AIUS/Overleaf
1
0
Fork 0
mirror of https://git.unistra.fr/aius/root/ldap-overleaf-sl.git synced 2025-05-04 19:55:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

small docker compose comments

Browse source
This commit is contained in:
Simon M. Haller-Seeber 2021-06-08 15:44:14 +02:00
parent 9cde93be05
commit ba73f282ec
2 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docker-compose.certbot.yml
View file

@ -78,6 +78,7 @@ services:
ALLOW_EMAIL_LOGIN: 'true' ALLOW_EMAIL_LOGIN: 'true'
# All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts. # All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
LDAP_CONTACT_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
LDAP_CONTACTS: 'false' LDAP_CONTACTS: 'false'
# Same property, unfortunately with different names in # Same property, unfortunately with different names in

15
docker-compose.traefik.yml
View file

@ -83,20 +83,20 @@ services:
# - ${MYDATA}/letsencrypt/live/${MYDOMAIN}/:/etc/letsencrypt/certs/domain # - ${MYDATA}/letsencrypt/live/${MYDOMAIN}/:/etc/letsencrypt/certs/domain
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.tex.entrypoints=web" # global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`${MYDOMAIN}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.sharel.middlewares=redirect-to-https@docker" # handle https traffic
- "traefik.http.routers.sharel-secured.rule=Host(`${MYDOMAIN}`)" - "traefik.http.routers.sharel-secured.rule=Host(`${MYDOMAIN}`)"
- "traefik.http.routers.sharel-secured.tls=true" - "traefik.http.routers.sharel-secured.tls=true"
- "traefik.http.routers.sharel-secured.tls.certresolver=myhttpchallenge" - "traefik.http.routers.sharel-secured.tls.certresolver=myhttpchallenge"
- "traefik.http.routers.sharel-secured.entrypoints=web-secure" - "traefik.http.routers.sharel-secured.entrypoints=web-secure"
- "traefik.http.routers.proxy-https.entrypoints=web-secure" - "traefik.http.middlewares.sharel-secured.forwardauth.trustForwardHeader=true"
- "traefik.http.routers.proxy-https.rule=Host(`${MYDOMAIN}`)" # Docker loadbalance
- "traefik.http.services.sharel.loadbalancer.server.port=80" - "traefik.http.services.sharel.loadbalancer.server.port=80"
- "traefik.http.services.sharel.loadbalancer.server.scheme=http" - "traefik.http.services.sharel.loadbalancer.server.scheme=http"
# ToDo - internally connect via https: reuse the certifiacte from traefik (acme.json)
#- "traefik.http.services.sharel.loadbalancer.server.port=443"
#- "traefik.http.services.sharel.loadbalancer.server.scheme=https"
- "traefik.http.services.sharel.loadbalancer.sticky.cookie=true" - "traefik.http.services.sharel.loadbalancer.sticky.cookie=true"
- "traefik.http.services.sharel.loadbalancer.sticky.cookie.name=io" - "traefik.http.services.sharel.loadbalancer.sticky.cookie.name=io"
- "traefik.http.services.sharel.loadbalancer.sticky.cookie.httponly=true" - "traefik.http.services.sharel.loadbalancer.sticky.cookie.httponly=true"
@ -157,6 +157,7 @@ services:
ALLOW_EMAIL_LOGIN: 'true' ALLOW_EMAIL_LOGIN: 'true'
# All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts. # All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
LDAP_CONTACT_FILTER: '(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)'
LDAP_CONTACTS: 'false' LDAP_CONTACTS: 'false'
# Same property, unfortunately with different names in # Same property, unfortunately with different names in