mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-24 15:48:55 +01:00
297 lines
12 KiB
YAML
297 lines
12 KiB
YAML
version: '3'
|
|
volumes:
|
|
# data directory: here are the files stored (/var/lib/egroupware by default)
|
|
data:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
# to upgrade an existing non-docker installation most easy is to use the existing
|
|
# data directory /var/lib/egroupware AND the host database see below
|
|
#device: /var/lib/egroupware
|
|
# otherwise data is stored in data subdirectory of the current directory
|
|
device: $PWD/data
|
|
# sources directory or document root mounted as /var/www inside the container
|
|
sources:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
# use this if you have an existing document root with an egroupware directory inside
|
|
#device: /var/www
|
|
# otherwise sources/document is stored in sources subdirectory of current directory
|
|
device: $PWD/sources
|
|
# sources for push server, swoolpush subdirectory of egroupware
|
|
sources-push:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: $PWD/sources/egroupware/swoolepush
|
|
# volume to store config.inc.php file / token shared between egroupware and push container
|
|
push-config:
|
|
# collabora-config
|
|
collabora-config:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
# to upgrade an existing non-docker installation most easy is to use the existing
|
|
# data directory /var/lib/egroupware AND the host database see below
|
|
#device: /var/lib/egroupware/default/loolwsd
|
|
# otherwise data is stored in data subdirectory of the current directory
|
|
device: $PWD/data/default/loolwsd
|
|
# for Mac and Windows, do NOT use a directory for the DB, as the Docker host is in a VM!
|
|
db:
|
|
sessions:
|
|
# cache files from compose, npm and yarn (actually /root inside the container)
|
|
cache:
|
|
# store Rocket.Chat MongoDB on an (internal) Volume
|
|
mongo:
|
|
# directory to store MongoDB dumps
|
|
rocketchat-dumps:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: $PWD/data/default/rocketchat/dump
|
|
rocketchat-uploads:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: $PWD/data/default/rocketchat/uploads
|
|
|
|
services:
|
|
egroupware:
|
|
# you can also use tags like: 7.4, 8.0 or 8.1 depending on the PHP version you want to use
|
|
image: egroupware/development:latest
|
|
# setting a default language for a new installation
|
|
#environment:
|
|
#- LANG=de
|
|
volumes:
|
|
- sources:/var/www
|
|
- data:/var/lib/egroupware
|
|
- sessions:/var/lib/php/sessions
|
|
- cache:/root
|
|
- push-config:/var/lib/egroupware-push
|
|
# if you want to use the host database:
|
|
# 1. comment out the whole db service below AND
|
|
# 2. set EGW_DB_HOST=localhost AND
|
|
# 3. uncomment the next line and modify the host path (first one), it depends on your distro:
|
|
# - RHEL/CentOS /var/lib/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
|
|
# - openSUSE/SLE /var/run/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
|
|
# - Debian/Ubuntu /var/run/mysqld:/var/run/mysqld
|
|
#- /var/run/mysqld:/var/run/mysqld
|
|
# private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
|
|
# multiple certificates (eg. a chain) have to be single files in a directory, with one named private-ca.crt!
|
|
#- /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
|
|
environment:
|
|
#
|
|
# MariaDB/MySQL host to use: for internal service use "db", for host database (socket bind-mounted into container) use "localhost"
|
|
- EGW_DB_HOST=db
|
|
# grant host is needed for NOT using localhost / unix domain socket for MySQL/MariaDB
|
|
- EGW_DB_GRANT_HOST=172.%
|
|
# for internal db service you should to specify a root password here AND in db service
|
|
# a database "egroupware" with a random password is created for you on installation (password is stored in header.inc.php in data directory)
|
|
#- EGW_DB_ROOT=root
|
|
- EGW_DB_ROOT_PW=secret
|
|
# alternativly you can specify an already existing database with full right by the given user!
|
|
#- EGW_DB_NAME=egroupware
|
|
#- EGW_DB_USER=egroupware
|
|
#- EGW_DB_PASS=
|
|
#
|
|
# further post_install.php arguments can be passed as a single enviroment variable with space separated assignments
|
|
# "<name1>=<value1> <name2>=<value2>" see https://github.com/EGroupware/egroupware/blob/master/doc/rpm-build/post_install.php#L17
|
|
# to configure eg. LDAP for authentication and account storage use
|
|
#- EGW_POST_INSTALL='account-auth=ldap,ldap ldap_base=ou=egroupware,dc=example,dc=org ldap_host=tls://ldap.example.org ldap_admin=cn=admin,$base ldap_admin_pw=secret ldap_context=cn=users,$base ldap_group_context=cn=groups,$base'
|
|
#
|
|
# extra non-default apps (need to start with EGW_EXTRA_APP!)
|
|
#
|
|
# EPL apps (need extra credentials!)
|
|
#- EGW_EXTRA_APPS_EPL=https://github.com/EGroupwareGmbH/epl.git https://github.com/EGroupwareGmbH/esyncpro.git https://github.com/EGroupwareGmbH/policy.git https://github.com/EGroupwareGmbH/webauthn.git
|
|
# old Wiki
|
|
#- EGW_EXTRA_APP_WIKI=https://github.com/EGroupware/wiki.git
|
|
# old API and eTemplate(1), required for upgrades from before 14.3
|
|
#- EGW_EXTRA_APP_OLDAPI=https://github.com/EGroupware/phpgwapi.git https://github.com/EGroupware/etemplate.git
|
|
#
|
|
# XDEBUG_REMOTE_HOST need to be set, if the host running the IDE is different from 172.17.0.1 (Mac can use docker.for.mac.localhost)
|
|
- XDEBUG_REMOTE_HOST=docker.for.mac.localhost
|
|
restart: always
|
|
depends_on:
|
|
- db
|
|
container_name: egroupware
|
|
# set the ip-address of your docker host AND your official DNS name so EGroupware
|
|
# can access Rocket.Chat or Collabora without the need to go over your firewall
|
|
#extra_hosts:
|
|
#- "my.host.name:ip-address"
|
|
|
|
nginx:
|
|
image: nginx:stable-alpine
|
|
volumes:
|
|
- sources:/var/www:ro
|
|
# to add a certificate create a certificate.pem containing (in that order)
|
|
# 1. private key
|
|
# 2. public key
|
|
# 3. (optional) chain certificates
|
|
# uncomment to the next line
|
|
# ./certificate.pem:/etc/ssl/private/certificate.pem
|
|
# AND uncomment the three lines starting with "listen 443", "ssl_certificate", "ssl_certificate_key" in nginx.conf
|
|
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
|
ports:
|
|
# if no webserver is running on the host, change (first) number to 80 and 443
|
|
- "8080:80"
|
|
- "4443:443"
|
|
depends_on:
|
|
- egroupware
|
|
- push
|
|
- collabora-key
|
|
- rocketchat
|
|
container_name: egroupware-nginx
|
|
restart: always
|
|
|
|
# run an own MariaDB:10.6 (you can use EGroupware's database backup and restore to add your existing database)
|
|
db:
|
|
image: mariadb:10.6
|
|
environment:
|
|
#- MYSQL_ROOT=root
|
|
- MYSQL_ROOT_PASSWORD=secret
|
|
- MARIADB_AUTO_UPGRADE=true
|
|
volumes:
|
|
- db:/var/lib/mysql
|
|
# to add an own persistent configuration
|
|
#- ./mariadb.cnf:/etc/mysql/mariadb.conf.d/egroupware.cnf
|
|
container_name: egroupware-db
|
|
restart: always
|
|
# make mysql also available on the host
|
|
#ports:
|
|
#- "3306:3306"
|
|
|
|
# push server using phpswoole
|
|
push:
|
|
image: phpswoole/swoole:latest-alpine
|
|
command:
|
|
- /var/www/server.php
|
|
volumes:
|
|
- sources-push:/var/www
|
|
- sessions:/var/lib/php/sessions
|
|
- push-config:/var/lib/egroupware-push
|
|
container_name: egroupware-push
|
|
restart: always
|
|
depends_on:
|
|
- egroupware
|
|
|
|
# automatic updates of all containers daily at 4am
|
|
# see https://containrrr.github.io/watchtower for more information
|
|
watchtower:
|
|
image: containrrr/watchtower
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
# For automatic EPL Updates (not necessary for CE!) you need to pass docker
|
|
# credentials into watchtower after running: docker login download.egroupware.org
|
|
#- /root/.docker/config.json:/config.json:ro
|
|
environment:
|
|
- WATCHTOWER_CLEANUP=true # delete old image after update to not fill up the disk
|
|
# for email notifications add your email and mail-server here
|
|
#- WATCHTOWER_NOTIFICATIONS=email
|
|
#- WATCHTOWER_NOTIFICATIONS_LEVEL=info # possible values: panic, fatal, error, warn, info or debug
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_FROM="watchtower@my-domain.com"
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_TO="me@my-domain.com"
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER="mail.my-domain.com" # if you give your MX here, you need no user/password
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="watchtower@my-domain.com"
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="secret"
|
|
command: --schedule "0 0 4 * * *"
|
|
container_name: egroupware-watchtower
|
|
restart: always
|
|
|
|
# Collabora Online Office
|
|
collabora-key:
|
|
image: "quay.io/egroupware/collabora-key:stable"
|
|
#image: collabora/code:latest
|
|
volumes:
|
|
- collabora-config:/etc/loolwsd
|
|
# support for Collabora/CODE 21.11+
|
|
- collabora-config:/etc/coolwsd
|
|
restart: always
|
|
container_name: collabora-key
|
|
# set the ip-address of your docker host AND your official DNS name so Collabora
|
|
# can access EGroupware without the need to go over your firewall
|
|
#extra_hosts:
|
|
#- "my.host.name:ip-address"
|
|
depends_on:
|
|
- collabora-init
|
|
|
|
# initialise the collabora-config volume
|
|
collabora-init:
|
|
image: "quay.io/egroupware/collabora-key:latest"
|
|
command: bash -c "test -f /tmp/coolwsd/coolwsd.xml || (cp -p /etc/coolwsd/* /tmp/coolwsd && cd /tmp/coolwsd && ln -s coolwsd.conf loolwsd.conf)"
|
|
volumes:
|
|
- collabora-config:/tmp/coolwsd
|
|
|
|
# Rocket.Chat server
|
|
rocketchat:
|
|
image: rocketchat/rocket.chat:latest
|
|
command: bash -c 'for i in `seq 1 30`; do node main.js && s=$$? && break || s=$$?; echo "Tried $$i times. Waiting 5 secs..."; sleep 5; done; (exit $$s)'
|
|
restart: unless-stopped
|
|
volumes:
|
|
- rocketchat-uploads:/app/uploads
|
|
# if EGroupware uses a certificate from a private CA, OAuth authentication will fail, you need to:
|
|
# - have the CA certificate stored at /etc/egroupware-docker/private-ca.crt
|
|
# - uncomment the next 2 lines about the private CA:
|
|
# - /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
|
|
environment:
|
|
# - NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/private-ca.crt
|
|
# IMPORTANT: change ROOT_URL to your actual url eg. https://domain.com/rocketchat
|
|
- ROOT_URL=http://localhost/rocketchat
|
|
- PORT=3000
|
|
- MONGO_URL=mongodb://mongo:27017/rocketchat
|
|
- MONGO_OPLOG_URL=mongodb://mongo:27017/local
|
|
# - HTTP_PROXY=http://proxy.domain.com
|
|
# - HTTPS_PROXY=http://proxy.domain.com
|
|
depends_on:
|
|
- mongo
|
|
container_name: rocketchat
|
|
# set the ip-address of your docker host AND your official DNS name so Rocket.Chat
|
|
# can access EGroupware without the need to go over your firewall
|
|
#extra_hosts:
|
|
#- "my.host.name:ip-address"
|
|
|
|
# MongoDB for Rocket.Chat
|
|
mongo:
|
|
image: mongo:4.2
|
|
restart: unless-stopped
|
|
volumes:
|
|
- mongo:/data/db
|
|
- rocketchat-dumps:/dump
|
|
command: mongod --smallfiles --oplogSize 128 --replSet rs0 --storageEngine=mmapv1
|
|
container_name: rocketchat-mongo
|
|
# this container's job is just run the command to initialize the replica set.
|
|
# it will run the command and remove himself (it will not stay running)
|
|
mongo-init-replica:
|
|
image: mongo:4.2
|
|
command: 'bash -c "for i in `seq 1 30`; do mongo mongo/rocketchat --eval \"rs.initiate({ _id: ''rs0'', members: [ { _id: 0, host: ''localhost:27017'' } ]})\" && s=$$? && break || s=$$?; echo \"Tried $$i times. Waiting 5 secs...\"; sleep 5; done; (exit $$s)"'
|
|
depends_on:
|
|
- mongo
|
|
|
|
# phpMyAdmin
|
|
phpmyadmin:
|
|
restart: unless-stopped
|
|
image: phpmyadmin
|
|
container_name: phpmyadmin
|
|
hostname: phpmyadmin
|
|
# pre 20.1 installs run MariaDB on the host and need to pass the socket (to use egroupware user and it's password only valid on localhost)
|
|
#volumes:
|
|
# - /var/run/mysqld/mysqld.sock:/tmp/mysql.sock
|
|
environment:
|
|
# PMA_HOST: use localhost, if you use a socket (pre 20.1 install) or db for 20.1+ installations
|
|
- PMA_HOST=db
|
|
# phpMyAdmin needs the full URL incl. protocol, domain, path and a trailing slash!
|
|
- PMA_ABSOLUTE_URI=http://localhost/phpmyadmin/
|
|
|
|
# Portainer: Docker GUI (needs to be enabled in nginx.conf too!)
|
|
# portainer:
|
|
# image: portainer/portainer
|
|
# command: -H unix:///var/run/docker.sock
|
|
# restart: always
|
|
# ports:
|
|
# - 9000:9000
|
|
# - 8000:8000
|
|
# volumes:
|
|
# - /var/run/docker.sock:/var/run/docker.sock
|
|
# - portainer_data:/data
|
|
# container_name: portainer |