diff --git a/bookstack/docker-compose-saml.yml b/bookstack/docker-compose-saml.yml new file mode 100644 index 0000000..c4f33fe --- /dev/null +++ b/bookstack/docker-compose-saml.yml @@ -0,0 +1,88 @@ +--- +version: "2" +services: + app: + image: lscr.io/linuxserver/bookstack:latest + environment: + PUID: 1000 + PGID: 1000 + APP_URL: https://bookstack.sectorq.eu + DB_HOST: db + DB_PORT: 3306 + DB_USER: bookstack + DB_PASS: l4c1j4yd33Du5lo + DB_DATABASE: bookstackapp + # Set authentication method to be saml2 + AUTH_METHOD: saml2 + # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method. + # Prevents the need for the user to click the "Login with x" button on the login page. + # Setting this to true enables auto-initiation. + AUTH_AUTO_INITIATE: false + # Set the display name to be shown on the login button. + # (Login with ) + SAML2_NAME: authentik + # Name of the attribute which provides the user's email address + SAML2_EMAIL_ATTRIBUTE: email + # Name of the attribute to use as an ID for the SAML user. + SAML2_EXTERNAL_ID_ATTRIBUTE: uid + # Enable SAML group sync. + SAML2_USER_TO_GROUPS: true + # Set the attribute from which BookStack will read groups names from. + # You will need to rename your roles in Bookstack to match your groups in authentik. + SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group + # Name of the attribute(s) to use for the user's display name + # Can have multiple attributes listed, separated with a '|' in which + # case those values will be joined with a space. + # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName + # Defaults to the ID value if not found. + ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname + SAML2_DISPLAY_NAME_ATTRIBUTES: username + + # Identity Provider entityID URL + SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download + + # Auto-load metadata from the IDP + # Setting this to true negates the need to specify the next three options + SAML2_AUTOLOAD_METADATA: true + + + + + + + + volumes: + - /share/docker_data/bookstack/bookstack_app_data:/config + ports: + - 6875:80 + restart: always + depends_on: + - db + labels: + com.centurylinklabs.watchtower.enable: true + homepage.group: Utilities + homepage.name: Bookstack + homepage.weight: 1 + homepage.icon: bookstack.png + homepage.href: https://bookstack.sectorq.eu + homepage.description: Books + homepage.server: my-docker + homepage.container: bookstack-app-1 + # homepage.widget.type: ${APPNAME} + # homepage.widget.url: https://${APPNAME}.sectorq.eu + # homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666 + # homepage.widget.version: 2 + db: + image: lscr.io/linuxserver/mariadb + environment: + PUID: 0 + PGID: 0 + MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo + TZ: Europe/Bratislava + MYSQL_DATABASE: bookstackapp + MYSQL_USER: bookstack + MYSQL_PASSWORD: l4c1j4yd33Du5lo + + volumes: + - /share/docker_data/bookstack/bookstack_db_data:/config + restart: always diff --git a/bookstack/stack.env b/bookstack/stack.env new file mode 100644 index 0000000..96c4f98 --- /dev/null +++ b/bookstack/stack.env @@ -0,0 +1,86 @@ +PUID: 1000 +PGID: 1000 +APP_URL: https://bookstack.sectorq.eu +DB_HOST: db +DB_PORT: 3306 +DB_USER: bookstack +DB_PASS: l4c1j4yd33Du5lo +DB_DATABASE: bookstackapp +MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo +TZ: Europe/Bratislava +MYSQL_DATABASE: bookstackapp +MYSQL_USER: bookstack +MYSQL_PASSWORD: l4c1j4yd33Du5lo +# # Set authentication method to be saml2 +# AUTH_METHOD: saml2 +# # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method. +# # Prevents the need for the user to click the "Login with x" button on the login page. +# # Setting this to true enables auto-initiation. +# AUTH_AUTO_INITIATE: false +# # Set the display name to be shown on the login button. +# # (Login with ) +# SAML2_NAME: authentik +# # Name of the attribute which provides the user's email address +# SAML2_EMAIL_ATTRIBUTE: email +# # Name of the attribute to use as an ID for the SAML user. +# SAML2_EXTERNAL_ID_ATTRIBUTE: uid +# # Enable SAML group sync. +# SAML2_USER_TO_GROUPS: true +# # Set the attribute from which BookStack will read groups names from. +# # You will need to rename your roles in Bookstack to match your groups in authentik. +# SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group +# # Name of the attribute(s) to use for the user's display name +# # Can have multiple attributes listed, separated with a '|' in which +# # case those values will be joined with a space. +# # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName +# # Defaults to the ID value if not found. +# ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname +# SAML2_DISPLAY_NAME_ATTRIBUTES: username + +# # Identity Provider entityID URL +# SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download + +# # Auto-load metadata from the IDP +# # Setting this to true negates the need to specify the next three options +# SAML2_AUTOLOAD_METADATA: true + + +# Set OIDC to be the authentication method +AUTH_METHOD: oidc +#AUTH_METHOD: standard +# Control if BookStack automatically initiates login via your OIDC system +# if it's the only authentication method. Prevents the need for the +# user to click the "Login with x" button on the login page. +# Setting this to true enables auto-initiation. +AUTH_AUTO_INITIATE: true + +# Set the display name to be shown on the login button. +# (Login with ) +OIDC_NAME: SSO + +# Name of the claims(s) to use for the user's display name. +# Can have multiple attributes listed, separated with a '|' in which +# case those values will be joined with a space. +# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name +OIDC_DISPLAY_NAME_CLAIMS: name + +# OAuth Client ID to access the identity provider +OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U + +# OAuth Client Secret to access the identity provider +OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8 + +# Issuer URL +# Must start with 'https://' +OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/ + +# The "end session" (RP-initiated logout) URL to call during BookStack logout. +# By default this is false which disables RP-initiated logout. +# Setting to "true" will enable logout if found as supported by auto-discovery. +# Otherwise, this can be set as a specific URL endpoint. +OIDC_END_SESSION_ENDPOINT: false + +# Enable auto-discovery of endpoints and token keys. +# As per the standard, expects the service to serve a +# `/.well-known/openid-configuration` endpoint. +OIDC_ISSUER_DISCOVER: true \ No newline at end of file