Merge pull request #1160 from owncloud/simplify_deplyoment_examples

[docs-only] simplify deployment examples
2026-02-25 23:19:13 -06:00 · 2020-12-28 16:51:04 +01:00
parent eb2143d3ec c7a620c4d5
commit d964f2f6b1
8 changed files with 22 additions and 139 deletions
--- a/deployments/examples/cs3_users_ocis/config/ocis/.gitignore
+++ b/deployments/examples/cs3_users_ocis/config/ocis/.gitignore
@@ -1 +0,0 @@
-identifier-registration.yaml
--- a/deployments/examples/cs3_users_ocis/config/ocis/identifier-registration.dist.yaml
+++ b/deployments/examples/cs3_users_ocis/config/ocis/identifier-registration.dist.yaml
@@ -1,41 +0,0 @@
---
-
-# OpenID Connect client registry.
-clients:
-  - id: web
-    name: OCIS
-    application_type: web
-    insecure: yes
-    trusted: yes
-    redirect_uris:
-      - https://ocis.owncloud.test/
-      - https://ocis.owncloud.test/oidc-callback.html
-      - https://ocis.owncloud.test/oidc-silent-redirect.html
-    origins:
-      - https://ocis.owncloud.test
-
-  - id: ocis-explorer.js
-    name: oCIS Graph Explorer
-    trusted: yes
-    insecure: yes
-
-  - id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
-    secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
-    name: ownCloud desktop app
-    application_type: native
-    insecure: true
-
-  - id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
-    secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
-    name: ownCloud Android app
-    application_type: native
-    redirect_uris:
-      - oc://android.owncloud.com
-
-  - id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
-    secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
-    name: ownCloud iOS app
-    application_type: native
-    redirect_uris:
-      - oc://ios.owncloud.com
-      - oc.ios://ios.owncloud.com
--- a/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json
+++ b/deployments/examples/cs3_users_ocis/config/ocis/proxy-config.json
@@ -62,13 +62,13 @@
        },
        {
          "endpoint": "/api/v0/settings",
-          "backend":  "http://localhost:9190"
+          "backend": "http://localhost:9190"
        },
        {
          "endpoint": "/settings.js",
-          "backend":  "http://localhost:9190"
-	},
-	{
+          "backend": "http://localhost:9190"
+        },
+        {
          "endpoint": "/api/v0/greet",
          "backend": "http://localhost:9105"
        },
--- a/deployments/examples/cs3_users_ocis/docker-compose.yaml
+++ b/deployments/examples/cs3_users_ocis/docker-compose.yaml
@@ -10,7 +10,7 @@ services:
          - ${OCIS_DOMAIN:-ocis.owncloud.test}
    command:
      #- "--log.level=DEBUG"
-      - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-'example@example.org'}"
+      - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
      - "--certificatesResolvers.http.acme.storage=/certs/acme.json"
      - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
      - "--api.dashboard=true"
@@ -18,6 +18,7 @@ services:
      - "--entryPoints.https.address=:443"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedByDefault=false"
+      - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate
    ports:
      - "80:80"
      - "443:443"
@@ -41,17 +42,10 @@ services:

  ocis:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
-    entrypoint:
-      - /bin/sh
-      - -c
-      - | # as long as https://github.com/owncloud/product/issues/15 is open we need this step to template konnectd config
-        cp /config/identifier-registration.dist.yaml /config/identifier-registration.yaml
-        sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/identifier-registration.yaml
-        ocis server
    depends_on:
      - ldap-server
    environment:
-      # CS3 users frpm ldap specific config
+      # CS3 users from ldap specific configuration
      PROXY_CONFIG_FILE: "/config/proxy-config.json"
      LDAP_FILTER: "(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
      LDAP_URI: ldap://ldap-server:389
@@ -74,17 +68,10 @@ services:
      STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
      # General ocis config
      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      OCIS_LOG_LEVEL: error
-      # proxy config
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
-      PROXY_TLS: "false"
-      # web config
-      WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      # storage config
-      # idp config
-      KONNECTD_TLS: 'false'
+      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
    volumes:
-      - ./config/ocis:/config
+      - ./config/ocis/proxy-config.json:/config/proxy-config.json
      - ocis-data:/var/tmp/ocis
    labels:
      - "traefik.enable=true"
@@ -98,6 +85,7 @@ services:
      - "traefik.http.routers.ocis-secure.tls.certresolver=http"
      - "traefik.http.routers.ocis-secure.service=ocis"
      - "traefik.http.services.ocis.loadbalancer.server.port=9200"
+      - "traefik.http.services.ocis.loadbalancer.server.scheme=https"
    restart: always

  ldap-server:
--- a/deployments/examples/ocis_keycloak/docker-compose.yml
+++ b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -19,6 +19,7 @@ services:
      - "--entryPoints.https.address=:443"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedByDefault=false"
+      - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate
    ports:
      - "80:80"
      - "443:443"
@@ -45,24 +46,18 @@ services:
    networks:
      default:
    environment:
-      # general config
-      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
-      # proxy config
+      # Keycloak IDP specific configuration
      PROXY_AUTOPROVISION_ACCOUNTS: "true"
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
      PROXY_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}
-      PROXY_TLS: "false"
-      # ownCloud Web config
      WEB_OIDC_AUTHORITY: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}
      WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web}
      WEB_OIDC_METADATA_URL: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}/.well-known/openid-configuration
-      WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      # storage config
      STORAGE_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
      STORAGE_LDAP_IDP: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
-      # thumbnail config
-      THUMBNAILS_WEBDAVSOURCE_BASEURL: http://localhost:9200/remote.php/webdav/
+      # general config
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
    volumes:
      - ocis-data:/var/tmp/ocis
    labels:
@@ -77,6 +72,7 @@ services:
      - "traefik.http.routers.ocis-secure.tls.certresolver=http"
      - "traefik.http.routers.ocis-secure.service=ocis"
      - "traefik.http.services.ocis.loadbalancer.server.port=9200"
+      - "traefik.http.services.ocis.loadbalancer.server.scheme=https"
    restart: always

  postgres:
--- a/deployments/examples/ocis_traefik/config/.gitignore
+++ b/deployments/examples/ocis_traefik/config/.gitignore
@@ -1 +0,0 @@
-identifier-registration.yaml
--- a/deployments/examples/ocis_traefik/config/identifier-registration.dist.yaml
+++ b/deployments/examples/ocis_traefik/config/identifier-registration.dist.yaml
@@ -1,41 +0,0 @@
---
-
-# OpenID Connect client registry.
-clients:
-  - id: web
-    name: OCIS
-    application_type: web
-    insecure: yes
-    trusted: yes
-    redirect_uris:
-      - https://ocis.owncloud.test/
-      - https://ocis.owncloud.test/oidc-callback.html
-      - https://ocis.owncloud.test/oidc-silent-redirect.html
-    origins:
-      - https://ocis.owncloud.test
-
-  - id: ocis-explorer.js
-    name: oCIS Graph Explorer
-    trusted: yes
-    insecure: yes
-
-  - id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
-    secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
-    name: ownCloud desktop app
-    application_type: native
-    insecure: true
-
-  - id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
-    secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
-    name: ownCloud Android app
-    application_type: native
-    redirect_uris:
-      - oc://android.owncloud.com
-
-  - id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
-    secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
-    name: ownCloud iOS app
-    application_type: native
-    redirect_uris:
-      - oc://ios.owncloud.com
-      - oc.ios://ios.owncloud.com
--- a/deployments/examples/ocis_traefik/docker-compose.yml
+++ b/deployments/examples/ocis_traefik/docker-compose.yml
@@ -18,6 +18,7 @@ services:
      - "--entryPoints.https.address=:443"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedByDefault=false"
+      - "--serversTransport.insecureSkipVerify=true" # oCIS uses self generated certificate
    ports:
      - "80:80"
      - "443:443"
@@ -41,32 +42,13 @@ services:

  ocis:
    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
-    entrypoint:
-      - /bin/sh
-      - -c
-      - | # as long as https://github.com/owncloud/product/issues/15 is open we need this step to template konnectd config
-        cp /config/identifier-registration.dist.yaml /config/identifier-registration.yaml
-        sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/identifier-registration.yaml
-        ocis server
    networks:
      default:
    environment:
-      # general config
      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
-      # proxy config
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
-      PROXY_TLS: "false"
-      # web config
-      WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      # storage config
-      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
-      # idp config
-      KONNECTD_TLS: 'false'
-      # thumbnail config
-      THUMBNAILS_WEBDAVSOURCE_BASEURL: http://localhost:9200/remote.php/webdav/
+      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
    volumes:
-      - ./config:/config
      - ocis-data:/var/tmp/ocis
    labels:
      - "traefik.enable=true"
@@ -80,6 +62,7 @@ services:
      - "traefik.http.routers.ocis-secure.tls.certresolver=http"
      - "traefik.http.routers.ocis-secure.service=ocis"
      - "traefik.http.services.ocis.loadbalancer.server.port=9200"
+      - "traefik.http.services.ocis.loadbalancer.server.scheme=https"
    restart: always

 volumes: