diff --git a/owncloud/99-ldap.sh b/owncloud/99-ldap.sh new file mode 100755 index 0000000..495965e --- /dev/null +++ b/owncloud/99-ldap.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +echo "Configuring LDAP for kopano-docker" + +set -x + +occ app:enable user_ldap +occ ldap:show-config + +if [[ "$(occ ldap:show-config)" == "" ]]; then + su -c "php occ ldap:create-empty-config" www-data +fi + +ldapHost=${LDAP_SERVER%:*} +ldapPort=${LDAP_SERVER##*:} + +occ ldap:set-config s01 ldapHost ${ldapHost} +occ ldap:set-config s01 ldapPort ${ldapPort} +occ ldap:set-config s01 ldapAgentName ${LDAP_BIND_DN} +occ ldap:set-config s01 ldapAgentPassword ${LDAP_BIND_PW} +occ ldap:set-config s01 ldapBase ${LDAP_SEARCH_BASE} +occ ldap:set-config s01 ldapUserFilter "(|(objectclass=kopano-user))" +occ ldap:set-config s01 ldapLoginFilter "(&(|(objectclass=kopano-user))(uid=%uid))" +occ ldap:set-config s01 ldapGroupFilter "(&(|(objectclass=kopano-group)))" +occ ldap:set-config s01 ldapConfigurationActive 1 + +/usr/bin/occ user:sync -m disable "OCA\User_LDAP\User_Proxy" + +cat << EOF >| /etc/cron.d/sync +*/10 * * * * root /usr/bin/occ user:sync -m disable 'OCA\User_LDAP\User_Proxy' +EOF + +true diff --git a/owncloud/README.md b/owncloud/README.md new file mode 100644 index 0000000..150a619 --- /dev/null +++ b/owncloud/README.md @@ -0,0 +1,14 @@ +# Running kopano-docker together with Owncloud + +To have a demo environment that runs both Kopano and Owncloud perform the following modifications. This setup uses the official images from https://hub.docker.com/r/owncloud/server. + +1. Add the `owncloud.yml` to the `COMPOSE_FILE` variable in your `.env` file. + +Example: +``` +COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:owncloud/owncloud.yml +``` + +2. run `owncloud.sh` to create the required runtime variables in your `.env` file. + +3. run `docker-compose up -d` and you will be able to log into `https://your-fqdn/owncloud`. \ No newline at end of file diff --git a/owncloud/owncloud.sh b/owncloud/owncloud.sh new file mode 100755 index 0000000..d707dd7 --- /dev/null +++ b/owncloud/owncloud.sh @@ -0,0 +1,96 @@ +#!/bin/bash + +set -euo pipefail +IFS=$'\n\t' + +if ! command -v reg > /dev/null; then + echo "Please install reg in order to run this script." + exit 1 +fi + +if [ ! -e ../.env ]; then + echo "please run setup.sh first" + exit 1 +fi + +# this is a kind of ugly hack to be able to source the env file +# this is sadly needed since postfix in https://github.com/tomav/docker-mailserver/ cannot deal with quoted values +tmpfile=$(mktemp /tmp/kopano-docker-env.XXXXXX) +cp ../.env "$tmpfile" +sed -i '/LDAP_QUERY_FILTER/s/^/#/g' "$tmpfile" +sed -i '/SASLAUTHD_LDAP_FILTER/s/^/#/g' "$tmpfile" +# shellcheck disable=SC1090 +source "$tmpfile" + +fqdn_to_dn() { + printf 'dc=%s' "$1" | sed -E 's/\./,dc=/g' +} + +random_string() { + hexdump -n 16 -v -e '/1 "%02X"' /dev/urandom +} + +docker_tag_search () { + image="$1" + results=$(reg tags "$image" 2> /dev/null) + echo "$results" | xargs -n1 | sort --version-sort -ru +} + +# function from https://stackoverflow.com/a/42790579/4754613 +selectWithDefault() { + + local item i=0 numItems=$# + + # Print numbered menu items, based on the arguments passed. + for item; do # Short for: for item in "$@"; do + printf '%s\n' "$((++i))) $item" + done >&2 # Print to stderr, as `select` does. + + # Prompt the user for the index of the desired item. + while :; do + printf %s "${PS3-#? }" >&2 # Print the prompt string to stderr, as `select` does. + read -r index + # Make sure that the input is either empty or that a valid index was entered. + [[ -z $index ]] && break # empty input + (( index >= 1 && index <= numItems )) 2>/dev/null || { echo "Invalid selection. Please try again." >&2; continue; } + break + done + + # Output the selected item, if any. + [[ -n $index ]] && printf %s "${@: index:1}" +} + +update_env_file () { + varname="$1" + varvalue="$2" + if ! grep -q "$varname" ../.env; then + echo "$varname=$varvalue" >> ../.env + else + sed -i "/$varname/c $varname=$varvalue" ../.env + fi +} + +tag_question () { + containername="$1" + value_default="$2" + description="$3" + echo "Which tag do you want to use for $description? [$value_default]" + echo "Available tags in $containername: " + set +e # do not exit when new_value is empty + # shellcheck disable=SC2046 + new_value=$(selectWithDefault $(docker_tag_search "$containername")) + set -e + return_value=${new_value:-$value_default} +} + +tag_question owncloud/server "${OWNCLOUD_VERSION:-latest}" "Owncloud" +update_env_file OWNCLOUD_VERSION "$return_value" +update_env_file OWNCLOUD_DB_USERNAME owncloud +update_env_file OWNCLOUD_DB_PASSWORD "$(random_string)" +update_env_file OWNCLOUD_ADMIN_USERNAME admin +update_env_file OWNCLOUD_ADMIN_PASSWORD "$(random_string)" +update_env_file MARIADB_ROOT_PASSWORD "$(random_string)" + +if [ -e "$tmpfile" ]; then + rm "$tmpfile" +fi diff --git a/owncloud/owncloud.yml b/owncloud/owncloud.yml new file mode 100644 index 0000000..db74b9e --- /dev/null +++ b/owncloud/owncloud.yml @@ -0,0 +1,87 @@ +# based on https://github.com/owncloud/docs/blob/4a04cd16a10a853bfab630e8a6450f722ac6ea86/modules/admin_manual/examples/installation/docker/docker-compose.yml +version: "3.5" + +volumes: + oc_files: + oc_mysql: + oc_backup: + oc_redis: + +services: + owncloud: + image: owncloud/server:${OWNCLOUD_VERSION:-latest} + restart: always + depends_on: + - oc_db + - oc_redis + - ldap + - web + environment: + - OWNCLOUD_DOMAIN=${FQDN} + - OWNCLOUD_DB_TYPE=mysql + - OWNCLOUD_DB_NAME=owncloud + - OWNCLOUD_DB_USERNAME=${OWNCLOUD_DB_USERNAME} + - OWNCLOUD_DB_PASSWORD=${OWNCLOUD_DB_PASSWORD} + - OWNCLOUD_DB_HOST=oc_db + - OWNCLOUD_ADMIN_USERNAME=${OWNCLOUD_ADMIN_USERNAME} + - OWNCLOUD_ADMIN_PASSWORD=${OWNCLOUD_ADMIN_PASSWORD} + - OWNCLOUD_MYSQL_UTF8MB4=true + - OWNCLOUD_REDIS_ENABLED=true + - OWNCLOUD_REDIS_HOST=oc_redis + - OWNCLOUD_SUB_URL=/owncloud + - LDAP_SERVER=${LDAP_SERVER} + - LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE} + - LDAP_BIND_DN=${LDAP_BIND_DN} + - LDAP_BIND_PW=${LDAP_BIND_PW} + healthcheck: + test: ["CMD", "/usr/bin/healthcheck"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - oc_files:/mnt/data + - ./owncloud/99-ldap.sh:/etc/owncloud.d/99-ldap.sh + networks: + - web-net + - owncloud-net + - ldap-net + + oc_db: + image: webhippie/mariadb:latest + restart: always + environment: + - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD} + - MARIADB_USERNAME=${OWNCLOUD_DB_USERNAME} + - MARIADB_PASSWORD=${OWNCLOUD_DB_PASSWORD} + - MARIADB_DATABASE=owncloud + - MARIADB_MAX_ALLOWED_PACKET=128M + - MARIADB_INNODB_LOG_FILE_SIZE=64M + healthcheck: + test: ["CMD", "/usr/bin/healthcheck"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - oc_mysql:/var/lib/mysql + - oc_backup:/var/lib/backup + networks: + - owncloud-net + + oc_redis: + image: webhippie/redis:latest + restart: always + environment: + - REDIS_DATABASES=1 + healthcheck: + test: ["CMD", "/usr/bin/healthcheck"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - oc_redis:/var/lib/redis + networks: + - owncloud-net + +networks: + owncloud-net: + driver: bridge diff --git a/web/kweb.cfg b/web/kweb.cfg index c4c0032..053a50e 100644 --- a/web/kweb.cfg +++ b/web/kweb.cfg @@ -205,4 +205,11 @@ transparent keepalive 100 } + proxy /owncloud/ owncloud:8080 { + transparent + keepalive 0 + fail_timeout 10s + try_duration 30s + } + folderish /owncloud }