diff --git a/deployments/examples/ocis_full/.env b/deployments/examples/ocis_full/.env index ca5ec4197cf..9cf8a49a3b5 100644 --- a/deployments/examples/ocis_full/.env +++ b/deployments/examples/ocis_full/.env @@ -12,7 +12,7 @@ INSECURE=true # Note: Traefik is always enabled and can't be disabled. # Serve Traefik dashboard. # Defaults to "false". -TRAEFIK_DASHBOARD= +TRAEFIK_DASHBOARD=true # Domain of Traefik, where you can find the dashboard. # Defaults to "traefik.owncloud.test" TRAEFIK_DOMAIN= @@ -227,3 +227,14 @@ INBUCKET_DOMAIN= # ALL supplemental configs must be added here, whether commented or not. # Each var must either be empty or contain :path/file.yml COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-} + +### OCM Settings ### +# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://owncloud.dev/services/ocm/ +# There are several setting files that do not allow variables like ocm.providers.json, ocis.web.config.json, ocis.ocm.web.config.json +# This files need to be configured manualy for the real valuse of the OCIS_OCM_DOMAIN and OCIS_DOMAIN +# Domain of oCIS OCM instace, where you can find the frontend. +# Defaults to "ocis.ocm.owncloud.test" +OCIS_OCM_DOMAIN= +# An eMail address that is used for sending Infinite Scale notification eMails +# like "ocis notifications ". +SMTP_SENDER= diff --git a/deployments/examples/ocis_full/collabora-ocm.yml b/deployments/examples/ocis_full/collabora-ocm.yml new file mode 100644 index 00000000000..e9faadfee9e --- /dev/null +++ b/deployments/examples/ocis_full/collabora-ocm.yml @@ -0,0 +1,83 @@ +--- +services: + traefik: + networks: + ocis-ocm-net: + aliases: + - ${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test} + - ${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test} + ocis-ocm: + environment: + # make collabora the secure view app + FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.collaboration.Collabora + + collaboration-ocm: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-ocm-net: + depends_on: + ocis: + condition: service_started + collabora-ocm: + condition: service_healthy + entrypoint: + - /bin/sh + command: [ "-c", "ocis collaboration server" ] + environment: + COLLABORATION_GRPC_ADDR: collaboration-ocm:9301 + COLLABORATION_HTTP_ADDR: collaboration-ocm:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "ocis-ocm:9233" + COLLABORATION_WOPI_SRC: https://${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test} + COLLABORATION_APP_NAME: "Collabora" + COLLABORATION_APP_ADDR: https://${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test} + COLLABORATION_APP_ICON: https://${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test}/favicon.ico + COLLABORATION_APP_LOCKNAME: "com.github.owncloud.ocm.collaboration" + COLLABORATION_APP_INSECURE: "${INSECURE:-true}" + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" + COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-debug} + OCIS_URL: https://${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test} + volumes: + # configure the .env file to use own paths instead of docker internal volumes + - ${OCIS_OCM_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.collaboration-ocm.entrypoints=https" + - "traefik.http.routers.collaboration-ocm.rule=Host(`${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test}`)" + - "traefik.http.routers.collaboration-ocm.tls.certresolver=http" + - "traefik.http.routers.collaboration-ocm.service=collaboration-ocm" + - "traefik.http.services.collaboration-ocm.loadbalancer.server.port=9300" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + collabora-ocm: + image: collabora/code:24.04.5.1.1 + networks: + ocis-ocm-net: + environment: + aliasgroup1: https://${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test}:443 + DONT_GEN_SSL_CERT: "YES" + extra_params: | + --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \ + --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \ + --o:ssl.termination=true \ + --o:welcome.enable=false \ + --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.ocm.owncloud.test} + username: ${COLLABORA_ADMIN_USER:-admin} + password: ${COLLABORA_ADMIN_PASSWORD:-admin} + cap_add: + - MKNOD + labels: + - "traefik.enable=true" + - "traefik.http.routers.collabora-ocm.entrypoints=https" + - "traefik.http.routers.collabora-ocm.rule=Host(`${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test}`)" + - "traefik.http.routers.collabora-ocm.tls.certresolver=http" + - "traefik.http.routers.collabora-ocm.service=collabora-ocm" + - "traefik.http.services.collabora-ocm.loadbalancer.server.port=9980" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + command: ["bash", "-c", "coolconfig generate-proof-key ; /start-collabora-online.sh"] + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ] diff --git a/deployments/examples/ocis_full/collabora.yml b/deployments/examples/ocis_full/collabora.yml index e6ede1ead48..2e7fc649b4c 100644 --- a/deployments/examples/ocis_full/collabora.yml +++ b/deployments/examples/ocis_full/collabora.yml @@ -25,8 +25,8 @@ services: - /bin/sh command: [ "-c", "ocis collaboration server" ] environment: - COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 - COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + COLLABORATION_GRPC_ADDR: collaboration:9301 + COLLABORATION_HTTP_ADDR: collaboration:9300 MICRO_REGISTRY: "nats-js-kv" MICRO_REGISTRY_ADDRESS: "ocis:9233" COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} diff --git a/deployments/examples/ocis_full/config/ocis/csp-ocm.yaml b/deployments/examples/ocis_full/config/ocis/csp-ocm.yaml new file mode 100644 index 00000000000..f42289be88e --- /dev/null +++ b/deployments/examples/ocis_full/config/ocis/csp-ocm.yaml @@ -0,0 +1,45 @@ +directives: + child-src: + - '''self''' + connect-src: + - '''self''' + - 'blob:' + - 'https://${COMPANION_DOMAIN|companion.ocm.owncloud.test}/' + - 'wss://${COMPANION_DOMAIN|companion.ocm.owncloud.test}/' + - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/' + default-src: + - '''none''' + font-src: + - '''self''' + frame-ancestors: + - '''self''' + frame-src: + - '''self''' + - 'blob:' + - 'https://embed.diagrams.net/' + # In contrary to bash and docker the default is given after the | character + - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.ocm.owncloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.ocm.owncloud.test}/' + # This is needed for the external-sites web extension when embedding sites + - 'https://owncloud.dev' + img-src: + - '''self''' + - 'data:' + - 'blob:' + - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/' + # In contrary to bash and docker the default is given after the | character + - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.ocm.owncloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.ocm.owncloud.test}/' + manifest-src: + - '''self''' + media-src: + - '''self''' + object-src: + - '''self''' + - 'blob:' + script-src: + - '''self''' + - '''unsafe-inline''' + style-src: + - '''self''' + - '''unsafe-inline''' diff --git a/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json b/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json new file mode 100644 index 00000000000..326313d9a1d --- /dev/null +++ b/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json @@ -0,0 +1,27 @@ +{ + "server": "https://ocis.ocm.owncloud.test", + "theme": "https://ocis.ocm.owncloud.test/themes/owncloud/theme.json", + "openIdConnect": { + "metadata_url": "https://ocis.ocm.owncloud.test/.well-known/openid-configuration", + "authority": "https://ocis.ocm.owncloud.test", + "client_id": "web", + "response_type": "code" + }, + "options": { + "contextHelpersReadMore": true + }, + "apps": [ + "files", + "text-editor", + "pdf-viewer", + "search", + "external", + "admin-settings", + "ocm", + "webfinger", + "epub-reader", + "app-store", + "activities", + "preview" + ] +} diff --git a/deployments/examples/ocis_full/config/ocis/ocis.web.config.json b/deployments/examples/ocis_full/config/ocis/ocis.web.config.json new file mode 100644 index 00000000000..06af2e41f9a --- /dev/null +++ b/deployments/examples/ocis_full/config/ocis/ocis.web.config.json @@ -0,0 +1,27 @@ +{ + "server": "https://ocis.owncloud.test", + "theme": "https://ocis.owncloud.test/themes/owncloud/theme.json", + "openIdConnect": { + "metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration", + "authority": "https://ocis.owncloud.test", + "client_id": "web", + "response_type": "code" + }, + "options": { + "contextHelpersReadMore": true + }, + "apps": [ + "files", + "text-editor", + "pdf-viewer", + "search", + "external", + "admin-settings", + "ocm", + "webfinger", + "epub-reader", + "app-store", + "activities", + "preview" + ] +} diff --git a/deployments/examples/ocis_full/config/ocis/ocm.providers.json b/deployments/examples/ocis_full/config/ocis/ocm.providers.json new file mode 100644 index 00000000000..645b7ae609c --- /dev/null +++ b/deployments/examples/ocis_full/config/ocis/ocm.providers.json @@ -0,0 +1,72 @@ +[ + { + "name": "ocis-server", + "full_name": "first-ocis-instance", + "organization": "Owncloud", + "domain": "ocis.owncloud.test", + "homepage": "https://owncloud.com", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "ocis.owncloud.test Open Cloud Mesh API" + }, + "name": "ocis - OCM API", + "path": "https://ocis.owncloud.test/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "ocis.owncloud.test" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "ocis.owncloud.test Webdav API" + }, + "name": "ocis - Webdav API", + "path": "https://ocis.owncloud.test/dav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "ocis.owncloud.test" + } + ] + }, + { + "name": "federation-ocis-server", + "full_name": "Ocm ocis", + "organization": "Owncloud", + "domain": "ocis.ocm.owncloud.test", + "homepage": "https://owncloud.com", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "CERNBox Open Cloud Mesh API" + }, + "name": "CERNBox - OCM API", + "path": "https://ocis.ocm.owncloud.test/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "ocis.ocm.owncloud.test" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "ocis.ocm.owncloud.test Webdav API" + }, + "name": "ocis.ocm - Webdav API", + "path": "https://ocis.ocm.owncloud.test/dav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "ocis.ocm.owncloud.test" + } + ] + } +] diff --git a/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml b/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml index ce6e7aa7f82..6c090ed613a 100644 --- a/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml +++ b/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml @@ -2,8 +2,8 @@ services: collaboration-oo: - command: [ "-c", "dlv --listen=:40002 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ] + command: [ "-c", "dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ] environment: COLLABORATION_LOG_LEVEL: debug ports: - - 40002:40002 + - 40002:40000 diff --git a/deployments/examples/ocis_full/debug-ocis-ocm.yml b/deployments/examples/ocis_full/debug-ocis-ocm.yml new file mode 100644 index 00000000000..aaf644804a5 --- /dev/null +++ b/deployments/examples/ocis_full/debug-ocis-ocm.yml @@ -0,0 +1,9 @@ +--- +services: + + ocis-ocm: + command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ] + environment: + OCIS_LOG_LEVEL: debug + ports: + - 40004:40000 diff --git a/deployments/examples/ocis_full/debug-ocis.yml b/deployments/examples/ocis_full/debug-ocis.yml index 64a5c86a69a..1748623db35 100644 --- a/deployments/examples/ocis_full/debug-ocis.yml +++ b/deployments/examples/ocis_full/debug-ocis.yml @@ -3,5 +3,7 @@ services: ocis: command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ] + environment: + OCIS_LOG_LEVEL: debug ports: - 40000:40000 diff --git a/deployments/examples/ocis_full/docker-compose.yml b/deployments/examples/ocis_full/docker-compose.yml index dbbea12c496..a7b0b20d51e 100644 --- a/deployments/examples/ocis_full/docker-compose.yml +++ b/deployments/examples/ocis_full/docker-compose.yml @@ -4,6 +4,7 @@ services: image: traefik:v3.1.6 networks: ocis-net: + ocis-ocm-net: command: - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" # letsencrypt configuration @@ -28,6 +29,7 @@ services: - "--providers.docker.exposedByDefault=false" # access log - "--accessLog=true" + - "--accesslog.filePath=/var/log/access.log" - "--accessLog.format=json" - "--accessLog.fields.headers.names.X-Request-Id=keep" ports: @@ -54,3 +56,4 @@ volumes: networks: ocis-net: + ocis-ocm-net: diff --git a/deployments/examples/ocis_full/ocis-ocm.yml b/deployments/examples/ocis_full/ocis-ocm.yml new file mode 100644 index 00000000000..18838607d0a --- /dev/null +++ b/deployments/examples/ocis_full/ocis-ocm.yml @@ -0,0 +1,94 @@ +--- +services: + traefik: + networks: + ocis-ocm-net: + aliases: + - ${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test} + ocis: + environment: + OCIS_ADD_RUN_SERVICES: "notifications, ocm" + OCIS_ENABLE_OCM: true + OCM_OCM_INVITE_MANAGER_INSECURE: true + OCM_OCM_SHARE_PROVIDER_INSECURE: true + OCM_OCM_STORAGE_PROVIDER_INSECURE: true + OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE: /etc/ocm/providers.json + WEB_UI_CONFIG_FILE: /etc/ocis/ocis.web.config.json + + + ocis-ocm: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-ocm-net: + entrypoint: + - /bin/sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] + environment: + # enable the notifications service as it is not started automatically + OCIS_ADD_RUN_SERVICES: "notifications, ocm" + OCIS_URL: https://${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test} + OCIS_LOG_LEVEL: ${LOG_LEVEL:-info} + OCIS_LOG_COLOR: "${LOG_PRETTY:-false}" + OCIS_LOG_PRETTY: "${LOG_PRETTY:-false}" + # do not use SSL between Traefik and oCIS + PROXY_TLS: "false" + # make the REVA gateway accessible to the app drivers + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: "${INSECURE:-false}" + # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) + PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file + # demo users + IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" + # email server (if configured) + NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}" + NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}" + NOTIFICATIONS_SMTP_SENDER: "${SMTP_OCM_SENDER:-oCIS notifications }" + NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}" + NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}" + # make the registry available to the app provider containers + MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233 + NATS_NATS_HOST: 0.0.0.0 + NATS_NATS_PORT: 9233 + PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp-ocm.yaml + # these three vars are needed to the csp config file to include the web office apps and the importer + COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.ocm.owncloud.test} + ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} + # enable to allow using the banned passwords list + OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt + # ocm configuration + OCIS_ENABLE_OCM: true + OCM_OCM_INVITE_MANAGER_INSECURE: true + OCM_OCM_SHARE_PROVIDER_INSECURE: true + OCM_OCM_STORAGE_PROVIDER_INSECURE: true + OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE: /etc/ocm/providers.json + WEB_UI_CONFIG_FILE: /etc/ocis/ocis.ocm.web.config.json + volumes: + - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml + - ./config/ocis/csp-ocm.yaml:/etc/ocis/csp-ocm.yaml + - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt + - ./config/ocis/ocis.ocm.web.config.json:/etc/ocis/ocis.ocm.web.config.json:ro + - ./config/ocis/ocm.providers.json:/etc/ocm/providers.json + # configure the .env file to use own paths instead of docker internal volumes + - ${OCIS_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis + - ${OCIS_OCM_DATA_DIR:-ocis-ocm-data}:/var/lib/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.ocis-ocm.entrypoints=https" + - "traefik.http.routers.ocis-ocm.rule=Host(`${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test}`)" + - "traefik.http.routers.ocis-ocm.tls.certresolver=http" + - "traefik.http.routers.ocis-ocm.service=ocis-ocm" + - "traefik.http.services.ocis-ocm.loadbalancer.server.port=9200" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + ocis-ocm-config: + ocis-ocm-data: diff --git a/deployments/examples/ocis_full/ocis.yml b/deployments/examples/ocis_full/ocis.yml index f38473cd1ba..40da891214e 100644 --- a/deployments/examples/ocis_full/ocis.yml +++ b/deployments/examples/ocis_full/ocis.yml @@ -17,7 +17,7 @@ services: command: ["-c", "ocis init || true; ocis server"] environment: # enable the notifications service as it is not started automatically - OCIS_ADD_RUN_SERVICES: "notifications" + OCIS_ADD_RUN_SERVICES: "notifications, ocm" OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${LOG_LEVEL:-info} OCIS_LOG_COLOR: "${LOG_PRETTY:-false}" @@ -55,6 +55,8 @@ services: - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt + - ./config/ocis/ocis.web.config.json:/etc/ocis/ocis.web.config.json:ro + - ./config/ocis/ocm.providers.json:/etc/ocm/providers.json # configure the .env file to use own paths instead of docker internal volumes - ${OCIS_CONFIG_DIR:-ocis-config}:/etc/ocis - ${OCIS_DATA_DIR:-ocis-data}:/var/lib/ocis diff --git a/deployments/examples/ocis_full/onlyoffice-ocm.yml b/deployments/examples/ocis_full/onlyoffice-ocm.yml new file mode 100644 index 00000000000..4f31033761e --- /dev/null +++ b/deployments/examples/ocis_full/onlyoffice-ocm.yml @@ -0,0 +1,79 @@ +--- +services: + traefik: + networks: + ocis-ocm-net: + aliases: + - ${ONLYOFFICE_OCM_DOMAIN:-onlyoffice.ocm.owncloud.test} + - ${WOPISERVER_ONLYOFFICE_OCM_DOMAIN:-wopiserver-oo.ocm.owncloud.test} + + collaboration-oo: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-ocm-net: + depends_on: + ocis: + condition: service_started + onlyoffice-ocm: + condition: service_healthy + entrypoint: + - /bin/sh + command: [ "-c", "ocis collaboration server" ] + environment: + COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 + COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "ocis-ocm:9233" + COLLABORATION_WOPI_SRC: https://${WOPISERVER_ONLYOFFICE_OCM_DOMAIN:-wopiserver-oo.ocm.owncloud.test} + COLLABORATION_APP_NAME: "OnlyOffice" + COLLABORATION_APP_ADDR: https://${ONLYOFFICE_OCM_DOMAIN:-onlyoffice.ocm.owncloud.test} + COLLABORATION_APP_ICON: https://${ONLYOFFICE_OCM_DOMAIN:-onlyoffice.ocm.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico + COLLABORATION_APP_INSECURE: "${INSECURE:-true}" + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" + COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} + COLLABORATION_APP_PROOF_DISABLE: "true" + OCIS_URL: https://${OCIS_DOMAIN:-ocis.ocm.owncloud.test} + volumes: + # configure the .env file to use own paths instead of docker internal volumes + - ${OCIS_OCM_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.collaboration-oo-ocm.entrypoints=https" + - "traefik.http.routers.collaboration-oo-ocm.rule=Host(`${WOPISERVER_ONLYOFFICE_OCM_DOMAIN:-wopiserver-oo.ocm.owncloud.test}`)" + - "traefik.http.routers.collaboration-oo-ocm.tls.certresolver=http" + - "traefik.http.routers.collaboration-oo-ocm.service=collaboration-oo-ocm" + - "traefik.http.services.collaboration-oo-ocm.loadbalancer.server.port=9300" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + onlyoffice-ocm: + image: onlyoffice/documentserver:8.2.0 + networks: + ocis-ocm-net: + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + WOPI_ENABLED: "true" + # self-signed certificates + USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" + volumes: + # paths are relative to the main compose file + - ./config/onlyoffice/entrypoint-override.sh:/entrypoint-override.sh + - ./config/onlyoffice/local.json:/etc/onlyoffice/documentserver/local.dist.json + labels: + - "traefik.enable=true" + - "traefik.http.routers.onlyoffice-ocm.entrypoints=https" + - "traefik.http.routers.onlyoffice-ocm.rule=Host(`${ONLYOFFICE_OCM_DOMAIN:-onlyoffice.ocm.owncloud.test}`)" + - "traefik.http.routers.onlyoffice-ocm.tls.certresolver=http" + - "traefik.http.routers.onlyoffice-ocm.service=onlyoffice-ocm" + - "traefik.http.services.onlyoffice-ocm.loadbalancer.server.port=80" + # websockets can't be opened when this is omitted + - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.onlyoffice.middlewares=onlyoffice-ocm" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost/hosting/discovery"]