set insecure options on deployment examples

2026-01-02 02:11:18 -06:00 · 2021-11-10 16:23:37 +01:00
parent e35d4fd0ac
commit a6b2ea9895
7 changed files with 77 additions and 7 deletions
--- a/deployments/examples/cs3_users_ocis/docker-compose.yml
+++ b/deployments/examples/cs3_users_ocis/docker-compose.yml
@@ -81,12 +81,22 @@ services:
      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
      PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
      # change default secrets
      OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
      STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
      OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
    volumes:
      - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
      - ./config/ocis/web-config.dist.json:/config/web-config.dist.json
--- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml
+++ b/deployments/examples/oc10_ocis_parallel/docker-compose.yml
@@ -110,13 +110,23 @@ services:
      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
      PROXY_LOG_LEVEL: ${PROXY_LOG_LEVEL:-error}
      OCIS_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test}
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
      PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
      PROXY_CONFIG_FILE: "/var/tmp/ocis/.config/proxy-config.json"
      # change default secrets
      OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
      STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
      OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
    volumes:
      - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
      - ./config/ocis/proxy-config.dist.json:/config/proxy-config.dist.json
--- a/deployments/examples/ocis_hello/docker-compose.yml
+++ b/deployments/examples/ocis_hello/docker-compose.yml
@@ -53,7 +53,6 @@ services:
      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
      PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
      # change default secrets
      IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
@@ -67,6 +66,17 @@ services:
      PROXY_CONFIG_FILE: "/var/tmp/ocis/.config/proxy-config.json"
      # make settings service available to oCIS Hello
      SETTINGS_GRPC_ADDR: 0.0.0.0:9191
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
    volumes:
      - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
      - ./config/ocis/web-config.dist.json:/config/web-config.dist.json
--- a/deployments/examples/ocis_keycloak/docker-compose.yml
+++ b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -62,7 +62,6 @@ services:
      # general config
      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
      PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
      ACCOUNTS_DEMO_USERS_AND_GROUPS: false # don't generate demo users
      # change default secrets
@@ -71,6 +70,17 @@ services:
      OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
      STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
      OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
    volumes:
      - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
      - ocis-data:/var/lib/ocis
--- a/deployments/examples/ocis_s3/docker-compose.yml
+++ b/deployments/examples/ocis_s3/docker-compose.yml
@@ -52,7 +52,6 @@ services:
    environment:
      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
      PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
      # change default secrets
      IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
@@ -70,6 +69,17 @@ services:
      STORAGE_USERS_DRIVER_S3NG_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis}
      STORAGE_USERS_DRIVER_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key}
      STORAGE_USERS_DRIVER_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
    volumes:
      - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
      - ocis-data:/var/lib/ocis
--- a/deployments/examples/ocis_traefik/docker-compose.yml
+++ b/deployments/examples/ocis_traefik/docker-compose.yml
@@ -52,7 +52,6 @@ services:
    environment:
      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
      PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
      # change default secrets
      IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
@@ -60,6 +59,17 @@ services:
      OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
      STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
      OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
    volumes:
      - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
      - ocis-data:/var/lib/ocis
--- a/deployments/examples/ocis_wopi/docker-compose.yml
+++ b/deployments/examples/ocis_wopi/docker-compose.yml
@@ -58,7 +58,6 @@ services:
      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
      PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
      # change default secrets
      IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
@@ -69,6 +68,17 @@ services:
      # app registry
      STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
      STORAGE_APP_REGISTRY_MIMETYPES_JSON: /var/tmp/ocis/app-config/mimetypes.json
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
    volumes:
      - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
      - ./config/ocis/mimetypes.json:/var/tmp/ocis/app-config/mimetypes.json