diff --git a/.drone.star b/.drone.star index f0f0991d8ef..ee45183affc 100644 --- a/.drone.star +++ b/.drone.star @@ -1674,6 +1674,7 @@ def example_deploys(ctx): "ocis_hello/latest.yml", "ocis_s3/latest.yml", "oc10_ocis_parallel/latest.yml", + "ocis_individual_services/latest.yml", ] released_configs = [ "ocis_ldap/released.yml", diff --git a/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml b/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml index 8f78eb26476..6d2cbb8a423 100644 --- a/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml +++ b/deployments/continuous-deployment-config/oc10_ocis_parallel/latest.yml @@ -25,8 +25,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_hello/latest.yml b/deployments/continuous-deployment-config/ocis_hello/latest.yml index 04e58aa1407..d4b38625fb6 100644 --- a/deployments/continuous-deployment-config/ocis_hello/latest.yml +++ b/deployments/continuous-deployment-config/ocis_hello/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_individual_services/latest.yml b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml new file mode 100644 index 00000000000..b4c7273c8ca --- /dev/null +++ b/deployments/continuous-deployment-config/ocis_individual_services/latest.yml @@ -0,0 +1,49 @@ +--- +- name: continuous-deployment-ocis-individual-services-latest + server: + server_type: cx31 + image: ubuntu-20.04 + location: nbg1 + initial_ssh_key_names: + - owncloud-ocis@drone.owncloud.com + labels: + owner: wkloucek + for: oCIS-continuous-deployment-examples + rebuild: $REBUILD + rebuild_carry_paths: + - /var/lib/docker/volumes/ocis_certs + + domains: + - "*.ocis-individual-services.latest.owncloud.works" + + vars: + ssh_authorized_keys: + - https://github.com/butonic.keys + - https://github.com/C0rby.keys + - https://github.com/fschade.keys + - https://github.com/kulmann.keys + - https://github.com/micbar.keys + - https://github.com/pascalwengerter.keys + - https://github.com/wkloucek.keys + docker_compose_projects: + - name: ocis + git_url: https://github.com/owncloud/ocis.git + ref: master + docker_compose_path: deployments/examples/ocis_individual_services + env: + INSECURE: "false" + TRAEFIK_ACME_MAIL: wkloucek@owncloud.com + OCIS_DOCKER_TAG: latest + OCIS_SCALE: 6 + OCIS_DOMAIN: ocis.ocis-individual-services.latest.owncloud.works + COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml + - name: monitoring + git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git + ref: master + env: + NETWORK_NAME: ocis-net + TELEMETRY_SERVE_DOMAIN: telemetry.ocis-individual-services.latest.owncloud.works + JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443 + TELEGRAF_SPECIFIC_CONFIG: ocis_individual_services + OCIS_URL: ocis.ocis-individual-services.latest.owncloud.works + OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-individual-services-latest diff --git a/deployments/continuous-deployment-config/ocis_keycloak/latest.yml b/deployments/continuous-deployment-config/ocis_keycloak/latest.yml index afa3503a197..e923589d873 100644 --- a/deployments/continuous-deployment-config/ocis_keycloak/latest.yml +++ b/deployments/continuous-deployment-config/ocis_keycloak/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_keycloak/released.yml b/deployments/continuous-deployment-config/ocis_keycloak/released.yml index 173063e60a3..5c5f38e7997 100644 --- a/deployments/continuous-deployment-config/ocis_keycloak/released.yml +++ b/deployments/continuous-deployment-config/ocis_keycloak/released.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_ldap/latest.yml b/deployments/continuous-deployment-config/ocis_ldap/latest.yml index 26348b942af..ecd85c75d78 100644 --- a/deployments/continuous-deployment-config/ocis_ldap/latest.yml +++ b/deployments/continuous-deployment-config/ocis_ldap/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_ldap/released.yml b/deployments/continuous-deployment-config/ocis_ldap/released.yml index c59d000a942..06a6125ecc3 100644 --- a/deployments/continuous-deployment-config/ocis_ldap/released.yml +++ b/deployments/continuous-deployment-config/ocis_ldap/released.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_s3/latest.yml b/deployments/continuous-deployment-config/ocis_s3/latest.yml index f49ad1a48c6..76d8fcb7e67 100644 --- a/deployments/continuous-deployment-config/ocis_s3/latest.yml +++ b/deployments/continuous-deployment-config/ocis_s3/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_traefik/latest.yml b/deployments/continuous-deployment-config/ocis_traefik/latest.yml index fe5b7293859..0f5e22d5179 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/latest.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_traefik/released.yml b/deployments/continuous-deployment-config/ocis_traefik/released.yml index 99998642445..93053a7c5b1 100644 --- a/deployments/continuous-deployment-config/ocis_traefik/released.yml +++ b/deployments/continuous-deployment-config/ocis_traefik/released.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_wopi/latest.yml b/deployments/continuous-deployment-config/ocis_wopi/latest.yml index 006c1160a4b..f44c59e7070 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/latest.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/latest.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/continuous-deployment-config/ocis_wopi/released.yml b/deployments/continuous-deployment-config/ocis_wopi/released.yml index 6dd9a23e509..701583d592f 100644 --- a/deployments/continuous-deployment-config/ocis_wopi/released.yml +++ b/deployments/continuous-deployment-config/ocis_wopi/released.yml @@ -24,8 +24,6 @@ - https://github.com/kulmann.keys - https://github.com/micbar.keys - https://github.com/pascalwengerter.keys - - https://github.com/paulcod3.keys - - https://github.com/refs.keys - https://github.com/wkloucek.keys docker_compose_projects: - name: ocis diff --git a/deployments/examples/ocis_individual_services/.env b/deployments/examples/ocis_individual_services/.env new file mode 100644 index 00000000000..df4a4d90a45 --- /dev/null +++ b/deployments/examples/ocis_individual_services/.env @@ -0,0 +1,36 @@ +# If you're on a internet facing server please comment out following line. +# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. +INSECURE=true + +### Traefik settings ### +# Serve Treafik dashboard. Defaults to "false". +TRAEFIK_DASHBOARD= +# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" +TRAEFIK_DOMAIN= +# Basic authentication for the dashboard. Defaults to user "admin" and password "admin" +TRAEFIK_BASIC_AUTH_USERS= +# Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server +TRAEFIK_ACME_MAIL= + +### oCIS settings ### +# oCIS version. Defaults to "latest" +OCIS_DOCKER_TAG= +# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" +OCIS_DOMAIN= +# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". +IDP_LDAP_BIND_PASSWORD= +# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". +STORAGE_LDAP_BIND_PASSWORD= +# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" +OCIS_JWT_SECRET= +# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" +STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= +# Number of services to run for extensions, that currently can be easily scaled. Defaults to 1. +OCIS_SCALE= + +# If you want to use debugging and tracing with this stack, +# you need uncomment following line. Please see documentation at +# https://owncloud.dev/ocis/deployment/monitoring-tracing/ +#COMPOSE_FILE=docker-compose.yml:monitoring_tracing/docker-compose-additions.yml diff --git a/deployments/examples/ocis_individual_services/README.md b/deployments/examples/ocis_individual_services/README.md new file mode 100644 index 00000000000..3f5f4047807 --- /dev/null +++ b/deployments/examples/ocis_individual_services/README.md @@ -0,0 +1,6 @@ +--- +document this deployment example in: docs/ocis/deployment/ocis_individual_services.md +--- + +Please refer to [our documentation](https://owncloud.dev/ocis/deployment/ocis_individual_services/) +for instructions on how to deploy this scenario. diff --git a/deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh b/deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh new file mode 100755 index 00000000000..4b890128c06 --- /dev/null +++ b/deployments/examples/ocis_individual_services/config/accounts/entrypoint-override.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +set -e + +ocis accounts server& +sleep 10 + +echo "##################################################" +echo "change default secrets:" + +# IDP +IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) +echo " IDP user UUID: $IDP_USER_UUID" +ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID + +# REVA +REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) +echo " Reva user UUID: $REVA_USER_UUID" +ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID + +echo "default secrets changed" +echo "##################################################" + +wait # wait for accounts service to exit diff --git a/deployments/examples/ocis_individual_services/config/proxy/proxy.json b/deployments/examples/ocis_individual_services/config/proxy/proxy.json new file mode 100644 index 00000000000..3874ceff194 --- /dev/null +++ b/deployments/examples/ocis_individual_services/config/proxy/proxy.json @@ -0,0 +1,103 @@ +{ + "HTTP": { + "Namespace": "com.owncloud" + }, + "policy_selector": { + "static": { + "policy": "ocis" + } + }, + "policies": [ + { + "name": "ocis", + "routes": [ + { + "endpoint": "/", + "backend": "http://web:9100" + }, + { + "endpoint": "/.well-known/", + "backend": "http://idp:9130" + }, + { + "endpoint": "/konnect/", + "backend": "http://idp:9130" + }, + { + "endpoint": "/signin/", + "backend": "http://idp:9130" + }, + { + "type": "regex", + "endpoint": "/ocs/v[12].php/cloud/(users?|groups)", + "backend": "http://ocs:9110" + }, + { + "endpoint": "/ocs/", + "backend": "http://storage-frontend:9140" + }, + { + "type": "query", + "endpoint": "/remote.php/?preview=1", + "backend": "http://webdav:9115" + }, + { + "endpoint": "/remote.php/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/dav/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/webdav/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/status.php", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/index.php/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/data", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/app/", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/archiver", + "backend": "http://storage-frontend:9140" + }, + { + "endpoint": "/graph/", + "backend": "http://graph:9120" + }, + { + "endpoint": "/graph-explorer/", + "backend": "http://graph-explorer:9135" + }, + { + "endpoint": "/api/v0/accounts", + "backend": "http://accounts:9181" + }, + { + "endpoint": "/accounts.js", + "backend": "http://accounts:9181" + }, + { + "endpoint": "/api/v0/settings", + "backend": "http://settings:9190" + }, + { + "endpoint": "/settings.js", + "backend": "http://settings:9190" + } + ] + } + ] +} \ No newline at end of file diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml new file mode 100644 index 00000000000..27ec4754325 --- /dev/null +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -0,0 +1,734 @@ +--- +version: "3.7" + +services: + traefik: + image: traefik:v2.5 + networks: + ocis-net: + aliases: + - ${OCIS_DOMAIN:-ocis.owncloud.test} + command: + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" + - "--certificatesResolvers.http.acme.storage=/certs/acme.json" + - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + # enable dashboard + - "--api.dashboard=true" + # define entrypoints + - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" + - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.exposedByDefault=false" + ports: + - "80:80" + - "443:443" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "traefik-certs:/certs" + labels: + - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" + logging: + driver: "local" + restart: always + + proxy: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - proxy + - server + environment: + PROXY_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + PROXY_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + PROXY_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + PROXY_TLS: "false" # do not use SSL between Traefik and oCIS + + REVA_GATEWAY: storage-gateway:9142 + + PROXY_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + PROXY_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + PROXY_INSECURE_BACKENDS: "false" + + PROXY_OIDC_INSECURE: "${INSECURE:-false}" + PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + PROXY_AUTOPROVISION_ACCOUNTS: "true" + + PROXY_HTTP_ADDR: 0.0.0.0:9200 + volumes: + - "./config/proxy/proxy.json:/etc/ocis/proxy.json" + labels: + - "traefik.enable=true" + - "traefik.http.routers.ocis.entrypoints=https" + - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test\ + }`)" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" + - "traefik.http.services.ocis.loadbalancer.server.port=9200" + logging: + driver: "local" + restart: always + + nats: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - nats-server + - server + environment: + NATS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + NATS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + NATS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + NATS_NATS_HOST: 0.0.0.0 + NATS_NATS_PORT: 9233 + logging: + driver: "local" + restart: always + + accounts: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - /bin/sh + - /entrypoint-override.sh + #entrypoint: + # - ocis + # - accounts + # - server + environment: + ACCOUNTS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + ACCOUNTS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + ACCOUNTS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + ACCOUNTS_HTTP_ADDR: 0.0.0.0:9181 + ACCOUNTS_GRPC_ADDR: 0.0.0.0:9180 + + ACCOUNTS_STORAGE_BACKEND: cs3 + ACCOUNTS_STORAGE_CS3_PROVIDER_ADDR: storage-metadata:9215 + + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + + ACCOUNTS_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + volumes: + - ./config/accounts/entrypoint-override.sh:/entrypoint-override.sh + logging: + driver: "local" + restart: always + + glauth: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - glauth + - server + environment: + GLAUTH_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + GLAUTH_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + GLAUTH_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + GLAUTH_LDAP_ADDR: 0.0.0.0:9125 + GLAUTH_LDAPS_ADDR: 0.0.0.0:9126 + + GLAUTH_BACKEND_INSECURE: "true" + logging: + driver: "local" + restart: always + + idp: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - idp + - server + environment: + IDP_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + IDP_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + IDP_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + IDP_HTTP_ADDR: 0.0.0.0:9130 + + IDP_LDAP_URI: ldap://glauth:9125 + IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} + + IDP_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test} + IDP_INSECURE: "${INSECURE:-false}" + logging: + driver: "local" + restart: always + + ocs: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - ocs + - server + environment: + OCS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + OCS_HTTP_ADDR: 0.0.0.0:9110 + + OCS_ACCOUNT_BACKEND_TYPE: accounts + OCS_IDM_ADDRESS: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + OCS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + settings: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - settings + - server + environment: + SETTINGS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + SETTINGS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + SETTINGS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + SETTINGS_HTTP_ADDR: 0.0.0.0:9190 + SETTINGS_GRPC_ADDR: 0.0.0.0:9191 + + SETTINGS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + volumes: + - "ocis-settings:/var/lib/ocis" + logging: + driver: "local" + restart: always + + store: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - store + - server + environment: + STORE_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + STORE_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + STORE_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORE_GRPC_ADDR: 0.0.0.0:9460 + volumes: + - "ocis-settings:/var/lib/ocis" + logging: + driver: "local" + restart: always + + thumbnails: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - thumbnails + - server + environment: + THUMBNAILS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + THUMBNAILS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + THUMBNAILS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + THUMBNAILS_GRPC_ADDR: 0.0.0.0:9185 + + THUMBNAILS_CS3SOURCE_INSECURE: "true" + REVA_GATEWAY: storage-gateway:9142 + + volumes: + # optional shared thumbnail cache between services + - "ocis-settings:/var/lib/ocis" + logging: + driver: "local" + restart: always + + web: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - web + - server + environment: + WEB_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + WEB_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + WEB_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + WEB_HTTP_ADDR: 0.0.0.0:9100 + + WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test} + WEB_UI_THEME_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test} + WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test} + logging: + driver: "local" + restart: always + + webdav: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - webdav + - server + environment: + WEBDAV_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + WEBDAV_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + WEBDAV_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + WEBDAV_HTTP_ADDR: 0.0.0.0:9115 + + OCIS_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + graph: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - graph + - server + environment: + GRAPH_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + GRAPH_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + GRAPH_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + GRAPH_HTTP_ADDR: 0.0.0.0:9120 + GRAPH_SPACES_WEBDAV_BASE: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + REVA_GATEWAY: storage-gateway:9142 + GRAPH_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + + GRAPH_LDAP_URI: ldap://glauth:9125 + logging: + driver: "local" + restart: always + + storage-metadata: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - storage-metadata + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + + STORAGE_METADATA_GRPC_ADDR: 0.0.0.0:9215 + STORAGE_METADATA_HTTP_ADDR: 0.0.0.0:9216 + STORAGE_METADATA_DATA_SERVER_URL: http://storage-metadata:9216/data + + STORAGE_JWT_SECRET: ${OCIS_METADATA_JWT_SECRET:-Pive-Fumkiu4} + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + + STORAGE_METADATA_DRIVER: ocis + + REVA_GATEWAY: storage-gateway:9142 + volumes: + - "ocis-storage-metadata:/var/lib/ocis" + logging: + driver: "local" + restart: always + + storage-authbasic: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-auth-basic + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_AUTH_BASIC_GRPC_ADDR: 0.0.0.0:9146 + STORAGE_AUTH_BASIC_ENDPOINT: storage-authbasic:9146 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-authmachine: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-auth-machine + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_AUTH_MACHINE_GRPC_ADDR: 0.0.0.0:9148 + STORAGE_AUTH_MACHINE_ENDPOINT: storage-authmachine:9148 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-authbearer: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-auth-bearer + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_AUTH_BEARER_GRPC_ADDR: 0.0.0.0:9166 + STORAGE_AUTH_BEARER_ENDPOINT: storage-authbearer:9166 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-shares: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-shares + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_SHARES_GRPC_ADDR: 0.0.0.0:9154 + STORAGE_SHARES_ENDPOINT: storage-shares:9154 + + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 + + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-users: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - storage-users + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + + STORAGE_USERS_DRIVER: ocis + + STORAGE_USERS_GRPC_ADDR: 0.0.0.0:9157 + STORAGE_USERS_ENDPOINT: storage-users:9157 + + STORAGE_USERS_HTTP_ADDR: 0.0.0.0:9158 + STORAGE_USERS_DATA_SERVER_URL: http://storage-users:9158/data + + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + volumes: + - "ocis-storage-users:/var/lib/ocis" + logging: + driver: "local" + restart: always + + storage-publiclink: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-public-link + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 + STORAGE_PUBLIC_LINK_GRPC_ADDR: 0.0.0.0:9178 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-sharing: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: 1 + networks: + ocis-net: null + entrypoint: + - ocis + - storage-sharing + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 + STORAGE_SHARING_GRPC_ADDR: 0.0.0.0:9150 + + STORAGE_SHARING_USER_DRIVER: json + STORAGE_SHARING_USER_JSON_FILE: /var/lib/ocis/storage/sharing/shares.json + STORAGE_SHARING_PUBLIC_DRIVER: json + STORAGE_SHARING_PUBLIC_JSON_FILE: /var/lib/ocis/storage/sharing/publicshares.json + + STORAGE_SHARING_EVENTS_ADDRESS: nats:9233 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + volumes: + - "ocis-storage-sharing:/var/lib/ocis" + logging: + driver: "local" + restart: always + + storage-userprovider: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-userprovider + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_USERPROVIDER_ENDPOINT: storage-userprovider:9144 + STORAGE_USERPROVIDER_ADDR: 0.0.0.0:9144 + + STORAGE_USERPROVIDER_DRIVER: ldap + STORAGE_LDAP_HOSTNAME: glauth + STORAGE_LDAP_PORT: 9126 + STORAGE_LDAP_INSECURE: "true" + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-groupprovider: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-groupprovider + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 + STORAGE_GROUPPROVIDER_ADDR: 0.0.0.0:9160 + + STORAGE_GROUPPROVIDER_DRIVER: ldap + STORAGE_LDAP_HOSTNAME: glauth + STORAGE_LDAP_PORT: 9126 + STORAGE_LDAP_INSECURE: "true" + STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} + STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-frontend: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-frontend + - server + environment: + STORAGE_FRONTEND_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + STORAGE_FRONTEND_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + STORAGE_FRONTEND_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "true" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "true" + STORAGE_FRONTEND_OCDAV_INSECURE: "true" + + STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + STORAGE_FRONTEND_HTTP_ADDR: 0.0.0.0:9140 + + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 + + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + REVA_GATEWAY: storage-gateway:9142 + logging: + driver: "local" + restart: always + + storage-gateway: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + deploy: + replicas: ${OCIS_SCALE:-1} + networks: + ocis-net: null + entrypoint: + - ocis + - storage-gateway + - server + environment: + OCIS_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" + OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" + OCIS_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" + + STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 + + REVA_GATEWAY: storage-gateway:9142 + + STORAGE_USERS_ENDPOINT: storage-users:9157 + + STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 + + STORAGE_AUTH_BASIC_ENDPOINT: storage-authbasic:9146 + STORAGE_AUTH_BEARER_ENDPOINT: storage-authbearer:9166 + STORAGE_AUTH_MACHINE_ENDPOINT: storage-authmachine:9148 + + STORAGE_SHARES_ENDPOINT: storage-shares:9154 + STORAGE_SHARING_ENDPOINT: storage-sharing:9150 + + STORAGE_GROUPPROVIDER_ENDPOINT: storage-groupprovider:9160 + STORAGE_USERPROVIDER_ENDPOINT: storage-userprovider:9144 + STORAGE_PERMISSIONS_ENDPOINT: settings:9191 + + STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + + STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + STORAGE_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + logging: + driver: "local" + restart: always + +volumes: + traefik-certs: null + ocis-settings: null + ocis-store: null + ocis-storage-metadata: null + ocis-storage-users: null + ocis-storage-sharing: null + +networks: + ocis-net: + external: true diff --git a/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml new file mode 100644 index 00000000000..21e2e23296a --- /dev/null +++ b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml @@ -0,0 +1,202 @@ +--- +version: "3.7" + +services: + proxy: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + PROXY_DEBUG_ADDR: 0.0.0.0:9205 + + accounts: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + + glauth: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + GLAUTH_DEBUG_ADDR: 0.0.0.0:9129 + idp: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + IDP_DEBUG_ADDR: 0.0.0.0:9134 + ocs: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + OCS_DEBUG_ADDR: 0.0.0.0:9114 + settings: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 + store: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORE_DEBUG_ADDR: 0.0.0.0:9464 + thumbnails: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + THUMBNAILS_DEBUG_ADDR: 0.0.0.0:9189 + web: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + WEB_DEBUG_ADDR: 0.0.0.0:9104 + webdav: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + WEBDAV_DEBUG_ADDR: 0.0.0.0:9119 + graph: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + GRAPH_DEBUG_ADDR: 0.0.0.0:9124 + #graph-explorer: + # environment: + # # tracing + # OCIS_TRACING_ENABLED: "true" + # OCIS_TRACING_TYPE: jaeger + # OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # # metrics + # GRAPH_EXPLORER_DEBUG_ADDR: 0.0.0.0:9136 + storage-metadata: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_METADATA_DEBUG_ADDR: 0.0.0.0:9217 + storage-authbasic: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 + storage-authmachine: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 + storage-authbearer: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 + storage-shares: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_SHARES_DEBUG_ADDR: 0.0.0.0:9156 + storage-users: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_USERS_DEBUG_ADDR: 0.0.0.0:9159 + storage-publiclink: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_PUBLIC_LINK_DEBUG_ADDR: 0.0.0.0:9179 + storage-sharing: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_SHARING_DEBUG_ADDR: 0.0.0.0:9151 + storage-userprovider: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_USERPROVIDER_DEBUG_ADDR: 0.0.0.0:9145 + storage-groupprovider: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_GROUPPROVIDER_DEBUG_ADDR: 0.0.0.0:9161 + storage-frontend: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 + storage-gateway: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: jaeger + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 + APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 + +networks: + ocis-net: + external: true diff --git a/docs/ocis/deployment/oc10_ocis_parallel.md b/docs/ocis/deployment/oc10_ocis_parallel.md index f0d210d8981..cceb3047149 100644 --- a/docs/ocis/deployment/oc10_ocis_parallel.md +++ b/docs/ocis/deployment/oc10_ocis_parallel.md @@ -122,7 +122,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oC10 and oCIS frontend in `CLOUD_DOMAIN=`, eg. `CLOUD_DOMAIN=cloud.owncloud.test`. - You also must override the default secrets in `STORAGE_TRANSFER_SECRET` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). By default ownCloud 10 will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OC10_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). diff --git a/docs/ocis/deployment/ocis_hello.md b/docs/ocis/deployment/ocis_hello.md index 6449ce47a78..2afd77a633d 100644 --- a/docs/ocis/deployment/ocis_hello.md +++ b/docs/ocis/deployment/ocis_hello.md @@ -95,7 +95,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). By default the oCIS Hello extension will be started in the `latest` version. If you want to start a specific version of oCIS Hello set the version to `OCIS_HELLO_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis-hello/tags?page=1&ordering=last_updated). diff --git a/docs/ocis/deployment/ocis_individual_services.md b/docs/ocis/deployment/ocis_individual_services.md new file mode 100644 index 00000000000..bb8de24f289 --- /dev/null +++ b/docs/ocis/deployment/ocis_individual_services.md @@ -0,0 +1,121 @@ +--- +title: "oCIS as individual services" +date: 2020-10-12T14:04:00+01:00 +weight: 24 +geekdocRepo: https://github.com/owncloud/ocis +geekdocEditPath: edit/master/docs/ocis/deployment +geekdocFilePath: ocis_individual_services.md +--- + +{{< toc >}} + +## Overview + +* oCIS running behind Traefik as reverse proxy +* Traefik generating self signed certificates for local setup or obtaining valid SSL certificates for a server setup +* oCIS running as individual services (each extension in it's own containers) + +[Find this example on GitHub](https://github.com/owncloud/ocis/tree/master/deployments/examples/ocis_individual_services) + +The docker stack consists of at least 24 containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network. + +The other containers are oCIS extensions, running each one in a separate container. In this example oCIS uses its internal IDP [LibreGraph Connect]({{< ref "../../extensions/idp" >}}) and the [oCIS storage driver]({{< ref "../../extensions/storage/storagedrivers" >}}). You also can start more than one container of each service by setting `OCIS_SCALE` to a number greater than 1. Currently this won't scale all services, but we are working on making all service easily scalable. + +## Server Deployment + +### Requirements + +* Linux server with docker and docker-compose installed +* Two domains set up and pointing to your server + - ocis.* for serving oCIS + - traefik.* for serving the Traefik dashboard + +See also [example server setup]({{< ref "preparing_server" >}}) + + +### Install oCIS and Traefik + +* Clone oCIS repository + + `git clone https://github.com/owncloud/ocis.git` + +* Go to the deployment example + + `cd ocis/deployment/examples/ocis_traefik` + +* Open the `.env` file in a text editor + The file by default looks like this: + ```bash + # If you're on a internet facing server please comment out following line. + # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. + INSECURE=true + + ### Traefik settings ### + # Serve Treafik dashboard. Defaults to "false". + TRAEFIK_DASHBOARD= + # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" + TRAEFIK_DOMAIN= + # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" + TRAEFIK_BASIC_AUTH_USERS= + # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server + TRAEFIK_ACME_MAIL= + + ### oCIS settings ### + # oCIS version. Defaults to "latest" + OCIS_DOCKER_TAG= + # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" + OCIS_DOMAIN= + # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". + IDP_LDAP_BIND_PASSWORD= + # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". + STORAGE_LDAP_BIND_PASSWORD= + # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" + OCIS_JWT_SECRET= + # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" + STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= + # Number