ocis-deployment/docker-compose.yml

140 lines
4.7 KiB
YAML

version: '3.5'
services:
ocis:
image: owncloud/ocis
expose: [ 9200, 9142 ]
volumes:
- type: bind
source: ./mounts/config
target: /etc/ocis
- type: bind
source: ./mounts/data
target: /var/lib/ocis
environment:
OCIS_INSECURE: 'true'
PROXY_HTTP_ADDR: 0.0.0.0:9200
PROXY_TLS: false
OCIS_URL: https://${PUBLIC_URL}
# fulltext search
SEARCH_EXTRACTOR_TYPE: tika
SEARCH_EXTRACTOR_TIKA_TIKA_URL: http://search-engine:9998
FRONTEND_FULL_TEXT_SEARCH_ENABLED: "true"
# another obviously good choice for $MICRO_REGISTRY if mdns becomes
# problematic is "etcd", by adding an etcd service and setting
# $MICRO_REGISTRY_ADDRESS, $ETCD_USERNAME, and $ETCD_PASSWORD.
# https://github.com/owncloud/ocis/blob/b0ac9840dff00a2527b2e8df86bebcd12632104c/ocis/README.md?plain=1#L18
MICRO_REGISTRY: mdns
# https://github.com/owncloud/ocis/blob/master/deployments/examples/ocis_wopi/docker-compose.yml#L67
GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
networks:
- web
- internal
- app-provider-net
labels:
traefik.http.routers.ocis.rule: Host(`${PUBLIC_URL}`)
traefik.http.routers.ocis.service: ocis
traefik.http.services.ocis.loadbalancer.server.port: 9200
traefik.http.routers.ocis.tls: true
traefik.http.routers.ocis.tls.certresolver: letsencrypt
traefik.enable: true
depends_on: [ search-engine ]
restart: unless-stopped
search-engine:
image: apache/tika:latest-full
networks: [ internal ]
restart: always
app-provider:
image: owncloud/ocis
networks: [ app-provider-net ]
command: app-provider server
environment:
# use the internal service name of the gateway https://github.com/owncloud/ocis/blob/b0ac9840dff00a2527b2e8df86bebcd12632104c/deployments/examples/ocis_wopi/docker-compose.yml#L109-L110C37
REVA_GATEWAY: com.owncloud.api.gateway
APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164
# use the internal service name
APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-collabora
APP_PROVIDER_DRIVER: wopi
APP_PROVIDER_WOPI_APP_NAME: Collabora
APP_PROVIDER_WOPI_APP_ICON_URI: https://office.${PUBLIC_URL}/favicon.ico
APP_PROVIDER_WOPI_APP_URL: https://office.${PUBLIC_URL}
APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://wopi.${PUBLIC_URL}
APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${PUBLIC_URL}
# share the registry with the ocis container
MICRO_REGISTRY: "mdns"
volumes:
- type: bind
source: ./mounts/config
target: /etc/ocis
restart: unless-stopped
depends_on: [ ocis ]
wopiserver:
image: cs3org/wopiserver
networks:
- web
- app-provider-net
environment:
PUBLIC_URL: ${PUBLIC_URL}
entrypoint:
- /bin/sh
- /entrypoint-override.sh
volumes:
- type: bind
source: ./mounts/wopi/wopiserver.conf
target: /etc/wopi/wopiserver.conf.dist
read_only: true
- type: bind
source: ./mounts/wopi/entrypoint.sh
target: /entrypoint-override.sh
read_only: true
- type: bind
source: ./mounts/wopi/wopi.secret
target: /etc/wopi/wopi.secret
read_only: true
- type: bind
source: ./mounts/wopi/recovery
target: /var/spool/wopirecovery
labels:
traefik.enable: true
traefik.http.routers.wopiserver.entrypoints: websecure
traefik.http.routers.wopiserver.rule: Host(`wopi.${PUBLIC_URL}`)
traefik.http.routers.wopiserver.tls.certresolver: letsencrypt
traefik.http.routers.wopiserver.service: wopiserver
traefik.http.services.wopiserver.loadbalancer.server.port: 8880
restart: unless-stopped
collabora:
image: collabora/code
networks:
- web
- app-provider-net
environment:
aliasgroup1: https://wopi.${PUBLIC_URL}:443
DONT_GEN_SSL_CERT: "YES"
extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${PUBLIC_URL}
username: ${COLLABORA_ADMIN_USER}
password: ${COLLABORA_ADMIN_PASSWORD}
cap_add:
- MKNOD
labels:
traefik.enable: true
traefik.http.routers.collabora.entrypoints: websecure
traefik.http.routers.collabora.rule: Host(`office.${PUBLIC_URL}`)
traefik.http.routers.collabora.tls.certresolver: letsencrypt
traefik.http.routers.collabora.service: collabora
traefik.http.services.collabora.loadbalancer.server.port: 9980
restart: unless-stopped
networks:
web:
external: true
internal:
internal: true
# The app-provider needs to be able to reach out to the internet
app-provider-net: