services: opencloud: image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-6.0.0} container_name: opencloud restart: always # user: ${OC_CONTAINER_UID_GID:-1000:1000} user: root ports: - 9200:9200 environment: # enable services that are not started automatically # OC_ADD_RUN_SERVICES: "" OC_URL: https://files.aggtaa.com OC_LOG_LEVEL: "debug" OC_LOG_COLOR: "false" OC_LOG_PRETTY: "true" # do not use SSL between the reverse proxy and OpenCloud PROXY_TLS: "false" # INSECURE: needed if OpenCloud / reverse proxy is using self generated certificates OC_INSECURE: "true" # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) PROXY_ENABLE_BASIC_AUTH: "false" IDM_CREATE_DEMO_USERS: "false" IDM_ADMIN_PASSWORD: "admin" # initial password # smtp NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}" NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}" NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud Notifications }" NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}" NOTIFICATIONS_SMTP_PASSWORD: "${SMTP_PASSWORD}" NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE:-false}" NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}" NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}" # ? FRONTEND_ARCHIVER_MAX_SIZE: "10000000000" FRONTEND_CHECK_FOR_UPDATES: "true" PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml # password policy OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: /etc/opencloud/banned-password-list.txt OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: "false" OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "true" OC_PASSWORD_POLICY_DISABLED: "false" OC_PASSWORD_POLICY_MIN_CHARACTERS: "8" OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: "1" OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: "1" OC_PASSWORD_POLICY_MIN_DIGITS: "1" OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "0" OC_DEFAULT_LANGUAGE: ru # oidc OC_OIDC_CLIENT_ID: files.aggtaa.com IDP_DOMAIN: "auth" OC_OIDC_ISSUER: https://auth.aggtaa.com PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD: none # disable, as authelia uses plain string tokens, opencloud expects jwt OC_EXCLUDE_RUN_SERVICES: idp # disable internal lico idp, as external authelia is used PROXY_AUTOPROVISION_ACCOUNTS: true # autocreate local accounts on oidc login GRAPH_USERNAME_MATCH: none # does it need this? PROXY_USER_OIDC_CLAIM: preferred_username PROXY_USER_CS3_CLAIM: username # PROXY_ROLE_ASSIGNMENT_DRIVER: default # all new users are of 'user' role PROXY_ROLE_ASSIGNMENT_DRIVER: oidc GRAPH_ASSIGN_DEFAULT_USER_ROLE: false PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM: groups WEB_OIDC_SCOPE: openid profile email groups volumes: - ./config/csp.yaml:/etc/opencloud/csp.yaml:ro - ./config/banned-password-list.txt:/etc/opencloud/banned-password-list.txt:ro - ./config/proxy.yaml:/etc/opencloud/proxy.yaml:ro - /docker/data/opencloud/etc:/etc/opencloud - /docker/data/opencloud/data:/var/lib/opencloud - /docker/data/opencloud/apps:/var/lib/opencloud/web/assets/apps entrypoint: - /bin/sh # run opencloud init to initialize a configuration file with random secrets # it will fail on subsequent runs, because the config file already exists # therefore we ignore the error and then start the opencloud server command: ["-c", "opencloud init || true; opencloud server"] networks: - caddy_default networks: caddy_default: external: true