diff --git a/.drone.star b/.drone.star index 40721e154b7..1c8873e94c5 100644 --- a/.drone.star +++ b/.drone.star @@ -1474,16 +1474,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = []): "IDP_IDENTIFIER_REGISTRATION_CONF": "/drone/src/tests/config/drone/identifier-registration.yml", "OCIS_LOG_LEVEL": "error", "SETTINGS_DATA_PATH": "/srv/app/tmp/ocis/settings", - "PROXY_OIDC_INSECURE": "true", - "THUMBNAILS_WEBDAVSOURCE_INSECURE": "true", - "THUMBNAILS_CS3SOURCE_INSECURE": "true", - "STORAGE_OIDC_INSECURE": "true", - "STORAGE_HOME_DATAPROVIDER_INSECURE": "true", - "STORAGE_METADATA_DATAPROVIDER_INSECURE": "true", - "STORAGE_USERS_DATAPROVIDER_INSECURE": "true", - "STORAGE_FRONTEND_OCDAV_INSECURE": "true", - "STORAGE_FRONTEND_ARCHIVER_INSECURE": "true", - "STORAGE_FRONTEND_APPPROVIDER_INSECURE": "true", + "OCIS_INSECURE": "true", } # Pass in "default" accounts_hash_difficulty to not set this environment variable. diff --git a/.vscode/launch.json b/.vscode/launch.json index 06ddad70601..011c22d18c8 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -18,16 +18,7 @@ // enable basic auth for dev setup so that we can use curl for testing "PROXY_ENABLE_BASIC_AUTH": "true", // set insecure options because we don't have valid certificates in dev environments - "PROXY_OIDC_INSECURE": "true", - "THUMBNAILS_WEBDAVSOURCE_INSECURE": "true", - "THUMBNAILS_CS3SOURCE_INSECURE": "true", - "STORAGE_OIDC_INSECURE": "true", - "STORAGE_HOME_DATAPROVIDER_INSECURE": "true", - "STORAGE_METADATA_DATAPROVIDER_INSECURE": "true", - "STORAGE_USERS_DATAPROVIDER_INSECURE": "true", - "STORAGE_FRONTEND_OCDAV_INSECURE": "true", - "STORAGE_FRONTEND_ARCHIVER_INSECURE": "true", - "STORAGE_FRONTEND_APPPROVIDER_INSECURE": "true", + "OCIS_INSECURE": "true", } }, ] diff --git a/changelog/unreleased/insecure-options.md b/changelog/unreleased/insecure-options.md index 5dde184e6af..3d66ab32f4c 100644 --- a/changelog/unreleased/insecure-options.md +++ b/changelog/unreleased/insecure-options.md @@ -1,4 +1,4 @@ -Enhancement: Make insecure options configurable +Change: Make insecure options configurable We had several hard-coded 'insecure' flags. These options are now configurable and default to false. Also we changed all other 'insecure' flags with a previous default of true to false. In development environments using self signed certs (the default) you need to set these flags: @@ -15,5 +15,11 @@ THUMBNAILS_CS3SOURCE_INSECURE=true THUMBNAILS_WEBDAVSOURCE_INSECURE=true ``` +As an alternative you also can set a single flag, which configures all options together: + +``` +OCIS_INSECURE=true +``` + https://github.com/owncloud/ocis/issues/2700 https://github.com/owncloud/ocis/pull/2745 diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yml b/deployments/examples/cs3_users_ocis/docker-compose.yml index 1ff0a61ad6e..e0a4dcc1e5b 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yml @@ -87,16 +87,7 @@ services: STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} # INSECURE: needed if oCIS / Traefik is using self generated certificates - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" - THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" + OCIS_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/web-config.dist.json:/config/web-config.dist.json diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml index 66c6a4ce60d..86b448a4f1f 100644 --- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml +++ b/deployments/examples/oc10_ocis_parallel/docker-compose.yml @@ -117,16 +117,7 @@ services: STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} # INSECURE: needed if oCIS / Traefik is using self generated certificates - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" - THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" + OCIS_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/proxy-config.dist.json:/config/proxy-config.dist.json diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml index be4b88a3bdc..d6c1c35f148 100644 --- a/deployments/examples/ocis_hello/docker-compose.yml +++ b/deployments/examples/ocis_hello/docker-compose.yml @@ -67,16 +67,7 @@ services: # make settings service available to oCIS Hello SETTINGS_GRPC_ADDR: 0.0.0.0:9191 # INSECURE: needed if oCIS / Traefik is using self generated certificates - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" - THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" + OCIS_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/web-config.dist.json:/config/web-config.dist.json diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index ae1fdb2672c..dd2be4da706 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -71,16 +71,7 @@ services: STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} # INSECURE: needed if oCIS / Traefik is using self generated certificates - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" - THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" + OCIS_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/lib/ocis diff --git a/deployments/examples/ocis_s3/docker-compose.yml b/deployments/examples/ocis_s3/docker-compose.yml index 0effba9f327..996262072ab 100644 --- a/deployments/examples/ocis_s3/docker-compose.yml +++ b/deployments/examples/ocis_s3/docker-compose.yml @@ -70,16 +70,7 @@ services: STORAGE_USERS_DRIVER_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key} STORAGE_USERS_DRIVER_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket} # INSECURE: needed if oCIS / Traefik is using self generated certificates - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" - THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" + OCIS_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/lib/ocis diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index 7982533ba01..53b8ca154c1 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -60,16 +60,7 @@ services: STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} # INSECURE: needed if oCIS / Traefik is using self generated certificates - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" - THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" + OCIS_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/lib/ocis diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml index 42bd8354ee4..cc2cc7dabe1 100644 --- a/deployments/examples/ocis_wopi/docker-compose.yml +++ b/deployments/examples/ocis_wopi/docker-compose.yml @@ -69,16 +69,7 @@ services: STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers STORAGE_APP_REGISTRY_MIMETYPES_JSON: /var/tmp/ocis/app-config/mimetypes.json # INSECURE: needed if oCIS / Traefik is using self generated certificates - PROXY_OIDC_INSECURE: "${INSECURE:-false}" - THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" - THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" - STORAGE_OIDC_INSECURE: "${INSECURE:-false}" - STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" - STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" + OCIS_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/mimetypes.json:/var/tmp/ocis/app-config/mimetypes.json diff --git a/docs/ocis/deployment/basic-remote-setup.md b/docs/ocis/deployment/basic-remote-setup.md index 96974c15381..6569309ab6b 100644 --- a/docs/ocis/deployment/basic-remote-setup.md +++ b/docs/ocis/deployment/basic-remote-setup.md @@ -29,9 +29,10 @@ For the following examples you need to have the oCIS binary in your current work ### Using automatically generated certificates -In order to run oCIS with automatically generated and self signed certificates please execute following command. You need to replace `your-host` with an IP or hostname. +In order to run oCIS with automatically generated and self signed certificates please execute following command. You need to replace `your-host` with an IP or hostname. Since you have only self signed certificates you need to have `OCIS_INSECURE` set to `true`. ```bash +OCIS_INSECURE=true \ PROXY_HTTP_ADDR=0.0.0.0:9200 \ OCIS_URL=https://your-host:9200 \ ./ocis server @@ -42,6 +43,7 @@ OCIS_URL=https://your-host:9200 \ If you have your own certificates already in place, you may want to make oCIS use them: ```bash +OCIS_INSECURE=false \ PROXY_HTTP_ADDR=0.0.0.0:9200 \ OCIS_URL=https://your-host:9200 \ PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \ @@ -49,6 +51,8 @@ PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \ ./ocis server ``` +If you generated these certificates on your own, you might need to set `OCIS_INSECURE` to `true`. + For more configuration options check the configuration section in [oCIS]({{< ref "../configuration" >}}) and the oCIS extensions. ## Start the oCIS fullstack server with Docker Compose diff --git a/docs/ocis/deployment/systemd.md b/docs/ocis/deployment/systemd.md index 716e690efa0..8ac0a1d8f27 100644 --- a/docs/ocis/deployment/systemd.md +++ b/docs/ocis/deployment/systemd.md @@ -45,6 +45,7 @@ In order to create the file we need first to create the folder `/etc/ocis/` and ``` OCIS_URL=https://some-hostname-or-ip:9200 PROXY_HTTP_ADDR=0.0.0.0:9200 +OCIS_INSECURE=false OCIS_LOG_LEVEL=error @@ -56,7 +57,7 @@ PROXY_TRANSPORT_TLS_CERT=/etc/ocis/proxy/server.crt PROXY_TRANSPORT_TLS_KEY=/etc/ocis/proxy/server.key ``` -Please change your `OCIS_URL` in order to reflect your actual deployment. +Please change your `OCIS_URL` in order to reflect your actual deployment. If you are using self signed certificates you need to set `OCIS_INSECURE=true` in `/etc/ocis/ocis.env`. ## Starting the oCIS service diff --git a/proxy/pkg/flagset/flagset.go b/proxy/pkg/flagset/flagset.go index 0d4b829923f..62e5f0d375d 100644 --- a/proxy/pkg/flagset/flagset.go +++ b/proxy/pkg/flagset/flagset.go @@ -210,7 +210,7 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag { Name: "oidc-insecure", Value: flags.OverrideDefaultBool(cfg.OIDC.Insecure, false), Usage: "OIDC allow insecure communication", - EnvVars: []string{"PROXY_OIDC_INSECURE"}, + EnvVars: []string{"PROXY_OIDC_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.OIDC.Insecure, }, &cli.IntFlag{ diff --git a/storage/pkg/flagset/authbearer.go b/storage/pkg/flagset/authbearer.go index 90b14b7af3f..d41a89558a2 100644 --- a/storage/pkg/flagset/authbearer.go +++ b/storage/pkg/flagset/authbearer.go @@ -32,7 +32,7 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag { Name: "oidc-insecure", Value: flags.OverrideDefaultBool(cfg.Reva.OIDC.Insecure, false), Usage: "OIDC allow insecure communication", - EnvVars: []string{"STORAGE_OIDC_INSECURE"}, + EnvVars: []string{"STORAGE_OIDC_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Reva.OIDC.Insecure, }, &cli.StringFlag{ diff --git a/storage/pkg/flagset/frontend.go b/storage/pkg/flagset/frontend.go index 928798c8ecd..3baa80ae292 100644 --- a/storage/pkg/flagset/frontend.go +++ b/storage/pkg/flagset/frontend.go @@ -123,7 +123,7 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag { Name: "approvider-insecure", Value: flags.OverrideDefaultBool(cfg.Reva.Frontend.AppProviderInsecure, false), Usage: "approvider insecure", - EnvVars: []string{"STORAGE_FRONTEND_APPPROVIDER_INSECURE"}, + EnvVars: []string{"STORAGE_FRONTEND_APPPROVIDER_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Reva.Frontend.AppProviderInsecure, }, &cli.StringFlag{ @@ -137,7 +137,7 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag { Name: "archiver-insecure", Value: flags.OverrideDefaultBool(cfg.Reva.Frontend.ArchiverInsecure, false), Usage: "archiver insecure", - EnvVars: []string{"STORAGE_FRONTEND_ARCHIVER_INSECURE"}, + EnvVars: []string{"STORAGE_FRONTEND_ARCHIVER_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Reva.Frontend.ArchiverInsecure, }, &cli.StringFlag{ @@ -165,7 +165,7 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag { Name: "ocdav-insecure", Value: flags.OverrideDefaultBool(cfg.Reva.Frontend.OCDavInsecure, false), Usage: "owncloud webdav insecure", - EnvVars: []string{"STORAGE_FRONTEND_OCDAV_INSECURE"}, + EnvVars: []string{"STORAGE_FRONTEND_OCDAV_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Reva.Frontend.OCDavInsecure, }, &cli.StringFlag{ diff --git a/storage/pkg/flagset/storagehome.go b/storage/pkg/flagset/storagehome.go index 2ec1b71ac7c..76eb53d70bb 100644 --- a/storage/pkg/flagset/storagehome.go +++ b/storage/pkg/flagset/storagehome.go @@ -134,7 +134,7 @@ func StorageHomeWithConfig(cfg *config.Config) []cli.Flag { Name: "dataprovider-insecure", Value: flags.OverrideDefaultBool(cfg.Reva.StorageHome.DataProvider.Insecure, false), Usage: "dataprovider insecure", - EnvVars: []string{"STORAGE_HOME_DATAPROVIDER_INSECURE"}, + EnvVars: []string{"STORAGE_HOME_DATAPROVIDER_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Reva.StorageHome.DataProvider.Insecure, }, diff --git a/storage/pkg/flagset/storagemetadata.go b/storage/pkg/flagset/storagemetadata.go index 10b07441ac9..4b80756f0a6 100644 --- a/storage/pkg/flagset/storagemetadata.go +++ b/storage/pkg/flagset/storagemetadata.go @@ -73,7 +73,7 @@ func StorageMetadata(cfg *config.Config) []cli.Flag { Name: "dataprovider-insecure", Value: flags.OverrideDefaultBool(cfg.Reva.StorageMetadata.DataProvider.Insecure, false), Usage: "dataprovider insecure", - EnvVars: []string{"STORAGE_METADATA_DATAPROVIDER_INSECURE"}, + EnvVars: []string{"STORAGE_METADATA_DATAPROVIDER_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Reva.StorageMetadata.DataProvider.Insecure, }, diff --git a/storage/pkg/flagset/storageusers.go b/storage/pkg/flagset/storageusers.go index 9c6e7d1ed77..6be58bc33ba 100644 --- a/storage/pkg/flagset/storageusers.go +++ b/storage/pkg/flagset/storageusers.go @@ -82,7 +82,7 @@ func StorageUsersWithConfig(cfg *config.Config) []cli.Flag { Name: "dataprovider-insecure", Value: flags.OverrideDefaultBool(cfg.Reva.StorageUsers.DataProvider.Insecure, false), Usage: "dataprovider insecure", - EnvVars: []string{"STORAGE_USERS_DATAPROVIDER_INSECURE"}, + EnvVars: []string{"STORAGE_USERS_DATAPROVIDER_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Reva.StorageUsers.DataProvider.Insecure, }, &cli.BoolFlag{ diff --git a/tests/acceptance/docker/src/ocis-base.yml b/tests/acceptance/docker/src/ocis-base.yml index 4154bd0d7cb..7cd72650c46 100644 --- a/tests/acceptance/docker/src/ocis-base.yml +++ b/tests/acceptance/docker/src/ocis-base.yml @@ -14,6 +14,7 @@ services: WEB_UI_CONFIG: /drone/src/tests/config/drone/ocis-config.json IDP_IDENTIFIER_REGISTRATION_CONF: /drone/src/tests/config/drone/identifier-registration.yml ACCOUNTS_HASH_DIFFICULTY: 4 + OCIS_INSECURE: "true" # s3ng specific settings STORAGE_USERS_DRIVER_S3NG_ENDPOINT: http://ceph:8080 STORAGE_USERS_DRIVER_S3NG_REGION: default diff --git a/thumbnails/pkg/flagset/flagset.go b/thumbnails/pkg/flagset/flagset.go index c9e0edc0de2..9efd680a11b 100644 --- a/thumbnails/pkg/flagset/flagset.go +++ b/thumbnails/pkg/flagset/flagset.go @@ -156,14 +156,14 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag { Name: "webdavsource-insecure", Value: flags.OverrideDefaultBool(cfg.Thumbnail.WebdavAllowInsecure, false), Usage: "Whether to skip certificate checks", - EnvVars: []string{"THUMBNAILS_WEBDAVSOURCE_INSECURE"}, + EnvVars: []string{"THUMBNAILS_WEBDAVSOURCE_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Thumbnail.WebdavAllowInsecure, }, &cli.BoolFlag{ Name: "cs3source-insecure", Value: flags.OverrideDefaultBool(cfg.Thumbnail.CS3AllowInsecure, false), Usage: "Whether to skip certificate checks", - EnvVars: []string{"THUMBNAILS_CS3SOURCE_INSECURE"}, + EnvVars: []string{"THUMBNAILS_CS3SOURCE_INSECURE", "OCIS_INSECURE"}, Destination: &cfg.Thumbnail.CS3AllowInsecure, }, &cli.StringSliceFlag{