From 89be3c7d6344a694de707e1eb76205fd1dc2981e Mon Sep 17 00:00:00 2001 From: Willy Kloucek <34452982+wkloucek@users.noreply.github.com> Date: Thu, 14 Oct 2021 12:18:24 +0200 Subject: [PATCH] [deployment-examples] add wopi to deployment example (#5899) * add wopi to deployment example * expose gateway and drivers in preparation for owncloud/ocis#2612 --- .../ocis_web/latest.yml | 6 +- deployments/examples/ocis_web/.env | 32 +++ .../entrypoint-override.sh | 19 ++ .../entrypoint-override.sh | 7 + .../entrypoint-override.sh | 19 ++ .../ocis_web/config/ocis/mimetypes.json | 92 ++++++++ .../ocis_web/config/ocis/proxy-config.json | 4 - .../config/wopiserver/entrypoint-override.sh | 18 ++ .../config/wopiserver/wopiserver.conf.dist | 128 ++++++++++ .../examples/ocis_web/docker-compose.yml | 219 +++++++++++++++++- 10 files changed, 536 insertions(+), 8 deletions(-) create mode 100755 deployments/examples/ocis_web/config/ocis-appdriver-codimd/entrypoint-override.sh create mode 100755 deployments/examples/ocis_web/config/ocis-appdriver-collabora/entrypoint-override.sh create mode 100755 deployments/examples/ocis_web/config/ocis-appdriver-onlyoffice/entrypoint-override.sh create mode 100644 deployments/examples/ocis_web/config/ocis/mimetypes.json create mode 100755 deployments/examples/ocis_web/config/wopiserver/entrypoint-override.sh create mode 100644 deployments/examples/ocis_web/config/wopiserver/wopiserver.conf.dist diff --git a/deployments/continuous-deployment-config/ocis_web/latest.yml b/deployments/continuous-deployment-config/ocis_web/latest.yml index 79c89af36b4..a3e2ad5d53f 100644 --- a/deployments/continuous-deployment-config/ocis_web/latest.yml +++ b/deployments/continuous-deployment-config/ocis_web/latest.yml @@ -36,8 +36,12 @@ INSECURE: "false" TRAEFIK_ACME_MAIL: wkloucek@owncloud.com OCIS_DOCKER_TAG: latest - OCIS_DOMAIN: ocis.ocis-web.latest.owncloud.works WEB_DOCKER_TAG: latest + OCIS_DOMAIN: ocis.ocis-web.latest.owncloud.works + WOPISERVER_DOMAIN: wopiserver.ocis-web.latest.owncloud.works + COLLABORA_DOMAIN: collabora.ocis-web.latest.owncloud.works + ONLYOFFICE_DOMAIN: onlyoffice.ocis-web.latest.owncloud.works + CODIMD_DOMAIN: codimd.ocis-web.latest.owncloud.works COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml - name: monitoring git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git diff --git a/deployments/examples/ocis_web/.env b/deployments/examples/ocis_web/.env index b5fe089984a..5021226e647 100644 --- a/deployments/examples/ocis_web/.env +++ b/deployments/examples/ocis_web/.env @@ -23,6 +23,38 @@ IDP_LDAP_BIND_PASSWORD= STORAGE_LDAP_BIND_PASSWORD= # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" OCIS_JWT_SECRET= +# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" +STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= + +### Wopi server settings ### +# cs3org wopi server version. Defaults to "latest" +WOPISERVER_DOCKER_TAG= +# cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" +WOPISERVER_DOMAIN= +# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567" +WOPI_JWT_SECRET= +# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum123" +WOPI_IOP_SECRET= + +### Collabora settings ### +# Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test" +COLLABORA_DOMAIN= +# Admin user for Collabora. Defaults to blank, provide one to enable access +COLLABORA_ADMIN_USER= +# Admin password for Collabora. Defaults to blank, provide one to enable access +COLLABORA_ADMIN_PASSWORD= + +### OnlyOffice settings ### +# Domain of OnlyOffice, where you can find the frontend. Defaults to "onlyoffice.owncloud.test" +ONLYOFFICE_DOMAIN= + +### CodiMD settings ### +# Domain of Collabora, where you can find the frontend. Defaults to "codimd.owncloud.test" +CODIMD_DOMAIN= +# Secret which is used for the communication with the WOPI server. Must be changed in order to have a secure CodiMD. Defaults to "LoremIpsum456" +CODIMD_SECRET= ### ownCloud