oCIS with S3 storage backend (MinIO)
- oCIS running behind Traefik as reverse proxy
- MinIO as S3 compatible storage provider
- oCIS is configured to use S3 as user storage provider
- Traefik generating self-signed certificates for local setup or obtaining valid SSL certificates for a server setup
The docker stack consists 3 containers. One of them is Traefik, a proxy which is terminating SSL and forwards the requests to oCIS in the internal docker network.
The next container is oCIS itself in a configuration like the oCIS with Traefik example, except that it will use S3 as user storage.
The last container is MinIO, providing a S3 compatible API, where oCIS will store its data.
- Linux server with docker and docker-compose installed
- Three domains set up and pointing to your server
- ocis.* for serving oCIS
- minio.* for accessing the MinIO S3 bucket in the browser
- traefik.* for serving the Traefik dashboard
See also example server setup
-
Clone oCIS repository
git clone https://github.com/owncloud/ocis.git
-
Go to the deployment example
cd deployments/examples/ocis_s3
-
Open the
.env
file in a text editor.The file by default looks like this:
# If you're on a internet facing server please comment out following line. # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. INSECURE=true ### Traefik settings ### # Serve Traefik dashboard. Defaults to "false". TRAEFIK_DASHBOARD= # Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test" TRAEFIK_DOMAIN= # Basic authentication for the dashboard. Defaults to user "admin" and password "admin" TRAEFIK_BASIC_AUTH_USERS= # Email address for obtaining LetsEncrypt certificates, needs only be changed if this is a public facing server TRAEFIK_ACME_MAIL= ### oCIS settings ### # oCIS version. Defaults to "latest" OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= # oCIS admin user password. Defaults to "admin". ADMIN_PASSWORD= # The demo users should not be created on a production instance # because their passwords are public. Defaults to "false". DEMO_USERS= ### MINIO / S3 settings ### # Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". MINIO_DOMAIN= # S3 bucket name, where oCIS stores its data in. Defaults to "ocis-bucket". MINIO_BUCKET= # S3 bucket access key, which oCIS uses to authenticate. Defaults to "ocis". MINIO_ACCESS_KEY= # S3 bucket access key secret, which oCIS uses to authenticate. Defaults to "ocis-secret-key". MINIO_SECRET_KEY=
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove
INSECURE=true
or set it tofalse
.If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to
true
(default isfalse
and therefore not active). If you activate it, you must set a domain for the Traefik dashboard inTRAEFIK_DOMAIN=
e.g.TRAEFIK_DOMAIN=traefik.owncloud.test
.The Traefik dashboard is secured by basic auth. Default credentials are the user
admin
with the passwordadmin
. To set your own credentials, generate a htpasswd (e.g. by using an online tool or a cli tool).Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in
TRAEFIK_ACME_MAIL=
.By default oCIS will be started in the
latest
version. If you want to start a specific version of oCIS set the version toOCIS_DOCKER_TAG=
. Available versions can be found on Docker Hub.Set your domain for the oCIS frontend in
OCIS_DOMAIN=
, e.g.OCIS_DOMAIN=ocis.owncloud.test
.Set the initial admin user password in
ADMIN_PASSWORD=
, it defaults toadmin
.Set your domain for the MinIO frontend in
MINIO_DOMAIN=
, e.g.MINIO_DOMAIN=minio.owncloud.test
. If you are using other S3-compatible providers you need to configure the respective endpoint here.If you like you can change the default name of the S3 bucket by setting
MINIO_BUCKET=
to a different value.You also must override the S3 bucket credentials in
MINIO_ACCESS_KEY
andMINIO_SECRET_KEY
in order to secure your MinIO instance. Choose some random strings e.g. from the output ofopenssl rand -base64 32
.Now you have configured everything and can save the file.
-
Start the docker stack
docker-compose up -d
-
You now can visit oCIS and are able to use it just normally. If you log into the web UI of MinIO, you will see blobs of files you uploaded. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time.
For a more simple local ocis setup see Getting started
This docker stack can also be run locally. One downside is that Traefik can not obtain valid SSL certificates and therefore will create self-signed ones. This means that your browser will show scary warnings. Another downside is that you can not point DNS entries to your localhost. So you have to add static host entries to your computer.
On Linux and macOS you can add them to your /etc/hosts
file and on Windows to C:\Windows\System32\Drivers\etc\hosts
file like this:
127.0.0.1 ocis.owncloud.test
127.0.0.1 traefik.owncloud.test
127.0.0.1 minio.owncloud.test
After that you’re ready to start the application stack:
docker-compose up -d
Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can use oCIS normally and should now upload a file. Open https://minio.owncloud.test in your browser and accept the invalid certificate warning, after that you will see blobs of files you have uploaded to oCIS. You may need to wait some minutes until all services are fully ready, so make sure that you try to reload the pages from time to time.