mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-22 05:29:01 -06:00
Code Issues Packages Projects Releases Wiki Activity

Example on how to deploy ocis-web in front of ownCloud10

Browse Source 
This deployment scenario shows how to use ocis as frontend for an existing ownCloud 10 production installation. It enables
ownCloud 10 users to log in and work with their files using the new ocis-web UI. While the scenario includes
an ownCloud 10 instance, it only exists to show the necessary configuration for your already existing ownCloud 10
installation.

The setup can be used for:
- Trying out the new UI on ownCloud 10. Users can switch dynamically
- It is a prequisite for future zero-downtime migrations.

Co-authored-by: Ilja Neumann <ineumann@owncloud.com>
Co-authored-by: Jan Müller <jan.mueller@catdev.io>
Co-authored-by: Phil Davis <phil@jankaritech.com>
This commit is contained in:
Benedikt Kulmann
2020-11-04 12:50:26 +01:00
committed by Ilja Neumann
parent f19acadd1b
commit d311d415b1
13 changed files with 321 additions and 390 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
deployments/examples/ocis_external_konnectd/README.md
View File

@@ -1,53 +1,2 @@
# Deployment scenario ocis with external konnectd service on separate node and traefik as reverse proxy
## Setup on ocis server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example sub folder for ocisnode to /opt
`cp deployment/examples/ocis_external_konnectd/ocisnode /opt/`
* Overwrite OCIS_DOMAIN and IDP_DOMAIN in .env with your-ocis.domain.com and your-idp.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocisnode/.env`
`sed -i 's/idp.domain.com/your-idp.domain.com/g' /opt/ocisnode/.env`
* Change into deployment folder
`cd /opt/ocisnode`
* Start application stack
`docker-compose up -d`
## Setup on idp server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example sub folder for idpnode to /opt
`cp deployment/examples/ocis_external_konnectd/idpnode /opt/`
* Overwrite OCIS_DOMAIN and IDP_DOMAIN in .env with your-ocis.domain.com and your-idp.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/idpnode/.env`
`sed -i 's/idp.domain.com/your-idp.domain.com/g' /opt/idpnode/.env`
* Overwrite redirect uri with your-ocis.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/idpnode/config/identifier-registration.yml`
* Change into deployment folder
`cd /opt/idpnode`
* Start application stack
`docker-compose up -d`
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/ocis_external_konnectd/)
for instructions on how to deploy this scenario.

5
deployments/examples/ocis_oc10_backend/.env
View File

@@ -1,3 +1,4 @@
COMPOSE_PROJECT_NAME=bridge
OCIS_DOMAIN=ocis.domain.com
OC10_DOMAIN=oc10.domain.com
OCIS_DOMAIN=ocis.example.org
OC10_DOMAIN=oc10.example.org
INSECURE=false

32
deployments/examples/ocis_oc10_backend/README.md
View File

@@ -1,30 +1,2 @@
# Deployment scenario ocis with oc10 backend and traefik as reverse proxy
## Setup on server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example folder to /opt
`cp deployment/examples/ocis_oc10_backend /opt/`
* Overwrite OCIS_DOMAIN and OC10_DOMAIN in .env with your-ocis.domain.com and your-oc10.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocis_oc10_backend/.env`
`sed -i 's/oc10.domain.com/your-oc10.domain.com/g' /opt/ocis_oc10_backend/.env`
* Overwrite redirect uris with your-ocis.domain.com and your-oc10.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocis_oc10_backend/ocis/identifier-registration.yml`
`sed -i 's/oc10.domain.com/your-oc10.domain.com/g' /opt/ocis_oc10_backend/ocis/identifier-registration.yml`
* Change into deployment folder
`cd /opt/ocis_oc10_backend`
* Start application stack
`docker-compose up -d`
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/ocis_oc10_backend/)
for instructions on how to deploy this scenario.

55
deployments/examples/ocis_oc10_backend/docker-compose.yml
View File

@@ -41,6 +41,11 @@ services:
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
default:
aliases:
- ${OC10_DOMAIN}
- ${OCIS_DOMAIN}
owncloud:
build:
@@ -52,6 +57,8 @@ services:
- db
- redis
environment:
OCIS_DOMAIN: ${OCIS_DOMAIN}
PROXY_LOG_LEVEL: debug
OWNCLOUD_DOMAIN: ${OC10_DOMAIN}
OWNCLOUD_DB_TYPE: mysql
OWNCLOUD_DB_NAME: owncloud
@@ -88,33 +95,28 @@ services:
- "traefik.http.routers.oc10-redirs.middlewares=redirect-to-https"
ocis:
image: owncloud/ocis:latest
build:
context: ./ocis
dockerfile: Dockerfile
args:
OCIS_DOMAIN: ${OCIS_DOMAIN}
OC10_DOMAIN: ${OC10_DOMAIN}
ports:
- 9200:9200
environment:
OCIS_DOMAIN: ${OCIS_DOMAIN}
OCIS_LOG_LEVEL: debug
# proxy
PROXY_CONFIG_FILE: "/config/proxy-config.json"
PROXY_TLS: "false"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN}
PROXY_OIDC_INSECURE: "true"
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_OIDC_INSECURE: "${INSECURE}"
# konnectd - binddn must exist as oc10 admin user
KONNECTD_ISS: https://${OCIS_DOMAIN}
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yml"
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
KONNECTD_TLS: 0
KONNECTD_SIGNING_KID: super
GRAPH_OIDC_ENDPOINT: https://${OC10_DOMAIN}/apps/graphapi/v1.0
PHOENIX_OIDC_AUTHORITY: https://${OCIS_DOMAIN}
PHOENIX_OIDC_METADATA_URL: https://${OCIS_DOMAIN}/.well-known/openid-configuration
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN}
PHOENIX_WEB_CONFIG: "/config/web/config.json"
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN}
STORAGE_TRANSFER_EXPIRES: 86400
STORAGE_FRONTEND_URL: https://${OCIS_DOMAIN}
STORAGE_DATAGATEWAY_URL: https://${OCIS_DOMAIN}/data
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN}
GLAUTH_BACKEND_DATASTORE: owncloud
GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN}/apps/graphapi/v1.0
GLAUTH_BACKEND_BASEDN: dc=example,dc=org
KONNECTD_INSECURE: "${INSECURE}"
LDAP_URI: ldap://localhost:9125
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
LDAP_BINDPW: "admin"
@@ -126,9 +128,23 @@ services:
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: "(objectClass=posixaccount)"
# glauth
GLAUTH_BACKEND_DATASTORE: owncloud
GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN}/apps/graphapi/v1.0
GLAUTH_BACKEND_INSECURE: "${INSECURE}"
# graph
GRAPH_OIDC_ENDPOINT: https://${OC10_DOMAIN}/apps/graphapi/v1.0
# web ui
PHOENIX_WEB_CONFIG: "/config/web/config.json"
# storage - although not used, yet
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN}
STORAGE_OIDC_INSECURE: "${INSECURE}"
STORAGE_TRANSFER_EXPIRES: 86400
STORAGE_FRONTEND_URL: https://${OCIS_DOMAIN}
STORAGE_DATAGATEWAY_URL: https://${OCIS_DOMAIN}/data
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN}
volumes:
- ./ocis:/config
- ./ocis/proxy-config.json:/etc/ocis/proxy.json
- ./ocis/config/proxy-config.json:/etc/ocis/proxy.json
labels:
- "traefik.enable=true"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
@@ -143,7 +159,6 @@ services:
- "traefik.http.routers.ocis-redirs.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis-redirs.entrypoints=web"
- "traefik.http.routers.ocis-redirs.middlewares=redirect-to-https"
db:
image: webhippie/mariadb:latest
restart: always

10
deployments/examples/ocis_oc10_backend/oc10/overlay/etc/templates/config.php
View File

@@ -32,12 +32,14 @@ function getConfigFromEnv() {
0 => $domain
],
'openid-connect' => [
'provider-url' => 'https://${OCIS_DOMAIN}',
'provider-url' => 'https://' . getenv('OCIS_DOMAIN'),
'client-id' => 'oc10',
'client-secret' => 'super',
'loginButtonName' => 'OpenId Connect',
'search-attribute' => 'preferred_username',
'mode' => 'userid',
'autoRedirectOnLoginPage' => true,
'insecure' => true,
],
'datadirectory' => getenv('OWNCLOUD_VOLUME_FILES'),
'dbtype' => getenv('OWNCLOUD_DB_TYPE'),
@@ -47,8 +49,8 @@ function getConfigFromEnv() {
'dbpassword' => getenv('OWNCLOUD_DB_PASSWORD'),
'dbtableprefix' => getenv('OWNCLOUD_DB_PREFIX'),
'phoenix.baseUrl' => 'https://${OCIS_DOMAIN}',
'cors.allowed-domains' => ['https://${OCIS_DOMAIN}'],
'phoenix.baseUrl' => 'https://'. getenv('OCIS_DOMAIN'),
'cors.allowed-domains' => ['https://'. getenv('OCIS_DOMAIN')],
'log_type' => 'owncloud',
@@ -552,4 +554,4 @@ function getConfigFromEnv() {
return $config;
}
$CONFIG = getConfigFromEnv();
$CONFIG = getConfigFromEnv();

11
deployments/examples/ocis_oc10_backend/ocis/Dockerfile Normal file
View File

@@ -0,0 +1,11 @@
FROM owncloud/ocis:latest
ARG OCIS_DOMAIN
ENV OCIS_DOMAIN $OCIS_DOMAIN
ARG OC10_DOMAIN
ENV OC10_DOMAIN $OC10_DOMAIN
ADD config /config
RUN sed -i "s/ocis.example.org/${OCIS_DOMAIN}/g" /config/web/config.json \
&& sed -i "s/ocis.example.org/${OCIS_DOMAIN}/g" /config/identifier-registration.yaml \
&& sed -i "s/oc10.example.org/${OC10_DOMAIN}/g" /config/identifier-registration.yaml \

18
deployments/examples/ocis_oc10_backend/ocis/identifier-registration.yml → deployments/examples/ocis_oc10_backend/ocis/config/identifier-registration.yaml
View File

@@ -7,15 +7,11 @@ clients:
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/
- https://ocis.domain.com/
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.example.org/
- https://ocis.example.org/oidc-callback.html
- https://ocis.example.org/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com
- https://ocis.example.org
- id: oc10
name: OC10
@@ -24,11 +20,9 @@ clients:
insecure: yes
trusted: yes
redirect_uris:
- https://oc10.domain.com/apps/openidconnect/redirect/
- https://oc10.domain.com/apps/openidconnect/redirect
- https://oc10.example.org/apps/openidconnect/redirect
origins:
- http://oc10.domain.com
- https://oc10.domain.com
- https://oc10.example.org
- id: ocis-explorer.js
name: OCIS Graph Explorer

61
deployments/examples/ocis_oc10_backend/ocis/config/proxy-config.json Normal file
View File

@@ -0,0 +1,61 @@
{
"HTTP": {
"Namespace": "works.owncloud"
},
"policy_selector": {
"static": {
"policy": "oc10"
}
},
"policies": [
{
"name": "oc10",
"routes": [
{
"endpoint": "/",
"backend": "http://localhost:9100"
},
{
"endpoint": "/.well-known/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/konnect/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/signin/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/ocs/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/remote.php/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/dav/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/webdav/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/status.php",
"backend": "http://owncloud:8080"
},
{
"endpoint": "/index.php/",
"backend": "http://owncloud:8080"
}
]
}
]
}

39
deployments/examples/ocis_oc10_backend/ocis/config/web/config.json Normal file
View File

@@ -0,0 +1,39 @@
{
"server": "https://ocis.example.org",
"theme": "owncloud",
"version": "0.1.0",
"openIdConnect": {
"metadata_url": "https://ocis.example.org/.well-known/openid-configuration",
"authority": "https://ocis.example.org",
"client_id": "phoenix",
"response_type": "code",
"scope": "openid profile email"
},
"applications": [
{
"title": {
"en": "Classic Design",
"de": "Klassisches ownCloud"
},
"icon": "switch_ui",
"url": "https://ocis.example.org",
"target": "_self"
},
{
"title": {
"en": "Settings",
"de": "Einstellungen"
},
"icon": "application",
"url": "https://ocis.example.org/index.php/settings/personal",
"target": "_self",
"menu": "user"
}
],
"apps": [
"files",
"draw-io",
"markdown-editor",
"media-viewer"
]
}

133
deployments/examples/ocis_oc10_backend/ocis/proxy-config.json
View File

@@ -1,133 +0,0 @@
{
"HTTP": {
"Namespace": "works.owncloud"
},
"policy_selector": {
"migration": {
"acc_found_policy" : "reva",
"acc_not_found_policy": "oc10",
"unauthenticated_policy": "oc10"
}
},
"policies": [
{
"name": "reva",
"routes": [
{
"endpoint": "/",
"backend": "http://localhost:9100"
},
{
"endpoint": "/.well-known/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/konnect/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/signin/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/ocs/",
"backend": "http://localhost:9140"
},
{
"type": "regex",
"endpoint": "/ocs/v[12].php/cloud/user",
"backend": "http://localhost:9110"
},
{
"endpoint": "/remote.php/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/dav/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/webdav/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/status.php",
"backend": "http://localhost:9140"
},
{
"endpoint": "/index.php/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/data",
"backend": "http://localhost:9140"
},
{
"endpoint": "/api/v0/accounts",
"backend": "http://localhost:9181"
},
{
"endpoint": "/accounts.js",
"backend": "http://localhost:9181"
},
{
"endpoint": "/api/v0/settings",
"backend": "http://localhost:9190"
},
{
"endpoint": "/settings.js",
"backend": "http://localhost:9190"
}
]
},
{
"name": "oc10",
"routes": [
{
"endpoint": "/",
"backend": "http://localhost:9100"
},
{
"endpoint": "/.well-known/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/konnect/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/signin/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/ocs/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/remote.php/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/dav/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/webdav/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/status.php",
"backend": "http://owncloud:8080"
},
{
"endpoint": "/index.php/",
"backend": "http://owncloud:8080"
}
]
}
]
}

49
deployments/examples/ocis_oc10_backend/ocis/web/config.json
View File

@@ -1,49 +0,0 @@
{
"server": "https://${OCIS_DOMAIN}",
"theme": "owncloud",
"version": "0.1.0",
"openIdConnect": {
"metadata_url": "https://${OCIS_DOMAIN}/.well-known/openid-configuration",
"authority": "https://${OCIS_DOMAIN}",
"client_id": "phoenix",
"response_type": "code",
"scope": "openid profile email"
},
"applications": [
{
"title": {
"en": "Classic Design",
"de": "Klassisches ownCloud"
},
"icon": "switch_ui",
"url": "https://${OC10_DOMAIN}",
"target": "_self"
},
{
"title": {"en": "Classic Settings"},
"icon": "application",
"url": "https://${OC10_DOMAIN}/index.php/settings/personal",
"target": "_self",
"menu": "user"
}
],
"apps": [
"files",
"draw-io",
"markdown-editor",
"media-viewer"
],
"options": {
"hideSearchBar": false
},
"external_apps": [
{
"id": "accounts",
"path": "/accounts.js"
},
{
"id": "settings",
"path": "/settings.js"
}
]
}

29
deployments/examples/ocis_traefik/README.md
View File

@@ -1,27 +1,2 @@
# Deployment scenario ocis with traefik
## Setup on server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example folder to /opt
`cp deployment/examples/ocis_traefik /opt/`
* Overwrite OCIS_DOMAIN in .env with your.domain.com
`sed -i 's/ocis.domain.com/your.domain.com/g' /opt/ocis_traefik/.env`
* Overwrite redirect uri with your.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your.domain.com/g' /opt/ocis_traefik/config/identifier-registration.yml`
* Change into deployment folder
`cd /opt/ocis_traefik`
* Start application stack
`docker-compose up -d`
Please refer to [our documentation](https://owncloud.github.io/ocis/deployment/ocis_traefik/)
for instructions on how to deploy this scenario.