docker-compose.yml 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571
  1. version: '2'
  2. # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
  3. #---------------------------------------------------------------------------------------------------------
  4. # ==== CREATING USERS AND LOGGING IN TO WEKAN ====
  5. # https://github.com/wekan/wekan/wiki/Adding-users
  6. #---------------------------------------------------------------------------------------------------------
  7. # ==== FORGOT PASSWORD ====
  8. # https://github.com/wekan/wekan/wiki/Forgot-Password
  9. #---------------------------------------------------------------------------------------------------------
  10. # ==== Upgrading Wekan to new version =====
  11. # 1) Stop Wekan:
  12. # docker-compose stop
  13. # 2) Download new version:
  14. # docker-compose pull wekan
  15. # 3) If you have more networks for VPN etc as described at bottom of
  16. # this config, download for them too:
  17. # docker-compose pull wekan2
  18. # 4) Start Wekan:
  19. # docker-compose start
  20. #----------------------------------------------------------------------------------
  21. # ==== OPTIONAL: DEDICATED DOCKER USER ====
  22. # 1) Optionally create a dedicated user for Wekan, for example:
  23. # sudo useradd -d /home/wekan -m -s /bin/bash wekan
  24. # 2) Add this user to the docker group, then logout+login or reboot:
  25. # sudo usermod -aG docker wekan
  26. # 3) Then login as user wekan.
  27. # 4) Create this file /home/wekan/docker-compose.yml with your modifications.
  28. #----------------------------------------------------------------------------------
  29. # ==== RUN DOCKER AS SERVICE ====
  30. # 1a) Running Docker as service, on Systemd like Debian 9, Ubuntu 16.04, CentOS 7:
  31. # sudo systemctl enable docker
  32. # sudo systemctl start docker
  33. # 1b) Running Docker as service, on init.d like Debian 8, Ubuntu 14.04, CentOS 6:
  34. # sudo update-rc.d docker defaults
  35. # sudo service docker start
  36. # ----------------------------------------------------------------------------------
  37. # ==== USAGE OF THIS docker-compose.yml ====
  38. # 1) For seeing does Wekan work, try this and check with your webbroser:
  39. # docker-compose up
  40. # 2) Stop Wekan and start Wekan in background:
  41. # docker-compose stop
  42. # docker-compose up -d
  43. # 3) See running Docker containers:
  44. # docker ps
  45. # 4) Stop Docker containers:
  46. # docker-compose stop
  47. # ----------------------------------------------------------------------------------
  48. # ===== INSIDE DOCKER CONTAINERS, AND BACKUP/RESTORE ====
  49. # https://github.com/wekan/wekan/wiki/Backup
  50. # If really necessary, repair MongoDB: https://github.com/wekan/wekan-mongodb/issues/6#issuecomment-424004116
  51. # 1) Going inside containers:
  52. # a) Wekan app, does not contain data
  53. # docker exec -it wekan-app bash
  54. # b) MongoDB, contains all data
  55. # docker exec -it wekan-db bash
  56. # 2) Copying database to outside of container:
  57. # docker exec -it wekan-db bash
  58. # cd /data
  59. # mongodump
  60. # exit
  61. # docker cp wekan-db:/data/dump .
  62. # 3) Restoring database
  63. # # 1) Stop wekan
  64. # docker stop wekan-app
  65. # # 2) Go inside database container
  66. # docker exec -it wekan-db bash
  67. # # 3) and data directory
  68. # cd /data
  69. # # 4) Remove previos dump
  70. # rm -rf dump
  71. # # 5) Exit db container
  72. # exit
  73. # # 6) Copy dump to inside docker container
  74. # docker cp dump wekan-db:/data/
  75. # # 7) Go inside database container
  76. # docker exec -it wekan-db bash
  77. # # 8) and data directory
  78. # cd /data
  79. # # 9) Restore
  80. # mongorestore --drop
  81. # # 10) Exit db container
  82. # exit
  83. # # 11) Start wekan
  84. # docker start wekan-app
  85. #-------------------------------------------------------------------------
  86. services:
  87. wekandb:
  88. #-------------------------------------------------------------------------------------
  89. # ==== MONGODB AND METEOR VERSION ====
  90. # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, use mongo 4.x
  91. #image: mongo:4.0.4
  92. # b) For Wekan Meteor 1.6.x version at master/devel/edge branches.
  93. # Only for Snap and Sandstorm while they are not upgraded yet to Meteor 1.8.x
  94. image: mongo:3.2.21
  95. #-------------------------------------------------------------------------------------
  96. container_name: wekan-db
  97. restart: always
  98. command: mongod --smallfiles --oplogSize 128
  99. networks:
  100. - wekan-tier
  101. expose:
  102. - 27017
  103. volumes:
  104. - wekan-db:/data/db
  105. - wekan-db-dump:/dump
  106. wekan:
  107. #-------------------------------------------------------------------------------------
  108. # ==== MONGODB AND METEOR VERSION ====
  109. # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch,
  110. # using https://quay.io/wekan/wekan automatic builds
  111. #image: quay.io/wekan/wekan:meteor-1.8
  112. # b) For Wekan Meteor 1.6.x version at master/devel/edge branches.
  113. # Only for Snap and Sandstorm while they are not upgraded yet to Meteor 1.8.x
  114. image: quay.io/wekan/wekan:master
  115. # c) Using specific Meteor 1.6.x version tag:
  116. # image: quay.io/wekan/wekan:v1.95
  117. # c) Using Docker Hub automatic builds https://hub.docker.com/r/wekanteam/wekan
  118. # image: wekanteam/wekan:meteor-1.8
  119. # image: wekanteam/wekan:v1.95
  120. #-------------------------------------------------------------------------------------
  121. container_name: wekan-app
  122. restart: always
  123. networks:
  124. - wekan-tier
  125. #-------------------------------------------------------------------------------------
  126. # ==== BUILD wekan-app DOCKER CONTAINER FROM SOURCE, if you uncomment these ====
  127. # ==== and use commands: docker-compose up -d --build
  128. #build:
  129. # context: .
  130. # dockerfile: Dockerfile
  131. # args:
  132. # - NODE_VERSION=${NODE_VERSION}
  133. # - METEOR_RELEASE=${METEOR_RELEASE}
  134. # - NPM_VERSION=${NPM_VERSION}
  135. # - ARCHITECTURE=${ARCHITECTURE}
  136. # - SRC_PATH=${SRC_PATH}
  137. # - METEOR_EDGE=${METEOR_EDGE}
  138. # - USE_EDGE=${USE_EDGE}
  139. #-------------------------------------------------------------------------------------
  140. ports:
  141. # Docker outsideport:insideport. Do not add anything extra here.
  142. # For example, if you want to have wekan on port 3001,
  143. # use 3001:8080 . Do not add any extra address etc here, that way it does not work.
  144. # remove port mapping if you use nginx reverse proxy, port 8080 is already exposed to wekan-tier network
  145. - 80:8080
  146. environment:
  147. - MONGO_URL=mongodb://wekandb:27017/wekan
  148. #---------------------------------------------------------------
  149. # ==== ROOT_URL SETTING ====
  150. # Change ROOT_URL to your real Wekan URL, for example:
  151. # If you have Caddy/Nginx/Apache providing SSL
  152. # - https://example.com
  153. # - https://boards.example.com
  154. # This can be problematic with avatars https://github.com/wekan/wekan/issues/1776
  155. # - https://example.com/wekan
  156. # If without https, can be only wekan node, no need for Caddy/Nginx/Apache if you don't need them
  157. # - http://example.com
  158. # - http://boards.example.com
  159. # - http://192.168.1.100 <=== using at local LAN
  160. - ROOT_URL=http://localhost # <=== using only at same laptop/desktop where Wekan is installed
  161. #---------------------------------------------------------------
  162. # ==== EMAIL SETTINGS ====
  163. # Email settings are required in both MAIL_URL and Admin Panel,
  164. # see https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
  165. # For SSL in email, change smtp:// to smtps://
  166. # NOTE: Special characters need to be url-encoded in MAIL_URL.
  167. # You can encode those characters for example at: https://www.urlencoder.org
  168. #- MAIL_URL=smtp://user:[email protected]:25/
  169. - MAIL_URL=smtp://<mail_url>:25/?ignoreTLS=true&tls={rejectUnauthorized:false}
  170. - MAIL_FROM=Wekan Notifications <[email protected]>
  171. #---------------------------------------------------------------
  172. # ==== OPTIONAL: MONGO OPLOG SETTINGS =====
  173. # https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587
  174. # We've fixed our CPU usage problem today with an environment
  175. # change around Wekan. I wasn't aware during implementation
  176. # that if you're using more than 1 instance of Wekan
  177. # (or any MeteorJS based tool) you're supposed to set
  178. # MONGO_OPLOG_URL as an environment variable.
  179. # Without setting it, Meteor will perform a pull-and-diff
  180. # update of it's dataset. With it, Meteor will update from
  181. # the OPLOG. See here
  182. # https://blog.meteor.com/tuning-meteor-mongo-livedata-for-scalability-13fe9deb8908
  183. # After setting
  184. # MONGO_OPLOG_URL=mongodb://<username>:<password>@<mongoDbURL>/local?authSource=admin&replicaSet=rsWekan
  185. # the CPU usage for all Wekan instances dropped to an average
  186. # of less than 10% with only occasional spikes to high usage
  187. # (I guess when someone is doing a lot of work)
  188. # - MONGO_OPLOG_URL=mongodb://<username>:<password>@<mongoDbURL>/local?authSource=admin&replicaSet=rsWekan
  189. #---------------------------------------------------------------
  190. # ==== OPTIONAL: KADIRA PERFORMANCE MONITORING FOR METEOR ====
  191. # https://github.com/edemaine/kadira-compose
  192. # https://github.com/meteor/meteor-apm-agent
  193. # https://blog.meteor.com/kadira-apm-is-now-open-source-490469ffc85f
  194. #- APM_OPTIONS_ENDPOINT=http://<kadira-ip>:11011
  195. #- APM_APP_ID=
  196. #- APM_APP_SECRET=
  197. #---------------------------------------------------------------
  198. # ==== OPTIONAL: LOGS AND STATS ====
  199. # https://github.com/wekan/wekan/wiki/Logs
  200. #
  201. # Daily export of Wekan changes as JSON to Logstash and ElasticSearch / Kibana (ELK)
  202. # https://github.com/wekan/wekan-logstash
  203. #
  204. # Statistics Python script for Wekan Dashboard
  205. # https://github.com/wekan/wekan-stats
  206. #
  207. # Console, file, and zulip logger on database changes https://github.com/wekan/wekan/pull/1010
  208. # with fix to replace console.log by winston logger https://github.com/wekan/wekan/pull/1033
  209. # but there could be bug https://github.com/wekan/wekan/issues/1094
  210. #
  211. # There is Feature Request: Logging date and time of all activity with summary reports,
  212. # and requesting reason for changing card to other column https://github.com/wekan/wekan/issues/1598
  213. #---------------------------------------------------------------
  214. # ==== WEKAN API AND EXPORT BOARD ====
  215. # Wekan Export Board works when WITH_API=true.
  216. # https://github.com/wekan/wekan/wiki/REST-API
  217. # https://github.com/wekan/wekan-gogs
  218. # If you disable Wekan API with false, Export Board does not work.
  219. - WITH_API=true
  220. #---------------------------------------------------------------
  221. # ==== PASSWORD BRUTE FORCE PROTECTION ====
  222. #https://atmospherejs.com/lucasantoniassi/accounts-lockout
  223. #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
  224. #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
  225. #- ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
  226. #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
  227. #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
  228. #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
  229. #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
  230. #---------------------------------------------------------------
  231. # ==== EMAIL NOTIFICATION TIMEOUT, ms =====
  232. # Defaut: 30000 ms = 30s
  233. #- EMAIL_NOTIFICATION_TIMEOUT=30000
  234. #-----------------------------------------------------------------
  235. # ==== CORS =====
  236. # CORS: Set Access-Control-Allow-Origin header.
  237. #- CORS=*
  238. # CORS_ALLOW_HEADERS: Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API.
  239. #- CORS_ALLOW_HEADERS=Authorization,Content-Type
  240. # CORS_EXPOSE_HEADERS: Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations
  241. #- CORS_EXPOSE_HEADERS=*
  242. #-----------------------------------------------------------------
  243. # ==== MATOMO INTEGRATION ====
  244. # Optional: Integration with Matomo https://matomo.org that is installed to your server
  245. # The address of the server where Matomo is hosted.
  246. #- MATOMO_ADDRESS=https://example.com/matomo
  247. # The value of the site ID given in Matomo server for Wekan
  248. #- MATOMO_SITE_ID=1
  249. # The option do not track which enables users to not be tracked by matomo
  250. #- MATOMO_DO_NOT_TRACK=true
  251. # The option that allows matomo to retrieve the username:
  252. #- MATOMO_WITH_USERNAME=true
  253. #-----------------------------------------------------------------
  254. # ==== BROWSER POLICY AND TRUSTED IFRAME URL ====
  255. # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
  256. # Setting this to false is not recommended, it also disables all other browser policy protections
  257. # and allows all iframing etc. See wekan/server/policy.js
  258. - BROWSER_POLICY_ENABLED=true
  259. # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
  260. #- TRUSTED_URL=https://intra.example.com
  261. #-----------------------------------------------------------------
  262. # ==== OUTGOING WEBHOOKS ====
  263. # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
  264. #- WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
  265. #-----------------------------------------------------------------
  266. # ==== Debug OIDC OAuth2 etc ====
  267. #- DEBUG=true
  268. #-----------------------------------------------------------------
  269. # ==== OAUTH2 AZURE ====
  270. # https://github.com/wekan/wekan/wiki/Azure
  271. # 1) Register the application with Azure. Make sure you capture
  272. # the application ID as well as generate a secret key.
  273. # 2) Configure the environment variables. This differs slightly
  274. # by installation type, but make sure you have the following:
  275. #- OAUTH2_ENABLED=true
  276. # OAuth2 login style: popup or redirect.
  277. #- OAUTH2_LOGIN_STYLE=redirect
  278. # Application GUID captured during app registration:
  279. #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
  280. # Secret key generated during app registration:
  281. #- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  282. #- OAUTH2_SERVER_URL=https://login.microsoftonline.com/
  283. #- OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
  284. #- OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
  285. #- OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
  286. # The claim name you want to map to the unique ID field:
  287. #- OAUTH2_ID_MAP=email
  288. # The claim name you want to map to the username field:
  289. #- OAUTH2_USERNAME_MAP=email
  290. # The claim name you want to map to the full name field:
  291. #- OAUTH2_FULLNAME_MAP=name
  292. # Tthe claim name you want to map to the email field:
  293. #- OAUTH2_EMAIL_MAP=email
  294. #-----------------------------------------------------------------
  295. # ==== OAUTH2 KEYCLOAK ====
  296. # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
  297. #- OAUTH2_ENABLED=true
  298. # OAuth2 login style: popup or redirect.
  299. #- OAUTH2_LOGIN_STYLE=redirect
  300. #- OAUTH2_CLIENT_ID=<Keycloak create Client ID>
  301. #- OAUTH2_SERVER_URL=<Keycloak server name>/auth
  302. #- OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
  303. #- OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
  304. #- OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
  305. #- OAUTH2_SECRET=<keycloak client secret>
  306. #-----------------------------------------------------------------
  307. # ==== OAUTH2 DOORKEEPER ====
  308. # https://github.com/wekan/wekan/issues/1874
  309. # https://github.com/wekan/wekan/wiki/OAuth2
  310. # Enable the OAuth2 connection
  311. #- OAUTH2_ENABLED=true
  312. # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
  313. # OAuth2 login style: popup or redirect.
  314. #- OAUTH2_LOGIN_STYLE=redirect
  315. # OAuth2 Client ID.
  316. #- OAUTH2_CLIENT_ID=abcde12345
  317. # OAuth2 Secret.
  318. #- OAUTH2_SECRET=54321abcde
  319. # OAuth2 Server URL.
  320. #- OAUTH2_SERVER_URL=https://chat.example.com
  321. # OAuth2 Authorization Endpoint.
  322. #- OAUTH2_AUTH_ENDPOINT=/oauth/authorize
  323. # OAuth2 Userinfo Endpoint.
  324. #- OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
  325. # OAuth2 Token Endpoint.
  326. #- OAUTH2_TOKEN_ENDPOINT=/oauth/token
  327. # OAUTH2 ID Token Whitelist Fields.
  328. #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS=""
  329. # OAUTH2 Request Permissions.
  330. #- OAUTH2_REQUEST_PERMISSIONS=openid profile email
  331. # OAuth2 ID Mapping
  332. #- OAUTH2_ID_MAP=
  333. # OAuth2 Username Mapping
  334. #- OAUTH2_USERNAME_MAP=
  335. # OAuth2 Fullname Mapping
  336. #- OAUTH2_FULLNAME_MAP=
  337. # OAuth2 Email Mapping
  338. #- OAUTH2_EMAIL_MAP=
  339. #-----------------------------------------------------------------
  340. # ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ====
  341. # https://github.com/wekan/wekan/wiki/LDAP
  342. # For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys
  343. # Most settings work both on Snap and Docker below.
  344. # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
  345. #
  346. # The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap.
  347. #- DEFAULT_AUTHENTICATION_METHOD=ldap
  348. #
  349. # Enable or not the connection by the LDAP
  350. #- LDAP_ENABLE=true
  351. #
  352. # The port of the LDAP server
  353. #- LDAP_PORT=389
  354. #
  355. # The host server for the LDAP server
  356. #- LDAP_HOST=localhost
  357. #
  358. # The base DN for the LDAP Tree
  359. #- LDAP_BASEDN=ou=user,dc=example,dc=org
  360. #
  361. # Fallback on the default authentication method
  362. #- LDAP_LOGIN_FALLBACK=false
  363. #
  364. # Reconnect to the server if the connection is lost
  365. #- LDAP_RECONNECT=true
  366. #
  367. # Overall timeout, in milliseconds
  368. #- LDAP_TIMEOUT=10000
  369. #
  370. # Specifies the timeout for idle LDAP connections in milliseconds
  371. #- LDAP_IDLE_TIMEOUT=10000
  372. #
  373. # Connection timeout, in milliseconds
  374. #- LDAP_CONNECT_TIMEOUT=10000
  375. #
  376. # If the LDAP needs a user account to search
  377. #- LDAP_AUTHENTIFICATION=true
  378. #
  379. # The search user DN
  380. #- LDAP_AUTHENTIFICATION_USERDN=cn=wekan_adm,ou=serviceaccounts,ou=admin,ou=prod,dc=mydomain,dc=com
  381. #
  382. # The password for the search user
  383. #- LDAP_AUTHENTIFICATION_PASSWORD=pwd
  384. #
  385. # Enable logs for the module
  386. #- LDAP_LOG_ENABLED=true
  387. #
  388. # If the sync of the users should be done in the background
  389. #- LDAP_BACKGROUND_SYNC=false
  390. #
  391. # At which interval does the background task sync in milliseconds
  392. #- LDAP_BACKGROUND_SYNC_INTERVAL=100
  393. #
  394. #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
  395. #
  396. #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
  397. #
  398. # If using LDAPS: LDAP_ENCRYPTION=ssl
  399. #- LDAP_ENCRYPTION=false
  400. #
  401. # The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
  402. #- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE-----
  403. #
  404. # Reject Unauthorized Certificate
  405. #- LDAP_REJECT_UNAUTHORIZED=false
  406. #
  407. # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
  408. #- LDAP_USER_AUTHENTICATION="true"
  409. #
  410. # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
  411. #- LDAP_USER_SEARCH_FILTER=
  412. #
  413. # base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
  414. #- LDAP_USER_SEARCH_SCOPE=one
  415. #
  416. # Which field is used to find the user, like uid / sAMAccountName
  417. #- LDAP_USER_SEARCH_FIELD=sAMAccountName
  418. #
  419. # Used for pagination (0=unlimited)
  420. #- LDAP_SEARCH_PAGE_SIZE=0
  421. #
  422. # The limit number of entries (0=unlimited)
  423. #- LDAP_SEARCH_SIZE_LIMIT=0
  424. #
  425. # Enable group filtering
  426. #- LDAP_GROUP_FILTER_ENABLE=false
  427. #
  428. # The object class for filtering. Example: group
  429. #- LDAP_GROUP_FILTER_OBJECTCLASS=
  430. #
  431. #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
  432. #
  433. #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
  434. #
  435. #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
  436. #
  437. #- LDAP_GROUP_FILTER_GROUP_NAME=
  438. #
  439. # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid
  440. #- LDAP_UNIQUE_IDENTIFIER_FIELD=
  441. #
  442. # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
  443. #- LDAP_UTF8_NAMES_SLUGIFY=true
  444. #
  445. # LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName
  446. #- LDAP_USERNAME_FIELD=sAMAccountName
  447. #
  448. # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName
  449. #- LDAP_FULLNAME_FIELD=fullname
  450. #
  451. #- LDAP_MERGE_EXISTING_USERS=false
  452. #
  453. # Allow existing account matching by e-mail address when username does not match
  454. #- LDAP_EMAIL_MATCH_ENABLE=true
  455. #
  456. # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
  457. #- LDAP_EMAIL_MATCH_REQUIRE=true
  458. #
  459. # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
  460. #- LDAP_EMAIL_MATCH_VERIFIED=true
  461. #
  462. # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
  463. #- LDAP_EMAIL_FIELD=mail
  464. #-----------------------------------------------------------------
  465. #- LDAP_SYNC_USER_DATA=false
  466. #
  467. #- LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
  468. #
  469. #- LDAP_SYNC_GROUP_ROLES=''
  470. #
  471. # The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
  472. # example :
  473. #- LDAP_DEFAULT_DOMAIN=mydomain.com
  474. #
  475. # Enable/Disable syncing of admin status based on ldap groups:
  476. #- LDAP_SYNC_ADMIN_STATUS=true
  477. #
  478. # Comma separated list of admin group names to sync.
  479. #- LDAP_SYNC_ADMIN_GROUPS=group1,group2
  480. #---------------------------------------------------------------------
  481. # Login to LDAP automatically with HTTP header.
  482. # In below example for siteminder, at right side of = is header name.
  483. #- HEADER_LOGIN_ID=HEADERUID
  484. #- HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME
  485. #- HEADER_LOGIN_LASTNAME=HEADERLASTNAME
  486. #- HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS
  487. #---------------------------------------------------------------------
  488. # ==== LOGOUT TIMER, probably does not work yet ====
  489. # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
  490. # example : LOGOUT_WITH_TIMER=true
  491. #- LOGOUT_WITH_TIMER=
  492. #
  493. # LOGOUT_IN : The number of days
  494. # example : LOGOUT_IN=1
  495. #- LOGOUT_IN=
  496. #
  497. # LOGOUT_ON_HOURS : The number of hours
  498. # example : LOGOUT_ON_HOURS=9
  499. #- LOGOUT_ON_HOURS=
  500. #
  501. # LOGOUT_ON_MINUTES : The number of minutes
  502. # example : LOGOUT_ON_MINUTES=55
  503. #- LOGOUT_ON_MINUTES=
  504. #-------------------------------------------------------------------
  505. depends_on:
  506. - wekandb
  507. #---------------------------------------------------------------------------------
  508. # ==== OPTIONAL: SHARE DATABASE TO OFFICE LAN AND REMOTE VPN ====
  509. # When using Wekan both at office LAN and remote VPN:
  510. # 1) Have above Wekan docker container config with LAN IP address
  511. # 2) Copy all of above wekan container config below, look above of this part above and all config below it,
  512. # before above depends_on: part:
  513. #
  514. # wekan:
  515. # #-------------------------------------------------------------------------------------
  516. # # ==== MONGODB AND METEOR VERSION ====
  517. # # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, .....
  518. #
  519. #
  520. # and change name to different name like wekan2 or wekanvpn, and change ROOT_URL to server VPN IP
  521. # address.
  522. # 3) This way both Wekan containers can use same MongoDB database
  523. # and see the same Wekan boards.
  524. # 4) You could also add 3rd Wekan container for 3rd network etc.
  525. # EXAMPLE:
  526. # wekan2:
  527. # ....COPY CONFIG FROM ABOVE TO HERE...
  528. # environment:
  529. # - ROOT_URL='http://10.10.10.10'
  530. # ...COPY CONFIG FROM ABOVE TO HERE...
  531. #---------------------------------------------------------------------------------
  532. # OPTIONAL NGINX CONFIG FOR REVERSE PROXY
  533. # nginx:
  534. # image: nginx
  535. # container_name: nginx
  536. # restart: always
  537. # networks:
  538. # - wekan-tier
  539. # depends_on:
  540. # - wekan
  541. # ports:
  542. # - 80:80
  543. # - 443:443
  544. # volumes:
  545. # - ./nginx/ssl:/etc/nginx/ssl/:ro
  546. # - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
  547. ## Alternative volume config:
  548. ## volumes:
  549. ## - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
  550. ## - ./nginx/ssl/ssl.conf:/etc/nginx/conf.d/ssl/ssl.conf:ro
  551. ## - ./nginx/ssl/testvm-ehu.crt:/etc/nginx/conf.d/ssl/certs/mycert.crt:ro
  552. ## - ./nginx/ssl/testvm-ehu.key:/etc/nginx/conf.d/ssl/certs/mykey.key:ro
  553. ## - ./nginx/ssl/pphrase:/etc/nginx/conf.d/ssl/pphrase:ro
  554. volumes:
  555. wekan-db:
  556. driver: local
  557. wekan-db-dump:
  558. driver: local
  559. networks:
  560. wekan-tier:
  561. driver: bridge