mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2025-12-31 01:10:20 -06:00
Code Issues Packages Projects Releases Wiki Activity

remove the individual services example in favor for the ocis helm charts

Browse Source
This commit is contained in:
Willy Kloucek
2022-10-27 11:54:55 +02:00
parent 275a359750
commit cd7093d8e4
8 changed files with 0 additions and 1324 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.drone.star
View File

@@ -2141,7 +2141,6 @@ def example_deploys(ctx):
"ocis_hello/latest.yml",
"ocis_s3/latest.yml",
"oc10_ocis_parallel/latest.yml",
"ocis_individual_services/latest.yml",
]
released_configs = [
"ocis_ldap/released.yml",

62
deployments/continuous-deployment-config/ocis_individual_services/latest.yml
View File

@@ -1,62 +0,0 @@
---
- name: continuous-deployment-ocis-individual-services-latest
server:
server_type: cx31
image: ubuntu-20.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: wkloucek
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
rebuild_carry_paths:
- /var/lib/docker/volumes/ocis_certs
domains:
- "*.ocis-individual-services.latest.owncloud.works"
vars:
ssh_authorized_keys:
- https://github.com/butonic.keys
- https://github.com/C0rby.keys
- https://github.com/fschade.keys
- https://github.com/kulmann.keys
- https://github.com/micbar.keys
- https://github.com/wkloucek.keys
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_individual_services
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: latest
OCIS_SCALE: 6
OCIS_DOMAIN: ocis.ocis-individual-services.latest.owncloud.works
DEMO_USERS: "true"
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
IDP_LDAP_BIND_PASSWORD: "elirwlketrwe53453rt"
STORAGE_LDAP_BIND_PASSWORD: "ekrwelkjrtlkwertjlkertkert3423"
OCIS_JWT_SECRET: "kdfjlkertlk234534534589345"
OCIS_MACHINE_AUTH_API_KEY: "rekwelkrjttwer534534-5"
SYSTEM_USER_API_KEY: "ekrjwelrtj235345345g,mdfglk.ert"
IDM_SVC_PASSWORD: "kljrhewrlkj3479734534t"
IDM_REVASVC_PASSWORD: "lklkjhuihir2342839i90o4dsadsd"
IDM_IDPSVC_PASSWORD: "jrhekr3453458734tkjert"
OCIS_SYSTEM_USER_ID: "d9d0f4d1-fe3c-457e-92e3-e18b3b366bbe"
SYSTEM_USER_ID: "3693ecf8-4164-4879-bdf3-ea3425df3c6e"
ADMIN_USER_ID: "09246a85-682a-4cd5-996d-8e8d2aca50af"
ADMIN_USER_PASSWORD: "admin"
PROXY_ENABLE_BASIC_AUTH: "true"
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-individual-services.latest.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_individual_services
OCIS_URL: ocis.ocis-individual-services.latest.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-individual-services-latest

59
deployments/examples/ocis_individual_services/.env
View File

@@ -1,59 +0,0 @@
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
# The demo users should not be created on a production instance
# because their passwords are public
DEMO_USERS=true
### Traefik settings ###
# Serve Traefik dashboard.
TRAEFIK_DASHBOARD=false
# Domain of Traefik, where you can find the dashboard.
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard.
TRAEFIK_BASIC_AUTH_USERS=admin
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version.
OCIS_DOCKER_TAG=latest
# Domain of oCIS, where you can find the frontend.
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Must be identical to IDP_IDPSVC_PASSWORD
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS.
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS.
OCIS_JWT_SECRET=
# Secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS.
STORAGE_TRANSFER_SECRET=
# Secret which is used for accessing the system storage. Must be different from the OCIS_JWT_SECRET. Must be changed in order to have a secure oCIS.
STORAGE_SYSTEM_JWT_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS.
OCIS_MACHINE_AUTH_API_KEY=
# System user machine auth api key. Must be changed in order to have a secure oCIS.
SYSTEM_USER_API_KEY=
# Number of services to run for extensions, that currently can be easily scaled.
OCIS_SCALE=1
# IDM service user password, set to a random string.
IDM_SVC_PASSWORD=
# IDM Reva service user password, set to a random string.
IDM_REVASVC_PASSWORD=
# IDM IDP service user password, set to a random string.
IDM_IDPSVC_PASSWORD=
# System user id, set to a random string.
SYSTEM_USER_ID=
# Admin user id, set to a random UUIDv4.
ADMIN_USER_ID=
# Admin user password, set to random string.
ADMIN_USER_PASSWORD=
# Enable basic auth for proxy, set to bool.
PROXY_ENABLE_BASIC_AUTH=
# If you want to use debugging and tracing with this stack,
# you need uncomment following line. Please see documentation at
# https://owncloud.dev/ocis/deployment/monitoring-tracing/
#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

6
deployments/examples/ocis_individual_services/README.md
View File

@@ -1,6 +0,0 @@
---
document this deployment example in: docs/ocis/deployment/ocis_individual_services.md
---
Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_individual_services/)
for instructions on how to deploy this scenario.

57
deployments/examples/ocis_individual_services/config/proxy/proxy.yaml
View File

@@ -1,57 +0,0 @@
policies:
- name: ocis
routes:
- endpoint: /
backend: http://web:9100
- endpoint: /.well-known/
backend: http://idp:9130
- endpoint: /konnect/
backend: http://idp:9130
- endpoint: /signin/
backend: http://idp:9130
- endpoint: /archiver
backend: http://frontend:9140
- type: regex
endpoint: /ocs/v[12].php/cloud/user/signing-key
backend: http://ocs:9110
- endpoint: /ocs/
backend: http://frontend:9140
- type: query
endpoint: /remote.php/?preview=1
backend: http://webdav:9115
- method: REPORT
endpoint: /remote.php/dav/
backend: http://webdav:9115
- type: query
endpoint: /dav/?preview=1
backend: http://webdav:9115
- type: query
endpoint: /webdav/?preview=1
backend: http://webdav:9115
- endpoint: /remote.php/
service: com.owncloud.web.ocdav
- endpoint: /dav/
service: com.owncloud.web.ocdav
- endpoint: /webdav/
service: com.owncloud.web.ocdav
- endpoint: /status.php
service: com.owncloud.web.ocdav
- endpoint: /index.php/
service: com.owncloud.web.ocdav
- endpoint: /apps/
service: com.owncloud.web.ocdav
- endpoint: /data
backend: http://frontend:9140
- endpoint: /app/
backend: http://frontend:9140
- endpoint: /graph/
backend: http://graph:9120
- endpoint: /api/v0/settings
backend: http://settings:9190
- endpoint: /settings.js
backend: http://settings:9190
policy_selector:
static:
policy: ocis

840
deployments/examples/ocis_individual_services/docker-compose.yml
View File

@@ -1,840 +0,0 @@
---
version: "3.7"
volumes:
traefik-certs: null
ocis-store: null
ocis-storage-system: null
ocis-storage-users: null
ocis-sharing: null
ocis-thumbnails: null
ocis-idm: null
ocis-nats: null
ocis-search: null
networks:
ocis-net:
services:
traefik:
image: traefik:v2.9.1
networks:
ocis-net:
aliases:
- ${OCIS_DOMAIN}
command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# letsencrypt configuration
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
# enable dashboard
- "--api.dashboard=${TRAEFIK_DASHBOARD:-false}"
# define entrypoints
- "--entryPoints.http.address=:80"
- "--entryPoints.http.http.redirections.entryPoint.to=https"
- "--entryPoints.http.http.redirections.entryPoint.scheme=https"
- "--entryPoints.https.address=:443"
# docker provider (get configuration from container labels)
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "traefik-certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.routers.traefik.tls.certresolver=http"
- "traefik.http.routers.traefik.service=api@internal"
logging:
driver: "local"
restart: always
app-registry:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- app-registry
- server
environment:
APP_REGISTRY_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
APP_REGISTRY_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
APP_REGISTRY_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
APP_REGISTRY_JWT_SECRET: ${OCIS_JWT_SECRET}
APP_REGISTRY_GRPC_ADDR: 0.0.0.0:9242
REVA_GATEWAY: gateway:9142
logging:
driver: "local"
restart: always
app-provider:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- app-provider
- server
environment:
APPPROVIDER_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
APPPROVIDER_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
APPPROVIDER_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164
APP_PROVIDER_EXTERNAL_ADDR: app-provider:9164
REVA_GATEWAY: gateway:9142
APP_PROVIDER_JWT_SECRET: ${OCIS_JWT_SECRET}
logging:
driver: "local"
restart: always
notifications:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- notifications
- server
environment:
NOTIFICATIONS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
NOTIFICATIONS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
NOTIFICATIONS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
REVA_GATEWAY: gateway:9142
NOTIFICATIONS_EVENTS_ENDPOINT: nats:9233
NOTIFICATIONS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY}
logging:
driver: "local"
restart: always
idm:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: 1
networks:
ocis-net:
volumes:
- ocis-idm:/var/lib/ocis
entrypoint:
- ocis
- idm
- server
environment:
IDM_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
IDM_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
IDM_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
IDM_LDAPS_ADDR: 0.0.0.0:9235
IDM_ADMIN_USER_ID: ${ADMIN_USER_ID}
IDM_ADMIN_PASSWORD: ${ADMIN_USER_PASSWORD}
IDM_SVC_PASSWORD: ${IDM_SVC_PASSWORD}
IDM_REVASVC_PASSWORD: ${IDM_REVASVC_PASSWORD}
IDM_IDPSVC_PASSWORD: ${IDM_IDPSVC_PASSWORD}
IDM_CREATE_DEMO_USERS: ${DEMO_USERS:-false}
IDM_JWT_SECRET: ${OCIS_JWT_SECRET}
logging:
driver: "local"
restart: always
ocdav:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- ocdav
- server
environment:
OCDAV_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
OCDAV_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
OCDAV_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
OCDAV_HTTP_ADDR: 0.0.0.0:8080
OCDAV_PUBLIC_URL: https://${OCIS_DOMAIN}
REVA_GATEWAY: gateway:9142
OCDAV_JWT_SECRET: ${OCIS_JWT_SECRET}
OCDAV_INSECURE: ${INSECURE:-true}
logging:
driver: "local"
restart: always
audit:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: 1
networks:
ocis-net:
entrypoint:
- ocis
- audit
- server
environment:
AUDIT_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
AUDIT_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
AUDIT_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
AUDIT_EVENTS_ENDPOINT: nats:9233
logging:
driver: "local"
restart: always
proxy:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- proxy
- server
environment:
PROXY_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
PROXY_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
PROXY_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
