diff --git a/.env.example b/.env.example index 5c5ad9a..c6dace3 100644 --- a/.env.example +++ b/.env.example @@ -56,8 +56,11 @@ TRAEFIK_SERVICES_TLS_CONFIG="tls.certresolver=letsencrypt" # certificates: # - certFile: /certs/opencloud.test.crt # keyFile: /certs/opencloud.test.key -# stores: -# - default +# stores: +# default: +# defaultCertificate: +# certFile: /certs/opencloud.test.crt +# keyFile: /certs/opencloud.test.key # # The certificates need to be copied into ./certs/, the absolute path inside the container is /certs/. # You can also use TRAEFIK_CERTS_DIR=/path/on/host to set the path to the certificates directory. @@ -66,12 +69,15 @@ TRAEFIK_ACCESS_LOG= # Configure the log level for Traefik. # Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "PANIC". Default is "ERROR". TRAEFIK_LOG_LEVEL= +# The default for traefik is to run in privileged mode. +# If you want to run traefik non-privileged, use the following variable and the format [UID]:[GID] to set user and group of your choice. +# Ensure that the user has access to docker.sock and traefik volumes defined in traefik/opencloud.yml +#TRAEFIK_CONTAINER_UID_GID="1000:1000" # Configure ports for HTTP and HTTPS when necessary, defaults are 80 and 443 # Don't use ports in the range of 8000-9999 and 5232 as those ports are used internally and therefore might create conflicts. #TRAEFIK_PORT_HTTP=4080 #TRAEFIK_PORT_HTTPS=4443 - ## OpenCloud Settings ## # The opencloud container image. # For production releases: "opencloudeu/opencloud" @@ -81,6 +87,11 @@ OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling # The openCloud container version. # Defaults to "latest" and points to the latest stable tag. OC_DOCKER_TAG= +# The default id used in opencloud containers is 1000 for user and group. +# If you want to change the default, use the following variable and the format [UID]:[GID]. +# The change affects all containers with access to data volumes. +# Ensure that the user has access to all volumes defined in docker-compose.yml +#OC_CONTAINER_UID_GID="1000:1000" # Domain of openCloud, where you can find the frontend. # Defaults to "cloud.opencloud.test" OC_DOMAIN= @@ -97,6 +108,9 @@ DEMO_USERS= # After the first initialization, the admin password can only be changed via the OpenCloud User Settings UI or by using the OpenCloud CLI. # Documentation: https://docs.opencloud.eu/docs/admin/resources/common-issues#-change-admin-password-set-in-env INITIAL_ADMIN_PASSWORD= +# Whether clients should check for updates. +# Defaults to "true". +CHECK_FOR_UPDATES= # Define the openCloud loglevel used. # LOG_LEVEL= @@ -179,7 +193,11 @@ START_ADDITIONAL_SERVICES="" # search/tika.yml or by using the following command: # docker compose -f docker-compose.yml -f search/tika.yml up -d # Set the desired docker image tag or digest. -# Defaults to "apache/tika:latest-full" +# Defaults to "apache/tika:latest" +# The slim variant is recommended for most use cases as it provides core text extraction +# functionality with a smaller image size and faster startup time. +# Only use the full variant (apache/tika:latest-full) if you need specialized features +# like advanced OCR or specific image processing capabilities. TIKA_IMAGE= ### IMPORTANT Note for Online Office Apps ### @@ -209,7 +227,7 @@ COLLABORA_SSL_ENABLE=false # Please comment out the following line: COLLABORA_SSL_VERIFICATION=false # Enable home mode in Collabore Online. -# Home users can enable this setting, which in turn disables welcome screen and user feedback popups, +# Home users can enable this setting, which in turn disables welcome screen and user feedback popups, # but also limits concurrent open connections to 20 and concurrent open documents to 10. # Default is false if not specified. COLLABORA_HOME_MODE= diff --git a/README.md b/README.md index eb8e1c4..231a6e4 100644 --- a/README.md +++ b/README.md @@ -148,6 +148,14 @@ This setup includes: - Full text search functionality in the OpenCloud interface - Support for documents, PDFs, images, and other file types +**Tika Image Variant:** +By default, OpenCloud Compose uses `apache/tika:latest` which provides: +- Smaller image size (~300MB vs ~1.2GB for the full variant) +- Faster container startup and deployment +- Core text extraction functionality for common document formats (PDF, Office docs, text files, etc.) + +The base variant is recommended for most use cases. If you need advanced features like specialized OCR processing or specific image format support, you can override the image by setting `TIKA_IMAGE=apache/tika:latest-full` in your `.env` file. + ### With Radicale Enable CalDAV (calendars, to-do lists) and CardDAV (contacts) server. @@ -338,7 +346,7 @@ Key variables: | `INSECURE` | Skip certificate validation | true | | `COLLABORA_DOMAIN` | Collabora domain | collabora.opencloud.test | | `WOPISERVER_DOMAIN` | WOPI server domain | wopiserver.opencloud.test | -| `TIKA_IMAGE` | Apache Tika image tag | apache/tika:latest-full | +| `TIKA_IMAGE` | Apache Tika image tag | apache/tika:slim | | `KEYCLOAK_DOMAIN` | Keycloak domain | keycloak.opencloud.test | | `KEYCLOAK_ADMIN` | Keycloak admin username | kcadmin | | `KEYCLOAK_ADMIN_PASSWORD` | Keycloak admin password | admin | diff --git a/docker-compose.yml b/docker-compose.yml index aa00fd2..63f29a7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,7 @@ services: image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # release notes: https://docs.opencloud.eu/opencloud_release_notes.html + user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: entrypoint: @@ -39,6 +40,7 @@ services: NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}" NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}" FRONTEND_ARCHIVER_MAX_SIZE: "10000000000" + FRONTEND_CHECK_FOR_UPDATES: "${CHECK_FOR_UPDATES:-true}" PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml # enable to allow using the banned passwords list OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt diff --git a/external-proxy/collabora-exposed.yml b/external-proxy/collabora-exposed.yml new file mode 100644 index 0000000..a6bb388 --- /dev/null +++ b/external-proxy/collabora-exposed.yml @@ -0,0 +1,11 @@ +--- +# only expose the ports when you know what you are doing! +services: + collaboration: + ports: + # expose the wopi server on all interfaces + - "0.0.0.0:9300:9300" + collabora: + ports: + # expose the collabora server on all interfaces + - "0.0.0.0:9980:9980" diff --git a/external-proxy/collabora.yml b/external-proxy/collabora.yml index 3a16c43..6458c5e 100644 --- a/external-proxy/collabora.yml +++ b/external-proxy/collabora.yml @@ -2,9 +2,9 @@ services: collaboration: ports: - # expose the wopi server - - "9300:9300" + # expose the wopi server on localhost + - "127.0.0.1:9300:9300" collabora: ports: - # expose the collabora server - - "9980:9980" + # expose the collabora server on localhost + - "127.0.0.1:9980:9980" diff --git a/external-proxy/keycloak-exposed.yml b/external-proxy/keycloak-exposed.yml new file mode 100644 index 0000000..725c7c9 --- /dev/null +++ b/external-proxy/keycloak-exposed.yml @@ -0,0 +1,8 @@ +--- +# only expose the ports when you know what you re doing! +services: + keycloak: + ports: + # expose the keycloak server on all interfaces + - "0.0.0.0:9000:9000" + - "0.0.0.0:8080:8080" diff --git a/external-proxy/keycloak.yml b/external-proxy/keycloak.yml index 8f59ca0..26ac502 100644 --- a/external-proxy/keycloak.yml +++ b/external-proxy/keycloak.yml @@ -2,5 +2,6 @@ services: keycloak: ports: - - "9000:9000" - - "8080:8080" + # expose the keycloak server on localhost + - "127.0.0.1:9000:9000" + - "127.0.0.1:8080:8080" diff --git a/external-proxy/opencloud-exposed.yml b/external-proxy/opencloud-exposed.yml new file mode 100644 index 0000000..8e28f5c --- /dev/null +++ b/external-proxy/opencloud-exposed.yml @@ -0,0 +1,10 @@ +--- +# only expose the ports when you know what you are doing! +services: + opencloud: + environment: + # bind to all interfaces + PROXY_HTTP_ADDR: "0.0.0.0:9200" + ports: + # expose the opencloud server on all interfaces + - "0.0.0.0:9200:9200" diff --git a/external-proxy/opencloud.yml b/external-proxy/opencloud.yml index 121c51d..87fb07e 100644 --- a/external-proxy/opencloud.yml +++ b/external-proxy/opencloud.yml @@ -5,5 +5,5 @@ services: # bind to all interfaces PROXY_HTTP_ADDR: "0.0.0.0:9200" ports: - # expose the opencloud server - - "9200:9200" + # expose the opencloud server on localhost + - "127.0.0.1:9200:9200" diff --git a/radicale/radicale.yml b/radicale/radicale.yml index 6e0edd8..52667a1 100644 --- a/radicale/radicale.yml +++ b/radicale/radicale.yml @@ -6,6 +6,7 @@ services: - ./config/opencloud/proxy.yaml:/etc/opencloud/proxy.yaml radicale: image: ${RADICALE_DOCKER_IMAGE:-opencloudeu/radicale}:${RADICALE_DOCKER_TAG:-latest} + user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: logging: diff --git a/search/tika.yml b/search/tika.yml index 081f287..de3c0e6 100644 --- a/search/tika.yml +++ b/search/tika.yml @@ -1,7 +1,10 @@ --- services: tika: - image: ${TIKA_IMAGE:-apache/tika:latest-full} + image: ${TIKA_IMAGE:-apache/tika:latest} + # Using the base variant for smaller image size and faster startup + # The base variant includes core functionality for text extraction + # Full variant is only needed for specialized OCR/image processing # release notes: https://tika.apache.org networks: opencloud-net: diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index 3e9efda..16b5997 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -11,6 +11,7 @@ services: traefik: image: traefik:v3 # release notes: https://github.com/traefik/traefik/releases + user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: opencloud-net: aliases: diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index d623860..b702a60 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -15,6 +15,7 @@ services: collaboration: image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} + user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: depends_on: