diff --git a/Dockerfile b/Dockerfile index 96749eb0d..966e0e1d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -69,6 +69,7 @@ ARG LOGOUT_WITH_TIMER ARG LOGOUT_IN ARG LOGOUT_ON_HOURS ARG LOGOUT_ON_MINUTES +ARG CORS # Set the environment variables (defaults where required) # DOES NOT WORK: paxctl fix for alpine linux: https://github.com/wekan/wekan/issues/1303 @@ -140,7 +141,8 @@ ENV BUILD_DEPS="apt-utils bsdtar gnupg gosu wget curl bzip2 build-essential pyth LOGOUT_WITH_TIMER="false" \ LOGOUT_IN="" \ LOGOUT_ON_HOURS="" \ - LOGOUT_ON_MINUTES="" + LOGOUT_ON_MINUTES="" \ + CORS="" # Copy the app to the image COPY ${SRC_PATH} /home/wekan/app diff --git a/docker-compose-build.yml b/docker-compose-build.yml index 58c5c5251..a3ee2bd64 100644 --- a/docker-compose-build.yml +++ b/docker-compose-build.yml @@ -45,6 +45,8 @@ services: # Wekan Export Board works when WITH_API=true. # If you disable Wekan API with false, Export Board does not work. - WITH_API=true + # CORS: Set Access-Control-Allow-Origin header. Example: * + #- CORS=* # Optional: Integration with Matomo https://matomo.org that is installed to your server # The address of the server where Matomo is hosted. # example: - MATOMO_ADDRESS=https://example.com/matomo @@ -209,6 +211,18 @@ services: # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #- LDAP_DEFAULT_DOMAIN= + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #- LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #- LOGOUT_IN= + # LOGOUT_ON_HOURS : The number of hours + # example : LOGOUT_ON_HOURS=9 + #- LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #- LOGOUT_ON_MINUTES= depends_on: - wekandb diff --git a/docker-compose-postgresql.yml b/docker-compose-postgresql.yml index c88444080..ab15d978c 100644 --- a/docker-compose-postgresql.yml +++ b/docker-compose-postgresql.yml @@ -67,6 +67,8 @@ services: # Wekan Export Board works when WITH_API='true'. # If you disable Wekan API, Export Board does not work. - WITH_API=true + # CORS: Set Access-Control-Allow-Origin header. Example: * + #- CORS=* # Optional: Integration with Matomo https://matomo.org that is installed to your server # The address of the server where Matomo is hosted. # example: - MATOMO_ADDRESS=https://example.com/matomo @@ -231,7 +233,18 @@ services: # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #- LDAP_DEFAULT_DOMAIN= - + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #- LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #- LOGOUT_IN= + # LOGOUT_ON_HOURS : The number of hours + # example : LOGOUT_ON_HOURS=9 + #- LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #- LOGOUT_ON_MINUTES= depends_on: - mongodb diff --git a/docker-compose.yml b/docker-compose.yml index 5054e1358..0cb58cffe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,6 +34,8 @@ services: # Wekan Export Board works when WITH_API=true. # If you disable Wekan API with false, Export Board does not work. - WITH_API=true + # CORS: Set Access-Control-Allow-Origin header. Example: * + #- CORS=* # Optional: Integration with Matomo https://matomo.org that is installed to your server # The address of the server where Matomo is hosted. # example: - MATOMO_ADDRESS=https://example.com/matomo diff --git a/releases/virtualbox/start-wekan.sh b/releases/virtualbox/start-wekan.sh index 388e30667..2aec8004e 100755 --- a/releases/virtualbox/start-wekan.sh +++ b/releases/virtualbox/start-wekan.sh @@ -22,6 +22,9 @@ # If you disable Wekan API, Export Board does not work. export WITH_API='true' #--------------------------------------------- + # CORS: Set Access-Control-Allow-Origin header. Example: * + #- CORS=* + #--------------------------------------------- ## Optional: Integration with Matomo https://matomo.org that is installed to your server ## The address of the server where Matomo is hosted: ##export MATOMO_ADDRESS=https://example.com/matomo @@ -187,6 +190,17 @@ # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #export LDAP_DEFAULT_DOMAIN= + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #- LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #- LOGOUT_IN= + #- LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #- LOGOUT_ON_MINUTES= + node main.js & >> ~/repos/wekan.log cd ~/repos #done diff --git a/server/cors.js b/server/cors.js new file mode 100644 index 000000000..80369a83d --- /dev/null +++ b/server/cors.js @@ -0,0 +1,11 @@ +Meteor.startup(() => { + + if ( process.env.CORS ) { + // Listen to incoming HTTP requests, can only be used on the server + WebApp.rawConnectHandlers.use(function(req, res, next) { + res.setHeader('Access-Control-Allow-Origin', process.env.CORS); + return next(); + }); + } + +}); diff --git a/snap-src/bin/config b/snap-src/bin/config index 4aa12475d..ac39e71ce 100755 --- a/snap-src/bin/config +++ b/snap-src/bin/config @@ -3,7 +3,7 @@ # All supported keys are defined here together with descriptions and default values # list of supported keys -keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES" +keys="MONGODB_BIND_UNIX_SOCKET MONGODB_BIND_IP MONGODB_PORT MAIL_URL MAIL_FROM ROOT_URL PORT DISABLE_MONGODB CADDY_ENABLED CADDY_BIND_PORT WITH_API CORS MATOMO_ADDRESS MATOMO_SITE_ID MATOMO_DO_NOT_TRACK MATOMO_WITH_USERNAME BROWSER_POLICY_ENABLED TRUSTED_URL WEBHOOKS_ATTRIBUTES OAUTH2_ENABLED OAUTH2_CLIENT_ID OAUTH2_SECRET OAUTH2_SERVER_URL OAUTH2_AUTH_ENDPOINT OAUTH2_USERINFO_ENDPOINT OAUTH2_TOKEN_ENDPOINT LDAP_ENABLE LDAP_PORT LDAP_HOST LDAP_BASEDN LDAP_LOGIN_FALLBACK LDAP_RECONNECT LDAP_TIMEOUT LDAP_IDLE_TIMEOUT LDAP_CONNECT_TIMEOUT LDAP_AUTHENTIFICATION LDAP_AUTHENTIFICATION_USERDN LDAP_AUTHENTIFICATION_PASSWORD LDAP_LOG_ENABLED LDAP_BACKGROUND_SYNC LDAP_BACKGROUND_SYNC_INTERVAL LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS LDAP_ENCRYPTION LDAP_CA_CERT LDAP_REJECT_UNAUTHORIZED LDAP_USER_SEARCH_FILTER LDAP_USER_SEARCH_SCOPE LDAP_USER_SEARCH_FIELD LDAP_SEARCH_PAGE_SIZE LDAP_SEARCH_SIZE_LIMIT LDAP_GROUP_FILTER_ENABLE LDAP_GROUP_FILTER_OBJECTCLASS LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT LDAP_GROUP_FILTER_GROUP_NAME LDAP_UNIQUE_IDENTIFIER_FIELD LDAP_UTF8_NAMES_SLUGIFY LDAP_USERNAME_FIELD LDAP_FULLNAME_FIELD LDAP_MERGE_EXISTING_USERS LDAP_SYNC_USER_DATA LDAP_SYNC_USER_DATA_FIELDMAP LDAP_SYNC_GROUP_ROLES LDAP_DEFAULT_DOMAIN LOGOUT_WITH_TIMER, LOGOUT_IN, LOGOUT_ON_HOURS, LOGOUT_ON_MINUTES" # default values DESCRIPTION_MONGODB_BIND_UNIX_SOCKET="mongodb binding unix socket:\n"\ @@ -52,6 +52,10 @@ DESCRIPTION_WITH_API="Enable/disable the api of wekan" DEFAULT_WITH_API="true" KEY_WITH_API="with-api" +DESCRIPTION_CORS="Enable/disable CORS: Set Access-Control-Allow-Origin header. Example: *" +DEFAULT_CORS="" +KEY_CORS="cors" + DESCRIPTION_MATOMO_ADDRESS="The address of the server where matomo is hosted" DEFAULT_MATOMO_ADDRESS="" KEY_MATOMO_ADDRESS="matomo-address" diff --git a/snap-src/bin/wekan-help b/snap-src/bin/wekan-help index 4bd7c2779..804f9ad6b 100755 --- a/snap-src/bin/wekan-help +++ b/snap-src/bin/wekan-help @@ -33,6 +33,11 @@ echo -e "\t$ snap set $SNAP_NAME WITH_API='true'" echo -e "\t-Disable the API:" echo -e "\t$ snap set $SNAP_NAME WITH_API='false'" echo -e "\n" +echo -e "To enable the CORS of wekan, to set Access-Control-Allow-Origin header:" +echo -e "\t$ snap set $SNAP_NAME CORS='*'" +echo -e "\t-Disable the CORS:" +echo -e "\t$ snap set $SNAP_NAME CORS=''" +echo -e "\n" echo -e "Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside." echo -e "\t\t Setting this to false is not recommended, it also disables all other browser policy protections" echo -e "\t\t and allows all iframing etc. See wekan/server/policy.js" diff --git a/start-wekan.bat b/start-wekan.bat index 3b1e8e770..fee3e18a9 100644 --- a/start-wekan.bat +++ b/start-wekan.bat @@ -4,175 +4,245 @@ SET MAIL_URL=smtp://user:pass@mailserver.example.com:25/ SET MAIL_FROM=admin@example.com SET PORT=2000 -REM If you disable Wekan API with false, Export Board does not work. +REM # If you disable Wekan API with false, Export Board does not work. SET WITH_API=true -REM Optional: Integration with Matomo https://matomo.org that is installed to your server -REM The address of the server where Matomo is hosted. -REM example: - MATOMO_ADDRESS=https://example.com/matomo +REM # Optional: Integration with Matomo https://matomo.org that is installed to your server +REM # The address of the server where Matomo is hosted. +REM # example: - MATOMO_ADDRESS=https://example.com/matomo REM SET MATOMO_ADDRESS= -REM The value of the site ID given in Matomo server for Wekan -REM example: - MATOMO_SITE_ID=12345 + +REM # The value of the site ID given in Matomo server for Wekan +REM # example: - MATOMO_SITE_ID=12345 REM SET MATOMO_SITE_ID= -REM The option do not track which enables users to not be tracked by matomo -REM example: - MATOMO_DO_NOT_TRACK=false + +REM # The option do not track which enables users to not be tracked by matomo +REM # example: - MATOMO_DO_NOT_TRACK=false REM SET MATOMO_DO_NOT_TRACK= -REM The option that allows matomo to retrieve the username: -REM example: MATOMO_WITH_USERNAME=true + +REM # The option that allows matomo to retrieve the username: +REM # example: MATOMO_WITH_USERNAME=true REM SET MATOMO_WITH_USERNAME=false -REM Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. -REM Setting this to false is not recommended, it also disables all other browser policy protections -REM and allows all iframing etc. See wekan/server/policy.js +REM # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. +REM # Setting this to false is not recommended, it also disables all other browser policy protections +REM # and allows all iframing etc. See wekan/server/policy.js SET BROWSER_POLICY_ENABLED=true -REM When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. + +REM # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. REM SET TRUSTED_URL= -REM What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . -REM example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId +REM # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . +REM # example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId REM SET WEBHOOKS_ATTRIBUTES= -REM Enable the OAuth2 connection -REM example: OAUTH2_ENABLED=true +REM ------------------------------------------------------------ + +REM # Enable the OAuth2 connection +REM # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 +REM # example: OAUTH2_ENABLED=true REM SET OAUTH2_ENABLED=false -REM OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 -REM OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 -REM example: OAUTH2_CLIENT_ID=abcde12345 + +REM # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 +REM # example: OAUTH2_CLIENT_ID=abcde12345 REM SET OAUTH2_CLIENT_ID= -REM OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde -REM example: OAUTH2_SECRET=54321abcde + +REM # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde +REM # example: OAUTH2_SECRET=54321abcde REM SET OAUTH2_SECRET= -REM OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com -REM example: OAUTH2_SERVER_URL=https://chat.example.com + +REM # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com +REM # example: OAUTH2_SERVER_URL=https://chat.example.com REM SET OAUTH2_SERVER_URL= -REM OAuth2 Authorization Endpoint. Example: /oauth/authorize -REM example: OAUTH2_AUTH_ENDPOINT=/oauth/authorize + +REM # OAuth2 Authorization Endpoint. Example: /oauth/authorize +REM # example: OAUTH2_AUTH_ENDPOINT=/oauth/authorize REM SET OAUTH2_AUTH_ENDPOINT= -REM OAuth2 Userinfo Endpoint. Example: /oauth/userinfo -REM example: OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo + +REM # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo +REM # example: OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo REM SET OAUTH2_USERINFO_ENDPOINT= -REM OAuth2 Token Endpoint. Example: /oauth/token -REM example: OAUTH2_TOKEN_ENDPOINT=/oauth/token + +REM # OAuth2 Token Endpoint. Example: /oauth/token +REM # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token REM SET OAUTH2_TOKEN_ENDPOINT= -REM LDAP_ENABLE : Enable or not the connection by the LDAP -REM example : LDAP_ENABLE=true +REM ------------------------------------------------------------ + +REM # LDAP_ENABLE : Enable or not the connection by the LDAP +REM # example : LDAP_ENABLE=true REM SET LDAP_ENABLE=false -REM LDAP_PORT : The port of the LDAP server -REM example : LDAP_PORT=389 + +REM # LDAP_PORT : The port of the LDAP server +REM # example : LDAP_PORT=389 REM SET LDAP_PORT=389 -REM LDAP_HOST : The host server for the LDAP server -REM example : LDAP_HOST=localhost + +REM # LDAP_HOST : The host server for the LDAP server +REM # example : LDAP_HOST=localhost REM SET LDAP_HOST= -REM LDAP_BASEDN : The base DN for the LDAP Tree -REM example : LDAP_BASEDN=ou=user,dc=example,dc=org + +REM # LDAP_BASEDN : The base DN for the LDAP Tree +REM # example : LDAP_BASEDN=ou=user,dc=example,dc=org REM SET LDAP_BASEDN= -REM LDAP_LOGIN_FALLBACK : Fallback on the default authentication method -REM example : LDAP_LOGIN_FALLBACK=true + +REM # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method +REM # example : LDAP_LOGIN_FALLBACK=true REM SET LDAP_LOGIN_FALLBACK=false -REM LDAP_RECONNECT : Reconnect to the server if the connection is lost -REM example : LDAP_RECONNECT=false + +REM # LDAP_RECONNECT : Reconnect to the server if the connection is lost +REM # example : LDAP_RECONNECT=false REM SET LDAP_RECONNECT=true -REM LDAP_TIMEOUT : Overall timeout, in milliseconds -REM example : LDAP_TIMEOUT=12345 + +REM # LDAP_TIMEOUT : Overall timeout, in milliseconds +REM # example : LDAP_TIMEOUT=12345 REM SET LDAP_TIMEOUT=10000 -REM LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds -REM example : LDAP_IDLE_TIMEOUT=12345 + +REM # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds +REM # example : LDAP_IDLE_TIMEOUT=12345 REM SET LDAP_IDLE_TIMEOUT=10000 -REM LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds -REM example : LDAP_CONNECT_TIMEOUT=12345 + +REM # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds +REM # example : LDAP_CONNECT_TIMEOUT=12345 REM SET LDAP_CONNECT_TIMEOUT=10000 -REM LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search -REM example : LDAP_AUTHENTIFICATION=true + +REM # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search +REM # example : LDAP_AUTHENTIFICATION=true REM SET LDAP_AUTHENTIFICATION=false -REM LDAP_AUTHENTIFICATION_USERDN : The search user DN -REM example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org + +REM # LDAP_AUTHENTIFICATION_USERDN : The search user DN +REM # example: LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org REM SET LDAP_AUTHENTIFICATION_USERDN= -REM LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user -REM example : AUTHENTIFICATION_PASSWORD=admin + +REM # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user +REM # example : AUTHENTIFICATION_PASSWORD=admin REM SET LDAP_AUTHENTIFICATION_PASSWORD= -REM LDAP_LOG_ENABLED : Enable logs for the module -REM example : LDAP_LOG_ENABLED=true + +REM # LDAP_LOG_ENABLED : Enable logs for the module +REM # example : LDAP_LOG_ENABLED=true REM SET LDAP_LOG_ENABLED=false -REM LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background -REM example : LDAP_BACKGROUND_SYNC=true + +REM # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background +REM # example : LDAP_BACKGROUND_SYNC=true REM SET LDAP_BACKGROUND_SYNC=false -REM LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds -REM example : LDAP_BACKGROUND_SYNC_INTERVAL=12345 + +REM # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds +REM # example : LDAP_BACKGROUND_SYNC_INTERVAL=12345 REM SET LDAP_BACKGROUND_SYNC_INTERVAL=100 -REM LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : -REM example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true + +REM # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : +REM # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true REM SET LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false -REM LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : -REM example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true + +REM # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : +REM # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true REM SET LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false -REM LDAP_ENCRYPTION : If using LDAPS -REM example : LDAP_ENCRYPTION=ssl + +REM # LDAP_ENCRYPTION : If using LDAPS +REM # example : LDAP_ENCRYPTION=ssl REM SET LDAP_ENCRYPTION=false -REM LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. -REM example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- + +REM # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. +REM # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- REM SET LDAP_CA_CERT= -REM LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate -REM example : LDAP_REJECT_UNAUTHORIZED=true + +REM # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate +REM # example : LDAP_REJECT_UNAUTHORIZED=true REM SET LDAP_REJECT_UNAUTHORIZED=false -REM LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed -REM example : LDAP_USER_SEARCH_FILTER= + +REM # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed +REM # example : LDAP_USER_SEARCH_FILTER= REM SET LDAP_USER_SEARCH_FILTER= -REM LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) -REM example : LDAP_USER_SEARCH_SCOPE=one + +REM # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) +REM # example : LDAP_USER_SEARCH_SCOPE=one REM SET LDAP_USER_SEARCH_SCOPE= -REM LDAP_USER_SEARCH_FIELD : Which field is used to find the user -REM example : LDAP_USER_SEARCH_FIELD=uid + +REM # LDAP_USER_SEARCH_FIELD : Which field is used to find the user +REM # example : LDAP_USER_SEARCH_FIELD=uid REM SET LDAP_USER_SEARCH_FIELD= -REM LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) -REM example : LDAP_SEARCH_PAGE_SIZE=12345 + +REM # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) +REM # example : LDAP_SEARCH_PAGE_SIZE=12345 REM SET LDAP_SEARCH_PAGE_SIZE=0 -REM LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) -REM example : LDAP_SEARCH_SIZE_LIMIT=12345 + +REM # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) +REM #33 example : LDAP_SEARCH_SIZE_LIMIT=12345 REM SET LDAP_SEARCH_SIZE_LIMIT=0 -REM LDAP_GROUP_FILTER_ENABLE : Enable group filtering -REM example : LDAP_GROUP_FILTER_ENABLE=true + +REM # LDAP_GROUP_FILTER_ENABLE : Enable group filtering +REM # example : LDAP_GROUP_FILTER_ENABLE=true REM SET LDAP_GROUP_FILTER_ENABLE=false -REM LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering -REM example : LDAP_GROUP_FILTER_OBJECTCLASS=group + +REM # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering +REM # example : LDAP_GROUP_FILTER_OBJECTCLASS=group REM SET LDAP_GROUP_FILTER_OBJECTCLASS= -REM LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : -REM example : + +REM # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : +REM # example : REM SET LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= -REM LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : -REM example : + +REM # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : +REM # example : REM SET LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= -REM LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : -REM example : + +REM # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : +REM # example : REM SET LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= -REM LDAP_GROUP_FILTER_GROUP_NAME : -REM example : + +REM # LDAP_GROUP_FILTER_GROUP_NAME : +REM # example : REM SET LDAP_GROUP_FILTER_GROUP_NAME= -REM LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) -REM example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid + +REM # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) +REM # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid REM SET LDAP_UNIQUE_IDENTIFIER_FIELD= -REM LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 -REM example : LDAP_UTF8_NAMES_SLUGIFY=false + +REM # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 +REM # example : LDAP_UTF8_NAMES_SLUGIFY=false REM SET LDAP_UTF8_NAMES_SLUGIFY=true -REM LDAP_USERNAME_FIELD : Which field contains the ldap username -REM example : LDAP_USERNAME_FIELD=username + +REM # LDAP_USERNAME_FIELD : Which field contains the ldap username +REM # example : LDAP_USERNAME_FIELD=username REM SET LDAP_USERNAME_FIELD= -REM LDAP_MERGE_EXISTING_USERS : -REM example : LDAP_MERGE_EXISTING_USERS=true + +REM # LDAP_MERGE_EXISTING_USERS : +REM # example : LDAP_MERGE_EXISTING_USERS=true REM SET LDAP_MERGE_EXISTING_USERS=false -REM LDAP_SYNC_USER_DATA : -REM example : LDAP_SYNC_USER_DATA=true + +REM # LDAP_SYNC_USER_DATA : +REM # example : LDAP_SYNC_USER_DATA=true REM SET LDAP_SYNC_USER_DATA=false -REM LDAP_SYNC_USER_DATA_FIELDMAP : -REM example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} + +REM # LDAP_SYNC_USER_DATA_FIELDMAP : +REM # example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} REM SET LDAP_SYNC_USER_DATA_FIELDMAP= -REM LDAP_SYNC_GROUP_ROLES : -REM example : -REM SET LDAP_SYNC_GROUP_ROLES= -REM LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP -REM example : + +REM # LDAP_SYNC_GROUP_ROLES : +REM # example : +REM # SET LDAP_SYNC_GROUP_ROLES= + +REM # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP +REM # example : REM SET LDAP_DEFAULT_DOMAIN= +REM ------------------------------------------------ + +REM # LOGOUT_WITH_TIMER : Enables or not the option logout with timer +REM # example : LOGOUT_WITH_TIMER=true +REM SET LOGOUT_WITH_TIMER= + +REM # LOGOUT_IN : The number of days +REM # example : LOGOUT_IN=1 +REM SET LOGOUT_IN= + +REM # LOGOUT_ON_HOURS : The number of hours +REM # example : LOGOUT_ON_HOURS=9 +REM SET LOGOUT_ON_HOURS= + +REM # LOGOUT_ON_MINUTES : The number of minutes +REM # example : LOGOUT_ON_MINUTES=55 +REM SET LOGOUT_ON_MINUTES= + cd .build\bundle node main.js cd ..\.. \ No newline at end of file diff --git a/start-wekan.sh b/start-wekan.sh index dd8bf9ebd..a7587e40b 100755 --- a/start-wekan.sh +++ b/start-wekan.sh @@ -1,206 +1,225 @@ #!/bin/bash function wekan_repo_check(){ - git_remotes="$(git remote show 2>/dev/null)" - res="" - for i in $git_remotes; do - res="$(git remote get-url $i | sed 's/.*wekan\/wekan.*/wekan\/wekan/')" - if [[ "$res" == "wekan/wekan" ]]; then - break - fi - done + git_remotes="$(git remote show 2>/dev/null)" + res="" + for i in $git_remotes; do + res="$(git remote get-url $i | sed 's/.*wekan\/wekan.*/wekan\/wekan/')" + if [[ "$res" == "wekan/wekan" ]]; then + break + fi + done - if [[ "$res" != "wekan/wekan" ]]; then - echo "$PWD is not a wekan repository" - exit; - fi + if [[ "$res" != "wekan/wekan" ]]; then + echo "$PWD is not a wekan repository" + exit; + fi } # If you want to restart even on crash, uncomment while and done lines. #while true; do - wekan_repo_check - cd .build/bundle - export MONGO_URL='mongodb://127.0.0.1:27019/wekan' - # Production: https://example.com/wekan - # Local: http://localhost:2000 - #export ipaddress=$(ifdata -pa eth0) - export ROOT_URL='http://localhost:2000' - # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail - # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml - export MAIL_URL='smtp://user:pass@mailserver.example.com:25/' - #export KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011 - # This is local port where Wekan Node.js runs, same as below on Caddyfile settings. - export PORT=2000 - # Wekan Export Board works when WITH_API=true. - # If you disable Wekan API with false, Export Board does not work. - export WITH_API='true' - #--------------------------------------------- - ## Optional: Integration with Matomo https://matomo.org that is installed to your server - ## The address of the server where Matomo is hosted: - ##export MATOMO_ADDRESS=https://example.com/matomo - #export MATOMO_ADDRESS= - ## The value of the site ID given in Matomo server for Wekan - # Example: export MATOMO_SITE_ID=123456789 - #export MATOMO_SITE_ID='' - ## The option do not track which enables users to not be tracked by matomo" - #Example: export MATOMO_DO_NOT_TRACK=false - #export MATOMO_DO_NOT_TRACK=true - ## The option that allows matomo to retrieve the username: - # Example: export MATOMO_WITH_USERNAME=true - #export MATOMO_WITH_USERNAME='false' - # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. - # Setting this to false is not recommended, it also disables all other browser policy protections - # and allows all iframing etc. See wekan/server/policy.js - # Default value: true - export BROWSER_POLICY_ENABLED=true - # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. - # Example: export TRUSTED_URL=http://example.com - export TRUSTED_URL='' - # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . - # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId - export WEBHOOKS_ATTRIBUTES='' - #--------------------------------------------- - # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 - # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 - # example: export OAUTH2_CLIENT_ID=abcde12345 - #export OAUTH2_CLIENT_ID='' - # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde - # example: export OAUTH2_SECRET=54321abcde - #export OAUTH2_SECRET='' - # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com - # example: export OAUTH2_SERVER_URL=https://chat.example.com - #export OAUTH2_SERVER_URL='' - # OAuth2 Authorization Endpoint. Example: /oauth/authorize - # example: export OAUTH2_AUTH_ENDPOINT=/oauth/authorize - #export OAUTH2_AUTH_ENDPOINT='' - # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo - # example: export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo - #export OAUTH2_USERINFO_ENDPOINT='' - # OAuth2 Token Endpoint. Example: /oauth/token - # example: export OAUTH2_TOKEN_ENDPOINT=/oauth/token - #export OAUTH2_TOKEN_ENDPOINT='' - #--------------------------------------------- - # LDAP_ENABLE : Enable or not the connection by the LDAP - # example : export LDAP_ENABLE=true - #export LDAP_ENABLE=false - # LDAP_PORT : The port of the LDAP server - # example : export LDAP_PORT=389 - #export LDAP_PORT=389 - # LDAP_HOST : The host server for the LDAP server - # example : export LDAP_HOST=localhost - #export LDAP_HOST= - # LDAP_BASEDN : The base DN for the LDAP Tree - # example : export LDAP_BASEDN=ou=user,dc=example,dc=org - #export LDAP_BASEDN= - # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method - # example : export LDAP_LOGIN_FALLBACK=true - #export LDAP_LOGIN_FALLBACK=false - # LDAP_RECONNECT : Reconnect to the server if the connection is lost - # example : export LDAP_RECONNECT=false - #export LDAP_RECONNECT=true - # LDAP_TIMEOUT : Overall timeout, in milliseconds - # example : export LDAP_TIMEOUT=12345 - #export LDAP_TIMEOUT=10000 - # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds - # example : export LDAP_IDLE_TIMEOUT=12345 - #export LDAP_IDLE_TIMEOUT=10000 - # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds - # example : export LDAP_CONNECT_TIMEOUT=12345 - #export LDAP_CONNECT_TIMEOUT=10000 - # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search - # example : export LDAP_AUTHENTIFICATION=true - #export LDAP_AUTHENTIFICATION=false - # LDAP_AUTHENTIFICATION_USERDN : The search user DN - # example : export LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org - #export LDAP_AUTHENTIFICATION_USERDN= - # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user - # example : AUTHENTIFICATION_PASSWORD=admin - #export LDAP_AUTHENTIFICATION_PASSWORD= - # LDAP_LOG_ENABLED : Enable logs for the module - # example : export LDAP_LOG_ENABLED=true - #export LDAP_LOG_ENABLED=false - # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background - # example : export LDAP_BACKGROUND_SYNC=true - #export LDAP_BACKGROUND_SYNC=false - # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds - # example : export LDAP_BACKGROUND_SYNC_INTERVAL=12345 - #export LDAP_BACKGROUND_SYNC_INTERVAL=100 - # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : - # example : export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true - #export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false - # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : - # example : export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true - #export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false - # LDAP_ENCRYPTION : If using LDAPS - # example : export LDAP_ENCRYPTION=ssl - #export LDAP_ENCRYPTION=false - # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. - # example : export LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- - #export LDAP_CA_CERT= - # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate - # example : export LDAP_REJECT_UNAUTHORIZED=true - #export LDAP_REJECT_UNAUTHORIZED=false - # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed - # example : export LDAP_USER_SEARCH_FILTER= - #export LDAP_USER_SEARCH_FILTER= - # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) - # example : export LDAP_USER_SEARCH_SCOPE=one - #export LDAP_USER_SEARCH_SCOPE= - # LDAP_USER_SEARCH_FIELD : Which field is used to find the user - # example : export LDAP_USER_SEARCH_FIELD=uid - #export LDAP_USER_SEARCH_FIELD= - # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) - # example : export LDAP_SEARCH_PAGE_SIZE=12345 - #export LDAP_SEARCH_PAGE_SIZE=0 - # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) - # example : export LDAP_SEARCH_SIZE_LIMIT=12345 - #export LDAP_SEARCH_SIZE_LIMIT=0 - # LDAP_GROUP_FILTER_ENABLE : Enable group filtering - # example : export LDAP_GROUP_FILTER_ENABLE=true - #export LDAP_GROUP_FILTER_ENABLE=false - # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering - # example : export LDAP_GROUP_FILTER_OBJECTCLASS=group - #export LDAP_GROUP_FILTER_OBJECTCLASS= - # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : - # example : - #export LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= - # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : - # example : - #export LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= - # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : - # example : - #export LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= - # LDAP_GROUP_FILTER_GROUP_NAME : - # example : - #export LDAP_GROUP_FILTER_GROUP_NAME= - # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) - # example : export LDAP_UNIQUE_IDENTIFIER_FIELD=guid - #export LDAP_UNIQUE_IDENTIFIER_FIELD= - # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 - # example : export LDAP_UTF8_NAMES_SLUGIFY=false - #export LDAP_UTF8_NAMES_SLUGIFY=true - # LDAP_USERNAME_FIELD : Which field contains the ldap username - # example : export LDAP_USERNAME_FIELD=username - #export LDAP_USERNAME_FIELD= - # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname - # example : export LDAP_FULLNAME_FIELD=fullname - #export LDAP_FULLNAME_FIELD= - # LDAP_MERGE_EXISTING_USERS : - # example : export LDAP_MERGE_EXISTING_USERS=true - #export LDAP_MERGE_EXISTING_USERS=false - # LDAP_SYNC_USER_DATA : - # example : export LDAP_SYNC_USER_DATA=true - #export LDAP_SYNC_USER_DATA=false - # LDAP_SYNC_USER_DATA_FIELDMAP : - # example : export LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} - #export LDAP_SYNC_USER_DATA_FIELDMAP= - # LDAP_SYNC_GROUP_ROLES : - # example : - #export LDAP_SYNC_GROUP_ROLES= - # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP - # example : - #export LDAP_DEFAULT_DOMAIN= - node main.js - # & >> ../../wekan.log - cd ../.. + wekan_repo_check + cd .build/bundle + export MONGO_URL='mongodb://127.0.0.1:27019/wekan' + #--------------------------------------------- + # Production: https://example.com/wekan + # Local: http://localhost:2000 + #export ipaddress=$(ifdata -pa eth0) + export ROOT_URL='http://localhost:2000' + #--------------------------------------------- + # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail + # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml + export MAIL_URL='smtp://user:pass@mailserver.example.com:25/' + #--------------------------------------------- + #export KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011 + #--------------------------------------------- + # This is local port where Wekan Node.js runs, same as below on Caddyfile settings. + export PORT=2000 + #--------------------------------------------- + # Wekan Export Board works when WITH_API=true. + # If you disable Wekan API with false, Export Board does not work. + export WITH_API='true' + #--------------------------------------------- + # CORS: Set Access-Control-Allow-Origin header. Example: * + #- CORS=* + #--------------------------------------------- + ## Optional: Integration with Matomo https://matomo.org that is installed to your server + ## The address of the server where Matomo is hosted: + ##export MATOMO_ADDRESS=https://example.com/matomo + #export MATOMO_ADDRESS= + ## The value of the site ID given in Matomo server for Wekan + # Example: export MATOMO_SITE_ID=123456789 + #export MATOMO_SITE_ID='' + ## The option do not track which enables users to not be tracked by matomo" + #Example: export MATOMO_DO_NOT_TRACK=false + #export MATOMO_DO_NOT_TRACK=true + ## The option that allows matomo to retrieve the username: + # Example: export MATOMO_WITH_USERNAME=true + #export MATOMO_WITH_USERNAME='false' + # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. + # Setting this to false is not recommended, it also disables all other browser policy protections + # and allows all iframing etc. See wekan/server/policy.js + # Default value: true + export BROWSER_POLICY_ENABLED=true + # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. + # Example: export TRUSTED_URL=http://example.com + export TRUSTED_URL='' + # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . + # Example: export WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId + export WEBHOOKS_ATTRIBUTES='' + #--------------------------------------------- + # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 + # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345 + # example: export OAUTH2_CLIENT_ID=abcde12345 + #export OAUTH2_CLIENT_ID='' + # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde + # example: export OAUTH2_SECRET=54321abcde + #export OAUTH2_SECRET='' + # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com + # example: export OAUTH2_SERVER_URL=https://chat.example.com + #export OAUTH2_SERVER_URL='' + # OAuth2 Authorization Endpoint. Example: /oauth/authorize + # example: export OAUTH2_AUTH_ENDPOINT=/oauth/authorize + #export OAUTH2_AUTH_ENDPOINT='' + # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo + # example: export OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo + #export OAUTH2_USERINFO_ENDPOINT='' + # OAuth2 Token Endpoint. Example: /oauth/token + # example: export OAUTH2_TOKEN_ENDPOINT=/oauth/token + #export OAUTH2_TOKEN_ENDPOINT='' + #--------------------------------------------- + # LDAP_ENABLE : Enable or not the connection by the LDAP + # example : export LDAP_ENABLE=true + #export LDAP_ENABLE=false + # LDAP_PORT : The port of the LDAP server + # example : export LDAP_PORT=389 + #export LDAP_PORT=389 + # LDAP_HOST : The host server for the LDAP server + # example : export LDAP_HOST=localhost + #export LDAP_HOST= + # LDAP_BASEDN : The base DN for the LDAP Tree + # example : export LDAP_BASEDN=ou=user,dc=example,dc=org + #export LDAP_BASEDN= + # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method + # example : export LDAP_LOGIN_FALLBACK=true + #export LDAP_LOGIN_FALLBACK=false + # LDAP_RECONNECT : Reconnect to the server if the connection is lost + # example : export LDAP_RECONNECT=false + #export LDAP_RECONNECT=true + # LDAP_TIMEOUT : Overall timeout, in milliseconds + # example : export LDAP_TIMEOUT=12345 + #export LDAP_TIMEOUT=10000 + # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds + # example : export LDAP_IDLE_TIMEOUT=12345 + #export LDAP_IDLE_TIMEOUT=10000 + # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds + # example : export LDAP_CONNECT_TIMEOUT=12345 + #export LDAP_CONNECT_TIMEOUT=10000 + # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search + # example : export LDAP_AUTHENTIFICATION=true + #export LDAP_AUTHENTIFICATION=false + # LDAP_AUTHENTIFICATION_USERDN : The search user DN + # example : export LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org + #export LDAP_AUTHENTIFICATION_USERDN= + # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user + # example : AUTHENTIFICATION_PASSWORD=admin + #export LDAP_AUTHENTIFICATION_PASSWORD= + # LDAP_LOG_ENABLED : Enable logs for the module + # example : export LDAP_LOG_ENABLED=true + #export LDAP_LOG_ENABLED=false + # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background + # example : export LDAP_BACKGROUND_SYNC=true + #export LDAP_BACKGROUND_SYNC=false + # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds + # example : export LDAP_BACKGROUND_SYNC_INTERVAL=12345 + #export LDAP_BACKGROUND_SYNC_INTERVAL=100 + # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : + # example : export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true + #export LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false + # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : + # example : export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true + #export LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false + # LDAP_ENCRYPTION : If using LDAPS + # example : export LDAP_ENCRYPTION=ssl + #export LDAP_ENCRYPTION=false + # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. + # example : export LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- + #export LDAP_CA_CERT= + # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate + # example : export LDAP_REJECT_UNAUTHORIZED=true + #export LDAP_REJECT_UNAUTHORIZED=false + # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed + # example : export LDAP_USER_SEARCH_FILTER= + #export LDAP_USER_SEARCH_FILTER= + # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) + # example : export LDAP_USER_SEARCH_SCOPE=one + #export LDAP_USER_SEARCH_SCOPE= + # LDAP_USER_SEARCH_FIELD : Which field is used to find the user + # example : export LDAP_USER_SEARCH_FIELD=uid + #export LDAP_USER_SEARCH_FIELD= + # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) + # example : export LDAP_SEARCH_PAGE_SIZE=12345 + #export LDAP_SEARCH_PAGE_SIZE=0 + # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) + # example : export LDAP_SEARCH_SIZE_LIMIT=12345 + #export LDAP_SEARCH_SIZE_LIMIT=0 + # LDAP_GROUP_FILTER_ENABLE : Enable group filtering + # example : export LDAP_GROUP_FILTER_ENABLE=true + #export LDAP_GROUP_FILTER_ENABLE=false + # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering + # example : export LDAP_GROUP_FILTER_OBJECTCLASS=group + #export LDAP_GROUP_FILTER_OBJECTCLASS= + # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : + # example : + #export LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= + # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : + # example : + #export LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= + # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : + # example : + #export LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= + # LDAP_GROUP_FILTER_GROUP_NAME : + # example : + #export LDAP_GROUP_FILTER_GROUP_NAME= + # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) + # example : export LDAP_UNIQUE_IDENTIFIER_FIELD=guid + #export LDAP_UNIQUE_IDENTIFIER_FIELD= + # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 + # example : export LDAP_UTF8_NAMES_SLUGIFY=false + #export LDAP_UTF8_NAMES_SLUGIFY=true + # LDAP_USERNAME_FIELD : Which field contains the ldap username + # example : export LDAP_USERNAME_FIELD=username + #export LDAP_USERNAME_FIELD= + # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname + # example : export LDAP_FULLNAME_FIELD=fullname + #export LDAP_FULLNAME_FIELD= + # LDAP_MERGE_EXISTING_USERS : + # example : export LDAP_MERGE_EXISTING_USERS=true + #export LDAP_MERGE_EXISTING_USERS=false + # LDAP_SYNC_USER_DATA : + # example : export LDAP_SYNC_USER_DATA=true + #export LDAP_SYNC_USER_DATA=false + # LDAP_SYNC_USER_DATA_FIELDMAP : + # example : export LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} + #export LDAP_SYNC_USER_DATA_FIELDMAP= + # LDAP_SYNC_GROUP_ROLES : + # example : + #export LDAP_SYNC_GROUP_ROLES= + # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP + # example : + #export LDAP_DEFAULT_DOMAIN= + # LOGOUT_WITH_TIMER : Enables or not the option logout with timer + # example : LOGOUT_WITH_TIMER=true + #- LOGOUT_WITH_TIMER= + # LOGOUT_IN : The number of days + # example : LOGOUT_IN=1 + #- LOGOUT_IN= + #- LOGOUT_ON_HOURS= + # LOGOUT_ON_MINUTES : The number of minutes + # example : LOGOUT_ON_MINUTES=55 + #- LOGOUT_ON_MINUTES= + + node main.js + # & >> ../../wekan.log + cd ../.. #done