diff --git a/docker/images/config.env b/docker/images/config.env deleted file mode 100644 index 7744ded6e..000000000 --- a/docker/images/config.env +++ /dev/null @@ -1,96 +0,0 @@ -## Should be set to the public domain where penpot is going to be served. -## -## NOTE: If you are going to serve it under different domain than -## 'localhost' without HTTPS, consider setting the -## `disable-secure-session-cookies' flag on the 'PENPOT_FLAGS' -## setting. - -PENPOT_PUBLIC_URI=http://localhost:9001 - -## Feature flags. -PENPOT_FLAGS=enable-registration enable-login disable-email-verification - -## Temporal workaround because of bad builtin default - -PENPOT_HTTP_SERVER_HOST=0.0.0.0 - -## Standard database connection parameters (only postgresql is supported): - -PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot -PENPOT_DATABASE_USERNAME=penpot -PENPOT_DATABASE_PASSWORD=penpot - -## Redis is used for the websockets notifications. - -PENPOT_REDIS_URI=redis://penpot-redis/0 - -## By default, files uploaded by users are stored in local -## filesystem. But it can be configured to store in AWS S3. - -PENPOT_ASSETS_STORAGE_BACKEND=assets-fs -PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets - -## Telemetry. When enabled, a periodical process will send anonymous -## data about this instance. Telemetry data will enable us to learn on -## how the application is used, based on real scenarios. If you want -## to help us, please leave it enabled. - -PENPOT_TELEMETRY_ENABLED=true - -## Email sending configuration. By default, emails are printed in the -## console, but for production usage is recommended to setup a real -## SMTP provider. Emails are used to confirm user registrations. - -PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com -PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com -# PENPOT_SMTP_HOST= -# PENPOT_SMTP_PORT= -# PENPOT_SMTP_USERNAME= -# PENPOT_SMTP_PASSWORD= -# PENPOT_SMTP_TLS=true -# PENPOT_SMTP_SSL=false - -## Comma separated list of allowed domains to register. Empty to allow -## all. - -# PENPOT_REGISTRATION_DOMAIN_WHITELIST="" - -## Authentication providers - -## Google - -# PENPOT_GOOGLE_CLIENT_ID= -# PENPOT_GOOGLE_CLIENT_SECRET= - -## GitHub - -# PENPOT_GITHUB_CLIENT_ID= -# PENPOT_GITHUB_CLIENT_SECRET= - -## GitLab - -# PENPOT_GITLAB_BASE_URI=https://gitlab.com -# PENPOT_GITLAB_CLIENT_ID= -# PENPOT_GITLAB_CLIENT_SECRET= - -## OpenID Connect (since 1.5.0) - -# PENPOT_OIDC_BASE_URI= -# PENPOT_OIDC_CLIENT_ID= -# PENPOT_OIDC_CLIENT_SECRET= - -## LDAP -## -## NOTE: to enable ldap, you will need to put 'enable-login-with-ldap' -## on the 'PENPOT_FLAGS' environment variable. - -# PENPOT_LDAP_HOST=ldap -# PENPOT_LDAP_PORT=10389 -# PENPOT_LDAP_SSL=false -# PENPOT_LDAP_STARTTLS=false -# PENPOT_LDAP_BASE_DN=ou=people,dc=planetexpress,dc=com -# PENPOT_LDAP_BIND_DN=cn=admin,dc=planetexpress,dc=com -# PENPOT_LDAP_BIND_PASSWORD=GoodNewsEveryone -# PENPOT_LDAP_ATTRS_USERNAME=uid -# PENPOT_LDAP_ATTRS_EMAIL=mail -# PENPOT_LDAP_ATTRS_FULLNAME=cn diff --git a/docker/images/docker-compose.yaml b/docker/images/docker-compose.yaml index 5b3ad2a65..586f39873 100644 --- a/docker/images/docker-compose.yaml +++ b/docker/images/docker-compose.yaml @@ -5,20 +5,43 @@ networks: penpot: volumes: - penpot_postgres_data: - penpot_assets_data: + penpot_postgres_v15: + penpot_assets: + # penpot_traefik: + # penpot_minio: services: + ## Traefik service declaration example. Consider using it if you are + ## going to expose penpot to the internet or different host than + ## `localhost`. + + # traefik: + # image: traefik:v2.9 + # networks: + # - penpot + # command: + # - "--api.insecure=true" + # - "--entryPoints.web.address=:80" + # - "--providers.docker=true" + # - "--providers.docker.exposedbydefault=false" + # - "--entryPoints.websecure.address=:443" + # - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" + # - "--certificatesresolvers.letsencrypt.acme.email=" + # - "--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json" + # volumes: + # - "penpot_traefik:/traefik" + # - "/var/run/docker.sock:/var/run/docker.sock" + # ports: + # - "80:80" + # - "443:443" + penpot-frontend: image: "penpotapp/frontend:latest" ports: - 9001:80 volumes: - - penpot_assets_data:/opt/data - - env_file: - - config.env + - penpot_assets:/opt/data depends_on: - penpot-backend @@ -27,51 +50,250 @@ services: networks: - penpot + labels: + - "traefik.enable=true" + + ## HTTP: example of labels for the case if you are going to + ## expose penpot to the internet using only HTTP (without HTTPS) + ## with traefik + + # - "traefik.http.routers.penpot-http.entrypoints=web" + # - "traefik.http.routers.penpot-http.rule=Host(``)" + # - "traefik.http.services.penpot-http.loadbalancer.server.port=80" + + ## HTTPS: example of labels for the case if you are going to + ## expose penpot to the internet using with HTTPS using traefik + + # - "traefik.http.middlewares.http-redirect.redirectscheme.scheme=https" + # - "traefik.http.middlewares.http-redirect.redirectscheme.permanent=true" + # - "traefik.http.routers.penpot-http.entrypoints=web" + # - "traefik.http.routers.penpot-http.rule=Host(``)" + # - "traefik.http.routers.penpot-http.middlewares=http-redirect" + # - "traefik.http.routers.penpot-https.entrypoints=websecure" + # - "traefik.http.routers.penpot-https.rule=Host(``)" + # - "traefik.http.services.penpot-https.loadbalancer.server.port=80" + # - "traefik.http.routers.penpot-https.tls=true" + # - "traefik.http.routers.penpot-https.tls.certresolver=letsencrypt" + + ## Configuration envronment variables for frontend the + ## container. In this case this container only needs the + ## `PENPOT_FLAGS`. This environment variable is shared with other + ## services but not all flags are relevant to all services. + ## + ## Relevant flags for frontend: + ## - demo-users + ## - login-with-github + ## - login-with-gitlab + ## - login-with-google + ## - login-with-ldap + ## - login-with-oidc + ## - login-with-password + ## - registration + ## - webhooks + ## + ## You can read more about all available flags on: + ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration + + environment: + - PENPOT_FLAGS=enable-registration enable-login-with-password + penpot-backend: image: "penpotapp/backend:latest" volumes: - - penpot_assets_data:/opt/data + - penpot_assets:/opt/data depends_on: - penpot-postgres - penpot-redis - env_file: - - config.env - networks: - penpot + ## Configuration envronment variables for backend the + ## container. + ## + ## Relevant flags for backend: + ## - demo-users + ## - email-verification + ## - log-emails + ## - log-invitation-tokens + ## - login-with-github + ## - login-with-gitlab + ## - login-with-google + ## - login-with-ldap + ## - login-with-oidc + ## - login-with-password + ## - registration + ## - secure-session-cookies + ## - smtp + ## - smtp-debug + ## - telemetry + ## - webhooks + ## + ## You can read more about all available flags and other + ## environment variables for the backend here: + ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration + + environment: + - PENPOT_FLAGS=enable-registration enable-login disable-email-verification enable-smtp + + ## Setup initial administration user, uncommit only if you are + ## going to use the penpot-admin; Once uncommented, the special + ## user will be created on application start. This user can only + ## be used for access admin, you will not be able to login with + ## it on penpot application. + + # - PENPOT_SETUP_ADMIN_EMAIL=admin@example.com + # - PENPOT_SETUP_ADMIN_PASSWORD=password + + ## Public URI. If you are going to expose this instance to the + ## internet, or use it under different domain than 'localhost' + ## consider using traefik and set the + ## `disable-secure-session-cookies` if you are not going to + ## serve penpot under HTTPS. + + - PENPOT_PUBLIC_URI=http://localhost:9001 + + ## Database connection parameters. Don't touch them unless you + ## are using custom postgresql connection parameters + + - PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot + - PENPOT_DATABASE_USERNAME=penpot + - PENPOT_DATABASE_PASSWORD=penpot + + ## Redis is used for the websockets notifications. Don't touch + ## unless the redis container has different parameters or + ## different name. + + - PENPOT_REDIS_URI=redis://penpot-redis/0 + + ## Default configuration for assets storage: using filesystem + ## based with all files stored in a docker volume. + + - PENPOT_ASSETS_STORAGE_BACKEND=assets-fs + - PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets + + ## Also can be configured to to use a S3 compatible storage + ## service like MiniIO. Look below for minio service setup. + + # - AWS_ACCESS_KEY_ID= + # - AWS_SECRET_ACCESS_KEY= + # - PENPOT_ASSETS_STORAGE_BACKEND=assets-s3 + # - PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000 + # - PENPOT_STORAGE_ASSETS_S3_BUCKET= + + ## Telemetry. When enabled, a periodical process will send + ## anonymous data about this instance. Telemetry data will + ## enable us to learn on how the application is used, based on + ## real scenarios. If you want to help us, please leave it + ## enabled. You can audit what data we send with the code + ## available on github + - PENPOT_TELEMETRY_ENABLED=true + + ## Example SMTP/Email configuration. By default, emails are sent + ## to the mailcatch service, but for production usage is + ## recommended to setup a real SMTP provider. Emails are used to + ## confirm user registrations & invitations. Look below how + ## mailcatch service is configured. + - PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com + - PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com + - PENPOT_SMTP_HOST=penpot-mailcatch + - PENPOT_SMTP_PORT=1025 + - PENPOT_SMTP_USERNAME= + - PENPOT_SMTP_PASSWORD= + - PENPOT_SMTP_TLS=false + - PENPOT_SMTP_SSL=false + penpot-exporter: image: "penpotapp/exporter:latest" - env_file: - - config.env + networks: + - penpot + environment: # Don't touch it; this uses internal docker network to # communicate with the frontend. - PENPOT_PUBLIC_URI=http://penpot-frontend - networks: - - penpot + + ## Redis is used for the websockets notifications. + - PENPOT_REDIS_URI=redis://penpot-redis/0 penpot-postgres: - image: "postgres:14" + image: "postgres:15" restart: always stop_signal: SIGINT + volumes: + - penpot_postgres_v15:/var/lib/postgresql/data + + networks: + - penpot + environment: - POSTGRES_INITDB_ARGS=--data-checksums - POSTGRES_DB=penpot - POSTGRES_USER=penpot - POSTGRES_PASSWORD=penpot - volumes: - - penpot_postgres_data:/var/lib/postgresql/data - - networks: - - penpot - penpot-redis: image: redis:7 restart: always networks: - penpot + + ## An optional admin application for pentpot. It allows manage + ## users, teams and inspect some parts of the database. You can read + ## more about it on: https://github.com/penpot/penpot-admin + + # penpot-admin: + # image: "penpotapp/admin:alpha" + # networks: + # - penpot + + # depends_on: + # - penpot-postgres + # - penpot-backend + + # environment: + # - PENPOT_PUBLIC_URI=http://localhost:9001 + # - PENPOT_API_URI=http://penpot-frontend/ + + # - PENPOT_DATABASE_HOST=penpot-postgres + # - PENPOT_DATABASE_NAME=penpot + # - PENPOT_DATABASE_USERNAME=penpot + # - PENPOT_DATABASE_PASSWORD=penpot + # - PENPOT_REDIS_URI=redis://penpot-redis/0 + # - PENPOT_DEBUG="false" + + ## A mailcatch service, used as temporal SMTP server. You can access + ## via HTTP to the port 1080 for read all emails the penpot platform + ## has sent. Should be only used as a temporal solution meanwhile + ## you don't have a real SMTP provider configured. + + penpot-mailcatch: + image: sj26/mailcatcher:latest + restart: always + expose: + - '1025' + ports: + - "1080:1080" + + ## Example configuration of MiniIO (S3 compatible object storage + ## service); If you don't have preference, then just use filesystem, + ## this is here just for the completeness. + + # minio: + # image: "minio/minio:latest" + # command: minio server /mnt/data --console-address ":9001" + # + # volumes: + # - "penpot_minio:/mnt/data" + # + # environment: + # - MINIO_ROOT_USER=minioadmin + # - MINIO_ROOT_PASSWORD=minioadmin + # + # ports: + # - 9000:9000 + # - 9001:9001 + +