set insecure options on deployment examples

owncloud · Nov 10, 2021 · a6b2ea9 · a6b2ea9
1 parent e35d4fd
commit a6b2ea9
Show file tree

Hide file tree

Showing 7 changed files with 77 additions and 7 deletions.
diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yml b/deployments/examples/cs3_users_ocis/docker-compose.yml
@@ -81,12 +81,22 @@ services:
       OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
       PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
       # change default secrets
       OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
       STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
       OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
     volumes:
       - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
       - ./config/ocis/web-config.dist.json:/config/web-config.dist.json

diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml
@@ -110,13 +110,23 @@ services:
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
       PROXY_LOG_LEVEL: ${PROXY_LOG_LEVEL:-error}
       OCIS_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test}
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
       PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
       PROXY_CONFIG_FILE: "/var/tmp/ocis/.config/proxy-config.json"
       # change default secrets
       OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
       STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
       OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
     volumes:
       - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
       - ./config/ocis/proxy-config.dist.json:/config/proxy-config.dist.json

diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml
@@ -53,7 +53,6 @@ services:
       OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
       PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
       # change default secrets
       IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
@@ -67,6 +66,17 @@ services:
       PROXY_CONFIG_FILE: "/var/tmp/ocis/.config/proxy-config.json"
       # make settings service available to oCIS Hello
       SETTINGS_GRPC_ADDR: 0.0.0.0:9191
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
     volumes:
       - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
       - ./config/ocis/web-config.dist.json:/config/web-config.dist.json

diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml
@@ -62,7 +62,6 @@ services:
       # general config
       OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
       PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
       ACCOUNTS_DEMO_USERS_AND_GROUPS: false # don't generate demo users
       # change default secrets
@@ -71,6 +70,17 @@ services:
       OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
       STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
       OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
     volumes:
       - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
       - ocis-data:/var/lib/ocis

diff --git a/deployments/examples/ocis_s3/docker-compose.yml b/deployments/examples/ocis_s3/docker-compose.yml
@@ -52,7 +52,6 @@ services:
     environment:
       OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
       PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
       # change default secrets
       IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
@@ -70,6 +69,17 @@ services:
       STORAGE_USERS_DRIVER_S3NG_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis}
       STORAGE_USERS_DRIVER_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key}
       STORAGE_USERS_DRIVER_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
     volumes:
       - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
       - ocis-data:/var/lib/ocis

diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml
@@ -52,14 +52,24 @@ services:
     environment:
       OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
       PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
       # change default secrets
       IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
       STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
       OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
       STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
       OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
     volumes:
       - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
       - ocis-data:/var/lib/ocis

diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml
@@ -58,7 +58,6 @@ services:
       OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
       OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
-      PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
       PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
       # change default secrets
       IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
@@ -69,6 +68,17 @@ services:
       # app registry
       STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
       STORAGE_APP_REGISTRY_MIMETYPES_JSON: /var/tmp/ocis/app-config/mimetypes.json
+      # INSECURE: needed if oCIS / Traefik is using self generated certificates
+      PROXY_OIDC_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}"
+      THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}"
+      STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
+      STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}"
+      STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}"
     volumes:
       - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
       - ./config/ocis/mimetypes.json:/var/tmp/ocis/app-config/mimetypes.json