diff --git a/.env.example b/.env.example index 9f05b4b..c6dace3 100644 --- a/.env.example +++ b/.env.example @@ -73,7 +73,10 @@ TRAEFIK_LOG_LEVEL= # If you want to run traefik non-privileged, use the following variable and the format [UID]:[GID] to set user and group of your choice. # Ensure that the user has access to docker.sock and traefik volumes defined in traefik/opencloud.yml #TRAEFIK_CONTAINER_UID_GID="1000:1000" - +# Configure ports for HTTP and HTTPS when necessary, defaults are 80 and 443 +# Don't use ports in the range of 8000-9999 and 5232 as those ports are used internally and therefore might create conflicts. +#TRAEFIK_PORT_HTTP=4080 +#TRAEFIK_PORT_HTTPS=4443 ## OpenCloud Settings ## # The opencloud container image. diff --git a/config/opencloud/csp.yaml b/config/opencloud/csp.yaml index 1616b5b..cde4b1e 100644 --- a/config/opencloud/csp.yaml +++ b/config/opencloud/csp.yaml @@ -4,10 +4,10 @@ directives: connect-src: - '''self''' - 'blob:' - - 'https://${COMPANION_DOMAIN|companion.opencloud.test}/' - - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}/' + - 'https://${COMPANION_DOMAIN|companion.opencloud.test}${TRAEFIK_PORT_HTTPS}/' + - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}${TRAEFIK_PORT_HTTPS}/' - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/' - - 'https://${IDP_DOMAIN|keycloak.opencloud.test}/' + - 'https://${IDP_DOMAIN|keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS}/' - 'https://update.opencloud.eu/' default-src: - '''none''' @@ -20,7 +20,7 @@ directives: - 'blob:' - 'https://embed.diagrams.net/' # In contrary to bash and docker the default is given after the | character - - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}${TRAEFIK_PORT_HTTPS}/' # This is needed for the external-sites web extension when embedding sites - 'https://docs.opencloud.eu' img-src: @@ -30,7 +30,7 @@ directives: - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/' - 'https://tile.openstreetmap.org/' # In contrary to bash and docker the default is given after the | character - - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}${TRAEFIK_PORT_HTTPS}/' manifest-src: - '''self''' media-src: @@ -41,7 +41,7 @@ directives: script-src: - '''self''' - '''unsafe-inline''' - - 'https://${IDP_DOMAIN|keycloak.opencloud.test}/' + - 'https://${IDP_DOMAIN|keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS}/' style-src: - '''self''' - '''unsafe-inline''' diff --git a/config/traefik/docker-entrypoint-override.sh b/config/traefik/docker-entrypoint-override.sh index 456a62d..6b2e49e 100644 --- a/config/traefik/docker-entrypoint-override.sh +++ b/config/traefik/docker-entrypoint-override.sh @@ -14,10 +14,10 @@ add_arg "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" # enable dashboard add_arg "--api.dashboard=true" # define entrypoints -add_arg "--entryPoints.http.address=:80" +add_arg "--entryPoints.http.address=:${TRAEFIK_PORT_HTTP:-80}" add_arg "--entryPoints.http.http.redirections.entryPoint.to=https" add_arg "--entryPoints.http.http.redirections.entryPoint.scheme=https" -add_arg "--entryPoints.https.address=:443" +add_arg "--entryPoints.https.address=:${TRAEFIK_PORT_HTTPS:-443}" # change default timeouts for long-running requests # this is needed for webdav clients that do not support the TUS protocol add_arg "--entryPoints.https.transport.respondingTimeouts.readTimeout=12h" diff --git a/docker-compose.yml b/docker-compose.yml index 79ac6ad..63f29a7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,7 +16,7 @@ services: environment: # enable services that are not started automatically OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES} - OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test} + OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} OC_LOG_LEVEL: ${LOG_LEVEL:-info} OC_LOG_COLOR: "${LOG_PRETTY:-false}" OC_LOG_PRETTY: "${LOG_PRETTY:-false}" diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index 4da9658..2f39ae0 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -23,9 +23,11 @@ services: - "TRAEFIK_ACME_CASERVER=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}" - "TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-ERROR}" - "TRAEFIK_ACCESS_LOG=${TRAEFIK_ACCESS_LOG:-false}" + - "TRAEFIK_PORT_HTTP=${TRAEFIK_PORT_HTTP:-80}" + - "TRAEFIK_PORT_HTTPS=${TRAEFIK_PORT_HTTPS:-443}" ports: - - "80:80" - - "443:443" + - "${TRAEFIK_PORT_HTTP:-80}:${TRAEFIK_PORT_HTTP:-80}" + - "${TRAEFIK_PORT_HTTPS:-443}:${TRAEFIK_PORT_HTTPS:-443}" volumes: - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro" - "./config/traefik/docker-entrypoint-override.sh:/opt/traefik/bin/docker-entrypoint-override.sh" diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index e744077..ce6e9bd 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -5,6 +5,7 @@ services: environment: # this is needed for setting the correct CSP header COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.opencloud.test} + TRAEFIK_PORT_HTTPS: ${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} # expose nats and the reva gateway for the collaboration service NATS_NATS_HOST: 0.0.0.0 GATEWAY_GRPC_ADDR: 0.0.0.0:9142 @@ -30,15 +31,15 @@ services: COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 MICRO_REGISTRY: "nats-js-kv" MICRO_REGISTRY_ADDRESS: "opencloud:9233" - COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test} + COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} COLLABORATION_APP_NAME: "CollaboraOnline" COLLABORATION_APP_PRODUCT: "Collabora" - COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test} - COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}/favicon.ico + COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} + COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}/favicon.ico COLLABORATION_APP_INSECURE: "${INSECURE:-true}" COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} - OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test} + OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} volumes: # configure the .env file to use own paths instead of docker internal volumes - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud @@ -52,15 +53,15 @@ services: networks: opencloud-net: environment: - aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}:443 + aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} DONT_GEN_SSL_CERT: "YES" extra_params: | --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \ --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \ --o:ssl.termination=true \ --o:welcome.enable=false \ - --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test} \ - --o:net.lok_allow.host[14]=${OC_DOMAIN-cloud.opencloud.test} \ + --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} \ + --o:net.lok_allow.host[14]=${OC_DOMAIN-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} \ --o:home_mode.enable=${COLLABORA_HOME_MODE:-false} username: ${COLLABORA_ADMIN_USER:-admin} password: ${COLLABORA_ADMIN_PASSWORD:-admin}