Initial QSfera import
This commit is contained in:
@@ -0,0 +1,161 @@
|
||||
## Basic Settings ##
|
||||
# Define the docker compose log driver used.
|
||||
# Defaults to local
|
||||
LOG_DRIVER=
|
||||
# If you're on an internet facing server, comment out following line.
|
||||
# It skips certificate validation for various parts of КуСфера and is
|
||||
# needed when self signed certificates are used.
|
||||
INSECURE=true
|
||||
|
||||
## Features ##
|
||||
COMPOSE_FILE=docker-compose.yml:traefik.yml:keycloak.yml:ldap-server.yml
|
||||
|
||||
## Traefik Settings ##
|
||||
# Note: Traefik is always enabled and can't be disabled.
|
||||
# Serve Traefik dashboard.
|
||||
# Defaults to "false".
|
||||
TRAEFIK_DASHBOARD=
|
||||
# Domain of Traefik, where you can find the dashboard.
|
||||
# Defaults to "traefik.qsfera.test"
|
||||
TRAEFIK_DOMAIN=
|
||||
# Basic authentication for the traefik dashboard.
|
||||
# Defaults to user "admin" and password "admin" (written as: "admin:$2y$05$KDHu3xq92SPaO3G8Ybkc7edd51pPLJcG1nWk3lmlrIdANQ/B6r5pq").
|
||||
# To create user:password pair, it's possible to use this command:
|
||||
# echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
|
||||
TRAEFIK_BASIC_AUTH_USERS=
|
||||
# Email address for obtaining LetsEncrypt certificates.
|
||||
# Needs only be changed if this is a public facing server.
|
||||
TRAEFIK_ACME_MAIL=
|
||||
# Set to the following for testing to check the certificate process:
|
||||
# "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
# With staging configured, there will be an SSL error in the browser.
|
||||
# When certificates are displayed and are emitted by # "Fake LE Intermediate X1",
|
||||
# the process went well and the envvar can be reset to empty to get valid certificates.
|
||||
TRAEFIK_ACME_CASERVER=
|
||||
# Enable the Traefik ACME (Automatic Certificate Management Environment) for automatic SSL certificate management.
|
||||
TRAEFIK_SERVICES_TLS_CONFIG="tls.certresolver=letsencrypt"
|
||||
# Enable Traefik to use local certificates.
|
||||
#TRAEFIK_SERVICES_TLS_CONFIG="tls=true"
|
||||
# You also need to provide a config file in ./config/traefik/dynamic/certs.yml
|
||||
# Example:
|
||||
# cat ./config/traefik/dynamic/certs.yml
|
||||
# tls:
|
||||
# certificates:
|
||||
# - certFile: /certs/qsfera.test.crt
|
||||
# keyFile: /certs/qsfera.test.key
|
||||
# stores:
|
||||
# - default
|
||||
#
|
||||
# The certificates need to copied into ./certs/, the absolute path inside the container is /certs/.
|
||||
# You can also use TRAEFIK_CERTS_DIR=/path/on/host to set the path to the certificates directory.
|
||||
# Enable the access log for Traefik by setting the following variable to true.
|
||||
TRAEFIK_ACCESS_LOG=
|
||||
# Configure the log level for Traefik.
|
||||
# Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "PANIC". Default is "ERROR".
|
||||
TRAEFIK_LOG_LEVEL=
|
||||
|
||||
|
||||
## КуСфера Settings ##
|
||||
# The qsfera container image.
|
||||
# For production releases: "qsfera/qsfera"
|
||||
# For rolling releases: "qsfera/qsfera-rolling"
|
||||
# Defaults to production if not set otherwise
|
||||
OC_DOCKER_IMAGE=qsfera/qsfera-rolling
|
||||
# The qsfera container version.
|
||||
# Defaults to "latest" and points to the latest stable tag.
|
||||
OC_DOCKER_TAG=
|
||||
# Domain of qsfera, where you can find the frontend.
|
||||
# Defaults to "cloud.qsfera.test"
|
||||
OC_DOMAIN=
|
||||
# Demo users should not be created on a production instance,
|
||||
# because their passwords are public. Defaults to "false".
|
||||
# If demo users is set to "true", the following user accounts are created automatically:
|
||||
# alan, mary, margaret, dennis and lynn - the password is 'demo' for all.
|
||||
DEMO_USERS=
|
||||
# Admin Password for the КуСфера admin user.
|
||||
# NOTE: This is only needed when using the built-in LDAP server (idm).
|
||||
# If you are using an external LDAP server, the admin password is managed by the LDAP server.
|
||||
# NOTE: This variable needs to be set before the first start of КуСфера. Changes to this variable after the first start will be IGNORED.
|
||||
# If not set, qsfera will not work properly. The container will be restarting.
|
||||
# After the first initialization, the admin password can only be changed via the КуСфера User Settings UI or by using the КуСфера CLI.
|
||||
# Documentation: https://docs.qsfera.eu/docs/admin/resources/common-issues#-change-admin-password-set-in-env
|
||||
INITIAL_ADMIN_PASSWORD=
|
||||
# Define the qsfera loglevel used.
|
||||
#
|
||||
LOG_LEVEL=
|
||||
# Define the kind of logging.
|
||||
# The default log can be read by machines.
|
||||
# Set this to true to make the log human readable.
|
||||
# LOG_PRETTY=true
|
||||
#
|
||||
# Define the qsfera storage location. Set the paths for config and data to a local path.
|
||||
# Ensure that the configuration and data directories are owned by the user and group with ID 1000:1000.
|
||||
# This matches the default user inside the container and avoids permission issues when accessing files.
|
||||
# Note that especially the data directory can grow big.
|
||||
# Leaving it default stores data in docker internal volumes.
|
||||
# OC_CONFIG_DIR=/your/local/qsfera/config
|
||||
# OC_DATA_DIR=/your/local/qsfera/data
|
||||
|
||||
### Compose Configuration ###
|
||||
# Path separator for supplemental compose files specified in COMPOSE_FILE.
|
||||
COMPOSE_PATH_SEPARATOR=:
|
||||
|
||||
### Ldap Settings ###
|
||||
# LDAP is always needed for КуСфера to store user data as there is no relational database.
|
||||
# The built-in LDAP server should used for testing purposes or small installations only.
|
||||
# For production installations, it is recommended to use an external LDAP server.
|
||||
# We are using OpenLDAP as the default LDAP server because it is proven to be stable and reliable.
|
||||
# This LDAP configuration is known to work with КуСфера and provides a blueprint for
|
||||
# configuring an external LDAP server based on other products like Microsoft Active Directory or other LDAP servers.
|
||||
#
|
||||
# Password of LDAP bind user "cn=admin,dc=qsfera,dc=eu". Defaults to "admin"
|
||||
LDAP_BIND_PASSWORD=
|
||||
# The LDAP server also creates an qsfera admin user dn: uid=admin,ou=users,dc=qsfera,dc=eu
|
||||
# The initial password for this user is "admin"
|
||||
# NOTE: This password can only be set once, if you want to change it later, you have to use the КуСфера User Settings UI.
|
||||
# If you changed the password and lost it, you need to execute the following LDAP query to reset it:
|
||||
# enter the ldap-server container with `docker compose exec ldap-server sh`
|
||||
# and run the following command to change the password:
|
||||
# ldappasswd -H ldap://127.0.0.1:1389 -D "cn=admin,dc=qsfera,dc=eu" -W "uid=admin,ou=users,dc=qsfera,dc=eu"
|
||||
# You will be prompted for the LDAP bind password.
|
||||
# The output should provide you a new password for the admin user.
|
||||
|
||||
|
||||
### Keycloak Settings ###
|
||||
# Keycloak is an open-source identity and access management solution.
|
||||
# We are using Keycloak as the default identity provider on production installations.
|
||||
# It can be used to federate authentication with other identity providers like
|
||||
# Microsoft Entra ID, ADFS or other SAML/OIDC providers.
|
||||
# The use of Keycloak as bridge between КуСфера and other identity providers creates more control over the
|
||||
# authentication process, the allowed clients and the session management.
|
||||
# Keycloak also manages the Role Based Access Control (RBAC) for КуСфера.
|
||||
# Keycloak can be used in two different modes:
|
||||
# 1. Autoprovisioning: New users are automatically created in qsfera when they log in for the first time.
|
||||
# 2. Shared User Directory: Users are created in Keycloak and can be used in КуСфера immediately
|
||||
# because the LDAP server is connected to both Keycloak and КуСфера.
|
||||
# Only use one of the two modes at a time.
|
||||
|
||||
## Autoprovisioning Mode ##
|
||||
# Use together with idm/external-idp.yml
|
||||
# If you want to use a keycloak for local testing, you can use testing/external-keycloak.yml and testing/ldap-manager.yml
|
||||
# Domain of your Identity Provider.
|
||||
IDP_DOMAIN=
|
||||
# IdP Issuer URL, which is used to identify the Identity Provider.
|
||||
# We need the complete URL, including the protocol (http or https) and the realm.
|
||||
# Example: "https://keycloak.qsfera.test/realms/qsfera"
|
||||
IDP_ISSUER_URL=
|
||||
# Url of the account edit page from your Identity Provider.
|
||||
IDP_ACCOUNT_URL=
|
||||
|
||||
## Shared User Directory Mode ##
|
||||
# Use together with idm/ldap-keycloak.yml and traefik/ldap-keycloak.yml
|
||||
# Domain for Keycloak. Defaults to "keycloak.qsfera.test".
|
||||
KEYCLOAK_DOMAIN=
|
||||
# Admin user login name. Defaults to "kcadmin".
|
||||
KEYCLOAK_ADMIN=
|
||||
# Admin user login password. Defaults to "admin".
|
||||
KEYCLOAK_ADMIN_PASSWORD=
|
||||
# Keycloak Database username. Defaults to "keycloak".
|
||||
KC_DB_USERNAME=
|
||||
# Keycloak Database password. Defaults to "keycloak".
|
||||
KC_DB_PASSWORD=
|
||||
Reference in New Issue
Block a user