wekan/docs/Platforms/FOSS/torodb-postgresql/docker-compose.yml

version: '2'

# Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
#---------------------------------------------------------------------------------------------------------
# ==== CREATING USERS AND LOGGING IN TO WEKAN ====
# https://github.com/wekan/wekan/wiki/Adding-users
#---------------------------------------------------------------------------------------------------------
# ==== FORGOT PASSWORD ====
# https://github.com/wekan/wekan/wiki/Forgot-Password
#---------------------------------------------------------------------------------------------------------
# ==== Upgrading Wekan to new version =====
# NOTE: MongoDB has changed from 3.x to 4.x, in that case you need backup/restore with --noIndexRestore
#       see https://github.com/wekan/wekan/wiki/Backup
# 1) Stop Wekan:
#      docker-compose stop
# 2) Remove old Wekan app (wekan-app only, not that wekan-db container that has all your data)
#      docker rm wekan-app
# 3) Get newest docker-compose.yml from https://github.com/wekan/wekan to have correct image,
#    for example: "image: quay.io/wekan/wekan" or version tag "image: quay.io/wekan/wekan:v4.52"
# 4) Start Wekan:
#      docker-compose up -d
#----------------------------------------------------------------------------------
# ==== OPTIONAL: DEDICATED DOCKER USER ====
# 1) Optionally create a dedicated user for Wekan, for example:
#      sudo useradd -d /home/wekan -m -s /bin/bash wekan
# 2) Add this user to the docker group, then logout+login or reboot:
#      sudo usermod -aG docker wekan
# 3) Then login as user wekan.
# 4) Create this file /home/wekan/docker-compose.yml with your modifications.
#----------------------------------------------------------------------------------
# ==== RUN DOCKER AS SERVICE ====
# 1a) Running Docker as service, on Systemd like Debian 9, Ubuntu 16.04, CentOS 7:
#      sudo systemctl enable docker
#      sudo systemctl start docker
# 1b) Running Docker as service, on init.d like Debian 8, Ubuntu 14.04, CentOS 6:
#      sudo update-rc.d docker defaults
#      sudo service docker start
# ----------------------------------------------------------------------------------
# ==== USAGE OF THIS docker-compose.yml ====
# 1) For seeing does Wekan work, try this and check with your webbroser:
#      docker-compose up
# 2) Stop Wekan and start Wekan in background:
#     docker-compose stop
#     docker-compose up -d
# 3) See running Docker containers:
#     docker ps
# 4) Stop Docker containers:
#     docker-compose stop
# ----------------------------------------------------------------------------------
# ===== INSIDE DOCKER CONTAINERS, AND BACKUP/RESTORE ====
# https://github.com/wekan/wekan/wiki/Backup
# If really necessary, repair MongoDB: https://github.com/wekan/wekan-mongodb/issues/6#issuecomment-424004116
# 1) Going inside containers:
#    a) Wekan app, does not contain data
#         docker exec -it wekan-app bash
#    b) MongoDB, contains all data
#         docker exec -it wekan-db bash
# 2) Copying database to outside of container:
#      docker exec -it wekan-db bash
#      cd /data
#      mongodump
#      exit
#      docker cp wekan-db:/data/dump .
# 3) Restoring database
#      # 1) Stop wekan
#             docker stop wekan-app
#      # 2) Go inside database container
#             docker exec -it wekan-db bash
#      # 3) and data directory
#             cd /data
#      # 4) Remove previos dump
#             rm -rf dump
#      # 5) Exit db container
#             exit
#      # 6) Copy dump to inside docker container
#             docker cp dump wekan-db:/data/
#      # 7) Go inside database container
#             docker exec -it wekan-db bash
#      # 8) and data directory
#             cd /data
#      # 9) Restore
#             mongorestore --drop
#      # 10) Exit db container
#             exit
#      # 11) Start wekan
#             docker start wekan-app
#-------------------------------------------------------------------------
# 2020-12-03:
# - base images copied from Docker Hub to Quay to avoid Docker Hub rate limits,
#   from: torodb/stampede:1.0.0, postgres:9.6, mongo:3.2
#-------------------------------------------------------------------------

services:
  torodb-stampede:
    image: quay.io/wekan/torodb-stampede:1.0.0
    networks:
      - wekan-tier
    links:
      - postgres
      - mongodb
    environment:
      - POSTGRES_PASSWORD=wekan
      - TORODB_SETUP=true
      - TORODB_SYNC_SOURCE=mongodb:27017
      - TORODB_BACKEND_HOST=postgres
      - TORODB_BACKEND_PORT=5432
      - TORODB_BACKEND_DATABASE=wekan
      - TORODB_BACKEND_USER=wekan
      - TORODB_BACKEND_PASSWORD=wekan
      - DEBUG
    volumes:
      - /etc/localtime:/etc/localtime:ro
  postgres:
    image: quay.io/wekan/postgres:9.6
    networks:
      - wekan-tier
    environment:
      - POSTGRES_PASSWORD=wekan
    ports:
      - "5432:5432"
    volumes:
      - /etc/localtime:/etc/localtime:ro
  mongodb:
    image: mongo:3.2
    networks:
      - wekan-tier
    ports:
      - "27017:27017"
    entrypoint:
      - /bin/bash
      - "-c"
      - mongo --nodb --eval '
            var db;
            while (!db) {
                try {
                  db = new Mongo("mongodb:27017").getDB("local");
                } catch(ex) {}
                sleep(3000);
            };
            rs.initiate({_id:"rs1",members:[{_id:0,host:"mongodb:27017"}]});
        ' 1>/dev/null 2>&1 &
        mongod --replSet rs1
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - mongodb:/data/db
      - mongodb-dump:/dump
  wekan:
    image: quay.io/wekan/wekan
    container_name: wekan-app
    restart: always
    networks:
      - wekan-tier
    #-------------------------------------------------------------------------------------
    # ==== BUILD wekan-app DOCKER CONTAINER FROM SOURCE, if you uncomment these ====
    # ==== and use commands: docker-compose up -d --build
    # ==== Dockerfile and source is at parent directory ..
    #build:
    #  context: ..
    #  dockerfile: Dockerfile
    #-------------------------------------------------------------------------------------
    ports:
      # Docker outsideport:insideport. Do not add anything extra here.
      # For example, if you want to have wekan on port 3001,
      # use 3001:8080 . Do not add any extra address etc here, that way it does not work.
      - 80:8080
    environment:
      #-----------------------------------------------------------------
      # ==== WRITEABLE PATH FOR FILE UPLOADS ====
      - WRITABLE_PATH=/data
      #-----------------------------------------------------------------
      # ==== AWS S3 FOR FILES ====
      # Any region. For example:
      #   us-standard,us-west-1,us-west-2,
      #   eu-west-1,eu-central-1,
      #   ap-southeast-1,ap-northeast-1,sa-east-1
      #
      #- S3='{"s3":{"key": "xxx", "secret": "xxx", "bucket": "xxx", "region": "xxx"}}'
      #-----------------------------------------------------------------
      # ==== MONGO_URL ====
      - MONGO_URL=mongodb://mongodb:27017/wekan
      #---------------------------------------------------------------
      # ==== ROOT_URL SETTING ====
      # Change ROOT_URL to your real Wekan URL, for example:
      # If you have Caddy/Nginx/Apache providing SSL
      #  - https://example.com
      #  - https://boards.example.com
      # This can be problematic with avatars https://github.com/wekan/wekan/issues/1776
      #  - https://example.com/wekan
      # If without https, can be only wekan node, no need for Caddy/Nginx/Apache if you don't need them
      #  - http://example.com
      #  - http://boards.example.com
      #  - http://192.168.1.100    <=== using at local LAN
      - ROOT_URL=http://localhost  #   <=== using only at same laptop/desktop where Wekan is installed
      # ==== EMAIL SETTINGS ====
      # Email settings are only at MAIL_URL and MAIL_FROM.
      # Admin Panel has test button, but it's not used for settings.
      #   see https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
      #   For SSL in email, change smtp:// to smtps://
      # NOTE: Special characters need to be url-encoded in MAIL_URL.
      #       You can encode those characters for example at: https://www.urlencoder.org
      - MAIL_URL=smtp://user:pass@mailserver.example.com:25/
      - MAIL_FROM='Example Wekan Support <support@example.com>'
      # Currently MAIL_SERVICE is not in use.
      #- MAIL_SERVICE=Outlook365
      #- MAIL_SERVICE_USER=firstname.lastname@hotmail.com
      #- MAIL_SERVICE_PASSWORD=SecretPassword
      #---------------------------------------------------------------
      # https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132
      # Add more Node heap, this is done by default at Dockerfile:
      #   - NODE_OPTIONS="--max_old_space_size=4096"
      # Add more stack, this is done at Dockerfile:
      #   bash -c "ulimit -s 65500; exec node --stack-size=65500 main.js"
      #---------------------------------------------------------------
      # ==== OPTIONAL: MONGO OPLOG SETTINGS =====
      # https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587
      # We've fixed our CPU usage problem today with an environment
      # change around Wekan. I wasn't aware during implementation
      # that if you're using more than 1 instance of Wekan
      # (or any MeteorJS based tool) you're supposed to set
      # MONGO_OPLOG_URL as an environment variable.
      # Without setting it, Meteor will perform a poll-and-diff
      # update of it's dataset. With it, Meteor will update from
      # the OPLOG. See here
      #   https://blog.meteor.com/tuning-meteor-mongo-livedata-for-scalability-13fe9deb8908
      # After setting
      # MONGO_OPLOG_URL=mongodb://<username>:<password>@<mongoDbURL>/local?authSource=admin&replicaSet=rsWekan
      # the CPU usage for all Wekan instances dropped to an average
      # of less than 10% with only occasional spikes to high usage
      # (I guess when someone is doing a lot of work)
      # - MONGO_OPLOG_URL=mongodb://<username>:<password>@<mongoDbURL>/local?authSource=admin&replicaSet=rsWekan
      #---------------------------------------------------------------
      # ==== OPTIONAL: KADIRA PERFORMANCE MONITORING FOR METEOR ====
      # https://github.com/smeijer/kadira
      # https://blog.meteor.com/kadira-apm-is-now-open-source-490469ffc85f
      # - export KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011
      #---------------------------------------------------------------
      # ==== OPTIONAL: LOGS AND STATS ====
      # https://github.com/wekan/wekan/wiki/Logs
      #
      # Daily export of Wekan changes as JSON to Logstash and ElasticSearch / Kibana (ELK)
      # https://github.com/wekan/wekan-logstash
      #
      # Statistics Python script for Wekan Dashboard
      # https://github.com/wekan/wekan-stats
      #
      # Console, file, and zulip logger on database changes https://github.com/wekan/wekan/pull/1010
      # with fix to replace console.log by winston logger https://github.com/wekan/wekan/pull/1033
      # but there could be bug https://github.com/wekan/wekan/issues/1094
      #
      # There is Feature Request: Logging date and time of all activity with summary reports,
      # and requesting reason for changing card to other column https://github.com/wekan/wekan/issues/1598
      #---------------------------------------------------------------
      # ==== NUMBER OF SEARCH RESULTS PER PAGE BY DEFAULT ====
      #- RESULTS_PER_PAGE=20
      #---------------------------------------------------------------
      # ==== WEKAN API AND EXPORT BOARD ====
      # Wekan Export Board works when WITH_API=true.
      # https://github.com/wekan/wekan/wiki/REST-API
      # https://github.com/wekan/wekan-gogs
      # If you disable Wekan API with false, Export Board does not work.
      - WITH_API=true
      #---------------------------------------------------------------
      # ==== AFTER OIDC LOGIN, ADD USERS AUTOMATICALLY TO THIS BOARD ID ====
      # https://github.com/wekan/wekan/pull/5098
      #- DEFAULT_BOARD_ID=abcd1234
      #---------------------------------------------------------------
      # ==== PASSWORD BRUTE FORCE PROTECTION ====
      #https://atmospherejs.com/lucasantoniassi/accounts-lockout
      #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
      #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
      #- ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
      #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
      #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
      #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
      #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
      #---------------------------------------------------------------
      # ==== ACCOUNT OPTIONS ====
      # https://docs.meteor.com/api/accounts-multi.html#AccountsCommon-config
      # Defaults below. Uncomment to change. wekan/server/accounts-common.js
      # - ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS=90
      #---------------------------------------------------------------
      # ==== RICH TEXT EDITOR IN CARD COMMENTS ====
      # https://github.com/wekan/wekan/pull/2560
      - RICHER_CARD_COMMENT_EDITOR=false
      #---------------------------------------------------------------
      # ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
      # https://github.com/wekan/wekan/issues/2518
      - CARD_OPENED_WEBHOOK_ENABLED=false
      #---------------------------------------------------------------
      # ==== Allow configuration to validate uploaded attachments ====
      #-ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM=/usr/local/bin/avscan {file}
      #-ATTACHMENTS_UPLOAD_MIME_TYPES=image/*,text/*
      #-ATTACHMENTS_UPLOAD_MAX_SIZE=5000000
      #---------------------------------------------------------------
      # ==== Allow configuration to validate uploaded avatars ====
      #-AVATARS_UPLOAD_EXTERNAL_PROGRAM=/usr/local/bin/avscan {file}
      #-AVATARS_UPLOAD_MIME_TYPES=image/*
      #-AVATARS_UPLOAD_MAX_SIZE=500000
      #---------------------------------------------------------------
      # ==== Allow to shrink attached/pasted image ====
      # https://github.com/wekan/wekan/pull/2544
      #-MAX_IMAGE_PIXEL=1024
      #-IMAGE_COMPRESS_RATIO=80
      #---------------------------------------------------------------
      # ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE =====
      # Number of days after a notification is read before we remove it.
      # Default: 2
      #- NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2
      #---------------------------------------------------------------
      # ==== BIGEVENTS DUE ETC NOTIFICATIONS =====
      # https://github.com/wekan/wekan/pull/2541
      # Introduced a system env var BIGEVENTS_PATTERN default as "NONE",
      # so any activityType matches the pattern, system will send out
      # notifications to all board members no matter they are watching
      # or tracking the board or not. Owner of the wekan server can
      # disable the feature by setting this variable to "NONE" or
      # change the pattern to any valid regex. i.e. '|' delimited
      # activityType names.
      # a) Example
      #- BIGEVENTS_PATTERN=due
      # b) All
      #- BIGEVENTS_PATTERN=received|start|due|end
      # c) Disabled
      - BIGEVENTS_PATTERN=NONE
      #---------------------------------------------------------------
      # ==== EMAIL DUE DATE NOTIFICATION =====
      # https://github.com/wekan/wekan/pull/2536
      # System timelines will be showing any user modification for
      # dueat startat endat receivedat, also notification to
      # the watchers and if any card is due, about due or past due.
      #
      # Notify due days, default 2 days before and after. 0 = due notifications disabled. Default: 2
      #- NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2
      #
      # Notify due at hour of day. Default every morning at 8am. Can be 0-23.
      # If env variable has parsing error, use default. Notification sent to watchers.
      #- NOTIFY_DUE_AT_HOUR_OF_DAY=8
      #-----------------------------------------------------------------
      # ==== EMAIL NOTIFICATION TIMEOUT, ms =====
      # Defaut: 30000 ms = 30s
      #- EMAIL_NOTIFICATION_TIMEOUT=30000
      #-----------------------------------------------------------------
      # ==== CORS =====
      # CORS: Set Access-Control-Allow-Origin header. Example: *
      #- CORS=*
      #-----------------------------------------------------------------
      # ==== MATOMO INTEGRATION ====
      # Optional: Integration with Matomo https://matomo.org that is installed to your server
      # The address of the server where Matomo is hosted.
      # example: - MATOMO_ADDRESS=https://example.com/matomo
      #- MATOMO_ADDRESS=
      # The value of the site ID given in Matomo server for Wekan
      # example: - MATOMO_SITE_ID=12345
      #- MATOMO_SITE_ID=
      # The option do not track which enables users to not be tracked by matomo
      # example:  - MATOMO_DO_NOT_TRACK=false
      #- MATOMO_DO_NOT_TRACK=
      # The option that allows matomo to retrieve the username:
      # example: MATOMO_WITH_USERNAME=true
      #- MATOMO_WITH_USERNAME=false
      #-----------------------------------------------------------------
      # ==== METRICS ALLOWED IP ADDRESSES ====
      # https://github.com/wekan/wekan/wiki/Metrics
      #- METRICS_ALLOWED_IP_ADDRESSES=192.168.0.100,192.168.0.200
      #-----------------------------------------------------------------
      # ==== BROWSER POLICY AND TRUSTED IFRAME URL ====
      # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
      # Setting this to false is not recommended, it also disables all other browser policy protections
      # and allows all iframing etc. See wekan/server/policy.js
      - BROWSER_POLICY_ENABLED=true
      # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
      #- TRUSTED_URL=
      #-----------------------------------------------------------------
      # ==== OUTGOING WEBHOOKS ====
      # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
      # example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
      #- WEBHOOKS_ATTRIBUTES=
      #-----------------------------------------------------------------
      # ==== AUTOLOGIN WITH OIDC/OAUTH2 ====
      # https://github.com/wekan/wekan/wiki/autologin
      #- OIDC_REDIRECTION_ENABLED=true
      #---------------------------------------------
      # ==== OAUTH2 ORACLE on premise identity manager OIM ====
      #- ORACLE_OIM_ENABLED=true
      #-----------------------------------------------------------------
      # ==== OAUTH2 ONLY WITH OIDC AND DOORKEEPER AS INDENTITY PROVIDER
      # https://github.com/wekan/wekan/issues/1874
      # https://github.com/wekan/wekan/wiki/OAuth2
      # Enable the OAuth2 connection
      # example: OAUTH2_ENABLED=true
      #- OAUTH2_ENABLED=false
      # Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299
      #- OAUTH2_CA_CERT=ABCD1234
      # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
      #- OAUTH2_ADFS_ENABLED=false
      # Azure AD B2C. https://github.com/wekan/wekan/issues/5242
      #- OAUTH2_B2C_ENABLED=false
      # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
      # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
      # example: OAUTH2_CLIENT_ID=abcde12345
      #- OAUTH2_CLIENT_ID=
      # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
      # example: OAUTH2_SECRET=54321abcde
      #- OAUTH2_SECRET=
      # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
      # example: OAUTH2_SERVER_URL=https://chat.example.com
      #- OAUTH2_SERVER_URL=
      # OAuth2 Authorization Endpoint. Example: /oauth/authorize
      # example: OAUTH2_AUTH_ENDPOINT=/oauth/authorize
      #- OAUTH2_AUTH_ENDPOINT=
      # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
      # example: OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
      #- OAUTH2_USERINFO_ENDPOINT=
      # OAuth2 Token Endpoint. Example: /oauth/token
      # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token
      #- OAUTH2_TOKEN_ENDPOINT=
      #-----------------------------------------------------------------
      # ==== LDAP ====
      # https://github.com/wekan/wekan/wiki/LDAP
      # For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys
      # Most settings work both on Snap and Docker below.
      # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
      #
      # DEFAULT_AUTHENTICATION_METHOD : The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap.
      # example : DEFAULT_AUTHENTICATION_METHOD=ldap
      #- DEFAULT_AUTHENTICATION_METHOD=
      #
      # LDAP_ENABLE : Enable or not the connection by the LDAP
      # example : LDAP_ENABLE=true
      #- LDAP_ENABLE=false
      #
      # LDAP_PORT : The port of the LDAP server
      # example : LDAP_PORT=389
      #- LDAP_PORT=389
      #
      # LDAP_HOST : The host server for the LDAP server
      # example : LDAP_HOST=localhost
      #- LDAP_HOST=
      #
      #-----------------------------------------------------------------
      # ==== LDAP AD Simple Auth ====
      #
      # Set to true, if you want to connect with Active Directory by Simple Authentication.
      # When using AD Simple Auth, LDAP_BASEDN is not needed.
      #- LDAP_AD_SIMPLE_AUTH=true
      #
      # === Related settings ELSEWHERE IN THIS FILE, NOT HERE ===
      #
      # Option to login to the LDAP server with the user's own username and password, instead of
      # an administrator key. Default: false (use administrator key). When using AD Simple Auth, set to true.
      # Set to true, if the login user is used for binding. Used with AD Simple Auth.
      # When using AD Simple Auth, LDAP_BASEDN is not needed.
      ##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE: #- LDAP_USER_AUTHENTICATION=true
      #
      # Which field is used to find the user for the user authentication. Default: uid.
      ##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE:#- LDAP_USER_AUTHENTICATION_FIELD=uid
      #
      # === LDAP Default Domain: 2 different use cases, a/b ===
      #
      # a) The default domain of the ldap it is used to create email if the field is not map
      #     correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
      #
      # b) In case AD SimpleAuth is configured, the default domain is appended to the given
      #    loginname for creating the correct username for the bind request to AD.
      #
      # Example :
      ##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE:- LDAP_DEFAULT_DOMAIN=mydomain.com
      #
      #-----------------------------------------------------------------
      # ==== LDAP BASEDN Auth ====
      #
      # LDAP_BASEDN : The base DN for the LDAP Tree
      # example : LDAP_BASEDN=ou=user,dc=example,dc=org
      #- LDAP_BASEDN=
      #
      #-----------------------------------------------------------------
      # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
      # example : LDAP_LOGIN_FALLBACK=true
      #- LDAP_LOGIN_FALLBACK=false
      #
      # LDAP_RECONNECT : Reconnect to the server if the connection is lost
      # example : LDAP_RECONNECT=false
      #- LDAP_RECONNECT=true
      #
      # LDAP_TIMEOUT : Overall timeout, in milliseconds
      # example : LDAP_TIMEOUT=12345
      #- LDAP_TIMEOUT=10000
      #
      # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
      # example : LDAP_IDLE_TIMEOUT=12345
      #- LDAP_IDLE_TIMEOUT=10000
      #
      # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
      # example : LDAP_CONNECT_TIMEOUT=12345
      #- LDAP_CONNECT_TIMEOUT=10000
      #
      # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
      # example : LDAP_AUTHENTIFICATION=true
      #- LDAP_AUTHENTIFICATION=false
      #
      # LDAP_AUTHENTIFICATION_USERDN : The search user DN
      # example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
      #- LDAP_AUTHENTIFICATION_USERDN=
      #
      # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
      # example : AUTHENTIFICATION_PASSWORD=admin
      #- LDAP_AUTHENTIFICATION_PASSWORD=
      #
      # LDAP_LOG_ENABLED : Enable logs for the module
      # example : LDAP_LOG_ENABLED=true
      #- LDAP_LOG_ENABLED=false
      #
      # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
      # example : LDAP_BACKGROUND_SYNC=true
      #- LDAP_BACKGROUND_SYNC=false
      #
      # At which interval does the background task sync.
      # The format must be as specified in:
      # https://bunkat.github.io/later/parsers.html#text
      #- LDAP_BACKGROUND_SYNC_INTERVAL='every 1 hour'
      #
      # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
      # The format must be as specified in:
      # https://bunkat.github.io/later/parsers.html#text
      #- LDAP_BACKGROUND_SYNC_INTERVAL=every 1 hours
      # At which interval does the background task sync in milliseconds.
      # Leave this unset, so it uses default, and does not crash.
      # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722
      - LDAP_BACKGROUND_SYNC_INTERVAL=''
      #
      # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
      # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
      #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
      #
      # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
      # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
      #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
      #
      # LDAP_ENCRYPTION : If using LDAPS
      # example : LDAP_ENCRYPTION=ssl
      #- LDAP_ENCRYPTION=false
      #
      # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
      # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
      #- LDAP_CA_CERT=
      #
      # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
      # example : LDAP_REJECT_UNAUTHORIZED=true
      #- LDAP_REJECT_UNAUTHORIZED=false
      #
      # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
      # example : LDAP_USER_SEARCH_FILTER=
      #- LDAP_USER_SEARCH_FILTER=
      #
      # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
      # example : LDAP_USER_SEARCH_SCOPE=one
      #- LDAP_USER_SEARCH_SCOPE=
      #
      # LDAP_USER_SEARCH_FIELD : Which field is used to find the user
      # example : LDAP_USER_SEARCH_FIELD=uid
      #- LDAP_USER_SEARCH_FIELD=
      #
      # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
      # example : LDAP_SEARCH_PAGE_SIZE=12345
      #- LDAP_SEARCH_PAGE_SIZE=0
      #
      # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
      # example : LDAP_SEARCH_SIZE_LIMIT=12345
      #- LDAP_SEARCH_SIZE_LIMIT=0
      #
      # LDAP_GROUP_FILTER_ENABLE : Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap
      # example : LDAP_GROUP_FILTER_ENABLE=true
      #- LDAP_GROUP_FILTER_ENABLE=false
      #
      # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
      # example : LDAP_GROUP_FILTER_OBJECTCLASS=group
      #- LDAP_GROUP_FILTER_OBJECTCLASS=
      #
      # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : The attribute of a group identifying it
      # example : LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
      #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
      #
      # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : The attribute inside a group object listing its members
      # example : member
      #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
      #
      # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE
      # example : dn
      #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
      #
      # LDAP_GROUP_FILTER_GROUP_NAME : The group name (id) that matches all users
      # example : wekan_users
      #- LDAP_GROUP_FILTER_GROUP_NAME=
      #
      # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
      # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid
      #- LDAP_UNIQUE_IDENTIFIER_FIELD=
      #
      # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
      # example : LDAP_UTF8_NAMES_SLUGIFY=false
      #- LDAP_UTF8_NAMES_SLUGIFY=true
      #
      # LDAP_USERNAME_FIELD : Which field contains the ldap username
      # example : LDAP_USERNAME_FIELD=username
      #- LDAP_USERNAME_FIELD=
      #
      # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
      # example : LDAP_FULLNAME_FIELD=fullname
      #- LDAP_FULLNAME_FIELD=
      #
      # LDAP_MERGE_EXISTING_USERS :
      # example : LDAP_MERGE_EXISTING_USERS=true
      #- LDAP_MERGE_EXISTING_USERS=false
      #
      # LDAP_SYNC_USER_DATA :
      # example : LDAP_SYNC_USER_DATA=true
      #- LDAP_SYNC_USER_DATA=false
      #
      # LDAP_SYNC_USER_DATA_FIELDMAP :
      # example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
      #- LDAP_SYNC_USER_DATA_FIELDMAP=
      #
      # LDAP_SYNC_GROUP_ROLES :
      # example :
      #- LDAP_SYNC_GROUP_ROLES=
      #
      # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
      # example :
      #- LDAP_DEFAULT_DOMAIN=
      #
      #---------------------------------------------------------------------
      # ==== LOGOUT TIMER, probably does not work yet ====
      # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
      # example : LOGOUT_WITH_TIMER=true
      #- LOGOUT_WITH_TIMER=
      #
      # LOGOUT_IN : The number of days
      # example : LOGOUT_IN=1
      #- LOGOUT_IN=
      #
      # LOGOUT_ON_HOURS : The number of hours
      # example : LOGOUT_ON_HOURS=9
      #- LOGOUT_ON_HOURS=
      #
      # LOGOUT_ON_MINUTES : The number of minutes
      # example : LOGOUT_ON_MINUTES=55
      #- LOGOUT_ON_MINUTES=
      #---------------------------------------------------------------------
      # PASSWORD_LOGIN_ENABLED : Enable or not the password login form.
      # example: PASSWORD_LOGIN_ENABLED=false
      # - PASSWORD_LOGIN_ENABLED
      #-------------------------------------------------------------------
      #- CAS_ENABLED=true
      #- CAS_BASE_URL=https://cas.example.com/cas
      #- CAS_LOGIN_URL=https://cas.example.com/login
      #- CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
      #---------------------------------------------------------------------
      #- SAML_ENABLED=true
      #- SAML_PROVIDER=
      #- SAML_ENTRYPOINT=
      #- SAML_ISSUER=
      #- SAML_CERT=
      #- SAML_IDPSLO_REDIRECTURL=
      #- SAML_PRIVATE_KEYFILE=
      #- SAML_PUBLIC_CERTFILE=
      #- SAML_IDENTIFIER_FORMAT=
      #- SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
      #- SAML_ATTRIBUTES=
      #---------------------------------------------------------------------
      # Wait spinner to use
      #- WAIT_SPINNER=Bounce
      #---------------------------------------------------------------------

    depends_on:
      - mongodb
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - wekan-files:/data:rw

#---------------------------------------------------------------------------------
# ==== OPTIONAL: SHARE DATABASE TO OFFICE LAN AND REMOTE VPN ====
#  When using Wekan both at office LAN and remote VPN:
#    1) Have above Wekan docker container config with LAN IP address
#    2) Copy all of above wekan container config below, look above of this part above and all config below it,
#       before above depends_on: part:
#
#         wekan:
#            #-------------------------------------------------------------------------------------
#            # ==== MONGODB AND METEOR VERSION ====
#            # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, .....
#
#
#       and change name to different name like wekan2 or wekanvpn, and change ROOT_URL to server VPN IP
#       address.
#    3) This way both Wekan containers can use same MongoDB database
#       and see the same Wekan boards.
#    4) You could also add 3rd Wekan container for 3rd network etc.
# EXAMPLE:
#  wekan2:
#    ....COPY CONFIG FROM ABOVE TO HERE...
#    environment:
#      - ROOT_URL='http://10.10.10.10'
#      ...COPY CONFIG FROM ABOVE TO HERE...
#---------------------------------------------------------------------------------

volumes:
  wekan-files:
    driver: local
  mongodb:
    driver: local
  mongodb-dump:
    driver: local

networks:
  wekan-tier:
    driver: bridge