- Add LDAP config example, remove extra text.

Thanks to xet7 !

docker-compose.yml

@@ -90,11 +90,11 @@ services:
   wekandb:
     #-------------------------------------------------------------------------------------
     # ==== MONGODB AND METEOR VERSION ====
-    # a) CURRENTLY BROKEN: For Wekan Meteor 1.8.x version at meteor-1.8 branch, use mongo 4.x
-    # image: mongo:4.0.4
+    # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch, use mongo 4.x
+    image: mongo:4.0.4
     # b) For Wekan Meteor 1.6.x version at master/devel/edge branches.
     # Only for Snap and Sandstorm while they are not upgraded yet to Meteor 1.8.x
-    image: mongo:3.2.21
+    #image: mongo:3.2.21
     #-------------------------------------------------------------------------------------
     container_name: wekan-db
     restart: always
@@ -110,12 +110,12 @@ services:
   wekan:
     #-------------------------------------------------------------------------------------
     # ==== MONGODB AND METEOR VERSION ====
-    # a) CURRENTLY BROKEN: For Wekan Meteor 1.8.x version at meteor-1.8 branch,
+    # a) For Wekan Meteor 1.8.x version at meteor-1.8 branch,
     #    using https://quay.io/wekan/wekan automatic builds
-    # image: quay.io/wekan/wekan:meteor-1.8
+    image: quay.io/wekan/wekan:meteor-1.8
     # b) For Wekan Meteor 1.6.x version at master/devel/edge branches.
     # Only for Snap and Sandstorm while they are not upgraded yet to Meteor 1.8.x
-    image: quay.io/wekan/wekan
+    #image: quay.io/wekan/wekan
     # c) Using specific Meteor 1.6.x version tag:
     # image: quay.io/wekan/wekan:v1.95
     # c) Using Docker Hub automatic builds https://hub.docker.com/r/wekanteam/wekan
@@ -169,8 +169,9 @@ services:
       #   For SSL in email, change smtp:// to smtps://
       # NOTE: Special characters need to be url-encoded in MAIL_URL.
       #       You can encode those characters for example at: https://www.urlencoder.org
-      - MAIL_URL=smtp://user:pass@mailserver.example.com:25/
-      - MAIL_FROM='Example Wekan Support <support@example.com>'
+      #- MAIL_URL=smtp://user:pass@mailserver.example.com:25/
+      - MAIL_URL='smtp://<mail_url>:25/?ignoreTLS=true&tls={rejectUnauthorized:false}'
+      - MAIL_FROM='Wekan Notifications <noreply.wekan@mydomain.com>'
       #---------------------------------------------------------------
       # ==== OPTIONAL: MONGO OPLOG SETTINGS =====
       # https://github.com/wekan/wekan-mongodb/issues/2#issuecomment-378343587
@@ -332,191 +333,137 @@ services:
       # OAuth2 Email Mapping
       #- OAUTH2_EMAIL_MAP=
       #-----------------------------------------------------------------
-      # ==== LDAP ====
+      # ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ====
       # https://github.com/wekan/wekan/wiki/LDAP
       # For Snap settings see https://github.com/wekan/wekan-snap/wiki/Supported-settings-keys
       # Most settings work both on Snap and Docker below.
       # Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
       #
-      # DEFAULT_AUTHENTICATION_METHOD : The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap.
-      # example : DEFAULT_AUTHENTICATION_METHOD=ldap
-      #- DEFAULT_AUTHENTICATION_METHOD=
+      # The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap.
+      #- DEFAULT_AUTHENTICATION_METHOD=ldap
       #
-      # LDAP_ENABLE : Enable or not the connection by the LDAP
-      # example : LDAP_ENABLE=true
-      #- LDAP_ENABLE=false
+      # Enable or not the connection by the LDAP
+      #- LDAP_ENABLE=true
       #
-      # LDAP_PORT : The port of the LDAP server
-      # example : LDAP_PORT=389
+      # The port of the LDAP server
       #- LDAP_PORT=389
       #
-      # LDAP_HOST : The host server for the LDAP server
-      # example : LDAP_HOST=localhost
-      #- LDAP_HOST=
+      # The host server for the LDAP server
+      #- LDAP_HOST=localhost
       #
-      # LDAP_BASEDN : The base DN for the LDAP Tree
-      # example : LDAP_BASEDN=ou=user,dc=example,dc=org
-      #- LDAP_BASEDN=
+      # The base DN for the LDAP Tree
+      #- LDAP_BASEDN=ou=user,dc=example,dc=org
       #
-      # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
-      # example : LDAP_LOGIN_FALLBACK=true
+      # Fallback on the default authentication method
       #- LDAP_LOGIN_FALLBACK=false
       #
-      # LDAP_RECONNECT : Reconnect to the server if the connection is lost
-      # example : LDAP_RECONNECT=false
+      # Reconnect to the server if the connection is lost
       #- LDAP_RECONNECT=true
       #
-      # LDAP_TIMEOUT : Overall timeout, in milliseconds
-      # example : LDAP_TIMEOUT=12345
+      # Overall timeout, in milliseconds
       #- LDAP_TIMEOUT=10000
       #
-      # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
-      # example : LDAP_IDLE_TIMEOUT=12345
+      # Specifies the timeout for idle LDAP connections in milliseconds
       #- LDAP_IDLE_TIMEOUT=10000
       #
-      # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
-      # example : LDAP_CONNECT_TIMEOUT=12345
+      # Connection timeout, in milliseconds
       #- LDAP_CONNECT_TIMEOUT=10000
       #
-      # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
-      # example : LDAP_AUTHENTIFICATION=true
-      #- LDAP_AUTHENTIFICATION=false
+      # If the LDAP needs a user account to search
+      #- LDAP_AUTHENTIFICATION=true
       #
-      # LDAP_AUTHENTIFICATION_USERDN : The search user DN
-      # example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
-      #- LDAP_AUTHENTIFICATION_USERDN=
+      # The search user DN
+      #- LDAP_AUTHENTIFICATION_USERDN=cn=wekan_adm,ou=serviceaccounts,ou=admin,ou=prod,dc=mydomain,dc=com
       #
-      # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
-      # example : AUTHENTIFICATION_PASSWORD=admin
-      #- LDAP_AUTHENTIFICATION_PASSWORD=
+      # The password for the search user
+      #- LDAP_AUTHENTIFICATION_PASSWORD=pwd
       #
-      # LDAP_LOG_ENABLED : Enable logs for the module
-      # example : LDAP_LOG_ENABLED=true
-      #- LDAP_LOG_ENABLED=false
+      # Enable logs for the module
+      #- LDAP_LOG_ENABLED=true
       #
-      # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
-      # example : LDAP_BACKGROUND_SYNC=true
+      # If the sync of the users should be done in the background
       #- LDAP_BACKGROUND_SYNC=false
       #
-      # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
-      # example : LDAP_BACKGROUND_SYNC_INTERVAL=12345
+      # At which interval does the background task sync in milliseconds
       #- LDAP_BACKGROUND_SYNC_INTERVAL=100
       #
-      # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
-      # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
       #- LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
       #
-      # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
-      # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
       #- LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
       #
-      # LDAP_ENCRYPTION : If using LDAPS
-      # example : LDAP_ENCRYPTION=ssl
+      # If using LDAPS: LDAP_ENCRYPTION=ssl
       #- LDAP_ENCRYPTION=false
       #
-      # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
-      # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
-      #- LDAP_CA_CERT=
+      # The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
+      #- LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+G2FIdAgIC...-----END CERTIFICATE-----
       #
-      # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
-      # example : LDAP_REJECT_UNAUTHORIZED=true
+      # Reject Unauthorized Certificate
       #- LDAP_REJECT_UNAUTHORIZED=false
       #
-      # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
-      # example : LDAP_USER_SEARCH_FILTER=
+      # Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
       #- LDAP_USER_SEARCH_FILTER=
       #
-      # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
-      # example : LDAP_USER_SEARCH_SCOPE=one
-      #- LDAP_USER_SEARCH_SCOPE=
+      # base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
+      #- LDAP_USER_SEARCH_SCOPE=one
       #
-      # LDAP_USER_SEARCH_FIELD : Which field is used to find the user
-      # example : LDAP_USER_SEARCH_FIELD=uid
-      #- LDAP_USER_SEARCH_FIELD=
+      # Which field is used to find the user, like uid / sAMAccountName
+      #- LDAP_USER_SEARCH_FIELD=sAMAccountName
       #
-      # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
-      # example : LDAP_SEARCH_PAGE_SIZE=12345
+      # Used for pagination (0=unlimited)
       #- LDAP_SEARCH_PAGE_SIZE=0
       #
-      # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
-      # example : LDAP_SEARCH_SIZE_LIMIT=12345
+      # The limit number of entries (0=unlimited)
       #- LDAP_SEARCH_SIZE_LIMIT=0
       #
-      # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
-      # example : LDAP_GROUP_FILTER_ENABLE=true
+      # Enable group filtering
       #- LDAP_GROUP_FILTER_ENABLE=false
       #
-      # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
-      # example : LDAP_GROUP_FILTER_OBJECTCLASS=group
+      # The object class for filtering. Example: group
       #- LDAP_GROUP_FILTER_OBJECTCLASS=
       #
-      # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
-      # example :
       #- LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
       #
-      # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
-      # example :
       #- LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
       #
-      # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
-      # example :
       #- LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
       #
-      # LDAP_GROUP_FILTER_GROUP_NAME :
-      # example :
       #- LDAP_GROUP_FILTER_GROUP_NAME=
       #
-      # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
-      # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid
+      # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier). Example: guid
       #- LDAP_UNIQUE_IDENTIFIER_FIELD=
       #
       # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
-      # example : LDAP_UTF8_NAMES_SLUGIFY=false
       #- LDAP_UTF8_NAMES_SLUGIFY=true
       #
-      # LDAP_USERNAME_FIELD : Which field contains the ldap username
-      # example : LDAP_USERNAME_FIELD=username
-      #- LDAP_USERNAME_FIELD=
+      # LDAP_USERNAME_FIELD : Which field contains the ldap username. username / sAMAccountName
+      #- LDAP_USERNAME_FIELD=sAMAccountName
       #
-      # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
-      # example : LDAP_FULLNAME_FIELD=fullname
-      #- LDAP_FULLNAME_FIELD=
+      # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname. fullname / sAMAccountName
+      #- LDAP_FULLNAME_FIELD=fullname
       #
-      # LDAP_MERGE_EXISTING_USERS :
-      # example : LDAP_MERGE_EXISTING_USERS=true
       #- LDAP_MERGE_EXISTING_USERS=false
       #
-      # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
-      # example: LDAP_EMAIL_MATCH_ENABLE=true
-      #- LDAP_EMAIL_MATCH_ENABLE=false
+      # Allow existing account matching by e-mail address when username does not match
+      #- LDAP_EMAIL_MATCH_ENABLE=true
       #
       # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
-      # example: LDAP_EMAIL_MATCH_REQUIRE=true
-      #- LDAP_EMAIL_MATCH_REQUIRE=false
+      #- LDAP_EMAIL_MATCH_REQUIRE=true
       #
       # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
-      # example: LDAP_EMAIL_MATCH_VERIFIED=true
-      #- LDAP_EMAIL_MATCH_VERIFIED=false
+      #- LDAP_EMAIL_MATCH_VERIFIED=true
       #
       # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
-      # example: LDAP_EMAIL_FIELD=mail
-      #- LDAP_EMAIL_FIELD=
+      #- LDAP_EMAIL_FIELD=mail
       #-----------------------------------------------------------------
-      # LDAP_SYNC_USER_DATA :
-      # example : LDAP_SYNC_USER_DATA=true
       #- LDAP_SYNC_USER_DATA=false
       #
-      # LDAP_SYNC_USER_DATA_FIELDMAP :
-      # example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
-      #- LDAP_SYNC_USER_DATA_FIELDMAP=
+      #- LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
       #
-      # LDAP_SYNC_GROUP_ROLES :
-      # example :
-      #- LDAP_SYNC_GROUP_ROLES=
+      #- LDAP_SYNC_GROUP_ROLES=''
       #
-      # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
+      # The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
       # example :
-      #- LDAP_DEFAULT_DOMAIN=
+      #- LDAP_DEFAULT_DOMAIN=mydomain.com
       #
       # Enable/Disable syncing of admin status based on ldap groups:
       #- LDAP_SYNC_ADMIN_STATUS=true
@@ -591,9 +538,15 @@ services:
 #      - 80:80
 #      - 443:443
 #    volumes:
-#      - ./nginx/ssl:/etc/nginx/ssl/
-#      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
-
+#      - ./nginx/ssl:/etc/nginx/ssl/:ro
+#      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+## Alternative volume config:
+##   volumes:
+##     - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+##     - ./nginx/ssl/ssl.conf:/etc/nginx/conf.d/ssl/ssl.conf:ro
+##     - ./nginx/ssl/testvm-ehu.crt:/etc/nginx/conf.d/ssl/certs/mycert.crt:ro
+##     - ./nginx/ssl/testvm-ehu.key:/etc/nginx/conf.d/ssl/certs/mykey.key:ro
+##     - ./nginx/ssl/pphrase:/etc/nginx/conf.d/ssl/pphrase:ro
 
 volumes:
   wekan-db: