This repository has been archived by the owner on Sep 18, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-compose.yml
93 lines (91 loc) · 3.17 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
version: "3.7"
x-common-env: &common-env
# Replace here with your timezone
TZ: 'Europe/Rome'
# Replace here with your mysql credentials
MYSQL_HOST: 'mysql'
MYSQL_DATABASE: 'unimia'
MYSQL_USER: 'mysql_user'
MYSQL_PASSWORD: 'mysql_password'
services:
php:
restart: always
build: './php/'
read_only: true
depends_on:
- mysql
volumes:
- ./public_html/:/var/www/html/:ro
# PAY ATTENTION: SOCK FOLDER NEEDS TO HAVE SETGID AND TO BE CHOWNED TO WWW-DATA GROUP. OTHER SETTINGS ARE NOT SECURE!
- ./sock/:/sock/:rw
sysctls:
net.core.somaxconn: 65536
logging:
driver: "json-file"
options:
max-file: "1"
max-size: "10m"
environment:
<<: *common-env
# Google Tag ID (empty if not used)
GTAG_ID: ''
# Feel free to enable the healthcheck if you want
#healthcheck:
# Replace here with your domain
#test: "curl --fail -s https://example.com"
#timeout: 30s
#interval: 5m
#retries: 2
cron:
restart: always
build: './cron/'
read_only: true
init: true
tty: true
tmpfs:
- /tmp
depends_on:
- mysql
volumes:
- ./private/:/private/:rw
- ./public_html/screenshot/:/screenshot/:rw
- ./public_html/downloads/:/downloads/:rw
logging:
driver: "json-file"
options:
max-file: "1"
max-size: "10m"
environment:
<<: *common-env
# Replace here with your unimia credentials and login endpoint url
USERNAME: 'name.surname@studenti.unimi.it'
PASSWORD: 'password'
CAS_URL: 'https://cas.unimi.it/login'
# This is the timeout used by the python script which check if unimia is up or down
TIMEOUT: 65
# Replace here with a blocklist of words/phrases (case-insensitive and separed by commas) contained in Unimia which you want to be redacted before to take a screenshot
# (e.g. your name, surname, phone number, badge number ecc)
# Please note that this is just an additional security rule. Internally the software already redact personal informations based on their position on the page.
WORD_BLOCKLIST: 'john,doe,1234567890,123456,sicurezza dei sistemi e delle reti informatiche,l-31,f68,piazza del duomo,17,20121,milano,mi'
mysql:
restart: always
image: mariadb
command: --default-authentication-plugin=mysql_native_password
environment:
<<: *common-env
# Replace here with your mysql root password
MYSQL_ROOT_PASSWORD: 'mysql_root_password'
volumes:
- ./mysql/mysql/:/var/lib/mysql:rw
- ./mysql/config:/etc/mysql/conf.d:ro
- ./mysql/sql/:/docker-entrypoint-initdb.d/:ro
logging:
driver: "json-file"
options:
max-file: "1"
max-size: "10m"
healthcheck:
test: "mysqladmin status -u root -p$$MYSQL_ROOT_PASSWORD || exit 1"
timeout: 10s
interval: 1m30s
retries: 2