From 2edd8e058c9d4ab335d3997f8b1cb50f032fff39 Mon Sep 17 00:00:00 2001 From: Marcel Folaron Date: Sat, 16 Nov 2024 12:21:18 -0500 Subject: [PATCH] docker updates --- .idea/aws.xml | 11 +++ Dockerfile | 2 +- config/crontab | 2 + config/supervisord.conf | 9 ++- docker-compose.yml | 1 - sample.env | 172 ++++++++++++++++++++++++---------------- 6 files changed, 127 insertions(+), 70 deletions(-) create mode 100644 .idea/aws.xml create mode 100644 config/crontab diff --git a/.idea/aws.xml b/.idea/aws.xml new file mode 100644 index 0000000..b63b642 --- /dev/null +++ b/.idea/aws.xml @@ -0,0 +1,11 @@ + + + + + + \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 44fc2dc..e976f78 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ RUN apk add --no-cache \ ## Installing extensions ## # Running in a single command is worse for caching/build failures, but far better for image size RUN docker-php-ext-install \ - mysqli pdo_mysql mbstring exif pcntl pdo bcmath opcache ldap zip \ + mysqli pdo_mysql mbstring exif pcntl pdo bcmath opcache ldap zip \ && \ docker-php-ext-enable zip \ && \ diff --git a/config/crontab b/config/crontab new file mode 100644 index 0000000..cca2292 --- /dev/null +++ b/config/crontab @@ -0,0 +1,2 @@ +# Run Leantime scheduler every minute +* * * * * php /var/www/html/bin/leantime schedule:run >> /var/log/cron.log 2>&1 diff --git a/config/supervisord.conf b/config/supervisord.conf index d022a69..c9aa87c 100644 --- a/config/supervisord.conf +++ b/config/supervisord.conf @@ -1,6 +1,7 @@ [supervisord] nodaemon=true -logfile=/var/tmp/supervisor.log +logfile=/dev/stdout +loglevel=info logfile_maxbytes=0 pidfile=/run/supervisord.pid @@ -22,3 +23,9 @@ autorestart=true priority=10 startretries=1 numprocs=1 + +[program:cron] +command=/usr/sbin/crond -f -l 8 +autostart=true +autorestart=true +priority=20 diff --git a/docker-compose.yml b/docker-compose.yml index 71aea6e..4ad69bb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,7 +12,6 @@ services: - leantime-net command: --character-set-server=UTF8MB4 --collation-server=UTF8MB4_unicode_ci - leantime: image: leantime/leantime:latest container_name: leantime diff --git a/sample.env b/sample.env index 239b77b..1f01130 100644 --- a/sample.env +++ b/sample.env @@ -29,17 +29,21 @@ LEAN_DB_PORT = '3306' # Database port LEAN_SITENAME = 'Leantime' # Name of your site, can be changed later LEAN_LANGUAGE = 'en-US' # Default language LEAN_DEFAULT_TIMEZONE = 'America/Los_Angeles' # Set default timezone -LEAN_ENABLE_MENU_TYPE = false # Enable to specifiy menu on a project by project basis -LEAN_SESSION_PASSWORD = '3evBlq9zdUEuzKvVJHWWx3QzsQhturBApxwcws2m' #Salting sessions. Replace with a strong password +LEAN_LOG_PATH = '' # Default Log Path (including filename), if not set /logs/error.log will be used +LEAN_DISABLE_LOGIN_FORM = false # If true then don't show the login form (useful only if additional auth method[s] are available) + +## Session Management +LEAN_SESSION_PASSWORD = '3evBlq9zdUEuzKvVJHWWx3QzsQhturBApxwcws2m' # Salting sessions, replace with a strong password LEAN_SESSION_EXPIRATION = 28800 # How many seconds after inactivity should we logout? 28800seconds = 8hours -LEAN_LOG_PATH = null # Default Log Path (including filename), if not set /logs/error.log will be used +LEAN_SESSION_SECURE = false # Cookies only served via https ## Look & Feel, these settings are available in the UI and can be overwritten there. -LEAN_LOGO_PATH = '/images/logo.svg' # Default logo path, can be changed later -LEAN_PRINT_LOGO_URL = '/images/logo.jpg' # Default logo URL use for printing (must be jpg or png format) +LEAN_LOGO_PATH = '/dist/images/logo.svg' # Default logo path, can be changed later +LEAN_PRINT_LOGO_URL = '/dist/images/logo.png' # Default logo URL use for printing (must be jpg or png format) LEAN_DEFAULT_THEME = 'default' # Default theme -LEAN_PRIMARY_COLOR = '#1b75bb' # Primary Theme color -LEAN_SECONDARY_COLOR = '#81B1A8' # Secondary Theme Color +LEAN_PRIMARY_COLOR = '#006d9f' # Primary Theme color +LEAN_SECONDARY_COLOR =' #00a886' # Secondary Theme Color + ## Fileuploads @@ -48,14 +52,14 @@ LEAN_USER_FILE_PATH = 'userfiles/' # Local relative path to stor LEAN_DB_BACKUP_PATH = 'backupdb/' # Local relative path to store backup files, need permission to write # S3 File Uploads -# LEAN_USE_S3 = false # Set to true if you want to use S3 instead of local files -# LEAN_S3_KEY = '' # S3 Key -# LEAN_S3_SECRET = '' # S3 Secret -# LEAN_S3_BUCKET = '' # Your S3 bucket -# LEAN_S3_USE_PATH_STYLE_ENDPOINT = false # Sets the endpoint style: false => https://[bucket].[endpoint] ; true => https://[endpoint]/[bucket] -# LEAN_S3_REGION = '' # S3 region -# LEAN_S3_FOLDER_NAME = '' # Foldername within S3 (can be emtpy) -# LEAN_S3_END_POINT = null # S3 EndPoint S3 Compatible (https://sfo2.digitaloceanspaces.com) +LEAN_USE_S3 = false # Set to true if you want to use S3 instead of local files +LEAN_S3_KEY = '' # S3 Key +LEAN_S3_SECRET = '' # S3 Secret +LEAN_S3_BUCKET = '' # Your S3 bucket +LEAN_S3_USE_PATH_STYLE_ENDPOINT = false # Sets the endpoint style: false => https://[bucket].[endpoint] ; true => https://[endpoint]/[bucket] +LEAN_S3_REGION = '' # S3 region +LEAN_S3_FOLDER_NAME = '' # Foldername within S3 (can be empty) +LEAN_S3_END_POINT = null # S3 EndPoint S3 Compatible (https://sfo2.digitaloceanspaces.com) ## Email LEAN_EMAIL_RETURN = '' # Return email address, needs to be valid email address format @@ -69,73 +73,87 @@ LEAN_EMAIL_SMTP_SECURE = '' # SMTP Security protocol (usu LEAN_EMAIL_SMTP_SSLNOVERIFY = false # SMTP Allow insecure SSL: Don't verify certificate, accept self-signed, etc. LEAN_EMAIL_SMTP_PORT = '' # Port (usually one of 25, 465, 587, 2526) -## Ldap -# LEAN_LDAP_USE_LDAP = false # Set to true if you want to use LDAP -# LEAN_LDAP_LDAP_TYPE = 'OL' # Select the correct directory type. Currently Supported: OL - OpenLdap, AD - Active Directory -# LEAN_LDAP_HOST = '' # FQDN -# LEAN_LDAP_PORT = 389 # Default Port -# LEAN_LDAP_DN = '' # Location of users, example: CN=users,DC=example,DC=com - +## LDAP +LEAN_LDAP_USE_LDAP = false # Set to true if you want to use LDAP +LEAN_LDAP_LDAP_DOMAIN = '' # Domain name after username@ so users can login without domain definition +LEAN_LDAP_LDAP_TYPE = 'OL' # Select the correct directory type. Currently Supported: OL - OpenLdap, AD - Active Directory +LEAN_LDAP_HOST = '' # FQDN +LEAN_LDAP_PORT = 389 # Default Port +LEAN_LDAP_URI = '' # LDAP URI as alternative to hostname and port. Uses ldap://hostname:port +LEAN_LDAP_DN = '' # Location of users, example: CN=users,DC=example,DC=com # Leantime->Ldap attribute mapping -# LEAN_LDAP_KEYS="{ -# \"username\":\"uid\", -# \"groups\":\"memberOf\", -# \"email\":\"mail\", -# \"firstname\":\"displayname\", -# \"lastname\":\"\", -# \"phonenumber\":\"telephoneNumber\" -# }" +LEAN_LDAP_KEYS="{ + \"username\":\"uid\", + \"groups\":\"memberOf\", + \"email\":\"mail\", + \"firstname\":\"displayname\", + \"lastname\":\"\", + \"phone\":\"telephoneNumber\", + \"jobTitle\":\"title\" + \"jobLevel\":\"level\" + \"department\":\"department\" + +}" # For AD use these default attributes # LEAN_LDAP_KEYS="{ # \"username\":\"cn\", -# \"groups\":\"memberof\", +# \"groups\":\"memberOf\", # \"email\":\"mail\", -# \"firstname\":\"givenname\", +# \"firstname\":\"givenName\", # \"lastname\":\"sn\", -# \"phonenumber\":\"telephoneNumber\" +# \"phone\":\"telephoneNumber\", +# \"jobTitle\":\"title\" +# \"jobLevel\":\"level\" +# \"department\":\"department\" # }" -# LEAN_LDAP_DEFAULT_ROLE_KEY = 20 # Default Leantime Role on creation. (set to editor) +LEAN_LDAP_DEFAULT_ROLE_KEY = 20; # Default Leantime Role on creation. (set to editor) # Default role assignments upon first login. -# (Optional) Can be updated later in user settings for each user -# LEAN_LDAP_GROUP_ASSIGNMENT="{ -# \"5\": { -# \"ltRole\":\"readonly\", -# \"ldapRole\":\"readonly\" -# }, -# \"10\": { -# \"ltRole\":\"commenter\", -# \"ldapRole\":\"commenter\" -# }, -# \"20\": { -# \"ltRole\":\"editor\", -# \"ldapRole\":\"editor\" -# }, -# \"30\": { -# \"ltRole\":\"manager\", -# \"ldapRole\":\"manager\" -# }, -# \"40\": { -# \"ltRole\":\"admin\", -# \"ldapRole\":\"administrators\" -# }, -# \"50\": { -# \"ltRole\":\"owner\", -# \"ldapRole\":\"administrators\" -# } -# }" +# optional - Can be updated later in user settings for each user +LEAN_LDAP_GROUP_ASSIGNMENT="{ + \"5\": { + \"ltRole\":\"readonly\", + \"ldapRole\":\"readonly\" + }, + \"10\": { + \"ltRole\":\"commenter\", + \"ldapRole\":\"commenter\" + }, + \"20\": { + \"ltRole\":\"editor\", + \"ldapRole\":\"editor\" + }, + \"30\": { + \"ltRole\":\"manager\", + \"ldapRole\":\"manager\" + }, + \"40\": { + \"ltRole\":\"admin\", + \"ldapRole\":\"administrators\" + }, + \"50\": { + \"ltRole\":\"owner\", + \"ldapRole\":\"administrators\" + } +}" ## OpenID Connect # required -# LEAN_OIDC_ENABLE = false -# LEAN_OIDC_CLIENT_ID = -# LEAN_OIDC_CLIENT_SECRET = +LEAN_OIDC_ENABLE = false +LEAN_OIDC_CLIENT_ID = +LEAN_OIDC_CLIENT_SECRET = -# required - the url for your provider (examples down below) +# required - the URL for your provider (examples down below) #LEAN_OIDC_PROVIDER_URL = +#Create User if it doesn't exist in Leantime db, otherwise fail login +LEAN_OIDC_CREATE_USER = false + +# Default role for users created via OIDC (20 is editor) +LEAN_OIDC_DEFAULT_ROLE = 20 + # optional - these will be read from the well-known configuration if possible #LEAN_OIDC_AUTH_URL_OVERRIDE = #LEAN_OIDC_TOKEN_URL_OVERRIDE = @@ -153,12 +171,32 @@ LEAN_EMAIL_SMTP_PORT = '' # Port (usually one of 25, 46 #LEAN_OIDC_FIELD_EMAIL = #LEAN_OIDC_FIELD_FIRSTNAME = #LEAN_OIDC_FIELD_LASTNAME = +#LEAN_OIDC_FIELD_PHONE = +#LEAN_OIDC_FIELD_JOBTITLE = +#LEAN_OIDC_FIELD_JOBLEVEL= +#LEAN_OIDC_FIELD_DEPARTMENT = -## OpenID Connect setting for github +## OpenID Connect setting for GitHub #LEAN_OIDC_PROVIDER_URL = https://token.actions.githubusercontent.com/ #LEAN_OIDC_AUTH_URL_OVERRIDE = https://github.com/login/oauth/authorize #LEAN_OIDC_TOKEN_URL_OVERRIDE = https://github.com/login/oauth/access_token #LEAN_OIDC_USERINFO_URL_OVERRIDE = https://api.github.com/user,https://api.github.com/user/emails -#LEAN_OIDC_SCOPES = user:email +#LEAN_OIDC_SCOPES = user:email,read:user #LEAN_OIDC_FIELD_EMAIL = 0.email +#LEAN_OIDC_FIELD_FIRSTNAME = name + + +## Redis (for session storage and cache) +LEAN_USE_REDIS = false # Set to true to use redis as session cache +LEAN_REDIS_URL = '' # Add URL path such as tcp://1.2.3.4:6379. If you are using a password, add ?auth=yourverycomplexpasswordhere to your URL +LEAN_REDIS_HOST = '' +LEAN_REDIS_PORT = 6379 +LEAN_REDIS_PASSWORD = '' +LEAN_REDIS_SCHEME = '' + +## Rate limiting +LEAN_RATELIMIT_GENERAL = 1000 +LEAN_RATELIMIT_API = 10 +LEAN_RATELIMIT_AUTH = 20 +