AIUS/Overleaf
1
0
Fork 0
mirror of https://git.unistra.fr/aius/root/ldap-overleaf-sl.git synced 2025-05-04 19:55:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

Disable secure cookie in no proxy settings

Browse source
This commit is contained in:
yzx9 2023-11-24 13:58:33 +08:00
parent 78652946ee
commit a30419ea5a
4 changed files with 19 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
README.md
View file

@ -141,7 +141,8 @@ OAUTH2_PROFILE_URL: https://api.github.com/user
OAUTH2_USER_ATTR_EMAIL: email OAUTH2_USER_ATTR_EMAIL: email
OAUTH2_USER_ATTR_UID: id OAUTH2_USER_ATTR_UID: id
OAUTH2_USER_ATTR_FIRSTNAME: name OAUTH2_USER_ATTR_FIRSTNAME: name
OAUTH2_USER_ATTR_LASTNAME: site_admin OAUTH2_USER_ATTR_LASTNAME:
OAUTH2_USER_ATTR_IS_ADMIN: site_admin
``` ```
### Sharelatex Configuration ### Sharelatex Configuration
@ -149,7 +150,7 @@ OAUTH2_USER_ATTR_LASTNAME: site_admin
Edit SHARELATEX_ environment variables in [docker-compose.traefik.yml](docker-compose.traefik.yml) or [docker-compose.certbot.yml](docker-compose.certbot.yml) to fit your local setup Edit SHARELATEX_ environment variables in [docker-compose.traefik.yml](docker-compose.traefik.yml) or [docker-compose.certbot.yml](docker-compose.certbot.yml) to fit your local setup
(e.g. proper SMTP server, Header, Footer, App Name,...). See https://github.com/overleaf/overleaf/wiki/Quick-Start-Guide for more details. (e.g. proper SMTP server, Header, Footer, App Name,...). See https://github.com/overleaf/overleaf/wiki/Quick-Start-Guide for more details.
## Installation, Usage and Inital startup ## Installation, Usage and Initial startup
Install the docker engine: https://docs.docker.com/engine/install/ Install the docker engine: https://docs.docker.com/engine/install/
@ -177,9 +178,9 @@ docker network create web
to create a network for the docker instances. to create a network for the docker instances.
## Startup ### Startup
### Using without proxy #### Using without proxy
In most cases, you should use a gateway reverse proxy for your requests (see the next section), as they can offer many benefits such as enhanced security and easier SSL certificate updates. This simple startup method is used for 1. Development 2. When you know what you're doing, for example, when there is an additional gateway layer outside your server. In most cases, you should use a gateway reverse proxy for your requests (see the next section), as they can offer many benefits such as enhanced security and easier SSL certificate updates. This simple startup method is used for 1. Development 2. When you know what you're doing, for example, when there is an additional gateway layer outside your server.
@ -189,11 +190,11 @@ Start docker containers:
docker-compose up -d docker-compose up -d
``` ```
### Using proxy #### Using proxy
There are 2 different ways of starting either using Traefik or using Certbot. Adapt the one you want to use. There are 2 different ways of starting either using Traefik or using Certbot. Adapt the one you want to use.
#### Using Traefik ##### Using Traefik
Then start docker containers (with loadbalancer): Then start docker containers (with loadbalancer):
@ -202,7 +203,7 @@ export NUMINSTANCES=1
docker-compose -f docker-compose.traefik.yml up -d --scale sharelatex=$NUMINSTANCES docker-compose -f docker-compose.traefik.yml up -d --scale sharelatex=$NUMINSTANCES
``` ```
#### Using Certbot ##### Using Certbot
Enable line 65/66 and 69/70 in ldapoverleaf-sl/Dockerfile and ``make`` again. Enable line 65/66 and 69/70 in ldapoverleaf-sl/Dockerfile and ``make`` again.
@ -212,8 +213,8 @@ docker-compose -f docker-compose.certbot.yml up -d
## Debug ## Debug
1. Set the env variable `LOG_LEVEL` to debug (default is info - you can do this in the docker-compose file) 1. Set the env variable `LOG_LEVEL` to `debug` (default is info - you can do this in the docker-compose file)
2. Look in the logs of sharelatex (e.g. `/var/log/sharelatex/web.log`) 2. Check the logs in ShareLaTeX, particularly at `/var/log/sharelatex/web.log`. You can do this by using the command: `docker exec ldap-overleaf-sl cat /var/log/sharelatex/web.log`.
## Upgrading ## Upgrading

2
docker-compose.certbot.yml
View file

@ -81,6 +81,7 @@ services:
LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)" LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
LDAP_CONTACTS: "false" LDAP_CONTACTS: "false"
## OAuth2 Settings
# OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID # OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID
# OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET
# OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE
@ -91,6 +92,7 @@ services:
# OAUTH2_USER_ATTR_UID: id # OAUTH2_USER_ATTR_UID: id
# OAUTH2_USER_ATTR_FIRSTNAME: name # OAUTH2_USER_ATTR_FIRSTNAME: name
# OAUTH2_USER_ATTR_LASTNAME: # OAUTH2_USER_ATTR_LASTNAME:
# OAUTH2_USER_ATTR_IS_ADMIN: site_admin
# Same property, unfortunately with different names in # Same property, unfortunately with different names in
# different locations # different locations

2
docker-compose.traefik.yml
View file

@ -162,6 +162,7 @@ services:
LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)" LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
LDAP_CONTACTS: "false" LDAP_CONTACTS: "false"
## OAuth2 Settings
# OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID # OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID
# OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET
# OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE
@ -172,6 +173,7 @@ services:
# OAUTH2_USER_ATTR_UID: id # OAUTH2_USER_ATTR_UID: id
# OAUTH2_USER_ATTR_FIRSTNAME: name # OAUTH2_USER_ATTR_FIRSTNAME: name
# OAUTH2_USER_ATTR_LASTNAME: # OAUTH2_USER_ATTR_LASTNAME:
# OAUTH2_USER_ATTR_IS_ADMIN: site_admin
# Same property, unfortunately with different names in # Same property, unfortunately with different names in
# different locations # different locations

7
docker-compose.yml
View file

@ -48,8 +48,9 @@ services:
SHARELATEX_ALLOW_PUBLIC_ACCESS: "true" SHARELATEX_ALLOW_PUBLIC_ACCESS: "true"
SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: "true" SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: "true"
SHARELATEX_SECURE_COOKIE: "true" # Uncomment the following line to enable secure cookies if you are using SSL
SHARELATEX_BEHIND_PROXY: "true" # SHARELATEX_SECURE_COOKIE: "true"
# SHARELATEX_BEHIND_PROXY: "true"
LDAP_SERVER: ldaps://LDAPSERVER:636 LDAP_SERVER: ldaps://LDAPSERVER:636
LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
@ -78,6 +79,7 @@ services:
LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)" LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
LDAP_CONTACTS: "false" LDAP_CONTACTS: "false"
## OAuth2 Settings
# OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID # OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID
# OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET
# OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE
@ -88,6 +90,7 @@ services:
# OAUTH2_USER_ATTR_UID: id # OAUTH2_USER_ATTR_UID: id
# OAUTH2_USER_ATTR_FIRSTNAME: name # OAUTH2_USER_ATTR_FIRSTNAME: name
# OAUTH2_USER_ATTR_LASTNAME: # OAUTH2_USER_ATTR_LASTNAME:
# OAUTH2_USER_ATTR_IS_ADMIN: site_admin
# Same property, unfortunately with different names in # Same property, unfortunately with different names in
# different locations # different locations