mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-05-06 19:40:42 -05:00
use OC_ env prefix
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
This commit is contained in:
Jörn Friedrich Dreyer
@@ -30,9 +30,9 @@
|
||||
env:
|
||||
INSECURE: "false"
|
||||
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
|
||||
OCIS_DOCKER_TAG: master
|
||||
OCIS_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OCIS_DOMAIN: ocis.ocis.master.owncloud.works
|
||||
OC_DOCKER_TAG: master
|
||||
OC_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OC_DOMAIN: ocis.ocis.master.owncloud.works
|
||||
COMPANION_DOMAIN: companion.ocis.master.owncloud.works
|
||||
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
|
||||
WOPISERVER_DOMAIN: wopiserver.ocis.master.owncloud.works
|
||||
@@ -48,5 +48,5 @@
|
||||
TELEMETRY_SERVE_DOMAIN: telemetry.ocis.master.owncloud.works
|
||||
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
|
||||
TELEGRAF_SPECIFIC_CONFIG: ocis_full
|
||||
OCIS_URL: ocis.ocis.master.owncloud.works
|
||||
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-master
|
||||
OC_URL: ocis.ocis.master.owncloud.works
|
||||
OC_DEPLOYMENT_ID: continuous-deployment-ocis-master
|
||||
|
||||
@@ -30,9 +30,9 @@
|
||||
env:
|
||||
INSECURE: "false"
|
||||
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
|
||||
OCIS_DOCKER_TAG: master
|
||||
OCIS_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OCIS_DOMAIN: ocis.ocis-onlyoffice.master.owncloud.works
|
||||
OC_DOCKER_TAG: master
|
||||
OC_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OC_DOMAIN: ocis.ocis-onlyoffice.master.owncloud.works
|
||||
COMPANION_DOMAIN: companion.ocis-onlyoffice.master.owncloud.works
|
||||
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
|
||||
WOPISERVER_ONLYOFFICE_DOMAIN: wopiserver-oo.ocis-onlyoffice.master.owncloud.works
|
||||
@@ -48,5 +48,5 @@
|
||||
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-onlyoffice.master.owncloud.works
|
||||
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
|
||||
TELEGRAF_SPECIFIC_CONFIG: ocis_onlyoffice
|
||||
OCIS_URL: ocis.ocis-onlyoffice.master.owncloud.works
|
||||
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-onlyoffice-master
|
||||
OC_URL: ocis.ocis-onlyoffice.master.owncloud.works
|
||||
OC_DEPLOYMENT_ID: continuous-deployment-ocis-onlyoffice-master
|
||||
|
||||
@@ -30,9 +30,9 @@
|
||||
env:
|
||||
INSECURE: "false"
|
||||
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
|
||||
OCIS_DOCKER_TAG: 6.6.1
|
||||
OCIS_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OCIS_DOMAIN: ocis.ocis-onlyoffice.rolling.owncloud.works
|
||||
OC_DOCKER_TAG: 6.6.1
|
||||
OC_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OC_DOMAIN: ocis.ocis-onlyoffice.rolling.owncloud.works
|
||||
COMPANION_DOMAIN: companion.ocis-onlyoffice.rolling.owncloud.works
|
||||
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
|
||||
WOPISERVER_ONLYOFFICE_DOMAIN: wopiserver-oo.ocis-onlyoffice.rolling.owncloud.works
|
||||
@@ -48,5 +48,5 @@
|
||||
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-onlyoffice.rolling.owncloud.works
|
||||
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
|
||||
TELEGRAF_SPECIFIC_CONFIG: ocis_onlyoffice
|
||||
OCIS_URL: ocis.ocis-onlyoffice.rolling.owncloud.works
|
||||
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-onlyoffice-rolling
|
||||
OC_URL: ocis.ocis-onlyoffice.rolling.owncloud.works
|
||||
OC_DEPLOYMENT_ID: continuous-deployment-ocis-onlyoffice-rolling
|
||||
|
||||
@@ -30,8 +30,8 @@
|
||||
env:
|
||||
INSECURE: "false"
|
||||
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
|
||||
OCIS_DOCKER_TAG: 7.0.0
|
||||
OCIS_DOMAIN: ocis.ocis.production.owncloud.works
|
||||
OC_DOCKER_TAG: 7.0.0
|
||||
OC_DOMAIN: ocis.ocis.production.owncloud.works
|
||||
COMPANION_DOMAIN: companion.ocis.production.owncloud.works
|
||||
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
|
||||
WOPISERVER_DOMAIN: wopiserver.ocis.production.owncloud.works
|
||||
@@ -47,5 +47,5 @@
|
||||
TELEMETRY_SERVE_DOMAIN: telemetry.ocis.production.owncloud.works
|
||||
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
|
||||
TELEGRAF_SPECIFIC_CONFIG: ocis_wopi
|
||||
OCIS_URL: ocis.ocis.production.owncloud.works
|
||||
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-production
|
||||
OC_URL: ocis.ocis.production.owncloud.works
|
||||
OC_DEPLOYMENT_ID: continuous-deployment-ocis-production
|
||||
|
||||
@@ -30,9 +30,9 @@
|
||||
env:
|
||||
INSECURE: "false"
|
||||
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
|
||||
OCIS_DOCKER_TAG: 6.6.1
|
||||
OCIS_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OCIS_DOMAIN: ocis.ocis.rolling.owncloud.works
|
||||
OC_DOCKER_TAG: 6.6.1
|
||||
OC_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OC_DOMAIN: ocis.ocis.rolling.owncloud.works
|
||||
COMPANION_DOMAIN: companion.ocis.rolling.owncloud.works
|
||||
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
|
||||
WOPISERVER_DOMAIN: wopiserver.ocis.rolling.owncloud.works
|
||||
@@ -48,5 +48,5 @@
|
||||
TELEMETRY_SERVE_DOMAIN: telemetry.ocis.rolling.owncloud.works
|
||||
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
|
||||
TELEGRAF_SPECIFIC_CONFIG: ocis_full
|
||||
OCIS_URL: ocis.ocis.rolling.owncloud.works
|
||||
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-rolling
|
||||
OC_URL: ocis.ocis.rolling.owncloud.works
|
||||
OC_DEPLOYMENT_ID: continuous-deployment-ocis-rolling
|
||||
|
||||
@@ -30,9 +30,9 @@
|
||||
env:
|
||||
INSECURE: "false"
|
||||
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
|
||||
OCIS_DOCKER_TAG: 6.6.1
|
||||
OCIS_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OCIS_DOMAIN: ocis.ocis-s3.rolling.owncloud.works
|
||||
OC_DOCKER_TAG: 6.6.1
|
||||
OC_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OC_DOMAIN: ocis.ocis-s3.rolling.owncloud.works
|
||||
COMPANION_DOMAIN: companion.ocis-s3.rolling.owncloud.works
|
||||
COMPANION_IMAGE: owncloud/uppy-companion:3.12.13-owncloud
|
||||
WOPISERVER_DOMAIN: wopiserver.ocis-s3.rolling.owncloud.works
|
||||
@@ -49,5 +49,5 @@
|
||||
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.rolling.owncloud.works
|
||||
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
|
||||
TELEGRAF_SPECIFIC_CONFIG: ocis_full
|
||||
OCIS_URL: ocis.ocis-s3.rolling.owncloud.works
|
||||
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-s3-rolling
|
||||
OC_URL: ocis.ocis-s3.rolling.owncloud.works
|
||||
OC_DEPLOYMENT_ID: continuous-deployment-ocis-s3-rolling
|
||||
|
||||
@@ -30,9 +30,9 @@
|
||||
env:
|
||||
INSECURE: "false"
|
||||
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
|
||||
OCIS_DOCKER_TAG: 6.6.1
|
||||
OCIS_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OCIS_DOMAIN: ocis.ocis-keycloak.rolling.owncloud.works
|
||||
OC_DOCKER_TAG: 6.6.1
|
||||
OC_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OC_DOMAIN: ocis.ocis-keycloak.rolling.owncloud.works
|
||||
KEYCLOAK_DOMAIN: keycloak.ocis-keycloak.rolling.owncloud.works
|
||||
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
|
||||
- name: monitoring
|
||||
@@ -43,5 +43,5 @@
|
||||
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-keycloak.rolling.owncloud.works
|
||||
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
|
||||
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
|
||||
OCIS_URL: ocis.ocis-keycloak.rolling.owncloud.works
|
||||
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-keycloak-rolling
|
||||
OC_URL: ocis.ocis-keycloak.rolling.owncloud.works
|
||||
OC_DEPLOYMENT_ID: continuous-deployment-ocis-keycloak-rolling
|
||||
|
||||
@@ -30,9 +30,9 @@
|
||||
env:
|
||||
INSECURE: "false"
|
||||
TRAEFIK_ACME_MAIL: julian.koberg@kiteworks.com
|
||||
OCIS_DOCKER_TAG: 6.6.1
|
||||
OCIS_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OCIS_DOMAIN: ocis.ocis-ldap.rolling.owncloud.works
|
||||
OC_DOCKER_TAG: 6.6.1
|
||||
OC_DOCKER_IMAGE: owncloud/ocis-rolling
|
||||
OC_DOMAIN: ocis.ocis-ldap.rolling.owncloud.works
|
||||
LDAP_MANAGER_DOMAIN: ldap.ocis-ldap.rolling.owncloud.works
|
||||
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
|
||||
- name: monitoring
|
||||
@@ -43,5 +43,5 @@
|
||||
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-ldap.rolling.owncloud.works
|
||||
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
|
||||
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
|
||||
OCIS_URL: ocis.ocis-ldap.rolling.owncloud.works
|
||||
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-ldap-rolling
|
||||
OC_URL: ocis.ocis-ldap.rolling.owncloud.works
|
||||
OC_DEPLOYMENT_ID: continuous-deployment-ocis-ldap-rolling
|
||||
|
||||
@@ -23,13 +23,13 @@ CLOUD_DOMAIN=
|
||||
|
||||
### oCIS settings ###
|
||||
# oCIS version. Defaults to "latest"
|
||||
OCIS_DOCKER_TAG=
|
||||
OC_DOCKER_TAG=
|
||||
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
|
||||
OCIS_JWT_SECRET=
|
||||
OC_JWT_SECRET=
|
||||
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
|
||||
STORAGE_TRANSFER_SECRET=
|
||||
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
|
||||
OCIS_MACHINE_AUTH_API_KEY=
|
||||
OC_MACHINE_AUTH_API_KEY=
|
||||
|
||||
### oCIS settings ###
|
||||
# oC10 version. Defaults to "latest"
|
||||
|
||||
@@ -58,7 +58,7 @@ services:
|
||||
- ocis-data:/var/lib/ocis
|
||||
|
||||
ocis:
|
||||
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
|
||||
image: owncloud/ocis:${OC_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
user: "33:33" # equals the user "www-data" for oC10
|
||||
@@ -73,7 +73,7 @@ services:
|
||||
# - /entrypoint-override.sh
|
||||
environment:
|
||||
# Keycloak IDP specific configuration
|
||||
OCIS_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud}
|
||||
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-owncloud}
|
||||
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
|
||||
WEB_OIDC_CLIENT_ID: ocis-web
|
||||
WEB_OIDC_SCOPE: openid profile email owncloud
|
||||
@@ -81,19 +81,19 @@ services:
|
||||
GRAPH_IDENTITY_BACKEND: ldap
|
||||
GRAPH_LDAP_SERVER_WRITE_ENABLED: "false"
|
||||
# LDAP bind
|
||||
OCIS_LDAP_URI: "ldaps://openldap"
|
||||
OCIS_LDAP_INSECURE: "true"
|
||||
OCIS_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
|
||||
OCIS_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
|
||||
OC_LDAP_URI: "ldaps://openldap"
|
||||
OC_LDAP_INSECURE: "true"
|
||||
OC_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
|
||||
OC_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
|
||||
# LDAP user settings
|
||||
PROXY_USER_OIDC_CLAIM: ocis.user.uuid # claim was added in Keycloak
|
||||
PROXY_USER_CS3_CLAIM: userid # equals LDAP_USER_SCHEMA_ID
|
||||
OCIS_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
|
||||
OCIS_LDAP_GROUP_SCHEMA_ID: "ownclouduuid"
|
||||
OCIS_LDAP_GROUP_FILTER: "(objectclass=owncloud)"
|
||||
OCIS_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
|
||||
OCIS_LDAP_USER_SCHEMA_ID: "ownclouduuid"
|
||||
OCIS_LDAP_USER_FILTER: "(objectclass=owncloud)"
|
||||
OC_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
|
||||
OC_LDAP_GROUP_SCHEMA_ID: "ownclouduuid"
|
||||
OC_LDAP_GROUP_FILTER: "(objectclass=owncloud)"
|
||||
OC_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
|
||||
OC_LDAP_USER_SCHEMA_ID: "ownclouduuid"
|
||||
OC_LDAP_USER_FILTER: "(objectclass=owncloud)"
|
||||
# ownCloudSQL storage driver
|
||||
STORAGE_USERS_DRIVER: "owncloudsql"
|
||||
STORAGE_USERS_OWNCLOUDSQL_DATADIR: "/mnt/data/files"
|
||||
@@ -112,20 +112,20 @@ services:
|
||||
SHARING_USER_OWNCLOUDSQL_DB_PORT: 3306
|
||||
SHARING_USER_OWNCLOUDSQL_DB_NAME: "owncloud"
|
||||
# ownCloud storage readonly
|
||||
OCIS_STORAGE_READ_ONLY: "false" # TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303
|
||||
OC_STORAGE_READ_ONLY: "false" # TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303
|
||||
# General oCIS config
|
||||
# OCIS_RUN_SERVICES specifies to start all fullstack services except idm and idp. These are replaced by external services
|
||||
OCIS_RUN_SERVICES: app-registry,app-provider,auth-basic,auth-machine,frontend,gateway,graph,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info}
|
||||
OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
|
||||
OCIS_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test}
|
||||
# OC_RUN_SERVICES specifies to start all fullstack services except idm and idp. These are replaced by external services
|
||||
OC_RUN_SERVICES: app-registry,app-provider,auth-basic,auth-machine,frontend,gateway,graph,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav
|
||||
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
|
||||
OC_LOG_COLOR: "${OC_LOG_COLOR:-false}"
|
||||
OC_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test}
|
||||
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
|
||||
# INSECURE: needed if oCIS / Traefik is using self generated certificates
|
||||
OCIS_INSECURE: "${INSECURE:-false}"
|
||||
OC_INSECURE: "${INSECURE:-false}"
|
||||
# basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect)
|
||||
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
|
||||
# password policies
|
||||
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
|
||||
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
|
||||
volumes:
|
||||
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
|
||||
- ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
|
||||
|
||||
+3
-3
@@ -5,9 +5,9 @@ services:
|
||||
ocis:
|
||||
environment:
|
||||
# tracing
|
||||
OCIS_TRACING_ENABLED: "true"
|
||||
OCIS_TRACING_TYPE: "jaeger"
|
||||
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
OC_TRACING_ENABLED: "true"
|
||||
OC_TRACING_TYPE: "jaeger"
|
||||
OC_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
# metrics
|
||||
# if oCIS runs as a single process, all <debug>/metrics endpoints
|
||||
# will expose the same metrics, so it's sufficient to query one endpoint
|
||||
|
||||
@@ -39,13 +39,13 @@ OCIS=:ocis.yml
|
||||
# For production releases: "owncloud/ocis"
|
||||
# For rolling releases: "owncloud/ocis-rolling"
|
||||
# Defaults to production if not set otherwise
|
||||
OCIS_DOCKER_IMAGE=owncloud/ocis-rolling
|
||||
OC_DOCKER_IMAGE=owncloud/ocis-rolling
|
||||
# The oCIS container version.
|
||||
# Defaults to "latest" and points to the latest stable tag.
|
||||
OCIS_DOCKER_TAG=
|
||||
OC_DOCKER_TAG=
|
||||
# Domain of oCIS, where you can find the frontend.
|
||||
# Defaults to "ocis.owncloud.test"
|
||||
OCIS_DOMAIN=
|
||||
OC_DOMAIN=
|
||||
# oCIS admin user password. Defaults to "admin".
|
||||
ADMIN_PASSWORD=
|
||||
# Demo users should not be created on a production instance,
|
||||
@@ -66,8 +66,8 @@ LOG_LEVEL=
|
||||
# Leaving it default stores data in docker internal volumes.
|
||||
# For more details see:
|
||||
# https://doc.owncloud.com/ocis/next/deployment/general/general-info.html#default-paths
|
||||
# OCIS_CONFIG_DIR=/your/local/ocis/config
|
||||
# OCIS_DATA_DIR=/your/local/ocis/data
|
||||
# OC_CONFIG_DIR=/your/local/ocis/config
|
||||
# OC_DATA_DIR=/your/local/ocis/data
|
||||
|
||||
# S3 Storage configuration - optional
|
||||
# Infinite Scale supports S3 storage as primary storage.
|
||||
|
||||
@@ -13,7 +13,7 @@ services:
|
||||
GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6"
|
||||
|
||||
collaboration:
|
||||
image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest}
|
||||
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
depends_on:
|
||||
@@ -37,10 +37,10 @@ services:
|
||||
COLLABORATION_APP_INSECURE: "${INSECURE:-true}"
|
||||
COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
|
||||
COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info}
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
|
||||
volumes:
|
||||
# configure the .env file to use own paths instead of docker internal volumes
|
||||
- ${OCIS_CONFIG_DIR:-ocis-config}:/etc/ocis
|
||||
- ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.collaboration.entrypoints=https"
|
||||
@@ -65,7 +65,7 @@ services:
|
||||
--o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \
|
||||
--o:ssl.termination=true \
|
||||
--o:welcome.enable=false \
|
||||
--o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
--o:net.frame_ancestors=${OC_DOMAIN:-ocis.owncloud.test}
|
||||
username: ${COLLABORA_ADMIN_USER:-admin}
|
||||
password: ${COLLABORA_ADMIN_PASSWORD:-admin}
|
||||
cap_add:
|
||||
|
||||
@@ -4,8 +4,8 @@ services:
|
||||
environment:
|
||||
NOTIFICATIONS_SMTP_HOST: inbucket
|
||||
NOTIFICATIONS_SMTP_PORT: 2500
|
||||
NOTIFICATIONS_SMTP_SENDER: oCIS notifications <notifications@${OCIS_DOMAIN:-ocis.owncloud.test}>
|
||||
NOTIFICATIONS_SMTP_USERNAME: notifications@${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
NOTIFICATIONS_SMTP_SENDER: oCIS notifications <notifications@${OC_DOMAIN:-ocis.owncloud.test}>
|
||||
NOTIFICATIONS_SMTP_USERNAME: notifications@${OC_DOMAIN:-ocis.owncloud.test}
|
||||
# the mail catcher uses self signed certificates
|
||||
NOTIFICATIONS_SMTP_INSECURE: "true"
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@ services:
|
||||
ocis:
|
||||
environment:
|
||||
# tracing
|
||||
OCIS_TRACING_ENABLED: "true"
|
||||
OCIS_TRACING_TYPE: "jaeger"
|
||||
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
OC_TRACING_ENABLED: "true"
|
||||
OC_TRACING_TYPE: "jaeger"
|
||||
OC_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
# metrics
|
||||
# if oCIS runs as a single process, all <debug>/metrics endpoints
|
||||
# will expose the same metrics, so it's sufficient to query one endpoint
|
||||
@@ -15,9 +15,9 @@ services:
|
||||
collaboration-oo:
|
||||
environment:
|
||||
# tracing
|
||||
OCIS_TRACING_ENABLED: "true"
|
||||
OCIS_TRACING_TYPE: "jaeger"
|
||||
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
OC_TRACING_ENABLED: "true"
|
||||
OC_TRACING_TYPE: "jaeger"
|
||||
OC_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
# metrics
|
||||
COLLABORATION_DEBUG_ADDR: 0.0.0.0:9304
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@ services:
|
||||
ocis:
|
||||
environment:
|
||||
# tracing
|
||||
OCIS_TRACING_ENABLED: "true"
|
||||
OCIS_TRACING_TYPE: "jaeger"
|
||||
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
OC_TRACING_ENABLED: "true"
|
||||
OC_TRACING_TYPE: "jaeger"
|
||||
OC_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
# metrics
|
||||
# if oCIS runs as a single process, all <debug>/metrics endpoints
|
||||
# will expose the same metrics, so it's sufficient to query one endpoint
|
||||
@@ -15,9 +15,9 @@ services:
|
||||
collaboration:
|
||||
environment:
|
||||
# tracing
|
||||
OCIS_TRACING_ENABLED: "true"
|
||||
OCIS_TRACING_TYPE: "jaeger"
|
||||
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
OC_TRACING_ENABLED: "true"
