version: "2.2"
services:
  sharelatex:
    sysctls:
    - net.ipv6.conf.all.disable_ipv6=1
    restart: always
    image: ldap-overleaf-sl
    container_name: ldap-overleaf-sl
    depends_on:
      mongo:
        condition: service_healthy
      redis_sl:
        condition: service_healthy
    privileged: false
    networks:
      - traefik-public
    # ports:
    #   - 8008:80
    links:
      - mongo
      - redis_sl
    volumes:
      - ${MYDATA}/sharelatex:/var/lib/sharelatex
      # - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
      # - ${MYDATA}/letsencrypt:/etc/letsencrypt
      # - ${MYDATA}/letsencrypt/live/${MYDOMAIN}/:/etc/letsencrypt/certs/domain

    labels:
      traefik.enable: true

      # handle https traffic
      traefik.http.routers.overleaf.rule: Host(`overleaf.alice.ufsj.edu.br`)
      traefik.http.routers.overleaf.tls: true
      traefik.http.routers.overleaf.tls.certresolver: letsencrypt
      traefik.http.routers.overleaf.entrypoints: websecure
      traefik.http.services.overleaf.loadbalancer.server.port: 80
      traefik.http.middlewares.overleaf.forwardauth.trustForwardHeader: true
      traefik.http.middlewares.overleaf.headers.customrequestheaders.X-Forwarded-Proto: https
      traefik.http.middlewares.overleaf.headers.customrequestheaders.X-Frame-Options: SAMEORIGIN
      traefik.http.middlewares.overleaf.headers.customrequestheaders.X-Content-Type-Options: nosniff
      traefik.http.middlewares.overleaf.headers.customrequestheaders.Connection: "upgrade"

      # traefik.http.middlewares.overleaf.headers.contentTypeNosniff: true
      # traefik.http.middlewares.overleaf.headers.browserXssFilter: true
      # traefik.http.middlewares.overleaf.headers.frameDeny: true
      # traefik.http.middlewares.overleaf.headers.stsIncludeSubdomains: true
      # traefik.http.middlewares.overleaf.headers.stsPreload: true
      # traefik.http.middlewares.overleaf.headers.stsSeconds: 31536000
      # traefik.http.middlewares.overleaf.headers.customFrameOptionsValue: true
      # traefik.http.middlewares.overleaf.headers.trustForwardHeader: "SAMEORIGIN"

      # Docker loadbalance
      # traefik.http.services.overleaf.loadbalancer.server.port: 80
      # traefik.http.services.overleaf.loadbalancer.server.scheme: http
      # traefik.http.services.overleaf.loadbalancer.sticky.cookie: true
      # traefik.http.services.overleaf.loadbalancer.sticky.cookie.name: io
      # traefik.http.services.overleaf.loadbalancer.sticky.cookie.httponly: true
      # traefik.http.services.overleaf.loadbalancer.sticky.cookie.secure: true
      # traefik.http.services.overleaf.loadbalancer.sticky.cookie.samesite: io
    environment:                  
      LOG_LEVEL: debug            
      SHARELATEX_APP_NAME: Overleaf
      SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex
      SHARELATEX_SITE_URL: https://${MYDOMAIN}
      SHARELATEX_NAV_TITLE: Overleaf - run by ${MYDOMAIN}
      #SHARELATEX_HEADER_IMAGE_URL: https://${MYDOMAIN}/logo.svg
      SHARELATEX_ADMIN_EMAIL: ${MYMAIL}
      SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"} ]'
      SHARELATEX_RIGHT_FOOTER: '[{"text": "LDAP Overleaf (beta)"} ]'
      SHARELATEX_EMAIL_FROM_ADDRESS: "noreply@${MYDOMAIN}"
      # SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
      # SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
      SHARELATEX_EMAIL_SMTP_HOST: smtp.${MYDOMAIN}
      SHARELATEX_EMAIL_SMTP_PORT: 587
      SHARELATEX_EMAIL_SMTP_SECURE: "false"
      # SHARELATEX_EMAIL_SMTP_USER:
      # SHARELATEX_EMAIL_SMTP_PASS:
      # SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
      # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
      SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by ${MYDOMAIN} - please contact ${MYMAIL} if you experience any issues."

      # make public links accessible w/o login (link sharing issue)
      # https://github.com/overleaf/docker-image/issues/66
      # https://github.com/overleaf/overleaf/issues/628
      # https://github.com/overleaf/web/issues/367
      # Fixed in 2.0.2 (Release date: 2019-11-26)
      SHARELATEX_ALLOW_PUBLIC_ACCESS: "true"
      SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING: "true"

      # Uncomment the following line to enable secure cookies if you are using SSL
      #SHARELATEX_SECURE_COOKIE: "true"
      SHARELATEX_BEHIND_PROXY: "true"

      # por algum motivo ele não consegue acessar o ldaps na 33004, 
      # então usei o hostname na rede docker
      LDAP_SERVER: ${LDAP_SERVER}
      LDAP_BASE: ${LDAP_BASE}
      # LDAP_SERVER_CACERT: ""

      ### There are to ways get users from the ldap server

      ## NO LDAP BIND USER:
      # Tries directly to bind with the login user (as uid)
      # LDAP_BINDDN: "cn=%u,ou=users,dc=alice,dc=ufsj"

      ## Or you can use ai global LDAP_BIND_USER
      LDAP_BIND_USER: ${LDAP_BIND_USER}
      LDAP_BIND_PW: ${LDAP_BIND_PW}

      # Only allow users matching LDAP_USER_FILTER
      LDAP_USER_FILTER: ${LDAP_USER_FILTER}

      # If user is in ADMIN_GROUP on user creation (first login) isAdmin is set to true.
      # Admin Users can invite external (non ldap) users. This feature makes only sense
      # when ALLOW_EMAIL_LOGIN is set to 'true'. Additionally admins can send
      # system wide messages.
      LDAP_ADMIN_GROUP_FILTER: ${LDAP_ADMIN_GROUP_FILTER}
      ALLOW_EMAIL_LOGIN: "false"

      # All users in the LDAP_CONTACT_FILTER are loaded from the ldap server into contacts.
      # LDAP_CONTACT_FILTER: "(memberof=cn=GROUPNAME,ou=groups,dc=DOMAIN,dc=TLD)"
      LDAP_CONTACTS: "false"

      ## OAuth2 Settings
      # OAUTH2_ENABLED: "true"
      # OAUTH2_PROVIDER: YOUR_OAUTH2_PROVIDER
      # OAUTH2_CLIENT_ID: YOUR_OAUTH2_CLIENT_ID
      # OAUTH2_CLIENT_SECRET: YOUR_OAUTH2_CLIENT_SECRET
      # OAUTH2_SCOPE: YOUR_OAUTH2_SCOPE
      # OAUTH2_AUTHORIZATION_URL: YOUR_OAUTH2_AUTHORIZATION_URL
      # OAUTH2_TOKEN_URL: YOUR_OAUTH2_TOKEN_URL
      # OAUTH2_TOKEN_CONTENT_TYPE: # One of ['application/x-www-form-urlencoded', 'application/json']
      # OAUTH2_PROFILE_URL: YOUR_OAUTH2_PROFILE_URL
      # OAUTH2_USER_ATTR_EMAIL: email
      # OAUTH2_USER_ATTR_UID: id
      # OAUTH2_USER_ATTR_FIRSTNAME: name
      # OAUTH2_USER_ATTR_LASTNAME:
      # OAUTH2_USER_ATTR_IS_ADMIN: site_admin

      # Same property, unfortunately with different names in
      # different locations
      SHARELATEX_REDIS_HOST: redis_sl
      REDIS_HOST: redis_sl
      REDIS_PORT: 6379

      ENABLED_LINKED_FILE_TYPES: "url,project_file"

      # Enables Thumbnail generation using ImageMagick
      ENABLE_CONVERSIONS: "true"

  mongo:
    restart: always
    image: mongo:4.4
    container_name: mongo
    networks:
      - traefik-public
    expose:
      - 27017
    volumes:
      - ${MYDATA}/mongo_data:/data/db
    healthcheck:
      test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
      interval: 10s
      timeout: 10s
      retries: 5
    command: "--replSet overleaf"

  # See also: https://github.com/overleaf/overleaf/issues/1120
  mongoinit:
    image: mongo:4.4
    # this container will exit after executing the command
    restart: "no"
    networks:
      - traefik-public
    depends_on:
      mongo:
        condition: service_healthy
    entrypoint:
      [
        "mongo",
        "--host",
        "mongo:27017",
        "--eval",
        'rs.initiate({ _id: "overleaf", members: [ { _id: 0, host: "mongo:27017" } ] })',
      ]

  redis_sl:
    restart: always
    image: redis:6.2
    container_name: redis_sl
    expose:
      - 6379
    volumes:
      - ${MYDATA}/redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - traefik-public

networks:
  traefik-public:
    external: true