From 5b25238efda1658fb95989fe3a118bffbb830fb0 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 11:43:14 +1100 Subject: [PATCH 01/32] add supabase --- supabase/.env | 78 ++++++++++ supabase/docker-compose.yml | 239 ++++++++++++++++++++++++++++++ supabase/volumes/api/kong.yml | 174 ++++++++++++++++++++++ supabase/volumes/db/init/data.sql | 0 supabase/volumes/db/realtime.sql | 4 + supabase/volumes/db/roles.sql | 7 + 6 files changed, 502 insertions(+) create mode 100644 supabase/.env create mode 100644 supabase/docker-compose.yml create mode 100644 supabase/volumes/api/kong.yml create mode 100644 supabase/volumes/db/init/data.sql create mode 100644 supabase/volumes/db/realtime.sql create mode 100644 supabase/volumes/db/roles.sql diff --git a/supabase/.env b/supabase/.env new file mode 100644 index 0000000..ef22980 --- /dev/null +++ b/supabase/.env @@ -0,0 +1,78 @@ +############ +# Secrets +# YOU MUST CHANGE THESE BEFORE GOING INTO PRODUCTION +############ + +POSTGRES_PASSWORD= +JWT_SECRET= +ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAiYW5vbiIsCiAgICAiaXNzIjogInN1cGFiYXNlIiwKICAgICJpYXQiOiAxNjc0ODI0NDAwLAogICAgImV4cCI6IDE4MzI1OTA4MDAKfQ.GjK9HIRUaMB0LZiIXD-qvfKSgZwHUsmLlo6qItGRrx0 +SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzQ4MjQ0MDAsCiAgICAiZXhwIjogMTgzMjU5MDgwMAp9.8H6IJnWB4kmhKMpRSVQPIaPs1WWOsF_FStCPOxFG-Sk + + +############ +# Database - You can change these to any PostgreSQL database that has logical replication enabled. +############ + +POSTGRES_HOST=db +POSTGRES_DB=postgres +POSTGRES_USER=postgres +POSTGRES_PORT=5432 + + +############ +# API Proxy - Configuration for the Kong Reverse proxy. +############ + +KONG_HTTP_PORT=8000 +KONG_HTTPS_PORT=8443 + + +############ +# API - Configuration for PostgREST. +############ + +PGRST_DB_SCHEMAS=public,storage,graphql_public + + +############ +# Auth - Configuration for the GoTrue authentication server. +############ + +## General +SITE_URL=https://localhost:3000 +ADDITIONAL_REDIRECT_URLS= +JWT_EXPIRY=3600 +DISABLE_SIGNUP=false +API_EXTERNAL_URL=https://localhost:8000 + +## Mailer Config +MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify" +MAILER_URLPATHS_INVITE="/auth/v1/verify" +MAILER_URLPATHS_RECOVERY="/auth/v1/verify" +MAILER_URLPATHS_EMAIL_CHANGE="/auth/v1/verify" + +## Email auth +ENABLE_EMAIL_SIGNUP=true +ENABLE_EMAIL_AUTOCONFIRM=false +SMTP_ADMIN_EMAIL= +SMTP_HOST= +SMTP_PORT= +SMTP_USER= +SMTP_PASS= +SMTP_SENDER_NAME= + +## Phone auth +ENABLE_PHONE_SIGNUP=false +ENABLE_PHONE_AUTOCONFIRM=false + + +############ +# Studio - Configuration for the Dashboard +############ + +STUDIO_DEFAULT_ORGANIZATION=app.jaredtsmith.com +STUDIO_DEFAULT_PROJECT=app.jaredtsmith.com + +STUDIO_PORT=3000 +# replace if you intend to use Studio outside of localhost +SUPABASE_PUBLIC_URL=https://app.jaredtsmith.com/studio diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml new file mode 100644 index 0000000..26a713e --- /dev/null +++ b/supabase/docker-compose.yml @@ -0,0 +1,239 @@ +# Usage +# Start: docker compose up +# With helpers: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml up +# Stop: docker compose down +# Destroy: docker compose -f docker-compose.yml -f ./dev/docker-compose.dev.yml down -v --remove-orphans + +version: "3.8" + +services: + studio: + container_name: supabase-studio + image: supabase/studio:20230127-123d704 + restart: unless-stopped + healthcheck: + test: [ "CMD", "node", "-e", "require('http').get('http://localhost:3000/api/profile', (r) => {if (r.statusCode !== 200) throw new Error(r.statusCode)})" ] + timeout: 5s + interval: 5s + retries: 3 + ports: + - ${STUDIO_PORT}:3000/tcp + environment: + STUDIO_PG_META_URL: http://meta:8080 + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + + DEFAULT_ORGANIZATION: ${STUDIO_DEFAULT_ORGANIZATION} + DEFAULT_PROJECT: ${STUDIO_DEFAULT_PROJECT} + + SUPABASE_URL: http://kong:8000 + SUPABASE_PUBLIC_URL: ${SUPABASE_PUBLIC_URL} + SUPABASE_ANON_KEY: ${ANON_KEY} + SUPABASE_SERVICE_KEY: ${SERVICE_ROLE_KEY} + + kong: + container_name: supabase-kong + image: kong:2.8.1 + restart: unless-stopped + ports: + - ${KONG_HTTP_PORT}:8000/tcp + - ${KONG_HTTPS_PORT}:8443/tcp + environment: + KONG_DATABASE: "off" + KONG_DECLARATIVE_CONFIG: /var/lib/kong/kong.yml + # https://github.com/supabase/cli/issues/14 + KONG_DNS_ORDER: LAST,A,CNAME + KONG_PLUGINS: request-transformer,cors,key-auth,acl + KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k + KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k + volumes: + - ./volumes/api:/var/lib/kong:ro + + auth: + container_name: supabase-auth + image: supabase/gotrue:v2.40.1 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9999/health" ] + timeout: 5s + interval: 5s + retries: 3 + restart: unless-stopped + environment: + GOTRUE_API_HOST: 0.0.0.0 + GOTRUE_API_PORT: 9999 + API_EXTERNAL_URL: ${API_EXTERNAL_URL} + + GOTRUE_DB_DRIVER: postgres + GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} + + GOTRUE_SITE_URL: ${SITE_URL} + GOTRUE_URI_ALLOW_LIST: ${ADDITIONAL_REDIRECT_URLS} + GOTRUE_DISABLE_SIGNUP: ${DISABLE_SIGNUP} + + GOTRUE_JWT_ADMIN_ROLES: service_role + GOTRUE_JWT_AUD: authenticated + GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated + GOTRUE_JWT_EXP: ${JWT_EXPIRY} + GOTRUE_JWT_SECRET: ${JWT_SECRET} + + GOTRUE_EXTERNAL_EMAIL_ENABLED: ${ENABLE_EMAIL_SIGNUP} + GOTRUE_MAILER_AUTOCONFIRM: ${ENABLE_EMAIL_AUTOCONFIRM} + # GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true + # GOTRUE_SMTP_MAX_FREQUENCY: 1s + GOTRUE_SMTP_ADMIN_EMAIL: ${SMTP_ADMIN_EMAIL} + GOTRUE_SMTP_HOST: ${SMTP_HOST} + GOTRUE_SMTP_PORT: ${SMTP_PORT} + GOTRUE_SMTP_USER: ${SMTP_USER} + GOTRUE_SMTP_PASS: ${SMTP_PASS} + GOTRUE_SMTP_SENDER_NAME: ${SMTP_SENDER_NAME} + GOTRUE_MAILER_URLPATHS_INVITE: ${MAILER_URLPATHS_INVITE} + GOTRUE_MAILER_URLPATHS_CONFIRMATION: ${MAILER_URLPATHS_CONFIRMATION} + GOTRUE_MAILER_URLPATHS_RECOVERY: ${MAILER_URLPATHS_RECOVERY} + GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: ${MAILER_URLPATHS_EMAIL_CHANGE} + + GOTRUE_EXTERNAL_PHONE_ENABLED: ${ENABLE_PHONE_SIGNUP} + GOTRUE_SMS_AUTOCONFIRM: ${ENABLE_PHONE_AUTOCONFIRM} + MFA_ENABLED: ${MFA_ENABLED} + + rest: + container_name: supabase-rest + image: postgrest/postgrest:v9.0.1.20220717 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + restart: unless-stopped + environment: + PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} + PGRST_DB_SCHEMAS: ${PGRST_DB_SCHEMAS} + PGRST_DB_ANON_ROLE: anon + PGRST_JWT_SECRET: ${JWT_SECRET} + PGRST_DB_USE_LEGACY_GUCS: "false" + + realtime: + container_name: realtime-dev.supabase-realtime + image: supabase/realtime:v2.1.0 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + healthcheck: + test: [ "CMD", "bash", "-c", "printf \\0 > /dev/tcp/localhost/4000" ] + timeout: 5s + interval: 5s + retries: 3 + restart: unless-stopped + environment: + PORT: 4000 + DB_HOST: ${POSTGRES_HOST} + DB_PORT: ${POSTGRES_PORT} + DB_USER: supabase_admin + DB_PASSWORD: ${POSTGRES_PASSWORD} + DB_NAME: ${POSTGRES_DB} + DB_AFTER_CONNECT_QUERY: 'SET search_path TO _realtime' + DB_ENC_KEY: supabaserealtime + API_JWT_SECRET: ${JWT_SECRET} + FLY_ALLOC_ID: fly123 + FLY_APP_NAME: realtime + SECRET_KEY_BASE: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq + ERL_AFLAGS: -proto_dist inet_tcp + ENABLE_TAILSCALE: "false" + DNS_NODES: "''" + command: > + sh -c "/app/bin/migrate && /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)' && /app/bin/server" + + storage: + container_name: supabase-storage + image: supabase/storage-api:v0.26.1 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + rest: + condition: service_started + imgproxy: + condition: service_started + healthcheck: + test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:5000/status" ] + timeout: 5s + interval: 5s + retries: 3 + restart: unless-stopped + environment: + ANON_KEY: ${ANON_KEY} + SERVICE_KEY: ${SERVICE_ROLE_KEY} + POSTGREST_URL: http://rest:3000 + PGRST_JWT_SECRET: ${JWT_SECRET} + DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} + FILE_SIZE_LIMIT: 52428800 + STORAGE_BACKEND: file + FILE_STORAGE_BACKEND_PATH: /var/lib/storage + TENANT_ID: stub + # TODO: https://github.com/supabase/storage-api/issues/55 + REGION: stub + GLOBAL_S3_BUCKET: stub + ENABLE_IMAGE_TRANSFORMATION: "true" + IMGPROXY_URL: http://imgproxy:5001 + volumes: + - ./volumes/storage:/var/lib/storage + + imgproxy: + container_name: supabase-imgproxy + image: darthsim/imgproxy:v3.11 + healthcheck: + test: [ "CMD", "imgproxy", "health" ] + timeout: 5s + interval: 5s + retries: 3 + environment: + IMGPROXY_BIND: ":5001" + IMGPROXY_LOCAL_FILESYSTEM_ROOT: / + IMGPROXY_USE_ETAG: "true" + volumes: + - ./volumes/storage:/var/lib/storage + + meta: + container_name: supabase-meta + image: supabase/postgres-meta:v0.59.0 + depends_on: + db: # Disable this if you are using an external Postgres database + condition: service_healthy + restart: unless-stopped + environment: + PG_META_PORT: 8080 + PG_META_DB_HOST: ${POSTGRES_HOST} + PG_META_DB_PORT: ${POSTGRES_PORT} + PG_META_DB_NAME: ${POSTGRES_DB} + PG_META_DB_USER: supabase_admin + PG_META_DB_PASSWORD: ${POSTGRES_PASSWORD} + + # Comment out everything below this point if you are using an external Postgres database + db: + container_name: supabase-db + image: supabase/postgres:14.1.0.106 + healthcheck: + test: pg_isready -U postgres -h localhost + interval: 5s + timeout: 5s + retries: 10 + command: + - postgres + - -c + - config_file=/etc/postgresql/postgresql.conf + - -c + - log_min_messages=fatal # prevents Realtime polling queries from appearing in logs + restart: unless-stopped + ports: + # Pass down internal port because it's set dynamically by other services + - ${POSTGRES_PORT}:${POSTGRES_PORT} + environment: + POSTGRES_HOST: /var/run/postgresql + PGPORT: ${POSTGRES_PORT} + POSTGRES_PORT: ${POSTGRES_PORT} + PGPASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + PGDATABASE: ${POSTGRES_DB} + POSTGRES_DB: ${POSTGRES_DB} + volumes: + - ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/realtime.sql + - ./volumes/db/roles.sql:/docker-entrypoint-initdb.d/roles.sql + - ./volumes/db/data:/var/lib/postgresql/data diff --git a/supabase/volumes/api/kong.yml b/supabase/volumes/api/kong.yml new file mode 100644 index 0000000..16dc084 --- /dev/null +++ b/supabase/volumes/api/kong.yml @@ -0,0 +1,174 @@ +_format_version: "1.1" + +### +### Consumers / Users +### +consumers: + - username: anon + keyauth_credentials: + - key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAiYW5vbiIsCiAgICAiaXNzIjogInN1cGFiYXNlIiwKICAgICJpYXQiOiAxNjc0ODI0NDAwLAogICAgImV4cCI6IDE4MzI1OTA4MDAKfQ.GjK9HIRUaMB0LZiIXD-qvfKSgZwHUsmLlo6qItGRrx0 + - username: service_role + keyauth_credentials: + - key: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzQ4MjQ0MDAsCiAgICAiZXhwIjogMTgzMjU5MDgwMAp9.8H6IJnWB4kmhKMpRSVQPIaPs1WWOsF_FStCPOxFG-Sk + +### +### Access Control List +### +acls: + - consumer: anon + group: anon + - consumer: service_role + group: admin + +### +### API Routes +### +services: + ## Open Auth routes + - name: auth-v1-open + url: http://auth:9999/verify + routes: + - name: auth-v1-open + strip_path: true + paths: + - /auth/v1/verify + plugins: + - name: cors + - name: auth-v1-open-callback + url: http://auth:9999/callback + routes: + - name: auth-v1-open-callback + strip_path: true + paths: + - /auth/v1/callback + plugins: + - name: cors + - name: auth-v1-open-authorize + url: http://auth:9999/authorize + routes: + - name: auth-v1-open-authorize + strip_path: true + paths: + - /auth/v1/authorize + plugins: + - name: cors + + ## Secure Auth routes + - name: auth-v1 + _comment: "GoTrue: /auth/v1/* -> http://auth:9999/*" + url: http://auth:9999/ + routes: + - name: auth-v1-all + strip_path: true + paths: + - /auth/v1/ + plugins: + - name: cors + - name: key-auth + config: + hide_credentials: false + - name: acl + config: + hide_groups_header: true + allow: + - admin + - anon + + ## Secure REST routes + - name: rest-v1 + _comment: "PostgREST: /rest/v1/* -> http://rest:3000/*" + url: http://rest:3000/ + routes: + - name: rest-v1-all + strip_path: true + paths: + - /rest/v1/ + plugins: + - name: cors + - name: key-auth + config: + hide_credentials: true + - name: acl + config: + hide_groups_header: true + allow: + - admin + - anon + + ## Secure GraphQL routes + - name: graphql-v1 + _comment: "PostgREST: /graphql/v1/* -> http://rest:3000/rpc/graphql" + url: http://rest:3000/rpc/graphql + routes: + - name: graphql-v1-all + strip_path: true + paths: + - /graphql/v1 + plugins: + - name: cors + - name: key-auth + config: + hide_credentials: true + - name: request-transformer + config: + add: + headers: + - Content-Profile:graphql_public + - name: acl + config: + hide_groups_header: true + allow: + - admin + - anon + + ## Secure Realtime routes + - name: realtime-v1 + _comment: "Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*" + url: http://realtime-dev.supabase-realtime:4000/socket/ + routes: + - name: realtime-v1-all + strip_path: true + paths: + - /realtime/v1/ + plugins: + - name: cors + - name: key-auth + config: + hide_credentials: false + - name: acl + config: + hide_groups_header: true + allow: + - admin + - anon + + ## Storage routes: the storage server manages its own auth + - name: storage-v1 + _comment: "Storage: /storage/v1/* -> http://storage:5000/*" + url: http://storage:5000/ + routes: + - name: storage-v1-all + strip_path: true + paths: + - /storage/v1/ + plugins: + - name: cors + + ## Secure Database routes + - name: meta + _comment: "pg-meta: /pg/* -> http://pg-meta:8080/*" + url: http://meta:8080/ + routes: + - name: meta-all + strip_path: true + paths: + - /pg/ + plugins: + - name: key-auth + config: + hide_credentials: false + - name: acl + config: + hide_groups_header: true + allow: + - admin diff --git a/supabase/volumes/db/init/data.sql b/supabase/volumes/db/init/data.sql new file mode 100644 index 0000000..e69de29 diff --git a/supabase/volumes/db/realtime.sql b/supabase/volumes/db/realtime.sql new file mode 100644 index 0000000..a5ff4f9 --- /dev/null +++ b/supabase/volumes/db/realtime.sql @@ -0,0 +1,4 @@ +\set pguser `echo "$POSTGRES_USER"` + +create schema if not exists _realtime; +alter schema _realtime owner to :pguser; \ No newline at end of file diff --git a/supabase/volumes/db/roles.sql b/supabase/volumes/db/roles.sql new file mode 100644 index 0000000..76cb12d --- /dev/null +++ b/supabase/volumes/db/roles.sql @@ -0,0 +1,7 @@ +-- NOTE: change to your own passwords for production environments +\set pgpass `echo "$POSTGRES_PASSWORD"` + +ALTER USER authenticator WITH PASSWORD :'pgpass'; +ALTER USER pgbouncer WITH PASSWORD :'pgpass'; +ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass'; +ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass'; \ No newline at end of file From 372e5b11b2ff2d5256eb78c4fcfc3fe414fed541 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 11:50:56 +1100 Subject: [PATCH 02/32] increase db timeout --- supabase/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml index 26a713e..21c379c 100644 --- a/supabase/docker-compose.yml +++ b/supabase/docker-compose.yml @@ -212,8 +212,8 @@ services: image: supabase/postgres:14.1.0.106 healthcheck: test: pg_isready -U postgres -h localhost - interval: 5s - timeout: 5s + interval: 15s + timeout: 15s retries: 10 command: - postgres From 1b343965d50eb609cc48845028a01917e1bcfa8f Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 15:27:43 +1100 Subject: [PATCH 03/32] remove deprecated config for authelia --- authelia/config/configuration.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/authelia/config/configuration.yml b/authelia/config/configuration.yml index 3f362ad..e05b009 100644 --- a/authelia/config/configuration.yml +++ b/authelia/config/configuration.yml @@ -15,7 +15,8 @@ totp: skew: 1 authentication_backend: - disable_reset_password: false + password_reset: + disable: false file: path: /config/users_database.yml # Make sure this file exists password: From 26feb63849802f4aaa5a6ce25838db39e2937d69 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 15:35:14 +1100 Subject: [PATCH 04/32] update authelia redis name --- authelia/config/configuration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authelia/config/configuration.yml b/authelia/config/configuration.yml index e05b009..60cffd6 100644 --- a/authelia/config/configuration.yml +++ b/authelia/config/configuration.yml @@ -52,7 +52,7 @@ session: domain: jaredtsmith.com # Needs to be your root domain redis: - host: authelia_redis_1 + host: authelia-redis-1 port: 6379 password: # insert secret From 8c981d3fddaa2dc5d50ba5ef22ff7a329ea93e91 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 15:51:01 +1100 Subject: [PATCH 05/32] increase timeout interval --- supabase/.env | 6 +++--- supabase/docker-compose.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/supabase/.env b/supabase/.env index ef22980..9fac7b8 100644 --- a/supabase/.env +++ b/supabase/.env @@ -39,11 +39,11 @@ PGRST_DB_SCHEMAS=public,storage,graphql_public ############ ## General -SITE_URL=https://localhost:3000 +SITE_URL=http://localhost:3000 ADDITIONAL_REDIRECT_URLS= JWT_EXPIRY=3600 DISABLE_SIGNUP=false -API_EXTERNAL_URL=https://localhost:8000 +API_EXTERNAL_URL=http://localhost:8000 ## Mailer Config MAILER_URLPATHS_CONFIRMATION="/auth/v1/verify" @@ -75,4 +75,4 @@ STUDIO_DEFAULT_PROJECT=app.jaredtsmith.com STUDIO_PORT=3000 # replace if you intend to use Studio outside of localhost -SUPABASE_PUBLIC_URL=https://app.jaredtsmith.com/studio +SUPABASE_PUBLIC_URL=https://app.jaredtsmith.com diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml index 21c379c..f920eb0 100644 --- a/supabase/docker-compose.yml +++ b/supabase/docker-compose.yml @@ -212,7 +212,7 @@ services: image: supabase/postgres:14.1.0.106 healthcheck: test: pg_isready -U postgres -h localhost - interval: 15s + interval: 30s timeout: 15s retries: 10 command: From 91abfe5dffd4b79064f3a538ce9148b191e99fe2 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 15:56:45 +1100 Subject: [PATCH 06/32] increase timeout --- supabase/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml index f920eb0..9c9442b 100644 --- a/supabase/docker-compose.yml +++ b/supabase/docker-compose.yml @@ -213,7 +213,7 @@ services: healthcheck: test: pg_isready -U postgres -h localhost interval: 30s - timeout: 15s + timeout: 30s retries: 10 command: - postgres From 9764e51a15cf9ad3ba6b1ee37c1f37898875969c Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 16:03:32 +1100 Subject: [PATCH 07/32] remove db health check for dependancies --- supabase/docker-compose.yml | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml index 9c9442b..5c8d3f1 100644 --- a/supabase/docker-compose.yml +++ b/supabase/docker-compose.yml @@ -52,8 +52,9 @@ services: container_name: supabase-auth image: supabase/gotrue:v2.40.1 depends_on: - db: # Disable this if you are using an external Postgres database - condition: service_healthy + - db + # db: # Disable this if you are using an external Postgres database + # condition: service_healthy healthcheck: test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9999/health" ] timeout: 5s @@ -101,8 +102,9 @@ services: container_name: supabase-rest image: postgrest/postgrest:v9.0.1.20220717 depends_on: - db: # Disable this if you are using an external Postgres database - condition: service_healthy + - db + # db: # Disable this if you are using an external Postgres database + # condition: service_healthy restart: unless-stopped environment: PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} @@ -115,8 +117,9 @@ services: container_name: realtime-dev.supabase-realtime image: supabase/realtime:v2.1.0 depends_on: - db: # Disable this if you are using an external Postgres database - condition: service_healthy + - db + # db: # Disable this if you are using an external Postgres database + # condition: service_healthy healthcheck: test: [ "CMD", "bash", "-c", "printf \\0 > /dev/tcp/localhost/4000" ] timeout: 5s @@ -146,8 +149,9 @@ services: container_name: supabase-storage image: supabase/storage-api:v0.26.1 depends_on: - db: # Disable this if you are using an external Postgres database - condition: service_healthy + - db + # db: # Disable this if you are using an external Postgres database + # condition: service_healthy rest: condition: service_started imgproxy: @@ -195,8 +199,9 @@ services: container_name: supabase-meta image: supabase/postgres-meta:v0.59.0 depends_on: - db: # Disable this if you are using an external Postgres database - condition: service_healthy + - db + # db: # Disable this if you are using an external Postgres database + # condition: service_healthy restart: unless-stopped environment: PG_META_PORT: 8080 From d625a21302597fd68679c63a3f75526fd0696b68 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 00:09:26 -0500 Subject: [PATCH 08/32] reset to default --- supabase/docker-compose.yml | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml index 5c8d3f1..26a713e 100644 --- a/supabase/docker-compose.yml +++ b/supabase/docker-compose.yml @@ -52,9 +52,8 @@ services: container_name: supabase-auth image: supabase/gotrue:v2.40.1 depends_on: - - db - # db: # Disable this if you are using an external Postgres database - # condition: service_healthy + db: # Disable this if you are using an external Postgres database + condition: service_healthy healthcheck: test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:9999/health" ] timeout: 5s @@ -102,9 +101,8 @@ services: container_name: supabase-rest image: postgrest/postgrest:v9.0.1.20220717 depends_on: - - db - # db: # Disable this if you are using an external Postgres database - # condition: service_healthy + db: # Disable this if you are using an external Postgres database + condition: service_healthy restart: unless-stopped environment: PGRST_DB_URI: postgres://authenticator:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} @@ -117,9 +115,8 @@ services: container_name: realtime-dev.supabase-realtime image: supabase/realtime:v2.1.0 depends_on: - - db - # db: # Disable this if you are using an external Postgres database - # condition: service_healthy + db: # Disable this if you are using an external Postgres database + condition: service_healthy healthcheck: test: [ "CMD", "bash", "-c", "printf \\0 > /dev/tcp/localhost/4000" ] timeout: 5s @@ -149,9 +146,8 @@ services: container_name: supabase-storage image: supabase/storage-api:v0.26.1 depends_on: - - db - # db: # Disable this if you are using an external Postgres database - # condition: service_healthy + db: # Disable this if you are using an external Postgres database + condition: service_healthy rest: condition: service_started imgproxy: @@ -199,9 +195,8 @@ services: container_name: supabase-meta image: supabase/postgres-meta:v0.59.0 depends_on: - - db - # db: # Disable this if you are using an external Postgres database - # condition: service_healthy + db: # Disable this if you are using an external Postgres database + condition: service_healthy restart: unless-stopped environment: PG_META_PORT: 8080 @@ -217,8 +212,8 @@ services: image: supabase/postgres:14.1.0.106 healthcheck: test: pg_isready -U postgres -h localhost - interval: 30s - timeout: 30s + interval: 5s + timeout: 5s retries: 10 command: - postgres From 24e8371a53f56e473a2dc367570ea11f9f042a20 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 16:36:25 +1100 Subject: [PATCH 09/32] udpate db volumes to bind --- supabase/docker-compose.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml index 26a713e..88839d7 100644 --- a/supabase/docker-compose.yml +++ b/supabase/docker-compose.yml @@ -234,6 +234,12 @@ services: PGDATABASE: ${POSTGRES_DB} POSTGRES_DB: ${POSTGRES_DB} volumes: - - ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/realtime.sql - - ./volumes/db/roles.sql:/docker-entrypoint-initdb.d/roles.sql - - ./volumes/db/data:/var/lib/postgresql/data + - type: bind + source: ./volumes/db/realtime.sql + target: /docker-entrypoint-initdb.d/realtime.sql + - type: bind + source: ./volumes/db/roles.sql + target: /docker-entrypoint-initdb.d/roles.sql + - type: bind + source: ./volumes/db/data + target: /var/lib/postgresql/data From 8fdeedc141120fbe30b27a0e8d26a0441633d004 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 16:43:18 +1100 Subject: [PATCH 10/32] revert volume change --- supabase/docker-compose.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml index 88839d7..26a713e 100644 --- a/supabase/docker-compose.yml +++ b/supabase/docker-compose.yml @@ -234,12 +234,6 @@ services: PGDATABASE: ${POSTGRES_DB} POSTGRES_DB: ${POSTGRES_DB} volumes: - - type: bind - source: ./volumes/db/realtime.sql - target: /docker-entrypoint-initdb.d/realtime.sql - - type: bind - source: ./volumes/db/roles.sql - target: /docker-entrypoint-initdb.d/roles.sql - - type: bind - source: ./volumes/db/data - target: /var/lib/postgresql/data + - ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/realtime.sql + - ./volumes/db/roles.sql:/docker-entrypoint-initdb.d/roles.sql + - ./volumes/db/data:/var/lib/postgresql/data From d3b92127d456d5380b906f0c346a05e5ff9d2f89 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 28 Jan 2023 16:54:10 +1100 Subject: [PATCH 11/32] updated config paths --- supabase/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/supabase/docker-compose.yml b/supabase/docker-compose.yml index 26a713e..3657b13 100644 --- a/supabase/docker-compose.yml +++ b/supabase/docker-compose.yml @@ -46,7 +46,7 @@ services: KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k volumes: - - ./volumes/api:/var/lib/kong:ro + - /root/docker-infrastructure/supabase/volumes/api:/var/lib/kong:ro auth: container_name: supabase-auth @@ -234,6 +234,6 @@ services: PGDATABASE: ${POSTGRES_DB} POSTGRES_DB: ${POSTGRES_DB} volumes: - - ./volumes/db/realtime.sql:/docker-entrypoint-initdb.d/realtime.sql - - ./volumes/db/roles.sql:/docker-entrypoint-initdb.d/roles.sql + - /root/docker-infrastructure/supabase/volumes/db/realtime.sql:/docker-entrypoint-initdb.d/realtime.sql + - /root/docker-infrastructure/supabase/volumes/db/roles.sql:/docker-entrypoint-initdb.d/roles.sql - ./volumes/db/data:/var/lib/postgresql/data From 9509e64cac1b82ad3be2f61f2b8f579643cb18a2 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 5 Feb 2023 08:59:14 +1100 Subject: [PATCH 12/32] enable production ssl --- outline/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index abf9c0c..d2d20b7 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -36,7 +36,7 @@ services: user: root restart: always container_name: outline - command: sh -c "yarn sequelize:migrate --env=production-ssl-disabled && yarn start --env=production-ssl-disabled" + command: sh -c "yarn sequelize:migrate && yarn start" depends_on: - outline_postgres - outline_redis From a7e41295b9cafa9c18c02fe2e12c938603c96520 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 5 Feb 2023 09:03:12 +1100 Subject: [PATCH 13/32] remove command --- outline/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index d2d20b7..d146dc7 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -36,7 +36,7 @@ services: user: root restart: always container_name: outline - command: sh -c "yarn sequelize:migrate && yarn start" + # command: sh -c "yarn sequelize:migrate && yarn start" depends_on: - outline_postgres - outline_redis From 514f1462d28f1ffe8aff1d5c8c33896ea414cd40 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 00:40:02 -0400 Subject: [PATCH 14/32] update for new version --- outline/docker-compose.yml | 140 +++++++++++++++++++++---------------- 1 file changed, 78 insertions(+), 62 deletions(-) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index d146dc7..8dea01a 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -1,72 +1,88 @@ -version: "2" +version: "3.2" services: - outline_redis: - image: redis - restart: always - container_name: outline_redis - outline_postgres: - image: postgres:13 - restart: always - container_name: outline_postgres - environment: - - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - - POSTGRES_USER=outline - - POSTGRES_DB=outline + outline: + image: docker.getoutline.com/outlinewiki/outline:latest + env_file: ./docker.env + ports: + - "3000:3000" + depends_on: + - postgres + - redis + - storage + + redis: + image: redis + env_file: ./docker.env + ports: + - "6379:6379" volumes: - - /var/lib/docker/volumes/outline/db:/var/lib/postgresql/data:Z + - ./redis.conf:/redis.conf + command: ["redis-server", "/redis.conf"] + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 10s + timeout: 30s + retries: 3 - outline_minio: - image: minio/minio - restart: always - container_name: outline_minio + postgres: + image: postgres + env_file: ./docker.env + ports: + - "5432:5432" volumes: - - /var/lib/docker/volumes/outline/data:/data:Z + - database-data:/var/lib/postgresql/data + healthcheck: + test: ["CMD", "pg_isready"] + interval: 30s + timeout: 20s + retries: 3 environment: - - MINIO_ROOT_USER=minio - - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} - - MINIO_BROWSER_REDIRECT_URL=${MINIO_BROWSER_REDIRECT_URL} + POSTGRES_USER: 'user' + POSTGRES_PASSWORD: 'pass' + POSTGRES_DB: 'outline' + + storage: + image: minio/minio + env_file: ./docker.env ports: - - 9000:9000 - - 9001:9001 - command: "server /data --console-address :9001" + - "9000:9000" + entrypoint: sh + command: -c 'minio server' + deploy: + restart_policy: + condition: on-failure + volumes: + - storage-data:/data + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] + interval: 30s + timeout: 20s + retries: 3 - outline: - image: outlinewiki/outline - user: root + https-portal: + image: steveltn/https-portal + env_file: ./docker.env + ports: + - '80:80' + - '443:443' + links: + - outline + - storage restart: always - container_name: outline - # command: sh -c "yarn sequelize:migrate && yarn start" - depends_on: - - outline_postgres - - outline_redis - - outline_minio + volumes: + - https-portal-data:/var/lib/https-portal + healthcheck: + test: ["CMD", "service", "nginx", "status"] + interval: 30s + timeout: 20s + retries: 3 environment: - - PGSSLMODE=disable - - SECRET_KEY=${SECRET_KEY} - - UTILS_SECRET=${UTILS_SECRET} - - DATABASE_URL=postgres://outline:${POSTGRES_PASSWORD}@outline_postgres:5432/outline - - REDIS_URL=redis://outline_redis:6379 - - URL=${WIKI_URL} - - PORT=3000 - - AWS_ACCESS_KEY_ID=minio - - AWS_REGION=us-east-1 - - AWS_SECRET_ACCESS_KEY=${MINIO_ROOT_PASSWORD} - - AWS_S3_UPLOAD_BUCKET_URL=${WIKIDATA_URL} - - AWS_S3_UPLOAD_BUCKET_NAME=outline - - AWS_S3_UPLOAD_MAX_SIZE=26214400 - - AWS_S3_FORCE_PATH_STYLE=true - - AWS_S3_ACL=private - # - SLACK_KEY=505633415890.2395437869377 - # - SLACK_SECRET=114f1ba04f85ac91de711ee42353e73e - - FORCE_HTTPS=false - - OIDC_CLIENT_ID=outline - - OIDC_CLIENT_SECRET=${OIDC_SECRET} - - OIDC_AUTH_URI=${AUTH_URL}/api/oidc/authorize - - OIDC_TOKEN_URI=${AUTH_URL}/api/oidc/token - - OIDC_USERINFO_URI=${AUTH_URL}/api/oidc/userinfo - - OIDC_DISPLAY_NAME=Authelia - - OIDC_USERNAME_CLAIM=email - - OIDC_SCOPES=openid profile email - ports: - - 3000:3000 + DOMAINS: 'docs.mycompany.com -> http://outline:3000' + STAGE: 'production' + WEBSOCKET: 'true' + +volumes: + https-portal-data: + storage-data: + database-data: \ No newline at end of file From e6411a4a6a8f47c8744de990a0879bb32c01848b Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 00:42:58 -0400 Subject: [PATCH 15/32] remove https proxy --- outline/docker-compose.yml | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index 8dea01a..49b3c63 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -60,29 +60,6 @@ services: timeout: 20s retries: 3 - https-portal: - image: steveltn/https-portal - env_file: ./docker.env - ports: - - '80:80' - - '443:443' - links: - - outline - - storage - restart: always - volumes: - - https-portal-data:/var/lib/https-portal - healthcheck: - test: ["CMD", "service", "nginx", "status"] - interval: 30s - timeout: 20s - retries: 3 - environment: - DOMAINS: 'docs.mycompany.com -> http://outline:3000' - STAGE: 'production' - WEBSOCKET: 'true' - volumes: - https-portal-data: storage-data: database-data: \ No newline at end of file From 241af449e99c476c62ef24f11a61ed518637be12 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 00:43:29 -0400 Subject: [PATCH 16/32] add docker.env --- outline/docker.env | 183 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 outline/docker.env diff --git a/outline/docker.env b/outline/docker.env new file mode 100644 index 0000000..55c1af6 --- /dev/null +++ b/outline/docker.env @@ -0,0 +1,183 @@ +# –––––––––––––––– REQUIRED –––––––––––––––– + +NODE_ENV=production + +# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` +# in your terminal to generate a random value. +SECRET_KEY=generate_a_new_key + +# Generate a unique random key. The format is not important but you could still use +# `openssl rand -hex 32` in your terminal to produce this. +UTILS_SECRET=9d1953dba042e013d7daa0a8e1c238890815b52ba2c30d1dde21396749ac758c + +# For production point these at your databases, in development the default +# should work out of the box. +DATABASE_URL=postgres://outline:earpiece-purveyor-reggae@localhost:5432/outline +DATABASE_URL_TEST=postgres://outline:earpiece-purveyor-reggae@localhost:5432/outline-test +DATABASE_CONNECTION_POOL_MIN= +DATABASE_CONNECTION_POOL_MAX= +# Uncomment this to disable SSL for connecting to Postgres +# PGSSLMODE=disable + +# For redis you can either specify an ioredis compatible url like this +REDIS_URL=redis://localhost:6379 +# or alternatively, if you would like to provide additional connection options, +# use a base64 encoded JSON connection option object. Refer to the ioredis documentation +# for a list of available options. +# Example: Use Redis Sentinel for high availability +# {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"} +# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ== + +# URL should point to the fully qualified, publicly accessible URL. If using a +# proxy the port in URL and PORT may be different. +URL=https://wiki.jaredtsmith.com/ +PORT=3000 + +# See [documentation](docs/SERVICES.md) on running a separate collaboration +# server, for normal operation this does not need to be set. +COLLABORATION_URL= + +# To support uploading of images for avatars and document attachments an +# s3-compatible storage must be provided. AWS S3 is recommended for redundancy +# however if you want to keep all file storage local an alternative such as +# minio (https://github.com/minio/minio) can be used. + +# A more detailed guide on setting up S3 is available here: +# => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f +# +AWS_ACCESS_KEY_ID=minio +AWS_SECRET_ACCESS_KEY=germless-squealing-stoke +AWS_REGION=us-east-1 +AWS_S3_ACCELERATE_URL= +AWS_S3_UPLOAD_BUCKET_URL=https://wikidata.jaredtsmith.com +AWS_S3_UPLOAD_BUCKET_NAME=outline +AWS_S3_UPLOAD_MAX_SIZE=26214400 +AWS_S3_FORCE_PATH_STYLE=true +AWS_S3_ACL=private + + +# –––––––––––––– AUTHENTICATION –––––––––––––– + +# Third party signin credentials, at least ONE OF EITHER Google, Slack, +# or Microsoft is required for a working installation or you'll have no sign-in +# options. + +# To configure Slack auth, you'll need to create an Application at +# => https://api.slack.com/apps +# +# When configuring the Client ID, add a redirect URL under "OAuth & Permissions": +# https:///auth/slack.callback +#SLACK_CLIENT_ID=get_a_key_from_slack +#SLACK_CLIENT_SECRET=get_the_secret_of_above_key + +# To configure Google auth, you'll need to create an OAuth Client ID at +# => https://console.cloud.google.com/apis/credentials +# +# When configuring the Client ID, add an Authorized redirect URI: +# https:///auth/google.callback +#GOOGLE_CLIENT_ID= +#GOOGLE_CLIENT_SECRET= + +# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See +# the guide for details on setting up your Azure App: +# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4 +#AZURE_CLIENT_ID= +#AZURE_CLIENT_SECRET= +#AZURE_RESOURCE_APP_ID= + +# To configure generic OIDC auth, you'll need some kind of identity provider. +# See documentation for whichever IdP you use to acquire the following info: +# Redirect URI is https:///auth/oidc.callback +OIDC_CLIENT_ID=outline +OIDC_CLIENT_SECRET=rYniOVZpZjq4EXkGQRcWaIzYwFi7Pg2YQ0pMuUX8V1TcKhVOh5rYEIr9ldohyoCC +OIDC_AUTH_URI=https://auth.jaredtsmith.com/api/oidc/authorize +OIDC_TOKEN_URI=https://auth.jaredtsmith.com/api/oidc/token +OIDC_USERINFO_URI=https://auth.jaredtsmith.com/api/oidc/userinfo + +# Specify which claims to derive user information from +# Supports any valid JSON path with the JWT payload +OIDC_USERNAME_CLAIM=email + +# Display name for OIDC authentication +OIDC_DISPLAY_NAME=Authelia + +# Space separated auth scopes. +OIDC_SCOPES=openid profile email + + +# –––––––––––––––– OPTIONAL –––––––––––––––– + +# Base64 encoded private key and certificate for HTTPS termination. This is only +# required if you do not use an external reverse proxy. See documentation: +# https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45 +#SSL_KEY= +#SSL_CERT= + +# If using a Cloudfront/Cloudflare distribution or similar it can be set below. +# This will cause paths to javascript, stylesheets, and images to be updated to +# the hostname defined in CDN_URL. In your CDN configuration the origin server +# should be set to the same as URL. +#CDN_URL= + +# Auto-redirect to https in production. The default is true but you may set to +# false if you can be sure that SSL is terminated at an external loadbalancer. +FORCE_HTTPS=true + +# Have the installation check for updates by sending anonymized statistics to +# the maintainers +ENABLE_UPDATES=true + +# How many processes should be spawned. As a reasonable rule divide your servers +# available memory by 512 for a rough estimate +WEB_CONCURRENCY=1 + +# Override the maximum size of document imports, could be required if you have +# especially large Word documents with embedded imagery +MAXIMUM_IMPORT_SIZE=5120000 + +# You can remove this line if your reverse proxy already logs incoming http +# requests and this ends up being duplicative +DEBUG=http + +# Configure lowest severity level for server logs. Should be one of +# error, warn, info, http, verbose, debug and silly +LOG_LEVEL=info + +# For a complete Slack integration with search and posting to channels the +# following configs are also needed, some more details +# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a +# +#SLACK_VERIFICATION_TOKEN=your_token +#SLACK_APP_ID=A0XXXXXXX +#SLACK_MESSAGE_ACTIONS=true + +# Optionally enable google analytics to track pageviews in the knowledge base +#GOOGLE_ANALYTICS_ID= + +# Optionally enable Sentry (sentry.io) to track errors and performance, +# and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI: +# https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option) +#SENTRY_DSN= +#SENTRY_TUNNEL= + +# To support sending outgoing transactional emails such as "document updated" or +# "you've been invited" you'll need to provide authentication for an SMTP server +#SMTP_HOST= +#SMTP_PORT= +#SMTP_USERNAME= +#SMTP_PASSWORD= +#SMTP_FROM_EMAIL=hello@example.com +#SMTP_REPLY_EMAIL=hello@example.com +#SMTP_TLS_CIPHERS= +#SMTP_SECURE=true + +# The default interface language. See translate.getoutline.com for a list of +# available language codes and their rough percentage translated. +DEFAULT_LANGUAGE=en_AU + +# Optionally enable rate limiter at application web server +RATE_LIMITER_ENABLED=true + +# Configure default throttling parameters for rate limiter +RATE_LIMITER_REQUESTS=1000 +RATE_LIMITER_DURATION_WINDOW=60 \ No newline at end of file From d310f7f36791520b875eb6d8fa94888ab276e422 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 00:47:51 -0400 Subject: [PATCH 17/32] update based on errors --- outline/docker.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/outline/docker.env b/outline/docker.env index 55c1af6..400f4bf 100644 --- a/outline/docker.env +++ b/outline/docker.env @@ -4,7 +4,7 @@ NODE_ENV=production # Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` # in your terminal to generate a random value. -SECRET_KEY=generate_a_new_key +SECRET_KEY=e418878377349d064f44fe562ece076bf67890e9370989d671743d65d3ba175d # Generate a unique random key. The format is not important but you could still use # `openssl rand -hex 32` in your terminal to produce this. @@ -173,7 +173,7 @@ LOG_LEVEL=info # The default interface language. See translate.getoutline.com for a list of # available language codes and their rough percentage translated. -DEFAULT_LANGUAGE=en_AU +DEFAULT_LANGUAGE=en_US # Optionally enable rate limiter at application web server RATE_LIMITER_ENABLED=true From 17df8f50861ffd64a87c756f6d6624afa07e38aa Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 00:51:37 -0400 Subject: [PATCH 18/32] update container names --- outline/docker-compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index 49b3c63..06293ec 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -12,6 +12,7 @@ services: - storage redis: + container_name: outline_redis image: redis env_file: ./docker.env ports: @@ -26,6 +27,7 @@ services: retries: 3 postgres: + container_name: outline_postgres image: postgres env_file: ./docker.env ports: @@ -43,6 +45,7 @@ services: POSTGRES_DB: 'outline' storage: + container_name: outline_minio image: minio/minio env_file: ./docker.env ports: From a44d279589ce067ac8720337914dc58a49806707 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 00:57:56 -0400 Subject: [PATCH 19/32] Update 'outline/docker-compose.yml' --- outline/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index 06293ec..9793d6e 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -40,8 +40,8 @@ services: timeout: 20s retries: 3 environment: - POSTGRES_USER: 'user' - POSTGRES_PASSWORD: 'pass' + POSTGRES_USER: 'outline' + POSTGRES_PASSWORD: 'earpiece-purveyor-reggae' POSTGRES_DB: 'outline' storage: From f8e3aa8c470248604de1cb6a975817bfb0521940 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 01:03:01 -0400 Subject: [PATCH 20/32] Update 'outline/docker-compose.yml' --- outline/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index 9793d6e..f569434 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -33,7 +33,7 @@ services: ports: - "5432:5432" volumes: - - database-data:/var/lib/postgresql/data + - /var/lib/docker/volumes/outline/db:/var/lib/postgresql/data:Z healthcheck: test: ["CMD", "pg_isready"] interval: 30s @@ -56,7 +56,7 @@ services: restart_policy: condition: on-failure volumes: - - storage-data:/data + - /var/lib/docker/volumes/outline/data:/data:Z healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s From 99c877d38727dc118d149b07b01de5a12b2ec336 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 01:04:10 -0400 Subject: [PATCH 21/32] Update 'outline/docker-compose.yml' --- outline/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index f569434..052f474 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -28,7 +28,7 @@ services: postgres: container_name: outline_postgres - image: postgres + image: postgres:13 env_file: ./docker.env ports: - "5432:5432" From 461e76cdfc4f24ffefea8c730917dabaa405aa67 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 01:09:48 -0400 Subject: [PATCH 22/32] rollback --- outline/docker-compose.yml | 118 +++++++++++++++++++------------------ 1 file changed, 61 insertions(+), 57 deletions(-) diff --git a/outline/docker-compose.yml b/outline/docker-compose.yml index 052f474..d146dc7 100644 --- a/outline/docker-compose.yml +++ b/outline/docker-compose.yml @@ -1,68 +1,72 @@ -version: "3.2" +version: "2" services: - - outline: - image: docker.getoutline.com/outlinewiki/outline:latest - env_file: ./docker.env - ports: - - "3000:3000" - depends_on: - - postgres - - redis - - storage - - redis: - container_name: outline_redis + outline_redis: image: redis - env_file: ./docker.env - ports: - - "6379:6379" - volumes: - - ./redis.conf:/redis.conf - command: ["redis-server", "/redis.conf"] - healthcheck: - test: ["CMD", "redis-cli", "ping"] - interval: 10s - timeout: 30s - retries: 3 + restart: always + container_name: outline_redis - postgres: - container_name: outline_postgres + outline_postgres: image: postgres:13 - env_file: ./docker.env - ports: - - "5432:5432" + restart: always + container_name: outline_postgres + environment: + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_USER=outline + - POSTGRES_DB=outline volumes: - /var/lib/docker/volumes/outline/db:/var/lib/postgresql/data:Z - healthcheck: - test: ["CMD", "pg_isready"] - interval: 30s - timeout: 20s - retries: 3 - environment: - POSTGRES_USER: 'outline' - POSTGRES_PASSWORD: 'earpiece-purveyor-reggae' - POSTGRES_DB: 'outline' - storage: - container_name: outline_minio + outline_minio: image: minio/minio - env_file: ./docker.env - ports: - - "9000:9000" - entrypoint: sh - command: -c 'minio server' - deploy: - restart_policy: - condition: on-failure + restart: always + container_name: outline_minio volumes: - /var/lib/docker/volumes/outline/data:/data:Z - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] - interval: 30s - timeout: 20s - retries: 3 + environment: + - MINIO_ROOT_USER=minio + - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} + - MINIO_BROWSER_REDIRECT_URL=${MINIO_BROWSER_REDIRECT_URL} + ports: + - 9000:9000 + - 9001:9001 + command: "server /data --console-address :9001" -volumes: - storage-data: - database-data: \ No newline at end of file + outline: + image: outlinewiki/outline + user: root + restart: always + container_name: outline + # command: sh -c "yarn sequelize:migrate && yarn start" + depends_on: + - outline_postgres + - outline_redis + - outline_minio + environment: + - PGSSLMODE=disable + - SECRET_KEY=${SECRET_KEY} + - UTILS_SECRET=${UTILS_SECRET} + - DATABASE_URL=postgres://outline:${POSTGRES_PASSWORD}@outline_postgres:5432/outline + - REDIS_URL=redis://outline_redis:6379 + - URL=${WIKI_URL} + - PORT=3000 + - AWS_ACCESS_KEY_ID=minio + - AWS_REGION=us-east-1 + - AWS_SECRET_ACCESS_KEY=${MINIO_ROOT_PASSWORD} + - AWS_S3_UPLOAD_BUCKET_URL=${WIKIDATA_URL} + - AWS_S3_UPLOAD_BUCKET_NAME=outline + - AWS_S3_UPLOAD_MAX_SIZE=26214400 + - AWS_S3_FORCE_PATH_STYLE=true + - AWS_S3_ACL=private + # - SLACK_KEY=505633415890.2395437869377 + # - SLACK_SECRET=114f1ba04f85ac91de711ee42353e73e + - FORCE_HTTPS=false + - OIDC_CLIENT_ID=outline + - OIDC_CLIENT_SECRET=${OIDC_SECRET} + - OIDC_AUTH_URI=${AUTH_URL}/api/oidc/authorize + - OIDC_TOKEN_URI=${AUTH_URL}/api/oidc/token + - OIDC_USERINFO_URI=${AUTH_URL}/api/oidc/userinfo + - OIDC_DISPLAY_NAME=Authelia + - OIDC_USERNAME_CLAIM=email + - OIDC_SCOPES=openid profile email + ports: + - 3000:3000 From a91a6d6534969637b772ebbf9f1c37d479f13ff8 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 01:10:06 -0400 Subject: [PATCH 23/32] Delete 'outline/docker.env' --- outline/docker.env | 183 --------------------------------------------- 1 file changed, 183 deletions(-) delete mode 100644 outline/docker.env diff --git a/outline/docker.env b/outline/docker.env deleted file mode 100644 index 400f4bf..0000000 --- a/outline/docker.env +++ /dev/null @@ -1,183 +0,0 @@ -# –––––––––––––––– REQUIRED –––––––––––––––– - -NODE_ENV=production - -# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` -# in your terminal to generate a random value. -SECRET_KEY=e418878377349d064f44fe562ece076bf67890e9370989d671743d65d3ba175d - -# Generate a unique random key. The format is not important but you could still use -# `openssl rand -hex 32` in your terminal to produce this. -UTILS_SECRET=9d1953dba042e013d7daa0a8e1c238890815b52ba2c30d1dde21396749ac758c - -# For production point these at your databases, in development the default -# should work out of the box. -DATABASE_URL=postgres://outline:earpiece-purveyor-reggae@localhost:5432/outline -DATABASE_URL_TEST=postgres://outline:earpiece-purveyor-reggae@localhost:5432/outline-test -DATABASE_CONNECTION_POOL_MIN= -DATABASE_CONNECTION_POOL_MAX= -# Uncomment this to disable SSL for connecting to Postgres -# PGSSLMODE=disable - -# For redis you can either specify an ioredis compatible url like this -REDIS_URL=redis://localhost:6379 -# or alternatively, if you would like to provide additional connection options, -# use a base64 encoded JSON connection option object. Refer to the ioredis documentation -# for a list of available options. -# Example: Use Redis Sentinel for high availability -# {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"} -# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ== - -# URL should point to the fully qualified, publicly accessible URL. If using a -# proxy the port in URL and PORT may be different. -URL=https://wiki.jaredtsmith.com/ -PORT=3000 - -# See [documentation](docs/SERVICES.md) on running a separate collaboration -# server, for normal operation this does not need to be set. -COLLABORATION_URL= - -# To support uploading of images for avatars and document attachments an -# s3-compatible storage must be provided. AWS S3 is recommended for redundancy -# however if you want to keep all file storage local an alternative such as -# minio (https://github.com/minio/minio) can be used. - -# A more detailed guide on setting up S3 is available here: -# => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f -# -AWS_ACCESS_KEY_ID=minio -AWS_SECRET_ACCESS_KEY=germless-squealing-stoke -AWS_REGION=us-east-1 -AWS_S3_ACCELERATE_URL= -AWS_S3_UPLOAD_BUCKET_URL=https://wikidata.jaredtsmith.com -AWS_S3_UPLOAD_BUCKET_NAME=outline -AWS_S3_UPLOAD_MAX_SIZE=26214400 -AWS_S3_FORCE_PATH_STYLE=true -AWS_S3_ACL=private - - -# –––––––––––––– AUTHENTICATION –––––––––––––– - -# Third party signin credentials, at least ONE OF EITHER Google, Slack, -# or Microsoft is required for a working installation or you'll have no sign-in -# options. - -# To configure Slack auth, you'll need to create an Application at -# => https://api.slack.com/apps -# -# When configuring the Client ID, add a redirect URL under "OAuth & Permissions": -# https:///auth/slack.callback -#SLACK_CLIENT_ID=get_a_key_from_slack -#SLACK_CLIENT_SECRET=get_the_secret_of_above_key - -# To configure Google auth, you'll need to create an OAuth Client ID at -# => https://console.cloud.google.com/apis/credentials -# -# When configuring the Client ID, add an Authorized redirect URI: -# https:///auth/google.callback -#GOOGLE_CLIENT_ID= -#GOOGLE_CLIENT_SECRET= - -# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See -# the guide for details on setting up your Azure App: -# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4 -#AZURE_CLIENT_ID= -#AZURE_CLIENT_SECRET= -#AZURE_RESOURCE_APP_ID= - -# To configure generic OIDC auth, you'll need some kind of identity provider. -# See documentation for whichever IdP you use to acquire the following info: -# Redirect URI is https:///auth/oidc.callback -OIDC_CLIENT_ID=outline -OIDC_CLIENT_SECRET=rYniOVZpZjq4EXkGQRcWaIzYwFi7Pg2YQ0pMuUX8V1TcKhVOh5rYEIr9ldohyoCC -OIDC_AUTH_URI=https://auth.jaredtsmith.com/api/oidc/authorize -OIDC_TOKEN_URI=https://auth.jaredtsmith.com/api/oidc/token -OIDC_USERINFO_URI=https://auth.jaredtsmith.com/api/oidc/userinfo - -# Specify which claims to derive user information from -# Supports any valid JSON path with the JWT payload -OIDC_USERNAME_CLAIM=email - -# Display name for OIDC authentication -OIDC_DISPLAY_NAME=Authelia - -# Space separated auth scopes. -OIDC_SCOPES=openid profile email - - -# –––––––––––––––– OPTIONAL –––––––––––––––– - -# Base64 encoded private key and certificate for HTTPS termination. This is only -# required if you do not use an external reverse proxy. See documentation: -# https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45 -#SSL_KEY= -#SSL_CERT= - -# If using a Cloudfront/Cloudflare distribution or similar it can be set below. -# This will cause paths to javascript, stylesheets, and images to be updated to -# the hostname defined in CDN_URL. In your CDN configuration the origin server -# should be set to the same as URL. -#CDN_URL= - -# Auto-redirect to https in production. The default is true but you may set to -# false if you can be sure that SSL is terminated at an external loadbalancer. -FORCE_HTTPS=true - -# Have the installation check for updates by sending anonymized statistics to -# the maintainers -ENABLE_UPDATES=true - -# How many processes should be spawned. As a reasonable rule divide your servers -# available memory by 512 for a rough estimate -WEB_CONCURRENCY=1 - -# Override the maximum size of document imports, could be required if you have -# especially large Word documents with embedded imagery -MAXIMUM_IMPORT_SIZE=5120000 - -# You can remove this line if your reverse proxy already logs incoming http -# requests and this ends up being duplicative -DEBUG=http - -# Configure lowest severity level for server logs. Should be one of -# error, warn, info, http, verbose, debug and silly -LOG_LEVEL=info - -# For a complete Slack integration with search and posting to channels the -# following configs are also needed, some more details -# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a -# -#SLACK_VERIFICATION_TOKEN=your_token -#SLACK_APP_ID=A0XXXXXXX -#SLACK_MESSAGE_ACTIONS=true - -# Optionally enable google analytics to track pageviews in the knowledge base -#GOOGLE_ANALYTICS_ID= - -# Optionally enable Sentry (sentry.io) to track errors and performance, -# and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI: -# https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option) -#SENTRY_DSN= -#SENTRY_TUNNEL= - -# To support sending outgoing transactional emails such as "document updated" or -# "you've been invited" you'll need to provide authentication for an SMTP server -#SMTP_HOST= -#SMTP_PORT= -#SMTP_USERNAME= -#SMTP_PASSWORD= -#SMTP_FROM_EMAIL=hello@example.com -#SMTP_REPLY_EMAIL=hello@example.com -#SMTP_TLS_CIPHERS= -#SMTP_SECURE=true - -# The default interface language. See translate.getoutline.com for a list of -# available language codes and their rough percentage translated. -DEFAULT_LANGUAGE=en_US - -# Optionally enable rate limiter at application web server -RATE_LIMITER_ENABLED=true - -# Configure default throttling parameters for rate limiter -RATE_LIMITER_REQUESTS=1000 -RATE_LIMITER_DURATION_WINDOW=60 \ No newline at end of file From adf04420cef5f1c163ebf86773ec9feed2e4f1dd Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 01:26:28 -0400 Subject: [PATCH 24/32] Add 'documize/docker_compose.yml' --- documize/docker_compose.yml | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 documize/docker_compose.yml diff --git a/documize/docker_compose.yml b/documize/docker_compose.yml new file mode 100644 index 0000000..00fba3e --- /dev/null +++ b/documize/docker_compose.yml @@ -0,0 +1,38 @@ +version: "3" + +services: + db: + image: postgres:12 + restart: always + ports: + - 5432:5432 + environment: + POSTGRES_USER: documize + POSTGRES_PASSWORD: ${DOCUMIZE_PASSWORD} + POSTGRES_DB: documize + volumes: + - db-data:/var/lib/postgresql/data + networks: + - documizenet + + app: + image: debian:latest + command: /bin/sh -c "apt-get -qq update && apt-get -qq install -y wget && wget https://community-downloads.s3.us-east-2.amazonaws.com/documize-community-plus-linux-amd64 && chmod 777 ./documize-community-plus-linux-amd64 && ./documize-community-plus-linux-amd64" + depends_on: + - db + ports: + - 5001:5001 + environment: + DOCUMIZEPORT: 5001 + DOCUMIZEDB: host=db port=5432 dbname=documize user=documize password=${DOCUMIZE_PASSWORD} sslmode=disable + DOCUMIZEDBTYPE: postgresql + DOCUMIZESALT: ${DOCUMIZE_SALT} + DOCUMIZELOCATION: selfhost + networks: + - documizenet + +volumes: + db-data: + +networks: + documizenet: \ No newline at end of file From db2309d487a22d173c40c4b30c5614b8de6c8db0 Mon Sep 17 00:00:00 2001 From: jared Date: Sun, 16 Jul 2023 03:50:47 -0400 Subject: [PATCH 25/32] Update 'postgres/docker-compose.yml' --- postgres/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postgres/docker-compose.yml b/postgres/docker-compose.yml index f08766f..958b52e 100644 --- a/postgres/docker-compose.yml +++ b/postgres/docker-compose.yml @@ -1,7 +1,7 @@ version: "3.7" services: db: - image: postgres:latest + image: postgres:14 restart: always environment: POSTGRES_DB: postgres From 820923076b874290e0024fcb8bd2f4055e7324ef Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 22 Jul 2023 00:16:04 -0400 Subject: [PATCH 26/32] Add 'penpot/docker-compose.yml' --- penpot/docker-compose.yml | 80 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 penpot/docker-compose.yml diff --git a/penpot/docker-compose.yml b/penpot/docker-compose.yml new file mode 100644 index 0000000..901e132 --- /dev/null +++ b/penpot/docker-compose.yml @@ -0,0 +1,80 @@ +--- +version: "3.5" + +networks: + penpot: + +volumes: + penpot_postgres_v15: + penpot_assets: + +services: + penpot-frontend: + image: "penpotapp/frontend:latest" + restart: always + ports: + - 4002:80 + + volumes: + - penpot_assets:/opt/data/assets + + depends_on: + - penpot-backend + - penpot-exporter + + networks: + - penpot + + environment: + - PENPOT_FLAGS=enable-registration enable-login-with-password enable-login-with-oidc + + penpot-backend: + image: "penpotapp/backend:latest" + restart: always + + volumes: + - penpot_assets:/opt/data/assets + + depends_on: + - penpot-postgres + - penpot-redis + + networks: + - penpot + + environment: + - PENPOT_FLAGS=enable-registration enable-login-with-password enable-login-with-oidc disable-email-verification enable-smtp enable-prepl-server + + + penpot-exporter: + image: "penpotapp/exporter:latest" + restart: always + networks: + - penpot + + environment: + - PENPOT_PUBLIC_URI=http://penpot-frontend + - PENPOT_REDIS_URI=redis://penpot-redis/0 + + penpot-postgres: + image: "postgres:15" + restart: always + stop_signal: SIGINT + + volumes: + - penpot_postgres_v15:/var/lib/postgresql/data + + networks: + - penpot + + environment: + - POSTGRES_INITDB_ARGS=--data-checksums + - POSTGRES_DB=penpot + - POSTGRES_USER=penpot + - POSTGRES_PASSWORD=penpot + + penpot-redis: + image: redis:7 + restart: always + networks: + - penpot From 81eab63be763e1d430a0fa7eda4469bf214a9bdb Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 22 Jul 2023 00:18:38 -0400 Subject: [PATCH 27/32] Update 'penpot/docker-compose.yml' --- penpot/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/penpot/docker-compose.yml b/penpot/docker-compose.yml index 901e132..e2c4932 100644 --- a/penpot/docker-compose.yml +++ b/penpot/docker-compose.yml @@ -13,7 +13,7 @@ services: image: "penpotapp/frontend:latest" restart: always ports: - - 4002:80 + - 3000:80 volumes: - penpot_assets:/opt/data/assets From 44c192618e14a8f6a368e836d7dbd919cc271292 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 22 Jul 2023 00:34:35 -0400 Subject: [PATCH 28/32] Update 'penpot/docker-compose.yml' --- penpot/docker-compose.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/penpot/docker-compose.yml b/penpot/docker-compose.yml index e2c4932..5eaa29b 100644 --- a/penpot/docker-compose.yml +++ b/penpot/docker-compose.yml @@ -44,6 +44,9 @@ services: environment: - PENPOT_FLAGS=enable-registration enable-login-with-password enable-login-with-oidc disable-email-verification enable-smtp enable-prepl-server + - PENPOT_OIDC_CLIENT_ID=${PENPOT_OIDC_CLIENT_ID} + - PENPOT_OIDC_BASE_URI=${PENPOT_OIDC_BASE_URI} + - PENPOT_OIDC_CLIENT_SECRET=${PENPOT_OIDC_CLIENT_SECRET} penpot-exporter: From ed3cca7ca4cbb70e12f8bd45fcdc3b7bd4f54ebc Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 22 Jul 2023 00:37:33 -0400 Subject: [PATCH 29/32] Update 'penpot/docker-compose.yml' --- penpot/docker-compose.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/penpot/docker-compose.yml b/penpot/docker-compose.yml index 5eaa29b..56c8800 100644 --- a/penpot/docker-compose.yml +++ b/penpot/docker-compose.yml @@ -26,7 +26,7 @@ services: - penpot environment: - - PENPOT_FLAGS=enable-registration enable-login-with-password enable-login-with-oidc + - PENPOT_FLAGS=enable-registration enable-login-with-password penpot-backend: image: "penpotapp/backend:latest" @@ -43,11 +43,7 @@ services: - penpot environment: - - PENPOT_FLAGS=enable-registration enable-login-with-password enable-login-with-oidc disable-email-verification enable-smtp enable-prepl-server - - PENPOT_OIDC_CLIENT_ID=${PENPOT_OIDC_CLIENT_ID} - - PENPOT_OIDC_BASE_URI=${PENPOT_OIDC_BASE_URI} - - PENPOT_OIDC_CLIENT_SECRET=${PENPOT_OIDC_CLIENT_SECRET} - + - PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server penpot-exporter: image: "penpotapp/exporter:latest" From 148fb5387578bf6f9f8bc694cbc769b686972eca Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 22 Jul 2023 02:08:25 -0400 Subject: [PATCH 30/32] Add 'gramps/docker-compose.yml' --- gramps/docker-compose.yml | 47 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 gramps/docker-compose.yml diff --git a/gramps/docker-compose.yml b/gramps/docker-compose.yml new file mode 100644 index 0000000..25fded3 --- /dev/null +++ b/gramps/docker-compose.yml @@ -0,0 +1,47 @@ +version: "3.7" + +services: + grampsweb: &grampsweb + image: ghcr.io/gramps-project/grampsweb:latest + restart: always + ports: + - "3000:5000" # host:docker + environment: + GRAMPSWEB_TREE: "Gramps Web" # will create a new tree if not exists + GRAMPSWEB_CELERY_CONFIG__broker_url: "redis://grampsweb_redis:6379/0" + GRAMPSWEB_CELERY_CONFIG__result_backend: "redis://grampsweb_redis:6379/0" + GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://grampsweb_redis:6379/1 + depends_on: + - grampsweb_redis + volumes: + - gramps_users:/app/users # persist user database + - gramps_index:/app/indexdir # persist search index + - gramps_thumb_cache:/app/thumbnail_cache # persist thumbnails + - gramps_cache:/app/cache # persist export and report caches + - gramps_secret:/app/secret # persist flask secret + - gramps_db:/root/.gramps/grampsdb # persist Gramps database + - gramps_media:/app/media # persist media files + - gramps_tmp:/tmp + + grampsweb_celery: + <<: *grampsweb # YAML merge key copying the entire grampsweb service config + ports: [] + container_name: grampsweb_celery + depends_on: + - grampsweb_redis + command: celery -A gramps_webapi.celery worker --loglevel=INFO + + grampsweb_redis: + image: redis:alpine + container_name: grampsweb_redis + restart: always + +volumes: + gramps_users: + gramps_index: + gramps_thumb_cache: + gramps_cache: + gramps_secret: + gramps_db: + gramps_media: + gramps_tmp: \ No newline at end of file From 24a5eafc140f8a04ca7aa6b9c99e6746fdc40679 Mon Sep 17 00:00:00 2001 From: jared Date: Sat, 22 Jul 2023 02:43:36 -0400 Subject: [PATCH 31/32] Update 'gramps/docker-compose.yml' --- gramps/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/gramps/docker-compose.yml b/gramps/docker-compose.yml index 25fded3..4844955 100644 --- a/gramps/docker-compose.yml +++ b/gramps/docker-compose.yml @@ -8,6 +8,7 @@ services: - "3000:5000" # host:docker environment: GRAMPSWEB_TREE: "Gramps Web" # will create a new tree if not exists + GUNICORN_NUM_WORKERS: 2 GRAMPSWEB_CELERY_CONFIG__broker_url: "redis://grampsweb_redis:6379/0" GRAMPSWEB_CELERY_CONFIG__result_backend: "redis://grampsweb_redis:6379/0" GRAMPSWEB_RATELIMIT_STORAGE_URI: redis://grampsweb_redis:6379/1 From 8873d442c8496936bb8c42439861e8131e31f8be Mon Sep 17 00:00:00 2001 From: jared Date: Fri, 15 Mar 2024 17:49:12 -0400 Subject: [PATCH 32/32] Delete 'postgres/.env' --- postgres/.env | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 postgres/.env diff --git a/postgres/.env b/postgres/.env deleted file mode 100644 index c2f144a..0000000 --- a/postgres/.env +++ /dev/null @@ -1,4 +0,0 @@ -DB_USER=dev -DB_PASSWORD=Sprite-Marmalade-Freight-Immunize -ADMIN_USER=admin@jaredtsmith.com -ADMIN_PASSWORD=QV^dT9XXgiUM \ No newline at end of file