-
Notifications
You must be signed in to change notification settings - Fork 187
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9412 from owncloud/refactor_ocis_wopi_deployment
[docs-only] [5.0] Refactor the 'ocis_wopi' deployment example
- Loading branch information
Showing
11 changed files
with
508 additions
and
323 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,73 +1,205 @@ | ||
| # If you're on a internet facing server please comment out following line. | ||
| # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. | ||
| # Define the docker compose log driver used. | ||
| # Defaults to local | ||
| LOG_DRIVER= | ||
|
|
||
| # If you're on an internet facing server. comment out following line. | ||
| # It skips certificate validation for various parts of Infinite Scale and is | ||
| # needed when self signed certificates are used. | ||
| INSECURE=true | ||
|
|
||
| ### Traefik settings ### | ||
| # Serve Traefik dashboard. Defaults to "false". | ||
|
|
||
| ### Traefik Settings ### | ||
|
|
||
| # Serve Traefik dashboard. | ||
| # Defaults to "false". | ||
| TRAEFIK_DASHBOARD= | ||
| # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" | ||
|
|
||
| # Domain of Traefik, where you can find the dashboard. | ||
| # Defaults to "traefik.owncloud.test" | ||
| TRAEFIK_DOMAIN= | ||
| # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" (written as: "admin:admin"). | ||
|
|
||
| # Basic authentication for the traefik dashboard. | ||
| # Defaults to user "admin" and password "admin" (written as: "admin:admin"). | ||
| TRAEFIK_BASIC_AUTH_USERS= | ||
| # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server | ||
|
|
||
| # Email address for obtaining LetsEncrypt certificates. | ||
| # Needs only be changed if this is a public facing server. | ||
| TRAEFIK_ACME_MAIL= | ||
| # Defaults to "https://acme-v02.api.letsencrypt.org/directory". | ||
| # Set to: "https://acme-staging-v02.api.letsencrypt.org/directory" for testing to check the certificate process. | ||
| # With staging, there will be an SSL error in the browser. When certificates are displayed and are emitted by | ||
| # "Fake LE Intermediate X1", the process went well and the envvar can be reset to empty to get valid certificates. | ||
|
|
||
| # Set to the following for testing to check the certificate process: | ||
| # "https://acme-staging-v02.api.letsencrypt.org/directory" | ||
| # With staging configured, there will be an SSL error in the browser. | ||
| # When certificates are displayed and are emitted by # "Fake LE Intermediate X1", | ||
| # the process went well and the envvar can be reset to empty to get valid certificates. | ||
| TRAEFIK_ACME_CASERVER= | ||
|
|
||
| ### oCIS settings ### | ||
| # oCIS version. Defaults to "latest" | ||
|
|
||
| ### Infinite Scale Settings ### | ||
|
|
||
| # Beside Traefik, this service must stay enabled. | ||
| # Disable only for testing purposes. | ||
| OCIS=:ocis.yml | ||
|
|
||
| # The oCIS container image. | ||
| # Defaults to "owncloud/ocis" which contains the production releases. | ||
| OCIS_DOCKER_IMAGE= | ||
|
|
||
| # The oCIS container version. | ||
| # Defaults to "latest". This will point to the latest stable tag. | ||
| OCIS_DOCKER_TAG= | ||
| # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" | ||
|
|
||
| # Domain of oCIS, where you can find the frontend. | ||
| # Defaults to "ocis.owncloud.test" | ||
| OCIS_DOMAIN= | ||
|
|
||
| # oCIS admin user password. Defaults to "admin". | ||
| ADMIN_PASSWORD= | ||
| # The demo users should not be created on a production instance | ||
|
|
||
| # Demo users should not be created on a production instance, | ||
| # because their passwords are public. Defaults to "false". | ||
| # Also see: https://doc.owncloud.com/ocis/latest/deployment/general/general-info.html#demo-users-and-groups | ||
| DEMO_USERS= | ||
| # Log level for OCIS_DOCKER_TAG | ||
| OCIS_LOG_LEVEL= | ||
|
|
||
| ### Wopi server settings ### | ||
| # cs3org wopi server version. Defaults to "v10.4.0" | ||
| # Define the loglevel used. | ||
| # For more details see: | ||
| # https://doc.owncloud.com/ocis/latest/deployment/services/env-vars-special-scope.html | ||
| LOG_LEVEL= | ||
|
|
||
| # Define SMPT settings if you would like to send Infinite Scale email notifications. | ||
| # For more details see: | ||
| # https://doc.owncloud.com/ocis/latest/deployment/services/s-list/notifications.html | ||
|
|
||
| # SMTP host to connect to. | ||
| SMTP_HOST= | ||
|
|
||
| # Port of the SMTP host to connect to. | ||
| SMTP_PORT= | ||
|
|
||
| # An eMail address that is used for sending Infinite Scale notification eMails | ||
| # like "ocis notifications <[email protected]>". | ||
| SMTP_SENDER= | ||
|
|
||
| # Username for the SMTP host to connect to. | ||
| SMTP_USERNAME= | ||
|
|
||
| # Password for the SMTP host to connect to. | ||
| SMTP_PASSWORD= | ||
|
|
||
| # Authentication method for the SMTP communication. | ||
| SMTP_AUTHENTICATION= | ||
|
|
||
| # Allow insecure connections to the SMTP server. Defaults to false. | ||
| SMTP_INSECURE= | ||
|
|
||
|
|
||
| ## Default Enabled Services ## | ||
|
|
||
| ### Apache Tika Content Analysis Toolkit ### | ||
|
|
||
| # Tika (search) is enabled by default, comment if not required. | ||
| # the leading colon is required to enable the service | ||
| TIKA=:tika.yml | ||
| # Set the desired docker image tag or digest. | ||
| # Defaults to "latest" | ||
| TIKA_IMAGE= | ||
|
|
||
|
|
||
| ### Wopi Server Settings ### | ||
|
|
||
| # Wopi Server is enabled by default, comment if not required. | ||
| # Note that without the wopiserver, office apps will fail to start. | ||
| # the leading colon is required to enable the service | ||
| WOPISERVER=:wopiserver.yml | ||
|
|
||
| # cs3org WOPI Server Version. | ||
| # Defaults to "v10.5.0" | ||
| WOPISERVER_DOCKER_TAG= | ||
| # cs3org wopi server domain. Defaults to "wopiserver.owncloud.test" | ||
|
|
||
| # cs3org WOPI Server Domain. Defaults to "wopiserver.owncloud.test" | ||
| WOPISERVER_DOMAIN= | ||
| # JWT secret which is used for the documents to be request by the Wopi client from the cs3org Wopi server. Must be change in order to have a secure Wopi server. Defaults to "LoremIpsum567" | ||
|
|
||
| # JWT secret which is used for the documents to be request by the WOPI client | ||
| # from the cs3org WOPI server. Must be changed in order to have a secure WOPI server. | ||
| # Defaults to "LoremIpsum567" | ||
| WOPI_JWT_SECRET= | ||
|
|
||
| ### Collabora settings ### | ||
| # Domain of Collabora, where you can find the frontend. Defaults to "collabora.owncloud.test" | ||
|
|
||
| ### Collabora Settings ### | ||
|
|
||
| # Collabora web office is default enabled, comment if not required. | ||
| # the leading colon is required to enable the service | ||
| COLLABORA=:collabora.yml | ||
|
|
||
| # Domain of Collabora, where you can find the frontend. | ||
| # Defaults to "collabora.owncloud.test" | ||
| COLLABORA_DOMAIN= | ||
| # Admin user for Collabora. Defaults to blank, provide one to enable access. Collabora Admin Panel URL: https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html | ||
|
|
||
| # Admin user for Collabora. | ||
| # Defaults to blank. Provide one to enable access. | ||
| # Collabora Admin Panel URL: | ||
| # https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html | ||
| COLLABORA_ADMIN_USER= | ||
| # Admin password for Collabora. Defaults to blank, provide one to enable access | ||
|
|
||
| # Admin password for Collabora. | ||
| # Defaults to blank, provide one to enable access | ||
| COLLABORA_ADMIN_PASSWORD= | ||
|
|
||
| ### OnlyOffice settings ### | ||
| # Domain of OnlyOffice, where you can find the frontend. Defaults to "onlyoffice.owncloud.test" | ||
| ONLYOFFICE_DOMAIN= | ||
|
|
||
| ### Email / Inbucket settings ### | ||
| # Inbucket / Mail domain. Defaults to "mail.owncloud.test" | ||
| INBUCKET_DOMAIN= | ||
| ### Supplemental Configurations ### | ||
| # If you want to use supplemental configurations, | ||
| # you need to uncomment lines containing :path/file.yml | ||
