Skip to content

Commit

Permalink
Merge pull request #2161 from owncloud/wopi_server_fix_jwt_secrets
Browse files Browse the repository at this point in the history
fix jwt secrets for wopiserver example
  • Loading branch information
wkloucek authored Jun 23, 2021
2 parents dc932c6 + b23570b commit 5a6b16a
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 10 deletions.
4 changes: 3 additions & 1 deletion deployments/examples/ocis_wopi/.env
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,10 @@ OCIS_WOPISERVER_DOCKER_TAG=
CS3ORG_WOPISERVER_DOCKER_TAG=
# cs3org wopi server domain. Defaults to "wopiserver.owncloud.test"
WOPISERVER_DOMAIN=
# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "Pive-Fumkiu4"
# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567"
WOPI_JWT_SECRET=
# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum123"
WOPI_IOP_SECRET=

### Collabora settings ###
# Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test"
Expand Down
7 changes: 4 additions & 3 deletions deployments/examples/ocis_wopi/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,8 +92,9 @@ services:
environment:
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
WOPISERVER_REVA_GATEWAY_ADDR: ocis:9142
OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
WOPISERVER_WOPI_SERVER_HOST: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}
WOPISERVER_WOPI_SERVER_SECRET: ${WOPI_JWT_SECRET:-Pive-Fumkiu4}
WOPISERVER_WOPI_SERVER_IOP_SECRET: ${WOPI_IOP_SECRET:-LoremIpsum123}
WOPISERVER_WOPI_SERVER_INSECURE: "${INSECURE:-false}"
logging:
driver: "local"
Expand All @@ -107,8 +108,8 @@ services:
- /bin/sh
- /entrypoint-override.sh
environment:
- WOPISECRET=${WOPI_JWT_SECRET:-Pive-Fumkiu4}
- IOPSECRET=${OCIS_JWT_SECRET:-Pive-Fumkiu4}
- WOPISECRET=${WOPI_JWT_SECRET:-LoremIpsum567}
- IOPSECRET=${WOPI_IOP_SECRET:-LoremIpsum123}
- WOPISERVER_DOMAIN=${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}
- COLLABORA_DOMAIN=${COLLABORA_DOMAIN:-collabora.owncloud.test}
volumes:
Expand Down
14 changes: 8 additions & 6 deletions docs/ocis/deployment/ocis_wopi.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,13 +81,15 @@ See also [example server setup]({{< ref "preparing_server" >}})

### Wopi server settings ###
# oCIS Wopi server version. Defaults to "latest"
OCIS_WOPISERVER_DOCKER_TAG=custom
OCIS_WOPISERVER_DOCKER_TAG=
# cs3org wopi server version. Defaults to "latest"
CS3ORG_WOPISERVER_DOCKER_TAG=
# cs3org wopi server domain. Defaults to "wopiserver.owncloud.test"
WOPISERVER_DOMAIN=
# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "Pive-Fumkiu4"
# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567"
WOPI_JWT_SECRET=
# JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum123"
WOPI_IOP_SECRET=

### Collabora settings ###
# Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test"
Expand Down Expand Up @@ -120,13 +122,13 @@ See also [example server setup]({{< ref "preparing_server" >}})
By default the CS3Org WOPI server will also be started in the `latest` version. If you want to start a specific version of it, you can set the version to `CS3ORG_WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/cs3org/wopiserver/tags?page=1&ordering=last_updated).

Set your domain for the CS3Org WOPI server in `WOPISERVER_DOMAIN=`, where Collabora can download the files.
You also must override the default WOPI JWT secret, in order to have a secure setup. Do this by setting `WOPI_JWT_SECRET` to a long and random string.

You also must override the default WOPI JWT secret and the WOPI IOP secret, in order to have a secure setup. Do this by setting `WOPI_JWT_SECRET` and `WOPI_IOP_SECRET` to a long and random string.

Now it's time to set up Collabora and you need to configure the Domain of Collabora in `COLLABORA_DOMAIN=`.

If you want to use the Collabora admin panel you need to set user name and passwort for in `COLLABORA_ADMIN_USER=` and `COLLABORA_ADMIN_PASSWORD=`.

Now you have configured everything and can save the file.

* Start the docker stack
Expand Down

0 comments on commit 5a6b16a

Please sign in to comment.