mirror of
https://gitlab.sectorq.eu/home/docker-compose.git
synced 2025-10-29 09:40:07 +01:00
alias
This commit is contained in:
88
bookstack/docker-compose-saml.yml
Normal file
88
bookstack/docker-compose-saml.yml
Normal file
@@ -0,0 +1,88 @@
|
||||
---
|
||||
version: "2"
|
||||
services:
|
||||
app:
|
||||
image: lscr.io/linuxserver/bookstack:latest
|
||||
environment:
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
APP_URL: https://bookstack.sectorq.eu
|
||||
DB_HOST: db
|
||||
DB_PORT: 3306
|
||||
DB_USER: bookstack
|
||||
DB_PASS: l4c1j4yd33Du5lo
|
||||
DB_DATABASE: bookstackapp
|
||||
# Set authentication method to be saml2
|
||||
AUTH_METHOD: saml2
|
||||
# Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
|
||||
# Prevents the need for the user to click the "Login with x" button on the login page.
|
||||
# Setting this to true enables auto-initiation.
|
||||
AUTH_AUTO_INITIATE: false
|
||||
# Set the display name to be shown on the login button.
|
||||
# (Login with <name>)
|
||||
SAML2_NAME: authentik
|
||||
# Name of the attribute which provides the user's email address
|
||||
SAML2_EMAIL_ATTRIBUTE: email
|
||||
# Name of the attribute to use as an ID for the SAML user.
|
||||
SAML2_EXTERNAL_ID_ATTRIBUTE: uid
|
||||
# Enable SAML group sync.
|
||||
SAML2_USER_TO_GROUPS: true
|
||||
# Set the attribute from which BookStack will read groups names from.
|
||||
# You will need to rename your roles in Bookstack to match your groups in authentik.
|
||||
SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
|
||||
# Name of the attribute(s) to use for the user's display name
|
||||
# Can have multiple attributes listed, separated with a '|' in which
|
||||
# case those values will be joined with a space.
|
||||
# Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
|
||||
# Defaults to the ID value if not found.
|
||||
######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
|
||||
SAML2_DISPLAY_NAME_ATTRIBUTES: username
|
||||
|
||||
# Identity Provider entityID URL
|
||||
SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
|
||||
|
||||
# Auto-load metadata from the IDP
|
||||
# Setting this to true negates the need to specify the next three options
|
||||
SAML2_AUTOLOAD_METADATA: true
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
volumes:
|
||||
- /share/docker_data/bookstack/bookstack_app_data:/config
|
||||
ports:
|
||||
- 6875:80
|
||||
restart: always
|
||||
depends_on:
|
||||
- db
|
||||
labels:
|
||||
com.centurylinklabs.watchtower.enable: true
|
||||
homepage.group: Utilities
|
||||
homepage.name: Bookstack
|
||||
homepage.weight: 1
|
||||
homepage.icon: bookstack.png
|
||||
homepage.href: https://bookstack.sectorq.eu
|
||||
homepage.description: Books
|
||||
homepage.server: my-docker
|
||||
homepage.container: bookstack-app-1
|
||||
# homepage.widget.type: ${APPNAME}
|
||||
# homepage.widget.url: https://${APPNAME}.sectorq.eu
|
||||
# homepage.widget.key: ddfc91b29920082636da70cc677aec74c88a7666
|
||||
# homepage.widget.version: 2
|
||||
db:
|
||||
image: lscr.io/linuxserver/mariadb
|
||||
environment:
|
||||
PUID: 0
|
||||
PGID: 0
|
||||
MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
|
||||
TZ: Europe/Bratislava
|
||||
MYSQL_DATABASE: bookstackapp
|
||||
MYSQL_USER: bookstack
|
||||
MYSQL_PASSWORD: l4c1j4yd33Du5lo
|
||||
|
||||
volumes:
|
||||
- /share/docker_data/bookstack/bookstack_db_data:/config
|
||||
restart: always
|
||||
86
bookstack/stack.env
Normal file
86
bookstack/stack.env
Normal file
@@ -0,0 +1,86 @@
|
||||
PUID: 1000
|
||||
PGID: 1000
|
||||
APP_URL: https://bookstack.sectorq.eu
|
||||
DB_HOST: db
|
||||
DB_PORT: 3306
|
||||
DB_USER: bookstack
|
||||
DB_PASS: l4c1j4yd33Du5lo
|
||||
DB_DATABASE: bookstackapp
|
||||
MYSQL_ROOT_PASSWORD: l4c1j4yd33Du5lo
|
||||
TZ: Europe/Bratislava
|
||||
MYSQL_DATABASE: bookstackapp
|
||||
MYSQL_USER: bookstack
|
||||
MYSQL_PASSWORD: l4c1j4yd33Du5lo
|
||||
# # Set authentication method to be saml2
|
||||
# AUTH_METHOD: saml2
|
||||
# # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
|
||||
# # Prevents the need for the user to click the "Login with x" button on the login page.
|
||||
# # Setting this to true enables auto-initiation.
|
||||
# AUTH_AUTO_INITIATE: false
|
||||
# # Set the display name to be shown on the login button.
|
||||
# # (Login with <name>)
|
||||
# SAML2_NAME: authentik
|
||||
# # Name of the attribute which provides the user's email address
|
||||
# SAML2_EMAIL_ATTRIBUTE: email
|
||||
# # Name of the attribute to use as an ID for the SAML user.
|
||||
# SAML2_EXTERNAL_ID_ATTRIBUTE: uid
|
||||
# # Enable SAML group sync.
|
||||
# SAML2_USER_TO_GROUPS: true
|
||||
# # Set the attribute from which BookStack will read groups names from.
|
||||
# # You will need to rename your roles in Bookstack to match your groups in authentik.
|
||||
# SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
|
||||
# # Name of the attribute(s) to use for the user's display name
|
||||
# # Can have multiple attributes listed, separated with a '|' in which
|
||||
# # case those values will be joined with a space.
|
||||
# # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
|
||||
# # Defaults to the ID value if not found.
|
||||
# ######SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
|
||||
# SAML2_DISPLAY_NAME_ATTRIBUTES: username
|
||||
|
||||
# # Identity Provider entityID URL
|
||||
# SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
|
||||
|
||||
# # Auto-load metadata from the IDP
|
||||
# # Setting this to true negates the need to specify the next three options
|
||||
# SAML2_AUTOLOAD_METADATA: true
|
||||
|
||||
|
||||
# Set OIDC to be the authentication method
|
||||
AUTH_METHOD: oidc
|
||||
#AUTH_METHOD: standard
|
||||
# Control if BookStack automatically initiates login via your OIDC system
|
||||
# if it's the only authentication method. Prevents the need for the
|
||||
# user to click the "Login with x" button on the login page.
|
||||
# Setting this to true enables auto-initiation.
|
||||
AUTH_AUTO_INITIATE: true
|
||||
|
||||
# Set the display name to be shown on the login button.
|
||||
# (Login with <name>)
|
||||
OIDC_NAME: SSO
|
||||
|
||||
# Name of the claims(s) to use for the user's display name.
|
||||
# Can have multiple attributes listed, separated with a '|' in which
|
||||
# case those values will be joined with a space.
|
||||
# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
|
||||
OIDC_DISPLAY_NAME_CLAIMS: name
|
||||
|
||||
# OAuth Client ID to access the identity provider
|
||||
OIDC_CLIENT_ID: GCPj547vTmEpmsCM8jkuR222SS31yZMdp7oAU82U
|
||||
|
||||
# OAuth Client Secret to access the identity provider
|
||||
OIDC_CLIENT_SECRET: Nador7SOdsYgfNhRwbeRKLNPkPiASBAlTnKVi294xbOz8MM3e2RlzAaWQsQNZmBtLLZVifb1TG3OpKrVXeeW3Vu8HmJuvy8GwSAT2r0pP0241tDdEShq7UkP9G5Esdt8
|
||||
|
||||
# Issuer URL
|
||||
# Must start with 'https://'
|
||||
OIDC_ISSUER: https://auth.sectorq.eu/application/o/bookstack/
|
||||
|
||||
# The "end session" (RP-initiated logout) URL to call during BookStack logout.
|
||||
# By default this is false which disables RP-initiated logout.
|
||||
# Setting to "true" will enable logout if found as supported by auto-discovery.
|
||||
# Otherwise, this can be set as a specific URL endpoint.
|
||||
OIDC_END_SESSION_ENDPOINT: false
|
||||
|
||||
# Enable auto-discovery of endpoints and token keys.
|
||||
# As per the standard, expects the service to serve a
|
||||
# `<issuer>/.well-known/openid-configuration` endpoint.
|
||||
OIDC_ISSUER_DISCOVER: true
|
||||
Reference in New Issue
Block a user