Working 🎉
This commit is contained in:
3wc
31
.env.sample
31
.env.sample
@ -6,3 +6,34 @@ DOMAIN=pdfding.example.com
|
||||
#EXTRA_DOMAINS=', `www.pdfding.example.com`'
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
COMPOSE_FILE=compose.yml
|
||||
|
||||
SECRET_SECRET_KEY_VERSION=v1
|
||||
|
||||
# Default: FALSE (user signup is enabled)
|
||||
#DISABLE_USER_SIGNUP=TRUE
|
||||
|
||||
# Email; see https://docs.pdfding.com/configuration/email/
|
||||
#EMAIL_BACKEND=SMTP
|
||||
#EMAIL_ADDRESS=noreply@example.com
|
||||
#SMTP_HOST=smtp.example.com
|
||||
#SMTP_PORT=587
|
||||
#SMTP_USER=noreply@example.com
|
||||
# NOTE: The following options are mutually exclusive, you must choose maximum 1 of them
|
||||
#SMTP_USE_TLS=TRUE
|
||||
#SMTP_USE_SSL
|
||||
|
||||
# If your SMTP server requires a password:
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp-password.yml"
|
||||
#SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
|
||||
# OIDC single sign-on, see https://docs.pdfding.com/configuration/sso_oidc/
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
|
||||
#OIDC_CLIENT_ID
|
||||
#OIDC_AUTH_URL=https://auth.example.com/.well-known/openid-configuration
|
||||
#OIDC_GROUPS_CLAIM
|
||||
#OIDC_ADMIN_GROUP
|
||||
#OIDC_EXTRA_SCOPE
|
||||
#OIDC_ONLY=TRUE
|
||||
#OIDC_PROVIDER_NAME
|
||||
|
||||
10
abra-entrypoint.sh.tmpl
Normal file
10
abra-entrypoint.sh.tmpl
Normal file
@ -0,0 +1,10 @@
|
||||
#!/bin/sh
|
||||
|
||||
[ -f "$SECRET_KEY_FILE" ] && export SECRET_KEY="$(cat "${SECRET_KEY_FILE}")"
|
||||
[ -f "$SMTP_PASSWORD_FILE" ] && export SMTP_PASSWORD="$(cat "${SMTP_PASSWORD_FILE}")"
|
||||
[ -f "$OIDC_CLIENT_SECRET_FILE" ] && export OIDC_CLIENT_SECRET="$(cat "${OIDC_CLIENT_SECRET_FILE}")"
|
||||
|
||||
# if not in "env" mode, then execute the original entrypoint and command
|
||||
if [ ! "$1" = "-e" ]; then
|
||||
/home/nonroot/bootstrap.sh
|
||||
fi
|
||||
1
abra.sh
1
abra.sh
@ -1,2 +1,3 @@
|
||||
# Set any config versions here
|
||||
# Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
|
||||
export ABRA_ENTRYPOINT_CONF_VERSION=v1
|
||||
|
||||
19
compose.oidc.yml
Normal file
19
compose.oidc.yml
Normal file
@ -0,0 +1,19 @@
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- OIDC_ENABLE=TRUE
|
||||
- OIDC_CLIENT_ID
|
||||
- OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
|
||||
- OIDC_AUTH_URL
|
||||
- OIDC_GROUPS_CLAIM
|
||||
- OIDC_ADMIN_GROUP
|
||||
- OIDC_EXTRA_SCOPE
|
||||
- OIDC_ONLY
|
||||
- OIDC_PROVIDER_NAME
|
||||
secrets:
|
||||
- oidc_client_secret
|
||||
|
||||
secrets:
|
||||
oidc_client_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
|
||||
11
compose.smtp-password.yml
Normal file
11
compose.smtp-password.yml
Normal file
@ -0,0 +1,11 @@
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- SMTP_PASSWORD_FILE=/run/secrets/smtp_password
|
||||
secrets:
|
||||
- smtp_password
|
||||
|
||||
secrets:
|
||||
smtp_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||
69
compose.yml
69
compose.yml
@ -1,34 +1,56 @@
|
||||
---
|
||||
services:
|
||||
app:
|
||||
image: nginx:1.27.5
|
||||
image: mrmn/pdfding:v1.6.3
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
- HOST_NAME=127.0.0.1,${DOMAIN}
|
||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- CSRF_COOKIE=TRUE
|
||||
- SESSION_COOKIE_SECURE=TRUE
|
||||
- DISABLE_USER_SIGNUP
|
||||
- EMAIL_BACKEND
|
||||
- EMAIL_ADDRESS
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT
|
||||
- SMTP_USER
|
||||
- SMTP_USE_TLS
|
||||
- SMTP_USE_SSL
|
||||
volumes:
|
||||
- sqlite_data:/home/nonroot/pdfding/db
|
||||
- media:/home/nonroot/pdfding/media
|
||||
secrets:
|
||||
- secret_key
|
||||
configs:
|
||||
- source: abra_entrypoint_conf
|
||||
target: /abra-entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: [ "/abra-entrypoint.sh" ]
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8000"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
## Edit the following line if you are using one, but not both, "Redirect" sections below
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname"
|
||||
## Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.regex=^http[s]?://([^/]*)/(.*)"
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.replacement=https://${DOMAIN}/$${2}"
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.permanent=true"
|
||||
## Redirect HTTP to HTTPS
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.scheme=https"
|
||||
# - "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.permanent=true"
|
||||
## When you're ready for release, run "abra recipe sync <name>" to set this
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirectscheme,${STACK_NAME}-redirecthostname"
|
||||
# Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.regex=^http[s]?://([^/]*)/(.*)"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.replacement=https://${DOMAIN}/$${2}"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirecthostname.redirectregex.permanent=true"
|
||||
# Redirect HTTP to HTTPS
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirectscheme.redirectscheme.permanent=true"
|
||||
# When you're ready for release, run "abra recipe sync <name>" to set this
|
||||
- "coop-cloud.${STACK_NAME}.version="
|
||||
## Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
|
||||
# - "backupbot.backup=true"
|
||||
# - "backupbot.backup.path=/some/path"
|
||||
# Enable backups: https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-configure-backuprestore
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/home/nonroot/pdfding/"
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost"]
|
||||
test: ["CMD", "wget", "-qO-", "http://127.0.0.1:8000"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
@ -37,3 +59,18 @@ services:
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
configs:
|
||||
abra_entrypoint_conf:
|
||||
name: ${STACK_NAME}_abra_entrypoint_conf_${ABRA_ENTRYPOINT_CONF_VERSION}
|
||||
file: abra-entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
|
||||
secrets:
|
||||
secret_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||
|
||||
volumes:
|
||||
sqlite_data:
|
||||
media:
|
||||
|
||||
Reference in New Issue
Block a user