of services to run for extensions, that currently can be easily scaled. Defaults to 1. + OCIS_SCALE= + ``` + + You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. + + If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`. + + The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool). + + Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`. + + By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). + + Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. + + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + + You also can run more than one instance of the service by setting `OCIS_SCALE` to number greater than one. + + Now you have configured everything and can save the file. + +* Start the docker stack + + `docker-compose up -d` + +* You now can visit oCIS and Traefik dashboard on your configured domains. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. + +## Local setup +For a more simple local ocis setup see [Getting started]({{< ref "../getting-started" >}}) + +This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer. + +On Linux and macOS you can add them to your `/etc/hosts` files like this: +``` +127.0.0.1 ocis.owncloud.test +127.0.0.1 traefik.owncloud.test +``` + +After that you're ready to start the application stack: + +`docker-compose up -d` + +Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the default users, which also can be found here: [Getting started]({{< ref "../getting-started#login-to-ocis-web" >}}). You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time. diff --git a/docs/ocis/deployment/ocis_keycloak.md b/docs/ocis/deployment/ocis_keycloak.md index 73b8e3c5343..7d8c189ca89 100644 --- a/docs/ocis/deployment/ocis_keycloak.md +++ b/docs/ocis/deployment/ocis_keycloak.md @@ -108,7 +108,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) If you want to change the OIDC client id of th ownCloud Web frontend, you can do this by setting the name to `OCIS_OIDC_CLIENT_ID=`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). Set your domain for the Keycloak administration panel and authentication endpoints to `KEYCLOAK_DOMAIN=` eg. `KEYCLOAK_DOMAIN=keycloak.owncloud.test`. diff --git a/docs/ocis/deployment/ocis_ldap.md b/docs/ocis/deployment/ocis_ldap.md index 05f035e979b..655dae94cc3 100644 --- a/docs/ocis/deployment/ocis_ldap.md +++ b/docs/ocis/deployment/ocis_ldap.md @@ -93,7 +93,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=cloud.owncloud.test`. - You also must override the default secrets in `STORAGE_TRANSFER_SECRET` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). The OpenLDAP server in this example deployment has an admin users, which is also used as bind user in order to keep theses examples simple. You can change the default password "admin" to a different one by setting it to `LDAP_ADMIN_PASSWORD=...`. diff --git a/docs/ocis/deployment/ocis_s3.md b/docs/ocis/deployment/ocis_s3.md index e353a7617d5..b129ac66316 100644 --- a/docs/ocis/deployment/ocis_s3.md +++ b/docs/ocis/deployment/ocis_s3.md @@ -104,7 +104,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). Set your domain for the MinIO frontend in `MINIO_DOMAIN=`, eg. `MINIO_DOMAIN=minio.owncloud.test`. If you are using other S3-compatible providers you need to configure the respective endpoint here. diff --git a/docs/ocis/deployment/ocis_traefik.md b/docs/ocis/deployment/ocis_traefik.md index 2aaf2aedd12..9adaebbbf5b 100644 --- a/docs/ocis/deployment/ocis_traefik.md +++ b/docs/ocis/deployment/ocis_traefik.md @@ -88,7 +88,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). Now you have configured everything and can save the file. diff --git a/docs/ocis/deployment/ocis_wopi.md b/docs/ocis/deployment/ocis_wopi.md index 16f75a88884..5b8e7f22279 100644 --- a/docs/ocis/deployment/ocis_wopi.md +++ b/docs/ocis/deployment/ocis_wopi.md @@ -130,7 +130,7 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override three default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD` and `OCIS_JWT_SECRET` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). + You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings eg. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). By default the CS3Org WOPI server will also be started in the `latest` version. If you want to start a specific version of it, you can set the version to `WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/cs3org/wopiserver/tags?page=1&ordering=last_updated).