add the wopi server

.vscode/launch.json

@@ -0,0 +1,17 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "debug server",
+            "type": "go",
+            "request": "launch",
+            "mode": "debug",
+            "program": "${workspaceFolder}/cmd/cs3-wopi-server",
+            //"args": [
+            //    "server"
+            //],
+            //"env": {
+            //}
+        }
+    ]
+}

Dockerfile

@@ -0,0 +1,18 @@
+FROM owncloudci/golang as build
+
+COPY ./ /wopiserver
+
+WORKDIR /wopiserver
+
+RUN go build ./cmd/cs3-wopi-server
+
+FROM alpine
+
+LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
+	org.label-schema.name="ownCloud CS3 WOPI server" \
+	org.label-schema.vendor="ownCloud GmbH" \
+	org.label-schema.schema-version="1.0"
+
+ENTRYPOINT ["/usr/bin/cs3-wopi-server"]
+
+COPY --from=build /wopiserver/cs3-wopi-server /usr/bin/cs3-wopi-server

cmd/cs3-wopi-server/main.go

@@ -0,0 +1,14 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/wkloucek/cs3-wopi-server/pkg/cs3wopiserver"
+)
+
+func main() {
+	err := cs3wopiserver.Start()
+	if err != nil {
+		fmt.Println(err)
+	}
+}

deployment/.env

@@ -0,0 +1,52 @@
+# If you're on a internet facing server please comment out following line.
+# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
+INSECURE=true
+
+### Traefik settings ###
+# Serve Treafik dashboard. Defaults to "false".
+TRAEFIK_DASHBOARD=
+# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
+TRAEFIK_DOMAIN=
+# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
+TRAEFIK_BASIC_AUTH_USERS=
+# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server
+TRAEFIK_ACME_MAIL=
+
+### oCIS settings ###
+# oCIS version. Defaults to "latest"
+OCIS_DOCKER_TAG=
+# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
+OCIS_DOMAIN=
+# oCIS admin user password. Defaults to "admin".
+ADMIN_PASSWORD=
+# The demo users should not be created on a production instance
+# because their passwords are public. Defaults to "false".
+DEMO_USERS=
+
+### Wopi server settings ###
+# wkloucek/cs3-wopi-server version. Defaults to "latest"
+WOPISERVER_DOCKER_TAG=
+# Collabora wopi server domain. Defaults to "wopiserver-collabora.owncloud.test"
+WOPISERVER_COLLABORA_DOMAIN=
+# OnlyOffice wopi server domain. Defaults to "wopiserver-onlyoffice.owncloud.test"
+WOPISERVER_ONLYOFFICE_DOMAIN=
+# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567"
+WOPI_JWT_SECRET=
+
+### Collabora settings ###
+# Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test"
+COLLABORA_DOMAIN=
+# Admin user for Collabora. Defaults to blank, provide one to enable access
+COLLABORA_ADMIN_USER=
+# Admin password for Collabora. Defaults to blank, provide one to enable access
+COLLABORA_ADMIN_PASSWORD=
+
+### OnlyOffice settings ###
+# Domain of OnlyOffice, where you can find the frontend. Defaults to "onlyoffice.owncloud.test"
+ONLYOFFICE_DOMAIN=
+
+
+# If you want to use debugging and tracing with this stack,
+# you need uncomment following line. Please see documentation at
+# https://owncloud.dev/ocis/deployment/monitoring-tracing/
+#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml

deployment/config/ocis/app-registry.yaml

@@ -0,0 +1,58 @@
+app_registry:
+  mimetypes:
+  - mime_type: application/pdf
+    extension: pdf
+    name: PDF
+    description: PDF document
+    icon: ''
+    default_app: ''
+    allow_creation: false
+  - mime_type: application/vnd.oasis.opendocument.text
+    extension: odt
+    name: OpenDocument
+    description: OpenDocument text document
+    icon: ''
+    default_app: Collabora
+    allow_creation: true
+  - mime_type: application/vnd.oasis.opendocument.spreadsheet
+    extension: ods
+    name: OpenSpreadsheet
+    description: OpenDocument spreadsheet document
+    icon: ''
+    default_app: Collabora
+    allow_creation: true
+  - mime_type: application/vnd.oasis.opendocument.presentation
+    extension: odp
+    name: OpenPresentation
+    description: OpenDocument presentation document
+    icon: ''
+    default_app: Collabora
+    allow_creation: true
+  - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
+    extension: docx
+    name: Microsoft Word
+    description: Microsoft Word document
+    icon: ''
+    default_app: OnlyOffice
+    allow_creation: true
+  - mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+    extension: xlsx
+    name: Microsoft Excel
+    description: Microsoft Excel document
+    icon: ''
+    default_app: OnlyOffice
+    allow_creation: true
+  - mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation
+    extension: pptx
+    name: Microsoft PowerPoint
+    description: Microsoft PowerPoint document
+    icon: ''
+    default_app: OnlyOffice
+    allow_creation: true
+  - mime_type: application/vnd.jupyter
+    extension: ipynb
+    name: Jupyter Notebook
+    description: Jupyter Notebook
+    icon: ''
+    default_app: ''
+    allow_creation: true

deployment/docker-compose.yaml

@@ -0,0 +1,206 @@
+---
+version: "3.7"
+
+services:
+  traefik:
+    image: traefik:v2.5
+    networks:
+      ocis-net:
+        aliases:
+          - ${OCIS_DOMAIN:-ocis.owncloud.test}
+          - ${WOPISERVER_COLLABORA_DOMAIN:-wopiserver-collabora.owncloud.test}
+          - ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-onlyoffice.owncloud.test}
+          - ${COLLABORA_DOMAIN:-collabora.owncloud.test}
+          - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
+    command:
+      - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
+      # letsencrypt configuration
+      - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
+      - "--certificatesResolvers.http.acme.storage=/certs/acme.json"
+      - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
+      # enable dashboard
+      - "--api.dashboard=true"
+      # define entrypoints
+      - "--entryPoints.http.address=:80"
+      - "--entryPoints.http.http.redirections.entryPoint.to=https"
+      - "--entryPoints.http.http.redirections.entryPoint.scheme=https"
+      - "--entryPoints.https.address=:443"
+      # docker provider (get configuration from container labels)
+      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
+      - "--providers.docker.exposedByDefault=false"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "certs:/certs"
+    labels:
+      - "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
+      - "traefik.http.routers.traefik.entrypoints=https"
+      - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+      - "traefik.http.routers.traefik.tls.certresolver=http"
+      - "traefik.http.routers.traefik.service=api@internal"
+    logging:
+      driver: "local"
+    restart: always
+
+  ocis:
+    image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
+    networks:
+      ocis-net:
+    entrypoint:
+      - /bin/sh
+    # run ocis init to initialize a configuration file with random secrets
+    # it will fail on subsequent runs, because the config file already exists
+    # therefore we ignore the error and then start the ocis server
+    command: ["-c", "ocis init || true; ocis server"]
+    environment:
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
+      PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
+      GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      OCIS_INSECURE: "${INSECURE:-false}"
+      GRAPH_LDAP_INSECURE: "true" # https://github.com/owncloud/ocis/issues/3812
+      # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
+      PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
+      # admin user password
+      IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
+      # demo users
+      IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+    volumes:
+      - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml
+      - ocis-config:/etc/ocis
+      - ocis-data:/var/lib/ocis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.ocis.entrypoints=https"
+      - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
+      - "traefik.http.routers.ocis.tls.certresolver=http"
+      - "traefik.http.routers.ocis.service=ocis"
+      - "traefik.http.services.ocis.loadbalancer.server.port=9200"
+    logging:
+      driver: "local"
+    restart: always
+
+  wopiserver-collabora:
+    image: wkloucek/cs3-wopi-server:${WOPISERVER_DOCKER_TAG:-latest}
+    networks:
+      ocis-net:
+    environment:
+      WOPI_APP_NAME: Collabora
+      WOPI_APP_DESCRIPTION: Collabora
+      WOPI_APP_ICON: image-edit
+      WOPI_JWT_SECRET: ${WOPI_JWT_SECRET:-LoremIpsum567}
+
+      WOPI_GRPC_BIND_ADDR: 0.0.0.0:5678
+      WOPI_GRPC_ADDR: wopiserver-collabora:5678
+
+      WOPI_HTTP_BIND_ADDR: 0.0.0.0:6789
+      WOPI_HTTP_ADDR: ${WOPISERVER_COLLABORA_DOMAIN:-wopiserver-collabora.owncloud.test}
+      WOPI_HTTP_SCHEME: https
+
+      WOPI_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}
+      WOPI_APP_INSECURE: "${INSECURE:-false}"
+
+      WOPI_CS3API_ADDR: ocis:9142
+      WOPI_CS3API_DATA_GATEWAY_INSECURE: "${INSECURE:-false}"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wopiserver-collabora.entrypoints=https"
+      - "traefik.http.routers.wopiserver-collabora.rule=Host(`${WOPISERVER_COLLABORA_DOMAIN:-wopiserver-collabora.owncloud.test}`)"
+      - "traefik.http.routers.wopiserver-collabora.tls.certresolver=http"
+      - "traefik.http.routers.wopiserver-collabora.service=wopiserver-collabora"
+      - "traefik.http.services.wopiserver-collabora.loadbalancer.server.port=6789"
+    logging:
+      driver: "local"
+    restart: always
+
+  wopiserver-onlyoffice:
+    image: wkloucek/cs3-wopi-server:${WOPISERVER_DOCKER_TAG:-latest}
+    networks:
+      ocis-net:
+    environment:
+      WOPI_APP_NAME: OnlyOffice
+      WOPI_APP_DESCRIPTION: OnlyOffice
+      WOPI_APP_ICON: image-edit
+      WOPI_JWT_SECRET: ${WOPI_JWT_SECRET:-LoremIpsum567}
+
+      WOPI_GRPC_BIND_ADDR: 0.0.0.0:5678
+      WOPI_GRPC_ADDR: wopiserver-onlyoffice:5678
+
+      WOPI_HTTP_BIND_ADDR: 0.0.0.0:6789
+      WOPI_HTTP_ADDR: ${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-onlyoffice.owncloud.test}
+      WOPI_HTTP_SCHEME: https
+
+      WOPI_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
+      WOPI_APP_INSECURE: "${INSECURE:-false}"
+
+      WOPI_CS3API_ADDR: ocis:9142
+      WOPI_CS3API_DATA_GATEWAY_INSECURE: "${INSECURE:-false}"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wopiserver-onlyoffice.entrypoints=https"
+      - "traefik.http.routers.wopiserver-onlyoffice.rule=Host(`${WOPISERVER_ONLYOFFICE_DOMAIN:-wopiserver-onlyoffice.owncloud.test}`)"
+      - "traefik.http.routers.wopiserver-onlyoffice.tls.certresolver=http"
+      - "traefik.http.routers.wopiserver-onlyoffice.service=wopiserver-onlyoffice"
+      - "traefik.http.services.wopiserver-onlyoffice.loadbalancer.server.port=6789"
+    logging:
+      driver: "local"
+    restart: always
+
+
+
+  collabora:
+    image: collabora/code:6.4.11.3
+    networks:
+      ocis-net:
+    environment:
+      domain: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      DONT_GEN_SSL_CERT: "YES"
+      extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test}
+      username: ${COLLABORA_ADMIN_USER}
+      password: ${COLLABORA_ADMIN_PASSWORD}
+    cap_add:
+      - MKNOD
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.collabora.entrypoints=https"
+      - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)"
+      - "traefik.http.routers.collabora.tls.certresolver=http"
+      - "traefik.http.routers.collabora.service=collabora"
+      - "traefik.http.services.collabora.loadbalancer.server.port=9980"
+    logging:
+      driver: "local"
+    restart: always
+
+  onlyoffice:
+    image: onlyoffice/documentserver:6.4.0
+    networks:
+      ocis-net:
+    environment:
+      USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" # selfsigned certificates
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.onlyoffice.entrypoints=https"
+      - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)"
+      - "traefik.http.routers.onlyoffice.tls.certresolver=http"
+      - "traefik.http.routers.onlyoffice.service=onlyoffice"
+      - "traefik.http.services.onlyoffice.loadbalancer.server.port=80"
+      # websockets can't be opend when this is ommitted
+      - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https"
+      - "traefik.http.routers.onlyoffice.middlewares=onlyoffice"
+    logging:
+      driver: "local"
+    restart: always
+
+
+volumes:
+  certs:
+  ocis-config:
+  ocis-data:
+
+networks:
+  ocis-net:

dev-dependencies/Collabora/docker-compose.yaml

@@ -0,0 +1,13 @@
+---
+version: "3.7"
+
+services:
+  collabora:
+    image: collabora/code:latest
+    environment:
+      domain: localhost
+      extra_params: --o:ssl.enable=true --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=localhost:*
+    cap_add:
+      - MKNOD
+    ports:
+      - 8080:9980

dev-dependencies/OnlyOffice/docker-compose.yaml

@@ -0,0 +1,11 @@
+---
+version: "3.7"
+
+services:
+  onlyoffice:
+    image: onlyoffice/documentserver:6.4.0
+    environment:
+      USE_UNAUTHORIZED_STORAGE: "true" # self signed certificates
+
+    ports:
+      - 8080:80