version: '3.7' # https://quay.io/repository/hedgedoc/hedgedoc # https://docs.hedgedoc.org/setup/docker/ # https://docs.hedgedoc.org/configuration/ # https://goauthentik.io/integrations/services/hedgedoc/ networks: hedgedoc: services: hedgedoc: image: quay.io/hedgedoc/hedgedoc:1.9.9-alpine container_name: hedgedoc restart: "${RESTART:-no}" hostname: md domainname: ${BASE_DOMAIN} environment: - NODE_ENV=production - CMD_DB_DIALECT=postgres - CMD_DB_HOST=pg-hedgedoc - CMD_DB_PORT=5432 - CMD_DB_DATABASE=hedgedoc - CMD_DB_USERNAME=hedgedoc - CMD_DB_PASSWORD=${HEDGEDOC_PG_PWD:-password} - CMD_DOMAIN=md.${BASE_DOMAIN} - CMD_PROTOCOL_USESSL=true - CMD_URL_ADDPORT=false - CMD_ALLOW_ORIGIN=md.${BASE_DOMAIN} - CMD_CSP_ALLOW_FRAMING=false - CMD_ALLOW_ANONYMOUS=false - CMD_ALLOW_ANONYMOUS_EDITS=false - CMD_ALLOW_FREEURL=true - CMD_REQUIRE_FREEURL_AUTHENTICATION=true - CMD_DEFAULT_PERMISSION=limited - CMD_SESSION_SECRET=${HEDGEDOC_SESSION_SECRET} - CMD_EMAIL=false - CMD_ALLOW_EMAIL_REGISTER=false - CMD_OAUTH2_AUTHORIZATION_URL=https://account.${BASE_DOMAIN}/application/o/authorize/ - CMD_OAUTH2_TOKEN_URL=https://account.${BASE_DOMAIN}/application/o/token/ - CMD_OAUTH2_USER_PROFILE_URL=https://account.${BASE_DOMAIN}/application/o/userinfo/ - CMD_OAUTH2_SCOPE=openid email profile - CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username - CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name - CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email - CMD_OAUTH2_CLIENT_ID=${HEDGEDOC_OAUTH_CLIENT} - CMD_OAUTH2_CLIENT_SECRET=${HEDGEDOC_OAUTH_SECRET} - CMD_OAUTH2_PROVIDERNAME=SSO volumes: - ${BASE_DIR:-/srv}/hedgedoc/uploads:/hedgedoc/public/uploads depends_on: - pg-hedgedoc networks: - proxy - mail - hedgedoc pg-hedgedoc: image: postgres:16-alpine container_name: pg-hedgedoc restart: "${RESTART:-no}" environment: - POSTGRES_DB=hedgedoc - POSTGRES_USER=hedgedoc - POSTGRES_PASSWORD=${HEDGEDOC_PG_PWD:-password} volumes: - ${BASE_DIR:-/srv}/hedgedoc/psql:/var/lib/postgresql/data networks: - hedgedoc