fix: removed unwanted newlines

.env.example

@@ -59,7 +59,7 @@ TRAEFIK_SERVICES_TLS_CONFIG="tls.certresolver=letsencrypt"
 #     stores:
 #       - default
 #
-# The certificates need to be copied into ./certs/, the absolute path inside the container is /certs/.
+# The certificates need to copied into ./certs/, the absolute path inside the container is /certs/.
 # You can also use TRAEFIK_CERTS_DIR=/path/on/host to set the path to the certificates directory.
 # Enable the access log for Traefik by setting the following variable to true.
 TRAEFIK_ACCESS_LOG=
@@ -137,8 +137,6 @@ DECOMPOSEDS3_BUCKET=
 
 
 # Define SMTP settings if you would like to send OpenCloud email notifications.
-# To actually send notifications, you also need to enable the 'notifications' service
-# by adding it to the START_ADDITIONAL_SERVICES variable below.
 #
 # NOTE: when configuring Inbucket, these settings have no effect, see inbucket.yml for details.
 # SMTP host to connect to.
@@ -159,11 +157,12 @@ SMTP_TRANSPORT_ENCRYPTION=
 # Allow insecure connections to the SMTP server. Defaults to false.
 SMTP_INSECURE=
 
-# Additional services to be started on opencloud startup
+# Addititional services to be started on opencloud startup
-# The following list of services is not started automatically and must be
+# The following list of services is not startet automatically and must be
 # manually defined for startup:
+# IMPORTANT: The notification service is MANDATORY, do not delete!
 # IMPORTANT: Add any services to the startup list comma separated like "notifications,antivirus" etc.
-START_ADDITIONAL_SERVICES=""
+START_ADDITIONAL_SERVICES="notifications"
 
 
 ## Default Enabled Services ##
@@ -204,11 +203,6 @@ COLLABORA_SSL_ENABLE=false
 # If you're on an internet-facing server, enable SSL verification for Collabora Online.
 # Please comment out the following line:
 COLLABORA_SSL_VERIFICATION=false
-# Enable home mode in Collabore Online.
-# Home users can enable this setting, which in turn disables welcome screen and user feedback popups, 
-# but also limits concurrent open connections to 20 and concurrent open documents to 10.
-# Default is false if not specified.
-COLLABORA_HOME_MODE=
 
 
 ### Virusscanner Settings ###
@@ -222,7 +216,7 @@ COLLABORA_HOME_MODE=
 # Defaults to "partial"
 #ANTIVIRUS_MAX_SCAN_SIZE_MODE=
 # Image version of the ClamAV container.
-# Defaults to "latest"
+# Defaults to "latest"y
 CLAMAV_DOCKER_TAG=
 
 

.gitignore

@@ -5,7 +5,6 @@
 # exclude the apps folder
 /config/opencloud/apps/*
 !/config/opencloud/apps/.gitkeep
-!/config/opencloud/apps/maps
 
 # exclude custom compose files
 /custom

README.md

@@ -2,9 +2,6 @@
 
 This repository provides Docker Compose configurations for deploying OpenCloud in various environments.
 
-> [!IMPORTANT]
-> Please use the [official docs](https://docs.opencloud.eu/docs/admin/getting-started/container/docker-compose/docker-compose-base) for a **Production Deployment**.
-
 ## Overview
 
 OpenCloud Compose offers a modular approach to deploying OpenCloud with several configuration options:
@@ -45,9 +42,8 @@ OpenCloud Compose offers a modular approach to deploying OpenCloud with several
 
 3. **Set admin password**:
    set `INITIAL_ADMIN_PASSWORD=your_secure_password` environment variable in your `.env` file
-4. **Domain**:
+
-   optionally, set `OC_DOMAIN=your-domain.com` to overwrite the default `cloud.opencloud.test`
+4. **Configure deployment options**:
-5. **Configure deployment options**:
 
    You can deploy using explicit `-f` flags:
    ```bash
@@ -64,18 +60,38 @@ OpenCloud Compose offers a modular approach to deploying OpenCloud with several
    docker compose up -d
    ```
 
-6. **Add local domains to `/etc/hosts`** (for local development only):
+5. **Add local domains to `/etc/hosts`** (for local development only):
    ```
    127.0.0.1 cloud.opencloud.test
    127.0.0.1 traefik.opencloud.test
    127.0.0.1 keycloak.opencloud.test
    ```
 
-7. **Access OpenCloud**:
+6. **Access OpenCloud**:
    - URL: https://cloud.opencloud.test
    - Username: `admin`
    - Password: value of your `INITIAL_ADMIN_PASSWORD`
 
+### Production Deployment
+
+> **DNS Requirements**: For production deployments, you need real DNS entries pointing to your server for all required subdomains. You can either create individual DNS A/AAAA records for each subdomain (e.g., `cloud.example.com`, `collabora.example.com`, `keycloak.example.com`) or use a wildcard DNS entry (`*.example.com`) that covers all subdomains.
+
+1. **Edit the `.env` file** and configure:
+   - Domain names (replace `.opencloud.test` domains with your real domains)
+   - Admin password
+   - SSL certificate email
+   - Storage paths
+
+2. **Configure deployment options** in `.env`:
+   ```
+   COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml
+   ```
+
+3. **Start OpenCloud**:
+   ```bash
+   docker compose up -d
+   ```
+
 ## Deployment Options
 
 ### With Keycloak and LDAP using a Shared User Directory

config/keycloak/opencloud-realm.dist.json

@@ -676,7 +676,6 @@
         "profile",
         "roles",
         "groups",
-        "OpenCloudUnique_ID",
         "basic",
         "email"
       ],
@@ -2337,7 +2336,7 @@
             "always"
           ],
           "usePasswordModifyExtendedOp": [
-            "true"
+            "false"
           ],
           "trustEmail": [
             "false"

config/ldap/init-ldap-acls.sh

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-set -eu
-
-# apply acls
-echo -n "Applying acls... "
-slapmodify -F /opt/bitnami/openldap/etc/slapd.d -b cn=config -l /opt/bitnami/openldap/etc/schema/50_acls.ldif
-if [ $? -eq 0 ]; then
-    echo "done."
-else
-    echo "failed."
-fi

config/ldap/ldif/50_acls.ldif

@@ -1,9 +0,0 @@
-# OpenCloud ldap acl file which gets applied during the first db initialisation
-dn: olcDatabase={2}mdb,cn=config
-changetype: modify
-replace: olcAccess
-olcAccess: {0}to dn.subtree="dc=opencloud,dc=eu" attrs=entry,uid,objectClass,entryUUID
-  by * read
-olcAccess: {1}to attrs=userPassword
-  by self write
-  by * auth

config/opencloud/apps/maps/manifest.json

@@ -1,3 +0,0 @@
-{
-  "entrypoint": "js/maps-uKkx1qsf.js"
-}

config/opencloud/csp.yaml

@@ -8,7 +8,6 @@ directives:
     - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}/'
     - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
     - 'https://${IDP_DOMAIN|keycloak.opencloud.test}/'
-    - 'https://update.opencloud.eu/'
   default-src:
     - '''none'''
   font-src:
@@ -28,7 +27,6 @@ directives:
     - 'data:'
     - 'blob:'
     - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
-    - 'https://tile.openstreetmap.org/'
     # In contrary to bash and docker the default is given after the | character
     - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
   manifest-src:

config/opencloud/opencloud.storage.ocmproviders.json

@@ -0,0 +1,46 @@
+[
+  {
+    "name": "host.docker.internal:9200",
+    "full_name": "host.docker.internal 9200",
+    "organization": "OpenCloud",
+    "domain": "host.docker.internal:9200",
+    "homepage": "https://opencloud.eu",
+    "services": [
+      {
+        "endpoint": {
+          "type": {
+            "name": "OCM",
+            "description": "OpenCloud Open Cloud Mesh API"
+          },
+          "name": "OpenCloud - OCM API",
+          "path": "https://host.docker.internal:9200/ocm/",
+          "is_monitored": true
+        },
+        "api_version": "0.0.1",
+        "host": "host.docker.internal:9200"
+      }
+    ]
+  },
+  {
+    "name": "cloud.opencloud.test",
+    "full_name": "cloud.opencloud.test",
+    "organization": "OpenCloud",
+    "domain": "cloud.opencloud.test",
+    "homepage": "https://opencloud.eu",
+    "services": [
+      {
+        "endpoint": {
+          "type": {
+            "name": "OCM",
+            "description": "OpenCloud Open Cloud Mesh API"
+          },
+          "name": "OpenCloud - OCM API",
+          "path": "https://cloud.opencloud.test/ocm/",
+          "is_monitored": true
+        },
+        "api_version": "0.0.1",
+        "host": "cloud.opencloud.test"
+      }
+    ]
+  }
+]

config/opencloud/web.yaml

@@ -0,0 +1,14 @@
+# OpenCloud web configuration
+web:
+  config:
+    apps:
+    - files
+    - search
+    - text-editor
+    - pdf-viewer
+    - external
+    - admin-settings
+    - epub-reader
+    - preview
+    - app-store
+    - ocm

docker-compose.yml

@@ -51,13 +51,25 @@ services:
       OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:-1}"
       OC_PASSWORD_POLICY_MIN_DIGITS: "${OC_PASSWORD_POLICY_MIN_DIGITS:-1}"
       OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:-1}"
+
+      # OCM
+      OC_ENABLE_OCM: "true"
+      OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE: "/etc/opencloud/ocmproviders.json"
+      OCM_OCM_INVITE_MANAGER_INSECURE: "true"
+      OCM_OCM_SHARE_PROVIDER_INSECURE: "true"
+      OCM_OCM_STORAGE_PROVIDER_INSECURE: "true"
+      GRAPH_INCLUDE_OCM_SHAREES: "true"
+
     volumes:
       - ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml
       - ./config/opencloud/banned-password-list.txt:/etc/opencloud/banned-password-list.txt
+      - ./config/opencloud/opencloud.storage.ocmproviders.json:/etc/opencloud/ocmproviders.json
+      - ./config/opencloud/web.yaml:/etc/opencloud/web.yaml
       # configure the .env file to use own paths instead of docker internal volumes
       - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
       - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
       - ${OC_APPS_DIR:-./config/opencloud/apps}:/var/lib/opencloud/web/assets/apps
+
     logging:
       driver: ${LOG_DRIVER:-local}
     restart: always

idm/external-idp.yml

@@ -44,7 +44,7 @@ services:
       # The openCloud users need to be able to edit their account in the externa IdP
       WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: ${IDP_ACCOUNT_URL}
   ldap-server:
-    image: bitnamilegacy/openldap:2.6
+    image: bitnami/openldap:2.6
     networks:
       opencloud-net:
     entrypoint: [ "/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ]
@@ -57,6 +57,9 @@ services:
       LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/share/openldap.key
       LDAP_ROOT: "dc=opencloud,dc=eu"
       LDAP_ADMIN_PASSWORD: ${LDAP_BIND_PASSWORD:-admin}
+    ports:
+      - "127.0.0.1:389:1389"
+      - "127.0.0.1:636:1636"
     volumes:
       # Only use the base ldif file to create the base structure
       - ./config/ldap/ldif/10_base.ldif:/ldifs/10_base.ldif
@@ -65,7 +68,6 @@ services:
       - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
       - ${LDAP_CERTS_DIR:-ldap-certs}:/opt/bitnami/openldap/share
       - ${LDAP_DATA_DIR:-ldap-data}:/bitnami/openldap
-    restart: always
 
 volumes:
   ldap-certs:

idm/ldap-keycloak.yml

@@ -51,11 +51,12 @@ services:
       LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/share/openldap.key
       LDAP_ROOT: "dc=opencloud,dc=eu"
       LDAP_ADMIN_PASSWORD: ${LDAP_BIND_PASSWORD:-admin}
+    ports:
+      - "127.0.0.1:389:1389"
+      - "127.0.0.1:636:1636"
     volumes:
       - ./config/ldap/ldif/10_base.ldif:/ldifs/10_base.ldif
       - ./config/ldap/ldif/20_admin.ldif:/ldifs/20_admin.ldif
-      - ./config/ldap/ldif/50_acls.ldif:/opt/bitnami/openldap/etc/schema/50_acls.ldif
-      - ./config/ldap/init-ldap-acls.sh:/docker-entrypoint-initdb.d/init-ldap-acls.sh
       - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
       - ldap-certs:/opt/bitnami/openldap/share
       - ldap-data:/bitnami/openldap
@@ -64,7 +65,7 @@ services:
     restart: always
 
   postgres:
-    image: postgres:17-alpine
+    image: postgres:alpine
     networks:
       opencloud-net:
     volumes:

testing/external-keycloak.yml

@@ -1,7 +1,7 @@
 ---
 services:
   postgres:
-    image: postgres:17-alpine
+    image: postgres:alpine
     networks:
       opencloud-net:
     volumes:

weboffice/collabora.yml

@@ -9,7 +9,7 @@ services:
       NATS_NATS_HOST: 0.0.0.0
       GATEWAY_GRPC_ADDR: 0.0.0.0:9142
       # make collabora the secure view app
-      FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration
+      FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration.CollaboraOnline
       GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6"
 
   collaboration:
@@ -58,23 +58,16 @@ services:
         --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \
         --o:ssl.termination=true \
         --o:welcome.enable=false \
-        --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test} \
+        --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test}
-        --o:net.lok_allow.host[14]=${OC_DOMAIN-cloud.opencloud.test} \
-        --o:home_mode.enable=${COLLABORA_HOME_MODE:-false}
       username: ${COLLABORA_ADMIN_USER:-admin}
       password: ${COLLABORA_ADMIN_PASSWORD:-admin}
     cap_add:
       - MKNOD
-    volumes:
-      # Mount local TrueType fonts so the container can use system fonts
-      # (e.g. Microsoft fonts like Arial, Calibri, Cambria by installing the `ttf-mscorefonts-installer` package).
-      - /usr/share/fonts/truetype:/usr/share/fonts/truetype/more:ro
-      - /usr/share/fonts/truetype:/opt/cool/systemplate/usr/share/fonts/truetype/more:ro
     logging:
       driver: ${LOG_DRIVER:-local}
     restart: always
-    entrypoint: [ '/bin/bash', '-c' ]
+    entrypoint: ['/bin/bash', '-c']
-    command: [ 'coolconfig generate-proof-key && /start-collabora-online.sh' ]
+    command: ['coolconfig generate-proof-key && /start-collabora-online.sh']
     healthcheck:
       test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
       interval: 15s