owncloud · 2403905 · Oct 25, 2024 · Oct 30, 2024 · Oct 31, 2024 · mmattel
diff --git a/deployments/examples/ocis_full/.env b/deployments/examples/ocis_full/.env
@@ -12,7 +12,7 @@ INSECURE=true
 # Note: Traefik is always enabled and can't be disabled.
 # Serve Traefik dashboard.
 # Defaults to "false".
-TRAEFIK_DASHBOARD=
+TRAEFIK_DASHBOARD=true
 # Domain of Traefik, where you can find the dashboard.
 # Defaults to "traefik.owncloud.test"
 TRAEFIK_DOMAIN=
@@ -227,3 +227,14 @@ INBUCKET_DOMAIN=
 # ALL supplemental configs must be added here, whether commented or not.
 # Each var must either be empty or contain :path/file.yml
 COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}
+
+### OCM Settings ###
+# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://owncloud.dev/services/ocm/
-# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://owncloud.dev/services/ocm/
+# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://doc.owncloud.com/ocis/next/deployment/services/s-list/ocm.html
-# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://owncloud.dev/services/ocm/
+# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://doc.owncloud.com/ocis/next/deployment/services/s-list/ocm.html
+# There are several setting files that do not allow variables like ocm.providers.json, ocis.web.config.json, ocis.ocm.web.config.json
+# This files need to be configured manualy for the real valuse of the OCIS_OCM_DOMAIN and OCIS_DOMAIN
-# This files need to be configured manualy for the real valuse of the OCIS_OCM_DOMAIN and OCIS_DOMAIN
+# These files need to be configured manually for the real values set in OCIS_DOMAIN and OCIS_OCM_DOMAIN
-# This files need to be configured manualy for the real valuse of the OCIS_OCM_DOMAIN and OCIS_DOMAIN
+# These files need to be configured manually for the real values set in OCIS_DOMAIN and OCIS_OCM_DOMAIN
+# Domain of oCIS OCM instace, where you can find the frontend.
-# Domain of oCIS OCM instace, where you can find the frontend.
-# Domain of oCIS OCM instace, where you can find the frontend.
+# Defaults to "ocis.ocm.owncloud.test"
+OCIS_OCM_DOMAIN=
+# An eMail address that is used for sending Infinite Scale notification eMails
+# like "ocis notifications <[email protected]>".
+SMTP_SENDER=
diff --git a/deployments/examples/ocis_full/collabora-ocm.yml b/deployments/examples/ocis_full/collabora-ocm.yml
@@ -0,0 +1,83 @@
+---
+services:
+  traefik:
+    networks:
+      ocis-ocm-net:
+        aliases:
+          - ${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test}
+          - ${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test}
+  ocis-ocm:
+    environment:
+      # make collabora the secure view app
+      FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.collaboration.Collabora
+
+  collaboration-ocm:
+    image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest}
+    networks:
+      ocis-ocm-net:
+    depends_on:
+      ocis:
-      ocis:
+      ocis-ocm:
-      ocis:
+      ocis-ocm:
+        condition: service_started
+      collabora-ocm:
+        condition: service_healthy
+    entrypoint:
+      - /bin/sh
+    command: [ "-c", "ocis collaboration server" ]
+    environment:
+      COLLABORATION_GRPC_ADDR: collaboration-ocm:9301
+      COLLABORATION_HTTP_ADDR: collaboration-ocm:9300
+      MICRO_REGISTRY: "nats-js-kv"
+      MICRO_REGISTRY_ADDRESS: "ocis-ocm:9233"
+      COLLABORATION_WOPI_SRC: https://${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test}
+      COLLABORATION_APP_NAME: "Collabora"
+      COLLABORATION_APP_ADDR: https://${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test}
+      COLLABORATION_APP_ICON: https://${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test}/favicon.ico
+      COLLABORATION_APP_LOCKNAME: "com.github.owncloud.ocm.collaboration"
+      COLLABORATION_APP_INSECURE: "${INSECURE:-true}"
+      COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
+      COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-debug}
+      OCIS_URL: https://${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test}
+    volumes:
+      # configure the .env file to use own paths instead of docker internal volumes
+      - ${OCIS_OCM_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.collaboration-ocm.entrypoints=https"
+      - "traefik.http.routers.collaboration-ocm.rule=Host(`${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test}`)"
+      - "traefik.http.routers.collaboration-ocm.tls.certresolver=http"
