mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-02-16 10:29:34 -06:00
147 lines
6.8 KiB
YAML
147 lines
6.8 KiB
YAML
---
|
|
version: "3.7"
|
|
|
|
services:
|
|
traefik:
|
|
image: "traefik:v2.3"
|
|
networks:
|
|
default:
|
|
aliases:
|
|
- ${OCIS_DOMAIN:-ocis.owncloud.test}
|
|
command:
|
|
#- "--log.level=DEBUG"
|
|
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-'example@example.org'}"
|
|
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
|
|
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
|
|
- "--api.dashboard=true"
|
|
- "--entryPoints.http.address=:80"
|
|
- "--entryPoints.https.address=:443"
|
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
|
- "--providers.docker.exposedByDefault=false"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "certs:/certs"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.traefik.entrypoints=http"
|
|
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
|
|
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
|
|
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
|
|
- "traefik.http.routers.traefik-secure.entrypoints=https"
|
|
- "traefik.http.routers.traefik-secure.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
|
|
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
|
|
- "traefik.http.routers.traefik-secure.tls=true"
|
|
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
|
|
- "traefik.http.routers.traefik-secure.service=api@internal"
|
|
restart: always
|
|
|
|
ocis:
|
|
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
|
|
entrypoint:
|
|
- /bin/sh
|
|
- -c
|
|
- | # as long as https://github.com/owncloud/product/issues/15 is open we need this step to template konnectd config
|
|
cp /config/identifier-registration.dist.yaml /config/identifier-registration.yaml
|
|
sed -i 's/ocis.owncloud.test/${OCIS_DOMAIN:-ocis.owncloud.test}/g' /config/identifier-registration.yaml
|
|
ocis server
|
|
depends_on:
|
|
- ldap-server
|
|
environment:
|
|
# CS3 users frpm ldap specific config
|
|
PROXY_CONFIG_FILE: "/config/proxy-config.json"
|
|
LDAP_FILTER: "(&(objectclass=inetOrgPerson)(objectClass=owncloud))"
|
|
LDAP_URI: ldap://ldap-server:389
|
|
LDAP_BINDDN: "cn=admin,dc=owncloud,dc=test"
|
|
LDAP_BINDPW: ${LDAP_ADMIN_PASSWORD:-admin}
|
|
LDAP_BASEDN: "dc=owncloud,dc=test"
|
|
LDAP_LOGIN_ATTRIBUTE: uid
|
|
LDAP_UUID_ATTRIBUTE: "ownclouduuid"
|
|
LDAP_UUID_ATTRIBUTE_TYPE: binary
|
|
PROXY_ACCOUNT_BACKEND_TYPE: cs3
|
|
STORAGE_LDAP_HOSTNAME: ldap-server
|
|
STORAGE_LDAP_PORT: 636
|
|
STORAGE_LDAP_BASE_DN: "dc=owncloud,dc=test"
|
|
STORAGE_LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=test"
|
|
STORAGE_LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
|
|
STORAGE_LDAP_LOGINFILTER: '(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(uid={{login}})(mail={{login}})))'
|
|
STORAGE_LDAP_USERFILTER: '(&(objectclass=inetOrgPerson)(objectclass=owncloud)(|(ownclouduuid={{.OpaqueId}})(uid={{.OpaqueId}})))'
|
|
STORAGE_LDAP_ATTRIBUTEFILTER: '(&(objectclass=owncloud)({{attr}}={{value}}))'
|
|
STORAGE_LDAP_FINDFILTER: '(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
|
|
STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
|
|
# General ocis config
|
|
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
|
|
OCIS_LOG_LEVEL: error
|
|
# proxy config
|
|
PROXY_OIDC_INSECURE: "${INSECURE:-false}"
|
|
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
|
PROXY_TLS: "false"
|
|
# phoenix config
|
|
PHOENIX_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
|
PHOENIX_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/.well-known/openid-configuration
|
|
PHOENIX_WEB_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
|
|
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
|
# storage config
|
|
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
|
|
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
|
|
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
|
# idp config
|
|
KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
|
|
KONNECTD_TLS: 'false'
|
|
volumes:
|
|
- ./config/ocis:/config
|
|
- ocis-data:/var/tmp/ocis
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.ocis.entrypoints=http"
|
|
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
|
|
- "traefik.http.middlewares.ocis-https-redirect.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.ocis.middlewares=ocis-https-redirect"
|
|
- "traefik.http.routers.ocis-secure.entrypoints=https"
|
|
- "traefik.http.routers.ocis-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
|
|
- "traefik.http.routers.ocis-secure.tls=true"
|
|
- "traefik.http.routers.ocis-secure.tls.certresolver=http"
|
|
- "traefik.http.routers.ocis-secure.service=ocis"
|
|
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
|
|
restart: always
|
|
|
|
ldap-server:
|
|
image: osixia/openldap:latest
|
|
command: --copy-service --loglevel debug
|
|
environment:
|
|
LDAP_TLS_VERIFY_CLIENT: never
|
|
LDAP_DOMAIN: owncloud.test
|
|
LDAP_ORGANISATION: ownCloud
|
|
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
|
|
LDAP_RFC2307BIS_SCHEMA: "true"
|
|
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
|
|
volumes:
|
|
- ./config/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
|
|
restart: always
|
|
|
|
ldap-manager:
|
|
image: osixia/phpldapadmin:0.9.0
|
|
environment:
|
|
PHPLDAPADMIN_LDAP_HOSTS: ldap-server
|
|
PHPLDAPADMIN_HTTPS: "false"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.ldap-manager.entrypoints=http"
|
|
- "traefik.http.routers.ldap-manager.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)"
|
|
- "traefik.http.middlewares.ldap-manager-https-redirect.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.ldap-manager.middlewares=ldap-manager-https-redirect"
|
|
- "traefik.http.routers.ldap-manager-secure.entrypoints=https"
|
|
- "traefik.http.routers.ldap-manager-secure.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)"
|
|
- "traefik.http.routers.ldap-manager-secure.tls=true"
|
|
- "traefik.http.routers.ldap-manager-secure.tls.certresolver=http"
|
|
- "traefik.http.routers.ldap-manager-secure.service=ldap-manager"
|
|
- "traefik.http.services.ldap-manager.loadbalancer.server.port=80"
|
|
restart: always
|
|
|
|
volumes:
|
|
certs:
|
|
ocis-data:
|