feat: Switch to protocol environment variable

Signed-off-by: Julius Härtl <jus@bitgrid.net>

bootstrap.sh

@@ -91,6 +91,7 @@ echo "⏩ Setup your environment in an .env file"
 if [ ! -f ".env" ]; then
 cat <<EOT >.env
 COMPOSE_PROJECT_NAME=master
+PROTOCOL=http
 DOMAIN_SUFFIX=.local
 REPO_PATH_SERVER=$PWD/workspace/server
 STABLE_ROOT_PATH=$PWD/workspace

data/saml/README.md

@@ -1,6 +1,6 @@
 # Keycloak SAML test setup
 
-Currently the Keycloak realm only supports the main instance (nextcloud.dev.local). For other instances this would need a separate realm and adjusting the imported realm in `docker/configs/keycloak`.
+Currently the Keycloak realm only supports the main instance (nextcloud.local). For other instances this would need a separate realm and adjusting the imported realm in `docker/configs/keycloak`.
 
 Setup can be done automatically through:
 
@@ -9,9 +9,9 @@ occ saml:config:create
 occ saml:config:set \
         --general-idp0_display_name "Keycloak SAML" \
         --general-uid_mapping "username" \
-        --idp-entityId "http://keycloak.dev.local/realms/Example" \
-        --idp-singleLogoutService.url "http://keycloak.dev.local/realms/Example/protocol/saml" \
-        --idp-singleSignOnService.url "http://keycloak.dev.local/realms/Example/protocol/saml" \
+        --idp-entityId "http://keycloak.local/realms/Example" \
+        --idp-singleLogoutService.url "http://keycloak.local/realms/Example/protocol/saml" \
+        --idp-singleSignOnService.url "http://keycloak.local/realms/Example/protocol/saml" \
         --idp-x509cert="$(cat keycloak.crt)" \
         --security-authnRequestsSigned 1 \
         --security-logoutRequestSigned 1 \

docker-compose.yml

@@ -636,7 +636,7 @@ services:
       aliasgroup2: http://gs1${DOMAIN_SUFFIX}
       aliasgroup3: http://gs2${DOMAIN_SUFFIX}
       aliasgroup4: http://stable20${DOMAIN_SUFFIX}
-      aliasgroup5: http://stable21${DOMAIN_SUFFIX}
+      aliasgroup5: http://stable26${DOMAIN_SUFFIX}
       aliasgroup6: http://stable22${DOMAIN_SUFFIX}
       aliasgroup7: http://stable23${DOMAIN_SUFFIX}
       aliasgroup8: http://stable24${DOMAIN_SUFFIX}
@@ -647,7 +647,7 @@ services:
       VIRTUAL_HOST: collabora${DOMAIN_SUFFIX}
       VIRTUAL_PORT: 9980
       VIRTUAL_PROTO: http
-      extra_params: "--o:ssl.enable=false --o:net.frame_ancestors=*${DOMAIN_SUFFIX} --o:home_mode.enable=true"
+      extra_params: "--o:ssl.enable=false --o:net.frame_ancestors=*${DOMAIN_SUFFIX} --o:home_mode.enable=true --o:ssl.termination=false ${COLLABORA_PARAMS:-}"
 
   codedev:
     privileged: true

docker/bin/bootstrap.sh

@@ -133,24 +133,12 @@ configure_oidc() {
 	OCC user_oidc:provider Keycloak -c nextcloud -s 09e3c268-d8bc-42f1-b7c6-74d307ef5fde -d "$PROTOCOL://keycloak.local.dev.bitgrid.net/auth/realms/Example/.well-known/openid-configuration"
 }
 
-PROTOCOL=""
+PROTOCOL="${PROTOCOL:-http}"
 get_protocol() {
 	if [[ "$IS_STANDALONE" = "true" ]]; then
 		PROTOCOL=http
 		return 0
 	fi
-
-	if [[ "$PROTOCOL" == "" ]]; then
-		output " Detecting SSL..."
-		timeout 1 bash -c 'until echo > /dev/tcp/proxy/443; do sleep 0.5; done' 2>/dev/null
-		if [ $? -eq 0 ]; then
-			output "🔑 SSL proxy available"
-			PROTOCOL=https
-		else
-			output "🗝 No SSL proxy detected"
-			PROTOCOL=http
-		fi
-    fi
 }
 
 configure_ssl_proxy() {

example.env

@@ -1,5 +1,9 @@
 COMPOSE_PROJECT_NAME=master
 
+# Default protocol to use for Nextcloud and other containers
+# check the readme for details how to setup https
+PROTOCOL=http
+
 # Paths
 REPO_PATH_SERVER=/home/jus/workspace/server
 

scripts/enable-collabora

@@ -18,8 +18,9 @@ source .env
 echo "Setting up Collabora with collabora$DOMAIN_SUFFIX on $CONTAINER"
 docker-compose up -d collabora
 occ app:enable richdocuments
-occ config:app:set richdocuments wopi_url --value="http://collabora${DOMAIN_SUFFIX}"
-occ config:app:set richdocuments public_wopi_url --value="http://collabora${DOMAIN_SUFFIX}"
+occ config:app:set richdocuments wopi_url --value="${PROTOCOL:-http}://collabora${DOMAIN_SUFFIX}"
+occ config:app:set richdocuments public_wopi_url --value="${PROTOCOL:-http}://collabora${DOMAIN_SUFFIX}"
+occ config:app:set richdocuments disable_certificate_verification --value="yes"
 occ config:system:set allow_local_remote_servers --value true --type bool
 occ config:system:set gs.trustedHosts 0 --value "*${DOMAIN_SUFFIX}"
 occ richdocuments:activate-config

scripts/update-certs

@@ -1,5 +1,11 @@
 #!/bin/bash
 
+if ! [ -x "$(command -v mkcert)" ]; then
+  echo 'Error: mkcert is not installed.' >&2
+  exit 1
+fi
+
+
 SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
 CERT_DIR="${SCRIPT_DIR}/../data/ssl/"