mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-04-23 04:28:48 -05:00
adapt proxy config and remove uneeded config
This commit is contained in:
+5
-9
@@ -1637,7 +1637,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
|
||||
if not testing_parallel_deploy:
|
||||
user = "0:0"
|
||||
environment = {
|
||||
"OCIS_URL": "https://ocis-server:9200",
|
||||
"OCIS_URL": OCIS_URL,
|
||||
"GATEWAY_GRPC_ADDR": "0.0.0.0:9142", # cs3api-validator needs the cs3api gatway exposed
|
||||
"STORAGE_USERS_DRIVER": "%s" % (storage),
|
||||
"STORAGE_USERS_DRIVER_LOCAL_ROOT": "/srv/app/tmp/ocis/local/root",
|
||||
@@ -1669,7 +1669,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
|
||||
"WEB_OIDC_CLIENT_ID": "ocis-web",
|
||||
"WEB_OIDC_SCOPE": "openid profile email owncloud",
|
||||
# external ldap is supposed to be read only
|
||||
"GRAPH_IDENTITY_BACKEND": "cs3",
|
||||
"GRAPH_IDENTITY_BACKEND": "ldap",
|
||||
"GRAPH_LDAP_SERVER_WRITE_ENABLED": "false",
|
||||
# LDAP bind
|
||||
"LDAP_URI": "ldaps://openldap",
|
||||
@@ -1677,19 +1677,17 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
|
||||
"LDAP_BIND_DN": "cn=admin,dc=owncloud,dc=com",
|
||||
"LDAP_BIND_PASSWORD": "admin",
|
||||
# LDAP user settings
|
||||
"PROXY_AUTOPROVISION_ACCOUNTS": "true", # automatically create users when they login
|
||||
"PROXY_ACCOUNT_BACKEND_TYPE": "cs3", # proxy should get users from CS3APIS (which gets it from LDAP)
|
||||
"PROXY_USER_OIDC_CLAIM": "ocis.user.uuid", # claim was added in Keycloak
|
||||
"PROXY_USER_CS3_CLAIM": "userid", # equals STORAGE_LDAP_USER_SCHEMA_UID
|
||||
"LDAP_GROUP_BASE_DN": "ou=testgroups,dc=owncloud,dc=com",
|
||||
"LDAP_GROUP_BASE_DN": "ou=TestGroups,dc=owncloud,dc=com",
|
||||
"LDAP_GROUP_OBJECTCLASS": "groupOfUniqueNames",
|
||||
"LDAP_GROUP_SCHEMA_DISPLAYNAME": "cn",
|
||||
"LDAP_GROUP_SCHEMA_ID": "cn",
|
||||
"LDAP_GROUP_SCHEMA_MAIL": "mail",
|
||||
"LDAP_GROUP_SCHEMA_MEMBER": "cn",
|
||||
"LDAP_GROUPFILTER": "(objectclass=owncloud)",
|
||||
"LDAP_LOGIN_ATTRIBUTES": "uid,mail",
|
||||
"LDAP_USER_BASE_DN": "ou=testusers,dc=owncloud,dc=com",
|
||||
"LDAP_LOGIN_ATTRIBUTES": "uid",
|
||||
"LDAP_USER_BASE_DN": "ou=TestUsers,dc=owncloud,dc=com",
|
||||
"LDAP_USER_OBJECTCLASS": "posixAccount",
|
||||
"LDAP_USER_SCHEMA_DISPLAYNAME": "displayname",
|
||||
"LDAP_USER_SCHEMA_ID": "ownclouduuid",
|
||||
@@ -1721,8 +1719,6 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
|
||||
"OCIS_BASE_DATA_PATH": "/mnt/data/ocis",
|
||||
"OCIS_CONFIG_DIR": "/etc/ocis",
|
||||
"PROXY_ENABLE_BASIC_AUTH": "true",
|
||||
"IDM_CREATE_DEMO_USERS": True,
|
||||
"IDM_ADMIN_PASSWORD": "admin", # override the random admin password from `ocis init`
|
||||
}
|
||||
wait_for_ocis = {
|
||||
"name": "wait-for-ocis-server",
|
||||
|
||||
@@ -34,17 +34,17 @@ policies:
|
||||
endpoint: /webdav/?preview=1
|
||||
backend: http://localhost:9115
|
||||
- endpoint: /remote.php/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /dav/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /webdav/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /status.php
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /index.php/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /apps/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /data
|
||||
backend: http://localhost:9140
|
||||
- endpoint: /app/
|
||||
|
||||
@@ -74,7 +74,7 @@ services:
|
||||
WEB_OIDC_CLIENT_ID: ocis-web
|
||||
WEB_OIDC_SCOPE: openid profile email owncloud
|
||||
# external ldap is supposed to be read only
|
||||
GRAPH_IDENTITY_BACKEND: cs3
|
||||
GRAPH_IDENTITY_BACKEND: ldap
|
||||
GRAPH_LDAP_SERVER_WRITE_ENABLED: "false"
|
||||
# LDAP bind
|
||||
LDAP_URI: "ldaps://openldap"
|
||||
@@ -82,19 +82,17 @@ services:
|
||||
LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
|
||||
LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
|
||||
# LDAP user settings
|
||||
PROXY_AUTOPROVISION_ACCOUNTS: "true" # automatically create users when they login
|
||||
PROXY_ACCOUNT_BACKEND_TYPE: cs3 # proxy should get users from CS3APIS (which gets it from LDAP)
|
||||
PROXY_USER_OIDC_CLAIM: ocis.user.uuid # claim was added in Keycloak
|
||||
PROXY_USER_CS3_CLAIM: userid # equals STORAGE_LDAP_USER_SCHEMA_UID
|
||||
LDAP_GROUP_BASE_DN: "dc=owncloud,dc=com"
|
||||
LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
|
||||
LDAP_GROUP_OBJECTCLASS: "groupOfUniqueNames"
|
||||
LDAP_GROUP_SCHEMA_DISPLAYNAME: "cn"
|
||||
LDAP_GROUP_SCHEMA_ID: "cn"
|
||||
LDAP_GROUP_SCHEMA_MAIL: "mail"
|
||||
LDAP_GROUP_SCHEMA_MEMBER: "cn"
|
||||
LDAP_GROUPFILTER: "(objectclass=owncloud)"
|
||||
LDAP_LOGIN_ATTRIBUTES: "uid,mail"
|
||||
LDAP_USER_BASE_DN: "dc=owncloud,dc=com"
|
||||
LDAP_LOGIN_ATTRIBUTES: "uid"
|
||||
LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
|
||||
LDAP_USER_OBJECTCLASS: "posixAccount"
|
||||
LDAP_USER_SCHEMA_DISPLAYNAME: "displayname"
|
||||
LDAP_USER_SCHEMA_ID: "ownclouduuid"
|
||||
@@ -126,17 +124,10 @@ services:
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
|
||||
OCIS_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test}
|
||||
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
|
||||
# change default secrets
|
||||
OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
|
||||
STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
|
||||
OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
|
||||
# INSECURE: needed if oCIS / Traefik is using self generated certificates
|
||||
OCIS_INSECURE: "${INSECURE:-false}"
|
||||
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
|
||||
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
|
||||
# demo users
|
||||
ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM
|
||||
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
|
||||
volumes:
|
||||
- ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
|
||||
- ocis-config:/etc/ocis
|
||||
|
||||
@@ -34,17 +34,17 @@ policies:
|
||||
endpoint: /webdav/?preview=1
|
||||
backend: http://localhost:9115
|
||||
- endpoint: /remote.php/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /dav/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /webdav/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /status.php
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /index.php/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /apps/
|
||||
service: ocdav
|
||||
service: com.owncloud.web.ocdav
|
||||
- endpoint: /data
|
||||
backend: http://localhost:9140
|
||||
- endpoint: /app/
|
||||
|
||||
Reference in New Issue
Block a user