Last active
December 3, 2020 23:21
-
-
Save corusm/9d4c3e05b0225048339651c4e830a004 to your computer and use it in GitHub Desktop.
Docker Compose for Encrypted Sharelatex Container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.7' | |
| networks: | |
| main: | |
| external: true | |
| services: | |
| proxy: | |
| image: "traefik:v2.2" | |
| container_name: reverse-proxy | |
| restart: always | |
| command: | |
| - --api=true | |
| - --api.insecure=true | |
| - --ping | |
| - --providers.docker=true | |
| - --providers.docker.network=main | |
| - --providers.docker.exposedbydefault=false | |
| - --entrypoints.web.address=:80 | |
| - --entrypoints.web-secure.address=:443 | |
| - --certificatesresolvers.myhttpchallenge.acme.httpchallenge=true | |
| - --certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web | |
| - --certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-v02.api.letsencrypt.org/directory | |
| - --certificatesresolvers.myhttpchallenge.acme.email=postmaster@test.com # Enter E-Mail Adress | |
| - --certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json | |
| - --entrypoints.mongo.address=:27017 | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| # - "27017:27017" # Attention!: just open Port if needed! | |
| networks: | |
| - "main" | |
| volumes: | |
| - ./letsencrypt:/letsencrypt | |
| - /var/run/docker.sock:/var/run/docker.sock:ro | |
| - ./config.toml:/etc/traefik/traefik.config.toml:ro | |
| - ./certs:/etc/certs:ro | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.proxy-https.rule=Host(`proxy.example.com`)" # change example.com with your domain | |
| - "traefik.http.routers.proxy-https.entrypoints=web-secure" | |
| - "traefik.http.routers.proxy-https.tls=true" | |
| - "traefik.http.routers.proxy-https.service=api@internal" | |
| - "traefik.http.routers.proxy-https.middlewares=traefik-auth" | |
| - "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$.LOx3R4y$$/OjdUK3pSGiT/flYY42uS1" # enter new generated Hash | |
| # echo $(htpasswd -nb username password) | sed -e s/\\$/\\$\\$/g | |
| - "traefik.http.routers.proxy-http.rule=Host(`proxy.example.com`)" # change exmample.com with your domain | |
| - "traefik.http.routers.proxy-http.entrypoints=web" | |
| - "traefik.http.routers.proxy-http.middlewares=https_redirect" | |
| - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https" | |
| - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true" | |
| sharelatex: | |
| restart: always | |
| # Server Pro users: | |
| # image: quay.io/sharelatex/sharelatex-pro | |
| image: sharelatex/sharelatex | |
| container_name: sharelatex | |
| depends_on: | |
| mongo: | |
| condition: service_healthy | |
| redis: | |
| condition: service_started | |
| links: | |
| - mongo | |
| - redis | |
| ports: | |
| - 4555:80 | |
| networks: | |
| - "main" | |
| expose: | |
| - 80 | |
| volumes: | |
| - ~/sharelatex_data:/var/lib/sharelatex | |
| - ~/sharelatex_packages:/usr/local/texlive | |
| ######################################################################## | |
| #### Server Pro: Un-comment the following line to mount the docker #### | |
| #### socket, required for Sibling Containers to work #### | |
| ######################################################################## | |
| # - /var/run/docker.sock:/var/run/docker.sock | |
| environment: | |
| SHARELATEX_APP_NAME: Overleaf Workspace # change to custom name | |
| SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex | |
| # Same property, unfortunately with different names in | |
| # different locations | |
| SHARELATEX_REDIS_HOST: redis | |
| REDIS_HOST: redis | |
| ENABLED_LINKED_FILE_TYPES: 'url,project_file' | |
| # Enables Thumbnail generation using ImageMagick | |
| ENABLE_CONVERSIONS: 'true' | |
| # Disables email confirmation requirement | |
| EMAIL_CONFIRMATION_DISABLED: 'true' | |
| # temporary fix for LuaLaTex compiles | |
