lyra_phasma/opencloud-compose
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud-compose.git synced 2026-06-08 20:20:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: lyra_phasma:270374d9e1ec40c6eb6e4447e02ad12568134c38
Branches Tags
lyra_phasma:main lyra_phasma:renovate/main-collabora-code-26.x lyra_phasma:renovate/main-traefik-3.x lyra_phasma:renovate/main-opencloudeu-opencloud-rolling-7.x lyra_phasma:stable-4.0 lyra_phasma:fix-slow-jailkit lyra_phasma:update-traefik-3.6.7 lyra_phasma:web/issues/1893 lyra_phasma:add-default-language-to-docker-compose.yaml lyra_phasma:setWritableShareFalse lyra_phasma:revert-175-fix-collabora-server-audit-slow-kit lyra_phasma:fix-collabora-server-audit-slow-kit lyra_phasma:issue/165 lyra_phasma:fix-cert.yml-example lyra_phasma:fix-tika-image lyra_phasma:bump-maps-1.0.2 lyra_phasma:mount-local-fonts-to-collabora lyra_phasma:fix-secure-view lyra_phasma:add_minio lyra_phasma:web/704 lyra_phasma:refactor-collaboration lyra_phasma:add-update-server-to-csp.yaml lyra_phasma:pin_postgres_version lyra_phasma:move_production_to_docs lyra_phasma:enable-ocm lyra_phasma:setDefaultAdminPass lyra_phasma:keycloak-26 lyra_phasma:bump-collabora-to-25.04.4.2.1 lyra_phasma:disable-dcr lyra_phasma:admin-password lyra_phasma:add-custom-js-to-keycloak-oc-design
..
compare: lyra_phasma:update-traefik-3.6.7
Branches Tags
lyra_phasma:main lyra_phasma:renovate/main-collabora-code-26.x lyra_phasma:renovate/main-traefik-3.x lyra_phasma:renovate/main-opencloudeu-opencloud-rolling-7.x lyra_phasma:stable-4.0 lyra_phasma:fix-slow-jailkit lyra_phasma:update-traefik-3.6.7 lyra_phasma:web/issues/1893 lyra_phasma:add-default-language-to-docker-compose.yaml lyra_phasma:setWritableShareFalse lyra_phasma:revert-175-fix-collabora-server-audit-slow-kit lyra_phasma:fix-collabora-server-audit-slow-kit lyra_phasma:issue/165 lyra_phasma:fix-cert.yml-example lyra_phasma:fix-tika-image lyra_phasma:bump-maps-1.0.2 lyra_phasma:mount-local-fonts-to-collabora lyra_phasma:fix-secure-view lyra_phasma:add_minio lyra_phasma:web/704 lyra_phasma:refactor-collaboration lyra_phasma:add-update-server-to-csp.yaml lyra_phasma:pin_postgres_version lyra_phasma:move_production_to_docs lyra_phasma:enable-ocm lyra_phasma:setDefaultAdminPass lyra_phasma:keycloak-26 lyra_phasma:bump-collabora-to-25.04.4.2.1 lyra_phasma:disable-dcr lyra_phasma:admin-password lyra_phasma:add-custom-js-to-keycloak-oc-design

1 Commits
270374d9e1 ... update-tra

Author SHA1 Message Date
Alexander Ackermann
3873623f4b chore: bump traefik to 3.6.7 2026-02-02 09:57:57 +01:00
10 changed files with 17 additions and 115 deletions
Expand all files Collapse all files

31
.env.example
View File

@@ -85,7 +85,7 @@ TRAEFIK_LOG_LEVEL=
# Defaults to production if not set otherwise
OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling
# The openCloud container version.
# Defaults to the latest version-tag. Use git pull to update.
# Defaults to "latest" and points to the latest stable tag.
OC_DOCKER_TAG=
# The default id used in opencloud containers is 1000 for user and group.
# If you want to change the default, use the following variable and the format [UID]:[GID].
@@ -313,23 +313,6 @@ IDP_DOMAIN=
IDP_ISSUER_URL=
# Url of the account edit page from your Identity Provider.
IDP_ACCOUNT_URL=
# Global Client ID: You can override this by specifying a custom client ID, or leave it blank to use the OC defaults, as described in the documentation
#OC_OIDC_CLIENT_ID=
# Declares which property should be used for the oidc claim
# Example: "roles"
PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM=
# Defines the OIDC client scope
# Example: "openid profile email roles"
OC_OIDC_CLIENT_SCOPES=
# Client specific environment vars
#WEBFINGER_WEB_OIDC_CLIENT_ID=
#WEBFINGER_WEB_OIDC_CLIENT_SCOPES=
#WEBFINGER_IOS_OIDC_CLIENT_ID=
#WEBFINGER_IOS_OIDC_CLIENT_SCOPES=
#WEBFINGER_ANDROID_OIDC_CLIENT_ID=
#WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES=
#WEBFINGER_DESKTOP_OIDC_CLIENT_ID=
#WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES=
## Shared User Directory Mode ##
# Use together with idm/ldap-keycloak.yml and traefik/ldap-keycloak.yml
@@ -347,18 +330,6 @@ KC_DB_USERNAME=
# Keycloak Database password. Defaults to "keycloak".
KC_DB_PASSWORD=
## Demo Users ##
# Enable demo users and groups in the shared LDAP directory.
# To enable, create custom/ldap-keycloak-demo-users.yml with:
# services:
# ldap-server:
# volumes:
# - ./config/ldap/ldif/30_demo_users.ldif:/ldifs/30_demo_users.ldif
# - ./config/ldap/ldif/40_demo_groups.ldif:/ldifs/40_demo_groups.ldif
#
# Then add it to: COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml:idm/ldap-keycloak.yml:traefik/ldap-keycloak.yml:custom/ldap-keycloak-demo-users.yml
# WARNING: Do not use in production.
### Radicale Setting ###
# Radicale is a small open-source CalDAV (calendars, to-do lists) and CardDAV (contacts) server.
# When enabled OpenCloud is configured as a reverse proxy for Radicale, providing all authenticated

3
docker-compose.yml
View File

@@ -1,8 +1,7 @@
---
services:
opencloud:
# renovate: depName=opencloudeu/opencloud-rolling
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-6.1.0}
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
# changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog
# release notes: https://docs.opencloud.eu/opencloud_release_notes.html
user: ${OC_CONTAINER_UID_GID:-1000:1000}

13
idm/external-idp.yml
View File

@@ -14,17 +14,7 @@ services:
GRAPH_LDAP_REFINT_ENABLED: "true" # osixia has refint enabled.
FRONTEND_READONLY_USER_ATTRIBUTES: "user.onPremisesSamAccountName,user.displayName,user.mail,user.passwordProfile,user.accountEnabled,user.appRoleAssignments"
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
OC_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID}
OC_OIDC_CLIENT_SCOPES: ${OC_OIDC_CLIENT_SCOPES}
PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM: ${PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM:-roles}
WEBFINGER_WEB_OIDC_CLIENT_ID: ${WEBFINGER_WEB_OIDC_CLIENT_ID}
WEBFINGER_WEB_OIDC_CLIENT_SCOPES: ${WEBFINGER_WEB_OIDC_CLIENT_SCOPES}
WEBFINGER_ANDROID_OIDC_CLIENT_ID: ${WEBFINGER_ANDROID_OIDC_CLIENT_ID}
WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES: ${WEBFINGER_ANDROID_OIDC_CLIENT_SCOPES}
WEBFINGER_IOS_OIDC_CLIENT_ID: ${WEBFINGER_IOS_OIDC_CLIENT_ID}
WEBFINGER_IOS_OIDC_CLIENT_SCOPES: ${WEBFINGER_IOS_OIDC_CLIENT_SCOPES}
WEBFINGER_DESKTOP_OIDC_CLIENT_ID: ${WEBFINGER_DESKTOP_OIDC_CLIENT_ID}
WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES: ${WEBFINGER_DESKTOP_OIDC_CLIENT_SCOPES}
WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
OC_OIDC_ISSUER: ${IDP_ISSUER_URL:-https://keycloak.opencloud.test/realms/openCloud}
# This specifies to start all services except idm and idp. These are replaced by external services.
@@ -55,7 +45,6 @@ services:
WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: ${IDP_ACCOUNT_URL}
ldap-server:
image: bitnamilegacy/openldap:2.6
# Bitnami images require GID 0 to write to internal socket and PID directories
networks:
opencloud-net:
entrypoint: [ "/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ]

12
idm/ldap-keycloak.yml
View File

@@ -23,19 +23,19 @@ services:
# Keycloak IDP specific configuration
PROXY_AUTOPROVISION_ACCOUNTS: "false"
PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}/realms/openCloud
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/openCloud
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
PROXY_USER_OIDC_CLAIM: "uuid"
PROXY_USER_CS3_CLAIM: "userid"
WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}/realms/openCloud/account"
WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/openCloud/account"
# admin and demo accounts must be created in Keycloak
OC_ADMIN_USER_ID: ""
SETTINGS_SETUP_DEFAULT_ASSIGNMENTS: "false"
GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
GRAPH_USERNAME_MATCH: "none"
# This is needed to set the correct CSP rules for OpenCloud
IDP_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
IDP_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
ldap-server:
image: bitnamilegacy/openldap:2.6
@@ -64,7 +64,7 @@ services:
restart: always
postgres:
image: postgres:17.9-alpine
image: postgres:17-alpine
networks:
opencloud-net:
volumes:
@@ -78,7 +78,7 @@ services:
restart: always
keycloak:
image: quay.io/keycloak/keycloak:26.6.1
image: quay.io/keycloak/keycloak:26.3.3
networks:
opencloud-net:
command: [ "start", "--spi-connections-http-client-default-disable-trust-manager=${INSECURE:-false}", "--import-realm" ]
@@ -89,7 +89,7 @@ services:
- "./config/keycloak/themes/opencloud:/opt/keycloak/themes/opencloud"
environment:
LDAP_ADMIN_PASSWORD: ${LDAP_BIND_PASSWORD:-admin}
OC_DOMAIN: ${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
OC_DOMAIN: ${OC_DOMAIN:-cloud.opencloud.test}
KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
KC_DB: postgres
KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"

43
renovate.json
View File

@@ -1,43 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"platformAutomerge": true,
"enabledManagers": ["docker-compose", "custom.regex"],
"baseBranchPatterns": ["main", "stable-4.0"],
"packageRules": [
{
"matchManagers": ["docker-compose", "custom.regex"],
"labels": ["Type:Dependencies", "Bot:Renovate"]
},
{
"matchManagers": ["docker-compose"],
"matchUpdateTypes": ["patch"],
"automerge": true
},
{
"matchBaseBranches": ["stable-4.0"],
"matchUpdateTypes": ["major", "minor"],
"enabled": false
},
{
"matchPackageNames": ["postgres"],
"matchManagers": ["docker-compose"],
"allowedVersions": "/^17\\.\\d+-alpine$/"
}
],
"docker-compose": {
"managerFilePatterns": ["/.+\\.ya?ml$/"]
},
"customManagers": [
{
"customType": "regex",
"managerFilePatterns": [
"/^docker-compose\\.yml$/",
"/^weboffice\\/collabora\\.yml$/"
],
"matchStrings": [
"# renovate: depName=(?<depName>[^\\s]+)\\n\\s+image: \\$\\{[^}]+\\}:\\$\\{[^}]+-(?<currentValue>[0-9]+\\.[0-9]+\\.[0-9]+)\\}"
],
"datasourceTemplate": "docker"
}
]
}

4
testing/external-keycloak.yml
View File

@@ -1,7 +1,7 @@
---
services:
postgres:
image: postgres:17.9-alpine
image: postgres:17-alpine
networks:
opencloud-net:
volumes:
@@ -15,7 +15,7 @@ services:
restart: always
keycloak:
image: quay.io/keycloak/keycloak:26.6.1
image: quay.io/keycloak/keycloak:26.3.3
networks:
opencloud-net:
command: [ "start", "--spi-connections-http-client-default-disable-trust-manager=${INSECURE:-false}", "--import-realm" ]

2
traefik/collabora.yml
View File

@@ -13,7 +13,6 @@ services:
- "traefik.http.routers.collaboration.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}`)"
- "traefik.http.routers.collaboration.${TRAEFIK_SERVICES_TLS_CONFIG}"
- "traefik.http.routers.collaboration.service=collaboration"
- "traefik.http.routers.collaboration.middlewares=hsts-header"
- "traefik.http.services.collaboration.loadbalancer.server.port=9300"
collabora:
labels:
@@ -22,5 +21,4 @@ services:
- "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.opencloud.test}`)"
- "traefik.http.routers.collabora.${TRAEFIK_SERVICES_TLS_CONFIG}"
- "traefik.http.routers.collabora.service=collabora"
- "traefik.http.routers.collabora.middlewares=hsts-header"
- "traefik.http.services.collabora.loadbalancer.server.port=9980"

1
traefik/ldap-keycloak.yml
View File

@@ -12,5 +12,4 @@ services:
- "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}`)"
- "traefik.http.routers.keycloak.${TRAEFIK_SERVICES_TLS_CONFIG}"
- "traefik.http.routers.keycloak.service=keycloak"
- "traefik.http.routers.keycloak.middlewares=hsts-header"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"

9
traefik/opencloud.yml
View File

@@ -3,20 +3,13 @@ services:
opencloud:
labels:
- "traefik.enable=true"
# define middleware here, to make sure its loaded with the first defined container (opencloud)
# if defined in the traefik container with a disabled dashboard it won't be loaded fast enough
- "traefik.http.middlewares.hsts-header.headers.stsSeconds=31536000"
- "traefik.http.middlewares.hsts-header.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.hsts-header.headers.stsPreload=true"
- "traefik.http.middlewares.hsts-header.headers.forceSTSHeader=true"
- "traefik.http.routers.opencloud.entrypoints=https"
- "traefik.http.routers.opencloud.rule=Host(`${OC_DOMAIN:-cloud.opencloud.test}`)"
- "traefik.http.routers.opencloud.service=opencloud"
- "traefik.http.routers.opencloud.middlewares=hsts-header"
- "traefik.http.services.opencloud.loadbalancer.server.port=9200"
- "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}"
traefik:
image: traefik:v3.6.14
image: traefik:v3.6.7
# release notes: https://github.com/traefik/traefik/releases
user: ${TRAEFIK_CONTAINER_UID_GID:-0:0}
networks:

10
weboffice/collabora.yml
View File

@@ -14,8 +14,7 @@ services:
GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6"
collaboration:
# renovate: depName=opencloudeu/opencloud-rolling
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-6.1.0}
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
user: ${OC_CONTAINER_UID_GID:-1000:1000}
networks:
opencloud-net:
@@ -49,7 +48,7 @@ services:
restart: always
collabora:
image: collabora/code:25.04.9.4.1
image: collabora/code:25.04.7.1.1
# release notes: https://www.collaboraonline.com/release-notes/
networks:
opencloud-net:
@@ -67,10 +66,7 @@ services:
username: ${COLLABORA_ADMIN_USER:-admin}
password: ${COLLABORA_ADMIN_PASSWORD:-admin}
cap_add:
- SYS_ADMIN
security_opt:
- seccomp=unconfined
- apparmor:unconfined
- MKNOD
volumes:
# Mount local TrueType fonts so the container can use system fonts
# (e.g. Microsoft fonts like Arial, Calibri, Cambria by installing the `ttf-mscorefonts-installer` package).