Hallo zusammen,
ich teste aktuell das neue oCIS per docker-compose und vorangestellten Nginx Proxy.
Die Website zum Login geht auf, doch nachdem die Daten eingetragen sind, entsteht ein Loop, dass ich aus Sicherheitsgründen wieder ausgeloggt werde.
Im Log finde ich folgende Zeile:
{"level":"error","service":"proxy","error":"Get \"https://.../.well-known/openid-configuration\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)","time":"2022-10-12T08:58:47.670285457Z","message":"could not initialize oidcAuth provider"}
docker-compose.yml
---
version: "3.7"
services:
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
user: root
networks:
- "ocis-proxy"
ports:
- "39996:9200"
entrypoint:
- /bin/sh
command: ["-c", "ocis init || true; ocis server"]
environment:
PROXY_AUTOPROVISION_ACCOUNTS: "false" # Keycloak IDP specific configuration
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}"
OCIS_LOG_FILE: "/etc/ocis/ocis.log"
OCIS_LOG_PRETTY: "false" # Logs only in the console
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
OCIS_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
PROXY_HTTP_ADDR: "0.0.0.0:9200"
PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
PROXY_OIDC_REWRITE_WELLKNOWN: "false" #Enables rewriting the /.well-known/openid-configuration to the configured OIDC issuer. Needed by the Desktop Client, Android Client and iOS Client to discover the OIDC provider.
PROXY_INSECURE_BACKENDS: "true" #Disable TLS certificate validation for all HTTP backend connections.
# admin user password
IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
# demo users
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
volumes:
- "./ocis-config:/etc/ocis"
- "./ocis-data:/var/lib/ocis"
- "/etc/ssl/certs:/etc/ssl/certs:ro"
- "/usr/share/ca-certificates:/usr/share/ca-certificates:ro"
- "/usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro"
restart: always
volumes:
ocis-config:
ocis-data:
networks:
ocis-proxy:
external: true
.env File:
# Setting to allow non-https traffic between traefik and ocis
INSECURE=true
PROXY_ENABLE_BASIC_AUTH=false
### oCIS settings ###
# oCIS version. Defaults to "latest"
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=DOMAIN
# oCIS admin user password. Defaults to "admin".
ADMIN_PASSWORD=langes_und_wichtiges_test_password
# The demo users should not be created on a production instance
# because their passwords are public. Defaults to "false".
DEMO_USERS=false
OCIS_LOG_LEVEL=warn
Version:
Version: 2.0.0-beta.8+2f5cba2ac
Compiled: 2022-10-12 00:00:00 +0000 UTC
Muss nachdem docker-compose up -d noch weiter manuell eingegriffen werden? D.h. muss hier ein Service gestartet werden, etc?
Vielen Dank für Eure HIlfe