|
||||
OC_TRACING_TYPE: "jaeger"
|
||||
OC_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
# metrics
|
||||
COLLABORATION_DEBUG_ADDR: 0.0.0.0:9304
|
||||
|
||||
|
||||
@@ -4,9 +4,9 @@ services:
|
||||
networks:
|
||||
ocis-net:
|
||||
aliases:
|
||||
- ${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
- ${OC_DOMAIN:-ocis.owncloud.test}
|
||||
ocis:
|
||||
image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest}
|
||||
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
|
||||
# changelog: https://github.com/owncloud/ocis/tree/master/changelog
|
||||
# release notes: https://doc.owncloud.com/ocis_release_notes.html
|
||||
networks:
|
||||
@@ -19,17 +19,17 @@ services:
|
||||
command: ["-c", "ocis init || true; ocis server"]
|
||||
environment:
|
||||
# enable services that are not started automatically
|
||||
OCIS_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES}
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OCIS_LOG_LEVEL: ${LOG_LEVEL:-info}
|
||||
OCIS_LOG_COLOR: "${LOG_PRETTY:-false}"
|
||||
OCIS_LOG_PRETTY: "${LOG_PRETTY:-false}"
|
||||
OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES}
|
||||
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
|
||||
OC_LOG_LEVEL: ${LOG_LEVEL:-info}
|
||||
OC_LOG_COLOR: "${LOG_PRETTY:-false}"
|
||||
OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
|
||||
# do not use SSL between Traefik and oCIS
|
||||
PROXY_TLS: "false"
|
||||
# make the REVA gateway accessible to the app drivers
|
||||
GATEWAY_GRPC_ADDR: 0.0.0.0:9142
|
||||
# INSECURE: needed if oCIS / Traefik is using self generated certificates
|
||||
OCIS_INSECURE: "${INSECURE:-false}"
|
||||
OC_INSECURE: "${INSECURE:-false}"
|
||||
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
|
||||
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
|
||||
# admin user password
|
||||
@@ -39,7 +39,7 @@ services:
|
||||
# email server (if configured)
|
||||
NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}"
|
||||
NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}"
|
||||
NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-oCIS notifications <notifications@${OCIS_DOMAIN:-ocis.owncloud.test}>}"
|
||||
NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-oCIS notifications <notifications@${OC_DOMAIN:-ocis.owncloud.test}>}"
|
||||
NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}"
|
||||
NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}"
|
||||
# make the registry available to the app provider containers
|
||||
@@ -52,18 +52,18 @@ services:
|
||||
ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
|
||||
COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test}
|
||||
# enable to allow using the banned passwords list
|
||||
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
|
||||
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
|
||||
volumes:
|
||||
- ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml
|
||||
- ./config/ocis/csp.yaml:/etc/ocis/csp.yaml
|
||||
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
|
||||
# configure the .env file to use own paths instead of docker internal volumes
|
||||
- ${OCIS_CONFIG_DIR:-ocis-config}:/etc/ocis
|
||||
- ${OCIS_DATA_DIR:-ocis-data}:/var/lib/ocis
|
||||
- ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis
|
||||
- ${OC_DATA_DIR:-ocis-data}:/var/lib/ocis
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.ocis.entrypoints=https"
|
||||
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
|
||||
- "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)"
|
||||
- "traefik.http.routers.ocis.tls.certresolver=http"
|
||||
- "traefik.http.routers.ocis.service=ocis"
|
||||
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
|
||||
|
||||
@@ -8,7 +8,7 @@ services:
|
||||
- ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-oo.owncloud.test}
|
||||
|
||||
collaboration-oo:
|
||||
image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest}
|
||||
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
depends_on:
|
||||
@@ -33,10 +33,10 @@ services:
|
||||
COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
|
||||
COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info}
|
||||
COLLABORATION_APP_PROOF_DISABLE: "true"
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
|
||||
volumes:
|
||||
# configure the .env file to use own paths instead of docker internal volumes
|
||||
- ${OCIS_CONFIG_DIR:-ocis-config}:/etc/ocis
|
||||
- ${OC_CONFIG_DIR:-ocis-config}:/etc/ocis
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.collaboration-oo.entrypoints=https"
|
||||
|
||||
@@ -32,7 +32,7 @@ services:
|
||||
COMPANION_DATADIR: /tmp/companion/
|
||||
COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test}
|
||||
COMPANION_PROTOCOL: https
|
||||
COMPANION_UPLOAD_URLS: "^https://${OCIS_DOMAIN:-ocis.owncloud.test}/"
|
||||
COMPANION_UPLOAD_URLS: "^https://${OC_DOMAIN:-ocis.owncloud.test}/"
|
||||
COMPANION_ONEDRIVE_KEY: "${COMPANION_ONEDRIVE_KEY}"
|
||||
COMPANION_ONEDRIVE_SECRET: "${COMPANION_ONEDRIVE_SECRET}"
|
||||
volumes:
|
||||
|
||||
@@ -14,9 +14,9 @@ TRAEFIK_ACME_MAIL=
|
||||
|
||||
### oCIS settings ###
|
||||
# oCIS version. Defaults to "latest"
|
||||
OCIS_DOCKER_TAG=
|
||||
OC_DOCKER_TAG=
|
||||
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
|
||||
OCIS_DOMAIN=
|
||||
OC_DOMAIN=
|
||||
# oCIS admin user password. Defaults to "admin".
|
||||
ADMIN_PASSWORD=
|
||||
# The demo users should not be created on a production instance
|
||||
@@ -25,7 +25,7 @@ DEMO_USERS=
|
||||
|
||||
### oCIS Hello settings ###
|
||||
# oCIS Hello version. Defaults to "latest"
|
||||
OCIS_HELLO_DOCKER_TAG=
|
||||
OC_HELLO_DOCKER_TAG=
|
||||
|
||||
# If you want to use debugging and tracing with this stack,
|
||||
# you need uncomment following line. Please see documentation at
|
||||
|
||||
@@ -7,7 +7,7 @@ services:
|
||||
networks:
|
||||
ocis-net:
|
||||
aliases:
|
||||
- ${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
- ${OC_DOMAIN:-ocis.owncloud.test}
|
||||
command:
|
||||
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
|
||||
# letsencrypt configuration
|
||||
@@ -47,7 +47,7 @@ services:
|
||||
restart: always
|
||||
|
||||
ocis:
|
||||
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
|
||||
image: owncloud/ocis:${OC_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
entrypoint:
|
||||
@@ -57,14 +57,14 @@ services:
|
||||
# therefore we ignore the error and then start the ocis server
|
||||
command: ["-c", "ocis init || true; ocis server"]
|
||||
environment:
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info}
|
||||
OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
|
||||
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
|
||||
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
|
||||
OC_LOG_COLOR: "${OC_LOG_COLOR:-false}"
|
||||
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
|
||||
# make settings service available to oCIS Hello
|
||||
SETTINGS_GRPC_ADDR: 0.0.0.0:9191
|
||||
# INSECURE: needed if oCIS / Traefik is using self generated certificates
|
||||
OCIS_INSECURE: "${INSECURE:-false}"
|
||||
OC_INSECURE: "${INSECURE:-false}"
|
||||
# basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect)
|
||||
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
|
||||
# admin user password
|
||||
@@ -72,7 +72,7 @@ services:
|
||||
# demo users
|
||||
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
|
||||
# password policies
|
||||
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
|
||||
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
|
||||
volumes:
|
||||
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
|
||||
- ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
|
||||
@@ -82,7 +82,7 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.ocis.entrypoints=https"
|
||||
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
|
||||
- "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)"
|
||||
- "traefik.http.routers.ocis.tls.certresolver=http"
|
||||
- "traefik.http.routers.ocis.service=ocis"
|
||||
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
|
||||
@@ -91,11 +91,11 @@ services:
|
||||
restart: always
|
||||
|
||||
ocis-hello:
|
||||
image: owncloud/ocis-hello:${OCIS_HELLO_DOCKER_TAG:-latest}
|
||||
image: owncloud/ocis-hello:${OC_HELLO_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
environment:
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info}
|
||||
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
|
||||
logging:
|
||||
driver: "local"
|
||||
restart: always
|
||||
|
||||
@@ -5,9 +5,9 @@ services:
|
||||
ocis:
|
||||
environment:
|
||||
# tracing
|
||||
OCIS_TRACING_ENABLED: "true"
|
||||
OCIS_TRACING_TYPE: "jaeger"
|
||||
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
OC_TRACING_ENABLED: "true"
|
||||
OC_TRACING_TYPE: "jaeger"
|
||||
OC_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
# metrics
|
||||
# if oCIS runs as a single process, all <debug>/metrics endpoints
|
||||
# will expose the same metrics, so it's sufficient to query one endpoint
|
||||
|
||||
@@ -18,11 +18,11 @@ TRAEFIK_ACME_MAIL=
|
||||
|
||||
### oCIS settings ###
|
||||
# oCIS version. Defaults to "latest"
|
||||
OCIS_DOCKER_TAG=
|
||||
OC_DOCKER_TAG=
|
||||
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
|
||||
OCIS_DOMAIN=
|
||||
OC_DOMAIN=
|
||||
# owncloud Web openid connect client id. Defaults to "web"
|
||||
OCIS_OIDC_CLIENT_ID=
|
||||
OC_OIDC_CLIENT_ID=
|
||||
|
||||
### Keycloak ###
|
||||
# Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test"
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
printenv
|
||||
# replace oCIS domain in keycloak realm import
|
||||
