71 lines
3.6 KiB
YAML
71 lines
3.6 KiB
YAML
services:
|
|
web:
|
|
image: ghcr.io/karakeep-app/karakeep:${KARAKEEP_VERSION:-release}
|
|
restart: unless-stopped
|
|
container_name: karakeep_web
|
|
networks:
|
|
- proxy-net
|
|
volumes:
|
|
# By default, the data is stored in a docker volume called "data".
|
|
# If you want to mount a custom directory, change the volume mapping to:
|
|
# - /path/to/your/directory:/data
|
|
- /mnt/appdata/karakeep/data:/data
|
|
ports:
|
|
- 3000:3000
|
|
env_file:
|
|
- .env
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.karakeep.entrypoints=websecure"
|
|
- "traefik.http.routers.karakeep.rule=Host(`keep.castaldifamily.com`)"
|
|
- "traefik.http.routers.karakeep.tls=true"
|
|
- "traefik.http.routers.karakeep.tls.certresolver=cloudflare"
|
|
- "traefik.http.services.karakeep.loadbalancer.server.port=3000"
|
|
environment:
|
|
MEILI_ADDR: http://meilisearch:7700
|
|
BROWSER_WEB_URL: http://chrome:9222
|
|
DISABLE_SIGNUPS: ${DISABLE_SIGNUPS} #If enabled, no new signups will be allowed and the signup button will be disabled in the UI
|
|
DISABLE_PASSWORD_AUTH: ${DISABLE_PASSWORD_AUTH} #If enabled, only signups and logins using OAuth are allowed and the signup button and login form for local accounts will be disabled in the UI
|
|
EMAIL_VERIFICATION_REQUIRED: ${EMAIL_VERIFICATION_REQUIRED} #Whether email verification is required during user signup. If enabled, users must verify their email address before they can use their account. If you enable this, you must configure SMTP settings.
|
|
OAUTH_AUTO_REDIRECT: ${OAUTH_AUTO_REDIRECT} #If enabled and password authentication is disabled, automatically redirect to the OAuth provider instead of showing the login page. Useful when OAuth is the only authentication method available.
|
|
OAUTH_WELLKNOWN_URL: ${OAUTH_WELLKNOWN_URL} #The "wellknown Url" for openid-configuration as provided by the OAuth provider
|
|
OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET} #The "Client Secret" as provided by the OAuth provider
|
|
OAUTH_CLIENT_IDX: ${OAUTH_CLIENT_ID} #The "Client ID" as provided by the OAuth provider
|
|
OAUTH_SCOPE: ${OAUTH_SCOPE} #Full list of scopes to request (space delimited)"
|
|
OAUTH_PROVIDER_NAME: ${OAUTH_PROVIDER_NAME} #The name of your provider. Will be shown on the signup page as "Sign in with <name>"
|
|
OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING: ${OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING} #Whether existing accounts in karakeep stored in the database should automatically be linked with your OAuth account. Only enable it if you trust the OAuth provider!
|
|
OAUTH_TIMEOUT: ${OAUTH_TIMEOUT} #The wait time in milliseconds for the OAuth provider response. Increase this if you are having outgoing request timed out errors
|
|
# OPENAI_API_KEY: ...
|
|
|
|
# You almost never want to change the value of the DATA_DIR variable.
|
|
# If you want to mount a custom directory, change the volume mapping above instead.
|
|
DATA_DIR: /data # DON'T CHANGE THIS
|
|
chrome:
|
|
image: gcr.io/zenika-hub/alpine-chrome:124
|
|
restart: unless-stopped
|
|
container_name: karakeep_chrome
|
|
networks:
|
|
- proxy-net
|
|
command:
|
|
- --no-sandbox
|
|
- --disable-gpu
|
|
- --disable-dev-shm-usage
|
|
- --remote-debugging-address=0.0.0.0
|
|
- --remote-debugging-port=9222
|
|
- --hide-scrollbars
|
|
meilisearch:
|
|
image: getmeili/meilisearch:v1.41.0
|
|
restart: unless-stopped
|
|
container_name: karakeep_meilisearch
|
|
env_file:
|
|
- .env
|
|
networks:
|
|
- proxy-net
|
|
environment:
|
|
MEILI_NO_ANALYTICS: "true"
|
|
volumes:
|
|
- /mnt/appdata/karakeep/meilisearch:/meili_data
|
|
|
|
networks:
|
|
proxy-net:
|
|
external: true |