wuhanstudio
/
trustai-uk
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial Commit

This commit is contained in:
Han Wu 2021-12-02 11:56:20 +00:00
commit a7899575a8
30 changed files with 2366 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
sharelatex_data/
gitlab/
letsencrypt/

6
.gitmodules vendored Normal file
View File

@ -0,0 +1,6 @@
[submodule "trustai-mainpage"]
path = trustai-mainpage
url = https://github.com/wuhanstudio/trustai-mainpage
[submodule "sharelatex"]
path = sharelatex
url = https://github.com/sharelatex/sharelatex

5
authelia/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
gnore everything in this directory
*
# Except this file
!.gitignore

24
deep-compose.yml Normal file
View File

@ -0,0 +1,24 @@
version: "3.3"
services:
nginx:
image: wuhanstudio/deepapi:latest
deploy:
replicas: 4
labels:
- "traefik.enable=true"
- "traefik.http.routers.deep.rule=Host(`deep.trustai.uk`)"
- "traefik.http.routers.deep.entrypoints=web"
- "traefik.http.services.deep.loadbalancer.server.port=8080"
# TLS
- "traefik.http.routers.deeps.rule=Host(`deep.trustai.uk`)"
- "traefik.http.routers.deeps.entrypoints=websecure"
- "traefik.http.routers.deeps.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.deep.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
- traefik-public
networks:
traefik-public:
external: true

37
gitlab-compose.yml Normal file
View File

@ -0,0 +1,37 @@
version: '3'
services:
gitlab:
image: gitlab/gitlab-ce:13.5.5-ce.0
#ports:
# - "2222:22"
volumes:
- ./gitlab/config:/etc/gitlab
- ./gitlab/logs:/var/log/gitlab
- ./gitlab/data:/var/opt/gitlab
networks:
- traefik-public
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.trustai.uk'
nginx['listen_port'] = 80
letsencrypt['enable'] = false
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitlab.rule=Host(`gitlab.trustai.uk`)"
- "traefik.http.routers.gitlab.entrypoints=web"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.gitlabs.rule=Host(`gitlab.trustai.uk`)"
- "traefik.http.routers.gitlabs.entrypoints=websecure"
- "traefik.http.routers.gitlabs.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.gitlab.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
gitlab-runner:
image: gitlab/gitlab-runner:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
traefik-public:
external: true

26
grafana-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: "3.3"
services:
nginx:
image: nginx:stable-alpine
volumes:
- ./nginx-grafana.conf:/etc/nginx/nginx.conf
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`monitor.trustai.uk`)"
- "traefik.http.routers.grafana.entrypoints=web"
- "traefik.http.services.grafana.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.grafanas.rule=Host(`monitor.trustai.uk`)"
- "traefik.http.routers.grafanas.entrypoints=websecure"
- "traefik.http.routers.grafanas.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.grafana.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
- traefik-public
networks:
traefik-public:
external: true

22
hello-compose.yml Normal file
View File

@ -0,0 +1,22 @@
version: '3'
services:
helloworld:
image: tutum/hello-world:latest
networks:
- traefik-public
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.helloworld.rule=Host(`hello.trustai.uk`)"
- "traefik.http.routers.helloworld.entrypoints=web"
- "traefik.http.services.helloworld.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.helloworlds.rule=Host(`hello.trustai.uk`)"
- "traefik.http.routers.helloworlds.entrypoints=websecure"
- "traefik.http.routers.helloworlds.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.helloworld.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
traefik-public:
external: true

26
jupyterhub-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: "3.3"
services:
nginx:
image: nginx:stable-alpine
volumes:
- ./nginx-jupyterhub.conf:/etc/nginx/nginx.conf
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.jupyterhub.rule=Host(`workshop.trustai.uk`)"
- "traefik.http.routers.jupyterhub.entrypoints=web"
- "traefik.http.services.jupyterhub.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.jupyterhubs.rule=Host(`workshop.trustai.uk`)"
- "traefik.http.routers.jupyterhubs.entrypoints=websecure"
- "traefik.http.routers.jupyterhubs.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.jupyterhub.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
- traefik-public
networks:
traefik-public:
external: true

93
nginx-grafana.conf Normal file
View File

@ -0,0 +1,93 @@
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# Web socket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name monitor.trustai.uk;
error_page 404 /notfound.html;
location / {
# Web proxy support
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://192.168.1.141:3000;
# Web socket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Origin "";
proxy_read_timeout 86400;
}
}
}

93
nginx-jupyterhub.conf Normal file
View File

@ -0,0 +1,93 @@
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# Web socket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name workshop.trustai.uk;
error_page 404 /notfound.html;
location / {
# Web proxy support
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://192.168.1.103:8000;
# Web socket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Origin "";
proxy_read_timeout 86400;
}
}
}

94
nginx-proxmox.conf Normal file
View File

@ -0,0 +1,94 @@
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 10G;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# Web socket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name proxmox.trustai.uk;
error_page 404 /notfound.html;
location / {
# Web proxy support
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://192.168.1.101:8006;
# Web socket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Origin "";
proxy_read_timeout 86400;
}
}
}

93
nginx-studio.conf Normal file
View File

@ -0,0 +1,93 @@
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# Web socket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name studio.trustai.uk;
error_page 404 /notfound.html;
location / {
# Web proxy support
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://192.168.1.141:8080;
# Web socket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Origin "";
proxy_read_timeout 86400;
}
}
}

93
nginx-tutor.conf Normal file
View File

@ -0,0 +1,93 @@
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
# Web socket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name tutor.trustai.uk;
error_page 404 /notfound.html;
location / {
# Web proxy support
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass http://192.168.1.141:8080;
# Web socket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Origin "";
proxy_read_timeout 86400;
}
}
}

