2020-05-13 19:08:35 +02:00
|
|
|
version: '2.2'
|
|
|
|
services:
|
|
|
|
sharelatex:
|
|
|
|
restart: always
|
2021-02-21 20:09:05 +01:00
|
|
|
image: ldap-overleaf-sl:latest
|
2020-05-13 19:08:35 +02:00
|
|
|
container_name: ldap-overleaf-sl
|
|
|
|
depends_on:
|
|
|
|
mongo:
|
|
|
|
condition: service_healthy
|
|
|
|
redis:
|
|
|
|
condition: service_healthy
|
|
|
|
simple-certbot:
|
|
|
|
condition: service_started
|
|
|
|
privileged: false
|
|
|
|
ports:
|
|
|
|
- 443:443
|
|
|
|
links:
|
|
|
|
- mongo
|
|
|
|
- redis
|
|
|
|
- simple-certbot
|
|
|
|
volumes:
|
|
|
|
- ${MYDATA}/sharelatex:/var/lib/sharelatex
|
|
|
|
- ${MYDATA}/letsencrypt:/etc/letsencrypt
|
|
|
|
- ${MYDATA}/letsencrypt/live/${MYDOMAIN}/:/etc/letsencrypt/certs/domain
|
|
|
|
environment:
|
|
|
|
SHARELATEX_APP_NAME: Overleaf
|
|
|
|
SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex
|
|
|
|
SHARELATEX_SITE_URL: https://${MYDOMAIN}
|
|
|
|
SHARELATEX_NAV_TITLE: Overleaf - run by ${MYDOMAIN}
|
|
|
|
#SHARELATEX_HEADER_IMAGE_URL: https://${MYDOMAIN}/logo.svg
|
|
|
|
SHARELATEX_ADMIN_EMAIL: ${MYMAIL}
|
|
|
|
SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"} ]'
|
|
|
|
SHARELATEX_RIGHT_FOOTER: '[{"text": "LDAP Overleaf (beta)"} ]'
|
|
|
|
SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@${MYDOMAIN}"
|
|
|
|
# SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
|
|
|
|
# SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
|
|
|
|
SHARELATEX_EMAIL_SMTP_HOST: smtp.${MYDOMAIN}
|
|
|
|
SHARELATEX_EMAIL_SMTP_PORT: 587
|
|
|
|
SHARELATEX_EMAIL_SMTP_SECURE: 'false'
|
|
|
|
# SHARELATEX_EMAIL_SMTP_USER:
|
|
|
|
# SHARELATEX_EMAIL_SMTP_PASS:
|
|
|
|
# SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
|
|
|
|
# SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
|
|
|
|
SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."
|
|
|
|
|
|
|
|
LDAP_SERVER: ldaps://LDAPSERVER:636
|
2020-05-14 12:09:53 +02:00
|
|
|
LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
|
|
|
|
LDAP_BINDDN: ou=someunit,ou=people,dc=DOMAIN,dc=TLS
|
2020-05-13 19:08:35 +02:00
|
|
|
# By default tries to bind directly with the ldap user - this user has to be in the LDAP GROUP
|
2020-05-13 21:21:17 +02:00
|
|
|
LDAP_GROUP_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
|
2020-05-15 12:45:34 +02:00
|
|
|
|
|
|
|
# If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
|
|
|
|
# Admin Users can invite external (non ldap) users. This feature makes only sense
|
2020-05-15 13:35:05 +02:00
|
|
|
# when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send
|
2020-05-15 12:45:34 +02:00
|
|
|
# system wide messages.
|
2020-05-14 19:51:48 +02:00
|
|
|
#LDAP_ADMIN_GROUP_FILTER: '(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
|
2020-05-15 12:45:34 +02:00
|
|
|
ALLOW_EMAIL_LOGIN: 'false'
|
|
|
|
|
|
|
|
# All users in the LDAP_GROUP_FILTER are loaded from the ldap server into contacts.
|
|
|
|
# This LDAP search happens without bind. If you want this and your LDAP needs a bind you can
|
|
|
|
# adapt this in the function getLdapContacts() in ContactsController.js (lines 82 - 107)
|
2020-05-14 12:09:53 +02:00
|
|
|
LDAP_CONTACTS: 'false'
|
2020-05-13 19:08:35 +02:00
|
|
|
|
|
|
|
# Same property, unfortunately with different names in
|
|
|
|
# different locations
|
|
|
|
SHARELATEX_REDIS_HOST: redis
|
|
|
|
REDIS_HOST: redis
|
|
|
|
REDIS_PORT: 6379
|
|
|
|
|
|
|
|
ENABLED_LINKED_FILE_TYPES: 'url,project_file'
|
|
|
|
|
|
|
|
# Enables Thumbnail generation using ImageMagick
|
|
|
|
ENABLE_CONVERSIONS: 'true'
|
|
|
|
|
|
|
|
mongo:
|
|
|
|
restart: always
|
|
|
|
image: mongo
|
|
|
|
container_name: mongo
|
|
|
|
ports:
|
|
|
|
- 27017
|
|
|
|
volumes:
|
|
|
|
- ${MYDATA}/mongo_data:/data/db
|
|
|
|
healthcheck:
|
|
|
|
test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
|
|
|
|
interval: 10s
|
|
|
|
timeout: 10s
|
|
|
|
retries: 5
|
|
|
|
|
|
|
|
redis:
|
|
|
|
restart: always
|
|
|
|
image: redis
|
|
|
|
container_name: redis
|
|
|
|
# modify to get rid of the redis issue #35 and #19 with a better solution
|
|
|
|
# WARNING: /proc/sys/net/core/somaxconn is set to the lower value of 128.
|
|
|
|
# for vm overcommit: enable first on host system
|
|
|
|
# sysctl vm.overcommit_memory=1 (and add it to rc.local)
|
|
|
|
# then you do not need it in the redis container
|
|
|
|
sysctls:
|
|
|
|
- net.core.somaxconn=65535
|
|
|
|
# - vm.overcommit_memory=1
|
|
|
|
ports:
|
|
|
|
- 6379
|
|
|
|
volumes:
|
|
|
|
- ${MYDATA}/redis_data:/data
|
|
|
|
healthcheck:
|
|
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
|
|
interval: 10s
|
|
|
|
timeout: 5s
|
|
|
|
retries: 5
|
|
|
|
|
|
|
|
|
|
|
|
simple-certbot:
|
|
|
|
restart: always
|
|
|
|
image: certbot/certbot
|
|
|
|
container_name: simple-certbot
|
|
|
|
ports:
|
|
|
|
- 80:80
|
|
|
|
volumes:
|
|
|
|
- ${MYDATA}/letsencrypt:/etc/letsencrypt
|
|
|
|
# a bit hacky but this docker image uses very little disk-space
|
|
|
|
# best practices for ssl and nginx are set in the ldap-overleaf-sl Dockerfile
|
|
|
|
entrypoint:
|
|
|
|
- "/bin/sh"
|
|
|
|
- -c
|
|
|
|
- |
|
|
|
|
trap exit TERM;\
|
|
|
|
certbot certonly --standalone -d ${MYDOMAIN} --agree-tos -m ${MYMAIL} -n ; \
|
|
|
|
while :; do certbot renew; sleep 240h & wait $${!}; done;
|
|
|
|
|