mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-06 12:19:37 -06:00
5023642885
We agreed to move the 'opencloud_full' example to a new directory to avoid confusion with the supported compose examples in opencloud-compose. This commit keeps the bare-metal example in place as that is still mentioned in the documentation.
312 lines
14 KiB
Bash
312 lines
14 KiB
Bash
## Basic Settings ##
|
|
# Define the docker compose log driver used.
|
|
# Defaults to local
|
|
LOG_DRIVER=
|
|
# If you're on an internet facing server, comment out following line.
|
|
# It skips certificate validation for various parts of OpenCloud and is
|
|
# needed when self signed certificates are used.
|
|
INSECURE=true
|
|
|
|
|
|
## Traefik Settings ##
|
|
# Note: Traefik is always enabled and can't be disabled.
|
|
# Serve Traefik dashboard.
|
|
# Defaults to "false".
|
|
TRAEFIK_DASHBOARD=
|
|
# Domain of Traefik, where you can find the dashboard.
|
|
# Defaults to "traefik.opencloud.test"
|
|
TRAEFIK_DOMAIN=
|
|
# Basic authentication for the traefik dashboard.
|
|
# Defaults to user "admin" and password "admin" (written as: "admin:$2y$05$KDHu3xq92SPaO3G8Ybkc7edd51pPLJcG1nWk3lmlrIdANQ/B6r5pq").
|
|
# To create user:password pair, it's possible to use this command:
|
|
# echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
|
|
TRAEFIK_BASIC_AUTH_USERS=
|
|
# Email address for obtaining LetsEncrypt certificates.
|
|
# Needs only be changed if this is a public facing server.
|
|
TRAEFIK_ACME_MAIL=
|
|
# Set to the following for testing to check the certificate process:
|
|
# "https://acme-staging-v02.api.letsencrypt.org/directory"
|
|
# With staging configured, there will be an SSL error in the browser.
|
|
# When certificates are displayed and are emitted by # "Fake LE Intermediate X1",
|
|
# the process went well and the envvar can be reset to empty to get valid certificates.
|
|
TRAEFIK_ACME_CASERVER=
|
|
|
|
|
|
## OpenCloud Settings ##
|
|
# Beside Traefik, this service must stay enabled.
|
|
# Disable only for testing purposes.
|
|
# Note: the leading colon is required to enable the service.
|
|
OPENCLOUD=:opencloud.yml
|
|
# The opencloud container image.
|
|
# For production releases: "opencloudeu/opencloud"
|
|
# For rolling releases: "opencloudeu/opencloud-rolling"
|
|
# Defaults to production if not set otherwise
|
|
OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling
|
|
# The openCloud container version.
|
|
# Defaults to "latest" and points to the latest stable tag.
|
|
OC_DOCKER_TAG=
|
|
# Domain of openCloud, where you can find the frontend.
|
|
# Defaults to "cloud.opencloud.test"
|
|
OC_DOMAIN=
|
|
# openCloud admin user password. Defaults to "admin".
|
|
ADMIN_PASSWORD=
|
|
# Demo users should not be created on a production instance,
|
|
# because their passwords are public. Defaults to "false".
|
|
# If demo users is set to "true", the following user accounts are created automatically:
|
|
# alan, mary, margaret, dennis and lynn - the password is 'demo' for all.
|
|
DEMO_USERS=
|
|
# Define the openCloud loglevel used.
|
|
#
|
|
LOG_LEVEL=
|
|
# Define the kind of logging.
|
|
# The default log can be read by machines.
|
|
# Set this to true to make the log human readable.
|
|
# LOG_PRETTY=true
|
|
#
|
|
# Define the openCloud storage location. Set the paths for config and data to a local path.
|
|
# Ensure that the configuration and data directories are owned by the user and group with ID 1000:1000.
|
|
# This matches the default user inside the container and avoids permission issues when accessing files.
|
|
# Note that especially the data directory can grow big.
|
|
# Leaving it default stores data in docker internal volumes.
|
|
# OC_CONFIG_DIR=/your/local/opencloud/config
|
|
# OC_DATA_DIR=/your/local/opencloud/data
|
|
|
|
# S3 Storage configuration - optional
|
|
# OpenCloud supports S3 storage as primary storage.
|
|
# Per default, S3 storage is disabled and the decomposed storage driver is used.
|
|
# To enable S3 storage, uncomment the following line and configure the S3 storage.
|
|
# For more details see:
|
|
# https://docs.opencloud.eu/docs/admin/configuration/storage-decomposeds3
|
|
# Note: the leading colon is required to enable the service.
|
|
#DECOMPOSEDS3=:decomposeds3.yml
|
|
# Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes.
|
|
DECOMPOSEDS3_ENDPOINT=
|
|
# S3 region. Defaults to "default".
|
|
DECOMPOSEDS3_REGION=
|
|
# S3 access key. Defaults to "opencloud"
|
|
DECOMPOSEDS3_ACCESS_KEY=
|
|
# S3 secret. Defaults to "opencloud-secret-key"
|
|
DECOMPOSEDS3_SECRET_KEY=
|
|
# S3 bucket. Defaults to "opencloud"
|
|
DECOMPOSEDS3_BUCKET=
|
|
#
|
|
# For testing purposes, add local minio S3 storage to the docker-compose file.
|
|
# The leading colon is required to enable the service.
|
|
#DECOMPOSEDS3_MINIO=:minio.yml
|
|
# Minio domain. Defaults to "minio.opencloud.test".
|
|
MINIO_DOMAIN=
|
|
|
|
# OpenCloud uses POSIX storage as the default primary storage.
|
|
# By default, Decomposed storage is disabled, and the POSIX storage driver is used.
|
|
# To enable Decomposed storage, uncomment the following line.
|
|
# Note: the leading colon is required to enable the service.
|
|
#DECOMPOSED=:decomposed.yml
|
|
|
|
# Define SMTP settings if you would like to send OpenCloud email notifications.
|
|
#
|
|
# NOTE: when configuring Inbucket, these settings have no effect, see inbucket.yml for details.
|
|
# SMTP host to connect to.
|
|
SMTP_HOST=
|
|
# Port of the SMTP host to connect to.
|
|
SMTP_PORT=
|
|
# An eMail address that is used for sending OpenCloud notification eMails
|
|
# like "opencloud notifications <noreply@yourdomain.com>".
|
|
SMTP_SENDER=
|
|
# Username for the SMTP host to connect to.
|
|
SMTP_USERNAME=
|
|
# Password for the SMTP host to connect to.
|
|
SMTP_PASSWORD=
|
|
# Authentication method for the SMTP communication.
|
|
SMTP_AUTHENTICATION=
|
|
# Encryption method for the SMTP communication. Possible values are 'starttls', 'ssltls' and 'none'
|
|
SMTP_TRANSPORT_ENCRYPTION=
|
|
# Allow insecure connections to the SMTP server. Defaults to false.
|
|
SMTP_INSECURE=
|
|
|
|
# Addititional services to be started on opencloud startup
|
|
# The following list of services is not startet automatically and must be
|
|
# manually defined for startup:
|
|
# IMPORTANT: The notification service is MANDATORY, do not delete!
|
|
# IMPORTANT: Add any services to the startup list comma separated like "notifications,antivirus" etc.
|
|
START_ADDITIONAL_SERVICES="notifications"
|
|
|
|
|
|
## openCloud Web Extensions ##
|
|
# It is possible to use the openCloud Web Extensions to add custom functionality to the openCloud frontend.
|
|
# For more details see https://github.com/opencloud-eu/web-extensions/blob/main/README.md
|
|
# Note: the leading colon is required to enable the service.
|
|
# Enable this to create a new named volume
|
|
EXTENSIONS=:web_extensions/extensions.yml
|
|
# Enable the desired extensions by uncommenting the following lines.
|
|
# Note: the leading colon is required to enable the service.
|
|
# Note: if you want to remove a web extension, you must delete the opencloud-apps volume. It will be properly recreated on docker compose startup.
|
|
UNZIP=:web_extensions/unzip.yml
|
|
DRAWIO=:web_extensions/drawio.yml
|
|
JSONVIEWER=:web_extensions/jsonviewer.yml
|
|
PROGRESSBARS=:web_extensions/progressbars.yml
|
|
EXTERNALSITES=:web_extensions/externalsites.yml
|
|
# External Sites needs additional config, see the following files for more details.
|
|
# - config/opencloud/apps.yaml
|
|
# - config/opencloud/csp.yaml
|
|
#IMPORTER=:web_extensions/importer.yml
|
|
# The importer needs additional config, see the following lines for more details.
|
|
## The docker image to be used for uppy companion.
|
|
COMPANION_IMAGE=
|
|
# Domain of Uppy Companion. Defaults to "companion.opencloud.test".
|
|
COMPANION_DOMAIN=
|
|
# Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference.
|
|
# Empty by default, which disables providers.
|
|
COMPANION_ONEDRIVE_KEY=
|
|
COMPANION_ONEDRIVE_SECRET=
|
|
|
|
|
|
## Default Enabled Services ##
|
|
|
|
### Apache Tika Content Analysis Toolkit ###
|
|
# Tika (search) is disabled by default due to performance reasons.
|
|
# Note: the leading colon is required to enable the service.
|
|
#TIKA=:tika.yml
|
|
# Set the desired docker image tag or digest.
|
|
# Defaults to "latest"
|
|
TIKA_IMAGE=
|
|
|
|
### IMPORTANT Note for Online Office Apps ###
|
|
# To avoid app interlocking issues, you should select only one app to be active/configured.
|
|
# This is due the fact that there is currently no app interlocking for the same file and one
|
|
# has to wait for a lock release to open the file with another app.
|
|
|
|
### Collabora Settings ###
|
|
# Collabora web office is default enabled, comment if not required.
|
|
# Note: the leading colon is required to enable the service.
|
|
COLLABORA=:collabora.yml
|
|
# Domain of Collabora, where you can find the frontend.
|
|
# Defaults to "collabora.opencloud.test"
|
|
COLLABORA_DOMAIN=
|
|
# Domain of the wopiserver which handles Collabora.
|
|
# Defaults to "wopiserver.opencloud.test"
|
|
WOPISERVER_DOMAIN=
|
|
# Admin user for Collabora.
|
|
# Defaults to "admin".
|
|
# Collabora Admin Panel URL:
|
|
# https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html
|
|
COLLABORA_ADMIN_USER=
|
|
# Admin password for Collabora.
|
|
# Defaults to "admin".
|
|
COLLABORA_ADMIN_PASSWORD=
|
|
# Set to true to enable SSL handling in Collabora Online, this is only required if you are not using a reverse proxy.
|
|
# Default is true if not specified.
|
|
COLLABORA_SSL_ENABLE=false
|
|
# If you're on an internet-facing server, enable SSL verification for Collabora Online.
|
|
# Please comment out the following line:
|
|
COLLABORA_SSL_VERIFICATION=false
|
|
|
|
|
|
## Supplemental Configurations ##
|
|
# If you want to use supplemental configurations,
|
|
# you need to uncomment lines containing :path/file.yml
|
|
# and configure the service as required.
|
|
|
|
|
|
### Debugging - Monitoring ###
|
|
# Note: the leading colon is required to enable the service.
|
|
#MONITORING=:monitoring_tracing/monitoring.yml
|
|
|
|
|
|
### Virusscanner Settings ###
|
|
# IMPORTANT: If you enable antivirus, you also MUST configure the START_ADDITIONAL_SERVICES
|
|
# envvar in the OpenCloud Settings above by adding 'antivirus' to the list.
|
|
# Note: the leading colon is required to enable the service.
|
|
#CLAMAV=:clamav.yml
|
|
# The maximum scan size the virus scanner can handle, needs adjustment in the scanner config as well.
|
|
# Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB.
|
|
# Defaults to "100MB"
|
|
#ANTIVIRUS_MAX_SCAN_SIZE=
|
|
# Usable modes: partial, skip.
|
|
# Defaults to "partial"
|
|
#ANTIVIRUS_MAX_SCAN_SIZE_MODE=
|
|
# Image version of the ClamAV container.
|
|
# Defaults to "latest"y
|
|
CLAMAV_DOCKER_TAG=
|
|
|
|
|
|
### Inbucket Settings ###
|
|
# Inbucket is a mail catcher tool for testing purposes.
|
|
# DO NOT use in Production.
|
|
# Note: the leading colon is required to enable the service.
|
|
#INBUCKET=:inbucket.yml
|
|
# email server (in this case inbucket acts as mail catcher).
|
|
# Domain for Inbucket. Defaults to "mail.opencloud.test".
|
|
INBUCKET_DOMAIN=
|
|
|
|
### Compose Configuration ###
|
|
# Path separator for supplemental compose files specified in COMPOSE_FILE.
|
|
COMPOSE_PATH_SEPARATOR=:
|
|
|
|
### Ldap Settings ###
|
|
# LDAP is always needed for OpenCloud to store user data as there is no relational database.
|
|
# The built-in LDAP server should used for testing purposes or small installations only.
|
|
# For production installations, it is recommended to use an external LDAP server.
|
|
# We are using OpenLDAP as the default LDAP server because it is proven to be stable and reliable.
|
|
# This LDAP configuration is known to work with OpenCloud and provides a blueprint for
|
|
# configuring an external LDAP server based on other products like Microsoft Active Directory or other LDAP servers.
|
|
#
|
|
# Note: the leading colon is required to enable the service.
|
|
#LDAP=:ldap.yml
|
|
# Password of LDAP user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin"
|
|
LDAP_ADMIN_PASSWORD=
|
|
# LDAP manager
|
|
# login with uid ldapadmin and password
|
|
#LDAP_MANAGER=:../shared/config/ldap/docker-compose.yml
|
|
# LDAP manager domain. Defaults to "ldap.opencloud.test"
|
|
LDAP_MANAGER_DOMAIN=
|
|
|
|
### LibreGraph Connect (lico) IDP ###
|
|
# LibreGraph Connect (lico) implements an OpenID provider (OP) with integrated web login and consent forms.
|
|
# Text hint that appears within the username input field on the sign-in page
|
|
IDP_DEFAULT_SIGNIN_PAGE_TEXT=
|
|
|
|
### Keycloak Settings ###
|
|
# Keycloak is an open-source identity and access management solution.
|
|
# We are using Keycloak as the default identity provider on production installations.
|
|
# It can be used to federate authentication with other identity providers like
|
|
# Microsoft Entra ID, ADFS or other SAML/OIDC providers.
|
|
# The use of Keycloak as bridge between OpenCloud and other identity providers creates more control over the
|
|
# authentication process, the allowed clients and the session management.
|
|
# Keycloak also manages the Role Based Access Control (RBAC) for OpenCloud.
|
|
# Keycloak can be used in two different modes:
|
|
# 1. Autoprovisioning: New are automatically created in openCloud when they log in for the first time.
|
|
# 2. Shared User Directory: Users are created in Keycloak and can be used in OpenCloud immediately
|
|
# because the LDAP server is connected to both Keycloak and OpenCloud.
|
|
# Note: the leading colon is required to enable the service.
|
|
#KEYCLOAK=:keycloak.yml
|
|
# Domain for Keycloak. Defaults to "keycloak.opencloud.test".
|
|
KEYCLOAK_DOMAIN=
|
|
# Realm which to be used with OpenCloud. Defaults to "OpenCloud"
|
|
KEYCLOAK_REALM=
|
|
# Admin user login name. Defaults to "admin"
|
|
KEYCLOAK_ADMIN_USER=
|
|
# Admin user login password. Defaults to "admin"
|
|
KEYCLOAK_ADMIN_PASSWORD=
|
|
# Autoprovisioning mode. Defaults to "true"
|
|
#KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml
|
|
|
|
### Radicale Setting ###
|
|
# Radicale is a small open-source CalDAV (calendars, to-do lists) and CardDAV (contacts) server.
|
|
# When enabled OpenCloud is configured as a reverse proxy for Radicale, providing all authenticated
|
|
# OpenCloud users access to a Personal Calendar and Addressbook
|
|
#RADICALE=:radicale.yml
|
|
# Docker image to use for the Radicale Container
|
|
#RADICALE_DOCKER_IMAGE=opencloudeu/radicale
|
|
# Docker tag to pull for the Radicale Container
|
|
#RADICALE_DOCKER_TAG=latest
|
|
# Define the storage location for the Radicale data. Set the path to a local path.
|
|
# Ensure that the configuration and data directories are owned by the user and group with ID 1000:1000.
|
|
# This matches the default user inside the container and avoids permission issues when accessing files.
|
|
# Leaving it default stores data in docker internal volumes.
|
|
#RADICALE_DATA_DIR=/your/local/radicale/data
|
|
|
|
## IMPORTANT ##
|
|
# This MUST be the last line as it assembles the supplemental compose files to be used.
|
|
# ALL supplemental configs must be added here, whether commented or not.
|
|
# Each var must either be empty or contain :path/file.yml
|
|
COMPOSE_FILE=docker-compose.yml${OPENCLOUD:-}${TIKA:-}${DECOMPOSEDS3:-}${DECOMPOSEDS3_MINIO:-}${DECOMPOSED:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}${KEYCLOAK:-}${LDAP:-}${KEYCLOAK_AUTOPROVISIONING:-}${LDAP_MANAGER:-}${RADICALE:-} |