From 60846a44959d46262672c6a3048bd76d829c03bf Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Sat, 24 Jan 2026 07:34:57 +0200 Subject: [PATCH] Deleted extra docker-compose.yml-arm64, because docker-compose.yml should work at amd64/arm64/s390x. Thanks to xet7 ! --- docker-compose.yml-arm64 | 817 --------------------------------------- 1 file changed, 817 deletions(-) delete mode 100644 docker-compose.yml-arm64 diff --git a/docker-compose.yml-arm64 b/docker-compose.yml-arm64 deleted file mode 100644 index a57668403..000000000 --- a/docker-compose.yml-arm64 +++ /dev/null @@ -1,817 +0,0 @@ -version: '2' - -#--------------------------------------------------------------------------------------------------------- -# ==== START ==== -# docker-compose up -d -f docker-compose.yml-arm64 -#--------------------------------------------------------------------------------------------------------- -# Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. -#--------------------------------------------------------------------------------------------------------- -# ==== CREATING USERS AND LOGGING IN TO WEKAN ==== -# https://github.com/wekan/wekan/wiki/Adding-users -#--------------------------------------------------------------------------------------------------------- -# ==== FORGOT PASSWORD ==== -# https://github.com/wekan/wekan/wiki/Forgot-Password -#--------------------------------------------------------------------------------------------------------- -# ==== Upgrading Wekan to new version ===== -# NOTE: MongoDB has changed from 3.x to 4.x, in that case you need backup/restore with --noIndexRestore -# see https://github.com/wekan/wekan/wiki/Backup -# 1) Stop Wekan: -# docker-compose stop -# 2) Remove old Wekan app (wekan-app only, not that wekan-db container that has all your data) -# docker rm wekan-app -# 3) Get newest docker-compose.yml from https://github.com/wekan/wekan to have correct image, -# for example: "image: quay.io/wekan/wekan" or version tag "image: quay.io/wekan/wekan:v4.52" -# 4) Start Wekan: -# docker-compose up -d -#---------------------------------------------------------------------------------- -# ==== OPTIONAL: DEDICATED DOCKER USER ==== -# 1) Optionally create a dedicated user for Wekan, for example: -# sudo useradd -d /home/wekan -m -s /bin/bash wekan -# 2) Add this user to the docker group, then logout+login or reboot: -# sudo usermod -aG docker wekan -# 3) Then login as user wekan. -# 4) Create this file /home/wekan/docker-compose.yml with your modifications. -#---------------------------------------------------------------------------------- -# ==== RUN DOCKER AS SERVICE ==== -# 1a) Running Docker as service, on Systemd like Debian 9, Ubuntu 16.04, CentOS 7: -# sudo systemctl enable docker -# sudo systemctl start docker -# 1b) Running Docker as service, on init.d like Debian 8, Ubuntu 14.04, CentOS 6: -# sudo update-rc.d docker defaults -# sudo service docker start -# ---------------------------------------------------------------------------------- -# ==== USAGE OF THIS docker-compose.yml ==== -# 1) For seeing does Wekan work, try this and check with your web browser: -# docker-compose up -# 2) Stop Wekan and start Wekan in background: -# docker-compose stop -# docker-compose up -d -# 3) See running Docker containers: -# docker ps -# 4) Stop Docker containers: -# docker-compose stop -# ---------------------------------------------------------------------------------- -# ===== INSIDE DOCKER CONTAINERS, AND BACKUP/RESTORE ==== -# https://github.com/wekan/wekan/wiki/Backup -# If really necessary, repair MongoDB: https://github.com/wekan/wekan-mongodb/issues/6#issuecomment-424004116 -# 1) Going inside containers: -# a) Wekan app, does not contain data -# docker exec -it wekan-app bash -# b) MongoDB, contains all data -# docker exec -it wekan-db bash -# 2) Copying database to outside of container: -# docker exec -it wekan-db bash -# cd /data -# mongodump -# exit -# docker cp wekan-db:/data/dump . -# 3) Restoring database -# # 1) Stop wekan -# docker stop wekan-app -# # 2) Go inside database container -# docker exec -it wekan-db bash -# # 3) and data directory -# cd /data -# # 4) Remove previous dump -# rm -rf dump -# # 5) Exit db container -# exit -# # 6) Copy dump to inside docker container -# docker cp dump wekan-db:/data/ -# # 7) Go inside database container -# docker exec -it wekan-db bash -# # 8) and data directory -# cd /data -# # 9) Restore -# mongorestore --drop -# # 10) Exit db container -# exit -# # 11) Start wekan -# docker start wekan-app -#------------------------------------------------------------------------- - -services: - - wekandb: - #------------------------------------------------------------------------------------- - # ==== MONGODB FROM DOCKER HUB ==== - image: mongo:6 - #------------------------------------------------------------------------------------- - container_name: wekan-db - restart: always - # command: mongod --oplogSize 128 - # Syslog: mongod --syslog --oplogSize 128 --quiet - # Disable MongoDB logs: - command: mongod --logpath /dev/null --oplogSize 128 --quiet - networks: - - wekan-tier - expose: - - 27017 - volumes: - - /etc/localtime:/etc/localtime:ro - - wekan-db:/data/db - - wekan-db-dump:/dump - #- /etc/timezone:/etc/timezone:ro # Do not use https://github.com/wekan/wekan/issues/5123 - - wekan: - #------------------------------------------------------------------------------------- - # ==== WEKAN FROM GITHUB/QUAY/DOCKER HUB ==== - # All of GitHub, Quay and Docker Hub have latest, but because - # latest tag changes when is newest release, - # when upgrading would be better to use version tag. - # a) Using specific version tag is better: - # image: ghcr.io/wekan/wekan:v6.89 - # image: quay.io/wekan/wekan:v6.89 - # image: wekanteam/wekan:v6.89 - # b) GitHub Container registry. - #image: ghcr.io/wekan/wekan:main - image: ghcr.io/wekan/wekan:v7.09-arm64 - # c) Quay: - #image: quay.io/wekan/wekan:latest - # d) Docker Hub: - #image: wekanteam/wekan:latest - #------------------------------------------------------------------------------------- - container_name: wekan-app - # On CentOS 7 there is seccomp issue with glibc 6, - # so CentOS 7 users shoud use these security_opt seccomp:unconfined - # settings to get WeKan working. See: - # - https://github.com/wekan/wekan/issues/4585 - # - https://github.com/wekan/wekan/issues/4587 - #security_opt: - # - seccomp:unconfined - restart: always - networks: - - wekan-tier - #------------------------------------------------------------------------------------- - # ==== BUILD wekan-app DOCKER CONTAINER FROM SOURCE, if you uncomment these ==== - # ==== and use commands: docker-compose up -d --build - #build: - # context: . - # dockerfile: Dockerfile - #------------------------------------------------------------------------------------- - ports: - # Docker outsideport:insideport. Do not add anything extra here. - # For example, if you want to have wekan on port 3001, - # use 3001:8080 . Do not add any extra address etc here, that way it does not work. - # remove port mapping if you use nginx reverse proxy, port 8080 is already exposed to wekan-tier network - - 80:8080 - environment: - #----------------------------------------------------------------- - # ==== WRITEABLE PATH FOR FILE UPLOADS ==== - - WRITABLE_PATH=/data - #----------------------------------------------------------------- - # ==== AWS S3 FOR FILES ==== - # Any region. For example: - # us-standard,us-west-1,us-west-2, - # eu-west-1,eu-central-1, - # ap-southeast-1,ap-northeast-1,sa-east-1 - # - #- S3='{"s3":{"key": "xxx", "secret": "xxx", "bucket": "xxx", "region": "xxx"}}' - #- S3_SECRET_FILE=/run/secrets/s3_secret - #----------------------------------------------------------------- - # ==== MONGO_URL ==== - - MONGO_URL=mongodb://wekandb:27017/wekan - #- MONGO_URL=mongodb://username:password@wekandb:27017/wekan - #- MONGO_PASSWORD_FILE=/run/secrets/mongo_password - #--------------------------------------------------------------- - # ==== ROOT_URL SETTING ==== - # Change ROOT_URL to your real Wekan URL, for example: - # If you have Caddy/Nginx/Apache providing SSL - # - https://example.com - # - https://boards.example.com - # This can be problematic with avatars https://github.com/wekan/wekan/issues/1776 - # - https://example.com/wekan - # If without https, can be only wekan node, no need for Caddy/Nginx/Apache if you don't need them - # - http://example.com - # - http://boards.example.com - # - http://192.168.1.100 <=== using at local LAN - - ROOT_URL=http://localhost # <=== using only at same laptop/desktop where Wekan is installed - #--------------------------------------------------------------- - # ==== EMAIL SETTINGS ==== - # Email settings are only at MAIL_URL and MAIL_FROM. - # Admin Panel has test button, but it's not used for settings. - # see https://github.com/wekan/wekan/wiki/Troubleshooting-Mail - # For SSL in email, change smtp:// to smtps:// - # NOTE: Special characters need to be url-encoded in MAIL_URL. - # You can encode those characters for example at: https://www.urlencoder.org - #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/ - - MAIL_URL=smtp://:25/?ignoreTLS=true&tls={rejectUnauthorized:false} - - MAIL_FROM=Wekan Notifications - # Currently MAIL_SERVICE is not in use. - #- MAIL_SERVICE=Outlook365 - #- MAIL_SERVICE_USER=firstname.lastname@hotmail.com - #- MAIL_SERVICE_PASSWORD=SecretPassword - #- MAIL_SERVICE_PASSWORD_FILE=/run/secrets/mail_service_password - #--------------------------------------------------------------- - # https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132 - # Add more Node heap, this is done by default at Dockerfile: - # - NODE_OPTIONS="--max_old_space_size=4096" - # Add more stack, this is done at Dockerfile: - # bash -c "ulimit -s 65500; exec node --stack-size=65500 main.js" - #--------------------------------------------------------------- - # ==== OPTIONAL: MONGO OPLOG SETTINGS ===== - # https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587 - # We've fixed our CPU usage problem today with an environment - # change around Wekan. I wasn't aware during implementation - # that if you're using more than 1 instance of Wekan - # (or any MeteorJS based tool) you're supposed to set - # MONGO_OPLOG_URL as an environment variable. - # Without setting it, Meteor will perform a poll-and-diff - # update of it's dataset. With it, Meteor will update from - # the OPLOG. See here - # https://blog.meteor.com/tuning-meteor-mongo-livedata-for-scalability-13fe9deb8908 - # After setting - # MONGO_OPLOG_URL=mongodb://:@/local?authSource=admin&replicaSet=rsWekan - # the CPU usage for all Wekan instances dropped to an average - # of less than 10% with only occasional spikes to high usage - # (I guess when someone is doing a lot of work) - # - MONGO_OPLOG_URL=mongodb://:@/local?authSource=admin&replicaSet=rsWekan - #--------------------------------------------------------------- - # ==== OPTIONAL: KADIRA PERFORMANCE MONITORING FOR METEOR ==== - # https://github.com/edemaine/kadira-compose - # https://github.com/meteor/meteor-apm-agent - # https://blog.meteor.com/kadira-apm-is-now-open-source-490469ffc85f - #- APM_OPTIONS_ENDPOINT=http://:11011 - #- APM_APP_ID= - #- APM_APP_SECRET= - #--------------------------------------------------------------- - # ==== OPTIONAL: LOGS AND STATS ==== - # https://github.com/wekan/wekan/wiki/Logs - # - # Daily export of Wekan changes as JSON to Logstash and ElasticSearch / Kibana (ELK) - # https://github.com/wekan/wekan-logstash - # - # Statistics Python script for Wekan Dashboard - # https://github.com/wekan/wekan-stats - # - # Console, file, and zulip logger on database changes https://github.com/wekan/wekan/pull/1010 - # with fix to replace console.log by winston logger https://github.com/wekan/wekan/pull/1033 - # but there could be bug https://github.com/wekan/wekan/issues/1094 - # - # There is Feature Request: Logging date and time of all activity with summary reports, - # and requesting reason for changing card to other column https://github.com/wekan/wekan/issues/1598 - #--------------------------------------------------------------- - # ==== NUMBER OF SEARCH RESULTS PER PAGE BY DEFAULT ==== - #- RESULTS_PER_PAGE=20 - #--------------------------------------------------------------- - # ==== AFTER OIDC LOGIN, ADD USERS AUTOMATICALLY TO THIS BOARD ID ==== - # https://github.com/wekan/wekan/pull/5098 - #- DEFAULT_BOARD_ID=abcd1234 - #--------------------------------------------------------------- - # ==== WEKAN API AND EXPORT BOARD ==== - # Wekan Export Board works when WITH_API=true. - # https://github.com/wekan/wekan/wiki/REST-API - # https://github.com/wekan/wekan-gogs - # If you disable Wekan API with false, Export Board does not work. - - WITH_API=true - #--------------------------------------------------------------- - # ==== PASSWORD BRUTE FORCE PROTECTION ==== - #https://atmospherejs.com/lucasantoniassi/accounts-lockout - #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js - #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3 - #- ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60 - #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15 - #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 - #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 - #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 - #--------------------------------------------------------------- - # ==== ACCOUNT OPTIONS ==== - # https://docs.meteor.com/api/accounts-multi.html#AccountsCommon-config - # Defaults below. Uncomment to change. wekan/server/accounts-common.js - # - ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS=90 - #--------------------------------------------------------------- - # ==== RICH TEXT EDITOR IN CARD COMMENTS ==== - # https://github.com/wekan/wekan/pull/2560 - - RICHER_CARD_COMMENT_EDITOR=false - #--------------------------------------------------------------- - # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== - # https://github.com/wekan/wekan/issues/2518 - - CARD_OPENED_WEBHOOK_ENABLED=false - #--------------------------------------------------------------- - # ==== Allow configuration to validate uploaded attachments ==== - #-ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM=/usr/local/bin/avscan {file} - #-ATTACHMENTS_UPLOAD_MIME_TYPES=image/*,text/* - #-ATTACHMENTS_UPLOAD_MAX_SIZE=5000000 - #--------------------------------------------------------------- - # ==== Allow configuration to validate uploaded avatars ==== - #-AVATARS_UPLOAD_EXTERNAL_PROGRAM=/usr/local/bin/avscan {file} - #-AVATARS_UPLOAD_MIME_TYPES=image/* - #-AVATARS_UPLOAD_MAX_SIZE=500000 - #--------------------------------------------------------------- - # ==== Allow to shrink attached/pasted image ==== - # https://github.com/wekan/wekan/pull/2544 - #- MAX_IMAGE_PIXEL=1024 - #- IMAGE_COMPRESS_RATIO=80 - #--------------------------------------------------------------- - # ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE ===== - # Number of days after a notification is read before we remove it. - # Default: 2 - #- NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2 - #--------------------------------------------------------------- - # ==== BIGEVENTS DUE ETC NOTIFICATIONS ===== - # https://github.com/wekan/wekan/pull/2541 - # Introduced a system env var BIGEVENTS_PATTERN default as "NONE", - # so any activityType matches the pattern, system will send out - # notifications to all board members no matter they are watching - # or tracking the board or not. Owner of the wekan server can - # disable the feature by setting this variable to "NONE" or - # change the pattern to any valid regex. i.e. '|' delimited - # activityType names. - # a) Example - #- BIGEVENTS_PATTERN=due - # b) All - #- BIGEVENTS_PATTERN=received|start|due|end - # c) Disabled - - BIGEVENTS_PATTERN=NONE - #--------------------------------------------------------------- - # ==== EMAIL DUE DATE NOTIFICATION ===== - # https://github.com/wekan/wekan/pull/2536 - # System timelines will be showing any user modification for - # dueat startat endat receivedat, also notification to - # the watchers and if any card is due, about due or past due. - # - # Notify due days, default is None, 2 days before and on the event day - #- NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0 - # - # Notify due at hour of day. Default every morning at 8am. Can be 0-23. - # If env variable has parsing error, use default. Notification sent to watchers. - #- NOTIFY_DUE_AT_HOUR_OF_DAY=8 - #----------------------------------------------------------------- - # ==== EMAIL NOTIFICATION TIMEOUT, ms ===== - # Default: 30000 ms = 30s - #- EMAIL_NOTIFICATION_TIMEOUT=30000 - #----------------------------------------------------------------- - # ==== CORS ===== - # CORS: Set Access-Control-Allow-Origin header. - #- CORS=* - # CORS_ALLOW_HEADERS: Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. - #- CORS_ALLOW_HEADERS=Authorization,Content-Type - # CORS_EXPOSE_HEADERS: Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations - #- CORS_EXPOSE_HEADERS=* - #----------------------------------------------------------------- - # ==== MATOMO INTEGRATION ==== - # Optional: Integration with Matomo https://matomo.org that is installed to your server - # The address of the server where Matomo is hosted. - #- MATOMO_ADDRESS=https://example.com/matomo - # The value of the site ID given in Matomo server for Wekan - #- MATOMO_SITE_ID=1 - # The option do not track which enables users to not be tracked by matomo - #- MATOMO_DO_NOT_TRACK=true - # The option that allows matomo to retrieve the username: - #- MATOMO_WITH_USERNAME=true - #----------------------------------------------------------------- - # ==== BROWSER POLICY AND TRUSTED IFRAME URL ==== - # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. - # Setting this to false is not recommended, it also disables all other browser policy protections - # and allows all iframing etc. See wekan/server/policy.js - - BROWSER_POLICY_ENABLED=true - # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. - #- TRUSTED_URL=https://intra.example.com - #----------------------------------------------------------------- - # ==== METRICS ALLOWED IP ADDRESSES ==== - # https://github.com/wekan/wekan/wiki/Metrics - #- METRICS_ALLOWED_IP_ADDRESSES=192.168.0.100,192.168.0.200 - #----------------------------------------------------------------- - # ==== OUTGOING WEBHOOKS ==== - # What to send to Outgoing Webhook, or leave out. If commented out the default values will be: cardId,listId,oldListId,boardId,comment,user,card,commentId,swimlaneId,customerField,customFieldValue - #- WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId - #----------------------------------------------------------------- - # ==== Debug OIDC OAuth2 etc ==== - #- DEBUG=true - #--------------------------------------------- - # ==== AUTOLOGIN WITH OIDC/OAUTH2 ==== - # https://github.com/wekan/wekan/wiki/autologin - #- OIDC_REDIRECTION_ENABLED=true - #----------------------------------------------------------------- - # ==== OAUTH2 ORACLE on premise identity manager OIM ==== - #- ORACLE_OIM_ENABLED=true - #----------------------------------------------------------------- - # ==== OAUTH2 AZURE ==== - # https://github.com/wekan/wekan/wiki/Azure - # 1) Register the application with Azure. Make sure you capture - # the application ID as well as generate a secret key. - # 2) Configure the environment variables. This differs slightly - # by installation type, but make sure you have the following: - #- OAUTH2_ENABLED=true - # Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299 - #- OAUTH2_CA_CERT=ABCD1234 - # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting. - #- OAUTH2_ADFS_ENABLED=false - # OAuth2 login style: popup or redirect. - #- OAUTH2_LOGIN_STYLE=redirect - # Application GUID captured during app registration: - #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx - # Secret key generated during app registration: - #- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx - #- OAUTH2_SECRET_FILE=/run/secrets/oauth2_secret - #- OAUTH2_SERVER_URL=https://login.microsoftonline.com/ - #- OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize - #- OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo - #- OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token - # The claim name you want to map to the unique ID field: - #- OAUTH2_ID_MAP=email - # The claim name you want to map to the username field: - #- OAUTH2_USERNAME_MAP=email - # The claim name you want to map to the full name field: - #- OAUTH2_FULLNAME_MAP=name - # The claim name you want to map to the email field: - #- OAUTH2_EMAIL_MAP=email - #----------------------------------------------------------------- - # ==== OAUTH2 Nextcloud ==== - # 1) Register the application with Nextcloud: https://your.nextcloud/index.php/settings/admin/security - # Make sure you capture the application ID as well as generate a secret key. - # Use https://your.wekan/_oauth/oidc for the redirect URI. - # 2) Configure the environment variables. This differs slightly - # by installation type, but make sure you have the following: - #- OAUTH2_ENABLED=true - # OAuth2 login style: popup or redirect. - #- OAUTH2_LOGIN_STYLE=redirect - # Application GUID captured during app registration: - #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx - # Secret key generated during app registration: - #- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx - #- OAUTH2_SECRET_FILE=/run/secrets/oauth2_secret - #- OAUTH2_SERVER_URL=https://your-nextcloud.tld - #- OAUTH2_AUTH_ENDPOINT=/index.php/apps/oauth2/authorize - #- OAUTH2_USERINFO_ENDPOINT=/ocs/v2.php/cloud/user?format=json - #- OAUTH2_TOKEN_ENDPOINT=/index.php/apps/oauth2/api/v1/token - # The claim name you want to map to the unique ID field: - #- OAUTH2_ID_MAP=id - # The claim name you want to map to the username field: - #- OAUTH2_USERNAME_MAP=id - # The claim name you want to map to the full name field: - #- OAUTH2_FULLNAME_MAP=display-name - # The claim name you want to map to the email field: - #- OAUTH2_EMAIL_MAP=email - #----------------------------------------------------------------- - # ==== OAUTH2 KEYCLOAK ==== - # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED - #- OAUTH2_ENABLED=true - # OAuth2 login style: popup or redirect. - #- OAUTH2_LOGIN_STYLE=redirect - #- OAUTH2_CLIENT_ID= - #- OAUTH2_SERVER_URL=/auth - #- OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth - #- OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo - #- OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token - #- OAUTH2_SECRET= - #- OAUTH2_SECRET_FILE=/run/secrets/oauth2_secret - #----------------------------------------------------------------- - # ==== OAUTH2 DOORKEEPER ==== - # https://github.com/wekan/wekan/issues/1874 - # https://github.com/wekan/wekan/wiki/OAuth2 - # Enable the OAuth2 connection - #- OAUTH2_ENABLED=true - # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 - # OAuth2 login style: popup or redirect. - #- OAUTH2_LOGIN_STYLE=redirect - # OAuth2 Client ID. - #- OAUTH2_CLIENT_ID=abcde12345 - # OAuth2 Secret. - #- OAUTH2_SECRET=54321abcde - #- OAUTH2_SECRET_FILE=/run/secrets/oauth2_secret - # OAuth2 Server URL. - #- OAUTH2_SERVER_URL=https://chat.example.com - # OAuth2 Authorization Endpoint. - #- OAUTH2_AUTH_ENDPOINT=/oauth/authorize - # OAuth2 Userinfo Endpoint. - #- OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo - # OAuth2 Token Endpoint. - #- OAUTH2_TOKEN_ENDPOINT=/oauth/token - # OAUTH2 ID Token Whitelist Fields. - #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS="" - # OAUTH2 Request Permissions. - #- OAUTH2_REQUEST_PERMISSIONS=openid profile email - # OAuth2 ID Mapping - #- OAUTH2_ID_MAP= - # OAuth2 Username Mapping - #- OAUTH2_USERNAME_MAP= - # OAuth2 Fullname Mapping - #- OAUTH2_FULLNAME_MAP= - # OAuth2 Email Mapping - #- OAUTH2_EMAIL_MAP= - #----------------------------------------------------------------- - # ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ==== - # https://github.com/wekan/wekan/wiki/LDAP - # For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys - # Most settings work both on Snap and Docker below. - # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. - # - # The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap. - # (this is set properly in the Admin Panel, changing this item does not remove Password login option) - #- DEFAULT_AUTHENTICATION_METHOD=ldap - # - # Enable or not the connection by the LDAP - #- LDAP_ENABLE=true - # - # The port of the LDAP server - #- LDAP_PORT=389 - # - # The host server for the LDAP server - #- LDAP_HOST=localhost - # - #----------------------------------------------------------------- - # ==== LDAP AD Simple Auth ==== - # - # Set to true, if you want to connect with Active Directory by Simple Authentication. - # When using AD Simple Auth, LDAP_BASEDN is not needed. - # - # Example: - #- LDAP_AD_SIMPLE_AUTH=true - # - # === LDAP User Authentication === - # - # a) Option to login to the LDAP server with the user's own username and password, instead of - # an administrator key. Default: false (use administrator key). - # - # b) When using AD Simple Auth, set to true, when login user is used for binding, - # and LDAP_BASEDN is not needed. - # - # Example: - #- LDAP_USER_AUTHENTICATION=true - # - # Which field is used to find the user for the user authentication. Default: uid. - #- LDAP_USER_AUTHENTICATION_FIELD=uid - # - # === LDAP Default Domain === - # - # a) In case AD SimpleAuth is configured, the default domain is appended to the given - # loginname for creating the correct username for the bind request to AD. - # - # b) The default domain of the ldap it is used to create email if the field is not map - # correctly with the LDAP_SYNC_USER_DATA_FIELDMAP - # - # Example : - #- LDAP_DEFAULT_DOMAIN=mydomain.com - # - #----------------------------------------------------------------- - # ==== LDAP BASEDN Auth ==== - # - # The base DN for the LDAP Tree - #- LDAP_BASEDN=ou=user,dc=example,dc=org - # - #----------------------------------------------------------------- - # Fallback on the default authentication method - #- LDAP_LOGIN_FALLBACK=false - # - # Reconnect to the server if the connection is lost - #- LDAP_RECONNECT=true - # - # Overall timeout, in milliseconds - #- LDAP_TIMEOUT=10000 - # - # Specifies the timeout for idle LDAP connections in milliseconds - #- LDAP_IDLE_TIMEOUT=10000 - # - # Connection timeout, in milliseconds - #- LDAP_CONNECT_TIMEOUT=10000 - # - # If the LDAP needs a user account to search - #- LDAP_AUTHENTIFICATION=true - # - # The search user DN - You need quotes when you have spaces in parameters - # 2 examples: - #- LDAP_AUTHENTIFICATION_USERDN=CN=ldap admin,CN=users,DC=domainmatter,DC=lan - #- LDAP_AUTHENTIFICATION_USERDN=CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com - # - # The password for the search user - #- LDAP_AUTHENTIFICATION_PASSWORD=pwd - #- LDAP_AUTHENTIFICATION_PASSWORD_FILE=/run/secrets/ldap_auth_password - # - # Enable logs for the module - #- LDAP_LOG_ENABLED=true - # - # If the sync of the users should be done in the background - #- LDAP_BACKGROUND_SYNC=false - # - # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds - # The format must be as specified in: - # https://bunkat.github.io/later/parsers.html#text - #- LDAP_BACKGROUND_SYNC_INTERVAL=every 1 hours - # At which interval does the background task sync in milliseconds. - # Leave this unset, so it uses default, and does not crash. - # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722 - - LDAP_BACKGROUND_SYNC_INTERVAL='' - # - #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false - # - #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false - # - # If using LDAPS: LDAP_ENCRYPTION=ssl - #- LDAP_ENCRYPTION=false - # - # The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. - #- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE----- - # - # Reject Unauthorized Certificate - #- LDAP_REJECT_UNAUTHORIZED=false - # - # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed - #- LDAP_USER_SEARCH_FILTER= - # - # base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) - #- LDAP_USER_SEARCH_SCOPE=one - # - # Which field is used to find the user, like uid / sAMAccountName - #- LDAP_USER_SEARCH_FIELD=sAMAccountName - # - # Used for pagination (0=unlimited) - #- LDAP_SEARCH_PAGE_SIZE=0 - # - # The limit number of entries (0=unlimited) - #- LDAP_SEARCH_SIZE_LIMIT=0 - # - # Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap. - #- LDAP_GROUP_FILTER_ENABLE=false - # - # The object class for filtering. Example: group - #- LDAP_GROUP_FILTER_OBJECTCLASS= - # - # The attribute of a group identifying it. Example: cn - #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= - # - # The attribute inside a group object listing its members. Example: member - #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= - # - # The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE. Example: 'dn' if the users dn is saved as value into the attribute. - #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= - # - # The group name (id) that matches all users. - #- LDAP_GROUP_FILTER_GROUP_NAME= - # - # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid - #- LDAP_UNIQUE_IDENTIFIER_FIELD= - # - # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 - #- LDAP_UTF8_NAMES_SLUGIFY=true - # - # LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName - #- LDAP_USERNAME_FIELD=sAMAccountName - # - # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName - #- LDAP_FULLNAME_FIELD=fullname - # - #- LDAP_MERGE_EXISTING_USERS=false - # - # Allow existing account matching by e-mail address when username does not match - #- LDAP_EMAIL_MATCH_ENABLE=true - # - # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match - #- LDAP_EMAIL_MATCH_REQUIRE=true - # - # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching - #- LDAP_EMAIL_MATCH_VERIFIED=true - # - # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address - #- LDAP_EMAIL_FIELD=mail - #----------------------------------------------------------------- - #- LDAP_SYNC_USER_DATA=false - # - #- LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} - # - #- LDAP_SYNC_GROUP_ROLES= - # - # The default domain of the ldap it is used to create email if the field is not map correctly - # with the LDAP_SYNC_USER_DATA_FIELDMAP is defined in setting LDAP_DEFAULT_DOMAIN above. - # - # Enable/Disable syncing of admin status based on ldap groups: - #- LDAP_SYNC_ADMIN_STATUS=true - # - # Comma separated list of admin group names to sync. - #- LDAP_SYNC_ADMIN_GROUPS=group1,group2 - #--------------------------------------------------------------------- - # Login to LDAP automatically with HTTP header. - # In below example for siteminder, at right side of = is header name. - #- HEADER_LOGIN_ID=HEADERUID - #- HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME - #- HEADER_LOGIN_LASTNAME=HEADERLASTNAME - #- HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS - #--------------------------------------------------------------------- - # ==== LOGOUT TIMER, probably does not work yet ==== - # LOGOUT_WITH_TIMER : Enables or not the option logout with timer - # example : LOGOUT_WITH_TIMER=true - #- LOGOUT_WITH_TIMER= - # - # LOGOUT_IN : The number of days - # example : LOGOUT_IN=1 - #- LOGOUT_IN= - # - # LOGOUT_ON_HOURS : The number of hours - # example : LOGOUT_ON_HOURS=9 - #- LOGOUT_ON_HOURS= - # - # LOGOUT_ON_MINUTES : The number of minutes - # example : LOGOUT_ON_MINUTES=55 - #- LOGOUT_ON_MINUTES= - #------------------------------------------------------------------- - # Hide password login form - # - PASSWORD_LOGIN_ENABLED=true - #------------------------------------------------------------------- - #- CAS_ENABLED=true - #- CAS_BASE_URL=https://cas.example.com/cas - #- CAS_LOGIN_URL=https://cas.example.com/login - #- CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate - #--------------------------------------------------------------------- - #- SAML_ENABLED=true - #- SAML_PROVIDER= - #- SAML_ENTRYPOINT= - #- SAML_ISSUER= - #- SAML_CERT= - #- SAML_IDPSLO_REDIRECTURL= - #- SAML_PRIVATE_KEYFILE= - #- SAML_PUBLIC_CERTFILE= - #- SAML_IDENTIFIER_FORMAT= - #- SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE= - #- SAML_ATTRIBUTES= - #--------------------------------------------------------------------- - # Wait spinner to use - # - WAIT_SPINNER=Bounce - #--------------------------------------------------------------------- - depends_on: - - wekandb - volumes: - - /etc/localtime:/etc/localtime:ro - - wekan-files:/data:rw - secrets: - - ldap_auth_password - - oauth2_secret - - mail_service_password - - mongo_password - - s3_secret - -#--------------------------------------------------------------------------------- -# ==== OPTIONAL: SHARE DATABASE TO OFFICE LAN AND REMOTE VPN ==== -# When using Wekan both at office LAN and remote VPN: -# 1) Have above Wekan docker container config with LAN IP address -# 2) Copy all of above wekan container config below, look above of this part above and all config below it, -# before above depends_on: part: -# -# wekan: -# #------------------------------------------------------------------------------------- -# # ==== MONGODB AND METEOR VERSION ==== -# # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, ..... -# -# -# and change name to different name like wekan2 or wekanvpn, and change ROOT_URL to server VPN IP -# address. -# 3) This way both Wekan containers can use same MongoDB database -# and see the same Wekan boards. -# 4) You could also add 3rd Wekan container for 3rd network etc. -# EXAMPLE: -# wekan2: -# ....COPY CONFIG FROM ABOVE TO HERE... -# environment: -# - ROOT_URL='http://10.10.10.10' -# ...COPY CONFIG FROM ABOVE TO HERE... -#--------------------------------------------------------------------------------- - -# OPTIONAL NGINX CONFIG FOR REVERSE PROXY -# nginx: -# image: nginx -# container_name: nginx -# restart: always -# networks: -# - wekan-tier -# depends_on: -# - wekan -# ports: -# - 80:80 -# - 443:443 -# volumes: -# - ./nginx/ssl:/etc/nginx/ssl/:ro -# - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro -## Alternative volume config: -## volumes: -## - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro -## - ./nginx/ssl/ssl.conf:/etc/nginx/conf.d/ssl/ssl.conf:ro -## - ./nginx/ssl/testvm-ehu.crt:/etc/nginx/conf.d/ssl/certs/mycert.crt:ro -## - ./nginx/ssl/testvm-ehu.key:/etc/nginx/conf.d/ssl/certs/mykey.key:ro -## - ./nginx/ssl/pphrase:/etc/nginx/conf.d/ssl/pphrase:ro - -volumes: - wekan-files: - driver: local - wekan-db: - driver: local - wekan-db-dump: - driver: local - -networks: - wekan-tier: - driver: bridge - -# Docker Compose Secrets -# Create secret files on the host system before running docker-compose up -# Example: echo "your_password_here" > ldap_auth_password.txt -# Then use: docker-compose up -d -secrets: - ldap_auth_password: - file: ./secrets/ldap_auth_password.txt - oauth2_secret: - file: ./secrets/oauth2_secret.txt - mail_service_password: - file: ./secrets/mail_service_password.txt - mongo_password: - file: ./secrets/mongo_password.txt - s3_secret: - file: ./secrets/s3_secret.txt