alice-docker
/
overleaf
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit

This commit is contained in:
Carneiro 2025-02-27 10:27:59 -03:00
commit 66baf8edd9
2 changed files with 224 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.env.example Normal file
View File

@ -0,0 +1,19 @@
# do not use quotes (")
MYDOMAIN=overleaf.example.ufsj.edu.br
MYMAIL=noreply@example.ufsj.edu.br
MYDATA=/data
LOGIN_TEXT=username
COLLAB_TEXT=Direct share with collaborators is enabled only for activated users!
ADMIN_IS_SYSADMIN=false
LDAP_SERVER="ldap://openldap"
LDAP_BASE="ou=users,dc=ldap,dc=example"
# LDAP_SERVER_CACERT: ""
# Tries directly to bind with the login user (as uid)
# LDAP_BINDDN: "cn=%u,ou=users,dc=ldap,dc=example"
LDAP_BIND_USER="cn=binduser,dc=ldap,dc=example"
LDAP_BIND_PW="bindpw"
LDAP_USER_FILTER="(&(objectClass=posixAccount)(cn=%u))"
LDAP_ADMIN_GROUP_FILTER="(memberOf=cn=ldap_admin,ou=groups,dc=ldap,dc=example)"
ALLOW_EMAIL_LOGIN="false"
LDAP_CONTACTS="false"

205
docker-compose.yml Normal file
View File

@ -0,0 +1,205 @@
version: "2.2"
services:
sharelatex:
sysctls:
- net.ipv6.conf.all.disable_ipv6=1
restart: always
image: ldap-overleaf-sl
container_name: ldap-overleaf-sl
depends_on:
mongo:
condition: service_healthy
redis_sl:
condition: service_healthy
privileged: false
networks:
- traefik-public
# ports:
# - 8008:80
links:
- mongo
- redis_sl
volumes:
- ${MYDATA}/sharelatex:/var/lib/sharelatex
# - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
# - ${MYDATA}/letsencrypt:/etc/letsencrypt
# - ${MYDATA}/letsencrypt/live/${MYDOMAIN}/:/etc/letsencrypt/certs/domain
labels:
traefik.enable: true
# handle https traffic
traefik.http.routers.overleaf.rule: Host(`overleaf.alice.ufsj.edu.br`)
traefik.http.routers.overleaf.tls: true
traefik.http.routers.overleaf.tls.certresolver: letsencrypt
traefik.http.routers.overleaf.entrypoints: websecure
traefik.http.services.overleaf.loadbalancer.server.port: 80
traefik.http.middlewares.overleaf.forwardauth.trustForwardHeader: true
traefik.http.middlewares.overleaf.headers.customrequestheaders.X-Forwarded-Proto: https
traefik.http.middlewares.overleaf.headers.customrequestheaders.X-Frame-Options: SAMEORIGIN
traefik.http.middlewares.overleaf.headers.customrequestheaders.X-Content-Type-Options: nosniff
traefik.http.middlewares.overleaf.headers.customrequestheaders.Connection: "upgrade"
# traefik.http.middlewares.overleaf.headers.contentTypeNosniff: true
# traefik.http.middlewares.overleaf.headers.browserXssFilter: true
# traefik.http.middlewares.overleaf.headers.frameDeny: true
# traefik.http.middlewares.overleaf.headers.stsIncludeSubdomains: true
# traefik.http.middlewares.overleaf.headers.stsPreload: true
# traefik.http.middlewares.overleaf.headers.stsSeconds: 31536000
# traefik.http.middlewares.overleaf.headers.customFrameOptionsValue: true
# traefik.http.middlewares.overleaf.headers.trustForwardHeader: "SAMEORIGIN"
# Docker loadbalance
# traefik.http.services.overleaf.loadbalancer.server.port: 80
# traefik.http.services.overleaf.loadbalancer.server.scheme: http
# traefik.http.services.overleaf.loadbalancer.sticky.cookie: true
# traefik.http.services.overleaf.loadbalancer.sticky.cookie.name: io
# traefik.http.services.overleaf.loadbalancer.sticky.cookie.httponly: true
# traefik.http.services.overleaf.loadbalancer.sticky.cookie.secure: true
# traefik.http.services.overleaf.loadbalancer.sticky.cookie.samesite: io
environment:
LOG_LEVEL: debug
SHARELATEX_APP_NAME: Overleaf
SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex
SHARELATEX_SITE_URL: https://${MYDOMAIN}
SHARELATEX_NAV_TITLE: Overleaf - run by ${MYDOMAIN}
#SHARELATEX_HEADER_IMAGE_URL: https://${MYDOMAIN}/logo.svg
SHARELATEX_ADMIN_EMAIL: ${MYMAIL}
SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"} ]'
SHARELATEX_RIGHT_FOOTER: '[{"text": "LDAP Overleaf (beta)"} ]'
SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@${MYDOMAIN}"
# SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
# SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
SHARELATEX_EMAIL_SMTP_HOST: smtp.${MYDOMAIN}
SHARELATEX_EMAIL_SMTP_PORT: 587
SHARELATEX_EMAIL_SMTP_SECURE: "false"
# SHARELATEX_EMAIL_SMTP_USER:
# SHARELATEX_EMAIL_SMTP_PASS:
# SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
# SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."
# make public links accessible w/o login (link sharing issue)
# https://github.com/overleaf/docker-image/issues/66
# https://github.com/overleaf/overleaf/issues/628
# https://github.com/overleaf/web/issues/367
# Fixed in 2.0.2 (Release date: 2019-11-26)
SHARELATEX_ALLOW_PUBLIC_ACCESS: "true"
SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: "true"
# Uncomment the following line to enable secure cookies if you are using SSL
#SHARELATEX_SECURE_COOKIE: "true"
SHARELATEX_BEHIND_PROXY: "true"
# por algum motivo ele não consegue acessar o ldaps na 33004,
# então usei o hostname na rede docker
LDAP_SERVER: ${LDAP_SERVER}
LDAP_BASE: ${LDAP_BASE}
# LDAP_SERVER_CACERT: ""
### There are to ways get users from the ldap server
## NO LDAP BIND USER:
# Tries directly to bind with the login user (as uid)
# LDAP_BINDDN: "cn=%u,ou=users,dc=alice,dc=ufsj"
## Or you can use ai global LDAP_BIND_USER
LDAP_BIND_USER: ${LDAP_BIND_USER}
LDAP_BIND_PW: ${LDAP_BIND_PW}
# Only allow users matching LDAP_USER_FILTER
LDAP_USER_FILTER: ${LDAP_USER_FILTER}
# If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
# Admin Users can invite external (non ldap) users. This feature makes only sense
# when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send
# system wide messages.
LDAP_ADMIN_GROUP_FILTER: ${LDAP_ADMIN_GROUP_FILTER}
ALLOW_EMAIL_LOGIN: "false"
# All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
# LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
LDAP_CONTACTS: "false"
## OAuth2 Settings
# OAUTH2_ENABLED: "true"
# OAUTH2_PROVIDER: YOUR_OAUTH2_PROVIDER
# OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID
# OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET
# OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE
# OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL
# OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL
# OAUTH2_TOKEN_CONTENT_TYPE: # One of ['application/x-www-form-urlencoded', 'application/json']
# OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL
# OAUTH2_USER_ATTR_EMAIL: email
# OAUTH2_USER_ATTR_UID: id
# OAUTH2_USER_ATTR_FIRSTNAME: name
# OAUTH2_USER_ATTR_LASTNAME:
# OAUTH2_USER_ATTR_IS_ADMIN: site_admin
# Same property, unfortunately with different names in
# different locations
SHARELATEX_REDIS_HOST: redis_sl
REDIS_HOST: redis_sl
REDIS_PORT: 6379
ENABLED_LINKED_FILE_TYPES: "url,project_file"
# Enables Thumbnail generation using ImageMagick
ENABLE_CONVERSIONS: "true"
mongo:
restart: always
image: mongo:4.4
container_name: mongo
networks:
- traefik-public
expose:
- 27017
volumes:
- ${MYDATA}/mongo_data:/data/db
healthcheck:
test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
interval: 10s
timeout: 10s
retries: 5
command: "--replSet overleaf"
# See also: https://github.com/overleaf/overleaf/issues/1120
mongoinit:
image: mongo:4.4
# this container will exit after executing the command
restart: "no"
networks:
- traefik-public
depends_on:
mongo:
condition: service_healthy
entrypoint:
[
"mongo",
"--host",
"mongo:27017",
"--eval",
'rs.initiate({ _id: "overleaf", members: [ { _id: 0, host: "mongo:27017" } ] })',
]
redis_sl:
restart: always
image: redis:6.2
container_name: redis_sl
expose:
- 6379
volumes:
- ${MYDATA}/redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
networks:
- traefik-public
networks:
traefik-public:
external: true