From 2cee7c8b059827f1670a5df7bcc2556b49bcda59 Mon Sep 17 00:00:00 2001 From: Thomas Schweiger Date: Wed, 3 Dec 2025 12:05:46 +0100 Subject: [PATCH 01/16] enhance: pin Docker image versions to specific tags --- .env.example | 2 +- idm/ldap-keycloak.yml | 2 +- search/tika.yml | 2 +- testing/external-keycloak.yml | 2 +- traefik/opencloud.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.env.example b/.env.example index c6dace3f..a7e97fc9 100644 --- a/.env.example +++ b/.env.example @@ -83,7 +83,7 @@ TRAEFIK_LOG_LEVEL= # For production releases: "opencloudeu/opencloud" # For rolling releases: "opencloudeu/opencloud-rolling" # Defaults to production if not set otherwise -OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling +OC_DOCKER_IMAGE=opencloudeu/opencloud # The openCloud container version. # Defaults to "latest" and points to the latest stable tag. OC_DOCKER_TAG= diff --git a/idm/ldap-keycloak.yml b/idm/ldap-keycloak.yml index 038b049a..0fedf8c9 100644 --- a/idm/ldap-keycloak.yml +++ b/idm/ldap-keycloak.yml @@ -64,7 +64,7 @@ services: restart: always postgres: - image: postgres:17-alpine + image: postgres:17.7-alpine networks: opencloud-net: volumes: diff --git a/search/tika.yml b/search/tika.yml index de3c0e67..8f863818 100644 --- a/search/tika.yml +++ b/search/tika.yml @@ -1,7 +1,7 @@ --- services: tika: - image: ${TIKA_IMAGE:-apache/tika:latest} + image: ${TIKA_IMAGE:-apache/tika:3.2.3.0} # Using the base variant for smaller image size and faster startup # The base variant includes core functionality for text extraction # Full variant is only needed for specialized OCR/image processing diff --git a/testing/external-keycloak.yml b/testing/external-keycloak.yml index 2808fa49..9c6c5d85 100644 --- a/testing/external-keycloak.yml +++ b/testing/external-keycloak.yml @@ -1,7 +1,7 @@ --- services: postgres: - image: postgres:17-alpine + image: postgres:17.7-alpine networks: opencloud-net: volumes: diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index 2f39ae0a..bd5ef9ce 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -9,7 +9,7 @@ services: - "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}" traefik: - image: traefik:v3 + image: traefik:v3.6.2 # release notes: https://github.com/traefik/traefik/releases user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: From ea2964c36266e1a5066addff36500c05c5928ac7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Mar 2026 17:02:54 +0000 Subject: [PATCH 02/16] chore(deps): update collabora/code docker tag to v25.04.9.2.1 --- weboffice/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index ce6e9bdb..23ae6313 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -48,7 +48,7 @@ services: restart: always collabora: - image: collabora/code:25.04.7.1.1 + image: collabora/code:25.04.9.2.1 # release notes: https://www.collaboraonline.com/release-notes/ networks: opencloud-net: From dabaff565367660dd73b11c688b1d5ee87a437d5 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Tue, 3 Mar 2026 21:20:12 +0100 Subject: [PATCH 03/16] feat: pin version, add renovate --- docker-compose.yml | 3 ++- weboffice/collabora.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5ef75ca6..f24130bc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,8 @@ --- services: opencloud: - image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} + # renovate: depName=opencloudeu/opencloud + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.3} # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # release notes: https://docs.opencloud.eu/opencloud_release_notes.html user: ${OC_CONTAINER_UID_GID:-1000:1000} diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index 23ae6313..1c755851 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -14,7 +14,8 @@ services: GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6" collaboration: - image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest} + # renovate: depName=opencloudeu/opencloud + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.3} user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: From 2f09abc647628c2a009a6867d81e1ca01f99fd2d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Mar 2026 20:20:33 +0000 Subject: [PATCH 04/16] chore(deps): update traefik docker tag to v3.6.9 --- traefik/opencloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index bd5ef9ce..acdbe329 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -9,7 +9,7 @@ services: - "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}" traefik: - image: traefik:v3.6.2 + image: traefik:v3.6.9 # release notes: https://github.com/traefik/traefik/releases user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: From 5fcba85d97201af784c3b87592f299a89ab3cac0 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 6 Mar 2026 21:45:38 +0000 Subject: [PATCH 05/16] chore(deps): update traefik docker tag to v3.6.10 --- traefik/opencloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index acdbe329..f1aa025b 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -9,7 +9,7 @@ services: - "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}" traefik: - image: traefik:v3.6.9 + image: traefik:v3.6.10 # release notes: https://github.com/traefik/traefik/releases user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: From 9f93def3dfce285b069fd2dc7e547b4a92387a4b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 17:30:17 +0000 Subject: [PATCH 06/16] chore(deps): update collabora/code docker tag to v25.04.9.3.1 --- weboffice/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index 1c755851..7a98dd51 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -49,7 +49,7 @@ services: restart: always collabora: - image: collabora/code:25.04.9.2.1 + image: collabora/code:25.04.9.3.1 # release notes: https://www.collaboraonline.com/release-notes/ networks: opencloud-net: From 530bfa28bfc74de9acc71ff81845819ab1de124c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Mar 2026 21:51:08 +0000 Subject: [PATCH 07/16] chore(deps): update traefik docker tag to v3.6.11 --- traefik/opencloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index f1aa025b..408c9f72 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -9,7 +9,7 @@ services: - "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}" traefik: - image: traefik:v3.6.10 + image: traefik:v3.6.11 # release notes: https://github.com/traefik/traefik/releases user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: From df3e2bba9c676a95d208020b3d6748a21cbb4cac Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2026 08:29:27 +0000 Subject: [PATCH 08/16] chore(deps): update collabora/code docker tag to v25.04.9.4.1 --- weboffice/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index 7a98dd51..dceeb182 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -49,7 +49,7 @@ services: restart: always collabora: - image: collabora/code:25.04.9.3.1 + image: collabora/code:25.04.9.4.1 # release notes: https://www.collaboraonline.com/release-notes/ networks: opencloud-net: From cf7d6954f9baa63dc3c2eb3cfeae1202cdc7d32f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 30 Mar 2026 16:46:56 +0000 Subject: [PATCH 09/16] chore(deps): update opencloudeu/opencloud docker tag to v4.0.4 --- docker-compose.yml | 2 +- weboffice/collabora.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f24130bc..09c68f8e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ services: opencloud: # renovate: depName=opencloudeu/opencloud - image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.3} + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.4} # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # release notes: https://docs.opencloud.eu/opencloud_release_notes.html user: ${OC_CONTAINER_UID_GID:-1000:1000} diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index dceeb182..b4c08b2a 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -15,7 +15,7 @@ services: collaboration: # renovate: depName=opencloudeu/opencloud - image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.3} + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.4} user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: From 28da55369f0b1d94abb9d612ef72aa966c3a30fd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 08:28:53 +0000 Subject: [PATCH 10/16] chore(deps): update traefik docker tag to v3.6.12 --- traefik/opencloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index 408c9f72..4f361d24 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -9,7 +9,7 @@ services: - "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}" traefik: - image: traefik:v3.6.11 + image: traefik:v3.6.12 # release notes: https://github.com/traefik/traefik/releases user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: From dcc11c04fe1d2a5748aef8be0d09c70deb71c34c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 7 Apr 2026 22:08:23 +0000 Subject: [PATCH 11/16] chore(deps): update traefik docker tag to v3.6.13 --- traefik/opencloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index 4f361d24..ec0d4191 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -9,7 +9,7 @@ services: - "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}" traefik: - image: traefik:v3.6.12 + image: traefik:v3.6.13 # release notes: https://github.com/traefik/traefik/releases user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: From d71557e4cadbc8946a99809ff12209ca26a5e0f1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 19:02:42 +0000 Subject: [PATCH 12/16] chore(deps): update opencloudeu/opencloud docker tag to v4.0.5 --- docker-compose.yml | 2 +- weboffice/collabora.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 09c68f8e..3b934ea1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ services: opencloud: # renovate: depName=opencloudeu/opencloud - image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.4} + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.5} # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # release notes: https://docs.opencloud.eu/opencloud_release_notes.html user: ${OC_CONTAINER_UID_GID:-1000:1000} diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index b4c08b2a..1dca83cd 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -15,7 +15,7 @@ services: collaboration: # renovate: depName=opencloudeu/opencloud - image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.4} + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.5} user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: From a6e9f4bcb5e0278ae919cbe78293b9a7fcf17205 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 22 Apr 2026 20:46:28 +0000 Subject: [PATCH 13/16] chore(deps): update traefik docker tag to v3.6.14 --- traefik/opencloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/traefik/opencloud.yml b/traefik/opencloud.yml index ec0d4191..c0be22d2 100644 --- a/traefik/opencloud.yml +++ b/traefik/opencloud.yml @@ -9,7 +9,7 @@ services: - "traefik.http.services.opencloud.loadbalancer.server.port=9200" - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}" traefik: - image: traefik:v3.6.13 + image: traefik:v3.6.14 # release notes: https://github.com/traefik/traefik/releases user: ${TRAEFIK_CONTAINER_UID_GID:-0:0} networks: From c2f49cbf7e2a104672879597d5343f7a68204038 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 18 May 2026 13:39:28 +0000 Subject: [PATCH 14/16] chore(deps): update opencloudeu/opencloud docker tag to v4.0.7 --- docker-compose.yml | 2 +- weboffice/collabora.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3b934ea1..a74c864b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ services: opencloud: # renovate: depName=opencloudeu/opencloud - image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.5} + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.7} # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog # release notes: https://docs.opencloud.eu/opencloud_release_notes.html user: ${OC_CONTAINER_UID_GID:-1000:1000} diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index 1dca83cd..67c1f56a 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -15,7 +15,7 @@ services: collaboration: # renovate: depName=opencloudeu/opencloud - image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.5} + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-4.0.7} user: ${OC_CONTAINER_UID_GID:-1000:1000} networks: opencloud-net: From 6e92873a16f51d79def5715a927e84d2fc996332 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 30 May 2026 21:48:54 +0000 Subject: [PATCH 15/16] chore(deps): update collabora/code docker tag to v25.04.10.3.1 --- weboffice/collabora.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index 67c1f56a..15641e9d 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -49,7 +49,7 @@ services: restart: always collabora: - image: collabora/code:25.04.9.4.1 + image: collabora/code:25.04.10.3.1 # release notes: https://www.collaboraonline.com/release-notes/ networks: opencloud-net: From 06bb072f9970dccbd575129389f2e484fe33383e Mon Sep 17 00:00:00 2001 From: 13orlov <13orlov@users.noreply.github.com> Date: Sun, 14 Jun 2026 12:50:19 +0000 Subject: [PATCH 16/16] feat: add external OnlyOffice compose overlay Co-authored-by: Cursor --- weboffice/onlyoffice.yml | 41 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 weboffice/onlyoffice.yml diff --git a/weboffice/onlyoffice.yml b/weboffice/onlyoffice.yml new file mode 100644 index 00000000..12ce57bc --- /dev/null +++ b/weboffice/onlyoffice.yml @@ -0,0 +1,41 @@ +--- +services: + opencloud: + environment: + NATS_NATS_HOST: 0.0.0.0 + GATEWAY_GRPC_ADDR: 0.0.0.0:9142 + FRONTEND_APP_HANDLER_SECURE_VIEW_APP_ADDR: eu.opencloud.api.collaboration + GRAPH_AVAILABLE_ROLES: "b1e2218d-eef8-4d4c-b82d-0f1a1b48f3b5,a8d5fe5e-96e3-418d-825b-534dbdf22b99,fb6c3e19-e378-47e5-b277-9732f9de6e21,58c63c02-1d89-4572-916a-870abc5a1b7d,2d00ce52-1fc2-4dbc-8b95-a73b73395f5a,1c996275-f1c9-4e71-abdf-a42f6495e960,312c0871-5ef7-4b3a-85b6-0e4074c64049,aa97fe03-7980-45ac-9e50-b325749fd7e6" + + collaboration: + image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud}:${OC_DOCKER_TAG:-latest} + user: ${OC_CONTAINER_UID_GID:-1000:1000} + networks: + opencloud-net: + depends_on: + opencloud: + condition: service_started + entrypoint: + - /bin/sh + command: ["-c", "opencloud collaboration server"] + environment: + COLLABORATION_GRPC_ADDR: 0.0.0.0:9301 + COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 + MICRO_REGISTRY: "nats-js-kv" + MICRO_REGISTRY_ADDRESS: "opencloud:9233" + OC_URL: ${OC_URL} + COLLABORATION_WOPI_SRC: ${WOPISERVER_URL:-http://collaboration:9300} + COLLABORATION_WOPI_SECRET: ${ONLYOFFICE_JWT_SECRET} + COLLABORATION_APP_NAME: "OnlyOffice" + COLLABORATION_APP_PRODUCT: "OnlyOffice" + COLLABORATION_APP_ADDR: ${ONLYOFFICE_URL:-https://onlyoffice.opencloud.test} + COLLABORATION_APP_ICON: ${ONLYOFFICE_URL:-https://onlyoffice.opencloud.test}/web-apps/apps/documenteditor/main/resources/img/favicon.ico + COLLABORATION_APP_INSECURE: "${INSECURE:-false}" + COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-false}" + COLLABORATION_APP_PROOF_DISABLE: "true" + COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} + volumes: + - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud + logging: + driver: ${LOG_DRIVER:-local} + restart: always