docker-compose.yml

---
services:
  opencloud:
    # renovate: depName=opencloudeu/opencloud-rolling
    image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-5.2.0}
    # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog
    # release notes: https://docs.opencloud.eu/opencloud_release_notes.html
    user: ${OC_CONTAINER_UID_GID:-1000:1000}
    networks:
      opencloud-net:
    entrypoint:
      - /bin/sh
    # run opencloud init to initialize a configuration file with random secrets
    # it will fail on subsequent runs, because the config file already exists
    # therefore we ignore the error and then start the opencloud server
    command: ["-c", "opencloud init || true; opencloud server"]
    environment:
      # enable services that are not started automatically
      OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES}
      OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}
      OC_LOG_LEVEL: ${LOG_LEVEL:-info}
      OC_LOG_COLOR: "${LOG_PRETTY:-false}"
      OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
      # do not use SSL between the reverse proxy and OpenCloud
      PROXY_TLS: "false"
      # INSECURE: needed if OpenCloud / reverse proxy is using self generated certificates
      OC_INSECURE: "${INSECURE:-false}"
      # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
      PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
      # demo users
      IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
      # admin password
      IDM_ADMIN_PASSWORD: "${INITIAL_ADMIN_PASSWORD}"
      # email server (if configured)
      NOTIFICATIONS_SMTP_HOST: "${SMTP_HOST}"
      NOTIFICATIONS_SMTP_PORT: "${SMTP_PORT}"
      NOTIFICATIONS_SMTP_SENDER: "${SMTP_SENDER:-OpenCloud Notifications <notifications@cloud.opencloud.test>}"
      NOTIFICATIONS_SMTP_USERNAME: "${SMTP_USERNAME}"
      NOTIFICATIONS_SMTP_PASSWORD: "${SMTP_PASSWORD}"
      NOTIFICATIONS_SMTP_INSECURE: "${SMTP_INSECURE:-false}"
      NOTIFICATIONS_SMTP_AUTHENTICATION: "${SMTP_AUTHENTICATION}"
      NOTIFICATIONS_SMTP_ENCRYPTION: "${SMTP_TRANSPORT_ENCRYPTION:-none}"
      FRONTEND_ARCHIVER_MAX_SIZE: "10000000000"
      FRONTEND_CHECK_FOR_UPDATES: "${CHECK_FOR_UPDATES:-true}"
      PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml
      # enable to allow using the banned passwords list
      OC_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: banned-password-list.txt
      # control the password enforcement and policy for public shares
      OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD:-true}"
      OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD: "${OC_SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD:-false}"
      OC_PASSWORD_POLICY_DISABLED: "${OC_PASSWORD_POLICY_DISABLED:-false}"
      OC_PASSWORD_POLICY_MIN_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_CHARACTERS:-8}"
      OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS:-1}"
      OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS:-1}"
      OC_PASSWORD_POLICY_MIN_DIGITS: "${OC_PASSWORD_POLICY_MIN_DIGITS:-1}"
      OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS: "${OC_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS:-1}"
      # default language for services/WebUI; defaults to English, language code (ISO 639-1, e.g. de, en, fr)
      OC_DEFAULT_LANGUAGE: ${DEFAULT_LANGUAGE}
    volumes:
      - ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml
      - ./config/opencloud/banned-password-list.txt:/etc/opencloud/banned-password-list.txt
      # configure the .env file to use own paths instead of docker internal volumes
      - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
      - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
      - ${OC_APPS_DIR:-./config/opencloud/apps}:/var/lib/opencloud/web/assets/apps
    logging:
      driver: ${LOG_DRIVER:-local}
    restart: always

volumes:
  opencloud-config:
  opencloud-data:

networks:
  opencloud-net: