ansible-roles/docker-services
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity
Files
f31583e234a083d228ba2648de9b7db0713bf2f2
docker-services/templates/compose/wikijs.yml.j2
jean-yves.fournier f31583e234 add wikijs HSTS and CSP label
2026-03-05 14:48:36 +01:00

109 lines
3.5 KiB
Django/Jinja
Raw Blame History

networks:
{% if docker_services_external_networks %}
traefik:
external: true
wikijs:
external: true
{% else %}
traefik:
name: traefik
wikijs:
name: wikijs
{% endif %}
volumes:
{% if docker_services_external_volumes %}
wikijs__config:
external: true
wikijs__data:
external: true
wikijs_db__var_lib_mysql:
external: true
{% else %}
wikijs__config:
name: wikijs__config
wikijs__data:
name: wikijs__data
wikijs_db__var_lib_mysql:
name: wikijs_db__var_lib_mysql
{% endif %}
services:
wikijs_db:
image: mariadb:latest
container_name: wikijs_db
restart: always
networks:
- wikijs
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- wikijs_db__var_lib_mysql:/var/lib/mysql
ports:
- {{ wikijs_db_port | default("3306") }}:3306
environment:
- MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
- MYSQL_DATABASE=$DB_NAME
- MYSQL_USER=$DB_USER
- MYSQL_PASSWORD=$DB_PASSWORD
labels:
com.centurylinklabs.watchtower.enable: true
wikijs:
image: lscr.io/linuxserver/wikijs:latest
container_name: wikijs
restart: unless-stopped
depends_on:
- wikijs_db
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
- DB_TYPE=mysql
- DB_HOST=$DB_HOST
- DB_PORT=$DB_PORT
- DB_NAME=$DB_NAME
- DB_USER=$DB_USER
- DB_PASS=$DB_PASSWORD
volumes:
- wikijs__config:/config
- wikijs__data:/data
{% if wikijs_custom_css is defined %}
{% for file in wikijs_custom_css %}
- ./custom/css/{{ file }}:/app/wiki/assets/css/{{ file }}:ro
{% endfor %}
{% endif %}
ports:
- {{ wikijs_port | default("3000") }}:3000
networks:
- wikijs
- traefik
labels:
traefik.enable: true
traefik.docker.network: traefik
traefik.http.routers.wikijs.rule: "Host(`{{ wikijs_domain }}`){% if wikijs_whitelist is defined %} && ({% for ip in wikijs_whitelist %}{% if not loop.last %}ClientIP(`{{ ip }}`) || {% else %}ClientIP(`{{ ip }}`){% endif %}{% endfor %}){% endif %}"
traefik.http.routers.wikijs.tls: true
traefik.http.routers.wikijs.tls.certresolver: letsencrypt
traefik.http.routers.wikijs.entrypoints: "websecure"
com.centurylinklabs.watchtower.enable: true
{% if wikijs_custom_hsts_stsSeconds is defined
and wikijs_custom_hsts_stsIncludeSubdomains is defined
and wikijs_custom_hsts_stsPreload is defined
and wikijs_custom_hsts_forceSTSHeader is defined %}
# HSTS
traefik.http.middlewares.mw-security-headers.headers.stsSeconds: "{{ wikijs_custom_hsts_stsSeconds }}"
traefik.http.middlewares.mw-security-headers.headers.stsIncludeSubdomains: "{{ wikijs_custom_hsts_stsIncludeSubdomains }}"
traefik.http.middlewares.mw-security-headers.headers.stsPreload: "{{ wikijs_custom_hsts_stsPreload }}"
traefik.http.middlewares.mw-security-headers.headers.forceSTSHeader: "{{ wikijs_custom_hsts_forceSTSHeader }}"
{% endif %}
{% if wikijs_custom_csp is defined %}
# CSP
traefik.http.middlewares.mw-security-headers.headers.contentSecurityPolicy: "{{ wikijs_custom_csp }}"
{% endif %}
{% if (wikijs_custom_hsts_stsSeconds is defined
and wikijs_custom_hsts_stsIncludeSubdomains is defined
and wikijs_custom_hsts_stsPreload is defined
and wikijs_custom_hsts_forceSTSHeader is defined)
or wikijs_custom_csp is defined %}
# application du middleware security-headers
traefik.http.routers.wikijs.middlewares: "mw-security-headers"
{% endif %}
Reference in New Issue View Git Blame Copy Permalink