mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-12 00:48:26 +01:00
281 lines
11 KiB
YAML
281 lines
11 KiB
YAML
version: '3'
|
|
volumes:
|
|
# data directory: here are the files stored (/var/lib/egroupware by default)
|
|
data:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
# to upgrade an existing non-docker installation most easy is to use the existing
|
|
# data directory /var/lib/egroupware AND the host database see below
|
|
#device: /var/lib/egroupware
|
|
# otherwise data is stored in data subdirectory of the current directory
|
|
device: $PWD/data
|
|
# sources directory or document root mounted as /var/www inside the container
|
|
sources:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
# use this if you have an existing document root with an egroupware directory inside
|
|
#device: /var/www
|
|
# otherwise sources/document is stored in sources subdirectory of current directory
|
|
device: $PWD/sources
|
|
# sources for push server, swoolpush subdirectory of egroupware
|
|
sources-push:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: $PWD/sources/egroupware/swoolepush
|
|
# volume to store config.inc.php file / token shared between egroupware and push container
|
|
push-config:
|
|
# collabora-config
|
|
collabora-config:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
# to upgrade an existing non-docker installation most easy is to use the existing
|
|
# data directory /var/lib/egroupware AND the host database see below
|
|
#device: /var/lib/egroupware/default/loolwsd
|
|
# otherwise data is stored in data subdirectory of the current directory
|
|
device: $PWD/data/default/loolwsd
|
|
# for Mac and Windows, do NOT use a directory for the DB, as the Docker host is in a VM!
|
|
db:
|
|
sessions:
|
|
# store Rocket.Chat MongoDB on an (internal) Volume
|
|
mongo:
|
|
# directory to store MongoDB dumps
|
|
rocketchat-dumps:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: $PWD/data/default/rocketchat/dump
|
|
rocketchat-uploads:
|
|
driver_opts:
|
|
type: none
|
|
o: bind
|
|
device: $PWD/data/default/rocketchat/uploads
|
|
|
|
services:
|
|
egroupware:
|
|
# you can also use a branch as tags like e.g. "23.1" or a specific release like "23.1.20230911"
|
|
image: egroupware/egroupware:latest
|
|
# setting a default language for a new installation
|
|
#environment:
|
|
#- LANG=de
|
|
volumes:
|
|
- $PWD/sources:/var/www
|
|
- $PWD/data:/var/lib/egroupware
|
|
- $PWD/sessions:/var/lib/php/sessions
|
|
- $PWD/push-config:/var/lib/egroupware-push
|
|
# if you want to use the host database:
|
|
# 1. comment out the whole db service below AND
|
|
# 2. set EGW_DB_HOST=localhost AND
|
|
# 3. uncomment the next line and modify the host path (first one), it depends on your distro:
|
|
# - RHEL/CentOS /var/lib/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
|
|
# - openSUSE/SLE /var/run/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
|
|
# - Debian/Ubuntu /var/run/mysqld:/var/run/mysqld
|
|
#- /var/run/mysqld:/var/run/mysqld
|
|
# private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
|
|
# multiple certificates (eg. a chain) have to be single files in a directory, with one named private-ca.crt!
|
|
#- /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
|
|
environment:
|
|
#
|
|
# MariaDB/MySQL host to use: for internal service use "db", for host database (socket bind-mounted into container) use "localhost"
|
|
- EGW_DB_HOST=db
|
|
# grant host is needed for NOT using localhost / unix domain socket for MySQL/MariaDB
|
|
- EGW_DB_GRANT_HOST=172.%
|
|
# for internal db service you should to specify a root password here AND in db service
|
|
# a database "egroupware" with a random password is created for you on installation (password is stored in header.inc.php in data directory)
|
|
#- EGW_DB_ROOT=root
|
|
- EGW_DB_ROOT_PW=${EGW_DB_ROOT_PW}
|
|
# alternatively you can specify an already existing database with full right by the given user!
|
|
#- EGW_DB_NAME=egroupware
|
|
#- EGW_DB_USER=egroupware
|
|
#- EGW_DB_PASS=
|
|
#
|
|
# other php.ini values to set in the container and their current defaults
|
|
#- EGW_SESSION_TIMEOUT=14000
|
|
#- EGW_APC_SHM_SIZE=128M
|
|
#- EGW_MEMORY_LIMIT=128M
|
|
#- EGW_MAX_EXECUTION_TIME=90
|
|
#
|
|
# further post_install.php arguments can be passed as a single enviroment variable with space separated assignments
|
|
# "<name1>=<value1> <name2>=<value2>" see https://github.com/EGroupware/egroupware/blob/master/doc/rpm-build/post_install.php#L17
|
|
# to configure eg. LDAP for authentication and account storage use
|
|
#- EGW_POST_INSTALL='account-auth=ldap,ldap ldap_base=ou=egroupware,dc=example,dc=org ldap_host=tls://ldap.example.org ldap_admin=cn=admin,$base ldap_admin_pw=secret ldap_context=cn=users,$base ldap_group_context=cn=groups,$base'
|
|
#
|
|
restart: always
|
|
depends_on:
|
|
- db
|
|
container_name: egroupware
|
|
# set the ip-address of your docker host AND your official DNS name so EGroupware
|
|
# can access Rocket.Chat or Collabora without the need to go over your firewall
|
|
#extra_hosts:
|
|
#- "my.host.name:172.17.0.1"
|
|
|
|
nginx:
|
|
image: nginx:stable-alpine
|
|
volumes:
|
|
- $PWD/sources:/var/www:ro
|
|
# to add a certificate create a certificate.pem containing (in that order)
|
|
# 1. private key
|
|
# 2. public key
|
|
# 3. (optional) chain certificates
|
|
# uncomment to the next line
|
|
# ./certificate.pem:/etc/ssl/private/certificate.pem
|
|
# AND uncomment the three lines starting with "listen 443", "ssl_certificate", "ssl_certificate_key" in nginx.conf
|
|
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
|
|
ports:
|
|
# if no webserver is running on the host, change (first) number to 80 and 443
|
|
- "8080:80"
|
|
- "4443:443"
|
|
depends_on:
|
|
- egroupware
|
|
- push
|
|
- collabora-key
|
|
- rocketchat
|
|
container_name: egroupware-nginx
|
|
restart: always
|
|
|
|
# run an own MariaDB:10.6 (you can use EGroupware's database backup and restore to add your existing database)
|
|
db:
|
|
image: mariadb:10.6
|
|
environment:
|
|
#- MYSQL_ROOT=root
|
|
- MYSQL_ROOT_PASSWORD=${EGW_DB_ROOT_PW}
|
|
#- MARIADB_AUTO_UPGRADE=true
|
|
volumes:
|
|
- db:/var/lib/mysql
|
|
# to add an own persistent configuration
|
|
#- ./mariadb.cnf:/etc/mysql/mariadb.conf.d/egroupware.cnf
|
|
container_name: egroupware-db
|
|
restart: always
|
|
# make mysql also available on the host
|
|
#ports:
|
|
#- "3306:3306"
|
|
|
|
# push server using phpswoole
|
|
push:
|
|
image: phpswoole/swoole:latest-alpine
|
|
command:
|
|
- /var/www/server.php
|
|
volumes:
|
|
- $PWD/sources/egroupware/swoolepush:/var/www
|
|
- $PWD/sessions:/var/lib/php/sessions
|
|
- $PWD/push-config:/var/lib/egroupware-push
|
|
container_name: egroupware-push
|
|
restart: always
|
|
depends_on:
|
|
- egroupware
|
|
|
|
# automatic updates of all containers daily at 4am
|
|
# see https://containrrr.github.io/watchtower for more information
|
|
watchtower:
|
|
image: containrrr/watchtower
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
# For automatic EPL Updates (not necessary for CE!) you need to pass docker
|
|
# credentials into watchtower after running: docker login download.egroupware.org
|
|
#- /root/.docker/config.json:/config.json:ro
|
|
environment:
|
|
- WATCHTOWER_CLEANUP=true # delete old image after update to not fill up the disk
|
|
# for email notifications add your email and mail-server here
|
|
#- WATCHTOWER_NOTIFICATIONS=email
|
|
#- WATCHTOWER_NOTIFICATIONS_LEVEL=info # possible values: panic, fatal, error, warn, info or debug
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_FROM="watchtower@my-domain.com"
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_TO="me@my-domain.com"
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER="mail.my-domain.com" # if you give your MX here, you need no user/password
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="watchtower@my-domain.com"
|
|
#- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="secret"
|
|
command: --schedule "0 0 4 * * *"
|
|
container_name: egroupware-watchtower
|
|
restart: always
|
|
|
|
# Collabora Online Office
|
|
collabora-key:
|
|
image: "quay.io/egroupware/collabora-key:stable"
|
|
#image: collabora/code:latest
|
|
volumes:
|
|
#- collabora-config:/etc/loolwsd
|
|
# support for Collabora/CODE 21.11+
|
|
- $PWD/data/default/loolwsd:/etc/coolwsd
|
|
restart: always
|
|
container_name: collabora-key
|
|
# set the ip-address of your docker host AND your official DNS name so Collabora
|
|
# can access EGroupware without the need to go over your firewall
|
|
#extra_hosts:
|
|
#- "my.host.name:172.17.0.1"
|
|
depends_on:
|
|
- collabora-init
|
|
|
|
# initialise the collabora-config volume
|
|
collabora-init:
|
|
image: "quay.io/egroupware/collabora-key:latest"
|
|
command: bash -c "test -f /tmp/coolwsd/coolwsd.xml || (cp -p /etc/coolwsd/* /tmp/coolwsd && cd /tmp/coolwsd && ln -s coolwsd.xml loolwsd.xml && chown -R 33:33 /tmp/coolwsd)"
|
|
volumes:
|
|
- $PWD/data/default/loolwsd:/tmp/coolwsd
|
|
|
|
# Rocket.Chat server
|
|
rocketchat:
|
|
image: rocketchat/rocket.chat:latest
|
|
command: >
|
|
sh -c
|
|
"while true; do
|
|
node main.js &&
|
|
s=$$? && break || s=$$?;
|
|
echo \"Could not reach MongoDB. Waiting 5 secs ...\";
|
|
sleep 5;
|
|
done; (exit $$s)"
|
|
restart: unless-stopped
|
|
volumes:
|
|
- $PWD/data/default/rocketchat/uploads:/app/uploads
|
|
# if EGroupware uses a certificate from a private CA, OAuth authentication will fail, you need to:
|
|
# - have the CA certificate stored at /etc/egroupware-docker/private-ca.crt
|
|
# - uncomment the next 2 lines about the private CA:
|
|
# - /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
|
|
environment:
|
|
# - NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/private-ca.crt
|
|
# IMPORTANT: change ROOT_URL to your actual url eg. https://domain.com/rocketchat
|
|
- ROOT_URL=http://localhost/rocketchat
|
|
- PORT=3000
|
|
- MONGO_URL=mongodb://mongo:27017/rocketchat
|
|
- MONGO_OPLOG_URL=mongodb://mongo:27017/local
|
|
# - HTTP_PROXY=http://proxy.domain.com
|
|
# - HTTPS_PROXY=http://proxy.domain.com
|
|
depends_on:
|
|
- mongo
|
|
container_name: rocketchat
|
|
# set the ip-address of your docker host AND your official DNS name so Rocket.Chat
|
|
# can access EGroupware without the need to go over your firewall
|
|
#extra_hosts:
|
|
#- "my.host.name:172.17.0.1"
|
|
|
|
# MongoDB for Rocket.Chat
|
|
mongo:
|
|
image: mongo:5.0
|
|
restart: unless-stopped
|
|
volumes:
|
|
- mongo:/data/db
|
|
- $PWD/data/default/rocketchat/dump:/dump
|
|
command: mongod --oplogSize 128 --replSet rs0 -
|
|
container_name: rocketchat-mongo
|
|
# this container's job is just run the command to initialize the replica set.
|
|
# it will run the command and remove himself (it will not stay running)
|
|
mongo-init-replica:
|
|
image: mongo:5.0
|
|
command: 'bash -c "for i in `seq 1 30`; do mongo mongo/rocketchat --eval \"rs.initiate({ _id: ''rs0'', members: [ { _id: 0, host: ''localhost:27017'' } ]})\" && s=$$? && break || s=$$?; echo \"Tried $$i times. Waiting 5 secs...\"; sleep 5; done; (exit $$s)"'
|
|
depends_on:
|
|
- mongo
|
|
|
|
# Portainer: Docker GUI (needs to be enabled in nginx.conf too!)
|
|
# portainer:
|
|
# image: portainer/portainer
|
|
# command: -H unix:///var/run/docker.sock
|
|
# restart: always
|
|
# ports:
|
|
# - 9000:9000
|
|
# - 8000:8000
|
|
# volumes:
|
|
# - /var/run/docker.sock:/var/run/docker.sock
|
|
# - portainer_data:/data
|
|
# container_name: portainer |