| # and configure the service if required. | ||
|
|
||
| ### Apache Tika Content analysis toolkit ### | ||
| # Set the desired docker image tag or digest, defaults to "latest" | ||
| TIKA_IMAGE= | ||
|
|
||
| # If you want to use debugging and tracing with this stack, | ||
| # you need uncomment following line. Please see documentation at | ||
| # https://owncloud.dev/ocis/deployment/monitoring-tracing/ | ||
| #COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml | ||
| ## Debugging - Monitoring ## | ||
| # Please see documentation at: https://owncloud.dev/ocis/deployment/monitoring-tracing/ | ||
| # Only enable if you have Collabora AND OnlyOffice enabled | ||
| #MONITORING=:monitoring_tracing/docker-compose-additions.yml | ||
|
|
||
|
|
||
| ## Uppy Companion Settings ## | ||
| # the leading colon is required to enable the service | ||
| COMPANION=:companion.yml | ||
|
|
||
| ### Uppy Companion settings ### | ||
| # Domain of Uppy Companion. Defaults to "companion.owncloud.test" | ||
| COMPANION_IMAGE= | ||
|
|
||
| # Domain of Uppy Companion. Defaults to "companion.owncloud.test" | ||
| COMPANION_DOMAIN= | ||
| COMPANION_WEB_CONFIG_FILE_NAME= | ||
| # Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference. Empty by default, which disables providers. | ||
|
|
||
| # Provider settings, see https://uppy.io/docs/companion/#provideroptions for reference. | ||
| # Empty by default, which disables providers. | ||
| COMPANION_ONEDRIVE_KEY= | ||
| COMPANION_ONEDRIVE_SECRET= | ||
|
|
||
|
|
||
| ## OnlyOffice Settings ## | ||
| # the leading colon is required to enable the service | ||
| # ONLYOFFICE=:onlyoffice.yml | ||
|
|
||
| # Domain for OnlyOffice. Defaults to "onlyoffice.owncloud.test" | ||
| ONLYOFFICE_DOMAIN= | ||
|
|
||
|
|
||
| ## Inbucket Settings ## | ||
| # INBUCKET=:inbucket.yml | ||
|
|
||
| # email server (in this case inbucket acts as mail catcher) | ||
| # Domain for Inbucket. Defaults to "mail.owncloud.test" | ||
| INBUCKET_DOMAIN= | ||
|
|
||
| # Mutual exclusive with ocis settings, only uncomment when the ocis settings are NOT set | ||
| #SMTP_HOST=inbucket | ||
| #SMTP_PORT=2500 | ||
| #SMTP_SENDER="oCIS notifications <notifications@${OCIS_DOMAIN:-ocis.owncloud.test}>" | ||
| #SMTP_USERNAME="notifications@${OCIS_DOMAIN:-ocis.owncloud.test}" | ||
| # the mail catcher uses self signed certificates | ||
| #SMTP_INSECURE: "true" | ||
|
|
||
|
|
||
| ### IMPORTANT ### | ||
| # This MUST be the last line as it assembles the supplemental compose files to be used. | ||
| # ALL supplemental configs must be added here, independent if commented or not. | ||
| # Each var must either be empty or contain :path/file.yml | ||
| COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${WOPISERVER:-}${COLLABORA:-}${MONITORING:-}${COMPANION:-}${ONLYOFFICE:-}${INBUCKET:-} | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,4 @@ | ||
| --- | ||
| document this deployment example in: docs/ocis/deployment/ocis_wopi.md | ||
| --- | ||
| Please refer to our [admin documentation](https://doc.owncloud.com/ocis/latest/depl-examples/ubuntu-compose/ubuntu-compose-prod.html) for instructions on how to deploy this scenario. | ||
|
|
||
| # Infinite Scale WOPI Deployment Example | ||
| Note: This deployment setup is highly configurable. At minimum, it starts traefik`, ocis`, tika`, the wopiserver` and collabora`. Additional services can be started by removing the respective comment in the `.env` file. Depending on the service added, related variables need to be configured. | ||
|
|
||
| This deployment example is documented in the [developer documentation](https://owncloud.dev/ocis/deployment/ocis_wopi/). | ||
| See the link for more details and instructions on how to deploy this scenario. | ||
|
|
||
| Also see the [Admin Documentation](https://doc.owncloud.com/ocis/latest/index.html) for administrative and more configuration details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| --- | ||
| services: | ||
| traefik: | ||
| networks: | ||
| ocis-net: | ||
| aliases: | ||
| - ${COLLABORA_DOMAIN:-collabora.owncloud.test} | ||
|
|
||
| collabora: | ||
| # collabora can currently NOT be updated to: 24.x due to a bug in collabora | ||
| # this is the latest tested and functional collabora version | ||
| image: collabora/code:23.05.10.1.1 | ||
| networks: | ||
| - ocis-net | ||
| environment: | ||
| aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}:443 | ||
| DONT_GEN_SSL_CERT: "YES" | ||
| extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test} | ||
| username: ${COLLABORA_ADMIN_USER} | ||
| password: ${COLLABORA_ADMIN_PASSWORD} | ||
| cap_add: | ||
| - MKNOD | ||
| labels: | ||
| - "traefik.enable=true" | ||
| - "traefik.http.routers.collabora.entrypoints=https" | ||
| - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" | ||
| - "traefik.http.routers.collabora.tls.certresolver=http" | ||
| - "traefik.http.routers.collabora.service=collabora" | ||
| - "traefik.http.services.collabora.loadbalancer.server.port=9980" | ||
| logging: | ||
| driver: ${LOG_DRIVER:-local} | ||
| restart: always | ||
| healthcheck: | ||
| test: ["CMD", "curl", "-f", "http://localhost:9980/hosting/discovery"] | ||
|
|
||
| ocis-appprovider-collabora: | ||
| image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} | ||
| networks: | ||
| ocis-net: | ||
| command: app-provider server | ||
| environment: | ||
| OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} | ||
| # use the internal service name of the gateway | ||
| APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164 | ||
| # configure the service name to avoid collision with like with onlyoffice | ||
| APP_PROVIDER_SERVICE_NAME: app-provider-collabora | ||
| # use the internal service name | ||
| APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-collabora | ||
| APP_PROVIDER_DRIVER: wopi | ||
| APP_PROVIDER_WOPI_APP_NAME: Collabora | ||
| APP_PROVIDER_WOPI_APP_ICON_URI: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}/favicon.ico | ||
| APP_PROVIDER_WOPI_APP_URL: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} | ||
| APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" | ||
| APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} | ||
| APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} | ||
| # share the registry with the ocis container | ||
| MICRO_REGISTRY_ADDRESS: ocis:9233 | ||
| volumes: | ||
| - ocis-config:/etc/ocis | ||
| logging: | ||
| driver: ${LOG_DRIVER:-local} | ||
| restart: always | ||
| depends_on: | ||
| ocis: | ||
| condition: service_started | ||
| collabora: | ||
| condition: service_healthy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| --- | ||
| services: | ||
| traefik: | ||
| networks: | ||
| ocis-net: | ||
| aliases: | ||
| - ${COMPANION_DOMAIN:-companion.owncloud.test} | ||
|
|
||
| companion: | ||
| # companion could be updated to: 4.14.0 <-- needs checking | ||
| image: ${COMPANION_IMAGE:-transloadit/companion:4.5.1} | ||
| networks: | ||
| - ocis-net | ||
| environment: | ||
| NODE_ENV: production | ||
| NODE_TLS_REJECT_UNAUTHORIZED: 0 | ||
| COMPANION_DATADIR: /tmp/companion/ | ||
| COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} | ||
| COMPANION_PROTOCOL: https | ||
| COMPANION_UPLOAD_URLS: "^https://${OCIS_DOMAIN:-ocis.owncloud.test}/" | ||
| COMPANION_ONEDRIVE_KEY: "${COMPANION_ONEDRIVE_KEY}" | ||
| COMPANION_ONEDRIVE_SECRET: "${COMPANION_ONEDRIVE_SECRET}" | ||
| volumes: | ||
| - companion-data:/tmp/companion/ | ||
| labels: | ||
| - "traefik.enable=true" | ||
| - "traefik.http.routers.companion.entrypoints=https" | ||
| - "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.owncloud.test}`)" | ||
| - "traefik.http.routers.companion.tls.certresolver=http" | ||
| - "traefik.http.routers.companion.service=companion" | ||
| - "traefik.http.services.companion.loadbalancer.server.port=3020" | ||
| logging: | ||
| driver: ${LOG_DRIVER:-local} | ||
| restart: always | ||
|
|
||
| volumes: | ||
| companion-data: | ||
|
|
Oops, something went wrong.