Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
ANALYTIKDATA
/
automated-office
4
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: 2ccc84e275
Gałęzie Tagi
automated-offic...
/
docker
/
docker-compose.yml

docker-compose.yml 6.7 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 
  1. version: '3.9'
    2. 

  2. 

  3. services:
    4. 

  4.   keycloak:
    5. 

  5.     build:
    6. 

  6.       context: .
    7. 

  7.       dockerfile: keycloak.Containerfile
    8. 

  8.       args:
    9. 

  9.         KC_DB_USERNAME: ${KC_DB_USERNAME}
    10. 

  10.         KC_DB_PASSWORD: ${KC_DB_PASSWORD}
    11. 

  11.     container_name: keycloak
    12. 

  12.     environment:
    13. 

  13.       KC_DB: postgres
    14. 

  14.       KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
    15. 

  15.       KC_DB_USERNAME: ${KC_DB_USERNAME}
    16. 

  16.       KC_DB_PASSWORD: ${KC_DB_PASSWORD}
    17. 

  17.       KC_PROXY_HEADERS: xforwarded
    18. 

  18.       KC_PROXY_ADDRESS_FORWARDING: "true"
    19. 

  19.       KC_HTTP_ENABLED: "true"
    20. 

  20.       KC_HOSTNAME_STRICT: "false"
    21. 

  21.       KC_PROXY: edge
    22. 

  22.       KC_FEATURES: "token-exchange,scripts,preview,admin-api"
    23. 

  23.       KC_HEALTH_ENABLED: "true"
    24. 

  24.       KC_METRICS_ENABLED: "true"
    25. 

  25.       KC_HOSTNAME: https://auth.mrx8086.com
    26. 

  26.       KC_BOOTSTRAP_ADMIN_USERNAME: admin
    27. 

  27.       KC_BOOTSTRAP_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
    28. 

  28.     command: ["start-dev"]  # Für Entwicklung; entferne "-dev" für Produktion
    29. 

  29.     ports:
    30. 

  30.       - "8080:8080"
    31. 

  31.     volumes:
    32. 

  32.       - ../config/keycloak/themes:/opt/keycloak/themes:ro
    33. 

  33.     networks:
    34. 

  34.       - keycloak-network
    35. 

  35.     depends_on:
    36. 

  36.       - keycloak-db
    37. 

  37.     extra_hosts:
    38. 

  38.       - "cloud.mrx8086.com:172.23.171.133"         
    39. 

  39.     healthcheck:
    40. 

  40.       test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
    41. 

  41.       interval: 30s
    42. 

  42.       timeout: 10s
    43. 

  43.       retries: 3
    44. 

  44. 

  45.   keycloak-db:
    46. 

  46.     image: postgres:15
    47. 

  47.     container_name: keycloak-db
    48. 

  48.     environment:
    49. 

  49.       POSTGRES_DB: keycloak
    50. 

  50.       POSTGRES_USER: ${KC_DB_USERNAME}
    51. 

  51.       POSTGRES_PASSWORD: ${KC_DB_PASSWORD}
    52. 

  52.     volumes:
    53. 

  53.       - ../data/keycloak-db:/var/lib/postgresql/data
    54. 

  54.     networks:
    55. 

  55.       - keycloak-network
    56. 

  56.     restart: unless-stopped
    57. 

  57.     healthcheck:
    58. 

  58.       test: ["CMD-SHELL", "pg_isready -U ${KC_DB_USERNAME} -d keycloak"]
    59. 

  59.       interval: 10s
    60. 

  60.       timeout: 5s
    61. 

  61.       retries: 5
    62. 

  62. 

  63. # In docker-compose.yml ergänzen:
    64. 

  64.   nextcloud:
    65. 

  65.     image: nextcloud:latest
    66. 

  66.     container_name: nextcloud
    67. 

  67.     restart: unless-stopped
    68. 

  68.     ports:
    69. 

  69.         - "8081:80"
    70. 

  70.     volumes:
    71. 

  71.       - ../data/nextcloud:/var/www/html
    72. 

  72.       - ../config/nextcloud/config:/var/www/html/config
    73. 

  73.       - ../config/nextcloud/custom_apps:/var/www/html/custom_apps
    74. 

  74.       - ../data/nextcloud-db:/var/lib/mysql
    75. 

  75.     environment:
    76. 

  76.       - MYSQL_HOST=nextcloud-db
    77. 

  77.       - MYSQL_DATABASE=nextcloud
    78. 

  78.       - MYSQL_USER=${NEXTCLOUD_DB_USER}
    79. 

  79.       - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
    80. 

  80.       - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
    81. 

  81.       - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
    82. 

  82.       - NEXTCLOUD_TRUSTED_DOMAINS=cloud.mrx8086.com
    83. 

  83.       - OVERWRITEPROTOCOL=https
    84. 

  84.       - OVERWRITEHOST=cloud.mrx8086.com
    85. 

  85.       - OVERWRITEWEBROOT=/
    86. 

  86.       - TRUSTED_PROXIES=172.19.0.0/16
    87. 

  87.       - NEXTCLOUD_URL=https://cloud.mrx8086.com
    88. 

  88.       - NEXTCLOUD_DEBUG=1
    89. 

  89.       - NEXTCLOUD_CONFIG_CUSTOM_SCOPE="openid profile groups-nextcloud"
    90. 

  90.     healthcheck:
    91. 

  91.       test: ["CMD", "curl", "-f", "http://localhost:80/"]
    92. 

  92.       interval: 30s
    93. 

  93.       timeout: 10s
    94. 

  94.       retries: 3
    95. 

  95.     networks:
    96. 

  96.       - nextcloud-network
    97. 

  97.     depends_on:
    98. 

  98.       - nextcloud-db
    99. 

  99.     extra_hosts:
    100. 

  100.       - "auth.mrx8086.com:172.23.171.133"      
    101. 

  101.     dns:
    102. 

  102.       - 8.8.8.8
    103. 

  103.       - 8.8.4.4
    104. 

  104. 

  105.   nextcloud-db:
    106. 

  106.     image: mariadb:10.6
    107. 

  107.     container_name: nextcloud-db
    108. 

  108.     restart: unless-stopped
    109. 

  109.     command: --transaction-isolation=READ-COMMITTED --log-bin=ROW
    110. 

  110.     environment:
    111. 

  111.       - MYSQL_ROOT_PASSWORD=${NEXTCLOUD_DB_ROOT_PASSWORD}
    112. 

  112.       - MYSQL_DATABASE=nextcloud
    113. 

  113.       - MYSQL_USER=${NEXTCLOUD_DB_USER}
    114. 

  114.       - MYSQL_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
    115. 

  115.     volumes:
    116. 

  116.       - ../data/nextcloud-db:/var/lib/mysql
    117. 

  117.     networks:
    118. 

  118.       - nextcloud-network
    119. 

  119. 

  120.   paperless:
    121. 

  121.     image: ghcr.io/paperless-ngx/paperless-ngx:latest
    122. 

  122.     container_name: paperless
    123. 

  123.     restart: unless-stopped
    124. 

  124.     ports:
    125. 

  125.       - "8000:8000"
    126. 

  126.     volumes:
    127. 

  127.       - ../data/paperless:/usr/src/paperless/data
    128. 

  128.       - ../config/paperless/media:/usr/src/paperless/media
    129. 

  129.       - ../config/paperless/export:/usr/src/paperless/export
    130. 

  130.       - ../config/paperless/consume:/usr/src/paperless/consume
    131. 

  131.     environment:
    132. 

  132.       # Basis-Konfiguration
    133. 

  133.       - PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER}
    134. 

  134.       - PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD}
    135. 

  135.       - PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
    136. 

  136.       - PAPERLESS_URL=https://docs.mrx8086.com
    137. 

  137.       - PAPERLESS_ALLOWED_HOSTS=docs.mrx8086.com
    138. 

  138.       - PAPERLESS_REDIS=redis://paperless-redis:6379
    139. 

  139.       - PAPERLESS_LOGGING_DIR=/dev/stdout
    140. 

  140.       - PAPERLESS_LOGGING_LEVEL=DEBUG
    141. 

  141.       - DJANGO_LOG_LEVEL=DEBUG
    142. 

  142.       
    143. 

  143.       # OIDC Basis-Einstellungen
    144. 

  144.       - PAPERLESS_ENABLE_OIDC=true
    145. 

  145.       - PAPERLESS_OIDC_RP_PROVIDER_URL=https://auth.mrx8086.com/realms/office-automation
    146. 

  146.       - PAPERLESS_OIDC_RP_CLIENT_ID=paperless
    147. 

  147.       - PAPERLESS_OIDC_RP_CLIENT_SECRET=${PAPERLESS_CLIENT_SECRET}
    148. 

  148.       
    149. 

  149.       # OIDC Endpoints
    150. 

  150.       - PAPERLESS_OIDC_AUTH_ENDPOINT=https://auth.mrx8086.com/realms/office-automation/protocol/openid-connect/auth
    151. 

  151.       - PAPERLESS_OIDC_TOKEN_ENDPOINT=https://auth.mrx8086.com/realms/office-automation/protocol/openid-connect/token
    152. 

  152.       - PAPERLESS_OIDC_USERINFO_ENDPOINT=https://auth.mrx8086.com/realms/office-automation/protocol/openid-connect/userinfo
    153. 

  153.       - PAPERLESS_OIDC_JWKS_ENDPOINT=https://auth.mrx8086.com/realms/office-automation/protocol/openid-connect/certs
    154. 

  154.       
    155. 

  155.       # OIDC Claims und Scopes
    156. 

  156.       - PAPERLESS_OIDC_RP_SCOPE=openid profile email
    157. 

  157.       - PAPERLESS_OIDC_RP_USERNAME_CLAIM=preferred_username
    158. 

  158.       - PAPERLESS_OIDC_RP_NAME_CLAIM=name
    159. 

  159.       - PAPERLESS_OIDC_RP_EMAIL_CLAIM=email
    160. 

  160.       
    161. 

  161.       # OIDC Sicherheitseinstellungen
    162. 

  162.       - PAPERLESS_OIDC_RP_SIGN_ALGO=RS256
    163. 

  163.       - PAPERLESS_OIDC_RP_VERIFY_SSL=false
    164. 

  164.       - PAPERLESS_OIDC_USE_PKCE=true
    165. 

  165.       
    166. 

  166.       # OIDC Token-Management
    167. 

  167.       - PAPERLESS_OIDC_RP_RENEW_TOKEN_BEFORE_EXPIRY=true
    168. 

  168.     
    169. 

  169.     depends_on:
    170. 

  170.       - paperless-db
    171. 

  171.       - paperless-redis
    172. 

  172.     networks:
    173. 

  173.       - paperless-network
    174. 

  174.     extra_hosts:
    175. 

  175.       - "auth.mrx8086.com:172.23.171.133"
    176. 

  176.     healthcheck:
    177. 

  177.       test: ["CMD", "curl", "-f", "http://localhost:8000/"]
    178. 

  178.       interval: 30s
    179. 

  179.       timeout: 10s
    180. 

  180.       retries: 3
    181. 

  181. 

  182.   paperless-db:
    183. 

  183.     image: postgres:15
    184. 

  184.     container_name: paperless-db
    185. 

  185.     restart: unless-stopped
    186. 

  186.     environment:
    187. 

  187.       POSTGRES_USER: ${PAPERLESS_DB_USER}
    188. 

  188.       POSTGRES_PASSWORD: ${PAPERLESS_DB_PASSWORD}
    189. 

  189.       POSTGRES_DB: paperless
    190. 

  190.     volumes:
    191. 

  191.       - ../data/paperless-db:/var/lib/postgresql/data
    192. 

  192.     networks:
    193. 

  193.       - paperless-network
    194. 

  194.     healthcheck:
    195. 

  195.       test: ["CMD-SHELL", "pg_isready -U ${PAPERLESS_DB_USER} -d paperless"]
    196. 

  196.       interval: 10s
    197. 

  197.       timeout: 5s
    198. 

  198.       retries: 5
    199. 

  199.   
    200. 

  200.   paperless-redis:
    201. 

  201.     image: redis:7
    202. 

  202.     container_name: paperless-redis
    203. 

  203.     restart: unless-stopped
    204. 

  204.     networks:
    205. 

  205.       - paperless-network
    206. 

  206.     healthcheck:
    207. 

  207.       test: ["CMD", "redis-cli", "ping"]
    208. 

  208.       interval: 10s
    209. 

  209.       timeout: 5s
    210. 

  210.       retries: 5
    211. 

  211. 

  212. networks:
    213. 

  213.   keycloak-network:
    214. 

  214.     driver: bridge
    215. 

  215.   nextcloud-network:
    216. 

  216.     driver: bridge
    217. 

  217.   paperless-network:
    218. 

  218.     driver: bridge
    219.