-
Jens Sandmann authoredtodo aus ansible ergänzt
Jens Sandmann authoredtodo aus ansible ergänzt
docker-compose.yml 1.58 KiB
version: "3"
services:
app:
image: quay.io/hedgedoc/hedgedoc:1.7.2-debian
restart: always
depends_on:
- db
environment:
CMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd"
CMD_SESSION_SECRET: "{{ hackmd_session_secret }}"
CMD_ALLOW_ANONYMOUS: "true"
CMD_ALLOW_ANONYMOUS_EDITS: "true"
CMD_DEFAULT_PERMISSION: "freely"
CMD_ALLOW_FREEURL: "true"
CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
CMD_LDAP_BINDDN: "{{ ldap_readonly_bind_dn }}"
CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
CMD_LDAP_SEARCHBASE: "{{ ldap_base_dn }}"
CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
CMD_LDAP_SEARCHATTRIBUTES: "uid"
CMD_LDAP_USERIDFIELD: "uid"
CMD_LDAP_USERNAMEFIELD: "uid"
CMD_EMAIL: "false"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=3000
networks:
- default
- web
db:
image: mariadb:10.5.8
restart: always
volumes:
- /srv/hackmd/db:/var/lib/mysql
- /srv/hackmd/mysql-utf8.cnf:/etc/mysql/conf.d/utf8.cnf
environment:
MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}"
MYSQL_PASSWORD: "{{ mysql_user_pass }}"
MYSQL_DATABASE: "hackmd"
MYSQL_USER: "hackmd"
networks:
- default
networks:
web:
external: true