|
|
|
@ -3,50 +3,127 @@ NODE_ENV=production
|
|
|
|
|
|
|
|
|
|
# The path to NODEJS
|
|
|
|
|
PATH=__NODEJS_PATH__
|
|
|
|
|
|
|
|
|
|
# Activate Debug mode
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# Debug OIDC OAuth2 etc.
|
|
|
|
|
#DEBUG=true
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# URL of the mongodb
|
|
|
|
|
MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__
|
|
|
|
|
|
|
|
|
|
# Root URL
|
|
|
|
|
# ROOT_URL EXAMPLES FOR WEBSERVERS: https://github.com/wekan/wekan/wiki/Settings
|
|
|
|
|
# Production: https://example.com/wekan
|
|
|
|
|
# Local: http://localhost:3000
|
|
|
|
|
# ipaddress=$(ifdata -pa eth0)
|
|
|
|
|
ROOT_URL=https://__DOMAIN_URI__
|
|
|
|
|
|
|
|
|
|
# Mail URL
|
|
|
|
|
MAIL_URL=smtp://localhost
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# Working email IS NOT REQUIRED to use Wekan.
|
|
|
|
|
# https://github.com/wekan/wekan/wiki/Adding-users
|
|
|
|
|
# https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
|
|
|
|
|
# https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml
|
|
|
|
|
MAIL_URL='smtp://localhost:25'
|
|
|
|
|
MAIL_FROM='Wekan Support <wekan@__DOMAIN__>'
|
|
|
|
|
|
|
|
|
|
# This is local port where Wekan Node.js runs
|
|
|
|
|
PORT=__PORT__
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------
|
|
|
|
|
# Wekan Export Board works when WITH_API=true.
|
|
|
|
|
# If you disable Wekan API with false, Export Board does not work.
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# Wekan Export Board works when WITH_API='true'.
|
|
|
|
|
# If you disable Wekan API, Export Board does not work.
|
|
|
|
|
WITH_API='true'
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== PASSWORD BRUTE FORCE PROTECTION ====
|
|
|
|
|
# https://atmospherejs.com/lucasantoniassi/accounts-lockout
|
|
|
|
|
# Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
|
|
|
|
|
#ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
|
|
|
|
|
#ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
|
|
|
|
|
#ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
|
|
|
|
|
#ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
|
|
|
|
|
#ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
|
|
|
|
|
#ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== RICH TEXT EDITOR IN CARD COMMENTS ====
|
|
|
|
|
# https://github.com/wekan/wekan/pull/2560
|
|
|
|
|
RICHER_CARD_COMMENT_EDITOR=true
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
|
|
|
|
|
CARD_OPENED_WEBHOOK_ENABLED=false
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== Allow to shrink attached/pasted image ====
|
|
|
|
|
# https://github.com/wekan/wekan/pull/2544
|
|
|
|
|
#MAX_IMAGE_PIXEL=1024
|
|
|
|
|
#IMAGE_COMPRESS_RATIO=80
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== BIGEVENTS DUE ETC NOTIFICATIONS =====
|
|
|
|
|
# https://github.com/wekan/wekan/pull/2541
|
|
|
|
|
# Introduced a system env var BIGEVENTS_PATTERN default as "NONE",
|
|
|
|
|
# so any activityType matches the pattern, system will send out
|
|
|
|
|
# notifications to all board members no matter they are watching
|
|
|
|
|
# or tracking the board or not. Owner of the wekan server can
|
|
|
|
|
# disable the feature by setting this variable to "NONE" or
|
|
|
|
|
# change the pattern to any valid regex. i.e. '|' delimited
|
|
|
|
|
# activityType names.
|
|
|
|
|
# a) Example
|
|
|
|
|
#BIGEVENTS_PATTERN=due
|
|
|
|
|
# b) All
|
|
|
|
|
#BIGEVENTS_PATTERN=received|start|due|end
|
|
|
|
|
# c) Disabled
|
|
|
|
|
BIGEVENTS_PATTERN=NONE
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== EMAIL DUE DATE NOTIFICATION =====
|
|
|
|
|
# https://github.com/wekan/wekan/pull/2536
|
|
|
|
|
# System timelines will be showing any user modification for
|
|
|
|
|
# dueat startat endat receivedat, also notification to
|
|
|
|
|
# the watchers and if any card is due, about due or past due.
|
|
|
|
|
#
|
|
|
|
|
# Notify due days, default is None.
|
|
|
|
|
#NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0
|
|
|
|
|
# it will notify user 2 days before due day and on the due day
|
|
|
|
|
#
|
|
|
|
|
# Notify due at hour of day. Default every morning at 8am. Can be 0-23.
|
|
|
|
|
# If env variable has parsing error, use default. Notification sent to watchers.
|
|
|
|
|
# NOTIFY_DUE_AT_HOUR_OF_DAY=8
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== EMAIL NOTIFICATION TIMEOUT, ms =====
|
|
|
|
|
# Defaut: 30000 ms = 30s
|
|
|
|
|
#EMAIL_NOTIFICATION_TIMEOUT=30000
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# CORS: Set Access-Control-Allow-Origin header. Example: *
|
|
|
|
|
#CORS=*
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------
|
|
|
|
|
## Optional: Integration with Matomo https://matomo.org that is installed to your server
|
|
|
|
|
## The address of the server where Matomo is hosted:
|
|
|
|
|
# Example: MATOMO_ADDRESS=https://example.com/matomo
|
|
|
|
|
# To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API.
|
|
|
|
|
#CORS_ALLOW_HEADERS=Authorization,Content-Type
|
|
|
|
|
|
|
|
|
|
# To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: *
|
|
|
|
|
#CORS_EXPOSE_HEADERS=*
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# Optional: Integration with Matomo https://matomo.org that is installed to your server
|
|
|
|
|
# The address of the server where Matomo is hosted:
|
|
|
|
|
# MATOMO_ADDRESS=https://example.com/matomo
|
|
|
|
|
#MATOMO_ADDRESS=
|
|
|
|
|
|
|
|
|
|
## The value of the site ID given in Matomo server for Wekan
|
|
|
|
|
# The value of the site ID given in Matomo server for Wekan
|
|
|
|
|
# Example: MATOMO_SITE_ID=123456789
|
|
|
|
|
#MATOMO_SITE_ID=''
|
|
|
|
|
|
|
|
|
|
## The option do not track which enables users to not be tracked by matomo"
|
|
|
|
|
# The option do not track which enables users to not be tracked by matomo"
|
|
|
|
|
# Example: MATOMO_DO_NOT_TRACK=false
|
|
|
|
|
#MATOMO_DO_NOT_TRACK=true
|
|
|
|
|
|
|
|
|
|
## The option that allows matomo to retrieve the username:
|
|
|
|
|
# The option that allows matomo to retrieve the username:
|
|
|
|
|
# Example: MATOMO_WITH_USERNAME=true
|
|
|
|
|
#MATOMO_WITH_USERNAME='false'
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------
|
|
|
|
|
# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
|
|
|
|
|
# Setting this to false is not recommended, it also disables all other browser policy protections
|
|
|
|
|
# and allows all iframing etc. See wekan/server/policy.js
|
|
|
|
@ -61,7 +138,7 @@ TRUSTED_URL=''
|
|
|
|
|
# Example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
|
|
|
|
|
WEBHOOKS_ATTRIBUTES=''
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== OAUTH2 AZURE ====
|
|
|
|
|
# https://github.com/wekan/wekan/wiki/Azure
|
|
|
|
|
# 1) Register the application with Azure. Make sure you capture
|
|
|
|
@ -70,6 +147,9 @@ WEBHOOKS_ATTRIBUTES=''
|
|
|
|
|
# by installation type, but make sure you have the following:
|
|
|
|
|
#OAUTH2_ENABLED=true
|
|
|
|
|
|
|
|
|
|
# OAuth2 login style: popup or redirect.
|
|
|
|
|
#OAUTH2_LOGIN_STYLE=redirect
|
|
|
|
|
|
|
|
|
|
# Application GUID captured during app registration:
|
|
|
|
|
#OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
|
|
|
|
|
|
|
|
|
@ -80,6 +160,12 @@ WEBHOOKS_ATTRIBUTES=''
|
|
|
|
|
#OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
|
|
|
|
|
#OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
|
|
|
|
|
|
|
|
|
|
# OAUTH2 ID Token Whitelist Fields.
|
|
|
|
|
#OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
|
|
|
|
|
|
|
|
|
|
# OAUTH2 Request Permissions.
|
|
|
|
|
#OAUTH2_REQUEST_PERMISSIONS='openid profile email'
|
|
|
|
|
|
|
|
|
|
# The claim name you want to map to the unique ID field:
|
|
|
|
|
#OAUTH2_ID_MAP=email
|
|
|
|
|
|
|
|
|
@ -89,13 +175,16 @@ WEBHOOKS_ATTRIBUTES=''
|
|
|
|
|
# The claim name you want to map to the full name field:
|
|
|
|
|
#OAUTH2_FULLNAME_MAP=name
|
|
|
|
|
|
|
|
|
|
# The claim name you want to map to the email field:
|
|
|
|
|
# Tthe claim name you want to map to the email field:
|
|
|
|
|
#OAUTH2_EMAIL_MAP=email
|
|
|
|
|
|
|
|
|
|
#-----------------------------------------------------------------
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== OAUTH2 KEYCLOAK ====
|
|
|
|
|
# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
|
|
|
|
|
#OAUTH2_ENABLED=true
|
|
|
|
|
|
|
|
|
|
# OAuth2 login style: popup or redirect.
|
|
|
|
|
#OAUTH2_LOGIN_STYLE=redirect
|
|
|
|
|
#OAUTH2_CLIENT_ID=<Keycloak create Client ID>
|
|
|
|
|
#OAUTH2_SERVER_URL=<Keycloak server name>/auth
|
|
|
|
|
#OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
|
|
|
|
@ -103,14 +192,17 @@ WEBHOOKS_ATTRIBUTES=''
|
|
|
|
|
#OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
|
|
|
|
|
#OAUTH2_SECRET=<keycloak client secret>
|
|
|
|
|
|
|
|
|
|
#-----------------------------------------------------------------
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# ==== OAUTH2 DOORKEEPER ====
|
|
|
|
|
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
|
|
|
|
|
# https://github.com/wekan/wekan/issues/1874
|
|
|
|
|
# https://github.com/wekan/wekan/wiki/OAuth2
|
|
|
|
|
# Enable the OAuth2 connection
|
|
|
|
|
#OAUTH2_ENABLED=true
|
|
|
|
|
|
|
|
|
|
# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
|
|
|
|
|
# OAuth2 login style: popup or redirect.
|
|
|
|
|
#OAUTH2_LOGIN_STYLE=redirect
|
|
|
|
|
|
|
|
|
|
# OAuth2 Client ID.
|
|
|
|
|
#OAUTH2_CLIENT_ID=abcde12345
|
|
|
|
|
|
|
|
|
@ -141,7 +233,7 @@ WEBHOOKS_ATTRIBUTES=''
|
|
|
|
|
# OAuth2 Email Mapping
|
|
|
|
|
#OAUTH2_EMAIL_MAP=
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# LDAP_ENABLE : Enable or not the connection by the LDAP
|
|
|
|
|
# example : LDAP_ENABLE=true
|
|
|
|
|
#LDAP_ENABLE=false
|
|
|
|
@ -211,7 +303,9 @@ LDAP_LOG_ENABLED=true
|
|
|
|
|
LDAP_BACKGROUND_SYNC=true
|
|
|
|
|
|
|
|
|
|
# LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
|
|
|
|
|
# example : LDAP_BACKGROUND_SYNC_INTERVAL=12345
|
|
|
|
|
# At which interval does the background task sync in milliseconds.
|
|
|
|
|
# Leave this unset, so it uses default, and does not crash.
|
|
|
|
|
# https://github.com/wekan/wekan/issues/2354#issuecomment-515305722
|
|
|
|
|
#LDAP_BACKGROUND_SYNC_INTERVAL=100
|
|
|
|
|
LDAP_BACKGROUND_SYNC_INTERVAL=100
|
|
|
|
|
|
|
|
|
@ -237,6 +331,12 @@ LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
|
|
|
|
|
# example : LDAP_REJECT_UNAUTHORIZED=true
|
|
|
|
|
#LDAP_REJECT_UNAUTHORIZED=false
|
|
|
|
|
|
|
|
|
|
# Option to login to the LDAP server with the user's own username and password, instead of an administrator key. Default: false (use administrator key).
|
|
|
|
|
#LDAP_USER_AUTHENTICATION=true
|
|
|
|
|
|
|
|
|
|
# Which field is used to find the user for the user authentication. Default: uid.
|
|
|
|
|
#LDAP_USER_AUTHENTICATION_FIELD=uid
|
|
|
|
|
|
|
|
|
|
# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
|
|
|
|
|
# example : LDAP_USER_SEARCH_FILTER=
|
|
|
|
|
#LDAP_USER_SEARCH_FILTER=
|
|
|
|
@ -360,10 +460,19 @@ LDAP_SYNC_GROUP_ROLES=admins
|
|
|
|
|
#LDAP_SYNC_ADMIN_STATUS=true
|
|
|
|
|
LDAP_SYNC_ADMIN_STATUS=true
|
|
|
|
|
|
|
|
|
|
# Comma separated list of admin group names to sync.
|
|
|
|
|
# Comma separated list of admin group names.
|
|
|
|
|
#LDAP_SYNC_ADMIN_GROUPS=group1,group2
|
|
|
|
|
LDAP_SYNC_ADMIN_GROUPS=admins
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# Login to LDAP automatically with HTTP header.
|
|
|
|
|
# In below example for siteminder, at right side of = is header name.
|
|
|
|
|
#HEADER_LOGIN_ID=HEADERUID
|
|
|
|
|
#HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME
|
|
|
|
|
#HEADER_LOGIN_LASTNAME=HEADERLASTNAME
|
|
|
|
|
#HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS
|
|
|
|
|
|
|
|
|
|
#---------------------------------------------------------------
|
|
|
|
|
# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
|
|
|
|
|
# example : LOGOUT_WITH_TIMER=true
|
|
|
|
|
#LOGOUT_WITH_TIMER=
|
|
|
|
|