├── .editorconfig ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── config ├── sample │ └── nginx_outline.conf └── uc │ └── fixtures │ └── .gitkeep └── scripts ├── config.sh.sample ├── main.sh ├── templates ├── .env ├── config │ └── nginx │ │ ├── default.conf │ │ └── include │ │ └── proxy.conf ├── docker-compose.yml ├── env.minio ├── env.oidc ├── env.oidc-server ├── env.outline └── oidc-server-outline-client.json └── utils.sh /.editorconfig: -------------------------------------------------------------------------------- 1 | # http://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | indent_style = space 6 | end_of_line = lf 7 | charset = utf-8 8 | trim_trailing_whitespace = true 9 | insert_final_newline = true 10 | 11 | [*.md] 12 | trim_trailing_whitespace = false 13 | 14 | [Makefile] 15 | indent_style = tab 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | data/ 2 | scripts/config.sh 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2022, vicalloy 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | oidc_server_container=wk-oidc-server 2 | docker-compose := $(shell command -v docker-compose 2> /dev/null || echo "docker compose") 3 | 4 | gen-conf: 5 | # echo ${docker-compose} 6 | cd ./scripts && bash ./main.sh init_cfg 7 | 8 | start: 9 | ${docker-compose} up -d 10 | cd ./scripts && bash ./main.sh reload_nginx 11 | 12 | install: gen-conf start 13 | sleep 1 14 | ${docker-compose} exec ${oidc_server_container} bash -c "make init" 15 | ${docker-compose} exec ${oidc_server_container} bash -c "python manage.py loaddata oidc-server-outline-client" 16 | cd ./scripts && bash ./main.sh reload_nginx 17 | 18 | restart: stop start 19 | 20 | logs: 21 | ${docker-compose} logs -f 22 | 23 | stop: 24 | ${docker-compose} down || true 25 | 26 | update-images: 27 | ${docker-compose} pull 28 | 29 | clean-docker: stop 30 | ${docker-compose} rm -fsv || true 31 | 32 | clean-conf: 33 | rm -rfv env.* .env docker-compose.yml config/uc/fixtures/*.json \ 34 | config/nginx 35 | 36 | clean-data: clean-docker 37 | rm -rfv ./data/certs ./data/minio_root \ 38 | ./data/pgdata ./data/uc ./data/outline 39 | 40 | clean: clean-docker clean-conf 41 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # outline-docker-compose 2 | 3 | Install a self-hosted [Outline](https://github.com/outline/outline) wiki instance in a couple of minutes. 4 | 5 | ## Features: 6 | 7 | 1. A simple make and bash script to help you generate all the conf required. 8 | 1. A docker-compose to run your service. 9 | 1. A [OIDC server](https://github.com/vicalloy/oidc-server) to manage users, no need to login via Slack or Google. 10 | 11 | ## How to use 12 | 13 | 1. Initializing the system. 14 | ``` 15 | git clone https://github.com/vicalloy/outline-docker-compose.git 16 | cd outline-docker-compose 17 | cp scripts/config.sh.sample scripts/config.sh 18 | # update config file: vim scripts/config.sh 19 | make install # Create a docker-compose config file and start it. Initializing the oidc-server(add oidc client for outline and create a superuser). 20 | ``` 21 | - NOTE: Outline Wiki 0.72.0-1 supports local file storage. You can set `FILE_STORAGE=local` to use local file storage(MINIO is no longer required). 22 | 2. Open `http://127.0.0.1:8888` and login to outline. 23 | 3. Open `http://127.0.0.1:8888/uc/admin/auth/user/` to add new users. 