feat: move collaboration behind the proxy

config/opencloud/opencloud.storage.ocmproviders.json

@@ -1,46 +0,0 @@
-[
-  {
-    "name": "host.docker.internal:9200",
-    "full_name": "host.docker.internal 9200",
-    "organization": "OpenCloud",
-    "domain": "host.docker.internal:9200",
-    "homepage": "https://opencloud.eu",
-    "services": [
-      {
-        "endpoint": {
-          "type": {
-            "name": "OCM",
-            "description": "OpenCloud Open Cloud Mesh API"
-          },
-          "name": "OpenCloud - OCM API",
-          "path": "https://host.docker.internal:9200/ocm/",
-          "is_monitored": true
-        },
-        "api_version": "0.0.1",
-        "host": "host.docker.internal:9200"
-      }
-    ]
-  },
-  {
-    "name": "cloud.opencloud.test",
-    "full_name": "cloud.opencloud.test",
-    "organization": "OpenCloud",
-    "domain": "cloud.opencloud.test",
-    "homepage": "https://opencloud.eu",
-    "services": [
-      {
-        "endpoint": {
-          "type": {
-            "name": "OCM",
-            "description": "OpenCloud Open Cloud Mesh API"
-          },
-          "name": "OpenCloud - OCM API",
-          "path": "https://cloud.opencloud.test/ocm/",
-          "is_monitored": true
-        },
-        "api_version": "0.0.1",
-        "host": "cloud.opencloud.test"
-      }
-    ]
-  }
-]

config/opencloud/web.yaml

@@ -1,14 +0,0 @@
-# OpenCloud web configuration
-web:
-  config:
-    apps:
-    - files
-    - search
-    - text-editor
-    - pdf-viewer
-    - external
-    - admin-settings
-    - epub-reader
-    - preview
-    - app-store
-    - ocm

docker-compose.yml

@@ -51,25 +51,13 @@ services:
       OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:-1}"
       OC_PASSWORD_POLICY_MIN_DIGITS: "${OC_PASSWORD_POLICY_MIN_DIGITS:-1}"
       OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:-1}"
-
-      # OCM
-      OC_ENABLE_OCM: "true"
-      OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE: "/etc/opencloud/ocmproviders.json"
-      OCM_OCM_INVITE_MANAGER_INSECURE: "true"
-      OCM_OCM_SHARE_PROVIDER_INSECURE: "true"
-      OCM_OCM_STORAGE_PROVIDER_INSECURE: "true"
-      GRAPH_INCLUDE_OCM_SHAREES: "true"
-
     volumes:
       - ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml
       - ./config/opencloud/banned-password-list.txt:/etc/opencloud/banned-password-list.txt
-      - ./config/opencloud/opencloud.storage.ocmproviders.json:/etc/opencloud/ocmproviders.json
-      - ./config/opencloud/web.yaml:/etc/opencloud/web.yaml
       # configure the .env file to use own paths instead of docker internal volumes
       - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
       - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
       - ${OC_APPS_DIR:-./config/opencloud/apps}:/var/lib/opencloud/web/assets/apps
-
     logging:
       driver: ${LOG_DRIVER:-local}
     restart: always

traefik/collabora.yml

@@ -6,14 +6,14 @@ services:
         aliases:
           - ${COLLABORA_DOMAIN:-collabora.opencloud.test}
           - ${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}
-  collaboration:
+#  collaboration:
-    labels:
+#    labels:
-      - "traefik.enable=true"
+#      - "traefik.enable=true"
-      - "traefik.http.routers.collaboration.entrypoints=https"
+#      - "traefik.http.routers.collaboration.entrypoints=https"
-      - "traefik.http.routers.collaboration.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}`)"
+#      - "traefik.http.routers.collaboration.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}`)"
-      - "traefik.http.routers.collaboration.${TRAEFIK_SERVICES_TLS_CONFIG}"
+#      - "traefik.http.routers.collaboration.${TRAEFIK_SERVICES_TLS_CONFIG}"
-      - "traefik.http.routers.collaboration.service=collaboration"
+#      - "traefik.http.routers.collaboration.service=collaboration"
-      - "traefik.http.services.collaboration.loadbalancer.server.port=9300"
+#      - "traefik.http.services.collaboration.loadbalancer.server.port=9300"
   collabora:
     labels:
       - "traefik.enable=true"

weboffice/collabora.yml

@@ -6,30 +6,14 @@ services:
       # this is needed for setting the correct CSP header
       COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.opencloud.test}
       # expose nats and the reva gateway for the collaboration service
-      NATS_NATS_HOST: 0.0.0.0
+      # NATS_NATS_HOST: 0.0.0.0
-      GATEWAY_GRPC_ADDR: 0.0.0.0:9142
+      # GATEWAY_GRPC_ADDR: 0.0.0.0:9142
       # make collabora the secure view app
-      FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration.CollaboraOnline
+      FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration
       GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6"
-
+      # COLLABORATION_GRPC_ADDR: 0.0.0.0:9301
-  collaboration:
+      # COLLABORATION_HTTP_ADDR: 0.0.0.0:9300
-    image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
+      COLLABORATION_WOPI_SRC: https://${OC_DOMAIN:-cloud.opencloud.test}
-    networks:
-      opencloud-net:
-    depends_on:
-      opencloud:
-        condition: service_started
-      collabora:
-        condition: service_healthy
-    entrypoint:
-      - /bin/sh
-    command: [ "-c", "opencloud collaboration server" ]
-    environment:
-      COLLABORATION_GRPC_ADDR: 0.0.0.0:9301
-      COLLABORATION_HTTP_ADDR: 0.0.0.0:9300
-      MICRO_REGISTRY: "nats-js-kv"
-      MICRO_REGISTRY_ADDRESS: "opencloud:9233"
-      COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}
       COLLABORATION_APP_NAME: "CollaboraOnline"
       COLLABORATION_APP_PRODUCT: "Collabora"
       COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}
@@ -37,13 +21,39 @@ services:
       COLLABORATION_APP_INSECURE: "${INSECURE:-true}"
       COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
       COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info}
-      OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}
+
-    volumes:
+#  collaboration:
-      # configure the .env file to use own paths instead of docker internal volumes
+#    image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
-      - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
+#    networks:
-    logging:
+#      opencloud-net:
-      driver: ${LOG_DRIVER:-local}
+#    depends_on:
-    restart: always
+#      opencloud:
+#        condition: service_started
+#      collabora:
+#        condition: service_healthy
+#    entrypoint:
+#      - /bin/sh
+#    command: [ "-c", "opencloud collaboration server" ]
+#    environment:
+#      COLLABORATION_GRPC_ADDR: 0.0.0.0:9301
+#      COLLABORATION_HTTP_ADDR: 0.0.0.0:9300
+#      MICRO_REGISTRY: "nats-js-kv"
+#      MICRO_REGISTRY_ADDRESS: "opencloud:9233"
+#      COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}
+#      COLLABORATION_APP_NAME: "CollaboraOnline"
+#      COLLABORATION_APP_PRODUCT: "Collabora"
+#      COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}
+#      COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}/favicon.ico
+#      COLLABORATION_APP_INSECURE: "${INSECURE:-true}"
+#      COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
+#      COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info}
+#      OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}
+#    volumes:
+#      # configure the .env file to use own paths instead of docker internal volumes
+#      - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
+#    logging:
+#      driver: ${LOG_DRIVER:-local}
+#    restart: always
 
   collabora:
     image: collabora/code:25.04.4.2.1
@@ -51,7 +61,7 @@ services:
     networks:
       opencloud-net:
     environment:
-      aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}:443
+      aliasgroup1: https://${OC_DOMAIN:-cloud.opencloud.test}:443
       DONT_GEN_SSL_CERT: "YES"
       extra_params: |
         --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \