From 8e2227060815721b2e3bb4a97fa773c3fb6f50c4 Mon Sep 17 00:00:00 2001
From: Willy Kloucek <wkloucek@owncloud.com>
Date: Tue, 5 Jan 2021 19:50:26 +0100
Subject: [PATCH 1/2] rework basic remot setup

---
 docs/ocis/deployment/basic-remote-setup.md | 90 +++++-----------------
 docs/ocis/release_roadmap.md               |  2 -
 ocis/Makefile                              |  1 +
 3 files changed, 21 insertions(+), 72 deletions(-)

diff --git a/docs/ocis/deployment/basic-remote-setup.md b/docs/ocis/deployment/basic-remote-setup.md
index f335e8d1f20..4606453e7e2 100644
--- a/docs/ocis/deployment/basic-remote-setup.md
+++ b/docs/ocis/deployment/basic-remote-setup.md
@@ -9,94 +9,44 @@ geekdocFilePath: basic-remote-setup.md
 
 {{< toc >}}
 
-Out of the box the oCIS single binary and the `owncloud/ocis` docker image are configured to run on localhost for quick testing and development.
+The default configuration of the oCIS binary and the `owncloud/ocis` docker image assume, that you access oCIS on `localhost`. This enables you to do quick testing and development without any configuration.
 
-If you need to access oCIS on a VM or a remote machine e.g. when testing a mobile client you need to configure oCIS to run on a different host.
+If you need to access oCIS running in a docker container, on a VM or a remote machine via an other hostname than `localhost`, you need to configure this hostname in oCIS. The same applies if you are not using hostnames but instead an IP (eg. `192.168.178.25`).
 
-## Use the binary
+## Start the oCIS fullstack server from binary
 
-If you start the oCIS fullstack for the first time with `./bin/ocis server` it will generate a file `identifier-registration.yml` in the config folder relative to its location. This file is used to configure the clients for the built-in Identity Provider.
+Upon first start of the oCIS fullstack server with `./bin/ocis server` it will generate a file `identifier-registration.yml` in the config folder in your current working directory. This file is used to configure the clients for the built-in identity provider.
 
 {{< hint warning >}}
-**Outdated version**\
-The `identifier-registration.yml` file will only be generated if there is no such file in place. You could miss updates on this file. Run `make clean` to delete the file and keep the development environment tidy otherwise as well.
+The `identifier-registration.yml` file will only be generated if does not exist. If you want to change certain environment variables like `OCIS_URL`, please delete this file first before doing so. Otherwise your changes will not be applied correctly and you will run into errors.
 {{< /hint >}}
 
-### Add your hostname to the idp config
-
-Let us assume `your-host` is your remote domain name or IP address. Add your host to the `identifier-registration.yml` like this:
-
-```yaml {linenos=table,hl_lines=["15-17",21]}
-# OpenID Connect client registry.
-clients:
-  - id: web
-    name: ownCloud web app
-    application_type: web
-    insecure: yes
-    trusted: yes
-    redirect_uris:
-      - http://localhost:9100/
-      - http://localhost:9100/oidc-callback.html
-      - http://localhost:9100/oidc-silent-redirect.html
-      - https://localhost:9200/
-      - https://localhost:9200/oidc-callback.html
-      - https://localhost:9200/oidc-silent-redirect.html
-      - https://your-server:9200/
-      - https://your-server:9200/oidc-callback.html
-      - https://your-server:9200/oidc-silent-redirect.html
-    origins:
-      - http://localhost:9100
-      - https://localhost:9200
-      - https://your-server:9200
-```
-
-In this example we do not change the default port (`9200`). But this could be changed to another port.
-
-### Start the oCIS fullstack server
+For the following examples you need to have the oCIS binary in your current working directory, we assume it is named `ocis` and it needs to be marked as executable. See [Getting Started]({{< ref "../getting-started/#binaries" >}}) for where to get the binary from.
 
-You need to configure `your-host` in some services to provide the needed public resources.
+### Using automatically generated certificates
 
-This snippet will start the oCIS server with auto generated self signed certificates:
+In order to run oCIS with automatically generated and self signed certificates please execute following command. You need to replace `your-host` with an IP or hostname you are in control of.
 
 ```bash
 PROXY_HTTP_ADDR=0.0.0.0:9200 \
-OCIS_URL=https://your-server:9200 \
-KONNECTD_TLS=0 \
-PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \
-PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
-IDP_TLS=0 \
-./bin/ocis server
+OCIS_URL=https://your-host:9200 \
+./ocis server
 ```
 
-For more configuration options check the configuration section in [ocis](https://owncloud.github.io/ocis/configuration/) and every oCIS extension.
+### Using already present certificates
 
-{{< hint info >}}
-**TLS Certificate**\
-If you have a CA signed certificate for your domain, add the following configurations:
-```
+If you have your own certificates already in place, you may want to make oCIS use them:
+
+```bash
+PROXY_HTTP_ADDR=0.0.0.0:9200 \
+OCIS_URL=https://your-host:9200 \
 PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \
 PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
+./ocis server
 ```
-{{< /hint >}}
-
-## Use Docker Compose
-
-We are using our [docker compose playground](https://github.com/owncloud-docker/compose-playground) as a repository to share snippets that make our test setups easier and more aligned.
-
-You can start oCIS with docker very easily on a different host using this snippet.
 
-Let us assume your local IP is `192.168.103.195`
+For more configuration options check the configuration section in [oCIS](https://owncloud.github.io/ocis/configuration/) and the oCIS extensions.
 
-```bash
-git clone https://github.com/owncloud-docker/compose-playground.git
-cd compose-playground/compose/ocis
-
-sed -i -e 's/your-url/192.168.103.195/g' config/identifier-registration.yml
+## Start the oCIS fullstack server with Docker Compose
 
-cat << EOF > .env
-OCIS_URL=https://192.168.103.195
-OCIS_DOCKER_TAG=latest
-EOF
-
-curl -k https://192.168.103.195:9200/status.php
-```
+Please have a look at our other [deployment examples]({{< ref "./_index.md" >}}).
diff --git a/docs/ocis/release_roadmap.md b/docs/ocis/release_roadmap.md
index de8b850455c..6917db00d3e 100644
--- a/docs/ocis/release_roadmap.md
+++ b/docs/ocis/release_roadmap.md
@@ -7,8 +7,6 @@ geekdocEditPath: edit/master/docs/ocis
 geekdocFilePath: release_roadmap.md
 ---
 
-# Release Roadmap
-
 You may have asked yourself why there are major version 1 tags in our GitHub repository but the readme still states `ownCloud Infinite Scale is currently in a technical preview state. It will be subject to a lot of changes and is not yet ready for general production deployments.`. How can that be if its a major version 1?
 
 Our initial and also our current plan is to stick to SemVer as versioning scheme. But sometimes there are other factors which cross your plans. Therefore we started releasing oCIS with version `1.0.0 Tech Preview`.
diff --git a/ocis/Makefile b/ocis/Makefile
index e64ae29c64d..b789191b776 100644
--- a/ocis/Makefile
+++ b/ocis/Makefile
@@ -73,6 +73,7 @@ go-mod-tidy:
 .PHONY: clean-config
 clean-config:
 	rm -rf $(CONFIG)
+	rm -rf ldap.crt ldap.key server.crt server.key
 
 .PHONY: fmt
 fmt: ## fmt

From cf4f84708a7a905f64ef5e69284bb8f27933af39 Mon Sep 17 00:00:00 2001
From: Willy Kloucek <wkloucek@owncloud.com>
Date: Mon, 8 Feb 2021 08:41:53 +0100
Subject: [PATCH 2/2] include feedback from PR

---
 docs/ocis/deployment/basic-remote-setup.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/ocis/deployment/basic-remote-setup.md b/docs/ocis/deployment/basic-remote-setup.md
index 4606453e7e2..b28d30f7c29 100644
--- a/docs/ocis/deployment/basic-remote-setup.md
+++ b/docs/ocis/deployment/basic-remote-setup.md
@@ -15,7 +15,7 @@ If you need to access oCIS running in a docker container, on a VM or a remote ma
 
 ## Start the oCIS fullstack server from binary
 
-Upon first start of the oCIS fullstack server with `./bin/ocis server` it will generate a file `identifier-registration.yml` in the config folder in your current working directory. This file is used to configure the clients for the built-in identity provider.
+Upon first start of the oCIS fullstack server with `./bin/ocis server` it will generate a file `identifier-registration.yml` in the config folder in your current working directory. This file is used to configure the built-in identity provider and therefore contains the OpenID Connect issuer and also information about relying parties, for example ownCloud Web and our desktop and mobile applications.
 
 {{< hint warning >}}
 The `identifier-registration.yml` file will only be generated if does not exist. If you want to change certain environment variables like `OCIS_URL`, please delete this file first before doing so. Otherwise your changes will not be applied correctly and you will run into errors.
@@ -25,7 +25,7 @@ For the following examples you need to have the oCIS binary in your current work
 
 ### Using automatically generated certificates
 
-In order to run oCIS with automatically generated and self signed certificates please execute following command. You need to replace `your-host` with an IP or hostname you are in control of.
+In order to run oCIS with automatically generated and self signed certificates please execute following command. You need to replace `your-host` with an IP or hostname.
 
 ```bash
 PROXY_HTTP_ADDR=0.0.0.0:9200 \