103 lines
3.0 KiB
Plaintext
103 lines
3.0 KiB
Plaintext
TYPE=wekan
|
|
TIMEOUT=300
|
|
ENABLE_AUTO_UPDATE=true
|
|
LETS_ENCRYPT_ENV=production
|
|
SECRET_OAUTH2_SECRET_VERSION=v1
|
|
|
|
COMPOSE_FILE="compose.yml"
|
|
|
|
# Set this to run mongodb in replicaset mode (needs initialisation!)
|
|
# COMPOSE_FILE="${COMPOSE_FILE}:compose.rs.yml"
|
|
|
|
DOMAIN=wekan.example.com
|
|
ROOT_URL=https://wekan.example.com
|
|
|
|
DEBUG=false
|
|
|
|
MAIL_URL=smtp://smtp:25/?ignoreTLS=true&tls={rejectUnauthorized:false}
|
|
MAIL_FROM="[WeKan] Wekan Notifications <noreply@example.org>"
|
|
|
|
WITH_API=true
|
|
RICHER_CARD_COMMENT_EDITOR=false
|
|
|
|
# CORS=*
|
|
# CORS_ALLOW_HEADERS=Authorization,Content-Type
|
|
# CORS_EXPOSE_HEADERS=*
|
|
|
|
# PASSWORD_LOGIN_ENABLED=false
|
|
|
|
### OAUTH2 ###
|
|
|
|
OAUTH2_ENABLED=false
|
|
# OAUTH2_LOGIN_STYLE=redirect
|
|
# OAUTH2_CLIENT_ID=wekan
|
|
# OAUTH2_SERVER_URL=https://authentik.example.com
|
|
# OAUTH2_AUTH_ENDPOINT=/application/o/authorize/
|
|
# OAUTH2_USERINFO_ENDPOINT=/application/o/userinfo/
|
|
# OAUTH2_TOKEN_ENDPOINT=/application/o/token/
|
|
# OAUTH2_REQUEST_PERMISSIONS="openid profile email wekan"
|
|
# OAUTH2_ID_MAP=preferred_username
|
|
# OAUTH2_USERNAME_MAP=preferred_username
|
|
# OAUTH2_FULLNAME_MAP=given_name
|
|
# OAUTH2_EMAIL_MAP=email
|
|
# PROPAGATE_OIDC_DATA=true
|
|
# OIDC_REDIRECTION_ENABLED=true
|
|
|
|
|
|
### LDAP ###
|
|
|
|
|
|
|
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.ldap.yml"
|
|
# DEFAULT_AUTHENTICATION_METHOD=ldap
|
|
# LDAP_ENABLE=true
|
|
# LDAP_PORT=389
|
|
# LDAP_HOST=ldap.example.org
|
|
# LDAP_AD_SIMPLE_AUTH=false
|
|
# LDAP_USER_AUTHENTICATION=true
|
|
# LDAP_USER_AUTHENTICATION_FIELD=cn
|
|
# LDAP_DEFAULT_DOMAIN=mydomain.com
|
|
# LDAP_BASEDN=dc=ldap,dc=goauthentik,dc=io
|
|
# LDAP_LOGIN_FALLBACK=false
|
|
# LDAP_RECONNECT=true
|
|
# LDAP_TIMEOUT=10000
|
|
# LDAP_IDLE_TIMEOUT=10000
|
|
# LDAP_CONNECT_TIMEOUT=10000
|
|
# LDAP_AUTHENTIFICATION=true
|
|
# LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=ldap,dc=goauthentik,dc=io"
|
|
# LDAP_AUTHENTIFICATION_PASSWORD=secret
|
|
# LDAP_LOG_ENABLED=true
|
|
# LDAP_BACKGROUND_SYNC=true
|
|
# LDAP_BACKGROUND_SYNC_INTERVAL='every 1 hour'
|
|
# LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
|
|
# LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
|
|
# LDAP_ENCRYPTION=false
|
|
# LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE-----
|
|
# LDAP_REJECT_UNAUTHORIZED=false
|
|
# LDAP_USER_SEARCH_FILTER=
|
|
# LDAP_USER_SEARCH_SCOPE=ou=users,dc=ldap,dc=goauthentik,dc=io
|
|
# LDAP_USER_SEARCH_FIELD=cn
|
|
# LDAP_SEARCH_PAGE_SIZE=0
|
|
# LDAP_SEARCH_SIZE_LIMIT=0
|
|
# Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap.
|
|
# LDAP_GROUP_FILTER_ENABLE=true
|
|
# LDAP_GROUP_FILTER_OBJECTCLASS=group
|
|
# LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn
|
|
# LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=member
|
|
# LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=dn
|
|
# LDAP_GROUP_FILTER_GROUP_NAME=
|
|
# LDAP_UNIQUE_IDENTIFIER_FIELD=guid
|
|
# LDAP_UTF8_NAMES_SLUGIFY=true
|
|
# LDAP_USERNAME_FIELD=cn
|
|
# LDAP_FULLNAME_FIELD=name
|
|
# LDAP_MERGE_EXISTING_USERS=true
|
|
# LDAP_EMAIL_MATCH_ENABLE=true
|
|
# LDAP_EMAIL_MATCH_REQUIRE=true
|
|
# LDAP_EMAIL_MATCH_VERIFIED=true
|
|
# LDAP_EMAIL_FIELD=mail
|
|
# LDAP_SYNC_USER_DATA=true
|
|
# LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
|
|
# LDAP_SYNC_GROUP_ROLES=
|
|
# LDAP_SYNC_ADMIN_STATUS=true
|
|
# LDAP_SYNC_ADMIN_GROUPS=admin
|