adds etherpad module
This commit is contained in:
@@ -10,7 +10,7 @@ CPU_ARCH := $(if $(shell which arch),\
|
|||||||
IMAGE_PREFIX := $(if $(filter armv7%,$(CPU_ARCH)),armv7/)
|
IMAGE_PREFIX := $(if $(filter armv7%,$(CPU_ARCH)),armv7/)
|
||||||
REGISTRY_DOMAIN := git.joeac.net
|
REGISTRY_DOMAIN := git.joeac.net
|
||||||
REGISTRY_USER := joeac
|
REGISTRY_USER := joeac
|
||||||
MODULES := http gemini smtp vaultwarden
|
MODULES := http gemini smtp vaultwarden etherpad
|
||||||
|
|
||||||
|
|
||||||
#############
|
#############
|
||||||
|
|||||||
+18
@@ -19,6 +19,24 @@ services:
|
|||||||
ports:
|
ports:
|
||||||
- "8080:80"
|
- "8080:80"
|
||||||
|
|
||||||
|
etherpad:
|
||||||
|
image: git.joeac.net/joeac/joeac.net-etherpad
|
||||||
|
container_name: joeac.net-etherpad
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: etherpad.Dockerfile
|
||||||
|
args:
|
||||||
|
ALPINE_VERSION: ${ALPINE_VERSION}
|
||||||
|
ETHERPAD_VERSION: ${ETHERPAD_VERSION}
|
||||||
|
volumes:
|
||||||
|
- ./etherpad/var:/var/app/var
|
||||||
|
environment:
|
||||||
|
NODE_ENV: ${ETHERPAD_NODE_ENV}
|
||||||
|
ADMIN_PASSWORD: ${ETHERPAD_ADMIN_PASSWORD}
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "${ETHERPAD_PORT}:9001"
|
||||||
|
|
||||||
smtp:
|
smtp:
|
||||||
image: git.joeac.net/joeac/joeac.net-smtp
|
image: git.joeac.net/joeac/joeac.net-smtp
|
||||||
container_name: joeac.net-smtp
|
container_name: joeac.net-smtp
|
||||||
|
|||||||
@@ -1,2 +1,3 @@
|
|||||||
SUBDOMAIN_http := @
|
SUBDOMAIN_http := @
|
||||||
SUBDOMAIN_vaultwarden := pwd
|
SUBDOMAIN_vaultwarden := pwd
|
||||||
|
SUBDOMAIN_etherpad := docs
|
||||||
|
|||||||
@@ -0,0 +1,11 @@
|
|||||||
|
ARG ALPINE_VERSION=3.23
|
||||||
|
FROM docker.io/alpine:${ALPINE_VERSION}
|
||||||
|
RUN mkdir -p /var/app
|
||||||
|
WORKDIR /var/app
|
||||||
|
ARG ETHERPAD_VERSION
|
||||||
|
RUN apk --no-cache add pnpm \
|
||||||
|
&& ENV=~/.profile SHELL=sh pnpm setup \
|
||||||
|
&& source ~/.profile \
|
||||||
|
&& pnpm install --global tsx
|
||||||
|
COPY etherpad/etherpad-${ETHERPAD_VERSION} .
|
||||||
|
CMD pnpx tsx src/node/server.ts
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
var
|
||||||
|
etherpad-*
|
||||||
@@ -0,0 +1,23 @@
|
|||||||
|
ETHERPAD_VERSION := 3.3.2
|
||||||
|
SRC_DIR := etherpad-$(ETHERPAD_VERSION)
|
||||||
|
|
||||||
|
.PHONY: all
|
||||||
|
all: download_etherpad install_deps
|
||||||
|
|
||||||
|
.PHONY: download_etherpad
|
||||||
|
download_etherpad: $(SRC_DIR)
|
||||||
|
|
||||||
|
$(SRC_DIR):
|
||||||
|
wget -O- https://github.com/ether/etherpad/archive/refs/tags/v3.3.2.tar.gz | tar -xz
|
||||||
|
|
||||||
|
.PHONY: install_deps
|
||||||
|
install_deps: $(SRC_DIR)/node_modules
|
||||||
|
|
||||||
|
$(SRC_DIR)/node_modules: $(SRC_DIR) $(SRC_DIR)/settings.json $(SRC_DIR)/package.json $(SRC_DIR)/pnpm-lock.yaml
|
||||||
|
cd $(SRC_DIR) && pnpm install
|
||||||
|
|
||||||
|
$(SRC_DIR)/settings.json: $(SRC_DIR) settings.json
|
||||||
|
cp settings.json $(SRC_DIR)/settings.json
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf etherpad-*/
|
||||||
@@ -0,0 +1,747 @@
|
|||||||
|
/*
|
||||||
|
* This file must be valid JSON. But comments are allowed
|
||||||
|
*
|
||||||
|
* Please edit settings.json, not settings.json.template
|
||||||
|
*
|
||||||
|
* Please note that starting from Etherpad 1.6.0 you can store DB credentials in
|
||||||
|
* a separate file (credentials.json).
|
||||||
|
*
|
||||||
|
*
|
||||||
|
* ENVIRONMENT VARIABLE SUBSTITUTION
|
||||||
|
* =================================
|
||||||
|
*
|
||||||
|
* All the configuration values can be read from environment variables using the
|
||||||
|
* syntax "${ENV_VAR}" or "${ENV_VAR:default_value}".
|
||||||
|
*
|
||||||
|
* This is useful, for example, when running in a Docker container.
|
||||||
|
*
|
||||||
|
* DETAILED RULES:
|
||||||
|
* - If the environment variable is set to the string "true" or "false", the
|
||||||
|
* value becomes Boolean true or false.
|
||||||
|
* - If the environment variable is set to the string "null", the value
|
||||||
|
* becomes null.
|
||||||
|
* - If the environment variable is set to the string "undefined", the setting
|
||||||
|
* is removed entirely, except when used as the member of an array in which
|
||||||
|
* case it becomes null.
|
||||||
|
* - If the environment variable is set to a string representation of a finite
|
||||||
|
* number, the string is converted to that number.
|
||||||
|
* - If the environment variable is set to any other string, including the
|
||||||
|
* empty string, the value is that string.
|
||||||
|
* - If the environment variable is unset and a default value is provided, the
|
||||||
|
* value is as if the environment variable was set to the provided default:
|
||||||
|
* - "${UNSET_VAR:}" becomes the empty string.
|
||||||
|
* - "${UNSET_VAR:foo}" becomes the string "foo".
|
||||||
|
* - "${UNSET_VAR:true}" and "${UNSET_VAR:false}" become true and false.
|
||||||
|
* - "${UNSET_VAR:null}" becomes null.
|
||||||
|
* - "${UNSET_VAR:undefined}" causes the setting to be removed (or be set
|
||||||
|
* to null, if used as a member of an array).
|
||||||
|
* - If the environment variable is unset and no default value is provided,
|
||||||
|
* the value becomes null. THIS BEHAVIOR MAY CHANGE IN A FUTURE VERSION OF
|
||||||
|
* ETHERPAD; if you want the default value to be null, you should explicitly
|
||||||
|
* specify "null" as the default value.
|
||||||
|
*
|
||||||
|
* EXAMPLE:
|
||||||
|
* "port": "${PORT:9001}"
|
||||||
|
* "minify": "${MINIFY}"
|
||||||
|
* "skinName": "${SKIN_NAME:colibris}"
|
||||||
|
*
|
||||||
|
* Would read the configuration values for those items from the environment
|
||||||
|
* variables PORT, MINIFY and SKIN_NAME.
|
||||||
|
*
|
||||||
|
* If PORT and SKIN_NAME variables were not defined, the default values 9001 and
|
||||||
|
* "colibris" would be used.
|
||||||
|
* The configuration value "minify", on the other hand, does not have a
|
||||||
|
* designated default value. Thus, if the environment variable MINIFY were
|
||||||
|
* undefined, "minify" would be null.
|
||||||
|
*
|
||||||
|
* REMARKS:
|
||||||
|
* 1) please note that variable substitution always needs to be quoted.
|
||||||
|
*
|
||||||
|
* "port": 9001, <-- Literal values. When not using
|
||||||
|
* "minify": false substitution, only strings must be
|
||||||
|
* "skinName": "colibris" quoted. Booleans and numbers must not.
|
||||||
|
*
|
||||||
|
* "port": "${PORT:9001}" <-- CORRECT: if you want to use a variable
|
||||||
|
* "minify": "${MINIFY:true}" substitution, put quotes around its name,
|
||||||
|
* "skinName": "${SKIN_NAME}" even if the required value is a number or
|
||||||
|
* a boolean.
|
||||||
|
* Etherpad will take care of rewriting it
|
||||||
|
* to the proper type if necessary.
|
||||||
|
*
|
||||||
|
* "port": ${PORT:9001} <-- ERROR: this is not valid json. Quotes
|
||||||
|
* "minify": ${MINIFY} around variable names are missing.
|
||||||
|
* "skinName": ${SKIN_NAME}
|
||||||
|
*
|
||||||
|
* 2) Beware of undefined variables and default values: nulls and empty strings
|
||||||
|
* are different!
|
||||||
|
*
|
||||||
|
* This is particularly important for user's passwords (see the relevant
|
||||||
|
* section):
|
||||||
|
*
|
||||||
|
* "password": "${PASSW}" // if PASSW is not defined would result in password === null
|
||||||
|
* "password": "${PASSW:}" // if PASSW is not defined would result in password === ''
|
||||||
|
*
|
||||||
|
* If you want to use an empty value (null) as default value for a variable,
|
||||||
|
* simply do not set it, without putting any colons: "${SOFFICE}".
|
||||||
|
*
|
||||||
|
* 3) if you want to use newlines in the default value of a string parameter,
|
||||||
|
* use "\n" as usual.
|
||||||
|
*
|
||||||
|
* "defaultPadText" : "${DEFAULT_PAD_TEXT:Line 1\nLine 2}"
|
||||||
|
*/
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Name your instance!
|
||||||
|
*/
|
||||||
|
"title": "joeac's docs",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Whether to show recent pads on the homepage or not.
|
||||||
|
*/
|
||||||
|
"showRecentPads": true,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Pathname of the favicon you want to use. If null, the skin's favicon is
|
||||||
|
* used if one is provided by the skin, otherwise the default Etherpad favicon
|
||||||
|
* is used. If this is a relative path it is interpreted as relative to the
|
||||||
|
* Etherpad root directory.
|
||||||
|
*/
|
||||||
|
"favicon": null,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Skin name.
|
||||||
|
*
|
||||||
|
* Its value has to be an existing directory under src/static/skins.
|
||||||
|
* You can write your own, or use one of the included ones:
|
||||||
|
*
|
||||||
|
* - "no-skin": an empty skin (default). This yields the unmodified,
|
||||||
|
* traditional Etherpad theme.
|
||||||
|
* - "colibris": the new experimental skin (since Etherpad 1.8), candidate to
|
||||||
|
* become the default in Etherpad 2.0
|
||||||
|
*/
|
||||||
|
"skinName": "colibris",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Skin Variants
|
||||||
|
*
|
||||||
|
* Use the UI skin variants builder at /p/test#skinvariantsbuilder
|
||||||
|
*
|
||||||
|
* For the colibris skin only, you can choose how to render the three main
|
||||||
|
* containers:
|
||||||
|
* - toolbar (top menu with icons)
|
||||||
|
* - editor (containing the text of the pad)
|
||||||
|
* - background (area outside of editor, mostly visible when using page style)
|
||||||
|
*
|
||||||
|
* For each of the 3 containers you can choose 4 color combinations:
|
||||||
|
* super-light, light, dark, super-dark.
|
||||||
|
*
|
||||||
|
* For example, to make the toolbar dark, you will include "dark-toolbar" into
|
||||||
|
* skinVariants.
|
||||||
|
*
|
||||||
|
* You can provide multiple skin variants separated by spaces. Default
|
||||||
|
* skinVariant is "super-light-toolbar super-light-editor light-background".
|
||||||
|
*
|
||||||
|
* For the editor container, you can also make it full width by adding
|
||||||
|
* "full-width-editor" variant (by default editor is rendered as a page, with
|
||||||
|
* a max-width of 900px).
|
||||||
|
*/
|
||||||
|
"skinVariants": "super-light-toolbar super-light-editor light-background",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* IP and port which Etherpad should bind at.
|
||||||
|
*
|
||||||
|
* Binding to a Unix socket is also supported: just use an empty string for
|
||||||
|
* the ip, and put the full path to the socket in the port parameter.
|
||||||
|
*
|
||||||
|
* EXAMPLE USING UNIX SOCKET:
|
||||||
|
* "ip": "", // <-- has to be an empty string
|
||||||
|
* "port" : "/somepath/etherpad.socket", // <-- path to a Unix socket
|
||||||
|
*/
|
||||||
|
"ip": "0.0.0.0",
|
||||||
|
"port": 9001,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Option to hide/show the settings.json in admin page.
|
||||||
|
*
|
||||||
|
* Default option is set to true
|
||||||
|
*/
|
||||||
|
"showSettingsInAdminPage": true,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Enable/disable the metrics endpoint.
|
||||||
|
*
|
||||||
|
* This is used by the monitoring plugins to collect metrics about Etherpad.
|
||||||
|
* If you do not use any monitoring plugins, you can disable this.
|
||||||
|
*/
|
||||||
|
"enableMetrics": "${ENABLE_METRICS:true}",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Settings for cleanup of pads
|
||||||
|
*/
|
||||||
|
"cleanup": {
|
||||||
|
"enabled": false,
|
||||||
|
"keepRevisions": 5
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Node native SSL support
|
||||||
|
*
|
||||||
|
* This is disabled by default.
|
||||||
|
* Make sure to have the minimum and correct file access permissions set so
|
||||||
|
* that the Etherpad server can access them
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
"ssl" : {
|
||||||
|
"key" : "/path-to-your/epl-server.key",
|
||||||
|
"cert" : "/path-to-your/epl-server.crt",
|
||||||
|
"ca": ["/path-to-your/epl-intermediate-cert1.crt", "/path-to-your/epl-intermediate-cert2.crt"]
|
||||||
|
},
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The type of the database.
|
||||||
|
*
|
||||||
|
* You can choose between many DB drivers, for example: dirty, postgres,
|
||||||
|
* sqlite, mysql.
|
||||||
|
*
|
||||||
|
* You shouldn't use "dirty" for for anything else than testing or
|
||||||
|
* development.
|
||||||
|
*
|
||||||
|
*
|
||||||
|
* Database specific settings are dependent on dbType, and go in dbSettings.
|
||||||
|
* Remember that since Etherpad 1.6.0 you can also store this information in
|
||||||
|
* credentials.json.
|
||||||
|
*
|
||||||
|
* For a complete list of the supported drivers, please refer to:
|
||||||
|
* https://www.npmjs.com/package/ueberdb2
|
||||||
|
*/
|
||||||
|
|
||||||
|
"dbType": "sqlite",
|
||||||
|
"dbSettings": {
|
||||||
|
"filename": "var/etherpad.sq3"
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* An Example of MySQL Configuration (commented out).
|
||||||
|
*
|
||||||
|
* See: https://github.com/ether/etherpad/wiki/How-to-use-Etherpad-Lite-with-MySQL
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
"dbType" : "mysql",
|
||||||
|
"dbSettings" : {
|
||||||
|
"user": "etherpaduser",
|
||||||
|
"host": "localhost",
|
||||||
|
"port": 3306,
|
||||||
|
"password": "PASSWORD",
|
||||||
|
"database": "etherpad_lite_db",
|
||||||
|
"charset": "utf8mb4"
|
||||||
|
},
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The default text of a pad
|
||||||
|
*/
|
||||||
|
"defaultPadText" : "",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Default Pad behavior.
|
||||||
|
*
|
||||||
|
* Change them if you want to override.
|
||||||
|
*/
|
||||||
|
"padOptions": {
|
||||||
|
"noColors": false,
|
||||||
|
"showControls": true,
|
||||||
|
"showChat": true,
|
||||||
|
"showLineNumbers": true,
|
||||||
|
"useMonospaceFont": false,
|
||||||
|
"userName": null,
|
||||||
|
"userColor": null,
|
||||||
|
"rtl": false,
|
||||||
|
"alwaysShowChat": false,
|
||||||
|
"chatAndUsers": false,
|
||||||
|
"lang": null
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Pad Shortcut Keys
|
||||||
|
*/
|
||||||
|
"padShortcutEnabled" : {
|
||||||
|
"altF9": true, /* focus on the File Menu and/or editbar */
|
||||||
|
"altC": true, /* focus on the Chat window */
|
||||||
|
"cmdShift2": true, /* shows a gritter popup showing a line author */
|
||||||
|
"delete": true,
|
||||||
|
"return": true,
|
||||||
|
"esc": true, /* in mozilla versions 14-19 avoid reconnecting pad */
|
||||||
|
"cmdS": true, /* save a revision */
|
||||||
|
"tab": true, /* indent */
|
||||||
|
"cmdZ": true, /* undo/redo */
|
||||||
|
"cmdY": true, /* redo */
|
||||||
|
"cmdI": true, /* italic */
|
||||||
|
"cmdB": true, /* bold */
|
||||||
|
"cmdU": true, /* underline */
|
||||||
|
"cmd5": true, /* strike through */
|
||||||
|
"cmdShiftL": true, /* unordered list */
|
||||||
|
"cmdShiftN": true, /* ordered list */
|
||||||
|
"cmdShift1": true, /* ordered list */
|
||||||
|
"cmdShiftC": true, /* clear authorship */
|
||||||
|
"cmdH": true, /* backspace */
|
||||||
|
"ctrlHome": true, /* scroll to top of pad */
|
||||||
|
"pageUp": true,
|
||||||
|
"pageDown": true
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Enables the use of a different server. We have a different one that syncs changes from the original server.
|
||||||
|
* It is hosted on GitHub and should not be blocked by many firewalls.
|
||||||
|
* https://etherpad.org/ep_infos
|
||||||
|
*/
|
||||||
|
|
||||||
|
"updateServer": "https://etherpad.org/ep_infos",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Should we suppress errors from being visible in the default Pad Text?
|
||||||
|
*/
|
||||||
|
"suppressErrorsInPadText": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If this option is enabled, a user must have a session to access pads.
|
||||||
|
* This effectively allows only group pads to be accessed.
|
||||||
|
*/
|
||||||
|
"requireSession": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Users may edit pads but not create new ones.
|
||||||
|
*
|
||||||
|
* Pad creation is only via the API.
|
||||||
|
* This applies both to group pads and regular pads.
|
||||||
|
*/
|
||||||
|
"editOnly": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If true, all css & js will be minified before sending to the client.
|
||||||
|
*
|
||||||
|
* This will improve the loading performance massively, but makes it difficult
|
||||||
|
* to debug the javascript/css
|
||||||
|
*/
|
||||||
|
"minify": true,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* How long may clients use served javascript code (in seconds)?
|
||||||
|
*
|
||||||
|
* Not setting this may cause problems during deployment.
|
||||||
|
* Set to 0 to disable caching.
|
||||||
|
*/
|
||||||
|
"maxAge": 21600, // 60 * 60 * 6 = 6 hours
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This is the absolute path to the soffice executable.
|
||||||
|
*
|
||||||
|
* LibreOffice is used for advanced import/export of pads (docx, pdf, odt).
|
||||||
|
* Setting it to null disables LibreOffice and will only allow plain text
|
||||||
|
* and HTML import/exports.
|
||||||
|
*/
|
||||||
|
"soffice": null,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* When true (the default), the "Microsoft Word" export button downloads a .docx file via
|
||||||
|
* LibreOffice (requires "soffice" to be set). Set to false to revert to legacy .doc output
|
||||||
|
* (which also requires "soffice").
|
||||||
|
*/
|
||||||
|
"docxExport": true,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* txt, doc, docx, rtf, odt, html & htm
|
||||||
|
*/
|
||||||
|
"allowUnknownFileEnds": true,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* This setting is used if you require authentication of all users.
|
||||||
|
*
|
||||||
|
* Note: "/admin" always requires authentication.
|
||||||
|
*/
|
||||||
|
"requireAuthentication": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Require authorization by a module, or a user with is_admin set, see below.
|
||||||
|
*/
|
||||||
|
"requireAuthorization": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* When you use NGINX or another proxy/load-balancer set this to true.
|
||||||
|
*
|
||||||
|
* This is especially necessary when the reverse proxy performs SSL
|
||||||
|
* termination, otherwise the cookies will not have the "secure" flag.
|
||||||
|
*
|
||||||
|
* The other effect will be that the logs will contain the real client's IP,
|
||||||
|
* instead of the reverse proxy's IP.
|
||||||
|
*/
|
||||||
|
"trustProxy": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Settings controlling the session cookie issued by Etherpad.
|
||||||
|
*/
|
||||||
|
"cookie": {
|
||||||
|
/*
|
||||||
|
* Prefix for all cookie names set by Etherpad. Set this to "ep_" or similar
|
||||||
|
* if Etherpad's cookie names (token, sessionID, etc.) conflict with those
|
||||||
|
* of another application on the same domain. Default: "" (no prefix).
|
||||||
|
*/
|
||||||
|
// "prefix": "ep_",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* How often (in milliseconds) the key used to sign the express_sid cookie
|
||||||
|
* should be rotated. Long rotation intervals reduce signature verification
|
||||||
|
* overhead (because there are fewer historical keys to check) and database
|
||||||
|
* load (fewer historical keys to store, and less frequent queries to
|
||||||
|
* get/update the keys). Short rotation intervals are slightly more secure.
|
||||||
|
*
|
||||||
|
* Multiple Etherpad processes sharing the same database (table) is
|
||||||
|
* supported as long as the clock sync error is significantly less than this
|
||||||
|
* value.
|
||||||
|
*
|
||||||
|
* Key rotation can be disabled (not recommended) by setting this to 0 or
|
||||||
|
* null, or by disabling session expiration (see sessionLifetime).
|
||||||
|
*/
|
||||||
|
"keyRotationInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Value of the SameSite cookie property. "Lax" is recommended unless
|
||||||
|
* Etherpad will be embedded in an iframe from another site, in which case
|
||||||
|
* this must be set to "None". Note: "None" will not work (the browser will
|
||||||
|
* not send the cookie to Etherpad) unless https is used to access Etherpad
|
||||||
|
* (either directly or via a reverse proxy with "trustProxy" set to true).
|
||||||
|
*
|
||||||
|
* "Strict" is not recommended because it has few security benefits but
|
||||||
|
* significant usability drawbacks vs. "Lax". See
|
||||||
|
* https://stackoverflow.com/q/41841880 for discussion.
|
||||||
|
*/
|
||||||
|
"sameSite": "Lax",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* How long (in milliseconds) after navigating away from Etherpad before the
|
||||||
|
* user is required to log in again. (The express_sid cookie is set to
|
||||||
|
* expire at time now + sessionLifetime when first created, and its
|
||||||
|
* expiration time is periodically refreshed to a new now + sessionLifetime
|
||||||
|
* value.) If requireAuthentication is false then this value does not really
|
||||||
|
* matter.
|
||||||
|
*
|
||||||
|
* The "best" value depends on your users' usage patterns and the amount of
|
||||||
|
* convenience you desire. A long lifetime is more convenient (users won't
|
||||||
|
* have to log back in as often) but has some drawbacks:
|
||||||
|
* - It increases the amount of state kept in the database.
|
||||||
|
* - It might weaken security somewhat: The cookie expiration is refreshed
|
||||||
|
* indefinitely without consulting authentication or authorization
|
||||||
|
* hooks, so once a user has accessed a pad, the user can continue to
|
||||||
|
* use the pad until the user leaves for longer than sessionLifetime.
|
||||||
|
* - More historical keys (sessionLifetime / keyRotationInterval) must be
|
||||||
|
* checked when verifying signatures.
|
||||||
|
*
|
||||||
|
* Session lifetime can be set to infinity (not recommended) by setting this
|
||||||
|
* to null or 0. Note that if the session does not expire, most browsers
|
||||||
|
* will delete the cookie when the browser exits, but a session record is
|
||||||
|
* kept in the database forever.
|
||||||
|
*/
|
||||||
|
"sessionLifetime": 864000000, // = 10d * 24h/d * 60m/h * 60s/m * 1000ms/s
|
||||||
|
|
||||||
|
/*
|
||||||
|
* How long (in milliseconds) before the expiration time of an active user's
|
||||||
|
* session is refreshed (to now + sessionLifetime). This setting affects the
|
||||||
|
* following:
|
||||||
|
* - How often a new session expiration time will be written to the
|
||||||
|
* database.
|
||||||
|
* - How often each user's browser will ping the Etherpad server to
|
||||||
|
* refresh the expiration time of the session cookie.
|
||||||
|
*
|
||||||
|
* High values reduce the load on the database and the load from browsers,
|
||||||
|
* but can shorten the effective session lifetime if Etherpad is restarted
|
||||||
|
* or the user navigates away.
|
||||||
|
*
|
||||||
|
* Automatic session refreshes can be disabled (not recommended) by setting
|
||||||
|
* this to null.
|
||||||
|
*/
|
||||||
|
"sessionRefreshInterval": 86400000, // = 1d * 24h/d * 60m/h * 60s/m * 1000ms/s
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Whether to periodically clean up expired and stale sessions from the
|
||||||
|
* database. Set to false to disable. Default: true.
|
||||||
|
*/
|
||||||
|
"sessionCleanup": true
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Privacy: disable IP logging
|
||||||
|
*/
|
||||||
|
"disableIPlogging": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Time (in seconds) to automatically reconnect pad when a "Force reconnect"
|
||||||
|
* message is shown to user.
|
||||||
|
*
|
||||||
|
* Set to 0 to disable automatic reconnection.
|
||||||
|
*/
|
||||||
|
"automaticReconnectionTimeout": 0,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* By default, when caret is moved out of viewport, it scrolls the minimum
|
||||||
|
* height needed to make this line visible.
|
||||||
|
*/
|
||||||
|
"scrollWhenFocusLineIsOutOfViewport": {
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Percentage of viewport height to be additionally scrolled.
|
||||||
|
*
|
||||||
|
* E.g.: use "percentage.editionAboveViewport": 0.5, to place caret line in
|
||||||
|
* the middle of viewport, when user edits a line above of the
|
||||||
|
* viewport
|
||||||
|
*
|
||||||
|
* Set to 0 to disable extra scrolling
|
||||||
|
*/
|
||||||
|
"percentage": {
|
||||||
|
"editionAboveViewport": 0,
|
||||||
|
"editionBelowViewport": 0
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Time (in milliseconds) used to animate the scroll transition.
|
||||||
|
* Set to 0 to disable animation
|
||||||
|
*/
|
||||||
|
"duration": 0,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Flag to control if it should scroll when user places the caret in the
|
||||||
|
* last line of the viewport
|
||||||
|
*/
|
||||||
|
"scrollWhenCaretIsInTheLastLineOfViewport": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Percentage of viewport height to be additionally scrolled when user
|
||||||
|
* presses arrow up in the line of the top of the viewport.
|
||||||
|
*
|
||||||
|
* Set to 0 to let the scroll to be handled as default by Etherpad
|
||||||
|
*/
|
||||||
|
"percentageToScrollWhenUserPressesArrowUp": 0
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* User accounts. These accounts are used by:
|
||||||
|
* - default HTTP basic authentication if no plugin handles authentication
|
||||||
|
* - some but not all authentication plugins
|
||||||
|
* - some but not all authorization plugins
|
||||||
|
*
|
||||||
|
* User properties:
|
||||||
|
* - password: The user's password. Some authentication plugins will ignore
|
||||||
|
* this.
|
||||||
|
* - is_admin: true gives access to /admin. Defaults to false. If you do not
|
||||||
|
* uncomment this, /admin will not be available!
|
||||||
|
* - readOnly: If true, this user will not be able to create new pads or
|
||||||
|
* modify existing pads. Defaults to false.
|
||||||
|
* - canCreate: If this is true and readOnly is false, this user can create
|
||||||
|
* new pads. Defaults to true.
|
||||||
|
*
|
||||||
|
* Authentication and authorization plugins may define additional properties.
|
||||||
|
*
|
||||||
|
* WARNING: passwords should not be stored in plaintext in this file.
|
||||||
|
* If you want to mitigate this, please install ep_hash_auth and
|
||||||
|
* follow the section "secure your installation" in README.md
|
||||||
|
*/
|
||||||
|
|
||||||
|
"users": {
|
||||||
|
"admin": {
|
||||||
|
// 1) "password" can be replaced with "hash" if you install ep_hash_auth
|
||||||
|
// 2) please note that if password is null, the user will not be created
|
||||||
|
"password": "admin",
|
||||||
|
"is_admin": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Restrict socket.io transport methods
|
||||||
|
*/
|
||||||
|
"socketTransportProtocols" : ["websocket", "polling"],
|
||||||
|
|
||||||
|
"socketIo": {
|
||||||
|
/*
|
||||||
|
* Maximum permitted client message size (in bytes). This controls the
|
||||||
|
* maximum single-message size for socket.io and directly affects large
|
||||||
|
* paste operations. All messages from clients that are larger than this
|
||||||
|
* will be rejected. Large values make it possible to paste large amounts
|
||||||
|
* of text, and plugins may require a larger value to work properly, but
|
||||||
|
* increasing the value increases susceptibility to denial of service
|
||||||
|
* attacks (malicious clients can exhaust memory).
|
||||||
|
*
|
||||||
|
* 1MB accommodates large pastes while still preventing abuse.
|
||||||
|
*/
|
||||||
|
"maxHttpBufferSize": 1000000
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Allow Load Testing tools to hit the Etherpad Instance.
|
||||||
|
*
|
||||||
|
* WARNING: this will disable security on the instance.
|
||||||
|
*/
|
||||||
|
"loadTest": false,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Disable dump of objects preventing a clean exit
|
||||||
|
*/
|
||||||
|
"dumpOnUncleanExit": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Disable indentation on new line when previous line ends with some special
|
||||||
|
* chars (':', '[', '(', '{')
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
"indentationOnNewLine": false,
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* From Etherpad 1.8.3 onwards, import and export of pads is always rate
|
||||||
|
* limited.
|
||||||
|
*
|
||||||
|
* The default is to allow at most 10 requests per IP in a 90 seconds window.
|
||||||
|
* After that the import/export request is rejected.
|
||||||
|
*
|
||||||
|
* See https://github.com/nfriedly/express-rate-limit for more options
|
||||||
|
*/
|
||||||
|
"importExportRateLimiting": {
|
||||||
|
// duration of the rate limit window (milliseconds)
|
||||||
|
"windowMs": 90000,
|
||||||
|
|
||||||
|
// maximum number of requests per IP to allow during the rate limit window
|
||||||
|
"max": 10
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* From Etherpad 1.8.3 onwards, the maximum allowed size for a single imported
|
||||||
|
* file is always bounded.
|
||||||
|
*
|
||||||
|
* File size is specified in bytes. Default is 50 MB.
|
||||||
|
*/
|
||||||
|
"importMaxFileSize": 52428800, // 50 * 1024 * 1024
|
||||||
|
|
||||||
|
/*
|
||||||
|
The authentication method used by the server.
|
||||||
|
The default value is sso
|
||||||
|
If you want to use the old authentication system, change this to apikey
|
||||||
|
*/
|
||||||
|
"authenticationMethod": "${AUTHENTICATION_METHOD:sso}",
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Allow setting dark mode for the enduser. This is so if the user has preferred dark mode in their browser, Etherpad will respect that.
|
||||||
|
* Of course this overrides all the skin variants and the skinName set by the administrator.
|
||||||
|
**/
|
||||||
|
"enableDarkMode": "${ENABLE_DARK_MODE:true}",
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enable creator-owned Pad-wide Settings and new-pad default seeding from My View.
|
||||||
|
* Disabled by default to preserve the legacy single-settings behavior.
|
||||||
|
**/
|
||||||
|
"enablePadWideSettings": "${ENABLE_PAD_WIDE_SETTINGS:false}",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited
|
||||||
|
*
|
||||||
|
* The default is to allow at most 10 changes per IP in a 1 second window.
|
||||||
|
* After that the change is rejected.
|
||||||
|
*
|
||||||
|
* See https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#websocket-single-connection-prevent-flooding for more options
|
||||||
|
*/
|
||||||
|
"commitRateLimiting": {
|
||||||
|
// duration of the rate limit window (seconds)
|
||||||
|
"duration": 1,
|
||||||
|
|
||||||
|
// maximum number of changes per IP to allow during the rate limit window
|
||||||
|
"points": 10
|
||||||
|
},
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Toolbar buttons configuration.
|
||||||
|
*
|
||||||
|
* Uncomment to customize.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
"toolbar": {
|
||||||
|
"left": [
|
||||||
|
["bold", "italic", "underline", "strikethrough"],
|
||||||
|
["orderedlist", "unorderedlist", "indent", "outdent"],
|
||||||
|
["undo", "redo"],
|
||||||
|
["clearauthorship"]
|
||||||
|
],
|
||||||
|
"right": [
|
||||||
|
["importexport", "timeslider", "savedrevision"],
|
||||||
|
["settings", "embed", "home"],
|
||||||
|
["showusers"]
|
||||||
|
],
|
||||||
|
"timeslider": [
|
||||||
|
["timeslider_export", "timeslider_returnToPad"]
|
||||||
|
]
|
||||||
|
},
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Expose Etherpad version in the web interface and in the Server http header.
|
||||||
|
*
|
||||||
|
* Do not enable on production machines.
|
||||||
|
*/
|
||||||
|
"exposeVersion": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The log level we are using.
|
||||||
|
*
|
||||||
|
* Valid values: DEBUG, INFO, WARN, ERROR
|
||||||
|
*/
|
||||||
|
"loglevel": "INFO",
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The log layout type to use.
|
||||||
|
*
|
||||||
|
* Valid values: basic, colored
|
||||||
|
*/
|
||||||
|
"logLayoutType": "colored",
|
||||||
|
|
||||||
|
/* Override any strings found in locale directories */
|
||||||
|
"customLocaleStrings": {},
|
||||||
|
|
||||||
|
/* Disable Admin UI tests */
|
||||||
|
"enableAdminUITests": false,
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Enable/Disable case-insensitive pad names.
|
||||||
|
*/
|
||||||
|
"lowerCasePadIds": false,
|
||||||
|
|
||||||
|
"sso": {
|
||||||
|
"issuer": "${SSO_ISSUER:http://localhost:9001}",
|
||||||
|
"clients": [
|
||||||
|
{
|
||||||
|
"client_id": "${ADMIN_CLIENT:admin_client}",
|
||||||
|
"client_secret": "${ADMIN_SECRET:admin}",
|
||||||
|
"grant_types": ["authorization_code"],
|
||||||
|
"response_types": ["code"],
|
||||||
|
"redirect_uris": ["${ADMIN_REDIRECT:http://localhost:9001/admin/}"]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"client_id": "${USER_CLIENT:user_client}",
|
||||||
|
"client_secret": "${USER_SECRET:user}",
|
||||||
|
"grant_types": ["authorization_code"],
|
||||||
|
"response_types": ["code"],
|
||||||
|
"redirect_uris": ["${USER_REDIRECT:http://localhost:9001/}"]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Set the time to live for the tokens
|
||||||
|
This is the time of seconds a user is logged into Etherpad
|
||||||
|
"ttl": {
|
||||||
|
"AccessToken": 3600,
|
||||||
|
"AuthorizationCode": 600,
|
||||||
|
"ClientCredentials": 3600,
|
||||||
|
"IdToken": 3600,
|
||||||
|
"RefreshToken": 86400
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
}
|
||||||
@@ -0,0 +1,26 @@
|
|||||||
|
server {
|
||||||
|
server_name docs.joeac.net;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:9001;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
listen 443 ssl; # managed by Certbot
|
||||||
|
ssl_certificate /etc/letsencrypt/live/docs.joeac.net/fullchain.pem; # managed by Certbot
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/docs.joeac.net/privkey.pem; # managed by Certbot
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
if ($host = docs.joeac.net) {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
} # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
|
server_name docs.joeac.net;
|
||||||
|
listen 80;
|
||||||
|
return 404; # managed by Certbot
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user