Merge pull request #1 from wkloucek/ocis-edge-wopi

add the wopi server

.vscode/launch.json

@@ -0,0 +1,17 @@
+{
+ "version": "0.2.0",
+ "configurations": [
+ {
+ "name": "debug server",
+ "type": "go",
+ "request": "launch",
+ "mode": "debug",
+ "program": "${workspaceFolder}/cmd/cs3-wopi-server",
+ //"args": [
+ // "server"
+ //],
+ //"env": {
+ //}
+ }
+ ]
+}

Dockerfile

@@ -0,0 +1,18 @@
+FROM owncloudci/golang as build
+
+COPY ./ /wopiserver
+
+WORKDIR /wopiserver
+
+RUN go build ./cmd/cs3-wopi-server
+
+FROM alpine
+
+LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
+ org.label-schema.name="ownCloud CS3 WOPI server" \
+ org.label-schema.vendor="ownCloud GmbH" \
+ org.label-schema.schema-version="1.0"
+
+ENTRYPOINT ["/usr/bin/cs3-wopi-server"]
+
+COPY --from=build /wopiserver/cs3-wopi-server /usr/bin/cs3-wopi-server

cmd/cs3-wopi-server/main.go

@@ -0,0 +1,14 @@
+package main
+
+import (
+ "fmt"
+
+ "github.com/wkloucek/cs3-wopi-server/pkg/cs3wopiserver"
+)
+
+func main() {
+ err := cs3wopiserver.Start()
+ if err != nil {
+ fmt.Println(err)
+ }
+}

deployment/.env

@@ -0,0 +1,52 @@
+# If you're on a internet facing server please comment out following line.
+# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
+INSECURE=true
+
+### Traefik settings ###
+# Serve Treafik dashboard. Defaults to "false".
+TRAEFIK_DASHBOARD=
+# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
+TRAEFIK_DOMAIN=
+# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
+TRAEFIK_BASIC_AUTH_USERS=
+# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
+TRAEFIK_ACME_MAIL=
+
+### oCIS settings ###
+# oCIS version. Defaults to "latest"
+OCIS_DOCKER_TAG=
+# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
+OCIS_DOMAIN=
+# oCIS admin user password. Defaults to "admin".
+ADMIN_PASSWORD=
+# The demo users should not be created on a production instance
+# because their passwords are public. Defaults to "false".
+DEMO_USERS=
+
+### Wopi server settings ###
+# wkloucek/cs3-wopi-server version. Defaults to "latest"
+WOPISERVER_DOCKER_TAG=
+# Collabora wopi server domain. Defaults to "wopiserver-collabora.owncloud.test"
+WOPISERVER_COLLABORA_DOMAIN=
+# OnlyOffice wopi server domain. Defaults to "wopiserver-onlyoffice.owncloud.test"
+WOPISERVER_ONLYOFFICE_DOMAIN=
+# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567"
+WOPI_JWT_SECRET=
+
+### Collabora settings ###
+# Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test"
+COLLABORA_DOMAIN=
+# Admin user for Collabora. Defaults to blank, provide one to enable access
+COLLABORA_ADMIN_USER=
+# Admin password for Collabora. Defaults to blank, provide one to enable access
+COLLABORA_ADMIN_PASSWORD=
+
+### OnlyOffice settings ###
+# Domain of OnlyOffice, where you can find the frontend. Defaults to "onlyoffice.owncloud.test"
+ONLYOFFICE_DOMAIN=
+
+
+# If you want to use debugging and tracing with this stack,
+# you need uncomment following line. Please see documentation at
+# https://owncloud.dev/ocis/deployment/monitoring-tracing/
+#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

deployment/config/ocis/app-registry.yaml

@@ -0,0 +1,58 @@
+app_registry:
+ mimetypes:
+ - mime_type: application/pdf
+ extension: pdf
+ name: PDF
+ description: PDF document
+ icon: ''
+ default_app: ''
+ allow_creation: false
+ - mime_type: application/vnd.oasis.opendocument.text
+ extension: odt
+ name: OpenDocument
+ description: OpenDocument text document
+ icon: ''
+ default_app: Collabora
+ allow_creation: true
+ - mime_type: application/vnd.oasis.opendocument.spreadsheet
+ extension: ods
+ name: OpenSpreadsheet
+ description: OpenDocument spreadsheet document
+ icon: ''
+ default_app: Collabora
+ allow_creation: true
+ - mime_type: application/vnd.oasis.opendocument.presentation
+ extension: odp
+ name: OpenPresentation
+ description: OpenDocument presentation document
+ icon: ''
+ default_app: Collabora
+ allow_creation: true
+ - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ extension: docx
+ name: Microsoft Word
+ description: Microsoft Word document
+ icon: ''
+ default_app: OnlyOffice
+ allow_creation: true
+ - mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ extension: xlsx
+ name: Microsoft Excel
+ description: Microsoft Excel document
+ icon: ''
+ default_app: OnlyOffice
+ allow_creation: true
+ - mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation
+ extension: pptx
+ name: Microsoft PowerPoint
+ description: Microsoft PowerPoint document
+ icon: ''
+ default_app: OnlyOffice
+ allow_creation: true
+ - mime_type: application/vnd.jupyter
+ extension: ipynb
+ name: Jupyter Notebook
+ description: Jupyter Notebook
+ icon: ''
+ default_app: ''
+ allow_creation: true

deployment/docker-compose.yaml

@@ -0,0 +1,206 @@
+---
+version: "3.7"
+
+services:
+ traefik:
+ image: traefik:v2.5
+ networks:
+ ocis-net:
+ aliases:
+ - ${OCIS_DOMAIN:-ocis.owncloud.test}
+ - ${WOPISERVER_COLLABORA_DOMAIN:-wopiserver-collabora.owncloud.test}
+ - ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-onlyoffice.owncloud.test}
+ - ${COLLABORA_DOMAIN:-collabora.owncloud.test}
+ - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
+ command:
+ - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
+ # letsencrypt configuration
+ - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
+ - "--certificatesResolvers.http.acme.storage=/certs/acme.json"
+ - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
+ # enable dashboard
+ - "--api.dashboard=true"
+ # define entrypoints
+ - "--entryPoints.http.address=:80"
+ - "--entryPoints.http.http.redirections.entryPoint.to=https"
+ - "--entryPoints.http.http.redirections.entryPoint.scheme=https"
+ - "--entryPoints.https.address=:443"
+ # docker provider (get configuration from container labels)
+ - "--providers.docker.endpoint=unix:///var/run/docker.sock"
+ - "--providers.docker.exposedByDefault=false"
+ ports:
+ - "80:80"
+ - "443:443"
+ volumes:
+ - "/var/run/docker.sock:/var/run/docker.sock:ro"
+ - "certs:/certs"
+ labels:
+ - "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
+ - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
+ - "traefik.http.routers.traefik.entrypoints=https"
+ - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
+ - "traefik.http.routers.traefik.middlewares=traefik-auth"
+ - "traefik.http.routers.traefik.tls.certresolver=http"
+ - "traefik.http.routers.traefik.service=api@internal"
+ logging:
+ driver: "local"
+ restart: always
+
+ ocis:
+ image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
+ networks:
+ ocis-net:
+ entrypoint:
+ - /bin/sh
+ # run ocis init to initialize a configuration file with random secrets
+ # it will fail on subsequent runs, because the config file already exists
+ # therefore we ignore the error and then start the ocis server
+ command: ["-c", "ocis init || true; ocis server"]
+ environment:
+ OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
+ OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
+ PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
+ GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
+ # INSECURE: needed if oCIS / Traefik is using self generated certificates
+ OCIS_INSECURE: "${INSECURE:-false}"
+ GRAPH_LDAP_INSECURE: "true" # https://github.com/owncloud/ocis/issues/3812
+ # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
+ PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
+ # admin user password
+ IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
+ # demo users
+ IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+ volumes:
+ - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml
+ - ocis-config:/etc/ocis
+ - ocis-data:/var/lib/ocis
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.ocis.entrypoints=https"
+ - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
+ - "traefik.http.routers.ocis.tls.certresolver=http"
+ - "traefik.http.routers.ocis.service=ocis"
+ - "traefik.http.services.ocis.loadbalancer.server.port=9200"
+ logging:
+ driver: "local"
+ restart: always
+
+ wopiserver-collabora:
+ image: wkloucek/cs3-wopi-server:${WOPISERVER_DOCKER_TAG:-latest}
+ networks:
+ ocis-net:
+ environment:
+ WOPI_APP_NAME: Collabora
+ WOPI_APP_DESCRIPTION: Collabora
+ WOPI_APP_ICON: image-edit
+ WOPI_JWT_SECRET: ${WOPI_JWT_SECRET:-LoremIpsum567}
+
+ WOPI_GRPC_BIND_ADDR: 0.0.0.0:5678
+ WOPI_GRPC_ADDR: wopiserver-collabora:5678
+
+ WOPI_HTTP_BIND_ADDR: 0.0.0.0:6789
+ WOPI_HTTP_ADDR: ${WOPISERVER_COLLABORA_DOMAIN:-wopiserver-collabora.owncloud.test}
+ WOPI_HTTP_SCHEME: https
+
+ WOPI_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}
+ WOPI_APP_INSECURE: "${INSECURE:-false}"
+
+ WOPI_CS3API_ADDR: ocis:9142
+ WOPI_CS3API_DATA_GATEWAY_INSECURE: "${INSECURE:-false}"
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.wopiserver-collabora.entrypoints=https"
+ - "traefik.http.routers.wopiserver-collabora.rule=Host(`${WOPISERVER_COLLABORA_DOMAIN:-wopiserver-collabora.owncloud.test}`)"
+ - "traefik.http.routers.wopiserver-collabora.tls.certresolver=http"
+ - "traefik.http.routers.wopiserver-collabora.service=wopiserver-collabora"
+ - "traefik.http.services.wopiserver-collabora.loadbalancer.server.port=6789"
+ logging:
+ driver: "local"
+ restart: always
+
+ wopiserver-onlyoffice:
+ image: wkloucek/cs3-wopi-server:${WOPISERVER_DOCKER_TAG:-latest}
+ networks:
+ ocis-net:
+ environment:
+ WOPI_APP_NAME: OnlyOffice
+ WOPI_APP_DESCRIPTION: OnlyOffice
+ WOPI_APP_ICON: image-edit
+ WOPI_JWT_SECRET: ${WOPI_JWT_SECRET:-LoremIpsum567}
+
+ WOPI_GRPC_BIND_ADDR: 0.0.0.0:5678
+ WOPI_GRPC_ADDR: wopiserver-onlyoffice:5678
+
+ WOPI_HTTP_BIND_ADDR: 0.0.0.0:6789
+ WOPI_HTTP_ADDR: ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-onlyoffice.owncloud.test}
+ WOPI_HTTP_SCHEME: https
+
+ WOPI_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
+ WOPI_APP_INSECURE: "${INSECURE:-false}"
+
+ WOPI_CS3API_ADDR: ocis:9142
+ WOPI_CS3API_DATA_GATEWAY_INSECURE: "${INSECURE:-false}"
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.wopiserver-onlyoffice.entrypoints=https"
+ - "traefik.http.routers.wopiserver-onlyoffice.rule=Host(`${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-onlyoffice.owncloud.test}`)"
+ - "traefik.http.routers.wopiserver-onlyoffice.tls.certresolver=http"
+ - "traefik.http.routers.wopiserver-onlyoffice.service=wopiserver-onlyoffice"
+ - "traefik.http.services.wopiserver-onlyoffice.loadbalancer.server.port=6789"
+ logging:
+ driver: "local"
+ restart: always
+
+
+
+ collabora:
+ image: collabora/code:6.4.11.3
+ networks:
+ ocis-net:
+ environment:
+ domain: ${OCIS_DOMAIN:-ocis.owncloud.test}
+ DONT_GEN_SSL_CERT: "YES"
+ extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test}
+ username: ${COLLABORA_ADMIN_USER}
+ password: ${COLLABORA_ADMIN_PASSWORD}
+ cap_add:
+ - MKNOD
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.collabora.entrypoints=https"
+ - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)"
+ - "traefik.http.routers.collabora.tls.certresolver=http"
+ - "traefik.http.routers.collabora.service=collabora"
+ - "traefik.http.services.collabora.loadbalancer.server.port=9980"
+ logging:
+ driver: "local"
+ restart: always
+
+ onlyoffice:
+ image: onlyoffice/documentserver:6.4.0
+ networks:
+ ocis-net:
+ environment:
+ USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" # selfsigned certificates
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.onlyoffice.entrypoints=https"
+ - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)"
+ - "traefik.http.routers.onlyoffice.tls.certresolver=http"
+ - "traefik.http.routers.onlyoffice.service=onlyoffice"
+ - "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
+ # websockets can't be opend when this is ommitted
+ - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https"
+ - "traefik.http.routers.onlyoffice.middlewares=onlyoffice"
+ logging:
+ driver: "local"
+ restart: always
+
+
+volumes:
+ certs:
+ ocis-config:
+ ocis-data:
+
+networks:
+ ocis-net:

dev-dependencies/Collabora/docker-compose.yaml

@@ -0,0 +1,13 @@
+---
+version: "3.7"
+
+services:
+ collabora:
+ image: collabora/code:latest
+ environment:
+ domain: localhost
+ extra_params: --o:ssl.enable=true --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=localhost:*
+ cap_add:
+ - MKNOD
+ ports:
+ - 8080:9980

dev-dependencies/OnlyOffice/docker-compose.yaml

@@ -0,0 +1,11 @@
+---
+version: "3.7"
+
+services:
+ onlyoffice:
+ image: onlyoffice/documentserver:6.4.0
+ environment:
+ USE_UNAUTHORIZED_STORAGE: "true" # self signed certificates
+
+ ports:
+ - 8080:80