ocis-deployment/docker-compose.yml

version: '3.5'

services:
  ocis:
    image: owncloud/ocis
    expose: [ 9200, 9142 ]
    volumes:
      - type: bind
        source: ./mounts/config
        target: /etc/ocis
      - type: bind
        source: ./mounts/data
        target: /var/lib/ocis
    environment:
      OCIS_INSECURE: 'true'
      PROXY_HTTP_ADDR: 0.0.0.0:9200
      PROXY_TLS: false
      OCIS_URL: https://${PUBLIC_URL}

      # fulltext search
      SEARCH_EXTRACTOR_TYPE: tika
      SEARCH_EXTRACTOR_TIKA_TIKA_URL: http://search-engine:9998
      FRONTEND_FULL_TEXT_SEARCH_ENABLED: "true"

      # another obviously good choice for $MICRO_REGISTRY if mdns becomes
      # problematic is "etcd", by adding an etcd service and setting
      # $MICRO_REGISTRY_ADDRESS, $ETCD_USERNAME, and $ETCD_PASSWORD.
      # https://github.com/owncloud/ocis/blob/b0ac9840dff00a2527b2e8df86bebcd12632104c/ocis/README.md?plain=1#L18
      MICRO_REGISTRY: mdns
      # https://github.com/owncloud/ocis/blob/master/deployments/examples/ocis_wopi/docker-compose.yml#L67
      GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
    networks:
      - web
      - internal
      - app-provider-net
    labels:
      traefik.http.routers.ocis.rule: Host(`${PUBLIC_URL}`)
      traefik.http.routers.ocis.service: ocis
      traefik.http.services.ocis.loadbalancer.server.port: 9200
      traefik.http.routers.ocis.tls: true
      traefik.http.routers.ocis.tls.certresolver: letsencrypt
      traefik.enable: true
    depends_on: [ search-engine ]
    restart: unless-stopped

  search-engine:
    image: apache/tika:latest-full
    networks: [ internal ]
    restart: always

  app-provider:
    image: owncloud/ocis
    networks: [ app-provider-net ]
    command: app-provider server
    environment:
      # use the internal service name of the gateway https://github.com/owncloud/ocis/blob/b0ac9840dff00a2527b2e8df86bebcd12632104c/deployments/examples/ocis_wopi/docker-compose.yml#L109-L110C37
      REVA_GATEWAY: com.owncloud.api.gateway
      APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164
      # use the internal service name
      APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-collabora
      APP_PROVIDER_DRIVER: wopi
      APP_PROVIDER_WOPI_APP_NAME: Collabora
      APP_PROVIDER_WOPI_APP_ICON_URI: https://office.${PUBLIC_URL}/favicon.ico
      APP_PROVIDER_WOPI_APP_URL: https://office.${PUBLIC_URL}
      APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://wopi.${PUBLIC_URL}
      APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${PUBLIC_URL}
      # share the registry with the ocis container
      MICRO_REGISTRY: "mdns"
    volumes:
      - type: bind
        source: ./mounts/config
        target: /etc/ocis
    restart: unless-stopped
    depends_on: [ ocis ]
  
  wopiserver:
    image: cs3org/wopiserver
    networks:
      - web
      - app-provider-net
    environment:
      PUBLIC_URL: ${PUBLIC_URL}
    entrypoint:
      - /bin/sh
      - /entrypoint-override.sh
    volumes:
      - type: bind
        source: ./mounts/wopi/wopiserver.conf
        target: /etc/wopi/wopiserver.conf.dist
        read_only: true
      - type: bind
        source: ./mounts/wopi/entrypoint.sh
        target: /entrypoint-override.sh
        read_only: true
      - type: bind
        source: ./mounts/wopi/wopi.secret
        target: /etc/wopi/wopi.secret
        read_only: true
      - type: bind
        source: ./mounts/wopi/recovery
        target: /var/spool/wopirecovery
    labels:
      traefik.enable: true
      traefik.http.routers.wopiserver.entrypoints: websecure
      traefik.http.routers.wopiserver.rule: Host(`wopi.${PUBLIC_URL}`)
      traefik.http.routers.wopiserver.tls.certresolver: letsencrypt
      traefik.http.routers.wopiserver.service: wopiserver
      traefik.http.services.wopiserver.loadbalancer.server.port: 8880
    restart: unless-stopped
  
  collabora:
    image: collabora/code
    networks:
      - web
      - app-provider-net
    environment:
      aliasgroup1: https://wopi.${PUBLIC_URL}:443
      DONT_GEN_SSL_CERT: "YES"
      extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${PUBLIC_URL}
      username: ${COLLABORA_ADMIN_USER}
      password: ${COLLABORA_ADMIN_PASSWORD}
    cap_add:
      - MKNOD
    labels:
      traefik.enable: true
      traefik.http.routers.collabora.entrypoints: websecure
      traefik.http.routers.collabora.rule: Host(`office.${PUBLIC_URL}`)
      traefik.http.routers.collabora.tls.certresolver: letsencrypt
      traefik.http.routers.collabora.service: collabora
      traefik.http.services.collabora.loadbalancer.server.port: 9980
    restart: unless-stopped

networks:
  web:
    external: true
  internal:
    internal: true
  # The app-provider needs to be able to reach out to the internet
  app-provider-net:
initial state, working locally 2023-09-01 15:46:27 -04:00			`version: '3.5'`

			`services:`
			`ocis:`
			`image: owncloud/ocis`
Enable Collabora/WOPI/office suite 2023-09-16 14:52:56 -04:00			`expose: [ 9200, 9142 ]`
initial state, working locally 2023-09-01 15:46:27 -04:00			`volumes:`
			`- type: bind`
			`source: ./mounts/config`
			`target: /etc/ocis`
			`- type: bind`
			`source: ./mounts/data`
			`target: /var/lib/ocis`
			`environment:`
			`OCIS_INSECURE: 'true'`
			`PROXY_HTTP_ADDR: 0.0.0.0:9200`
change to public-facing config behind traefik 2023-09-02 07:17:07 -04:00			`PROXY_TLS: false`
			`OCIS_URL: https://${PUBLIC_URL}`
Enable Collabora/WOPI/office suite 2023-09-16 14:52:56 -04:00
Add Tika full-text search 2023-09-16 09:06:35 -04:00			`# fulltext search`
			`SEARCH_EXTRACTOR_TYPE: tika`
			`SEARCH_EXTRACTOR_TIKA_TIKA_URL: http://search-engine:9998`
			`FRONTEND_FULL_TEXT_SEARCH_ENABLED: "true"`
Enable Collabora/WOPI/office suite 2023-09-16 14:52:56 -04:00
			`# another obviously good choice for $MICRO_REGISTRY if mdns becomes`
			`# problematic is "etcd", by adding an etcd service and setting`
			`# $MICRO_REGISTRY_ADDRESS, $ETCD_USERNAME, and $ETCD_PASSWORD.`
			`# https://github.com/owncloud/ocis/blob/b0ac9840dff00a2527b2e8df86bebcd12632104c/ocis/README.md?plain=1#L18`
			`MICRO_REGISTRY: mdns`
			`# https://github.com/owncloud/ocis/blob/master/deployments/examples/ocis_wopi/docker-compose.yml#L67`
			`GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers`
Add Tika full-text search 2023-09-16 09:06:35 -04:00			`networks:`
			`- web`
			`- internal`
Enable Collabora/WOPI/office suite 2023-09-16 14:52:56 -04:00			`- app-provider-net`
change to public-facing config behind traefik 2023-09-02 07:17:07 -04:00			`labels:`
			traefik.http.routers.ocis.rule: Host(`${PUBLIC_URL}`)
Enable Collabora/WOPI/office suite 2023-09-16 14:52:56 -04:00			`traefik.http.routers.ocis.service: ocis`
			`traefik.http.services.ocis.loadbalancer.server.port: 9200`
change to public-facing config behind traefik 2023-09-02 07:17:07 -04:00			`traefik.http.routers.ocis.tls: true`
typo 2023-09-02 07:35:21 -04:00			`traefik.http.routers.ocis.tls.certresolver: letsencrypt`
Enable the service with traefik 2023-09-02 07:32:41 -04:00			`traefik.enable: true`
Add Tika full-text search 2023-09-16 09:06:35 -04:00			`depends_on: [ search-engine ]`
Enable Collabora/WOPI/office suite 2023-09-16 14:52:56 -04:00			`restart: unless-stopped`
Add Tika full-text search 2023-09-16 09:06:35 -04:00
			`search-engine:`
			`image: apache/tika:latest-full`
			`networks: [ internal ]`
			`restart: always`
change to public-facing config behind traefik 2023-09-02 07:17:07 -04:00
Enable Collabora/WOPI/office suite 2023-09-16 14:52:56 -04:00			`app-provider:`
			`image: owncloud/ocis`
			`networks: [ app-provider-net ]`
			`command: app-provider server`
			`environment:`
			`# use the internal service name of the gateway https://github.com/owncloud/ocis/blob/b0ac9840dff00a2527b2e8df86bebcd12632104c/deployments/examples/ocis_wopi/docker-compose.yml#L109-L110C37`
			`REVA_GATEWAY: com.owncloud.api.gateway`
			`APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164`
			`# use the internal service name`
			`APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-collabora`
			`APP_PROVIDER_DRIVER: wopi`
			`APP_PROVIDER_WOPI_APP_NAME: Collabora`
			`APP_PROVIDER_WOPI_APP_ICON_URI: https://office.${PUBLIC_URL}/favicon.ico`
			`APP_PROVIDER_WOPI_APP_URL: https://office.${PUBLIC_URL}`
			`APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://wopi.${PUBLIC_URL}`
			`APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${PUBLIC_URL}`
			`# share the registry with the ocis container`
			`MICRO_REGISTRY: "mdns"`
			`volumes:`
			`- type: bind`
			`source: ./mounts/config`
			`target: /etc/ocis`
			`restart: unless-stopped`
			`depends_on: [ ocis ]`

			`wopiserver:`
			`image: cs3org/wopiserver`
			`networks:`
			`- web`
			`- app-provider-net`
			`environment:`
			`PUBLIC_URL: ${PUBLIC_URL}`
			`entrypoint:`
			`- /bin/sh`
			`- /entrypoint-override.sh`
			`volumes:`
			`- type: bind`
			`source: ./mounts/wopi/wopiserver.conf`
			`target: /etc/wopi/wopiserver.conf.dist`
			`read_only: true`
			`- type: bind`
			`source: ./mounts/wopi/entrypoint.sh`
			`target: /entrypoint-override.sh`
			`read_only: true`
			`- type: bind`
			`source: ./mounts/wopi/wopi.secret`
			`target: /etc/wopi/wopi.secret`
			`read_only: true`
			`- type: bind`
			`source: ./mounts/wopi/recovery`
			`target: /var/spool/wopirecovery`
			`labels:`
			`traefik.enable: true`
			`traefik.http.routers.wopiserver.entrypoints: websecure`
			traefik.http.routers.wopiserver.rule: Host(`wopi.${PUBLIC_URL}`)
			`traefik.http.routers.wopiserver.tls.certresolver: letsencrypt`
			`traefik.http.routers.wopiserver.service: wopiserver`
			`traefik.http.services.wopiserver.loadbalancer.server.port: 8880`
			`restart: unless-stopped`

			`collabora:`
			`image: collabora/code`
			`networks:`
			`- web`
			`- app-provider-net`
			`environment:`
			`aliasgroup1: https://wopi.${PUBLIC_URL}:443`
			`DONT_GEN_SSL_CERT: "YES"`
			`extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${PUBLIC_URL}`
			`username: ${COLLABORA_ADMIN_USER}`
			`password: ${COLLABORA_ADMIN_PASSWORD}`
			`cap_add:`
			`- MKNOD`
			`labels:`
			`traefik.enable: true`
			`traefik.http.routers.collabora.entrypoints: websecure`
			traefik.http.routers.collabora.rule: Host(`office.${PUBLIC_URL}`)
			`traefik.http.routers.collabora.tls.certresolver: letsencrypt`
			`traefik.http.routers.collabora.service: collabora`
			`traefik.http.services.collabora.loadbalancer.server.port: 9980`
			`restart: unless-stopped`

change to public-facing config behind traefik 2023-09-02 07:17:07 -04:00			`networks:`
			`web:`
			`external: true`
Add Tika full-text search 2023-09-16 09:06:35 -04:00			`internal:`
			`internal: true`
Enable Collabora/WOPI/office suite 2023-09-16 14:52:56 -04:00			`# The app-provider needs to be able to reach out to the internet`
			`app-provider-net:`