lyra_phasma/opencloud-compose
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud-compose.git synced 2026-06-08 12:10:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
557b1c33ea98f19ab40cdb18513b666cbf6bb292
opencloud-compose/README.md
Anja Barz 557b1c33ea Update README.md 
adjust the instructions about the quick start guide and admin password
2025-06-26 11:59:58 +02:00

364 lines
12 KiB
Markdown
Raw Blame History

# OpenCloud Compose
This repository provides Docker Compose configurations for deploying OpenCloud in various environments.
## Overview
OpenCloud Compose offers a modular approach to deploying OpenCloud with several configuration options:
- **Standard deployment** with Traefik reverse proxy and Let's Encrypt certificates
- **External proxy** support for environments with existing reverse proxies (like Nginx, Caddy, etc.)
- **Collabora Online** integration for document editing
- **Keycloak and LDAP** integration for centralized identity management
- **Full text search** with Apache Tika for content extraction and metadata analysis
- **Monitoring** with metrics endpoints for observability and performance monitoring
## Quick Start Guide
### Prerequisites
- Docker and Docker Compose v2 installed.
- Domain names pointing to your server (for production deployment)
- Basic understanding of Docker Compose concepts
> [!IMPORTANT]
> Please use the docker installation guide from the [Official Documentation](https://docs.docker.com/engine/install/) to ensure using docker compose v2. Official linux distro package repositories might still contain docker compose v1, e.g. Debian 12 "Bookworm". Using docker compose v1 will lead to a broken docker deployment.
### Local Development
1. **Clone the repository**:
```bash
git clone https://github.com/opencloud-eu/opencloud-compose.git
cd opencloud-compose
```
2. **Create environment file**:
```bash
cp .env.example .env
```
> **Note**: The repository includes `.env.example` as a template with default settings and documentation. Your actual `.env` file is excluded from version control (via `.gitignore`) to prevent accidentally committing sensitive information like passwords and domain-specific settings.
3. **Configure deployment options**:
You can deploy using explicit `-f` flags:
```bash
docker compose -f docker-compose.yml -f traefik/opencloud.yml up -d
```
Or by adding the `COMPOSE_FILE` variable in `.env`:
```
COMPOSE_FILE=docker-compose.yml:traefik/opencloud.yml
```
Then simply run:
```bash
docker compose up -d
```
4. **Add local domains to `/etc/hosts`**:
```
127.0.0.1 cloud.opencloud.test
127.0.0.1 traefik.opencloud.test
127.0.0.1 keycloak.opencloud.test
```
5. **Access OpenCloud**:
- URL: https://cloud.opencloud.test
- Username: `admin`
- Password: is randomly generated on the first start of OpenCloud.
It will be printed to the console. You can access it by running the following command:
`docker compose logs opencloud | grep -B 1 -A 4 "generated OpenCloud Config"`
### Production Deployment
1. **Edit the `.env` file** and configure:
- Domain names
- Admin password
- SSL certificate email
- Storage paths
2. **Configure deployment options** in `.env`:
```
COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml
```
3. **Start OpenCloud**:
```bash
docker compose up -d
```
## Deployment Options
### With Keycloak and LDAP using a Shared User Directory
OpenCloud can be deployed with Keycloak for identity management and LDAP for the shared user directory:
Using `-f` flags:
```bash
docker compose -f docker-compose.yml -f idm/ldap-keycloak.yml -f traefik/opencloud.yml -f traefik/ldap-keycloak.yml up -d
```
Or by setting in `.env`:
```
COMPOSE_FILE=docker-compose.yml:idm/ldap-keycloak.yml:traefik/opencloud.yml:traefik/ldap-keycloak.yml
```
Add to `/etc/hosts` for local development:
```
127.0.0.1 keycloak.opencloud.test
```
This setup includes:
- Keycloak for authentication and identity management
- Shared LDAP server as a user directory with demo users and groups
- Integration with Keycloak using OpenCloud clients (`web`, `OpenCloudDesktop`, `OpenCloudAndroid`, `OpenCloudIOS`)
### With Collabora Online
Include Collabora for document editing using either method:
Using `-f` flags:
```bash
docker compose -f docker-compose.yml -f weboffice/collabora.yml -f traefik/opencloud.yml -f traefik/collabora.yml up -d
```
Or by setting in `.env`:
```
COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml
```
Add to `/etc/hosts` for local development:
```
127.0.0.1 collabora.opencloud.test
127.0.0.1 wopiserver.opencloud.test
```
### With Full Text Search
Enable full text search capabilities with Apache Tika using either method:
Using `-f` flags:
```bash
docker compose -f docker-compose.yml -f search/tika.yml -f traefik/opencloud.yml up -d
```
Or by setting in `.env`:
```
COMPOSE_FILE=docker-compose.yml:search/tika.yml:traefik/opencloud.yml
```
This setup includes:
- Apache Tika for text extraction and metadata analysis from various file formats
- Full text search functionality in the OpenCloud interface
- Support for documents, PDFs, images, and other file types
### With Monitoring
Enable monitoring capabilities with metrics endpoints using either method:
Using `-f` flags:
```bash
docker compose -f docker-compose.yml -f monitoring/monitoring.yml -f traefik/opencloud.yml up -d
```
Or by setting in `.env`:
```
COMPOSE_FILE=docker-compose.yml:monitoring/monitoring.yml:traefik/opencloud.yml
```
This setup includes:
- Metrics endpoints for OpenCloud proxy service (port 9205)
- Metrics endpoints for collaboration service (port 9304)
- Performance monitoring and observability data
- Prometheus-compatible metrics format
Access metrics endpoints:
- OpenCloud metrics: `http://localhost:9205/metrics`
- Collaboration metrics: `http://localhost:9304/metrics`
> **Note**: The monitoring configuration uses an external network `opencloud-net`. You need to create this network manually before starting the services:
> ```bash
> docker network create opencloud-net
> ```
### Behind External Proxy
If you already have a reverse proxy (Nginx, Caddy, etc.), use either method:
Using `-f` flags:
```bash
docker compose -f docker-compose.yml -f weboffice/collabora.yml -f external-proxy/opencloud.yml -f external-proxy/collabora.yml up -d
```
Or by setting in `.env`:
```
COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:external-proxy/opencloud.yml:external-proxy/collabora.yml
```
This exposes the necessary ports:
- OpenCloud: 9200
- Collabora: 9980
- WOPI server: 9300
**Please note:**
If you're using **Nginx Proxy Manager (NPM)**, you **should NOT** activate **"Block Common Exploits"** for the Proxy Host.
Otherwise, the desktop app authentication will return **error 403 Forbidden**.
## Configuration
### Environment Variables
The configuration is managed through environment variables in the `.env` file:
- We provide `.env.example` as a template with documentation for all options
- Your personal `.env` file is ignored by git to keep sensitive information private
- This pattern allows everyone to customize their deployment without affecting the repository
Key variables:
| Variable | Description | Default |
|---------------------------|----------------------------------------------|---------------------------|
| `COMPOSE_FILE` | Colon-separated list of compose files to use | (commented out) |
| `OC_DOMAIN` | OpenCloud domain | cloud.opencloud.test |
| `OC_DOCKER_TAG` | OpenCloud image tag | latest |
| `OC_CONFIG_DIR` | Config directory path | (Docker volume) |
| `OC_DATA_DIR` | Data directory path | (Docker volume) |
| `INSECURE` | Skip certificate validation | true |
| `COLLABORA_DOMAIN` | Collabora domain | collabora.opencloud.test |
| `WOPISERVER_DOMAIN` | WOPI server domain | wopiserver.opencloud.test |
| `TIKA_IMAGE` | Apache Tika image tag | apache/tika:latest-full |
| `KEYCLOAK_DOMAIN` | Keycloak domain | keycloak.opencloud.test |
| `KEYCLOAK_ADMIN` | Keycloak admin username | kcadmin |
| `KEYCLOAK_ADMIN_PASSWORD` | Keycloak admin password | admin |
| `LDAP_BIND_PASSWORD` | LDAP password for the bind user | admin |
| `KC_DB_USERNAME` | Database user for keycloak | keycloak |
| `KC_DB_PASSWORD` | Database password for keycloak | keycloak |
See `.env.example` for all available options and their documentation.
### Persistent Storage
For production, configure persistent storage:
```
OC_CONFIG_DIR=/path/to/opencloud/config
OC_DATA_DIR=/path/to/opencloud/data
```
Ensure proper permissions:
```bash
mkdir -p /path/to/opencloud/{config,data}
chown -R 1000:1000 /path/to/opencloud
```
### Compose File Structure
This repository uses a modular approach with multiple compose files:
- `docker-compose.yml` - Core OpenCloud service
- `weboffice/` - Web office integrations (Collabora Online)
- `storage/` - Storage backend configurations (decomposeds3)
- `search/` - Search and content analysis services (Apache Tika)
- `monitoring/` - Monitoring and metrics configurations
- `idm/` - Identity management configurations (Keycloak & LDAP)
- `traefik/` - Traefik reverse proxy configurations
- `external-proxy/` - Configuration for external reverse proxies
- `config/` - Configuration files for OpenCloud, Keycloak, and LDAP
## Advanced Usage
### Understanding the COMPOSE_FILE Variable
The `COMPOSE_FILE` environment variable is a powerful way to manage complex Docker Compose deployments:
- It uses colons (`:`) as separators between files (configurable with `COMPOSE_PATH_SEPARATOR`)
- Files are processed in order, with later files overriding settings from earlier ones
- It allows you to run just `docker compose up -d` without specifying `-f` flags
- Perfect for automation, CI/CD pipelines, and consistent deployments
Example configurations:
Production with Collabora:
```
COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml
```
Production with Keycloak and LDAP:
```
COMPOSE_FILE=docker-compose.yml:idm/ldap-keycloak.yml:traefik/opencloud.yml:traefik/ldap-keycloak.yml
```
Production with both Collabora and Keycloak/LDAP:
```
COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:idm/ldap-keycloak.yml:traefik/opencloud.yml:traefik/collabora.yml:traefik/ldap-keycloak.yml
```
Production with monitoring:
```
COMPOSE_FILE=docker-compose.yml:monitoring/monitoring.yml:traefik/opencloud.yml
```
### Automation and GitOps
For automated deployments, using the `COMPOSE_FILE` variable in `.env` is recommended:
```
COMPOSE_FILE=docker-compose.yml:weboffice/collabora.yml:traefik/opencloud.yml:traefik/collabora.yml
```
This allows tools like Ansible or CI/CD pipelines to deploy the stack without modifying the compose files.
### Custom compose file overrides
You can create custom compose files to override specific settings after creating a `custom` directory:
```bash
mkdir -p custom
```
Then create a `docker-compose.override.yml` file in the `custom` directory with your overrides.
This folder is ignored by git, allowing you to customize your deployment without affecting the repository. This can be useful in scenarios like portainer where the git repository is configured as a stack.
You can for example add custom labels to the OpenCloud service:
```yaml
services:
opencloud:
labels:
- "traefik.enable=true"
- "traefik.http.routers.opencloud.rule=Host(`cloud.opencloud.test`)"
- "traefik.http.services.opencloud.loadbalancer.server.port=80"
- "traefik.http.routers.opencloud.tls.certresolver=my-resolver"
```
## Troubleshooting
### Common Issues
- **SSL Certificate Errors**: For local development, accept self-signed certificates by visiting each domain directly in your browser.
- **Port Conflicts**: If you have services already using ports 80/443, use the external proxy configuration.
- **Permission Issues**: Ensure data and config directories have proper permissions (owned by user/group 1000).
### Logs
View logs with:
```bash
docker compose logs -f
```
For specific service logs:
```bash
docker compose logs -f opencloud
```
## Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
## License
This project is licensed under the GNU General Public License v3 (GPLv3).
Reference in New Issue View Git Blame Copy Permalink