From b9803e3690fcae6569e447e5aa55e1072f30a6f6 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 5 May 2022 09:27:59 +0200 Subject: [PATCH 1/6] fix ocis hello example --- .../ocis_hello/latest.yml | 16 +- .../ocis_individual_services/latest.yml | 1 + .../ocis_s3/latest.yml | 16 +- .../ocis_traefik/latest.yml | 1 + .../ocis_traefik/released.yml | 1 + .../ocis_wopi/latest.yml | 1 + .../ocis_wopi/released.yml | 1 + deployments/examples/ocis_hello/.env | 19 +- .../config/ocis/entrypoint-override.sh | 28 --- .../ocis_hello/config/ocis/proxy.yaml | 198 +++++++++++++----- .../config/ocis/web-config.dist.json | 30 --- .../examples/ocis_hello/config/ocis/web.yaml | 5 + .../examples/ocis_hello/docker-compose.yml | 24 +-- .../config/ocis/entrypoint-override.sh | 5 - .../examples/ocis_traefik/docker-compose.yml | 6 +- docs/ocis/deployment/ocis_hello.md | 63 +++--- 16 files changed, 224 insertions(+), 191 deletions(-) delete mode 100644 deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh delete mode 100644 deployments/examples/ocis_hello/config/ocis/web-config.dist.json create mode 100644 deployments/examples/ocis_hello/config/ocis/web.yaml delete mode 100644 deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh diff --git a/deployments/continuous-deployment-config/ocis_hello/latest.yml b/deployments/continuous-deployment-config/ocis_hello/latest.yml index d4b38625fb6..584d50db876 100644 --- a/deployments/continuous-deployment-config/ocis_hello/latest.yml +++ b/deployments/continuous-deployment-config/ocis_hello/latest.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-s3-latest +- name: continuous-deployment-ocis-hello-latest server: server_type: cx21 image: ubuntu-20.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-s3.latest.owncloud.works" + - "*.ocis-hello.latest.owncloud.works" vars: ssh_authorized_keys: @@ -29,21 +29,21 @@ - name: ocis git_url: https://github.com/owncloud/ocis.git ref: master - docker_compose_path: deployments/examples/ocis_s3 + docker_compose_path: deployments/examples/ocis_hello env: INSECURE: "false" TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-s3.latest.owncloud.works - MINIO_DOMAIN: minio.ocis-s3.latest.owncloud.works + OCIS_DOMAIN: ocis.ocis-hello.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.latest.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-hello.latest.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-s3.latest.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-s3-latest + OCIS_URL: ocis.ocis-hello.latest.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-hello-latest diff --git a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml index b4c7273c8ca..76428fa94b8 100644 --- a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml +++ b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml @@ -36,6 +36,7 @@ OCIS_DOCKER_TAG: latest OCIS_SCALE: 6 OCIS_DOMAIN: ocis.ocis-individual-services.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/continuous-deployment-config/ocis_s3/latest.yml b/deployments/continuous-deployment-config/ocis_s3/latest.yml index 76d8fcb7e67..ad3586759b2 100644 --- a/deployments/continuous-deployment-config/ocis_s3/latest.yml +++ b/deployments/continuous-deployment-config/ocis_s3/latest.yml @@ -1,5 +1,5 @@ --- -- name: continuous-deployment-ocis-hello-latest +- name: continuous-deployment-ocis-s3-latest server: server_type: cx21 image: ubuntu-20.04 @@ -14,7 +14,7 @@ - /var/lib/docker/volumes/ocis_certs domains: - - "*.ocis-hello.latest.owncloud.works" + - "*.ocis-s3.latest.owncloud.works" vars: ssh_authorized_keys: @@ -29,20 +29,22 @@ - name: ocis git_url: https://github.com/owncloud/ocis.git ref: master - docker_compose_path: deployments/examples/ocis_hello + docker_compose_path: deployments/examples/ocis_s3 env: INSECURE: "false" TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-hello.latest.owncloud.works + OCIS_DOMAIN: ocis.ocis-s3.latest.owncloud.works + MINIO_DOMAIN: minio.ocis-s3.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git ref: master env: NETWORK_NAME: ocis-net - TELEMETRY_SERVE_DOMAIN: telemetry.ocis-hello.latest.owncloud.works + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-s3.latest.owncloud.works JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 TELEGRAF_SPECIFIC_CONFIG: ocis_single_container - OCIS_URL: ocis.ocis-hello.latest.owncloud.works - OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-hello-latest + OCIS_URL: ocis.ocis-s3.latest.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-s3-latest diff --git a/deployments/continuous-deployment-config/ocis_traefik/latest.yml b/deployments/continuous-deployment-config/ocis_traefik/latest.yml index 0f5e22d5179..e6f76b5aa32 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/latest.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/latest.yml @@ -35,6 +35,7 @@ TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: latest OCIS_DOMAIN: ocis.ocis-traefik.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/continuous-deployment-config/ocis_traefik/released.yml b/deployments/continuous-deployment-config/ocis_traefik/released.yml index 93053a7c5b1..0e29e582b7d 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/released.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/released.yml @@ -35,6 +35,7 @@ TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: 1 OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/continuous-deployment-config/ocis_wopi/latest.yml b/deployments/continuous-deployment-config/ocis_wopi/latest.yml index f44c59e7070..d8e8f2d5084 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/latest.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/latest.yml @@ -39,6 +39,7 @@ COLLABORA_DOMAIN: collabora.ocis-wopi.latest.owncloud.works ONLYOFFICE_DOMAIN: onlyoffice.ocis-wopi.latest.owncloud.works CODIMD_DOMAIN: codimd.ocis-wopi.latest.owncloud.works + DEMO_USERS: "true" COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/continuous-deployment-config/ocis_wopi/released.yml b/deployments/continuous-deployment-config/ocis_wopi/released.yml index 701583d592f..994b071a7e5 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/released.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/released.yml @@ -38,6 +38,7 @@ WOPISERVER_DOMAIN: wopiserver.ocis-wopi.released.owncloud.works COLLABORA_DOMAIN: collabora.ocis-wopi.released.owncloud.works ONLYOFFICE_DOMAIN: onlyoffice.ocis-wopi.released.owncloud.works + DEMO_USERS: "true" CODIMD_DOMAIN: codimd.ocis-wopi.released.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring diff --git a/deployments/examples/ocis_hello/.env b/deployments/examples/ocis_hello/.env index 856e2b6bd42..78aa04d8759 100644 --- a/deployments/examples/ocis_hello/.env +++ b/deployments/examples/ocis_hello/.env @@ -2,10 +2,6 @@ # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. INSECURE=true -# The demo users should not be created on a production instance -# because their passwords are public -DEMO_USERS=true - ### Traefik settings ### # Serve Traefik dashboard. Defaults to "false". TRAEFIK_DASHBOARD= @@ -21,16 +17,11 @@ TRAEFIK_ACME_MAIL= OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= -# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". -IDP_LDAP_BIND_PASSWORD= -# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". -STORAGE_LDAP_BIND_PASSWORD= -# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" -OCIS_JWT_SECRET= -# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" -STORAGE_TRANSFER_SECRET= -# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" -OCIS_MACHINE_AUTH_API_KEY= +# oCIS admin user password. Defaults to "admin". +ADMIN_PASSWORD= +# The demo users should not be created on a production instance +# because their passwords are public. Defaults to "false". +DEMO_USERS= ### oCIS Hello settings ### # oCIS Hello version. Defaults to "latest" diff --git a/deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh deleted file mode 100644 index 6cd8f27182f..00000000000 --- a/deployments/examples/ocis_hello/config/ocis/entrypoint-override.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -set -e - -mkdir -p /var/tmp/ocis/.config/ -cp /config/web-config.dist.json /var/tmp/ocis/.config/web-config.json -sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN:-ocis.owncloud.test}'/g' /var/tmp/ocis/.config/web-config.json - -ocis server& -sleep 10 - -echo "##################################################" -echo "change default secrets:" - -# IDP -IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " IDP user UUID: $IDP_USER_UUID" -ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID - -# REVA -REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " Reva user UUID: $REVA_USER_UUID" -ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID - -echo "default secrets changed" -echo "##################################################" - -wait # wait for oCIS to exit diff --git a/deployments/examples/ocis_hello/config/ocis/proxy.yaml b/deployments/examples/ocis_hello/config/ocis/proxy.yaml index 432398165fa..0eef29b5732 100644 --- a/deployments/examples/ocis_hello/config/ocis/proxy.yaml +++ b/deployments/examples/ocis_hello/config/ocis/proxy.yaml @@ -1,55 +1,151 @@ ---- policy_selector: static: policy: ocis + policies: - - name: ocis - routes: - - endpoint: "/" - backend: http://localhost:9100 - - endpoint: "/.well-known/" - backend: http://localhost:9130 - - endpoint: "/konnect/" - backend: http://localhost:9130 - - endpoint: "/signin/" - backend: http://localhost:9130 - - type: regex - endpoint: "/ocs/v[12].php/cloud/(users?|groups)" - backend: http://localhost:9110 - - endpoint: "/ocs/" - backend: http://localhost:9140 - - type: query - endpoint: "/remote.php/?preview=1" - backend: http://localhost:9115 - - endpoint: "/remote.php/" - backend: http://localhost:9140 - - endpoint: "/dav/" - backend: http://localhost:9140 - - endpoint: "/webdav/" - backend: http://localhost:9140 - - endpoint: "/status.php" - backend: http://localhost:9140 - - endpoint: "/index.php/" - backend: http://localhost:9140 - - endpoint: "/data" - backend: http://localhost:9140 - - endpoint: "/app/" - backend: http://localhost:9140 - - endpoint: "/archiver" - backend: http://localhost:9140 - - endpoint: "/graph/" - backend: http://localhost:9120 - - endpoint: "/graph-explorer/" - backend: http://localhost:9135 - - endpoint: "/api/v0/accounts" - backend: http://localhost:9181 - - endpoint: "/accounts.js" - backend: http://localhost:9181 - - endpoint: "/api/v0/settings" - backend: http://localhost:9190 - - endpoint: "/settings.js" - backend: http://localhost:9190 - - endpoint: "/api/v0/greet" - backend: http://ocis-hello:9105 - - endpoint: "/hello.js" - backend: http://ocis-hello:9105 +- name: ocis + routes: + # defaults, taken from https://owncloud.dev/extensions/proxy/configuration/ + - type: "" + method: "" + endpoint: / + backend: http://localhost:9100 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /.well-known/ + backend: http://localhost:9130 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /konnect/ + backend: http://localhost:9130 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /signin/ + backend: http://localhost:9130 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /archiver + backend: http://localhost:9140 + service: "" + apache_vhost: false + - type: regex + method: "" + endpoint: /ocs/v[12].php/cloud/(users?|groups) + backend: http://localhost:9110 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /ocs/ + backend: http://localhost:9140 + service: "" + apache_vhost: false + - type: query + method: "" + endpoint: /remote.php/?preview=1 + backend: http://localhost:9115 + service: "" + apache_vhost: false + - type: "" + method: REPORT + endpoint: /remote.php/dav/ + backend: http://localhost:9115 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /remote.php/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /dav/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /webdav/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /status.php + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /index.php/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /apps/ + backend: "" + service: ocdav + apache_vhost: false + - type: "" + method: "" + endpoint: /data + backend: http://localhost:9140 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /app/ + backend: http://localhost:9140 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /graph/ + backend: http://localhost:9120 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /graph-explorer + backend: http://localhost:9135 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /api/v0/accounts + backend: http://localhost:9181 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /accounts.js + backend: http://localhost:9181 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /api/v0/settings + backend: http://localhost:9190 + service: "" + apache_vhost: false + - type: "" + method: "" + endpoint: /settings.js + backend: http://localhost:9190 + service: "" + apache_vhost: false + # oCIS Hello specific routes + - endpoint: "/api/v0/greet" + backend: http://ocis-hello:9105 + - endpoint: "/hello.js" + backend: http://ocis-hello:9105 diff --git a/deployments/examples/ocis_hello/config/ocis/web-config.dist.json b/deployments/examples/ocis_hello/config/ocis/web-config.dist.json deleted file mode 100644 index 1a8b7f8b853..00000000000 --- a/deployments/examples/ocis_hello/config/ocis/web-config.dist.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "server": "https://ocis.owncloud.test", - "theme": "https://ocis.owncloud.test/themes/owncloud/theme.json", - "version": "0.1.0", - "openIdConnect": { - "metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration", - "authority": "https://ocis.owncloud.test", - "client_id": "web", - "response_type": "code", - "scope": "openid profile email" - }, - "apps": ["files"], - "external_apps": [ - { - "id": "settings", - "path": "/settings.js" - }, - { - "id": "accounts", - "path": "/accounts.js" - }, - { - "id": "hello", - "path": "/hello.js" - } - ], - "options": { - "hideSearchBar": true - } -} diff --git a/deployments/examples/ocis_hello/config/ocis/web.yaml b/deployments/examples/ocis_hello/config/ocis/web.yaml new file mode 100644 index 00000000000..3100332956c --- /dev/null +++ b/deployments/examples/ocis_hello/config/ocis/web.yaml @@ -0,0 +1,5 @@ +web: + config: + external_apps: + - id: hello + path: /hello.js diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml index a9ff638e169..3387db06e89 100644 --- a/deployments/examples/ocis_hello/docker-compose.yml +++ b/deployments/examples/ocis_hello/docker-compose.yml @@ -48,33 +48,30 @@ services: ocis-net: entrypoint: - /bin/sh - - /entrypoint-override.sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - # web ui - WEB_UI_CONFIG: "/var/tmp/ocis/.config/web-config.json" # make settings service available to oCIS Hello SETTINGS_GRPC_ADDR: 0.0.0.0:9191 # INSECURE: needed if oCIS / Traefik is using self generated certificates OCIS_INSECURE: "${INSECURE:-false}" # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file # demo users - ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" + + OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - - ./config/ocis/web-config.dist.json:/config/web-config.dist.json - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml + - ./config/ocis/web.yaml:/etc/ocis/web.yaml + - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: - "traefik.enable=true" @@ -99,6 +96,7 @@ services: volumes: certs: + ocis-config: ocis-data: networks: diff --git a/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh deleted file mode 100644 index b5befa04aab..00000000000 --- a/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -set -e - -ocis init || true # will only initialize once -ocis server diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index fc1133e5dcc..456d3187ed3 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -48,7 +48,10 @@ services: ocis-net: entrypoint: - /bin/sh - - /entrypoint-override.sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose @@ -62,7 +65,6 @@ services: # demo users IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" volumes: - - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: diff --git a/docs/ocis/deployment/ocis_hello.md b/docs/ocis/deployment/ocis_hello.md index 312939a73a2..25e2a47fd98 100644 --- a/docs/ocis/deployment/ocis_hello.md +++ b/docs/ocis/deployment/ocis_hello.md @@ -48,39 +48,34 @@ See also [example server setup]({{< ref "preparing_server" >}}) The file by default looks like this: ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". - IDP_LDAP_BIND_PASSWORD= - # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". - STORAGE_LDAP_BIND_PASSWORD= - # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" - OCIS_JWT_SECRET= - # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" - STORAGE_TRANSFER_SECRET= - # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" - OCIS_MACHINE_AUTH_API_KEY= - - ### oCIS Hello settings ### - # oCIS Hello version. Defaults to "latest" - OCIS_HELLO_DOCKER_TAG= + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + # Serve Traefik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # oCIS admin user password. Defaults to "admin". + ADMIN_PASSWORD= + # The demo users should not be created on a production instance + # because their passwords are public. Defaults to "false". + DEMO_USERS= + + ### oCIS Hello settings ### + # oCIS Hello version. Defaults to "latest" + OCIS_HELLO_DOCKER_TAG= ``` You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. @@ -95,6 +90,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. + Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. + By default the oCIS Hello extension will be started in the `latest` version. If you want to start a specific version of oCIS Hello set the version to `OCIS_HELLO_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis-hello/tags?page=1&ordering=last_updated). Now you have configured everything and can save the file. From f2d82bd1acb4b0f23cafdffcf9253c9c80f78b58 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 5 May 2022 10:55:16 +0200 Subject: [PATCH 2/6] fix wopi integration and wopi deployment --- .../docker-compose.yml | 2 +- deployments/examples/ocis_wopi/.env | 20 +--- .../entrypoint-override.sh | 2 +- .../entrypoint-override.sh | 2 +- .../ocis_wopi/config/ocis/app-registry.yaml | 72 +++++++++++++++ .../config/ocis/entrypoint-override.sh | 24 ----- .../ocis_wopi/config/ocis/mimetypes.json | 92 ------------------- .../examples/ocis_wopi/docker-compose.yml | 87 +++++++++--------- extensions/app-provider/pkg/config/config.go | 4 +- extensions/frontend/pkg/config/config.go | 6 ++ .../pkg/config/defaults/defaultconfig.go | 3 + extensions/frontend/pkg/revaconfig/config.go | 11 +++ 12 files changed, 147 insertions(+), 178 deletions(-) create mode 100644 deployments/examples/ocis_wopi/config/ocis/app-registry.yaml delete mode 100644 deployments/examples/ocis_wopi/config/ocis/entrypoint-override.sh delete mode 100644 deployments/examples/ocis_wopi/config/ocis/mimetypes.json diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index 6d91722f158..265a3ec1298 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -695,7 +695,7 @@ services: OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 REVA_GATEWAY: storage-gateway:9142 diff --git a/deployments/examples/ocis_wopi/.env b/deployments/examples/ocis_wopi/.env index 44a465bbf9e..e4647c701d8 100644 --- a/deployments/examples/ocis_wopi/.env +++ b/deployments/examples/ocis_wopi/.env @@ -2,10 +2,6 @@ # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. INSECURE=true -# The demo users should not be created on a production instance -# because their passwords are public -DEMO_USERS=true - ### Traefik settings ### # Serve Traefik dashboard. Defaults to "false". TRAEFIK_DASHBOARD= @@ -21,16 +17,11 @@ TRAEFIK_ACME_MAIL= OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= -# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". -IDP_LDAP_BIND_PASSWORD= -# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". -STORAGE_LDAP_BIND_PASSWORD= -# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" -OCIS_JWT_SECRET= -# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" -STORAGE_TRANSFER_SECRET= -# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" -OCIS_MACHINE_AUTH_API_KEY= +# oCIS admin user password. Defaults to "admin". +ADMIN_PASSWORD= +# The demo users should not be created on a production instance +# because their passwords are public. Defaults to "false". +DEMO_USERS= ### Wopi server settings ### # cs3org wopi server version. Defaults to "latest" @@ -60,7 +51,6 @@ CODIMD_DOMAIN= # Secret which is used for the communication with the WOPI server. Must be changed in order to have a secure CodiMD. Defaults to "LoremIpsum456" CODIMD_SECRET= - # If you want to use debugging and tracing with this stack, # you need uncomment following line. Please see documentation at # https://owncloud.dev/ocis/deployment/monitoring-tracing/ diff --git a/deployments/examples/ocis_wopi/config/ocis-appdriver-codimd/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/ocis-appdriver-codimd/entrypoint-override.sh index d0454fc4d29..96c0a7ad33e 100755 --- a/deployments/examples/ocis_wopi/config/ocis-appdriver-codimd/entrypoint-override.sh +++ b/deployments/examples/ocis_wopi/config/ocis-appdriver-codimd/entrypoint-override.sh @@ -8,7 +8,7 @@ apk add curl retries=10 while [[ $retries -gt 0 ]]; do if curl --silent --show-error --fail http://codimd:3000 > /dev/null; then - ocis storage-app-provider server + ocis app-provider server else echo "CodiMD is not yet available, trying again in 10 seconds" sleep 10 diff --git a/deployments/examples/ocis_wopi/config/ocis-appdriver-onlyoffice/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/ocis-appdriver-onlyoffice/entrypoint-override.sh index c1d271f312f..8df12d70c49 100755 --- a/deployments/examples/ocis_wopi/config/ocis-appdriver-onlyoffice/entrypoint-override.sh +++ b/deployments/examples/ocis_wopi/config/ocis-appdriver-onlyoffice/entrypoint-override.sh @@ -8,7 +8,7 @@ apk add curl retries=10 while [[ $retries -gt 0 ]]; do if curl --silent --show-error --fail http://onlyoffice/hosting/discovery > /dev/null; then - ocis storage-app-provider server + ocis app-provider server else echo "OnlyOffice is not yet available, trying again in 10 seconds" sleep 10 diff --git a/deployments/examples/ocis_wopi/config/ocis/app-registry.yaml b/deployments/examples/ocis_wopi/config/ocis/app-registry.yaml new file mode 100644 index 00000000000..a513206787a --- /dev/null +++ b/deployments/examples/ocis_wopi/config/ocis/app-registry.yaml @@ -0,0 +1,72 @@ +app_registry: + mimetypes: + - mime_type: application/pdf + extension: pdf + name: PDF + description: PDF document + icon: '' + default_app: '' + allow_creation: false + - mime_type: application/vnd.oasis.opendocument.text + extension: odt + name: OpenDocument + description: OpenDocument text document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.oasis.opendocument.spreadsheet + extension: ods + name: OpenSpreadsheet + description: OpenDocument spreadsheet document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.oasis.opendocument.presentation + extension: odp + name: OpenPresentation + description: OpenDocument presentation document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document + extension: docx + name: Microsoft Word + description: Microsoft Word document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + extension: xlsx + name: Microsoft Excel + description: Microsoft Excel document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation + extension: pptx + name: Microsoft PowerPoint + description: Microsoft PowerPoint document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.jupyter + extension: ipynb + name: Jupyter Notebook + description: Jupyter Notebook + icon: '' + default_app: '' + allow_creation: true + - mime_type: text/markdown + extension: md + name: Markdown file + description: Markdown file + icon: '' + default_app: CodiMD + allow_creation: true + - mime_type: application/compressed-markdown + extension: zmd + name: Compressed markdown file + description: Compressed markdown file + icon: '' + default_app: CodiMD + allow_creation: false diff --git a/deployments/examples/ocis_wopi/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_wopi/config/ocis/entrypoint-override.sh deleted file mode 100644 index c1f96fae4ef..00000000000 --- a/deployments/examples/ocis_wopi/config/ocis/entrypoint-override.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -set -e - -ocis server& -sleep 10 - -echo "##################################################" -echo "change default secrets:" - -# IDP -IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " IDP user UUID: $IDP_USER_UUID" -ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID - -# REVA -REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " Reva user UUID: $REVA_USER_UUID" -ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID - -echo "default secrets changed" -echo "##################################################" - -wait # wait for oCIS to exit diff --git a/deployments/examples/ocis_wopi/config/ocis/mimetypes.json b/deployments/examples/ocis_wopi/config/ocis/mimetypes.json deleted file mode 100644 index 9cd243ed3ad..00000000000 --- a/deployments/examples/ocis_wopi/config/ocis/mimetypes.json +++ /dev/null @@ -1,92 +0,0 @@ -[ - { - "mime_type": "application/pdf", - "extension": "pdf", - "name": "PDF", - "description": "PDF document", - "icon": "", - "default_app": "", - "allow_creation": false - }, - { - "mime_type": "application/vnd.oasis.opendocument.text", - "extension": "odt", - "name": "OpenDocument", - "description": "OpenDocument text document", - "icon": "", - "default_app": "Collabora", - "allow_creation": true - }, - { - "mime_type": "application/vnd.oasis.opendocument.spreadsheet", - "extension": "ods", - "name": "OpenSpreadsheet", - "description": "OpenDocument spreadsheet document", - "icon": "", - "default_app": "Collabora", - "allow_creation": true - }, - { - "mime_type": "application/vnd.oasis.opendocument.presentation", - "extension": "odp", - "name": "OpenPresentation", - "description": "OpenDocument presentation document", - "icon": "", - "default_app": "Collabora", - "allow_creation": true - }, - { - "mime_type": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", - "extension": "docx", - "name": "Microsoft Word", - "description": "Microsoft Word document", - "icon": "", - "default_app": "OnlyOffice", - "allow_creation": true - }, - { - "mime_type": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", - "extension": "xlsx", - "name": "Microsoft Excel", - "description": "Microsoft Excel document", - "icon": "", - "default_app": "OnlyOffice", - "allow_creation": true - }, - { - "mime_type": "application/vnd.openxmlformats-officedocument.presentationml.presentation", - "extension": "pptx", - "name": "Microsoft PowerPoint", - "description": "Microsoft PowerPoint document", - "icon": "", - "default_app": "OnlyOffice", - "allow_creation": true - }, - { - "mime_type": "application/vnd.jupyter", - "extension": "ipynb", - "name": "Jupyter Notebook", - "description": "Jupyter Notebook", - "icon": "", - "default_app": "", - "allow_creation": true - }, - { - "mime_type": "text/markdown", - "extension": "md", - "name": "Markdown file", - "description": "Markdown file", - "icon": "", - "default_app": "CodiMD", - "allow_creation": true - }, - { - "mime_type": "application/compressed-markdown", - "extension": "zmd", - "name": "Compressed markdown file", - "description": "Compressed markdown file", - "icon": "", - "default_app": "CodiMD", - "allow_creation": false - } -] diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml index c841d517ae0..479a942e203 100644 --- a/deployments/examples/ocis_wopi/docker-compose.yml +++ b/deployments/examples/ocis_wopi/docker-compose.yml @@ -52,31 +52,28 @@ services: ocis-net: entrypoint: - /bin/sh - - /entrypoint-override.sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} - OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} - OCIS_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - # app registry - STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers - STORAGE_APP_REGISTRY_MIMETYPES_JSON: /var/tmp/ocis/app-config/mimetypes.json + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers # INSECURE: needed if oCIS / Traefik is using self generated certificates OCIS_INSECURE: "${INSECURE:-false}" # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file # demo users - ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" + + OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - - ./config/ocis/mimetypes.json:/var/tmp/ocis/app-config/mimetypes.json + - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml + - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: - "traefik.enable=true" @@ -93,20 +90,22 @@ services: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} networks: ocis-net: - command: storage-app-provider server + command: app-provider server environment: REVA_GATEWAY: ${REVA_GATEWAY:-ocis:9142} APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164 APP_PROVIDER_EXTERNAL_ADDR: ocis-appdriver-collabora:9164 - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} APP_PROVIDER_DRIVER: wopi - APP_PROVIDER_WOPI_DRIVER_APP_NAME: Collabora - APP_PROVIDER_WOPI_DRIVER_APP_ICON_URI: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}/favicon.ico - APP_PROVIDER_WOPI_DRIVER_APP_URL: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} - APP_PROVIDER_WOPI_DRIVER_INSECURE: "${INSECURE:-false}" - APP_PROVIDER_WOPI_DRIVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} - APP_PROVIDER_WOPI_DRIVER_WOPI_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + APP_PROVIDER_WOPI_APP_NAME: Collabora + APP_PROVIDER_WOPI_APP_ICON_URI: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}/favicon.ico + APP_PROVIDER_WOPI_APP_URL: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} + APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" + APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} + APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + + OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 + volumes: + - ocis-config:/etc/ocis logging: driver: "local" restart: always @@ -119,22 +118,23 @@ services: entrypoint: - /bin/sh - /entrypoint-override.sh - #command: storage-app-provider server + #command: app-provider server environment: REVA_GATEWAY: ${REVA_GATEWAY:-ocis:9142} APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164 APP_PROVIDER_EXTERNAL_ADDR: ocis-appdriver-onlyoffice:9164 - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} APP_PROVIDER_DRIVER: wopi - APP_PROVIDER_WOPI_DRIVER_APP_NAME: OnlyOffice - APP_PROVIDER_WOPI_DRIVER_APP_ICON_URI: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico - APP_PROVIDER_WOPI_DRIVER_APP_URL: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} - APP_PROVIDER_WOPI_DRIVER_INSECURE: "${INSECURE:-false}" - APP_PROVIDER_WOPI_DRIVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} - APP_PROVIDER_WOPI_DRIVER_WOPI_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + APP_PROVIDER_WOPI_APP_NAME: OnlyOffice + APP_PROVIDER_WOPI_APP_ICON_URI: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico + APP_PROVIDER_WOPI_APP_URL: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" + APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} + APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + + OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - ./config/ocis-appdriver-onlyoffice/entrypoint-override.sh:/entrypoint-override.sh + - ocis-config:/etc/ocis logging: driver: "local" restart: always @@ -147,23 +147,24 @@ services: entrypoint: - /bin/sh - /entrypoint-override.sh - #command: storage-app-provider server + #command: app-provider server environment: REVA_GATEWAY: ${REVA_GATEWAY:-ocis:9142} APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164 APP_PROVIDER_EXTERNAL_ADDR: ocis-appdriver-codimd:9164 - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} APP_PROVIDER_DRIVER: wopi - APP_PROVIDER_WOPI_DRIVER_APP_NAME: CodiMD - APP_PROVIDER_WOPI_DRIVER_APP_API_KEY: ${CODIMD_SECRET:-LoremIpsum456} - APP_PROVIDER_WOPI_DRIVER_APP_ICON_URI: https://${CODIMD_DOMAIN:-codimd.owncloud.test}/favicon.png - APP_PROVIDER_WOPI_DRIVER_APP_URL: https://${CODIMD_DOMAIN:-codimd.owncloud.test} - APP_PROVIDER_WOPI_DRIVER_INSECURE: "${INSECURE:-false}" - APP_PROVIDER_WOPI_DRIVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} - APP_PROVIDER_WOPI_DRIVER_WOPI_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + APP_PROVIDER_WOPI_APP_NAME: CodiMD + APP_PROVIDER_WOPI_APP_API_KEY: ${CODIMD_SECRET:-LoremIpsum456} + APP_PROVIDER_WOPI_APP_ICON_URI: https://${CODIMD_DOMAIN:-codimd.owncloud.test}/favicon.png + APP_PROVIDER_WOPI_APP_URL: https://${CODIMD_DOMAIN:-codimd.owncloud.test} + APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" + APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} + APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + + OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - ./config/ocis-appdriver-codimd/entrypoint-override.sh:/entrypoint-override.sh + - ocis-config:/etc/ocis logging: driver: "local" restart: always @@ -183,6 +184,7 @@ services: WOPISERVER_DOMAIN: ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} volumes: + - /home/kloucek/Projects/github.com/cs3org/wopiserver/src:/app #TODO: remove me - ./config/wopiserver/entrypoint-override.sh:/entrypoint-override.sh - ./config/wopiserver/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist - wopi-data:/var/wopi_local_storage @@ -286,6 +288,7 @@ services: volumes: certs: + ocis-config: ocis-data: wopi-data: wopi-logs: diff --git a/extensions/app-provider/pkg/config/config.go b/extensions/app-provider/pkg/config/config.go index 8ed590b8558..2e511aa6ba0 100644 --- a/extensions/app-provider/pkg/config/config.go +++ b/extensions/app-provider/pkg/config/config.go @@ -18,8 +18,8 @@ type Config struct { TokenManager *TokenManager `yaml:"token_manager"` Reva *Reva `yaml:"reva"` - ExternalAddr string `yaml:"external_addr"` - Driver string `yaml:"driver"` + ExternalAddr string `yaml:"external_addr" env:"APP_PROVIDER_EXTERNAL_ADDR"` + Driver string `yaml:"driver" env:"APP_PROVIDER_DRIVER"` Drivers Drivers `yaml:"drivers"` Supervised bool `yaml:"-"` diff --git a/extensions/frontend/pkg/config/config.go b/extensions/frontend/pkg/config/config.go index d0afebea71b..3f903850a5f 100644 --- a/extensions/frontend/pkg/config/config.go +++ b/extensions/frontend/pkg/config/config.go @@ -34,6 +34,7 @@ type Config struct { PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL"` + AppHandler AppHandler `yaml:"app_handler"` Archiver Archiver `yaml:"archiver"` DataGateway DataGateway `yaml:"data_gateway"` OCS OCS `yaml:"ocs"` @@ -86,6 +87,11 @@ type Auth struct { CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent"` } +type AppHandler struct { + Prefix string `yaml:"-"` + Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_APP_HANDLER_INSECURE"` +} + type Archiver struct { MaxNumFiles int64 `yaml:"max_num_files" env:"FRONTEND_ARCHIVER_MAX_NUM_FILES"` MaxSize int64 `yaml:"max_size" env:"FRONTEND_ARCHIVER_MAX_SIZE"` diff --git a/extensions/frontend/pkg/config/defaults/defaultconfig.go b/extensions/frontend/pkg/config/defaults/defaultconfig.go index 7a380ec37d7..051fbad36a5 100644 --- a/extensions/frontend/pkg/config/defaults/defaultconfig.go +++ b/extensions/frontend/pkg/config/defaults/defaultconfig.go @@ -42,6 +42,9 @@ func DefaultConfig() *config.Config { SupportedTypes: []string{"sha1", "md5", "adler32"}, PreferredUploadType: "", }, + AppHandler: config.AppHandler{ + Prefix: "app", + }, Archiver: config.Archiver{ Insecure: false, Prefix: "archiver", diff --git a/extensions/frontend/pkg/revaconfig/config.go b/extensions/frontend/pkg/revaconfig/config.go index 67b0be9bfab..9cd3c95d8f4 100644 --- a/extensions/frontend/pkg/revaconfig/config.go +++ b/extensions/frontend/pkg/revaconfig/config.go @@ -77,6 +77,17 @@ func FrontendConfigFromStruct(cfg *config.Config) map[string]interface{} { }, // TODO build services dynamically "services": map[string]interface{}{ + // this reva service called "appprovider" comes from + // `internal/http/services/appprovider` and is a translation + // layer from the grpc app registry to http, used by eg. ownCloud Web + // It should not be confused with `internal/grpc/services/appprovider` + // which is currently only has only the driver for the CS3org WOPI server + "appprovider": map[string]interface{}{ + "prefix": cfg.AppHandler.Prefix, + "transfer_shared_secret": cfg.TransferSecret, + "timeout": 86400, + "insecure": cfg.AppHandler.Insecure, + }, "archiver": map[string]interface{}{ "prefix": cfg.Archiver.Prefix, "timeout": 86400, From b43d99b1981598b4e624740012dc5fed0c3e8256 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 5 May 2022 10:55:37 +0200 Subject: [PATCH 3/6] update docs --- docs/extensions/app-registry/apps.md | 2 +- docs/ocis/deployment/oc10_ocis_parallel.md | 108 ++++++++--------- docs/ocis/deployment/ocis_hello.md | 56 ++++----- .../deployment/ocis_individual_services.md | 1 + docs/ocis/deployment/ocis_keycloak.md | 1 + docs/ocis/deployment/ocis_s3.md | 80 ++++++------- docs/ocis/deployment/ocis_traefik.md | 18 ++- docs/ocis/deployment/ocis_wopi.md | 112 +++++++++--------- 8 files changed, 188 insertions(+), 190 deletions(-) diff --git a/docs/extensions/app-registry/apps.md b/docs/extensions/app-registry/apps.md index 7bcff036b1d..d35b2e82a22 100644 --- a/docs/extensions/app-registry/apps.md +++ b/docs/extensions/app-registry/apps.md @@ -439,7 +439,7 @@ services: ... environment: ... - STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers ocis-appdriver-collabora: image: owncloud/ocis:latest diff --git a/docs/ocis/deployment/oc10_ocis_parallel.md b/docs/ocis/deployment/oc10_ocis_parallel.md index d87f233ae57..7067cf389dd 100644 --- a/docs/ocis/deployment/oc10_ocis_parallel.md +++ b/docs/ocis/deployment/oc10_ocis_parallel.md @@ -54,60 +54,60 @@ See also [example server setup]({{< ref "preparing_server" >}}) The file by default looks like this: ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - TRAEFIK_LOG_LEVEL= - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### shared oCIS / oC10 settings ### - # Domain of oCIS / oC10, where you can find the frontend. Defaults to "cloud.owncloud.test" - CLOUD_DOMAIN= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" - OCIS_JWT_SECRET= - # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" - STORAGE_TRANSFER_SECRET= - # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" - OCIS_MACHINE_AUTH_API_KEY= - - ### oCIS settings ### - # oC10 version. Defaults to "latest" - OC10_DOCKER_TAG= - # client secret which the openidconnect app uses to authenticate to Keycloak. Defaults to "oc10-oidc-secret" - OC10_OIDC_CLIENT_SECRET= - # app which will be shown when opening the ownCloud 10 UI. Defaults to "files" but also could be set to "web" - OWNCLOUD_DEFAULT_APP= - # if set to "false" (default) links will be opened in the classic UI, if set to "true" ownCloud Web is used - OWNCLOUD_WEB_REWRITE_LINKS= - - ### LDAP settings ### - # password for the LDAP admin user "cn=admin,dc=owncloud,dc=com", defaults to "admin" - LDAP_ADMIN_PASSWORD= - # Domain of the LDAP management frontend. Defaults to "ldap.owncloud.test" - LDAP_MANAGER_DOMAIN= - - ### Keycloak ### - # Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test" - KEYCLOAK_DOMAIN= - # Realm which to be used with oC10 and oCIS. Defaults to "owncloud" - KEYCLOAK_REALM= - # Admin user login name. Defaults to "admin" - KEYCLOAK_ADMIN_USER= - # Admin user login password. Defaults to "admin" - KEYCLOAK_ADMIN_PASSWORD= + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + TRAEFIK_LOG_LEVEL= + # Serve Traefik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### shared oCIS / oC10 settings ### + # Domain of oCIS / oC10, where you can find the frontend. Defaults to "cloud.owncloud.test" + CLOUD_DOMAIN= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" + OCIS_JWT_SECRET= + # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" + STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= + + ### oCIS settings ### + # oC10 version. Defaults to "latest" + OC10_DOCKER_TAG= + # client secret which the openidconnect app uses to authenticate to Keycloak. Defaults to "oc10-oidc-secret" + OC10_OIDC_CLIENT_SECRET= + # app which will be shown when opening the ownCloud 10 UI. Defaults to "files" but also could be set to "web" + OWNCLOUD_DEFAULT_APP= + # if set to "false" (default) links will be opened in the classic UI, if set to "true" ownCloud Web is used + OWNCLOUD_WEB_REWRITE_LINKS= + + ### LDAP settings ### + # password for the LDAP admin user "cn=admin,dc=owncloud,dc=com", defaults to "admin" + LDAP_ADMIN_PASSWORD= + # Domain of the LDAP management frontend. Defaults to "ldap.owncloud.test" + LDAP_MANAGER_DOMAIN= + + ### Keycloak ### + # Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test" + KEYCLOAK_DOMAIN= + # Realm which to be used with oC10 and oCIS. Defaults to "owncloud" + KEYCLOAK_REALM= + # Admin user login name. Defaults to "admin" + KEYCLOAK_ADMIN_USER= + # Admin user login password. Defaults to "admin" + KEYCLOAK_ADMIN_PASSWORD= ``` You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. diff --git a/docs/ocis/deployment/ocis_hello.md b/docs/ocis/deployment/ocis_hello.md index 25e2a47fd98..8e9adfda6c0 100644 --- a/docs/ocis/deployment/ocis_hello.md +++ b/docs/ocis/deployment/ocis_hello.md @@ -48,34 +48,34 @@ See also [example server setup]({{< ref "preparing_server" >}}) The file by default looks like this: ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - # oCIS admin user password. Defaults to "admin". - ADMIN_PASSWORD= - # The demo users should not be created on a production instance - # because their passwords are public. Defaults to "false". - DEMO_USERS= - - ### oCIS Hello settings ### - # oCIS Hello version. Defaults to "latest" - OCIS_HELLO_DOCKER_TAG= + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + # Serve Traefik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # oCIS admin user password. Defaults to "admin". + ADMIN_PASSWORD= + # The demo users should not be created on a production instance + # because their passwords are public. Defaults to "false". + DEMO_USERS= + + ### oCIS Hello settings ### + # oCIS Hello version. Defaults to "latest" + OCIS_HELLO_DOCKER_TAG= ``` You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. diff --git a/docs/ocis/deployment/ocis_individual_services.md b/docs/ocis/deployment/ocis_individual_services.md index 718e5291a42..0ea6ba9f554 100644 --- a/docs/ocis/deployment/ocis_individual_services.md +++ b/docs/ocis/deployment/ocis_individual_services.md @@ -45,6 +45,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) * Open the `.env` file in a text editor The file by default looks like this: + ```bash # If you're on a internet facing server please comment out following line. # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. diff --git a/docs/ocis/deployment/ocis_keycloak.md b/docs/ocis/deployment/ocis_keycloak.md index 5708569e2a3..28db3b1b95e 100644 --- a/docs/ocis/deployment/ocis_keycloak.md +++ b/docs/ocis/deployment/ocis_keycloak.md @@ -49,6 +49,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) * Open the `.env` file in a text editor The file by default looks like this: + ```bash # If you're on a internet facing server please comment out following line. # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. diff --git a/docs/ocis/deployment/ocis_s3.md b/docs/ocis/deployment/ocis_s3.md index 38c2d9ddf2d..39350a46c86 100644 --- a/docs/ocis/deployment/ocis_s3.md +++ b/docs/ocis/deployment/ocis_s3.md @@ -49,47 +49,47 @@ See also [example server setup]({{< ref "preparing_server" >}}) * Open the `.env` file in a text editor The file by default looks like this: - ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". - IDP_LDAP_BIND_PASSWORD= - # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". - STORAGE_LDAP_BIND_PASSWORD= - # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" - OCIS_JWT_SECRET= - # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" - STORAGE_TRANSFER_SECRET= - # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" - OCIS_MACHINE_AUTH_API_KEY= - - ### MINIO / S3 settings ### - # Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". - MINIO_DOMAIN= - # S3 bucket name, where oCIS stores its data in. Defaults to "ocis-bucket". - MINIO_BUCKET= - # S3 bucket access key, which oCIS uses to authenticate. Defaults to "ocis". - MINIO_ACCESS_KEY= - # S3 bucket access key secret, which oCIS uses to authenticate. Defaults to "ocis-secret-key". - MINIO_SECRET_KEY= + ```bash + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + # Serve Traefik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". + IDP_LDAP_BIND_PASSWORD= + # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". + STORAGE_LDAP_BIND_PASSWORD= + # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" + OCIS_JWT_SECRET= + # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" + STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= + + ### MINIO / S3 settings ### + # Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". + MINIO_DOMAIN= + # S3 bucket name, where oCIS stores its data in. Defaults to "ocis-bucket". + MINIO_BUCKET= + # S3 bucket access key, which oCIS uses to authenticate. Defaults to "ocis". + MINIO_ACCESS_KEY= + # S3 bucket access key secret, which oCIS uses to authenticate. Defaults to "ocis-secret-key". + MINIO_SECRET_KEY= ``` You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. diff --git a/docs/ocis/deployment/ocis_traefik.md b/docs/ocis/deployment/ocis_traefik.md index ee6851d108c..0bc2d157385 100644 --- a/docs/ocis/deployment/ocis_traefik.md +++ b/docs/ocis/deployment/ocis_traefik.md @@ -44,6 +44,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) * Open the `.env` file in a text editor The file by default looks like this: + ```bash # If you're on a internet facing server please comment out following line. # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. @@ -64,16 +65,11 @@ See also [example server setup]({{< ref "preparing_server" >}}) OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= - # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". - IDP_LDAP_BIND_PASSWORD= - # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". - STORAGE_LDAP_BIND_PASSWORD= - # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" - OCIS_JWT_SECRET= - # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" - STORAGE_TRANSFER_SECRET= - # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" - OCIS_MACHINE_AUTH_API_KEY= + # oCIS admin user password. Defaults to "admin". + ADMIN_PASSWORD= + # The demo users should not be created on a production instance + # because their passwords are public. Defaults to "false". + DEMO_USERS= ``` You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. @@ -88,6 +84,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. + Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. + Now you have configured everything and can save the file. * Start the docker stack diff --git a/docs/ocis/deployment/ocis_wopi.md b/docs/ocis/deployment/ocis_wopi.md index 99f9713918e..4c1199104de 100644 --- a/docs/ocis/deployment/ocis_wopi.md +++ b/docs/ocis/deployment/ocis_wopi.md @@ -58,64 +58,60 @@ See also [example server setup]({{< ref "preparing_server" >}}) * Open the `.env` file in a text editor The file by default looks like this: + ```bash - # If you're on a internet facing server please comment out following line. - # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. - INSECURE=true - - ### Traefik settings ### - # Serve Traefik dashboard. Defaults to "false". - TRAEFIK_DASHBOARD= - # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" - TRAEFIK_DOMAIN= - # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" - TRAEFIK_BASIC_AUTH_USERS= - # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server - TRAEFIK_ACME_MAIL= - - ### oCIS settings ### - # oCIS version. Defaults to "latest" - OCIS_DOCKER_TAG= - # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" - OCIS_DOMAIN= - # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". - IDP_LDAP_BIND_PASSWORD= - # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". - STORAGE_LDAP_BIND_PASSWORD= - # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" - OCIS_JWT_SECRET= - # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" - STORAGE_TRANSFER_SECRET= - # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" - OCIS_MACHINE_AUTH_API_KEY= - - ### Wopi server settings ### - # cs3org wopi server version. Defaults to "latest" - WOPISERVER_DOCKER_TAG= - # cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" - WOPISERVER_DOMAIN= - # JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567" - WOPI_JWT_SECRET= - # JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum123" - WOPI_IOP_SECRET= - - ### Collabora settings ### - # Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test" - COLLABORA_DOMAIN= - # Admin user for Collabora. Defaults to blank, provide one to enable access - COLLABORA_ADMIN_USER= - # Admin password for Collabora. Defaults to blank, provide one to enable access - COLLABORA_ADMIN_PASSWORD= - - ### OnlyOffice settings ### - # Domain of OnlyOffice, where you can find the frontend. Defaults to "onlyoffice.owncloud.test" - ONLYOFFICE_DOMAIN= - - ### CodiMD settings ### - # Domain of Collabora, where you can find the frontend. Defaults to "codimd.owncloud.test" - CODIMD_DOMAIN= - # Secret which is used for the communication with the WOPI server. Must be changed in order to have a secure CodiMD. Defaults to "LoremIpsum456" - CODIMD_SECRET= + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + # Serve Traefik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # oCIS admin user password. Defaults to "admin". + ADMIN_PASSWORD= + # The demo users should not be created on a production instance + # because their passwords are public. Defaults to "false". + DEMO_USERS= + + ### Wopi server settings ### + # cs3org wopi server version. Defaults to "latest" + WOPISERVER_DOCKER_TAG= + # cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" + WOPISERVER_DOMAIN= + # JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567" + WOPI_JWT_SECRET= + # JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum123" + WOPI_IOP_SECRET= + + ### Collabora settings ### + # Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test" + COLLABORA_DOMAIN= + # Admin user for Collabora. Defaults to blank, provide one to enable access + COLLABORA_ADMIN_USER= + # Admin password for Collabora. Defaults to blank, provide one to enable access + COLLABORA_ADMIN_PASSWORD= + + ### OnlyOffice settings ### + # Domain of OnlyOffice, where you can find the frontend. Defaults to "onlyoffice.owncloud.test" + ONLYOFFICE_DOMAIN= + + ### CodiMD settings ### + # Domain of Collabora, where you can find the frontend. Defaults to "codimd.owncloud.test" + CODIMD_DOMAIN= + # Secret which is used for the communication with the WOPI server. Must be changed in order to have a secure CodiMD. Defaults to "LoremIpsum456" + CODIMD_SECRET= ``` You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. @@ -130,6 +126,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. + Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. + By default the CS3Org WOPI server will also be started in the `latest` version. If you want to start a specific version of it, you can set the version to `WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/cs3org/wopiserver/tags?page=1&ordering=last_updated). Set your domain for the CS3Org WOPI server in `WOPISERVER_DOMAIN=`, where all office suites can download the files via the WOPI protocol. From 9e224849fa9660bc8a561002583ef385136d3db4 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 5 May 2022 12:19:02 +0200 Subject: [PATCH 4/6] fix compile time options after switch to v2 --- .make/go.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.make/go.mk b/.make/go.mk index b2af851fdca..48fa70bef50 100644 --- a/.make/go.mk +++ b/.make/go.mk @@ -1,4 +1,4 @@ -OCIS_REPO := github.com/owncloud/ocis +OCIS_REPO := github.com/owncloud/ocis/v2 IMPORT := ($OCIS_REPO)/$(NAME) BIN := bin DIST := dist From bd83771d86e6a6d6f47fa0460db6dad8071532f4 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 5 May 2022 12:23:53 +0200 Subject: [PATCH 5/6] remove todos --- deployments/examples/ocis_hello/docker-compose.yml | 2 -- deployments/examples/ocis_wopi/docker-compose.yml | 9 --------- 2 files changed, 11 deletions(-) diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml index 3387db06e89..0b416104636 100644 --- a/deployments/examples/ocis_hello/docker-compose.yml +++ b/deployments/examples/ocis_hello/docker-compose.yml @@ -66,8 +66,6 @@ services: IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file # demo users IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" - - OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml - ./config/ocis/web.yaml:/etc/ocis/web.yaml diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml index 479a942e203..545a59992b0 100644 --- a/deployments/examples/ocis_wopi/docker-compose.yml +++ b/deployments/examples/ocis_wopi/docker-compose.yml @@ -69,8 +69,6 @@ services: IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file # demo users IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" - - OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml - ocis-config:/etc/ocis @@ -102,8 +100,6 @@ services: APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - - OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - ocis-config:/etc/ocis logging: @@ -130,8 +126,6 @@ services: APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - - OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - ./config/ocis-appdriver-onlyoffice/entrypoint-override.sh:/entrypoint-override.sh - ocis-config:/etc/ocis @@ -160,8 +154,6 @@ services: APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" APP_PROVIDER_WOPI_WOPI_SERVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} - - OCIS_CONFIG_DIR: /etc/ocis #TODO: remove me after https://github.com/owncloud/ocis/issues/3688 volumes: - ./config/ocis-appdriver-codimd/entrypoint-override.sh:/entrypoint-override.sh - ocis-config:/etc/ocis @@ -184,7 +176,6 @@ services: WOPISERVER_DOMAIN: ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} volumes: - - /home/kloucek/Projects/github.com/cs3org/wopiserver/src:/app #TODO: remove me - ./config/wopiserver/entrypoint-override.sh:/entrypoint-override.sh - ./config/wopiserver/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist - wopi-data:/var/wopi_local_storage From 6e3752bb47d77bc94d461457ea329087ae9ff1ba Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 5 May 2022 12:53:56 +0200 Subject: [PATCH 6/6] fix s3 deployment example --- deployments/examples/ocis_s3/.env | 19 ++++-------- .../config/ocis/entrypoint-override.sh | 24 --------------- .../examples/ocis_s3/docker-compose.yml | 30 +++++++++---------- docs/ocis/deployment/ocis_s3.md | 17 +++++------ tests/acceptance/docker/src/ocis-base.yml | 10 +++---- 5 files changed, 31 insertions(+), 69 deletions(-) delete mode 100644 deployments/examples/ocis_s3/config/ocis/entrypoint-override.sh diff --git a/deployments/examples/ocis_s3/.env b/deployments/examples/ocis_s3/.env index 682264433ab..51d5e597246 100644 --- a/deployments/examples/ocis_s3/.env +++ b/deployments/examples/ocis_s3/.env @@ -2,10 +2,6 @@ # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. INSECURE=true -# The demo users should not be created on a production instance -# because their passwords are public -DEMO_USERS=true - ### Traefik settings ### # Serve Traefik dashboard. Defaults to "false". TRAEFIK_DASHBOARD= @@ -21,16 +17,11 @@ TRAEFIK_ACME_MAIL= OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= -# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". -IDP_LDAP_BIND_PASSWORD= -# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". -STORAGE_LDAP_BIND_PASSWORD= -# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" -OCIS_JWT_SECRET= -# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" -STORAGE_TRANSFER_SECRET= -# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" -OCIS_MACHINE_AUTH_API_KEY= +# oCIS admin user password. Defaults to "admin". +ADMIN_PASSWORD= +# The demo users should not be created on a production instance +# because their passwords are public. Defaults to "false". +DEMO_USERS= ### MINIO / S3 settings ### # Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". diff --git a/deployments/examples/ocis_s3/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_s3/config/ocis/entrypoint-override.sh deleted file mode 100644 index c1f96fae4ef..00000000000 --- a/deployments/examples/ocis_s3/config/ocis/entrypoint-override.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -set -e - -ocis server& -sleep 10 - -echo "##################################################" -echo "change default secrets:" - -# IDP -IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " IDP user UUID: $IDP_USER_UUID" -ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID - -# REVA -REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " Reva user UUID: $REVA_USER_UUID" -ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID - -echo "default secrets changed" -echo "##################################################" - -wait # wait for oCIS to exit diff --git a/deployments/examples/ocis_s3/docker-compose.yml b/deployments/examples/ocis_s3/docker-compose.yml index 5c4b9afc36a..49f34649887 100644 --- a/deployments/examples/ocis_s3/docker-compose.yml +++ b/deployments/examples/ocis_s3/docker-compose.yml @@ -48,35 +48,33 @@ services: ocis-net: entrypoint: - /bin/sh - - /entrypoint-override.sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} # activate s3ng storage driver STORAGE_USERS_DRIVER: s3ng STORAGE_SYSTEM_DRIVER: ocis # keep system data on ocis storage since this are only small files atm # s3ng specific settings - STORAGE_USERS_DRIVER_S3NG_ENDPOINT: http://minio:9000 - STORAGE_USERS_DRIVER_S3NG_REGION: default - STORAGE_USERS_DRIVER_S3NG_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis} - STORAGE_USERS_DRIVER_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key} - STORAGE_USERS_DRIVER_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket} + STORAGE_USERS_S3NG_ENDPOINT: http://minio:9000 + STORAGE_USERS_S3NG_REGION: default + STORAGE_USERS_S3NG_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis} + STORAGE_USERS_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key} + STORAGE_USERS_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket} # INSECURE: needed if oCIS / Traefik is using self generated certificates OCIS_INSECURE: "${INSECURE:-false}" # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file # demo users - ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" volumes: - - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh + - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: - "traefik.enable=true" @@ -95,8 +93,7 @@ services: ocis-net: entrypoint: - /bin/sh - - -c - - "mkdir -p /data/${MINIO_BUCKET:-ocis-bucket} && minio server --console-address ':9001' /data" + command: ["-c", "mkdir -p /data/${MINIO_BUCKET:-ocis-bucket} && minio server --console-address ':9001' /data"] volumes: - minio-data:/data environment: @@ -115,6 +112,7 @@ services: volumes: certs: + ocis-config: ocis-data: minio-data: diff --git a/docs/ocis/deployment/ocis_s3.md b/docs/ocis/deployment/ocis_s3.md index 39350a46c86..d1bac9fd939 100644 --- a/docs/ocis/deployment/ocis_s3.md +++ b/docs/ocis/deployment/ocis_s3.md @@ -70,16 +70,11 @@ See also [example server setup]({{< ref "preparing_server" >}}) OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= - # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". - IDP_LDAP_BIND_PASSWORD= - # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". - STORAGE_LDAP_BIND_PASSWORD= - # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" - OCIS_JWT_SECRET= - # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" - STORAGE_TRANSFER_SECRET= - # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" - OCIS_MACHINE_AUTH_API_KEY= + # oCIS admin user password. Defaults to "admin". + ADMIN_PASSWORD= + # The demo users should not be created on a production instance + # because their passwords are public. Defaults to "false". + DEMO_USERS= ### MINIO / S3 settings ### # Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". @@ -104,6 +99,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. + Set the initial admin user password in `ADMIN_PASSWORD=`, it defaults to `admin`. + Set your domain for the MinIO frontend in `MINIO_DOMAIN=`, e.g. `MINIO_DOMAIN=minio.owncloud.test`. If you are using other S3-compatible providers you need to configure the respective endpoint here. If you like you can change the default name of the S3 bucket by setting `MINIO_BUCKET=` to a different value. diff --git a/tests/acceptance/docker/src/ocis-base.yml b/tests/acceptance/docker/src/ocis-base.yml index 594a07020da..6486a404b79 100644 --- a/tests/acceptance/docker/src/ocis-base.yml +++ b/tests/acceptance/docker/src/ocis-base.yml @@ -16,11 +16,11 @@ services: ACCOUNTS_HASH_DIFFICULTY: 4 OCIS_INSECURE: "true" # s3ng specific settings - STORAGE_USERS_DRIVER_S3NG_ENDPOINT: http://ceph:8080 - STORAGE_USERS_DRIVER_S3NG_REGION: default - STORAGE_USERS_DRIVER_S3NG_ACCESS_KEY: test - STORAGE_USERS_DRIVER_S3NG_SECRET_KEY: test - STORAGE_USERS_DRIVER_S3NG_BUCKET: test + STORAGE_USERS_S3NG_ENDPOINT: http://ceph:8080 + STORAGE_USERS_S3NG_REGION: default + STORAGE_USERS_S3NG_ACCESS_KEY: test + STORAGE_USERS_S3NG_SECRET_KEY: test + STORAGE_USERS_S3NG_BUCKET: test volumes: - ../../../config:/drone/src/tests/config - oCISownCloud10testsuite:/srv