docker images

2025-09-05 23:40:41 +00:00 · 2023-03-07 21:41:23 +01:00
parent 5a4ddbbe06
commit d8d96e7323
10 changed files with 72 additions and 14 deletions
--- a/pages/dev_ops/hosting/outline.md
+++ b/pages/dev_ops/hosting/outline.md
@@ -0,0 +1,227 @@
+# Outline
+
+[Outline](https://www.getoutline.com/) does not make it suuuper easy to not pay for their hosted version. So a few things are a bit rough. Here the [official docs](https://wiki.generaloutline.com/s/hosting/doc/hosting-outline-nipGaCRBDu).
+
+1. Copy `docker-compose.yaml` and `.env`
+2. Fill in missing values
+3. Manually create a bucket called `wiki` in the minio dashboard.
+
+```yaml
+version: '3.8'
+
+networks:
+  proxy:
+    external: true
+
+services:
+  outline:
+    image: outlinewiki/outline
+    restart: unless-stopped
+    env_file: .env
+    command: sh -c "yarn db:migrate --env production-ssl-disabled && yarn start"
+    depends_on:
+      - db
+      - redis
+      - storage
+    networks:
+      - default
+      - proxy
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.outline.rule=Host(`example.org`)
+      - traefik.http.routers.outline.entrypoints=secure
+      - traefik.http.routers.outline.tls.certresolver=cf
+
+  redis:
+    restart: unless-stopped
+    image: redis
+
+  db:
+    image: postgres:15-alpine
+    restart: unless-stopped
+    volumes:
+      - ./data/db:/var/lib/postgresql/data
+    environment:
+      # PGSSLMODE: disable
+      POSTGRES_USER: user
+      POSTGRES_PASSWORD: pass
+      POSTGRES_DB: outline
+
+  storage:
+    image: minio/minio
+    restart: unless-stopped
+    command: server /data --console-address ":80"
+    volumes:
+      - ./data/s3:/data
+    environment:
+      - MINIO_ROOT_USER=user
+      - MINIO_ROOT_PASSWORD=pass
+      - MINIO_DOMAIN=s3.example.org
+    networks:
+      - proxy
+    labels:
+      - traefik.enable=true
+
+      - traefik.http.routers.s3.rule=Host(`s3.example.org`)
+      - traefik.http.routers.s3.entrypoints=secure
+      - traefik.http.routers.s3.tls.certresolver=cf
+      - traefik.http.routers.s3.service=s3-service
+      - traefik.http.services.s3-service.loadbalancer.server.port=9000
+
+      - traefik.http.routers.s3-dash.rule=Host(`s3-dash.example.org`)
+      - traefik.http.routers.s3-dash.entrypoints=secure
+      - traefik.http.routers.s3-dash.tls.certresolver=cf
+      - traefik.http.routers.s3-dash.service=s3-dash-service
+      - traefik.http.services.s3-dash-service.loadbalancer.server.port=80
+```
+
+```env
+# https://github.com/outline/outline/blob/main/.env.sample
+
+# –––––––––––––––– REQUIRED ––––––––––––––––
+
+NODE_ENV=production
+
+SECRET_KEY=
+UTILS_SECRET=
+
+DATABASE_URL=postgres://user:pass@db:5432/outline
+PGSSLMODE=disable
+
+REDIS_URL=redis://redis:6379
+
+URL=https://example.org
+PORT=3000
+
+COLLABORATION_URL=
+
+AWS_ACCESS_KEY_ID=user
+AWS_SECRET_ACCESS_KEY=pass
+AWS_S3_ACCELERATE_URL=https://s3.example.org/wiki
+AWS_S3_UPLOAD_BUCKET_URL=https://s3.example.org/wiki
+AWS_S3_UPLOAD_BUCKET_NAME=wiki
+AWS_S3_FORCE_PATH_STYLE=false
+
+
+# –––––––––––––– AUTHENTICATION ––––––––––––––
+
+# Third party signin credentials, at least ONE OF EITHER Google, Slack,
+# or Microsoft is required for a working installation or you'll have no sign-in
+# options.
+
+# To configure Slack auth, you'll need to create an Application at
+# => https://api.slack.com/apps
+#
+# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
+# https://<URL>/auth/slack.callback
+SLACK_CLIENT_ID=
+SLACK_CLIENT_SECRET=
+
+# To configure Google auth, you'll need to create an OAuth Client ID at
+# => https://console.cloud.google.com/apis/credentials
+#
+# When configuring the Client ID, add an Authorized redirect URI:
+# https://<URL>/auth/google.callback
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+
+# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See
+# the guide for details on setting up your Azure App:
+# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4
+AZURE_CLIENT_ID=
+AZURE_CLIENT_SECRET=
+AZURE_RESOURCE_APP_ID=
+
+# To configure generic OIDC auth, you'll need some kind of identity provider.
+# See documentation for whichever IdP you use to acquire the following info:
+# Redirect URI is https://<URL>/auth/oidc.callback
+OIDC_CLIENT_ID=
+OIDC_CLIENT_SECRET=
+OIDC_AUTH_URI=
+OIDC_TOKEN_URI=
+OIDC_USERINFO_URI=
+
+# Specify which claims to derive user information from
+# Supports any valid JSON path with the JWT payload
+OIDC_USERNAME_CLAIM=preferred_username
+
+# Display name for OIDC authentication
+OIDC_DISPLAY_NAME=OpenID
+
+# Space separated auth scopes.
+OIDC_SCOPES=openid profile email
+
+
+# –––––––––––––––– OPTIONAL ––––––––––––––––
+
+# Base64 encoded private key and certificate for HTTPS termination. This is only
+# required if you do not use an external reverse proxy. See documentation:
+# https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45
+SSL_KEY=
+SSL_CERT=
+
+# If using a Cloudfront/Cloudflare distribution or similar it can be set below.
+# This will cause paths to javascript, stylesheets, and images to be updated to
+# the hostname defined in CDN_URL. In your CDN configuration the origin server
+# should be set to the same as URL.
+CDN_URL=
+
+# Auto-redirect to https in production. The default is true but you may set to
+# false if you can be sure that SSL is terminated at an external loadbalancer.
+FORCE_HTTPS=false
+
+# Have the installation check for updates by sending anonymized statistics to
+# the maintainers
+ENABLE_UPDATES=true
+
+# How many processes should be spawned. As a reasonable rule divide your servers
+# available memory by 512 for a rough estimate
+WEB_CONCURRENCY=1
+
+# Override the maximum size of document imports, could be required if you have
+# especially large Word documents with embedded imagery
+MAXIMUM_IMPORT_SIZE=5120000
+
+# You can remove this line if your reverse proxy already logs incoming http
+# requests and this ends up being duplicative
+#DEBUG=http
+
+# For a complete Slack integration with search and posting to channels the
+# following configs are also needed, some more details
+# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
+#
+SLACK_VERIFICATION_TOKEN=your_token
+SLACK_APP_ID=A0XXXXXXX
+SLACK_MESSAGE_ACTIONS=true
+
+# Optionally enable google analytics to track pageviews in the knowledge base
+GOOGLE_ANALYTICS_ID=
+
+# Optionally enable Sentry (sentry.io) to track errors and performance,
+# and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI:
+# https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)
+SENTRY_DSN=
+SENTRY_TUNNEL=
+
+# To support sending outgoing transactional emails such as "document updated" or
+# "you've been invited" you'll need to provide authentication for an SMTP server
+SMTP_HOST=
+SMTP_PORT=
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_FROM_EMAIL=
+SMTP_REPLY_EMAIL=
+SMTP_TLS_CIPHERS=
+SMTP_SECURE=true
+
+# The default interface language. See translate.getoutline.com for a list of
+# available language codes and their rough percentage translated.
+DEFAULT_LANGUAGE=en_US
+
+# Optionally enable rate limiter at application web server
+RATE_LIMITER_ENABLED=true
+
+# Configure default throttling parameters for rate limiter
+RATE_LIMITER_REQUESTS=1000
+RATE_LIMITER_DURATION_WINDOW=60
+```