chore: bump web app maps to v1.0.2

Merge pull request #146 from opencloud-eu/mount-local-fonts-to-collabora-followup
feat: mount local system font dir to collabora followup
2026-06-08 12:10:05 +08:00 · 2025-11-10 13:32:39 +01:00 · 2025-11-07 11:23:09 +01:00 · 2025-11-07 11:19:22 +01:00 · 2025-11-07 11:07:13 +01:00 · 2025-11-06 13:55:10 +01:00
12 changed files with 80 additions and 33 deletions
--- a/.env.example
+++ b/.env.example
@@ -137,6 +137,8 @@ DECOMPOSEDS3_BUCKET=


 # Define SMTP settings if you would like to send OpenCloud email notifications.
+# To actually send notifications, you also need to enable the 'notifications' service
+# by adding it to the START_ADDITIONAL_SERVICES variable below.
 #
 # NOTE: when configuring Inbucket, these settings have no effect, see inbucket.yml for details.
 # SMTP host to connect to.
@@ -157,12 +159,11 @@ SMTP_TRANSPORT_ENCRYPTION=
 # Allow insecure connections to the SMTP server. Defaults to false.
 SMTP_INSECURE=

-# Addititional services to be started on opencloud startup
-# The following list of services is not startet automatically and must be
+# Additional services to be started on opencloud startup
+# The following list of services is not started automatically and must be
 # manually defined for startup:
-# IMPORTANT: The notification service is MANDATORY, do not delete!
 # IMPORTANT: Add any services to the startup list comma separated like "notifications,antivirus" etc.
-START_ADDITIONAL_SERVICES="notifications"
+START_ADDITIONAL_SERVICES=""


 ## Default Enabled Services ##
@@ -203,6 +204,11 @@ COLLABORA_SSL_ENABLE=false
 # If you're on an internet-facing server, enable SSL verification for Collabora Online.
 # Please comment out the following line:
 COLLABORA_SSL_VERIFICATION=false
+# Enable home mode in Collabore Online.
+# Home users can enable this setting, which in turn disables welcome screen and user feedback popups, 
+# but also limits concurrent open connections to 20 and concurrent open documents to 10.
+# Default is false if not specified.
+COLLABORA_HOME_MODE=


 ### Virusscanner Settings ###
@@ -216,7 +222,7 @@ COLLABORA_SSL_VERIFICATION=false
 # Defaults to "partial"
 #ANTIVIRUS_MAX_SCAN_SIZE_MODE=
 # Image version of the ClamAV container.
-# Defaults to "latest"y
+# Defaults to "latest"
 CLAMAV_DOCKER_TAG=


--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 # exclude the apps folder
 /config/opencloud/apps/*
 !/config/opencloud/apps/.gitkeep
+!/config/opencloud/apps/maps

 # exclude custom compose files
 /custom
--- a/README.md
+++ b/README.md
@@ -2,6 +2,9 @@

 This repository provides Docker Compose configurations for deploying OpenCloud in various environments.

+> [!IMPORTANT]
+> Please use the [official docs](https://docs.opencloud.eu/docs/admin/getting-started/container/docker-compose/docker-compose-base) for a **Production Deployment**.
+
 ## Overview

 OpenCloud Compose offers a modular approach to deploying OpenCloud with several configuration options:
@@ -42,8 +45,9 @@ OpenCloud Compose offers a modular approach to deploying OpenCloud with several

 3. **Set admin password**:
   set `INITIAL_ADMIN_PASSWORD=your_secure_password` environment variable in your `.env` file
-
-4. **Configure deployment options**:
+4. **Domain**:
+   optionally, set `OC_DOMAIN=your-domain.com` to overwrite the default `cloud.opencloud.test`
+5. **Configure deployment options**:

   You can deploy using explicit `-f` flags:
   ```bash
@@ -60,38 +64,18 @@ OpenCloud Compose offers a modular approach to deploying OpenCloud with several
   docker compose up -d
   ```

-5. **Add local domains to `/etc/hosts`** (for local development only):
+6. **Add local domains to `/etc/hosts`** (for local development only):
   ```
   127.0.0.1 cloud.opencloud.test
   127.0.0.1 traefik.opencloud.test
   127.0.0.1 keycloak.opencloud.test
   ```

-6. **Access OpenCloud**:
+7. **Access OpenCloud**:
   - URL: https://cloud.opencloud.test
   - Username: `admin`
   - Password: value of your `INITIAL_ADMIN_PASSWORD`

-### Production Deployment
-
-> **DNS Requirements**: For production deployments, you need real DNS entries pointing to your server for all required subdomains. You can either create individual DNS A/AAAA records for each subdomain (e.g., `cloud.example.com`, `collabora.example.com`, `keycloak.example.com`) or use a wildcard DNS entry (`*.example.com`) that covers all subdomains.
-
-1. **Edit the `.env` file** and configure:
-   - Domain names (replace `.opencloud.test` domains with your real domains)
-   - Admin password
-   - SSL certificate email
-   - Storage paths
-
-2. **Configure deployment options** in `.env`:
-   ```
-   COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml
-   ```
-
-3. **Start OpenCloud**:
-   ```bash
-   docker compose up -d
-   ```
-
 ## Deployment Options

 ### With Keycloak and LDAP using a Shared User Directory
--- a/config/keycloak/opencloud-realm.dist.json
+++ b/config/keycloak/opencloud-realm.dist.json
@@ -676,6 +676,7 @@
        "profile",
        "roles",
        "groups",
+        "OpenCloudUnique_ID",
        "basic",
        "email"
      ],
--- a/config/ldap/init-ldap-acls.sh
+++ b/config/ldap/init-ldap-acls.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -eu
+
+# apply acls
+echo -n "Applying acls... "
+slapmodify -F /opt/bitnami/openldap/etc/slapd.d -b cn=config -l /opt/bitnami/openldap/etc/schema/50_acls.ldif
+if [ $? -eq 0 ]; then
+    echo "done."
+else
+    echo "failed."
+fi
--- a/config/ldap/ldif/50_acls.ldif
+++ b/config/ldap/ldif/50_acls.ldif
@@ -0,0 +1,9 @@
+# OpenCloud ldap acl file which gets applied during the first db initialisation
+dn: olcDatabase={2}mdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to dn.subtree="dc=opencloud,dc=eu" attrs=entry,uid,objectClass,entryUUID
+  by * read
+olcAccess: {1}to attrs=userPassword
+  by self write
+  by * auth
--- a/config/opencloud/apps/maps/js/maps-uKkx1qsf.js
+++ b/config/opencloud/apps/maps/js/maps-uKkx1qsf.js
--- a/config/opencloud/apps/maps/manifest.json
+++ b/config/opencloud/apps/maps/manifest.json
@@ -0,0 +1,3 @@
+{
+  "entrypoint": "js/maps-uKkx1qsf.js"
+}
--- a/config/opencloud/csp.yaml
+++ b/config/opencloud/csp.yaml
@@ -28,6 +28,7 @@ directives:
    - 'data:'
    - 'blob:'
    - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
+    - 'https://tile.openstreetmap.org/'
    # In contrary to bash and docker the default is given after the | character
    - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
  manifest-src:
--- a/idm/external-idp.yml
+++ b/idm/external-idp.yml
@@ -65,6 +65,7 @@ services:
      - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
      - ${LDAP_CERTS_DIR:-ldap-certs}:/opt/bitnami/openldap/share
      - ${LDAP_DATA_DIR:-ldap-data}:/bitnami/openldap
+    restart: always

 volumes:
  ldap-certs:
--- a/idm/ldap-keycloak.yml
+++ b/idm/ldap-keycloak.yml
@@ -54,6 +54,8 @@ services:
    volumes:
      - ./config/ldap/ldif/10_base.ldif:/ldifs/10_base.ldif
      - ./config/ldap/ldif/20_admin.ldif:/ldifs/20_admin.ldif
+      - ./config/ldap/ldif/50_acls.ldif:/opt/bitnami/openldap/etc/schema/50_acls.ldif
+      - ./config/ldap/init-ldap-acls.sh:/docker-entrypoint-initdb.d/init-ldap-acls.sh
      - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
      - ldap-certs:/opt/bitnami/openldap/share
      - ldap-data:/bitnami/openldap
--- a/weboffice/collabora.yml
+++ b/weboffice/collabora.yml
@@ -9,7 +9,7 @@ services:
      NATS_NATS_HOST: 0.0.0.0
      GATEWAY_GRPC_ADDR: 0.0.0.0:9142
      # make collabora the secure view app
-      FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration.CollaboraOnline
+      FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration
      GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6"

  collaboration:
@@ -58,16 +58,23 @@ services:
        --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \
        --o:ssl.termination=true \
        --o:welcome.enable=false \
-        --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test}
+        --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test} \
+        --o:net.lok_allow.host[14]=${OC_DOMAIN-cloud.opencloud.test} \
+        --o:home_mode.enable=${COLLABORA_HOME_MODE:-false}
      username: ${COLLABORA_ADMIN_USER:-admin}
      password: ${COLLABORA_ADMIN_PASSWORD:-admin}
    cap_add:
      - MKNOD
+    volumes:
+      # Mount local TrueType fonts so the container can use system fonts
+      # (e.g. Microsoft fonts like Arial, Calibri, Cambria by installing the `ttf-mscorefonts-installer` package).
+      - /usr/share/fonts/truetype:/usr/share/fonts/truetype/more:ro
+      - /usr/share/fonts/truetype:/opt/cool/systemplate/usr/share/fonts/truetype/more:ro
    logging:
      driver: ${LOG_DRIVER:-local}
    restart: always
-    entrypoint: ['/bin/bash', '-c']
-    command: ['coolconfig generate-proof-key && /start-collabora-online.sh']
+    entrypoint: [ '/bin/bash', '-c' ]
+    command: [ 'coolconfig generate-proof-key && /start-collabora-online.sh' ]
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
      interval: 15s
Author	SHA1	Message	Date
Alexander Ackermann	39f40fa0f7	chore: bump web app maps to v1.0.2	2025-11-10 13:32:39 +01:00
Alex	f24923f95e	Merge pull request #146 from opencloud-eu/mount-local-fonts-to-collabora-followup feat: mount local system font dir to collabora followup	2025-11-07 11:23:09 +01:00
Alexander Ackermann	4f79e9ab7b	feat: mount local system font dir to collabora followup	2025-11-07 11:19:22 +01:00
Alex	cd5d97cda9	Merge pull request #144 from opencloud-eu/mount-local-fonts-to-collabora	2025-11-07 11:07:13 +01:00
Alex	b501311d0f	Apply suggestion from @kulmann Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz>	2025-11-06 13:55:10 +01:00
Alex	85deada0d2	Update weboffice/collabora.yml	2025-11-06 13:48:52 +01:00
Michael Barz	522ced8c96	Merge pull request #99 from opencloud-eu/move_production_to_docs Move production deployment infos to docs	2025-11-06 12:12:35 +01:00
Alexander Ackermann	0622cf6e60	fix typo	2025-11-06 10:53:37 +01:00
Alexander Ackermann	69b40132c0	feat: mount local system font dir to collabora	2025-11-06 10:51:07 +01:00
Alex	f466650a97	Merge pull request #142 from opencloud-eu/add-app-maps	2025-11-06 08:40:03 +01:00
Alexander Ackermann	a27c40c4dc	feat: add app maps	2025-11-05 23:08:30 +01:00
Viktor Scharf	94c8075b36	Merge pull request #140 from opencloud-eu/fix-secure-view fix: fix app addr for secure view	2025-11-05 15:20:42 +01:00
Michael Barz	7543aa2eec	fix: fix app addr for secure view	2025-11-05 15:15:52 +01:00
Viktor Scharf	d51d43825a	Merge pull request #139 from a-schuetz/add_collabora_home_mode feat: add home mode option to Collabora	2025-11-05 15:15:13 +01:00
a-schuetz	723fb73fb4	feat: add home mode option to Collabora	2025-11-05 09:01:01 +00:00
Ralf Haferkamp	16dd321bf2	Merge pull request #130 from opencloud-eu/web/704 feat: Allow collabora to download images from the cloud instance	2025-11-04 16:01:42 +01:00
Michael Barz	df98c14b80	Merge pull request #132 from bilogic/patch-1 document the mandatory OC_DOMAIN	2025-10-30 10:14:45 +01:00
bilogic	53ec7140da	document the mandatory OC_DOMAIN	2025-10-30 16:16:03 +08:00
Ralf Haferkamp	d3f0044fe3	feat: Allow collabora to download images from the cloud instance Related: https://github.com/opencloud-eu/web/issues/704	2025-10-29 12:14:30 +01:00
Thomas Schweiger	9cb8196122	Merge pull request #124 from mwllgr/patch-1 Make external IDP LDAP server start automatically	2025-10-27 15:23:11 +01:00
Ralf Haferkamp	bdd2638f3f	Merge pull request #123 from opencloud-eu/fix/android-login-fails Allow Android logins with OC docker compose stack using Keycloak in shared directory mode	2025-10-27 09:40:41 +01:00
Thomas Schweiger	3558f9c2e1	fix: fix #122 - OIDC login fails with "malformed server configuration"	2025-10-27 09:11:04 +01:00
mwllgr	bc338d7ff4	Make external IDP LDAP server start automatically	2025-10-25 22:14:08 +02:00
Thomas Schweiger	4fc30f0330	Merge pull request #121 from Tronde/fix/remove-misleading-comment Fix: Remove confusing comment - notifications is not mandatory	2025-10-23 18:29:45 +02:00
Thomas Schweiger	93b8186eb6	fix: rephrase and fix additional typo	2025-10-23 18:09:23 +02:00
Thomas Schweiger	85e3098e1c	fix: fix typo	2025-10-23 18:02:04 +02:00
Thomas Schweiger	fed9c09ae5	Merge pull request #116 from opencloud-eu/fix/initialise-ldap-acls fix: fix #104 - LDAP userPassword attribute can be read without auth	2025-10-23 17:39:24 +02:00
Thomas Schweiger	c689b26275	fix: change acls and how to apply them	2025-10-23 16:09:27 +02:00
Joerg Kastning	c1dcf1d1d9	Fix: Remove confusing comment - notifications is not mandatory - Solves #118 Signed-off-by: Joerg Kastning <jkastning@my-it-brain.de>	2025-10-22 19:52:19 +02:00
Michael Barz	25b0de4525	Merge pull request #119 from opencloud-eu/flimmy-patch-1 fix typo in .env.example	2025-10-21 20:47:39 +02:00
Michael Flemming	67743a8e19	fix typo in .env.example a wild character found its way into a comment.	2025-10-21 20:46:09 +02:00
Thomas Schweiger	f253158ae7	fix: fix #104 - LDAP userPassword attribute can be read without auth	2025-10-18 11:21:54 +02:00
Alex	219899adfc	Merge pull request #115 from opencloud-eu/add-update-server-to-csp.yaml chore: add update server to csp.yaml (cors)	2025-10-13 13:22:09 +02:00
Michael 'Flimmy' Flemming	f3c5f8f591	add link to docs for production deployment	2025-09-26 15:09:52 +02:00
Michael 'Flimmy' Flemming	fc560119f4	remove production deployment section	2025-09-26 15:09:12 +02:00