diff --git a/conf/.env b/conf/.env index f94c4e5..17d1c80 100644 --- a/conf/.env +++ b/conf/.env @@ -1,14 +1,338 @@ +# The Node Environnement +NODE_ENV=production + # The path to NODEJS PATH=__NODEJS_PATH__ +# Activate Debug mode +#DEBUG=true + # URL of the mongodb MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__ # Root URL ROOT_URL=https://__DOMAIN_URI__ -#Port +# Mail URL +MAIL_URL='smtp://user:pass@mailserver.example.com:25/' + +# This is local port where Wekan Node.js runs PORT=__PORT__ -# The Node Environnement -NODE_ENV=production +#--------------------------------------------- +# Wekan Export Board works when WITH_API=true. +# If you disable Wekan API with false, Export Board does not work. +WITH_API='true' + +#--------------------------------------------- +# CORS: Set Access-Control-Allow-Origin header. Example: * +#CORS=* + +#--------------------------------------------- +## Optional: Integration with Matomo https://matomo.org that is installed to your server +## The address of the server where Matomo is hosted: +# Example: MATOMO_ADDRESS=https://example.com/matomo +#MATOMO_ADDRESS= + +## The value of the site ID given in Matomo server for Wekan +# Example: MATOMO_SITE_ID=123456789 +#MATOMO_SITE_ID='' + +## The option do not track which enables users to not be tracked by matomo" +#Example: MATOMO_DO_NOT_TRACK=false +#MATOMO_DO_NOT_TRACK=true + +## The option that allows matomo to retrieve the username: +# Example: MATOMO_WITH_USERNAME=true +#MATOMO_WITH_USERNAME='false' + +#--------------------------------------------- +# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. +# Setting this to false is not recommended, it also disables all other browser policy protections +# and allows all iframing etc. See wekan/server/policy.js +# Default value: true +BROWSER_POLICY_ENABLED=true + +# When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. +# Example: TRUSTED_URL=http://example.com +TRUSTED_URL='' + +# What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . +# Example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId +WEBHOOKS_ATTRIBUTES='' + +#--------------------------------------------- +# ==== OAUTH2 AZURE ==== +# https://github.com/wekan/wekan/wiki/Azure +# 1) Register the application with Azure. Make sure you capture +# the application ID as well as generate a secret key. +# 2) Configure the environment variables. This differs slightly +# by installation type, but make sure you have the following: +#OAUTH2_ENABLED=true + +# Application GUID captured during app registration: +#OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx + +# Secret key generated during app registration: +#OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +#OAUTH2_SERVER_URL=https://login.microsoftonline.com/ +#OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize +#OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo +#OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token + +# The claim name you want to map to the unique ID field: +#OAUTH2_ID_MAP=email + +# The claim name you want to map to the username field: +#OAUTH2_USERNAME_MAP=email + +# The claim name you want to map to the full name field: +#OAUTH2_FULLNAME_MAP=name + +# The claim name you want to map to the email field: +#OAUTH2_EMAIL_MAP=email + +#----------------------------------------------------------------- +# ==== OAUTH2 KEYCLOAK ==== +# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED +#OAUTH2_ENABLED=true +#OAUTH2_CLIENT_ID= +#OAUTH2_SERVER_URL=/auth +#OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth +#OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo +#OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token +#OAUTH2_SECRET= + +#----------------------------------------------------------------- +# ==== OAUTH2 DOORKEEPER ==== +# https://github.com/wekan/wekan/issues/1874 +# https://github.com/wekan/wekan/wiki/OAuth2 +# Enable the OAuth2 connection +#OAUTH2_ENABLED=true + +# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 +# OAuth2 Client ID. +#OAUTH2_CLIENT_ID=abcde12345 + +# OAuth2 Secret. +#OAUTH2_SECRET=54321abcde + +# OAuth2 Server URL. +#OAUTH2_SERVER_URL=https://chat.example.com + +# OAuth2 Authorization Endpoint. +#OAUTH2_AUTH_ENDPOINT=/oauth/authorize + +# OAuth2 Userinfo Endpoint. +#OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo + +# OAuth2 Token Endpoint. +#OAUTH2_TOKEN_ENDPOINT=/oauth/token + +# OAuth2 ID Mapping +#OAUTH2_ID_MAP= + +# OAuth2 Username Mapping +#OAUTH2_USERNAME_MAP= + +# OAuth2 Fullname Mapping +#OAUTH2_FULLNAME_MAP= + +# OAuth2 Email Mapping +#OAUTH2_EMAIL_MAP= + +#--------------------------------------------- +# LDAP_ENABLE : Enable or not the connection by the LDAP +# example : LDAP_ENABLE=true +#LDAP_ENABLE=false + +# LDAP_PORT : The port of the LDAP server +# example : LDAP_PORT=389 +#LDAP_PORT=389 + +# LDAP_HOST : The host server for the LDAP server +# example : LDAP_HOST=localhost +#LDAP_HOST= + +# LDAP_BASEDN : The base DN for the LDAP Tree +# example : LDAP_BASEDN=ou=user,dc=example,dc=org +#LDAP_BASEDN= + +# LDAP_LOGIN_FALLBACK : Fallback on the default authentication method +# example : LDAP_LOGIN_FALLBACK=true +#LDAP_LOGIN_FALLBACK=false + +# LDAP_RECONNECT : Reconnect to the server if the connection is lost +# example : LDAP_RECONNECT=false +#LDAP_RECONNECT=true + +# LDAP_TIMEOUT : Overall timeout, in milliseconds +# example : LDAP_TIMEOUT=12345 +#LDAP_TIMEOUT=10000 + +# LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds +# example : LDAP_IDLE_TIMEOUT=12345 +#LDAP_IDLE_TIMEOUT=10000 + +# LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds +# example : LDAP_CONNECT_TIMEOUT=12345 +#LDAP_CONNECT_TIMEOUT=10000 + +# LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search +# example : LDAP_AUTHENTIFICATION=true +#LDAP_AUTHENTIFICATION=false + +# LDAP_AUTHENTIFICATION_USERDN : The search user DN +# example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org +#LDAP_AUTHENTIFICATION_USERDN= + +# LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user +# example : AUTHENTIFICATION_PASSWORD=admin +#LDAP_AUTHENTIFICATION_PASSWORD= + +# LDAP_LOG_ENABLED : Enable logs for the module +# example : LDAP_LOG_ENABLED=true +#LDAP_LOG_ENABLED=false + +# LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background +# example : LDAP_BACKGROUND_SYNC=true +#LDAP_BACKGROUND_SYNC=false + +# LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds +# example : LDAP_BACKGROUND_SYNC_INTERVAL=12345 +#LDAP_BACKGROUND_SYNC_INTERVAL=100 + +# LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : +# example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true +#LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false + +# LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : +# example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true +#LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false + +# LDAP_ENCRYPTION : If using LDAPS +# example : LDAP_ENCRYPTION=ssl +#LDAP_ENCRYPTION=false + +# LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. +# example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- +#LDAP_CA_CERT= + +# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate +# example : LDAP_REJECT_UNAUTHORIZED=true +#LDAP_REJECT_UNAUTHORIZED=false + +# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed +# example : LDAP_USER_SEARCH_FILTER= +#LDAP_USER_SEARCH_FILTER= + +# LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) +# example : LDAP_USER_SEARCH_SCOPE=one +#LDAP_USER_SEARCH_SCOPE= + +# LDAP_USER_SEARCH_FIELD : Which field is used to find the user +# example : LDAP_USER_SEARCH_FIELD=uid +#LDAP_USER_SEARCH_FIELD= + +# LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) +# example : LDAP_SEARCH_PAGE_SIZE=12345 +#LDAP_SEARCH_PAGE_SIZE=0 + +# LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) +# example : LDAP_SEARCH_SIZE_LIMIT=12345 +#LDAP_SEARCH_SIZE_LIMIT=0 + +# LDAP_GROUP_FILTER_ENABLE : Enable group filtering +# example : LDAP_GROUP_FILTER_ENABLE=true +#LDAP_GROUP_FILTER_ENABLE=false + +# LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering +# example : LDAP_GROUP_FILTER_OBJECTCLASS=group +#LDAP_GROUP_FILTER_OBJECTCLASS= + +# LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : +# example : +#LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= + +# LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : +# example : +#LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= + +# LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : +# example : +#LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= + +# LDAP_GROUP_FILTER_GROUP_NAME : +# example : +#LDAP_GROUP_FILTER_GROUP_NAME= + +# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) +# example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid +#LDAP_UNIQUE_IDENTIFIER_FIELD= + +# LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 +# example : LDAP_UTF8_NAMES_SLUGIFY=false +#LDAP_UTF8_NAMES_SLUGIFY=true + +# LDAP_USERNAME_FIELD : Which field contains the ldap username +# example : LDAP_USERNAME_FIELD=username +#LDAP_USERNAME_FIELD= + +# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname +# example : LDAP_FULLNAME_FIELD=fullname +#LDAP_FULLNAME_FIELD= + +# LDAP_MERGE_EXISTING_USERS : +# example : LDAP_MERGE_EXISTING_USERS=true +#LDAP_MERGE_EXISTING_USERS=false + +# LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match +# example: LDAP_EMAIL_MATCH_ENABLE=true +#LDAP_EMAIL_MATCH_ENABLE=false + +# LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match +# example: LDAP_EMAIL_MATCH_REQUIRE=true +#LDAP_EMAIL_MATCH_REQUIRE=false + +# LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching +# example: LDAP_EMAIL_MATCH_VERIFIED=true +#LDAP_EMAIL_MATCH_VERIFIED=false + +# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address +# example: LDAP_EMAIL_FIELD=mail +#LDAP_EMAIL_FIELD= + +# LDAP_SYNC_USER_DATA : +# example : LDAP_SYNC_USER_DATA=true +#LDAP_SYNC_USER_DATA=false + +# LDAP_SYNC_USER_DATA_FIELDMAP : +# example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} +#LDAP_SYNC_USER_DATA_FIELDMAP= + +# LDAP_SYNC_GROUP_ROLES : +# example : +#LDAP_SYNC_GROUP_ROLES= + +# LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP +# example : +#LDAP_DEFAULT_DOMAIN= + +# Enable/Disable syncing of admin status based on ldap groups: +#LDAP_SYNC_ADMIN_STATUS=true + +# Comma separated list of admin group names to sync. +#LDAP_SYNC_ADMIN_GROUPS=group1,group2 + +# LOGOUT_WITH_TIMER : Enables or not the option logout with timer +# example : LOGOUT_WITH_TIMER=true +#LOGOUT_WITH_TIMER= + +# LOGOUT_IN : The number of days +# example : LOGOUT_IN=1 +#LOGOUT_IN= +#LOGOUT_ON_HOURS= + +# LOGOUT_ON_MINUTES : The number of minutes +# example : LOGOUT_ON_MINUTES=55 +#LOGOUT_ON_MINUTES=