From df3b65b5e835b6ce958a2cebf387b4dab2706760 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Tue, 20 Apr 2021 14:41:36 +0200 Subject: [PATCH 1/7] add wopi server example deployment --- .../config/ocis/proxy-config.json | 145 ++++++------ .../cs3_users_ocis/docker-compose.yml | 2 +- .../examples/ocis_keycloak/docker-compose.yml | 2 +- .../examples/ocis_traefik/docker-compose.yml | 2 +- deployments/examples/ocis_wopiserver/.env | 49 ++++ .../examples/ocis_wopiserver/README.md | 6 + .../config/ocis/config.dist.json | 32 +++ .../config/ocis/entrypoint-override.sh | 31 +++ .../config/ocis/proxy-config.json | 107 +++++++++ .../config/wopiserver/entrypoint-override.sh | 15 ++ .../config/wopiserver/wopiserver.conf.dist | 110 +++++++++ .../ocis_wopiserver/docker-compose.yml | 170 ++++++++++++++ .../docker-compose-additions.yml | 12 + ocis/config/web-config.json | 32 +++ proxy/config/proxy-example-migration.json | 40 +++- proxy/config/proxy-example.json | 211 +++++++----------- proxy/pkg/proxy/proxy.go | 16 ++ 17 files changed, 776 insertions(+), 206 deletions(-) create mode 100644 deployments/examples/ocis_wopiserver/.env create mode 100644 deployments/examples/ocis_wopiserver/README.md create mode 100644 deployments/examples/ocis_wopiserver/config/ocis/config.dist.json create mode 100644 deployments/examples/ocis_wopiserver/config/ocis/entrypoint-override.sh create mode 100644 deployments/examples/ocis_wopiserver/config/ocis/proxy-config.json create mode 100755 deployments/examples/ocis_wopiserver/config/wopiserver/entrypoint-override.sh create mode 100644 deployments/examples/ocis_wopiserver/config/wopiserver/wopiserver.conf.dist create mode 100644 deployments/examples/ocis_wopiserver/docker-compose.yml create mode 100644 deployments/examples/ocis_wopiserver/monitoring_tracing/docker-compose-additions.yml create mode 100644 ocis/config/web-config.json diff --git a/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json b/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json index 2952efc99f..0949299c30 100644 --- a/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json +++ b/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json @@ -11,71 +11,88 @@ { "name": "ocis", "routes": [ - { - "endpoint": "/", - "backend": "http://localhost:9100" - }, - { - "endpoint": "/.well-known/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/konnect/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/signin/", - "backend": "http://localhost:9130" - }, - { + { + "endpoint": "/", + "backend": "http://localhost:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://localhost:9130" + }, + { "type": "regex", - "endpoint": "/ocs/v[12].php/cloud/user/signing-key", - "backend": "http://localhost:9110" - }, - { - "endpoint": "/ocs/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/remote.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/dav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/webdav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/status.php", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/index.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/data", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/api/v0/settings", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/settings.js", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/api/v0/greet", - "backend": "http://localhost:9105" - }, - { - "endpoint": "/hello.js", - "backend": "http://localhost:9105" - } + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://localhost:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://localhost:9140" + }, + { + "type": "query", + "endpoint": "/remote.php/?preview=1", + "backend": "http://localhost:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/data", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://localhost:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://localhost:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/onlyoffice.js", + "backend": "http://localhost:9220" + } ] } ] diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yml b/deployments/examples/cs3_users_ocis/docker-compose.yml index 0b31dbca78..79f6dac6db 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yml @@ -75,7 +75,7 @@ services: OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates # change default secrets - OCIS_JWT_SECRET: ${STORAGE_JWT_SECRET:-Pive-Fumkiu4} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} volumes: - ./config/ocis/proxy-config.json:/config/proxy-config.json - ocis-data:/var/tmp/ocis diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index 8c2cd6289f..18884472fe 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -66,7 +66,7 @@ services: # change default secrets IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${STORAGE_JWT_SECRET:-Pive-Fumkiu4} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/tmp/ocis diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index 7861af16e4..c86e73dfe3 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -56,7 +56,7 @@ services: # change default secrets IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${STORAGE_JWT_SECRET:-Pive-Fumkiu4} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/tmp/ocis diff --git a/deployments/examples/ocis_wopiserver/.env b/deployments/examples/ocis_wopiserver/.env new file mode 100644 index 0000000000..17c3e3ba9c --- /dev/null +++ b/deployments/examples/ocis_wopiserver/.env @@ -0,0 +1,49 @@ +# If you're on a internet facing server please comment out following line. +# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. +INSECURE=true + +### Traefik settings ### +# Serve Treafik dashboard. Defaults to "false". +TRAEFIK_DASHBOARD= +# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" +TRAEFIK_DOMAIN= +# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" +TRAEFIK_BASIC_AUTH_USERS= +# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server +TRAEFIK_ACME_MAIL= + +### oCIS settings ### +# oCIS version. Defaults to "latest" +OCIS_DOCKER_TAG= +# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" +OCIS_DOMAIN= +# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". +IDP_LDAP_BIND_PASSWORD= +# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". +STORAGE_LDAP_BIND_PASSWORD= +# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" +OCIS_JWT_SECRET= + +### Wopi server settings ### +# oCIS Wopi server version. Defaults to "latest" +OCIS_WOPISERVER_DOCKER_TAG=custom +# cs3org wopi server version. Defaults to "latest" +WOPISERVER_DOCKER_TAG= +# cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" +WOPISERVER_DOMAIN= +# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "Pive-Fumkiu4" +WOPI_JWT_SECRET= + +### Collabora settings ### +# Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test" +COLLABORA_DOMAIN= +# Admin user for Collabora. Defaults to blank, provide one to enable access +COLLABORA_ADMIN_USER= +# Admin password for COllabora. Defaults to blank, provide one to enable access +COLLABORA_ADMIN_PASSWORD= + + +# If you want to use debugging and tracing with this stack, +# you need uncomment following line. Please see documentation at +# https://owncloud.dev/ocis/deployment/monitoring-tracing/ +#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/ocis_wopiserver/README.md b/deployments/examples/ocis_wopiserver/README.md new file mode 100644 index 0000000000..ba85d13dfe --- /dev/null +++ b/deployments/examples/ocis_wopiserver/README.md @@ -0,0 +1,6 @@ +--- +document this deployment example in: docs/ocis/deployment/ocis_traefik.md +--- + +Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_traefik/) +for instructions on how to deploy this scenario. diff --git a/deployments/examples/ocis_wopiserver/config/ocis/config.dist.json b/deployments/examples/ocis_wopiserver/config/ocis/config.dist.json new file mode 100644 index 0000000000..c6db833fef --- /dev/null +++ b/deployments/examples/ocis_wopiserver/config/ocis/config.dist.json @@ -0,0 +1,32 @@ +{ + "server": "https://ocis.owncloud.test", + "theme": "owncloud", + "version": "0.1.0", + "openIdConnect": { + "metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration", + "authority": "https://ocis.owncloud.test", + "client_id": "web", + "response_type": "code", + "scope": "openid profile email" + }, + "apps": [ + "files" + ], + "external_apps": [ + { + "id": "settings", + "path": "/settings.js" + }, + { + "id": "accounts", + "path": "/accounts.js" + }, + { + "id": "wopiserver", + "path": "/wopi.js" + } + ], + "options": { + "hideSearchBar": true + } +} diff --git a/deployments/examples/ocis_wopiserver/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_wopiserver/config/ocis/entrypoint-override.sh new file mode 100644 index 0000000000..e8eead4439 --- /dev/null +++ b/deployments/examples/ocis_wopiserver/config/ocis/entrypoint-override.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +set -e + +cp /config/config.dist.json /config/config.json +sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN:-ocis.owncloud.test}'/g' /config/config.json + +ocis server& +sleep 10 + +echo "##################################################" +echo "change default secrets:" + +# IDP +IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) +echo " IDP user UUID: $IDP_USER_UUID" +ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID + +# REVA +REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) +echo " Reva user UUID: $REVA_USER_UUID" +ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID + +echo "default secrets changed" +echo "##################################################" + +ocis kill proxy +sleep 10 +ocis proxy server # workaround for loading proxy configuration + +wait # wait for oCIS to exit diff --git a/deployments/examples/ocis_wopiserver/config/ocis/proxy-config.json b/deployments/examples/ocis_wopiserver/config/ocis/proxy-config.json new file mode 100644 index 0000000000..052ef4a94a --- /dev/null +++ b/deployments/examples/ocis_wopiserver/config/ocis/proxy-config.json @@ -0,0 +1,107 @@ +{ + "HTTP": { + "Namespace": "com.owncloud" + }, + "policy_selector": { + "static": { + "policy": "ocis" + } + }, + "policies": [ + { + "name": "ocis", + "routes": [ + { + "endpoint": "/", + "backend": "http://localhost:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://localhost:9130" + }, + { + "type": "regex", + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://localhost:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://localhost:9140" + }, + { + "type": "query", + "endpoint": "/remote.php/?preview=1", + "backend": "http://localhost:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/data", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://localhost:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://localhost:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/onlyoffice.js", + "backend": "http://localhost:9220" + }, + { + "endpoint": "/api/v0/wopi", + "backend": "http://ocis-wopiserver:9105" + }, + { + "endpoint": "/wopi.js", + "backend": "http://ocis-wopiserver:9105" + } + ] + } + ] +} diff --git a/deployments/examples/ocis_wopiserver/config/wopiserver/entrypoint-override.sh b/deployments/examples/ocis_wopiserver/config/wopiserver/entrypoint-override.sh new file mode 100755 index 0000000000..c63323637e --- /dev/null +++ b/deployments/examples/ocis_wopiserver/config/wopiserver/entrypoint-override.sh @@ -0,0 +1,15 @@ +#/bin/sh! +set -e + +echo "${WOPISECRET}" > /etc/wopi/wopisecret +echo "${IOPSECRET}" > /etc/wopi/iopsecret + + +cp /etc/wopi/wopiserver.conf.dist /etc/wopi/wopiserver.conf +sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN}'/g' /etc/wopi/wopiserver.conf +sed -i 's/collabora.owncloud.test/'${COLLABORA_DOMAIN}'/g' /etc/wopi/wopiserver.conf +sed -i 's/wopiserver.owncloud.test/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf + +/app/wopiserver.py & + +tail -f /var/log/wopi/wopiserver.log diff --git a/deployments/examples/ocis_wopiserver/config/wopiserver/wopiserver.conf.dist b/deployments/examples/ocis_wopiserver/config/wopiserver/wopiserver.conf.dist new file mode 100644 index 0000000000..c2794cf93d --- /dev/null +++ b/deployments/examples/ocis_wopiserver/config/wopiserver/wopiserver.conf.dist @@ -0,0 +1,110 @@ +# +# wopiserver.conf +# +# Default configuration file for the WOPI server for CERNBox +# +############################################################## + +[general] +# Storage access layer to be loaded in order to operate this WOPI server +# Supported values: local, xroot, cs3. +storagetype = cs3 + +# Port where to listen for WOPI requests +port = 8880 + +# URL of your Microsoft Office Online service +#oosurl = https://officeonline.owncloud.test + +# URL of your Collabora Online service +codeurl = https://collabora.owncloud.test + +# URL of your WOPI bridge service (for CodiMD) +#wopibridgeurl = https://your-wopi-bridge-server.org:8000 + +# URL of your WOPI server or your HA proxy in front of it +wopiurl = https://wopiserver.owncloud.test + +# URL for direct download of files. The complete URL that is sent +# to clients will include the access_token argument +downloadurl = https://wopiserver.owncloud.test/wopi/cbox/download + +# Optional URL prefix for WebDAV access to the files. This enables the +# 'Edit in Desktop client' action on Windows-based clients +webdavurl = https://ocis.owncloud.test/webdav + +# List of file extensions deemed incompatible with LibreOffice: +# interoperable locking will be disabled for such files +nonofficetypes = .md .zmd .txt .epd + +# List of file extensions to be supported by Collabora +codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key + +# WOPI access token expiration time [seconds] +tokenvalidity = 86400 + +# WOPI lock expiration time [seconds] +wopilockexpiration = 7200 + +# Logging level. Debug enables the Flask debug mode as well. +# Valid values are: Debug, Info, Warning, Error. +loglevel = Info + +# Location of the lock files. Currently, two modes are supported: +# if a path is provided, all locks will be stored there with a hashed name, +# otherwise the lock is stored on the same path as the original file. +# This latter mode will eventually be dropped once the system is deemed +# stable enough and lock files are hidden away. +#lockpath = /your_storage/wopilocks + + +[security] +# Location of the secret files. Requires a restart of the +# WOPI server when either the files or their content change. +wopisecretfile = /etc/wopi/wopisecret +iopsecretfile = /etc/wopi/iopsecret + +# Use https as opposed to http (requires certificate) +usehttps = no + +# Certificate and key for https. Requires a restart +# to apply a change. +wopicert = /etc/grid-security/host.crt +wopikey = /etc/grid-security/host.key + + +[io] +# Size used for buffered xroot reads [bytes] +chunksize = 4194304 + + +[xroot] +# URL of the default remote xroot storage server. This can be overridden +# if the end-point is passed on the /wopi/cbox/open call +#storageserver = root://your-xrootd-server.org + +# Optional EOS top-level path that will be prepended to all user paths. Useful +# to map the CERNBox-exposed files in a subfolder of the EOS storage. By default, +# this is not used and storagehomepath is empty. +#storagehomepath = /your/top/storage/path + + +[local] +# Location of the folder or mount point used as local storage +#storagehomepath = /mnt/your_local_storage + + +[cs3] +# Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint +revagateway = ocis:9142 + +# HTTP (WebDAV) endpoint for uploading files +#datagateway = http://172.17.0.1:9100 + +# Reva/gRPC authentication token expiration time [seconds] +# The default value matches Reva's default +authtokenvalidity = 3600 + +# SSL certificate check for reva + # oCIS uses self signed certificate in this example +sslverify = false diff --git a/deployments/examples/ocis_wopiserver/docker-compose.yml b/deployments/examples/ocis_wopiserver/docker-compose.yml new file mode 100644 index 0000000000..b8ee174dc2 --- /dev/null +++ b/deployments/examples/ocis_wopiserver/docker-compose.yml @@ -0,0 +1,170 @@ +--- +version: "3.7" + +services: + traefik: + image: traefik:v2.4 + networks: + ocis-net: + aliases: + - ${OCIS_DOMAIN:-ocis.owncloud.test} + - ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + - ${COLLABORA_DOMAIN:-collabora.owncloud.test} + command: + #- "--log.level=DEBUG" + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" + - "--certificatesResolvers.http.acme.storage=/certs/acme.json" + - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + - "--api.dashboard=true" + - "--entryPoints.http.address=:80" + - "--entryPoints.https.address=:443" + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.exposedByDefault=false" + - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate + ports: + - "80:80" + - "443:443" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "certs:/certs" + labels: + - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" + - "traefik.http.routers.traefik.entrypoints=http" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" + - "traefik.http.routers.traefik-secure.entrypoints=https" + - "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" + - "traefik.http.routers.traefik-secure.tls=true" + - "traefik.http.routers.traefik-secure.tls.certresolver=http" + - "traefik.http.routers.traefik-secure.service=api@internal" + logging: + driver: "local" + restart: always + + ocis: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates + # change default secrets + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + # web ui + WEB_UI_CONFIG: "/config/config.json" + # proxy + PROXY_CONFIG_FILE: "/config/proxy-config.json" + volumes: + - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh + - ./config/ocis/config.dist.json:/config/config.dist.json + - ./config/ocis/proxy-config.json:/config/proxy-config.json + - ocis-data:/var/tmp/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.ocis.entrypoints=http" + - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" + - "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.ocis.middlewares=ocis-https-redirect" + - "traefik.http.routers.ocis-secure.entrypoints=https" + - "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" + - "traefik.http.routers.ocis-secure.tls=true" + - "traefik.http.routers.ocis-secure.tls.certresolver=http" + - "traefik.http.routers.ocis-secure.service=ocis" + - "traefik.http.services.ocis.loadbalancer.server.port=9200" + - "traefik.http.services.ocis.loadbalancer.server.scheme=https" + logging: + driver: "local" + restart: always + + ocis-wopiserver: + image: owncloud/ocis-wopiserver:${OCIS_WOPISERVER_DOCKER_TAG:-latest} + networks: + ocis-net: + environment: + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose + WOPISERVER_WOPI_SERVER_HOST: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + WOPISERVER_WOPI_SERVER_SECRET: ${WOPI_JWT_SECRET:-Pive-Fumkiu4} + WOPISERVER_WOPI_SERVER_INSECURE: "${INSECURE:-false}" + logging: + driver: "local" + restart: always + + wopiserver: + image: cs3org/wopiserver:${WOPISERVER_DOCKER_TAG:-latest} + networks: + ocis-net: + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + - WOPISECRET=${WOPI_JWT_SECRET:-Pive-Fumkiu4} + - IOPSECRET=${OCIS_JWT_SECRET:-Pive-Fumkiu4} + - WOPISERVER_DOMAIN=${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + - COLLABORA_DOMAIN=${COLLABORA_DOMAIN:-collabora.owncloud.test} + volumes: + - ./config/wopiserver/entrypoint-override.sh:/entrypoint-override.sh + - ./config/wopiserver/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist + - wopi-data:/var/wopi_local_storage + - wopi-logs:/var/log/wopi + labels: + - "traefik.enable=true" + - "traefik.http.routers.wopiserver.entrypoints=http" + - "traefik.http.routers.wopiserver.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" + - "traefik.http.middlewares.wopiserver-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.wopiserver.middlewares=wopiserver-https-redirect" + - "traefik.http.routers.wopiserver-secure.entrypoints=https" + - "traefik.http.routers.wopiserver-secure.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" + - "traefik.http.routers.wopiserver-secure.tls=true" + - "traefik.http.routers.wopiserver-secure.tls.certresolver=http" + - "traefik.http.routers.wopiserver-secure.service=wopiserver" + - "traefik.http.services.wopiserver.loadbalancer.server.port=8880" + logging: + driver: "local" + restart: always + + collabora: + image: collabora/code:6.4.8.1 + networks: + ocis-net: + environment: + - domain=${OCIS_DOMAIN:-ocis.owncloud.test} + - DONT_GEN_SSL_CERT=YES + - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test} + - username=${COLLABORA_ADMIN_USER} + - password=${COLLABORA_ADMIN_PASSWORD} + cap_add: + - MKNOD + labels: + - "traefik.enable=true" + - "traefik.http.routers.collabora.entrypoints=http" + - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" + - "traefik.http.middlewares.collabora-https-redirect.redirectscheme.scheme=https" + - "traefik.http.routers.collabora.middlewares=collabora-https-redirect" + - "traefik.http.routers.collabora-secure.entrypoints=https" + - "traefik.http.routers.collabora-secure.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" + - "traefik.http.routers.collabora-secure.tls=true" + - "traefik.http.routers.collabora-secure.tls.certresolver=http" + - "traefik.http.routers.collabora-secure.service=collabora" + - "traefik.http.services.collabora.loadbalancer.server.port=9980" + logging: + driver: "local" + restart: always + +volumes: + certs: + ocis-data: + wopi-data: + wopi-logs: + +networks: + ocis-net: diff --git a/deployments/examples/ocis_wopiserver/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_wopiserver/monitoring_tracing/docker-compose-additions.yml new file mode 100644 index 0000000000..16d1d47df8 --- /dev/null +++ b/deployments/examples/ocis_wopiserver/monitoring_tracing/docker-compose-additions.yml @@ -0,0 +1,12 @@ +--- +version: "3.7" + +services: + ocis: + environment: + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + +networks: + ocis-net: + external: true diff --git a/ocis/config/web-config.json b/ocis/config/web-config.json new file mode 100644 index 0000000000..90407d59fe --- /dev/null +++ b/ocis/config/web-config.json @@ -0,0 +1,32 @@ +{ + "server": "https://172.17.0.1:9200", + "theme": "owncloud", + "version": "0.1.0", + "openIdConnect": { + "metadata_url": "https://172.17.0.1:9200/.well-known/openid-configuration", + "authority": "https://172.17.0.1:9200", + "client_id": "web", + "response_type": "code", + "scope": "openid profile email" + }, + "apps": [ + "files" + ], + "external_apps": [ + { + "id": "settings", + "path": "/settings.js" + }, + { + "id": "accounts", + "path": "/accounts.js" + }, + { + "id": "wopiserver", + "path": "/wopiserver.js" + } + ], + "options": { + "hideSearchBar": true + } +} diff --git a/proxy/config/proxy-example-migration.json b/proxy/config/proxy-example-migration.json index e241596dcc..886e6dd31e 100644 --- a/proxy/config/proxy-example-migration.json +++ b/proxy/config/proxy-example-migration.json @@ -8,7 +8,7 @@ }, "policy_selector": { "migration": { - "acc_found_policy" : "ocis", + "acc_found_policy": "ocis", "acc_not_found_policy": "oc10", "unauthenticated_policy": "oc10" } @@ -33,10 +33,20 @@ "endpoint": "/signin/", "backend": "http://localhost:9130" }, + { + "type": "regex", + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://localhost:9110" + }, { "endpoint": "/ocs/", "backend": "http://localhost:9140" }, + { + "type": "query", + "endpoint": "/remote.php/?preview=1", + "backend": "http://localhost:9115" + }, { "endpoint": "/remote.php/", "backend": "http://localhost:9140" @@ -62,20 +72,32 @@ "backend": "http://localhost:9140" }, { - "endpoint": "/api/v0/accounts", - "backend": "http://localhost:9181" - }, - { + "endpoint": "/graph/", + "backend": "http://localhost:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://localhost:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://localhost:9181" + }, + { "endpoint": "/accounts.js", - "backend": "http://localhost:9181" - }, + "backend": "http://localhost:9181" + }, { "endpoint": "/api/v0/settings", - "backend": "http://localhost:9190" + "backend": "http://localhost:9190" }, { "endpoint": "/settings.js", - "backend": "http://localhost:9190" + "backend": "http://localhost:9190" + }, + { + "endpoint": "/onlyoffice.js", + "backend": "http://localhost:9220" } ] }, diff --git a/proxy/config/proxy-example.json b/proxy/config/proxy-example.json index 887912515f..0949299c30 100644 --- a/proxy/config/proxy-example.json +++ b/proxy/config/proxy-example.json @@ -2,10 +2,6 @@ "HTTP": { "Namespace": "com.owncloud" }, - "oidc": { - "issuer": "https://localhost:9200", - "insecure": true - }, "policy_selector": { "static": { "policy": "ocis" @@ -15,133 +11,88 @@ { "name": "ocis", "routes": [ - { - "endpoint": "/", - "backend": "http://localhost:9100" - }, - { - "endpoint": "/.well-known/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/konnect/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/signin/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/ocs/", - "backend": "http://localhost:9140" - }, - { + { + "endpoint": "/", + "backend": "http://localhost:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://localhost:9130" + }, + { "type": "regex", - "endpoint": "/ocs/v[12].php/cloud/user", - "backend": "http://localhost:9110" - }, - { - "endpoint": "/remote.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/dav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/webdav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/status.php", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/index.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/data", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/api/v0/accounts", - "backend": "http://localhost:9181" - }, - { - "endpoint": "/accounts.js", - "backend": "http://localhost:9181" - }, - { - "endpoint": "/api/v0/settings", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/settings.js", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/api/v0/greet", - "backend": "http://localhost:9105" - }, - { - "endpoint": "/hello.js", - "backend": "http://localhost:9105" - } - ] - }, - { - "name": "oc10", - "routes": [ - { - "endpoint": "/", - "backend": "http://localhost:9100" - }, - { - "endpoint": "/.well-known/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/konnect/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/signin/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/ocs/", - "backend": "https://demo.owncloud.com", - "apache-vhost": true - }, - { - "endpoint": "/remote.php/", - "backend": "https://demo.owncloud.com", - "apache-vhost": true - }, - { - "endpoint": "/dav/", - "backend": "https://demo.owncloud.com", - "apache-vhost": true - }, - { - "endpoint": "/webdav/", - "backend": "https://demo.owncloud.com", - "apache-vhost": true - }, - { - "endpoint": "/status.php", - "backend": "https://demo.owncloud.com" - }, - { - "endpoint": "/index.php/", - "backend": "https://demo.owncloud.com" - }, - { - "endpoint": "/data", - "backend": "https://demo.owncloud.com", - "apache-vhost": true - } + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://localhost:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://localhost:9140" + }, + { + "type": "query", + "endpoint": "/remote.php/?preview=1", + "backend": "http://localhost:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/data", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://localhost:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://localhost:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/onlyoffice.js", + "backend": "http://localhost:9220" + } ] } ] diff --git a/proxy/pkg/proxy/proxy.go b/proxy/pkg/proxy/proxy.go index fa5fe5ea24..f064cad886 100644 --- a/proxy/pkg/proxy/proxy.go +++ b/proxy/pkg/proxy/proxy.go @@ -352,6 +352,22 @@ func defaultPolicies() []config.Policy { Endpoint: "/onlyoffice.js", Backend: "http://localhost:9220", }, + { + Endpoint: "/api/v0/wopi/open", + Backend: "http://ocis-wopiserver:9105", + }, + { + Endpoint: "/wopiserver.js", + Backend: "http://ocis-wopiserver:9105", + }, + { + Endpoint: "/hello.js", + Backend: "http://localhost:9105", + }, + { + Endpoint: "/api/v0/greet", + Backend: "http://localhost:9105", + }, }, }, { From 5977a86eb340a1c19ec6edae36771c6db2760070 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Sat, 1 May 2021 19:20:04 +0200 Subject: [PATCH 2/7] add docs --- .../{ocis_wopiserver => ocis_wopi}/.env | 2 +- .../{ocis_wopiserver => ocis_wopi}/README.md | 4 +- .../config/ocis/config.dist.json | 2 +- .../config/ocis/entrypoint-override.sh | 0 .../config/ocis/proxy-config.json | 0 .../config/wopiserver/entrypoint-override.sh | 0 .../config/wopiserver/wopiserver.conf.dist | 0 .../docker-compose.yml | 2 +- .../docker-compose-additions.yml | 0 docs/ocis/deployment/_index.md | 1 + docs/ocis/deployment/ocis_wopi.md | 157 ++++++++++++++++++ proxy/pkg/proxy/proxy.go | 16 -- 12 files changed, 163 insertions(+), 21 deletions(-) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/.env (98%) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/README.md (55%) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/config/ocis/config.dist.json (95%) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/config/ocis/entrypoint-override.sh (100%) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/config/ocis/proxy-config.json (100%) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/config/wopiserver/entrypoint-override.sh (100%) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/config/wopiserver/wopiserver.conf.dist (100%) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/docker-compose.yml (99%) rename deployments/examples/{ocis_wopiserver => ocis_wopi}/monitoring_tracing/docker-compose-additions.yml (100%) create mode 100644 docs/ocis/deployment/ocis_wopi.md diff --git a/deployments/examples/ocis_wopiserver/.env b/deployments/examples/ocis_wopi/.env similarity index 98% rename from deployments/examples/ocis_wopiserver/.env rename to deployments/examples/ocis_wopi/.env index 17c3e3ba9c..0bc2f4acd7 100644 --- a/deployments/examples/ocis_wopiserver/.env +++ b/deployments/examples/ocis_wopi/.env @@ -28,7 +28,7 @@ OCIS_JWT_SECRET= # oCIS Wopi server version. Defaults to "latest" OCIS_WOPISERVER_DOCKER_TAG=custom # cs3org wopi server version. Defaults to "latest" -WOPISERVER_DOCKER_TAG= +CS3ORG_WOPISERVER_DOCKER_TAG= # cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" WOPISERVER_DOMAIN= # JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "Pive-Fumkiu4" diff --git a/deployments/examples/ocis_wopiserver/README.md b/deployments/examples/ocis_wopi/README.md similarity index 55% rename from deployments/examples/ocis_wopiserver/README.md rename to deployments/examples/ocis_wopi/README.md index ba85d13dfe..adfbf2a754 100644 --- a/deployments/examples/ocis_wopiserver/README.md +++ b/deployments/examples/ocis_wopi/README.md @@ -1,6 +1,6 @@ --- -document this deployment example in: docs/ocis/deployment/ocis_traefik.md +document this deployment example in: docs/ocis/deployment/ocis_wopi.md --- -Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_traefik/) +Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_wopi/) for instructions on how to deploy this scenario. diff --git a/deployments/examples/ocis_wopiserver/config/ocis/config.dist.json b/deployments/examples/ocis_wopi/config/ocis/config.dist.json similarity index 95% rename from deployments/examples/ocis_wopiserver/config/ocis/config.dist.json rename to deployments/examples/ocis_wopi/config/ocis/config.dist.json index c6db833fef..6a1a58d82c 100644 --- a/deployments/examples/ocis_wopiserver/config/ocis/config.dist.json +++ b/deployments/examples/ocis_wopi/config/ocis/config.dist.json @@ -22,7 +22,7 @@ "path": "/accounts.js" }, { - "id": "wopiserver", + "id": "wopi", "path": "/wopi.js" } ], diff --git a/deployments/examples/ocis_wopiserver/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/ocis/entrypoint-override.sh similarity index 100% rename from deployments/examples/ocis_wopiserver/config/ocis/entrypoint-override.sh rename to deployments/examples/ocis_wopi/config/ocis/entrypoint-override.sh diff --git a/deployments/examples/ocis_wopiserver/config/ocis/proxy-config.json b/deployments/examples/ocis_wopi/config/ocis/proxy-config.json similarity index 100% rename from deployments/examples/ocis_wopiserver/config/ocis/proxy-config.json rename to deployments/examples/ocis_wopi/config/ocis/proxy-config.json diff --git a/deployments/examples/ocis_wopiserver/config/wopiserver/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh similarity index 100% rename from deployments/examples/ocis_wopiserver/config/wopiserver/entrypoint-override.sh rename to deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh diff --git a/deployments/examples/ocis_wopiserver/config/wopiserver/wopiserver.conf.dist b/deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist similarity index 100% rename from deployments/examples/ocis_wopiserver/config/wopiserver/wopiserver.conf.dist rename to deployments/examples/ocis_wopi/config/wopiserver/wopiserver.conf.dist diff --git a/deployments/examples/ocis_wopiserver/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml similarity index 99% rename from deployments/examples/ocis_wopiserver/docker-compose.yml rename to deployments/examples/ocis_wopi/docker-compose.yml index b8ee174dc2..9d381ca30b 100644 --- a/deployments/examples/ocis_wopiserver/docker-compose.yml +++ b/deployments/examples/ocis_wopi/docker-compose.yml @@ -100,7 +100,7 @@ services: restart: always wopiserver: - image: cs3org/wopiserver:${WOPISERVER_DOCKER_TAG:-latest} + image: cs3org/wopiserver:${CS3ORG_WOPISERVER_DOCKER_TAG:-latest} networks: ocis-net: entrypoint: diff --git a/deployments/examples/ocis_wopiserver/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml similarity index 100% rename from deployments/examples/ocis_wopiserver/monitoring_tracing/docker-compose-additions.yml rename to deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml diff --git a/docs/ocis/deployment/_index.md b/docs/ocis/deployment/_index.md index 3383c8a77b..8ba2edfb3d 100644 --- a/docs/ocis/deployment/_index.md +++ b/docs/ocis/deployment/_index.md @@ -19,6 +19,7 @@ oCIS deployments are super simple, yet there are many configurations possible fo - [Basic oCIS setup]({{< ref "basic-remote-setup" >}}) - configure domain, certificates and port - [oCIS setup with Traefik for SSL termination]({{< ref "ocis_traefik" >}}) - [oCIS setup with Keycloak as identity provider]({{< ref "ocis_keycloak" >}}) +- [oCIS setup with WOPI server to open office documents in your browser]({{< ref "ocis_wopi" >}}) ### Migrate an existing ownCloud 10 You can run ownCloud 10 and oCIS together. This allows you to use new parts of oCIS already with ownCloud 10 and also to have a smooth transition for users from ownCloud 10 to oCIS. diff --git a/docs/ocis/deployment/ocis_wopi.md b/docs/ocis/deployment/ocis_wopi.md new file mode 100644 index 0000000000..678729f014 --- /dev/null +++ b/docs/ocis/deployment/ocis_wopi.md @@ -0,0 +1,157 @@ +--- +title: "oCIS with WOPI server" +date: 2020-10-12T14:04:00+01:00 +weight: 24 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/ocis/deployment +geekdocFilePath: ocis_wopi.md +--- + +{{< toc >}} + +## Overview + +* oCIS, Wopi server and Collabora running behind Traefik as reverse proxy +* Collabora enables you to edit text documents in your browser +* Wopi server acts as a bridge to make the oCIS storage accessible to Collabora +* Traefik generating self signed certificates for local setup or obtaining valid SSL certificates for a server setup + +[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_wopi) + +The docker stack consists 5 containers. One of them is Traefik, a proxy which is terminating SSL and forwards the requests to oCIS in the internal docker network. + +The next container is oCIS itself in a configuration like the [oCIS with Traefik example]({{< ref "ocis_traefik" >}}), except that for this example a custom proxy and web UI configuration is used to enable the oCIS Wopi extension. + +The oCIS WOPI server extension is running in another container and enables you to open files in Collabora from within ownCloud Web. + +The last two containers are the WOPI server and Collabora. + +## Server Deployment + +### Requirements + +* Linux server with docker and docker-compose installed +* Three domains set up and pointing to your server + - ocis.* for serving oCIS + - collabora.* for serving Collabora + - wopiserver.* for serving the WOPI server + - traefik.* for serving the Traefik dashboard + +See also [example server setup]({{< ref "preparing_server" >}}) + + +### Install oCIS and Traefik + +* Clone oCIS repository + + `git clone https://github.com/owncloud/ocis.git` + +* Go to the deployment example + + `cd ocis/deployment/examples/ocis_wopi + +* Open the `.env` file in a text editor + The file by default looks like this: + ```bash + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + # Serve Treafik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". + IDP_LDAP_BIND_PASSWORD= + # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". + STORAGE_LDAP_BIND_PASSWORD= + # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" + OCIS_JWT_SECRET= + + ### Wopi server settings ### + # oCIS Wopi server version. Defaults to "latest" + OCIS_WOPISERVER_DOCKER_TAG=custom + # cs3org wopi server version. Defaults to "latest" + CS3ORG_WOPISERVER_DOCKER_TAG= + # cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" + WOPISERVER_DOMAIN= + # JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "Pive-Fumkiu4" + WOPI_JWT_SECRET= + + ### Collabora settings ### + # Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test" + COLLABORA_DOMAIN= + # Admin user for Collabora. Defaults to blank, provide one to enable access + COLLABORA_ADMIN_USER= + # Admin password for COllabora. Defaults to blank, provide one to enable access + COLLABORA_ADMIN_PASSWORD= + + ``` + + You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. + + If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`. + + The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). + + Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. + + By default oCIS will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). + + Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. + + If you want to change the OIDC client id of th ownCloud Web frontend, you can do this by setting the name to `OCIS_OIDC_CLIENT_ID=`. + + You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + + By default the oCIS WOPI server extension will be started in the `latest` version. If you want to start a specific version of oCIS WOPI server set the version to `OCIS_WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis-wopiserver/tags?page=1&ordering=last_updated). + + By default the CS3Org WOPI server will also be started in the `latest` version. If you want to start a specific version of it, you can set the version to `CS3ORG_WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/cs3org/wopiserver/tags?page=1&ordering=last_updated). + + Set your domain for the CS3Org WOPI server in `WOPISERVER_DOMAIN=`, where Collabora can download the files. + + You also must override the default WOPI JWT secret, in order to have a secure setup. Do this by setting `WOPI_JWT_SECRET` to a long and random string. + + Now it's time to set up Collabora and you need to configure the Domain of Collabora in `COLLABORA_DOMAIN=`. + + If you want to use the Collabora admin panel you need to set user name and passwort for in `COLLABORA_ADMIN_USER=` and `COLLABORA_ADMIN_PASSWORD=`. + + Now you have configured everything and can save the file. + +* Start the docker stack + + `docker-compose up -d` + +* You now can visit oCIS and are able to open an office document in your browser. + +## Local setup +For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}}) + +This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. + +On Linux and macOS you can add them to your `/etc/hosts` files like this: +``` +127.0.0.1 ocis.owncloud.test +127.0.0.1 traefik.owncloud.test +127.0.0.1 collabora.owncloud.test +127.0.0.1 wopiserver.owncloud.test +``` + +After that you're ready to start the application stack: + +`docker-compose up -d` + +Open https://collabora.owncloud.test and https://wopisever.owncloud.test in your browser and accept the invalid certificate warning. + +Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You are now able to open an office document in your browser. diff --git a/proxy/pkg/proxy/proxy.go b/proxy/pkg/proxy/proxy.go index f064cad886..fa5fe5ea24 100644 --- a/proxy/pkg/proxy/proxy.go +++ b/proxy/pkg/proxy/proxy.go @@ -352,22 +352,6 @@ func defaultPolicies() []config.Policy { Endpoint: "/onlyoffice.js", Backend: "http://localhost:9220", }, - { - Endpoint: "/api/v0/wopi/open", - Backend: "http://ocis-wopiserver:9105", - }, - { - Endpoint: "/wopiserver.js", - Backend: "http://ocis-wopiserver:9105", - }, - { - Endpoint: "/hello.js", - Backend: "http://localhost:9105", - }, - { - Endpoint: "/api/v0/greet", - Backend: "http://localhost:9105", - }, }, }, { From 39973d13f06bac87ff03028c4e5eecf50711e944 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Tue, 4 May 2021 13:35:49 +0200 Subject: [PATCH 3/7] remove "custom" preset in .env --- deployments/examples/ocis_wopi/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployments/examples/ocis_wopi/.env b/deployments/examples/ocis_wopi/.env index 0bc2f4acd7..391bd938e1 100644 --- a/deployments/examples/ocis_wopi/.env +++ b/deployments/examples/ocis_wopi/.env @@ -26,7 +26,7 @@ OCIS_JWT_SECRET= ### Wopi server settings ### # oCIS Wopi server version. Defaults to "latest" -OCIS_WOPISERVER_DOCKER_TAG=custom +OCIS_WOPISERVER_DOCKER_TAG= # cs3org wopi server version. Defaults to "latest" CS3ORG_WOPISERVER_DOCKER_TAG= # cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" From 25a5001a914d6a5e03207c5b4846ca2d0cc0792b Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Tue, 4 May 2021 13:41:02 +0200 Subject: [PATCH 4/7] touch wopi log file to ensure its there --- .../examples/ocis_wopi/config/wopiserver/entrypoint-override.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh index c63323637e..67f2b547f1 100755 --- a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh +++ b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh @@ -10,6 +10,8 @@ sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN}'/g' /etc/wopi/wopiserver.conf sed -i 's/collabora.owncloud.test/'${COLLABORA_DOMAIN}'/g' /etc/wopi/wopiserver.conf sed -i 's/wopiserver.owncloud.test/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf +touch /var/log/wopi/wopiserver.log + /app/wopiserver.py & tail -f /var/log/wopi/wopiserver.log From 3f9707274d144ceee9c21f261ec9efefeba3b7c8 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Tue, 4 May 2021 13:46:25 +0200 Subject: [PATCH 5/7] fix json formatting --- .../config/ocis/proxy-config.json | 160 ++++++++-------- .../ocis_wopi/config/ocis/config.dist.json | 4 +- .../ocis_wopi/config/ocis/proxy-config.json | 176 +++++++++--------- proxy/config/proxy-example.json | 160 ++++++++-------- 4 files changed, 249 insertions(+), 251 deletions(-) diff --git a/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json b/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json index 0949299c30..166015d950 100644 --- a/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json +++ b/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json @@ -11,88 +11,88 @@ { "name": "ocis", "routes": [ - { - "endpoint": "/", - "backend": "http://localhost:9100" - }, - { - "endpoint": "/.well-known/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/konnect/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/signin/", - "backend": "http://localhost:9130" - }, - { + { + "endpoint": "/", + "backend": "http://localhost:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://localhost:9130" + }, + { "type": "regex", - "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", - "backend": "http://localhost:9110" - }, - { - "endpoint": "/ocs/", - "backend": "http://localhost:9140" - }, - { + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://localhost:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://localhost:9140" + }, + { "type": "query", - "endpoint": "/remote.php/?preview=1", - "backend": "http://localhost:9115" - }, - { - "endpoint": "/remote.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/dav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/webdav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/status.php", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/index.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/data", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/graph/", - "backend": "http://localhost:9120" - }, - { - "endpoint": "/graph-explorer/", - "backend": "http://localhost:9135" - }, - { - "endpoint": "/api/v0/accounts", - "backend": "http://localhost:9181" - }, - { - "endpoint": "/accounts.js", - "backend": "http://localhost:9181" - }, - { - "endpoint": "/api/v0/settings", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/settings.js", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/onlyoffice.js", - "backend": "http://localhost:9220" - } + "endpoint": "/remote.php/?preview=1", + "backend": "http://localhost:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/data", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://localhost:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://localhost:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/onlyoffice.js", + "backend": "http://localhost:9220" + } ] } ] diff --git a/deployments/examples/ocis_wopi/config/ocis/config.dist.json b/deployments/examples/ocis_wopi/config/ocis/config.dist.json index 6a1a58d82c..16621b0ebf 100644 --- a/deployments/examples/ocis_wopi/config/ocis/config.dist.json +++ b/deployments/examples/ocis_wopi/config/ocis/config.dist.json @@ -9,9 +9,7 @@ "response_type": "code", "scope": "openid profile email" }, - "apps": [ - "files" - ], + "apps": ["files"], "external_apps": [ { "id": "settings", diff --git a/deployments/examples/ocis_wopi/config/ocis/proxy-config.json b/deployments/examples/ocis_wopi/config/ocis/proxy-config.json index 052ef4a94a..a5036b4b3b 100644 --- a/deployments/examples/ocis_wopi/config/ocis/proxy-config.json +++ b/deployments/examples/ocis_wopi/config/ocis/proxy-config.json @@ -11,96 +11,96 @@ { "name": "ocis", "routes": [ - { - "endpoint": "/", - "backend": "http://localhost:9100" - }, - { - "endpoint": "/.well-known/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/konnect/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/signin/", - "backend": "http://localhost:9130" - }, - { + { + "endpoint": "/", + "backend": "http://localhost:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://localhost:9130" + }, + { "type": "regex", - "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", - "backend": "http://localhost:9110" - }, - { - "endpoint": "/ocs/", - "backend": "http://localhost:9140" - }, - { + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://localhost:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://localhost:9140" + }, + { "type": "query", - "endpoint": "/remote.php/?preview=1", - "backend": "http://localhost:9115" - }, - { - "endpoint": "/remote.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/dav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/webdav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/status.php", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/index.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/data", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/graph/", - "backend": "http://localhost:9120" - }, - { - "endpoint": "/graph-explorer/", - "backend": "http://localhost:9135" - }, - { - "endpoint": "/api/v0/accounts", - "backend": "http://localhost:9181" - }, - { - "endpoint": "/accounts.js", - "backend": "http://localhost:9181" - }, - { - "endpoint": "/api/v0/settings", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/settings.js", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/onlyoffice.js", - "backend": "http://localhost:9220" - }, - { - "endpoint": "/api/v0/wopi", - "backend": "http://ocis-wopiserver:9105" - }, - { - "endpoint": "/wopi.js", - "backend": "http://ocis-wopiserver:9105" - } + "endpoint": "/remote.php/?preview=1", + "backend": "http://localhost:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/data", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://localhost:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://localhost:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/onlyoffice.js", + "backend": "http://localhost:9220" + }, + { + "endpoint": "/api/v0/wopi", + "backend": "http://ocis-wopiserver:9105" + }, + { + "endpoint": "/wopi.js", + "backend": "http://ocis-wopiserver:9105" + } ] } ] diff --git a/proxy/config/proxy-example.json b/proxy/config/proxy-example.json index 0949299c30..166015d950 100644 --- a/proxy/config/proxy-example.json +++ b/proxy/config/proxy-example.json @@ -11,88 +11,88 @@ { "name": "ocis", "routes": [ - { - "endpoint": "/", - "backend": "http://localhost:9100" - }, - { - "endpoint": "/.well-known/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/konnect/", - "backend": "http://localhost:9130" - }, - { - "endpoint": "/signin/", - "backend": "http://localhost:9130" - }, - { + { + "endpoint": "/", + "backend": "http://localhost:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://localhost:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://localhost:9130" + }, + { "type": "regex", - "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", - "backend": "http://localhost:9110" - }, - { - "endpoint": "/ocs/", - "backend": "http://localhost:9140" - }, - { + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://localhost:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://localhost:9140" + }, + { "type": "query", - "endpoint": "/remote.php/?preview=1", - "backend": "http://localhost:9115" - }, - { - "endpoint": "/remote.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/dav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/webdav/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/status.php", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/index.php/", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/data", - "backend": "http://localhost:9140" - }, - { - "endpoint": "/graph/", - "backend": "http://localhost:9120" - }, - { - "endpoint": "/graph-explorer/", - "backend": "http://localhost:9135" - }, - { - "endpoint": "/api/v0/accounts", - "backend": "http://localhost:9181" - }, - { - "endpoint": "/accounts.js", - "backend": "http://localhost:9181" - }, - { - "endpoint": "/api/v0/settings", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/settings.js", - "backend": "http://localhost:9190" - }, - { - "endpoint": "/onlyoffice.js", - "backend": "http://localhost:9220" - } + "endpoint": "/remote.php/?preview=1", + "backend": "http://localhost:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/data", + "backend": "http://localhost:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://localhost:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://localhost:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://localhost:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://localhost:9190" + }, + { + "endpoint": "/onlyoffice.js", + "backend": "http://localhost:9220" + } ] } ] From d144e3ddce00ad0110ca0ae68e508b0dff82d8e8 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Tue, 4 May 2021 13:56:46 +0200 Subject: [PATCH 6/7] add wait script --- .../ocis_wopi/config/wopiserver/entrypoint-override.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh index 67f2b547f1..320527104f 100755 --- a/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh +++ b/deployments/examples/ocis_wopi/config/wopiserver/entrypoint-override.sh @@ -12,6 +12,9 @@ sed -i 's/wopiserver.owncloud.test/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserve touch /var/log/wopi/wopiserver.log +# wait for collabora to be up, else file types might be missing at https://wopiserver.owncloud.test/wopi/cbox/endpoints +while ! curl --output /dev/null --silent --head --fail http://collabora:9980; do sleep 1 && echo -n .; done; + /app/wopiserver.py & tail -f /var/log/wopi/wopiserver.log From 1cdb18ff314ea1aabb322d197915c4042716c7a9 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Tue, 4 May 2021 14:38:59 +0200 Subject: [PATCH 7/7] add continous deployment --- .../ocis_wopi/latest.yml | 44 +++++++++++++++++++ .../ocis_wopi/released.yml | 44 +++++++++++++++++++ docs/ocis/deployment/continuous_deployment.md | 28 +++++++++--- 3 files changed, 111 insertions(+), 5 deletions(-) create mode 100644 deployments/continuous-deployment-config/ocis_wopi/latest.yml create mode 100644 deployments/continuous-deployment-config/ocis_wopi/released.yml diff --git a/deployments/continuous-deployment-config/ocis_wopi/latest.yml b/deployments/continuous-deployment-config/ocis_wopi/latest.yml new file mode 100644 index 0000000000..9550016911 --- /dev/null +++ b/deployments/continuous-deployment-config/ocis_wopi/latest.yml @@ -0,0 +1,44 @@ +--- +- name: continuous-deployment-ocis-wopi-latest + server: + server_type: cx21 + image: ubuntu-20.04 + location: nbg1 + initial_ssh_key_names: + - owncloud-ocis@drone.owncloud.com + labels: + owner: wkloucek + for: oCIS-continuous-deployment-examples + rebuild: $REBUILD + rebuild_carry_paths: + - /var/lib/docker/volumes/ocis_certs + + domains: + - "*.ocis-wopi.latest.owncloud.works" + + vars: + docker_compose_projects: + - name: ocis + git_url: https://github.com/owncloud/ocis.git + ref: master + docker_compose_path: deployments/examples/ocis_wopi + env: + INSECURE: "false" + TRAEFIK_ACME_MAIL: wkloucek@owncloud.com + OCIS_DOCKER_TAG: latest + OCIS_DOMAIN: ocis.ocis-wopi.latest.owncloud.works + OCIS_WOPISERVER_DOCKER_TAG: latest + CS3ORG_WOPISERVER_DOCKER_TAG: latest + WOPISERVER_DOMAIN: wopiserver.ocis-wopi.latest.owncloud.works + COLLABORA_DOMAIN: collabora.ocis-wopi.latest.owncloud.works + COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml + - name: monitoring + git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git + ref: master + env: + NETWORK_NAME: ocis-net + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-wopi.latest.owncloud.works + JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 + TELEGRAF_SPECIFIC_CONFIG: ocis_single_container + OCIS_URL: ocis.ocis-wopi.latest.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-wopi-latest diff --git a/deployments/continuous-deployment-config/ocis_wopi/released.yml b/deployments/continuous-deployment-config/ocis_wopi/released.yml new file mode 100644 index 0000000000..f4c6ed83ce --- /dev/null +++ b/deployments/continuous-deployment-config/ocis_wopi/released.yml @@ -0,0 +1,44 @@ +--- +- name: continuous-deployment-ocis-wopi-released + server: + server_type: cx21 + image: ubuntu-20.04 + location: nbg1 + initial_ssh_key_names: + - owncloud-ocis@drone.owncloud.com + labels: + owner: wkloucek + for: oCIS-continuous-deployment-examples + rebuild: $REBUILD + rebuild_carry_paths: + - /var/lib/docker/volumes/ocis_certs + + domains: + - "*.ocis-wopi.released.owncloud.works" + + vars: + docker_compose_projects: + - name: ocis + git_url: https://github.com/owncloud/ocis.git + ref: master + docker_compose_path: deployments/examples/ocis_wopi + env: + INSECURE: "false" + TRAEFIK_ACME_MAIL: wkloucek@owncloud.com + OCIS_DOCKER_TAG: 1 + OCIS_DOMAIN: ocis.ocis-wopi.released.owncloud.works + OCIS_WOPISERVER_DOCKER_TAG: latest + CS3ORG_WOPISERVER_DOCKER_TAG: latest + WOPISERVER_DOMAIN: wopiserver.ocis-wopi.released.owncloud.works + COLLABORA_DOMAIN: collabora.ocis-wopi.released.owncloud.works + COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml + - name: monitoring + git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git + ref: master + env: + NETWORK_NAME: ocis-net + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-wopi.released.owncloud.works + JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 + TELEGRAF_SPECIFIC_CONFIG: ocis_single_container + OCIS_URL: ocis.ocis-wopi.released.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-wopi-released diff --git a/docs/ocis/deployment/continuous_deployment.md b/docs/ocis/deployment/continuous_deployment.md index e5028fbc29..a84b64d997 100644 --- a/docs/ocis/deployment/continuous_deployment.md +++ b/docs/ocis/deployment/continuous_deployment.md @@ -10,6 +10,7 @@ geekdocFilePath: continuous_deployment.md {{< toc >}} We are continuously deploying the following deployment examples. Every example is deployed in two flavors: + - Latest: reflects the current master branch state of oCIS and will be updated with every commit to master - Released: reflects the newest release state (currently latest release of version 1) and will be updated with every release @@ -18,6 +19,7 @@ The configuration for the continuous deployment can be found in the [oCIS reposi # oCIS with Traefik Credentials: + - oCIS: see [default demo users]({{< ref "../getting-started#login-to-owncloud-web" >}}) ## Latest @@ -28,13 +30,28 @@ Credentials: - oCIS: [ocis.ocis-traefik.released.owncloud.works](https://ocis.ocis-traefik.released.owncloud.works) +# oCIS with WOPI server + +Credentials: + +- oCIS: see [default demo users]({{< ref "../getting-started#login-to-owncloud-web" >}}) + +## Latest + +- oCIS: [ocis.ocis-wopi.latest.owncloud.works](https://ocis.ocis-wopi.latest.owncloud.works) + +## Released + +- oCIS: [ocis.ocis-wopi.released.owncloud.works](https://ocis.ocis-wopi.released.owncloud.works) + # oCIS with Keycloak Credentials: + - oCIS: see [default demo users]({{< ref "../getting-started#login-to-owncloud-web" >}}) - Keycloak: - - username: admin - - password: admin + - username: admin + - password: admin ## Latest @@ -49,10 +66,11 @@ Credentials: # oCIS with CS3 users Credentials: + - oCIS: see [default demo users]({{< ref "../getting-started#login-to-owncloud-web" >}}) -- LDAP admin: - - username: cn=admin,dc=owncloud,dc=com - - password: admin +- LDAP admin: + - username: cn=admin,dc=owncloud,dc=com + - password: admin ## Latest