mkdir /opt/keycloak/data/import
|
||||
sed -e "s/ocis.owncloud.test/${OCIS_DOMAIN}/g" /opt/keycloak/data/import-dist/ocis-realm.json > /opt/keycloak/data/import/ocis-realm.json
|
||||
sed -e "s/ocis.owncloud.test/${OC_DOMAIN}/g" /opt/keycloak/data/import-dist/ocis-realm.json > /opt/keycloak/data/import/ocis-realm.json
|
||||
|
||||
# run original docker-entrypoint
|
||||
/opt/keycloak/bin/kc.sh "$@"
|
||||
|
||||
@@ -7,7 +7,7 @@ services:
|
||||
networks:
|
||||
ocis-net:
|
||||
aliases:
|
||||
- ${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
- ${OC_DOMAIN:-ocis.owncloud.test}
|
||||
- ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
|
||||
command:
|
||||
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
|
||||
@@ -48,7 +48,7 @@ services:
|
||||
restart: always
|
||||
|
||||
ocis:
|
||||
image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest}
|
||||
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
entrypoint:
|
||||
@@ -61,24 +61,24 @@ services:
|
||||
# Keycloak IDP specific configuration
|
||||
PROXY_AUTOPROVISION_ACCOUNTS: "true"
|
||||
PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
|
||||
OCIS_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/realms/${KEYCLOAK_REALM:-oCIS}
|
||||
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/realms/${KEYCLOAK_REALM:-oCIS}
|
||||
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
|
||||
WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web}
|
||||
WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
|
||||
# general config
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info}
|
||||
OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
|
||||
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
|
||||
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
|
||||
OC_LOG_COLOR: "${OC_LOG_COLOR:-false}"
|
||||
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
|
||||
PROXY_USER_OIDC_CLAIM: "preferred_username"
|
||||
PROXY_USER_CS3_CLAIM: "username"
|
||||
# INSECURE: needed if oCIS / Traefik is using self generated certificates
|
||||
OCIS_INSECURE: "${INSECURE:-false}"
|
||||
OCIS_ADMIN_USER_ID: ""
|
||||
OCIS_EXCLUDE_RUN_SERVICES: "idp"
|
||||
OC_INSECURE: "${INSECURE:-false}"
|
||||
OC_ADMIN_USER_ID: ""
|
||||
OC_EXCLUDE_RUN_SERVICES: "idp"
|
||||
GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
|
||||
GRAPH_USERNAME_MATCH: "none"
|
||||
# password policies
|
||||
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
|
||||
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
|
||||
PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml
|
||||
KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
|
||||
volumes:
|
||||
@@ -89,7 +89,7 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.ocis.entrypoints=https"
|
||||
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
|
||||
- "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)"
|
||||
- "traefik.http.routers.ocis.tls.certresolver=http"
|
||||
- "traefik.http.routers.ocis.service=ocis"
|
||||
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
|
||||
@@ -121,7 +121,7 @@ services:
|
||||
- "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh"
|
||||
- "./config/keycloak/ocis-realm.dist.json:/opt/keycloak/data/import-dist/ocis-realm.json"
|
||||
environment:
|
||||
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OC_DOMAIN: ${OC_DOMAIN:-ocis.owncloud.test}
|
||||
KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
|
||||
|
||||
@@ -5,9 +5,9 @@ services:
|
||||
ocis:
|
||||
environment:
|
||||
# tracing
|
||||
OCIS_TRACING_ENABLED: "true"
|
||||
OCIS_TRACING_TYPE: "jaeger"
|
||||
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
OC_TRACING_ENABLED: "true"
|
||||
OC_TRACING_TYPE: "jaeger"
|
||||
OC_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
# metrics
|
||||
# if oCIS runs as a single process, all <debug>/metrics endpoints
|
||||
# will expose the same metrics, so it's sufficient to query one endpoint
|
||||
|
||||
@@ -18,15 +18,15 @@ TRAEFIK_ACME_MAIL=
|
||||
|
||||
### oCIS settings ###
|
||||
# oCIS version. Defaults to "latest"
|
||||
OCIS_DOCKER_TAG=
|
||||
OC_DOCKER_TAG=
|
||||
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
|
||||
OCIS_DOMAIN=
|
||||
OC_DOMAIN=
|
||||
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
|
||||
OCIS_JWT_SECRET=
|
||||
OC_JWT_SECRET=
|
||||
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
|
||||
STORAGE_TRANSFER_SECRET=
|
||||
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
|
||||
OCIS_MACHINE_AUTH_API_KEY=
|
||||
OC_MACHINE_AUTH_API_KEY=
|
||||
|
||||
### LDAP server settings ###
|
||||
