## Basic Settings ## # Define the docker compose log driver used. # Defaults to local LOG_DRIVER= # If you're on an internet facing server, comment out following line. # It skips certificate validation for various parts of OpenCloud and is # needed when self signed certificates are used. INSECURE=true ## Features ## # The following variable is a convenience variable to enable or disable features of this compose project. # Example: if you want to use traefik and letsencrypt, you can set the variable to # COMPOSE_FILE=docker-compose.yml:docker-compose.traefik.yml # This enables you to just run `docker compose up -d` and the compose files will be added to the stack. # As alternative approach you can run `docker compose -f docker-compose.yml -f docker-compose.traefik.yml up -d` # Default: OpenCloud and Collabora with traefik and letsencypt # This needs DNS entries for the domain names used in the .env file. #COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml # If you want to use the external proxy, you can use the following combination. # DNS entries and certificates need to be managed by the external environment. # The domain names need to be entered into the .env file. #COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:external-proxy/opencloud.yml:external-proxy/collabora.yml # Keycloak Shared User Directory #COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml:idm/ldap-keycloak.yml:traefik/ldap-keycloak.yml ## Traefik Settings ## # Note: Traefik is always enabled and can't be disabled. # Serve Traefik dashboard. # Defaults to "false". TRAEFIK_DASHBOARD= # Domain of Traefik, where you can find the dashboard. # Defaults to "traefik.opencloud.test" TRAEFIK_DOMAIN= # Basic authentication for the traefik dashboard. # Defaults to user "admin" and password "admin" (written as: "admin:$2y$05$KDHu3xq92SPaO3G8Ybkc7edd51pPLJcG1nWk3lmlrIdANQ/B6r5pq"). # To create user:password pair, it's possible to use this command: # echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g TRAEFIK_BASIC_AUTH_USERS= # Email address for obtaining LetsEncrypt certificates. # Needs only be changed if this is a public facing server. TRAEFIK_ACME_MAIL= # Set to the following for testing to check the certificate process: # "https://acme-staging-v02.api.letsencrypt.org/directory" # With staging configured, there will be an SSL error in the browser. # When certificates are displayed and are emitted by # "Fake LE Intermediate X1", # the process went well and the envvar can be reset to empty to get valid certificates. TRAEFIK_ACME_CASERVER= ## OpenCloud Settings ## # The opencloud container image. # For production releases: "opencloudeu/opencloud" # For rolling releases: "opencloudeu/opencloud-rolling" # Defaults to production if not set otherwise OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling # The openCloud container version. # Defaults to "latest" and points to the latest stable tag. OC_DOCKER_TAG= # Domain of openCloud, where you can find the frontend. # Defaults to "cloud.opencloud.test" OC_DOMAIN= # openCloud admin user password. Defaults to "admin". ADMIN_PASSWORD= # Demo users should not be created on a production instance, # because their passwords are public. Defaults to "false". # If demo users is set to "true", the following user accounts are created automatically: # alan, mary, margaret, dennis and lynn - the password is 'demo' for all. DEMO_USERS= # Define the openCloud loglevel used. # LOG_LEVEL= # Define the kind of logging. # The default log can be read by machines. # Set this to true to make the log human readable. # LOG_PRETTY=true # # Define the openCloud storage location. Set the paths for config and data to a local path. # Ensure that the configuration and data directories are owned by the user and group with ID 1000:1000. # This matches the default user inside the container and avoids permission issues when accessing files. # Note that especially the data directory can grow big. # Leaving it default stores data in docker internal volumes. # OC_CONFIG_DIR=/your/local/opencloud/config # OC_DATA_DIR=/your/local/opencloud/data # S3 Storage configuration - optional # OpenCloud supports S3 storage as primary storage. # Per default, S3 storage is disabled and the decomposed storage driver is used. # To enable S3 storage, add `storage/decomposeds3.yml` to the COMPOSE_FILE variable or to # your startup command (`docker compose -f docker-compose.yml -f storage/decomposeds3.yml up`). # # Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes. DECOMPOSEDS3_ENDPOINT= # S3 region. Defaults to "default". DECOMPOSEDS3_REGION= # S3 access key. Defaults to "opencloud" DECOMPOSEDS3_ACCESS_KEY= # S3 secret. Defaults to "opencloud-secret-key" DECOMPOSEDS3_SECRET_KEY= # S3 bucket. Defaults to "opencloud" DECOMPOSEDS3_BUCKET= # # For testing purposes, add local minio S3 storage to the docker-compose file. # The leading colon is required to enable the service. #DECOMPOSEDS3_MINIO=:minio.yml # Minio domain. Defaults to "minio.opencloud.test". MINIO_DOMAIN= # Define SMTP settings if you would like to send OpenCloud email notifications. # # NOTE: when configuring Inbucket, these settings have no effect, see inbucket.yml for details. # SMTP host to connect to. SMTP_HOST= # Port of the SMTP host to connect to. SMTP_PORT= # An eMail address that is used for sending OpenCloud notification eMails # like "opencloud notifications ". SMTP_SENDER= # Username for the SMTP host to connect to. SMTP_USERNAME= # Password for the SMTP host to connect to. SMTP_PASSWORD= # Authentication method for the SMTP communication. SMTP_AUTHENTICATION= # Encryption method for the SMTP communication. Possible values are 'starttls', 'ssltls' and 'none' SMTP_TRANSPORT_ENCRYPTION= # Allow insecure connections to the SMTP server. Defaults to false. SMTP_INSECURE= # Addititional services to be started on opencloud startup # The following list of services is not startet automatically and must be # manually defined for startup: # IMPORTANT: The notification service is MANDATORY, do not delete! # IMPORTANT: Add any services to the startup list comma separated like "notifications,antivirus" etc. START_ADDITIONAL_SERVICES="notifications" ## Default Enabled Services ## ### Apache Tika Content Analysis Toolkit ### # Tika (search) is disabled by default due to performance reasons. # Set the desired docker image tag or digest. # Defaults to "latest" TIKA_IMAGE= ### IMPORTANT Note for Online Office Apps ### # To avoid app interlocking issues, you should select only one app to be active/configured. # This is due the fact that there is currently no app interlocking for the same file and one # has to wait for a lock release to open the file with another app. ### Collabora Settings ### # Domain of Collabora, where you can find the frontend. # Defaults to "collabora.opencloud.test" COLLABORA_DOMAIN= # Domain of the wopiserver which handles Collabora. # Defaults to "wopiserver.opencloud.test" WOPISERVER_DOMAIN= # Admin user for Collabora. # Defaults to "admin". # Collabora Admin Panel URL: # https://{COLLABORA_DOMAIN}/browser/dist/admin/admin.html COLLABORA_ADMIN_USER= # Admin password for Collabora. # Defaults to "admin". COLLABORA_ADMIN_PASSWORD= # Set to true to enable SSL handling in Collabora Online, this is only required if you are not using a reverse proxy. # Default is true if not specified. COLLABORA_SSL_ENABLE=false # If you're on an internet-facing server, enable SSL verification for Collabora Online. # Please comment out the following line: COLLABORA_SSL_VERIFICATION=false ### Virusscanner Settings ### # IMPORTANT: If you enable antivirus, you also MUST configure the START_ADDITIONAL_SERVICES # envvar in the OpenCloud Settings above by adding 'antivirus' to the list. # The maximum scan size the virus scanner can handle, needs adjustment in the scanner config as well. # Usable common abbreviations: [KB, KiB, MB, MiB, GB, GiB, TB, TiB, PB, PiB, EB, EiB], example: 2GB. # Defaults to "100MB" #ANTIVIRUS_MAX_SCAN_SIZE= # Usable modes: partial, skip. # Defaults to "partial" #ANTIVIRUS_MAX_SCAN_SIZE_MODE= # Image version of the ClamAV container. # Defaults to "latest"y CLAMAV_DOCKER_TAG= ### Inbucket Settings ### # Inbucket is a mail catcher tool for testing purposes. # DO NOT use in Production. # email server (in this case inbucket acts as mail catcher). # Domain for Inbucket. Defaults to "mail.opencloud.test". INBUCKET_DOMAIN= ### Compose Configuration ### # Path separator for supplemental compose files specified in COMPOSE_FILE. COMPOSE_PATH_SEPARATOR=: ### Ldap Settings ### # LDAP is always needed for OpenCloud to store user data as there is no relational database. # The built-in LDAP server should used for testing purposes or small installations only. # For production installations, it is recommended to use an external LDAP server. # We are using OpenLDAP as the default LDAP server because it is proven to be stable and reliable. # This LDAP configuration is known to work with OpenCloud and provides a blueprint for # configuring an external LDAP server based on other products like Microsoft Active Directory or other LDAP servers. # # Password of LDAP bind user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin" LDAP_BIND_PASSWORD= # The LDAP server also creates an openCloud admin user dn: uid=admin,ou=users,dc=opencloud,dc=eu # The initial password for this user is "admin" # NOTE: This password can only be set once, if you want to change it later, you have to use the OpenCloud User Settings UI. # If you changed the password and lost it, you need to execute the following LDAP query to reset it: # enter the ldap-server container with `docker compose exec ldap-server sh` # and run the following command to change the password: # ldappasswd -H ldap://127.0.0.1:1389 -D "cn=admin,dc=opencloud,dc=eu" -W "uid=admin,ou=users,dc=opencloud,dc=eu" # You will be prompted for the LDAP bind password. # The output should provide you a new password for the admin user. ### Keycloak Settings ### # Keycloak is an open-source identity and access management solution. # We are using Keycloak as the default identity provider on production installations. # It can be used to federate authentication with other identity providers like # Microsoft Entra ID, ADFS or other SAML/OIDC providers. # The use of Keycloak as bridge between OpenCloud and other identity providers creates more control over the # authentication process, the allowed clients and the session management. # Keycloak also manages the Role Based Access Control (RBAC) for OpenCloud. # Keycloak can be used in two different modes: # 1. Autoprovisioning: New are automatically created in openCloud when they log in for the first time. # 2. Shared User Directory: Users are created in Keycloak and can be used in OpenCloud immediately # because the LDAP server is connected to both Keycloak and OpenCloud. # Domain for Keycloak. Defaults to "keycloak.opencloud.test". KEYCLOAK_DOMAIN= # Admin user login name. Defaults to "kcadmin" KEYCLOAK_ADMIN= # Admin user login password. Defaults to "admin" KEYCLOAK_ADMIN_PASSWORD= # Keycloak Database username. Defaults to "keycloak" KC_DB_USERNAME= # Keycloak Database password. Defaults to "keycloak" KC_DB_PASSWORD=