## Basic Settings ## # Define the docker compose log driver used. # Defaults to local LOG_DRIVER= # If you're on an internet facing server, comment out following line. # It skips certificate validation for various parts of OpenCloud and is # needed when self signed certificates are used. INSECURE=true ## Traefik Settings ## # Note: Traefik is always enabled and can't be disabled. # Serve Traefik dashboard. # Defaults to "false". TRAEFIK_DASHBOARD= # Domain of Traefik, where you can find the dashboard. # Defaults to "traefik.opencloud.test" TRAEFIK_DOMAIN= # Basic authentication for the traefik dashboard. # Defaults to user "admin" and password "admin" (written as: "admin:$2y$05$KDHu3xq92SPaO3G8Ybkc7edd51pPLJcG1nWk3lmlrIdANQ/B6r5pq"). # To create user:password pair, it's possible to use this command: # echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g TRAEFIK_BASIC_AUTH_USERS= # Email address for obtaining LetsEncrypt certificates. # Needs only be changed if this is a public facing server. TRAEFIK_ACME_MAIL= # Set to the following for testing to check the certificate process: # "https://acme-staging-v02.api.letsencrypt.org/directory" # With staging configured, there will be an SSL error in the browser. # When certificates are displayed and are emitted by # "Fake LE Intermediate X1", # the process went well and the envvar can be reset to empty to get valid certificates. TRAEFIK_ACME_CASERVER= ## OpenCloud Settings ## # Beside Traefik, this service must stay enabled. # Disable only for testing purposes. # Note: the leading colon is required to enable the service. OPENCLOUD=:opencloud.yml # The opencloud container image. # For production releases: "opencloudeu/opencloud" # For rolling releases: "opencloudeu/opencloud-rolling" # Defaults to production if not set otherwise OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling # The openCloud container version. # Defaults to "latest" and points to the latest stable tag. OC_DOCKER_TAG= # Domain of openCloud, where you can find the frontend. # Defaults to "cloud.opencloud.test" OC_DOMAIN= # openCloud admin user password. Defaults to "admin". ADMIN_PASSWORD= # Demo users should not be created on a production instance, # because their passwords are public. Defaults to "false". # If demo users is set to "true", the following user accounts are created automatically: # alan, mary, margaret, dennis and lynn - the password is 'demo' for all. DEMO_USERS= # Define the openCloud loglevel used. # LOG_LEVEL= # Define the kind of logging. # The default log can be read by machines. # Set this to true to make the log human readable. # LOG_PRETTY=true # # Define the openCloud storage location. Set the paths for config and data to a local path. # Ensure that the configuration and data directories are owned by the user and group with ID 1000:1000. # This matches the default user inside the container and avoids permission issues when accessing files. # Note that especially the data directory can grow big. # Leaving it default stores data in docker internal volumes. # OC_CONFIG_DIR=/your/local/opencloud/config # OC_DATA_DIR=/your/local/opencloud/data # S3 Storage configuration - optional # OpenCloud supports S3 storage as primary storage. # Per default, S3 storage is disabled and the decomposed storage driver is used. # To enable S3 storage, uncomment the following line and configure the S3 storage. # For more details see: # https://docs.opencloud.eu/docs/admin/configuration/storage-decomposeds3 # Note: the leading colon is required to enable the service. #DECOMPOSEDS3=:decomposeds3.yml # Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes. DECOMPOSEDS3_ENDPOINT= # S3 region. Defaults to "default". DECOMPOSEDS3_REGION= # S3 access key. Defaults to "opencloud" DECOMPOSEDS3_ACCESS_KEY= # S3 secret. Defaults to "opencloud-secret-key" DECOMPOSEDS3_SECRET_KEY= # S3 bucket. Defaults to "opencloud" DECOMPOSEDS3_BUCKET= # # For testing purposes, add local minio S3 storage to the docker-compose file. # The leading colon is required to enable the service. #DECOMPOSEDS3_MINIO=:minio.yml # Minio domain. Defaults to "minio.opencloud.test". MINIO_DOMAIN= # OpenCloud uses POSIX storage as the default primary storage. # By default, Decomposed storage is disabled, and the POSIX storage driver is used. # To enable Decomposed storage, uncomment the following line. # Note: the leading colon is required to enable the service. #DECOMPOSED=:decomposed.yml # Define SMTP settings if you would like to send OpenCloud email notifications. # # NOTE: when configuring Inbucket, these settings have no effect, see inbucket.yml for details. # SMTP host to connect to. SMTP_HOST= # Port of the SMTP host to connect to. SMTP_PORT= # An eMail address that is used for sending OpenCloud notification eMails # like "opencloud notifications ". SMTP_SENDER= # Username for the SMTP host to connect to. SMTP_USERNAME= # Password for the SMTP host to connect to. SMTP_PASSWORD= # Authentication method for the SMTP communication. SMTP_AUTHENTICATION= # Encryption method for the SMTP communication. Possible values are 'starttls', 'ssltls' and 'none' SMTP_TRANSPORT_ENCRYPTION= # Allow insecure connections to the SMTP server. Defaults to false. SMTP_INSECURE= # Addititional services to be started on opencloud startup # The following list of services is not startet automatically and must be # manually defined for startup: # IMPORTANT: The notification service is MANDATORY, do not delete! # IMPORTANT: Add any services to the startup list comma separated like "notifications,antivirus" etc. START_ADDITIONAL_SERVICES="notifications" ## openCloud Web Extensions ## # It is possible to use the openCloud Web Extensions to add custom functionality to the openCloud frontend. # For more details see https://github.com/opencloud-eu/web-extensions/blob/main/README.md # Note: the leading colon is required to enable the service. # Enable this to create a new named volume EXTENSIONS=:web_extensions/extensions.yml # Enable the desired extensions by uncommenting the following lines. # Note: the leading colon is required to enable the service. # Note: if you want to remove a web extension, you must delete the opencloud-apps volume. It will be properly recreated on docker compose startup. UNZIP=:web_extensions/unzip.yml DRAWIO=:web_extensions/drawio.yml JSONVIEWER=:web_extensions/jsonviewer.yml PROGRESSBARS=:web_extensions/progressbars.yml EXTERNALSITES=:web_extensions/externalsites.yml # External Sites needs additional config, see the following files for more details. # - config/opencloud/apps.yaml # - config/opencloud/csp.yaml #IMPORTER=:web_extensions/importer.yml # The importer needs additional config, see the following lines for more details. ## The docker image to be used for uppy companion. COMPANION_IMAGE= # Domain of Uppy Companion. Defaults to "companion.opencloud.test". COMPANION_DOMAIN= # Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference. # Empty by default, which disables providers. COMPANION_ONEDRIVE_KEY= COMPANION_ONEDRIVE_SECRET= ## Default Enabled Services ## ### Apache Tika Content Analysis Toolkit ### # Tika (search) is disabled by default due to performance reasons. # Note: the leading colon is required to enable the service. #TIKA=:tika.yml # Set the desired docker image tag or digest. # Defaults to "latest" TIKA_IMAGE= ### IMPORTANT Note for Online Office Apps ### # To avoid app interlocking issues, you should select only one app to be active/configured. # This is due the fact that there is currently no app interlocking for the same file and one # has to wait for a lock release to open the file with another app. ### Collabora Settings ### # Collabora web office is default enabled, comment if not required. # Note: the leading colon is required to enable the service. COLLABORA=:collabora.yml # Domain of Collabora, where you can find the frontend. # Defaults to "collabora.opencloud.test" COLLABORA_DOMAIN= # Domain of the wopiserver which handles Collabora. # Defaults to "wopiserver.opencloud.test" WOPISERVER_DOMAIN= # Admin user for Collabora. # Defaults to "admin". # Collabora Admin Panel URL: # https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html COLLABORA_ADMIN_USER= # Admin password for Collabora. # Defaults to "admin". COLLABORA_ADMIN_PASSWORD= # Set to true to enable SSL handling in Collabora Online, this is only required if you are not using a reverse proxy. # Default is true if not specified. COLLABORA_SSL_ENABLE=false # If you're on an internet-facing server, enable SSL verification for Collabora Online. # Please comment out the following line: COLLABORA_SSL_VERIFICATION=false ## Supplemental Configurations ## # If you want to use supplemental configurations, # you need to uncomment lines containing :path/file.yml # and configure the service as required. ### Debugging - Monitoring ### # Note: the leading colon is required to enable the service. #MONITORING=:monitoring_tracing/monitoring.yml ### Virusscanner Settings ### # IMPORTANT: If you enable antivirus, you also MUST configure the START_ADDITIONAL_SERVICES # envvar in the OpenCloud Settings above by adding 'antivirus' to the list. # Note: the leading colon is required to enable the service. #CLAMAV=:clamav.yml # The maximum scan size the virus scanner can handle, needs adjustment in the scanner config as well. # Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB. # Defaults to "100MB" #ANTIVIRUS_MAX_SCAN_SIZE= # Usable modes: partial, skip. # Defaults to "partial" #ANTIVIRUS_MAX_SCAN_SIZE_MODE= # Image version of the ClamAV container. # Defaults to "latest"y CLAMAV_DOCKER_TAG= ### Inbucket Settings ### # Inbucket is a mail catcher tool for testing purposes. # DO NOT use in Production. # Note: the leading colon is required to enable the service. #INBUCKET=:inbucket.yml # email server (in this case inbucket acts as mail catcher). # Domain for Inbucket. Defaults to "mail.opencloud.test". INBUCKET_DOMAIN= ### Compose Configuration ### # Path separator for supplemental compose files specified in COMPOSE_FILE. COMPOSE_PATH_SEPARATOR=: ### Ldap Settings ### # LDAP is always needed for OpenCloud to store user data as there is no relational database. # The built-in LDAP server should used for testing purposes or small installations only. # For production installations, it is recommended to use an external LDAP server. # We are using OpenLDAP as the default LDAP server because it is proven to be stable and reliable. # This LDAP configuration is known to work with OpenCloud and provides a blueprint for # configuring an external LDAP server based on other products like Microsoft Active Directory or other LDAP servers. # # Note: the leading colon is required to enable the service. #LDAP=:ldap.yml # Password of LDAP user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin" LDAP_ADMIN_PASSWORD= # LDAP manager # login with uid ldapadmin and password #LDAP_MANAGER=:../shared/config/ldap/docker-compose.yml # LDAP manager domain. Defaults to "ldap.opencloud.test" LDAP_MANAGER_DOMAIN= ### LibreGraph Connect (lico) IDP ### # LibreGraph Connect (lico) implements an OpenID provider (OP) with integrated web login and consent forms. # Text hint that appears within the username input field on the sign-in page IDP_DEFAULT_SIGNIN_PAGE_TEXT= ### Keycloak Settings ### # Keycloak is an open-source identity and access management solution. # We are using Keycloak as the default identity provider on production installations. # It can be used to federate authentication with other identity providers like # Microsoft Entra ID, ADFS or other SAML/OIDC providers. # The use of Keycloak as bridge between OpenCloud and other identity providers creates more control over the # authentication process, the allowed clients and the session management. # Keycloak also manages the Role Based Access Control (RBAC) for OpenCloud. # Keycloak can be used in two different modes: # 1. Autoprovisioning: New are automatically created in openCloud when they log in for the first time. # 2. Shared User Directory: Users are created in Keycloak and can be used in OpenCloud immediately # because the LDAP server is connected to both Keycloak and OpenCloud. # Note: the leading colon is required to enable the service. #KEYCLOAK=:keycloak.yml # Domain for Keycloak. Defaults to "keycloak.opencloud.test". KEYCLOAK_DOMAIN= # Realm which to be used with OpenCloud. Defaults to "OpenCloud" KEYCLOAK_REALM= # Admin user login name. Defaults to "admin" KEYCLOAK_ADMIN_USER= # Admin user login password. Defaults to "admin" KEYCLOAK_ADMIN_PASSWORD= # Autoprovisioning mode. Defaults to "true" #KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml ### Radicale Setting ### # Radicale is a small open-source CalDAV (calendars, to-do lists) and CardDAV (contacts) server. # When enabled OpenCloud is configured as a reverse proxy for Radicale, providing all authenticated # OpenCloud users access to a Personal Calendar and Addressbook #RADICALE=:radicale.yml # Docker image to use for the Radicale Container #RADICALE_DOCKER_IMAGE=opencloudeu/radicale # Docker tag to pull for the Radicale Container #RADICALE_DOCKER_TAG=latest # Define the storage location for the Radicale data. Set the path to a local path. # Ensure that the configuration and data directories are owned by the user and group with ID 1000:1000. # This matches the default user inside the container and avoids permission issues when accessing files. # Leaving it default stores data in docker internal volumes. #RADICALE_DATA_DIR=/your/local/radicale/data ### Stalwart Settings ### # Note: the leading colon is required to enable the service. #STALWART=:stalwart.yml # Domain of Stalwart # Defaults to "stalwart.opencloud.test" STALWART_DOMAIN= ## IMPORTANT ## # This MUST be the last line as it assembles the supplemental compose files to be used. # ALL supplemental configs must be added here, whether commented or not. # Each var must either be empty or contain :path/file.yml COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${DECOMPOSED:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}${KEYCLOAK:-}${LDAP:-}${KEYCLOAK_AUTOPROVISIONING:-}${LDAP_MANAGER:-}${RADICALE:-}${STALWART:-}