AIUS/Overleaf
1
0
Fork 0
mirror of https://git.unistra.fr/aius/root/ldap-overleaf-sl.git synced 2025-05-04 11:45:26 +02:00
Code Issues Projects Releases Packages Wiki Activity
Overleaf/docker-compose.certbot.yml
yzx9 d5bf3e5d1c Add OAuth2 docs
2023-11-25 12:41:01 +08:00

173 lines
5.8 KiB
YAML
Raw Blame History

version: "2.2"
services:
sharelatex:
restart: always
image: ldap-overleaf-sl
container_name: ldap-overleaf-sl
depends_on:
mongo:
condition: service_healthy
redis:
condition: service_healthy
simple-certbot:
condition: service_started
privileged: false
ports:
- 443:443
links:
- mongo
- redis
- simple-certbot
volumes:
- ${MYDATA}/sharelatex:/var/lib/sharelatex
- ${MYDATA}/letsencrypt:/etc/letsencrypt
- ${MYDATA}/letsencrypt/live/${MYDOMAIN}/:/etc/letsencrypt/certs/domain
environment:
SHARELATEX_APP_NAME: Overleaf
SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex
SHARELATEX_SITE_URL: https://${MYDOMAIN}
SHARELATEX_NAV_TITLE: Overleaf - run by ${MYDOMAIN}
#SHARELATEX_HEADER_IMAGE_URL: https://${MYDOMAIN}/logo.svg
SHARELATEX_ADMIN_EMAIL: ${MYMAIL}
SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"} ]'
SHARELATEX_RIGHT_FOOTER: '[{"text": "LDAP Overleaf (beta)"} ]'
SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@${MYDOMAIN}"
# SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
# SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
SHARELATEX_EMAIL_SMTP_HOST: smtp.${MYDOMAIN}
SHARELATEX_EMAIL_SMTP_PORT: 587
SHARELATEX_EMAIL_SMTP_SECURE: "false"
# SHARELATEX_EMAIL_SMTP_USER:
# SHARELATEX_EMAIL_SMTP_PASS:
# SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
# SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."
# make public links accessible w/o login (link sharing issue)
# https://github.com/overleaf/docker-image/issues/66
# https://github.com/overleaf/overleaf/issues/628
# https://github.com/overleaf/web/issues/367
# Fixed in 2.0.2 (Release date: 2019-11-26)
SHARELATEX_ALLOW_PUBLIC_ACCESS: "true"
SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: "true"
SHARELATEX_SECURE_COOKIE: "true"
SHARELATEX_BEHIND_PROXY: "true"
LDAP_SERVER: ldaps://LDAPSERVER:636
LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD
### There are to ways get users from the ldap server
## NO LDAP BIND USER:
# Tries directly to bind with the login user (as uid)
# LDAP_BINDDN: uid=%u,ou=someunit,ou=people,dc=DOMAIN,dc=TLD
## Or you can use ai global LDAP_BIND_USER
# LDAP_BIND_USER:
# LDAP_BIND_PW:
# Only allow users matching LDAP_USER_FILTER
LDAP_USER_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
# If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
# Admin Users can invite external (non ldap) users. This feature makes only sense
# when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send
# system wide messages.
LDAP_ADMIN_GROUP_FILTER: "(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
ALLOW_EMAIL_LOGIN: "true"
# All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
LDAP_CONTACTS: "false"
## OAuth2 Settings
# OAUTH2_ENABLED: "true"
# OAUTH2_PROVIDER: YOUR_OAUTH2_PROVIDER
# OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID
# OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET
# OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE
# OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL
# OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL
# OAUTH2_TOKEN_CONTENT_TYPE: # One of ['application/x-www-form-urlencoded', 'application/json']
# OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL
# OAUTH2_USER_ATTR_EMAIL: email
# OAUTH2_USER_ATTR_UID: id
# OAUTH2_USER_ATTR_FIRSTNAME: name
# OAUTH2_USER_ATTR_LASTNAME:
# OAUTH2_USER_ATTR_IS_ADMIN: site_admin
# Same property, unfortunately with different names in
# different locations
SHARELATEX_REDIS_HOST: redis
REDIS_HOST: redis
REDIS_PORT: 6379
ENABLED_LINKED_FILE_TYPES: "url,project_file"
# Enables Thumbnail generation using ImageMagick
ENABLE_CONVERSIONS: "true"
mongo:
restart: always
image: mongo:4.4
container_name: mongo
expose:
- 27017
volumes:
- ${MYDATA}/mongo_data:/data/db
healthcheck:
test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
interval: 10s
timeout: 10s
retries: 5
command: "--replSet overleaf"
# See also: https://github.com/overleaf/overleaf/issues/1120
mongoinit:
image: mongo:4.4
# this container will exit after executing the command
restart: "no"
depends_on:
mongo:
condition: service_healthy
entrypoint:
[
"mongo",
"--host",
"mongo:27017",
"--eval",
'rs.initiate({ _id: "overleaf", members: [ { _id: 0, host: "mongo:27017" } ] })',
]
redis:
restart: always
image: redis:6.2
container_name: redis
expose:
- 6379
volumes:
- ${MYDATA}/redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
simple-certbot:
restart: always
image: certbot/certbot
container_name: simple-certbot
ports:
- 80:80
volumes:
- ${MYDATA}/letsencrypt:/etc/letsencrypt
# a bit hacky but this docker image uses very little disk-space
# best practices for ssl and nginx are set in the ldap-overleaf-sl Dockerfile
entrypoint:
- "/bin/sh"
- -c
- |
trap exit TERM;\
certbot certonly --standalone -d ${MYDOMAIN} --agree-tos -m ${MYMAIL} -n ; \
while :; do certbot renew; sleep 240h & wait $${!}; done;
Reference in a new issue View git blame Copy permalink