diff options
author | Lauri Ojansivu <x@xet7.org> | 2019-03-21 22:22:46 +0200 |
---|---|---|
committer | Lauri Ojansivu <x@xet7.org> | 2019-03-21 22:22:46 +0200 |
commit | 506acda70b5e78737c52455e5eee9c8758243196 (patch) | |
tree | 28a741dee7a5d1f52077519094dcc9891ef9c7d6 | |
parent | d173844f98be245d596af5c9caa1aca89667940f (diff) | |
download | wekan-506acda70b5e78737c52455e5eee9c8758243196.tar.gz wekan-506acda70b5e78737c52455e5eee9c8758243196.tar.bz2 wekan-506acda70b5e78737c52455e5eee9c8758243196.zip |
- Add LDAP config example, remove extra text.
Thanks to xet7 !
-rw-r--r-- | docker-compose.yml | 187 |
1 files changed, 70 insertions, 117 deletions
diff --git a/docker-compose.yml b/docker-compose.yml index 83fc0ac2..b8089e20 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -90,11 +90,11 @@ services: wekandb: #------------------------------------------------------------------------------------- # ==== MONGODB AND METEOR VERSION ==== - # a) CURRENTLY BROKEN: For Wekan Meteor 1.8.x version at meteor-1.8 branch, use mongo 4.x - # image: mongo:4.0.4 + # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, use mongo 4.x + image: mongo:4.0.4 # b) For Wekan Meteor 1.6.x version at master/devel/edge branches. # Only for Snap and Sandstorm while they are not upgraded yet to Meteor 1.8.x - image: mongo:3.2.21 + #image: mongo:3.2.21 #------------------------------------------------------------------------------------- container_name: wekan-db restart: always @@ -110,12 +110,12 @@ services: wekan: #------------------------------------------------------------------------------------- # ==== MONGODB AND METEOR VERSION ==== - # a) CURRENTLY BROKEN: For Wekan Meteor 1.8.x version at meteor-1.8 branch, + # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, # using https://quay.io/wekan/wekan automatic builds - # image: quay.io/wekan/wekan:meteor-1.8 + image: quay.io/wekan/wekan:meteor-1.8 # b) For Wekan Meteor 1.6.x version at master/devel/edge branches. # Only for Snap and Sandstorm while they are not upgraded yet to Meteor 1.8.x - image: quay.io/wekan/wekan + #image: quay.io/wekan/wekan # c) Using specific Meteor 1.6.x version tag: # image: quay.io/wekan/wekan:v1.95 # c) Using Docker Hub automatic builds https://hub.docker.com/r/wekanteam/wekan @@ -169,8 +169,9 @@ services: # For SSL in email, change smtp:// to smtps:// # NOTE: Special characters need to be url-encoded in MAIL_URL. # You can encode those characters for example at: https://www.urlencoder.org - - MAIL_URL=smtp://user:pass@mailserver.example.com:25/ - - MAIL_FROM='Example Wekan Support <support@example.com>' + #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/ + - MAIL_URL='smtp://<mail_url>:25/?ignoreTLS=true&tls={rejectUnauthorized:false}' + - MAIL_FROM='Wekan Notifications <noreply.wekan@mydomain.com>' #--------------------------------------------------------------- # ==== OPTIONAL: MONGO OPLOG SETTINGS ===== # https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587 @@ -332,191 +333,137 @@ services: # OAuth2 Email Mapping #- OAUTH2_EMAIL_MAP= #----------------------------------------------------------------- - # ==== LDAP ==== + # ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ==== # https://github.com/wekan/wekan/wiki/LDAP # For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys # Most settings work both on Snap and Docker below. # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. # - # DEFAULT_AUTHENTICATION_METHOD : The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap. - # example : DEFAULT_AUTHENTICATION_METHOD=ldap - #- DEFAULT_AUTHENTICATION_METHOD= + # The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap. + #- DEFAULT_AUTHENTICATION_METHOD=ldap # - # LDAP_ENABLE : Enable or not the connection by the LDAP - # example : LDAP_ENABLE=true - #- LDAP_ENABLE=false + # Enable or not the connection by the LDAP + #- LDAP_ENABLE=true # - # LDAP_PORT : The port of the LDAP server - # example : LDAP_PORT=389 + # The port of the LDAP server #- LDAP_PORT=389 # - # LDAP_HOST : The host server for the LDAP server - # example : LDAP_HOST=localhost - #- LDAP_HOST= + # The host server for the LDAP server + #- LDAP_HOST=localhost # - # LDAP_BASEDN : The base DN for the LDAP Tree - # example : LDAP_BASEDN=ou=user,dc=example,dc=org - #- LDAP_BASEDN= + # The base DN for the LDAP Tree + #- LDAP_BASEDN=ou=user,dc=example,dc=org # - # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method - # example : LDAP_LOGIN_FALLBACK=true + # Fallback on the default authentication method #- LDAP_LOGIN_FALLBACK=false # - # LDAP_RECONNECT : Reconnect to the server if the connection is lost - # example : LDAP_RECONNECT=false + # Reconnect to the server if the connection is lost #- LDAP_RECONNECT=true # - # LDAP_TIMEOUT : Overall timeout, in milliseconds - # example : LDAP_TIMEOUT=12345 + # Overall timeout, in milliseconds #- LDAP_TIMEOUT=10000 # - # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds - # example : LDAP_IDLE_TIMEOUT=12345 + # Specifies the timeout for idle LDAP connections in milliseconds #- LDAP_IDLE_TIMEOUT=10000 # - # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds - # example : LDAP_CONNECT_TIMEOUT=12345 + # Connection timeout, in milliseconds #- LDAP_CONNECT_TIMEOUT=10000 # - # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search - # example : LDAP_AUTHENTIFICATION=true - #- LDAP_AUTHENTIFICATION=false + # If the LDAP needs a user account to search + #- LDAP_AUTHENTIFICATION=true # - # LDAP_AUTHENTIFICATION_USERDN : The search user DN - # example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org - #- LDAP_AUTHENTIFICATION_USERDN= + # The search user DN + #- LDAP_AUTHENTIFICATION_USERDN=cn=wekan_adm,ou=serviceaccounts,ou=admin,ou=prod,dc=mydomain,dc=com # - # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user - # example : AUTHENTIFICATION_PASSWORD=admin - #- LDAP_AUTHENTIFICATION_PASSWORD= + # The password for the search user + #- LDAP_AUTHENTIFICATION_PASSWORD=pwd # - # LDAP_LOG_ENABLED : Enable logs for the module - # example : LDAP_LOG_ENABLED=true - #- LDAP_LOG_ENABLED=false + # Enable logs for the module + #- LDAP_LOG_ENABLED=true # - # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background - # example : LDAP_BACKGROUND_SYNC=true + # If the sync of the users should be done in the background #- LDAP_BACKGROUND_SYNC=false # - # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds - # example : LDAP_BACKGROUND_SYNC_INTERVAL=12345 + # At which interval does the background task sync in milliseconds #- LDAP_BACKGROUND_SYNC_INTERVAL=100 # - # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : - # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false # - # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : - # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false # - # LDAP_ENCRYPTION : If using LDAPS - # example : LDAP_ENCRYPTION=ssl + # If using LDAPS: LDAP_ENCRYPTION=ssl #- LDAP_ENCRYPTION=false # - # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. - # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- - #- LDAP_CA_CERT= + # The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. + #- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE----- # - # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate - # example : LDAP_REJECT_UNAUTHORIZED=true + # Reject Unauthorized Certificate #- LDAP_REJECT_UNAUTHORIZED=false # - # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed - # example : LDAP_USER_SEARCH_FILTER= + # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed #- LDAP_USER_SEARCH_FILTER= # - # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) - # example : LDAP_USER_SEARCH_SCOPE=one - #- LDAP_USER_SEARCH_SCOPE= + # base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) + #- LDAP_USER_SEARCH_SCOPE=one # - # LDAP_USER_SEARCH_FIELD : Which field is used to find the user - # example : LDAP_USER_SEARCH_FIELD=uid - #- LDAP_USER_SEARCH_FIELD= + # Which field is used to find the user, like uid / sAMAccountName + #- LDAP_USER_SEARCH_FIELD=sAMAccountName # - # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) - # example : LDAP_SEARCH_PAGE_SIZE=12345 + # Used for pagination (0=unlimited) #- LDAP_SEARCH_PAGE_SIZE=0 # - # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) - # example : LDAP_SEARCH_SIZE_LIMIT=12345 + # The limit number of entries (0=unlimited) #- LDAP_SEARCH_SIZE_LIMIT=0 # - # LDAP_GROUP_FILTER_ENABLE : Enable group filtering - # example : LDAP_GROUP_FILTER_ENABLE=true + # Enable group filtering #- LDAP_GROUP_FILTER_ENABLE=false # - # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering - # example : LDAP_GROUP_FILTER_OBJECTCLASS=group + # The object class for filtering. Example: group #- LDAP_GROUP_FILTER_OBJECTCLASS= # - # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : - # example : #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= # - # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : - # example : #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= # - # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : - # example : #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= # - # LDAP_GROUP_FILTER_GROUP_NAME : - # example : #- LDAP_GROUP_FILTER_GROUP_NAME= # - # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) - # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid + # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid #- LDAP_UNIQUE_IDENTIFIER_FIELD= # # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 - # example : LDAP_UTF8_NAMES_SLUGIFY=false #- LDAP_UTF8_NAMES_SLUGIFY=true # - # LDAP_USERNAME_FIELD : Which field contains the ldap username - # example : LDAP_USERNAME_FIELD=username - #- LDAP_USERNAME_FIELD= + # LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName + #- LDAP_USERNAME_FIELD=sAMAccountName # - # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname - # example : LDAP_FULLNAME_FIELD=fullname - #- LDAP_FULLNAME_FIELD= + # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName + #- LDAP_FULLNAME_FIELD=fullname # - # LDAP_MERGE_EXISTING_USERS : - # example : LDAP_MERGE_EXISTING_USERS=true #- LDAP_MERGE_EXISTING_USERS=false # - # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match - # example: LDAP_EMAIL_MATCH_ENABLE=true - #- LDAP_EMAIL_MATCH_ENABLE=false + # Allow existing account matching by e-mail address when username does not match + #- LDAP_EMAIL_MATCH_ENABLE=true # # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match - # example: LDAP_EMAIL_MATCH_REQUIRE=true - #- LDAP_EMAIL_MATCH_REQUIRE=false + #- LDAP_EMAIL_MATCH_REQUIRE=true # # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching - # example: LDAP_EMAIL_MATCH_VERIFIED=true - #- LDAP_EMAIL_MATCH_VERIFIED=false + #- LDAP_EMAIL_MATCH_VERIFIED=true # # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address - # example: LDAP_EMAIL_FIELD=mail - #- LDAP_EMAIL_FIELD= + #- LDAP_EMAIL_FIELD=mail #----------------------------------------------------------------- - # LDAP_SYNC_USER_DATA : - # example : LDAP_SYNC_USER_DATA=true #- LDAP_SYNC_USER_DATA=false # - # LDAP_SYNC_USER_DATA_FIELDMAP : - # example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} - #- LDAP_SYNC_USER_DATA_FIELDMAP= + #- LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} # - # LDAP_SYNC_GROUP_ROLES : - # example : - #- LDAP_SYNC_GROUP_ROLES= + #- LDAP_SYNC_GROUP_ROLES='' # - # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP + # The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : - #- LDAP_DEFAULT_DOMAIN= + #- LDAP_DEFAULT_DOMAIN=mydomain.com # # Enable/Disable syncing of admin status based on ldap groups: #- LDAP_SYNC_ADMIN_STATUS=true @@ -591,9 +538,15 @@ services: # - 80:80 # - 443:443 # volumes: -# - ./nginx/ssl:/etc/nginx/ssl/ -# - ./nginx/nginx.conf:/etc/nginx/nginx.conf - +# - ./nginx/ssl:/etc/nginx/ssl/:ro +# - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro +## Alternative volume config: +## volumes: +## - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro +## - ./nginx/ssl/ssl.conf:/etc/nginx/conf.d/ssl/ssl.conf:ro +## - ./nginx/ssl/testvm-ehu.crt:/etc/nginx/conf.d/ssl/certs/mycert.crt:ro +## - ./nginx/ssl/testvm-ehu.key:/etc/nginx/conf.d/ssl/certs/mykey.key:ro +## - ./nginx/ssl/pphrase:/etc/nginx/conf.d/ssl/pphrase:ro volumes: wekan-db: |