version: '2' # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. #--------------------------------------------------------------------------------------------------------- # ==== CREATING USERS AND LOGGING IN TO WEKAN ==== # https://github.com/wekan/wekan/wiki/Adding-users #--------------------------------------------------------------------------------------------------------- # ==== FORGOT PASSWORD ==== # https://github.com/wekan/wekan/wiki/Forgot-Password #--------------------------------------------------------------------------------------------------------- # ==== Upgrading Wekan to new version ===== # NOTE: MongoDB has changed from 3.x to 4.x, in that case you need backup/restore with --noIndexRestore # see https://github.com/wekan/wekan/wiki/Backup # 1) Stop Wekan: # docker-compose stop # 2) Remove old Wekan app (wekan-app only, not that wekan-db container that has all your data) # docker rm wekan-app # 3) Get newest docker-compose.yml from https://github.com/wekan/wekan to have correct image, # for example: "image: quay.io/wekan/wekan" or version tag "image: quay.io/wekan/wekan:v4.52" # 4) Start Wekan: # docker-compose up -d #---------------------------------------------------------------------------------- # ==== OPTIONAL: DEDICATED DOCKER USER ==== # 1) Optionally create a dedicated user for Wekan, for example: # sudo useradd -d /home/wekan -m -s /bin/bash wekan # 2) Add this user to the docker group, then logout+login or reboot: # sudo usermod -aG docker wekan # 3) Then login as user wekan. # 4) Create this file /home/wekan/docker-compose.yml with your modifications. #---------------------------------------------------------------------------------- # ==== RUN DOCKER AS SERVICE ==== # 1a) Running Docker as service, on Systemd like Debian 9, Ubuntu 16.04, CentOS 7: # sudo systemctl enable docker # sudo systemctl start docker # 1b) Running Docker as service, on init.d like Debian 8, Ubuntu 14.04, CentOS 6: # sudo update-rc.d docker defaults # sudo service docker start # ---------------------------------------------------------------------------------- # ==== USAGE OF THIS docker-compose.yml ==== # 1) For seeing does Wekan work, try this and check with your webbroser: # docker-compose up # 2) Stop Wekan and start Wekan in background: # docker-compose stop # docker-compose up -d # 3) See running Docker containers: # docker ps # 4) Stop Docker containers: # docker-compose stop # ---------------------------------------------------------------------------------- # ===== INSIDE DOCKER CONTAINERS, AND BACKUP/RESTORE ==== # https://github.com/wekan/wekan/wiki/Backup # If really necessary, repair MongoDB: https://github.com/wekan/wekan-mongodb/issues/6#issuecomment-424004116 # 1) Going inside containers: # a) Wekan app, does not contain data # docker exec -it wekan-app bash # b) MongoDB, contains all data # docker exec -it wekan-db bash # 2) Copying database to outside of container: # docker exec -it wekan-db bash # cd /data # mongodump # exit # docker cp wekan-db:/data/dump . # 3) Restoring database # # 1) Stop wekan # docker stop wekan-app # # 2) Go inside database container # docker exec -it wekan-db bash # # 3) and data directory # cd /data # # 4) Remove previos dump # rm -rf dump # # 5) Exit db container # exit # # 6) Copy dump to inside docker container # docker cp dump wekan-db:/data/ # # 7) Go inside database container # docker exec -it wekan-db bash # # 8) and data directory # cd /data # # 9) Restore # mongorestore --drop # # 10) Exit db container # exit # # 11) Start wekan # docker start wekan-app #------------------------------------------------------------------------- # 2020-12-03: # - base images copied from Docker Hub to Quay to avoid Docker Hub rate limits, # from: torodb/stampede:1.0.0, postgres:9.6, mongo:3.2 #------------------------------------------------------------------------- services: torodb-stampede: image: quay.io/wekan/torodb-stampede:1.0.0 networks: - wekan-tier links: - postgres - mongodb environment: - POSTGRES_PASSWORD=wekan - TORODB_SETUP=true - TORODB_SYNC_SOURCE=mongodb:27017 - TORODB_BACKEND_HOST=postgres - TORODB_BACKEND_PORT=5432 - TORODB_BACKEND_DATABASE=wekan - TORODB_BACKEND_USER=wekan - TORODB_BACKEND_PASSWORD=wekan - DEBUG volumes: - /etc/localtime:/etc/localtime:ro postgres: image: quay.io/wekan/postgres:9.6 networks: - wekan-tier environment: - POSTGRES_PASSWORD=wekan ports: - "5432:5432" volumes: - /etc/localtime:/etc/localtime:ro mongodb: image: mongo:3.2 networks: - wekan-tier ports: - "27017:27017" entrypoint: - /bin/bash - "-c" - mongo --nodb --eval ' var db; while (!db) { try { db = new Mongo("mongodb:27017").getDB("local"); } catch(ex) {} sleep(3000); }; rs.initiate({_id:"rs1",members:[{_id:0,host:"mongodb:27017"}]}); ' 1>/dev/null 2>&1 & mongod --replSet rs1 volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - mongodb:/data/db - mongodb-dump:/dump wekan: image: quay.io/wekan/wekan container_name: wekan-app restart: always networks: - wekan-tier #------------------------------------------------------------------------------------- # ==== BUILD wekan-app DOCKER CONTAINER FROM SOURCE, if you uncomment these ==== # ==== and use commands: docker-compose up -d --build # ==== Dockerfile and source is at parent directory .. #build: # context: .. # dockerfile: Dockerfile #------------------------------------------------------------------------------------- ports: # Docker outsideport:insideport. Do not add anything extra here. # For example, if you want to have wekan on port 3001, # use 3001:8080 . Do not add any extra address etc here, that way it does not work. - 80:8080 environment: #----------------------------------------------------------------- # ==== WRITEABLE PATH FOR FILE UPLOADS ==== - WRITABLE_PATH=/data #----------------------------------------------------------------- # ==== AWS S3 FOR FILES ==== # Any region. For example: # us-standard,us-west-1,us-west-2, # eu-west-1,eu-central-1, # ap-southeast-1,ap-northeast-1,sa-east-1 # #- S3='{"s3":{"key": "xxx", "secret": "xxx", "bucket": "xxx", "region": "xxx"}}' #----------------------------------------------------------------- # ==== MONGO_URL ==== - MONGO_URL=mongodb://mongodb:27017/wekan #--------------------------------------------------------------- # ==== ROOT_URL SETTING ==== # Change ROOT_URL to your real Wekan URL, for example: # If you have Caddy/Nginx/Apache providing SSL # - https://example.com # - https://boards.example.com # This can be problematic with avatars https://github.com/wekan/wekan/issues/1776 # - https://example.com/wekan # If without https, can be only wekan node, no need for Caddy/Nginx/Apache if you don't need them # - http://example.com # - http://boards.example.com # - http://192.168.1.100 <=== using at local LAN - ROOT_URL=http://localhost # <=== using only at same laptop/desktop where Wekan is installed # ==== EMAIL SETTINGS ==== # Email settings are only at MAIL_URL and MAIL_FROM. # Admin Panel has test button, but it's not used for settings. # see https://github.com/wekan/wekan/wiki/Troubleshooting-Mail # For SSL in email, change smtp:// to smtps:// # NOTE: Special characters need to be url-encoded in MAIL_URL. # You can encode those characters for example at: https://www.urlencoder.org - MAIL_URL=smtp://user:pass@mailserver.example.com:25/ - MAIL_FROM='Example Wekan Support ' # Currently MAIL_SERVICE is not in use. #- MAIL_SERVICE=Outlook365 #- MAIL_SERVICE_USER=firstname.lastname@hotmail.com #- MAIL_SERVICE_PASSWORD=SecretPassword #--------------------------------------------------------------- # https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132 # Add more Node heap, this is done by default at Dockerfile: # - NODE_OPTIONS="--max_old_space_size=4096" # Add more stack, this is done at Dockerfile: # bash -c "ulimit -s 65500; exec node --stack-size=65500 main.js" #--------------------------------------------------------------- # ==== OPTIONAL: MONGO OPLOG SETTINGS ===== # https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587 # We've fixed our CPU usage problem today with an environment # change around Wekan. I wasn't aware during implementation # that if you're using more than 1 instance of Wekan # (or any MeteorJS based tool) you're supposed to set # MONGO_OPLOG_URL as an environment variable. # Without setting it, Meteor will perform a poll-and-diff # update of it's dataset. With it, Meteor will update from # the OPLOG. See here # https://blog.meteor.com/tuning-meteor-mongo-livedata-for-scalability-13fe9deb8908 # After setting # MONGO_OPLOG_URL=mongodb://:@/local?authSource=admin&replicaSet=rsWekan # the CPU usage for all Wekan instances dropped to an average # of less than 10% with only occasional spikes to high usage # (I guess when someone is doing a lot of work) # - MONGO_OPLOG_URL=mongodb://:@/local?authSource=admin&replicaSet=rsWekan #--------------------------------------------------------------- # ==== OPTIONAL: KADIRA PERFORMANCE MONITORING FOR METEOR ==== # https://github.com/smeijer/kadira # https://blog.meteor.com/kadira-apm-is-now-open-source-490469ffc85f # - export KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011 #--------------------------------------------------------------- # ==== OPTIONAL: LOGS AND STATS ==== # https://github.com/wekan/wekan/wiki/Logs # # Daily export of Wekan changes as JSON to Logstash and ElasticSearch / Kibana (ELK) # https://github.com/wekan/wekan-logstash # # Statistics Python script for Wekan Dashboard # https://github.com/wekan/wekan-stats # # Console, file, and zulip logger on database changes https://github.com/wekan/wekan/pull/1010 # with fix to replace console.log by winston logger https://github.com/wekan/wekan/pull/1033 # but there could be bug https://github.com/wekan/wekan/issues/1094 # # There is Feature Request: Logging date and time of all activity with summary reports, # and requesting reason for changing card to other column https://github.com/wekan/wekan/issues/1598 #--------------------------------------------------------------- # ==== NUMBER OF SEARCH RESULTS PER PAGE BY DEFAULT ==== #- RESULTS_PER_PAGE=20 #--------------------------------------------------------------- # ==== WEKAN API AND EXPORT BOARD ==== # Wekan Export Board works when WITH_API=true. # https://github.com/wekan/wekan/wiki/REST-API # https://github.com/wekan/wekan-gogs # If you disable Wekan API with false, Export Board does not work. - WITH_API=true #--------------------------------------------------------------- # ==== AFTER OIDC LOGIN, ADD USERS AUTOMATICALLY TO THIS BOARD ID ==== # https://github.com/wekan/wekan/pull/5098 #- DEFAULT_BOARD_ID=abcd1234 #--------------------------------------------------------------- # ==== PASSWORD BRUTE FORCE PROTECTION ==== #https://atmospherejs.com/lucasantoniassi/accounts-lockout #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3 #- ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60 #- ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15 #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3 #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60 #- ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15 #--------------------------------------------------------------- # ==== ACCOUNT OPTIONS ==== # https://docs.meteor.com/api/accounts-multi.html#AccountsCommon-config # Defaults below. Uncomment to change. wekan/server/accounts-common.js # - ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS=90 #--------------------------------------------------------------- # ==== RICH TEXT EDITOR IN CARD COMMENTS ==== # https://github.com/wekan/wekan/pull/2560 - RICHER_CARD_COMMENT_EDITOR=false #--------------------------------------------------------------- # ==== CARD OPENED, SEND WEBHOOK MESSAGE ==== # https://github.com/wekan/wekan/issues/2518 - CARD_OPENED_WEBHOOK_ENABLED=false #--------------------------------------------------------------- # ==== Allow configuration to validate uploaded attachments ==== #-ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM=/usr/local/bin/avscan {file} #-ATTACHMENTS_UPLOAD_MIME_TYPES=image/*,text/* #-ATTACHMENTS_UPLOAD_MAX_SIZE=5000000 #--------------------------------------------------------------- # ==== Allow configuration to validate uploaded avatars ==== #-AVATARS_UPLOAD_EXTERNAL_PROGRAM=/usr/local/bin/avscan {file} #-AVATARS_UPLOAD_MIME_TYPES=image/* #-AVATARS_UPLOAD_MAX_SIZE=500000 #--------------------------------------------------------------- # ==== Allow to shrink attached/pasted image ==== # https://github.com/wekan/wekan/pull/2544 #-MAX_IMAGE_PIXEL=1024 #-IMAGE_COMPRESS_RATIO=80 #--------------------------------------------------------------- # ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE ===== # Number of days after a notification is read before we remove it. # Default: 2 #- NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2 #--------------------------------------------------------------- # ==== BIGEVENTS DUE ETC NOTIFICATIONS ===== # https://github.com/wekan/wekan/pull/2541 # Introduced a system env var BIGEVENTS_PATTERN default as "NONE", # so any activityType matches the pattern, system will send out # notifications to all board members no matter they are watching # or tracking the board or not. Owner of the wekan server can # disable the feature by setting this variable to "NONE" or # change the pattern to any valid regex. i.e. '|' delimited # activityType names. # a) Example #- BIGEVENTS_PATTERN=due # b) All #- BIGEVENTS_PATTERN=received|start|due|end # c) Disabled - BIGEVENTS_PATTERN=NONE #--------------------------------------------------------------- # ==== EMAIL DUE DATE NOTIFICATION ===== # https://github.com/wekan/wekan/pull/2536 # System timelines will be showing any user modification for # dueat startat endat receivedat, also notification to # the watchers and if any card is due, about due or past due. # # Notify due days, default 2 days before and after. 0 = due notifications disabled. Default: 2 #- NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2 # # Notify due at hour of day. Default every morning at 8am. Can be 0-23. # If env variable has parsing error, use default. Notification sent to watchers. #- NOTIFY_DUE_AT_HOUR_OF_DAY=8 #----------------------------------------------------------------- # ==== EMAIL NOTIFICATION TIMEOUT, ms ===== # Defaut: 30000 ms = 30s #- EMAIL_NOTIFICATION_TIMEOUT=30000 #----------------------------------------------------------------- # ==== CORS ===== # CORS: Set Access-Control-Allow-Origin header. Example: * #- CORS=* #----------------------------------------------------------------- # ==== MATOMO INTEGRATION ==== # Optional: Integration with Matomo https://matomo.org that is installed to your server # The address of the server where Matomo is hosted. # example: - MATOMO_ADDRESS=https://example.com/matomo #- MATOMO_ADDRESS= # The value of the site ID given in Matomo server for Wekan # example: - MATOMO_SITE_ID=12345 #- MATOMO_SITE_ID= # The option do not track which enables users to not be tracked by matomo # example: - MATOMO_DO_NOT_TRACK=false #- MATOMO_DO_NOT_TRACK= # The option that allows matomo to retrieve the username: # example: MATOMO_WITH_USERNAME=true #- MATOMO_WITH_USERNAME=false #----------------------------------------------------------------- # ==== METRICS ALLOWED IP ADDRESSES ==== # https://github.com/wekan/wekan/wiki/Metrics #- METRICS_ALLOWED_IP_ADDRESSES=192.168.0.100,192.168.0.200 #----------------------------------------------------------------- # ==== BROWSER POLICY AND TRUSTED IFRAME URL ==== # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. # Setting this to false is not recommended, it also disables all other browser policy protections # and allows all iframing etc. See wekan/server/policy.js - BROWSER_POLICY_ENABLED=true # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. #- TRUSTED_URL= #----------------------------------------------------------------- # ==== OUTGOING WEBHOOKS ==== # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . # example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId #- WEBHOOKS_ATTRIBUTES= #----------------------------------------------------------------- # ==== AUTOLOGIN WITH OIDC/OAUTH2 ==== # https://github.com/wekan/wekan/wiki/autologin #- OIDC_REDIRECTION_ENABLED=true #--------------------------------------------- # ==== OAUTH2 ORACLE on premise identity manager OIM ==== #- ORACLE_OIM_ENABLED=true #----------------------------------------------------------------- # ==== OAUTH2 ONLY WITH OIDC AND DOORKEEPER AS INDENTITY PROVIDER # https://github.com/wekan/wekan/issues/1874 # https://github.com/wekan/wekan/wiki/OAuth2 # Enable the OAuth2 connection # example: OAUTH2_ENABLED=true #- OAUTH2_ENABLED=false # Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299 #- OAUTH2_CA_CERT=ABCD1234 # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting. #- OAUTH2_ADFS_ENABLED=false # Azure AD B2C. https://github.com/wekan/wekan/issues/5242 #- OAUTH2_B2C_ENABLED=false # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 # example: OAUTH2_CLIENT_ID=abcde12345 #- OAUTH2_CLIENT_ID= # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde # example: OAUTH2_SECRET=54321abcde #- OAUTH2_SECRET= # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com # example: OAUTH2_SERVER_URL=https://chat.example.com #- OAUTH2_SERVER_URL= # OAuth2 Authorization Endpoint. Example: /oauth/authorize # example: OAUTH2_AUTH_ENDPOINT=/oauth/authorize #- OAUTH2_AUTH_ENDPOINT= # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo # example: OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo #- OAUTH2_USERINFO_ENDPOINT= # OAuth2 Token Endpoint. Example: /oauth/token # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token #- OAUTH2_TOKEN_ENDPOINT= #----------------------------------------------------------------- # ==== LDAP ==== # https://github.com/wekan/wekan/wiki/LDAP # For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys # Most settings work both on Snap and Docker below. # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required. # # DEFAULT_AUTHENTICATION_METHOD : The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap. # example : DEFAULT_AUTHENTICATION_METHOD=ldap #- DEFAULT_AUTHENTICATION_METHOD= # # LDAP_ENABLE : Enable or not the connection by the LDAP # example : LDAP_ENABLE=true #- LDAP_ENABLE=false # # LDAP_PORT : The port of the LDAP server # example : LDAP_PORT=389 #- LDAP_PORT=389 # # LDAP_HOST : The host server for the LDAP server # example : LDAP_HOST=localhost #- LDAP_HOST= # #----------------------------------------------------------------- # ==== LDAP AD Simple Auth ==== # # Set to true, if you want to connect with Active Directory by Simple Authentication. # When using AD Simple Auth, LDAP_BASEDN is not needed. #- LDAP_AD_SIMPLE_AUTH=true # # === Related settings ELSEWHERE IN THIS FILE, NOT HERE === # # Option to login to the LDAP server with the user's own username and password, instead of # an administrator key. Default: false (use administrator key). When using AD Simple Auth, set to true. # Set to true, if the login user is used for binding. Used with AD Simple Auth. # When using AD Simple Auth, LDAP_BASEDN is not needed. ##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE: #- LDAP_USER_AUTHENTICATION=true # # Which field is used to find the user for the user authentication. Default: uid. ##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE:#- LDAP_USER_AUTHENTICATION_FIELD=uid # # === LDAP Default Domain: 2 different use cases, a/b === # # a) The default domain of the ldap it is used to create email if the field is not map # correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # # b) In case AD SimpleAuth is configured, the default domain is appended to the given # loginname for creating the correct username for the bind request to AD. # # Example : ##ELSEWHERE IN THIS SETTINGS FILE, NOT HERE:- LDAP_DEFAULT_DOMAIN=mydomain.com # #----------------------------------------------------------------- # ==== LDAP BASEDN Auth ==== # # LDAP_BASEDN : The base DN for the LDAP Tree # example : LDAP_BASEDN=ou=user,dc=example,dc=org #- LDAP_BASEDN= # #----------------------------------------------------------------- # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method # example : LDAP_LOGIN_FALLBACK=true #- LDAP_LOGIN_FALLBACK=false # # LDAP_RECONNECT : Reconnect to the server if the connection is lost # example : LDAP_RECONNECT=false #- LDAP_RECONNECT=true # # LDAP_TIMEOUT : Overall timeout, in milliseconds # example : LDAP_TIMEOUT=12345 #- LDAP_TIMEOUT=10000 # # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds # example : LDAP_IDLE_TIMEOUT=12345 #- LDAP_IDLE_TIMEOUT=10000 # # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds # example : LDAP_CONNECT_TIMEOUT=12345 #- LDAP_CONNECT_TIMEOUT=10000 # # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search # example : LDAP_AUTHENTIFICATION=true #- LDAP_AUTHENTIFICATION=false # # LDAP_AUTHENTIFICATION_USERDN : The search user DN # example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org #- LDAP_AUTHENTIFICATION_USERDN= # # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user # example : AUTHENTIFICATION_PASSWORD=admin #- LDAP_AUTHENTIFICATION_PASSWORD= # # LDAP_LOG_ENABLED : Enable logs for the module # example : LDAP_LOG_ENABLED=true #- LDAP_LOG_ENABLED=false # # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background # example : LDAP_BACKGROUND_SYNC=true #- LDAP_BACKGROUND_SYNC=false # # At which interval does the background task sync. # The format must be as specified in: # https://bunkat.github.io/later/parsers.html#text #- LDAP_BACKGROUND_SYNC_INTERVAL='every 1 hour' # # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds # The format must be as specified in: # https://bunkat.github.io/later/parsers.html#text #- LDAP_BACKGROUND_SYNC_INTERVAL=every 1 hours # At which interval does the background task sync in milliseconds. # Leave this unset, so it uses default, and does not crash. # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722 - LDAP_BACKGROUND_SYNC_INTERVAL='' # # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false # # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false # # LDAP_ENCRYPTION : If using LDAPS # example : LDAP_ENCRYPTION=ssl #- LDAP_ENCRYPTION=false # # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- #- LDAP_CA_CERT= # # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate # example : LDAP_REJECT_UNAUTHORIZED=true #- LDAP_REJECT_UNAUTHORIZED=false # # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed # example : LDAP_USER_SEARCH_FILTER= #- LDAP_USER_SEARCH_FILTER= # # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) # example : LDAP_USER_SEARCH_SCOPE=one #- LDAP_USER_SEARCH_SCOPE= # # LDAP_USER_SEARCH_FIELD : Which field is used to find the user # example : LDAP_USER_SEARCH_FIELD=uid #- LDAP_USER_SEARCH_FIELD= # # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) # example : LDAP_SEARCH_PAGE_SIZE=12345 #- LDAP_SEARCH_PAGE_SIZE=0 # # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) # example : LDAP_SEARCH_SIZE_LIMIT=12345 #- LDAP_SEARCH_SIZE_LIMIT=0 # # LDAP_GROUP_FILTER_ENABLE : Enable group filtering. Note the authenticated ldap user must be able to query all relevant group data with own login data from ldap # example : LDAP_GROUP_FILTER_ENABLE=true #- LDAP_GROUP_FILTER_ENABLE=false # # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering # example : LDAP_GROUP_FILTER_OBJECTCLASS=group #- LDAP_GROUP_FILTER_OBJECTCLASS= # # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : The attribute of a group identifying it # example : LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= # # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : The attribute inside a group object listing its members # example : member #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= # # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : The format of the value of LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE # example : dn #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= # # LDAP_GROUP_FILTER_GROUP_NAME : The group name (id) that matches all users # example : wekan_users #- LDAP_GROUP_FILTER_GROUP_NAME= # # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid #- LDAP_UNIQUE_IDENTIFIER_FIELD= # # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 # example : LDAP_UTF8_NAMES_SLUGIFY=false #- LDAP_UTF8_NAMES_SLUGIFY=true # # LDAP_USERNAME_FIELD : Which field contains the ldap username # example : LDAP_USERNAME_FIELD=username #- LDAP_USERNAME_FIELD= # # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname # example : LDAP_FULLNAME_FIELD=fullname #- LDAP_FULLNAME_FIELD= # # LDAP_MERGE_EXISTING_USERS : # example : LDAP_MERGE_EXISTING_USERS=true #- LDAP_MERGE_EXISTING_USERS=false # # LDAP_SYNC_USER_DATA : # example : LDAP_SYNC_USER_DATA=true #- LDAP_SYNC_USER_DATA=false # # LDAP_SYNC_USER_DATA_FIELDMAP : # example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} #- LDAP_SYNC_USER_DATA_FIELDMAP= # # LDAP_SYNC_GROUP_ROLES : # example : #- LDAP_SYNC_GROUP_ROLES= # # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #- LDAP_DEFAULT_DOMAIN= # #--------------------------------------------------------------------- # ==== LOGOUT TIMER, probably does not work yet ==== # LOGOUT_WITH_TIMER : Enables or not the option logout with timer # example : LOGOUT_WITH_TIMER=true #- LOGOUT_WITH_TIMER= # # LOGOUT_IN : The number of days # example : LOGOUT_IN=1 #- LOGOUT_IN= # # LOGOUT_ON_HOURS : The number of hours # example : LOGOUT_ON_HOURS=9 #- LOGOUT_ON_HOURS= # # LOGOUT_ON_MINUTES : The number of minutes # example : LOGOUT_ON_MINUTES=55 #- LOGOUT_ON_MINUTES= #--------------------------------------------------------------------- # PASSWORD_LOGIN_ENABLED : Enable or not the password login form. # example: PASSWORD_LOGIN_ENABLED=false # - PASSWORD_LOGIN_ENABLED #------------------------------------------------------------------- #- CAS_ENABLED=true #- CAS_BASE_URL=https://cas.example.com/cas #- CAS_LOGIN_URL=https://cas.example.com/login #- CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate #--------------------------------------------------------------------- #- SAML_ENABLED=true #- SAML_PROVIDER= #- SAML_ENTRYPOINT= #- SAML_ISSUER= #- SAML_CERT= #- SAML_IDPSLO_REDIRECTURL= #- SAML_PRIVATE_KEYFILE= #- SAML_PUBLIC_CERTFILE= #- SAML_IDENTIFIER_FORMAT= #- SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE= #- SAML_ATTRIBUTES= #--------------------------------------------------------------------- # Wait spinner to use #- WAIT_SPINNER=Bounce #--------------------------------------------------------------------- depends_on: - mongodb volumes: - /etc/localtime:/etc/localtime:ro - wekan-files:/data:rw #--------------------------------------------------------------------------------- # ==== OPTIONAL: SHARE DATABASE TO OFFICE LAN AND REMOTE VPN ==== # When using Wekan both at office LAN and remote VPN: # 1) Have above Wekan docker container config with LAN IP address # 2) Copy all of above wekan container config below, look above of this part above and all config below it, # before above depends_on: part: # # wekan: # #------------------------------------------------------------------------------------- # # ==== MONGODB AND METEOR VERSION ==== # # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, ..... # # # and change name to different name like wekan2 or wekanvpn, and change ROOT_URL to server VPN IP # address. # 3) This way both Wekan containers can use same MongoDB database # and see the same Wekan boards. # 4) You could also add 3rd Wekan container for 3rd network etc. # EXAMPLE: # wekan2: # ....COPY CONFIG FROM ABOVE TO HERE... # environment: # - ROOT_URL='http://10.10.10.10' # ...COPY CONFIG FROM ABOVE TO HERE... #--------------------------------------------------------------------------------- volumes: wekan-files: driver: local mongodb: driver: local mongodb-dump: driver: local networks: wekan-tier: driver: bridge