From ef2b173e1897f6f5616afe52932403a27605f921 Mon Sep 17 00:00:00 2001 From: Roman Perekhod Date: Fri, 25 Oct 2024 16:06:41 +0200 Subject: [PATCH 1/3] ocm add to the ocis-all --- deployments/examples/ocis_full/.env | 11 +++ .../config/ocis/ocis.ocm.web.config.json | 27 ++++++ .../config/ocis/ocis.web.config.json | 27 ++++++ .../ocis_full/config/ocis/ocm.providers.json | 46 +++++++++ .../debug-collaboration-onlyoffice.yml | 4 +- .../examples/ocis_full/debug-ocis-ocm.yml | 9 ++ deployments/examples/ocis_full/debug-ocis.yml | 2 + deployments/examples/ocis_full/ocis-ocm.yml | 94 +++++++++++++++++++ deployments/examples/ocis_full/ocis.yml | 4 +- 9 files changed, 221 insertions(+), 3 deletions(-) create mode 100644 deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json create mode 100644 deployments/examples/ocis_full/config/ocis/ocis.web.config.json create mode 100644 deployments/examples/ocis_full/config/ocis/ocm.providers.json create mode 100644 deployments/examples/ocis_full/debug-ocis-ocm.yml create mode 100644 deployments/examples/ocis_full/ocis-ocm.yml diff --git a/deployments/examples/ocis_full/.env b/deployments/examples/ocis_full/.env index ca5ec4197cf..d618f77e4da 100644 --- a/deployments/examples/ocis_full/.env +++ b/deployments/examples/ocis_full/.env @@ -227,3 +227,14 @@ INBUCKET_DOMAIN= # ALL supplemental configs must be added here, whether commented or not. # Each var must either be empty or contain :path/file.yml COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-} + +### OCM Settings ### +# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://owncloud.dev/services/ocm/ +# There are several setting files that do not allow variables like ocm.providers.json, ocis.web.config.json, ocis.ocm.web.config.json +# This files need to be configured manualy for the real valuse of the OCIS_OCM_DOMAIN and OCIS_DOMAIN +# Domain of oCIS OCM instace, where you can find the frontend. +# Defaults to "ocis.ocm.owncloud.test" +OCIS_OCM_DOMAIN= +# An eMail address that is used for sending Infinite Scale notification eMails +# like "ocis notifications ". +SMTP_SENDER= diff --git a/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json b/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json new file mode 100644 index 00000000000..326313d9a1d --- /dev/null +++ b/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json @@ -0,0 +1,27 @@ +{ + "server": "https://ocis.ocm.owncloud.test", + "theme": "https://ocis.ocm.owncloud.test/themes/owncloud/theme.json", + "openIdConnect": { + "metadata_url": "https://ocis.ocm.owncloud.test/.well-known/openid-configuration", + "authority": "https://ocis.ocm.owncloud.test", + "client_id": "web", + "response_type": "code" + }, + "options": { + "contextHelpersReadMore": true + }, + "apps": [ + "files", + "text-editor", + "pdf-viewer", + "search", + "external", + "admin-settings", + "ocm", + "webfinger", + "epub-reader", + "app-store", + "activities", + "preview" + ] +} diff --git a/deployments/examples/ocis_full/config/ocis/ocis.web.config.json b/deployments/examples/ocis_full/config/ocis/ocis.web.config.json new file mode 100644 index 00000000000..06af2e41f9a --- /dev/null +++ b/deployments/examples/ocis_full/config/ocis/ocis.web.config.json @@ -0,0 +1,27 @@ +{ + "server": "https://ocis.owncloud.test", + "theme": "https://ocis.owncloud.test/themes/owncloud/theme.json", + "openIdConnect": { + "metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration", + "authority": "https://ocis.owncloud.test", + "client_id": "web", + "response_type": "code" + }, + "options": { + "contextHelpersReadMore": true + }, + "apps": [ + "files", + "text-editor", + "pdf-viewer", + "search", + "external", + "admin-settings", + "ocm", + "webfinger", + "epub-reader", + "app-store", + "activities", + "preview" + ] +} diff --git a/deployments/examples/ocis_full/config/ocis/ocm.providers.json b/deployments/examples/ocis_full/config/ocis/ocm.providers.json new file mode 100644 index 00000000000..6ab567686ac --- /dev/null +++ b/deployments/examples/ocis_full/config/ocis/ocm.providers.json @@ -0,0 +1,46 @@ +[ + { + "name": "ocis-server", + "full_name": "first-ocis-instance", + "organization": "Owncloud", + "domain": "ocis.owncloud.test", + "homepage": "https://owncloud.com", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "CERNBox Open Cloud Mesh API" + }, + "name": "CERNBox - OCM API", + "path": "https://ocis.owncloud.test/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "ocis.owncloud.test" + } + ] + }, + { + "name": "federation-ocis-server", + "full_name": "Ocm ocis", + "organization": "Owncloud", + "domain": "ocis.ocm.owncloud.test", + "homepage": "https://owncloud.com", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "CERNBox Open Cloud Mesh API" + }, + "name": "CERNBox - OCM API", + "path": "https://ocis.ocm.owncloud.test/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "ocis.ocm.owncloud.test" + } + ] + } +] diff --git a/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml b/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml index ce6e7aa7f82..6c090ed613a 100644 --- a/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml +++ b/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml @@ -2,8 +2,8 @@ services: collaboration-oo: - command: [ "-c", "dlv --listen=:40002 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ] + command: [ "-c", "dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ] environment: COLLABORATION_LOG_LEVEL: debug ports: - - 40002:40002 + - 40002:40000 diff --git a/deployments/examples/ocis_full/debug-ocis-ocm.yml b/deployments/examples/ocis_full/debug-ocis-ocm.yml new file mode 100644 index 00000000000..6b3d76ee389 --- /dev/null +++ b/deployments/examples/ocis_full/debug-ocis-ocm.yml @@ -0,0 +1,9 @@ +--- +services: + + ocis: + command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ] + environment: + OCIS_LOG_LEVEL: debug + ports: + - 40004:40000 diff --git a/deployments/examples/ocis_full/debug-ocis.yml b/deployments/examples/ocis_full/debug-ocis.yml index 64a5c86a69a..1748623db35 100644 --- a/deployments/examples/ocis_full/debug-ocis.yml +++ b/deployments/examples/ocis_full/debug-ocis.yml @@ -3,5 +3,7 @@ services: ocis: command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ] + environment: + OCIS_LOG_LEVEL: debug ports: - 40000:40000 diff --git a/deployments/examples/ocis_full/ocis-ocm.yml b/deployments/examples/ocis_full/ocis-ocm.yml new file mode 100644 index 00000000000..a34fa030949 --- /dev/null +++ b/deployments/examples/ocis_full/ocis-ocm.yml @@ -0,0 +1,94 @@ +--- +services: + traefik: + networks: + ocis-net: + aliases: + - ${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test} + ocis: + environment: + OCIS_ADD_RUN_SERVICES: "notifications, ocm" + OCIS_ENABLE_OCM: true + OCM_OCM_INVITE_MANAGER_INSECURE: true + OCM_OCM_SHARE_PROVIDER_INSECURE: true + OCM_OCM_STORAGE_PROVIDER_INSECURE: true + OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE: /etc/ocm/providers.json + WEB_UI_CONFIG_FILE: /etc/ocis/ocis.web.config.json + + + ocis-ocm: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + entrypoint: + - /bin/sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] + environment: + # enable the notifications service as it is not started automatically + OCIS_ADD_RUN_SERVICES: "notifications, ocm" + OCIS_URL: https://${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test} + OCIS_LOG_LEVEL: ${LOG_LEVEL:-info} + OCIS_LOG_COLOR: "${LOG_PRETTY:-false}" + OCIS_LOG_PRETTY: "${LOG_PRETTY:-false}" + # do not use SSL between Traefik and oCIS + PROXY_TLS: "false" + # make the REVA gateway accessible to the app drivers + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: "${INSECURE:-false}" + # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) + PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file + # demo users + IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" + # email server (if configured) + NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}" + NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}" + NOTIFICATIONS_SMTP_SENDER: "${SMTP_OCM_SENDER:-oCIS notifications }" + NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}" + NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}" + # make the registry available to the app provider containers + MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233 + NATS_NATS_HOST: 0.0.0.0 + NATS_NATS_PORT: 9233 + PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml + # these three vars are needed to the csp config file to include the web office apps and the importer + COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} + ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} + # enable to allow using the banned passwords list + OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt + # ocm configuration + OCIS_ENABLE_OCM: true + OCM_OCM_INVITE_MANAGER_INSECURE: true + OCM_OCM_SHARE_PROVIDER_INSECURE: true + OCM_OCM_STORAGE_PROVIDER_INSECURE: true + OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE: /etc/ocm/providers.json + WEB_UI_CONFIG_FILE: /etc/ocis/ocis.ocm.web.config.json + volumes: + - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml + - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml + - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt + - ./config/ocis/ocis.ocm.web.config.json:/etc/ocis/ocis.ocm.web.config.json:ro + - ./config/ocis/ocm.providers.json:/etc/ocm/providers.json + # configure the .env file to use own paths instead of docker internal volumes + - ${OCIS_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis + - ${OCIS_OCM_DATA_DIR:-ocis-ocm-data}:/var/lib/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.ocis-ocm.entrypoints=https" + - "traefik.http.routers.ocis-ocm.rule=Host(`${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test}`)" + - "traefik.http.routers.ocis-ocm.tls.certresolver=http" + - "traefik.http.routers.ocis-ocm.service=ocis-ocm" + - "traefik.http.services.ocis-ocm.loadbalancer.server.port=9200" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + ocis-ocm-config: + ocis-ocm-data: diff --git a/deployments/examples/ocis_full/ocis.yml b/deployments/examples/ocis_full/ocis.yml index f38473cd1ba..40da891214e 100644 --- a/deployments/examples/ocis_full/ocis.yml +++ b/deployments/examples/ocis_full/ocis.yml @@ -17,7 +17,7 @@ services: command: ["-c", "ocis init || true; ocis server"] environment: # enable the notifications service as it is not started automatically - OCIS_ADD_RUN_SERVICES: "notifications" + OCIS_ADD_RUN_SERVICES: "notifications, ocm" OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${LOG_LEVEL:-info} OCIS_LOG_COLOR: "${LOG_PRETTY:-false}" @@ -55,6 +55,8 @@ services: - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt + - ./config/ocis/ocis.web.config.json:/etc/ocis/ocis.web.config.json:ro + - ./config/ocis/ocm.providers.json:/etc/ocm/providers.json # configure the .env file to use own paths instead of docker internal volumes - ${OCIS_CONFIG_DIR:-ocis-config}:/etc/ocis - ${OCIS_DATA_DIR:-ocis-data}:/var/lib/ocis From b11a5fa6d87415b92168686ebe88a25627c35594 Mon Sep 17 00:00:00 2001 From: Roman Perekhod Date: Wed, 30 Oct 2024 11:10:07 +0100 Subject: [PATCH 2/3] added the own collabora for ocm --- .../examples/ocis_full/collabora-ocm.yml | 82 +++++++++++++++++++ .../ocis_full/config/ocis/csp-ocm.yaml | 45 ++++++++++ .../examples/ocis_full/docker-compose.yml | 2 + deployments/examples/ocis_full/ocis-ocm.yml | 10 +-- 4 files changed, 134 insertions(+), 5 deletions(-) create mode 100644 deployments/examples/ocis_full/collabora-ocm.yml create mode 100644 deployments/examples/ocis_full/config/ocis/csp-ocm.yaml diff --git a/deployments/examples/ocis_full/collabora-ocm.yml b/deployments/examples/ocis_full/collabora-ocm.yml new file mode 100644 index 00000000000..3678e6db7bb --- /dev/null +++ b/deployments/examples/ocis_full/collabora-ocm.yml @@ -0,0 +1,82 @@ +--- +services: + traefik: + networks: + ocis-ocm-net: + aliases: + - ${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test} + - ${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test} + ocis-ocm: + environment: + # make collabora the secure view app + FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.collaboration.Collabora + + collaboration-ocm: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-ocm-net: + depends_on: + ocis: + condition: service_started + collabora: + condition: service_healthy + entrypoint: + - /bin/sh + command: [ "-c", "ocis collaboration server" ] + environment: + COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 + COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "ocis-ocm:9233" + COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.ocm.owncloud.test} + COLLABORATION_APP_NAME: "Collabora" + COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.ocm.owncloud.test} + COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.ocm.owncloud.test}/favicon.ico + COLLABORATION_APP_INSECURE: "${INSECURE:-true}" + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" + COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-debug} + OCIS_URL: https://${OCIS_DOMAIN:-ocis.ocm.owncloud.test} + volumes: + # configure the .env file to use own paths instead of docker internal volumes + - ${OCIS_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.collaboration-ocm.entrypoints=https" + - "traefik.http.routers.collaboration-ocm.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.ocm.owncloud.test}`)" + - "traefik.http.routers.collaboration-ocm.tls.certresolver=http" + - "traefik.http.routers.collaboration-ocm.service=collaboration-ocm" + - "traefik.http.services.collaboration-ocm.loadbalancer.server.port=9300" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + collabora-ocm: + image: collabora/code:24.04.5.1.1 + networks: + ocis-ocm-net: + environment: + aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.ocm.owncloud.test}:443 + DONT_GEN_SSL_CERT: "YES" + extra_params: | + --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \ + --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \ + --o:ssl.termination=true \ + --o:welcome.enable=false \ + --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.ocm.owncloud.test} + username: ${COLLABORA_ADMIN_USER:-admin} + password: ${COLLABORA_ADMIN_PASSWORD:-admin} + cap_add: + - MKNOD + labels: + - "traefik.enable=true" + - "traefik.http.routers.collabora-ocm.entrypoints=https" + - "traefik.http.routers.collabora-ocm.rule=Host(`${COLLABORA_DOMAIN:-collabora.ocm.owncloud.test}`)" + - "traefik.http.routers.collabora-ocm.tls.certresolver=http" + - "traefik.http.routers.collabora-ocm.service=collabora-ocm" + - "traefik.http.services.collabora-ocm.loadbalancer.server.port=9980" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + command: ["bash", "-c", "coolconfig generate-proof-key ; /start-collabora-online.sh"] + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ] diff --git a/deployments/examples/ocis_full/config/ocis/csp-ocm.yaml b/deployments/examples/ocis_full/config/ocis/csp-ocm.yaml new file mode 100644 index 00000000000..f42289be88e --- /dev/null +++ b/deployments/examples/ocis_full/config/ocis/csp-ocm.yaml @@ -0,0 +1,45 @@ +directives: + child-src: + - '''self''' + connect-src: + - '''self''' + - 'blob:' + - 'https://${COMPANION_DOMAIN|companion.ocm.owncloud.test}/' + - 'wss://${COMPANION_DOMAIN|companion.ocm.owncloud.test}/' + - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/' + default-src: + - '''none''' + font-src: + - '''self''' + frame-ancestors: + - '''self''' + frame-src: + - '''self''' + - 'blob:' + - 'https://embed.diagrams.net/' + # In contrary to bash and docker the default is given after the | character + - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.ocm.owncloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.ocm.owncloud.test}/' + # This is needed for the external-sites web extension when embedding sites + - 'https://owncloud.dev' + img-src: + - '''self''' + - 'data:' + - 'blob:' + - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/' + # In contrary to bash and docker the default is given after the | character + - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.ocm.owncloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.ocm.owncloud.test}/' + manifest-src: + - '''self''' + media-src: + - '''self''' + object-src: + - '''self''' + - 'blob:' + script-src: + - '''self''' + - '''unsafe-inline''' + style-src: + - '''self''' + - '''unsafe-inline''' diff --git a/deployments/examples/ocis_full/docker-compose.yml b/deployments/examples/ocis_full/docker-compose.yml index dbbea12c496..44b849e7306 100644 --- a/deployments/examples/ocis_full/docker-compose.yml +++ b/deployments/examples/ocis_full/docker-compose.yml @@ -4,6 +4,7 @@ services: image: traefik:v3.1.6 networks: ocis-net: + ocis-ocm-net: command: - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" # letsencrypt configuration @@ -54,3 +55,4 @@ volumes: networks: ocis-net: + ocis-ocm-net: diff --git a/deployments/examples/ocis_full/ocis-ocm.yml b/deployments/examples/ocis_full/ocis-ocm.yml index a34fa030949..18838607d0a 100644 --- a/deployments/examples/ocis_full/ocis-ocm.yml +++ b/deployments/examples/ocis_full/ocis-ocm.yml @@ -2,7 +2,7 @@ services: traefik: networks: - ocis-net: + ocis-ocm-net: aliases: - ${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test} ocis: @@ -19,7 +19,7 @@ services: ocis-ocm: image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} networks: - ocis-net: + ocis-ocm-net: entrypoint: - /bin/sh # run ocis init to initialize a configuration file with random secrets @@ -55,9 +55,9 @@ services: MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233 NATS_NATS_HOST: 0.0.0.0 NATS_NATS_PORT: 9233 - PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml + PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp-ocm.yaml # these three vars are needed to the csp config file to include the web office apps and the importer - COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} + COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.ocm.owncloud.test} ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} # enable to allow using the banned passwords list @@ -71,7 +71,7 @@ services: WEB_UI_CONFIG_FILE: /etc/ocis/ocis.ocm.web.config.json volumes: - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml - - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml + - ./config/ocis/csp-ocm.yaml:/etc/ocis/csp-ocm.yaml - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt - ./config/ocis/ocis.ocm.web.config.json:/etc/ocis/ocis.ocm.web.config.json:ro - ./config/ocis/ocm.providers.json:/etc/ocm/providers.json From 1445f4ac0c46803a62aac02c03d71e6eca3dd903 Mon Sep 17 00:00:00 2001 From: Roman Perekhod Date: Thu, 31 Oct 2024 13:03:44 +0100 Subject: [PATCH 3/3] the env vars updated --- deployments/examples/ocis_full/.env | 2 +- .../examples/ocis_full/collabora-ocm.yml | 23 +++--- deployments/examples/ocis_full/collabora.yml | 4 +- .../ocis_full/config/ocis/ocm.providers.json | 30 ++++++- .../examples/ocis_full/debug-ocis-ocm.yml | 2 +- .../examples/ocis_full/docker-compose.yml | 1 + .../examples/ocis_full/onlyoffice-ocm.yml | 79 +++++++++++++++++++ 7 files changed, 124 insertions(+), 17 deletions(-) create mode 100644 deployments/examples/ocis_full/onlyoffice-ocm.yml diff --git a/deployments/examples/ocis_full/.env b/deployments/examples/ocis_full/.env index d618f77e4da..9cf8a49a3b5 100644 --- a/deployments/examples/ocis_full/.env +++ b/deployments/examples/ocis_full/.env @@ -12,7 +12,7 @@ INSECURE=true # Note: Traefik is always enabled and can't be disabled. # Serve Traefik dashboard. # Defaults to "false". -TRAEFIK_DASHBOARD= +TRAEFIK_DASHBOARD=true # Domain of Traefik, where you can find the dashboard. # Defaults to "traefik.owncloud.test" TRAEFIK_DOMAIN= diff --git a/deployments/examples/ocis_full/collabora-ocm.yml b/deployments/examples/ocis_full/collabora-ocm.yml index 3678e6db7bb..e9faadfee9e 100644 --- a/deployments/examples/ocis_full/collabora-ocm.yml +++ b/deployments/examples/ocis_full/collabora-ocm.yml @@ -18,31 +18,32 @@ services: depends_on: ocis: condition: service_started - collabora: + collabora-ocm: condition: service_healthy entrypoint: - /bin/sh command: [ "-c", "ocis collaboration server" ] environment: - COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 - COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + COLLABORATION_GRPC_ADDR: collaboration-ocm:9301 + COLLABORATION_HTTP_ADDR: collaboration-ocm:9300 MICRO_REGISTRY: "nats-js-kv" MICRO_REGISTRY_ADDRESS: "ocis-ocm:9233" - COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.ocm.owncloud.test} + COLLABORATION_WOPI_SRC: https://${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test} COLLABORATION_APP_NAME: "Collabora" - COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.ocm.owncloud.test} - COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.ocm.owncloud.test}/favicon.ico + COLLABORATION_APP_ADDR: https://${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test} + COLLABORATION_APP_ICON: https://${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test}/favicon.ico + COLLABORATION_APP_LOCKNAME: "com.github.owncloud.ocm.collaboration" COLLABORATION_APP_INSECURE: "${INSECURE:-true}" COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-debug} - OCIS_URL: https://${OCIS_DOMAIN:-ocis.ocm.owncloud.test} + OCIS_URL: https://${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test} volumes: # configure the .env file to use own paths instead of docker internal volumes - - ${OCIS_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis + - ${OCIS_OCM_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis labels: - "traefik.enable=true" - "traefik.http.routers.collaboration-ocm.entrypoints=https" - - "traefik.http.routers.collaboration-ocm.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.ocm.owncloud.test}`)" + - "traefik.http.routers.collaboration-ocm.rule=Host(`${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test}`)" - "traefik.http.routers.collaboration-ocm.tls.certresolver=http" - "traefik.http.routers.collaboration-ocm.service=collaboration-ocm" - "traefik.http.services.collaboration-ocm.loadbalancer.server.port=9300" @@ -55,7 +56,7 @@ services: networks: ocis-ocm-net: environment: - aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.ocm.owncloud.test}:443 + aliasgroup1: https://${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test}:443 DONT_GEN_SSL_CERT: "YES" extra_params: | --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \ @@ -70,7 +71,7 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.collabora-ocm.entrypoints=https" - - "traefik.http.routers.collabora-ocm.rule=Host(`${COLLABORA_DOMAIN:-collabora.ocm.owncloud.test}`)" + - "traefik.http.routers.collabora-ocm.rule=Host(`${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test}`)" - "traefik.http.routers.collabora-ocm.tls.certresolver=http" - "traefik.http.routers.collabora-ocm.service=collabora-ocm" - "traefik.http.services.collabora-ocm.loadbalancer.server.port=9980" diff --git a/deployments/examples/ocis_full/collabora.yml b/deployments/examples/ocis_full/collabora.yml index e6ede1ead48..2e7fc649b4c 100644 --- a/deployments/examples/ocis_full/collabora.yml +++ b/deployments/examples/ocis_full/collabora.yml @@ -25,8 +25,8 @@ services: - /bin/sh command: [ "-c", "ocis collaboration server" ] environment: - COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 - COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + COLLABORATION_GRPC_ADDR: collaboration:9301 + COLLABORATION_HTTP_ADDR: collaboration:9300 MICRO_REGISTRY: "nats-js-kv" MICRO_REGISTRY_ADDRESS: "ocis:9233" COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} diff --git a/deployments/examples/ocis_full/config/ocis/ocm.providers.json b/deployments/examples/ocis_full/config/ocis/ocm.providers.json index 6ab567686ac..645b7ae609c 100644 --- a/deployments/examples/ocis_full/config/ocis/ocm.providers.json +++ b/deployments/examples/ocis_full/config/ocis/ocm.providers.json @@ -10,14 +10,27 @@ "endpoint": { "type": { "name": "OCM", - "description": "CERNBox Open Cloud Mesh API" + "description": "ocis.owncloud.test Open Cloud Mesh API" }, - "name": "CERNBox - OCM API", + "name": "ocis - OCM API", "path": "https://ocis.owncloud.test/ocm/", "is_monitored": true }, "api_version": "0.0.1", "host": "ocis.owncloud.test" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "ocis.owncloud.test Webdav API" + }, + "name": "ocis - Webdav API", + "path": "https://ocis.owncloud.test/dav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "ocis.owncloud.test" } ] }, @@ -40,6 +53,19 @@ }, "api_version": "0.0.1", "host": "ocis.ocm.owncloud.test" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "ocis.ocm.owncloud.test Webdav API" + }, + "name": "ocis.ocm - Webdav API", + "path": "https://ocis.ocm.owncloud.test/dav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "ocis.ocm.owncloud.test" } ] } diff --git a/deployments/examples/ocis_full/debug-ocis-ocm.yml b/deployments/examples/ocis_full/debug-ocis-ocm.yml index 6b3d76ee389..aaf644804a5 100644 --- a/deployments/examples/ocis_full/debug-ocis-ocm.yml +++ b/deployments/examples/ocis_full/debug-ocis-ocm.yml @@ -1,7 +1,7 @@ --- services: - ocis: + ocis-ocm: command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ] environment: OCIS_LOG_LEVEL: debug diff --git a/deployments/examples/ocis_full/docker-compose.yml b/deployments/examples/ocis_full/docker-compose.yml index 44b849e7306..a7b0b20d51e 100644 --- a/deployments/examples/ocis_full/docker-compose.yml +++ b/deployments/examples/ocis_full/docker-compose.yml @@ -29,6 +29,7 @@ services: - "--providers.docker.exposedByDefault=false" # access log - "--accessLog=true" + - "--accesslog.filePath=/var/log/access.log" - "--accessLog.format=json" - "--accessLog.fields.headers.names.X-Request-Id=keep" ports: diff --git a/deployments/examples/ocis_full/onlyoffice-ocm.yml b/deployments/examples/ocis_full/onlyoffice-ocm.yml new file mode 100644 index 00000000000..4f31033761e --- /dev/null +++ b/deployments/examples/ocis_full/onlyoffice-ocm.yml @@ -0,0 +1,79 @@ +--- +services: + traefik: + networks: + ocis-ocm-net: + aliases: + - ${ONLYOFFICE_OCM_DOMAIN:-onlyoffice.ocm.owncloud.test} + - ${WOPISERVER_ONLYOFFICE_OCM_DOMAIN:-wopiserver-oo.ocm.owncloud.test} + + collaboration-oo: + image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-ocm-net: + depends_on: + ocis: + condition: service_started + onlyoffice-ocm: + condition: service_healthy + entrypoint: + - /bin/sh + command: [ "-c", "ocis collaboration server" ] + environment: + COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 + COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "ocis-ocm:9233" + COLLABORATION_WOPI_SRC: https://${WOPISERVER_ONLYOFFICE_OCM_DOMAIN:-wopiserver-oo.ocm.owncloud.test} + COLLABORATION_APP_NAME: "OnlyOffice" + COLLABORATION_APP_ADDR: https://${ONLYOFFICE_OCM_DOMAIN:-onlyoffice.ocm.owncloud.test} + COLLABORATION_APP_ICON: https://${ONLYOFFICE_OCM_DOMAIN:-onlyoffice.ocm.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico + COLLABORATION_APP_INSECURE: "${INSECURE:-true}" + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" + COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} + COLLABORATION_APP_PROOF_DISABLE: "true" + OCIS_URL: https://${OCIS_DOMAIN:-ocis.ocm.owncloud.test} + volumes: + # configure the .env file to use own paths instead of docker internal volumes + - ${OCIS_OCM_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.collaboration-oo-ocm.entrypoints=https" + - "traefik.http.routers.collaboration-oo-ocm.rule=Host(`${WOPISERVER_ONLYOFFICE_OCM_DOMAIN:-wopiserver-oo.ocm.owncloud.test}`)" + - "traefik.http.routers.collaboration-oo-ocm.tls.certresolver=http" + - "traefik.http.routers.collaboration-oo-ocm.service=collaboration-oo-ocm" + - "traefik.http.services.collaboration-oo-ocm.loadbalancer.server.port=9300" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + onlyoffice-ocm: + image: onlyoffice/documentserver:8.2.0 + networks: + ocis-ocm-net: + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + WOPI_ENABLED: "true" + # self-signed certificates + USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" + volumes: + # paths are relative to the main compose file + - ./config/onlyoffice/entrypoint-override.sh:/entrypoint-override.sh + - ./config/onlyoffice/local.json:/etc/onlyoffice/documentserver/local.dist.json + labels: + - "traefik.enable=true" + - "traefik.http.routers.onlyoffice-ocm.entrypoints=https" + - "traefik.http.routers.onlyoffice-ocm.rule=Host(`${ONLYOFFICE_OCM_DOMAIN:-onlyoffice.ocm.owncloud.test}`)" + - "traefik.http.routers.onlyoffice-ocm.tls.certresolver=http" + - "traefik.http.routers.onlyoffice-ocm.service=onlyoffice-ocm" + - "traefik.http.services.onlyoffice-ocm.loadbalancer.server.port=80" + # websockets can't be opened when this is omitted + - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.onlyoffice.middlewares=onlyoffice-ocm" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost/hosting/discovery"]