diff --git a/pica-wekan/README.md b/pica-wekan/README.md
index 5d204200d615601b0af9997a2ed802b312a5d865..e24dd3954c17dc4008fcc09777d3dbb98dfc28c0 100644
--- a/pica-wekan/README.md
+++ b/pica-wekan/README.md
@@ -11,7 +11,9 @@ La configuration se fait essentiellement via le [docker-compose.yml](./docker-co
### Lancement
-Il suffit d'un `docker-compose up -d`.
+Au premier lancement, copier le fichier `.secrets.example` en `.secrets` et remplacer le mot de passe par celui du LDAP (disponible dans le [pass](https://gitlab.utc.fr/picasoft/interne/pass)).
+
+Il suffit ensuite d'un `docker-compose up -d`.
### Mise à jour
diff --git a/pica-wekan/docker-compose.yml b/pica-wekan/docker-compose.yml
index 22ca460a3621b588a4cfe7884e4f56df2daef86d..d1bea63bb66b74eb563feb97bc84624311fcdc25 100644
--- a/pica-wekan/docker-compose.yml
+++ b/pica-wekan/docker-compose.yml
@@ -1,44 +1,52 @@
-version: '2.4'
+version: '3.7'
volumes:
wekan:
networks:
docker_default:
- name: "docker_default"
+ external: true
wekan:
name: "wekan"
services:
wekan-db:
- image: mongo:4.0.12
+ image: mongo:4.2
container_name: wekan-db
- restart: always
- command: mongod --smallfiles --oplogSize 128
+ command: mongod --oplogSize 128
expose:
- 27017
volumes:
- wekan:/data/db
networks:
- wekan
+ restart: unless-stopped
wekan-app:
- image: wekanteam/wekan:v3.57
+ image: wekanteam/wekan:v4.25
container_name: wekan-app
- labels:
- - "traefik.frontend.rule=Host:kanban.picasoft.net"
- - "traefik.port=8080"
- - "traefik.enable=true"
- restart: always
- links:
- - wekan-db:wekan-db
environment:
- MONGO_URL=mongodb://wekan-db:27017/wekan
- ROOT_URL=https://kanban.picasoft.net
+ # Don't send webhook on card click
- CARD_OPENED_WEBHOOK_ENABLED=false
- WEBHOOKS_ATTRIBUTES=cardId,listId,user
+ # ==== WEKAN API AND EXPORT BOARD ====
+ # Wekan Export Board works when WITH_API=true.
+ # https://github.com/wekan/wekan/wiki/REST-API
+ - WITH_API=true
+ # ==== PASSWORD BRUTE FORCE PROTECTION ====
+ - ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURES_BEFORE=10
+ - ACCOUNTS_LOCKOUT_KNOWN_USERS_PERIOD=60
+ - ACCOUNTS_LOCKOUT_KNOWN_USERS_FAILURE_WINDOW=15
+ env_file: ./secrets/wekan.secrets
depends_on:
- wekan-db
+ labels:
+ traefik.frontend.rule: Host:kanban.picasoft.net
+ traefik.port: 8080
+ traefik.enable: true
networks:
- docker_default
- wekan
+ restart: unless-stopped
diff --git a/pica-wekan/secrets/wekan.secrets.example b/pica-wekan/secrets/wekan.secrets.example
new file mode 100644
index 0000000000000000000000000000000000000000..53c2b0605cade662ac09f294c0e005ebcc106865
--- /dev/null
+++ b/pica-wekan/secrets/wekan.secrets.example
@@ -0,0 +1,3 @@
+# NOTE: Special characters need to be url-encoded in MAIL_URL.
+# You can encode those characters for example at: https://www.urlencoder.org
+MAIL_URL=smtp://wekan:password@mail.picasoft.net:587/?ignoreTLS=true&tls={rejectUnauthorized:false}