diff --git a/changelog/unreleased/add-debugging-doc.md b/changelog/unreleased/add-debugging-doc.md new file mode 100644 index 00000000000..54682a61d40 --- /dev/null +++ b/changelog/unreleased/add-debugging-doc.md @@ -0,0 +1,6 @@ +Enhancement: Add the Collaboration stack deployment + +Add the Collaboration stack deployment +Add the Collaboration stack debugging doc + +https://github.com/owncloud/ocis/pull/9113 diff --git a/deployments/examples/ocis_collaboraton/README.md b/deployments/examples/ocis_collaboraton/README.md new file mode 100644 index 00000000000..9216f98c242 --- /dev/null +++ b/deployments/examples/ocis_collaboraton/README.md @@ -0,0 +1,26 @@ +# Documentation +The documentation is incomplete because the Collaboration server is in a development state. + +# Infinite Scale Collaboration Deployment Example + +This deployment example of the oCIS with the new Collaboration server. + +## Overview + +* oCIS, Collaboration server, Collabora or OnlyOffice running behind Traefik as reverse proxy +* Collabora or OnlyOffice enable you to edit documents in your browser +* Collaboration server acts as a bridge to make the oCIS storage accessible to Collabora or OnlyOffice +* Traefik generating self-signed certificates for local setup or obtaining valid SSL certificates for a server setup +Please note: Against the stack that uses [wopiserver](https://owncloud.dev/ocis/deployment/ocis_wopi/), we don't need the app_provider anymore. The new Collaboration server now includes an app_provider. + +### Running + +```bash +docker compose -f docker-compose.collabora.yml up -d +``` + +```bash +docker compose -f docker-compose.onlyoffice.yml up -d +``` + +Also see the [Admin Documentation](https://doc.owncloud.com/ocis/latest/index.html) for administrative and more configuration details. diff --git a/deployments/examples/ocis_collaboraton/config/ocis/app-registry.yaml b/deployments/examples/ocis_collaboraton/config/ocis/app-registry.yaml new file mode 100644 index 00000000000..b7cf0decf9a --- /dev/null +++ b/deployments/examples/ocis_collaboraton/config/ocis/app-registry.yaml @@ -0,0 +1,65 @@ +app_registry: + mimetypes: + - mime_type: application/pdf + extension: pdf + name: PDF + description: PDF document + icon: '' + default_app: '' + allow_creation: false + - mime_type: application/vnd.oasis.opendocument.text + extension: odt + name: OpenDocument + description: OpenDocument text document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.oasis.opendocument.spreadsheet + extension: ods + name: OpenSpreadsheet + description: OpenDocument spreadsheet document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.oasis.opendocument.presentation + extension: odp + name: OpenPresentation + description: OpenDocument presentation document + icon: '' + default_app: Collabora + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.document + extension: docx + name: Microsoft Word + description: Microsoft Word document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.wordprocessingml.form + extension: docxf + name: Form Document + description: Form Document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + extension: xlsx + name: Microsoft Excel + description: Microsoft Excel document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.openxmlformats-officedocument.presentationml.presentation + extension: pptx + name: Microsoft PowerPoint + description: Microsoft PowerPoint document + icon: '' + default_app: OnlyOffice + allow_creation: true + - mime_type: application/vnd.jupyter + extension: ipynb + name: Jupyter Notebook + description: Jupyter Notebook + icon: '' + default_app: '' + allow_creation: true diff --git a/deployments/examples/ocis_collaboraton/config/ocis/banned-password-list.txt b/deployments/examples/ocis_collaboraton/config/ocis/banned-password-list.txt new file mode 100644 index 00000000000..aff7475f220 --- /dev/null +++ b/deployments/examples/ocis_collaboraton/config/ocis/banned-password-list.txt @@ -0,0 +1,5 @@ +password +12345678 +123 +ownCloud +ownCloud-1 diff --git a/deployments/examples/ocis_collaboraton/config/ocis/csp.yaml b/deployments/examples/ocis_collaboraton/config/ocis/csp.yaml new file mode 100644 index 00000000000..9852ebeae90 --- /dev/null +++ b/deployments/examples/ocis_collaboraton/config/ocis/csp.yaml @@ -0,0 +1,37 @@ +directives: + child-src: + - '''self''' + connect-src: + - '''self''' + default-src: + - '''none''' + font-src: + - '''self''' + frame-ancestors: + - '''self''' + frame-src: + - '''self''' + - 'https://embed.diagrams.net/' + # In contrary to bash and docker the default is given after the | character + - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.owncloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.owncloud.test}/' + img-src: + - '''self''' + - 'data:' + - 'blob:' + # In contrary to bash and docker the default is given after the | character + - 'https://${ONLYOFFICE_DOMAIN|onlyoffice.owncloud.test}/' + - 'https://${COLLABORA_DOMAIN|collabora.owncloud.test}/' + manifest-src: + - '''self''' + media-src: + - '''self''' + object-src: + - '''self''' + - 'blob:' + script-src: + - '''self''' + - '''unsafe-inline''' + style-src: + - '''self''' + - '''unsafe-inline''' diff --git a/deployments/examples/ocis_collaboraton/config/ocis/web.yaml b/deployments/examples/ocis_collaboraton/config/ocis/web.yaml new file mode 100644 index 00000000000..9ffff94810f --- /dev/null +++ b/deployments/examples/ocis_collaboraton/config/ocis/web.yaml @@ -0,0 +1,18 @@ +web: + config: + external_apps: + - id: preview + path: web-app-preview + config: + mimeTypes: + - image/tiff + - image/bmp + - image/x-ms-bmp + - id: importer + path: web-app-importer + config: + companionUrl: https://${COMPANION_DOMAIN|companion.owncloud.test} + supportedClouds: + - WebdavPublicLink + #- OneDrive # needs a client id and secret + #- GoogleDrive # needs a client id and secret and an addition to the DNS zone diff --git a/deployments/examples/ocis_collaboraton/config/onlyoffice/entrypoint-override.sh b/deployments/examples/ocis_collaboraton/config/onlyoffice/entrypoint-override.sh new file mode 100755 index 00000000000..60179dfe8ee --- /dev/null +++ b/deployments/examples/ocis_collaboraton/config/onlyoffice/entrypoint-override.sh @@ -0,0 +1,7 @@ +#!/bin/sh +set -e + +# we can't mount it directly because the run-document-server.sh script wants to move it +cp /etc/onlyoffice/documentserver/local.dist.json /etc/onlyoffice/documentserver/local.json + +/app/ds/run-document-server.sh diff --git a/deployments/examples/ocis_collaboraton/config/onlyoffice/local.json b/deployments/examples/ocis_collaboraton/config/onlyoffice/local.json new file mode 100755 index 00000000000..0db571fad42 --- /dev/null +++ b/deployments/examples/ocis_collaboraton/config/onlyoffice/local.json @@ -0,0 +1,71 @@ +{ + "services": { + "CoAuthoring": { + "sql": { + "type": "postgres", + "dbHost": "localhost", + "dbPort": "5432", + "dbName": "onlyoffice", + "dbUser": "onlyoffice", + "dbPass": "onlyoffice" + }, + "token": { + "enable": { + "request": { + "inbox": true, + "outbox": true + }, + "browser": true + }, + "inbox": { + "header": "Authorization" + }, + "outbox": { + "header": "Authorization" + } + }, + "secret": { + "inbox": { + "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu" + }, + "outbox": { + "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu" + }, + "session": { + "string": "B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu" + } + } + } + }, + "rabbitmq": { + "url": "amqp://guest:guest@localhost" + }, + "FileConverter": { + "converter": { + "inputLimits": [ + { + "type": "docx;dotx;docm;dotm", + "zip": { + "uncompressed": "1GB", + "template": "*.xml" + } + }, + { + "type": "xlsx;xltx;xlsm;xltm", + "zip": { + "uncompressed": "1GB", + "template": "*.xml" + } + }, + { + "type": "pptx;ppsx;potx;pptm;ppsm;potm", + "zip": { + "uncompressed": "1GB", + "template": "*.xml" + } + } + ] + } + } + +} diff --git a/deployments/examples/ocis_collaboraton/docker-compose.collabora.yml b/deployments/examples/ocis_collaboraton/docker-compose.collabora.yml new file mode 100644 index 00000000000..b52af933490 --- /dev/null +++ b/deployments/examples/ocis_collaboraton/docker-compose.collabora.yml @@ -0,0 +1,204 @@ +--- +version: "3.7" + +services: + traefik: + image: traefik:v2.9.1 + networks: + ocis-net: + aliases: + - ${OCIS_DOMAIN:-ocis.owncloud.test} + - ${collaboration_DOMAIN:-collaboration.owncloud.test} + - ${COLLABORA_DOMAIN:-collabora.owncloud.test} + - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + - ${COMPANION_DOMAIN:-companion.owncloud.test} + command: + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" + - "--certificatesResolvers.http.acme.storage=/certs/acme.json" + - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + - "--certificatesresolvers.http.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}" + # enable dashboard + - "--api.dashboard=true" + # define entrypoints + - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" + - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.exposedByDefault=false" + # access log + - "--accessLog=true" + - "--accessLog.format=json" + - "--accessLog.fields.headers.names.X-Request-Id=keep" + ports: + - "80:80" + - "443:443" + volumes: + - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro" + - "certs:/certs" + labels: + - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + ocis: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + entrypoint: + - /bin/sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: [ "-c", "ocis init || true; ocis server" ] + environment: + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} + OCIS_LOG_COLOR: ${OCIS_LOG_COLOR:-false} + PROXY_TLS: "false" # do not use SSL between Traefik and oCIS + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: ${INSECURE:-false} + # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) + PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file + # demo users + IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" + MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233 + NATS_NATS_HOST: 0.0.0.0 + NATS_NATS_PORT: 9233 + PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml + COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} + ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + # make collabora the secure view app + FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.app-provider-collabora + volumes: + - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml + - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml + - ./config/ocis/web.yaml:/etc/ocis/web.yaml + - ocis-config:/etc/ocis + - ocis-data:/var/lib/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.ocis.entrypoints=https" + - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" + - "traefik.http.services.ocis.loadbalancer.server.port=9200" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + collaboration: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + depends_on: + collabora: + condition: service_healthy + entrypoint: + - /bin/sh + command: [ "-c", "ocis collaboration server" ] + environment: + COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 + COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "ocis:9233" + COLLABORATION_WOPI_SRC: https://${COLLABORATION_DOMAIN:-collaboration.owncloud.test} + COLLABORATION_WOPI_SECRET: LoremIpsum567 + COLLABORATION_APP_NAME: "Collabora" + COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.owncloud.test} + COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.owncloud.test/favicon.ico} + COLLABORATION_APP_INSECURE: ${INSECURE:-false} + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: ${INSECURE:-false} + COLLABORATION_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} + OCIS_LOG_COLOR: ${OCIS_LOG_COLOR:-false} + OCIS_RUNTIME_HOST: "ocis" + OCIS_CONFIG_DIR: /etc/ocis/ + volumes: + - ocis-config:/etc/ocis + - ocis-data:/var/lib/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.collaboration.entrypoints=https" + - "traefik.http.routers.collaboration.rule=Host(`collaboration.${DOMAIN:-owncloud.test}`)" + - "traefik.http.routers.collaboration.tls.certresolver=http" + - "traefik.http.routers.collaboration.service=collaboration" + - "traefik.http.services.collaboration.loadbalancer.server.port=9300" + logging: + driver: "local" + restart: always + + collabora: + image: collabora/code:23.05.5.2.1 + networks: + ocis-net: + environment: + aliasgroup1: https://collaboration.owncloud.test:443 + DONT_GEN_SSL_CERT: "YES" + extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${OCIS_DOMAIN:-ocis.owncloud.test} + username: ${COLLABORA_ADMIN_USER} + password: ${COLLABORA_ADMIN_PASSWORD} + cap_add: + - MKNOD + labels: + - "traefik.enable=true" + - "traefik.http.routers.collabora.entrypoints=https" + - "traefik.http.routers.collabora.rule=Host(`${COLLABORA_DOMAIN:-collabora.owncloud.test}`)" + - "traefik.http.routers.collabora.tls.certresolver=http" + - "traefik.http.routers.collabora.service=collabora" + - "traefik.http.services.collabora.loadbalancer.server.port=9980" + # websockets can't be opend when this is ommitted + - "traefik.http.middlewares.collabora.