--- version: "3.7" services: traefik: image: traefik:v2.9.1 networks: ocis-net: aliases: - ${OCIS_DOMAIN:-ocis.owncloud.test} command: - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" # letsencrypt configuration - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - "--certificatesResolvers.http.acme.storage=/certs/acme.json" - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" # enable dashboard - "--api.dashboard=true" # define entrypoints - "--entryPoints.http.address=:80" - "--entryPoints.http.http.redirections.entryPoint.to=https" - "--entryPoints.http.http.redirections.entryPoint.scheme=https" - "--entryPoints.https.address=:443" # docker provider (get configuration from container labels) - "--providers.docker.endpoint=unix:///var/run/docker.sock" - "--providers.docker.exposedByDefault=false" # access log - "--accessLog=true" - "--accessLog.format=json" - "--accessLog.fields.headers.names.X-Request-Id=keep" ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "certs:/certs" labels: - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - "traefik.http.routers.traefik.entrypoints=https" - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - "traefik.http.routers.traefik.middlewares=traefik-auth" - "traefik.http.routers.traefik.tls.certresolver=http" - "traefik.http.routers.traefik.service=api@internal" logging: driver: "local" restart: always ocis: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} networks: ocis-net: entrypoint: - /bin/sh # run ocis init to initialize a configuration file with random secrets # it will fail on subsequent runs, because the config file already exists # therefore we ignore the error and then start the ocis server command: ["-c", "ocis init || true; ocis server"] environment: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" PROXY_TLS: "false" # do not use SSL between Traefik and oCIS # make settings service available to oCIS Hello SETTINGS_GRPC_ADDR: 0.0.0.0:9191 # INSECURE: needed if oCIS / Traefik is using self generated certificates OCIS_INSECURE: "${INSECURE:-false}" # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" # admin user password IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file # demo users IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" # password policies OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt" volumes: - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt - ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml - ./config/ocis/web.yaml:/etc/ocis/web.yaml - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: - "traefik.enable=true" - "traefik.http.routers.ocis.entrypoints=https" - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - "traefik.http.routers.ocis.tls.certresolver=http" - "traefik.http.routers.ocis.service=ocis" - "traefik.http.services.ocis.loadbalancer.server.port=9200" logging: driver: "local" restart: always ocis-hello: image: owncloud/ocis-hello:${OCIS_HELLO_DOCKER_TAG:-latest} networks: ocis-net: environment: OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} logging: driver: "local" restart: always volumes: certs: ocis-config: ocis-data: networks: ocis-net: