├── .env.example ├── .env.test ├── .gitignore ├── LICENSE ├── README.md ├── config └── attachment.conf ├── deprecated └── Dockerfile ├── docker-compose.attachment.yml ├── docker-compose.minio-init.yml ├── docker-compose.minio.yml ├── docker-compose.outline.yml ├── docker-compose.postgres.yml ├── docker-compose.redis.yml └── docker-compose.sso.yml /.env.example: -------------------------------------------------------------------------------- 1 | # == MinIO 2 | # optional: Set a publicly accessible domain name to manage the content stored in Outline 3 | DOCKER_MINIO_IMAGE_NAME=minio/minio:RELEASE.2021-09-03T03-56-13Z 4 | DOCKER_MINIO_HOSTNAME=file.lab.com 5 | DOCKER_MINIO_ADMIN_DOMAIN=file-admin.lab.com 6 | MINIO_BROWSER=on 7 | MINIO_BROWSER_REDIRECT_URL=https://${DOCKER_MINIO_ADMIN_DOMAIN} 8 | # Select `Lowercase a-z and numbers` and 16-bit string length https://onlinerandomtools.com/generate-random-string 9 | MINIO_ROOT_USER=6m2lx2ffmbr9ikod 10 | # Select `Lowercase a-z and numbers` and 64-bit string length https://onlinerandomtools.com/generate-random-string 11 | MINIO_ROOT_PASSWORD=2k78fpraq7rs5xlrti5p6cvb767a691h3jqi47ihbu75cx23twkzpok86sf1aw1e 12 | MINIO_REGION_NAME=cn-homelab-1 13 | 14 | # == MinIO Client 15 | DOCKER_MINIO_CLIENT_IMAGE_NAME=minio/mc:RELEASE.2021-09-02T09-21-27Z 16 | 17 | 18 | # == SSO Server 19 | # more options, @see docs https://github.com/soulteary/docker-sso-server 20 | DOCKER_SSO_IMAGE_NAME=soulteary/sso-server:1.1.6 21 | DOCKER_SSO_HOSTNAME=sso-server 22 | SSO_SERVER_NAME=SELF-HOSTED SSO 23 | SSO_CLIENT_NAME=My SSO Service 24 | # You can use online tools to regenerate: https://www.uuidgenerator.net/ 25 | SSO_CLIENT_ID=b8c40013-cc03-4bc5-b3a5-6a31046fa415 26 | SSO_CLIENT_SECRET=26272010-37d9-4bea-a58e-6b0a382d7626 27 | SSO_USER_PASS=password 28 | SSO_CLIENT_ISTRUSTED=false 29 | SSO_SERVER_DOMAIN=sso.lab.com 30 | 31 | 32 | 33 | # == Postgres DB 34 | DOCKER_POSTGRES_IMAGE_NAME=postgres:13.3 35 | DOCKER_POSTGRES_HOST=outline-postgres 36 | DOCKER_POSTGRES_DBNAME=outline 37 | DOCKER_POSTGRES_USER=outline 38 | DOCKER_POSTGRES_PASS=qTj5kwUEetmN 39 | 40 | 41 | 42 | # == Redis Cache 43 | DOCKER_REDIS_IMAGE_NAME=redis:6.2.4 44 | DOCKER_REDIS_HOSTNAME=outline-redis 45 | 46 | 47 | 48 | # == Attachment 49 | DOCKER_ATTACHMENT_IMAGE_NAME=andreimarcu/linx-server:version-2.3.8 50 | DOCKER_ATTACHMENT_HOSTNAME=attachment.lab.com 51 | # Execute in the CLI `htpasswd -nb user pass` 52 | DOCKER_ATTACHMENT_BASIC_AUTH=user:$apr1$8wC8avYf$Nhn0oTAvNjdw8FPROokGN. 53 | 54 | 55 | 56 | # == Outline 57 | # Notice: Wait for the official release of this version of the mirror, please replace the docker image name 58 | DOCKER_OUTLINE_IMAGE_NAME=outlinewiki/outline:0.60.3 59 | DOCKER_OUTLINE_HOSTNAME=docs.lab.com 60 | OUTLINE_URL=https://${DOCKER_OUTLINE_HOSTNAME} 61 | # outline tricks: use part of the mailbox in the account 62 | OIDC_ALLOWED_DOMAINS=company.ltd 63 | OIDC_DISPLAY_NAME=MySSO 64 | OIDC_CLIENT_ID=${SSO_CLIENT_ID} 65 | OIDC_CLIENT_SECRET=${SSO_CLIENT_SECRET} 66 | OIDC_AUTH_URI=https://${SSO_SERVER_DOMAIN}/dialog/authorize 67 | OIDC_TOKEN_URI=http://${DOCKER_SSO_HOSTNAME}/oauth/token 68 | OIDC_USERINFO_URI=http://${DOCKER_SSO_HOSTNAME}/api/outline/oidc 69 | # Outline S3 Settings 70 | AWS_ACCESS_KEY_ID=${MINIO_ROOT_USER} 71 | AWS_SECRET_ACCESS_KEY=${MINIO_ROOT_PASSWORD} 72 | AWS_REGION=${MINIO_REGION_NAME} 73 | AWS_S3_UPLOAD_BUCKET_URL=https://${DOCKER_MINIO_HOSTNAME} 74 | AWS_S3_UPLOAD_BUCKET_NAME=outline 75 | AWS_S3_UPLOAD_MAX_SIZE=26214400 76 | AWS_S3_FORCE_PATH_STYLE=true 77 | AWS_S3_ACL=private 78 | DATABASE_URL=postgres://${DOCKER_POSTGRES_USER}:${DOCKER_POSTGRES_PASS}@${DOCKER_POSTGRES_HOST}:5432/${DOCKER_POSTGRES_DBNAME} 79 | PGSSLMODE=disable 80 | REDIS_URL=redis://${DOCKER_REDIS_HOSTNAME}:6379 81 | # `openssl rand -hex 32` 82 | OUTLINE_SECRET_KEY=64074328631d7ce618f554694ff7e83e820b9f7e14b13e4317893fed18e0b3c3 83 | OUTLINE_UTILS_SECRET=04d7572e983ee6adfd77f8c77b61be8236a9e459fc9c1b7032ec278345638bcc 84 | -------------------------------------------------------------------------------- /.env.test: -------------------------------------------------------------------------------- 1 | # == MinIO 2 | # optional: Set a publicly accessible domain name to manage the content stored in Outline 3 | DOCKER_MINIO_IMAGE_NAME=minio/minio:RELEASE.2021-09-03T03-56-13Z 4 | DOCKER_MINIO_HOSTNAME=file.lab.com 5 | DOCKER_MINIO_ADMIN_DOMAIN=file-admin.lab.com 6 | MINIO_BROWSER=on 7 | MINIO_BROWSER_REDIRECT_URL=https://${DOCKER_MINIO_ADMIN_DOMAIN} 8 | # Select `Lowercase a-z and numbers` and 16-bit string length https://onlinerandomtools.com/generate-random-string 9 | MINIO_ROOT_USER=6m2lx2ffmbr9ikod 10 | # Select `Lowercase a-z and numbers` and 64-bit string length https://onlinerandomtools.com/generate-random-string 11 | MINIO_ROOT_PASSWORD=2k78fpraq7rs5xlrti5p6cvb767a691h3jqi47ihbu75cx23twkzpok86sf1aw1e 12 | MINIO_REGION_NAME=cn-homelab-1 13 | 14 | # == MinIO Client 15 | DOCKER_MINIO_CLIENT_IMAGE_NAME=minio/mc:RELEASE.2021-09-02T09-21-27Z 16 | 17 | 18 | # == SSO Server 19 | # more options, @see docs https://github.com/soulteary/docker-sso-server 20 | DOCKER_SSO_IMAGE_NAME=soulteary/sso-server:1.1.6 21 | DOCKER_SSO_HOSTNAME=sso-server 22 | SSO_SERVER_NAME=SELF-HOSTED SSO 23 | SSO_CLIENT_NAME=My SSO Service 24 | # You can use online tools to regenerate: https://www.uuidgenerator.net/ 25 | SSO_CLIENT_ID=b8c40013-cc03-4bc5-b3a5-6a31046fa415 26 | SSO_CLIENT_SECRET=26272010-37d9-4bea-a58e-6b0a382d7626 27 | SSO_USER_PASS=password 28 | SSO_CLIENT_ISTRUSTED=false 29 | SSO_SERVER_DOMAIN=sso.lab.com 30 | 31 | 32 | 33 | # == Postgres DB 34 | DOCKER_POSTGRES_IMAGE_NAME=postgres:13.3 35 | DOCKER_POSTGRES_HOST=outline-postgres 36 | DOCKER_POSTGRES_DBNAME=outline 37 | DOCKER_POSTGRES_USER=outline 38 | DOCKER_POSTGRES_PASS=qTj5kwUEetmN 39 | 40 | 41 | 42 | # == Redis Cache 43 | DOCKER_REDIS_IMAGE_NAME=redis:6.2.4 44 | DOCKER_REDIS_HOSTNAME=outline-redis 45 | 46 | 47 | 48 | # == Attachment 49 | DOCKER_ATTACHMENT_IMAGE_NAME=andreimarcu/linx-server:version-2.3.8 50 | DOCKER_ATTACHMENT_HOSTNAME=attachment.lab.com 51 | # Execute in the CLI `htpasswd -nb user pass` 52 | DOCKER_ATTACHMENT_BASIC_AUTH=user:$apr1$8wC8avYf$Nhn0oTAvNjdw8FPROokGN. 53 | 54 | 55 | 56 | # == Outline 57 | # Notice: Wait for the official release of this version of the mirror, please replace the docker image name 58 | DOCKER_OUTLINE_IMAGE_NAME=outlinewiki/outline:0.59.0 59 | DOCKER_OUTLINE_HOSTNAME=docs.lab.com 60 | OUTLINE_URL=https://${DOCKER_OUTLINE_HOSTNAME} 61 | OIDC_DISPLAY_NAME=MySSO 62 | # OIDC_CLIENT_ID=${SSO_CLIENT_ID} 63 | # OIDC_CLIENT_SECRET=${SSO_CLIENT_SECRET} 64 | # OIDC_AUTH_URI=https://${SSO_SERVER_DOMAIN}/dialog/authorize 65 | # OIDC_TOKEN_URI=http://${DOCKER_SSO_HOSTNAME}/oauth/token 66 | # OIDC_USERINFO_URI=http://${DOCKER_SSO_HOSTNAME}/api/outline/oidc 67 | # OIDC_ALLOWED_DOMAINS=${SSO_SERVER_DOMAIN} 68 | OIDC_CLIENT_ID=this-is-id 69 | OIDC_CLIENT_SECRET=this-is-secret 70 | OIDC_AUTH_URI=http://10.11.12.197:3000/dialog/authorize 71 | OIDC_TOKEN_URI=http://10.11.12.197:3000/oauth/token 72 | OIDC_USERINFO_URI=http://10.11.12.197:3000/api/outline/oidc 73 | # outline tricks: use part of the mailbox in the account 74 | OIDC_ALLOWED_DOMAINS=company.ltd 75 | # Outline S3 Settings 76 | AWS_ACCESS_KEY_ID=${MINIO_ROOT_USER} 77 | AWS_SECRET_ACCESS_KEY=${MINIO_ROOT_PASSWORD} 78 | AWS_REGION=${MINIO_REGION_NAME} 79 | AWS_S3_UPLOAD_BUCKET_URL=https://${DOCKER_MINIO_HOSTNAME} 80 | AWS_S3_UPLOAD_BUCKET_NAME=outline 81 | AWS_S3_UPLOAD_MAX_SIZE=26214400 82 | AWS_S3_FORCE_PATH_STYLE=true 83 | AWS_S3_ACL=private 84 | DATABASE_URL=postgres://${DOCKER_POSTGRES_USER}:${DOCKER_POSTGRES_PASS}@${DOCKER_POSTGRES_HOST}:5432/${DOCKER_POSTGRES_DBNAME} 85 | PGSSLMODE=disable 86 | REDIS_URL=redis://${DOCKER_REDIS_HOSTNAME}:6379 87 | # `openssl rand -hex 32` 88 | OUTLINE_SECRET_KEY=64074328631d7ce618f554694ff7e83e820b9f7e14b13e4317893fed18e0b3c3 89 | OUTLINE_UTILS_SECRET=04d7572e983ee6adfd77f8c77b61be8236a9e459fc9c1b7032ec278345638bcc -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | data -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Creative Commons Legal Code 2 | 3 | CC0 1.0 Universal 4 | 5 | CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE 6 | LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN 7 | ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS 8 | INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES 9 | REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS 10 | PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM 11 | THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED 12 | HEREUNDER. 13 | 14 | Statement of Purpose 15 | 16 | The laws of most jurisdictions throughout the world automatically confer 17 | exclusive Copyright and Related Rights (defined below) upon the creator 18 | and subsequent owner(s) (each and all, an "owner") of an original work of 19 | authorship and/or a database (each, a "Work"). 20 | 21 | Certain owners wish to permanently relinquish those rights to a Work for 22 | the purpose of contributing to a commons of creative, cultural and 23 | scientific works ("Commons") that the public can reliably and without fear 24 | of later claims of infringement build upon, modify, incorporate in other 25 | works, reuse and redistribute as freely as possible in any form whatsoever 26 | and for any purposes, including without limitation commercial purposes. 27 | These owners may contribute to the Commons to promote the ideal of a free 28 | culture and the further production of creative, cultural and scientific 29 | works, or to gain reputation or greater distribution for their Work in 30 | part through the use and efforts of others. 31 | 32 | For these and/or other purposes and motivations, and without any 33 | expectation of additional consideration or compensation, the person 34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she 35 | is an owner of Copyright and Related Rights in the Work, voluntarily 36 | elects to apply CC0 to the Work and publicly distribute the Work under its 37 | terms, with knowledge of his or her Copyright and Related Rights in the 38 | Work and the meaning and intended legal effect of CC0 on those rights. 39 | 40 | 1. Copyright and Related Rights. A Work made available under CC0 may be 41 | protected by copyright and related or neighboring rights ("Copyright and 42 | Related Rights"). Copyright and Related Rights include, but are not 43 | limited to, the following: 44 | 45 | i. the right to reproduce, adapt, distribute, perform, display, 46 | communicate, and translate a Work; 47 | ii. moral rights retained by the original author(s) and/or performer(s); 48 | iii. publicity and privacy rights pertaining to a person's image or 49 | likeness depicted in a Work; 50 | iv. rights protecting against unfair competition in regards to a Work, 51 | subject to the limitations in paragraph 4(a), below; 52 | v. rights protecting the extraction, dissemination, use and reuse of data 53 | in a Work; 54 | vi. database rights (such as those arising under Directive 96/9/EC of the 55 | European Parliament and of the Council of 11 March 1996 on the legal 56 | protection of databases, and under any national implementation 57 | thereof, including any amended or successor version of such 58 | directive); and 59 | vii. other similar, equivalent or corresponding rights throughout the 60 | world based on applicable law or treaty, and any national 61 | implementations thereof. 62 | 63 | 2. Waiver. To the greatest extent permitted by, but not in contravention 64 | of, applicable law, Affirmer hereby overtly, fully, permanently, 65 | irrevocably and unconditionally waives, abandons, and surrenders all of 66 | Affirmer's Copyright and Related Rights and associated claims and causes 67 | of action, whether now known or unknown (including existing as well as 68 | future claims and causes of action), in the Work (i) in all territories 69 | worldwide, (ii) for the maximum duration provided by applicable law or 70 | treaty (including future time extensions), (iii) in any current or future 71 | medium and for any number of copies, and (iv) for any purpose whatsoever, 72 | including without limitation commercial, advertising or promotional 73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each 74 | member of the public at large and to the detriment of Affirmer's heirs and 75 | successors, fully intending that such Waiver shall not be subject to 76 | revocation, rescission, cancellation, termination, or any other legal or 77 | equitable action to disrupt the quiet enjoyment of the Work by the public 78 | as contemplated by Affirmer's express Statement of Purpose. 79 | 80 | 3. Public License Fallback. Should any part of the Waiver for any reason 81 | be judged legally invalid or ineffective under applicable law, then the 82 | Waiver shall be preserved to the maximum extent permitted taking into 83 | account Affirmer's express Statement of Purpose. In addition, to the 84 | extent the Waiver is so judged Affirmer hereby grants to each affected 85 | person a royalty-free, non transferable, non sublicensable, non exclusive, 86 | irrevocable and unconditional license to exercise Affirmer's Copyright and 87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the 88 | maximum duration provided by applicable law or treaty (including future 89 | time extensions), (iii) in any current or future medium and for any number 90 | of copies, and (iv) for any purpose whatsoever, including without 91 | limitation commercial, advertising or promotional purposes (the 92 | "License"). The License shall be deemed effective as of the date CC0 was 93 | applied by Affirmer to the Work. Should any part of the License for any 94 | reason be judged legally invalid or ineffective under applicable law, such 95 | partial invalidity or ineffectiveness shall not invalidate the remainder 96 | of the License, and in such case Affirmer hereby affirms that he or she 97 | will not (i) exercise any of his or her remaining Copyright and Related 98 | Rights in the Work or (ii) assert any associated claims and causes of 99 | action with respect to the Work, in either case contrary to Affirmer's 100 | express Statement of Purpose. 101 | 102 | 4. Limitations and Disclaimers. 103 | 104 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 105 | surrendered, licensed or otherwise affected by this document. 106 | b. Affirmer offers the Work as-is and makes no representations or 107 | warranties of any kind concerning the Work, express, implied, 108 | statutory or otherwise, including without limitation warranties of 109 | title, merchantability, fitness for a particular purpose, non 110 | infringement, or the absence of latent or other defects, accuracy, or 111 | the present or absence of errors, whether or not discoverable, all to 112 | the greatest extent permissible under applicable law. 113 | c. Affirmer disclaims responsibility for clearing rights of other persons 114 | that may apply to the Work or any use thereof, including without 115 | limitation any person's Copyright and Related Rights in the Work. 116 | Further, Affirmer disclaims responsibility for obtaining any necessary 117 | consents, permissions or other rights required for any use of the 118 | Work. 119 | d. Affirmer understands and acknowledges that Creative Commons is not a 120 | party to this document and has no duty or obligation with respect to 121 | this CC0 or use of the Work. 122 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # README 2 | 3 | This project is mainly used to demonstrate how to use privatized deployment (Self-Hosted). 4 | 5 | You can replace .env with a new version number to complete an unsense upgrade of the application. 6 | 7 | **中文用户可以阅读下面的配置教程** 8 | 9 | - https://soulteary.com/2021/09/05/opensource-documentation-wiki-software-outline-part-1.html 10 | - https://soulteary.com/2021/09/11/opensource-documentation-wiki-software-outline-part-2.html 11 | 12 | 13 | ## Project Dependency 14 | 15 | - Traefik: `traefik:v2.5` 16 | - Used as a service gateway for various applications, providing service discovery, domain name binding and other functions. 17 | - Outline Server: `outlinewiki/outline:0.60.3` 18 | - Outline application. 19 | - S3 Server: `minio/minio:RELEASE.2021-09-03T03-56-13Z` 20 | - Provide object storage capabilities. 21 | - S3 Client: `minio/mc:RELEASE.2021-09-02T09-21-27Z` 22 | - Initialize the `bucket` required by the application 23 | - SSO Server: `soulteary/sso-server:1.1.5` 24 | - Make it possible for the outline to log in locally. 25 | - Database: `postgres:13.3` 26 | - Store all document related data. 27 | - Redis: `redis:6.2.4` 28 | - Cache service to make your application run faster. 29 | - Attachment: `andreimarcu/linx-server:version-2.3.8` 30 | - Outline currently does not support attachments, this small tool can be used as a supplement. 31 | 32 | ### Usage 33 | 34 | 0. Make a copy of the default configuration `.env.example` and save the file name as `.env`. Modify the content in according to your needs, such as domain name, various "user names" and "passwords". 35 | 36 | ```bash 37 | cp .env.example .env 38 | ``` 39 | 40 | 1. According to your actual situation, create a virtual network card to provide in-container and external services. 41 | 42 | ```bash 43 | docker network create traefik 44 | docker network create outline 45 | ``` 46 | 47 | 2. Use docker-compose to start the service. Wait for the status of all services to become `healthy`. 48 | 49 | ```bash 50 | docker-compose -f docker-compose.postgres.yml -f docker-compose.redis.yml -f docker-compose.minio.yml -f docker-compose.attachment.yml -f docker-compose.sso.yml -f docker-compose.outline.yml up -d 51 | Creating outline_minio ... done 52 | Creating outline-postgres ... done 53 | Creating outline-redis ... done 54 | Creating linx-server ... done 55 | Creating outline ... done 56 | Creating sso-server ... done 57 | ``` 58 | 59 | 3. Use docker-compose to check if the service is ready. 60 | 61 | 62 | ```bash 63 | docker-compose -f docker-compose.postgres.yml -f docker-compose.redis.yml -f docker-compose.minio.yml -f docker-compose.attachment.yml -f docker-compose.sso.yml -f docker-compose.outline.yml ps 64 | Name Command State Ports 65 | --------------------------------------------------------------------------- 66 | linx-server /usr/local/bin/linx-server ... Up (healthy) 8080/tcp 67 | outline docker-entrypoint.sh sh -c ... Up (healthy) 3000/tcp 68 | outline-postgres docker-entrypoint.sh postgres Up (healthy) 5432/tcp 69 | outline-redis docker-entrypoint.sh redis ... Up (healthy) 6379/tcp 70 | outline_minio /usr/bin/docker-entrypoint ... Up (healthy) 9000/tcp 71 | sso-server docker-entrypoint.sh ./main Up (healthy) 80/tcp 72 | ``` 73 | 74 | 4. Create the bucket storage space required for the application 75 | 76 | It only needs to be executed when the application is first initialized. 77 | 78 | ```bash 79 | docker-compose -f docker-compose.minio-init.yml up 80 | Recreating outline_minio_client ... done 81 | Attaching to docker-outline_minio-client_1 82 | minio-client_1 | Removed `local` successfully. 83 | minio-client_1 | Added `local` successfully. 84 | minio-client_1 | Bucket created successfully `local/outline/`. 85 | minio-client_1 | Access permission for `local/outline` is set to `public` 86 | docker-outline_minio-client_1 exited with code 0 87 | ``` 88 | 89 | 5. Open the browser and enjoy. 90 | 91 | -------------------------------------------------------------------------------- /config/attachment.conf: -------------------------------------------------------------------------------- 1 | bind = 0.0.0.0:8080 2 | sitename = attachment 3 | # 4GB 4 | maxsize = 4294967296 5 | # no expiry 6 | maxexpiry = 0 7 | allowhotlink = true 8 | selifpath = raw -------------------------------------------------------------------------------- /deprecated/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.2 2 | 3 | # This file is modified from the outline official repository 4 | # https://github.com/outline/outline/blob/main/Dockerfile 5 | # Used to build services that support Generic OAuth Authorization https://github.com/outline/outline/commit/47953b3354da144439aced94270ca6a88ea56399 6 | # And will be deprecated after the official launch of the new version 7 | 8 | FROM node:14-alpine AS builder 9 | RUN apk add git 10 | WORKDIR /opt 11 | 12 | ENV OUTLINE_SOURCE=https://github.com/outline/outline.git 13 | ENV OUTLINE_HASH=47953b3354da144439aced94270ca6a88ea56399 14 | RUN git clone ${OUTLINE_SOURCE} --depth=10 15 | WORKDIR /opt/outline 16 | RUN git checkout ${OUTLINE_HASH} 17 | RUN yarn install 18 | RUN yarn build 19 | 20 | 21 | 22 | FROM node:14-alpine AS runner 23 | WORKDIR /opt/outline 24 | ENV NODE_ENV production 25 | 26 | COPY --from=builder /opt/outline/build ./build 27 | COPY --from=builder /opt/outline/server ./server 28 | COPY --from=builder /opt/outline/public ./public 29 | COPY --from=builder /opt/outline/.sequelizerc ./.sequelizerc 30 | COPY --from=builder /opt/outline/node_modules ./node_modules 31 | COPY --from=builder /opt/outline/package.json ./package.json 32 | 33 | RUN addgroup -g 1001 -S nodejs && \ 34 | adduser -S nodejs -u 1001 && \ 35 | chown -R nodejs:nodejs /opt/outline/build 36 | 37 | USER nodejs 38 | 39 | EXPOSE 3000 40 | CMD ["yarn", "start"] -------------------------------------------------------------------------------- /docker-compose.attachment.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | 4 | linx-server: 5 | image: ${DOCKER_ATTACHMENT_IMAGE_NAME} 6 | container_name: linx-server 7 | restart: always 8 | command: -config /data/linx-server.conf 9 | volumes: 10 | - ./data/linx/files:/data/files 11 | - ./data/linx/meta:/data/meta 12 | - ./config/attachment.conf:/data/linx-server.conf 13 | networks: 14 | - traefik 15 | labels: 16 | - "traefik.enable=true" 17 | - "traefik.docker.network=traefik" 18 | 19 | - "traefik.http.middlewares.upload-gzip.compress=true" 20 | - "traefik.http.middlewares.upload-redir-https.redirectScheme.scheme=https" 21 | 22 | - "traefik.http.middlewares.upload-auth.basicauth.users=${DOCKER_ATTACHMENT_BASIC_AUTH}" 23 | - "traefik.http.middlewares.upload-auth.basicauth.removeheader=true" 24 | 25 | - "traefik.http.routers.upload-admin.middlewares=upload-auth" 26 | - "traefik.http.routers.upload-admin.entrypoints=https" 27 | - "traefik.http.routers.upload-admin.tls=true" 28 | - "traefik.http.routers.upload-admin.rule=Host(`${DOCKER_ATTACHMENT_HOSTNAME}`)" 29 | 30 | - "traefik.http.routers.upload-http.entrypoints=http" 31 | - "traefik.http.routers.upload-http.rule=Host(`${DOCKER_ATTACHMENT_HOSTNAME}`) && PathPrefix(`/raw/`)" 32 | - "traefik.http.routers.upload-http.middlewares=upload-redir-https" 33 | 34 | - "traefik.http.routers.upload-https.middlewares=upload-gzip" 35 | - "traefik.http.routers.upload-https.entrypoints=https" 36 | - "traefik.http.routers.upload-https.tls=true" 37 | - "traefik.http.routers.upload-https.rule=Host(`${DOCKER_ATTACHMENT_HOSTNAME}`) && PathPrefix(`/raw/`)" 38 | 39 | - "traefik.http.services.upload-backend.loadbalancer.server.scheme=http" 40 | - "traefik.http.services.upload-backend.loadbalancer.server.port=8080" 41 | extra_hosts: 42 | - "${DOCKER_ATTACHMENT_HOSTNAME}:0.0.0.0" 43 | healthcheck: 44 | test: ["CMD", "wget", "--spider", "http://localhost:8080"] 45 | interval: 3s 46 | retries: 12 47 | logging: 48 | driver: "json-file" 49 | options: 50 | max-size: "10m" 51 | 52 | networks: 53 | traefik: 54 | external: true 55 | -------------------------------------------------------------------------------- /docker-compose.minio-init.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | 4 | minio-client: 5 | image: ${DOCKER_MINIO_CLIENT_IMAGE_NAME} 6 | entrypoint: > 7 | /bin/sh -c " 8 | /usr/bin/mc config host rm local; 9 | /usr/bin/mc config host add --quiet --api s3v4 local http://outline_minio:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}; 10 | /usr/bin/mc mb --quiet local/${AWS_S3_UPLOAD_BUCKET_NAME}/; 11 | /usr/bin/mc policy set public local/${AWS_S3_UPLOAD_BUCKET_NAME}; 12 | " 13 | networks: 14 | - outline 15 | 16 | networks: 17 | outline: 18 | external: true -------------------------------------------------------------------------------- /docker-compose.minio.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | 4 | minio: 5 | image: ${DOCKER_MINIO_IMAGE_NAME} 6 | container_name: outline_minio 7 | volumes: 8 | - ./data/minio/data:/data:z 9 | command: minio server /data --console-address 0.0.0.0:9001 10 | environment: 11 | - MINIO_ROOT_USER=${MINIO_ROOT_USER} 12 | - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD} 13 | - MINIO_REGION_NAME=${MINIO_REGION_NAME} 14 | - MINIO_BROWSER=${MINIO_BROWSER} 15 | - MINIO_BROWSER_REDIRECT_URL=${MINIO_BROWSER_REDIRECT_URL} 16 | restart: always 17 | networks: 18 | - outline 19 | - traefik 20 | labels: 21 | - "traefik.enable=true" 22 | - "traefik.docker.network=traefik" 23 | 24 | - "traefik.http.middlewares.minio-gzip.compress=true" 25 | - "traefik.http.middlewares.minio-redir-https.redirectScheme.scheme=https" 26 | 27 | - "traefik.http.routers.minio-http.entrypoints=http" 28 | - "traefik.http.routers.minio-http.rule=Host(`${DOCKER_MINIO_HOSTNAME}`)" 29 | - "traefik.http.routers.minio-http.middlewares=minio-redir-https" 30 | - "traefik.http.routers.minio-http.service=minio-backend" 31 | 32 | - "traefik.http.routers.minio-https.middlewares=minio-gzip" 33 | - "traefik.http.routers.minio-https.entrypoints=https" 34 | - "traefik.http.routers.minio-https.tls=true" 35 | - "traefik.http.routers.minio-https.rule=Host(`${DOCKER_MINIO_HOSTNAME}`)" 36 | - "traefik.http.routers.minio-https.service=minio-backend" 37 | 38 | - "traefik.http.routers.minio-admin.middlewares=minio-gzip" 39 | - "traefik.http.routers.minio-admin.entrypoints=https" 40 | - "traefik.http.routers.minio-admin.tls=true" 41 | - "traefik.http.routers.minio-admin.rule=Host(`${DOCKER_MINIO_ADMIN_DOMAIN}`)" 42 | - "traefik.http.routers.minio-admin.service=minio-admin-backend" 43 | 44 | - "traefik.http.services.minio-backend.loadbalancer.server.scheme=http" 45 | - "traefik.http.services.minio-backend.loadbalancer.server.port=9000" 46 | 47 | - "traefik.http.services.minio-admin-backend.loadbalancer.server.scheme=http" 48 | - "traefik.http.services.minio-admin-backend.loadbalancer.server.port=9001" 49 | extra_hosts: 50 | - "${DOCKER_MINIO_HOSTNAME}:0.0.0.0" 51 | healthcheck: 52 | test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] 53 | interval: 3s 54 | retries: 12 55 | logging: 56 | driver: "json-file" 57 | options: 58 | max-size: "10m" 59 | 60 | networks: 61 | outline: 62 | external: true 63 | traefik: 64 | external: true -------------------------------------------------------------------------------- /docker-compose.outline.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | 4 | outline: 5 | image: ${DOCKER_OUTLINE_IMAGE_NAME} 6 | container_name: outline 7 | command: sh -c "yarn sequelize:migrate --env production-ssl-disabled && yarn start" 8 | environment: 9 | - URL=${OUTLINE_URL} 10 | - FORCE_HTTPS=false 11 | # SSO 12 | - OIDC_CLIENT_ID=${OIDC_CLIENT_ID} 13 | - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET} 14 | - OIDC_AUTH_URI=${OIDC_AUTH_URI} 15 | - OIDC_TOKEN_URI=${OIDC_TOKEN_URI} 16 | - OIDC_USERINFO_URI=${OIDC_USERINFO_URI} 17 | - OIDC_DISPLAY_NAME=${OIDC_DISPLAY_NAME} 18 | - ALLOWED_DOMAINS=${OIDC_ALLOWED_DOMAINS} 19 | # DB 20 | - DATABASE_URL=${DATABASE_URL} 21 | - PGSSLMODE=${PGSSLMODE} 22 | - REDIS_URL=${REDIS_URL} 23 | # Secret 24 | - SECRET_KEY=${OUTLINE_SECRET_KEY} 25 | - UTILS_SECRET=${OUTLINE_UTILS_SECRET} 26 | # S3 27 | - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} 28 | - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} 29 | - AWS_REGION=${AWS_REGION} 30 | - AWS_S3_UPLOAD_BUCKET_URL=${AWS_S3_UPLOAD_BUCKET_URL} 31 | - AWS_S3_UPLOAD_BUCKET_NAME=${AWS_S3_UPLOAD_BUCKET_NAME} 32 | - AWS_S3_UPLOAD_MAX_SIZE=${AWS_S3_UPLOAD_MAX_SIZE} 33 | - AWS_S3_FORCE_PATH_STYLE=${AWS_S3_FORCE_PATH_STYLE} 34 | - AWS_S3_ACL=${AWS_S3_ACL} 35 | # etc. 36 | - ENABLE_UPDATES=true 37 | - MAXIMUM_IMPORT_SIZE=5120000 38 | - DEBUG=cache,presenters,events,emails,mailer,utils,http,server,services 39 | - SLACK_MESSAGE_ACTIONS=false 40 | - DEFAULT_LANGUAGE=en_US 41 | restart: always 42 | # volumes: 43 | # - ./patches/...:/opt/outline/... 44 | networks: 45 | - traefik 46 | - outline 47 | labels: 48 | - "traefik.enable=true" 49 | - "traefik.docker.network=traefik" 50 | 51 | - "traefik.http.middlewares.outline-gzip.compress=true" 52 | - "traefik.http.middlewares.outline-redir-https.redirectScheme.scheme=https" 53 | 54 | - "traefik.http.routers.outline-http.entrypoints=http" 55 | - "traefik.http.routers.outline-http.rule=Host(`${DOCKER_OUTLINE_HOSTNAME}`)" 56 | - "traefik.http.routers.outline-http.middlewares=outline-redir-https" 57 | 58 | - "traefik.http.routers.outline-https.middlewares=outline-gzip" 59 | - "traefik.http.routers.outline-https.entrypoints=https" 60 | - "traefik.http.routers.outline-https.tls=true" 61 | - "traefik.http.routers.outline-https.rule=Host(`${DOCKER_OUTLINE_HOSTNAME}`)" 62 | 63 | - "traefik.http.routers.outline-https-assets.middlewares=outline-gzip" 64 | - "traefik.http.routers.outline-https-assets.entrypoints=https" 65 | - "traefik.http.routers.outline-https-assets.tls=true" 66 | - "traefik.http.routers.outline-https-assets.rule=Host(`${DOCKER_OUTLINE_HOSTNAME}`) && PathPrefix(`/static`, `/api`)" 67 | 68 | - "traefik.http.services.outline-backend.loadbalancer.server.scheme=http" 69 | - "traefik.http.services.outline-backend.loadbalancer.server.port=3000" 70 | extra_hosts: 71 | - "${DOCKER_OUTLINE_HOSTNAME}:0.0.0.0" 72 | healthcheck: 73 | test: ["CMD", "wget", "--spider", "http://localhost:3000"] 74 | interval: 3s 75 | retries: 12 76 | logging: 77 | driver: "json-file" 78 | options: 79 | max-size: "10m" 80 | 81 | networks: 82 | outline: 83 | external: true 84 | traefik: 85 | external: true -------------------------------------------------------------------------------- /docker-compose.postgres.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | 4 | postgres: 5 | image: ${DOCKER_POSTGRES_IMAGE_NAME} 6 | container_name: ${DOCKER_POSTGRES_HOST} 7 | environment: 8 | POSTGRES_USER: ${DOCKER_POSTGRES_USER} 9 | POSTGRES_PASSWORD: ${DOCKER_POSTGRES_PASS} 10 | POSTGRES_DB: ${DOCKER_POSTGRES_DBNAME} 11 | volumes: 12 | - /etc/localtime:/etc/localtime:ro 13 | - /etc/timezone:/etc/timezone:ro 14 | - ./data/pgdata:/var/lib/postgresql/data 15 | restart: always 16 | networks: 17 | - outline 18 | healthcheck: 19 | test: ["CMD", "pg_isready", "-U", "${DOCKER_POSTGRES_USER}"] 20 | interval: 3s 21 | retries: 12 22 | logging: 23 | driver: "json-file" 24 | options: 25 | max-size: "10m" 26 | 27 | networks: 28 | outline: 29 | external: true 30 | -------------------------------------------------------------------------------- /docker-compose.redis.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | 4 | redis: 5 | image: ${DOCKER_REDIS_IMAGE_NAME} 6 | container_name: ${DOCKER_REDIS_HOSTNAME} 7 | restart: always 8 | networks: 9 | - outline 10 | healthcheck: 11 | test: ["CMD", "redis-cli", "ping"] 12 | interval: 3s 13 | retries: 12 14 | environment: 15 | TZ: Asia/Shanghai 16 | volumes: 17 | - /etc/localtime:/etc/localtime:ro 18 | - /etc/timezone:/etc/timezone:ro 19 | - ./data/redis:/data 20 | logging: 21 | driver: "json-file" 22 | options: 23 | max-size: "10m" 24 | 25 | networks: 26 | outline: 27 | external: true 28 | -------------------------------------------------------------------------------- /docker-compose.sso.yml: -------------------------------------------------------------------------------- 1 | version: "3.6" 2 | 3 | services: 4 | 5 | sso: 6 | image: ${DOCKER_SSO_IMAGE_NAME} 7 | container_name: ${DOCKER_SSO_HOSTNAME} 8 | restart: always 9 | expose: 10 | - 80 11 | command: ./main 12 | volumes: 13 | - /etc/localtime:/etc/localtime:ro 14 | - /etc/timezone:/etc/timezone:ro 15 | extra_hosts: 16 | - "${SSO_SERVER_DOMAIN}:0.0.0.0" 17 | networks: 18 | - traefik 19 | environment: 20 | - TZ=Asia/Shanghai 21 | - PORT=80 22 | - SESSION_SECRET=${SESSION_SECRET:-} 23 | - SERVER_NAME=${SSO_SERVER_NAME:-} 24 | - CLIENT_NAME=${SSO_CLIENT_NAME:-} 25 | - CLIENT_ID=${SSO_CLIENT_ID:-} 26 | - CLIENT_SECRET=${SSO_CLIENT_SECRET:-} 27 | - CLIENT_ISTRUSTED=${SSO_CLIENT_ISTRUSTED:-} 28 | - USER_PASS=${SSO_USER_PASS:-} 29 | - LICENSE=${LICENSE:-} 30 | - LICENSE_FILE=${LICENSE_FILE:-} 31 | - OTP_OPTION=${OTP_OPTION:-} 32 | labels: 33 | - "traefik.enable=true" 34 | - "traefik.docker.network=traefik" 35 | 36 | - "traefik.http.routers.sso-http.entrypoints=http" 37 | - "traefik.http.routers.sso-http.rule=Host(`$SSO_SERVER_DOMAIN`)" 38 | 39 | - "traefik.http.routers.sso-https.entrypoints=https" 40 | - "traefik.http.routers.sso-https.tls=true" 41 | - "traefik.http.routers.sso-https.rule=Host(`$SSO_SERVER_DOMAIN`)" 42 | 43 | - "traefik.http.services.sso-backend.loadbalancer.server.scheme=http" 44 | - "traefik.http.services.sso-backend.loadbalancer.server.port=80" 45 | logging: 46 | driver: "json-file" 47 | options: 48 | max-size: "10m" 49 | healthcheck: 50 | test: ["CMD", "wget", "--spider", "http://localhost:80/health"] 51 | interval: 3s 52 | retries: 12 53 | 54 | networks: 55 | traefik: 56 | external: true 57 | --------------------------------------------------------------------------------