2023-09-12 15:07:48 +00:00
|
|
|
version: '3'
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
|
|
|
database:
|
|
|
|
image: postgres:13.4-alpine
|
|
|
|
container_name: hedgedoc-db
|
|
|
|
environment:
|
|
|
|
- POSTGRES_USER=hedgedoc
|
|
|
|
- POSTGRES_PASSWORD=password
|
|
|
|
- POSTGRES_DB=hedgedoc
|
|
|
|
volumes:
|
|
|
|
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hedgedoc/database:/var/lib/postgresql/data
|
|
|
|
restart: always
|
|
|
|
#networks:
|
|
|
|
# - proxy
|
|
|
|
|
|
|
|
app:
|
2024-09-01 18:38:28 +00:00
|
|
|
image: quay.io/hedgedoc/hedgedoc:1.10.0
|
2023-09-12 15:07:48 +00:00
|
|
|
container_name: hedgedoc-app
|
|
|
|
environment:
|
|
|
|
- CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc
|
|
|
|
- CMD_DOMAIN=collab.example.com
|
|
|
|
- CMD_URL_ADDPORT=false
|
|
|
|
- CMD_PROTOCOL_USESSL=true
|
|
|
|
- CMD_SESSION_SECRET="discolor-subtitle-seducing-result-ceramics" # define secret
|
|
|
|
- CMD_ALLOW_EMAIL_REGISTER="false" # disallow registration
|
|
|
|
- CMD_EMAIL="false" # disallow login; only guest notes
|
2024-08-13 09:50:49 +00:00
|
|
|
# ------- OAUTH SSO -------
|
|
|
|
# see https://docs.goauthentik.io/integrations/services/hedgedoc/
|
|
|
|
#- CMD_ALLOW_ANONYMOUS_EDITS=False
|
|
|
|
#- CMD_OAUTH2_USER_PROFILE_URL=https://authentik.example.com/application/o/userinfo/
|
|
|
|
#- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
|
|
|
|
#- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
|
|
|
|
#- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
|
|
|
|
#- CMD_OAUTH2_TOKEN_URL=https://authentik.example.com/application/o/token/
|
|
|
|
#- CMD_OAUTH2_AUTHORIZATION_URL=https://authentik.example.com/application/o/authorize/
|
|
|
|
#- CMD_OAUTH2_CLIENT_ID=<ID>
|
|
|
|
#- CMD_OAUTH2_CLIENT_SECRET=<SECRET>
|
|
|
|
#- CMD_OAUTH2_PROVIDERNAME=Authentik
|
|
|
|
#- CMD_OAUTH2_SCOPE=openid email profile
|
2023-09-12 15:07:48 +00:00
|
|
|
volumes:
|
|
|
|
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hedgedoc/uploads:/hedgedoc/public/uploads
|
|
|
|
ports:
|
|
|
|
- 3000:3000/tcp
|
|
|
|
expose:
|
|
|
|
- 3000
|
|
|
|
restart: always
|
|
|
|
depends_on:
|
|
|
|
- database
|
|
|
|
#networks:
|
|
|
|
# - proxy
|
|
|
|
#labels:
|
|
|
|
# - traefik.enable=true
|
|
|
|
# - traefik.docker.network=proxy
|
|
|
|
# - traefik.http.routers.hedgedoc.rule=Host(`collab.example.com`)
|
2023-11-17 12:47:51 +00:00
|
|
|
# - traefik.http.routers.hedgedoc.service=hedgedoc
|
2023-09-12 15:07:48 +00:00
|
|
|
# - traefik.http.services.hedgedoc.loadbalancer.server.port=3000
|
|
|
|
# - traefik.http.routers.hedgedoc.middlewares=local-ipwhitelist@file
|
2023-11-17 12:47:51 +00:00
|
|
|
# # prevent unauthorized access to the /metrics endpoint
|
|
|
|
# - traefik.http.routers.hedgedoc-metrics.rule=Host(`collab.example.com`) && PathPrefix(`/metrics`)
|
|
|
|
# - traefik.http.routers.hedgedoc-metrics.service=hedgedoc
|
|
|
|
# - traefik.http.services.hedgedoc-metrics.loadbalancer.server.port=3000
|
|
|
|
# - traefik.http.routers.hedgedoc-metrics.middlewares=local-ipwhitelist@file
|
2023-09-12 15:07:48 +00:00
|
|
|
|
|
|
|
#networks:
|
|
|
|
# proxy:
|
|
|
|
# external: true
|