forked from coop-cloud/outline
parent
84d65ce5f2
commit
cb4fe2e91b
|
@ -8,10 +8,11 @@ LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
# –––––––––––––––– REQUIRED ––––––––––––––––
|
# –––––––––––––––– REQUIRED ––––––––––––––––
|
||||||
|
|
||||||
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
SECRET_SECRET_KEY_VERSION=v1 # length=32
|
SECRET_SECRET_KEY_VERSION=v1 # length=32
|
||||||
SECRET_UTILS_SECRET_VERSION=v1 # length=32
|
SECRET_UTILS_SECRET_VERSION=v1 # length=32
|
||||||
|
|
||||||
SECRET_AWS_SECRET_ACCESS_KEY=v1
|
SECRET_AWS_SECRET_ACCESS_KEY=v1
|
||||||
|
SECRET_OIDC_CLIENT_SECRET_VERSION=v1
|
||||||
|
|
||||||
AWS_ACCESS_KEY_ID=
|
AWS_ACCESS_KEY_ID=
|
||||||
AWS_REGION=
|
AWS_REGION=
|
||||||
|
|
54
compose.yml
54
compose.yml
|
@ -7,6 +7,16 @@ services:
|
||||||
- backend
|
- backend
|
||||||
- proxy
|
- proxy
|
||||||
image: outlinewiki/outline:0.60.3
|
image: outlinewiki/outline:0.60.3
|
||||||
|
secrets:
|
||||||
|
- aws_secret_key
|
||||||
|
- db_password
|
||||||
|
- oidc_client_secret
|
||||||
|
- secret_key
|
||||||
|
- utils_secret
|
||||||
|
configs:
|
||||||
|
- source: app_entrypoint
|
||||||
|
target: /docker-entrypoint.sh
|
||||||
|
mode: 0555
|
||||||
volumes:
|
volumes:
|
||||||
- outline_data:/opt/outline
|
- outline_data:/opt/outline
|
||||||
environment:
|
environment:
|
||||||
|
@ -17,13 +27,12 @@ services:
|
||||||
- AWS_S3_UPLOAD_BUCKET_NAME
|
- AWS_S3_UPLOAD_BUCKET_NAME
|
||||||
- AWS_S3_UPLOAD_BUCKET_URL
|
- AWS_S3_UPLOAD_BUCKET_URL
|
||||||
- AWS_S3_UPLOAD_MAX_SIZE
|
- AWS_S3_UPLOAD_MAX_SIZE
|
||||||
- AWS_SECRET_ACCESS_KEY
|
- AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_key
|
||||||
- DATABASE_URL=postgres://user:pass@${STACK_NAME}_postgres:5432/outline
|
- DATABASE_PASSWORD_FILE=/run/secrets/db_password
|
||||||
- DATABASE_URL_TEST=postgres://user:pass@${STACK_NAME}_postgres:5432/outline-test
|
|
||||||
- FORCE_HTTPS=true
|
- FORCE_HTTPS=true
|
||||||
- OIDC_AUTH_URI
|
- OIDC_AUTH_URI
|
||||||
- OIDC_CLIENT_ID
|
- OIDC_CLIENT_ID
|
||||||
- OIDC_CLIENT_SECRET
|
- OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
|
||||||
- OIDC_DISPLAY_NAME
|
- OIDC_DISPLAY_NAME
|
||||||
- OIDC_SCOPES
|
- OIDC_SCOPES
|
||||||
- OIDC_TOKEN_URI
|
- OIDC_TOKEN_URI
|
||||||
|
@ -31,10 +40,12 @@ services:
|
||||||
- OIDC_USERNAME_CLAIM
|
- OIDC_USERNAME_CLAIM
|
||||||
- PGSSLMODE=disable
|
- PGSSLMODE=disable
|
||||||
- REDIS_URL=redis://${STACK_NAME}_redis:6379
|
- REDIS_URL=redis://${STACK_NAME}_redis:6379
|
||||||
- SECRET_KEY
|
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||||
- TEAM_LOGO
|
- TEAM_LOGO
|
||||||
- URL=https://$DOMAIN
|
- URL=https://$DOMAIN
|
||||||
- UTILS_SECRET
|
- UTILS_SECRET_FILE=/run/secrets/utils_secret
|
||||||
|
command: yarn start
|
||||||
|
entrypoint: /docker-entrypoint.sh
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
|
@ -57,18 +68,43 @@ services:
|
||||||
image: postgres:11
|
image: postgres:11
|
||||||
networks:
|
networks:
|
||||||
- backend
|
- backend
|
||||||
|
secrets:
|
||||||
|
- db_password
|
||||||
environment:
|
environment:
|
||||||
POSTGRES_DB: outline
|
POSTGRES_DB: outline
|
||||||
POSTGRES_PASSWORD: pass
|
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
||||||
POSTGRES_USER: user
|
POSTGRES_USER: outline
|
||||||
volumes:
|
volumes:
|
||||||
- "postgres_data:/var/lib/postgresql/data"
|
- "postgres_data:/var/lib/postgresql/data"
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
secret_key:
|
||||||
|
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||||
|
external: true
|
||||||
|
utils_secret:
|
||||||
|
name: ${STACK_NAME}_utils_secret_${SECRET_UTILS_SECRET_VERSION}
|
||||||
|
external: true
|
||||||
|
aws_access_key:
|
||||||
|
name: ${STACK_NAME}_aws_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION}
|
||||||
|
external: true
|
||||||
|
oidc_client_secret:
|
||||||
|
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
|
||||||
|
external: true
|
||||||
|
db_password:
|
||||||
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||||
|
external: true
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
backend:
|
backend:
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
outline_data:
|
outline_data:
|
||||||
postgres_data:
|
postgres_data:
|
||||||
|
|
||||||
|
configs:
|
||||||
|
app_entrypoint:
|
||||||
|
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
||||||
|
file: entrypoint.sh.tmpl
|
||||||
|
template_driver: golang
|
||||||
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
file_env() {
|
||||||
|
local var="$1"
|
||||||
|
local fileVar="${var}_FILE"
|
||||||
|
local def="${2:-}"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||||
|
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local val="$def"
|
||||||
|
|
||||||
|
if [ "${!var:-}" ]; then
|
||||||
|
val="${!var}"
|
||||||
|
elif [ "${!fileVar:-}" ]; then
|
||||||
|
val="$(< "${!fileVar}")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
export "$var"="$val"
|
||||||
|
unset "$fileVar"
|
||||||
|
}
|
||||||
|
|
||||||
|
file_env "AWS_SECRET_ACCESS_KEY"
|
||||||
|
file_env "OIDC_CLIENT_SECRET"
|
||||||
|
file_env "UTILS_SECRET"
|
||||||
|
file_env "DATABASE_PASSWORD"
|
||||||
|
|
||||||
|
export DATABASE_URL="postgres://outline:${DATABASE_PASSWORD}@${STACK_NAME}_postgres:5432/outline"
|
Loading…
Reference in New Issue