diff --git a/bookstack/docker-compose.yml b/bookstack/docker-compose.yml index 5a3f4ee..2479123 100644 --- a/bookstack/docker-compose.yml +++ b/bookstack/docker-compose.yml @@ -1,89 +1,126 @@ --- - -# This is an example complete example docker-compose.yml -# file for a linuxserver.io based BookStack setup -# using the linuxserver.io MariaDB conatiner. - -# ENSURE YOU PAY ATTENTION TO ALL COMMENTS BELOW. -# Many of the values are just examples, and you WILL -# have to make changes to suit your environment. - -# These containers are maintained by the linuxserver.io -# team, not the official BookStack project. - -# For non-commented options, refer to the linuxserver documentation: -# https://docs.linuxserver.io/images/docker-bookstack/#environment-variables-e - +version: "2" services: - - # The container for BookStack itself - bookstack: - # You should update the version here to match the latest - # release of BookStack: https://github.com/BookStackApp/BookStack/releases - # You'll change this when wanting to update the version of BookStack used. - image: lscr.io/linuxserver/bookstack:24.12.1 - container_name: bookstack + app: + image: lscr.io/linuxserver/bookstack:latest environment: - - PUID=1000 - - PGID=1000 - - TZ=Etc/UTC - # APP_URL must be set as the base URL you'd expect to access BookStack - # on via the browser. The default shown here is what you might use if accessing - # direct from the browser on the docker host, hence the use of the port as configured below. - - APP_URL=http://localhost:6875 - # APP_KEY must be a unique key. Generate your own by running - # docker run -it --rm --entrypoint /bin/bash lscr.io/linuxserver/bookstack:latest appkey - # You should keep the "base64:" part for the option value. - - APP_KEY=base64:3qjlIoUX4Tw6fUQgZcxMbz6lb8+dAzqpvItqHvahW1c= + PUID: 1000 + PGID: 1000 + APP_URL: https://bookstack.sectorq.eu + DB_HOST: db + DB_PORT: 3306 + DB_USER: bookstack + DB_PASS: l4c1j4yd33Du5lo + DB_DATABASE: bookstackapp + # # Set authentication method to be saml2 + # AUTH_METHOD: saml2 + # # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method. + # # Prevents the need for the user to click the "Login with x" button on the login page. + # # Setting this to true enables auto-initiation. + # AUTH_AUTO_INITIATE: false + # # Set the display name to be shown on the login button. + # # (Login with ) + # SAML2_NAME: authentik + # # Name of the attribute which provides the user's email address + # SAML2_EMAIL_ATTRIBUTE: email + # # Name of the attribute to use as an ID for the SAML user. + # SAML2_EXTERNAL_ID_ATTRIBUTE: uid + # # Enable SAML group sync. + # SAML2_USER_TO_GROUPS: true + # # Set the attribute from which BookStack will read groups names from. + # # You will need to rename your roles in Bookstack to match your groups in authentik. + # SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group + # # Name of the attribute(s) to use for the user's display name + # # Can have multiple attributes listed, separated with a '|' in which + # # case those values will be joined with a space. + # # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName + # # Defaults to the ID value if not found. + # ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname + # SAML2_DISPLAY_NAME_ATTRIBUTES: username - # The below database details are purposefully aligned with those - # configuted for the "mariadb" service below: - - DB_HOST=mariadb - - DB_PORT=3306 - - DB_DATABASE=bookstack - - DB_USERNAME=bookstack - - DB_PASSWORD=bookstack8432 + # # Identity Provider entityID URL + # SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download + + # # Auto-load metadata from the IDP + # # Setting this to true negates the need to specify the next three options + # SAML2_AUTOLOAD_METADATA: true + + + # Set OIDC to be the authentication method + AUTH_METHOD: oidc + #AUTH_METHOD: standard + # Control if BookStack automatically initiates login via your OIDC system + # if it's the only authentication method. Prevents the need for the + # user to click the "Login with x" button on the login page. + # Setting this to true enables auto-initiation. + AUTH_AUTO_INITIATE: false + + # Set the display name to be shown on the login button. + # (Login with ) + OIDC_NAME: SSO + + # Name of the claims(s) to use for the user's display name. + # Can have multiple attributes listed, separated with a '|' in which + # case those values will be joined with a space. + # Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name + OIDC_DISPLAY_NAME_CLAIMS: name + + # OAuth Client ID to access the identity provider + OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U + + # OAuth Client Secret to access the identity provider + OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8 + + # Issuer URL + # Must start with 'https://' + OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/ + + # The "end session" (RP-initiated logout) URL to call during BookStack logout. + # By default this is false which disables RP-initiated logout. + # Setting to "true" will enable logout if found as supported by auto-discovery. + # Otherwise, this can be set as a specific URL endpoint. + OIDC_END_SESSION_ENDPOINT: false + + # Enable auto-discovery of endpoints and token keys. + # As per the standard, expects the service to serve a + # `/.well-known/openid-configuration` endpoint. + OIDC_ISSUER_DISCOVER: true + + + + volumes: - # You generally only ever need to map this one volume. - # This maps it to a "bookstack_app_data" folder in the same - # directory as this compose config file. - /share/docker_data/bookstack/bookstack_app_data:/config ports: - # This exposes port 6875 for general web access. - # Commonly you'd have a reverse proxy in front of this, - # redirecting incoming requests to this port. - 6875:80 - restart: unless-stopped - - # The container for the database which BookStack will use to store - # most of its core data/content. - mariadb: - # You should update the version here to match the latest - # main version of the linuxserver mariadb container version: - # https://github.com/linuxserver/docker-mariadb/pkgs/container/mariadb/versions?filters%5Bversion_type%5D=tagged - image: lscr.io/linuxserver/mariadb:11.4.4 - container_name: mariadb + restart: always + depends_on: + - db + labels: + com.centurylinklabs.watchtower.enable: true + homepage.group: Utilities + homepage.name: Bookstack + homepage.weight: 1 + homepage.icon: bookstack.png + homepage.href: https://bookstack.sectorq.eu + homepage.description: Books + homepage.server: my-docker + homepage.container: bookstack-app-1 + # homepage.widget.type: ${APPNAME} + # homepage.widget.url: https://${APPNAME}.sectorq.eu + # homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666 + # homepage.widget.version: 2 + db: + image: lscr.io/linuxserver/mariadb environment: - - PUID=1000 - - PGID=1000 - - TZ=Etc/UTC - # You may want to change the credentials used below, - # but be aware the latter three options need to align - # with the DB_* options for the BookStack container. - - MYSQL_ROOT_PASSWORD=mysupersecretrootpassword - - MYSQL_DATABASE=bookstack - - MYSQL_USER=bookstack - - MYSQL_PASSWORD=bookstack8432 + PUID: 0 + PGID: 0 + MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo + TZ: Europe/Bratislava + MYSQL_DATABASE: bookstackapp + MYSQL_USER: bookstack + MYSQL_PASSWORD: l4c1j4yd33Du5lo + volumes: - # You generally only ever need to map this one volume. - # This maps it to a "bookstack_db_data" folder in the same - # directory as this compose config file. - /share/docker_data/bookstack/bookstack_db_data:/config - - # These ports are commented out as you don't really need this port - # exposed for normal use, mainly only if connecting direct the the - # database externally. Otherwise, this risks exposing access to the - # database when not needed. - # ports: - # - 3306:3306 - restart: unless-stopped \ No newline at end of file + restart: always