mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-12 23:19:08 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix ocis hello example

Browse Source
This commit is contained in:
Willy Kloucek
2022-05-05 09:27:59 +02:00
parent 2b6220d790
commit b9803e3690
16 changed files with 221 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
deployments/continuous-deployment-config/ocis_hello/latest.yml
View File

@@ -1,5 +1,5 @@
---
- name: continuous-deployment-ocis-s3-latest
- name: continuous-deployment-ocis-hello-latest
server:
server_type: cx21
image: ubuntu-20.04
@@ -14,7 +14,7 @@
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis-s3.latest.owncloud.works"
- "*.ocis-hello.latest.owncloud.works"
vars:
ssh_authorized_keys:
@@ -29,21 +29,21 @@
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_s3
docker_compose_path: deployments/examples/ocis_hello
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: latest
OCIS_DOMAIN: ocis.ocis-s3.latest.owncloud.works
MINIO_DOMAIN: minio.ocis-s3.latest.owncloud.works
OCIS_DOMAIN: ocis.ocis-hello.latest.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.latest.owncloud.works
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-hello.latest.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OCIS_URL: ocis.ocis-s3.latest.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-s3-latest
OCIS_URL: ocis.ocis-hello.latest.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-hello-latest

1
deployments/continuous-deployment-config/ocis_individual_services/latest.yml
View File

@@ -36,6 +36,7 @@
OCIS_DOCKER_TAG: latest
OCIS_SCALE: 6
OCIS_DOMAIN: ocis.ocis-individual-services.latest.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git

16
deployments/continuous-deployment-config/ocis_s3/latest.yml
View File

@@ -1,5 +1,5 @@
---
- name: continuous-deployment-ocis-hello-latest
- name: continuous-deployment-ocis-s3-latest
server:
server_type: cx21
image: ubuntu-20.04
@@ -14,7 +14,7 @@
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis-hello.latest.owncloud.works"
- "*.ocis-s3.latest.owncloud.works"
vars:
ssh_authorized_keys:
@@ -29,20 +29,22 @@
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_hello
docker_compose_path: deployments/examples/ocis_s3
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: latest
OCIS_DOMAIN: ocis.ocis-hello.latest.owncloud.works
OCIS_DOMAIN: ocis.ocis-s3.latest.owncloud.works
MINIO_DOMAIN: minio.ocis-s3.latest.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-hello.latest.owncloud.works
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.latest.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OCIS_URL: ocis.ocis-hello.latest.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-hello-latest
OCIS_URL: ocis.ocis-s3.latest.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-s3-latest

1
deployments/continuous-deployment-config/ocis_traefik/latest.yml
View File

@@ -35,6 +35,7 @@
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: latest
OCIS_DOMAIN: ocis.ocis-traefik.latest.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git

1
deployments/continuous-deployment-config/ocis_traefik/released.yml
View File

@@ -35,6 +35,7 @@
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: 1
OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git

1
deployments/continuous-deployment-config/ocis_wopi/latest.yml
View File

@@ -39,6 +39,7 @@
COLLABORA_DOMAIN: collabora.ocis-wopi.latest.owncloud.works
ONLYOFFICE_DOMAIN: onlyoffice.ocis-wopi.latest.owncloud.works
CODIMD_DOMAIN: codimd.ocis-wopi.latest.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git

1
deployments/continuous-deployment-config/ocis_wopi/released.yml
View File

@@ -38,6 +38,7 @@
WOPISERVER_DOMAIN: wopiserver.ocis-wopi.released.owncloud.works
COLLABORA_DOMAIN: collabora.ocis-wopi.released.owncloud.works
ONLYOFFICE_DOMAIN: onlyoffice.ocis-wopi.released.owncloud.works
DEMO_USERS: "true"
CODIMD_DOMAIN: codimd.ocis-wopi.released.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring

19
deployments/examples/ocis_hello/.env
View File

@@ -2,10 +2,6 @@
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
# The demo users should not be created on a production instance
# because their passwords are public
DEMO_USERS=true
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
@@ -21,16 +17,11 @@ TRAEFIK_ACME_MAIL=
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OCIS_JWT_SECRET=
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
STORAGE_TRANSFER_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
OCIS_MACHINE_AUTH_API_KEY=
# oCIS admin user password. Defaults to "admin".
ADMIN_PASSWORD=
# The demo users should not be created on a production instance
# because their passwords are public. Defaults to "false".
DEMO_USERS=
### oCIS Hello settings ###
# oCIS Hello version. Defaults to "latest"

