From 73fdc8a96a9e7dde22c45e8d2441f489ccc2a9e4 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Mon, 10 Nov 2025 13:58:55 +0100 Subject: [PATCH 01/16] fix: use apache/tika:slim by default --- .env.example | 6 +++++- README.md | 10 +++++++++- search/tika.yml | 5 ++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index 2e4c5ca..7fe06dc 100644 --- a/.env.example +++ b/.env.example @@ -175,7 +175,11 @@ START_ADDITIONAL_SERVICES="" # search/tika.yml or by using the following command: # docker compose -f docker-compose.yml -f search/tika.yml up -d # Set the desired docker image tag or digest. -# Defaults to "apache/tika:latest-full" +# Defaults to "apache/tika:slim" +# The slim variant is recommended for most use cases as it provides core text extraction +# functionality with a smaller image size and faster startup time. +# Only use the full variant (apache/tika:latest-full) if you need specialized features +# like advanced OCR or specific image processing capabilities. TIKA_IMAGE= ### IMPORTANT Note for Online Office Apps ### diff --git a/README.md b/README.md index 71b23c2..eb36b40 100644 --- a/README.md +++ b/README.md @@ -164,6 +164,14 @@ This setup includes: - Full text search functionality in the OpenCloud interface - Support for documents, PDFs, images, and other file types +**Tika Image Variant:** +By default, OpenCloud Compose uses `apache/tika:slim` which provides: +- Smaller image size (~300MB vs ~1.2GB for the full variant) +- Faster container startup and deployment +- Core text extraction functionality for common document formats (PDF, Office docs, text files, etc.) + +The slim variant is recommended for most use cases. If you need advanced features like specialized OCR processing or specific image format support, you can override the image by setting `TIKA_IMAGE=apache/tika:latest-full` in your `.env` file. + ### With Radicale Enable CalDAV (calendars, to-do lists) and CardDAV (contacts) server. @@ -335,7 +343,7 @@ Key variables: | `INSECURE` | Skip certificate validation | true | | `COLLABORA_DOMAIN` | Collabora domain | collabora.opencloud.test | | `WOPISERVER_DOMAIN` | WOPI server domain | wopiserver.opencloud.test | -| `TIKA_IMAGE` | Apache Tika image tag | apache/tika:latest-full | +| `TIKA_IMAGE` | Apache Tika image tag | apache/tika:slim | | `KEYCLOAK_DOMAIN` | Keycloak domain | keycloak.opencloud.test | | `KEYCLOAK_ADMIN` | Keycloak admin username | kcadmin | | `KEYCLOAK_ADMIN_PASSWORD` | Keycloak admin password | admin | diff --git a/search/tika.yml b/search/tika.yml index 081f287..418497b 100644 --- a/search/tika.yml +++ b/search/tika.yml @@ -1,7 +1,10 @@ --- services: tika: - image: ${TIKA_IMAGE:-apache/tika:latest-full} + image: ${TIKA_IMAGE:-apache/tika:slim} + # Using slim variant for smaller image size and faster startup + # The slim variant includes core functionality for text extraction + # Full variant is only needed for specialized OCR/image processing # release notes: https://tika.apache.org networks: opencloud-net: From 4d2ad78f6d607fe3827a154e4c5e94ec5b6a0f38 Mon Sep 17 00:00:00 2001 From: chillymattster <106633144+chillymattster@users.noreply.github.com> Date: Thu, 13 Nov 2025 21:26:55 +0100 Subject: [PATCH 02/16] feat: configure container uid and gid --- .env.example | 9 +++++++++ docker-compose.yml | 1 + radicale/radicale.yml | 1 + traefik/opencloud.yml | 1 + weboffice/collabora.yml | 1 + 5 files changed, 13 insertions(+) diff --git a/.env.example b/.env.example index 7a0e1f5..a7624ac 100644 --- a/.env.example +++ b/.env.example @@ -66,6 +66,10 @@ TRAEFIK_ACCESS_LOG= # Configure the log level for Traefik. # Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "PANIC". Default is "ERROR". TRAEFIK_LOG_LEVEL= +# The default for traefik is to run in privileged mode. +# If you want to run traefik non-privileged, use the following variable and the format [UID]:[GID] to set user and group of your choice. +# Ensure that the user has access to docker.sock and traefik volumes defined in traefik/opencloud.yml +#TRAEFIK_CONTAINER_UID_GID="1000:1000" ## OpenCloud Settings ## @@ -77,6 +81,11 @@ OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling # The openCloud container version. # Defaults to "latest" and points to the latest stable tag. OC_DOCKER_TAG= +# The default id used in opencloud containers is 1000 for user and group. +# If you want to change the default, use the following variable and the format [UID]:[GID]. +# The change affects all containers with access to data volumes. +# Ensure that the user has access to all volumes defined in docker-compose.yml +#OC_CONTAINER_UID_GID="1000:1000" # Domain of openCloud, where you can find the frontend. # Defaults to "cloud.opencloud.test" OC_DOMAIN= diff --git a/docker-compose.yml b/docker-compose.yml index 48438ec..07e0f14 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,7 @@ services: image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # release notes: https://docs.opencloud.eu/opencloud_release_notes.html + user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: entrypoint: diff --git a/radicale/radicale.yml b/radicale/radicale.yml index 6e0edd8..52667a1 100644 --- a/radicale/radicale.yml +++ b/radicale/radicale.yml @@ -6,6 +6,7 @@ services: - ./config/opencloud/proxy.yaml:/etc/opencloud/proxy.yaml radicale: image: ${RADICALE_DOCKER_IMAGE:-opencloudeu/radicale}:${RADICALE_DOCKER_TAG:-latest} + user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: logging: diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index 5117ab9..4da9658 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -11,6 +11,7 @@ services: traefik: image: traefik:v3 # release notes: https://github.com/traefik/traefik/releases + user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: opencloud-net: aliases: diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index ed01590..e744077 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -14,6 +14,7 @@ services: collaboration: image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} + user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: depends_on: From fc67954f7682d56448ace4f2e02b6b5072d3e8ae Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Tue, 18 Nov 2025 08:48:41 +0100 Subject: [PATCH 03/16] fix: tika image name --- .env.example | 4 ++-- search/tika.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.env.example b/.env.example index c639fc1..d846202 100644 --- a/.env.example +++ b/.env.example @@ -175,8 +175,8 @@ START_ADDITIONAL_SERVICES="" # search/tika.yml or by using the following command: # docker compose -f docker-compose.yml -f search/tika.yml up -d # Set the desired docker image tag or digest. -# Defaults to "apache/tika:slim" -# The slim variant is recommended for most use cases as it provides core text extraction +# Defaults to "apache/tika:latest" +# The base variant is recommended for most use cases as it provides core text extraction # functionality with a smaller image size and faster startup time. # Only use the full variant (apache/tika:latest-full) if you need specialized features # like advanced OCR or specific image processing capabilities. diff --git a/search/tika.yml b/search/tika.yml index 418497b..de3c0e6 100644 --- a/search/tika.yml +++ b/search/tika.yml @@ -1,9 +1,9 @@ --- services: tika: - image: ${TIKA_IMAGE:-apache/tika:slim} - # Using slim variant for smaller image size and faster startup - # The slim variant includes core functionality for text extraction + image: ${TIKA_IMAGE:-apache/tika:latest} + # Using the base variant for smaller image size and faster startup + # The base variant includes core functionality for text extraction # Full variant is only needed for specialized OCR/image processing # release notes: https://tika.apache.org networks: From 6b3a1e36e1f11943fea29e3fc0ae79121a0581a5 Mon Sep 17 00:00:00 2001 From: Anja Barz Date: Tue, 18 Nov 2025 10:42:53 +0100 Subject: [PATCH 04/16] Update README.md with latest and not small --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9ba7320..231a6e4 100644 --- a/README.md +++ b/README.md @@ -149,12 +149,12 @@ This setup includes: - Support for documents, PDFs, images, and other file types **Tika Image Variant:** -By default, OpenCloud Compose uses `apache/tika:slim` which provides: +By default, OpenCloud Compose uses `apache/tika:latest` which provides: - Smaller image size (~300MB vs ~1.2GB for the full variant) - Faster container startup and deployment - Core text extraction functionality for common document formats (PDF, Office docs, text files, etc.) -The slim variant is recommended for most use cases. If you need advanced features like specialized OCR processing or specific image format support, you can override the image by setting `TIKA_IMAGE=apache/tika:latest-full` in your `.env` file. +The base variant is recommended for most use cases. If you need advanced features like specialized OCR processing or specific image format support, you can override the image by setting `TIKA_IMAGE=apache/tika:latest-full` in your `.env` file. ### With Radicale From 39412c72975a90ab0491f0d466545198b39dfb9f Mon Sep 17 00:00:00 2001 From: Viktor Scharf Date: Wed, 19 Nov 2025 15:19:33 +0100 Subject: [PATCH 05/16] fix cert.yml-example --- .env.example | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.env.example b/.env.example index d846202..8d1db78 100644 --- a/.env.example +++ b/.env.example @@ -56,8 +56,11 @@ TRAEFIK_SERVICES_TLS_CONFIG="tls.certresolver=letsencrypt" # certificates: # - certFile: /certs/opencloud.test.crt # keyFile: /certs/opencloud.test.key -# stores: -# - default +# stores: +# default: +# defaultCertificate: +# certFile: /certs/opencloud.test.crt +# keyFile: /certs/opencloud.test.key # # The certificates need to be copied into ./certs/, the absolute path inside the container is /certs/. # You can also use TRAEFIK_CERTS_DIR=/path/on/host to set the path to the certificates directory. @@ -175,8 +178,8 @@ START_ADDITIONAL_SERVICES="" # search/tika.yml or by using the following command: # docker compose -f docker-compose.yml -f search/tika.yml up -d # Set the desired docker image tag or digest. -# Defaults to "apache/tika:latest" -# The base variant is recommended for most use cases as it provides core text extraction +# Defaults to "apache/tika:slim" +# The slim variant is recommended for most use cases as it provides core text extraction # functionality with a smaller image size and faster startup time. # Only use the full variant (apache/tika:latest-full) if you need specialized features # like advanced OCR or specific image processing capabilities. From 8c963015232042d298c5fd0d6427b9a8a4080cbb Mon Sep 17 00:00:00 2001 From: Viktor Scharf Date: Wed, 19 Nov 2025 16:21:42 +0100 Subject: [PATCH 06/16] fix --- .env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.example b/.env.example index 8d1db78..28bf82f 100644 --- a/.env.example +++ b/.env.example @@ -178,7 +178,7 @@ START_ADDITIONAL_SERVICES="" # search/tika.yml or by using the following command: # docker compose -f docker-compose.yml -f search/tika.yml up -d # Set the desired docker image tag or digest. -# Defaults to "apache/tika:slim" +# Defaults to "apache/tika:latest" # The slim variant is recommended for most use cases as it provides core text extraction # functionality with a smaller image size and faster startup time. # Only use the full variant (apache/tika:latest-full) if you need specialized features From 6a5950da3620210e3cab2e98d6d34bd66714757d Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Thu, 20 Nov 2025 10:35:37 +0100 Subject: [PATCH 07/16] fix: bind ports on localhost for external proxy --- external-proxy/collabora.yml | 8 ++++---- external-proxy/keycloak.yml | 5 +++-- external-proxy/opencloud.yml | 4 ++-- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/external-proxy/collabora.yml b/external-proxy/collabora.yml index 3a16c43..6458c5e 100644 --- a/external-proxy/collabora.yml +++ b/external-proxy/collabora.yml @@ -2,9 +2,9 @@ services: collaboration: ports: - # expose the wopi server - - "9300:9300" + # expose the wopi server on localhost + - "127.0.0.1:9300:9300" collabora: ports: - # expose the collabora server - - "9980:9980" + # expose the collabora server on localhost + - "127.0.0.1:9980:9980" diff --git a/external-proxy/keycloak.yml b/external-proxy/keycloak.yml index 8f59ca0..26ac502 100644 --- a/external-proxy/keycloak.yml +++ b/external-proxy/keycloak.yml @@ -2,5 +2,6 @@ services: keycloak: ports: - - "9000:9000" - - "8080:8080" + # expose the keycloak server on localhost + - "127.0.0.1:9000:9000" + - "127.0.0.1:8080:8080" diff --git a/external-proxy/opencloud.yml b/external-proxy/opencloud.yml index 121c51d..87fb07e 100644 --- a/external-proxy/opencloud.yml +++ b/external-proxy/opencloud.yml @@ -5,5 +5,5 @@ services: # bind to all interfaces PROXY_HTTP_ADDR: "0.0.0.0:9200" ports: - # expose the opencloud server - - "9200:9200" + # expose the opencloud server on localhost + - "127.0.0.1:9200:9200" From 13e076b30567aa65fe44afabfc20d206c240d5e9 Mon Sep 17 00:00:00 2001 From: Alexander Ackermann Date: Thu, 20 Nov 2025 13:45:08 +0100 Subject: [PATCH 08/16] feat: enable check for updates flag --- .env.example | 5 ++++- docker-compose.yml | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index d846202..357a1a1 100644 --- a/.env.example +++ b/.env.example @@ -93,6 +93,9 @@ DEMO_USERS= # After the first initialization, the admin password can only be changed via the OpenCloud User Settings UI or by using the OpenCloud CLI. # Documentation: https://docs.opencloud.eu/docs/admin/resources/common-issues#-change-admin-password-set-in-env INITIAL_ADMIN_PASSWORD= +# Whether clients should check for updates. +# Defaults to "true". +CHECK_FOR_UPDATES= # Define the openCloud loglevel used. # LOG_LEVEL= @@ -209,7 +212,7 @@ COLLABORA_SSL_ENABLE=false # Please comment out the following line: COLLABORA_SSL_VERIFICATION=false # Enable home mode in Collabore Online. -# Home users can enable this setting, which in turn disables welcome screen and user feedback popups, +# Home users can enable this setting, which in turn disables welcome screen and user feedback popups, # but also limits concurrent open connections to 20 and concurrent open documents to 10. # Default is false if not specified. COLLABORA_HOME_MODE= diff --git a/docker-compose.yml b/docker-compose.yml index 48438ec..e95683c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -39,6 +39,7 @@ services: NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}" NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}" FRONTEND_ARCHIVER_MAX_SIZE: "10000000000" + FRONTEND_CHECK_FOR_UPDATES: "${CHECK_FOR_UPDATES:-true}" PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml # enable to allow using the banned passwords list OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt From 0e35e4d6b9d6f084ae2ba174387360329b0afacb Mon Sep 17 00:00:00 2001 From: kellergoech <38539019+kellergoech@users.noreply.github.com> Date: Fri, 21 Nov 2025 17:27:18 +0100 Subject: [PATCH 09/16] add collabora exposed --- external-proxy/collabora-exposed.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 external-proxy/collabora-exposed.yml diff --git a/external-proxy/collabora-exposed.yml b/external-proxy/collabora-exposed.yml new file mode 100644 index 0000000..2c5fd24 --- /dev/null +++ b/external-proxy/collabora-exposed.yml @@ -0,0 +1,11 @@ +--- +# only expose the ports when you know what you are doing! +services: + collaboration: + ports: + # expose the wopi server on localhost + - "0.0.0.0:9300:9300" + collabora: + ports: + # expose the collabora server on localhost + - "0.0.0.0:9980:9980" From df7dfc0a02589bc45f2babe22653ce50e60b8cdb Mon Sep 17 00:00:00 2001 From: kellergoech <38539019+kellergoech@users.noreply.github.com> Date: Fri, 21 Nov 2025 17:29:01 +0100 Subject: [PATCH 10/16] Create keycloak-exposed.yml for service ports Add Keycloak service configuration with exposed ports --- external-proxy/keycloak-exposed.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 external-proxy/keycloak-exposed.yml diff --git a/external-proxy/keycloak-exposed.yml b/external-proxy/keycloak-exposed.yml new file mode 100644 index 0000000..ae8a2d4 --- /dev/null +++ b/external-proxy/keycloak-exposed.yml @@ -0,0 +1,8 @@ +--- +# only expose the ports when you know what you re doing! +services: + keycloak: + ports: + # expose the keycloak server on localhost + - "0.0.0.0:9000:9000" + - "0.0.0.0:8080:8080" From 0d389800b56867198131bb2be23c5d154724b50d Mon Sep 17 00:00:00 2001 From: kellergoech <38539019+kellergoech@users.noreply.github.com> Date: Fri, 21 Nov 2025 17:29:55 +0100 Subject: [PATCH 11/16] Create opencloud-exposed.yml for service exposure Add configuration to expose OpenCloud service on port 9200 --- external-proxy/opencloud-exposed.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 external-proxy/opencloud-exposed.yml diff --git a/external-proxy/opencloud-exposed.yml b/external-proxy/opencloud-exposed.yml new file mode 100644 index 0000000..7ead6ee --- /dev/null +++ b/external-proxy/opencloud-exposed.yml @@ -0,0 +1,10 @@ +--- +# only expose the ports when you know what you are doing! +services: + opencloud: + environment: + # bind to all interfaces + PROXY_HTTP_ADDR: "0.0.0.0:9200" + ports: + # expose the opencloud server on localhost + - "0.0.0.0:9200:9200" From dede740c0ef99bec1aa54c76698eab61b220a34d Mon Sep 17 00:00:00 2001 From: kellergoech <38539019+kellergoech@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:12:47 +0100 Subject: [PATCH 12/16] Update description collabora-exposed.yml --- external-proxy/collabora-exposed.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/external-proxy/collabora-exposed.yml b/external-proxy/collabora-exposed.yml index 2c5fd24..d72e8ab 100644 --- a/external-proxy/collabora-exposed.yml +++ b/external-proxy/collabora-exposed.yml @@ -3,9 +3,9 @@ services: collaboration: ports: - # expose the wopi server on localhost + # expose the wopi server on all ports - "0.0.0.0:9300:9300" collabora: ports: - # expose the collabora server on localhost + # expose the collabora server on all ports - "0.0.0.0:9980:9980" From 4e4fe65a9786e787428f20162539b130525ef7ff Mon Sep 17 00:00:00 2001 From: kellergoech <38539019+kellergoech@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:13:15 +0100 Subject: [PATCH 13/16] Update description keycloak-exposed.yml --- external-proxy/keycloak-exposed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external-proxy/keycloak-exposed.yml b/external-proxy/keycloak-exposed.yml index ae8a2d4..7b32b03 100644 --- a/external-proxy/keycloak-exposed.yml +++ b/external-proxy/keycloak-exposed.yml @@ -3,6 +3,6 @@ services: keycloak: ports: - # expose the keycloak server on localhost + # expose the keycloak server on all ports - "0.0.0.0:9000:9000" - "0.0.0.0:8080:8080" From cfd356a155f9b4d43ba1dd404a01a35f4596b58c Mon Sep 17 00:00:00 2001 From: kellergoech <38539019+kellergoech@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:13:49 +0100 Subject: [PATCH 14/16] Update description opencloud-exposed.yml --- external-proxy/opencloud-exposed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external-proxy/opencloud-exposed.yml b/external-proxy/opencloud-exposed.yml index 7ead6ee..8e28f5c 100644 --- a/external-proxy/opencloud-exposed.yml +++ b/external-proxy/opencloud-exposed.yml @@ -6,5 +6,5 @@ services: # bind to all interfaces PROXY_HTTP_ADDR: "0.0.0.0:9200" ports: - # expose the opencloud server on localhost + # expose the opencloud server on all interfaces - "0.0.0.0:9200:9200" From eca5b1117eeef6ad9b85aa753e96723dc04ae730 Mon Sep 17 00:00:00 2001 From: kellergoech <38539019+kellergoech@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:14:10 +0100 Subject: [PATCH 15/16] Update keycloak-exposed.yml --- external-proxy/keycloak-exposed.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external-proxy/keycloak-exposed.yml b/external-proxy/keycloak-exposed.yml index 7b32b03..725c7c9 100644 --- a/external-proxy/keycloak-exposed.yml +++ b/external-proxy/keycloak-exposed.yml @@ -3,6 +3,6 @@ services: keycloak: ports: - # expose the keycloak server on all ports + # expose the keycloak server on all interfaces - "0.0.0.0:9000:9000" - "0.0.0.0:8080:8080" From 8d8b8dfc737d659f40fc7e032786c3715be418a8 Mon Sep 17 00:00:00 2001 From: kellergoech <38539019+kellergoech@users.noreply.github.com> Date: Sat, 22 Nov 2025 07:14:32 +0100 Subject: [PATCH 16/16] Update collabora-exposed.yml --- external-proxy/collabora-exposed.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/external-proxy/collabora-exposed.yml b/external-proxy/collabora-exposed.yml index d72e8ab..a6bb388 100644 --- a/external-proxy/collabora-exposed.yml +++ b/external-proxy/collabora-exposed.yml @@ -3,9 +3,9 @@ services: collaboration: ports: - # expose the wopi server on all ports + # expose the wopi server on all interfaces - "0.0.0.0:9300:9300" collabora: ports: - # expose the collabora server on all ports + # expose the collabora server on all interfaces - "0.0.0.0:9980:9980"