# The Node Environnement NODE_ENV=production # The path to NODEJS PATH=__NODEJS_PATH__ # Activate Debug mode #DEBUG=true # URL of the mongodb MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__ # Root URL ROOT_URL=https://__DOMAIN_URI__ # Mail URL MAIL_URL=smtp://localhost # This is local port where Wekan Node.js runs PORT=__PORT__ #--------------------------------------------- # Wekan Export Board works when WITH_API=true. # If you disable Wekan API with false, Export Board does not work. WITH_API='true' #--------------------------------------------- # CORS: Set Access-Control-Allow-Origin header. Example: * #CORS=* #--------------------------------------------- ## Optional: Integration with Matomo https://matomo.org that is installed to your server ## The address of the server where Matomo is hosted: # Example: MATOMO_ADDRESS=https://example.com/matomo #MATOMO_ADDRESS= ## The value of the site ID given in Matomo server for Wekan # Example: MATOMO_SITE_ID=123456789 #MATOMO_SITE_ID='' ## The option do not track which enables users to not be tracked by matomo" #Example: MATOMO_DO_NOT_TRACK=false #MATOMO_DO_NOT_TRACK=true ## The option that allows matomo to retrieve the username: # Example: MATOMO_WITH_USERNAME=true #MATOMO_WITH_USERNAME='false' #--------------------------------------------- # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. # Setting this to false is not recommended, it also disables all other browser policy protections # and allows all iframing etc. See wekan/server/policy.js # Default value: true BROWSER_POLICY_ENABLED=true # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. # Example: TRUSTED_URL=http://example.com TRUSTED_URL='' # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . # Example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId WEBHOOKS_ATTRIBUTES='' #--------------------------------------------- # ==== OAUTH2 AZURE ==== # https://github.com/wekan/wekan/wiki/Azure # 1) Register the application with Azure. Make sure you capture # the application ID as well as generate a secret key. # 2) Configure the environment variables. This differs slightly # by installation type, but make sure you have the following: #OAUTH2_ENABLED=true # Application GUID captured during app registration: #OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx # Secret key generated during app registration: #OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #OAUTH2_SERVER_URL=https://login.microsoftonline.com/ #OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize #OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo #OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token # The claim name you want to map to the unique ID field: #OAUTH2_ID_MAP=email # The claim name you want to map to the username field: #OAUTH2_USERNAME_MAP=email # The claim name you want to map to the full name field: #OAUTH2_FULLNAME_MAP=name # The claim name you want to map to the email field: #OAUTH2_EMAIL_MAP=email #----------------------------------------------------------------- # ==== OAUTH2 KEYCLOAK ==== # https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED #OAUTH2_ENABLED=true #OAUTH2_CLIENT_ID= #OAUTH2_SERVER_URL=/auth #OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth #OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo #OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token #OAUTH2_SECRET= #----------------------------------------------------------------- # ==== OAUTH2 DOORKEEPER ==== # https://github.com/wekan/wekan/issues/1874 # https://github.com/wekan/wekan/wiki/OAuth2 # Enable the OAuth2 connection #OAUTH2_ENABLED=true # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 # OAuth2 Client ID. #OAUTH2_CLIENT_ID=abcde12345 # OAuth2 Secret. #OAUTH2_SECRET=54321abcde # OAuth2 Server URL. #OAUTH2_SERVER_URL=https://chat.example.com # OAuth2 Authorization Endpoint. #OAUTH2_AUTH_ENDPOINT=/oauth/authorize # OAuth2 Userinfo Endpoint. #OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo # OAuth2 Token Endpoint. #OAUTH2_TOKEN_ENDPOINT=/oauth/token # OAuth2 ID Mapping #OAUTH2_ID_MAP= # OAuth2 Username Mapping #OAUTH2_USERNAME_MAP= # OAuth2 Fullname Mapping #OAUTH2_FULLNAME_MAP= # OAuth2 Email Mapping #OAUTH2_EMAIL_MAP= #--------------------------------------------- # LDAP_ENABLE : Enable or not the connection by the LDAP # example : LDAP_ENABLE=true #LDAP_ENABLE=false LDAP_ENABLE=true # LDAP_PORT : The port of the LDAP server # example : LDAP_PORT=389 #LDAP_PORT=389 LDAP_PORT=389 # LDAP_HOST : The host server for the LDAP server # example : LDAP_HOST=localhost #LDAP_HOST= LDAP_HOST=localhost # LDAP_BASEDN : The base DN for the LDAP Tree # example : LDAP_BASEDN=ou=user,dc=example,dc=org #LDAP_BASEDN= LDAP_BASEDN=dc=yunohost,dc=org # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method # example : LDAP_LOGIN_FALLBACK=true #LDAP_LOGIN_FALLBACK=false LDAP_LOGIN_FALLBACK=true # LDAP_RECONNECT : Reconnect to the server if the connection is lost # example : LDAP_RECONNECT=false #LDAP_RECONNECT=true LDAP_RECONNECT=true # LDAP_TIMEOUT : Overall timeout, in milliseconds # example : LDAP_TIMEOUT=12345 #LDAP_TIMEOUT=10000 LDAP_TIMEOUT=10000 # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds # example : LDAP_IDLE_TIMEOUT=12345 #LDAP_IDLE_TIMEOUT=10000 LDAP_IDLE_TIMEOUT=10000 # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds # example : LDAP_CONNECT_TIMEOUT=12345 #LDAP_CONNECT_TIMEOUT=10000 LDAP_CONNECT_TIMEOUT=10000 # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search # example : LDAP_AUTHENTIFICATION=true #LDAP_AUTHENTIFICATION=false LDAP_AUTHENTIFICATION=false # LDAP_AUTHENTIFICATION_USERDN : The search user DN # example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org #LDAP_AUTHENTIFICATION_USERDN= # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user # example : AUTHENTIFICATION_PASSWORD=admin #LDAP_AUTHENTIFICATION_PASSWORD= # LDAP_LOG_ENABLED : Enable logs for the module # example : LDAP_LOG_ENABLED=true #LDAP_LOG_ENABLED=false LDAP_LOG_ENABLED=true # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background # example : LDAP_BACKGROUND_SYNC=true #LDAP_BACKGROUND_SYNC=false LDAP_BACKGROUND_SYNC=true # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds # example : LDAP_BACKGROUND_SYNC_INTERVAL=12345 #LDAP_BACKGROUND_SYNC_INTERVAL=100 LDAP_BACKGROUND_SYNC_INTERVAL=100 # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true #LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true #LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true # LDAP_ENCRYPTION : If using LDAPS # example : LDAP_ENCRYPTION=ssl #LDAP_ENCRYPTION=false # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- #LDAP_CA_CERT= # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate # example : LDAP_REJECT_UNAUTHORIZED=true #LDAP_REJECT_UNAUTHORIZED=false # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed # example : LDAP_USER_SEARCH_FILTER= #LDAP_USER_SEARCH_FILTER= LDAP_USER_SEARCH_FILTER="(objectclass=posixAccount)" # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) # example : LDAP_USER_SEARCH_SCOPE=one #LDAP_USER_SEARCH_SCOPE= LDAP_USER_SEARCH_SCOPE=sub # LDAP_USER_SEARCH_FIELD : Which field is used to find the user # example : LDAP_USER_SEARCH_FIELD=uid #LDAP_USER_SEARCH_FIELD= LDAP_USER_SEARCH_FIELD=uid # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) # example : LDAP_SEARCH_PAGE_SIZE=12345 #LDAP_SEARCH_PAGE_SIZE=0 LDAP_SEARCH_PAGE_SIZE=0 # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) # example : LDAP_SEARCH_SIZE_LIMIT=12345 #LDAP_SEARCH_SIZE_LIMIT=0 LDAP_SEARCH_SIZE_LIMIT=0 # LDAP_GROUP_FILTER_ENABLE : Enable group filtering # example : LDAP_GROUP_FILTER_ENABLE=true #LDAP_GROUP_FILTER_ENABLE=false LDAP_GROUP_FILTER_ENABLE=true # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering # example : LDAP_GROUP_FILTER_OBJECTCLASS=group #LDAP_GROUP_FILTER_OBJECTCLASS= LDAP_GROUP_FILTER_OBJECTCLASS=posixGroup # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : # example : #LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=cn # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : # example : #LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=memberUid # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : # example : #LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=uid # LDAP_GROUP_FILTER_GROUP_NAME : # example : LDAP_GROUP_FILTER_GROUP_NAME=wekan_user #LDAP_GROUP_FILTER_GROUP_NAME= LDAP_GROUP_FILTER_GROUP_NAME=sftpusers # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid #LDAP_UNIQUE_IDENTIFIER_FIELD= LDAP_UNIQUE_IDENTIFIER_FIELD=entryUUID # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 # example : LDAP_UTF8_NAMES_SLUGIFY=false #LDAP_UTF8_NAMES_SLUGIFY=true LDAP_UTF8_NAMES_SLUGIFY=true # LDAP_USERNAME_FIELD : Which field contains the ldap username # example : LDAP_USERNAME_FIELD=username #LDAP_USERNAME_FIELD= LDAP_USERNAME_FIELD=uid # LDAP_FULLNAME_FIELD : Which field contains the ldap fullname # example : LDAP_FULLNAME_FIELD=fullname #LDAP_FULLNAME_FIELD= LDAP_FULLNAME_FIELD=cn # LDAP_MERGE_EXISTING_USERS : # example : LDAP_MERGE_EXISTING_USERS=true #LDAP_MERGE_EXISTING_USERS=false LDAP_MERGE_EXISTING_USERS=true # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match # example: LDAP_EMAIL_MATCH_ENABLE=true #LDAP_EMAIL_MATCH_ENABLE=false LDAP_EMAIL_MATCH_ENABLE=true # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match # example: LDAP_EMAIL_MATCH_REQUIRE=true #LDAP_EMAIL_MATCH_REQUIRE=false LDAP_EMAIL_MATCH_REQUIRE=false # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching # example: LDAP_EMAIL_MATCH_VERIFIED=true #LDAP_EMAIL_MATCH_VERIFIED=false LDAP_EMAIL_MATCH_VERIFIED=false # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address # example: LDAP_EMAIL_FIELD=mail #LDAP_EMAIL_FIELD= LDAP_EMAIL_FIELD=mail # LDAP_SYNC_USER_DATA : # example : LDAP_SYNC_USER_DATA=true #LDAP_SYNC_USER_DATA=false LDAP_SYNC_USER_DATA=true # LDAP_SYNC_USER_DATA_FIELDMAP : # example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} #LDAP_SYNC_USER_DATA_FIELDMAP= LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name"} # LDAP_SYNC_GROUP_ROLES : # example : #LDAP_SYNC_GROUP_ROLES= LDAP_SYNC_GROUP_ROLES=admins # LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP # example : #LDAP_DEFAULT_DOMAIN= LDAP_DEFAULT_DOMAIN=yh03.yh.yalh.net # Enable/Disable syncing of admin status based on ldap groups: #LDAP_SYNC_ADMIN_STATUS=true LDAP_SYNC_ADMIN_STATUS=true # Comma separated list of admin group names to sync. #LDAP_SYNC_ADMIN_GROUPS=group1,group2 LDAP_SYNC_ADMIN_GROUPS=admins # LOGOUT_WITH_TIMER : Enables or not the option logout with timer # example : LOGOUT_WITH_TIMER=true #LOGOUT_WITH_TIMER= # LOGOUT_IN : The number of days # example : LOGOUT_IN=1 #LOGOUT_IN= #LOGOUT_ON_HOURS= # LOGOUT_ON_MINUTES : The number of minutes # example : LOGOUT_ON_MINUTES=55 #LOGOUT_ON_MINUTES=