owncloud · 2403905 · Oct 25, 2024 · Oct 30, 2024 · Oct 31, 2024 · mmattel
diff --git a/deployments/examples/ocis_full/.env b/deployments/examples/ocis_full/.env
@@ -223,3 +223,14 @@ INBUCKET_DOMAIN=
 # ALL supplemental configs must be added here, whether commented or not.
 # Each var must either be empty or contain :path/file.yml
 COMPOSE_FILE=docker-compose.yml${OCIS:-}${TIKA:-}${S3NG:-}${S3NG_MINIO:-}${COLLABORA:-}${MONITORING:-}${IMPORTER:-}${CLAMAV:-}${ONLYOFFICE:-}${INBUCKET:-}${EXTENSIONS:-}${UNZIP:-}${DRAWIO:-}${JSONVIEWER:-}${PROGRESSBARS:-}${EXTERNALSITES:-}
+
+### OCM Settings ###
+# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://owncloud.dev/services/ocm/
-# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://owncloud.dev/services/ocm/
+# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://doc.owncloud.com/ocis/next/deployment/services/s-list/ocm.html
-# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://owncloud.dev/services/ocm/
+# Note: the OCM configuration is optional and can be used to connect to an OCM instance. https://doc.owncloud.com/ocis/next/deployment/services/s-list/ocm.html
+# There are several setting files that do not allow variables like ocm.providers.json, ocis.web.config.json, ocis.ocm.web.config.json
+# This files need to be configured manualy for the real valuse of the OCIS_OCM_DOMAIN and OCIS_DOMAIN
-# This files need to be configured manualy for the real valuse of the OCIS_OCM_DOMAIN and OCIS_DOMAIN
+# These files need to be configured manually for the real values set in OCIS_DOMAIN and OCIS_OCM_DOMAIN
-# This files need to be configured manualy for the real valuse of the OCIS_OCM_DOMAIN and OCIS_DOMAIN
+# These files need to be configured manually for the real values set in OCIS_DOMAIN and OCIS_OCM_DOMAIN
+# Domain of oCIS OCM instace, where you can find the frontend.
-# Domain of oCIS OCM instace, where you can find the frontend.
-# Domain of oCIS OCM instace, where you can find the frontend.
+# Defaults to "ocis.ocm.owncloud.test"
+OCIS_OCM_DOMAIN=
+# An eMail address that is used for sending Infinite Scale notification eMails
+# like "ocis notifications <[email protected]>".
+SMTP_SENDER=
diff --git a/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json b/deployments/examples/ocis_full/config/ocis/ocis.ocm.web.config.json
@@ -0,0 +1,27 @@
+{
+  "server": "https://ocis.ocm.owncloud.test",
+  "theme": "https://ocis.ocm.owncloud.test/themes/owncloud/theme.json",
+  "openIdConnect": {
+    "metadata_url": "https://ocis.ocm.owncloud.test/.well-known/openid-configuration",
+    "authority": "https://ocis.ocm.owncloud.test",
+    "client_id": "web",
+    "response_type": "code"
+  },
+  "options": {
+    "contextHelpersReadMore": true
+  },
+  "apps": [
+    "files",
+    "text-editor",
+    "pdf-viewer",
+    "search",
+    "external",
+    "admin-settings",
+    "ocm",
+    "webfinger",
+    "epub-reader",
+    "app-store",
+    "activities",
+    "preview"
+  ]
+}
diff --git a/deployments/examples/ocis_full/config/ocis/ocis.web.config.json b/deployments/examples/ocis_full/config/ocis/ocis.web.config.json
@@ -0,0 +1,27 @@
+{
+  "server": "https://ocis.owncloud.test",
+  "theme": "https://ocis.owncloud.test/themes/owncloud/theme.json",
+  "openIdConnect": {
+    "metadata_url": "https://ocis.owncloud.test/.well-known/openid-configuration",
+    "authority": "https://ocis.owncloud.test",
+    "client_id": "web",
+    "response_type": "code"
+  },
+  "options": {
+    "contextHelpersReadMore": true
+  },
+  "apps": [
+    "files",
+    "text-editor",
+    "pdf-viewer",
+    "search",
+    "external",
+    "admin-settings",
+    "ocm",
+    "webfinger",
+    "epub-reader",
+    "app-store",
+    "activities",
+    "preview"
+  ]
+}
diff --git a/deployments/examples/ocis_full/config/ocis/ocm.providers.json b/deployments/examples/ocis_full/config/ocis/ocm.providers.json
@@ -0,0 +1,46 @@
+[
+  {
+    "name": "ocis-server",
+    "full_name": "first-ocis-instance",
+    "organization": "Owncloud",
+    "domain": "ocis.owncloud.test",
+    "homepage": "https://owncloud.com",
+    "services": [
+      {
+        "endpoint": {
+          "type": {
+            "name": "OCM",
+            "description": "CERNBox Open Cloud Mesh API"
+          },
+          "name": "CERNBox - OCM API",
+          "path": "https://ocis.owncloud.test/ocm/",
+          "is_monitored": true
+        },
+        "api_version": "0.0.1",
+        "host": "ocis.owncloud.test"
+      }
+    ]
+  },
+  {
+    "name": "federation-ocis-server",
+    "full_name": "Ocm ocis",
+    "organization": "Owncloud",
+    "domain": "ocis.ocm.owncloud.test",
+    "homepage": "https://owncloud.com",
+    "services": [
+      {
+        "endpoint": {
+          "type": {
+            "name": "OCM",
+            "description": "CERNBox Open Cloud Mesh API"
+          },
+          "name": "CERNBox - OCM API",
+          "path": "https://ocis.ocm.owncloud.test/ocm/",
+          "is_monitored": true
+        },
+        "api_version": "0.0.1",
+        "host": "ocis.ocm.owncloud.test"
+      }
+    ]
+  }
+]
diff --git a/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml b/deployments/examples/ocis_full/debug-collaboration-onlyoffice.yml
@@ -2,8 +2,8 @@
 services:
 
   collaboration-oo:
-    command: [ "-c", "dlv --listen=:40002 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ]
+    command: [ "-c", "dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ]
     environment:
       COLLABORATION_LOG_LEVEL: debug
     ports:
-      - 40002:40002
+      - 40002:40000
diff --git a/deployments/examples/ocis_full/debug-ocis-ocm.yml b/deployments/examples/ocis_full/debug-ocis-ocm.yml
@@ -0,0 +1,9 @@
+---
+services:
+
+  ocis:
+    command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ]
+    environment:
+      OCIS_LOG_LEVEL: debug
+    ports:
+      - 40004:40000
diff --git a/deployments/examples/ocis_full/debug-ocis.yml b/deployments/examples/ocis_full/debug-ocis.yml
@@ -3,5 +3,7 @@ services:
 
   ocis:
     command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --continue --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ]
+    environment:
+      OCIS_LOG_LEVEL: debug
     ports:
       - 40000:40000
diff --git a/deployments/examples/ocis_full/ocis-ocm.yml b/deployments/examples/ocis_full/ocis-ocm.yml
@@ -0,0 +1,94 @@
+---
+services:
+  traefik:
+    networks:
+      ocis-net:
+        aliases:
+          - ${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test}
+  ocis:
+    environment:
+      OCIS_ADD_RUN_SERVICES: "notifications, ocm"
+      OCIS_ENABLE_OCM: true
+      OCM_OCM_INVITE_MANAGER_INSECURE: true
+      OCM_OCM_SHARE_PROVIDER_INSECURE: true
+      OCM_OCM_STORAGE_PROVIDER_INSECURE: true
+      OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE: /etc/ocm/providers.json
+      WEB_UI_CONFIG_FILE: /etc/ocis/ocis.web.config.json
+
+
+  ocis-ocm:
+    image: ${OCIS_DOCKER_IMAGE:-owncloud/ocis}:${OCIS_DOCKER_TAG:-latest}
+    networks:
+      ocis-net:
+    entrypoint:
+      - /bin/sh
+    # run ocis init to initialize a configuration file with random secrets
+    # it will fail on subsequent runs, because the config file already exists
+    # therefore we ignore the error and then start the ocis server
+    command: ["-c", "ocis init || true; ocis server"]
+    environment:
+      # enable the notifications service as it is not started automatically
+      OCIS_ADD_RUN_SERVICES: "notifications, ocm"
+      OCIS_URL: https://${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test}
+      OCIS_LOG_LEVEL: ${LOG_LEVEL:-info}
+      OCIS_LOG_COLOR: "${LOG_PRETTY:-false}"
+      OCIS_LOG_PRETTY: "${LOG_PRETTY:-false}"
+      # do not use SSL between Traefik and oCIS
+      PROXY_TLS: "false"
+      # make the REVA gateway accessible to the app drivers
+      GATEWAY_GRPC_ADDR: 0.0.0.0:9142
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      OCIS_INSECURE: "${INSECURE:-false}"
+      # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
+      PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
+      # admin user password
+      IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
+      # demo users
+      IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
+      # email server (if configured)
+      NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}"
+      NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}"
+      NOTIFICATIONS_SMTP_SENDER: "${SMTP_OCM_SENDER:-oCIS notifications <notifications@${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test}>}"
+      NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}"
+      NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE}"
+      # make the registry available to the app provider containers
+      MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233
+      NATS_NATS_HOST: 0.0.0.0
+      NATS_NATS_PORT: 9233
+      PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml
+      # these three vars are needed to the csp config file to include the web office apps and the importer
+      COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test}
+      ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}
+      COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test}
+      # enable to allow using the banned passwords list
+      OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
+      # ocm configuration
+      OCIS_ENABLE_OCM: true
+      OCM_OCM_INVITE_MANAGER_INSECURE: true
+      OCM_OCM_SHARE_PROVIDER_INSECURE: true
+      OCM_OCM_STORAGE_PROVIDER_INSECURE: true
+      OCM_OCM_PROVIDER_AUTHORIZER_PROVIDERS_FILE: /etc/ocm/providers.json
+      WEB_UI_CONFIG_FILE: /etc/ocis/ocis.ocm.web.config.json
+    volumes:
+      - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml
+      - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml
+      - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
+      - ./config/ocis/ocis.ocm.web.config.json:/etc/ocis/ocis.ocm.web.config.json:ro
+      - ./config/ocis/ocm.providers.json:/etc/ocm/providers.json
+      # configure the .env file to use own paths instead of docker internal volumes
+      - ${OCIS_CONFIG_DIR:-ocis-ocm-config}:/etc/ocis
+      - ${OCIS_OCM_DATA_DIR:-ocis-ocm-data}:/var/lib/ocis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.ocis-ocm.entrypoints=https"
+      - "traefik.http.routers.ocis-ocm.rule=Host(`${OCIS_OCM_DOMAIN:-ocis.ocm.owncloud.test}`)"
+      - "traefik.http.routers.ocis-ocm.tls.certresolver=http"
+      - "traefik.http.routers.ocis-ocm.service=ocis-ocm"
+      - "traefik.http.services.ocis-ocm.loadbalancer.server.port=9200"
+    logging:
+      driver: ${LOG_DRIVER:-local}
+    restart: always
+
+volumes:
+  ocis-ocm-config:
+  ocis-ocm-data:
diff --git a/deployments/examples/ocis_full/ocis.yml b/deployments/examples/ocis_full/ocis.yml
@@ -17,7 +17,7 @@ services:
     command: ["-c", "ocis init || true; ocis server"]
     environment:
       # enable the notifications service as it is not started automatically
-      OCIS_ADD_RUN_SERVICES: "notifications"
+      OCIS_ADD_RUN_SERVICES: "notifications, ocm"
       OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${LOG_LEVEL:-info}
       OCIS_LOG_COLOR: "${LOG_PRETTY:-false}"
@@ -55,6 +55,8 @@ services:
       - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml
       - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml
       - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt
+      - ./config/ocis/ocis.web.config.json:/etc/ocis/ocis.web.config.json:ro
+      - ./config/ocis/ocm.providers.json:/etc/ocm/providers.json
       # configure the .env file to use own paths instead of docker internal volumes
       - ${OCIS_CONFIG_DIR:-ocis-config}:/etc/ocis
       - ${OCIS_DATA_DIR:-ocis-data}:/var/lib/ocis