kopia lustrzana https://github.com/Haxxnet/Compose-Examples
Porównaj commity
31 Commity
d611a3a1d4
...
4aa0e4d1f1
Autor | SHA1 | Data |
---|---|---|
LRVT | 4aa0e4d1f1 | |
L4RM4ND | e9c26dac8e | |
L4RM4ND | 2feeea7148 | |
LRVT | 6a39a57e37 | |
LRVT | b103abba3f | |
L4RM4ND | 5cc5aba0c8 | |
LRVT | 5db908d329 | |
LRVT | 0695d017db | |
LRVT | 9890b3e8ae | |
LRVT | 43c708c773 | |
LRVT | 168df60751 | |
LRVT | 116a9cdf43 | |
LRVT | 09b96160f8 | |
LRVT | ad378cf5bf | |
LRVT | 8a7f732f2f | |
LRVT | e141c95a99 | |
LRVT | 858305ff30 | |
LRVT | a7deb87ba2 | |
LRVT | 49bce712c4 | |
LRVT | 7976e700cc | |
LRVT | 4baee1cf4c | |
LRVT | b46036df6c | |
LRVT | f6a26c290e | |
LRVT | a8c56115dc | |
LRVT | eb019d633b | |
LRVT | 9591cadc70 | |
LRVT | 20ce515f31 | |
LRVT | a570d7b095 | |
L4RM4ND | c6119f023e | |
LRVT | 52e0e187ea | |
LRVT | af2bcf2e7d |
20
README.md
20
README.md
|
@ -37,8 +37,8 @@ cd <container-of-interest>
|
|||
docker compose up
|
||||
````
|
||||
|
||||
> **Note**:
|
||||
> The samples are intended for use in local development environments such as project setups, tinkering with software stacks, etc. These samples may be deployed in production environments or exposed to the Internet but please adhere to general hardening and security guidelines. Adjust all default credentials, use a separate `.env` file or platform for secrets management, implement a backup process and have a tested disaster recovery plan. Use a reverse proxy to stream-line your web service exposure and provide an encrypted HTTPS communication channel with trusted SSL certificates.
|
||||
> [!WARNING]
|
||||
> The samples are intended for local development environments such as project setups, tinkering with software stacks, etc. These samples may be deployed in production environments or exposed to the Internet but please adhere to general hardening and security guidelines. Adjust all default credentials, use a separate `.env` file or platform for secret management, implement a backup process and have a tested disaster recovery plan. Use a reverse proxy to stream-line your web service exposure and provide an encrypted HTTPS communication channel with trusted SSL certificates.
|
||||
|
||||
## 🐳 Project List
|
||||
|
||||
|
@ -56,6 +56,7 @@ docker compose up
|
|||
- [Domain Name Service (DNS)](#domain-name-service-dns)
|
||||
- [E-commerce](#e-commerce)
|
||||
- [File Transfer & Synchronization](#file-transfer--synchronization)
|
||||
- [Games and Control Panels](#games-and-control-servers)
|
||||
- [Genealogy](#genealogy)
|
||||
- [Identity Management - Single Sign-On (SSO) & LDAP](#identity-management---single-sign-on-sso--ldap)
|
||||
- [Miscellaneous](#miscellaneous)
|
||||
|
@ -71,7 +72,7 @@ docker compose up
|
|||
- [Security & Privacy](#security--privacy)
|
||||
- [Software Development - Project Management, DevOps](#software-development---project-management-devops)
|
||||
- [URL Shorteners](#url-shorteners)
|
||||
- [Virtual Private Network (VPN)](#virtual-private-network-vpn)
|
||||
- [Virtual Private Network (VPN) & Remote Access](#virtual-private-network-vpn--remote-access)
|
||||
- [Wikis & Knowledge Base](#wikis--knowledge-base)
|
||||
|
||||
### Personal Dashboards
|
||||
|
@ -119,7 +120,7 @@ A [proxy](https://en.wikipedia.org/wiki/Proxy_server) is a server application th
|
|||
- [Keycloak](https://github.com/keycloak/keycloak-containers/tree/main/docker-compose-examples) - Keycloak is an open-source Identity and Access Management (IAM) solution for modern applications and services.
|
||||
- [lldap](examples/lldap) - lldap is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more.
|
||||
|
||||
### Virtual Private Network (VPN)
|
||||
### Virtual Private Network (VPN) & Remote Access
|
||||
|
||||
**[`^ back to top ^`](#-project-list)**
|
||||
|
||||
|
@ -131,6 +132,7 @@ A [VPN](https://en.wikipedia.org/wiki/Virtual_private_network) is a mechanism fo
|
|||
- [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
|
||||
- ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
|
||||
- [Headscale](examples/headscale) - An open source, self-hosted implementation of the Tailscale control server.
|
||||
- [Guacamole](examples/guacamole) - Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, SSH and RDP.
|
||||
|
||||
### Domain Name Service (DNS)
|
||||
|
||||
|
@ -239,6 +241,7 @@ A [document management system](https://en.wikipedia.org/wiki/Document_management
|
|||
|
||||
- [Paperless NGX](examples/paperless-ngx) - A community-supported supercharged version of paperless: scan, index and archive all your physical documents.
|
||||
- [Papermerge](examples/papermerge) - Free and open source document management system with OCR designed for scanned documents, digital archives, pdf, tiff, jpeg.
|
||||
- [DocuSeal](examples/docuseal) - Create, fill, and sign digital documents (alternative to DocuSign).
|
||||
|
||||
### Pastebins
|
||||
|
||||
|
@ -408,6 +411,15 @@ A request bin service allows one to collect and inspect HTTP requests. It may be
|
|||
- [Request-Baskets](https://github.com/darklynx/request-baskets) - HTTP requests collector to test webhooks, notifications, REST clients and more.
|
||||
- [Mockbin](https://github.com/Kong/mockbin) - Mock, Test & Track HTTP Requests and Response for Microservices.
|
||||
|
||||
### Games and Control Servers
|
||||
|
||||
**[`^ back to top ^`](#-project-list)**
|
||||
|
||||
Multiplayer game servers, browser games and utilities for managing game servers.
|
||||
|
||||
- [cs2-dedicated-server](examples/cs2-dedicated-server) - CS2 Dedicated Server Docker Image with an RCON web-based control panel.
|
||||
|
||||
|
||||
### Miscellaneous
|
||||
|
||||
**[`^ back to top ^`](#-project-list)**
|
||||
|
|
|
@ -21,4 +21,17 @@ services:
|
|||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home/work:/opt/adguardhome/work
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home/conf:/opt/adguardhome/conf
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/adguard-home/conf:/opt/adguardhome/conf
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.adguard.rule=Host(`dns.example.com`)
|
||||
# - traefik.http.services.adguard.loadbalancer.server.port=8080
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.adguard.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
version: "3"
|
||||
|
||||
services:
|
||||
answer:
|
||||
container_name: answer
|
||||
|
@ -8,3 +9,21 @@ services:
|
|||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/answer/data:/data
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.answer.rule=Host(`faq.example.com`)
|
||||
# - traefik.http.services.answer.loadbalancer.server.port=80
|
||||
# # Optional part for file upload max sizes
|
||||
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.answer.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
||||
|
|
|
@ -6,5 +6,18 @@ services:
|
|||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bibliogram/config.js:/app/config.js:ro
|
||||
ports:
|
||||
- '10407:10407'
|
||||
restart: unless-stopped
|
||||
- 10407:10407
|
||||
restart: unless-stopped
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.bibliogram.rule=Host(`bibliogram.example.com`)
|
||||
# - traefik.http.services.bibliogram.loadbalancer.server.port=10407
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.bibliogram.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
||||
|
|
|
@ -8,7 +8,7 @@ services:
|
|||
environment:
|
||||
- PUID=1000
|
||||
- PGID=1000
|
||||
- APP_URL=https://wiki.example.com # change this
|
||||
- APP_URL=http://127.0.0.1:8099 # change this to your prod url with https
|
||||
- DB_HOST=bookstack_db
|
||||
- DB_USER=bookstack
|
||||
- DB_PASS=USERPW1
|
||||
|
@ -20,6 +20,20 @@ services:
|
|||
- 8099:80
|
||||
depends_on:
|
||||
- bookstack_db
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.bookstack.rule=Host(`bookstack.example.com`)
|
||||
# - traefik.http.services.bookstack.loadbalancer.server.port=80
|
||||
# # Optional part for file upload max sizes
|
||||
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.bookstack.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
bookstack_db:
|
||||
image: linuxserver/mariadb
|
||||
|
@ -36,3 +50,9 @@ services:
|
|||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/bookstack/mariadb-config:/config
|
||||
restart: unless-stopped
|
||||
#networks:
|
||||
# - proxy
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
---
|
||||
version: "2.1"
|
||||
|
||||
services:
|
||||
|
||||
code-server:
|
||||
image: lscr.io/linuxserver/code-server:latest
|
||||
container_name: code-server
|
||||
|
@ -18,3 +19,21 @@ services:
|
|||
ports:
|
||||
- 8443:8443
|
||||
restart: unless-stopped
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.codeserver.rule=Host(`code.example.com`)
|
||||
# - traefik.http.services.codeserver.loadbalancer.server.port=8443
|
||||
# # Optional part for file upload max sizes
|
||||
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.codeserver.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
# References
|
||||
|
||||
- https://github.com/joedwards32/CS2
|
||||
- https://github.com/shobhit-pathak/cs2-rcon-panel
|
||||
|
||||
# Notes
|
||||
|
||||
Minimum system requirements are:
|
||||
|
||||
- 2 CPUs
|
||||
- 2 GiB RAM
|
||||
- 40 GB of disk space for the container or mounted as a persistent volume on /home/steam/cs2-dedicated/
|
|
@ -0,0 +1,53 @@
|
|||
version: '3.7'
|
||||
|
||||
services:
|
||||
|
||||
cs2-server:
|
||||
image: joedwards32/cs2
|
||||
container_name: cs2-dedicated-server
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
# Server configuration
|
||||
- SRCDS_TOKEN=<YOUR-GAME-SERVER-TOKEN> # Game Server Token from https://steamcommunity.com/dev/managegameservers
|
||||
- CS2_SERVERNAME=MY-CS2-SERVER # (Set the visible name for your private server)
|
||||
- CS2_CHEATS=0 # (0 - disable cheats, 1 - enable cheats)
|
||||
- CS2_PORT=27015 # (CS2 server listen port tcp_udp)
|
||||
- CS2_SERVER_HIBERNATE=0 # (Put server in a low CPU state when there are no players. 0 - hibernation disabled, 1 - hibernation enabled)
|
||||
- CS2_LAN=0 # (0 - LAN mode disabled, 1 - LAN Mode enabled)
|
||||
- CS2_RCONPW=cruelly-sequel-dejected # (RCON password)
|
||||
- CS2_PW=sake-earthly-lair # (CS2 server password)
|
||||
- CS2_MAXPLAYERS=10 # (Max players)
|
||||
# Game modes
|
||||
- CS2_GAMEALIAS=competitive # (Game type, e.g. casual, competitive, deathmatch. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers)
|
||||
- CS2_GAMETYPE=0 # (Used if CS2_GAMEALIAS not defined. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers)
|
||||
- CS2_GAMEMODE=1 # (Used if CS2_GAMEALIAS not defined. See https://developer.valvesoftware.com/wiki/Counter-Strike_2/Dedicated_Servers)
|
||||
- CS2_MAPGROUP=mg_active # (Map pool)
|
||||
- CS2_STARTMAP=de_dust2 # (Start map)
|
||||
# Bots
|
||||
- CS2_BOT_DIFFICULTY=0 # (0 - easy, 1 - normal, 2 - hard, 3 - expert)
|
||||
- CS2_BOT_QUOTA=0 # (Number of bots)
|
||||
- CS2_BOT_QUOTA_MODE=competitive # (fill, competitive)
|
||||
# TV
|
||||
- TV_AUTORECORD=0 # Automatically records all games as CSTV demos: 0=off, 1=on.
|
||||
- TV_ENABLE=0 # Activates CSTV on server: 0=off, 1=on.
|
||||
- TV_PORT=27020 # Host SourceTV port
|
||||
- TV_PW=changeme # CSTV password for clients
|
||||
- TV_RELAY_PW=changeme # CSTV password for relay proxies
|
||||
- TV_MAXRATE=0 # World snapshots to broadcast per second. Affects camera tickrate.
|
||||
- TV_DELAY=0 # Max CSTV spectator bandwidth rate allowed, 0 == unlimited
|
||||
volumes:
|
||||
- cs2:/home/steam/cs2-dedicated/
|
||||
ports:
|
||||
- 27015:27015/tcp # TCP
|
||||
- 27015:27015/udp # UDP
|
||||
#- 27020:27020/udp # UDP
|
||||
|
||||
cs2-rconpanel:
|
||||
image: soren90/rcon-panel
|
||||
container_name: cs2-rcon-panel
|
||||
ports:
|
||||
- 3000:3000
|
||||
restart: unless-stopped
|
||||
|
||||
volumes:
|
||||
cs2:
|
|
@ -9,6 +9,23 @@ services:
|
|||
hostname: deemix
|
||||
image: registry.gitlab.com/bockiii/deemix-docker:latest
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 6595:6595
|
||||
expose:
|
||||
- 6595
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/deemix/config:/config
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/deemix/downloads:/downloads
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.deemix.rule=Host(`deemix.example.com`)
|
||||
# - traefik.http.services.deemix.loadbalancer.server.port=6595
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.deemix.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
# References
|
||||
|
||||
- https://github.com/docusealco/docuseal
|
|
@ -0,0 +1,52 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
|
||||
app:
|
||||
image: docuseal/docuseal:latest
|
||||
container_name: docuseal
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- DATABASE_URL=postgresql://postgres:postgres@postgres:5432/docuseal
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docuseal/data:/data
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- 3000:3000
|
||||
expose:
|
||||
- 3000
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.docuseal.rule=Host(`docuseal.example.com`)
|
||||
# - traefik.http.services.docuseal.loadbalancer.server.port=3000
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.docuseal.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
postgres:
|
||||
image: postgres:15-alpine
|
||||
container_name: docuseal-db
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_USER=postgres
|
||||
- POSTGRES_PASSWORD=postgres
|
||||
- POSTGRES_DB=docuseal
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/docuseal/pg_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
expose:
|
||||
- 5432
|
||||
#networks:
|
||||
# - proxy
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
|
@ -35,6 +35,6 @@ services:
|
|||
- MYSQL_ROOT_PASSWORD=password2
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/domainmod/database:/config
|
||||
#ports:
|
||||
# - 3306
|
||||
expose:
|
||||
- 3306
|
||||
restart: unless-stopped
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
# References
|
||||
|
||||
- https://hub.docker.com/r/vectorim/element-web
|
|
@ -1,9 +0,0 @@
|
|||
version: '3.3'
|
||||
|
||||
services:
|
||||
element-web:
|
||||
image: 'vectorim/element-web'
|
||||
container_name: element-web
|
||||
ports:
|
||||
- '80:80'
|
||||
restart: unless-stopped
|
|
@ -0,0 +1,35 @@
|
|||
# References
|
||||
|
||||
- https://hub.docker.com/r/guacamole/guacamole/
|
||||
|
||||
# Notes
|
||||
|
||||
Before spawning up the Docker Compose stack you have to pre-supply an `initdb.sql` initialization file for the Postgresql database.
|
||||
|
||||
The file is provided in this repository but can also be created dynamically via:
|
||||
|
||||
````
|
||||
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > initdb.sql
|
||||
````
|
||||
|
||||
Please go ahead and place this init file in the corresponding Docker Volume Bind Mount.
|
||||
|
||||
````
|
||||
mkdir -p /mnt/docker-volumes/guacamole/psql/init
|
||||
|
||||
# Option 1: move init file from this repo to the new location
|
||||
mv initdb.sql /mnt/docker-volumes/guacamole/psql/init/.
|
||||
|
||||
# Option2: create it dynamically and place it to the new location
|
||||
docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > /mnt/docker-volumes/guacamole/psql/init/initdb.sql
|
||||
````
|
||||
|
||||
Afterwards, you can spawn up the Docker stack as follows:
|
||||
|
||||
````
|
||||
docker compose up -d
|
||||
````
|
||||
|
||||
The Guacamole login is available at `http://<YOUR-IP>:8080/guacamole`.
|
||||
|
||||
The default username is `guacadmin`. The default password is `guacadmin`.
|
|
@ -0,0 +1,64 @@
|
|||
version: '2.0'
|
||||
|
||||
services:
|
||||
|
||||
guacd:
|
||||
image: guacamole/guacd
|
||||
container_name: guacamole-guacd
|
||||
restart: always
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/guacd/drive:/drive:rw
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/guacd/record:/record:rw
|
||||
#networks:
|
||||
# - proxy
|
||||
|
||||
postgres:
|
||||
image: postgres:15.2-alpine
|
||||
container_name: guacamole-db
|
||||
restart: always
|
||||
environment:
|
||||
- PGDATA=/var/lib/postgresql/data/guacamole
|
||||
- POSTGRES_DB=guacamole_db
|
||||
- POSTGRES_PASSWORD=ChooseYourOwnPasswordHere1234
|
||||
- POSTGRES_USER=guacamole_user
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/psql/init:/docker-entrypoint-initdb.d:z
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/guacamole/psql/data:/var/lib/postgresql/data:Z
|
||||
#networks:
|
||||
# - proxy
|
||||
|
||||
# guacamole
|
||||
guacamole:
|
||||
image: guacamole/guacamole
|
||||
container_name: guacamole-ui
|
||||
restart: always
|
||||
depends_on:
|
||||
- guacd
|
||||
- postgres
|
||||
environment:
|
||||
- GUACD_HOSTNAME=guacd
|
||||
- POSTGRES_DATABASE=guacamole_db
|
||||
- POSTGRES_HOSTNAME=postgres
|
||||
- POSTGRES_PASSWORD=ChooseYourOwnPasswordHere1234
|
||||
- POSTGRES_USER=guacamole_user
|
||||
links:
|
||||
- guacd
|
||||
ports:
|
||||
# Guacamole is on :8080/guacamole, not /.
|
||||
# Default login is guacadmin:guacadmin
|
||||
- 8080:8080/tcp
|
||||
expose:
|
||||
- 8080
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.guacamole.rule=Host(`guacamole.example.com`) && PathPrefix(`/guacamole`)
|
||||
# - traefik.http.services.guacamole.loadbalancer.server.port=8080
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.guacamole.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
|
@ -0,0 +1,791 @@
|
|||
--
|
||||
-- Licensed to the Apache Software Foundation (ASF) under one
|
||||
-- or more contributor license agreements. See the NOTICE file
|
||||
-- distributed with this work for additional information
|
||||
-- regarding copyright ownership. The ASF licenses this file
|
||||
-- to you under the Apache License, Version 2.0 (the
|
||||
-- "License"); you may not use this file except in compliance
|
||||
-- with the License. You may obtain a copy of the License at
|
||||
--
|
||||
-- http://www.apache.org/licenses/LICENSE-2.0
|
||||
--
|
||||
-- Unless required by applicable law or agreed to in writing,
|
||||
-- software distributed under the License is distributed on an
|
||||
-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
-- KIND, either express or implied. See the License for the
|
||||
-- specific language governing permissions and limitations
|
||||
-- under the License.
|
||||
--
|
||||
|
||||
--
|
||||
-- Connection group types
|
||||
--
|
||||
|
||||
CREATE TYPE guacamole_connection_group_type AS ENUM(
|
||||
'ORGANIZATIONAL',
|
||||
'BALANCING'
|
||||
);
|
||||
|
||||
--
|
||||
-- Entity types
|
||||
--
|
||||
|
||||
CREATE TYPE guacamole_entity_type AS ENUM(
|
||||
'USER',
|
||||
'USER_GROUP'
|
||||
);
|
||||
|
||||
--
|
||||
-- Object permission types
|
||||
--
|
||||
|
||||
CREATE TYPE guacamole_object_permission_type AS ENUM(
|
||||
'READ',
|
||||
'UPDATE',
|
||||
'DELETE',
|
||||
'ADMINISTER'
|
||||
);
|
||||
|
||||
--
|
||||
-- System permission types
|
||||
--
|
||||
|
||||
CREATE TYPE guacamole_system_permission_type AS ENUM(
|
||||
'CREATE_CONNECTION',
|
||||
'CREATE_CONNECTION_GROUP',
|
||||
'CREATE_SHARING_PROFILE',
|
||||
'CREATE_USER',
|
||||
'CREATE_USER_GROUP',
|
||||
'ADMINISTER'
|
||||
);
|
||||
|
||||
--
|
||||
-- Guacamole proxy (guacd) encryption methods
|
||||
--
|
||||
|
||||
CREATE TYPE guacamole_proxy_encryption_method AS ENUM(
|
||||
'NONE',
|
||||
'SSL'
|
||||
);
|
||||
|
||||
--
|
||||
-- Table of connection groups. Each connection group has a name.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_connection_group (
|
||||
|
||||
connection_group_id serial NOT NULL,
|
||||
parent_id integer,
|
||||
connection_group_name varchar(128) NOT NULL,
|
||||
type guacamole_connection_group_type
|
||||
NOT NULL DEFAULT 'ORGANIZATIONAL',
|
||||
|
||||
-- Concurrency limits
|
||||
max_connections integer,
|
||||
max_connections_per_user integer,
|
||||
enable_session_affinity boolean NOT NULL DEFAULT FALSE,
|
||||
|
||||
PRIMARY KEY (connection_group_id),
|
||||
|
||||
CONSTRAINT connection_group_name_parent
|
||||
UNIQUE (connection_group_name, parent_id),
|
||||
|
||||
CONSTRAINT guacamole_connection_group_ibfk_1
|
||||
FOREIGN KEY (parent_id)
|
||||
REFERENCES guacamole_connection_group (connection_group_id)
|
||||
ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_connection_group_parent_id
|
||||
ON guacamole_connection_group(parent_id);
|
||||
|
||||
--
|
||||
-- Table of connections. Each connection has a name, protocol, and
|
||||
-- associated set of parameters.
|
||||
-- A connection may belong to a connection group.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_connection (
|
||||
|
||||
connection_id serial NOT NULL,
|
||||
connection_name varchar(128) NOT NULL,
|
||||
parent_id integer,
|
||||
protocol varchar(32) NOT NULL,
|
||||
|
||||
-- Concurrency limits
|
||||
max_connections integer,
|
||||
max_connections_per_user integer,
|
||||
|
||||
-- Connection Weight
|
||||
connection_weight integer,
|
||||
failover_only boolean NOT NULL DEFAULT FALSE,
|
||||
|
||||
-- Guacamole proxy (guacd) overrides
|
||||
proxy_port integer,
|
||||
proxy_hostname varchar(512),
|
||||
proxy_encryption_method guacamole_proxy_encryption_method,
|
||||
|
||||
PRIMARY KEY (connection_id),
|
||||
|
||||
CONSTRAINT connection_name_parent
|
||||
UNIQUE (connection_name, parent_id),
|
||||
|
||||
CONSTRAINT guacamole_connection_ibfk_1
|
||||
FOREIGN KEY (parent_id)
|
||||
REFERENCES guacamole_connection_group (connection_group_id)
|
||||
ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_connection_parent_id
|
||||
ON guacamole_connection(parent_id);
|
||||
|
||||
--
|
||||
-- Table of base entities which may each be either a user or user group. Other
|
||||
-- tables which represent qualities shared by both users and groups will point
|
||||
-- to guacamole_entity, while tables which represent qualities specific to
|
||||
-- users or groups will point to guacamole_user or guacamole_user_group.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_entity (
|
||||
|
||||
entity_id serial NOT NULL,
|
||||
name varchar(128) NOT NULL,
|
||||
type guacamole_entity_type NOT NULL,
|
||||
|
||||
PRIMARY KEY (entity_id),
|
||||
|
||||
CONSTRAINT guacamole_entity_name_scope
|
||||
UNIQUE (type, name)
|
||||
|
||||
);
|
||||
|
||||
--
|
||||
-- Table of users. Each user has a unique username and a hashed password
|
||||
-- with corresponding salt. Although the authentication system will always set
|
||||
-- salted passwords, other systems may set unsalted passwords by simply not
|
||||
-- providing the salt.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user (
|
||||
|
||||
user_id serial NOT NULL,
|
||||
entity_id integer NOT NULL,
|
||||
|
||||
-- Optionally-salted password
|
||||
password_hash bytea NOT NULL,
|
||||
password_salt bytea,
|
||||
password_date timestamptz NOT NULL,
|
||||
|
||||
-- Account disabled/expired status
|
||||
disabled boolean NOT NULL DEFAULT FALSE,
|
||||
expired boolean NOT NULL DEFAULT FALSE,
|
||||
|
||||
-- Time-based access restriction
|
||||
access_window_start time,
|
||||
access_window_end time,
|
||||
|
||||
-- Date-based access restriction
|
||||
valid_from date,
|
||||
valid_until date,
|
||||
|
||||
-- Timezone used for all date/time comparisons and interpretation
|
||||
timezone varchar(64),
|
||||
|
||||
-- Profile information
|
||||
full_name varchar(256),
|
||||
email_address varchar(256),
|
||||
organization varchar(256),
|
||||
organizational_role varchar(256),
|
||||
|
||||
PRIMARY KEY (user_id),
|
||||
|
||||
CONSTRAINT guacamole_user_single_entity
|
||||
UNIQUE (entity_id),
|
||||
|
||||
CONSTRAINT guacamole_user_entity
|
||||
FOREIGN KEY (entity_id)
|
||||
REFERENCES guacamole_entity (entity_id)
|
||||
ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
--
|
||||
-- Table of user groups. Each user group may have an arbitrary set of member
|
||||
-- users and member groups, with those members inheriting the permissions
|
||||
-- granted to that group.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user_group (
|
||||
|
||||
user_group_id serial NOT NULL,
|
||||
entity_id integer NOT NULL,
|
||||
|
||||
-- Group disabled status
|
||||
disabled boolean NOT NULL DEFAULT FALSE,
|
||||
|
||||
PRIMARY KEY (user_group_id),
|
||||
|
||||
CONSTRAINT guacamole_user_group_single_entity
|
||||
UNIQUE (entity_id),
|
||||
|
||||
CONSTRAINT guacamole_user_group_entity
|
||||
FOREIGN KEY (entity_id)
|
||||
REFERENCES guacamole_entity (entity_id)
|
||||
ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
--
|
||||
-- Table of users which are members of given user groups.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user_group_member (
|
||||
|
||||
user_group_id integer NOT NULL,
|
||||
member_entity_id integer NOT NULL,
|
||||
|
||||
PRIMARY KEY (user_group_id, member_entity_id),
|
||||
|
||||
-- Parent must be a user group
|
||||
CONSTRAINT guacamole_user_group_member_parent
|
||||
FOREIGN KEY (user_group_id)
|
||||
REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE,
|
||||
|
||||
-- Member may be either a user or a user group (any entity)
|
||||
CONSTRAINT guacamole_user_group_member_entity
|
||||
FOREIGN KEY (member_entity_id)
|
||||
REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
--
|
||||
-- Table of sharing profiles. Each sharing profile has a name, associated set
|
||||
-- of parameters, and a primary connection. The primary connection is the
|
||||
-- connection that the sharing profile shares, and the parameters dictate the
|
||||
-- restrictions/features which apply to the user joining the connection via the
|
||||
-- sharing profile.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_sharing_profile (
|
||||
|
||||
sharing_profile_id serial NOT NULL,
|
||||
sharing_profile_name varchar(128) NOT NULL,
|
||||
primary_connection_id integer NOT NULL,
|
||||
|
||||
PRIMARY KEY (sharing_profile_id),
|
||||
|
||||
CONSTRAINT sharing_profile_name_primary
|
||||
UNIQUE (sharing_profile_name, primary_connection_id),
|
||||
|
||||
CONSTRAINT guacamole_sharing_profile_ibfk_1
|
||||
FOREIGN KEY (primary_connection_id)
|
||||
REFERENCES guacamole_connection (connection_id)
|
||||
ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_sharing_profile_primary_connection_id
|
||||
ON guacamole_sharing_profile(primary_connection_id);
|
||||
|
||||
--
|
||||
-- Table of connection parameters. Each parameter is simply a name/value pair
|
||||
-- associated with a connection.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_connection_parameter (
|
||||
|
||||
connection_id integer NOT NULL,
|
||||
parameter_name varchar(128) NOT NULL,
|
||||
parameter_value varchar(4096) NOT NULL,
|
||||
|
||||
PRIMARY KEY (connection_id,parameter_name),
|
||||
|
||||
CONSTRAINT guacamole_connection_parameter_ibfk_1
|
||||
FOREIGN KEY (connection_id)
|
||||
REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_connection_parameter_connection_id
|
||||
ON guacamole_connection_parameter(connection_id);
|
||||
|
||||
--
|
||||
-- Table of sharing profile parameters. Each parameter is simply
|
||||
-- name/value pair associated with a sharing profile. These parameters dictate
|
||||
-- the restrictions/features which apply to the user joining the associated
|
||||
-- connection via the sharing profile.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_sharing_profile_parameter (
|
||||
|
||||
sharing_profile_id integer NOT NULL,
|
||||
parameter_name varchar(128) NOT NULL,
|
||||
parameter_value varchar(4096) NOT NULL,
|
||||
|
||||
PRIMARY KEY (sharing_profile_id, parameter_name),
|
||||
|
||||
CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1
|
||||
FOREIGN KEY (sharing_profile_id)
|
||||
REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_sharing_profile_parameter_sharing_profile_id
|
||||
ON guacamole_sharing_profile_parameter(sharing_profile_id);
|
||||
|
||||
--
|
||||
-- Table of arbitrary user attributes. Each attribute is simply a name/value
|
||||
-- pair associated with a user. Arbitrary attributes are defined by other
|
||||
-- extensions. Attributes defined by this extension will be mapped to
|
||||
-- properly-typed columns of a specific table.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user_attribute (
|
||||
|
||||
user_id integer NOT NULL,
|
||||
attribute_name varchar(128) NOT NULL,
|
||||
attribute_value varchar(4096) NOT NULL,
|
||||
|
||||
PRIMARY KEY (user_id, attribute_name),
|
||||
|
||||
CONSTRAINT guacamole_user_attribute_ibfk_1
|
||||
FOREIGN KEY (user_id)
|
||||
REFERENCES guacamole_user (user_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_user_attribute_user_id
|
||||
ON guacamole_user_attribute(user_id);
|
||||
|
||||
--
|
||||
-- Table of arbitrary user group attributes. Each attribute is simply a
|
||||
-- name/value pair associated with a user group. Arbitrary attributes are
|
||||
-- defined by other extensions. Attributes defined by this extension will be
|
||||
-- mapped to properly-typed columns of a specific table.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user_group_attribute (
|
||||
|
||||
user_group_id integer NOT NULL,
|
||||
attribute_name varchar(128) NOT NULL,
|
||||
attribute_value varchar(4096) NOT NULL,
|
||||
|
||||
PRIMARY KEY (user_group_id, attribute_name),
|
||||
|
||||
CONSTRAINT guacamole_user_group_attribute_ibfk_1
|
||||
FOREIGN KEY (user_group_id)
|
||||
REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_user_group_attribute_user_group_id
|
||||
ON guacamole_user_group_attribute(user_group_id);
|
||||
|
||||
--
|
||||
-- Table of arbitrary connection attributes. Each attribute is simply a
|
||||
-- name/value pair associated with a connection. Arbitrary attributes are
|
||||
-- defined by other extensions. Attributes defined by this extension will be
|
||||
-- mapped to properly-typed columns of a specific table.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_connection_attribute (
|
||||
|
||||
connection_id integer NOT NULL,
|
||||
attribute_name varchar(128) NOT NULL,
|
||||
attribute_value varchar(4096) NOT NULL,
|
||||
|
||||
PRIMARY KEY (connection_id, attribute_name),
|
||||
|
||||
CONSTRAINT guacamole_connection_attribute_ibfk_1
|
||||
FOREIGN KEY (connection_id)
|
||||
REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_connection_attribute_connection_id
|
||||
ON guacamole_connection_attribute(connection_id);
|
||||
|
||||
--
|
||||
-- Table of arbitrary connection group attributes. Each attribute is simply a
|
||||
-- name/value pair associated with a connection group. Arbitrary attributes are
|
||||
-- defined by other extensions. Attributes defined by this extension will be
|
||||
-- mapped to properly-typed columns of a specific table.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_connection_group_attribute (
|
||||
|
||||
connection_group_id integer NOT NULL,
|
||||
attribute_name varchar(128) NOT NULL,
|
||||
attribute_value varchar(4096) NOT NULL,
|
||||
|
||||
PRIMARY KEY (connection_group_id, attribute_name),
|
||||
|
||||
CONSTRAINT guacamole_connection_group_attribute_ibfk_1
|
||||
FOREIGN KEY (connection_group_id)
|
||||
REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_connection_group_attribute_connection_group_id
|
||||
ON guacamole_connection_group_attribute(connection_group_id);
|
||||
|
||||
--
|
||||
-- Table of arbitrary sharing profile attributes. Each attribute is simply a
|
||||
-- name/value pair associated with a sharing profile. Arbitrary attributes are
|
||||
-- defined by other extensions. Attributes defined by this extension will be
|
||||
-- mapped to properly-typed columns of a specific table.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_sharing_profile_attribute (
|
||||
|
||||
sharing_profile_id integer NOT NULL,
|
||||
attribute_name varchar(128) NOT NULL,
|
||||
attribute_value varchar(4096) NOT NULL,
|
||||
|
||||
PRIMARY KEY (sharing_profile_id, attribute_name),
|
||||
|
||||
CONSTRAINT guacamole_sharing_profile_attribute_ibfk_1
|
||||
FOREIGN KEY (sharing_profile_id)
|
||||
REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_sharing_profile_attribute_sharing_profile_id
|
||||
ON guacamole_sharing_profile_attribute(sharing_profile_id);
|
||||
|
||||
--
|
||||
-- Table of connection permissions. Each connection permission grants a user or
|
||||
-- user group specific access to a connection.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_connection_permission (
|
||||
|
||||
entity_id integer NOT NULL,
|
||||
connection_id integer NOT NULL,
|
||||
permission guacamole_object_permission_type NOT NULL,
|
||||
|
||||
PRIMARY KEY (entity_id, connection_id, permission),
|
||||
|
||||
CONSTRAINT guacamole_connection_permission_ibfk_1
|
||||
FOREIGN KEY (connection_id)
|
||||
REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE,
|
||||
|
||||
CONSTRAINT guacamole_connection_permission_entity
|
||||
FOREIGN KEY (entity_id)
|
||||
REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_connection_permission_connection_id
|
||||
ON guacamole_connection_permission(connection_id);
|
||||
|
||||
CREATE INDEX guacamole_connection_permission_entity_id
|
||||
ON guacamole_connection_permission(entity_id);
|
||||
|
||||
--
|
||||
-- Table of connection group permissions. Each group permission grants a user
|
||||
-- or user group specific access to a connection group.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_connection_group_permission (
|
||||
|
||||
entity_id integer NOT NULL,
|
||||
connection_group_id integer NOT NULL,
|
||||
permission guacamole_object_permission_type NOT NULL,
|
||||
|
||||
PRIMARY KEY (entity_id, connection_group_id, permission),
|
||||
|
||||
CONSTRAINT guacamole_connection_group_permission_ibfk_1
|
||||
FOREIGN KEY (connection_group_id)
|
||||
REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE,
|
||||
|
||||
CONSTRAINT guacamole_connection_group_permission_entity
|
||||
FOREIGN KEY (entity_id)
|
||||
REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_connection_group_permission_connection_group_id
|
||||
ON guacamole_connection_group_permission(connection_group_id);
|
||||
|
||||
CREATE INDEX guacamole_connection_group_permission_entity_id
|
||||
ON guacamole_connection_group_permission(entity_id);
|
||||
|
||||
--
|
||||
-- Table of sharing profile permissions. Each sharing profile permission grants
|
||||
-- a user or user group specific access to a sharing profile.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_sharing_profile_permission (
|
||||
|
||||
entity_id integer NOT NULL,
|
||||
sharing_profile_id integer NOT NULL,
|
||||
permission guacamole_object_permission_type NOT NULL,
|
||||
|
||||
PRIMARY KEY (entity_id, sharing_profile_id, permission),
|
||||
|
||||
CONSTRAINT guacamole_sharing_profile_permission_ibfk_1
|
||||
FOREIGN KEY (sharing_profile_id)
|
||||
REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE,
|
||||
|
||||
CONSTRAINT guacamole_sharing_profile_permission_entity
|
||||
FOREIGN KEY (entity_id)
|
||||
REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_sharing_profile_permission_sharing_profile_id
|
||||
ON guacamole_sharing_profile_permission(sharing_profile_id);
|
||||
|
||||
CREATE INDEX guacamole_sharing_profile_permission_entity_id
|
||||
ON guacamole_sharing_profile_permission(entity_id);
|
||||
|
||||
--
|
||||
-- Table of system permissions. Each system permission grants a user or user
|
||||
-- group a system-level privilege of some kind.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_system_permission (
|
||||
|
||||
entity_id integer NOT NULL,
|
||||
permission guacamole_system_permission_type NOT NULL,
|
||||
|
||||
PRIMARY KEY (entity_id, permission),
|
||||
|
||||
CONSTRAINT guacamole_system_permission_entity
|
||||
FOREIGN KEY (entity_id)
|
||||
REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_system_permission_entity_id
|
||||
ON guacamole_system_permission(entity_id);
|
||||
|
||||
--
|
||||
-- Table of user permissions. Each user permission grants a user or user group
|
||||
-- access to another user (the "affected" user) for a specific type of
|
||||
-- operation.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user_permission (
|
||||
|
||||
entity_id integer NOT NULL,
|
||||
affected_user_id integer NOT NULL,
|
||||
permission guacamole_object_permission_type NOT NULL,
|
||||
|
||||
PRIMARY KEY (entity_id, affected_user_id, permission),
|
||||
|
||||
CONSTRAINT guacamole_user_permission_ibfk_1
|
||||
FOREIGN KEY (affected_user_id)
|
||||
REFERENCES guacamole_user (user_id) ON DELETE CASCADE,
|
||||
|
||||
CONSTRAINT guacamole_user_permission_entity
|
||||
FOREIGN KEY (entity_id)
|
||||
REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_user_permission_affected_user_id
|
||||
ON guacamole_user_permission(affected_user_id);
|
||||
|
||||
CREATE INDEX guacamole_user_permission_entity_id
|
||||
ON guacamole_user_permission(entity_id);
|
||||
|
||||
--
|
||||
-- Table of user group permissions. Each user group permission grants a user
|
||||
-- or user group access to a another user group (the "affected" user group) for
|
||||
-- a specific type of operation.
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user_group_permission (
|
||||
|
||||
entity_id integer NOT NULL,
|
||||
affected_user_group_id integer NOT NULL,
|
||||
permission guacamole_object_permission_type NOT NULL,
|
||||
|
||||
PRIMARY KEY (entity_id, affected_user_group_id, permission),
|
||||
|
||||
CONSTRAINT guacamole_user_group_permission_affected_user_group
|
||||
FOREIGN KEY (affected_user_group_id)
|
||||
REFERENCES guacamole_user_group (user_group_id) ON DELETE CASCADE,
|
||||
|
||||
CONSTRAINT guacamole_user_group_permission_entity
|
||||
FOREIGN KEY (entity_id)
|
||||
REFERENCES guacamole_entity (entity_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_user_group_permission_affected_user_group_id
|
||||
ON guacamole_user_group_permission(affected_user_group_id);
|
||||
|
||||
CREATE INDEX guacamole_user_group_permission_entity_id
|
||||
ON guacamole_user_group_permission(entity_id);
|
||||
|
||||
--
|
||||
-- Table of connection history records. Each record defines a specific user's
|
||||
-- session, including the connection used, the start time, and the end time
|
||||
-- (if any).
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_connection_history (
|
||||
|
||||
history_id serial NOT NULL,
|
||||
user_id integer DEFAULT NULL,
|
||||
username varchar(128) NOT NULL,
|
||||
remote_host varchar(256) DEFAULT NULL,
|
||||
connection_id integer DEFAULT NULL,
|
||||
connection_name varchar(128) NOT NULL,
|
||||
sharing_profile_id integer DEFAULT NULL,
|
||||
sharing_profile_name varchar(128) DEFAULT NULL,
|
||||
start_date timestamptz NOT NULL,
|
||||
end_date timestamptz DEFAULT NULL,
|
||||
|
||||
PRIMARY KEY (history_id),
|
||||
|
||||
CONSTRAINT guacamole_connection_history_ibfk_1
|
||||
FOREIGN KEY (user_id)
|
||||
REFERENCES guacamole_user (user_id) ON DELETE SET NULL,
|
||||
|
||||
CONSTRAINT guacamole_connection_history_ibfk_2
|
||||
FOREIGN KEY (connection_id)
|
||||
REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL,
|
||||
|
||||
CONSTRAINT guacamole_connection_history_ibfk_3
|
||||
FOREIGN KEY (sharing_profile_id)
|
||||
REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_connection_history_user_id
|
||||
ON guacamole_connection_history(user_id);
|
||||
|
||||
CREATE INDEX guacamole_connection_history_connection_id
|
||||
ON guacamole_connection_history(connection_id);
|
||||
|
||||
CREATE INDEX guacamole_connection_history_sharing_profile_id
|
||||
ON guacamole_connection_history(sharing_profile_id);
|
||||
|
||||
CREATE INDEX guacamole_connection_history_start_date
|
||||
ON guacamole_connection_history(start_date);
|
||||
|
||||
CREATE INDEX guacamole_connection_history_end_date
|
||||
ON guacamole_connection_history(end_date);
|
||||
|
||||
CREATE INDEX guacamole_connection_history_connection_id_start_date
|
||||
ON guacamole_connection_history(connection_id, start_date);
|
||||
|
||||
--
|
||||
-- User login/logout history
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user_history (
|
||||
|
||||
history_id serial NOT NULL,
|
||||
user_id integer DEFAULT NULL,
|
||||
username varchar(128) NOT NULL,
|
||||
remote_host varchar(256) DEFAULT NULL,
|
||||
start_date timestamptz NOT NULL,
|
||||
end_date timestamptz DEFAULT NULL,
|
||||
|
||||
PRIMARY KEY (history_id),
|
||||
|
||||
CONSTRAINT guacamole_user_history_ibfk_1
|
||||
FOREIGN KEY (user_id)
|
||||
REFERENCES guacamole_user (user_id) ON DELETE SET NULL
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_user_history_user_id
|
||||
ON guacamole_user_history(user_id);
|
||||
|
||||
CREATE INDEX guacamole_user_history_start_date
|
||||
ON guacamole_user_history(start_date);
|
||||
|
||||
CREATE INDEX guacamole_user_history_end_date
|
||||
ON guacamole_user_history(end_date);
|
||||
|
||||
CREATE INDEX guacamole_user_history_user_id_start_date
|
||||
ON guacamole_user_history(user_id, start_date);
|
||||
|
||||
--
|
||||
-- User password history
|
||||
--
|
||||
|
||||
CREATE TABLE guacamole_user_password_history (
|
||||
|
||||
password_history_id serial NOT NULL,
|
||||
user_id integer NOT NULL,
|
||||
|
||||
-- Salted password
|
||||
password_hash bytea NOT NULL,
|
||||
password_salt bytea,
|
||||
password_date timestamptz NOT NULL,
|
||||
|
||||
PRIMARY KEY (password_history_id),
|
||||
|
||||
CONSTRAINT guacamole_user_password_history_ibfk_1
|
||||
FOREIGN KEY (user_id)
|
||||
REFERENCES guacamole_user (user_id) ON DELETE CASCADE
|
||||
|
||||
);
|
||||
|
||||
CREATE INDEX guacamole_user_password_history_user_id
|
||||
ON guacamole_user_password_history(user_id);
|
||||
|
||||
--
|
||||
-- Licensed to the Apache Software Foundation (ASF) under one
|
||||
-- or more contributor license agreements. See the NOTICE file
|
||||
-- distributed with this work for additional information
|
||||
-- regarding copyright ownership. The ASF licenses this file
|
||||
-- to you under the Apache License, Version 2.0 (the
|
||||
-- "License"); you may not use this file except in compliance
|
||||
-- with the License. You may obtain a copy of the License at
|
||||
--
|
||||
-- http://www.apache.org/licenses/LICENSE-2.0
|
||||
--
|
||||
-- Unless required by applicable law or agreed to in writing,
|
||||
-- software distributed under the License is distributed on an
|
||||
-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
-- KIND, either express or implied. See the License for the
|
||||
-- specific language governing permissions and limitations
|
||||
-- under the License.
|
||||
--
|
||||
|
||||
-- Create default user "guacadmin" with password "guacadmin"
|
||||
INSERT INTO guacamole_entity (name, type) VALUES ('guacadmin', 'USER');
|
||||
INSERT INTO guacamole_user (entity_id, password_hash, password_salt, password_date)
|
||||
SELECT
|
||||
entity_id,
|
||||
decode('CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960', 'hex'), -- 'guacadmin'
|
||||
decode('FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264', 'hex'),
|
||||
CURRENT_TIMESTAMP
|
||||
FROM guacamole_entity WHERE name = 'guacadmin' AND guacamole_entity.type = 'USER';
|
||||
|
||||
-- Grant this user all system permissions
|
||||
INSERT INTO guacamole_system_permission (entity_id, permission)
|
||||
SELECT entity_id, permission::guacamole_system_permission_type
|
||||
FROM (
|
||||
VALUES
|
||||
('guacadmin', 'CREATE_CONNECTION'),
|
||||
('guacadmin', 'CREATE_CONNECTION_GROUP'),
|
||||
('guacadmin', 'CREATE_SHARING_PROFILE'),
|
||||
('guacadmin', 'CREATE_USER'),
|
||||
('guacadmin', 'CREATE_USER_GROUP'),
|
||||
('guacadmin', 'ADMINISTER')
|
||||
) permissions (username, permission)
|
||||
JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER';
|
||||
|
||||
-- Grant admin permission to read/update/administer self
|
||||
INSERT INTO guacamole_user_permission (entity_id, affected_user_id, permission)
|
||||
SELECT guacamole_entity.entity_id, guacamole_user.user_id, permission::guacamole_object_permission_type
|
||||
FROM (
|
||||
VALUES
|
||||
('guacadmin', 'guacadmin', 'READ'),
|
||||
('guacadmin', 'guacadmin', 'UPDATE'),
|
||||
('guacadmin', 'guacadmin', 'ADMINISTER')
|
||||
) permissions (username, affected_username, permission)
|
||||
JOIN guacamole_entity ON permissions.username = guacamole_entity.name AND guacamole_entity.type = 'USER'
|
||||
JOIN guacamole_entity affected ON permissions.affected_username = affected.name AND guacamole_entity.type = 'USER'
|
||||
JOIN guacamole_user ON guacamole_user.entity_id = affected.entity_id;
|
|
@ -14,8 +14,9 @@ services:
|
|||
links:
|
||||
- mongo
|
||||
- redis
|
||||
stop_grace_period: 60s
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sharelatex/data:/var/lib/sharelatex
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/sharelatex/data:/var/lib/overleaf
|
||||
########################################################################
|
||||
#### Server Pro: Uncomment the following line to mount the docker ####
|
||||
#### socket, required for Sibling Containers to work ####
|
||||
|
@ -23,12 +24,12 @@ services:
|
|||
# - /var/run/docker.sock:/var/run/docker.sock
|
||||
environment:
|
||||
|
||||
SHARELATEX_APP_NAME: Overleaf Community Edition
|
||||
SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex
|
||||
OVERLEAF_APP_NAME: Overleaf Community Edition
|
||||
OVERLEAF_MONGO_URL: mongodb://mongo/sharelatex
|
||||
|
||||
# Same property, unfortunately with different names in
|
||||
# different locations
|
||||
SHARELATEX_REDIS_HOST: redis
|
||||
OVERLEAF_REDIS_HOST: redis
|
||||
REDIS_HOST: redis
|
||||
|
||||
ENABLED_LINKED_FILE_TYPES: 'project_file,project_output_file'
|
||||
|
@ -46,29 +47,31 @@ services:
|
|||
## Set for SSL via nginx-proxy
|
||||
#VIRTUAL_HOST: 103.112.212.22
|
||||
|
||||
# SHARELATEX_SITE_URL: http://sharelatex.mydomain.com
|
||||
# SHARELATEX_NAV_TITLE: Our ShareLaTeX Instance
|
||||
# SHARELATEX_HEADER_IMAGE_URL: http://somewhere.com/mylogo.png
|
||||
# SHARELATEX_ADMIN_EMAIL: support@it.com
|
||||
# OVERLEAF_SITE_URL: http://overleaf.example.com
|
||||
# OVERLEAF_NAV_TITLE: Overleaf Community Edition
|
||||
# OVERLEAF_HEADER_IMAGE_URL: http://example.com/mylogo.png
|
||||
# OVERLEAF_ADMIN_EMAIL: support@it.com
|
||||
|
||||
# SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"},{"text": "Another page I want to link to can be found <a href=\"here\">here</a>"} ]'
|
||||
# SHARELATEX_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]'
|
||||
# OVERLEAF_LEFT_FOOTER: '[{"text": "Another page I want to link to can be found <a href=\"here\">here</a>"} ]'
|
||||
# OVERLEAF_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]'
|
||||
|
||||
# SHARELATEX_EMAIL_FROM_ADDRESS: "team@sharelatex.com"
|
||||
# OVERLEAF_EMAIL_FROM_ADDRESS: "hello@example.com"
|
||||
|
||||
# SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
|
||||
# SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
|
||||
# OVERLEAF_EMAIL_AWS_SES_ACCESS_KEY_ID:
|
||||
# OVERLEAF_EMAIL_AWS_SES_SECRET_KEY:
|
||||
|
||||
# SHARELATEX_EMAIL_SMTP_HOST: smtp.mydomain.com
|
||||
# SHARELATEX_EMAIL_SMTP_PORT: 587
|
||||
# SHARELATEX_EMAIL_SMTP_SECURE: false
|
||||
# SHARELATEX_EMAIL_SMTP_USER:
|
||||
# SHARELATEX_EMAIL_SMTP_PASS:
|
||||
# SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
|
||||
# SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
|
||||
# SHARELATEX_EMAIL_SMTP_NAME: '127.0.0.1'
|
||||
# SHARELATEX_EMAIL_SMTP_LOGGER: true
|
||||
# SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by department x"
|
||||
# OVERLEAF_EMAIL_SMTP_HOST: smtp.example.com
|
||||
# OVERLEAF_EMAIL_SMTP_PORT: 587
|
||||
# OVERLEAF_EMAIL_SMTP_SECURE: false
|
||||
# OVERLEAF_EMAIL_SMTP_USER:
|
||||
# OVERLEAF_EMAIL_SMTP_PASS:
|
||||
# OVERLEAF_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
|
||||
# OVERLEAF_EMAIL_SMTP_IGNORE_TLS: false
|
||||
# OVERLEAF_EMAIL_SMTP_NAME: '127.0.0.1'
|
||||
# OVERLEAF_EMAIL_SMTP_LOGGER: true
|
||||
# OVERLEAF_CUSTOM_EMAIL_FOOTER: "This system is run by department x"
|
||||
|
||||
# ENABLE_CRON_RESOURCE_DELETION: true
|
||||
|
||||
################
|
||||
## Server Pro ##
|
||||
|
@ -82,25 +85,25 @@ services:
|
|||
# DOCKER_RUNNER: 'false'
|
||||
|
||||
## Works with test LDAP server shown at bottom of docker compose
|
||||
# SHARELATEX_LDAP_URL: 'ldap://ldap:389'
|
||||
# SHARELATEX_LDAP_SEARCH_BASE: 'ou=people,dc=planetexpress,dc=com'
|
||||
# SHARELATEX_LDAP_SEARCH_FILTER: '(uid={{username}})'
|
||||
# SHARELATEX_LDAP_BIND_DN: 'cn=admin,dc=planetexpress,dc=com'
|
||||
# SHARELATEX_LDAP_BIND_CREDENTIALS: 'GoodNewsEveryone'
|
||||
# SHARELATEX_LDAP_EMAIL_ATT: 'mail'
|
||||
# SHARELATEX_LDAP_NAME_ATT: 'cn'
|
||||
# SHARELATEX_LDAP_LAST_NAME_ATT: 'sn'
|
||||
# SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN: 'true'
|
||||
# OVERLEAF_LDAP_URL: 'ldap://ldap:389'
|
||||
# OVERLEAF_LDAP_SEARCH_BASE: 'ou=people,dc=planetexpress,dc=com'
|
||||
# OVERLEAF_LDAP_SEARCH_FILTER: '(uid={{username}})'
|
||||
# OVERLEAF_LDAP_BIND_DN: 'cn=admin,dc=planetexpress,dc=com'
|
||||
# OVERLEAF_LDAP_BIND_CREDENTIALS: 'GoodNewsEveryone'
|
||||
# OVERLEAF_LDAP_EMAIL_ATT: 'mail'
|
||||
# OVERLEAF_LDAP_NAME_ATT: 'cn'
|
||||
# OVERLEAF_LDAP_LAST_NAME_ATT: 'sn'
|
||||
# OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN: 'true'
|
||||
|
||||
# SHARELATEX_TEMPLATES_USER_ID: "578773160210479700917ee5"
|
||||
# SHARELATEX_NEW_PROJECT_TEMPLATE_LINKS: '[ {"name":"All Templates","url":"/templates/all"}]'
|
||||
# OVERLEAF_TEMPLATES_USER_ID: "578773160210479700917ee5"
|
||||
# OVERLEAF_NEW_PROJECT_TEMPLATE_LINKS: '[ {"name":"All Templates","url":"/templates/all"}]'
|
||||
|
||||
|
||||
# SHARELATEX_PROXY_LEARN: "true"
|
||||
# OVERLEAF_PROXY_LEARN: "true"
|
||||
|
||||
mongo:
|
||||
restart: always
|
||||
image: mongo:4.4
|
||||
image: mongo:5.0
|
||||
container_name: sharelatex-mongo
|
||||
expose:
|
||||
- 27017
|
||||
|
@ -114,7 +117,7 @@ services:
|
|||
|
||||
redis:
|
||||
restart: always
|
||||
image: redis:5
|
||||
image: redis:6.2-alpine
|
||||
container_name: sharelatex-redis
|
||||
expose:
|
||||
- 6379
|
||||
|
|
|
@ -2,3 +2,7 @@
|
|||
|
||||
- https://github.com/ciur/papermerge/blob/master/docker/docker-compose.yml
|
||||
- https://hub.docker.com/r/linuxserver/papermerge (deprecated)
|
||||
|
||||
# Notes
|
||||
|
||||
Default login is `admin:admin`
|
||||
|
|
|
@ -0,0 +1,85 @@
|
|||
version: '3.7'
|
||||
|
||||
services:
|
||||
|
||||
app:
|
||||
image: eugenci/papermerge:2.0.0
|
||||
container_name: papermerge-app
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- 8000
|
||||
ports:
|
||||
- 8888:8000
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
- worker
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/media_root:/opt/media
|
||||
environment:
|
||||
- DJANGO_SETTINGS_MODULE=config.settings.production
|
||||
- POSTGRES_USER=dbuser
|
||||
- POSTGRES_PASSWORD=dbpass
|
||||
- POSTGRES_DB=dbname
|
||||
- POSTGRES_HOST=db
|
||||
- POSTGRES_PORT=5432
|
||||
#networks:
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.papermerge.rule=Host(`papermerge.example.com`)
|
||||
# - traefik.http.services.papermerge.loadbalancer.server.port=8000
|
||||
# # Optional part for file upload max sizes
|
||||
# - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.memRequestBodyBytes=50000000
|
||||
# - traefik.http.middlewares.limit.buffering.memResponseBodyBytes=50000000
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.papermerge.middlewares=local-ipwhitelist@file,authelia@docker
|
||||
|
||||
db:
|
||||
image: postgres:12.3-alpine
|
||||
container_name: papermerge-db
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- 5432
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/psql-data:/var/lib/postgresql/data/
|
||||
environment:
|
||||
- POSTGRES_USER=dbuser
|
||||
- POSTGRES_PASSWORD=dbpass
|
||||
- POSTGRES_DB=dbname
|
||||
#networks:
|
||||
# - proxy
|
||||
|
||||
redis:
|
||||
container_name: papermerge-redis
|
||||
image: redis:6-alpine
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- 6379
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/redis-data:/data
|
||||
#networks:
|
||||
# - proxy
|
||||
|
||||
worker:
|
||||
image: eugenci/papermerge-worker:v2.0.0
|
||||
container_name: papermerge-worker
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/papermerge/media_root:/opt/media
|
||||
environment:
|
||||
- DJANGO_SETTINGS_MODULE=config.settings.production
|
||||
- POSTGRES_USER=dbuser
|
||||
- POSTGRES_PASSWORD=dbpass
|
||||
- POSTGRES_DB=dbname
|
||||
- POSTGRES_HOST=db
|
||||
- POSTGRES_PORT=5432
|
||||
#networks:
|
||||
# - proxy
|
||||
|
||||
#networks:
|
||||
# proxy:
|
||||
# external: true
|
|
@ -58,7 +58,7 @@ http:
|
|||
Server: "" # prevent version disclosure
|
||||
X-Powered-By: "" # prevent version disclosure
|
||||
X-Forwarded-Proto: "https"
|
||||
#Permissions-Policy: "geolocation=(self), midi=(self), camera=(self), usb=(self), magnetometer=(self), accelerometer=(self), gyroscope=(self), microphone=(self)"
|
||||
#Permissions-Policy: "accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
|
||||
#Cross-Origin-Embedder-Policy: "unsafe-none"
|
||||
#Cross-Origin-Opener-Policy: "same-origin"
|
||||
#Cross-Origin-Resource-Policy: "same-site"
|
||||
|
@ -76,7 +76,7 @@ http:
|
|||
stsIncludeSubdomains: true # HTTP-Strict-Transport-Security (HSTS)
|
||||
stsSeconds: 63072000 # HTTP-Strict-Transport-Security (HSTS)
|
||||
stsPreload: true # HTTP-Strict-Transport-Security (HSTS)
|
||||
#contentSecurityPolicy: "block-all-mixed-content" # Content-Security-Policy (CSP)
|
||||
#contentSecurityPolicy: "default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content" # Content-Security-Policy (CSP)
|
||||
|
||||
# Authelia guard
|
||||
authelia:
|
||||
|
|
|
@ -37,9 +37,6 @@ services:
|
|||
# - traefik.http.routers.vaultwarden.rule=Host(`bitwarden.example.com`)
|
||||
# - traefik.http.routers.vaultwarden.service=vaultwarden
|
||||
# - traefik.http.services.vaultwarden.loadbalancer.server.port=80
|
||||
# - traefik.http.routers.vaultwarden-ws.rule=Host(`bitwarden.example.com`) && Path(`/notifications/hub`)
|
||||
# - traefik.http.routers.vaultwarden-ws.service=vaultwarden-ws
|
||||
# - traefik.http.services.vaultwarden-ws.loadbalancer.server.port=3012
|
||||
# - traefik.http.routers.vaultwarden-admin.rule=Host(`bitwarden.example.com`) && Path(`/admin`)
|
||||
# - traefik.http.routers.vaultwarden-admin.service=vaultwarden
|
||||
# - traefik.http.services.vaultwarden-admin.loadbalancer.server.port=80
|
||||
|
|
|
@ -10,13 +10,13 @@ services:
|
|||
container_name: wikijs
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 3000:3000 # WEB UI
|
||||
- 8888:3000 # WEB UI
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wikijs/config:/config
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/wikijs/data:/data
|
||||
links:
|
||||
- db
|
||||
|
||||
|
||||
db:
|
||||
environment:
|
||||
- POSTGRES_PASSWORD=MySecureDatabasePassword
|
||||
|
|
Ładowanie…
Reference in New Issue