mirror of
https://github.com/wekan/wekan.git
synced 2025-12-16 07:20:12 +01:00
Add support for Docker/Compose Secrets for passwords to Docker/Snap/Bundle platforms.
Thanks to Roemer and xet7 ! Fixes #5724
This commit is contained in:
Lauri Ojansivu
parent
3b60bdea14
commit
107e2ac900
16 changed files with 234 additions and 4 deletions
|
|
@ -3,7 +3,7 @@
|
|||
# All supported keys are defined here together with descriptions and default values
|
||||
|
||||
# list of supported keys
|
||||
keys="DEBUG S3 MONGO_LOG_DESTINATION MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM MAIL_SERVICE MAIL_SERVICE_USER MAIL_SERVICE_PASSWORD ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM ATTACHMENTS_UPLOAD_MIME_TYPES ATTACHMENTS_UPLOAD_MAX_SIZE AVATARS_UPLOAD_EXTERNAL_PROGRAM AVATARS_UPLOAD_MIME_TYPES AVATARS_UPLOAD_MAX_SIZE MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY DEFAULT_BOARD_ID EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME METRICS_ALLOWED_IP_ADDRESSES BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OIDC_REDIRECTION_ENABLED OAUTH2_CA_CERT OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED OAUTH2_B2C_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_AD_SIMPLE_AUTH LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES ORACLE_OIM_ENABLED RESULTS_PER_PAGE WAIT_SPINNER NODE_OPTIONS"
|
||||
keys="DEBUG S3 MONGO_LOG_DESTINATION MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM MAIL_SERVICE MAIL_SERVICE_USER MAIL_SERVICE_PASSWORD ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM ATTACHMENTS_UPLOAD_MIME_TYPES ATTACHMENTS_UPLOAD_MAX_SIZE AVATARS_UPLOAD_EXTERNAL_PROGRAM AVATARS_UPLOAD_MIME_TYPES AVATARS_UPLOAD_MAX_SIZE MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY DEFAULT_BOARD_ID EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME METRICS_ALLOWED_IP_ADDRESSES BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OIDC_REDIRECTION_ENABLED OAUTH2_CA_CERT OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED OAUTH2_B2C_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_AD_SIMPLE_AUTH LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES ORACLE_OIM_ENABLED RESULTS_PER_PAGE WAIT_SPINNER NODE_OPTIONS LDAP_AUTHENTIFICATION_PASSWORD_FILE OAUTH2_SECRET_FILE MAIL_SERVICE_PASSWORD_FILE MONGO_PASSWORD_FILE S3_SECRET_FILE"
|
||||
|
||||
DESCRIPTION_S3='AWS S3 for files. Example: {"s3":{"key": "xxx", "secret": "xxx", "bucket": "xxx", "region": "eu-west-1"}}'
|
||||
DEFAULT_S3=""
|
||||
|
|
@ -638,3 +638,24 @@ KEY_RESULTS_PER_PAGE="results-per-page"
|
|||
DESCRIPTION_WAIT_SPINNER="Default wait spinner to use"
|
||||
DEFAULT_WAIT_SPINNER="Bounce"
|
||||
KEY_WAIT_SPINNER="wait-spinner"
|
||||
|
||||
# Docker Compose Secrets Support
|
||||
DESCRIPTION_LDAP_AUTHENTIFICATION_PASSWORD_FILE="LDAP authentication password file (Docker secrets). Example: /run/secrets/ldap_auth_password"
|
||||
DEFAULT_LDAP_AUTHENTIFICATION_PASSWORD_FILE=""
|
||||
KEY_LDAP_AUTHENTIFICATION_PASSWORD_FILE="ldap-authentification-password-file"
|
||||
|
||||
DESCRIPTION_OAUTH2_SECRET_FILE="OAuth2 secret file (Docker secrets). Example: /run/secrets/oauth2_secret"
|
||||
DEFAULT_OAUTH2_SECRET_FILE=""
|
||||
KEY_OAUTH2_SECRET_FILE="oauth2-secret-file"
|
||||
|
||||
DESCRIPTION_MAIL_SERVICE_PASSWORD_FILE="Mail service password file (Docker secrets). Example: /run/secrets/mail_service_password"
|
||||
DEFAULT_MAIL_SERVICE_PASSWORD_FILE=""
|
||||
KEY_MAIL_SERVICE_PASSWORD_FILE="mail-service-password-file"
|
||||
|
||||
DESCRIPTION_MONGO_PASSWORD_FILE="MongoDB password file (Docker secrets). Example: /run/secrets/mongo_password"
|
||||
DEFAULT_MONGO_PASSWORD_FILE=""
|
||||
KEY_MONGO_PASSWORD_FILE="mongo-password-file"
|
||||
|
||||
DESCRIPTION_S3_SECRET_FILE="S3 secret file (Docker secrets). Example: /run/secrets/s3_secret"
|
||||
DEFAULT_S3_SECRET_FILE=""
|
||||
KEY_S3_SECRET_FILE="s3-secret-file"
|
||||
|
|
|
|||
|
|
@ -20,6 +20,9 @@ echo -e "\t$ snap set $NAP_NAME s3='{\"s3\":{\"key\": \"xxx\", \"secret\": \"xxx
|
|||
echo -e "Disable S3:"
|
||||
echo -e "\t$ snap unset $SNAP_NAME s3"
|
||||
echo -e "\n"
|
||||
echo -e "S3 Secret File (Docker Compose secrets):"
|
||||
echo -e "\t$ snap set $SNAP_NAME s3-secret-file='/run/secrets/s3_secret'"
|
||||
echo -e "\n"
|
||||
#echo -e "Writable path. Snap can not write outside of /var/snap/wekan/common sandbox directory."
|
||||
#echo -e "Default:"
|
||||
#echo -e "\t$ snap set $SNAP_NAME writable-path='\$SNAP_COMMON\files'"
|
||||
|
|
@ -35,6 +38,9 @@ echo -e "\t$ snap set $SNAP_NAME mongo-url='...'"
|
|||
echo -e "\t-Disable the MONGO_URL of Wekan:"
|
||||
echo -e "\t$ snap unset $SNAP_NAME mongo-url"
|
||||
echo -e "\n"
|
||||
echo -e "MongoDB Password File (Docker Compose secrets):"
|
||||
echo -e "\t$ snap set $SNAP_NAME mongo-password-file='/run/secrets/mongo_password'"
|
||||
echo -e "\n"
|
||||
echo -e "Make sure you have connected all interfaces, check more by calling $ snap interfaces ${SNAP_NAME}"
|
||||
echo -e "\n"
|
||||
echo -e "${SNAP_NAME} has multiple services, to check status use systemctl"
|
||||
|
|
@ -78,6 +84,9 @@ echo -e "\t$ snap set $SNAP_NAME mail-service-user='firstname.lastname@hotmail.c
|
|||
echo -e "mail-service-password:"
|
||||
echo -e "\t$ snap set $SNAP_NAME mail-service-password='SecretPassword'"
|
||||
echo -e "\n"
|
||||
echo -e "mail-service-password-file (Docker Compose secrets):"
|
||||
echo -e "\t$ snap set $SNAP_NAME mail-service-password-file='/run/secrets/mail_service_password'"
|
||||
echo -e "\n"
|
||||
echo -e "Number of search results to show per page by default:"
|
||||
echo -e "\t$ snap set $SNAP_NAME results-per-page='20'"
|
||||
echo -e "\t-Restore default:"
|
||||
|
|
@ -334,6 +343,10 @@ echo -e "\t$ snap set $SNAP_NAME oauth2-secret='54321abcde'"
|
|||
echo -e "\t-Disable the OAuth2 Secret of Wekan:"
|
||||
echo -e "\t$ snap unset $SNAP_NAME oauth2-secret"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Secret File (Docker Compose secrets)."
|
||||
echo -e "Secret key file for OAuth2 (Docker secrets):"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-secret-file='/run/secrets/oauth2_secret'"
|
||||
echo -e "\n"
|
||||
echo -e "OAuth2 Server URL."
|
||||
echo -e "To enable the OAuth2 Server URL of Wekan:"
|
||||
echo -e "\t$ snap set $SNAP_NAME oauth2-server-url='https://chat.example.com'"
|
||||
|
|
@ -457,6 +470,10 @@ echo -e "Ldap Authentication Password."
|
|||
echo -e "The password for the search user:"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-authentication-password='admin'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Authentication Password File (Docker Compose secrets)."
|
||||
echo -e "The password file for the search user (Docker secrets):"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-authentication-password-file='/run/secrets/ldap_auth_password'"
|
||||
echo -e "\n"
|
||||
echo -e "Ldap Log Enabled."
|
||||
echo -e "Enable logs for the module:"
|
||||
echo -e "\t$ snap set $SNAP_NAME ldap-log-enabled='true'"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue