GetOutline - Docker-compose

1. I run it behind a reverse proxy nginx server so the db are isolated from external network.
2.  
3.  
4.  
5. docker-compose.yml
6. ==================================================================================
7.  
8. version: "3.2"
9. services:
10. outline:
11. image: docker.getoutline.com/outlinewiki/outline:latest
12. env_file: ./docker.env
13. network_mode: "host"
14. ports:
15. - "3333:3333"
16. volumes:
17. - storage-data:/var/lib/outline/data
18. depends_on:
19. - postgres
20. - redis
21.  
22. redis:
23. image: redis
24. env_file: ./docker.env
25. network_mode: "host"
26. ports:
27. - "6379:6379"
28. volumes:
29. - ./redis.conf:/redis.conf
30. command: ["redis-server", "/redis.conf"]
31. healthcheck:
32. test: ["CMD", "redis-cli", "ping"]
33. interval: 10s
34. timeout: 30s
35. retries: 3
36.  
37. postgres:
38. image: postgres
39. env_file: ./docker.env
40. network_mode: "host"
41. ports:
42. - "5432:5432"
43. volumes:
44. - database-data:/var/lib/postgresql/data
45. healthcheck:
46. test: ["CMD", "pg_isready", "-d", "outline", "-U", "user"]
47. interval: 30s
48. timeout: 20s
49. retries: 3
50. environment:
51. POSTGRES_USER: 'user'
52. POSTGRES_PASSWORD: 'pass'
53. POSTGRES_DB: 'outline'
54. ==================================================================================
55.  
56.  
57. docker.env
58. ==================================================================================
59.  
60. # –––––––––––––––– REQUIRED ––––––––––––––––
61.  
62. NODE_ENV=production
63.  
64. # Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32`
65. # in your terminal to generate a random value.
66. SECRET_KEY=usethecommandabovetogenerate
67.  
68. # Generate a unique random key. The format is not important but you could still use
69. # `openssl rand -hex 32` in your terminal to produce this.
70. UTILS_SECRET=usethecommandabovetogenerate
71.  
72. # For production point these at your databases, in development the default
73. # should work out of the box.
74. DATABASE_URL=postgres://user:pass@localhost:5432/outline
75. DATABASE_CONNECTION_POOL_MIN=
76. DATABASE_CONNECTION_POOL_MAX=
77. # Uncomment this to disable SSL for connecting to Postgres
78. PGSSLMODE=disable
79.  
80. # For redis you can either specify an ioredis compatible url like this
81. REDIS_URL=redis://localhost:6379
82. # or alternatively, if you would like to provide additional connection options,
83. # use a base64 encoded JSON connection option object. Refer to the ioredis documentation
84. # for a list of available options.
85. # Example: Use Redis Sentinel for high availability
86. # {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"}
87. # REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ==
88.  
89. # URL should point to the fully qualified, publicly accessible URL. If using a
90. # proxy the port in URL and PORT may be different.
91. URL=https://yourpublicdomain
92. PORT=3333
93.  
94. # See [documentation](docs/SERVICES.md) on running a separate collaboration
95. # server, for normal operation this does not need to be set.
96. # COLLABORATION_URL=
97.  
98. # Specify what storage system to use. Possible value is one of "s3" or "local".
99. # For "local", the avatar images and document attachments will be saved on local disk.
100. FILE_STORAGE=local
101.  
102. # If "local" is configured for FILE_STORAGE above, then this sets the parent directory under
103. # which all attachments/images go. Make sure that the process has permissions to create
104. # this path and also to write files to it.
105. FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
106.  
107. # Maximum allowed size for the uploaded attachment.
108. FILE_STORAGE_UPLOAD_MAX_SIZE=262144000
109.  
110. # Override the maximum size of document imports, generally this should be lower
111. # than the document attachment maximum size.
112. FILE_STORAGE_IMPORT_MAX_SIZE=
113.  
114. # Override the maximum size of workspace imports, these can be especially large
115. # and the files are temporary being automatically deleted after a period of time.
116. FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE=
117.  
118. # To support uploading of images for avatars and document attachments in a distributed
119. # architecture an s3-compatible storage can be configured if FILE_STORAGE=s3 above.
120. # AWS_ACCESS_KEY_ID=get_a_key_from_aws
121. # AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key
122. # AWS_REGION=xx-xxxx-x
123. # AWS_S3_ACCELERATE_URL=
124. # AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569
125. # AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here
126. # AWS_S3_FORCE_PATH_STYLE=true
127. # AWS_S3_ACL=private
128.  
129. # –––––––––––––– AUTHENTICATION ––––––––––––––
130.  
131. # Third party signin credentials, at least ONE OF EITHER Google, Slack,
132. # or Microsoft is required for a working installation or you'll have no sign-in
133. # options.
134.  
135. # To configure Slack auth, you'll need to create an Application at
136. # => https://api.slack.com/apps
137. #
138. # When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
139. # https://<URL>/auth/slack.callback
140. # SLACK_CLIENT_ID=get_a_key_from_slack
141. # SLACK_CLIENT_SECRET=get_the_secret_of_above_key
142.  
143. # To configure Google auth, you'll need to create an OAuth Client ID at
144. # => https://console.cloud.google.com/apis/credentials
145. #
146. # When configuring the Client ID, add an Authorized redirect URI:
147. # https://<URL>/auth/google.callback
148. #GOOGLE_CLIENT_ID=
149. #GOOGLE_CLIENT_SECRET=
150.  
151. # To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See
152. # the guide for details on setting up your Azure App:
153. # => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4
154. AZURE_CLIENT_ID=
155. AZURE_CLIENT_SECRET=
156. AZURE_RESOURCE_APP_ID=
157. AZURE_TENANT_ID=
158.  
159. # To configure generic OIDC auth, you'll need some kind of identity provider.
160. # See documentation for whichever IdP you use to acquire the following info:
161. # Redirect URI is https://<URL>/auth/oidc.callback
162. # OIDC_CLIENT_ID=
163. # OIDC_CLIENT_SECRET=
164. # OIDC_AUTH_URI=
165. # OIDC_TOKEN_URI=
166. # OIDC_USERINFO_URI=
167. # OIDC_LOGOUT_URI=
168.  
169. # Specify which claims to derive user information from
170. # Supports any valid JSON path with the JWT payload
171. # OIDC_USERNAME_CLAIM=preferred_username
172.  
173. # Display name for OIDC authentication
174. # OIDC_DISPLAY_NAME=OpenID Connect
175.  
176. # Space separated auth scopes.
177. # OIDC_SCOPES=openid profile email
178.  
179. # To configure the GitHub integration, you'll need to create a GitHub App at
180. # => https://github.com/settings/apps
181. #
182. # When configuring the Client ID, add a redirect URL under "Permissions & events":
183. # https://<URL>/api/github.callback
184. # GITHUB_CLIENT_ID=
185. # GITHUB_CLIENT_SECRET=
186. # GITHUB_APP_NAME=
187. # GITHUB_APP_ID=
188. # GITHUB_APP_PRIVATE_KEY=
189.  
190. # –––––––––––––––– OPTIONAL ––––––––––––––––
191.  
192. # Base64 encoded private key and certificate for HTTPS termination. This is only
193. # required if you do not use an external reverse proxy. See documentation:
194. # https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45
195. # SSL_KEY=
196. # SSL_CERT=
197.  
198. # If using a Cloudfront/Cloudflare distribution or similar it can be set below.
199. # This will cause paths to javascript, stylesheets, and images to be updated to
200. # the hostname defined in CDN_URL. In your CDN configuration the origin server
201. # should be set to the same as URL.
202. # CDN_URL=
203.  
204. # Auto-redirect to https in production. The default is true but you may set to
205. # false if you can be sure that SSL is terminated at an external loadbalancer.
206. FORCE_HTTPS=false
207.  
208. # Have the installation check for updates by sending anonymized statistics to
209. # the maintainers
210. ENABLE_UPDATES=true
211.  
212. # How many processes should be spawned. As a reasonable rule divide your servers
213. # available memory by 512 for a rough estimate
214. WEB_CONCURRENCY=2
215.  
216. # You can remove this line if your reverse proxy already logs incoming http
217. # requests and this ends up being duplicative
218. DEBUG=http
219.  
220. # Configure lowest severity level for server logs. Should be one of
221. # error, warn, info, http, verbose, debug and silly
222. LOG_LEVEL=info
223.  
224. # For a complete Slack integration with search and posting to channels the
225. # following configs are also needed, some more details
226. # => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
227. #
228. # SLACK_VERIFICATION_TOKEN=your_token
229. # SLACK_APP_ID=A0XXXXXXX
230. # SLACK_MESSAGE_ACTIONS=true
231.  
232. # Optionally enable Sentry (sentry.io) to track errors and performance,
233. # and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI:
234. # https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)
235. # SENTRY_DSN=
236. # SENTRY_TUNNEL=
237.  
238. # To support sending outgoing transactional emails such as "document updated" or
239. # "you've been invited" you'll need to provide authentication for an SMTP server
240. SMTP_HOST=smtp.mailgun.org
241. SMTP_PORT=587
242. SMTP_USERNAME=anemail@yourdomain
243. SMTP_PASSWORD=yoursmtppassword
244. SMTP_FROM_EMAIL=anemail@yourdomain
245. SMTP_REPLY_EMAIL=anemail@yourdomain
246. SMTP_TLS_CIPHERS=TLSv1.2
247. SMTP_SECURE=false
248.  
249. # The default interface language. See translate.getoutline.com for a list of
250. # available language codes and their rough percentage translated.
251. DEFAULT_LANGUAGE=en_US
252.  
253. # Optionally enable rate limiter at application web server
254. RATE_LIMITER_ENABLED=true
255.  
256. # Configure default throttling parameters for rate limiter
257. RATE_LIMITER_REQUESTS=1000
258. RATE_LIMITER_DURATION_WINDOW=60
259.  
260. # Iframely API config
261. # IFRAMELY_URL=
262. # IFRAMELY_API_KEY=
263.  
264. ==================================================================================
265.  
266.  
267. nginx.conf
268. ==================================================================================
269.  
270. server {
271. listen 80;
272. index index.html index.htm index.nginx-debian.html;
273. server_name yourdomain;
274. #Allow uploads up to 250MB, same as setup in .env
275. client_max_body_size 250M;
276.  
277. location / {
278. proxy_pass http://localhost:3333;
279. proxy_set_header Host $host;
280. proxy_set_header X-Real-IP $remote_addr;
281. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
282. proxy_set_header X-Forwarded-Proto $scheme;
283. proxy_set_header X-Forwarded-Host $host;
284. proxy_http_version 1.1;
285. proxy_set_header Upgrade $http_upgrade;
286. proxy_set_header Connection "upgrade";
287. proxy_cookie_path / "/; Secure";
288. proxy_redirect off;
289. proxy_read_timeout 3600s;
290. proxy_connect_timeout 3600s;
291. }
292.  
293. listen 443 ssl;
294. ssl_certificate /etc/letsencrypt/live/yourdomain/fullchain.pem;
295. ssl_certificate_key /etc/letsencrypt/live/yourdomain/privkey.pem;
296.  
297. }
298. ==================================================================================
299.  
300. Create your certificate:
301. ==================================================================================
302.  
303. sudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d youdomain.com.br --pre-hook="systemctl stop nginx" --post-hook="systemctl start nginx"
304.  
305. ==================================================================================
306.  
307. After all that, run the command below to create the required dirs and run the docker-compose:
308.  
309. mkdir -p /home/${USER}/docker && mkdir -p /home/${USER}/docker/logs && cd /home/${USER}/docker && touch docker.env && touch docker-compose.yml