Web settings ### # ownCloud Web version. Defaults to "latest" diff --git a/deployments/examples/ocis_web/config/ocis-appdriver-codimd/entrypoint-override.sh b/deployments/examples/ocis_web/config/ocis-appdriver-codimd/entrypoint-override.sh new file mode 100755 index 00000000000..d0454fc4d29 --- /dev/null +++ b/deployments/examples/ocis_web/config/ocis-appdriver-codimd/entrypoint-override.sh @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +apk add curl + +#TODO: app driver itself should try again until CodiMD is up... + +retries=10 +while [[ $retries -gt 0 ]]; do + if curl --silent --show-error --fail http://codimd:3000 > /dev/null; then + ocis storage-app-provider server + else + echo "CodiMD is not yet available, trying again in 10 seconds" + sleep 10 + retries=$((retries - 1)) + fi +done +echo 'CodiMD was not available after 100 seconds' +exit 1 diff --git a/deployments/examples/ocis_web/config/ocis-appdriver-collabora/entrypoint-override.sh b/deployments/examples/ocis_web/config/ocis-appdriver-collabora/entrypoint-override.sh new file mode 100755 index 00000000000..f7bf200dd10 --- /dev/null +++ b/deployments/examples/ocis_web/config/ocis-appdriver-collabora/entrypoint-override.sh @@ -0,0 +1,7 @@ +#!/bin/sh +set -e + +# if Collabora is already up and we have a new oCIS image, this app provider starts up too fast for oCIS +sleep 20 + +ocis storage-app-provider server diff --git a/deployments/examples/ocis_web/config/ocis-appdriver-onlyoffice/entrypoint-override.sh b/deployments/examples/ocis_web/config/ocis-appdriver-onlyoffice/entrypoint-override.sh new file mode 100755 index 00000000000..c1d271f312f --- /dev/null +++ b/deployments/examples/ocis_web/config/ocis-appdriver-onlyoffice/entrypoint-override.sh @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +apk add curl + +#TODO: app driver itself should try again until OnlyOffice is up... + +retries=10 +while [[ $retries -gt 0 ]]; do + if curl --silent --show-error --fail http://onlyoffice/hosting/discovery > /dev/null; then + ocis storage-app-provider server + else + echo "OnlyOffice is not yet available, trying again in 10 seconds" + sleep 10 + retries=$((retries - 1)) + fi +done +echo 'OnlyOffice was not available after 100 seconds' +exit 1 diff --git a/deployments/examples/ocis_web/config/ocis/mimetypes.json b/deployments/examples/ocis_web/config/ocis/mimetypes.json new file mode 100644 index 00000000000..9cd243ed3ad --- /dev/null +++ b/deployments/examples/ocis_web/config/ocis/mimetypes.json @@ -0,0 +1,92 @@ +[ + { + "mime_type": "application/pdf", + "extension": "pdf", + "name": "PDF", + "description": "PDF document", + "icon": "", + "default_app": "", + "allow_creation": false + }, + { + "mime_type": "application/vnd.oasis.opendocument.text", + "extension": "odt", + "name": "OpenDocument", + "description": "OpenDocument text document", + "icon": "", + "default_app": "Collabora", + "allow_creation": true + }, + { + "mime_type": "application/vnd.oasis.opendocument.spreadsheet", + "extension": "ods", + "name": "OpenSpreadsheet", + "description": "OpenDocument spreadsheet document", + "icon": "", + "default_app": "Collabora", + "allow_creation": true + }, + { + "mime_type": "application/vnd.oasis.opendocument.presentation", + "extension": "odp", + "name": "OpenPresentation", + "description": "OpenDocument presentation document", + "icon": "", + "default_app": "Collabora", + "allow_creation": true + }, + { + "mime_type": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", + "extension": "docx", + "name": "Microsoft Word", + "description": "Microsoft Word document", + "icon": "", + "default_app": "OnlyOffice", + "allow_creation": true + }, + { + "mime_type": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", + "extension": "xlsx", + "name": "Microsoft Excel", + "description": "Microsoft Excel document", + "icon": "", + "default_app": "OnlyOffice", + "allow_creation": true + }, + { + "mime_type": "application/vnd.openxmlformats-officedocument.presentationml.presentation", + "extension": "pptx", + "name": "Microsoft PowerPoint", + "description": "Microsoft PowerPoint document", + "icon": "", + "default_app": "OnlyOffice", + "allow_creation": true + }, + { + "mime_type": "application/vnd.jupyter", + "extension": "ipynb", + "name": "Jupyter Notebook", + "description": "Jupyter Notebook", + "icon": "", + "default_app": "", + "allow_creation": true + }, + { + "mime_type": "text/markdown", + "extension": "md", + "name": "Markdown file", + "description": "Markdown file", + "icon": "", + "default_app": "CodiMD", + "allow_creation": true + }, + { + "mime_type": "application/compressed-markdown", + "extension": "zmd", + "name": "Compressed markdown file", + "description": "Compressed markdown file", + "icon": "", + "default_app": "CodiMD", + "allow_creation": false + } +] diff --git a/deployments/examples/ocis_web/config/ocis/proxy-config.json b/deployments/examples/ocis_web/config/ocis/proxy-config.json index 7d755c63754..375460b47a9 100644 --- a/deployments/examples/ocis_web/config/ocis/proxy-config.json +++ b/deployments/examples/ocis_web/config/ocis/proxy-config.json @@ -92,10 +92,6 @@ { "endpoint": "/settings.js", "backend": "http://localhost:9190" - }, - { - "endpoint": "/onlyoffice.js", - "backend": "http://localhost:9220" } ] } diff --git a/deployments/examples/ocis_web/config/wopiserver/entrypoint-override.sh b/deployments/examples/ocis_web/config/wopiserver/entrypoint-override.sh new file mode 100755 index 00000000000..92d1f1c5311 --- /dev/null +++ b/deployments/examples/ocis_web/config/wopiserver/entrypoint-override.sh @@ -0,0 +1,18 @@ +#/bin/sh! +set -e + +echo "${WOPISECRET}" > /etc/wopi/wopisecret +echo "${IOPSECRET}" > /etc/wopi/iopsecret +mkdir -p /var/run/secrets +echo "$CODIMDSECRET" > /var/run/secrets/codimd_apikey + +cp /etc/wopi/wopiserver.conf.dist /etc/wopi/wopiserver.conf +sed -i 's/ocis.owncloud.test/'${OCIS_DOMAIN}'/g' /etc/wopi/wopiserver.conf +sed -i 's/collabora.owncloud.test/'${COLLABORA_DOMAIN}'/g' /etc/wopi/wopiserver.conf +sed -i 's/wopiserver.owncloud.test/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf + +touch /var/log/wopi/wopiserver.log + +/app/wopiserver.py & + +tail -f /var/log/wopi/wopiserver.log diff --git a/deployments/examples/ocis_web/config/wopiserver/wopiserver.conf.dist b/deployments/examples/ocis_web/config/wopiserver/wopiserver.conf.dist new file mode 100644 index 00000000000..a0e297cffd7 --- /dev/null +++ b/deployments/examples/ocis_web/config/wopiserver/wopiserver.conf.dist @@ -0,0 +1,128 @@ +# +# wopiserver.conf +# +# Default configuration file for the WOPI server for CERNBox +# +############################################################## + +[general] +# Storage access layer to be loaded in order to operate this WOPI server +# Supported values: local, xroot, cs3. +storagetype = cs3 + +# Port where to listen for WOPI requests +port = 8880 + +# URL of your Microsoft Office Online service +#oosurl = https://officeonline.owncloud.test + +# URL of your Collabora Online service +#codeurl = https://collabora.owncloud.test + +# URL of your CodiMD service +codimdurl = https://codimd.owncloud.test +codimdinturl = http://codimd:3000 + +# URL of your WOPI server or your HA proxy in front of it +wopiurl = https://wopiserver.owncloud.test + +# URL for direct download of files. The complete URL that is sent +# to clients will include the access_token argument +downloadurl = https://wopiserver.owncloud.test/wopi/cbox/download + +# Optional URL prefix for WebDAV access to the files. This enables the +# 'Edit in Desktop client' action on Windows-based clients +webdavurl = https://ocis.owncloud.test/webdav + +# List of file extensions deemed incompatible with LibreOffice: +# interoperable locking will be disabled for such files +nonofficetypes = .md .zmd .txt .epd + +# List of file extensions to be supported by Collabora +codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key + +# WOPI access token expiration time [seconds] +tokenvalidity = 86400 + +# WOPI lock expiration time [seconds] +wopilockexpiration = 7200 + +# WOPI lock strict check: if True, WOPI locks will be compared according to specs, +# that is their representation must match. False (default) allows for a more relaxed +# comparison, which compensates incorrect lock requests from Microsoft Office Online +# on-premise setups. +#wopilockstrictcheck = False + +# Logging level. Debug enables the Flask debug mode as well. +# Valid values are: Debug, Info, Warning, Error. +loglevel = Info + +# Location of the lock files. Currently, two modes are supported: +# if a path is provided, all locks will be stored there with a hashed name, +# otherwise the lock is stored on the same path as the original file. +# This latter mode will eventually be dropped once the system is deemed +# stable enough and lock files are hidden away. +#lockpath = /your_storage/wopilocks + + +[security] +# Location of the secret files. Requires a restart of the +# WOPI server when either the files or their content change. +wopisecretfile = /etc/wopi/wopisecret +iopsecretfile = /etc/wopi/iopsecret + +# Use https as opposed to http (requires certificate) +usehttps = no + +# Certificate and key for https. Requires a restart +# to apply a change. +wopicert = /etc/grid-security/host.crt +wopikey = /etc/grid-security/host.key + + +[bridge] +# SSL certificate check for the connected apps +sslverify = False + +# Minimal time interval between two consecutive save operations [seconds] +#saveinterval = 200 + +# Minimal time interval before a closed file is WOPI-unlocked [seconds] +#unlockinterval = 90 + + +[io] +# Size used for buffered reads [bytes] +chunksize = 4194304 + + +[xroot] +# URL of the default remote xroot storage server. This can be overridden +# if the end-point is passed on the /wopi/cbox/open call +#storageserver = root://your-xrootd-server.org + +# Optional EOS top-level path that will be prepended to all user paths. Useful +# to map the CERNBox-exposed files in a subfolder of the EOS storage. By default, +# this is not used and storagehomepath is empty. +#storagehomepath = /your/top/storage/path + + +[local] +# Location of the folder or mount point used as local storage +#storagehomepath = /mnt/your_local_storage + + +[cs3] +# Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint +revagateway = ocis:9142 + +# HTTP (WebDAV) endpoint for uploading files +#datagateway = https://your-reva-server.org:port/data + +# Reva/gRPC authentication token expiration time [seconds] +# The default value matches Reva's default +authtokenvalidity = 3600 + +# SSL certificate check for Reva +# oCIS uses self signed certificate in this example +sslverify = false diff --git a/deployments/examples/ocis_web/docker-compose.yml b/deployments/examples/ocis_web/docker-compose.yml index 976fd1480c0..36bc17838a9 100644 --- a/deployments/examples/ocis_web/docker-compose.yml +++ b/deployments/examples/ocis_web/docker-compose.yml @@ -8,13 +8,17 @@ services: ocis-net: aliases: - ${OCIS_DOMAIN:-ocis.owncloud.test} + - ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + - ${COLLABORA_DOMAIN:-collabora.owncloud.test} + - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + - ${CODIMD_DOMAIN:-codimd.owncloud.test} command: - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" # letsencrypt configuration - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - # enable dasbhoard + # enable dashboard - "--api.dashboard=true" # define entrypoints - "--entryPoints.http.address=:80" @@ -51,6 +55,7 @@ services: - /entrypoint-override.sh environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates PROXY_TLS: "false" # do not use SSL between Traefik and oCIS @@ -58,11 +63,17 @@ services: IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + OCIS_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + # app registry + STORAGE_APP_REGISTRY_MIMETYPES_JSON: /var/tmp/ocis/app-config/mimetypes.json + STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers # proxy - PROXY_CONFIG_FILE: "/config/proxy-config.json" + PROXY_CONFIG_FILE: "/var/tmp/ocis/proxy-config/config.json" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - - ./config/ocis/proxy-config.json:/config/proxy-config.json + - ./config/ocis/proxy-config.json:/var/tmp/ocis/proxy-config/config.json + - ./config/ocis/mimetypes.json:/var/tmp/ocis/app-config/mimetypes.json - ocis-data:/var/tmp/ocis labels: - "traefik.enable=true" @@ -83,9 +94,211 @@ services: driver: "local" restart: always + ocis-appdriver-collabora: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + entrypoint: + - /bin/sh + - /entrypoint-override.sh + #command: storage-app-provider server + environment: + REVA_GATEWAY: ${REVA_GATEWAY:-ocis:9142} + APP_PROVIDER_BASIC_GRPC_ADDR: 0.0.0.0:9164 + APP_PROVIDER_BASIC_EXTERNAL_ADDR: ocis-appdriver-collabora:9164 + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + APP_PROVIDER_DRIVER: wopi + APP_PROVIDER_WOPI_DRIVER_APP_NAME: Collabora + APP_PROVIDER_WOPI_DRIVER_APP_ICON_URI: https://www.collaboraoffice.com/wp-content/uploads/2019/01/CP-icon.png + APP_PROVIDER_WOPI_DRIVER_APP_URL: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} + APP_PROVIDER_WOPI_DRIVER_INSECURE: "${INSECURE:-false}" + APP_PROVIDER_WOPI_DRIVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} + APP_PROVIDER_WOPI_DRIVER_WOPI_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + volumes: + - ./config/ocis-appdriver-collabora/entrypoint-override.sh:/entrypoint-override.sh + logging: + driver: "local" + restart: always + + ocis-appdriver-onlyoffice: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + user: "0" # needed for apk add in entrypoint script + entrypoint: + - /bin/sh + - /entrypoint-override.sh + #command: storage-app-provider server + environment: + REVA_GATEWAY: ${REVA_GATEWAY:-ocis:9142} + APP_PROVIDER_BASIC_GRPC_ADDR: 0.0.0.0:9164 + APP_PROVIDER_BASIC_EXTERNAL_ADDR: ocis-appdriver-onlyoffice:9164 + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + APP_PROVIDER_DRIVER: wopi + APP_PROVIDER_WOPI_DRIVER_APP_NAME: OnlyOffice + APP_PROVIDER_WOPI_DRIVER_APP_ICON_URI: https://www.pikpng.com/pngl/m/343-3435764_onlyoffice-desktop-editors-onlyoffice-logo-clipart.png + APP_PROVIDER_WOPI_DRIVER_APP_URL: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + APP_PROVIDER_WOPI_DRIVER_INSECURE: "${INSECURE:-false}" + APP_PROVIDER_WOPI_DRIVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} + APP_PROVIDER_WOPI_DRIVER_WOPI_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + volumes: + - ./config/ocis-appdriver-onlyoffice/entrypoint-override.sh:/entrypoint-override.sh + logging: + driver: "local" + restart: always + + ocis-appdriver-codimd: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + user: "0" # needed for apk add in entrypoint script + entrypoint: + - /bin/sh + - /entrypoint-override.sh + #command: storage-app-provider server + environment: + REVA_GATEWAY: ${REVA_GATEWAY:-ocis:9142} + APP_PROVIDER_BASIC_GRPC_ADDR: 0.0.0.0:9164 + APP_PROVIDER_BASIC_EXTERNAL_ADDR: ocis-appdriver-codimd:9164 + OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + APP_PROVIDER_DRIVER: wopi + APP_PROVIDER_WOPI_DRIVER_APP_NAME: CodiMD + APP_PROVIDER_WOPI_DRIVER_APP_API_KEY: ${CODIMD_SECRET:-LoremIpsum456} + APP_PROVIDER_WOPI_DRIVER_APP_ICON_URI: https://avatars.githubusercontent.com/u/67865462?v=4 + APP_PROVIDER_WOPI_DRIVER_APP_URL: https://${CODIMD_DOMAIN:-codimd.owncloud.test} + APP_PROVIDER_WOPI_DRIVER_INSECURE: "${INSECURE:-false}" + APP_PROVIDER_WOPI_DRIVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} + APP_PROVIDER_WOPI_DRIVER_WOPI_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + volumes: + - ./config/ocis-appdriver-codimd/entrypoint-override.sh:/entrypoint-override.sh + logging: + driver: "local" + restart: always + + wopiserver: + image: cs3org/wopiserver:${WOPISERVER_DOCKER_TAG:-latest} + networks: + ocis-net: + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + WOPISECRET: ${WOPI_JWT_SECRET:-LoremIpsum567} + IOPSECRET: ${WOPI_IOP_SECRET:-LoremIpsum123} + CODIMDSECRET: ${CODIMD_SECRET:-LoremIpsum456} + WOPISERVER_DOMAIN: ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} + volumes: + - ./config/wopiserver/entrypoint-override.sh:/entrypoint-override.sh + - ./config/wopiserver/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist + - wopi-data:/var/wopi_local_storage + - wopi-logs:/var/log/wopi + labels: + - "traefik.enable=true" + - "traefik.http.routers.wopiserver.entrypoints=https" + - "traefik.http.routers.wopiserver.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" + - "traefik.http.routers.wopiserver.tls.certresolver=http" + - "traefik.http.routers.wopiserver.service=wopiserver" + - "traefik.http.services.wopiserver.loadbalancer.server.port=8880" + logging: + driver: "local" + restart: always + + collabora: + image: collabora/code:6.4.11.3 + networks: + ocis-net: + environment: + domain: ${OCIS_DOMAIN:-ocis.owncloud.test} + DONT_GEN_SSL_CERT: "YES" + extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test} + username: ${COLLABORA_ADMIN_USER} + password: ${COLLABORA_ADMIN_PASSWORD} + cap_add: + - MKNOD + labels: + - "traefik.enable=true" + - "traefik.http.routers.collabora.entrypoints=https" + - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" + - "traefik.http.routers.collabora.tls.certresolver=http" + - "traefik.http.routers.collabora.service=collabora" + - "traefik.http.services.collabora.loadbalancer.server.port=9980" + logging: + driver: "local" + restart: always + + onlyoffice: + image: onlyoffice/documentserver:6.4.0 + networks: + ocis-net: + environment: + USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" # selfsigned certificates + labels: + - "traefik.enable=true" + - "traefik.http.routers.onlyoffice.entrypoints=https" + - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)" + - "traefik.http.routers.onlyoffice.tls.certresolver=http" + - "traefik.http.routers.onlyoffice.service=onlyoffice" + - "traefik.http.services.onlyoffice.loadbalancer.server.port=80" + # websockets can't be opend when this is ommitted + - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.onlyoffice.middlewares=onlyoffice" + logging: + driver: "local" + restart: always + + codimd: + image: gitlab-registry.cern.ch/authoring/notes/codimd:cernbox-integration + networks: + ocis-net: + environment: + CMD_DB_URL: postgres://codimd:codimd@codimd-db/codimd + CMD_AUTO_VERSION_CHECK: "false" + CMD_ALLOW_ANONYMOUS: "true" + CMD_ALLOW_ANONYMOUS_EDITS: "true" + CMD_ALLOW_ANONYMOUS_VIEWS: "true" + CMD_ALLOW_FREEURL: "true" + CMD_EMAIL: "false" + CMD_ALLOW_EMAIL_REGISTER: "false" + CMD_USESSL: "false" + NODE_TLS_REJECT_UNAUTHORIZED: 0 + CMD_APPLIANCE_MODE: "true" + CMD_SAVE_WEBHOOK: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}/wopi/bridge + CMD_API_KEY: ${CODIMD_SECRET:-LoremIpsum456} + labels: + - "traefik.enable=true" + - "traefik.http.routers.codimd.entrypoints=https" + - "traefik.http.routers.codimd.rule=Host(`${CODIMD_DOMAIN:-codimd.owncloud.test}`)" + - "traefik.http.routers.codimd.tls.certresolver=http" + - "traefik.http.routers.codimd.service=codimd" + - "traefik.http.services.codimd.loadbalancer.server.port=3000" + logging: + driver: "local" + restart: always + + codimd-db: + image: postgres:11.6-alpine + networks: + ocis-net: + environment: + POSTGRES_USER: codimd + POSTGRES_PASSWORD: codimd + POSTGRES_DB: codimd + volumes: + - codimd-db-data:/var/lib/postgresql/data + logging: + driver: "local" + restart: always + volumes: certs: ocis-data: + wopi-data: + wopi-logs: + codimd-db-data: networks: ocis-net: