version: '2' # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. #--------------------------------------------------------------------------------------------------------- # ==== CREATING USERS AND LOGGING IN TO WEKAN ==== # https://github.com/wekan/wekan/wiki/Adding-users #--------------------------------------------------------------------------------------------------------- # ==== FORGOT PASSWORD ==== # https://github.com/wekan/wekan/wiki/Forgot-Password #--------------------------------------------------------------------------------------------------------- # ==== Upgrading Wekan to new version ===== # NOTE: MongoDB has changed from 3.x to 4.x, in that case you need backup/restore with --noIndexRestore # see https://github.com/wekan/wekan/wiki/Backup # 1) Stop Wekan: # docker-compose stop # 2) Download new version: # docker-compose pull wekan # 3) If you have more networks for VPN etc as described at bottom of # this config, download for them too: # docker-compose pull wekan2 # 4) Start Wekan: # docker-compose start #---------------------------------------------------------------------------------- # ==== OPTIONAL: DEDICATED DOCKER USER ==== # 1) Optionally create a dedicated user for Wekan, for example: # sudo useradd -d /home/wekan -m -s /bin/bash wekan # 2) Add this user to the docker group, then logout+login or reboot: # sudo usermod -aG docker wekan # 3) Then login as user wekan. # 4) Create this file /home/wekan/docker-compose.yml with your modifications. #---------------------------------------------------------------------------------- # ==== RUN DOCKER AS SERVICE ==== # 1a) Running Docker as service, on Systemd like Debian 9, Ubuntu 16.04, CentOS 7: # sudo systemctl enable docker # sudo systemctl start docker # 1b) Running Docker as service, on init.d like Debian 8, Ubuntu 14.04, CentOS 6: # sudo update-rc.d docker defaults # sudo service docker start # ---------------------------------------------------------------------------------- # ==== USAGE OF THIS docker-compose.yml ==== # 1) For seeing does Wekan work, try this and check with your webbroser: # docker-compose up # 2) Stop Wekan and start Wekan in background: # docker-compose stop # docker-compose up -d # 3) See running Docker containers: # docker ps # 4) Stop Docker containers: # docker-compose stop # ---------------------------------------------------------------------------------- # ===== INSIDE DOCKER CONTAINERS, AND BACKUP/RESTORE ==== # https://github.com/wekan/wekan/wiki/Backup # If really necessary, repair MongoDB: https://github.com/wekan/wekan-mongodb/issues/6#issuecomment-424004116 # 1) Going inside containers: # a) Wekan app, does not contain data # docker exec -it wekan-app bash # b) MongoDB, contains all data # docker exec -it wekan-db bash # 2) Copying database to outside of container: # docker exec -it wekan-db bash # cd /data # mongodump # exit # docker cp wekan-db:/data/dump . # 3) Restoring database # # 1) Stop wekan # docker stop wekan-app # # 2) Go inside database container # docker exec -it wekan-db bash # # 3) and data directory # cd /data # # 4) Remove previos dump # rm -rf dump # # 5) Exit db container # exit # # 6) Copy dump to inside docker container # docker cp dump wekan-db:/data/ # # 7) Go inside database container # docker exec -it wekan-db bash # # 8) and data directory # cd /data # # 9) Restore # mongorestore --drop # # 10) Exit db container # exit # # 11) Start wekan # docker start wekan-app #------------------------------------------------------------------------- services: wekandb: #------------------------------------------------------------------------------------- # ==== MONGODB AND METEOR VERSION ==== # a) For Wekan Meteor 1.8.x version at master branch, use mongo 4.x image: mongo:4.0.12 # b) For Wekan Meteor 1.6.x version at devel branch. # Only for Snap and Sandstorm while they are not upgraded yet to Meteor 1.8.x #image: mongo:3.2.21 #------------------------------------------------------------------------------------- container_name: wekan-db restart: always command: mongod --smallfiles --oplogSize 128 networks: - wekan-tier expose: - 27017 volumes: - /opt/wekan/db:/data/db - /opt/wekan/db-dump:/dump - /opt/wekan/uploads:/uploads wekan: #------------------------------------------------------------------------------------- # ==== MONGODB AND METEOR VERSION ==== # NOTE: Quay is currently not updated, use Docker Hub image below c) # a) For Wekan Meteor 1.8.x version at master branch, # using https://quay.io/wekan/wekan automatic builds #image: quay.io/wekan/wekan # b) Using specific Meteor 1.6.x version tag: # image: quay.io/wekan/wekan:v1.95 # c) Using Docker Hub automatic builds https://hub.docker.com/r/wekanteam/wekan image: wekanteam/wekan:latest # image: wekanteam/wekan:v2.99 #------------------------------------------------------------------------------------- container_name: wekan-app restart: always networks: - wekan-tier #------------------------------------------------------------------------------------- # ==== BUILD wekan-app DOCKER CONTAINER FROM SOURCE, if you uncomment these ==== # ==== and use commands: docker-compose up -d --build #build: # context: . # dockerfile: Dockerfile # args: # - NODE_VERSION=${NODE_VERSION} # - METEOR_RELEASE=${METEOR_RELEASE} # - NPM_VERSION=${NPM_VERSION} # - ARCHITECTURE=${ARCHITECTURE} # - SRC_PATH=${SRC_PATH} # - METEOR_EDGE=${METEOR_EDGE} # - USE_EDGE=${USE_EDGE} #------------------------------------------------------------------------------------- ports: # Docker outsideport:insideport. Do not add anything extra here. # For example, if you want to have wekan on port 3001, # use 3001:8080 . Do not add any extra address etc here, that way it does not work. # remove port mapping if you use nginx reverse proxy, port 8080 is already exposed to wekan-tier network - 8000:8080 environment: - MONGO_URL=mongodb://wekandb:27017/wekan #--------------------------------------------------------------- # ==== ROOT_URL SETTING ==== # Change ROOT_URL to your real Wekan URL, for example: # If you have Caddy/Nginx/Apache providing SSL # - https://example.com # - https://boards.example.com # This can be problematic with avatars https://github.com/wekan/wekan/issues/1776 # - https://example.com/wekan # If without https, can be only wekan node, no need for Caddy/Nginx/Apache if you don't need them # - http://example.com # - http://boards.example.com # - http://192.168.1.100 <=== using at local LAN - ROOT_URL=http://localhost # <=== using only at same laptop/desktop where Wekan is installed #--------------------------------------------------------------- # ==== EMAIL SETTINGS ==== # Email settings are required in both MAIL_URL and Admin Panel, # see https://github.com/wekan/wekan/wiki/Troubleshooting-Mail # For SSL in email, change smtp:// to smtps:// # NOTE: Special characters need to be url-encoded in MAIL_URL. # You can encode those characters for example at: https://www.urlencoder.org #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/ - MAIL_URL=smtp://:25/?ignoreTLS=true&tls={rejectUnauthorized:false} - MAIL_FROM=Wekan Notifications #--------------------------------------------------------------- # ==== OPTIONAL: MONGO OPLOG SETTINGS ===== # https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587 # We've fixed our CPU usage problem today with an environment # change around Wekan. I wasn't aware during implementation # that if you're using more than 1 instance of Wekan # (or any MeteorJS based tool) you're supposed to set # MONGO_OPLOG_URL as an environment variable. # Without setting it, Meteor will perform a pull-and-diff # update of it's dataset. With it, Meteor will update from # the OPLOG. See here # https://blog.meteor.com/tuning-meteor-mongo-livedata-for-scalability-13fe9deb8908 # After setting # MONGO_OPLOG_URL=mongodb://:@/local?authSource=admin&replicaSet=rsWekan # the CPU usage for all Wekan instances dropped to an average # of less than 10% with only occasional spikes to high usage # (I guess when someone is doing a lot of work) # - MONGO_OPLOG_URL=mongodb://:@/local?authSource=admin&replicaSet=rsWekan #--------------------------------------------------------------- # ==== OPTIONAL: KADIRA PERFORMANCE MONITORING FOR METEOR ==== # https://github.com/edemaine/kadira-compose # https://github.com/meteor/meteor-apm-agent # https://blog.meteor.com/kadira-apm-is-now-open-source-490469ffc85f #- APM_OPTIONS_ENDPOINT=http://:11011 #- APM_APP_ID= #- APM_APP_SECRET= #--------------------------------------------------------------- # ==== OPTIONAL: LOGS AND STATS ==== # https://github.com/wekan/wekan/wiki/Logs # # Daily export of Wekan changes as JSON to Logstash and ElasticSearch / Kibana (ELK) # https://github.com/wekan/wekan-logstash # # Statistics Python script for Wekan Dashboard # https://github.com/wekan/wekan-stats # # Console, file, and zulip logger on database changes https://github.com/wekan/wekan/pull/1010 # with fix to replace console.log by winston logger https://github.com/wekan/wekan/pull/1033 # but there could be bug https://github.com/wekan/wekan/issues/1094 # # There is Feature Request: Logging date and time of all activity with summary reports, # and requesting reason for changing card to other column https://github.com/wekan/wekan/issues/1598 #--------------------------------------------------------------- # ==== WEKAN API AND EXPORT BOARD ==== # Wekan Export Board works when WITH_API=true. # https://github.com/wekan/wekan/wiki/REST-API # https://github.com/wekan/wekan-gogs # If you disable Wekan API with false, Export Board does not work. - WITH_API=true #--------------------------------------------------------------- # ==== PASSWORD BRUTE FORCE PROTECTION ==== #https://atmospherejs.com/lucasantoniassi/accounts-lockout #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3 #- ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60 #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15 #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 #--------------------------------------------------------------- # ==== STORE ATTACHMENT ON SERVER FILESYSTEM INSTEAD OF MONGODB ==== # https://github.com/wekan/wekan/pull/2603 - ATTACHMENTS_STORE_PATH = /uploads # pathname can be relative or fullpath #--------------------------------------------------------------- # ==== RICH TEXT EDITOR IN CARD COMMENTS ==== # https://github.com/wekan/wekan/pull/2560 - RICHER_CARD_COMMENT_EDITOR=true #--------------------------------------------------------------- # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== # https://github.com/wekan/wekan/issues/2518 - CARD_OPENED_WEBHOOK_ENABLED=true #--------------------------------------------------------------- # ==== Allow to shrink attached/pasted image ==== # https://github.com/wekan/wekan/pull/2544 #-MAX_IMAGE_PIXEL=1024 #-IMAGE_COMPRESS_RATIO=80 #--------------------------------------------------------------- # ==== BIGEVENTS DUE ETC NOTIFICATIONS ===== # https://github.com/wekan/wekan/pull/2541 # Introduced a system env var BIGEVENTS_PATTERN default as "NONE", # so any activityType matches the pattern, system will send out # notifications to all board members no matter they are watching # or tracking the board or not. Owner of the wekan server can # disable the feature by setting this variable to "NONE" or # change the pattern to any valid regex. i.e. '|' delimited # activityType names. # a) Example #- BIGEVENTS_PATTERN=due # b) All #- BIGEVENTS_PATTERN=received|start|due|end # c) Disabled - BIGEVENTS_PATTERN=NONE #--------------------------------------------------------------- # ==== EMAIL DUE DATE NOTIFICATION ===== # https://github.com/wekan/wekan/pull/2536 # System timelines will be showing any user modification for # dueat startat endat receivedat, also notification to # the watchers and if any card is due, about due or past due. # # Notify due days, default is None, 2 days before and on the event day #- NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0 # # Notify due at hour of day. Default every morning at 8am. Can be 0-23. # If env variable has parsing error, use default. Notification sent to watchers. #- NOTIFY_DUE_AT_HOUR_OF_DAY=8 #----------------------------------------------------------------- # ==== EMAIL NOTIFICATION TIMEOUT, ms ===== # Defaut: 30000 ms = 30s #- EMAIL_NOTIFICATION_TIMEOUT=30000 #----------------------------------------------------------------- # ==== CORS ===== # CORS: Set Access-Control-Allow-Origin header. #- CORS=* # CORS_ALLOW_HEADERS: Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. #- CORS_ALLOW_HEADERS=Authorization,Content-Type # CORS_EXPOSE_HEADERS: Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations #- CORS_EXPOSE_HEADERS=* #----------------------------------------------------------------- # ==== MATOMO INTEGRATION ==== # Optional: Integration with Matomo https://matomo.org that is installed to your server # The address of the server where Matomo is hosted. #- MATOMO_ADDRESS=https://example.com/matomo # The value of the site ID given in Matomo server for Wekan #- MATOMO_SITE_ID=1 # The option do not track which enables users to not be tracked by matomo #- MATOMO_DO_NOT_TRACK=true # The option that allows matomo to retrieve the username: #- MATOMO_WITH_USERNAME=true #----------------------------------------------------------------- # ==== BROWSER POLICY AND TRUSTED IFRAME URL ==== # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. # Setting this to false is not recommended, it also disables all other browser policy protections # and allows all iframing etc. See wekan/server/policy.js - BROWSER_POLICY_ENABLED=true # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. #- TRUSTED_URL=https://intra.example.com #----------------------------------------------------------------- # ==== OUTGOING WEBHOOKS ==== # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . - WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId #----------------------------------------------------------------- # ==== Debug OIDC OAuth2 etc ==== #- DEBUG=true #----------------------------------------------------------------- # ==== OAUTH2 AZURE ==== # https://github.com/wekan/wekan/wiki/Azure # 1) Register the application with Azure. Make sure you capture # the application ID as well as generate a secret key. # 2) Configure the environment variables. This differs slightly # by installation type, but make sure you have the following: #- OAUTH2_ENABLED=true # OAuth2 login style: popup or redirect. #- OAUTH2_LOGIN_STYLE=redirect # Application GUID captured during app registration: #- OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx # Secret key generated during app registration: #- OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #- OAUTH2_SERVER_URL=https://login.microsoftonline.com/ #- OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize #- OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo #- OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token # The claim name you want to map to the unique ID field: #- OAUTH2_ID_MAP=email # The claim name you want to map to the username field: #- OAUTH2_USERNAME_MAP=email # The claim name you want to map to the full name field: #- OAUTH2_FULLNAME_MAP=name # Tthe claim name you want to map to the email field: #- OAUTH2_EMAIL_MAP=email #----------------------------------------------------------------- # ==== OAUTH2 KEYCLOAK ==== # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED #- OAUTH2_ENABLED=true # OAuth2 login style: popup or redirect. #- OAUTH2_LOGIN_STYLE=redirect #- OAUTH2_CLIENT_ID= #- OAUTH2_SERVER_URL=/auth #- OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth #- OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo #- OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token #- OAUTH2_SECRET= #----------------------------------------------------------------- # ==== OAUTH2 DOORKEEPER ==== # https://github.com/wekan/wekan/issues/1874 # https://github.com/wekan/wekan/wiki/OAuth2 # Enable the OAuth2 connection #- OAUTH2_ENABLED=true # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 # OAuth2 login style: popup or redirect. #- OAUTH2_LOGIN_STYLE=redirect # OAuth2 Client ID. #- OAUTH2_CLIENT_ID=abcde12345 # OAuth2 Secret. #- OAUTH2_SECRET=54321abcde # OAuth2 Server URL. #- OAUTH2_SERVER_URL=https://chat.example.com # OAuth2 Authorization Endpoint. #- OAUTH2_AUTH_ENDPOINT=/oauth/authorize # OAuth2 Userinfo Endpoint. #- OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo # OAuth2 Token Endpoint. #- OAUTH2_TOKEN_ENDPOINT=/oauth/token # OAUTH2 ID Token Whitelist Fields. #- OAUTH2_ID_TOKEN_WHITELIST_FIELDS="" # OAUTH2 Request Permissions. #- OAUTH2_REQUEST_PERMISSIONS=openid profile email # OAuth2 ID Mapping #- OAUTH2_ID_MAP= # OAuth2 Username Mapping #- OAUTH2_USERNAME_MAP= # OAuth2 Fullname Mapping #- OAUTH2_FULLNAME_MAP= # OAuth2 Email Mapping #- OAUTH2_EMAIL_MAP= #----------------------------------------------------------------- # ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ==== # https://github.com/wekan/wekan/wiki/LDAP # For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys # Most settings work both on Snap and Docker below. # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. # # The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap. - DEFAULT_AUTHENTICATION_METHOD=ldap # # Enable or not the connection by the LDAP - LDAP_ENABLE=true # # The port of the LDAP server - LDAP_PORT=636 # # The host server for the LDAP server - LDAP_HOST=dc1.k-space.lan # # The base DN for the LDAP Tree - LDAP_BASEDN=cn=Users,dc=k-space,dc=lan # # Fallback on the default authentication method - LDAP_LOGIN_FALLBACK=false # # Reconnect to the server if the connection is lost - LDAP_RECONNECT=true # # Overall timeout, in milliseconds - LDAP_TIMEOUT=10000 # # Specifies the timeout for idle LDAP connections in milliseconds - LDAP_IDLE_TIMEOUT=10000 # # Connection timeout, in milliseconds - LDAP_CONNECT_TIMEOUT=10000 # # If the LDAP needs a user account to search - LDAP_AUTHENTIFICATION=true # # The search user DN - You need quotes when you have spaces in parameters # 2 examples: #- LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan" - LDAP_AUTHENTIFICATION_USERDN="CN=kanban,CN=Users,DC=k-space,DC=lan" #$wgLdapAuthDomainNames = 'K-SPACE.LAN'; # The password for the search user - LDAP_AUTHENTIFICATION_PASSWORD={{ ldap_authentifcation_password }} # # Enable logs for the module - LDAP_LOG_ENABLED=true # # If the sync of the users should be done in the background - LDAP_BACKGROUND_SYNC=false # # At which interval does the background task sync in milliseconds. # Leave this unset, so it uses default, and does not crash. # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722 - LDAP_BACKGROUND_SYNC_INTERVAL='' # #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false # #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false # # If using LDAPS: LDAP_ENCRYPTION=ssl - LDAP_ENCRYPTION=tls # # The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. - LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIFqDCCA5CgAwIBAgIE5hknWjANBgkqhkiG9w0BAQUFADByMR0wGwYDVQQKExRTYW1iYSBBZG1pbmlzdHJhdGlvbjE3MDUGA1UECxMuU2FtYmEgLSB0ZW1wb3JhcnkgYXV0b2dlbmVyYXRlZCBDQSBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMB4XDTE3MTIwNTIyMTI1NFoXDTE5MTEwNTIyMTI1NFowdDEdMBsGA1UEChMUU2FtYmEgQWRtaW5pc3RyYXRpb24xOTA3BgNVBAsTMFNhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0ZWQgSE9TVCBjZXJ0aWZpY2F0ZTEYMBYGA1UEAxMPREMxLmstc3BhY2UubGFuMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5wiOgdRYZ5UTlGGQ6yLrFKQG9ZqfFOI/NBSlhw6+fs9KbHQiDwjSMzqUQa2lDWGoqJcmn4EP4v6dNEs1rxXjahVR00CzMpPumma/seHrkKx26t6DvDMgLmCuNswGU/KN5sV1wU5cEmQonkr+BH5k5M4d8fTVaGQOFGun2AaA2KRLm1dilOsr37bYhMeKHKDLnShZOGegUKw0+Dn8W7W6taVNU2yKZXmy07Hg55PAIgNT/Ni+gYjy+T4dul//zILlnuvfopd3giIJ0G8h/1rK3SzqaB/I2BHIAoVQ+LIb/bwWYAU06/vT480Uhdmr5jOyFs/EOwm+X706KTobRtr2aRzZVHLQvwGHnl4Y6Ga0ocbOFEKWzpkeIDPO+iP5Q+vWBFJID0Zv64fZYjIL1jJ2+l598JCI3lJTqBczXaaUigJzPxUyk0h/9yR+zzj7qZb0rc3loqvNFn6N+1a3y+5uXfsbtf6H7Qmugw1RT+gsWwdIlJBca+0wEzp1XDymryJW1jKTq2jcQO2VTuYgPfAAkk9E/pbFyUSdBMLyJf0yALCRgKtGmH+jio9CZKnfyH+WDZZMf64GAxFLBLbInOUBZDXjLoNcsldeejpsDQ6b8BWYHRGGmwspYvp/EBDY3oC0lfHx1dgu1xkAbIPUJarzDuLGAMD5JJUkCVwkD92ivgkCAwEAAaNEMEIwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUUXuarAUGg5SXgVTd7qjm39Jay6owDQYJKoZIhvcNAQEFBQADggIBACJDpQKuCanGQ7U0jsltgKunpJs3ZOtZP7jJhz+TeEvEYDaOFPreFLRpTOF2dTE3E5XVrUVFdCZCJcON3gkBCVDcEGfHxHTL1geGnKb6o/PY2N5l/Z8mjlqB83jxJ4xCbpELA4LWQ6jNTYcih4viInrpIyD7w05kN8bEyzet/pgms8G46+E8xAxQCCbKEM0bLrSRcUjWtqjgK34sXKYyFA0YDMafJtHgw4vDti1NdCCA88RjEdwTXJD/iiJLvA4rK7lU3JPt1sXaeawQJAK1XK7nWArmHZ3mpch+wRBX62BOvYtJAvboYMCc29bOQszQZEASnzj8cZmb5qAS2MWg2wvDgn0Z87NiGYD3xnadaVtUIYmIRb/2bOJc8qlDdasvdNvJY7zRD5xJZoUUax1eZcu/73f3PCelUsZmnUsrYhpSX5VaZyJfIBujygf9RFEeZ0q1br10ULkTN2DxAWmY6r+huywQr2wd9A3iPeo+BcUboQV3c0oFd+okDB6rbJ9U+x/CCQLXOBattZV2fqjN9C4DzSlWmLDxgFayFnG9bGUu1rfVj2S9D09hXCzY/hcM6OIhAnFVi6BxPred0RRT8q/GLgxwVlG8nN1AwMEXvDYR6q6BawDMyPAyWBE7AiV/6ubfuq94CYPxPWCaaUfuhwh5aGWn0mtyxK80rNIJZ1U1-----END CERTIFICATE----- # # Reject Unauthorized Certificate #- LDAP_REJECT_UNAUTHORIZED=false # # Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key). - LDAP_USER_AUTHENTICATION="false" # # Which field is used to find the user for the user authentication. Default: uid. #- LDAP_USER_AUTHENTICATION_FIELD="uid" # # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed #- LDAP_USER_SEARCH_FILTER= # # base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) #- LDAP_USER_SEARCH_SCOPE=one # # Which field is used to find the user, like uid / sAMAccountName #- LDAP_USER_SEARCH_FIELD=sAMAccountName # # Used for pagination (0=unlimited) #- LDAP_SEARCH_PAGE_SIZE=0 # # The limit number of entries (0=unlimited) #- LDAP_SEARCH_SIZE_LIMIT=0 # # Enable group filtering #- LDAP_GROUP_FILTER_ENABLE=false # # The object class for filtering. Example: group #- LDAP_GROUP_FILTER_OBJECTCLASS= # #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= # #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= # #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= # #- LDAP_GROUP_FILTER_GROUP_NAME= # # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid #- LDAP_UNIQUE_IDENTIFIER_FIELD= # # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 #- LDAP_UTF8_NAMES_SLUGIFY=true # # LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName #- LDAP_USERNAME_FIELD=sAMAccountName # # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName #- LDAP_FULLNAME_FIELD=fullname # #- LDAP_MERGE_EXISTING_USERS=false # # Allow existing account matching by e-mail address when username does not match #- LDAP_EMAIL_MATCH_ENABLE=true # # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match #- LDAP_EMAIL_MATCH_REQUIRE=true # # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching #- LDAP_EMAIL_MATCH_VERIFIED=true # # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address #- LDAP_EMAIL_FIELD=mail #----------------------------------------------------------------- #- LDAP_SYNC_USER_DATA=false # #- LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} # #- LDAP_SYNC_GROUP_ROLES='' # # The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : - LDAP_DEFAULT_DOMAIN=k-space.lan # # Enable/Disable syncing of admin status based on ldap groups: - LDAP_SYNC_ADMIN_STATUS=true # # Comma separated list of admin group names to sync. #- LDAP_SYNC_ADMIN_GROUPS=group1,group2 #--------------------------------------------------------------------- # Login to LDAP automatically with HTTP header. # In below example for siteminder, at right side of = is header name. #- HEADER_LOGIN_ID=HEADERUID #- HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME #- HEADER_LOGIN_LASTNAME=HEADERLASTNAME #- HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS #--------------------------------------------------------------------- # ==== LOGOUT TIMER, probably does not work yet ==== # LOGOUT_WITH_TIMER : Enables or not the option logout with timer # example : LOGOUT_WITH_TIMER=true #- LOGOUT_WITH_TIMER= # # LOGOUT_IN : The number of days # example : LOGOUT_IN=1 #- LOGOUT_IN= # # LOGOUT_ON_HOURS : The number of hours # example : LOGOUT_ON_HOURS=9 #- LOGOUT_ON_HOURS= # # LOGOUT_ON_MINUTES : The number of minutes # example : LOGOUT_ON_MINUTES=55 #- LOGOUT_ON_MINUTES= #------------------------------------------------------------------- depends_on: - wekandb #--------------------------------------------------------------------------------- # ==== OPTIONAL: SHARE DATABASE TO OFFICE LAN AND REMOTE VPN ==== # When using Wekan both at office LAN and remote VPN: # 1) Have above Wekan docker container config with LAN IP address # 2) Copy all of above wekan container config below, look above of this part above and all config below it, # before above depends_on: part: # # wekan: # #------------------------------------------------------------------------------------- # # ==== MONGODB AND METEOR VERSION ==== # # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, ..... # # # and change name to different name like wekan2 or wekanvpn, and change ROOT_URL to server VPN IP # address. # 3) This way both Wekan containers can use same MongoDB database # and see the same Wekan boards. # 4) You could also add 3rd Wekan container for 3rd network etc. # EXAMPLE: # wekan2: # ....COPY CONFIG FROM ABOVE TO HERE... # environment: # - ROOT_URL='http://10.10.10.10' # ...COPY CONFIG FROM ABOVE TO HERE... #--------------------------------------------------------------------------------- # OPTIONAL NGINX CONFIG FOR REVERSE PROXY # nginx: # image: nginx # container_name: nginx # restart: always # networks: # - wekan-tier # depends_on: # - wekan # ports: # - 80:80 # - 443:443 # volumes: # - ./nginx/ssl:/etc/nginx/ssl/:ro # - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro ## Alternative volume config: ## volumes: ## - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro ## - ./nginx/ssl/ssl.conf:/etc/nginx/conf.d/ssl/ssl.conf:ro ## - ./nginx/ssl/testvm-ehu.crt:/etc/nginx/conf.d/ssl/certs/mycert.crt:ro ## - ./nginx/ssl/testvm-ehu.key:/etc/nginx/conf.d/ssl/certs/mykey.key:ro ## - ./nginx/ssl/pphrase:/etc/nginx/conf.d/ssl/pphrase:ro networks: wekan-tier: driver: bridge