a987d45fbc
Set up three-tier synchronization: Syncthing (real-time), GitHub (version control), rsync (disaster recovery). Includes complete documentation for future Claude sessions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
69 lines
3.3 KiB
YAML
69 lines
3.3 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
documenso:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.custom
|
|
image: documenso-custom:latest
|
|
container_name: documenso
|
|
restart: unless-stopped
|
|
networks:
|
|
- traefik-public
|
|
- database-internal
|
|
environment:
|
|
- DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
|
|
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
|
|
- NEXTAUTH_URL=https://sign.ai-impress.com
|
|
- NEXT_PUBLIC_WEBAPP_URL=https://sign.ai-impress.com
|
|
- NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT}
|
|
- NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST}
|
|
- NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT}
|
|
- NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME}
|
|
- NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD}
|
|
- NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME}
|
|
- NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS}
|
|
- NEXT_PRIVATE_SMTP_SECURE=${NEXT_PRIVATE_SMTP_SECURE}
|
|
- NEXT_PRIVATE_SMTP_DEBUG=${NEXT_PRIVATE_SMTP_DEBUG}
|
|
- DEBUG=${DEBUG}
|
|
- NEXT_PUBLIC_DISABLE_SIGNUP=${NEXT_PUBLIC_DISABLE_SIGNUP}
|
|
- NEXT_PUBLIC_MARKETING_URL=https://sign.ai-impress.com
|
|
- NEXT_PUBLIC_APP_URL=https://sign.ai-impress.com
|
|
- NEXT_PRIVATE_DISABLE_EMAIL_AUTH=true
|
|
# Prisma variables
|
|
- NEXT_PRIVATE_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
|
|
- NEXT_PRIVATE_DIRECT_DATABASE_URL=postgresql://documenso_user:${DB_PASSWORD}@postgres-main:5432/documenso
|
|
# OIDC для сотрудников
|
|
- NEXT_PRIVATE_OIDC_CLIENT_ID=nUi11HfuTLoROKqI4leUSzi48BB7m4KkqjwYq1wG
|
|
- NEXT_PRIVATE_OIDC_CLIENT_SECRET=vFsXdQ1QYNhoOJpMz9OR6aoCsKTzNc473aL2Vn2J2fcMFnH5xnZFAKJdEMNB3vdQmZM8y9ESUUTwz6owAfuFWeBFQy2U7BQRW1W1fDmZr1oXAkUeZuD49jEdCJN7Bvy3
|
|
- NEXT_PRIVATE_OIDC_WELL_KNOWN=https://auth.ai-impress.com/application/o/documenso/.well-known/openid-configuration
|
|
- NEXT_PRIVATE_OIDC_PROVIDER_LABEL=Authentik SSO
|
|
# Encryption keys (REQUIRED)
|
|
- NEXT_PRIVATE_ENCRYPTION_KEY=${NEXT_PRIVATE_ENCRYPTION_KEY}
|
|
- NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY}
|
|
# Storage configuration
|
|
- NEXT_PUBLIC_UPLOAD_TRANSPORT=database
|
|
# Production settings
|
|
- NODE_ENV=production
|
|
# Document signing configuration
|
|
- NEXT_PRIVATE_SIGNING_TRANSPORT=${NEXT_PRIVATE_SIGNING_TRANSPORT}
|
|
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH}
|
|
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PASSPHRASE}
|
|
- NEXT_PRIVATE_SIGNING_PASSPHRASE=${NEXT_PRIVATE_SIGNING_PASSPHRASE}
|
|
# Playwright configuration
|
|
- PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
|
|
- PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=/usr/bin/chromium-browser
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.documenso.rule=Host(`sign.ai-impress.com`)"
|
|
- "traefik.http.routers.documenso.tls=true"
|
|
- "traefik.http.services.documenso.loadbalancer.server.port=3000"
|
|
# Authentik middleware отключен - клиенты регистрируются напрямую
|
|
volumes:
|
|
- ./data:/data
|
|
|
|
networks:
|
|
traefik-public:
|
|
external: true
|
|
database-internal:
|
|
external: true
|