+      - "traefik.http.routers.collaboration-ocm.service=collaboration-ocm"
+      - "traefik.http.services.collaboration-ocm.loadbalancer.server.port=9300"
+    logging:
+      driver: ${LOG_DRIVER:-local}
+    restart: always
+
+  collabora-ocm:
+    image: collabora/code:24.04.5.1.1
+    networks:
+      ocis-ocm-net:
+    environment:
+      aliasgroup1: https://${WOPISERVER_OCM_DOMAIN:-wopiserver.ocm.owncloud.test}:443
+      DONT_GEN_SSL_CERT: "YES"
+      extra_params: |
+        --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \
+        --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \
+        --o:ssl.termination=true \
+        --o:welcome.enable=false \
+        --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.ocm.owncloud.test}
+      username: ${COLLABORA_ADMIN_USER:-admin}
+      password: ${COLLABORA_ADMIN_PASSWORD:-admin}
+    cap_add:
+      - MKNOD
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.collabora-ocm.entrypoints=https"
+      - "traefik.http.routers.collabora-ocm.rule=Host(`${COLLABORA_OCM_DOMAIN:-collabora.ocm.owncloud.test}`)"
+      - "traefik.http.routers.collabora-ocm.tls.certresolver=http"
+      - "traefik.http.routers.collabora-ocm.service=collabora-ocm"
+      - "traefik.http.services.collabora-ocm.loadbalancer.server.port=9980"
+    logging:
+      driver: ${LOG_DRIVER:-local}
+    restart: always
+    command: ["bash", "-c", "coolconfig generate-proof-key ; /start-collabora-online.sh"]
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
diff --git a/deployments/examples/ocis_full/collabora.yml b/deployments/examples/ocis_full/collabora.yml
@@ -25,8 +25,8 @@ services:
       - /bin/sh
     command: [ "-c", "ocis collaboration server" ]
     environment:
-      COLLABORATION_GRPC_ADDR: 0.0.0.0:9301
-      COLLABORATION_HTTP_ADDR: 0.0.0.0:9300
+      COLLABORATION_GRPC_ADDR: collaboration:9301
+      COLLABORATION_HTTP_ADDR: collaboration:9300
       MICRO_REGISTRY: "nats-js-kv"
       MICRO_REGISTRY_ADDRESS: "ocis:9233"
       COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}

diff --git a/deployments/examples/ocis_full/config/ocis/csp-ocm.yaml b/deployments/examples/ocis_full/config/ocis/csp-ocm.yaml
@@ -0,0 +1,45 @@
+directives:
+  child-src:
+    - '''self'''
+  connect-src:
+    - '''self'''
+    - 'blob:'
+    - 'https://${COMPANION_DOMAIN|companion.ocm.owncloud.test}/'
+    - 'wss://${COMPANION_DOMAIN|companion.ocm.owncloud.test}/'
+    - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/'
+  default-src:
+    - '''none'''
+  font-src:
+    - '''self'''
+  frame-ancestors:
+    - '''self'''
+  frame-src:
+    - '''self'''
+    - 'blob:'
+    - 'https://embed.diagrams.net/'
+    # In contrary to bash and docker the default is given after the | character
+    - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.ocm.owncloud.test}/'
+    - 'https://${COLLABORA_DOMAIN|collabora.ocm.owncloud.test}/'
+    # This is needed for the external-sites web extension when embedding sites
+    - 'https://owncloud.dev'
+  img-src:
+    - '''self'''
+    - 'data:'
+    - 'blob:'
+    - 'https://raw.githubusercontent.com/owncloud/awesome-ocis/'
+    # In contrary to bash and docker the default is given after the | character
+    - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.ocm.owncloud.test}/'
+    - 'https://${COLLABORA_DOMAIN|collabora.ocm.owncloud.test}/'
+  manifest-src:
+    - '''self'''
+  media-src:
+    - '''self'''
+  object-src:
+    - '''self'''
+    - 'blob:'
+  script-src:
+    - '''self'''
+    - '''unsafe-inline'''
+  style-src:
+    - '''self'''
+    - '''unsafe-inline'''
diff --git a/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json b/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json
@@ -0,0 +1,27 @@
+{
+  "server": "https://ocis.ocm.owncloud.test",
+  "theme": "https://ocis.ocm.owncloud.test/themes/owncloud/theme.json",
+  "openIdConnect": {
+    "metadata_url": "https://ocis.ocm.owncloud.test/.well-known/openid-configuration",
+    "authority": "https://ocis.ocm.owncloud.test",
+    "client_id": "web",
+    "response_type": "code"
+  },
+  "options": {
+    "contextHelpersReadMore": true
+  },
+  "apps": [
+    "files",
+    "text-editor",
+    "pdf-viewer",
+    "search",
+    "external",
+    "admin-settings",
+    "ocm",
+    "webfinger",
+    "epub-reader",
+    "app-store",
+    "activities",
+    "preview"
+  ]
+}
diff --git a/deployments/examples/ocis_full/config/ocis/ocis.web.config.json b/deployments/examples/ocis_full/config/ocis/ocis.web.config.json
@@ -0,0 +1,27 @@
+{
+  "server": "https://ocis.owncloud.test",
+  "theme": "https://ocis.owncloud.test/themes/owncloud/theme.json",
+  "openIdConnect": {
+    "metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration",
+    "authority": "https://ocis.owncloud.test",
+    "client_id": "web",
+    "response_type": "code"
+  },
+  "options": {
+    "contextHelpersReadMore": true
+  },
+  "apps": [
+    "files",
+    "text-editor",
+    "pdf-viewer",
+    "search",
+    "external",
+    "admin-settings",
+    "ocm",
+    "webfinger",
+    "epub-reader",
+    "app-store",
+    "activities",
+    "preview"
+  ]
+}
diff --git a/deployments/examples/ocis_full/config/ocis/ocm.providers.json b/deployments/examples/ocis_full/config/ocis/ocm.providers.json
@@ -0,0 +1,72 @@
+[
+  {
+    "name": "ocis-server",
+    "full_name": "first-ocis-instance",
+    "organization": "Owncloud",
+    "domain": "ocis.owncloud.test",
+    "homepage": "https://owncloud.com",
+    "services": [
+      {
+        "endpoint": {
+          "type": {
+            "name": "OCM",
+            "description": "ocis.owncloud.test Open Cloud Mesh API"
+          },
+          "name": "ocis - OCM API",
+          "path": "https://ocis.owncloud.test/ocm/",
+          "is_monitored": true
+        },
+        "api_version": "0.0.1",
+        "host": "ocis.owncloud.test"
+      },
+      {
+        "endpoint": {
+          "type": {
+            "name": "Webdav",
+            "description": "ocis.owncloud.test Webdav API"
+          },
+          "name": "ocis - Webdav API",
+          "path": "https://ocis.owncloud.test/dav/",
+          "is_monitored": true
+        },
+        "api_version": "0.0.1",
+        "host": "ocis.owncloud.test"
+      }
+    ]
+  },
+  {
+    "name": "federation-ocis-server",
+    "full_name": "Ocm ocis",
+    "organization": "Owncloud",
+    "domain": "ocis.ocm.owncloud.test",
+    "homepage": "https://owncloud.com",
+    "services": [
+      {
+        "endpoint": {
+          "type": {
+            "name": "OCM",
+            "description": "CERNBox Open Cloud Mesh API"
+          },
+          "name": "CERNBox - OCM API",
+          "path": "https://ocis.ocm.owncloud.test/ocm/",
+          "is_monitored": true
+        },
+        "api_version": "0.0.1",
+        "host": "ocis.ocm.owncloud.test"
+      },
+      {
+        "endpoint": {
+          "type": {
+            "name": "Webdav",
+            "description": "ocis.ocm.owncloud.test Webdav API"
+          },
+          "name": "ocis.ocm - Webdav API",
+          "path": "https://ocis.ocm.owncloud.test/dav/",
+          "is_monitored": true
+        },
+        "api_version": "0.0.1",
+        "host": "ocis.ocm.owncloud.test"
+      }
+    ]
+  }
+]
diff --git a/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml b/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml
@@ -2,8 +2,8 @@
 services:
 
   collaboration-oo:
-    command: [ "-c", "dlv --listen=:40002 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ]
+    command: [ "-c", "dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ]
     environment:
       COLLABORATION_LOG_LEVEL: debug
     ports:
-      - 40002:40002
+      - 40002:40000
diff --git a/deployments/examples/ocis_full/debug-ocis-ocm.yml b/deployments/examples/ocis_full/debug-ocis-ocm.yml
@@ -0,0 +1,9 @@
+---
+services:
+
+  ocis-ocm:
+    command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ]
+    environment:
+      OCIS_LOG_LEVEL: debug
+    ports:
+      - 40004:40000
diff --git a/deployments/examples/ocis_full/debug-ocis.yml b/deployments/examples/ocis_full/debug-ocis.yml
@@ -3,5 +3,7 @@ services:
 
   ocis:
     command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ]
+    environment:
+      OCIS_LOG_LEVEL: debug
     ports:
       - 40000:40000
diff --git a/deployments/examples/ocis_full/docker-compose.yml b/deployments/examples/ocis_full/docker-compose.yml
@@ -4,6 +4,7 @@ services:
     image: traefik:v3.1.6
     networks:
       ocis-net:
+      ocis-ocm-net:
     command:
       - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
       # letsencrypt configuration
@@ -28,6 +29,7 @@ services:
       - "--providers.docker.exposedByDefault=false"
       # access log
       - "--accessLog=true"
+      - "--accesslog.filePath=/var/log/access.log"
       - "--accessLog.format=json"
       - "--accessLog.fields.headers.names.X-Request-Id=keep"
     ports:
@@ -54,3 +56,4 @@ volumes:
 
 networks:
   ocis-net:
+  ocis-ocm-net: