You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#!/bin/shset -e
apk add curl
#TODO: app driver itself should try again until OnlyOffice is up...
retries=10
while [[ $retries-gt 0 ]];doif curl --silent --show-error --fail http://onlyoffice/hosting/discovery > /dev/null;then
ocis app-provider server
elseecho"OnlyOffice is not yet available, trying again in 10 seconds"
sleep 10
retries=$((retries -1))fidoneecho'OnlyOffice was not available after 100 seconds'exit 1
WOPI "entrypoint-override.sh"
#!/bin/shset -e
echo"${WOPISECRET}"> /etc/wopi/wopisecret
cp /etc/wopi/wopiserver.conf.dist /etc/wopi/wopiserver.conf
sed -i 's/wopi.domain.com/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf
if [ "$WOPISERVER_INSECURE"=="true" ];then
sed -i 's/sslverify\s=\sTrue/sslverify = False/g' /etc/wopi/wopiserver.conf
fi
/app/wopiserver.py
WOPI "wopiserver.conf.dist"
#!/bin/shset -e
echo"${WOPISECRET}"> /etc/wopi/wopisecret
cp /etc/wopi/wopiserver.conf.dist /etc/wopi/wopiserver.conf
sed -i 's/wopi.domain.com/'${WOPISERVER_DOMAIN}'/g' /etc/wopi/wopiserver.conf
if [ "$WOPISERVER_INSECURE"=="true" ];then
sed -i 's/sslverify\s=\sTrue/sslverify = False/g' /etc/wopi/wopiserver.conf
fi
/app/wopiserver.py
[user@SRV01 ~]$ cat /home/user/ocis/wopi/wopiserver.conf.dist
## This config is based on https://github.com/cs3org/wopiserver/blob/master/wopiserver.conf## wopiserver.conf## Default configuration file for the WOPI server for oCIS###############################################################
[general]
# Storage access layer to be loaded in order to operate this WOPI server# only "cs3" is supported with oCIS
storagetype = cs3
# Port where to listen for WOPI requests
port = 8880
# Logging level. Debug enables the Flask debug mode as well.# Valid values are: Debug, Info, Warning, Error.
loglevel = Error
loghandler = stream
logdest = stdout
# URL of your WOPI server or your HA proxy in front of it
wopiurl = https://wopi.domain.com
# URL for direct download of files. The complete URL that is sent# to clients will include the access_token argument
downloadurl = https://wopi.domain.com/wopi/cbox/download
# The internal server engine to use (defaults to flask).# Set to waitress for production installations.
internalserver = waitress
# List of file extensions deemed incompatible with LibreOffice:# interoperable locking will be disabled for such files
nonofficetypes = .md .zmd .txt .epd
# List of file extensions to be supported by Collabora (deprecated)
codeofficetypes = .odt .ott .ods .ots .odp .otp .odg .otg .doc .dot .xls .xlt .xlm .ppt .pot .pps .vsd .dxf .wmf .cdr .pages .number .key
# WOPI access token expiration time [seconds]
tokenvalidity = 86400
# WOPI lock expiration time [seconds]
wopilockexpiration = 3600
# WOPI lock strict check: if True, WOPI locks will be compared according to specs,# that is their representation must match. False (default) allows for a more relaxed# comparison, which compensates incorrect lock requests from Microsoft Office Online# on-premise setups.
wopilockstrictcheck = False
# Enable support of rename operations from WOPI apps. This is currently# disabled by default as it has been observed that both MS Office and Collabora# Online do not play well with this feature.# Not supported with oCIS, must always be set to "False"
enablerename = False
# Detection of external Microsoft Office or LibreOffice locks. By default, lock files# compatible with Office for Desktop applications are detected, assuming that the# underlying storage can be mounted as a remote filesystem: in this case, WOPI GetLock# and SetLock operations return such locks and prevent online apps from entering edit mode.# This feature can be disabled in order to operate a pure WOPI server for online apps.# Not supported with oCIS, must always be set to "False"
detectexternallocks = False
# Location of the webconflict files. By default, such files are stored in the same path# as the original file. If that fails (e.g. because of missing permissions),# an attempt is made to store such files in this path if specified, otherwise# the system falls back to the recovery space (cf. io|recoverypath).# The keywords <user_initial> and <username> are replaced with the actual username's# initial letter and the actual username, respectively, so you can use e.g.# /your_storage/home/user_initial/username#conflictpath = /# ownCloud's WOPI proxy configuration. Disabled by default.#wopiproxy = https://external-wopi-proxy.com#wopiproxysecretfile = /path/to/your/shared-key-file#proxiedappname = Name of your proxied app
[security]
# Location of the secret files. Requires a restart of the# WOPI server when either the files or their content change.
wopisecretfile = /etc/wopi/wopisecret
# iop secret is not used for cs3 storage type#iopsecretfile = /etc/wopi/iopsecret# Use https as opposed to http (requires certificate)
usehttps = no
# Certificate and key for https. Requires a restart# to apply a change.
wopicert = /etc/grid-security/host.crt
wopikey = /etc/grid-security/host.key
[bridge]
# SSL certificate check for the connected apps
sslverify = True
# Minimal time interval between two consecutive save operations [seconds]#saveinterval = 200# Minimal time interval before a closed file is WOPI-unlocked [seconds]#unlockinterval = 90# CodiMD: disable creating zipped bundles when files contain pictures#disablezip = False
[io]
# Size used for buffered reads [bytes]
chunksize = 4194304
# Path to a recovery space in case of I/O errors when reaching to the remote storage.# This is expected to be a local path, and it is provided in order to ease user support.# Defaults to the indicated spool folder.
recoverypath = /var/spool/wopirecovery
[cs3]
# Host and port of the Reva(-like) CS3-compliant GRPC gateway endpoint
revagateway = ocis:9142
# Reva/gRPC authentication token expiration time [seconds]# The default value matches Reva's default
authtokenvalidity = 3600
# SSL certificate check for Reva
sslverify = True
Note: don't forget to make the "entrypoint-override.sh" files executable with chmod +x entrypoint-override.sh.
Preparation
Create volumes and network:
podman volume create ocis-config
podman volume create ocis-data
podman volume create wopi-recovery
podman network create ocis_net
Note: I use a cloudflare Tunnel (it's free) to access my homelab but any reverse proxy would work to.
podman network create cloudflare_net
Create necessary Files
OCIS "app-registry.yaml"
OCIS app-provider-onlyoffice "entrypoint-override.sh"
WOPI "entrypoint-override.sh"
WOPI "wopiserver.conf.dist"
Note: don't forget to make the "entrypoint-override.sh" files executable with
chmod +x entrypoint-override.sh
.Run Containers
Cloudflare Tunnel Container
ownCloud Infinite Scale
initialize OCIS
Infinite Scale needs a first time initialization to set up the environment.
podman run --rm -it \ --name ocis \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Europe/Rome \ -v ocis-config:/etc/ocis \ -v ocis-data:/var/lib/ocis \ -e IDM_ADMIN_PASSWORD="$yourSecretAdminPasswort" \ --network cloudflare_net \ --network ocis_net \ docker.io/owncloud/ocis init
Run OCIS
WOPI Container
podman run -d \ --name wopi \ --restart unless-stopped \ --label "io.containers.autoupdate=image" \ --entrypoint /entrypoint-override.sh \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Europe/Rome \ -e WOPISERVER_INSECURE=false \ -e WOPISECRET=KorenIpsum494 \ -e WOPISERVER_DOMAIN=wopi.domain.com \ -v /lokal/path/to/wopi/entrypoint-override.sh:/entrypoint-override.sh:Z \ -v /lokal/path/to/wopiserver.conf.dist:/etc/wopi/wopiserver.conf.dist:Z \ -v wopi-recovery:/var/spool/wopirecovery \ --network ocis_net \ --network cloudflare_net \ docker.io/cs3org/wopiserver:latest
OnlyOffice
podman run -d \ --name OnlyOffice \ --restart unless-stopped \ --label "io.containers.autoupdate=image" \ -e PUID=1000 \ -e PGID=1000 \ -e TZ=Europe/Rome \ -e WOPI_ENABLED=true \ -e USE_UNAUTHORIZED_STORAGE=false \ --network ocis_net \ --network cloudflare_net \ docker.io/onlyoffice/documentserver:latest
OCIS app-provider-onlyoffice
Now you should be able to access your ocis.domain.com!
The text was updated successfully, but these errors were encountered: