opencloud-eu · micbar · Sep 9, 2025 · Sep 5, 2025 · Sep 8, 2025
diff --git a/docs/admin/configuration/authentication-and-user-management/keycloak.md b/docs/admin/configuration/authentication-and-user-management/keycloak.md
@@ -19,7 +19,7 @@ This guide is divided into three main sections:
 
 When using Keycloak as the identity provider, you need to understand the general configuration settings if you want to configure your custom integration.
 
-You can also use one of our predefined Docker Compose setups, which are located in the `deployments/examples/opencloud_full` directory. These setups include all necessary configurations for Keycloak and OpenLDAP.
+You can also use one of our predefined Docker Compose setups, which are located in the `opencloud-compose` repository. These setups include all necessary configurations for Keycloak and OpenLDAP.
 
 ### Server Configuration
 
@@ -184,23 +184,25 @@ GRAPH_LDAP_SERVER_UUID=true
 
 OpenCloud provides complete example deployments using Docker Compose:
 
-1. Navigate to `deployments/examples/opencloud_full`
+1. Navigate to the `opencloud-compose` repository
 2. Edit the `.env` file to enable the Shared Directory Mode:
 
 For Shared Directory Mode:
 
 ```bash
 # Enable services
-LDAP=:ldap.yml
-KEYCLOAK_DOMAIN=your-keycloak-domain.example.com # your public keycloak domain without protocol
-KEYCLOAK=:keycloak.yml
-# Comment out the autoprovisioning configuration
-# KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml
+COMPOSE_FILE=docker-compose.yml:idm/ldap-keycloak.yml:traefik/opencloud.yml:traefik/ldap-keycloak.yml
+# Your public keycloak domain without protocol
+KEYCLOAK_DOMAIN=your-keycloak-domain.example.com
+# Admin user login name. Defaults to "kcadmin".
+KEYCLOAK_ADMIN=
+# Admin user login password. Defaults to "admin".
+KEYCLOAK_ADMIN_PASSWORD=
 ```
 
-The Docker Compose files `keycloak.yml`, `ldap.yml` contain the complete configuration for each component.
+The Docker Compose file `idm/ldap-keycloak.yml` contains the complete configuration for each component.
 
-Keycloak is configured during startup by importing the `keycloak-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, and user federation. This file is located in the `deployments/examples/opencloud_full/config/keycloak` directory.
+Keycloak is configured during startup by importing the `keycloak-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, and user federation. This file is located in the `config/keycloak` directory of the `opencloud-compose` repository.
 
 :::warning
 
@@ -291,26 +293,36 @@ OC_LDAP_GROUP_BASE_DN=ou=groups,dc=opencloud,dc=eu
 
 OpenCloud provides complete example deployments using Docker Compose:
 
-1. Navigate to `deployments/examples/opencloud_full`
+1. Navigate to the `opencloud-compose` repository
 2. Edit the `.env` file to enable the Autoprovisioning Mode:
 
 For Autoprovisioning Mode:
 
 ```bash
 # Enable services
-LDAP=:ldap.yml
-KEYCLOAK_DOMAIN=your-keycloak-domain.example.com # your public keycloak domain without protocol
-KEYCLOAK=:keycloak.yml
-KEYCLOAK_AUTOPROVISIONING=:keycloak-autoprovisioning.yml
+COMPOSE_FILE=docker-compose.yml:idm/external-idp.yml:traefik/opencloud.yml
+# Your public keycloak domain without protocol
+IDP_DOMAIN=your-idp-domain.example.com
+# The openCloud users need to be able to edit their account in the external IdP
+IDP_ACCOUNT_URL=https://your-idp-domain.example.com/realms/openCloud/account
 ```
 
-The Docker Compose files `keycloak.yml`, `ldap.yml`, and `keycloak-autoprovisioning.yml` contain the complete configuration for each component. The file `10_opencloud_ldap_schema.ldif` contains the OpenCloud LDAP schema and is loaded during the startup of the OpenLdap container.
-
-Keycloak is configured during startup by importing the `keycloak-autoprovisioning-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, users and groups. This file is located in the `deployments/examples/opencloud_full/config/keycloak` directory.
+The Docker Compose file `idm/external-idp.yml` contains the complete configuration for each opencloud component. The file `10_opencloud_ldap_schema.ldif` contains the OpenCloud LDAP schema and is loaded during the startup of the OpenLdap container. In this mode, your IdP setup is not part of the openCloud Deployment.
 
 :::warning
 
-Keycloak can import the realm configuration file only once during the first startup. If you need to change the configuration, you must delete the Keycloak container and volume and restart it. This will reset Keycloak to its initial state.
+Your external IdP configuration must match the settings described in the [Client Configuration](#client-configuration) section above.
+
+Your external IdP must provide the required claims for user provisioning and role assignment.
+
+Claims:
+
+- `sub`: Unique identifier for the user (used as username in OpenCloud)
+- `roles`: List of roles assigned to the user (used for role assignment in OpenCloud)
+- `name`: User's full name (optional, used for display purposes)
+- `preferred_username`: User's preferred username (optional, more intuitive during login)
+- `email`: User's email address (optional, used for notifications)
+- `groups`: List of groups the user belongs to (optional, used for group assignments in OpenCloud)
 
 :::
 

diff --git a/docs/admin/configuration/radicale-integration.md b/docs/admin/configuration/radicale-integration.md
@@ -13,7 +13,7 @@ CalDAV and CardDAV Server [Radicale](https://radicale.org). With that, users
 get a calender- and contacts server out of the box with OpenCloud that can be
 used with a wide selection of desktop- and mobile clients without hassle.
 
-The `opencloud_full` deployment example already contains all the required pieces to
+The `opencloud-compose` deployment example already contains all the required pieces to
 setup the integration. This guide explains the required steps to achieve that.
 
 :::note
@@ -27,17 +27,19 @@ this feature is maintained and supported on best effort without warranty.
 
 To use this feature you need at least OpenCloud Version 2.3.0. Earlier releases lack
 some of the required features. This guide assumes that you already have a running
-deployment based on the `opencloud_full` deployment example.
+deployment based on the `opencloud-compose` deployment example.
 
 ### Configure the `.env` file to deploy Radicale
 
-In the root directory of the `opencloud_full` deployment example, usually `opencloud/deployments/examples/opencloud_full`,
-remove the `#` symbol from the line:
+In the root directory of the `opencloud-compose` deployment example,
+add the radicale component to the `COMPOSE_FILE` variable in your `.env` file or add it directly to the startup command:
 
-```env
-#RADICALE=:radicale.yml
+```bash
+COMPOSE_FILE=docker-compose.yml:traefik/opencloud.yml:radicale/radicale.yml
 ```
 
+or `docker compose -f docker-compose.yml -f traefik/opencloud.yml -f radicale/radicale.yml up`
+
 ### Update the deployment
 
 ```bash

diff --git a/docs/admin/configuration/storage/decomposeds3.md b/docs/admin/configuration/storage/decomposeds3.md
@@ -10,24 +10,48 @@ draft: false
 
 Decomposeds3 is a storage driver for OpenCloud that uses MinIO — an S3-compatible object storage — to store files efficiently. This setup combines the scalability of S3 with seamless integration into OpenCloud.
 
-## Setup
+:::warning
+
+This setup includes **No Migration Path** from existing storage solutions. If you are already using another storage backend, you will need to migrate your data manually.
+
+:::
+
+## Configure an S3 Bucket
+
+1. **Access your S3 Service**: Log in to your S3-compatible service (e.g., Hetzner S3, MinIO, AWS S3).
+2. **Create a Bucket**: Create a new bucket named `opencloud` (or any name you prefer).
+3. **Set Permissions**: Ensure the bucket has the necessary permissions for read and write operations
+4. **Note the Endpoint and Credentials**: Make a note of the endpoint URL, access key, and secret key for your S3 service.
+5. **CORS Configuration**: If your S3 service requires CORS configuration, ensure that it allows requests from your OpenCloud domain.
+6. **Region**: Note the region where your bucket is created, as it may be required for configuration.
+
+## Setup OpenCloud
 
 Navigate to the folder containing the Docker Compose configuration:
 
 ```bash
 cd opencloud-compose
 ```
 
-Open the `.env` file and enable the required configuration files:
+Open the `.env` file and fill the required configuration variables:
 
 ```bash
 nano .env
 ```
 
-Uncomment the following line to enable MinIO in the S3 Storage configuration block:
-
-```env
-#DECOMPOSEDS3_MINIO=:minio.yml
+Now we need all the information about the S3 bucket we created earlier. Modify the following lines in your `.env` file:
+
+```yaml
+# Configure the S3 storage endpoint. Defaults to "http://minio:9000" for testing purposes.
+DECOMPOSEDS3_ENDPOINT=https//your-s3-endpoint.example.com
+# S3 region. Defaults to "default".
+DECOMPOSEDS3_REGION=eu-central-1
+# S3 access key. Defaults to "opencloud"
+DECOMPOSEDS3_ACCESS_KEY=<your-access-key>
+# S3 secret. Defaults to "opencloud-secret-key"
+DECOMPOSEDS3_SECRET_KEY=<your-secret-key>
+# S3 bucket. Defaults to "opencloud"
+DECOMPOSEDS3_BUCKET=opencloud
 ```
 
 Add `storage/decomposeds3.yml` to the `COMPOSE_FILE` variable
@@ -43,20 +67,9 @@ Start all containers in the background:
 docker compose up -d
 ```
 
-## Add Local Domains to /etc/hosts
-
-To enable local access, add the following lines to your `/etc/hosts` file:
-
-```bash
-127.0.0.1       cloud.opencloud.test
-127.0.0.1       minio.opencloud.test
-```
-
 ## Login
 
-Open your browser and visit:
-
-- [https://cloud.opencloud.test](https://cloud.opencloud.test)
+Open your browser and log in.
 
 After logging in, you should see the OpenCloud interface:
 

diff --git a/docs/admin/getting-started/container/docker-compose/keycloak.md b/docs/admin/getting-started/container/docker-compose/keycloak.md
@@ -13,16 +13,19 @@ draft: true
 To enable Keycloak for identity and access management, uncomment the following lines in your `.env` file
 
 ```env
-LDAP=:ldap.yml
-LDAP_MANAGER_DOMAIN=ldap.your.domain
-LDAP_ADMIN_PASSWORD="your.save.password"
-KEYCLOAK=:keycloak.yml
-KEYCLOAK_DOMAIN=keycloak.your.domain
-KEYCLOAK_ADMIN_USER="your.username"
-KEYCLOAK_ADMIN_PASSWORD="your.save.password"
+# Enable services
+COMPOSE_FILE=docker-compose.yml:idm/ldap-keycloak.yml:traefik/opencloud.yml:traefik/ldap-keycloak.yml
+# Your public keycloak domain without protocol
+KEYCLOAK_DOMAIN=your-keycloak-domain.example.com
+# Admin user login name. Defaults to "kcadmin".
+KEYCLOAK_ADMIN=
+# Admin user login password. Defaults to "admin".
+KEYCLOAK_ADMIN_PASSWORD=
 ```
 
-This will include the LDAP and Keycloak service definitions in the Docker Compose setup.
+The Docker Compose file `idm/ldap-keycloak.yml` contains the complete configuration for each component.
+
+Keycloak is configured during startup by importing the `keycloak-realm.dist.json` file. This file contains the configuration for the OpenCloud realm, including client settings, roles, and user federation. This file is located in the `config/keycloak` directory of the `opencloud-compose` repository.
 
 ## Starting OpenCloud
 
@@ -42,7 +45,7 @@ Once Keycloak is running
 https://keycloak.your.domain
 ```
 
-<img src={require("./../../img/docker-compose/keycloak-dashboard.png").default} alt="Keyclosk dashboard" width="1920"/>
+<img src={require("./../../img/docker-compose/keycloak-dashboard.png").default} alt="Keycloak dashboard" width="1920"/>
 
 ### Log in with the admin credentials (default is admin / admin)
 

diff --git a/docs/admin/maintenance/migrate.md b/docs/admin/maintenance/migrate.md
@@ -39,7 +39,7 @@ PROXY_ENABLE_APP_AUTH="true"
 Access the OpenCloud container:
 
 ```bash
-docker exec -it opencloud_full-opencloud-1 sh
+docker exec -it opencloud-compose-opencloud-1 sh
 ```
 
 Generate an authentication token for a user (e.g., `alan`) with expiration (`h`, `m`, `s`):

diff --git a/docs/admin/resources/common-issues.md b/docs/admin/resources/common-issues.md
@@ -129,14 +129,14 @@ docker volume ls
 
 Look for volumes like:
 
-`opencloud_full_opencloud-data`
+`opencloud-compose_opencloud-data`
 
-`opencloud_full_opencloud-config`
+`opencloud-compose_opencloud-config`
 
 #### Example for standard setup
 
 ```bash
-sudo docker run -it --rm -v opencloud_full_opencloud-data:/var/lib/opencloud -v opencloud_full_opencloud-config:/etc/opencloud opencloudeu/opencloud:latest idm resetpassword
+sudo docker run -it --rm -v opencloud-compose_opencloud-data:/var/lib/opencloud -v opencloud-compose_opencloud-config:/etc/opencloud opencloudeu/opencloud:latest idm resetpassword
 ```
 
 #### Start the container again

diff --git a/static/env-vars/app-registry_readme.md b/static/env-vars/app-registry_readme.md
@@ -37,7 +37,7 @@ Administrators can set default applications for each MIME type and also allow th
 
 ### MIME Type Configuration
 
-Modifing the MIME type config can only be achieved via a yaml configuration. Using environment variables is not possible. For an example, see the `opencloud_full/config/opencloud/app-registry.yaml` at [docker-compose example](https://github.com/opencloud-eu/opencloud/tree/main/deployments/examples). The following is a brief structure and a field description:
+Modifing the MIME type config can only be achieved via a yaml configuration. Using environment variables is not possible. The following is a brief structure and a field description:
 
 **Structure**
 

diff --git a/static/env-vars/proxy_readme.md b/static/env-vars/proxy_readme.md
@@ -276,7 +276,7 @@ For OpenCloud, external resources like an IDP (e.g. Keycloak) or when using web
 
 To create a Content Security Policy (CSP), you need to create a yaml file containing the CSP definitions. To activate the settings, reference the file as value in the `PROXY_CSP_CONFIG_FILE_LOCATION` environment variable. For each change, a restart of the OpenCloud deployment or the proxy service is required.
 
-A working example for a CSP can be found in a sub path of the `config` directory of the [opencloud_full](https://github.com/opencloud-eu/opencloud/tree/main/deployments/examples/opencloud_full/config) deployment example.
+A working example for a CSP can be found in a sub path of the `config` directory of the [opencloud-compose](https://github.com/opencloud-eu/opencloud-compose/tree/main/config) deployment example.
 
 See the [Content Security Policy (CSP) Quick Reference Guide](https://content-security-policy.com) for a description of directives.
 

diff --git a/static/env-vars/search_readme.md b/static/env-vars/search_readme.md
@@ -116,7 +116,7 @@ When extracting content, you can specify whether [stop words](https://en.wikiped
 
 When using the Tika container and docker-compose, consider the following:
 
-*   See the [opencloud_full](https://github.com/opencloud-eu/opencloud/tree/main/deployments/examples/opencloud_full) example.
+*   See the [opencloud-compose](https://github.com/opencloud-eu/opencloud-compose) example.
 *   Containers for the linked service are reachable at a hostname identical to the alias or the service name if no alias was specified.
 
 If using the `tika` extractor, make sure to also set `FRONTEND_FULL_TEXT_SEARCH_ENABLED` in the frontend service to `true`. This will tell the webclient that full-text search has been enabled.