wip

docs/ocis/deployment/basic-remote-setup.md

@@ -9,67 +9,36 @@ geekdocFilePath: basic-remote-setup.md
 
 {{< toc >}}
 
-Out of the box the oCIS single binary and the `owncloud/ocis` docker image are configured to run on localhost for quick testing and development.
+The default configuration or the oCIS binary and the `owncloud/ocis` docker image is assuming, that you access oCIS on `localhost`. This enables you to do quick testing and development without any configuration.
 
-If you need to access oCIS on a VM or a remote machine e.g. when testing a mobile client you need to configure oCIS to run on a different host.
+If you need to access oCIS on a VM, docker container or a remote machine via an other hostname than `localhost`, you need to configure this hostname in oCIS. The same also applies if you are not using hostnames, but an IP instead (eg. `127.0.0.1`).
 
-## Use the binary
+### Start the oCIS fullstack server
 
 If you start the oCIS fullstack for the first time with `./bin/ocis server` it will generate a file `identifier-registration.yml` in the config folder relative to its location. This file is used to configure the clients for the built-in Identity Provider.
 
-{{< hint warning >}}
-**Outdated version**\
-The `identifier-registration.yml` file will only be generated if there is no such file in place. You could miss updates on this file. Run `make clean` to delete the file and keep the development environment tidy otherwise as well.
-{{< /hint >}}
-
-### Add your hostname to the idp config
-
-Let us assume `your-host` is your remote domain name or IP address. Add your host to the `identifier-registration.yml` like this:
-
-```yaml {linenos=table,hl_lines=["15-17",21]}
-# OpenID Connect client registry.
-clients:
-  - id: web
-    name: ownCloud web app
-    application_type: web
-    insecure: yes
-    trusted: yes
-    redirect_uris:
-      - http://localhost:9100/
-      - http://localhost:9100/oidc-callback.html
-      - http://localhost:9100/oidc-silent-redirect.html
-      - https://localhost:9200/
-      - https://localhost:9200/oidc-callback.html
-      - https://localhost:9200/oidc-silent-redirect.html
-      - https://your-server:9200/
-      - https://your-server:9200/oidc-callback.html
-      - https://your-server:9200/oidc-silent-redirect.html
-    origins:
-      - http://localhost:9100
-      - https://localhost:9200
-      - https://your-server:9200
-```
-
-In this example we do not change the default port (`9200`). But this could be changed to another port.
+In the following examples you have the binary in your current working directory, it is named 'ocis' and is marked as executable.
 
 ### Start the oCIS fullstack server
 
-You need to configure `your-host` in some services to provide the needed public resources.
-
-This snippet will start the oCIS server with auto generated self signed certificates:
+In order to run oCIS with self generated certificates please execute following command:
+```bash
+OCIS_LOG_LEVEL=WARN
+KONNECTD_LOG_LEVEL=DEBUG
+PROXY_HTTP_ADDR=0.0.0.0:443 \
+OCIS_URL=https://ocis.owncloud.test:9200 \
+sudo ./ocis server
+```
 
+When you have your own certificates in place, you also may running following command:
 ```bash
 PROXY_HTTP_ADDR=0.0.0.0:9200 \
-OCIS_URL=https://your-server:9200 \
-KONNECTD_TLS=0 \
+OCIS_URL=https://your-host:9200 \
 PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \
 PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
-IDP_TLS=0 \
 ./bin/ocis server
 ```
 
-For more configuration options check the configuration section in [ocis](https://owncloud.github.io/ocis/configuration/) and every oCIS extension.
-
 {{< hint info >}}
 **TLS Certificate**\
 If you have a CA signed certificate for your domain, add the following configurations:
@@ -79,24 +48,11 @@ PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
 ```
 {{< /hint >}}
 
-## Use Docker Compose
-
-We are using our [docker compose playground](https://github.com/owncloud-docker/compose-playground) as a repository to share snippets that make our test setups easier and more aligned.
 
-You can start oCIS with docker very easily on a different host using this snippet.
+For more configuration options check the configuration section in [ocis](https://owncloud.github.io/ocis/configuration/) and every ocis extension.
 
-Let us assume your local IP is `192.168.103.195`
 
-```bash
-git clone https://github.com/owncloud-docker/compose-playground.git
-cd compose-playground/compose/ocis
 
-sed -i -e 's/your-url/192.168.103.195/g' config/identifier-registration.yml
-
-cat << EOF > .env
-OCIS_URL=https://192.168.103.195
-OCIS_DOCKER_TAG=latest
-EOF
+## Use Docker Compose
 
-curl -k https://192.168.103.195:9200/status.php
-```
+Please have a look at our other [deployment examples]({{< ref "./_index.md" >}}).

proxy/pkg/crypto/gencert.go

@@ -42,7 +42,7 @@ func pemBlockForKey(priv interface{}, l log.Logger) *pem.Block {
 }
 
 // GenCert generates TLS-Certificates
-func GenCert(l log.Logger) error {
+func GenCert(hosts []string, l log.Logger) error {
 	var priv interface{}
 	var err error
 
@@ -64,8 +64,8 @@ func GenCert(l log.Logger) error {
 	template := x509.Certificate{
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
-			Organization: []string{"Acme Corp"},
-			CommonName:   "OCIS",
+			Organization: []string{"ownCloud Infinite Scale"},
+			CommonName:   "oCIS",
 		},
 		NotBefore: notBefore,
 		NotAfter:  notAfter,
@@ -75,7 +75,6 @@ func GenCert(l log.Logger) error {
 		BasicConstraintsValid: true,
 	}
 
-	hosts := []string{"127.0.0.1", "localhost"}
 	for _, h := range hosts {
 		if ip := net.ParseIP(h); ip != nil {
 			template.IPAddresses = append(template.IPAddresses, ip)

proxy/pkg/server/http/server.go

@@ -26,7 +26,7 @@ func Server(opts ...Option) (svc.Service, error) {
 
 			if os.IsNotExist(certErr) || os.IsNotExist(keyErr) {
 				// GenCert has side effects as it writes 2 files to the binary running location
-				if err := crypto.GenCert(l); err != nil {
+				if err := crypto.GenCert([]string{options.Config.HTTP.Addr}, l); err != nil {
 					l.Fatal().Err(err).Msgf("Could not generate test-certificate")
 					os.Exit(1)
 				}