28
deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh
View File

@@ -1,28 +0,0 @@
#!/bin/sh
set -e
mkdir -p /var/tmp/ocis/.config/
cp /config/web-config.dist.json /var/tmp/ocis/.config/web-config.json
sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN:-ocis.owncloud.test}'/g' /var/tmp/ocis/.config/web-config.json
ocis server&
sleep 10
echo "##################################################"
echo "change default secrets:"
# IDP
IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " IDP user UUID: $IDP_USER_UUID"
ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID
# REVA
REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " Reva user UUID: $REVA_USER_UUID"
ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID
echo "default secrets changed"
echo "##################################################"
wait # wait for oCIS to exit

198
deployments/examples/ocis_hello/config/ocis/proxy.yaml
View File

@@ -1,55 +1,151 @@
---
policy_selector:
static:
policy: ocis
policies:
- name: ocis
routes:
- endpoint: "/"
backend: http://localhost:9100
- endpoint: "/.well-known/"
backend: http://localhost:9130
- endpoint: "/konnect/"
backend: http://localhost:9130
- endpoint: "/signin/"
backend: http://localhost:9130
- type: regex
endpoint: "/ocs/v[12].php/cloud/(users?|groups)"
backend: http://localhost:9110
- endpoint: "/ocs/"
backend: http://localhost:9140
- type: query
endpoint: "/remote.php/?preview=1"
backend: http://localhost:9115
- endpoint: "/remote.php/"
backend: http://localhost:9140
- endpoint: "/dav/"
backend: http://localhost:9140
- endpoint: "/webdav/"
backend: http://localhost:9140
- endpoint: "/status.php"
backend: http://localhost:9140
- endpoint: "/index.php/"
backend: http://localhost:9140
- endpoint: "/data"
backend: http://localhost:9140
- endpoint: "/app/"
backend: http://localhost:9140
- endpoint: "/archiver"
backend: http://localhost:9140
- endpoint: "/graph/"
backend: http://localhost:9120
- endpoint: "/graph-explorer/"
backend: http://localhost:9135
- endpoint: "/api/v0/accounts"
backend: http://localhost:9181
- endpoint: "/accounts.js"
backend: http://localhost:9181
- endpoint: "/api/v0/settings"
backend: http://localhost:9190
- endpoint: "/settings.js"
backend: http://localhost:9190
- endpoint: "/api/v0/greet"
backend: http://ocis-hello:9105
- endpoint: "/hello.js"
backend: http://ocis-hello:9105
- name: ocis
routes:
# defaults, taken from https://owncloud.dev/extensions/proxy/configuration/
- type: ""
method: ""
endpoint: /
backend: http://localhost:9100
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /.well-known/
backend: http://localhost:9130
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /konnect/
backend: http://localhost:9130
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /signin/
backend: http://localhost:9130
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /archiver
backend: http://localhost:9140
service: ""
apache_vhost: false
- type: regex
method: ""
endpoint: /ocs/v[12].php/cloud/(users?|groups)
backend: http://localhost:9110
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /ocs/
backend: http://localhost:9140
service: ""
apache_vhost: false
- type: query
method: ""
endpoint: /remote.php/?preview=1
backend: http://localhost:9115
service: ""
apache_vhost: false
- type: ""
method: REPORT
endpoint: /remote.php/dav/
backend: http://localhost:9115
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /remote.php/
backend: ""
service: ocdav
apache_vhost: false
- type: ""
method: ""
endpoint: /dav/
backend: ""
service: ocdav
apache_vhost: false
- type: ""
method: ""
endpoint: /webdav/
backend: ""
service: ocdav
apache_vhost: false
- type: ""
method: ""
endpoint: /status.php
backend: ""
service: ocdav
apache_vhost: false
- type: ""
method: ""
endpoint: /index.php/
backend: ""
service: ocdav
apache_vhost: false
- type: ""
method: ""
endpoint: /apps/
backend: ""
service: ocdav
apache_vhost: false
- type: ""
method: ""
endpoint: /data
backend: http://localhost:9140
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /app/
backend: http://localhost:9140
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /graph/
backend: http://localhost:9120
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /graph-explorer
backend: http://localhost:9135
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /api/v0/accounts
backend: http://localhost:9181
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /accounts.js
backend: http://localhost:9181
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /api/v0/settings
backend: http://localhost:9190
service: ""
apache_vhost: false
- type: ""
method: ""
endpoint: /settings.js
backend: http://localhost:9190
service: ""
apache_vhost: false
# oCIS Hello specific routes
- endpoint: "/api/v0/greet"
backend: http://ocis-hello:9105
- endpoint: "/hello.js"
backend: http://ocis-hello:9105

30
deployments/examples/ocis_hello/config/ocis/web-config.dist.json
View File

@@ -1,30 +0,0 @@
{
"server": "https://ocis.owncloud.test",
"theme": "https://ocis.owncloud.test/themes/owncloud/theme.json",
"version": "0.1.0",
"openIdConnect": {
"metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration",
"authority": "https://ocis.owncloud.test",
"client_id": "web",
"response_type": "code",
"scope": "openid profile email"
},
"apps": ["files"],
"external_apps": [
{
"id": "settings",
"path": "/settings.js"
},
{
"id": "accounts",
"path": "/accounts.js"
},
{
"id": "hello",
"path": "/hello.js"
}
],
"options": {
"hideSearchBar": true
}
}

5
deployments/examples/ocis_hello/config/ocis/web.yaml Normal file
View File

@@ -0,0 +1,5 @@
web:
config:
external_apps:
- id: hello
path: /hello.js

24
deployments/examples/ocis_hello/docker-compose.yml
View File

@@ -48,33 +48,30 @@ services:
ocis-net:
entrypoint:
- /bin/sh
- /entrypoint-override.sh
# run ocis init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: ["-c", "ocis init || true; ocis server"]
environment:
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# change default secrets
IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
# web ui
WEB_UI_CONFIG: "/var/tmp/ocis/.config/web-config.json"
# make settings service available to oCIS Hello
SETTINGS_GRPC_ADDR: 0.0.0.0:9191
# INSECURE: needed if oCIS / Traefik is using self generated certificates
OCIS_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# admin user password
IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
# demo users
ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688
volumes:
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
- ./config/ocis/web-config.dist.json:/config/web-config.dist.json
- ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
- ./config/ocis/web.yaml:/etc/ocis/web.yaml
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
labels:
- "traefik.enable=true"
@@ -99,6 +96,7 @@ services:
volumes:
certs:
ocis-config:
ocis-data:
networks:

5
deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh
View File

@@ -1,5 +0,0 @@
#!/bin/sh
set -e
ocis init || true # will only initialize once
ocis server

6
deployments/examples/ocis_traefik/docker-compose.yml
View File

@@ -48,7 +48,10 @@ services:
ocis-net:
entrypoint:
- /bin/sh
- /entrypoint-override.sh
# run ocis init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: ["-c", "ocis init || true; ocis server"]
environment:
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
@@ -62,7 +65,6 @@ services:
# demo users
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
volumes:
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
labels:

57
docs/ocis/deployment/ocis_hello.md
View File

@@ -48,39 +48,34 @@ See also [example server setup]({{< ref "preparing_server" >}})
The file by default looks like this:
```bash
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OCIS_JWT_SECRET=
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
STORAGE_TRANSFER_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
OCIS_MACHINE_AUTH_API_KEY=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# oCIS admin user password. Defaults to "admin".
ADMIN_PASSWORD=
# The demo users should not be created on a production instance
# because their passwords are public. Defaults to "false".
DEMO_USERS=
### oCIS Hello settings ###
# oCIS Hello version. Defaults to "latest"
OCIS_HELLO_DOCKER_TAG=
### oCIS Hello settings ###
# oCIS Hello version. Defaults to "latest"
OCIS_HELLO_DOCKER_TAG=
```
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`.
@@ -95,6 +90,8 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`.
Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`.
By default the oCIS Hello extension will be started in the `latest` version. If you want to start a specific version of oCIS Hello set the version to `OCIS_HELLO_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis-hello/tags?page=1&ordering=last_updated).
Now you have configured everything and can save the file.