lyra_phasma/opencloud-compose
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud-compose.git synced 2026-06-08 20:20:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: lyra_phasma:fix-cert.yml-example
Branches Tags
lyra_phasma:main lyra_phasma:renovate/main-collabora-code-26.x lyra_phasma:renovate/main-traefik-3.x lyra_phasma:renovate/main-opencloudeu-opencloud-rolling-7.x lyra_phasma:stable-4.0 lyra_phasma:fix-slow-jailkit lyra_phasma:update-traefik-3.6.7 lyra_phasma:web/issues/1893 lyra_phasma:add-default-language-to-docker-compose.yaml lyra_phasma:setWritableShareFalse lyra_phasma:revert-175-fix-collabora-server-audit-slow-kit lyra_phasma:fix-collabora-server-audit-slow-kit lyra_phasma:issue/165 lyra_phasma:fix-cert.yml-example lyra_phasma:fix-tika-image lyra_phasma:bump-maps-1.0.2 lyra_phasma:mount-local-fonts-to-collabora lyra_phasma:fix-secure-view lyra_phasma:add_minio lyra_phasma:web/704 lyra_phasma:refactor-collaboration lyra_phasma:add-update-server-to-csp.yaml lyra_phasma:pin_postgres_version lyra_phasma:move_production_to_docs lyra_phasma:enable-ocm lyra_phasma:setDefaultAdminPass lyra_phasma:keycloak-26 lyra_phasma:bump-collabora-to-25.04.4.2.1 lyra_phasma:disable-dcr lyra_phasma:admin-password lyra_phasma:add-custom-js-to-keycloak-oc-design
..
compare: lyra_phasma:setWritableShareFalse
Branches Tags
lyra_phasma:main lyra_phasma:renovate/main-collabora-code-26.x lyra_phasma:renovate/main-traefik-3.x lyra_phasma:renovate/main-opencloudeu-opencloud-rolling-7.x lyra_phasma:stable-4.0 lyra_phasma:fix-slow-jailkit lyra_phasma:update-traefik-3.6.7 lyra_phasma:web/issues/1893 lyra_phasma:add-default-language-to-docker-compose.yaml lyra_phasma:setWritableShareFalse lyra_phasma:revert-175-fix-collabora-server-audit-slow-kit lyra_phasma:fix-collabora-server-audit-slow-kit lyra_phasma:issue/165 lyra_phasma:fix-cert.yml-example lyra_phasma:fix-tika-image lyra_phasma:bump-maps-1.0.2 lyra_phasma:mount-local-fonts-to-collabora lyra_phasma:fix-secure-view lyra_phasma:add_minio lyra_phasma:web/704 lyra_phasma:refactor-collaboration lyra_phasma:add-update-server-to-csp.yaml lyra_phasma:pin_postgres_version lyra_phasma:move_production_to_docs lyra_phasma:enable-ocm lyra_phasma:setDefaultAdminPass lyra_phasma:keycloak-26 lyra_phasma:bump-collabora-to-25.04.4.2.1 lyra_phasma:disable-dcr lyra_phasma:admin-password lyra_phasma:add-custom-js-to-keycloak-oc-design

34 Commits
fix-cert.y ... setWritabl

Author SHA1 Message Date
Viktor Scharf
5fa7ab2d40 set OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD=false by default 2025-12-17 09:47:31 +01:00
streaminganger
a738092592 fix: traefik rejects supported file characters (#179) 2025-12-16 10:49:45 +01:00
Michael Barz
3bddb65c8b Merge pull request #180 from opencloud-eu/revert-175-fix-collabora-server-audit-slow-kit 
Revert "fix: slow kit jail error server audit in collabora"
 2025-12-12 17:25:37 +01:00
Michael Barz
6ecf59f078 Revert "fix: slow kit jail error server audit in collabora" 2025-12-12 15:42:09 +01:00
Michael Barz
adf5c3a388 Merge pull request #175 from opencloud-eu/fix-collabora-server-audit-slow-kit 
fix: slow kit jail error server audit in collabora
 2025-12-12 09:08:26 +01:00
Ralf Haferkamp
a2411f8cec Merge pull request #170 from opencloud-eu/issue/165 
Fix bash default substitution
 2025-12-10 17:29:00 +01:00
Alexander Ackermann
e897106b58 remove privileged 2025-12-09 18:58:56 +01:00
Alexander Ackermann
7386b21d7c make work on debian based systems 2025-12-09 18:49:31 +01:00
Alexander Ackermann
f3ea0ee978 fix: slow kit jail error server audit in collabora 2025-12-09 15:34:46 +01:00
Alex
2f1f0d3149 fix: WOPI/Collabora incompatibility with traefik v3.6.4 (#174) 2025-12-09 12:47:40 +01:00
Ralf Haferkamp
537de1a843 Fix bash default substitution 
Closes: #165
 2025-12-02 11:04:15 +01:00
Michael Barz
497f09669c Merge pull request #166 from Diekos/smtp_insecure-default-to-false 
Added SMTP_INSECURE defaults to false
 2025-11-27 23:23:46 +01:00
Michael Barz
a650026624 Merge pull request #155 from chillymattster/oc_port_configurable 
feat: port configuration
 2025-11-27 15:26:29 +01:00
Diekos
171235f0b8 Added SMTP_INSECURE defaults to false 
The SMTP_INSECURE did not yet have a default to false.
 2025-11-27 11:32:23 +01:00
chillymattster
50254df2ab align variable names in docker compose yml and environment 2025-11-26 19:11:37 +01:00
chillymattster
95c03733d7 Merge branch 'main' into oc_port_configurable 2025-11-26 19:06:49 +01:00
Michael Barz
79782cdd5f Merge pull request #157 from chillymattster/configure_uid_gid 
feat: improve security - configure container uid and gid
 2025-11-25 10:28:03 +01:00
Michael Barz
afe6399374 Merge pull request #163 from kellergoech/kellergoech-add-exposed-ports 
Added the exposed ports yml files for external proxies
 2025-11-24 09:42:22 +01:00
kellergoech
8d8b8dfc73 Update collabora-exposed.yml 2025-11-22 07:14:32 +01:00
kellergoech
eca5b1117e Update keycloak-exposed.yml 2025-11-22 07:14:10 +01:00
kellergoech
cfd356a155 Update description opencloud-exposed.yml 2025-11-22 07:13:49 +01:00
kellergoech
4e4fe65a97 Update description keycloak-exposed.yml 2025-11-22 07:13:15 +01:00
kellergoech
dede740c0e Update description collabora-exposed.yml 2025-11-22 07:12:47 +01:00
kellergoech
0d389800b5 Create opencloud-exposed.yml for service exposure 
Add configuration to expose OpenCloud service on port 9200
 2025-11-21 17:29:55 +01:00
kellergoech
df7dfc0a02 Create keycloak-exposed.yml for service ports 
Add Keycloak service configuration with exposed ports
 2025-11-21 17:29:01 +01:00
kellergoech
0e35e4d6b9 add collabora exposed 2025-11-21 17:27:18 +01:00
Viktor Scharf
c1a9d82702 Merge pull request #159 from opencloud-eu/fix-cert.yml-example 
fix cert.yml-example
 2025-11-21 11:28:03 +01:00
Michael Barz
7b2bd36f30 Merge pull request #162 from opencloud-eu/support-check-for-updates 
feat: enable check for updates flag
 2025-11-20 13:51:53 +01:00
Alexander Ackermann
13e076b305 feat: enable check for updates flag 2025-11-20 13:45:08 +01:00
Michael Barz
cfe3f0f612 Merge pull request #161 from opencloud-eu/fix-external-proxy 
fix: bind ports on localhost for external proxy
 2025-11-20 11:05:45 +01:00
Michael Barz
6a5950da36 fix: bind ports on localhost for external proxy 2025-11-20 10:35:37 +01:00
chillymattster
900a05c2c0 avoid enforcing visible default port at the end of urls 2025-11-14 15:38:21 +01:00
chillymattster
ba14b78f58 feat: port configuration 2025-11-14 10:26:09 +01:00
chillymattster
4d2ad78f6d feat: configure container uid and gid 2025-11-13 21:26:55 +01:00
13 changed files with 92 additions and 31 deletions
Expand all files Collapse all files

19
.env.example
View File

@@ -69,7 +69,14 @@ TRAEFIK_ACCESS_LOG=
# Configure the log level for Traefik. # Configure the log level for Traefik.
# Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "PANIC". Default is "ERROR". # Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "PANIC". Default is "ERROR".
TRAEFIK_LOG_LEVEL= TRAEFIK_LOG_LEVEL=
# The default for traefik is to run in privileged mode.
# If you want to run traefik non-privileged, use the following variable and the format [UID]:[GID] to set user and group of your choice.
# Ensure that the user has access to docker.sock and traefik volumes defined in traefik/opencloud.yml
#TRAEFIK_CONTAINER_UID_GID="1000:1000"
# Configure ports for HTTP and HTTPS when necessary, defaults are 80 and 443
# Don't use ports in the range of 8000-9999 and 5232 as those ports are used internally and therefore might create conflicts.
#TRAEFIK_PORT_HTTP=4080
#TRAEFIK_PORT_HTTPS=4443
## OpenCloud Settings ## ## OpenCloud Settings ##
# The opencloud container image. # The opencloud container image.
@@ -80,6 +87,11 @@ OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling
# The openCloud container version. # The openCloud container version.
# Defaults to "latest" and points to the latest stable tag. # Defaults to "latest" and points to the latest stable tag.
OC_DOCKER_TAG= OC_DOCKER_TAG=
# The default id used in opencloud containers is 1000 for user and group.
# If you want to change the default, use the following variable and the format [UID]:[GID].
# The change affects all containers with access to data volumes.
# Ensure that the user has access to all volumes defined in docker-compose.yml
#OC_CONTAINER_UID_GID="1000:1000"
# Domain of openCloud, where you can find the frontend. # Domain of openCloud, where you can find the frontend.
# Defaults to "cloud.opencloud.test" # Defaults to "cloud.opencloud.test"
OC_DOMAIN= OC_DOMAIN=
@@ -96,6 +108,9 @@ DEMO_USERS=
# After the first initialization, the admin password can only be changed via the OpenCloud User Settings UI or by using the OpenCloud CLI. # After the first initialization, the admin password can only be changed via the OpenCloud User Settings UI or by using the OpenCloud CLI.
# Documentation: https://docs.opencloud.eu/docs/admin/resources/common-issues#-change-admin-password-set-in-env # Documentation: https://docs.opencloud.eu/docs/admin/resources/common-issues#-change-admin-password-set-in-env
INITIAL_ADMIN_PASSWORD= INITIAL_ADMIN_PASSWORD=
# Whether clients should check for updates.
# Defaults to "true".
CHECK_FOR_UPDATES=
# Define the openCloud loglevel used. # Define the openCloud loglevel used.
# #
LOG_LEVEL= LOG_LEVEL=
@@ -212,7 +227,7 @@ COLLABORA_SSL_ENABLE=false
# Please comment out the following line: # Please comment out the following line:
COLLABORA_SSL_VERIFICATION=false COLLABORA_SSL_VERIFICATION=false
# Enable home mode in Collabore Online. # Enable home mode in Collabore Online.
# Home users can enable this setting, which in turn disables welcome screen and user feedback popups, # Home users can enable this setting, which in turn disables welcome screen and user feedback popups,
# but also limits concurrent open connections to 20 and concurrent open documents to 10. # but also limits concurrent open connections to 20 and concurrent open documents to 10.
# Default is false if not specified. # Default is false if not specified.
COLLABORA_HOME_MODE= COLLABORA_HOME_MODE=

12
config/opencloud/csp.yaml
View File

@@ -4,10 +4,10 @@ directives:
connect-src: connect-src:
- '''self''' - '''self'''
- 'blob:' - 'blob:'
- 'https://${COMPANION_DOMAIN|companion.opencloud.test}/' - 'https://${COMPANION_DOMAIN|companion.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
- 'wss://${COMPANION_DOMAIN|companion.opencloud.test}/' - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
- 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/' - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
- 'https://${IDP_DOMAIN|keycloak.opencloud.test}/' - 'https://${IDP_DOMAIN|keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
- 'https://update.opencloud.eu/' - 'https://update.opencloud.eu/'
default-src: default-src:
- '''none''' - '''none'''
@@ -20,7 +20,7 @@ directives:
- 'blob:' - 'blob:'
- 'https://embed.diagrams.net/' - 'https://embed.diagrams.net/'
# In contrary to bash and docker the default is given after the | character # In contrary to bash and docker the default is given after the | character
- 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/' - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
# This is needed for the external-sites web extension when embedding sites # This is needed for the external-sites web extension when embedding sites
- 'https://docs.opencloud.eu' - 'https://docs.opencloud.eu'
img-src: img-src:
@@ -30,7 +30,7 @@ directives:
- 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/' - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
- 'https://tile.openstreetmap.org/' - 'https://tile.openstreetmap.org/'
# In contrary to bash and docker the default is given after the | character # In contrary to bash and docker the default is given after the | character
- 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/' - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
manifest-src: manifest-src:
- '''self''' - '''self'''
media-src: media-src:
@@ -41,7 +41,7 @@ directives:
script-src: script-src:
- '''self''' - '''self'''
- '''unsafe-inline''' - '''unsafe-inline'''
- 'https://${IDP_DOMAIN|keycloak.opencloud.test}/' - 'https://${IDP_DOMAIN|keycloak.opencloud.test}${TRAEFIK_PORT_HTTPS}/'
style-src: style-src:
- '''self''' - '''self'''
- '''unsafe-inline''' - '''unsafe-inline'''

12
config/traefik/docker-entrypoint-override.sh
View File

@@ -14,15 +14,23 @@ add_arg "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# enable dashboard # enable dashboard
add_arg "--api.dashboard=true" add_arg "--api.dashboard=true"
# define entrypoints # define entrypoints
add_arg "--entryPoints.http.address=:80" add_arg "--entryPoints.http.address=:${TRAEFIK_PORT_HTTP:-80}"
add_arg "--entryPoints.http.http.redirections.entryPoint.to=https" add_arg "--entryPoints.http.http.redirections.entryPoint.to=https"
add_arg "--entryPoints.http.http.redirections.entryPoint.scheme=https" add_arg "--entryPoints.http.http.redirections.entryPoint.scheme=https"
add_arg "--entryPoints.https.address=:443" add_arg "--entryPoints.https.address=:${TRAEFIK_PORT_HTTPS:-443}"
# change default timeouts for long-running requests # change default timeouts for long-running requests
# this is needed for webdav clients that do not support the TUS protocol # this is needed for webdav clients that do not support the TUS protocol
add_arg "--entryPoints.https.transport.respondingTimeouts.readTimeout=12h" add_arg "--entryPoints.https.transport.respondingTimeouts.readTimeout=12h"
add_arg "--entryPoints.https.transport.respondingTimeouts.writeTimeout=12h" add_arg "--entryPoints.https.transport.respondingTimeouts.writeTimeout=12h"
add_arg "--entryPoints.https.transport.respondingTimeouts.idleTimeout=3m" add_arg "--entryPoints.https.transport.respondingTimeouts.idleTimeout=3m"
# allow encoded characters
# required for WOPI/Collabora
add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedSlash=true"
add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedQuestionMark=true"
add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedPercent=true"
# required for file operations with supported encoded characters
add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedSemicolon=true"
add_arg "--entryPoints.https.http.encodedCharacters.allowEncodedHash=true"
# docker provider (get configuration from container labels) # docker provider (get configuration from container labels)
add_arg "--providers.docker.endpoint=unix:///var/run/docker.sock" add_arg "--providers.docker.endpoint=unix:///var/run/docker.sock"
add_arg "--providers.docker.exposedByDefault=false" add_arg "--providers.docker.exposedByDefault=false"

8
docker-compose.yml
View File

@@ -4,6 +4,7 @@ services:
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
# changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog
# release notes: https://docs.opencloud.eu/opencloud_release_notes.html # release notes: https://docs.opencloud.eu/opencloud_release_notes.html
user: ${OC_CONTAINER_UID_GID:-1000:1000}
networks: networks:
opencloud-net: opencloud-net:
entrypoint: entrypoint:
@@ -15,7 +16,7 @@ services:
environment: environment:
# enable services that are not started automatically # enable services that are not started automatically
OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES} OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES}
OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test} OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
OC_LOG_LEVEL: ${LOG_LEVEL:-info} OC_LOG_LEVEL: ${LOG_LEVEL:-info}
OC_LOG_COLOR: "${LOG_PRETTY:-false}" OC_LOG_COLOR: "${LOG_PRETTY:-false}"
OC_LOG_PRETTY: "${LOG_PRETTY:-false}" OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
@@ -35,16 +36,17 @@ services:
NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud Notifications <notifications@cloud.opencloud.test>}" NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud Notifications <notifications@cloud.opencloud.test>}"
NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}" NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}"
NOTIFICATIONS_SMTP_PASSWORD: "${SMTP_PASSWORD}" NOTIFICATIONS_SMTP_PASSWORD: "${SMTP_PASSWORD}"
NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}" NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE:-false}"
NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}" NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}"
NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}" NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}"
FRONTEND_ARCHIVER_MAX_SIZE: "10000000000" FRONTEND_ARCHIVER_MAX_SIZE: "10000000000"
FRONTEND_CHECK_FOR_UPDATES: "${CHECK_FOR_UPDATES:-true}"
PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml
# enable to allow using the banned passwords list # enable to allow using the banned passwords list
OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
# control the password enforcement and policy for public shares # control the password enforcement and policy for public shares
OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:-true}" OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:-true}"
OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:-true}" OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:-false}"
OC_PASSWORD_POLICY_DISABLED: "${OC_PASSWORD_POLICY_DISABLED:-false}" OC_PASSWORD_POLICY_DISABLED: "${OC_PASSWORD_POLICY_DISABLED:-false}"
OC_PASSWORD_POLICY_MIN_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_CHARACTERS:-8}" OC_PASSWORD_POLICY_MIN_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_CHARACTERS:-8}"
OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:-1}" OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:-1}"

11
external-proxy/collabora-exposed.yml Normal file
View File

@@ -0,0 +1,11 @@
---
# only expose the ports when you know what you are doing!
services:
collaboration:
ports:
# expose the wopi server on all interfaces
- "0.0.0.0:9300:9300"
collabora:
ports:
# expose the collabora server on all interfaces
- "0.0.0.0:9980:9980"

8
external-proxy/collabora.yml
View File

@@ -2,9 +2,9 @@
services: services:
collaboration: collaboration:
ports: ports:
# expose the wopi server # expose the wopi server on localhost
- "9300:9300" - "127.0.0.1:9300:9300"
collabora: collabora:
ports: ports:
# expose the collabora server # expose the collabora server on localhost
- "9980:9980" - "127.0.0.1:9980:9980"

8
external-proxy/keycloak-exposed.yml Normal file
View File

@@ -0,0 +1,8 @@
---
# only expose the ports when you know what you re doing!
services:
keycloak:
ports:
# expose the keycloak server on all interfaces
- "0.0.0.0:9000:9000"
- "0.0.0.0:8080:8080"

5
external-proxy/keycloak.yml
View File

@@ -2,5 +2,6 @@
services: services:
keycloak: keycloak:
ports: ports:
- "9000:9000" # expose the keycloak server on localhost
- "8080:8080" - "127.0.0.1:9000:9000"
- "127.0.0.1:8080:8080"

10
external-proxy/opencloud-exposed.yml Normal file
View File

@@ -0,0 +1,10 @@
---
# only expose the ports when you know what you are doing!
services:
opencloud:
environment:
# bind to all interfaces
PROXY_HTTP_ADDR: "0.0.0.0:9200"
ports:
# expose the opencloud server on all interfaces
- "0.0.0.0:9200:9200"

4
external-proxy/opencloud.yml
View File

@@ -5,5 +5,5 @@ services:
# bind to all interfaces # bind to all interfaces
PROXY_HTTP_ADDR: "0.0.0.0:9200" PROXY_HTTP_ADDR: "0.0.0.0:9200"
ports: ports:
# expose the opencloud server # expose the opencloud server on localhost
- "9200:9200" - "127.0.0.1:9200:9200"

1
radicale/radicale.yml
View File

@@ -6,6 +6,7 @@ services:
- ./config/opencloud/proxy.yaml:/etc/opencloud/proxy.yaml - ./config/opencloud/proxy.yaml:/etc/opencloud/proxy.yaml
radicale: radicale:
image: ${RADICALE_DOCKER_IMAGE:-opencloudeu/radicale}:${RADICALE_DOCKER_TAG:-latest} image: ${RADICALE_DOCKER_IMAGE:-opencloudeu/radicale}:${RADICALE_DOCKER_TAG:-latest}
user: ${OC_CONTAINER_UID_GID:-1000:1000}
networks: networks:
opencloud-net: opencloud-net:
logging: logging:

9
traefik/opencloud.yml
View File

@@ -9,8 +9,9 @@ services:
- "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "traefik.http.services.opencloud.loadbalancer.server.port=9200"
- "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}" - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}"
traefik: traefik:
image: traefik:v3 image: traefik:v3.6.4
# release notes: https://github.com/traefik/traefik/releases # release notes: https://github.com/traefik/traefik/releases
user: ${TRAEFIK_CONTAINER_UID_GID:-0:0}
networks: networks:
opencloud-net: opencloud-net:
aliases: aliases:
@@ -22,9 +23,11 @@ services:
- "TRAEFIK_ACME_CASERVER=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}" - "TRAEFIK_ACME_CASERVER=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}"
- "TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-ERROR}" - "TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-ERROR}"
- "TRAEFIK_ACCESS_LOG=${TRAEFIK_ACCESS_LOG:-false}" - "TRAEFIK_ACCESS_LOG=${TRAEFIK_ACCESS_LOG:-false}"
- "TRAEFIK_PORT_HTTP=${TRAEFIK_PORT_HTTP:-80}"
- "TRAEFIK_PORT_HTTPS=${TRAEFIK_PORT_HTTPS:-443}"
ports: ports:
- "80:80" - "${TRAEFIK_PORT_HTTP:-80}:${TRAEFIK_PORT_HTTP:-80}"
- "443:443" - "${TRAEFIK_PORT_HTTPS:-443}:${TRAEFIK_PORT_HTTPS:-443}"
volumes: volumes:
- "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro" - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro"
- "./config/traefik/docker-entrypoint-override.sh:/opt/traefik/bin/docker-entrypoint-override.sh" - "./config/traefik/docker-entrypoint-override.sh:/opt/traefik/bin/docker-entrypoint-override.sh"

16
weboffice/collabora.yml
View File

@@ -5,6 +5,7 @@ services:
environment: environment:
# this is needed for setting the correct CSP header # this is needed for setting the correct CSP header
COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.opencloud.test} COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.opencloud.test}
TRAEFIK_PORT_HTTPS: ${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
# expose nats and the reva gateway for the collaboration service # expose nats and the reva gateway for the collaboration service
NATS_NATS_HOST: 0.0.0.0 NATS_NATS_HOST: 0.0.0.0
GATEWAY_GRPC_ADDR: 0.0.0.0:9142 GATEWAY_GRPC_ADDR: 0.0.0.0:9142
@@ -14,6 +15,7 @@ services:
collaboration: collaboration:
image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
user: ${OC_CONTAINER_UID_GID:-1000:1000}
networks: networks:
opencloud-net: opencloud-net:
depends_on: depends_on:
@@ -29,15 +31,15 @@ services:
COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 COLLABORATION_HTTP_ADDR: 0.0.0.0:9300
MICRO_REGISTRY: "nats-js-kv" MICRO_REGISTRY: "nats-js-kv"
MICRO_REGISTRY_ADDRESS: "opencloud:9233" MICRO_REGISTRY_ADDRESS: "opencloud:9233"
COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test} COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
COLLABORATION_APP_NAME: "CollaboraOnline" COLLABORATION_APP_NAME: "CollaboraOnline"
COLLABORATION_APP_PRODUCT: "Collabora" COLLABORATION_APP_PRODUCT: "Collabora"
COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test} COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}/favicon.ico COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}/favicon.ico
COLLABORATION_APP_INSECURE: "${INSECURE:-true}" COLLABORATION_APP_INSECURE: "${INSECURE:-true}"
COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}"
COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info}
OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test} OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
volumes: volumes:
# configure the .env file to use own paths instead of docker internal volumes # configure the .env file to use own paths instead of docker internal volumes
- ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
@@ -51,15 +53,15 @@ services:
networks: networks:
opencloud-net: opencloud-net:
environment: environment:
aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}:443 aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
DONT_GEN_SSL_CERT: "YES" DONT_GEN_SSL_CERT: "YES"
extra_params: | extra_params: |
--o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \ --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \
--o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \ --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \
--o:ssl.termination=true \ --o:ssl.termination=true \
--o:welcome.enable=false \ --o:welcome.enable=false \
--o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test} \ --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} \
--o:net.lok_allow.host[14]=${OC_DOMAIN-cloud.opencloud.test} \ --o:net.lok_allow.host[14]=${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} \
--o:home_mode.enable=${COLLABORA_HOME_MODE:-false} --o:home_mode.enable=${COLLABORA_HOME_MODE:-false}
username: ${COLLABORA_ADMIN_USER:-admin} username: ${COLLABORA_ADMIN_USER:-admin}
password: ${COLLABORA_ADMIN_PASSWORD:-admin} password: ${COLLABORA_ADMIN_PASSWORD:-admin}