forked from wekan/wekan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
start-wekan.bat
647 lines (513 loc) · 25.4 KB
/
start-wekan.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
@ECHO OFF
REM # ------------------- HOWTO ---------------------
REM # https://github.com/wekan/wekan/wiki/Offline
REM #-------------------- REQUIRED SETTINGS START --------------------
REM # Writable path required to exist and be writable for attachments to migrate and work correctly
SET WRITABLE_PATH=..
REM # MongoDB database URL required
SET MONGO_URL=mongodb://127.0.0.1:27017/wekan
REM # If port is 80, must change ROOT_URL to: http://YOUR-WEKAN-SERVER-IPv4-ADDRESS , like http://192.168.0.100
REM # If port is not 80, must change ROOT_URL to: http://YOUR-WEKAN-SERVER-IPv4-ADDRESS:YOUR-PORT-NUMBER , like http://192.168.0.100:2000
REM # If ROOT_URL is not correct, these do not work: translations, uploading attachments.
SET ROOT_URL=http://192.168.0.21
REM # Must change to YOUR-PORT-NUMBER:
SET PORT=80
REM #------------------- REQUIRED SETTINGS END ----------------------
REM #-------------------- OPTIONAL SETTINGS START -------------------
REM # If at public Internet, required different settings:
REM # - For ROOT_URL: https://github.com/wekan/wekan/wiki/Settings
REM # - For SSL/TLS, also at above wiki right menu: config for Caddy/Nginx/Apache
REM ------------------------------------------------------------
REM # Debug OIDC OAuth2 etc.
REM SET DEBUG=true
REM ------------------------------------------------------------
REM # ==== AWS S3 FOR FILES ====
REM # Any region. For example:
REM # us-standard,us-west-1,us-west-2,
REM # eu-west-1,eu-central-1,
REM # ap-southeast-1,ap-northeast-1,sa-east-1
REM #
REM SET S3='{"s3":{"key": "xxx", "secret": "xxx", "bucket": "xxx", "region": "eu-west-1"}}'
REM # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail
REM SET MAIL_URL=smtps://username:[email protected]:587/
REM SET MAIL_FROM="Wekan Boards <[email protected]>"
REM # Currently MAIL_SERVICE is not in use.
REM SET MAIL_SERVICE=Outlook365
REM SET [email protected]
REM SET MAIL_SERVICE_PASSWORD=SecretPassword
REM # ==== NUMBER OF SEARCH RESULTS PER PAGE BY DEFAULT ====
REM SET RESULTS_PER_PAGE=20
REM # If you disable Wekan API with false, Export Board does not work.
SET WITH_API=true
REM # ==== AFTER OIDC LOGIN, ADD USERS AUTOMATICALLY TO THIS BOARD ID ====
REM # https://github.com/wekan/wekan/pull/5098
REM SET DEFAULT_BOARD_ID=abcd1234
REM # ==== RICH TEXT EDITOR IN CARD COMMENTS ====
REM # https://github.com/wekan/wekan/pull/2560
SET RICHER_CARD_COMMENT_EDITOR=false
REM # ==== CARD OPENED, SEND WEBHOOK MESSAGE ====
SET CARD_OPENED_WEBHOOK_ENABLED=false
REM # ==== Allow to shrink attached/pasted image ====
REM # https://github.com/wekan/wekan/pull/2544
REM SET MAX_IMAGE_PIXEL=1024
REM SET IMAGE_COMPRESS_RATIO=80
REM # ==== PASSWORD BRUTE FORCE PROTECTION ====
REM #https://atmospherejs.com/lucasantoniassi/accounts-lockout
REM #Defaults below. Uncomment to change. wekan/server/accounts-lockout.js
REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=3
REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
REM SET ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURES_BERORE=3
REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_LOCKOUT_PERIOD=60
REM SET ACCOUNTS_LOCKOUT_UNKNOWN_USERS_FAILURE_WINDOW=15
REM # ==== ACCOUNT OPTIONS ====
REM SET ACCOUNTS_COMMON_LOGIN_EXPIRATION_IN_DAYS=90
REM # ==== Allow configuration to validate uploaded attachments ====
REM SET ATTACHMENTS_UPLOAD_EXTERNAL_PROGRAM="avscan {file}"
REM SET ATTACHMENTS_UPLOAD_MIME_TYPES="image/*,text/*"
REM SET ATTACHMENTS_UPLOAD_MAX_SIZE=5000000
REM # ==== Allow configuration to validate uploaded avatars ====
REM SET AVATARS_UPLOAD_EXTERNAL_PROGRAM="avscan {file}"
REM SET AVATARS_UPLOAD_MIME_TYPES="image/*"
REM SET AVATARS_UPLOAD_MAX_SIZE=500000
REM # ==== NOTIFICATION TRAY AFTER READ DAYS BEFORE REMOVE =====
REM # Number of days after a notification is read before we remove it.
REM # Default: 2
REM SET NOTIFICATION_TRAY_AFTER_READ_DAYS_BEFORE_REMOVE=2
REM # ==== BIGEVENTS DUE ETC NOTIFICATIONS =====
REM # https://github.com/wekan/wekan/pull/2541
REM # Introduced a system env var BIGEVENTS_PATTERN default as "NONE",
REM # so any activityType matches the pattern, system will send out
REM # notifications to all board members no matter they are watching
REM # or tracking the board or not. Owner of the wekan server can
REM # disable the feature by setting this variable to "NONE" or
REM # change the pattern to any valid regex. i.e. '|' delimited
REM # activityType names.
REM # a) Example
REM SET BIGEVENTS_PATTERN=due
REM # b) All
REM SET BIGEVENTS_PATTERN=received|start|due|end
REM # c) Disabled
SET BIGEVENTS_PATTERN=NONE
REM # ==== EMAIL DUE DATE NOTIFICATION =====
REM # https://github.com/wekan/wekan/pull/2536
REM # System timelines will be showing any user modification for
REM # dueat startat endat receivedat, also notification to
REM # the watchers and if any card is due, about due or past due.
REM # Notify due days, default is None.
REM # SET NOTIFY_DUE_DAYS_BEFORE_AND_AFTER=2,0
REM # Notify due at hour of day. Default every morning at 8am. Can be 0-23.
REM # If env variable has parsing error, use default. Notification sent to watchers.
REM SET NOTIFY_DUE_AT_HOUR_OF_DAY=8
REM # ==== EMAIL NOTIFICATION TIMEOUT, ms =====
REM # Defaut: 30000 ms = 30s
REM SET EMAIL_NOTIFICATION_TIMEOUT=30000
REM # CORS: Set Access-Control-Allow-Origin header. Example: *
REM SET CORS=*
REM # To enable the Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API.
REM SET CORS_ALLOW_HEADERS=Authorization,Content-Type
REM # To enable the Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations. Example: *
REM SET CORS_EXPOSE_HEADERS=*
REM # Optional: Integration with Matomo https://matomo.org that is installed to your server
REM # The address of the server where Matomo is hosted.
REM # example: - MATOMO_ADDRESS=https://example.com/matomo
REM SET MATOMO_ADDRESS=
REM # ==== METRICS ALLOWED IP ADDRESSES ====
REM # https://github.com/wekan/wekan/wiki/Metrics
REM SET METRICS_ALLOWED_IP_ADDRESSES=192.168.0.100,192.168.0.200
REM # The value of the site ID given in Matomo server for Wekan
REM # example: - MATOMO_SITE_ID=12345
REM SET MATOMO_SITE_ID=
REM # The option do not track which enables users to not be tracked by matomo
REM # example: - MATOMO_DO_NOT_TRACK=false
REM SET MATOMO_DO_NOT_TRACK=
REM # The option that allows matomo to retrieve the username:
REM # example: MATOMO_WITH_USERNAME=true
REM SET MATOMO_WITH_USERNAME=false
REM # Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
REM # Setting this to false is not recommended, it also disables all other browser policy protections
REM # and allows all iframing etc. See wekan/server/policy.js
SET BROWSER_POLICY_ENABLED=true
REM # When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
REM SET TRUSTED_URL=
REM # What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
REM # example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
REM SET WEBHOOKS_ATTRIBUTES=
REM ------------------------------------------------------------
REM ## ==== AUTOLOGIN WITH OIDC/OAUTH2 ====
REM ## https://github.com/wekan/wekan/wiki/autologin
REM # SET OIDC_REDIRECTION_ENABLED=true
REM ------------------------------------------------------------
REM # OAUTH2 ORACLE on premise identity manager OIM
REM SET ORACLE_OIM_ENABLED=true
REM ------------------------------------------------------------
REM ## ==== OAUTH2 AZURE ====
REM ## https://github.com/wekan/wekan/wiki/Azure
REM ## 1) Register the application with Azure. Make sure you capture
REM ## the application ID as well as generate a secret key.
REM ## 2) Configure the environment variables. This differs slightly
REM ## by installation type, but make sure you have the following:
REM SET OAUTH2_ENABLED=true
REM ## Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299
REM # SET OAUTH2_CA_CERT=ABCD1234
REM ## Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
REM # SET OAUTH2_ADFS_ENABLED=false
REM ## Azure AD B2C. https://github.com/wekan/wekan/issues/5242
REM # SET OAUTH2_B2C_ENABLED=false
REM ## OAuth2 login style: popup or redirect.
REM SET OAUTH2_LOGIN_STYLE=popup
REM ## Application GUID captured during app registration:
REM SET OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
REM ## Secret key generated during app registration:
REM SET OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
REM SET OAUTH2_SERVER_URL=https://login.microsoftonline.com/
REM SET OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
REM SET OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
REM SET OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
REM ## The claim name you want to map to the unique ID field:
REM SET OAUTH2_ID_MAP=email
REM ## The claim name you want to map to the username field:
REM SET OAUTH2_USERNAME_MAP=email
REM ## The claim name you want to map to the full name field:
REM SET OAUTH2_FULLNAME_MAP=name
REM ## The claim name you want to map to the email field:
REM SET OAUTH2_EMAIL_MAP=email
REM ------------------------------------------------------------
REM ## ==== OAUTH2 Nextcloud ====
REM ## 1) Register the application with Nextcloud: https://your.nextcloud/index.php/settings/admin/security
REM ## Make sure you capture the application ID as well as generate a secret key.
REM ## Use https://your.wekan/_oauth/oidc for the redirect URI.
REM ## 2) Configure the environment variables. This differs slightly
REM ## by installation type, but make sure you have the following:
REM SET OAUTH2_ENABLED=true
REM ## OAuth2 login style: popup or redirect.
REM SET OAUTH2_LOGIN_STYLE=popup
REM ## Application GUID captured during app registration:
REM SET OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
REM ## Secret key generated during app registration:
REM SET OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
REM SET OAUTH2_SERVER_URL=https://your-nextcloud.tld
REM SET OAUTH2_AUTH_ENDPOINT=/index.php/apps/oauth2/authorize
REM SET OAUTH2_USERINFO_ENDPOINT=/ocs/v2.php/cloud/user?format=json
REM SET OAUTH2_TOKEN_ENDPOINT=/index.php/apps/oauth2/api/v1/token
REM ## The claim name you want to map to the unique ID field:
REM SET OAUTH2_ID_MAP=id
REM ## The claim name you want to map to the username field:
REM SET OAUTH2_USERNAME_MAP=id
REM ## The claim name you want to map to the full name field:
REM SET OAUTH2_FULLNAME_MAP=display-name
REM ## The claim name you want to map to the email field:
REM SET OAUTH2_EMAIL_MAP=email
REM ------------------------------------------------------------
REM ## ==== OAUTH2 KEYCLOAK ====
REM ## https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED
REM SET OAUTH2_ENABLED=true
REM ## OAuth2 login style: popup or redirect.
REM SET OAUTH2_LOGIN_STYLE=popup
REM SET OAUTH2_CLIENT_ID=<Keycloak create Client ID>
REM SET OAUTH2_SERVER_URL=<Keycloak server url - https://keycloak.example.com>
REM SET OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
REM SET OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
REM SET OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
REM SET OAUTH2_SECRET=<keycloak client secret>
REM SET OAUTH2_ID_MAP=sub
REM SET OAUTH2_USERNAME_MAP=preferred_username
REM SET OAUTH2_EMAIL_MAP=email
REM SET OAUTH2_FULLNAME_MAP=name
REM ------------------------------------------------------------
REM ## ==== OAUTH2 DOORKEEPER ====
REM ## https://github.com/wekan/wekan/issues/1874
REM ## https://github.com/wekan/wekan/wiki/OAuth2
REM ## Enable the OAuth2 connection
REM SET OAUTH2_ENABLED=true
REM ## OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
REM ## OAuth2 login style: popup or redirect.
REM SET OAUTH2_LOGIN_STYLE=popup
REM ## OAuth2 Client ID.
REM SET OAUTH2_CLIENT_ID=abcde12345
REM ## OAuth2 Secret.
REM SET OAUTH2_SECRET=54321abcde
REM ## OAuth2 Server URL.
REM SET OAUTH2_SERVER_URL=https://chat.example.com
REM ## OAuth2 Authorization Endpoint.
REM SET OAUTH2_AUTH_ENDPOINT=/oauth/authorize
REM ## OAuth2 Userinfo Endpoint.
REM SET OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
REM ## OAuth2 Token Endpoint.
REM SET OAUTH2_TOKEN_ENDPOINT=/oauth/token
REM ## OAUTH2 ID Token Whitelist Fields.
REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=""
REM ## OAUTH2 Request Permissions.
REM SET OAUTH2_REQUEST_PERMISSIONS=openid profile email
REM ## OAuth2 ID Mapping
REM # SET OAUTH2_ID_MAP=
REM ## OAuth2 Username Mapping
REM # SET OAUTH2_USERNAME_MAP=
REM ## OAuth2 Fullname Mapping
REM # SET OAUTH2_FULLNAME_MAP=
REM ## OAuth2 Email Mapping
REM # SET OAUTH2_EMAIL_MAP=
REM ------------------------------------------------------------
REM # Enable the OAuth2 connection
REM # OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
REM # example: OAUTH2_ENABLED=true
REM SET OAUTH2_ENABLED=false
REM # Optional OAuth2 CA Cert, see https://github.com/wekan/wekan/issues/3299
REM SET OAUTH2_CA_CERT=ABCD1234
REM # Use OAuth2 ADFS additional changes. Also needs OAUTH2_ENABLED=true setting.
REM SET OAUTH2_ADFS_ENABLED=false
REM # Use OAuth2 Azure AD B2C. Also requires OAUTH2_ENABLED=true setting . https://github.com/wekan/wekan/issues/5242
REM SET DEFAULT_OAUTH2_B2C_ENABLED=false
REM # OAuth2 Client ID, for example from Rocket.Chat. Example: abcde12345
REM # example: OAUTH2_CLIENT_ID=abcde12345
REM SET OAUTH2_CLIENT_ID=
REM # OAuth2 Secret, for example from Rocket.Chat: Example: 54321abcde
REM # example: OAUTH2_SECRET=54321abcde
REM SET OAUTH2_SECRET=
REM # OAuth2 Server URL, for example Rocket.Chat. Example: https://chat.example.com
REM # example: OAUTH2_SERVER_URL=https://chat.example.com
REM SET OAUTH2_SERVER_URL=
REM # OAuth2 Authorization Endpoint. Example: /oauth/authorize
REM # example: OAUTH2_AUTH_ENDPOINT=/oauth/authorize
REM SET OAUTH2_AUTH_ENDPOINT=
REM # OAuth2 Userinfo Endpoint. Example: /oauth/userinfo
REM # example: OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
REM SET OAUTH2_USERINFO_ENDPOINT=
REM # OAuth2 Token Endpoint. Example: /oauth/token
REM # example: OAUTH2_TOKEN_ENDPOINT=/oauth/token
REM SET OAUTH2_TOKEN_ENDPOINT=
REM # OAUTH2 ID Token Whitelist Fields.
REM SET OAUTH2_ID_TOKEN_WHITELIST_FIELDS=[]
REM # OAUTH2 Request Permissions.
REM SET OAUTH2_REQUEST_PERMISSIONS=openid profile email
REM # OAuth2 ID Mapping
REM SET OAUTH2_ID_MAP=
REM # OAuth2 Username Mapping
REM SET OAUTH2_USERNAME_MAP=
REM # OAuth2 Fullname Mapping
REM SET OAUTH2_FULLNAME_MAP=
REM # OAuth2 Email Mapping
REM SET OAUTH2_EMAIL_MAP=
REM ------------------------------------------------------------
REM ## ==== LDAP: UNCOMMENT ALL TO ENABLE LDAP ====
REM ## https://github.com/wekan/wekan/wiki/LDAP
REM ## Note: Do not add single quotes '' to variables. Having spaces still works without quotes where required.
REM # The default authentication method used if a user does not exist to create and authenticate. Can be set as ldap.
REM # (this is set properly in the Admin Panel, changing this item does not remove Password login option)
REM SET DEFAULT_AUTHENTICATION_METHOD=ldap
REM # LDAP_ENABLE : Enable or not the connection by the LDAP
REM SET LDAP_ENABLE=true
REM # LDAP_PORT : The port of the LDAP server
REM SET LDAP_PORT=389
REM # LDAP_HOST : The host server for the LDAP server
REM SET LDAP_HOST=localhost
REM #-----------------------------------------------------------------
REM # ==== LDAP AD Simple Auth ====
REM # Set to true, if you want to connect with Active Directory by Simple Authentication.
REM # When using AD Simple Auth, LDAP_BASEDN is not needed.
REM SET LDAP_AD_SIMPLE_AUTH=true
REM #-----------------------------------------------------------------
REM # === LDAP User Authentication ===
REM #
REM # a) Option to login to the LDAP server with the user's own username and password, instead of
REM # an administrator key. Default: false (use administrator key).
REM #
REM # b) When using AD Simple Auth, set to true, when login user is used for binding,
REM # and LDAP_BASEDN is not needed.
REM #
REM # Example:
REM SET LDAP_USER_AUTHENTICATION=true
REM # Which field is used to find the user for the user authentication. Default: uid.
REM SET LDAP_USER_AUTHENTICATION_FIELD=uid
REM # === LDAP Default Domain ===
REM #
REM # a) In case AD SimpleAuth is configured, the default domain is appended to the given
REM # loginname for creating the correct username for the bind request to AD.
REM #
REM # b) The default domain of the ldap it is used to create email if the field is not map
REM # correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
REM #
REM # Example :
REM SET LDAP_DEFAULT_DOMAIN=mydomain.com
REM #-----------------------------------------------------------------
REM # ==== LDAP BASEDN Auth ====
REM # LDAP_BASEDN : The base DN for the LDAP Tree
REM # example : LDAP_BASEDN=ou=user,dc=example,dc=org
REM SET LDAP_BASEDN=
REM #-----------------------------------------------------------------
REM # LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
REM # example : LDAP_LOGIN_FALLBACK=true
REM SET LDAP_LOGIN_FALLBACK=false
REM # LDAP_RECONNECT : Reconnect to the server if the connection is lost
REM # example : LDAP_RECONNECT=false
REM SET LDAP_RECONNECT=true
REM # LDAP_TIMEOUT : Overall timeout, in milliseconds
REM # example : LDAP_TIMEOUT=12345
REM SET LDAP_TIMEOUT=10000
REM # LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
REM # example : LDAP_IDLE_TIMEOUT=12345
REM SET LDAP_IDLE_TIMEOUT=10000
REM # LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
REM # example : LDAP_CONNECT_TIMEOUT=12345
REM SET LDAP_CONNECT_TIMEOUT=10000
REM # LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
REM # example : LDAP_AUTHENTIFICATION=true
REM SET LDAP_AUTHENTIFICATION=false
REM # LDAP_AUTHENTIFICATION_USERDN : The search user DN
REM # example: LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
REM SET LDAP_AUTHENTIFICATION_USERDN=
REM # The search user DN - You need quotes when you have spaces in parameters
REM # 2 examples:
REM SET LDAP_AUTHENTIFICATION_USERDN="CN=ldap admin,CN=users,DC=domainmatter,DC=lan"
REM SET LDAP_AUTHENTIFICATION_USERDN="CN=wekan_adm,OU=serviceaccounts,OU=admin,OU=prod,DC=mydomain,DC=com"
REM # LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
REM # example : AUTHENTIFICATION_PASSWORD=admin
REM SET LDAP_AUTHENTIFICATION_PASSWORD=
REM # LDAP_LOG_ENABLED : Enable logs for the module
REM # example : LDAP_LOG_ENABLED=true
REM SET LDAP_LOG_ENABLED=false
REM # LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
REM # example : LDAP_BACKGROUND_SYNC=true
REM SET LDAP_BACKGROUND_SYNC=false
REM # LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
REM # At which interval does the background task sync in milliseconds.
REM # Leave this unset, so it uses default, and does not crash.
REM # https://github.com/wekan/wekan/issues/2354#issuecomment-515305722
SET LDAP_BACKGROUND_SYNC_INTERVAL=''
REM # LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
REM # example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
REM SET LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
REM # LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
REM # example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
REM SET LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
REM # LDAP_ENCRYPTION : If using LDAPS
REM # example : LDAP_ENCRYPTION=ssl
REM SET LDAP_ENCRYPTION=false
REM # LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
REM # example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
REM SET LDAP_CA_CERT=
REM # LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
REM # example : LDAP_REJECT_UNAUTHORIZED=true
REM SET LDAP_REJECT_UNAUTHORIZED=false
REM # LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
REM # example : LDAP_USER_SEARCH_FILTER=
REM SET LDAP_USER_SEARCH_FILTER=
REM # LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
REM # example : LDAP_USER_SEARCH_SCOPE=one
REM SET LDAP_USER_SEARCH_SCOPE=
REM # LDAP_USER_SEARCH_FIELD : Which field is used to find the user
REM # example : LDAP_USER_SEARCH_FIELD=uid
REM SET LDAP_USER_SEARCH_FIELD=
REM # LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
REM # example : LDAP_SEARCH_PAGE_SIZE=12345
REM SET LDAP_SEARCH_PAGE_SIZE=0
REM # LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
REM #33 example : LDAP_SEARCH_SIZE_LIMIT=12345
REM SET LDAP_SEARCH_SIZE_LIMIT=0
REM # LDAP_GROUP_FILTER_ENABLE : Enable group filtering
REM # example : LDAP_GROUP_FILTER_ENABLE=true
REM SET LDAP_GROUP_FILTER_ENABLE=false
REM # LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
REM # example : LDAP_GROUP_FILTER_OBJECTCLASS=group
REM SET LDAP_GROUP_FILTER_OBJECTCLASS=
REM # LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
REM # example :
REM SET LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
REM # LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
REM # example :
REM SET LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
REM # LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
REM # example :
REM SET LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
REM # LDAP_GROUP_FILTER_GROUP_NAME :
REM # example :
REM SET LDAP_GROUP_FILTER_GROUP_NAME=
REM # LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
REM # example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid
REM SET LDAP_UNIQUE_IDENTIFIER_FIELD=
REM # LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
REM # example : LDAP_UTF8_NAMES_SLUGIFY=false
REM SET LDAP_UTF8_NAMES_SLUGIFY=true
REM # LDAP_USERNAME_FIELD : Which field contains the ldap username
REM # example : LDAP_USERNAME_FIELD=username
REM SET LDAP_USERNAME_FIELD=
REM # LDAP_MERGE_EXISTING_USERS :
REM # example : LDAP_MERGE_EXISTING_USERS=true
REM SET LDAP_MERGE_EXISTING_USERS=false
REM # LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
REM # example: LDAP_EMAIL_MATCH_ENABLE=true
REM SET LDAP_EMAIL_MATCH_ENABLE=false
REM # LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
REM # example: LDAP_EMAIL_MATCH_REQUIRE=true
REM SET LDAP_EMAIL_MATCH_REQUIRE=false
REM # LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
REM # example: LDAP_EMAIL_MATCH_VERIFIED=true
REM SET LDAP_EMAIL_MATCH_VERIFIED=false
REM # LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
REM # example: LDAP_EMAIL_FIELD=mail
REM SET LDAP_EMAIL_FIELD=
REM # LDAP_SYNC_USER_DATA :
REM # example : LDAP_SYNC_USER_DATA=true
REM SET LDAP_SYNC_USER_DATA=false
REM # LDAP_SYNC_USER_DATA_FIELDMAP :
REM # example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
REM SET LDAP_SYNC_USER_DATA_FIELDMAP=
REM # The default domain of the ldap it is used to create email if the field is not map correctly
REM # with the LDAP_SYNC_USER_DATA_FIELDMAP is defined in setting LDAP_DEFAULT_DOMAIN above.
REM # LDAP_SYNC_GROUP_ROLES :
REM # example :
REM # SET LDAP_SYNC_GROUP_ROLES=
REM # Enable/Disable syncing of admin status based on ldap groups:
REM SET LDAP_SYNC_ADMIN_STATUS=true
REM # Comma separated list of admin group names to sync.
REM SET LDAP_SYNC_ADMIN_GROUPS=group1,group2
REM ------------------------------------------------
REM # Enable/Disable password login form.
REM SET PASSWORD_LOGIN_ENABLED=true
REM ------------------------------------------------
REM # Login to LDAP automatically with HTTP header.
REM # In below example for siteminder, at right side of = is header name.
REM SET HEADER_LOGIN_ID=HEADERUID
REM SET HEADER_LOGIN_FIRSTNAME=HEADERFIRSTNAME
REM SET HEADER_LOGIN_LASTNAME=HEADERLASTNAME
REM SET HEADER_LOGIN_EMAIL=HEADEREMAILADDRESS
REM ------------------------------------------------
REM # LOGOUT_WITH_TIMER : Enables or not the option logout with timer
REM # example : LOGOUT_WITH_TIMER=true
REM SET LOGOUT_WITH_TIMER=
REM # LOGOUT_IN : The number of days
REM # example : LOGOUT_IN=1
REM SET LOGOUT_IN=
REM # LOGOUT_ON_HOURS : The number of hours
REM # example : LOGOUT_ON_HOURS=9
REM SET LOGOUT_ON_HOURS=
REM # LOGOUT_ON_MINUTES : The number of minutes
REM # example : LOGOUT_ON_MINUTES=55
REM SET LOGOUT_ON_MINUTES=
REM ## https://github.com/wekan/wekan/wiki/CAS
REM SET CAS_ENABLED=true
REM SET CAS_BASE_URL=https://cas.example.com/cas
REM SET CAS_LOGIN_URL=https://cas.example.com/login
REM SET CAS_VALIDATE_URL=https://cas.example.com/cas/p3/serviceValidate
REM ## https://github.com/wekan/wekan/wiki/SAML
REM SET SAML_ENABLED=true
REM SET SAML_PROVIDER=
REM SET SAML_ENTRYPOINT=
REM SET SAML_ISSUER=
REM SET SAML_CERT=
REM SET SAML_IDPSLO_REDIRECTURL=
REM SET SAML_PRIVATE_KEYFILE=
REM SET SAML_PUBLIC_CERTFILE=
REM SET SAML_IDENTIFIER_FORMAT=
REM SET SAML_LOCAL_PROFILE_MATCH_ATTRIBUTE=
REM SET SAML_ATTRIBUTES=
REM # Wait spinner to use https://github.com/wekan/wekan/wiki/Wait-Spinners
REM SET WAIT_SPINNER=Bounce
REM # https://github.com/wekan/wekan/issues/3585#issuecomment-1021522132
REM # Add more Node heap:
REM # SET NODE_OPTIONS="--max_old_space_size=4096"
REM # Add more stack. ulimit is not at Windows, stack-size is at Windows:
REM # bash -c "ulimit -s 65500; exec node --stack-size=65500 main.js"
REM #node --stack-size=65500 main.js
REM #-------------------- OPTIONAL SETTINGS END --------------------
node main.js