Upload files to "compose/bookstack"

2024-12-20 22:34:18 +01:00 · 2024-12-20 22:34:18 +01:00 · 1c88602b27
commit 1c88602b27
parent 02e9b7bed7
2 changed files with 89 additions and 0 deletions
--- a/compose/bookstack/.env
+++ b/compose/bookstack/.env
@ -0,0 +1,41 @@
+DB_PASS=
+
+# Set OIDC to be the authentication method
+AUTH_METHOD=oidc
+
+# Control if BookStack automatically initiates login via your OIDC system 
+# if it's the only authentication method. Prevents the need for the
+# user to click the "Login with x" button on the login page.
+# Setting this to true enables auto-initiation.
+AUTH_AUTO_INITIATE=false
+
+# Set the display name to be shown on the login button.
+# (Login with <name>)
+OIDC_NAME=SSO
+
+# Name of the claims(s) to use for the user's display name.
+# Can have multiple attributes listed, separated with a '|' in which 
+# case those values will be joined with a space.
+# Example: OIDC_DISPLAY_NAME_CLAIMS=given_name|family_name
+OIDC_DISPLAY_NAME_CLAIMS=name
+
+# OAuth Client ID to access the identity provider
+OIDC_CLIENT_ID=
+
+# OAuth Client Secret to access the identity provider
+OIDC_CLIENT_SECRET=
+
+# Issuer URL
+# Must start with 'https://'
+OIDC_ISSUER=https://example.domain.com/application/o/book/
+
+# The "end session" (RP-initiated logout) URL to call during BookStack logout.
+# By default this is false which disables RP-initiated logout.
+# Setting to "true" will enable logout if found as supported by auto-discovery.
+# Otherwise, this can be set as a specific URL endpoint.
+OIDC_END_SESSION_ENDPOINT=false
+
+# Enable auto-discovery of endpoints and token keys.
+# As per the standard, expects the service to serve a 
+# `<issuer>/.well-known/openid-configuration` endpoint.
+OIDC_ISSUER_DISCOVER=true
--- a/compose/bookstack/docker-compose.yml
+++ b/compose/bookstack/docker-compose.yml
@ -0,0 +1,48 @@
+networks:
+  frontend:
+    external: true
+  backend:
+    external: true
+
+services:
+  bookstack-public:
+    image: lscr.io/linuxserver/bookstack
+    security_opt:
+      - apparmor:unconfined
+    container_name: bookstack-public
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - APP_URL=https://example.domain.com
+      - DB_HOST=mariadb
+      - DB_PORT=3306
+      - DB_USER=bookstack_public
+      - DB_PASS=${DB_PASS}
+      - DB_DATABASE=bookstack_public
+      - AUTH_METHOD=oidc
+      - AUTH_AUTO_INITIATE=false
+      - OIDC_NAME=SSO
+      - OIDC_DISPLAY_NAME_CLAIMS=name
+      - OIDC_CLIENT_ID=${OIDC_CLIENT_ID}
+      - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
+      - OIDC_ISSUER=${OIDC_ISSUER}
+      - OIDC_END_SESSION_ENDPOINT=false
+      - OIDC_ISSUER_DISCOVER=true
+      - OIDC_USER_TO_GROUPS=true
+      - OIDC_GROUPS_CLAIM=groups
+      - OIDC_ADDITIONAL_SCOPES=groups
+      - OIDC_REMOVE_FROM_GROUPS=true
+    volumes:
+      - /docker/appdata/bookstack-public/config:/config
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.book.entrypoints=websecure
+      - traefik.http.routers.book.rule=Host(`example.domain.com`)
+      - traefik.http.routers.book.tls=true
+      - traefik.http.routers.book.tls.certresolver=production
+      - traefik.http.routers.book.service=book
+      - traefik.http.services.book.loadBalancer.server.port=80
+    restart: unless-stopped
+    networks:
+      - frontend
+      - backend