54
nginx.conf Normal file
View File

@ -0,0 +1,54 @@
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
client_max_body_size 5G;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name home.trustai.uk;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 404 /notfound.html;
location = /notfound.html {
root /usr/share/nginx/html;
internal;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
}

26
owncloud-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: '3'
services:
owncloud:
image: owncloud:10
volumes:
- /mnt/storage0_8/owncloud:/var/www/html
networks:
- traefik-public
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.owncloud.rule=Host(`cloud.trustai.uk`)"
- "traefik.http.routers.owncloud.entrypoints=web"
- "traefik.http.services.owncloud.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.ownclouds.rule=Host(`cloud.trustai.uk`)"
- "traefik.http.routers.ownclouds.entrypoints=websecure"
- "traefik.http.routers.ownclouds.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.owncloud.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
traefik-public:
external: true

22
pass-compose.yml Normal file
View File

@ -0,0 +1,22 @@
version: '3'
services:
helloworld:
image: wuhanstudio/master-password:latest
networks:
- traefik-public
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.pass.rule=Host(`pass.trustai.uk`)"
- "traefik.http.routers.pass.entrypoints=web"
- "traefik.http.services.pass.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.passs.rule=Host(`pass.trustai.uk`)"
- "traefik.http.routers.passs.entrypoints=websecure"
- "traefik.http.routers.passs.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.helloworld.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
traefik-public:
external: true

47
portainer-compose.yml Normal file
View File

@ -0,0 +1,47 @@
version: "3"
services:
agent:
image: portainer/agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- traefik-public
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
- traefik-public
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.trustai.uk`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
# TLS
- "traefik.http.routers.portainers.rule=Host(`portainer.trustai.uk`)"
- "traefik.http.routers.portainers.entrypoints=websecure"
- "traefik.http.routers.portainers.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.portainer.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
volumes:
portainer_data:
networks:
traefik-public:
external: true

26
proxmox-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: "3.3"
services:
nginx:
image: nginx:stable-alpine
volumes:
- ./nginx-proxmox.conf:/etc/nginx/nginx.conf
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.proxmox.rule=Host(`proxmox.trustai.uk`)"
- "traefik.http.routers.proxmox.entrypoints=web"
- "traefik.http.services.proxmox.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.proxmoxs.rule=Host(`proxmox.trustai.uk`)"
- "traefik.http.routers.proxmoxs.entrypoints=websecure"
- "traefik.http.routers.proxmoxs.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.proxmox.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
- traefik-public
networks:
traefik-public:
external: true

69
robots/nginx.conf Normal file
View File

@ -0,0 +1,69 @@
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server{
listen 80;
server_name _;
root /usr/share/nginx/html;
index index.html;
}
}

26
robots/robots-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: "3.3"
services:
nginx:
image: nginx:stable-alpine
volumes:
- ./www:/usr/share/nginx/html
- ./nginx.conf:/etc/nginx/nginx.conf
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.robot.rule=Host(`robots.trustai.uk`)"
- "traefik.http.routers.robot.entrypoints=web"
- "traefik.http.services.robot.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.robots.rule=Host(`robots.trustai.uk`)"
- "traefik.http.routers.robots.entrypoints=websecure"
- "traefik.http.routers.robots.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.robot.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
- traefik-public
networks:
traefik-public:
external: true

548
robots/www/index.html Normal file
View File

File diff suppressed because one or more lines are too long

569
settings.coffee Normal file
View File

@ -0,0 +1,569 @@
Path = require('path')
# These credentials are used for authenticating api requests
# between services that may need to go over public channels
httpAuthUser = "sharelatex"
httpAuthPass = process.env["WEB_API_PASSWORD"]
httpAuthUsers = {}
httpAuthUsers[httpAuthUser] = httpAuthPass
parse = (option)->
if option?
try
opt = JSON.parse(option)
return opt
catch err
throw new Error("problem parsing #{option}, invalid JSON")
parseIntOrFail = (value)->
parsedValue = parseInt(value, 10)
if isNaN(parsedValue)
throw new Error("'#{value}' is an invalid integer")
return parsedValue
DATA_DIR = '/var/lib/sharelatex/data'
TMP_DIR = '/var/lib/sharelatex/tmp'
settings =
clsi:
optimiseInDocker: process.env['OPTIMISE_PDF'] == 'true'
brandPrefix: ""
allowAnonymousReadAndWriteSharing:
process.env['SHARELATEX_ALLOW_ANONYMOUS_READ_AND_WRITE_SHARING'] == 'true'
# Databases
# ---------
# ShareLaTeX's main persistant data store is MongoDB (http://www.mongodb.org/)
# Documentation about the URL connection string format can be found at:
#
# http://docs.mongodb.org/manual/reference/connection-string/
#
# The following works out of the box with Mongo's default settings:
mongo:
url : process.env["SHARELATEX_MONGO_URL"] or 'mongodb://dockerhost/sharelatex'
# Redis is used in ShareLaTeX for high volume queries, like real-time
# editing, and session management.
#
# The following config will work with Redis's default settings:
redis:
web: redisConfig =
host: process.env["SHARELATEX_REDIS_HOST"] or "dockerhost"
port: process.env["SHARELATEX_REDIS_PORT"] or "6379"
password: process.env["SHARELATEX_REDIS_PASS"] or ""
key_schema:
# document-updater
blockingKey: ({doc_id}) -> "Blocking:#{doc_id}"
docLines: ({doc_id}) -> "doclines:#{doc_id}"
docOps: ({doc_id}) -> "DocOps:#{doc_id}"
docVersion: ({doc_id}) -> "DocVersion:#{doc_id}"
docHash: ({doc_id}) -> "DocHash:#{doc_id}"
projectKey: ({doc_id}) -> "ProjectId:#{doc_id}"
docsInProject: ({project_id}) -> "DocsIn:#{project_id}"
ranges: ({doc_id}) -> "Ranges:#{doc_id}"
# document-updater:realtime
pendingUpdates: ({doc_id}) -> "PendingUpdates:#{doc_id}"
# document-updater:history
uncompressedHistoryOps: ({doc_id}) -> "UncompressedHistoryOps:#{doc_id}"
docsWithHistoryOps: ({project_id}) -> "DocsWithHistoryOps:#{project_id}"
# document-updater:lock
blockingKey: ({doc_id}) -> "Blocking:#{doc_id}"
# track-changes:lock
historyLock: ({doc_id}) -> "HistoryLock:#{doc_id}"
historyIndexLock: ({project_id}) -> "HistoryIndexLock:#{project_id}"
# track-chanegs:history
uncompressedHistoryOps: ({doc_id}) -> "UncompressedHistoryOps:#{doc_id}"
docsWithHistoryOps: ({project_id}) -> "DocsWithHistoryOps:#{project_id}"
# realtime
clientsInProject: ({project_id}) -> "clients_in_project:#{project_id}"
connectedUser: ({project_id, client_id})-> "connected_user:#{project_id}:#{client_id}"
fairy: redisConfig
# track-changes and document-updater
realtime: redisConfig
documentupdater: redisConfig
lock: redisConfig
history: redisConfig
websessions: redisConfig
api: redisConfig
pubsub: redisConfig
project_history: redisConfig
# The compile server (the clsi) uses a SQL database to cache files and
# meta-data. sqllite is the default, and the load is low enough that this will
# be fine in production (we use sqllite at sharelatex.com).
#
# If you want to configure a different database, see the Sequelize documentation
# for available options:
#
# https://github.com/sequelize/sequelize/wiki/API-Reference-Sequelize#example-usage
#
mysql:
clsi:
database: "clsi"
username: "clsi"
password: ""
dialect: "sqlite"
storage: Path.join(DATA_DIR, "db.sqlite")
# File storage
# ------------
# ShareLaTeX can store binary files like images either locally or in Amazon
# S3. The default is locally:
filestore:
backend: "fs"
stores:
user_files: Path.join(DATA_DIR, "user_files")
template_files: Path.join(DATA_DIR, "template_files")
# To use Amazon S3 as a storage backend, comment out the above config, and
# uncomment the following, filling in your key, secret, and bucket name:
#
# filestore:
# backend: "s3"
# stores:
# user_files: "BUCKET_NAME"
# s3:
# key: "AWS_KEY"
# secret: "AWS_SECRET"
#
trackchanges:
continueOnError: true
# Local disk caching
# ------------------
path:
# If we ever need to write something to disk (e.g. incoming requests
# that need processing but may be too big for memory), then write
# them to disk here:
dumpFolder: Path.join(TMP_DIR, "dumpFolder")
# Where to write uploads before they are processed
uploadFolder: Path.join(TMP_DIR, "uploads")
# Where to write the project to disk before running LaTeX on it
compilesDir: Path.join(DATA_DIR, "compiles")
# Where to cache downloaded URLs for the CLSI
clsiCacheDir: Path.join(DATA_DIR, "cache")
# Server Config
# -------------
# Where your instance of ShareLaTeX can be found publicly. This is used
# when emails are sent out and in generated links:
siteUrl: siteUrl = process.env["SHARELATEX_SITE_URL"] or 'http://localhost'
# The name this is used to describe your ShareLaTeX Installation
appName: process.env["SHARELATEX_APP_NAME"] or "ShareLaTeX (Community Edition)"
restrictInvitesToExistingAccounts: process.env["SHARELATEX_RESTRICT_INVITES_TO_EXISTING_ACCOUNTS"] == 'true'
nav:
title: process.env["SHARELATEX_NAV_TITLE"] or process.env["SHARELATEX_APP_NAME"] or "ShareLaTeX Community Edition"
# The email address which users will be directed to as the main point of
# contact for this installation of ShareLaTeX.
adminEmail: process.env["SHARELATEX_ADMIN_EMAIL"] or "wuhanstudio@qq.com"
# If provided, a sessionSecret is used to sign cookies so that they cannot be
# spoofed. This is recommended.
security:
sessionSecret: process.env["SHARELATEX_SESSION_SECRET"] or process.env["CRYPTO_RANDOM"]
# These credentials are used for authenticating api requests
# between services that may need to go over public channels
httpAuthUsers: httpAuthUsers
# Should javascript assets be served minified or not.
useMinifiedJs: true
# Should static assets be sent with a header to tell the browser to cache
# them. This should be false in development where changes are being made,
# but should be set to true in production.
cacheStaticAssets: true
# If you are running ShareLaTeX over https, set this to true to send the
# cookie with a secure flag (recommended).
secureCookie: process.env["SHARELATEX_SECURE_COOKIE"]?
# If you are running ShareLaTeX behind a proxy (like Apache, Nginx, etc)
# then set this to true to allow it to correctly detect the forwarded IP
# address and http/https protocol information.
behindProxy: process.env["SHARELATEX_BEHIND_PROXY"] or false
i18n:
subdomainLang:
www: {lngCode:process.env["SHARELATEX_SITE_LANGUAGE"] or "en", url: siteUrl}
defaultLng: process.env["SHARELATEX_SITE_LANGUAGE"] or "en"
currentImageName: process.env["TEX_LIVE_DOCKER_IMAGE"]
apis:
web:
url: "http://localhost:3000"
user: httpAuthUser
pass: httpAuthPass
project_history:
enabled: false
references:{}
notifications:undefined
defaultFeatures:
collaborators: -1
dropbox: true
versioning: true
compileTimeout: parseIntOrFail(process.env["COMPILE_TIMEOUT"] or 180)
compileGroup: "standard"
trackChanges: true
templates: true
references: true
## OPTIONAL CONFIGERABLE SETTINGS
if process.env["SHARELATEX_LEFT_FOOTER"]?
try
settings.nav.left_footer = JSON.parse(process.env["SHARELATEX_LEFT_FOOTER"])
catch e
console.error("could not parse SHARELATEX_LEFT_FOOTER, not valid JSON")
if process.env["SHARELATEX_RIGHT_FOOTER"]?
settings.nav.right_footer = process.env["SHARELATEX_RIGHT_FOOTER"]
try
settings.nav.right_footer = JSON.parse(process.env["SHARELATEX_RIGHT_FOOTER"])
catch e
console.error("could not parse SHARELATEX_RIGHT_FOOTER, not valid JSON")
if process.env["SHARELATEX_HEADER_IMAGE_URL"]?
settings.nav.custom_logo = process.env["SHARELATEX_HEADER_IMAGE_URL"]
if process.env["SHARELATEX_HEADER_NAV_LINKS"]?
console.error """
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# WARNING: SHARELATEX_HEADER_NAV_LINKS is no longer supported
# See https://github.com/sharelatex/sharelatex/wiki/Configuring-Headers,-Footers-&-Logo
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
"""
if process.env["SHARELATEX_HEADER_EXTRAS"]?
try
settings.nav.header_extras = JSON.parse(process.env["SHARELATEX_HEADER_EXTRAS"])
catch e
console.error("could not parse SHARELATEX_HEADER_EXTRAS, not valid JSON")
# Sending Email
# -------------
#
# You must configure a mail server to be able to send invite emails from
# ShareLaTeX. The config settings are passed to nodemailer. See the nodemailer
# documentation for available options:
#
# http://www.nodemailer.com/docs/transports
if process.env["SHARELATEX_EMAIL_FROM_ADDRESS"]?
settings.email =
fromAddress: process.env["SHARELATEX_EMAIL_FROM_ADDRESS"]
replyTo: process.env["SHARELATEX_EMAIL_REPLY_TO"] or ""
driver: process.env["SHARELATEX_EMAIL_DRIVER"]
parameters:
#AWS Creds
AWSAccessKeyID: process.env["SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID"]
AWSSecretKey: process.env["SHARELATEX_EMAIL_AWS_SES_SECRET_KEY"]
#SMTP Creds
host: process.env["SHARELATEX_EMAIL_SMTP_HOST"]
port: process.env["SHARELATEX_EMAIL_SMTP_PORT"],
secure: parse(process.env["SHARELATEX_EMAIL_SMTP_SECURE"])
ignoreTLS: parse(process.env["SHARELATEX_EMAIL_SMTP_IGNORE_TLS"])
textEncoding: process.env["SHARELATEX_EMAIL_TEXT_ENCODING"]
template:
customFooter: process.env["SHARELATEX_CUSTOM_EMAIL_FOOTER"]
if process.env["SHARELATEX_EMAIL_SMTP_USER"]? or process.env["SHARELATEX_EMAIL_SMTP_PASS"]?
settings.email.parameters.auth =
user: process.env["SHARELATEX_EMAIL_SMTP_USER"]
pass: process.env["SHARELATEX_EMAIL_SMTP_PASS"]
if process.env["SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH"]?
settings.email.parameters.tls =
rejectUnauthorized: parse(process.env["SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH"])
# i18n
if process.env["SHARELATEX_LANG_DOMAIN_MAPPING"]?
settings.i18n.subdomainLang = parse(process.env["SHARELATEX_LANG_DOMAIN_MAPPING"])
# Password Settings
# -----------
# These restrict the passwords users can use when registering
# opts are from http://antelle.github.io/passfield
if process.env["SHARELATEX_PASSWORD_VALIDATION_PATTERN"] or process.env["SHARELATEX_PASSWORD_VALIDATION_MIN_LENGTH"] or process.env["SHARELATEX_PASSWORD_VALIDATION_MAX_LENGTH"]
settings.passwordStrengthOptions =
pattern: process.env["SHARELATEX_PASSWORD_VALIDATION_PATTERN"] or "aA$3"
length: {min:process.env["SHARELATEX_PASSWORD_VALIDATION_MIN_LENGTH"] or 8, max: process.env["SHARELATEX_PASSWORD_VALIDATION_MAX_LENGTH"] or 150}
#######################
# ShareLaTeX Server Pro
#######################
if parse(process.env["SHARELATEX_IS_SERVER_PRO"]) == true
settings.bypassPercentageRollouts = true
settings.apis.references =
url: "http://localhost:3040"
# LDAP - SERVER PRO ONLY
# ----------
if process.env["SHARELATEX_LDAP_HOST"]
console.error """
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# WARNING: The LDAP configuration format has changed in version 0.5.1
# See https://github.com/sharelatex/sharelatex/wiki/Server-Pro:-LDAP-Config
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
"""
if process.env["SHARELATEX_LDAP_URL"]
settings.externalAuth = true
settings.ldap =
emailAtt: process.env["SHARELATEX_LDAP_EMAIL_ATT"]
nameAtt: process.env["SHARELATEX_LDAP_NAME_ATT"]
lastNameAtt: process.env["SHARELATEX_LDAP_LAST_NAME_ATT"]
updateUserDetailsOnLogin: process.env["SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN"] == 'true'
placeholder: process.env["SHARELATEX_LDAP_PLACEHOLDER"]
server:
url: process.env["SHARELATEX_LDAP_URL"]
bindDn: process.env["SHARELATEX_LDAP_BIND_DN"]
bindCredentials: process.env["SHARELATEX_LDAP_BIND_CREDENTIALS"]
bindProperty: process.env["SHARELATEX_LDAP_BIND_PROPERTY"]
searchBase: process.env["SHARELATEX_LDAP_SEARCH_BASE"]
searchScope: process.env["SHARELATEX_LDAP_SEARCH_SCOPE"]
searchFilter: process.env["SHARELATEX_LDAP_SEARCH_FILTER"]
searchAttributes: (
if _ldap_search_attribs = process.env["SHARELATEX_LDAP_SEARCH_ATTRIBUTES"]
try
JSON.parse(_ldap_search_attribs)
catch e
console.error "could not parse SHARELATEX_LDAP_SEARCH_ATTRIBUTES"
else
undefined
)
groupDnProperty: process.env["SHARELATEX_LDAP_GROUP_DN_PROPERTY"]
groupSearchBase: process.env["SHARELATEX_LDAP_GROUP_SEARCH_BASE"]
groupSearchScope: process.env["SHARELATEX_LDAP_GROUP_SEARCH_SCOPE"]
groupSearchFilter: process.env["SHARELATEX_LDAP_GROUP_SEARCH_FILTER"]
groupSearchAttributes: (
if _ldap_group_search_attribs = process.env["SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES"]
try
JSON.parse(_ldap_group_search_attribs)
catch e
console.error "could not parse SHARELATEX_LDAP_GROUP_SEARCH_ATTRIBUTES"
else
undefined
)
cache: process.env["SHARELATEX_LDAP_CACHE"] == 'true'
timeout: (
if _ldap_timeout = process.env["SHARELATEX_LDAP_TIMEOUT"]
try
parseIntOrFail(_ldap_timeout)
catch e
console.error "Cannot parse SHARELATEX_LDAP_TIMEOUT"
else
undefined
)
connectTimeout: (
if _ldap_connect_timeout = process.env["SHARELATEX_LDAP_CONNECT_TIMEOUT"]
try
parseIntOrFail(_ldap_connect_timeout)
catch e
console.error "Cannot parse SHARELATEX_LDAP_CONNECT_TIMEOUT"
else
undefined
)
if process.env["SHARELATEX_LDAP_TLS_OPTS_CA_PATH"]
try
ca = JSON.parse(process.env["SHARELATEX_LDAP_TLS_OPTS_CA_PATH"])
catch e
console.error "could not parse SHARELATEX_LDAP_TLS_OPTS_CA_PATH, invalid JSON"
if typeof(ca) == 'string'
ca_paths = [ca]
else if typeof(ca) == 'object' && ca?.length?
ca_paths = ca
else
console.error "problem parsing SHARELATEX_LDAP_TLS_OPTS_CA_PATH"
settings.ldap.server.tlsOptions =
rejectUnauthorized: process.env["SHARELATEX_LDAP_TLS_OPTS_REJECT_UNAUTH"] == "true"
ca:ca_paths # e.g.'/etc/ldap/ca_certs.pem'
if process.env["SHARELATEX_SAML_ENTRYPOINT"]
# NOTE: see https://github.com/bergie/passport-saml/blob/master/README.md for docs of `server` options
settings.externalAuth = true
settings.saml =
updateUserDetailsOnLogin: process.env["SHARELATEX_SAML_UPDATE_USER_DETAILS_ON_LOGIN"] == 'true'
identityServiceName: process.env["SHARELATEX_SAML_IDENTITY_SERVICE_NAME"]
emailField: process.env["SHARELATEX_SAML_EMAIL_FIELD"] || process.env["SHARELATEX_SAML_EMAIL_FIELD_NAME"]
firstNameField: process.env["SHARELATEX_SAML_FIRST_NAME_FIELD"]
lastNameField: process.env["SHARELATEX_SAML_LAST_NAME_FIELD"]
server:
# strings
entryPoint: process.env["SHARELATEX_SAML_ENTRYPOINT"]
callbackUrl: process.env["SHARELATEX_SAML_CALLBACK_URL"]
issuer: process.env["SHARELATEX_SAML_ISSUER"]
decryptionPvk: process.env["SHARELATEX_SAML_DECRYPTION_PVK"]
signatureAlgorithm: process.env["SHARELATEX_SAML_SIGNATURE_ALGORITHM"]
identifierFormat: process.env["SHARELATEX_SAML_IDENTIFIER_FORMAT"]
attributeConsumingServiceIndex: process.env["SHARELATEX_SAML_ATTRIBUTE_CONSUMING_SERVICE_INDEX"]
authnContext: process.env["SHARELATEX_SAML_AUTHN_CONTEXT"]
authnRequestBinding: process.env["SHARELATEX_SAML_AUTHN_REQUEST_BINDING"]
validateInResponseTo: process.env["SHARELATEX_SAML_VALIDATE_IN_RESPONSE_TO"]
cacheProvider: process.env["SHARELATEX_SAML_CACHE_PROVIDER"]
logoutUrl: process.env["SHARELATEX_SAML_LOGOUT_URL"]
logoutCallbackUrl: process.env["SHARELATEX_SAML_LOGOUT_CALLBACK_URL"]
disableRequestedAuthnContext: process.env["SHARELATEX_SAML_DISABLE_REQUESTED_AUTHN_CONTEXT"] == 'true'
forceAuthn: process.env["SHARELATEX_SAML_FORCE_AUTHN"] == 'true'
skipRequestCompression: process.env["SHARELATEX_SAML_SKIP_REQUEST_COMPRESSION"] == 'true'
acceptedClockSkewMs: (
if _saml_skew = process.env["SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS"]
try
parseIntOrFail(_saml_skew)
catch e
console.error "Cannot parse SHARELATEX_SAML_ACCEPTED_CLOCK_SKEW_MS"
else
undefined
)
requestIdExpirationPeriodMs: (
if _saml_exiration = process.env["SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS"]
try
parseIntOrFail(_saml_expiration)
catch e
console.error "Cannot parse SHARELATEX_SAML_REQUEST_ID_EXPIRATION_PERIOD_MS"
else
undefined
)
additionalParams: (
if _saml_additionalParams = process.env["SHARELATEX_SAML_ADDITIONAL_PARAMS"]
try
JSON.parse(_saml_additionalParams)
catch e
console.error "Cannot parse SHARELATEX_SAML_ADDITIONAL_PARAMS"
else
undefined
)
additionalAuthorizeParams: (
if _saml_additionalAuthorizeParams = process.env["SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS"]
try
JSON.parse(_saml_additionalAuthorizeParams )
catch e
console.error "Cannot parse SHARELATEX_SAML_ADDITIONAL_AUTHORIZE_PARAMS"
else
undefined
)
additionalLogoutParams: (
if _saml_additionalLogoutParams = process.env["SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS"]
try
JSON.parse(_saml_additionalLogoutParams )
catch e
console.error "Cannot parse SHARELATEX_SAML_ADDITIONAL_LOGOUT_PARAMS"
else
undefined
)
# SHARELATEX_SAML_CERT cannot be empty
# https://github.com/bergie/passport-saml/commit/f6b1c885c0717f1083c664345556b535f217c102
if process.env["SHARELATEX_SAML_CERT"]
settings.saml.server.cert = process.env["SHARELATEX_SAML_CERT"]
settings.saml.server.privateCert = process.env["SHARELATEX_SAML_PRIVATE_CERT"]
# Compiler
# --------
if process.env["SANDBOXED_COMPILES"] == "true"
settings.clsi =
dockerRunner: true
docker:
image: process.env["TEX_LIVE_DOCKER_IMAGE"]
env:
HOME: "/tmp"
PATH: process.env["COMPILER_PATH"] or "/usr/local/texlive/2015/bin/x86_64-linux:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
user: "www-data"
if !settings.path?
settings.path = {}
settings.path.synctexBaseDir = () -> "/compile"
if process.env['SANDBOXED_COMPILES_SIBLING_CONTAINERS'] == 'true'
console.log("Using sibling containers for sandboxed compiles")
if process.env['SANDBOXED_COMPILES_HOST_DIR']
settings.path.sandboxedCompilesHostDir = process.env['SANDBOXED_COMPILES_HOST_DIR']
else
console.error('Sibling containers, but SANDBOXED_COMPILES_HOST_DIR not set')
# Templates
# ---------
if process.env["SHARELATEX_TEMPLATES_USER_ID"]
settings.templates =
mountPointUrl: "/templates"
user_id: process.env["SHARELATEX_TEMPLATES_USER_ID"]
settings.templateLinks = parse(process.env["SHARELATEX_NEW_PROJECT_TEMPLATE_LINKS"])
# /Learn
# -------
if process.env["SHARELATEX_PROXY_LEARN"]?
settings.proxyLearn = parse(process.env["SHARELATEX_PROXY_LEARN"])
# /References
# -----------
if process.env["SHARELATEX_ELASTICSEARCH_URL"]?
settings.references.elasticsearch =
host: process.env["SHARELATEX_ELASTICSEARCH_URL"]
# TeX Live Images
# -----------
if process.env["ALL_TEX_LIVE_DOCKER_IMAGES"]?
allTexLiveDockerImages = process.env["ALL_TEX_LIVE_DOCKER_IMAGES"].split(',')
if process.env["ALL_TEX_LIVE_DOCKER_IMAGE_NAMES"]?
allTexLiveDockerImageNames = process.env["ALL_TEX_LIVE_DOCKER_IMAGE_NAMES"].split(',')
if allTexLiveDockerImages?
settings.allowedImageNames = []
for fullImageName, index in allTexLiveDockerImages
imageName = Path.basename(fullImageName)
imageDesc = if allTexLiveDockerImageNames? then allTexLiveDockerImageNames[index] else imageName
settings.allowedImageNames.push({ imageName, imageDesc })
# With lots of incoming and outgoing HTTP connections to different services,
# sometimes long running, it is a good idea to increase the default number
# of sockets that Node will hold open.
http = require('http')
http.globalAgent.maxSockets = 300
https = require('https')
https.globalAgent.maxSockets = 300
module.exports = settings

1
sharelatex Submodule

@ -0,0 +1 @@
Subproject commit 284a6e910c24ff06e2f3a4ef9a7f04b82347049a

158
sharelatex-compose.yml Normal file
View File

@ -0,0 +1,158 @@
version: '3'
services:
sharelatex:
restart: always
# Server Pro users:
# image: quay.io/sharelatex/sharelatex-pro
image: sharelatex/sharelatex:with-texlive-full
depends_on:
- mongo
- redis
volumes:
- ../sharelatex_data/sharelatex_data:/var/lib/sharelatex
########################################################################
#### Server Pro: Un-comment the following line to mount the docker ####
#### socket, required for Sibling Containers to work ####
########################################################################
# - /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik-public
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.sharelatex.rule=Host(`latex.trustai.uk`)"
- "traefik.http.routers.sharelatex.entrypoints=web"
- "traefik.http.services.sharelatex.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.sharelatexs.rule=Host(`latex.trustai.uk`)"
- "traefik.http.routers.sharelatexs.entrypoints=websecure"
- "traefik.http.routers.sharelatexs.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.sharelatex.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
environment:
SHARELATEX_APP_NAME: Overleaf Community Edition
SHARELATEX_MONGO_URL: mongodb://mongo/sharelatex
SHARELATEX_ADMIN_EMAIL: wuhanstudio@qq.com
# Same property, unfortunately with different names in
# different locations
SHARELATEX_REDIS_HOST: redis
REDIS_HOST: redis
ENABLED_LINKED_FILE_TYPES: 'url,project_file'
# Enables Thumbnail generation using ImageMagick
ENABLE_CONVERSIONS: 'true'
# Disables email confirmation requirement
EMAIL_CONFIRMATION_DISABLED: 'true'
# temporary fix for LuaLaTex compiles
# see https://github.com/overleaf/overleaf/issues/695
TEXMFVAR: /var/lib/sharelatex/tmp/texmf-var
## Set for SSL via nginx-proxy
#VIRTUAL_HOST: 103.112.212.22
SHARELATEX_SITE_URL: http://latex.trustai.uk
SHARELATEX_NAV_TITLE: TrustAI Lab ShareLaTeX Instance
# SHARELATEX_HEADER_IMAGE_URL: http://somewhere.com/mylogo.png
# SHARELATEX_ADMIN_EMAIL: support@it.com
# SHARELATEX_LEFT_FOOTER: '[{"text": "Powered by <a href=\"https://www.sharelatex.com\">ShareLaTeX</a> 2016"},{"text": "Another page I want to link to can be found <a href=\"here\">here</a>"} ]'
# SHARELATEX_RIGHT_FOOTER: '[{"text": "Hello I am on the Right"} ]'
# SHARELATEX_EMAIL_FROM_ADDRESS: "team@sharelatex.com"
# SHARELATEX_EMAIL_AWS_SES_ACCESS_KEY_ID:
# SHARELATEX_EMAIL_AWS_SES_SECRET_KEY:
# SHARELATEX_EMAIL_SMTP_HOST: smtp.mydomain.com
# SHARELATEX_EMAIL_SMTP_PORT: 587
# SHARELATEX_EMAIL_SMTP_SECURE: false
# SHARELATEX_EMAIL_SMTP_USER:
# SHARELATEX_EMAIL_SMTP_PASS:
# SHARELATEX_EMAIL_SMTP_TLS_REJECT_UNAUTH: true
# SHARELATEX_EMAIL_SMTP_IGNORE_TLS: false
# SHARELATEX_CUSTOM_EMAIL_FOOTER: "This system is run by department x"
################
## Server Pro ##
################
# SANDBOXED_COMPILES: 'true'
# SANDBOXED_COMPILES_SIBLING_CONTAINERS: 'true'
# SANDBOXED_COMPILES_HOST_DIR: '/var/sharelatex_data/data/compiles'
# SYNCTEX_BIN_HOST_PATH: '/var/sharelatex_data/bin/synctex'
# DOCKER_RUNNER: 'false'
## Works with test LDAP server shown at bottom of docker compose
# SHARELATEX_LDAP_URL: 'ldap://ldap:389'
# SHARELATEX_LDAP_SEARCH_BASE: 'ou=people,dc=planetexpress,dc=com'
# SHARELATEX_LDAP_SEARCH_FILTER: '(uid={{username}})'
# SHARELATEX_LDAP_BIND_DN: 'cn=admin,dc=planetexpress,dc=com'
# SHARELATEX_LDAP_BIND_CREDENTIALS: 'GoodNewsEveryone'
# SHARELATEX_LDAP_EMAIL_ATT: 'mail'
# SHARELATEX_LDAP_NAME_ATT: 'cn'
# SHARELATEX_LDAP_LAST_NAME_ATT: 'sn'
# SHARELATEX_LDAP_UPDATE_USER_DETAILS_ON_LOGIN: 'true'
# SHARELATEX_TEMPLATES_USER_ID: "578773160210479700917ee5"
# SHARELATEX_NEW_PROJECT_TEMPLATE_LINKS: '[ {"name":"All Templates","url":"/templates/all"}]'
# SHARELATEX_PROXY_LEARN: "true"
mongo:
restart: always
image: mongo:4.0
# expose:
# - 27017
volumes:
- ../sharelatex_data/mongo_data:/data/db
healthcheck:
test: echo 'db.stats().ok' | mongo localhost:27017/test --quiet
interval: 10s
timeout: 10s
retries: 5
networks:
- traefik-public
redis:
restart: always
image: redis:5
# expose:
# - 6379
volumes:
- ../sharelatex_data/redis_data:/data
networks:
- traefik-public
# ldap:
# restart: always
# image: rroemhild/test-openldap
# container_name: ldap
# expose:
# - 389
# See https://github.com/jwilder/nginx-proxy for documentation on how to configure the nginx-proxy container,
# and https://github.com/overleaf/overleaf/wiki/HTTPS-reverse-proxy-using-Nginx for an example of some recommended
# settings. We recommend using a properly managed nginx instance outside of the Overleaf Server Pro setup,
# but the example here can be used if you'd prefer to run everything with docker-compose
# nginx-proxy:
# image: jwilder/nginx-proxy
# container_name: nginx-proxy
# ports:
# #- "80:80"
# - "443:443"
# volumes:
# - /var/run/docker.sock:/tmp/docker.sock:ro
# - /home/sharelatex/tmp:/etc/nginx/certs
networks:
traefik-public:
external: true

26
studio-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: "3.3"
services:
nginx:
image: nginx:stable-alpine
volumes:
- ./nginx-studio.conf:/etc/nginx/nginx.conf
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.studio.rule=Host(`studio.trustai.uk`)"
- "traefik.http.routers.studio.entrypoints=web"
- "traefik.http.services.studio.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.studios.rule=Host(`studio.trustai.uk`)"
- "traefik.http.routers.studios.entrypoints=websecure"
- "traefik.http.routers.studios.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.studio.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
- traefik-public
networks:
traefik-public:
external: true

105
traefik-compose.yml Normal file
View File

@ -0,0 +1,105 @@
version: '3.3'
services:
authelia:
image: authelia/authelia:4
volumes:
- ./authelia:/config
networks:
- traefik-public
deploy:
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.authelia.rule=Host(`auth.trustai.uk`)'
- 'traefik.http.routers.authelia.entrypoints=web'
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
# TLS
- "traefik.http.routers.authelias.rule=Host(`auth.trustai.uk`)"
- "traefik.http.routers.authelias.entrypoints=websecure"
- "traefik.http.routers.authelias.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.authelia.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
# Authelia
- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.trustai.uk'
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
- "traefik.http.routers.authelia.service=authelia"
redis:
image: redis:6-alpine
# volumes:
# - ./redis:/data
networks:
- traefik-public
traefik:
# The official v2.0 Traefik docker image
image: traefik:v2.2
# Enables the web UI and tells Traefik to listen to docker
command:
- "--api"
- "--providers.docker=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myhttpchallenge.acme.email=wuhanstudio@qq.com"
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
volumes:
# So that Traefik can listen to the Docker events
- ./letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock
deploy:
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.api.rule=Host(`traefik.trustai.uk`)'
- 'traefik.http.routers.api.entrypoints=web'
- 'traefik.http.routers.api.service=api@internal'
- 'traefik.http.services.traefik.loadbalancer.server.port=80'
# TLS
- "traefik.http.routers.apis.rule=Host(`traefik.trustai.uk`)"
- "traefik.http.routers.apis.entrypoints=websecure"
- "traefik.http.routers.apis.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.api.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
# Authelia
- 'traefik.http.routers.apis.service=api@internal'
#- 'traefik.http.routers.apis.middlewares=authelia@docker'
placement:
constraints:
- node.role == manager
networks:
- traefik-public
nginx:
image: nginx:alpine
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf #:ro
- ./trustai-mainpage:/usr/share/nginx/html:ro
networks:
- traefik-public
deploy:
labels:
- "traefik.enable=true"
# nginx
- "traefik.http.routers.nginx.rule=Host(`home.trustai.uk`)"
- "traefik.http.routers.nginx.entrypoints=web"
- "traefik.http.services.nginx.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.nginxs.rule=Host(`home.trustai.uk`)"
- "traefik.http.routers.nginxs.entrypoints=websecure"
- "traefik.http.routers.nginxs.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.nginx.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
traefik-public:
external: true

1
trustai-mainpage Submodule

@ -0,0 +1 @@
Subproject commit d909a8e948c18d42dbc8797c2fa07ad3de42a7bd

22
tsp-compose.yml Normal file
View File

@ -0,0 +1,22 @@
version: '3'
services:
tsp:
image: com2014-server
networks:
- traefik-public
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.tsp.rule=Host(`tsp.trustai.uk`)"
- "traefik.http.routers.tsp.entrypoints=web"
- "traefik.http.services.tsp.loadbalancer.server.port=8080"
# TLS
- "traefik.http.routers.tsps.rule=Host(`tsp.trustai.uk`)"
- "traefik.http.routers.tsps.entrypoints=websecure"
- "traefik.http.routers.tsps.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.tsp.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
traefik-public:
external: true

26
tutor-compose.yml Normal file
View File

@ -0,0 +1,26 @@
version: "3.3"
services:
nginx:
image: nginx:stable-alpine
volumes:
- ./nginx-tutor.conf:/etc/nginx/nginx.conf
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.tutor.rule=Host(`tutor.trustai.uk`)"
- "traefik.http.routers.tutor.entrypoints=web"
- "traefik.http.services.tutor.loadbalancer.server.port=80"
# TLS
- "traefik.http.routers.tutors.rule=Host(`tutor.trustai.uk`)"
- "traefik.http.routers.tutors.entrypoints=websecure"
- "traefik.http.routers.tutors.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.tutor.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
- traefik-public
networks:
traefik-public:
external: true

24
webssh-compose.yml Normal file
View File

@ -0,0 +1,24 @@
version: "3.3"
services:
nginx:
image: webssh
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.webssh.rule=Host(`webssh.trustai.uk`)"
- "traefik.http.routers.webssh.entrypoints=web"
- "traefik.http.services.webssh.loadbalancer.server.port=8888"
# TLS
- "traefik.http.routers.websshs.rule=Host(`webssh.trustai.uk`)"
- "traefik.http.routers.websshs.entrypoints=websecure"
- "traefik.http.routers.websshs.tls.certresolver=myhttpchallenge"
# Redirect
- "traefik.http.routers.webssh.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
- traefik-public
networks:
traefik-public:
external: true