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.collabora.middlewares=collabora" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:9980/hosting/discovery" ] + + companion: + image: ${COMPANION_IMAGE:-transloadit/companion:4.5.1} + networks: + ocis-net: + environment: + NODE_ENV: production + NODE_TLS_REJECT_UNAUTHORIZED: 0 + COMPANION_DATADIR: /tmp/companion/ + COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} + COMPANION_PROTOCOL: https + COMPANION_UPLOAD_URLS: "^https://${OCIS_DOMAIN:-ocis.owncloud.test}/" + COMPANION_ONEDRIVE_KEY: "${COMPANION_ONEDRIVE_KEY}" + COMPANION_ONEDRIVE_SECRET: "${COMPANION_ONEDRIVE_SECRET}" + volumes: + - companion-data:/tmp/companion/ + labels: + - "traefik.enable=true" + - "traefik.http.routers.companion.entrypoints=https" + - "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.owncloud.test}`)" + - "traefik.http.routers.companion.tls.certresolver=http" + - "traefik.http.routers.companion.service=companion" + - "traefik.http.services.companion.loadbalancer.server.port=3020" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + certs: + ocis-config: + ocis-data: + companion-data: + +networks: + ocis-net: diff --git a/deployments/examples/ocis_collaboraton/docker-compose.onlyoffice.yml b/deployments/examples/ocis_collaboraton/docker-compose.onlyoffice.yml new file mode 100644 index 00000000000..0acc5497f7b --- /dev/null +++ b/deployments/examples/ocis_collaboraton/docker-compose.onlyoffice.yml @@ -0,0 +1,205 @@ +--- +version: "3.7" + +services: + traefik: + image: traefik:v2.9.1 + networks: + ocis-net: + aliases: + - ${OCIS_DOMAIN:-ocis.owncloud.test} + - ${COLLABORATION_DOMAIN:-collaboration.owncloud.test} + - ${COLLABORA_DOMAIN:-collabora.owncloud.test} + - ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + - ${COMPANION_DOMAIN:-companion.owncloud.test} + command: + - "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" + # letsencrypt configuration + - "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" + - "--certificatesResolvers.http.acme.storage=/certs/acme.json" + - "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" + - "--certificatesresolvers.http.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}" + # enable dashboard + - "--api.dashboard=true" + # define entrypoints + - "--entryPoints.http.address=:80" + - "--entryPoints.http.http.redirections.entryPoint.to=https" + - "--entryPoints.http.http.redirections.entryPoint.scheme=https" + - "--entryPoints.https.address=:443" + # docker provider (get configuration from container labels) + - "--providers.docker.endpoint=unix:///var/run/docker.sock" + - "--providers.docker.exposedByDefault=false" + # access log + - "--accessLog=true" + - "--accessLog.format=json" + - "--accessLog.fields.headers.names.X-Request-Id=keep" + ports: + - "80:80" + - "443:443" + volumes: + - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro" + - "certs:/certs" + labels: + - "traefik.enable=${TRAEFIK_DASHBOARD:-false}" + - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin + - "traefik.http.routers.traefik.entrypoints=https" + - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" + - "traefik.http.routers.traefik.middlewares=traefik-auth" + - "traefik.http.routers.traefik.tls.certresolver=http" + - "traefik.http.routers.traefik.service=api@internal" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + ocis: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + entrypoint: + - /bin/sh + # run ocis init to initialize a configuration file with random secrets + # it will fail on subsequent runs, because the config file already exists + # therefore we ignore the error and then start the ocis server + command: [ "-c", "ocis init || true; ocis server" ] + environment: + OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} + OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} + OCIS_LOG_COLOR: ${OCIS_LOG_COLOR:-false} + PROXY_TLS: "false" # do not use SSL between Traefik and oCIS + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers + # INSECURE: needed if oCIS / Traefik is using self generated certificates + OCIS_INSECURE: ${INSECURE:-false} + # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) + PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file + # demo users + IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" + MICRO_REGISTRY_ADDRESS: 127.0.0.1:9233 + NATS_NATS_HOST: 0.0.0.0 + NATS_NATS_PORT: 9233 + PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml + COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.owncloud.test} + ONLYOFFICE_DOMAIN: ${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + # make collabora the secure view app + FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: com.owncloud.api.app-provider-collabora + volumes: + - ./config/ocis/app-registry.yaml:/etc/ocis/app-registry.yaml + - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml + - ./config/ocis/web.yaml:/etc/ocis/web.yaml + - ocis-config:/etc/ocis + - ocis-data:/var/lib/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.ocis.entrypoints=https" + - "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" + - "traefik.http.routers.ocis.tls.certresolver=http" + - "traefik.http.routers.ocis.service=ocis" + - "traefik.http.services.ocis.loadbalancer.server.port=9200" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + + collaboration: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + depends_on: + onlyoffice: + condition: service_healthy + entrypoint: + - /bin/sh + command: [ "-c", "ocis collaboration server" ] + environment: + COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 + COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "ocis:9233" + COLLABORATION_WOPI_SRC: https://${COLLABORATION_DOMAIN:-collaboration.owncloud.test} + COLLABORATION_WOPI_SECRET: LoremIpsum567 + COLLABORATION_APP_NAME: "OnlyOffice" + COLLABORATION_APP_ADDR: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test} + COLLABORATION_APP_ICON: https://${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test/favicon.ico} + COLLABORATION_APP_INSECURE: ${INSECURE:-false} + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: ${INSECURE:-false} + COLLABORATION_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} + OCIS_LOG_COLOR: ${OCIS_LOG_COLOR:-false} + OCIS_RUNTIME_HOST: "ocis" + OCIS_CONFIG_DIR: /etc/ocis/ + volumes: + - ocis-config:/etc/ocis + - ocis-data:/var/lib/ocis + labels: + - "traefik.enable=true" + - "traefik.http.routers.collaboration.entrypoints=https" + - "traefik.http.routers.collaboration.rule=Host(`collaboration.${DOMAIN:-owncloud.test}`)" + - "traefik.http.routers.collaboration.tls.certresolver=http" + - "traefik.http.routers.collaboration.service=collaboration" + - "traefik.http.services.collaboration.loadbalancer.server.port=9300" + logging: + driver: "local" + restart: always + + onlyoffice: + image: onlyoffice/documentserver:7.5.0 + networks: + ocis-net: + entrypoint: + - /bin/sh + - /entrypoint-override.sh + environment: + WOPI_ENABLED: "true" + USE_UNAUTHORIZED_STORAGE: ${INSECURE:-false} # self signed certificates + volumes: + - ./config/onlyoffice/entrypoint-override.sh:/entrypoint-override.sh + - ./config/onlyoffice/local.json:/etc/onlyoffice/documentserver/local.dist.json + labels: + - "traefik.enable=true" + - "traefik.http.routers.onlyoffice.entrypoints=https" + - "traefik.http.routers.onlyoffice.rule=Host(`${ONLYOFFICE_DOMAIN:-onlyoffice.owncloud.test}`)" + - "traefik.http.routers.onlyoffice.tls.certresolver=http" + - "traefik.http.routers.onlyoffice.service=onlyoffice" + - "traefik.http.services.onlyoffice.loadbalancer.server.port=80" + # websockets can't be opend when this is ommitted + - "traefik.http.middlewares.onlyoffice.headers.customrequestheaders.X-Forwarded-Proto=https" + - "traefik.http.routers.onlyoffice.middlewares=onlyoffice" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost/hosting/discovery" ] + + companion: + image: ${COMPANION_IMAGE:-transloadit/companion:4.5.1} + networks: + ocis-net: + environment: + NODE_ENV: production + NODE_TLS_REJECT_UNAUTHORIZED: 0 + COMPANION_DATADIR: /tmp/companion/ + COMPANION_DOMAIN: ${COMPANION_DOMAIN:-companion.owncloud.test} + COMPANION_PROTOCOL: https + COMPANION_UPLOAD_URLS: "^https://${OCIS_DOMAIN:-ocis.owncloud.test}/" + COMPANION_ONEDRIVE_KEY: "${COMPANION_ONEDRIVE_KEY}" + COMPANION_ONEDRIVE_SECRET: "${COMPANION_ONEDRIVE_SECRET}" + volumes: + - companion-data:/tmp/companion/ + labels: + - "traefik.enable=true" + - "traefik.http.routers.companion.entrypoints=https" + - "traefik.http.routers.companion.rule=Host(`${COMPANION_DOMAIN:-companion.owncloud.test}`)" + - "traefik.http.routers.companion.tls.certresolver=http" + - "traefik.http.routers.companion.service=companion" + - "traefik.http.services.companion.loadbalancer.server.port=3020" + logging: + driver: ${LOG_DRIVER:-local} + restart: always + +volumes: + certs: + ocis-config: + ocis-data: + companion-data: + +networks: + ocis-net: diff --git a/deployments/examples/ocis_collaboraton/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_collaboraton/monitoring_tracing/docker-compose-additions.yml new file mode 100644 index 00000000000..47839287163 --- /dev/null +++ b/deployments/examples/ocis_collaboraton/monitoring_tracing/docker-compose-additions.yml @@ -0,0 +1,36 @@ +--- +version: "3.7" + +services: + ocis: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: "jaeger" + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + # if oCIS runs as a single process, all /metrics endpoints + # will expose the same metrics, so it's sufficient to query one endpoint + PROXY_DEBUG_ADDR: 0.0.0.0:9205 + + ocis-appprovider-collabora: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: "jaeger" + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 + + ocis-appprovider-onlyoffice: + environment: + # tracing + OCIS_TRACING_ENABLED: "true" + OCIS_TRACING_TYPE: "jaeger" + OCIS_TRACING_ENDPOINT: jaeger-agent:6831 + # metrics + APP_PROVIDER_DEBUG_ADDR: 0.0.0.0:9165 + +networks: + ocis-net: + external: true diff --git a/docs/ocis/development/debugging.md b/docs/ocis/development/debugging.md index 3d9c25add3d..b597f1844ef 100644 --- a/docs/ocis/development/debugging.md +++ b/docs/ocis/development/debugging.md @@ -147,8 +147,8 @@ make debug-docker ```bash export OCIS_DOCKER_TAG=debug ``` -3. Change the docker-compose `ocis` or `ocis-appprovider-collabora` or `ocis-appprovider-onlyoffice` depends on what do you want to debug: -For example `deployments/examples/ocis_wopi/docker-compose.yml` +3. Change the docker-compose `ocis` or `ocis-appprovider-collabora` or `ocis-appprovider-onlyoffice` or `collaboration` depends on what do you want to debug: +Example for `ocis` `deployments/examples/ocis_wopi/docker-compose.yml` ```yaml ocis: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} @@ -156,13 +156,34 @@ For example `deployments/examples/ocis_wopi/docker-compose.yml` ocis-net: entrypoint: - /bin/sh -# Comment out command +# Comment out the command # command: ["-c", "ocis init || true; ocis server"] # Replace the command and expose the port - command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ] + command: [ "-c", "ocis init || true; dlv --listen=:40000 --headless=true --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis server" ] ports: - 40000:40000 ``` + +Example for `Collaboration server` `deployments/examples/ocis_collaboration/docker-compose.collabora.yml` +Please note: Against the stack that uses [cs3org/wopiserver](https://github.com/cs3org/wopiserver), we don't need the app_provider anymore. The new collaboration server now includes the wopiserver and app_provider. +```yaml + collaboration: + image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} + networks: + ocis-net: + depends_on: + collabora: + condition: service_healthy + entrypoint: + - /bin/sh +# Comment out the command +# command: [ "-c", "ocis collaboration server" ] +# Replace the command and expose the port + command: [ "-c", " dlv --listen=:40000 --headless=true --check-go-version=false --api-version=2 --accept-multiclient exec /usr/bin/ocis collaboration server" ] + ports: + - 40000:40000 +``` + 4. Run the docker-compose 5. Connect to remote `delve` * For the VS Code add the configuration to the `.vscode/launch.json` [https://github.com/golang/vscode-go/wiki/debugging#remote-debugging](https://github.com/golang/vscode-go/wiki/debugging#remote-debugging) @@ -179,8 +200,7 @@ For example `deployments/examples/ocis_wopi/docker-compose.yml` }, ``` - -### Gather error messages +### Gather Error Messages We recommend you collect all related information in a single file or in a GitHub issue. Let us start with an error that pops up in the Web UI: diff --git a/ocis/docker/Dockerfile.linux.amd64 b/ocis/docker/Dockerfile.linux.amd64 index 6b00eda1a6b..99b044675af 100644 --- a/ocis/docker/Dockerfile.linux.amd64 +++ b/ocis/docker/Dockerfile.linux.amd64 @@ -3,7 +3,7 @@ FROM amd64/alpine:3.18 ARG VERSION="" ARG REVISION="" -RUN apk add --no-cache ca-certificates mailcap tree attr curl && \ +RUN apk add --no-cache ca-certificates mailcap tree attr curl libc6-compat && \ echo 'hosts: files dns' >| /etc/nsswitch.conf LABEL maintainer="ownCloud GmbH " \