diff --git a/docker-stack.yml b/docker-stack.yml index 33820b9..3f39f75 100644 --- a/docker-stack.yml +++ b/docker-stack.yml @@ -4,7 +4,7 @@ services: traefik: image: traefik:v2.9.1 networks: - - web + - ocis-net command: - --log.level=INFO - --api.dashboard=true @@ -38,9 +38,12 @@ services: condition: on-failure ocis: - image: owncloud/ocis:${OCIS_DOCKER_TAG} + image: owncloud/ocis:latest networks: - - web + - ocis-net + entrypoint: + - /bin/sh + command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://${OCIS_DOMAIN} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL} @@ -56,17 +59,183 @@ services: - ocis_data:/var/lib/ocis deploy: labels: - - traefik.enable=true - - traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`) - - traefik.http.routers.ocis.entrypoints=websecure - - traefik.http.routers.ocis.tls.certresolver=mytlschallenge + - "traefik.enable=true" + - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)" + - "traefik.http.routers.ocis.entrypoints=https" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.services.ocis.loadbalancer.server.port=9200" restart_policy: condition: on-failure -networks: - web: - external: true + ocis-appprovider-collabora: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + - ocis-net + command: app-provider server + environment: + # use the internal service name of the gateway + REVA_GATEWAY: ${REVA_GATEWAY:-com.owncloud.api.gateway} + APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164 + # configure the service name to avoid collision with onlyoffice + APP_PROVIDER_SERVICE_NAME: app-provider-collabora + # use the internal service name + APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-collabora + APP_PROVIDER_DRIVER: wopi + APP_PROVIDER_WOPI_APP_NAME: Collabora + APP_PROVIDER_WOPI_APP_ICON_URI: https://${COLLABORA_DOMAIN:-collabora.owncloud.test}/favicon.ico + APP_PROVIDER_WOPI_APP_URL: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} + APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" + APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + # share the registry with the ocis container + MICRO_REGISTRY: "mdns" + volumes: + - ocis-config:/etc/ocis + logging: + driver: "local" + restart: always + + ocis-appprovider-onlyoffice: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + - ocis-net + user: "0" # needed for apk add in entrypoint script + entrypoint: + - /bin/sh + - /entrypoint-override.sh + #command: app-provider server + environment: + # use the internal service name of the gateway + REVA_GATEWAY: ${REVA_GATEWAY:-com.owncloud.api.gateway} + APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164 + # configure the service name to avoid collision with collabora + APP_PROVIDER_SERVICE_NAME: app-provider-onlyoffice + # use the internal service name + APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-onlyoffice + APP_PROVIDER_DRIVER: wopi + APP_PROVIDER_WOPI_APP_NAME: OnlyOffice + APP_PROVIDER_WOPI_APP_ICON_URI: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico + APP_PROVIDER_WOPI_APP_URL: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + APP_PROVIDER_WOPI_INSECURE: "${INSECURE:-false}" + APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + # share the registry with the ocis container + MICRO_REGISTRY: "mdns" + volumes: + - ./config/ocis-appprovider-onlyoffice/entrypoint-override.sh:/entrypoint-override.sh + - ocis-config:/etc/ocis + logging: + driver: "local" + restart: always + + wopiserver: + image: cs3org/wopiserver:${WOPISERVER_DOCKER_TAG:-v10.2.2} + networks: + - ocis-net + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + WOPISERVER_INSECURE: "${INSECURE:-false}" + WOPISECRET: ${WOPI_JWT_SECRET:-LoremIpsum567} + WOPISERVER_DOMAIN: ${WOPISERVER_DOMAIN:-wopiserver.owncloud.test} + volumes: + - ./config/wopiserver/entrypoint-override.sh:/entrypoint-override.sh + - ./config/wopiserver/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist + - wopi-recovery:/var/spool/wopirecovery + labels: + - "traefik.enable=true" + - "traefik.http.routers.wopiserver.entrypoints=https" + - "traefik.http.routers.wopiserver.rule=Host(`${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}`)" + - "traefik.http.routers.wopiserver.tls.certresolver=http" + - "traefik.http.routers.wopiserver.service=wopiserver" + - "traefik.http.services.wopiserver.loadbalancer.server.port=8880" + logging: + driver: "local" + restart: always + + collabora: + image: collabora/code:23.05.5.2.1 + networks: + - ocis-net + environment: + aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.owncloud.test}:443 + DONT_GEN_SSL_CERT: "YES" + extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test} + username: ${COLLABORA_ADMIN_USER} + password: ${COLLABORA_ADMIN_PASSWORD} + cap_add: + - MKNOD + labels: + - "traefik.enable=true" + - "traefik.http.routers.collabora.entrypoints=https" + - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" + - "traefik.http.routers.collabora.tls.certresolver=http" + - "traefik.http.routers.collabora.service=collabora" + - "traefik.http.services.collabora.loadbalancer.server.port=9980" + logging: + driver: "local" + restart: always + + onlyoffice: + image: onlyoffice/documentserver:7.5.0 + networks: + - ocis-net + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + WOPI_ENABLED: "true" + USE_UNAUTHORIZED_STORAGE: "${INSECURE:-false}" # self signed certificates + volumes: + - ./config/onlyoffice/entrypoint-override.sh:/entrypoint-override.sh + - ./config/onlyoffice/local.json:/etc/onlyoffice/documentserver/local.dist.json + labels: + - "traefik.enable=true" + - "traefik.http.routers.onlyoffice.entrypoints=https" + - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)" + - "traefik.http.routers.onlyoffice.tls.certresolver=http" + - "traefik.http.routers.onlyoffice.service=onlyoffice" + - "traefik.http.services.onlyoffice.loadbalancer.server.port=80" + # websockets can't be opened when this is ommitted + - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.onlyoffice.middlewares=onlyoffice" + logging: + driver: "local" + restart: always + + tika: + image: ${TIKA_IMAGE:-apache/tika:latest-full} + networks: + - ocis-net + restart: always + + inbucket: + image: inbucket/inbucket + networks: + ocis-net: + entrypoint: + - /bin/sh + command: [ "-c", "apk add openssl; openssl req -subj '/CN=inbucket.test' -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/server.key -out /tmp/server.crt; /start-inbucket.sh" ] + environment: + INBUCKET_SMTP_TLSENABLED: "true" + INBUCKET_SMTP_TLSPRIVKEY: /tmp/server.key + INBUCKET_SMTP_TLSCERT: /tmp/server.crt + INBUCKET_STORAGE_MAILBOXMSGCAP: 1000 + labels: + - "traefik.enable=true" + - "traefik.http.routers.inbucket.entrypoints=https" + - "traefik.http.routers.inbucket.rule=Host(`${INBUCKET_DOMAIN:-mail.owncloud.test}`)" + - "traefik.http.routers.inbucket.tls.certresolver=http" + - "traefik.http.routers.inbucket.service=inbucket" + - "traefik.http.services.inbucket.loadbalancer.server.port=9000" + logging: + driver: "local" + restart: always + volumes: traefik_certs: ocis_data: + ocis-config: + wopi-recovery: