Commit 242183d6 authored by yzx9's avatar yzx9
Browse files

Add docker-compose.yml

parent 1f7c65aa

README.md

+15 −3
Original line number Diff line number Diff line
@@ -176,9 +176,21 @@ to create a network for the docker instances. 


## Startup



### Using without proxy



In most cases, you should use a gateway reverse proxy for your requests (see the next section), as they can offer many benefits such as enhanced security and easier SSL certificate updates. This simple startup method is used for 1. Development 2. When you know what you're doing, for example, when there is an additional gateway layer outside your server.



Start docker containers:



``` 

docker-compose up -d

```



### Using proxy



There are 2 different ways of starting either using Traefik or using Certbot. Adapt the one you want to use.



### Using Traefik

#### Using Traefik



Then start docker containers (with loadbalancer):

```
@@ -186,7 +198,7 @@ export NUMINSTANCES=1 
docker-compose -f docker-compose.traefik.yml up -d --scale sharelatex=$NUMINSTANCES

```



### Using Certbot 

#### Using Certbot 

Enable line 65/66 and 69/70 in ldapoverleaf-sl/Dockerfile and ``make`` again.



```

docker-compose.certbot.yml

+11 −0
Original line number Diff line number Diff line
@@ -81,6 +81,17 @@ services: 
      LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"

      LDAP_CONTACTS: "false"



      # OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID

      # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET

      # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE

      # OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL

      # OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL

      # OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL

      # OAUTH2_USER_ATTR_EMAIL: email

      # OAUTH2_USER_ATTR_UID: id

      # OAUTH2_USER_ATTR_FIRSTNAME: name

      # OAUTH2_USER_ATTR_LASTNAME:



      # Same property, unfortunately with different names in

      # different locations

      SHARELATEX_REDIS_HOST: redis

docker-compose.traefik.yml

+11 −0
Original line number Diff line number Diff line
@@ -162,6 +162,17 @@ services: 
      LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"

      LDAP_CONTACTS: "false"



      # OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID

      # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET

      # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE

      # OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL

      # OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL

      # OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL

      # OAUTH2_USER_ATTR_EMAIL: email

      # OAUTH2_USER_ATTR_UID: id

      # OAUTH2_USER_ATTR_FIRSTNAME: name

      # OAUTH2_USER_ATTR_LASTNAME:



      # Same property, unfortunately with different names in

      # different locations

      SHARELATEX_REDIS_HOST: redis

docker-compose.yml

0 → 100644
+147 −0
Original line number Diff line number Diff line 
version: "2.2"

services:

  sharelatex:

    restart: always

    image: ldap-overleaf-sl

    container_name: ldap-overleaf-sl

    depends_on:

      mongo:

        condition: service_healthy

      redis:

        condition: service_healthy

    privileged: false

    ports:

      - 80:80

    links:

      - mongo

      - redis

    volumes:

      - ${MYDATA}/sharelatex:/var/lib/sharelatex

      - ${MYDATA}/letsencrypt:/etc/letsencrypt

      - ${MYDATA}/letsencrypt/live/${MYDOMAIN}/:/etc/letsencrypt/certs/domain

    environment:

      SHARELATEX_APP_NAME: Overleaf

      SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex

      SHARELATEX_SITE_URL: https://${MYDOMAIN}

      SHARELATEX_NAV_TITLE: Overleaf - run by ${MYDOMAIN}

      #SHARELATEX_HEADER_IMAGE_URL: https://${MYDOMAIN}/logo.svg

      SHARELATEX_ADMIN_EMAIL: ${MYMAIL}

      SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"} ]'

      SHARELATEX_RIGHT_FOOTER: '[{"text": "LDAP Overleaf (beta)"} ]'

      SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@${MYDOMAIN}"

      # SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:

      # SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:

      SHARELATEX_EMAIL_SMTP_HOST: smtp.${MYDOMAIN}

      SHARELATEX_EMAIL_SMTP_PORT: 587

      SHARELATEX_EMAIL_SMTP_SECURE: "false"

      # SHARELATEX_EMAIL_SMTP_USER:

      # SHARELATEX_EMAIL_SMTP_PASS:

      # SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true

      # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false

      SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."



      # make public links accessible w/o login (link sharing issue)

      # https://github.com/overleaf/docker-image/issues/66

      # https://github.com/overleaf/overleaf/issues/628

      # https://github.com/overleaf/web/issues/367

      # Fixed in 2.0.2 (Release date: 2019-11-26)

      SHARELATEX_ALLOW_PUBLIC_ACCESS: "true"

      SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: "true"



      SHARELATEX_SECURE_COOKIE: "true"

      SHARELATEX_BEHIND_PROXY: "true"



      LDAP_SERVER: ldaps://LDAPSERVER:636

      LDAP_BASE: ou=people,dc=DOMAIN,dc=TLD



      ### There are to ways get users from the ldap server



      ## NO LDAP BIND USER:

      # Tries directly to bind with the login user (as uid)

      # LDAP_BINDDN: uid=%u,ou=someunit,ou=people,dc=DOMAIN,dc=TLD



      ## Or you can use ai global LDAP_BIND_USER

      # LDAP_BIND_USER:

      # LDAP_BIND_PW:



      # Only allow users matching LDAP_USER_FILTER

      LDAP_USER_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"



      # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.

      # Admin Users can invite external (non ldap) users. This feature makes only sense

      # when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send

      # system wide messages.

      LDAP_ADMIN_GROUP_FILTER: "(memberof=cn=ADMINGROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"

      ALLOW_EMAIL_LOGIN: "true"



      # All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.

      LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"

      LDAP_CONTACTS: "false"



      # OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID

      # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET

      # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE

      # OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL

      # OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL

      # OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL

      # OAUTH2_USER_ATTR_EMAIL: email

      # OAUTH2_USER_ATTR_UID: id

      # OAUTH2_USER_ATTR_FIRSTNAME: name

      # OAUTH2_USER_ATTR_LASTNAME:



      # Same property, unfortunately with different names in

      # different locations

      SHARELATEX_REDIS_HOST: redis

      REDIS_HOST: redis

      REDIS_PORT: 6379



      ENABLED_LINKED_FILE_TYPES: "url,project_file"



      # Enables Thumbnail generation using ImageMagick

      ENABLE_CONVERSIONS: "true"



  mongo:

    restart: always

    image: mongo:4.4

    container_name: mongo

    expose:

      - 27017

    volumes:

      - ${MYDATA}/mongo_data:/data/db

    healthcheck:

      test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet

      interval: 10s

      timeout: 10s

      retries: 5

    command: "--replSet overleaf"



  # See also: https://github.com/overleaf/overleaf/issues/1120

  mongoinit:

    image: mongo:4.4

    # this container will exit after executing the command

    restart: "no"

    depends_on:

      mongo:

        condition: service_healthy

    entrypoint:

      [

        "mongo",

        "--host",

        "mongo:27017",

        "--eval",

        'rs.initiate({ _id: "overleaf", members: [ { _id: 0, host: "mongo:27017" } ] })',

      ]



  redis:

    restart: always

    image: redis:6.2

    container_name: redis

    expose:

      - 6379

    volumes:

      - ${MYDATA}/redis_data:/data

    healthcheck:

      test: ["CMD", "redis-cli", "ping"]

      interval: 10s

      timeout: 5s

      retries: 5

CRA Git | Maintained and supported by SUSTech CRA and CCSE