From 210651b75c00a207bf44366210af5f1fb27fb3af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Thu, 2 Jan 2020 22:46:56 +0100 Subject: [PATCH] Add SAML, SMB and polish layout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- developer_manual/core/index.rst | 1 + developer_manual/how_to/index.rst | 95 +++++++++++++++++++++++++------ 2 files changed, 79 insertions(+), 17 deletions(-) diff --git a/developer_manual/core/index.rst b/developer_manual/core/index.rst index 031da759c..c63d41344 100644 --- a/developer_manual/core/index.rst +++ b/developer_manual/core/index.rst @@ -12,3 +12,4 @@ Please make sure you have set up a :ref:`devenv`. translation unit-testing externalapi + ../how_to/index diff --git a/developer_manual/how_to/index.rst b/developer_manual/how_to/index.rst index 013462189..ea6f3f333 100644 --- a/developer_manual/how_to/index.rst +++ b/developer_manual/how_to/index.rst @@ -7,17 +7,15 @@ This page should explain how to test given features in Nextcloud. Redis ----- -First you need to install the `phpredis extension`. There is a install document available `inside the repo` and many linux distribtutions ship it in their repositories as well. +First you need to install the `phpredis extension `_ . There is a install document available `inside the repo `_ and many linux distribtutions ship it in their repositories as well. -..code: - pecl install redis Cluster ~~~~~~~ -For a local Redis cluster setup there are some docker script collected in `this repository`. It boils down to clone the repo and run `make up`. Then the redis cluster is available at ``localhost:7000``. +For a local Redis cluster setup there are some docker script collected in `this repository `_. It boils down to clone the repo and run `make up`. Then the redis cluster is available at ``localhost:7000``. Following ``config.php`` can be used:: @@ -31,28 +29,91 @@ Following ``config.php`` can be used:: 'failover_mode' => \RedisCluster::FAILOVER_ERROR, ], +SMB +--- + +:: + + mkdir /tmp/samba + docker run -it -p 139:139 -p 445:445 \ + -v /tmp/samba:/smbmount dperson/samba \ + -u "user;password" -s "public;/smbmount;yes;no;yes" + +Make sure that smbclient is installed on your Nextcloud server and has the following configuration: + +:: + + # /etc/samba/smb.conf + [global] + client min protocol = SMB2 + client max protocol = SMB3 + hide dot files = no + +The setup can be verified with + +:: + + smbclient //127.0.0.1/public -u user + +SAML setup with onelogin +------------------------ + +- create dev account on onelogin.com + +- log into onelogin.com + +- create new app: SAML Test Connector (Advanced) + + - go to "Configuration" + + - Audience: https://localhost/apps/user_saml/saml/metadata + - Recipient: https://localhost/apps/user_saml/saml/acs + - ACS (Consumer) URL Validator: https://localhost/apps/user_saml/saml/acs + + - go to "Parameters" + + - Add "User.email" -> email (and add to assertion) + - Add "User.FirstName" -> first name (and add to assertion) + - Add "User.LastName" -> last name (and add to assertion) + +- open Nextcloud SAML settings + + - Select SAML + - Configure it according to https://portal.nextcloud.com/article/configuring-single-sign-on-10.html + + Collabora without SSL ----- -1) start Collabora - - docker run -p 127.0.0.1:9980:9980 -e 'domain=172.17.0.1' -e 'username=admin' -e 'password=487903ffcf4' -e extra_params='--o:ssl.enable=false' --restart always --cap-add MKNOD collabora/code - - 172.17.0.1 is localhost, which is default by Docker - - get IP of Collabora container: docker inspect --format='{{ .NetworkSettings.IPAddress }}' $containerName +**1) Start Collabora in a docker container** -2) configure Nextcloud +:: + + docker run -p 127.0.0.1:9980:9980 -e 'domain=172.17.0.1' \ + -e 'username=admin' -e 'password=487903ffcf4' \ + -e extra_params='--o:ssl.enable=false' \ + --restart always --cap-add MKNOD collabora/code + +- 172.17.0.1 is localhost, which is default by Docker +- get IP of Collabora container: docker inspect --format='{{ .NetworkSettings.IPAddress }}' $containerName + +**2) Configure Nextcloud** - go to your local cloud (e.g. 172.17.0.1/nc) -> Settings -> Collabora - set URL to IP you found out above, e.g: http://172.17.0.2:9980 - check "Disable certificate verification (insecure) -3) use +**3) Use** - please note that you cannot use it with localhost, but you have to enter a valid IP address of localhost - with this approach you can also use it with mobile clients -4) troubleshoot +**4) Troubleshoot** - http://172.17.0.2:9980/hosting/capabilities should give you: + +:: + {"convert-to":{"available":false},"hasMobileSupport":true,"hasTemplateSaveAs":true,"productName":"Collabora Online Development Edition"} OnlyOffice ------- +---------- 1) Create self signed cert, should be on a permanent path:: @@ -79,15 +140,15 @@ docker run --name=ONLYOFFICEDOCKER -i -t -d -p 4433:443 -e JWT_ENABLED='true' -e - vim /etc/onlyoffice/documentserver/local.json - change token -> inbox -> header to "AuthorizationJWT" - change token -> outbox -> header to "AuthorizationJWT" -- edit config.php of NC server: - - add:: +- Add the following to your config.php: + + :: - 'onlyoffice' => - array ( + 'onlyoffice' => array ( 'verify_peer_off' => true, 'jwt_secret' => 'secret', 'jwt_header' => 'AuthorizationJWT' - ), + ), - test with local ip: https://localhost:4433 - accept cert warning