From ecda74917fdfed144bd80a9a143212eef0d546f4 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Fri, 5 Sep 2025 16:55:03 +0200 Subject: [PATCH 1/2] change: remove all opencloud_full references --- .../authentication-and-user-management/keycloak.md | 10 +++++----- docs/admin/configuration/radicale-integration.md | 6 +++--- docs/admin/maintenance/migrate.md | 2 +- docs/admin/resources/common-issues.md | 6 +++--- static/env-vars/app-registry_readme.md | 2 +- static/env-vars/proxy_readme.md | 2 +- static/env-vars/search_readme.md | 2 +- 7 files changed, 15 insertions(+), 15 deletions(-) diff --git a/docs/admin/configuration/authentication-and-user-management/keycloak.md b/docs/admin/configuration/authentication-and-user-management/keycloak.md index e2b6b159..40335229 100644 --- a/docs/admin/configuration/authentication-and-user-management/keycloak.md +++ b/docs/admin/configuration/authentication-and-user-management/keycloak.md @@ -19,7 +19,7 @@ This guide is divided into three main sections: When using Keycloak as the identity provider, you need to understand the general configuration settings if you want to configure your custom integration. -You can also use one of our predefined Docker Compose setups, which are located in the `deployments/examples/opencloud_full` directory. These setups include all necessary configurations for Keycloak and OpenLDAP. +You can also use one of our predefined Docker Compose setups, which are located in the `opencloud-compose` repository. These setups include all necessary configurations for Keycloak and OpenLDAP. ### Server Configuration @@ -184,7 +184,7 @@ GRAPH_LDAP_SERVER_UUID=true OpenCloud provides complete example deployments using Docker Compose: -1. Navigate to `deployments/examples/opencloud_full` +1. Navigate to the `opencloud-compose` repository 2. Edit the `.env` file to enable the Shared Directory Mode: For Shared Directory Mode: @@ -200,7 +200,7 @@ KEYCLOAK=:keycloak.yml The Docker Compose files `keycloak.yml`, `ldap.yml` contain the complete configuration for each component. -Keycloak is configured during startup by importing the `keycloak-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, and user federation. This file is located in the `deployments/examples/opencloud_full/config/keycloak` directory. +Keycloak is configured during startup by importing the `keycloak-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, and user federation. This file is located in the `config/keycloak` directory of the `opencloud-compose` repository. :::warning @@ -291,7 +291,7 @@ OC_LDAP_GROUP_BASE_DN=ou=groups,dc=opencloud,dc=eu OpenCloud provides complete example deployments using Docker Compose: -1. Navigate to `deployments/examples/opencloud_full` +1. Navigate to the `opencloud-compose` repository 2. Edit the `.env` file to enable the Autoprovisioning Mode: For Autoprovisioning Mode: @@ -306,7 +306,7 @@ KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml The Docker Compose files `keycloak.yml`, `ldap.yml`, and `keycloak-autoprovisioning.yml` contain the complete configuration for each component. The file `10_opencloud_ldap_schema.ldif` contains the OpenCloud LDAP schema and is loaded during the startup of the OpenLdap container. -Keycloak is configured during startup by importing the `keycloak-autoprovisioning-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, users and groups. This file is located in the `deployments/examples/opencloud_full/config/keycloak` directory. +Keycloak is configured during startup by importing the `keycloak-autoprovisioning-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, users and groups. This file is located in the `config/keycloak` directory of the `opencloud-compose` repository. :::warning diff --git a/docs/admin/configuration/radicale-integration.md b/docs/admin/configuration/radicale-integration.md index 81d875f6..e3a862f0 100644 --- a/docs/admin/configuration/radicale-integration.md +++ b/docs/admin/configuration/radicale-integration.md @@ -13,7 +13,7 @@ CalDAV and CardDAV Server [Radicale](https://radicale.org). With that, users get a calender- and contacts server out of the box with OpenCloud that can be used with a wide selection of desktop- and mobile clients without hassle. -The `opencloud_full` deployment example already contains all the required pieces to +The `opencloud-compose` deployment example already contains all the required pieces to setup the integration. This guide explains the required steps to achieve that. :::note @@ -27,11 +27,11 @@ this feature is maintained and supported on best effort without warranty. To use this feature you need at least OpenCloud Version 2.3.0. Earlier releases lack some of the required features. This guide assumes that you already have a running -deployment based on the `opencloud_full` deployment example. +deployment based on the `opencloud-compose` deployment example. ### Configure the `.env` file to deploy Radicale -In the root directory of the `opencloud_full` deployment example, usually `opencloud/deployments/examples/opencloud_full`, +In the root directory of the `opencloud-compose` deployment example, remove the `#` symbol from the line: ```env diff --git a/docs/admin/maintenance/migrate.md b/docs/admin/maintenance/migrate.md index 97c44cdb..7b9fe2fe 100644 --- a/docs/admin/maintenance/migrate.md +++ b/docs/admin/maintenance/migrate.md @@ -39,7 +39,7 @@ PROXY_ENABLE_APP_AUTH="true" Access the OpenCloud container: ```bash -docker exec -it opencloud_full-opencloud-1 sh +docker exec -it opencloud-compose-opencloud-1 sh ``` Generate an authentication token for a user (e.g., `alan`) with expiration (`h`, `m`, `s`): diff --git a/docs/admin/resources/common-issues.md b/docs/admin/resources/common-issues.md index 97cc7aa7..0c5b28af 100644 --- a/docs/admin/resources/common-issues.md +++ b/docs/admin/resources/common-issues.md @@ -129,14 +129,14 @@ docker volume ls Look for volumes like: -`opencloud_full_opencloud-data` +`opencloud-compose_opencloud-data` -`opencloud_full_opencloud-config` +`opencloud-compose_opencloud-config` #### Example for standard setup ```bash -sudo docker run -it --rm -v opencloud_full_opencloud-data:/var/lib/opencloud -v opencloud_full_opencloud-config:/etc/opencloud opencloudeu/opencloud:latest idm resetpassword +sudo docker run -it --rm -v opencloud-compose_opencloud-data:/var/lib/opencloud -v opencloud-compose_opencloud-config:/etc/opencloud opencloudeu/opencloud:latest idm resetpassword ``` #### Start the container again diff --git a/static/env-vars/app-registry_readme.md b/static/env-vars/app-registry_readme.md index 822446d8..5730cde2 100755 --- a/static/env-vars/app-registry_readme.md +++ b/static/env-vars/app-registry_readme.md @@ -37,7 +37,7 @@ Administrators can set default applications for each MIME type and also allow th ### MIME Type Configuration -Modifing the MIME type config can only be achieved via a yaml configuration. Using environment variables is not possible. For an example, see the `opencloud_full/config/opencloud/app-registry.yaml` at [docker-compose example](https://github.com/opencloud-eu/opencloud/tree/main/deployments/examples). The following is a brief structure and a field description: +Modifing the MIME type config can only be achieved via a yaml configuration. Using environment variables is not possible. The following is a brief structure and a field description: **Structure** diff --git a/static/env-vars/proxy_readme.md b/static/env-vars/proxy_readme.md index d25bdf92..d41c564e 100755 --- a/static/env-vars/proxy_readme.md +++ b/static/env-vars/proxy_readme.md @@ -276,7 +276,7 @@ For OpenCloud, external resources like an IDP (e.g. Keycloak) or when using web To create a Content Security Policy (CSP), you need to create a yaml file containing the CSP definitions. To activate the settings, reference the file as value in the `PROXY_CSP_CONFIG_FILE_LOCATION` environment variable. For each change, a restart of the OpenCloud deployment or the proxy service is required. -A working example for a CSP can be found in a sub path of the `config` directory of the [opencloud_full](https://github.com/opencloud-eu/opencloud/tree/main/deployments/examples/opencloud_full/config) deployment example. +A working example for a CSP can be found in a sub path of the `config` directory of the [opencloud-compose](https://github.com/opencloud-eu/opencloud-compose/tree/main/config) deployment example. See the [Content Security Policy (CSP) Quick Reference Guide](https://content-security-policy.com) for a description of directives. diff --git a/static/env-vars/search_readme.md b/static/env-vars/search_readme.md index 35c64753..1663c2ae 100755 --- a/static/env-vars/search_readme.md +++ b/static/env-vars/search_readme.md @@ -116,7 +116,7 @@ When extracting content, you can specify whether [stop words](https://en.wikiped When using the Tika container and docker-compose, consider the following: -* See the [opencloud_full](https://github.com/opencloud-eu/opencloud/tree/main/deployments/examples/opencloud_full) example. +* See the [opencloud-compose](https://github.com/opencloud-eu/opencloud-compose) example. * Containers for the linked service are reachable at a hostname identical to the alias or the service name if no alias was specified. If using the `tika` extractor, make sure to also set `FRONTEND_FULL_TEXT_SEARCH_ENABLED` in the frontend service to `true`. This will tell the webclient that full-text search has been enabled. From 3974f0261da32418d9f756e6dcff5ac7e07194b3 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Mon, 8 Sep 2025 22:12:28 +0200 Subject: [PATCH 2/2] fix: remove leftovers of the opencloud_full stack --- .../keycloak.md | 40 +++++++++------ .../configuration/radicale-integration.md | 8 +-- .../configuration/storage/decomposeds3.md | 49 ++++++++++++------- .../container/docker-compose/keycloak.md | 21 ++++---- 4 files changed, 74 insertions(+), 44 deletions(-) diff --git a/docs/admin/configuration/authentication-and-user-management/keycloak.md b/docs/admin/configuration/authentication-and-user-management/keycloak.md index 40335229..ec2aebdf 100644 --- a/docs/admin/configuration/authentication-and-user-management/keycloak.md +++ b/docs/admin/configuration/authentication-and-user-management/keycloak.md @@ -191,14 +191,16 @@ For Shared Directory Mode: ```bash # Enable services -LDAP=:ldap.yml -KEYCLOAK_DOMAIN=your-keycloak-domain.example.com # your public keycloak domain without protocol -KEYCLOAK=:keycloak.yml -# Comment out the autoprovisioning configuration -# KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml +COMPOSE_FILE=docker-compose.yml:idm/ldap-keycloak.yml:traefik/opencloud.yml:traefik/ldap-keycloak.yml +# Your public keycloak domain without protocol +KEYCLOAK_DOMAIN=your-keycloak-domain.example.com +# Admin user login name. Defaults to "kcadmin". +KEYCLOAK_ADMIN= +# Admin user login password. Defaults to "admin". +KEYCLOAK_ADMIN_PASSWORD= ``` -The Docker Compose files `keycloak.yml`, `ldap.yml` contain the complete configuration for each component. +The Docker Compose file `idm/ldap-keycloak.yml` contains the complete configuration for each component. Keycloak is configured during startup by importing the `keycloak-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, and user federation. This file is located in the `config/keycloak` directory of the `opencloud-compose` repository. @@ -298,19 +300,29 @@ For Autoprovisioning Mode: ```bash # Enable services -LDAP=:ldap.yml -KEYCLOAK_DOMAIN=your-keycloak-domain.example.com # your public keycloak domain without protocol -KEYCLOAK=:keycloak.yml -KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml +COMPOSE_FILE=docker-compose.yml:idm/external-idp.yml:traefik/opencloud.yml +# Your public keycloak domain without protocol +IDP_DOMAIN=your-idp-domain.example.com +# The openCloud users need to be able to edit their account in the external IdP +IDP_ACCOUNT_URL=https://your-idp-domain.example.com/realms/openCloud/account ``` -The Docker Compose files `keycloak.yml`, `ldap.yml`, and `keycloak-autoprovisioning.yml` contain the complete configuration for each component. The file `10_opencloud_ldap_schema.ldif` contains the OpenCloud LDAP schema and is loaded during the startup of the OpenLdap container. - -Keycloak is configured during startup by importing the `keycloak-autoprovisioning-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, users and groups. This file is located in the `config/keycloak` directory of the `opencloud-compose` repository. +The Docker Compose file `idm/external-idp.yml` contains the complete configuration for each opencloud component. The file `10_opencloud_ldap_schema.ldif` contains the OpenCloud LDAP schema and is loaded during the startup of the OpenLdap container. In this mode, your IdP setup is not part of the openCloud Deployment. :::warning -Keycloak can import the realm configuration file only once during the first startup. If you need to change the configuration, you must delete the Keycloak container and volume and restart it. This will reset Keycloak to its initial state. +Your external IdP configuration must match the settings described in the [Client Configuration](#client-configuration) section above. + +Your external IdP must provide the required claims for user provisioning and role assignment. + +Claims: + +- `sub`: Unique identifier for the user (used as username in OpenCloud) +- `roles`: List of roles assigned to the user (used for role assignment in OpenCloud) +- `name`: User's full name (optional, used for display purposes) +- `preferred_username`: User's preferred username (optional, more intuitive during login) +- `email`: User's email address (optional, used for notifications) +- `groups`: List of groups the user belongs to (optional, used for group assignments in OpenCloud) ::: diff --git a/docs/admin/configuration/radicale-integration.md b/docs/admin/configuration/radicale-integration.md index e3a862f0..bd981d97 100644 --- a/docs/admin/configuration/radicale-integration.md +++ b/docs/admin/configuration/radicale-integration.md @@ -32,12 +32,14 @@ deployment based on the `opencloud-compose` deployment example. ### Configure the `.env` file to deploy Radicale In the root directory of the `opencloud-compose` deployment example, -remove the `#` symbol from the line: +add the radicale component to the `COMPOSE_FILE` variable in your `.env` file or add it directly to the startup command: -```env -#RADICALE=:radicale.yml +```bash +COMPOSE_FILE=docker-compose.yml:traefik/opencloud.yml:radicale/radicale.yml ``` +or `docker compose -f docker-compose.yml -f traefik/opencloud.yml -f radicale/radicale.yml up` + ### Update the deployment ```bash diff --git a/docs/admin/configuration/storage/decomposeds3.md b/docs/admin/configuration/storage/decomposeds3.md index c9222fbf..5d366f4b 100644 --- a/docs/admin/configuration/storage/decomposeds3.md +++ b/docs/admin/configuration/storage/decomposeds3.md @@ -10,7 +10,22 @@ draft: false Decomposeds3 is a storage driver for OpenCloud that uses MinIO — an S3-compatible object storage — to store files efficiently. This setup combines the scalability of S3 with seamless integration into OpenCloud. -## Setup +:::warning + +This setup includes **No Migration Path** from existing storage solutions. If you are already using another storage backend, you will need to migrate your data manually. + +::: + +## Configure an S3 Bucket + +1. **Access your S3 Service**: Log in to your S3-compatible service (e.g., Hetzner S3, MinIO, AWS S3). +2. **Create a Bucket**: Create a new bucket named `opencloud` (or any name you prefer). +3. **Set Permissions**: Ensure the bucket has the necessary permissions for read and write operations +4. **Note the Endpoint and Credentials**: Make a note of the endpoint URL, access key, and secret key for your S3 service. +5. **CORS Configuration**: If your S3 service requires CORS configuration, ensure that it allows requests from your OpenCloud domain. +6. **Region**: Note the region where your bucket is created, as it may be required for configuration. + +## Setup OpenCloud Navigate to the folder containing the Docker Compose configuration: @@ -18,16 +33,25 @@ Navigate to the folder containing the Docker Compose configuration: cd opencloud-compose ``` -Open the `.env` file and enable the required configuration files: +Open the `.env` file and fill the required configuration variables: ```bash nano .env ``` -Uncomment the following line to enable MinIO in the S3 Storage configuration block: - -```env -#DECOMPOSEDS3_MINIO=:minio.yml +Now we need all the information about the S3 bucket we created earlier. Modify the following lines in your `.env` file: + +```yaml +# Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes. +DECOMPOSEDS3_ENDPOINT=https//your-s3-endpoint.example.com +# S3 region. Defaults to "default". +DECOMPOSEDS3_REGION=eu-central-1 +# S3 access key. Defaults to "opencloud" +DECOMPOSEDS3_ACCESS_KEY= +# S3 secret. Defaults to "opencloud-secret-key" +DECOMPOSEDS3_SECRET_KEY= +# S3 bucket. Defaults to "opencloud" +DECOMPOSEDS3_BUCKET=opencloud ``` Add `storage/decomposeds3.yml` to the `COMPOSE_FILE` variable @@ -43,20 +67,9 @@ Start all containers in the background: docker compose up -d ``` -## Add Local Domains to /etc/hosts - -To enable local access, add the following lines to your `/etc/hosts` file: - -```bash -127.0.0.1 cloud.opencloud.test -127.0.0.1 minio.opencloud.test -``` - ## Login -Open your browser and visit: - -- [https://cloud.opencloud.test](https://cloud.opencloud.test) +Open your browser and log in. After logging in, you should see the OpenCloud interface: diff --git a/docs/admin/getting-started/container/docker-compose/keycloak.md b/docs/admin/getting-started/container/docker-compose/keycloak.md index d7c67e95..f6762b0b 100644 --- a/docs/admin/getting-started/container/docker-compose/keycloak.md +++ b/docs/admin/getting-started/container/docker-compose/keycloak.md @@ -13,16 +13,19 @@ draft: true To enable Keycloak for identity and access management, uncomment the following lines in your `.env` file ```env -LDAP=:ldap.yml -LDAP_MANAGER_DOMAIN=ldap.your.domain -LDAP_ADMIN_PASSWORD="your.save.password" -KEYCLOAK=:keycloak.yml -KEYCLOAK_DOMAIN=keycloak.your.domain -KEYCLOAK_ADMIN_USER="your.username" -KEYCLOAK_ADMIN_PASSWORD="your.save.password" +# Enable services +COMPOSE_FILE=docker-compose.yml:idm/ldap-keycloak.yml:traefik/opencloud.yml:traefik/ldap-keycloak.yml +# Your public keycloak domain without protocol +KEYCLOAK_DOMAIN=your-keycloak-domain.example.com +# Admin user login name. Defaults to "kcadmin". +KEYCLOAK_ADMIN= +# Admin user login password. Defaults to "admin". +KEYCLOAK_ADMIN_PASSWORD= ``` -This will include the LDAP and Keycloak service definitions in the Docker Compose setup. +The Docker Compose file `idm/ldap-keycloak.yml` contains the complete configuration for each component. + +Keycloak is configured during startup by importing the `keycloak-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, and user federation. This file is located in the `config/keycloak` directory of the `opencloud-compose` repository. ## Starting OpenCloud @@ -42,7 +45,7 @@ Once Keycloak is running https://keycloak.your.domain ``` -Keyclosk dashboard +Keycloak dashboard ### Log in with the admin credentials (default is admin / admin)