24 | 25 | ## scripts/config.sh 26 | 27 | The config file [scripts/config.sh.sample](scripts/config.sh.sample) 28 | 29 | ## Makefile 30 | 31 | - `make install` create docker-compose config file and start it. Initializing the oidc-server(add oidc client for outline and create a superuser) 32 | - `make start` start outline 33 | - `make stop` stop outline 34 | - `make clean` remove all config file generated by script. 35 | - `make clean-data` ⚠️ You will lose all your data 36 | 37 | 38 | ## FAQ 39 | 40 | 1. Q: Added a new user, but can't login the outline 41 | - You should add an email for the new user 42 | - If the domain in the email is not the same as the admin user's domain, you should add the domain to the settings `ALLOWED_DOMAINS` 43 | -------------------------------------------------------------------------------- /config/sample/nginx_outline.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 443 ssl http2; 3 | server_name wiki.domain.com; 4 | 5 | ssl_certificate /cert/domain.com/cert.pem; 6 | ssl_certificate_key /cert/domain.com/key.pem; 7 | 8 | location / { 9 | proxy_pass http://wk-nginx:80; 10 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 11 | proxy_set_header X-Forwarded-Proto $scheme; 12 | proxy_set_header X-Real-IP $remote_addr; 13 | proxy_set_header Host $host; 14 | proxy_redirect off; 15 | 16 | proxy_set_header Upgrade $http_upgrade; 17 | proxy_set_header Connection "upgrade"; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /config/uc/fixtures/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/vicalloy/outline-docker-compose/6fbf4323a38ef43d29cc9086c0fe7976f5e660f5/config/uc/fixtures/.gitkeep -------------------------------------------------------------------------------- /scripts/config.sh.sample: -------------------------------------------------------------------------------- 1 | # Outline Wiki 0.72.0-1 supports local file storage. 2 | # Specify what storage system to use. Possible value is one of "s3" or "local". 3 | # For "local", the avatar images and document attachments will be saved on local disk. 4 | FILE_STORAGE=local 5 | # The url used to vist this web site. 6 | URL=http://127.0.0.1:8888 7 | # The default interface language. See translate.getoutline.com for a list of 8 | # available language codes and their rough percentage translated. 9 | DEFAULT_LANGUAGE=en_US 10 | # https://docs.djangoproject.com/en/2.2/ref/settings/#language-code 11 | LANGUAGE_CODE=en-us 12 | # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones 13 | TIME_ZONE=UTC 14 | FORCE_HTTPS=false 15 | # The domain in you email. 16 | # Comma separated list of domains to be allowed (optional). 17 | # If not set, the first user's domain is allowed by default. 18 | ALLOWED_DOMAINS= 19 | 20 | # Docker image version 21 | OUTLINE_VERSION=0.72.0-3 22 | POSTGRES_VERSION=15.2-alpine3.17 23 | MINIO_VERSION=RELEASE.2022-11-17T23-20-09Z 24 | MINIO_MC_VERSION=RELEASE.2022-11-17T21-20-39Z 25 | 26 | # Nginx 27 | # The nginx bind ip and port. 28 | # If you use ip address to access outline, this ip and port should be same as the URL. 29 | # If this server behind a proxy(nginx), you can bind to `127.0.0.1`. 30 | HTTP_IP=127.0.0.1 31 | HTTP_PORT_IP=8888 32 | 33 | # Docker 34 | # If you server behind a proxy(nginx), and the proxy created by docker. You can use the proxy's network. Set the `NETWORKS` to proxy's network name, and set `NETWORKS_EXTERNAL` to `true` . 35 | # The sample config for host nginx can be find in `config/sample/nginx_outline.conf`. 36 | NETWORKS=outlinewiki 37 | NETWORKS_EXTERNAL=false 38 | 39 | # Secret keys, update by script. 40 | # You shouldn't edit it. 41 | MINIO_ACCESS_KEY= 42 | MINIO_SECRET_KEY= 43 | OIDC_CLIENT_SECRET= 44 | OUTLINE_SECRET_KEY= 45 | OUTLINE_UTILS_SECRET= 46 | DJANGO_SECRET_KEY= 47 | -------------------------------------------------------------------------------- /scripts/main.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Generate config and secrets required to host your own outline server 3 | . ./config.sh 4 | . ./utils.sh 5 | 6 | FILE_STORAGE=${FILE_STORAGE:-s3} 7 | # update config file 8 | MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY:-`openssl rand -hex 8`} 9 | MINIO_SECRET_KEY=${MINIO_SECRET_KEY:-`openssl rand -hex 32`} 10 | # Should be: OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET:-`openssl rand -hex 28`} 11 | # To maintain compatibility with old version, do not fix this bug. 12 | OIDC_CLIENT_SECRET=${MINIO_SECRET_KEY:-`openssl rand -hex 28`} 13 | OUTLINE_SECRET_KEY=${OUTLINE_SECRET_KEY:-`openssl rand -hex 32`} 14 | OUTLINE_UTILS_SECRET=${OUTLINE_UTILS_SECRET:-`openssl rand -hex 32`} 15 | DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY:-`openssl rand -hex 32`} 16 | 17 | function update_config_file { 18 | env_replace MINIO_ACCESS_KEY $MINIO_ACCESS_KEY config.sh 19 | env_replace MINIO_SECRET_KEY $MINIO_SECRET_KEY config.sh 20 | env_replace OIDC_CLIENT_SECRET $OIDC_CLIENT_SECRET config.sh 21 | env_replace OUTLINE_SECRET_KEY $OUTLINE_SECRET_KEY config.sh 22 | env_replace OUTLINE_UTILS_SECRET $OUTLINE_UTILS_SECRET config.sh 23 | env_replace DJANGO_SECRET_KEY $DJANGO_SECRET_KEY config.sh 24 | } 25 | 26 | function create_global_env_file { 27 | fn=.env 28 | env_file=../$fn 29 | cp ./templates/$fn $env_file 30 | env_replace NETWORKS $NETWORKS $env_file 31 | env_replace NETWORKS_EXTERNAL $NETWORKS_EXTERNAL $env_file 32 | # NGINX 33 | env_replace HTTP_IP $HTTP_IP $env_file 34 | env_replace HTTP_PORT_IP $HTTP_PORT_IP $env_file 35 | # Docker image version 36 | env_replace OUTLINE_VERSION $OUTLINE_VERSION $env_file 37 | env_replace POSTGRES_VERSION $POSTGRES_VERSION $env_file 38 | env_replace MINIO_VERSION $MINIO_VERSION $env_file 39 | env_replace MINIO_MC_VERSION $MINIO_MC_VERSION $env_file 40 | } 41 | 42 | function create_minio_env_file { 43 | fn=env.minio 44 | env_file=../$fn 45 | cp ./templates/$fn $env_file 46 | env_replace MINIO_ACCESS_KEY $MINIO_ACCESS_KEY $env_file 47 | env_replace MINIO_SECRET_KEY $MINIO_SECRET_KEY $env_file 48 | } 49 | 50 | function create_outline_env_file { 51 | fn=env.outline 52 | env_file=../$fn 53 | cp ./templates/$fn $env_file 54 | 55 | env_replace URL $URL $env_file 56 | env_replace SECRET_KEY $OUTLINE_SECRET_KEY $env_file 57 | env_replace UTILS_SECRET $OUTLINE_UTILS_SECRET $env_file 58 | env_replace DEFAULT_LANGUAGE $DEFAULT_LANGUAGE $env_file 59 | env_replace FORCE_HTTPS $FORCE_HTTPS $env_file 60 | env_replace FILE_STORAGE $FILE_STORAGE $env_file 61 | 62 | env_delete DATABASE_URL $env_file 63 | env_delete DATABASE_URL_TEST $env_file 64 | env_delete REDIS_URL $env_file 65 | env_delete AWS_S3_UPLOAD_BUCKET_NAME $env_file 66 | 67 | env_delete SLACK_KEY $env_file 68 | env_delete SLACK_SECRET $env_file 69 | env_delete SLACK_APP_ID $env_file 70 | env_delete SLACK_KEY $env_file 71 | env_replace SLACK_MESSAGE_ACTIONS false $env_file 72 | 73 | env_replace AWS_ACCESS_KEY_ID $MINIO_ACCESS_KEY $env_file 74 | env_replace AWS_SECRET_ACCESS_KEY $MINIO_SECRET_KEY $env_file 75 | env_replace AWS_S3_UPLOAD_BUCKET_URL $URL $env_file 76 | 77 | env_add ALLOWED_DOMAINS "$ALLOWED_DOMAINS" $env_file 78 | } 79 | 80 | function create_oidc_env_file { 81 | fn=env.oidc 82 | env_file=../$fn 83 | cp ./templates/$fn $env_file 84 | 85 | env_replace OIDC_CLIENT_SECRET "$OIDC_CLIENT_SECRET" $env_file 86 | env_replace OIDC_AUTH_URI "${URL}/uc/oauth/authorize/" $env_file 87 | } 88 | 89 | function create_uc_env_file { 90 | fn=env.oidc-server 91 | env_file=../$fn 92 | cp ./templates/$fn $env_file 93 | 94 | env_replace LANGUAGE_CODE "$LANGUAGE_CODE" $env_file 95 | env_replace TIME_ZONE "$TIME_ZONE" $env_file 96 | env_replace SECRET_KEY "$DJANGO_SECRET_KEY" $env_file 97 | } 98 | 99 | function create_uc_db_init_file { 100 | fn=oidc-server-outline-client.json 101 | file=../config/uc/fixtures/$fn 102 | cp ./templates/$fn $file 103 | 104 | env_tmpl_replace OIDC_CLIENT_SECRET "$OIDC_CLIENT_SECRET" $file 105 | env_tmpl_replace URL "$URL" $file 106 | } 107 | 108 | function create_env_files { 109 | create_global_env_file 110 | # DISABLE_MINIO 111 | if [ $FILE_STORAGE == "s3" ]; then 112 | create_minio_env_file 113 | fi 114 | create_outline_env_file 115 | create_oidc_env_file 116 | create_uc_env_file 117 | create_uc_db_init_file 118 | } 119 | 120 | function create_apps_config { 121 | cp -r ./templates/config/* ../config/ 122 | if [ $FILE_STORAGE != "s3" ]; then 123 | rm_block "MINIO" "../config/nginx/default.conf" 124 | fi 125 | } 126 | 127 | function create_docker_compose_file { 128 | fn=docker-compose.yml 129 | file=../$fn 130 | cp ./templates/$fn $file 131 | 132 | env_tmpl_replace NETWORKS "$NETWORKS" $file 133 | env_tmpl_replace MINIO_ACCESS_KEY "$MINIO_ACCESS_KEY" $file 134 | env_tmpl_replace MINIO_SECRET_KEY "$MINIO_SECRET_KEY" $file 135 | if [ "$FILE_STORAGE" != "s3" ]; then 136 | rm_block "MINIO" $file 137 | fi 138 | } 139 | 140 | function init_cfg { 141 | update_config_file 142 | create_docker_compose_file 143 | create_env_files 144 | create_apps_config 145 | } 146 | 147 | function reload_nginx { 148 | cd ..; 149 | until docker-compose exec wk-nginx nginx -s reload 150 | do 151 | echo "waiting nginx" 152 | sleep 1 153 | done 154 | } 155 | 156 | $* 157 | -------------------------------------------------------------------------------- /scripts/templates/.env: -------------------------------------------------------------------------------- 1 | NETWORKS=outlinewiki 2 | NETWORKS_EXTERNAL=false 3 | HTTP_IP=127.0.0.1 4 | HTTP_PORT_IP=8888 5 | OUTLINE_VERSION=0.65.2 6 | POSTGRES_VERSION=14.4-alpine3.16 7 | MINIO_VERSION=RELEASE.2022-11-17T23-20-09Z 8 | MINIO_MC_VERSION=RELEASE.2022-11-17T21-20-39Z 9 | -------------------------------------------------------------------------------- /scripts/templates/config/nginx/default.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | client_max_body_size 100m; 4 | 5 | ##BEGIN MINIO 6 | # Proxy requests to the bucket "outline" to MinIO server running on port 9000 7 | location /outline-bucket { 8 | include /etc/nginx/conf.d/include/proxy.conf; 9 | proxy_pass http://wk-minio:9000; 10 | } 11 | ##END 12 | 13 | # Outline Wiki 14 | location / { 15 | include /etc/nginx/conf.d/include/proxy.conf; 16 | proxy_pass http://wk-outline:3000; 17 | } 18 | 19 | # Static file FOR OIDC Server 20 | location /uc/static { 21 | alias /uc/static_root; 22 | } 23 | 24 | # OIDC Server 25 | location /uc { 26 | include /etc/nginx/conf.d/include/proxy.conf; 27 | proxy_set_header SCRIPT_NAME /uc; 28 | proxy_pass http://wk-oidc-server:8000; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /scripts/templates/config/nginx/include/proxy.conf: -------------------------------------------------------------------------------- 1 | proxy_set_header X-Real-IP $remote_addr; 2 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 3 | proxy_set_header X-Forwarded-Proto $scheme; 4 | proxy_set_header Host $http_host; 5 | 6 | proxy_connect_timeout 300; 7 | proxy_http_version 1.1; 8 | 9 | proxy_set_header Upgrade $http_upgrade; 10 | proxy_set_header Connection "upgrade"; 11 | add_header Service-Worker-Allowed /; 12 | -------------------------------------------------------------------------------- /scripts/templates/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | wk-redis: 4 | image: redis:latest 5 | restart: always 6 | networks: 7 | - ${NETWORKS} 8 | wk-postgres: 9 | image: postgres:${POSTGRES_VERSION} 10 | environment: 11 | POSTGRES_USER: user 12 | POSTGRES_PASSWORD: pass 13 | POSTGRES_DB: outline 14 | volumes: 15 | - ./data/pgdata:/var/lib/postgresql/data 16 | restart: always 17 | networks: 18 | - ${NETWORKS} 19 | ##BEGIN MINIO 20 | wk-minio: 21 | image: minio/minio:${MINIO_VERSION} 22 | volumes: 23 | - ./data/minio_root:/minio_root:z 24 | - ./data/certs:/root/.minio/certs:z 25 | command: "minio server /minio_root" 26 | env_file: 27 | - ./env.minio 28 | restart: always 29 | networks: 30 | - ${NETWORKS} 31 | wk-createbuckets: 32 | image: minio/mc:${MINIO_MC_VERSION} 33 | depends_on: 34 | - wk-minio 35 | env_file: 36 | - ./env.minio 37 | entrypoint: > 38 | /bin/sh -c " 39 | until (/usr/bin/mc config host add minio http://wk-minio:9000 ${MINIO_ACCESS_KEY} ${MINIO_SECRET_KEY}) do echo '...waiting...' && sleep 1; done; 40 | /usr/bin/mc mb minio/outline-bucket; 41 | /usr/bin/mc anonymous set download minio/outline-bucket; 42 | exit 0; 43 | " 44 | networks: 45 | - ${NETWORKS} 46 | ##END 47 | wk-outline: 48 | image: outlinewiki/outline:${OUTLINE_VERSION} 49 | command: sh -c "yarn db:migrate --env production-ssl-disabled && yarn start" 50 | environment: 51 | - DATABASE_URL=postgres://user:pass@wk-postgres:5432/outline 52 | - DATABASE_URL_TEST=postgres://user:pass@wk-postgres:5432/outline-test 53 | - REDIS_URL=redis://wk-redis:6379 54 | - AWS_S3_UPLOAD_BUCKET_NAME=outline-bucket 55 | env_file: 56 | - ./env.outline 57 | - ./env.oidc 58 | volumes: 59 | - ./data/outline:/var/lib/outline/data 60 | restart: always 61 | depends_on: 62 | - wk-postgres 63 | - wk-redis 64 | ##BEGIN MINIO 65 | - wk-minio 66 | ##END 67 | networks: 68 | - ${NETWORKS} 69 | wk-oidc-server: 70 | image: vicalloy/oidc-server 71 | volumes: 72 | - ./config/uc/fixtures:/app/oidc_server/fixtures:z 73 | - ./data/uc/db:/app/db:z 74 | - ./data/uc/static_root:/app/static_root:z 75 | restart: always 76 | env_file: 77 | - ./env.oidc-server 78 | networks: 79 | - ${NETWORKS} 80 | wk-nginx: 81 | image: nginx 82 | ports: 83 | - ${HTTP_IP}:${HTTP_PORT_IP}:80 84 | volumes: 85 | - ./config/nginx/:/etc/nginx/conf.d/:ro 86 | - ./data/uc/static_root:/uc/static_root:ro 87 | restart: always 88 | depends_on: 89 | ##BEGIN MINIO 90 | - wk-minio 91 | ##END 92 | - wk-outline 93 | - wk-oidc-server 94 | networks: 95 | - ${NETWORKS} 96 | networks: 97 | ${NETWORKS}: 98 | external: ${NETWORKS_EXTERNAL} 99 | -------------------------------------------------------------------------------- /scripts/templates/env.minio: -------------------------------------------------------------------------------- 1 | MINIO_ACCESS_KEY= 2 | MINIO_SECRET_KEY= 3 | MINIO_BROWSER=off 4 | -------------------------------------------------------------------------------- /scripts/templates/env.oidc: -------------------------------------------------------------------------------- 1 | # To configure generic OIDC auth, you'll need some kind of identity provider. 2 | # See documentation for whichever IdP you use to acquire the following info: 3 | # Redirect URI is https:///auth/oidc.callback 4 | OIDC_CLIENT_ID=050984 5 | OIDC_CLIENT_SECRET= 6 | OIDC_AUTH_URI= 7 | OIDC_TOKEN_URI=http://wk-nginx/uc/oauth/token/ 8 | OIDC_USERINFO_URI=http://wk-nginx/uc/oauth/userinfo/ 9 | 10 | # Specify which claims to derive user information from 11 | # Supports any valid JSON path with the JWT payload 12 | OIDC_USERNAME_CLAIM=preferred_username 13 | 14 | # Display name for OIDC authentication 15 | OIDC_DISPLAY_NAME=OpenID 16 | 17 | # Space separated auth scopes. 18 | OIDC_SCOPES=openid profile email 19 | -------------------------------------------------------------------------------- /scripts/templates/env.oidc-server: -------------------------------------------------------------------------------- 1 | DEBUG=0 2 | LANGUAGE_CODE=en-us 3 | TIME_ZONE=UTC 4 | FORCE_SCRIPT_NAME=/uc 5 | SECRET_KEY= 6 | -------------------------------------------------------------------------------- /scripts/templates/env.outline: -------------------------------------------------------------------------------- 1 | # Copy this file to .env, remove this comment and change the keys. For development 2 | # with docker this should mostly work out of the box other than setting the Slack 3 | # keys (for auth) and the SECRET_KEY. 4 | # 5 | # Please use `openssl rand -hex 32` to create SECRET_KEY 6 | SECRET_KEY=generate_a_new_key 7 | UTILS_SECRET=generate_a_new_key 8 | 9 | DATABASE_URL=postgres://user:pass@localhost:5532/outline 10 | DATABASE_URL_TEST=postgres://user:pass@localhost:5532/outline-test 11 | REDIS_URL=redis://localhost:6479 12 | 13 | # Must point to the publicly accessible URL for the installation 14 | URL=http://localhost:3000 15 | PORT=3000 16 | 17 | # Optional. If using a Cloudfront distribution or similar the origin server 18 | # should be set to the same as URL. 19 | CDN_URL= 20 | 21 | # enforce (auto redirect to) https in production, (optional) default is true. 22 | # set to false if your SSL is terminated at a loadbalancer, for example 23 | FORCE_HTTPS=true 24 | 25 | ENABLE_UPDATES=true 26 | DEBUG=cache,presenters,events,emails,mailer,utils,multiplayer,server,services 27 | 28 | # Third party signin credentials (at least one is required) 29 | SLACK_KEY=get_a_key_from_slack 30 | SLACK_SECRET=get_the_secret_of_above_key 31 | 32 | # To configure Google auth, you'll need to create an OAuth Client ID at 33 | # => https://console.cloud.google.com/apis/credentials 34 | # 35 | # When configuring the Client ID, add an Authorized redirect URI: 36 | # https:///auth/google.callback 37 | GOOGLE_CLIENT_ID= 38 | GOOGLE_CLIENT_SECRET= 39 | 40 | # Comma separated list of domains to be allowed (optional) 41 | # If not set, all Google apps domains are allowed by default 42 | GOOGLE_ALLOWED_DOMAINS= 43 | 44 | # Third party credentials (optional) 45 | SLACK_VERIFICATION_TOKEN= 46 | SLACK_APP_ID=A0XXXXXXX 47 | SLACK_MESSAGE_ACTIONS=true 48 | GOOGLE_ANALYTICS_ID= 49 | SENTRY_DSN= 50 | 51 | # AWS credentials (optional in development) 52 | AWS_ACCESS_KEY_ID=get_a_key_from_aws 53 | AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key 54 | AWS_REGION=xx-xxxx-x 55 | AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569 56 | AWS_S3_UPLOAD_BUCKET_NAME=outline-bucket 57 | AWS_S3_UPLOAD_MAX_SIZE=26214400 58 | AWS_S3_FORCE_PATH_STYLE=true 59 | # uploaded s3 objects permission level, default is private 60 | # set to "public-read" to allow public access 61 | AWS_S3_ACL=private 62 | 63 | # Emails configuration (optional) 64 | SMTP_HOST= 65 | SMTP_PORT= 66 | SMTP_USERNAME= 67 | SMTP_PASSWORD= 68 | SMTP_FROM_EMAIL= 69 | SMTP_REPLY_EMAIL= 70 | 71 | # Custom logo that displays on the authentication screen, scaled to height: 60px 72 | # TEAM_LOGO=https://example.com/images/logo.png 73 | 74 | # See translate.getoutline.com for a list of available language codes and their 75 | # percentage translated. 76 | DEFAULT_LANGUAGE=en_US 77 | 78 | # Specify what storage system to use. Possible value is one of "s3" or "local". 79 | # For "local", the avatar images and document attachments will be saved on local disk. 80 | FILE_STORAGE=local 81 | 82 | # If "local" is configured for FILE_STORAGE above, then this sets the parent directory under 83 | # which all attachments/images go. Make sure that the process has permissions to create 84 | # this path and also to write files to it. 85 | FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data 86 | 87 | # Maximum allowed size for the uploaded attachment. 88 | FILE_STORAGE_UPLOAD_MAX_SIZE=26214400 89 | 90 | # Disable SSL for connecting to Postgres 91 | PGSSLMODE=disable 92 | -------------------------------------------------------------------------------- /scripts/templates/oidc-server-outline-client.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "model": "oidc_provider.client", 4 | "pk": 1, 5 | "fields": { 6 | "name": "outline", 7 | "owner": null, 8 | "client_type": "confidential", 9 | "client_id": "050984", 10 | "client_secret": "${OIDC_CLIENT_SECRET}", 11 | "jwt_alg": "RS256", 12 | "date_created": "2022-02-15", 13 | "website_url": "", 14 | "terms_url": "", 15 | "contact_email": "", 16 | "logo": "", 17 | "reuse_consent": true, 18 | "require_consent": true, 19 | "_redirect_uris": "${URL}/auth/oidc.callback", 20 | "_post_logout_redirect_uris": "", 21 | "_scope": "", 22 | "response_types": [ 23 | 1, 24 | 2, 25 | 3, 26 | 4, 27 | 5, 28 | 6 29 | ] 30 | } 31 | } 32 | ] 33 | -------------------------------------------------------------------------------- /scripts/utils.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | shopt -s expand_aliases 4 | 5 | if [ "$(uname)" == "Darwin" ]; then 6 | if ! command -v gsed &> /dev/null 7 | then 8 | # https://unix.stackexchange.com/a/131940 9 | echo "sed commands here are tested only with GNU sed" 10 | echo "Installing gnu-sed" 11 | brew install gnu-sed 12 | else 13 | alias sed=gsed 14 | fi 15 | fi 16 | 17 | if ! command -v docker-compose &> /dev/null 18 | then 19 | alias docker-compose="docker compose" 20 | fi 21 | 22 | function env_add { 23 | key=$1 24 | val=$2 25 | filename=$3 26 | echo "${key}=${val}" >> $filename 27 | } 28 | 29 | function env_replace { 30 | key=$1 31 | val=$2 32 | filename=$3 33 | sed "s|${key}=.*|${key}=${val}|" -i $filename 34 | } 35 | 36 | function env_tmpl_replace { 37 | key=$1 38 | val=$2 39 | filename=$3 40 | sed -e "s#\${${key}}#${val}#" -i $filename 41 | } 42 | 43 | function env_delete { 44 | key=$1 45 | filename=$2 46 | sed "/${key}/d" -i $filename 47 | } 48 | 49 | function rm_block { 50 | block=$1 51 | filename=$2 52 | sed "/##BEGIN ${block}/,/##END/d" -i $filename 53 | } --------------------------------------------------------------------------------