mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-02-14 08:09:14 -06:00
d311d415b1
This deployment scenario shows how to use ocis as frontend for an existing ownCloud 10 production installation. It enables ownCloud 10 users to log in and work with their files using the new ocis-web UI. While the scenario includes an ownCloud 10 instance, it only exists to show the necessary configuration for your already existing ownCloud 10 installation. The setup can be used for: - Trying out the new UI on ownCloud 10. Users can switch dynamically - It is a prequisite for future zero-downtime migrations. Co-authored-by: Ilja Neumann <ineumann@owncloud.com> Co-authored-by: Jan Müller <jan.mueller@catdev.io> Co-authored-by: Phil Davis <phil@jankaritech.com>
187 lines
6.1 KiB
YAML
187 lines
6.1 KiB
YAML
version: '3.7'
|
|
|
|
volumes:
|
|
files:
|
|
driver: local
|
|
mysql:
|
|
driver: local
|
|
backup:
|
|
driver: local
|
|
redis:
|
|
driver: local
|
|
tmp:
|
|
driver: local
|
|
letsencrypt:
|
|
driver: local
|
|
|
|
services:
|
|
traefik:
|
|
image: "traefik:v2.2"
|
|
container_name: "traefik"
|
|
command:
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--serverstransport.insecureskipverify=true"
|
|
# Ocis certificate resolver
|
|
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
|
|
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
|
|
- "--certificatesresolvers.ocis.acme.email=user@${OCIS_DOMAIN}"
|
|
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme-ocis.json"
|
|
# OC10 certificate resolver
|
|
- "--certificatesresolvers.oc10.acme.tlschallenge=true"
|
|
- "--certificatesresolvers.oc10.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
|
|
- "--certificatesresolvers.oc10.acme.email=user@${OCIS_DOMAIN}"
|
|
- "--certificatesresolvers.oc10.acme.storage=/letsencrypt/acme-oc10.json"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "8080:8080"
|
|
volumes:
|
|
- "letsencrypt:/letsencrypt"
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
networks:
|
|
default:
|
|
aliases:
|
|
- ${OC10_DOMAIN}
|
|
- ${OCIS_DOMAIN}
|
|
|
|
owncloud:
|
|
build:
|
|
context: ./oc10
|
|
dockerfile: Dockerfile
|
|
expose:
|
|
- "8080"
|
|
depends_on:
|
|
- db
|
|
- redis
|
|
environment:
|
|
OCIS_DOMAIN: ${OCIS_DOMAIN}
|
|
PROXY_LOG_LEVEL: debug
|
|
OWNCLOUD_DOMAIN: ${OC10_DOMAIN}
|
|
OWNCLOUD_DB_TYPE: mysql
|
|
OWNCLOUD_DB_NAME: owncloud
|
|
OWNCLOUD_DB_USERNAME: owncloud
|
|
OWNCLOUD_DB_PASSWORD: owncloud
|
|
OWNCLOUD_DB_HOST: db
|
|
OWNCLOUD_ADMIN_USERNAME: admin
|
|
OWNCLOUD_ADMIN_PASSWORD: admin
|
|
OWNCLOUD_MYSQL_UTF8MB4: "true"
|
|
OWNCLOUD_REDIS_ENABLED: "true"
|
|
OWNCLOUD_REDIS_HOST: redis
|
|
OWNCLOUD_DEBUG: "true"
|
|
OWNCLOUD_TRUSTED_PROXIES: ${OC10_DOMAIN}
|
|
OWNCLOUD_OVERWRITE_PROTOCOL: https
|
|
OWNCLOUD_OVERWRITE_HOST: ${OC10_DOMAIN}
|
|
OWNCLOUD_APPS_ENABLE: "openidconnect,oauth2,user_ldap,graphapi"
|
|
OWNCLOUD_LOG_LEVEL: 0
|
|
volumes:
|
|
- files:/mnt/data
|
|
- tmp:/tmp/shared
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.oc10.loadbalancer.server.port=8080"
|
|
- "traefik.docker.network=ocisnet"
|
|
- "traefik.protocol=https"
|
|
# ssl config
|
|
- "traefik.http.routers.oc10.rule=Host(`${OC10_DOMAIN}`)"
|
|
- "traefik.http.routers.oc10.entrypoints=websecure"
|
|
