services: database: image: postgres:16-alpine container_name: hedgedoc-db restart: always expose: - 5432 environment: - POSTGRES_USER=hedgedoc - POSTGRES_PASSWORD=password - POSTGRES_DB=hedgedoc volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hedgedoc/database:/var/lib/postgresql/data #networks: # - proxy app: image: quay.io/hedgedoc/hedgedoc:1.10.0 container_name: hedgedoc-app restart: always environment: - CMD_DB_URL=postgres://hedgedoc:password@database:5432/hedgedoc - CMD_DOMAIN=collab.example.com - CMD_URL_ADDPORT=false - CMD_PROTOCOL_USESSL=true - CMD_SESSION_SECRET="discolor-subtitle-seducing-result-ceramics" # define secret - CMD_ALLOW_EMAIL_REGISTER="false" # disallow registration - CMD_EMAIL="false" # disallow login; only guest notes # ------- OAUTH SSO ------- # see https://docs.goauthentik.io/integrations/services/hedgedoc/ #- CMD_ALLOW_ANONYMOUS_EDITS=False #- CMD_OAUTH2_USER_PROFILE_URL=https://authentik.example.com/application/o/userinfo/ #- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username #- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name #- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email #- CMD_OAUTH2_TOKEN_URL=https://authentik.example.com/application/o/token/ #- CMD_OAUTH2_AUTHORIZATION_URL=https://authentik.example.com/application/o/authorize/ #- CMD_OAUTH2_CLIENT_ID= #- CMD_OAUTH2_CLIENT_SECRET= #- CMD_OAUTH2_PROVIDERNAME=Authentik #- CMD_OAUTH2_SCOPE=openid email profile volumes: - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/hedgedoc/uploads:/hedgedoc/public/uploads ports: - 3000:3000/tcp expose: - 3000 depends_on: - database #networks: # - proxy #labels: # - traefik.enable=true # - traefik.docker.network=proxy # - traefik.http.routers.hedgedoc.rule=Host(`collab.example.com`) # - traefik.http.routers.hedgedoc.service=hedgedoc # - traefik.http.services.hedgedoc.loadbalancer.server.port=3000 # - traefik.http.routers.hedgedoc.middlewares=local-ipwhitelist@file # # prevent unauthorized access to the /metrics endpoint # - traefik.http.routers.hedgedoc-metrics.rule=Host(`collab.example.com`) && PathPrefix(`/metrics`) # - traefik.http.routers.hedgedoc-metrics.service=hedgedoc # - traefik.http.services.hedgedoc-metrics.loadbalancer.server.port=3000 # - traefik.http.routers.hedgedoc-metrics.middlewares=local-ipwhitelist@file #networks: # proxy: # external: true