# Password of LDAP user "cn=admin,dc=owncloud,dc=com". Defaults to "admin"
|
||||
|
||||
@@ -7,7 +7,7 @@ services:
|
||||
networks:
|
||||
ocis-net:
|
||||
aliases:
|
||||
- ${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
- ${OC_DOMAIN:-ocis.owncloud.test}
|
||||
command:
|
||||
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
|
||||
# letsencrypt configuration
|
||||
@@ -47,7 +47,7 @@ services:
|
||||
restart: always
|
||||
|
||||
ocis:
|
||||
image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest}
|
||||
image: ${OC_DOCKER_IMAGE:-owncloud/ocis}:${OC_DOCKER_TAG:-latest}
|
||||
networks:
|
||||
ocis-net:
|
||||
depends_on:
|
||||
@@ -60,36 +60,36 @@ services:
|
||||
command: [ "-c", "ocis init || true; ocis server" ]
|
||||
environment:
|
||||
# users/groups from ldap
|
||||
OCIS_LDAP_URI: ldaps://ldap-server:1636
|
||||
OCIS_LDAP_INSECURE: "true"
|
||||
OCIS_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
|
||||
OCIS_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
|
||||
OCIS_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
|
||||
OCIS_LDAP_GROUP_FILTER: "(objectclass=owncloud)"
|
||||
OCIS_LDAP_GROUP_OBJECTCLASS: "groupOfNames"
|
||||
OCIS_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
|
||||
OCIS_LDAP_USER_FILTER: "(objectclass=owncloud)"
|
||||
OCIS_LDAP_USER_OBJECTCLASS: "inetOrgPerson"
|
||||
OC_LDAP_URI: ldaps://ldap-server:1636
|
||||
OC_LDAP_INSECURE: "true"
|
||||
OC_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
|
||||
OC_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
|
||||
OC_LDAP_GROUP_BASE_DN: "ou=groups,dc=owncloud,dc=com"
|
||||
OC_LDAP_GROUP_FILTER: "(objectclass=owncloud)"
|
||||
OC_LDAP_GROUP_OBJECTCLASS: "groupOfNames"
|
||||
OC_LDAP_USER_BASE_DN: "ou=users,dc=owncloud,dc=com"
|
||||
OC_LDAP_USER_FILTER: "(objectclass=owncloud)"
|
||||
OC_LDAP_USER_OBJECTCLASS: "inetOrgPerson"
|
||||
LDAP_LOGIN_ATTRIBUTES: "uid"
|
||||
OCIS_ADMIN_USER_ID: "ddc2004c-0977-11eb-9d3f-a793888cd0f8"
|
||||
OC_ADMIN_USER_ID: "ddc2004c-0977-11eb-9d3f-a793888cd0f8"
|
||||
IDP_LDAP_LOGIN_ATTRIBUTE: "uid"
|
||||
IDP_LDAP_UUID_ATTRIBUTE: "ownclouduuid"
|
||||
IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary
|
||||
GRAPH_LDAP_SERVER_WRITE_ENABLED: "true" # assuming the external ldap is writable
|
||||
GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled.
|
||||
# OCIS_RUN_SERVICES specifies to start all services except glauth, idm and accounts. These are replaced by external services
|
||||
OCIS_EXCLUDE_RUN_SERVICES: idm
|
||||
# OC_RUN_SERVICES specifies to start all services except glauth, idm and accounts. These are replaced by external services
|
||||
OC_EXCLUDE_RUN_SERVICES: idm
|
||||
# General oCIS config
|
||||
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
||||
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info}
|
||||
OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
|
||||
OC_URL: https://${OC_DOMAIN:-ocis.owncloud.test}
|
||||
OC_LOG_LEVEL: ${OC_LOG_LEVEL:-info}
|
||||
OC_LOG_COLOR: "${OC_LOG_COLOR:-false}"
|
||||
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
|
||||
# INSECURE: needed if oCIS / Traefik is using self generated certificates
|
||||
OCIS_INSECURE: "${INSECURE:-false}"
|
||||
OC_INSECURE: "${INSECURE:-false}"
|
||||
# basic auth (not recommended, but needed for e.g., WebDav clients that do not support OpenID Connect)
|
||||
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
|
||||
# password policies
|
||||
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
|
||||
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
|
||||
volumes:
|
||||
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
|
||||
- ocis-config:/etc/ocis
|
||||
@@ -97,7 +97,7 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.ocis.entrypoints=https"
|
||||
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
|
||||
- "traefik.http.routers.ocis.rule=Host(`${OC_DOMAIN:-ocis.owncloud.test}`)"
|
||||
- "traefik.http.routers.ocis.tls.certresolver=http"
|
||||
- "traefik.http.routers.ocis.service=ocis"
|
||||
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
|
||||
|
||||
@@ -5,9 +5,9 @@ services:
|
||||
ocis:
|
||||
environment:
|
||||
# tracing
|
||||
OCIS_TRACING_ENABLED: "true"
|
||||
OCIS_TRACING_TYPE: "jaeger"
|
||||
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
OC_TRACING_ENABLED: "true"
|
||||
OC_TRACING_TYPE: "jaeger"
|
||||
OC_TRACING_ENDPOINT: jaeger-agent:6831
|
||||
# metrics
|
||||
# if oCIS runs as a single process, all <debug>/metrics endpoints
|
||||
# will expose the same metrics, so it's sufficient to query one endpoint
|
||||
|
||||
Reference in New Issue
Block a user