diff --git a/compose/bookstack/.env b/compose/bookstack/.env new file mode 100644 index 0000000..4e796ec --- /dev/null +++ b/compose/bookstack/.env @@ -0,0 +1,41 @@ +DB_PASS= + +# Set OIDC to be the authentication method +AUTH_METHOD=oidc + +# Control if BookStack automatically initiates login via your OIDC system +# if it's the only authentication method. Prevents the need for the +# user to click the "Login with x" button on the login page. +# Setting this to true enables auto-initiation. +AUTH_AUTO_INITIATE=false + +# Set the display name to be shown on the login button. +# (Login with ) +OIDC_NAME=SSO + +# Name of the claims(s) to use for the user's display name. +# Can have multiple attributes listed, separated with a '|' in which +# case those values will be joined with a space. +# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name +OIDC_DISPLAY_NAME_CLAIMS=name + +# OAuth Client ID to access the identity provider +OIDC_CLIENT_ID= + +# OAuth Client Secret to access the identity provider +OIDC_CLIENT_SECRET= + +# Issuer URL +# Must start with 'https://' +OIDC_ISSUER=https://example.domain.com/application/o/book/ + +# The "end session" (RP-initiated logout) URL to call during BookStack logout. +# By default this is false which disables RP-initiated logout. +# Setting to "true" will enable logout if found as supported by auto-discovery. +# Otherwise, this can be set as a specific URL endpoint. +OIDC_END_SESSION_ENDPOINT=false + +# Enable auto-discovery of endpoints and token keys. +# As per the standard, expects the service to serve a +# `/.well-known/openid-configuration` endpoint. +OIDC_ISSUER_DISCOVER=true \ No newline at end of file diff --git a/compose/bookstack/docker-compose.yml b/compose/bookstack/docker-compose.yml new file mode 100644 index 0000000..32e9ac8 --- /dev/null +++ b/compose/bookstack/docker-compose.yml @@ -0,0 +1,48 @@ +networks: + frontend: + external: true + backend: + external: true + +services: + bookstack-public: + image: lscr.io/linuxserver/bookstack + security_opt: + - apparmor:unconfined + container_name: bookstack-public + environment: + - PUID=1000 + - PGID=1000 + - APP_URL=https://example.domain.com + - DB_HOST=mariadb + - DB_PORT=3306 + - DB_USER=bookstack_public + - DB_PASS=${DB_PASS} + - DB_DATABASE=bookstack_public + - AUTH_METHOD=oidc + - AUTH_AUTO_INITIATE=false + - OIDC_NAME=SSO + - OIDC_DISPLAY_NAME_CLAIMS=name + - OIDC_CLIENT_ID=${OIDC_CLIENT_ID} + - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET} + - OIDC_ISSUER=${OIDC_ISSUER} + - OIDC_END_SESSION_ENDPOINT=false + - OIDC_ISSUER_DISCOVER=true + - OIDC_USER_TO_GROUPS=true + - OIDC_GROUPS_CLAIM=groups + - OIDC_ADDITIONAL_SCOPES=groups + - OIDC_REMOVE_FROM_GROUPS=true + volumes: + - /docker/appdata/bookstack-public/config:/config + labels: + - traefik.enable=true + - traefik.http.routers.book.entrypoints=websecure + - traefik.http.routers.book.rule=Host(`example.domain.com`) + - traefik.http.routers.book.tls=true + - traefik.http.routers.book.tls.certresolver=production + - traefik.http.routers.book.service=book + - traefik.http.services.book.loadBalancer.server.port=80 + restart: unless-stopped + networks: + - frontend + - backend \ No newline at end of file