|
|
@@ -0,0 +1,219 @@
|
|
|
+version: '2'
|
|
|
+
|
|
|
+# Using prebuilt image: docker-compose up -d --no-build
|
|
|
+
|
|
|
+services:
|
|
|
+
|
|
|
+ wekandb:
|
|
|
+ image: mongo:3.2.21
|
|
|
+ container_name: wekan-db
|
|
|
+ restart: always
|
|
|
+ command: mongod --smallfiles --oplogSize 128
|
|
|
+ networks:
|
|
|
+ - wekan-tier
|
|
|
+ expose:
|
|
|
+ - 27017
|
|
|
+ volumes:
|
|
|
+ - wekan-db:/data/db
|
|
|
+ - wekan-db-dump:/dump
|
|
|
+
|
|
|
+ wekan:
|
|
|
+ image: quay.io/wekan/wekan
|
|
|
+ container_name: wekan-app
|
|
|
+ restart: always
|
|
|
+ networks:
|
|
|
+ - wekan-tier
|
|
|
+ build:
|
|
|
+ context: .
|
|
|
+ dockerfile: Dockerfile
|
|
|
+ args:
|
|
|
+ - NODE_VERSION=${NODE_VERSION}
|
|
|
+ - METEOR_RELEASE=${METEOR_RELEASE}
|
|
|
+ - NPM_VERSION=${NPM_VERSION}
|
|
|
+ - ARCHITECTURE=${ARCHITECTURE}
|
|
|
+ - SRC_PATH=${SRC_PATH}
|
|
|
+ - METEOR_EDGE=${METEOR_EDGE}
|
|
|
+ - USE_EDGE=${USE_EDGE}
|
|
|
+ ports:
|
|
|
+ # Docker outsideport:insideport
|
|
|
+ - 80:8080
|
|
|
+ environment:
|
|
|
+ - MONGO_URL=mongodb://wekandb:27017/wekan
|
|
|
+ - ROOT_URL=http://localhost
|
|
|
+ # Wekan Export Board works when WITH_API='true'.
|
|
|
+ # If you disable Wekan API with 'false', Export Board does not work.
|
|
|
+ - WITH_API=true
|
|
|
+ # Optional: Integration with Matomo https://matomo.org that is installed to your server
|
|
|
+ # The address of the server where Matomo is hosted.
|
|
|
+ # example: - MATOMO_ADDRESS=https://example.com/matomo
|
|
|
+ - MATOMO_ADDRESS=''
|
|
|
+ # The value of the site ID given in Matomo server for Wekan
|
|
|
+ # example: - MATOMO_SITE_ID=12345
|
|
|
+ - MATOMO_SITE_ID=''
|
|
|
+ # The option do not track which enables users to not be tracked by matomo
|
|
|
+ # example: - MATOMO_DO_NOT_TRACK=false
|
|
|
+ - MATOMO_DO_NOT_TRACK=true
|
|
|
+ # The option that allows matomo to retrieve the username:
|
|
|
+ # example: MATOMO_WITH_USERNAME=true
|
|
|
+ - MATOMO_WITH_USERNAME=false
|
|
|
+ # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
|
|
|
+ # Setting this to false is not recommended, it also disables all other browser policy protections
|
|
|
+ # and allows all iframing etc. See wekan/server/policy.js
|
|
|
+ - BROWSER_POLICY_ENABLED=true
|
|
|
+ # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
|
|
|
+ - TRUSTED_URL=''
|
|
|
+ # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
|
|
|
+ # example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
|
|
|
+ - WEBHOOKS_ATTRIBUTES=''
|
|
|
+ # Enable the OAuth2 connection
|
|
|
+ # example: OAUTH2_ENABLED=true
|
|
|
+ - OAUTH2_ENABLED=false
|
|
|
+ # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
|
|
|
+ # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
|
|
|
+ # example: OAUTH2_CLIENT_ID=abcde12345
|
|
|
+ - OAUTH2_CLIENT_ID=''
|
|
|
+ # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
|
|
|
+ # example: OAUTH2_SECRET=54321abcde
|
|
|
+ - OAUTH2_SECRET=''
|
|
|
+ # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
|
|
|
+ # example: OAUTH2_SERVER_URL=https://chat.example.com
|
|
|
+ - OAUTH2_SERVER_URL=''
|
|
|
+ # OAuth2 Authorization Endpoint. Example: /oauth/authorize
|
|
|
+ # example: OAUTH2_AUTH_ENDPOINT=/oauth/authorize
|
|
|
+ - OAUTH2_AUTH_ENDPOINT=''
|
|
|
+ # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
|
|
|
+ # example: OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
|
|
|
+ - OAUTH2_USERINFO_ENDPOINT=''
|
|
|
+ # OAuth2 Token Endpoint. Example: /oauth/token
|
|
|
+ # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token
|
|
|
+ - OAUTH2_TOKEN_ENDPOINT=''
|
|
|
+ # LDAP_ENABLE : Enable or not the connection by the LDAP
|
|
|
+ # example : LDAP_ENABLE=true
|
|
|
+ - LDAP_ENABLE=false
|
|
|
+ # LDAP_PORT : The port of the LDAP server
|
|
|
+ # example : LDAP_PORT=389
|
|
|
+ - LDAP_PORT=389
|
|
|
+ # LDAP_HOST : The host server for the LDAP server
|
|
|
+ # example : LDAP_HOST=localhost
|
|
|
+ - LDAP_HOST=''
|
|
|
+ # LDAP_BASEDN : The base DN for the LDAP Tree
|
|
|
+ # example : LDAP_BASEDN=ou=user,dc=example,dc=org
|
|
|
+ - LDAP_BASEDN=''
|
|
|
+ # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
|
|
|
+ # example : LDAP_LOGIN_FALLBACK=true
|
|
|
+ - LDAP_LOGIN_FALLBACK=false
|
|
|
+ # LDAP_RECONNECT : Reconnect to the server if the connection is lost
|
|
|
+ # example : LDAP_RECONNECT=false
|
|
|
+ - LDAP_RECONNECT=true
|
|
|
+ # LDAP_TIMEOUT : Overall timeout, in milliseconds
|
|
|
+ # example : LDAP_TIMEOUT=12345
|
|
|
+ - LDAP_TIMEOUT=10000
|
|
|
+ # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
|
|
|
+ # example : LDAP_IDLE_TIMEOUT=12345
|
|
|
+ - LDAP_IDLE_TIMEOUT=10000
|
|
|
+ # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
|
|
|
+ # example : LDAP_CONNECT_TIMEOUT=12345
|
|
|
+ - LDAP_CONNECT_TIMEOUT=10000
|
|
|
+ # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
|
|
|
+ # example : LDAP_AUTHENTIFICATION=true
|
|
|
+ - LDAP_AUTHENTIFICATION=false
|
|
|
+ # LDAP_AUTHENTIFICATION_USERDN : The search user DN
|
|
|
+ # example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
|
|
|
+ - LDAP_AUTHENTIFICATION_USERDN=''
|
|
|
+ # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
|
|
|
+ # example : AUTHENTIFICATION_PASSWORD=admin
|
|
|
+ - LDAP_AUTHENTIFICATION_PASSWORD=''
|
|
|
+ # LDAP_LOG_ENABLED : Enable logs for the module
|
|
|
+ # example : LDAP_LOG_ENABLED=true
|
|
|
+ - LDAP_LOG_ENABLED=false
|
|
|
+ # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
|
|
|
+ # example : LDAP_BACKGROUND_SYNC=true
|
|
|
+ - LDAP_BACKGROUND_SYNC=false
|
|
|
+ # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
|
|
|
+ # example : LDAP_BACKGROUND_SYNC_INTERVAL=12345
|
|
|
+ - LDAP_BACKGROUND_SYNC_INTERVAL=100
|
|
|
+ # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
|
|
|
+ # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
|
|
|
+ - LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
|
|
|
+ # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
|
|
|
+ # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
|
|
|
+ - LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
|
|
|
+ # LDAP_ENCRYPTION : If using LDAPS
|
|
|
+ # example : LDAP_ENCRYPTION=true
|
|
|
+ - LDAP_ENCRYPTION=false
|
|
|
+ # LDAP_CA_CERT : The certification for the LDAPS server
|
|
|
+ # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
|
|
|
+ - LDAP_CA_CERT=''
|
|
|
+ # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
|
|
|
+ # example : LDAP_REJECT_UNAUTHORIZED=true
|
|
|
+ - LDAP_REJECT_UNAUTHORIZED=false
|
|
|
+ # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
|
|
+ # example : LDAP_USER_SEARCH_FILTER=
|
|
|
+ - LDAP_USER_SEARCH_FILTER=''
|
|
|
+ # LDAP_USER_SEARCH_SCOPE : Base (search only in the provided DN), one (search only in the provided DN and one level deep), or subtree (search the whole subtree)
|
|
|
+ # example : LDAP_USER_SEARCH_SCOPE=one
|
|
|
+ - LDAP_USER_SEARCH_SCOPE=''
|
|
|
+ # LDAP_USER_SEARCH_FIELD : Which field is used to find the user
|
|
|
+ # example : LDAP_USER_SEARCH_FIELD=uid
|
|
|
+ - LDAP_USER_SEARCH_FIELD=''
|
|
|
+ # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
|
|
|
+ # example : LDAP_SEARCH_PAGE_SIZE=12345
|
|
|
+ - LDAP_SEARCH_PAGE_SIZE=0
|
|
|
+ # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
|
|
|
+ # example : LDAP_SEARCH_SIZE_LIMIT=12345
|
|
|
+ - LDAP_SEARCH_SIZE_LIMIT=0
|
|
|
+ # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
|
|
|
+ # example : LDAP_GROUP_FILTER_ENABLE=true
|
|
|
+ - LDAP_GROUP_FILTER_ENABLE=false
|
|
|
+ # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
|
|
|
+ # example : LDAP_GROUP_FILTER_OBJECTCLASS=group
|
|
|
+ - LDAP_GROUP_FILTER_OBJECTCLASS=''
|
|
|
+ # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
|
|
|
+ # example :
|
|
|
+ - LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=''
|
|
|
+ # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
|
|
|
+ # example :
|
|
|
+ - LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=''
|
|
|
+ # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
|
|
|
+ # example :
|
|
|
+ - LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=''
|
|
|
+ # LDAP_GROUP_FILTER_GROUP_NAME :
|
|
|
+ # example :
|
|
|
+ - LDAP_GROUP_FILTER_GROUP_NAME=''
|
|
|
+ # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
|
|
|
+ # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid
|
|
|
+ - LDAP_UNIQUE_IDENTIFIER_FIELD=''
|
|
|
+ # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
|
|
|
+ # example : LDAP_UTF8_NAMES_SLUGIFY=false
|
|
|
+ - LDAP_UTF8_NAMES_SLUGIFY=true
|
|
|
+ # LDAP_USERNAME_FIELD : Which field contains the ldap username
|
|
|
+ # example : LDAP_USERNAME_FIELD=username
|
|
|
+ - LDAP_USERNAME_FIELD=''
|
|
|
+ # LDAP_MERGE_EXISTING_USERS :
|
|
|
+ # example : LDAP_MERGE_EXISTING_USERS=true
|
|
|
+ - LDAP_MERGE_EXISTING_USERS=false
|
|
|
+ # LDAP_SYNC_USER_DATA :
|
|
|
+ # example : LDAP_SYNC_USER_DATA=true
|
|
|
+ - LDAP_SYNC_USER_DATA=false
|
|
|
+ # LDAP_SYNC_USER_DATA_FIELDMAP :
|
|
|
+ # example : LDAP_SYNC_USER_DATA_FIELDMAP={\"cn\":\"name\", \"mail\":\"email\"}
|
|
|
+ - LDAP_SYNC_USER_DATA_FIELDMAP=''
|
|
|
+ # LDAP_SYNC_GROUP_ROLES :
|
|
|
+ # example :
|
|
|
+ - LDAP_SYNC_GROUP_ROLES=''
|
|
|
+ # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
|
|
|
+ # example :
|
|
|
+ - LDAP_DEFAULT_DOMAIN=''
|
|
|
+
|
|
|
+ depends_on:
|
|
|
+ - wekandb
|
|
|
+
|
|
|
+volumes:
|
|
|
+ wekan-db:
|
|
|
+ driver: local
|
|
|
+ wekan-db-dump:
|
|
|
+ driver: local
|
|
|
+
|
|
|
+networks:
|
|
|
+ wekan-tier:
|
|
|
+ driver: bridge
|
Lauri Ojansivu