diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yml b/deployments/examples/cs3_users_ocis/docker-compose.yml index 501e4af7f46..1ff0a61ad6e 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yml @@ -81,12 +81,22 @@ services: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates PROXY_TLS: "false" # do not use SSL between Traefik and oCIS # change default secrets OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + PROXY_OIDC_INSECURE: "${INSECURE:-false}" + THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" + THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" + STORAGE_OIDC_INSECURE: "${INSECURE:-false}" + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/web-config.dist.json:/config/web-config.dist.json diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml index cd02bd92b81..66c6a4ce60d 100644 --- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml +++ b/deployments/examples/oc10_ocis_parallel/docker-compose.yml @@ -110,13 +110,23 @@ services: OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_LOG_LEVEL: ${PROXY_LOG_LEVEL:-error} OCIS_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test} - PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates PROXY_TLS: "false" # do not use SSL between Traefik and oCIS PROXY_CONFIG_FILE: "/var/tmp/ocis/.config/proxy-config.json" # change default secrets OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + PROXY_OIDC_INSECURE: "${INSECURE:-false}" + THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" + THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" + STORAGE_OIDC_INSECURE: "${INSECURE:-false}" + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/proxy-config.dist.json:/config/proxy-config.dist.json diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml index bde3af9d846..be4b88a3bdc 100644 --- a/deployments/examples/ocis_hello/docker-compose.yml +++ b/deployments/examples/ocis_hello/docker-compose.yml @@ -53,7 +53,6 @@ services: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates PROXY_TLS: "false" # do not use SSL between Traefik and oCIS # change default secrets IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} @@ -67,6 +66,17 @@ services: PROXY_CONFIG_FILE: "/var/tmp/ocis/.config/proxy-config.json" # make settings service available to oCIS Hello SETTINGS_GRPC_ADDR: 0.0.0.0:9191 + # INSECURE: needed if oCIS / Traefik is using self generated certificates + PROXY_OIDC_INSECURE: "${INSECURE:-false}" + THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" + THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" + STORAGE_OIDC_INSECURE: "${INSECURE:-false}" + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/web-config.dist.json:/config/web-config.dist.json diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index 00301fa35de..ae1fdb2672c 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -62,7 +62,6 @@ services: # general config OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates PROXY_TLS: "false" # do not use SSL between Traefik and oCIS ACCOUNTS_DEMO_USERS_AND_GROUPS: false # don't generate demo users # change default secrets @@ -71,6 +70,17 @@ services: OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + PROXY_OIDC_INSECURE: "${INSECURE:-false}" + THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" + THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" + STORAGE_OIDC_INSECURE: "${INSECURE:-false}" + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/lib/ocis diff --git a/deployments/examples/ocis_s3/docker-compose.yml b/deployments/examples/ocis_s3/docker-compose.yml index 51b3a7c5530..0effba9f327 100644 --- a/deployments/examples/ocis_s3/docker-compose.yml +++ b/deployments/examples/ocis_s3/docker-compose.yml @@ -52,7 +52,6 @@ services: environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates PROXY_TLS: "false" # do not use SSL between Traefik and oCIS # change default secrets IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} @@ -70,6 +69,17 @@ services: STORAGE_USERS_DRIVER_S3NG_ACCESS_KEY: ${MINIO_ACCESS_KEY:-ocis} STORAGE_USERS_DRIVER_S3NG_SECRET_KEY: ${MINIO_SECRET_KEY:-ocis-secret-key} STORAGE_USERS_DRIVER_S3NG_BUCKET: ${MINIO_BUCKET:-ocis-bucket} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + PROXY_OIDC_INSECURE: "${INSECURE:-false}" + THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" + THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" + STORAGE_OIDC_INSECURE: "${INSECURE:-false}" + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/lib/ocis diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index 029f718b249..7982533ba01 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -52,7 +52,6 @@ services: environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates PROXY_TLS: "false" # do not use SSL between Traefik and oCIS # change default secrets IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} @@ -60,6 +59,17 @@ services: OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} + # INSECURE: needed if oCIS / Traefik is using self generated certificates + PROXY_OIDC_INSECURE: "${INSECURE:-false}" + THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" + THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" + STORAGE_OIDC_INSECURE: "${INSECURE:-false}" + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/lib/ocis diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml index 473f9db5943..42bd8354ee4 100644 --- a/deployments/examples/ocis_wopi/docker-compose.yml +++ b/deployments/examples/ocis_wopi/docker-compose.yml @@ -58,7 +58,6 @@ services: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose - PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates PROXY_TLS: "false" # do not use SSL between Traefik and oCIS # change default secrets IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} @@ -69,6 +68,17 @@ services: # app registry STORAGE_GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers STORAGE_APP_REGISTRY_MIMETYPES_JSON: /var/tmp/ocis/app-config/mimetypes.json + # INSECURE: needed if oCIS / Traefik is using self generated certificates + PROXY_OIDC_INSECURE: "${INSECURE:-false}" + THUMBNAILS_WEBDAVSOURCE_INSECURE: "${INSECURE:-false}" + THUMBNAILS_CS3SOURCE_INSECURE: "${INSECURE:-false}" + STORAGE_OIDC_INSECURE: "${INSECURE:-false}" + STORAGE_HOME_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_METADATA_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_USERS_DATAPROVIDER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_OCDAV_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_ARCHIVER_INSECURE: "${INSECURE:-false}" + STORAGE_FRONTEND_APPPROVIDER_INSECURE: "${INSECURE:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/mimetypes.json:/var/tmp/ocis/app-config/mimetypes.json