7a66942dd9
This PR adds a compose.onlyoffice.yaml file and the corresponding configuration and description in README.md.
cryptpad
- Category: Apps
- Status: 3
- Image: cryptpad/cryptpad
- Healthcheck: Yes
- Backups: Yes
- Email: No
- Tests: No
- SSO: Yes
Basic usage
- Set up Docker Swarm and
abra - Deploy
coop-cloud/traefik abra app new cryptpad --secrets(optionally with--passif you'd like to save secrets inpass)abra app config YOURAPPDOMAIN- be sure to change$DOMAINto something that resolves to your Docker swarm boxabra app deploy YOURAPPDOMAIN- Open the configured domain in your browser to finish set-up
At this point, anyone with this domain can register new users with this cryptpad instance.
After you have registered a first user, here is how you can make this user into an admin. After logging in as your user, go to: https://cryptpad.cctest.autonomic.zone/profile/
Click "Copy Public Key". This will copy your public key into your clipboard.
Then run abra app config YOURAPPDOMAIN and set the value of CRYPTPAD_ADMIN_KEYS
to include your public key. The example in .env.sample shows the required format.
Then redeploy with abra app deploy YOURAPPDOMAIN --force.
Now when you login as your user, and visit https://cryptpad.cctest.autonomic.zone/admin/, you should be able to access the admin interface for this cryptpad instance.
SSO
SSO support is provided by compose.sso.yml. To enable it, add the SSO compose file and set the SSO variables in your app config:
COMPOSE_FILE="compose.yml:compose.sso.yml"
SSO_ENABLED=true
On the next deploy, the CryptPad SSO plugin will be installed automatically.
You also need to configure the remaining SSO environment variables for your OIDC provider:
SSO_PROVIDER_NAME— display name shown on the login button (e.g.Keycloak,Authentik)SSO_OIDC_URL— OIDC discovery URL for your providerSSO_CLIENT_ID— OAuth2 client IDSSO_JWT_ALG— JWT signing algorithm (e.g.RS256)
The client secret is stored as a Docker secret. Insert it with:
abra app secret insert YOURAPPDOMAIN sso_client_s v1 YOUR_CLIENT_SECRET
Then deploy (or redeploy) to apply: abra app deploy YOURAPPDOMAIN --force.
OnlyOffice
OnlyOffice support is provided by compose.onlyoffice.yaml. Enable it by adding the compose file to your app config:
COMPOSE_FILE="compose.yml:compose.onlyoffice.yaml"
On the next deploy, an entrypoint wrapper (onlyoffice-entrypoint.sh) prepares the OnlyOffice config volume before CryptPad starts, then the app container runs install-onlyoffice.sh to download the OnlyOffice assets. Running the prep work inside the app container (rather than a separate init service) is necessary because Docker Swarm ignores depends_on at runtime — a sidecar init container would race the app.
To support opening documents created with older OnlyOffice versions, set ONLYOFFICE_OLDEST in your app config. This writes (or updates) oldest_needed_version in onlyoffice-conf/onlyoffice.properties, which install-onlyoffice.sh reads to fetch older versions in addition to the latest:
ONLYOFFICE_OLDEST=v6
If ONLYOFFICE_OLDEST is unset, onlyoffice.properties is left untouched (CryptPad's own default applies). Only the oldest_needed_version key is touched on each deploy, so any other entries in onlyoffice.properties are preserved. If you change ONLYOFFICE_OLDEST after the assets have already been downloaded, you may need to drop the cryptpad_oo_dist volume so install-onlyoffice.sh re-runs and pulls the additional versions.