Skip to content

Commit

Permalink
Merge pull request #1148 from owncloud/add_ocis_url_env
Browse files Browse the repository at this point in the history 
add OCIS_URL env var
  • Loading branch information
@butonic
butonic authored Dec 23, 2020
2 parents 335aa2d + 652448f commit 5689daf
Show file tree
Hide file tree
Showing 47 changed files with 249 additions and 368 deletions.
7 changes: 1 addition & 6 deletions .drone.star
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1407,25 +1407,20 @@ def frontend(module):
def ocisServer(storage, accounts_hash_difficulty = 4, volumes=[]):
environment = {
#'OCIS_LOG_LEVEL': 'debug',
'OCIS_URL': 'https://ocis-server:9200',
'STORAGE_HOME_DRIVER': '%s' % (storage),
'STORAGE_USERS_DRIVER': '%s' % (storage),
'STORAGE_DRIVER_OCIS_ROOT': '/srv/app/tmp/ocis/storage/users',
'STORAGE_DRIVER_LOCAL_ROOT': '/srv/app/tmp/ocis/local/root',
'STORAGE_METADATA_ROOT': '/srv/app/tmp/ocis/metadata',
'STORAGE_DRIVER_OWNCLOUD_DATADIR': '/srv/app/tmp/ocis/owncloud/data',
'STORAGE_DRIVER_OWNCLOUD_REDIS_ADDR': 'redis:6379',
'STORAGE_LDAP_IDP': 'https://ocis-server:9200',
'STORAGE_OIDC_ISSUER': 'https://ocis-server:9200',
'PROXY_OIDC_ISSUER': 'https://ocis-server:9200',
'STORAGE_HOME_DATA_SERVER_URL': 'http://ocis-server:9155/data',
'STORAGE_DATAGATEWAY_PUBLIC_URL': 'https://ocis-server:9200/data',
'STORAGE_USERS_DATA_SERVER_URL': 'http://ocis-server:9158/data',
'STORAGE_FRONTEND_PUBLIC_URL': 'https://ocis-server:9200',
'STORAGE_SHARING_USER_JSON_FILE': '/srv/app/tmp/ocis/shares.json',
'PROXY_ENABLE_BASIC_AUTH': True,
'WEB_UI_CONFIG': '/drone/src/tests/config/drone/ocis-config.json',
'KONNECTD_IDENTIFIER_REGISTRATION_CONF': '/drone/src/tests/config/drone/identifier-registration.yml',
'KONNECTD_ISS': 'https://ocis-server:9200',
'KONNECTD_TLS': 'true',
'OCIS_LOG_LEVEL': 'warn',
}
Expand Down
17 changes: 17 additions & 0 deletions changelog/unreleased/add-ocis-url-env.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
Enhancement: add OCIS_URL env var

Tags: ocis

We introduced a new environment variable `OCIS_URL` that expects a URL including protocol, host and optionally port to simplify configuring all the different services. These existing environment variables still take precedence, but will also fall back to `OCIS_URL`: `STORAGE_LDAP_IDP`, `STORAGE_OIDC_ISSUER`, `PROXY_OIDC_ISSUER`, `STORAGE_FRONTEND_PUBLIC_URL`, `KONNECTD_ISS`, `WEB_OIDC_AUTHORITY`, and `WEB_UI_CONFIG_SERVER`.

Some environment variables are now built dynamically if they are not set:
- `STORAGE_DATAGATEWAY_PUBLIC_URL` defaults to `<STORAGE_FRONTEND_PUBLIC_URL>/data`, also falling back to `OCIS_URL`
- `WEB_OIDC_METADATA_URL` defaults to `<WEB_OIDC_AUTHORITY>/.well-known/openid-configuration`, also falling back to `OCIS_URL`

Furthermore, the built in konnectd will generate an `identifier-registration.yaml` that uses the `KONNECTD_ISS` in the allowed `redirect_uris` and `origins`. It simplifies the default `https://localhost:9200` and remote deployment with `OCIS_URL` which is evaluated as a fallback if `KONNECTD_ISS` is not set.

An OCIS server can now be started on a remote machine as easy as `OCIS_URL=https://cloud.ocis.test PROXY_HTTP_ADDR=0.0.0.0:443 ocis server`.

Note that the `OCIS_DOMAIN` environment variable is not used by ocis, but by the docker containers.

https://github.com/owncloud/ocis/pull/1148
10 changes: 1 addition & 9 deletions deployments/examples/cs3_users_ocis/docker-compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,23 +73,15 @@ services:
STORAGE_LDAP_FINDFILTER: '(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
# General ocis config
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: error
# proxy config
PROXY_OIDC_INSECURE: "${INSECURE:-false}"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
PROXY_TLS: "false"
# web config
WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test}
WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/.well-known/openid-configuration
WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
# storage config
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
# idp config
KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
KONNECTD_TLS: 'false'
volumes:
- ./config/ocis:/config
Expand Down
5 changes: 1 addition & 4 deletions deployments/examples/ocis_keycloak/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ services:
default:
environment:
# general config
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
# proxy config
PROXY_AUTOPROVISION_ACCOUNTS: "true"
Expand All @@ -58,10 +58,7 @@ services:
WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web}
WEB_OIDC_METADATA_URL: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}/.well-known/openid-configuration
WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
# storage config
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
STORAGE_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
STORAGE_LDAP_IDP: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
# thumbnail config
Expand Down
11 changes: 1 addition & 10 deletions deployments/examples/ocis_traefik/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,25 +52,16 @@ services:
default:
environment:
# general config
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
# proxy config
PROXY_OIDC_INSECURE: "${INSECURE:-false}"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
PROXY_TLS: "false"
# web config
WEB_OIDC_AUTHORITY: https://${OCIS_DOMAIN:-ocis.owncloud.test}
WEB_OIDC_METADATA_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/.well-known/openid-configuration
WEB_UI_CONFIG_APPS: files,draw-io,markdown-editor,media-viewer
WEB_UI_CONFIG_SERVER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
# storage config
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
# idp config
KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
KONNECTD_TLS: 'false'
# thumbnail config
THUMBNAILS_WEBDAVSOURCE_BASEURL: http://localhost:9200/remote.php/webdav/
Expand Down
6 changes: 3 additions & 3 deletions deployments/examples/owncloud10_with_oc_web/config/oc10/config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ function getConfigFromEnv() {
0 => $domain
],
'openid-connect' => [
'provider-url' => getenv('OCIS_DOMAIN'),
'provider-url' => getenv('OCIS_URL'),
'client-id' => 'oc10',
'client-secret' => 'super',
'loginButtonName' => 'OpenId Connect',
Expand All @@ -50,8 +50,8 @@ function getConfigFromEnv() {
'dbpassword' => getenv('OWNCLOUD_DB_PASSWORD'),
'dbtableprefix' => getenv('OWNCLOUD_DB_PREFIX'),

'web.baseUrl' => getenv('OCIS_DOMAIN'),
'cors.allowed-domains' => [getenv('OCIS_DOMAIN')],
'web.baseUrl' => getenv('OCIS_URL'),
'cors.allowed-domains' => [getenv('OCIS_URL')],

'log_type' => 'owncloud',

Expand Down
10 changes: 2 additions & 8 deletions deployments/examples/owncloud10_with_oc_web/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,20 +63,18 @@ services:
default:
environment:
# general config
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error}
# proxy
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_INSECURE_BACKENDS: "${INSECURE:-false}"
PROXY_OIDC_INSECURE: "${INSECURE:-false}"
PROXY_CONFIG_FILE: "/config/proxy-config.json"
PROXY_ENABLE_PRESIGNEDURLS: "false"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
PROXY_TLS: "false"
# konnectd - binddn must exist as oc10 admin user
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
KONNECTD_INSECURE: "${INSECURE:-false}"
KONNECTD_ISS: https://${OCIS_DOMAIN:-ocis.owncloud.test}
KONNECTD_SIGNING_KID: super
KONNECTD_TLS: 0
LDAP_BASEDN: "dc=example,dc=org"
Expand All @@ -99,12 +97,8 @@ services:
# web ui
WEB_UI_CONFIG: "/config/config.json"
# storage - although not used, yet
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN:-ocis.owncloud.test}
STORAGE_OIDC_INSECURE: "${INSECURE:-false}"
STORAGE_TRANSFER_EXPIRES: 86400
STORAGE_FRONTEND_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
STORAGE_DATAGATEWAY_PUBLIC_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}/data
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN:-ocis.owncloud.test}
volumes:
- ./config/ocis:/config
- ocis-data:/var/tmp/ocis
Expand All @@ -129,7 +123,7 @@ services:
- redis
environment:
PROXY_LOG_LEVEL: debug
OCIS_DOMAIN: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OWNCLOUD_DOMAIN: ${OC10_DOMAIN:-oc10.owncloud.test}
OWNCLOUD_DB_TYPE: mysql
OWNCLOUD_DB_NAME: owncloud
Expand Down
11 changes: 2 additions & 9 deletions docs/ocis/deployment/basic-remote-setup.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,7 @@ You need to configure `your-host` in some services to provide the needed public

```bash
PROXY_HTTP_ADDR=0.0.0.0:9200 \
KONNECTD_ISS=https://your-server:9200 \
REVA_OIDC_ISSUER=https://your-server:9200 \
WEB_OIDC_AUTHORITY=https://your-server:9200 \
WEB_UI_CONFIG_SERVER=https://your-server:9200 \
WEB_OIDC_METADATA_URL=https://your-server:9200/.well-known/openid-configuration \
REVA_DATAGATEWAY_URL=https://your-server:9200/data \
REVA_FRONTEND_URL=https://your-server:9200 \
OCIS_URL=https://your-server:9200 \
PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \
PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
KONNECTD_TLS=0 \
Expand Down Expand Up @@ -93,8 +87,7 @@ cd compose-playground/compose/ocis
sed -i -e 's/your-url/192.168.103.195/g' config/identifier-registration.yml
cat << EOF > .env
OCIS_BASE_URL=192.168.103.195
OCIS_HTTP_PORT=9200
OCIS_URL=https://192.168.103.195
OCIS_DOCKER_TAG=latest
EOF
Expand Down
4 changes: 2 additions & 2 deletions konnectd/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,9 +92,9 @@ generate: assets

# TODO find a docker container with go and yarn so we can properly build assets in ci
#assets: assets/identifier/static assets/identifier/index.html
assets: static-assets
assets: assets/identifier/static

static-assets:
assets/identifier/static:
mkdir -p assets/identifier/static
curl -o assets/identifier/static/logo.svg ${LOGO_URL}
curl -o assets/identifier/static/favicon.ico ${FAVICON_URL}
Expand Down
12 changes: 4 additions & 8 deletions konnectd/assets/identifier-registration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,11 @@ clients:
trusted: yes
insecure: yes
redirect_uris:
- https://localhost:9200/
- https://localhost:9200/oidc-callback.html
- https://localhost:9200/oidc-silent-redirect.html
- http://localhost:9100/
- http://localhost:9100/oidc-callback.html
- http://localhost:9100/oidc-silent-redirect.html
- {{OCIS_URL}}/
- {{OCIS_URL}}/oidc-callback.html
- {{OCIS_URL}}/oidc-silent-redirect.html
origins:
- https://localhost:9200
- http://localhost:9100
- {{OCIS_URL}}

- id: ocis-explorer.js
name: oCIS Graph Explorer
Expand Down
Loading

0 comments on commit 5689daf

Please sign in to comment.