REVA_GATEWAY: gateway:9142
PROXY_JWT_SECRET: ${OCIS_JWT_SECRET}
PROXY_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY}
PROXY_OIDC_INSECURE: "${INSECURE:-true}"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN}
PROXY_INSECURE_BACKENDS: true
PROXY_HTTP_ADDR: 0.0.0.0:9200
PROXY_ENABLE_BASIC_AUTH: ${PROXY_ENABLE_BASIC_AUTH:-true}
volumes:
- "./config/proxy/proxy.yaml:/etc/ocis/proxy.yaml"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=https"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis.tls.certresolver=http"
- "traefik.http.routers.ocis.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: "local"
restart: always
nats:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: 1
networks:
ocis-net:
volumes:
- "ocis-nats:/var/lib/ocis"
entrypoint:
- ocis
- nats
- server
environment:
NATS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
NATS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
NATS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
NATS_NATS_HOST: 0.0.0.0
logging:
driver: "local"
restart: always
idp:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: 1
networks:
ocis-net:
entrypoint:
- ocis
- idp
- server
environment:
IDP_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
IDP_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
IDP_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
IDP_HTTP_ADDR: 0.0.0.0:9130
IDP_LDAP_URI: ldaps://idm:9235
IDP_LDAP_BIND_PASSWORD: ${IDM_IDPSVC_PASSWORD}
IDP_ISS: https://${OCIS_DOMAIN}
IDP_INSECURE: "${INSECURE:-true}"
logging:
driver: "local"
restart: always
ocs:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- ocs
- server
environment:
OCS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
OCS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
OCS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
OCS_HTTP_ADDR: 0.0.0.0:9110
OCS_IDM_ADDRESS: https://${OCIS_DOMAIN}
OCS_JWT_SECRET: ${OCIS_JWT_SECRET}
OCS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY}
REVA_GATEWAY: gateway:9142
logging:
driver: "local"
restart: always
search:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
volumes:
- "ocis-search:/var/lib/ocis"
entrypoint:
- ocis
- search
- server
environment:
SEARCH_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
SEARCH_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
SEARCH_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
SEARCH_GRPC_ADDR: 0.0.0.0:9220
REVA_GATEWAY: gateway:9142
SEARCH_EVENTS_ENDPOINT: nats:9233
SEARCH_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY}
logging:
driver: "local"
restart: always
settings:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- settings
- server
environment:
SETTINGS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
SETTINGS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
SETTINGS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
SETTINGS_HTTP_ADDR: 0.0.0.0:9190
SETTINGS_GRPC_ADDR: 0.0.0.0:9191
SETTINGS_JWT_SECRET: ${OCIS_JWT_SECRET}
OCIS_SYSTEM_USER_API_KEY: ${SYSTEM_USER_API_KEY}
OCIS_SYSTEM_USER_ID: ${SYSTEM_USER_ID}
SETTINGS_ADMIN_USER_ID: ${ADMIN_USER_ID}
STORAGE_GATEWAY_GRPC_ADDR: storage-system:9215
STORAGE_GRPC_ADDR: storage-system:9215
logging:
driver: "local"
restart: always
store:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: 1
networks:
ocis-net:
entrypoint:
- ocis
- store
- server
environment:
STORE_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
STORE_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
STORE_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
STORE_GRPC_ADDR: 0.0.0.0:9460
volumes:
- "ocis-store:/var/lib/ocis"
logging:
driver: "local"
restart: always
thumbnails:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- thumbnails
- server
environment:
THUMBNAILS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
THUMBNAILS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
THUMBNAILS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
THUMBNAILS_GRPC_ADDR: 0.0.0.0:9185
THUMBNAILS_HTTP_ADDR: 0.0.0.0:9186
THUMBNAILS_DATA_ENDPOINT: http://thumbnails:9186/thumbnails/data
THUMBNAILS_CS3SOURCE_INSECURE: "true"
REVA_GATEWAY: gateway:9142
volumes:
# optional shared thumbnail cache between services
- "ocis-thumbnails:/var/lib/ocis"
logging:
driver: "local"
restart: always
web:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- web
- server
environment:
WEB_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
WEB_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
WEB_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
WEB_HTTP_ADDR: 0.0.0.0:9100
WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN}
WEB_UI_THEME_SERVER: https://${OCIS_DOMAIN}
WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN}
WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN}/.well-known/openid-configuration
logging:
driver: "local"
restart: always
webdav:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- webdav
- server
environment:
WEBDAV_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
WEBDAV_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
WEBDAV_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
WEBDAV_HTTP_ADDR: 0.0.0.0:9115
OCIS_PUBLIC_URL: https://${OCIS_DOMAIN}
REVA_GATEWAY: gateway:9142
logging:
driver: "local"
restart: always
graph:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- graph
- server
environment:
GRAPH_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
GRAPH_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
GRAPH_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
GRAPH_HTTP_ADDR: 0.0.0.0:9120
GRAPH_SPACES_WEBDAV_BASE: https://${OCIS_DOMAIN}
GRAPH_LDAP_URI: ldaps://idm:9235
GRAPH_LDAP_BIND_PASSWORD: ${IDM_SVC_PASSWORD}
GRAPH_LDAP_INSECURE: true # TODO: fix me https://github.com/owncloud/ocis/issues/3818
REVA_GATEWAY: gateway:9142
GRAPH_EVENTS_ENDPOINT: nats:9233
GRAPH_JWT_SECRET: ${OCIS_JWT_SECRET}
logging:
driver: "local"
restart: always
storage-system:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- storage-system
- server
environment:
STORAGE_SYSTEM_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
STORAGE_SYSTEM_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
STORAGE_SYSTEM_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
STORAGE_SYSTEM_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
STORAGE_SYSTEM_GRPC_ADDR: 0.0.0.0:9215
STORAGE_SYSTEM_HTTP_ADDR: 0.0.0.0:9216
STORAGE_SYSTEM_DATA_SERVER_URL: http://storage-system:9216/data
STORAGE_SYSTEM_JWT_SECRET: ${STORAGE_SYSTEM_JWT_SECRET}
OCIS_SYSTEM_USER_ID: ${SYSTEM_USER_ID}
STORAGE_SYSTEM_DRIVER: ocis
OCIS_SYSTEM_USER_API_KEY: ${SYSTEM_USER_API_KEY}
REVA_GATEWAY: gateway:9142
volumes:
- "ocis-storage-system:/var/lib/ocis"
logging:
driver: "local"
restart: always
auth-basic:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- auth-basic
- server
environment:
AUTH_BASIC_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
AUTH_BASIC_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
AUTH_BASIC_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
AUTH_BASIC_GRPC_ADDR: 0.0.0.0:9146
REVA_GATEWAY: gateway:9142
STORAGE_AUTH_BASIC_ENDPOINT: auth-basic:9146
AUTH_BASIC_JWT_SECRET: ${OCIS_JWT_SECRET}
AUTH_BASIC_LDAP_URI: ldaps://idm:9235
AUTH_BASIC_LDAP_CACERT: ""
AUTH_BASIC_LDAP_INSECURE: "true"
AUTH_BASIC_LDAP_BIND_PASSWORD: ${IDM_REVASVC_PASSWORD}
AUTH_BASIC_IDP_URL: https://${OCIS_DOMAIN}
logging:
driver: "local"
restart: always
auth-machine:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- auth-machine
- server
environment:
AUTH_MACHINE_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
AUTH_MACHINE_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
AUTH_MACHINE_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
AUTH_MACHINE_GRPC_ADDR: 0.0.0.0:9166
AUTH_MACHINE_JWT_SECRET: ${OCIS_JWT_SECRET}
AUTH_MACHINE_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY}
REVA_GATEWAY: gateway:9142
logging:
driver: "local"
restart: always
storage-shares:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- storage-shares
- server
environment:
STORAGE_SHARES_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
STORAGE_SHARES_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
STORAGE_SHARES_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
STORAGE_SHARES_GRPC_ADDR: 0.0.0.0:9154
STORAGE_SHARES_USER_SHARE_PROVIDER_ENDPOINT: sharing:9150
STORAGE_SHARES_JWT_SECRET: ${OCIS_JWT_SECRET}
REVA_GATEWAY: gateway:9142
logging:
driver: "local"
restart: always
storage-users:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- storage-users
- server
environment:
STORAGE_USERS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
STORAGE_USERS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
STORAGE_USERS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
STORAGE_USERS_DRIVER: ocis
STORAGE_USERS_GRPC_ADDR: 0.0.0.0:9157
STORAGE_USERS_HTTP_ADDR: 0.0.0.0:9158
STORAGE_USERS_DATA_SERVER_URL: http://storage-users:9158/data
STORAGE_USERS_PERMISSION_ENDPOINT: settings:9191
STORAGE_USERS_EVENTS_ENDPOINT: nats:9233
REVA_GATEWAY: gateway:9142
STORAGE_USERS_JWT_SECRET: ${OCIS_JWT_SECRET}
volumes:
- "ocis-storage-users:/var/lib/ocis"
logging:
driver: "local"
restart: always
storage-publiclink:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- storage-publiclink
- server
environment:
STORAGE_PUBLICLINK_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
STORAGE_PUBLICLINK_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
STORAGE_PUBLICLINK_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
STORAGE_PUBLICLINK_GRPC_ADDR: 0.0.0.0:9178
STORAGE_PUBLICLINK_JWT_SECRET: ${OCIS_JWT_SECRET}
REVA_GATEWAY: gateway:9142
logging:
driver: "local"
restart: always
sharing:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: 1
networks:
ocis-net:
entrypoint:
- ocis
- sharing
- server
environment:
SHARING_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
SHARING_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
SHARING_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
SHARING_GRPC_ADDR: 0.0.0.0:9150
SHARING_EVENTS_ENDPOINT: nats:9233
SHARING_JWT_SECRET: ${OCIS_JWT_SECRET}
REVA_GATEWAY: gateway:9142
SHARING_USER_DRIVER: json
SHARING_PUBLIC_DRIVER: json
volumes:
- "ocis-sharing:/var/lib/ocis"
logging:
driver: "local"
restart: always
users:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- users
- server
environment:
USERS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
USERS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
USERS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
USERS_GRPC_ADDR: 0.0.0.0:9144
USERS_LDAP_URI: ldaps://idm:9235
USERS_LDAP_CACERT: ""
USERS_LDAP_INSECURE: ${INSECURE:-true}
USERS_LDAP_BIND_PASSWORD: ${IDM_REVASVC_PASSWORD}
USERS_IDP_URL: https://${OCIS_DOMAIN}
REVA_GATEWAY: gateway:9142
USERS_JWT_SECRET: ${OCIS_JWT_SECRET}
logging:
driver: "local"
restart: always
groups:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- groups
- server
environment:
GROUPS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
GROUPS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
GROUPS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
GROUPS_GRPC_ADDR: 0.0.0.0:9160
GROUPS_LDAP_URI: ldaps://idm:9235
GROUPS_LDAP_CACERT: ""
GROUPS_LDAP_INSECURE: ${INSECURE:-true}
GROUPS_LDAP_BIND_PASSWORD: ${IDM_REVASVC_PASSWORD}
GROUPS_IDP_URL: https://${OCIS_DOMAIN}
REVA_GATEWAY: gateway:9142
GROUPS_JWT_SECRET: ${OCIS_JWT_SECRET}
logging:
driver: "local"
restart: always
frontend:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- frontend
- server
environment:
FRONTEND_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
FRONTEND_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
FRONTEND_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
FRONTEND_HTTP_ADDR: 0.0.0.0:9140
FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN}
FRONTEND_JWT_SECRET: ${OCIS_JWT_SECRET}
REVA_GATEWAY: gateway:9142
FRONTEND_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY}
STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET}
logging:
driver: "local"
restart: always
gateway:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
deploy:
replicas: ${OCIS_SCALE:-1}
networks:
ocis-net:
entrypoint:
- ocis
- gateway
- server
environment:
GATEWAY_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}"
GATEWAY_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
GATEWAY_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}"
GATEWAY_GRPC_ADDR: 0.0.0.0:9142
GATEWAY_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN}
GATEWAY_USERS_ENDPOINT: users:9144
GATEWAY_GROUPS_ENDPOINT: groups:9160
GATEWAY_AUTH_BASIC_ENDPOINT: auth-basic:9146
GATEWAY_PERMISSIONS_ENDPOINT: settings:9191
GATEWAY_SHARING_ENDPOINT: sharing:9150
GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178
GATEWAY_STORAGE_USERS_ENDPOINT: storage-users:9157
GATEWAY_STORAGE_SHARES_ENDPOINT: storage-shares:9154
GATEWAY_APP_REGISTRY_ENDPOINT: app-registry:9242
GATEWAY_JWT_SECRET: ${OCIS_JWT_SECRET}
STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET}
logging:
driver: "local"
restart: always

178
deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml
View File

@@ -1,178 +0,0 @@
---
version: "3.7"
services:
proxy:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
PROXY_DEBUG_ADDR: 0.0.0.0:9205
accounts:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
idp:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
IDP_DEBUG_ADDR: 0.0.0.0:9134
ocs:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
OCS_DEBUG_ADDR: 0.0.0.0:9114
settings:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
SETTINGS_DEBUG_ADDR: 0.0.0.0:9194
store:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORE_DEBUG_ADDR: 0.0.0.0:9464
thumbnails:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
THUMBNAILS_DEBUG_ADDR: 0.0.0.0:9189
web:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
WEB_DEBUG_ADDR: 0.0.0.0:9104
webdav:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
WEBDAV_DEBUG_ADDR: 0.0.0.0:9119
graph:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
GRAPH_DEBUG_ADDR: 0.0.0.0:9124
storage-system:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_SYSTEM_DEBUG_ADDR: 0.0.0.0:9217
storage-authbasic:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147
storage-authmachine:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167
storage-shares:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_SHARES_DEBUG_ADDR: 0.0.0.0:9156
storage-users:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_USERS_DEBUG_ADDR: 0.0.0.0:9159
storage-publiclink:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_PUBLIC_LINK_DEBUG_ADDR: 0.0.0.0:9179
storage-sharing:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_SHARING_DEBUG_ADDR: 0.0.0.0:9151
users:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_USERPROVIDER_DEBUG_ADDR: 0.0.0.0:9145
groups:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_GROUPPROVIDER_DEBUG_ADDR: 0.0.0.0:9161
storage-frontend:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141
storage-gateway:
environment:
# tracing
OCIS_TRACING_ENABLED: "true"
OCIS_TRACING_TYPE: jaeger
OCIS_TRACING_ENDPOINT: jaeger-agent:6831
# metrics
STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143
APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165
networks:
ocis-net:
external: true

121
docs/ocis/deployment/ocis_individual_services.md
View File

@@ -1,121 +0,0 @@
---
title: "oCIS as individual services"
date: 2020-10-12T14:04:00+01:00
weight: 24
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis/deployment
geekdocFilePath: ocis_individual_services.md
---
{{< toc >}}
## Overview
* oCIS running behind Traefik as reverse proxy
* Traefik generating self-signed certificates for local setup or obtaining valid SSL certificates for a server setup
* oCIS running as individual services (each extension in its own containers)
[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_individual_services)
The docker stack consists of at least 24 containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network.
The other containers are oCIS services, running each one in a separate container. In this example, oCIS uses its internal IDP [LibreGraph Connect]({{< ref "../../services/idp" >}}) and the [oCIS storage driver]({{< ref "../storage/storagedrivers" >}}). You also can start more than one container of each service by setting `OCIS_SCALE` to a number greater than 1. Currently this won't scale all services, but we are working on making all service easily scalable.
## Server Deployment
### Requirements
* Linux server with docker and docker-compose installed
* Two domains set up and pointing to your server
- ocis.* for serving oCIS
- traefik.* for serving the Traefik dashboard
See also [example server setup]({{< ref "preparing_server" >}})
### Install oCIS and Traefik
* Clone oCIS repository
`git clone https://github.com/owncloud/ocis.git`
* Go to the deployment example
`cd ocis/deployment/examples/ocis_traefik`
* Open the `.env` file in a text editor
The file by default looks like this:
```bash
# If you're on a internet facing server please comment out following line.
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
TRAEFIK_BASIC_AUTH_USERS=
# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
TRAEFIK_ACME_MAIL=
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OCIS_JWT_SECRET=
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
STORAGE_TRANSFER_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
OCIS_MACHINE_AUTH_API_KEY=
# Number of services to run for services, that currently can be easily scaled. Defaults to 1.
OCIS_SCALE=
```
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`.
If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` e.g. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (e.g. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool).
Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`.
By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated).
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`.
You also can run more than one instance of the service by setting `OCIS_SCALE` to number greater than one.
Now you have configured everything and can save the file.
* Start the docker stack
`docker-compose up -d`
* You now can visit oCIS and Traefik dashboard on your configured domains. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time.
## Local setup
For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}})
This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self-signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer.
On Linux and macOS you can add them to your `/etc/hosts` file and on Windows to `C:\Windows\System32\Drivers\etc\hosts` file like this:
```
127.0.0.1 ocis.owncloud.test
127.0.0.1 traefik.owncloud.test
```
After that you're ready to start the application stack:
`docker-compose up -d`
Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the default users, which also can be found here: [Getting started]({{< ref "../getting-started#login-to-ocis-web" >}}). You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time.