- "traefik.http.routers.oc10.tls.certresolver=oc10"
|
|
# http -> https forwarding
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.oc10-redirs.rule=Host(`${OC10_DOMAIN}`)"
|
|
- "traefik.http.routers.oc10-redirs.entrypoints=web"
|
|
- "traefik.http.routers.oc10-redirs.middlewares=redirect-to-https"
|
|
|
|
ocis:
|
|
build:
|
|
context: ./ocis
|
|
dockerfile: Dockerfile
|
|
args:
|
|
OCIS_DOMAIN: ${OCIS_DOMAIN}
|
|
OC10_DOMAIN: ${OC10_DOMAIN}
|
|
ports:
|
|
- 9200:9200
|
|
environment:
|
|
OCIS_LOG_LEVEL: debug
|
|
# proxy
|
|
PROXY_CONFIG_FILE: "/config/proxy-config.json"
|
|
PROXY_TLS: "false"
|
|
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN}
|
|
PROXY_AUTOPROVISION_ACCOUNTS: "true"
|
|
PROXY_OIDC_INSECURE: "${INSECURE}"
|
|
# konnectd - binddn must exist as oc10 admin user
|
|
KONNECTD_ISS: https://${OCIS_DOMAIN}
|
|
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
|
|
KONNECTD_TLS: 0
|
|
KONNECTD_SIGNING_KID: super
|
|
KONNECTD_INSECURE: "${INSECURE}"
|
|
LDAP_URI: ldap://localhost:9125
|
|
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
|
|
LDAP_BINDPW: "admin"
|
|
LDAP_BASEDN: "dc=example,dc=org"
|
|
LDAP_SCOPE: sub
|
|
LDAP_LOGIN_ATTRIBUTE: uid
|
|
LDAP_EMAIL_ATTRIBUTE: mail
|
|
LDAP_NAME_ATTRIBUTE: givenName
|
|
LDAP_UUID_ATTRIBUTE: uid
|
|
LDAP_UUID_ATTRIBUTE_TYPE: text
|
|
LDAP_FILTER: "(objectClass=posixaccount)"
|
|
# glauth
|
|
GLAUTH_BACKEND_DATASTORE: owncloud
|
|
GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN}/apps/graphapi/v1.0
|
|
GLAUTH_BACKEND_INSECURE: "${INSECURE}"
|
|
# graph
|
|
GRAPH_OIDC_ENDPOINT: https://${OC10_DOMAIN}/apps/graphapi/v1.0
|
|
# web ui
|
|
PHOENIX_WEB_CONFIG: "/config/web/config.json"
|
|
# storage - although not used, yet
|
|
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN}
|
|
STORAGE_OIDC_INSECURE: "${INSECURE}"
|
|
STORAGE_TRANSFER_EXPIRES: 86400
|
|
STORAGE_FRONTEND_URL: https://${OCIS_DOMAIN}
|
|
STORAGE_DATAGATEWAY_URL: https://${OCIS_DOMAIN}/data
|
|
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN}
|
|
volumes:
|
|
- ./ocis/config/proxy-config.json:/etc/ocis/proxy.json
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
|
|
- "traefik.docker.network=ocisnet"
|
|
- "traefik.protocol=https"
|
|
# ssl config
|
|
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
|
|
- "traefik.http.routers.ocis.entrypoints=websecure"
|
|
- "traefik.http.routers.ocis.tls.certresolver=ocis"
|
|
# http -> https forwarding
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
- "traefik.http.routers.ocis-redirs.rule=Host(`${OCIS_DOMAIN}`)"
|
|
- "traefik.http.routers.ocis-redirs.entrypoints=web"
|
|
- "traefik.http.routers.ocis-redirs.middlewares=redirect-to-https"
|
|
db:
|
|
image: webhippie/mariadb:latest
|
|
restart: always
|
|
environment:
|
|
MARIADB_ROOT_PASSWORD: owncloud
|
|
MARIADB_USERNAME: owncloud
|
|
MARIADB_PASSWORD: owncloud
|
|
MARIADB_DATABASE: owncloud
|
|
MARIADB_MAX_ALLOWED_PACKET: 128M
|
|
MARIADB_INNODB_LOG_FILE_SIZE: 256M
|
|
healthcheck:
|
|
test: ["CMD", "/usr/bin/healthcheck"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 5
|
|
volumes:
|
|
- mysql:/var/lib/mysql
|
|
- backup:/var/lib/backup
|
|
|
|
redis:
|
|
image: webhippie/redis:latest
|
|
environment:
|
|
- REDIS_DATABASES=1
|
|
volumes:
|
|
- redis:/var/lib/redis
|