add OCIS_URL env var

.drone.star

@@ -1413,25 +1413,20 @@ def frontend(module):
 def ocisServer(storage, accounts_hash_difficulty = 4, volumes=[]):
   environment = {
     #'OCIS_LOG_LEVEL': 'debug',
+    'OCIS_URL': 'https://ocis-server:9200',
     'STORAGE_HOME_DRIVER': '%s' % (storage),
     'STORAGE_USERS_DRIVER': '%s' % (storage),
     'STORAGE_DRIVER_OCIS_ROOT': '/srv/app/tmp/ocis/storage/users',
     'STORAGE_DRIVER_LOCAL_ROOT': '/srv/app/tmp/ocis/local/root',
     'STORAGE_METADATA_ROOT': '/srv/app/tmp/ocis/metadata',
     'STORAGE_DRIVER_OWNCLOUD_DATADIR': '/srv/app/tmp/ocis/owncloud/data',
     'STORAGE_DRIVER_OWNCLOUD_REDIS_ADDR': 'redis:6379',
-    'STORAGE_LDAP_IDP': 'https://ocis-server:9200',
-    'STORAGE_OIDC_ISSUER': 'https://ocis-server:9200',
-    'PROXY_OIDC_ISSUER': 'https://ocis-server:9200',
     'STORAGE_HOME_DATA_SERVER_URL': 'http://ocis-server:9155/data',
-    'STORAGE_DATAGATEWAY_PUBLIC_URL': 'https://ocis-server:9200/data',
     'STORAGE_USERS_DATA_SERVER_URL': 'http://ocis-server:9158/data',
-    'STORAGE_FRONTEND_PUBLIC_URL': 'https://ocis-server:9200',
     'STORAGE_SHARING_USER_JSON_FILE': '/srv/app/tmp/ocis/shares.json',
     'PROXY_ENABLE_BASIC_AUTH': True,
     'WEB_UI_CONFIG': '/drone/src/tests/config/drone/ocis-config.json',
     'KONNECTD_IDENTIFIER_REGISTRATION_CONF': '/drone/src/tests/config/drone/identifier-registration.yml',
-    'KONNECTD_ISS': 'https://ocis-server:9200',
     'KONNECTD_TLS': 'true',
     'OCIS_LOG_LEVEL': 'warn',
   }

changelog/unreleased/add-ocis-url-env.md

@@ -0,0 +1,17 @@
+Enhancement: add OCIS_URL env var
+
+Tags: ocis
+
+We introduced a new environment variable `OCIS_URL` that expects a URL including protocol, host and optionally port to simplify configuring all the different services. These existing environment variables still take precedence, but will also fall back to `OCIS_URL`: `STORAGE_LDAP_IDP`, `STORAGE_OIDC_ISSUER`, `PROXY_OIDC_ISSUER`, `STORAGE_FRONTEND_PUBLIC_URL`, `KONNECTD_ISS`, `WEB_OIDC_AUTHORITY`, and `WEB_UI_CONFIG_SERVER`.
+
+Some environment variables are now built dynamically if they are not set: 
+- `STORAGE_DATAGATEWAY_PUBLIC_URL` defaults to `<STORAGE_FRONTEND_PUBLIC_URL>/data`, also falling back to `OCIS_URL`
+- `WEB_OIDC_METADATA_URL` defaults to `<WEB_OIDC_AUTHORITY>/.well-known/openid-configuration`, also falling back to `OCIS_URL`
+
+Furthermore, the built in konnectd will generate an `identifier-registration.yaml` that uses the `KONNECTD_ISS` in the allowed `redirect_uris` and `origins`. It simplifies the default `https://localhost:9200` and remote deployment with `OCIS_URL` which is evaluated as a fallback if `KONNECTD_ISS` is not set.
+
+An OCIS server can now be started on a remote machine as easy as `OCIS_URL=https://cloud.ocis.test PROXY_HTTP_ADDR=0.0.0.0:443 ocis server`.
+
+Note that the `OCIS_DOMAIN` environment variable is not used by ocis, but by the docker containers.
+
+https://github.com/owncloud/ocis/pull/1148

deployments/examples/cs3_users_ocis/docker-compose.yaml

@@ -73,23 +73,15 @@ services:
       STORAGE_LDAP_FINDFILTER: '(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
       STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
       # General ocis config
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: error
       # proxy config
       PROXY_OIDC_INSECURE: "${INSECURE:-false}"
-      PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       PROXY_TLS: "false"
       # web config
-      WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/.well-known/openid-configuration
       WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # storage config
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
-      STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # idp config
-      KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       KONNECTD_TLS: 'false'
     volumes:
       - ./config/ocis:/config

deployments/examples/ocis_keycloak/docker-compose.yml

@@ -46,7 +46,7 @@ services:
       default:
     environment:
       # general config
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
       # proxy config
       PROXY_AUTOPROVISION_ACCOUNTS: "true"
@@ -58,10 +58,7 @@ services:
       WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web}
       WEB_OIDC_METADATA_URL: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}/.well-known/openid-configuration
       WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # storage config
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
       STORAGE_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
       STORAGE_LDAP_IDP: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
       # thumbnail config

deployments/examples/ocis_traefik/docker-compose.yml

@@ -52,25 +52,16 @@ services:
       default:
     environment:
       # general config
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
       # proxy config
       PROXY_OIDC_INSECURE: "${INSECURE:-false}"
-      PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       PROXY_TLS: "false"
       # web config
-      WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/.well-known/openid-configuration
       WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
-      WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # storage config
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
-      STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
-      STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       # idp config
-      KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       KONNECTD_TLS: 'false'
       # thumbnail config
       THUMBNAILS_WEBDAVSOURCE_BASEURL: http://localhost:9200/remote.php/webdav/

deployments/examples/owncloud10_with_oc_web/config/oc10/config.php

@@ -32,7 +32,7 @@ function getConfigFromEnv() {
       0 => $domain
     ],
     'openid-connect' => [
-        'provider-url' => getenv('OCIS_DOMAIN'),
+        'provider-url' => getenv('OCIS_URL'),
         'client-id' => 'oc10',
         'client-secret' => 'super',
         'loginButtonName' => 'OpenId Connect',
@@ -50,8 +50,8 @@ function getConfigFromEnv() {
     'dbpassword' => getenv('OWNCLOUD_DB_PASSWORD'),
     'dbtableprefix' => getenv('OWNCLOUD_DB_PREFIX'),
 
-    'web.baseUrl' => getenv('OCIS_DOMAIN'),
-    'cors.allowed-domains' => [getenv('OCIS_DOMAIN')],
+    'web.baseUrl' => getenv('OCIS_URL'),
+    'cors.allowed-domains' => [getenv('OCIS_URL')],
 
     'log_type' => 'owncloud',
 

deployments/examples/owncloud10_with_oc_web/docker-compose.yml

@@ -63,20 +63,18 @@ services:
       default:
     environment:
       # general config
-      OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
       # proxy
       PROXY_AUTOPROVISION_ACCOUNTS: "true"
       PROXY_INSECURE_BACKENDS: "${INSECURE:-false}"
       PROXY_OIDC_INSECURE: "${INSECURE:-false}"
       PROXY_CONFIG_FILE: "/config/proxy-config.json"
       PROXY_ENABLE_PRESIGNEDURLS: "false"
-      PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       PROXY_TLS: "false"
       # konnectd - binddn must exist as oc10 admin user
       KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
       KONNECTD_INSECURE: "${INSECURE:-false}"
-      KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       KONNECTD_SIGNING_KID: super
       KONNECTD_TLS: 0
       LDAP_BASEDN: "dc=example,dc=org"
@@ -99,12 +97,8 @@ services:
       # web ui
       WEB_UI_CONFIG: "/config/config.json"
       # storage - although not used, yet
-      STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
       STORAGE_TRANSFER_EXPIRES: 86400
-      STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
-      STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
-      STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
     volumes:
       - ./config/ocis:/config
       - ocis-data:/var/tmp/ocis
@@ -129,7 +123,7 @@ services:
       - redis
     environment:
       PROXY_LOG_LEVEL: debug
-      OCIS_DOMAIN: https://${OCIS_DOMAIN:-ocis.owncloud.test}
+      OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OWNCLOUD_DOMAIN: ${OC10_DOMAIN:-oc10.owncloud.test}
       OWNCLOUD_DB_TYPE: mysql
       OWNCLOUD_DB_NAME: owncloud

docs/ocis/deployment/basic-remote-setup.md

@@ -58,13 +58,7 @@ You need to configure `your-host` in some services to provide the needed public
 
 ```bash
 PROXY_HTTP_ADDR=0.0.0.0:9200 \
-KONNECTD_ISS=https://your-server:9200 \
-REVA_OIDC_ISSUER=https://your-server:9200 \
-WEB_OIDC_AUTHORITY=https://your-server:9200 \
-WEB_UI_CONFIG_SERVER=https://your-server:9200 \
-WEB_OIDC_METADATA_URL=https://your-server:9200/.well-known/openid-configuration \
-REVA_DATAGATEWAY_URL=https://your-server:9200/data \
-REVA_FRONTEND_URL=https://your-server:9200 \
+OCIS_URL=https://your-server:9200 \
 PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \
 PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
 KONNECTD_TLS=0 \
@@ -93,8 +87,7 @@ cd compose-playground/compose/ocis
 sed -i -e 's/your-url/192.168.103.195/g' config/identifier-registration.yml
 
 cat << EOF > .env
-OCIS_BASE_URL=192.168.103.195
-OCIS_HTTP_PORT=9200
+OCIS_URL=https://192.168.103.195
 OCIS_DOCKER_TAG=latest
 EOF
 

konnectd/Makefile

@@ -92,9 +92,9 @@ generate: assets
 
 # TODO find a docker container with go and yarn so we can properly build assets in ci
 #assets: assets/identifier/static assets/identifier/index.html
-assets: static-assets
+assets: assets/identifier/static
 
-static-assets:
+assets/identifier/static:
 	mkdir -p assets/identifier/static
 	curl -o assets/identifier/static/logo.svg ${LOGO_URL}
 	curl -o assets/identifier/static/favicon.ico ${FAVICON_URL}

konnectd/assets/identifier-registration.yaml

@@ -7,15 +7,11 @@ clients:
     trusted: yes
     insecure: yes
     redirect_uris:
-      - https://localhost:9200/
-      - https://localhost:9200/oidc-callback.html
-      - https://localhost:9200/oidc-silent-redirect.html
-      - http://localhost:9100/
-      - http://localhost:9100/oidc-callback.html
-      - http://localhost:9100/oidc-silent-redirect.html
+      - {{OCIS_URL}}/
+      - {{OCIS_URL}}/oidc-callback.html
+      - {{OCIS_URL}}/oidc-silent-redirect.html
     origins:
-      - https://localhost:9200
-      - http://localhost:9100
+      - {{OCIS_URL}}
 
   - id: ocis-explorer.js
     name: oCIS Graph Explorer