diff options
author | Thiago Fernando <thiagofernando@outlook.com> | 2019-05-10 14:54:25 -0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-05-10 14:54:25 -0300 |
commit | ce0473480bab3fc621d4baecfff0f413e21b5e2c (patch) | |
tree | 06d724b4f80885bdd13137f7977d7a914cca0138 /releases/virtualbox/start-wekan.sh | |
parent | c43508cacbd64357409a3de114db9dab2ae59a9d (diff) | |
parent | 7ff4067e88ed59686c86d81447fa2ce550032034 (diff) | |
download | wekan-ce0473480bab3fc621d4baecfff0f413e21b5e2c.tar.gz wekan-ce0473480bab3fc621d4baecfff0f413e21b5e2c.tar.bz2 wekan-ce0473480bab3fc621d4baecfff0f413e21b5e2c.zip |
Merge pull request #1 from wekan/devel
ldap changes
Diffstat (limited to 'releases/virtualbox/start-wekan.sh')
-rwxr-xr-x | releases/virtualbox/start-wekan.sh | 291 |
1 files changed, 291 insertions, 0 deletions
diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh new file mode 100755 index 00000000..14a86dc3 --- /dev/null +++ b/releases/virtualbox/start-wekan.sh @@ -0,0 +1,291 @@ +# If you want to restart even on crash, uncomment while and done lines. + +#while true; do + cd ~/repos/wekan/.build/bundle + #--------------------------------------------- + # Debug OIDC OAuth2 etc. + #export export DEBUG=true + #--------------------------------------------- + export MONGO_URL='mongodb://127.0.0.1:27017/admin' + # ROOT_URL EXAMPLES FOR WEBSERVERS: https://github.com/wekan/wekan/wiki/Settings + # Production: https://example.com/wekan + # Local: http://localhost:3000 + #export ipaddress=$(ifdata -pa eth0) + export ROOT_URL='http://localhost' + #--------------------------------------------- + # Working email IS NOT REQUIRED to use Wekan. + # https://github.com/wekan/wekan/wiki/Adding-users + # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail + # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml + export MAIL_URL='smtp://user:pass@mailserver.example.com:25/' + export MAIL_FROM='Wekan Support <support@example.com>' + # This is local port where Wekan Node.js runs, same as below on Caddyfile settings. + export PORT=80 + #--------------------------------------------- + # Wekan Export Board works when WITH_API='true'. + # If you disable Wekan API, Export Board does not work. + export WITH_API='true' + #--------------------------------------------------------------- + # ==== PASSWORD BRUTE FORCE PROTECTION ==== + #https://atmospherejs.com/lucasantoniassi/accounts-lockout + #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js + #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3 + #export ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60 + #export ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15 + #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 + #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 + #export ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 + #--------------------------------------------- + # CORS: Set Access-Control-Allow-Origin header. Example: * + #export CORS=* + #--------------------------------------------- + ## Optional: Integration with Matomo https://matomo.org that is installed to your server + ## The address of the server where Matomo is hosted: + ##export MATOMO_ADDRESS=https://example.com/matomo + #export MATOMO_ADDRESS= + ## The value of the site ID given in Matomo server for Wekan + # Example: export MATOMO_SITE_ID=123456789 + #export MATOMO_SITE_ID='' + ## The option do not track which enables users to not be tracked by matomo" + #Example: export MATOMO_DO_NOT_TRACK=false + #export MATOMO_DO_NOT_TRACK=true + ## The option that allows matomo to retrieve the username: + # Example: export MATOMO_WITH_USERNAME=true + #export MATOMO_WITH_USERNAME='false' + # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. + # Setting this to false is not recommended, it also disables all other browser policy protections + # and allows all iframing etc. See wekan/server/policy.js + # Default value: true + export BROWSER_POLICY_ENABLED=true + # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. + # Example: export TRUSTED_URL=http://example.com + export TRUSTED_URL='' + # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . + # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId + export WEBHOOKS_ATTRIBUTES='' + #--------------------------------------------- + # ==== OAUTH2 AZURE ==== + # https://github.com/wekan/wekan/wiki/Azure + # 1) Register the application with Azure. Make sure you capture + # the application ID as well as generate a secret key. + # 2) Configure the environment variables. This differs slightly + # by installation type, but make sure you have the following: + #export OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect + # Application GUID captured during app registration: + #export OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx + # Secret key generated during app registration: + #export OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx + #export OAUTH2_SERVER_URL=https://login.microsoftonline.com/ + #export OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize + #export OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo + #export OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token + # The claim name you want to map to the unique ID field: + #export OAUTH2_ID_MAP=email + # The claim name you want to map to the username field: + #export OAUTH2_USERNAME_MAP=email + # The claim name you want to map to the full name field: + #export OAUTH2_FULLNAME_MAP=name + # Tthe claim name you want to map to the email field: + #export OAUTH2_EMAIL_MAP=email + #----------------------------------------------------------------- + # ==== OAUTH2 KEYCLOAK ==== + # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED + #export OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect + #export OAUTH2_CLIENT_ID=<Keycloak create Client ID> + #export OAUTH2_SERVER_URL=<Keycloak server name>/auth + #export OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth + #export OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo + #export OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token + #export OAUTH2_SECRET=<keycloak client secret> + #----------------------------------------------------------------- + # ==== OAUTH2 DOORKEEPER ==== + # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # https://github.com/wekan/wekan/issues/1874 + # https://github.com/wekan/wekan/wiki/OAuth2 + # Enable the OAuth2 connection + #export OAUTH2_ENABLED=true + # OAuth2 login style: popup or redirect. + #export OAUTH2_LOGIN_STYLE=redirect + # OAuth2 Client ID. + #export OAUTH2_CLIENT_ID=abcde12345 + # OAuth2 Secret. + #export OAUTH2_SECRET=54321abcde + # OAuth2 Server URL. + #export OAUTH2_SERVER_URL=https://chat.example.com + # OAuth2 Authorization Endpoint. + #export OAUTH2_AUTH_ENDPOINT=/oauth/authorize + # OAuth2 Userinfo Endpoint. + #export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo + # OAuth2 Token Endpoint. + #export OAUTH2_TOKEN_ENDPOINT=/oauth/token + # OAuth2 ID Mapping + #export OAUTH2_ID_MAP= + # OAuth2 Username Mapping + #export OAUTH2_USERNAME_MAP= + # OAuth2 Fullname Mapping + #export OAUTH2_FULLNAME_MAP= + # OAuth2 Email Mapping + #export OAUTH2_EMAIL_MAP= + #--------------------------------------------- + # LDAP_ENABLE : Enable or not the connection by the LDAP + # example : export LDAP_ENABLE=true + #export LDAP_ENABLE=false + # LDAP_PORT : The port of the LDAP server + # example : export LDAP_PORT=389 + #export LDAP_PORT=389 + # LDAP_HOST : The host server for the LDAP server + # example : export LDAP_HOST=localhost + #export LDAP_HOST= + # LDAP_BASEDN : The base DN for the LDAP Tree + # example : export LDAP_BASEDN=ou=user,dc=example,dc=org + #export LDAP_BASEDN= + # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method + # example : export LDAP_LOGIN_FALLBACK=true + #export LDAP_LOGIN_FALLBACK=false + # LDAP_RECONNECT : Reconnect to the server if the connection is lost + # example : export LDAP_RECONNECT=false + #export LDAP_RECONNECT=true + # LDAP_TIMEOUT : Overall timeout, in milliseconds + # example : export LDAP_TIMEOUT=12345 + #export LDAP_TIMEOUT=10000 + # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds + # example : export LDAP_IDLE_TIMEOUT=12345 + #export LDAP_IDLE_TIMEOUT=10000 + # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds + # example : export LDAP_CONNECT_TIMEOUT=12345 + #export LDAP_CONNECT_TIMEOUT=10000 + # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search + # example : export LDAP_AUTHENTIFICATION=true + #export LDAP_AUTHENTIFICATION=false + # LDAP_AUTHENTIFICATION_USERDN : The search user DN + # example : export LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org + #export LDAP_AUTHENTIFICATION_USERDN= + # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user + # example : AUTHENTIFICATION_PASSWORD=admin + #export LDAP_AUTHENTIFICATION_PASSWORD= + # LDAP_LOG_ENABLED : Enable logs for the module + # example : export LDAP_LOG_ENABLED=true + #export LDAP_LOG_ENABLED=false + # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background + # example : export LDAP_BACKGROUND_SYNC=true + #export LDAP_BACKGROUND_SYNC=false + # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds + # example : export LDAP_BACKGROUND_SYNC_INTERVAL=12345 + #export LDAP_BACKGROUND_SYNC_INTERVAL=100 + # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : + # example : export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true + #export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false + # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : + # example : export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true + #export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false + # LDAP_ENCRYPTION : If using LDAPS + # example : export LDAP_ENCRYPTION=ssl + #export LDAP_ENCRYPTION=false + # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. + # example : export LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- + #export LDAP_CA_CERT= + # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate + # example : export LDAP_REJECT_UNAUTHORIZED=true + #export LDAP_REJECT_UNAUTHORIZED=false + # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed + # example : export LDAP_USER_SEARCH_FILTER= + #export LDAP_USER_SEARCH_FILTER= + # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) + # example : export LDAP_USER_SEARCH_SCOPE=one + #export LDAP_USER_SEARCH_SCOPE= + # LDAP_USER_SEARCH_FIELD : Which field is used to find the user + # example : export LDAP_USER_SEARCH_FIELD=uid + #export LDAP_USER_SEARCH_FIELD= + # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) + # example : export LDAP_SEARCH_PAGE_SIZE=12345 + #export LDAP_SEARCH_PAGE_SIZE=0 + # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) + # example : export LDAP_SEARCH_SIZE_LIMIT=12345 + #export LDAP_SEARCH_SIZE_LIMIT=0 + # LDAP_GROUP_FILTER_ENABLE : Enable group filtering + # example : export LDAP_GROUP_FILTER_ENABLE=true + #export LDAP_GROUP_FILTER_ENABLE=false + # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering + # example : export LDAP_GROUP_FILTER_OBJECTCLASS=group + #export LDAP_GROUP_FILTER_OBJECTCLASS= + # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : + # example : + #export LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= + # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : + # example : + #export LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= + # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : + # example : + #export LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= + # LDAP_GROUP_FILTER_GROUP_NAME : + # example : + #export LDAP_GROUP_FILTER_GROUP_NAME= + # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) + # example : export LDAP_UNIQUE_IDENTIFIER_FIELD=guid + #export LDAP_UNIQUE_IDENTIFIER_FIELD= + # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 + # example : export LDAP_UTF8_NAMES_SLUGIFY=false + #export LDAP_UTF8_NAMES_SLUGIFY=true + # LDAP_USERNAME_FIELD : Which field contains the ldap username + # example : export LDAP_USERNAME_FIELD=username + #export LDAP_USERNAME_FIELD= + # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname + # example : export LDAP_FULLNAME_FIELD=fullname + #export LDAP_FULLNAME_FIELD= + # LDAP_MERGE_EXISTING_USERS : + # example : export LDAP_MERGE_EXISTING_USERS=true + #export LDAP_MERGE_EXISTING_USERS=false + # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match + # example: LDAP_EMAIL_MATCH_ENABLE=true + #export LDAP_EMAIL_MATCH_ENABLE=false + # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match + # example: LDAP_EMAIL_MATCH_REQUIRE=true + #export LDAP_EMAIL_MATCH_REQUIRE=false + # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching + # example: LDAP_EMAIL_MATCH_VERIFIED=true + #export LDAP_EMAIL_MATCH_VERIFIED=false + # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address + # example: LDAP_EMAIL_FIELD=mail + #export LDAP_EMAIL_FIELD= + # LDAP_SYNC_USER_DATA : + # example : export LDAP_SYNC_USER_DATA=true + #export LDAP_SYNC_USER_DATA=false + # LDAP_SYNC_USER_DATA_FIELDMAP : + # example : export LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} + #export LDAP_SYNC_USER_DATA_FIELDMAP= + # LDAP_SYNC_GROUP_ROLES : + # example : + #export LDAP_SYNC_GROUP_ROLES= + # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP + # example : + #export LDAP_DEFAULT_DOMAIN= + # Enable/Disable syncing of admin status based on ldap groups: + #export LDAP_SYNC_ADMIN_STATUS=true + # Comma separated list of admin group names. + #export LDAP_SYNC_ADMIN_GROUPS=group1,group2 + #--------------------------------------------------------------------- + # Login to LDAP automatically with HTTP header. + # In below example for siteminder, at right side of = is header name. + #export HEADER_LOGIN_ID=HEADERUID + #export HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME + #export HEADER_LOGIN_LASTNAME=HEADERLASTNAME + #export HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS + #--------------------------------------------------------------------- + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #export LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #export LOGOUT_IN= + #export LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #export LOGOUT_ON_MINUTES= + + node main.js & >> ~/repos/wekan.log + cd ~/repos +#done |