From 34862810df686abfc0ee9ff1a13690a7b2bacc7e Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Thu, 22 Sep 2022 15:39:15 +0300 Subject: [PATCH] Added METRICS_ALLOWED_IP_ADDRESSES settings to Docker/Snap/Source https://github.com/wekan/wekan/wiki/Metrics . Thanks to xet7 ! Related https://github.com/wekan/wekan/pull/4700 --- Dockerfile | 1 + docker-compose.yml | 4 ++++ snap-src/bin/config | 6 +++++- snap-src/bin/wekan-help | 25 +++++++++++++++++++++++++ start-wekan.bat | 4 ++++ start-wekan.sh | 4 ++++ torodb-postgresql/docker-compose.yml | 4 ++++ 7 files changed, 47 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5a10cab41..290c722a7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -57,6 +57,7 @@ ENV BUILD_DEPS="apt-utils libarchive-tools gnupg gosu wget curl bzip2 g++ build- MATOMO_SITE_ID="" \ MATOMO_DO_NOT_TRACK=true \ MATOMO_WITH_USERNAME=false \ + METRICS_ALLOWED_IP_ADDRESSES="" \ BROWSER_POLICY_ENABLED=true \ TRUSTED_URL="" \ WEBHOOKS_ATTRIBUTES="" \ diff --git a/docker-compose.yml b/docker-compose.yml index 08d1f5f35..92134e38f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -347,6 +347,10 @@ services: # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. #- TRUSTED_URL=https://intra.example.com #----------------------------------------------------------------- + # ==== METRICS ALLOWED IP ADDRESSES ==== + # https://github.com/wekan/wekan/wiki/Metrics + #- METRICS_ALLOWED_IP_ADDRESSES=192.168.0.100,192.168.0.200 + #----------------------------------------------------------------- # ==== OUTGOING WEBHOOKS ==== # What to send to Outgoing Webhook, or leave out. If commented out the default values will be: cardId,listId,oldListId,boardId,comment,user,card,commentId,swimlaneId,customerField,customFieldValue #- WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId diff --git a/snap-src/bin/config b/snap-src/bin/config index aabfe22bd..9820da8e5 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="DEBUG MONGO_LOG_DESTINATION MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM MAIL_SERVICE MAIL_SERVICE_USER MAIL_SERVICE_PASSWORD ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM ATTACHMENTS_UPLOAD_MIME_TYPES ATTACHMENTS_UPLOAD_MAX_SIZE AVATARS_UPLOAD_EXTERNAL_PROGRAM AVATARS_UPLOAD_MIME_TYPES AVATARS_UPLOAD_MAX_SIZE MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OIDC_REDIRECTION_ENABLED OAUTH2_CA_CERT OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_AD_SIMPLE_AUTH LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES ORACLE_OIM_ENABLED RESULTS_PER_PAGE WAIT_SPINNER NODE_OPTIONS" +keys="DEBUG MONGO_LOG_DESTINATION MONGO_URL MONGODB_BIND_UNIX_SOCKET MONGO_URL MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM MAIL_SERVICE MAIL_SERVICE_USER MAIL_SERVICE_PASSWORD ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API RICHER_CARD_COMMENT_EDITOR CARD_OPENED_WEBHOOK_ENABLED ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM ATTACHMENTS_UPLOAD_MIME_TYPES ATTACHMENTS_UPLOAD_MAX_SIZE AVATARS_UPLOAD_EXTERNAL_PROGRAM AVATARS_UPLOAD_MIME_TYPES AVATARS_UPLOAD_MAX_SIZE MAX_IMAGE_PIXEL IMAGE_COMPRESS_RATIO BIGEVENTS_PATTERN NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE NOTIFY_DUE_DAYS_BEFORE_AND_AFTER NOTIFY_DUE_AT_HOUR_OF_DAY EMAIL_NOTIFICATION_TIMEOUT CORS CORS_ALLOW_HEADERS CORS_EXPOSE_HEADERS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME METRICS_ALLOWED_IP_ADDRESSES BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OIDC_REDIRECTION_ENABLED OAUTH2_CA_CERT OAUTH2_LOGIN_STYLE OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT OAUTH2_ID_MAP OAUTH2_USERNAME_MAP OAUTH2_FULLNAME_MAP OAUTH2_ID_TOKEN_WHITELIST_FIELDS OAUTH2_EMAIL_MAP OAUTH2_REQUEST_PERMISSIONS OAUTH2_ADFS_ENABLED LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_AD_SIMPLE_AUTH LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_AUTHENTICATION LDAP_USER_AUTHENTICATION_FIELD LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LDAP_EMAIL_MATCH_ENABLE LDAP_EMAIL_MATCH_REQUIRE LDAP_EMAIL_MATCH_VERIFIED LDAP_EMAIL_FIELD LDAP_SYNC_ADMIN_STATUS LDAP_SYNC_ADMIN_GROUPS HEADER_LOGIN_ID HEADER_LOGIN_FIRSTNAME HEADER_LOGIN_LASTNAME HEADER_LOGIN_EMAIL LOGOUT_WITH_TIMER LOGOUT_IN LOGOUT_ON_HOURS LOGOUT_ON_MINUTES DEFAULT_AUTHENTICATION_METHOD PASSWORD_LOGIN_ENABLED CAS_ENABLED CAS_BASE_URL CAS_LOGIN_URL CAS_VALIDATE_URL SAML_ENABLED SAML_PROVIDER SAML_ENTRYPOINT SAML_ISSUER SAML_CERT SAML_IDPSLO_REDIRECTURL SAML_PRIVATE_KEYFILE SAML_PUBLIC_CERTFILE SAML_IDENTIFIER_FORMAT SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE SAML_ATTRIBUTES ORACLE_OIM_ENABLED RESULTS_PER_PAGE WAIT_SPINNER NODE_OPTIONS" #DESCRIPTION_WRITABLE_PATH="Writable path. Default: $SNAP_COMMON/files" #DEFAULT_WRITABLE_PATH="$SNAP_COMMON/files" @@ -211,6 +211,10 @@ DESCRIPTION_MATOMO_WITH_USERNAME="The option that allows matomo to retrieve the DEFAULT_MATOMO_WITH_USERNAME="false" KEY_MATOMO_WITH_USERNAME="matomo-with-username" +DESCRIPTION_METRICS_ALLOWED_IP_ADDRESSES="Metrics allowed IP addresses, separated by ',' . https://github.com/wekan/wekan/wiki/Metrics" +DEFAULT_METRICS_ALLOWED_IP_ADDRESSES="" +KEY_METRICS_ALLOWED_IP_ADDRESSES"metrics-allowed-ip-addresses" + DESCRIPTION_BROWSER_POLICY_ENABLED="Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.\n"\ "\t\t\t Setting this to false is not recommended, it also disables all other browser policy protections\n"\ "\t\t\t and allows all iframing etc. See wekan/server/policy.js" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index 4586baedb..058f137a7 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -206,6 +206,31 @@ echo -e "\t$ snap set $SNAP_NAME cors-expose-headers='*'" echo -e "\t-Disable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: ''" echo -e "\t$ snap unset $SNAP_NAME cors-expose-headers" echo -e "\n" +echo -e "The address of the server where Matomo is hosted:" +echo -e "\t$ snap set $SNAP_NAME matomo-address='https://matomo.example.com'" +echo -e "\t-Disable the Matomo integration:" +echo -e "\t$ snap unset $SNAP_NAME matomo-address" +echo -e "\n" +echo -e "The value of the site ID given in matomo server" +echo -e "\t$ snap set $SNAP_NAME matomo-site-id='12345'" +echo -e "\t-Disable the Matomo site id integration:" +echo -e "\t$ snap unset $SNAP_NAME matomo-site-id" +echo -e "\n" +echo -e "The option do not track which enables users to not be tracked by matomo. Default: true" +echo -e "\t$ snap set $SNAP_NAME matomo-do-not-track='true'" +echo -e "\t-Disable the Matomo do not track:" +echo -e "\t$ snap unset $SNAP_NAME matomo-do-not-track" +echo -e "\n" +echo -e "The option that allows matomo to retrieve the username. Default: false" +echo -e "\t$ snap set $SNAP_NAME matomo-with-username='true'" +echo -e "\t-Do not retrieve username:" +echo -e "\t$ snap set $SNAP_NAME matomo-with-username='false'" +echo -e "\n" +echo -e "Metrics allowed IP addresses, separated by ',' . https://github.com/wekan/wekan/wiki/Metrics" +echo -e "\t$ snap set $SNAP_NAME metrics-allowed-ip-addresses='192.168.0.100,192.168.0.200'" +echo -e "\t-Disable the Metrics:" +echo -e "\t$ snap unset $SNAP_NAME metrics-allowed-ip-addresses" +echo -e "\n" echo -e "Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside." echo -e "\t\t Setting this to false is not recommended, it also disables all other browser policy protections" echo -e "\t\t and allows all iframing etc. See wekan/server/policy.js" diff --git a/start-wekan.bat b/start-wekan.bat index 3f410ec81..58b7e0871 100644 --- a/start-wekan.bat +++ b/start-wekan.bat @@ -112,6 +112,10 @@ REM # The address of the server where Matomo is hosted. REM # example: - MATOMO_ADDRESS=https://example.com/matomo REM SET MATOMO_ADDRESS= +REM # ==== METRICS ALLOWED IP ADDRESSES ==== +REM # https://github.com/wekan/wekan/wiki/Metrics +REM SET METRICS_ALLOWED_IP_ADDRESSES=192.168.0.100,192.168.0.200 + REM # The value of the site ID given in Matomo server for Wekan REM # example: - MATOMO_SITE_ID=12345 REM SET MATOMO_SITE_ID= diff --git a/start-wekan.sh b/start-wekan.sh index 17bf32509..4b9eaef7b 100755 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -135,6 +135,10 @@ # Example: export MATOMO_WITH_USERNAME=true #export MATOMO_WITH_USERNAME='false' #--------------------------------------------- + # ==== METRICS ALLOWED IP ADDRESSES ==== + # https://github.com/wekan/wekan/wiki/Metrics + #export METRICS_ALLOWED_IP_ADDRESSES=192.168.0.100,192.168.0.200 + #----------------------------------------------------------------- # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. # Setting this to false is not recommended, it also disables all other browser policy protections # and allows all iframing etc. See wekan/server/policy.js diff --git a/torodb-postgresql/docker-compose.yml b/torodb-postgresql/docker-compose.yml index a236cafc6..601c38b09 100644 --- a/torodb-postgresql/docker-compose.yml +++ b/torodb-postgresql/docker-compose.yml @@ -348,6 +348,10 @@ services: # example: MATOMO_WITH_USERNAME=true #- MATOMO_WITH_USERNAME=false #----------------------------------------------------------------- + # ==== METRICS ALLOWED IP ADDRESSES ==== + # https://github.com/wekan/wekan/wiki/Metrics + #- METRICS_ALLOWED_IP_ADDRESSES=192.168.0.100,192.168.0.200 + #----------------------------------------------------------------- # ==== BROWSER POLICY AND TRUSTED IFRAME URL ==== # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. # Setting this to false is not recommended, it also disables all other browser policy protections