| # see https://github.com/overleaf/overleaf/issues/695 | |
| TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var | |
| ## Set for SSL via nginx-proxy | |
| # VIRTUAL_HOST: 103.112.212.22 | |
| # SHARELATEX_SITE_URL: http://sharelatex.mydomain.com | |
| # SHARELATEX_NAV_TITLE: Our ShareLaTeX Instance | |
| # SHARELATEX_HEADER_IMAGE_URL: http://somewhere.com/mylogo.png | |
| # SHARELATEX_ADMIN_EMAIL: [email protected] | |
| # SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"},{"text": "Another page I want to link to can be found <a href=\"here\">here</a>"} ]' | |
| # SHARELATEX_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]' | |
| SHARELATEX_EMAIL_FROM_ADDRESS: "[email protected]" # change email | |
| # SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID: | |
| # SHARELATEX_EMAIL_AWS_SES_SECRET_KEY: | |
| # SHARELATEX_EMAIL_SMTP_HOST: smtp.mydomain.com | |
| # SHARELATEX_EMAIL_SMTP_PORT: 587 | |
| # SHARELATEX_EMAIL_SMTP_SECURE: false | |
| # SHARELATEX_EMAIL_SMTP_USER: | |
| # SHARELATEX_EMAIL_SMTP_PASS: | |
| # SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true | |
| # SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false | |
| # SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by department x" | |
| ################ | |
| ## Server Pro ## | |
| ################ | |
| # SANDBOXED_COMPILES: 'true' | |
| # SANDBOXED_COMPILES_SIBLING_CONTAINERS: 'true' | |
| # SANDBOXED_COMPILES_HOST_DIR: '/var/sharelatex_data/data/compiles' | |
| # SYNCTEX_BIN_HOST_PATH: '/var/sharelatex_data/bin/synctex' | |
| # DOCKER_RUNNER: 'false' | |
| ## Works with test LDAP server shown at bottom of docker compose | |
| # SHARELATEX_LDAP_URL: 'ldap://ldap:389' | |
| # SHARELATEX_LDAP_SEARCH_BASE: 'ou=people,dc=planetexpress,dc=com' | |
| # SHARELATEX_LDAP_SEARCH_FILTER: '(uid={{username}})' | |
| # SHARELATEX_LDAP_BIND_DN: 'cn=admin,dc=planetexpress,dc=com' | |
| # SHARELATEX_LDAP_BIND_CREDENTIALS: 'GoodNewsEveryone' | |
| # SHARELATEX_LDAP_EMAIL_ATT: 'mail' | |
| # SHARELATEX_LDAP_NAME_ATT: 'cn' | |
| # SHARELATEX_LDAP_LAST_NAME_ATT: 'sn' | |
| # SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN: 'true' | |
| # SHARELATEX_TEMPLATES_USER_ID: "578773160210479700917ee5" | |
| # SHARELATEX_NEW_PROJECT_TEMPLATE_LINKS: '[ {"name":"All Templates","url":"/templates/all"}]' | |
| # SHARELATEX_PROXY_LEARN: "true" | |
| labels: | |
| - traefik.enable=true | |
| - traefik.http.routers.tex.rule=Host(`tex.example.com`) | |
| - traefik.http.routers.tex.entrypoints=web | |
| - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https | |
| - traefik.http.routers.tex.middlewares=redirect-to-https@docker | |
| - traefik.http.routers.tex-secured.rule=Host(`tex.example.com`) | |
| - traefik.http.routers.tex-secured.tls=true | |
| - traefik.http.routers.tex-secured.tls.certresolver=myhttpchallenge | |
| - traefik.http.routers.tex-secured.entrypoints=web-secure | |
| mongo: | |
| restart: always | |
| image: mongo | |
| container_name: mongo | |
| expose: | |
| - 27017 | |
| networks: | |
| - "main" | |
| volumes: | |
| - ~/mongo_data:/data/db | |
| healthcheck: | |
| test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet | |
| interval: 10s | |
| timeout: 10s | |
| retries: 5 | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.tcp.routers.mongodb.rule=HostSNI(`*`)" | |
| - "traefik.tcp.services.mongodb.loadbalancer.server.port=27017" | |
| - "traefik.tcp.routers.mongodb.tls=true" | |
| - "traefik.tcp.routers.mongodb.entrypoints=mongo" | |
| redis: | |
| restart: always | |
| image: redis:5 | |
| container_name: redis | |
| networks: | |
| - "main" | |
| expose: | |
| - 6379 | |
| volumes: | |
| - ~/redis_data:/data | |
| # ldap: | |
| # restart: always | |
| # image: rroemhild/test-openldap | |
| # container_name: ldap | |
| # expose: | |
| # - 389 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment