podman version 5.1.2, rootless container, rootless & passwordless user with fedora 40
certs auto-created/renewed with docker.io/goacme/lego:latest (4.17.4) over DNS Challenge
ocis.pod
# vi: ft=systemd
[Pod]
PodName=ocis
PublishPort=9445:9200
PublishPort=9980:9980
PublishPort=9300:9300
collabora.container
ver 24.04.5.2.1
# vi: ft=systemd
[Unit]
Description=Container collabora
After=local-fs.target
[Container]
ContainerName=collabora
Image=docker.io/collabora/code:latest
UserNS=keep-id:uid=100,gid=101
Volume=%h/collaboraETC/proof_key:/etc/coolwsd/proof_key:Z
Volume=%h/collaboraETC/proof_key.pub:/etc/coolwsd/proof_key.pub
Volume=%h/legoCERT/certificates/collabora.example.net.crt:/etc/coolwsd/cert.pem:ro,z
Volume=%h/legoCERT/certificates/collabora.example.net.key:/etc/coolwsd/key.pem:ro,z
Volume=%h/legoCERT/certificates/collabora.example.net.issuer.crt:/etc/coolwsd/ca-chain.cert.pem:ro,z
Environment=aliasgroup1=https://wopi.example.net:9300
Environment=extra_params="--o:mount_namespaces=false --o:ssl.enable=true --o:welcome.enable=false --o:net.frame_ancestors=files.example.net --o:logging.level=debug"
Pod=ocis.pod
AutoUpdate=registry
[Service]
TimeoutStartSec=900
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target default.target
ocis.container
ver 6.1.0
# vi: ft=systemd
[Unit]
Description=Container ocis
After=local-fs.target
[Container]
ContainerName=ocis
Image=docker.io/owncloud/ocis-rolling:latest
UserNS=keep-id:uid=1000,gid=1000
Volume=%h/ocisCFG:/etc/ocis:Z
Volume=%h/ocisDATA:/var/lib/ocis:Z
Volume=%h/legoCERT/certificates/files.example.net.crt:/crt/files.example.net.crt:ro,z
Volume=%h/legoCERT/certificates/files.example.net.key:/crt/files.example.net.key:ro,z
Environment=OCIS_URL=https://files.example.net
Environment=OCIS_LOG_LEVEL=debug
Environment=PROXY_TLS=true
Environment=GATEWAY_GRPC_ADDR=0.0.0.0:9142
Environment=OCIS_INSECURE=false
Environment=PROXY_TRANSPORT_TLS_CERT=/crt/files.example.net.crt
Environment=PROXY_TRANSPORT_TLS_KEY=/crt/files.example.net.key
Environment=MICRO_REGISTRY_ADDRESS=127.0.0.1:9233
Environment=NATS_NATS_HOST=0.0.0.0
Environment=NATS_NATS_PORT=9233
Environment=PROXY_CSP_CONFIG_FILE_LOCATION=/etc/ocis/csp.yaml
Environment=COLLABORA_DOMAIN=collabora.example.net
Environment=COMPANION_DOMAIN=wopi.example.net
Environment=FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR=com.owncloud.api.collaboration.Collabora
Pod=ocis.pod
AutoUpdate=registry
[Service]
TimeoutStartSec=900
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target default.target
wopi.container
ver 6.1.0
# vi: ft=systemd
[Unit]
Description=Container ocis
After=local-fs.target
[Container]
ContainerName=wopi
Image=docker.io/owncloud/ocis-rolling:latest
Exec=collaboration server
UserNS=keep-id:uid=1000,gid=1000
Volume=%h/wopiCFG:/etc/ocis:Z
Volume=%h/legoCERT/certificates/wopi.example.net.crt:/crt/wopi.example.net.crt:ro,z
Volume=%h/legoCERT/certificates/wopi.example.net.key:/crt/wopi.example.net.key:ro,z
Environment=OCIS_HTTP_TLS_ENABLED=true
Environment=OCIS_HTTP_TLS_CERTIFICATE=/crt/wopi.example.net.crt
Environment=OCIS_HTTP_TLS_KEY=/crt/wopi.example.net.key
Environment=COLLABORATION_GRPC_ADDR=0.0.0.0:9301
Environment=COLLABORATION_HTTP_ADDR=0.0.0.0:9300
Environment=MICRO_REGISTRY=nats-js-kv
Environment=MICRO_REGISTRY_ADDRESS=localhost:9233
Environment=COLLABORATION_WOPI_SRC=https://wopi.example.net:9300
Environment=COLLABORATION_APP_NAME=Collabora
Environment=COLLABORATION_APP_ADDR=https://collabora.example.net:9980
Environment=COLLABORATION_APP_ICON=https://collabora.example.net:9980/favicon.ico
Environment=COLLABORATION_APP_INSECURE=false
Environment=COLLABORATION_CS3API_DATAGATEWAY_INSECURE=true
Environment=COLLABORATION_LOG_LEVEL=debug
Pod=ocis.pod
AutoUpdate=registry
[Service]
TimeoutStartSec=900
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target default.target