forked from coop-cloud/hedgedoc
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ca5a95bea6 | |||
| 6a036c4c82 | |||
| d19f286c11 |
@ -8,13 +8,11 @@ DOMAIN=hedgedoc.example.com
|
||||
#EXTRA_DOMAINS=', `www.hedgedoc.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_SESSION_SECRET_VERSION=v1
|
||||
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
# PostgreSQL
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.postgresql.yml"
|
||||
#SECRET_DB_PASSWORD_VERSION=v1
|
||||
|
||||
# OAuth, see https://docs.hedgedoc.org/guides/auth/keycloak/
|
||||
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.oauth.yml"
|
||||
@ -37,6 +35,7 @@ COMPOSE_FILE="compose.yml"
|
||||
# CMD_ALLOW_ANONYMOUS_EDITS=false
|
||||
# CMD_ALLOW_EMAIL_REGISTER=true
|
||||
# CMD_ALLOW_FREEURL=false
|
||||
# CMD_REQUIRE_FREEURL_AUTHENTICATION=true
|
||||
# CMD_ALLOW_GRAVATAR=true
|
||||
# CMD_ALLOW_ORIGIN=localhost
|
||||
# CMD_COOKIE_POLICY=lax
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -1,2 +1,2 @@
|
||||
export ENTRYPOINT_CONF_VERSION=v10
|
||||
export ENTRYPOINT_CONF_VERSION=v9
|
||||
export PG_BACKUP_VERSION=v1
|
||||
|
||||
@ -1,55 +0,0 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- CMD_DB_URL=
|
||||
- CMD_DB_NAME=codimd
|
||||
- CMD_DB_USER=codimd
|
||||
- CMD_DB_HOST=db
|
||||
- CMD_DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- internal
|
||||
secrets:
|
||||
- db_password
|
||||
db:
|
||||
image: postgres:16.4-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=codimd
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_DB=codimd
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
secrets:
|
||||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.postgres.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
healthcheck:
|
||||
test: "pg_isready"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 1m
|
||||
configs:
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
volumes:
|
||||
postgres:
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
networks:
|
||||
internal:
|
||||
configs:
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
59
compose.yml
59
compose.yml
@ -8,11 +8,15 @@ services:
|
||||
- CMD_DOMAIN=$DOMAIN
|
||||
- CMD_PROTOCOL_USESSL=true
|
||||
- CMD_HSTS_ENABLE=false
|
||||
- CMD_DB_URL=sqlite:/database/db.sqlite3
|
||||
- CMD_DB_NAME=codimd
|
||||
- CMD_DB_USER=codimd
|
||||
- CMD_DB_HOST=db
|
||||
- CMD_DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
- CMD_ALLOW_ANONYMOUS
|
||||
- CMD_ALLOW_ANONYMOUS_EDITS
|
||||
- CMD_ALLOW_EMAIL_REGISTER
|
||||
- CMD_ALLOW_FREEURL
|
||||
- CMD_REQUIRE_FREEURL_AUTHENTICATION
|
||||
- CMD_ALLOW_GRAVATAR
|
||||
- CMD_ALLOW_ORIGIN
|
||||
- CMD_COOKIE_POLICY
|
||||
@ -23,12 +27,18 @@ services:
|
||||
- CMD_DEFAULT_PERMISSION
|
||||
- CMD_EMAIL
|
||||
- CMD_SESSION_LIFE
|
||||
- CMD_SESSION_SECRET_FILE=/run/secrets/session_secret
|
||||
- DOCUMENT_MAX_LENGTH
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
volumes:
|
||||
- codimd_uploads:/hedgedoc/public/uploads
|
||||
- codimd_database:/database
|
||||
secrets:
|
||||
- db_password
|
||||
- session_secret
|
||||
entrypoint: /docker-entrypoint.sh
|
||||
configs:
|
||||
- source: entrypoint_conf
|
||||
@ -50,20 +60,56 @@ services:
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.2.1+1.10.0"
|
||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.2.0+1.10.0"
|
||||
healthcheck:
|
||||
test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
db:
|
||||
image: postgres:16.4-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=codimd
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_DB=codimd
|
||||
volumes:
|
||||
- "postgres:/var/lib/postgresql/data"
|
||||
secrets:
|
||||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
||||
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
||||
backupbot.backup.volumes.postgres.path: "backup.sql"
|
||||
backupbot.restore.post-hook: '/pg_backup.sh restore'
|
||||
healthcheck:
|
||||
test: "pg_isready"
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 5
|
||||
start_period: 1m
|
||||
configs:
|
||||
- source: pg_backup
|
||||
target: /pg_backup.sh
|
||||
mode: 0555
|
||||
|
||||
volumes:
|
||||
postgres:
|
||||
codimd_uploads:
|
||||
codimd_database:
|
||||
secrets:
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
session_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_session_secret_${SECRET_SESSION_SECRET_VERSION}
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
internal:
|
||||
configs:
|
||||
config_json:
|
||||
name: ${STACK_NAME}_config_${ENTRYPOINT_CONF_VERSION}
|
||||
@ -73,3 +119,6 @@ configs:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
pg_backup:
|
||||
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
||||
file: pg_backup.sh
|
||||
|
||||
@ -24,6 +24,7 @@ file_env() {
|
||||
load_vars() {
|
||||
file_env "CMD_DB_PASSWORD"
|
||||
file_env "CMD_OAUTH2_CLIENT_SECRET"
|
||||
file_env "CMD_SESSION_SECRET"
|
||||
}
|
||||
|
||||
main() {
|
||||
@ -33,13 +34,11 @@ main() {
|
||||
mkdir -p "/hedgedoc/.npm" && \
|
||||
chown -R 10000:65534 "/hedgedoc/.npm" && \
|
||||
chmod "u+rwx" "/hedgedoc/.npm"
|
||||
|
||||
chown -R 10000:65534 /database
|
||||
}
|
||||
|
||||
main
|
||||
|
||||
export CMD_DB_URL="${CMD_DB_URL:-postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME}"
|
||||
export CMD_DB_URL=postgres://$CMD_DB_USER:$CMD_DB_PASSWORD@$CMD_DB_HOST:5432/$CMD_DB_NAME
|
||||
|
||||
# 3wc: `source /docker-entrypoint.sh -e` to load CMD_DB_URL for CLI scripts
|
||||
if [ ! "${1-}" == "-e" ]; then
|
||||
|
||||
Reference in New Issue
Block a user