generated from coop-cloud/example
Compare commits
11 Commits
ae2ea06195
...
9e02395442
Author | SHA1 | Date |
---|---|---|
trav | 9e02395442 | |
trav | b2052c6d67 | |
trav | e177a81579 | |
trav | 6de8b27157 | |
trav | c8747f89a1 | |
trav | 418cbace24 | |
trav | b9cec206c2 | |
trav | e998b3f396 | |
trav | 39be243a0a | |
trav | 5e4c53d5ca | |
trav | 201172cb86 |
174
.env.sample
174
.env.sample
|
@ -1,7 +1,175 @@
|
||||||
TYPE={{ .Name }}
|
TYPE=outline
|
||||||
|
|
||||||
DOMAIN={{ .Name }}.example.com
|
DOMAIN=outline.example.com
|
||||||
|
|
||||||
## Domain aliases
|
## Domain aliases
|
||||||
#EXTRA_DOMAINS=', `www.{{ .Name }}.example.com`'
|
#EXTRA_DOMAINS=', `www.outline.example.com`'
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#hard coded, secret or.... legit exposed as config options. Or things we might want to make optional configuration with separate compose file
|
||||||
|
|
||||||
|
|
||||||
|
# 👋 Welcome, we're glad you're setting up an installation of Outline. Copy this
|
||||||
|
# file to .env or set the variables in your local environment manually. For
|
||||||
|
# development with docker this should mostly work out of the box other than
|
||||||
|
# setting the Slack keys and the SECRET_KEY.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# –––––––––––––––– REQUIRED ––––––––––––––––
|
||||||
|
|
||||||
|
# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32`
|
||||||
|
# in your terminal to generate a random value.
|
||||||
|
SECRET_KEY=generate_a_new_key
|
||||||
|
|
||||||
|
# Generate a unique random key. The format is not important but you could still use
|
||||||
|
# `openssl rand -hex 32` in your terminal to produce this.
|
||||||
|
UTILS_SECRET=generate_a_new_key
|
||||||
|
|
||||||
|
# For production point these at your databases, in development the default
|
||||||
|
# should work out of the box.
|
||||||
|
# Uncomment this to disable SSL for connecting to Postgres
|
||||||
|
# PGSSLMODE=disable
|
||||||
|
|
||||||
|
|
||||||
|
# URL should point to the fully qualified, publicly accessible URL. If using a
|
||||||
|
# proxy the port in URL and PORT may be different.
|
||||||
|
|
||||||
|
# See [documentation](docs/SERVICES.md) on running a separate collaboration
|
||||||
|
# server, for normal operation this does not need to be set.
|
||||||
|
COLLABORATION_URL=
|
||||||
|
|
||||||
|
# To support uploading of images for avatars and document attachments an
|
||||||
|
# s3-compatible storage must be provided. AWS S3 is recommended for redundency
|
||||||
|
# however if you want to keep all file storage local an alternative such as
|
||||||
|
# minio (https://github.com/minio/minio) can be used.
|
||||||
|
|
||||||
|
# A more detailed guide on setting up S3 is available here:
|
||||||
|
# => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f
|
||||||
|
#
|
||||||
|
AWS_ACCESS_KEY_ID=get_a_key_from_aws
|
||||||
|
AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key
|
||||||
|
AWS_REGION=xx-xxxx-x
|
||||||
|
AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569
|
||||||
|
AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here
|
||||||
|
AWS_S3_UPLOAD_MAX_SIZE=26214400
|
||||||
|
AWS_S3_FORCE_PATH_STYLE=true
|
||||||
|
AWS_S3_ACL=private
|
||||||
|
|
||||||
|
|
||||||
|
# –––––––––––––– AUTHENTICATION ––––––––––––––
|
||||||
|
|
||||||
|
# Third party signin credentials, at least ONE OF EITHER Google, Slack,
|
||||||
|
# or Microsoft is required for a working installation or you'll have no sign-in
|
||||||
|
# options.
|
||||||
|
|
||||||
|
# To configure Slack auth, you'll need to create an Application at
|
||||||
|
# => https://api.slack.com/apps
|
||||||
|
#
|
||||||
|
# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
|
||||||
|
# https://<URL>/auth/slack.callback
|
||||||
|
SLACK_KEY=get_a_key_from_slack
|
||||||
|
SLACK_SECRET=get_the_secret_of_above_key
|
||||||
|
|
||||||
|
# To configure Google auth, you'll need to create an OAuth Client ID at
|
||||||
|
# => https://console.cloud.google.com/apis/credentials
|
||||||
|
#
|
||||||
|
# When configuring the Client ID, add an Authorized redirect URI:
|
||||||
|
# https://<URL>/auth/google.callback
|
||||||
|
GOOGLE_CLIENT_ID=
|
||||||
|
GOOGLE_CLIENT_SECRET=
|
||||||
|
|
||||||
|
# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See
|
||||||
|
# the guide for details on setting up your Azure App:
|
||||||
|
# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4
|
||||||
|
AZURE_CLIENT_ID=
|
||||||
|
AZURE_CLIENT_SECRET=
|
||||||
|
AZURE_RESOURCE_APP_ID=
|
||||||
|
|
||||||
|
# To configure generic OIDC auth, you'll need some kind of identity provider.
|
||||||
|
# See documentation for whichever IdP you use to acquire the following info:
|
||||||
|
# Redirect URI is https://<URL>/auth/oidc.callback
|
||||||
|
OIDC_CLIENT_ID=
|
||||||
|
OIDC_CLIENT_SECRET=
|
||||||
|
OIDC_AUTH_URI=
|
||||||
|
OIDC_TOKEN_URI=
|
||||||
|
OIDC_USERINFO_URI=
|
||||||
|
|
||||||
|
# Specify which claims to derive user information from
|
||||||
|
# Supports any valid JSON path with the JWT payload
|
||||||
|
OIDC_USERNAME_CLAIM=preferred_username
|
||||||
|
|
||||||
|
# Display name for OIDC authentication
|
||||||
|
OIDC_DISPLAY_NAME="OpenID Connect"
|
||||||
|
|
||||||
|
# Space separated auth scopes.
|
||||||
|
OIDC_SCOPES="openid profile email"
|
||||||
|
|
||||||
|
|
||||||
|
# –––––––––––––––– OPTIONAL ––––––––––––––––
|
||||||
|
|
||||||
|
# If using a Cloudfront/Cloudflare distribution or similar it can be set below.
|
||||||
|
# This will cause paths to javascript, stylesheets, and images to be updated to
|
||||||
|
# the hostname defined in CDN_URL. In your CDN configuration the origin server
|
||||||
|
# should be set to the same as URL.
|
||||||
|
CDN_URL=
|
||||||
|
|
||||||
|
# Auto-redirect to https in production. The default is true but you may set to
|
||||||
|
# false if you can be sure that SSL is terminated at an external loadbalancer.
|
||||||
|
FORCE_HTTPS=true
|
||||||
|
|
||||||
|
# Have the installation check for updates by sending anonymized statistics to
|
||||||
|
# the maintainers
|
||||||
|
ENABLE_UPDATES=true
|
||||||
|
|
||||||
|
# How many processes should be spawned. As a reasonable rule divide your servers
|
||||||
|
# available memory by 512 for a rough estimate
|
||||||
|
WEB_CONCURRENCY=1
|
||||||
|
|
||||||
|
# Override the maxium size of document imports, could be required if you have
|
||||||
|
# especially large Word documents with embedded imagery
|
||||||
|
MAXIMUM_IMPORT_SIZE=5120000
|
||||||
|
|
||||||
|
# You can remove this line if your reverse proxy already logs incoming http
|
||||||
|
# requests and this ends up being duplicative
|
||||||
|
DEBUG=http
|
||||||
|
|
||||||
|
# Comma separated list of domains to be allowed to signin to the wiki. If not
|
||||||
|
# set, all domains are allowed by default when using Google OAuth to signin
|
||||||
|
ALLOWED_DOMAINS=
|
||||||
|
|
||||||
|
# For a complete Slack integration with search and posting to channels the
|
||||||
|
# following configs are also needed, some more details
|
||||||
|
# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
|
||||||
|
#
|
||||||
|
SLACK_VERIFICATION_TOKEN=your_token
|
||||||
|
SLACK_APP_ID=A0XXXXXXX
|
||||||
|
SLACK_MESSAGE_ACTIONS=true
|
||||||
|
|
||||||
|
# Optionally enable google analytics to track pageviews in the knowledge base
|
||||||
|
GOOGLE_ANALYTICS_ID=
|
||||||
|
|
||||||
|
# Optionally enable Sentry (sentry.io) to track errors and performance
|
||||||
|
SENTRY_DSN=
|
||||||
|
|
||||||
|
# To support sending outgoing transactional emails such as "document updated" or
|
||||||
|
# "you've been invited" you'll need to provide authentication for an SMTP server
|
||||||
|
SMTP_HOST=
|
||||||
|
SMTP_PORT=
|
||||||
|
SMTP_USERNAME=
|
||||||
|
SMTP_PASSWORD=
|
||||||
|
SMTP_FROM_EMAIL=
|
||||||
|
SMTP_REPLY_EMAIL=
|
||||||
|
SMTP_TLS_CIPHERS=
|
||||||
|
SMTP_SECURE=true
|
||||||
|
|
||||||
|
# Custom logo that displays on the authentication screen, scaled to height: 60px
|
||||||
|
# TEAM_LOGO=https://example.com/images/logo.png
|
||||||
|
|
||||||
|
# The default interface language. See translate.getoutline.com for a list of
|
||||||
|
# available language codes and their rough percentage translated.
|
||||||
|
DEFAULT_LANGUAGE=en_US
|
||||||
|
|
72
compose.yml
72
compose.yml
|
@ -3,15 +3,44 @@ version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: nginx:1.19.2
|
|
||||||
networks:
|
networks:
|
||||||
|
- backend
|
||||||
- proxy
|
- proxy
|
||||||
|
image: outlinewiki/outline:0.59.0
|
||||||
|
volumes:
|
||||||
|
- outline_data:/opt/outline
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
- redis
|
||||||
|
- s3
|
||||||
|
environment:
|
||||||
|
- DATABASE_URL=postgres://user:pass@${STACK_NAME}_postgres:5532/outline
|
||||||
|
- DATABASE_URL_TEST=postgres://user:pass@${STACK_NAME}_postgres:5532/outline-test
|
||||||
|
- REDIS_URL=redis://${STACK_NAME}_redis:6479
|
||||||
|
- URL=https://$DOMAIN
|
||||||
|
- FORCE_HTTPS=true
|
||||||
|
- SECRET_KEY
|
||||||
|
- UTILS_SECRET
|
||||||
|
- AWS_ACCESS_KEY_ID
|
||||||
|
- AWS_SECRET_ACCESS_KEY
|
||||||
|
- AWS_REGION
|
||||||
|
- AWS_S3_UPLOAD_BUCKET_URL
|
||||||
|
- AWS_S3_UPLOAD_BUCKET_NAME
|
||||||
|
- AWS_S3_UPLOAD_MAX_SIZE
|
||||||
|
- AWS_S3_FORCE_PATH_STYLE
|
||||||
|
- AWS_S3_ACL
|
||||||
|
- OIDC_CLIENT_ID
|
||||||
|
- OIDC_CLIENT_SECRET
|
||||||
|
- OIDC_AUTH_URI
|
||||||
|
- OIDC_TOKEN_URI
|
||||||
|
- OIDC_USERINFO_URI
|
||||||
|
- OIDC_USERNAME_CLAIM
|
||||||
|
- OIDC_DISPLAY_NAME
|
||||||
|
- OIDC_SCOPES
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy:
|
|
||||||
condition: on-failure
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
|
||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
@ -19,13 +48,36 @@ services:
|
||||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||||
healthcheck:
|
redis:
|
||||||
test: ["CMD", "curl", "-f", "http://localhost"]
|
image: redis
|
||||||
interval: 30s
|
networks:
|
||||||
timeout: 10s
|
- backend
|
||||||
retries: 10
|
postgres:
|
||||||
start_period: 1m
|
image: postgres
|
||||||
|
networks:
|
||||||
|
- backend
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: user
|
||||||
|
POSTGRES_PASSWORD: pass
|
||||||
|
POSTGRES_DB: outline
|
||||||
|
s3:
|
||||||
|
image: lphoward/fake-s3
|
||||||
|
networks:
|
||||||
|
- backend
|
||||||
|
volumes:
|
||||||
|
- fakes3_data:/fakes3_root
|
||||||
|
#healthcheck:
|
||||||
|
# test: ["CMD", "curl", "-f", "http://localhost:4569"]
|
||||||
|
# interval: 30s
|
||||||
|
# timeout: 10s
|
||||||
|
# retries: 10
|
||||||
|
# start_period: 1m
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
|
backend:
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
outline_data:
|
||||||
|
fakes3_data:
|
||||||
|
|
Loading…
Reference in New Issue