accept the invalid certificate warning. You now can login with the ownCloud 10 default user "admin" and password "admin". As you might have noticed, you did not see the login prompt of ownCloud 10. This was the login prompt of oCIS. When you go to application you can both in ownCloud Web and ownCloud 10 see a switch to switch vice versa.

2
docs/ocis/getting-started.md
View File

@@ -45,7 +45,7 @@ docker run --rm -ti -p 9200:9200 owncloud/ocis
## Usage
### Login to oCIS Web
### Login to ownCloud Web
Open [https://localhost:9200](https://localhost:9200) and login using one of the demo accounts: