add link to docs for production deployment

enhancement: improve collabora health check

.env.example

@@ -134,12 +134,6 @@ DECOMPOSEDS3_ACCESS_KEY=
 DECOMPOSEDS3_SECRET_KEY=
 # S3 bucket. Defaults to "opencloud"
 DECOMPOSEDS3_BUCKET=
-#
-# For testing purposes, add local minio S3 storage to the docker-compose file.
-# The leading colon is required to enable the service.
-#DECOMPOSEDS3_MINIO=:minio.yml
-# Minio domain. Defaults to "minio.opencloud.test".
-MINIO_DOMAIN=
 
 
 # Define SMTP settings if you would like to send OpenCloud email notifications.

README.md

@@ -2,6 +2,9 @@
 
 This repository provides Docker Compose configurations for deploying OpenCloud in various environments.
 
+> [!IMPORTANT]
+> Please use the [official docs](https://docs.opencloud.eu/docs/admin/getting-started/container/docker-compose/docker-compose-base) for a **Production Deployment**.
+
 ## Overview
 
 OpenCloud Compose offers a modular approach to deploying OpenCloud with several configuration options:
@@ -60,7 +63,7 @@ OpenCloud Compose offers a modular approach to deploying OpenCloud with several
    docker compose up -d
    ```
 
-5. **Add local domains to `/etc/hosts`**:
+5. **Add local domains to `/etc/hosts`** (for local development only):
    ```
    127.0.0.1 cloud.opencloud.test
    127.0.0.1 traefik.opencloud.test
@@ -72,30 +75,14 @@ OpenCloud Compose offers a modular approach to deploying OpenCloud with several
    - Username: `admin`
    - Password: value of your `INITIAL_ADMIN_PASSWORD`
 
-### Production Deployment
-
-1. **Edit the `.env` file** and configure:
-   - Domain names
-   - Admin password
-   - SSL certificate email
-   - Storage paths
-
-2. **Configure deployment options** in `.env`:
-   ```
-   COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml
-   ```
-
-3. **Start OpenCloud**:
-   ```bash
-   docker compose up -d
-   ```
-
 ## Deployment Options
 
 ### With Keycloak and LDAP using a Shared User Directory
 
 OpenCloud can be deployed with Keycloak for identity management and LDAP for the shared user directory:
 
+> **DNS Requirements**: This setup requires DNS entries for both the main OpenCloud domain and the Keycloak subdomain. Configure DNS A/AAAA records for your domains (e.g., `cloud.example.com`, `keycloak.example.com`) or use a wildcard DNS entry (`*.example.com`).
+
 Using `-f` flags:
 ```bash
 docker compose -f docker-compose.yml -f idm/ldap-keycloak.yml -f traefik/opencloud.yml -f traefik/ldap-keycloak.yml up -d
@@ -106,10 +93,10 @@ Or by setting in `.env`:
 COMPOSE_FILE=docker-compose.yml:idm/ldap-keycloak.yml:traefik/opencloud.yml:traefik/ldap-keycloak.yml
 ```
 
-Add to `/etc/hosts` for local development:
-```
-127.0.0.1 keycloak.opencloud.test
-```
+> **For local development only**: Add to `/etc/hosts`:
+> ```
+> 127.0.0.1 keycloak.opencloud.test
+> ```
 
 This setup includes:
 - Keycloak for authentication and identity management
@@ -120,6 +107,8 @@ This setup includes:
 
 Include Collabora for document editing using either method:
 
+> **DNS Requirements**: This setup requires DNS entries for the main OpenCloud domain, Collabora subdomain, and WOPI server subdomain. Configure DNS A/AAAA records for your domains (e.g., `cloud.example.com`, `collabora.example.com`, `wopiserver.example.com`) or use a wildcard DNS entry (`*.example.com`).
+
 Using `-f` flags:
 ```bash
 docker compose -f docker-compose.yml -f weboffice/collabora.yml -f traefik/opencloud.yml -f traefik/collabora.yml up -d
@@ -130,16 +119,18 @@ Or by setting in `.env`:
 COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml
 ```
 
-Add to `/etc/hosts` for local development:
-```
-127.0.0.1 collabora.opencloud.test
-127.0.0.1 wopiserver.opencloud.test
-```
+> **For local development only**: Add to `/etc/hosts`:
+> ```
+> 127.0.0.1 collabora.opencloud.test
+> 127.0.0.1 wopiserver.opencloud.test
+> ```
 
 ### With Full Text Search
 
 Enable full text search capabilities with Apache Tika using either method:
 
+> **DNS Requirements**: This setup requires DNS entries for the main OpenCloud domain. Configure a DNS A/AAAA record for your domain (e.g., `cloud.example.com`) or use a wildcard DNS entry (`*.example.com`).
+
 Using `-f` flags:
 ```bash
 docker compose -f docker-compose.yml -f search/tika.yml -f traefik/opencloud.yml up -d
@@ -159,6 +150,8 @@ This setup includes:
 
 Enable CalDAV (calendars, to-do lists) and CardDAV (contacts) server.
 
+> **DNS Requirements**: This setup requires DNS entries for the main OpenCloud domain. Configure a DNS A/AAAA record for your domain (e.g., `cloud.example.com`) or use a wildcard DNS entry (`*.example.com`).
+
 Using `-f` flags:
 ```bash
 docker compose -f docker-compose.yml -f radicale/radicale.yml -f traefik/opencloud.yml up -d
@@ -177,6 +170,8 @@ This setup includes:
 
 Enable monitoring capabilities with metrics endpoints using either method:
 
+> **DNS Requirements**: This setup requires DNS entries for the main OpenCloud domain. Configure a DNS A/AAAA record for your domain (e.g., `cloud.example.com`) or use a wildcard DNS entry (`*.example.com`).
+
 Using `-f` flags:
 ```bash
 docker compose -f docker-compose.yml -f monitoring/monitoring.yml -f traefik/opencloud.yml up -d
@@ -206,6 +201,8 @@ Access metrics endpoints:
 
 If you already have a reverse proxy (Nginx, Caddy, etc.), use either method:
 
+> **DNS Requirements**: When using an external proxy, you need to configure your external proxy to handle DNS and SSL termination. Ensure your DNS entries point to your external proxy server, and configure your proxy to forward requests to the exposed OpenCloud ports.
+
 Using `-f` flags:
 ```bash
 docker compose -f docker-compose.yml -f weboffice/collabora.yml -f external-proxy/opencloud.yml -f external-proxy/collabora.yml up -d
@@ -221,7 +218,6 @@ This exposes the necessary ports:
 - Collabora: 9980
 - WOPI server: 9300
 
-
 **Please note:**
 If you're using **Nginx Proxy Manager (NPM)**, you **should NOT** activate **"Block Common Exploits"** for the Proxy Host.
 Otherwise, the desktop app authentication will return **error 403 Forbidden**.

config/opencloud/csp.yaml

@@ -39,6 +39,7 @@ directives:
   script-src:
     - '''self'''
     - '''unsafe-inline'''
+    - 'https://${IDP_DOMAIN|keycloak.opencloud.test}/'
   style-src:
     - '''self'''
     - '''unsafe-inline'''

docker-compose.yml

@@ -32,7 +32,7 @@ services:
       # email server (if configured)
       NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}"
       NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}"
-      NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud notifications <notifications@${OC_DOMAIN:-cloud.opencloud.test}>}"
+      NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud Notifications <notifications@cloud.opencloud.test>}"
       NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}"
       NOTIFICATIONS_SMTP_PASSWORD: "${SMTP_PASSWORD}"
       NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}"

traefik/opencloud.yml

@@ -9,7 +9,7 @@ services:
       - "traefik.http.services.opencloud.loadbalancer.server.port=9200"
       - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}"
   traefik:
-    image: traefik:v3.3.1
+    image: traefik:v3
     # release notes: https://github.com/traefik/traefik/releases
     networks:
       opencloud-net:

weboffice/collabora.yml

@@ -69,4 +69,7 @@ services:
     entrypoint: ['/bin/bash', '-c']
     command: ['coolconfig generate-proof-key && /start-collabora-online.sh']
     healthcheck:
-      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/127.0.0.1/9980 && echo -e 'GET /hosting/discovery HTTP/1.1\r\nHost: localhost:9980\r\n\r\n' >&3 && head -n 1 <&3 | grep '200 OK'"]
+      test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ]
+      interval: 15s
+      timeout: 10s
+      retries: 5