docker updates

Author: marcelfolaron

.idea/aws.xml

@@ -37,7 +37,7 @@ RUN apk add --no-cache \
 ## Installing extensions ##
 # Running in a single command is worse for caching/build failures, but far better for image size
 RUN docker-php-ext-install \
-    mysqli pdo_mysql mbstring exif pcntl pdo bcmath opcache ldap zip  \
+    mysqli pdo_mysql mbstring exif pcntl pdo bcmath opcache ldap zip \
     && \
     docker-php-ext-enable zip \
     && \

Dockerfile

@@ -0,0 +1,2 @@
+# Run Leantime scheduler every minute
+* * * * * php /var/www/html/bin/leantime schedule:run >> /var/log/cron.log 2>&1

config/crontab

@@ -1,6 +1,7 @@
 [supervisord]
 nodaemon=true
-logfile=/var/tmp/supervisor.log
+logfile=/dev/stdout
+loglevel=info
 logfile_maxbytes=0
 pidfile=/run/supervisord.pid
 
@@ -22,3 +23,9 @@ autorestart=true
 priority=10
 startretries=1
 numprocs=1
+
+[program:cron]
+command=/usr/sbin/crond -f -l 8
+autostart=true
+autorestart=true
+priority=20

config/supervisord.conf

@@ -12,7 +12,6 @@ services:
       - leantime-net
     command: --character-set-server=UTF8MB4 --collation-server=UTF8MB4_unicode_ci
 
-
   leantime:
     image: leantime/leantime:latest
     container_name: leantime

docker-compose.yml

@@ -29,17 +29,21 @@ LEAN_DB_PORT = '3306'                              # Database port
 LEAN_SITENAME = 'Leantime'                         # Name of your site, can be changed later
 LEAN_LANGUAGE = 'en-US'                            # Default language
 LEAN_DEFAULT_TIMEZONE = 'America/Los_Angeles'      # Set default timezone
-LEAN_ENABLE_MENU_TYPE = false                      # Enable to specifiy menu on a project by project basis
-LEAN_SESSION_PASSWORD = '3evBlq9zdUEuzKvVJHWWx3QzsQhturBApxwcws2m'  #Salting sessions. Replace with a strong password
+LEAN_LOG_PATH = ''                                 # Default Log Path (including filename), if not set /logs/error.log will be used
+LEAN_DISABLE_LOGIN_FORM = false                    # If true then don't show the login form (useful only if additional auth method[s] are available)
+
+## Session Management
+LEAN_SESSION_PASSWORD = '3evBlq9zdUEuzKvVJHWWx3QzsQhturBApxwcws2m'  # Salting sessions, replace with a strong password
 LEAN_SESSION_EXPIRATION = 28800                    # How many seconds after inactivity should we logout?  28800seconds = 8hours
-LEAN_LOG_PATH = null                               # Default Log Path (including filename), if not set /logs/error.log will be used
+LEAN_SESSION_SECURE = false                        # Cookies only served via https
 
 ## Look & Feel, these settings are available in the UI and can be overwritten there.
-LEAN_LOGO_PATH = '/images/logo.svg'                # Default logo path, can be changed later
-LEAN_PRINT_LOGO_URL = '/images/logo.jpg'           # Default logo URL use for printing (must be jpg or png format)
+LEAN_LOGO_PATH = '/dist/images/logo.svg'           # Default logo path, can be changed later
+LEAN_PRINT_LOGO_URL = '/dist/images/logo.png'      # Default logo URL use for printing (must be jpg or png format)
 LEAN_DEFAULT_THEME = 'default'                     # Default theme
-LEAN_PRIMARY_COLOR = '#1b75bb'                     # Primary Theme color
-LEAN_SECONDARY_COLOR = '#81B1A8'                   # Secondary Theme Color
+LEAN_PRIMARY_COLOR = '#006d9f'                     # Primary Theme color
+LEAN_SECONDARY_COLOR =' #00a886'                   # Secondary Theme Color
+
 
 ## Fileuploads
 
@@ -48,14 +52,14 @@ LEAN_USER_FILE_PATH = 'userfiles/'                 # Local relative path to stor
 LEAN_DB_BACKUP_PATH = 'backupdb/'                  # Local relative path to store backup files, need permission to write
 
 # S3 File Uploads
-# LEAN_USE_S3 = false                              # Set to true if you want to use S3 instead of local files
-# LEAN_S3_KEY = ''                                 # S3 Key
-# LEAN_S3_SECRET = ''                              # S3 Secret
-# LEAN_S3_BUCKET = ''                              # Your S3 bucket
-# LEAN_S3_USE_PATH_STYLE_ENDPOINT = false          # Sets the endpoint style: false => https://[bucket].[endpoint] ; true => https://[endpoint]/[bucket]
-# LEAN_S3_REGION = ''                              # S3 region
-# LEAN_S3_FOLDER_NAME = ''                         # Foldername within S3 (can be emtpy)
-# LEAN_S3_END_POINT = null                         # S3 EndPoint S3 Compatible (https://sfo2.digitaloceanspaces.com)
+LEAN_USE_S3 = false                                # Set to true if you want to use S3 instead of local files
+LEAN_S3_KEY = ''                                   # S3 Key
+LEAN_S3_SECRET = ''                                # S3 Secret
+LEAN_S3_BUCKET = ''                                # Your S3 bucket
+LEAN_S3_USE_PATH_STYLE_ENDPOINT = false            # Sets the endpoint style: false => https://[bucket].[endpoint] ; true => https://[endpoint]/[bucket]
+LEAN_S3_REGION = ''                                # S3 region
+LEAN_S3_FOLDER_NAME = ''                           # Foldername within S3 (can be empty)
+LEAN_S3_END_POINT = null                           # S3 EndPoint S3 Compatible (https://sfo2.digitaloceanspaces.com)
 
 ## Email
 LEAN_EMAIL_RETURN = ''                             # Return email address, needs to be valid email address format
@@ -69,73 +73,87 @@ LEAN_EMAIL_SMTP_SECURE = ''                        # SMTP Security protocol (usu
 LEAN_EMAIL_SMTP_SSLNOVERIFY = false                # SMTP Allow insecure SSL: Don't verify certificate, accept self-signed, etc.
 LEAN_EMAIL_SMTP_PORT = ''                          # Port (usually one of 25, 465, 587, 2526)
 
-## Ldap
-# LEAN_LDAP_USE_LDAP = false                       # Set to true if you want to use LDAP
-# LEAN_LDAP_LDAP_TYPE = 'OL'                       # Select the correct directory type. Currently Supported: OL - OpenLdap, AD - Active Directory
-# LEAN_LDAP_HOST = ''                              # FQDN
-# LEAN_LDAP_PORT = 389                             # Default Port
-# LEAN_LDAP_DN = ''                                # Location of users, example: CN=users,DC=example,DC=com
-
+## LDAP
+LEAN_LDAP_USE_LDAP = false                         # Set to true if you want to use LDAP
+LEAN_LDAP_LDAP_DOMAIN = ''                         # Domain name after username@ so users can login without domain definition
+LEAN_LDAP_LDAP_TYPE = 'OL'                         # Select the correct directory type. Currently Supported: OL - OpenLdap, AD - Active Directory
+LEAN_LDAP_HOST = ''                                # FQDN
+LEAN_LDAP_PORT = 389                               # Default Port
+LEAN_LDAP_URI = ''                                 # LDAP URI as alternative to hostname and port. Uses ldap://hostname:port
+LEAN_LDAP_DN = ''                                  # Location of users, example: CN=users,DC=example,DC=com
                                                    # Leantime->Ldap attribute mapping
-# LEAN_LDAP_KEYS="{
-#         \"username\":\"uid\",
-#         \"groups\":\"memberOf\",
-#         \"email\":\"mail\",
-#         \"firstname\":\"displayname\",
-#         \"lastname\":\"\",
-#         \"phonenumber\":\"telephoneNumber\"
-# }"
+LEAN_LDAP_KEYS="{
+        \"username\":\"uid\",
+        \"groups\":\"memberOf\",
+        \"email\":\"mail\",
+        \"firstname\":\"displayname\",
+        \"lastname\":\"\",
+        \"phone\":\"telephoneNumber\",
+        \"jobTitle\":\"title\"
+        \"jobLevel\":\"level\"
+        \"department\":\"department\"
+
+}"
 
 # For AD use these default attributes
 # LEAN_LDAP_KEYS="{
 #        \"username\":\"cn\",
-#        \"groups\":\"memberof\",
+#        \"groups\":\"memberOf\",
 #        \"email\":\"mail\",
-#        \"firstname\":\"givenname\",
+#        \"firstname\":\"givenName\",
 #        \"lastname\":\"sn\",
-#        \"phonenumber\":\"telephoneNumber\"
+#        \"phone\":\"telephoneNumber\",
+#        \"jobTitle\":\"title\"
+#        \"jobLevel\":\"level\"
+#        \"department\":\"department\"
 #      }"
 
-# LEAN_LDAP_DEFAULT_ROLE_KEY = 20                 # Default Leantime Role on creation. (set to editor)
+LEAN_LDAP_DEFAULT_ROLE_KEY = 20;                   # Default Leantime Role on creation. (set to editor)
 
 # Default role assignments upon first login.
-# (Optional) Can be updated later in user settings for each user
-# LEAN_LDAP_GROUP_ASSIGNMENT="{
-#                \"5\": {
-#                  \"ltRole\":\"readonly\",
-#                  \"ldapRole\":\"readonly\"
-#                },
-#                \"10\": {
-#                  \"ltRole\":\"commenter\",
-#                   \"ldapRole\":\"commenter\"
-#                },
-#                \"20\": {
-#                  \"ltRole\":\"editor\",
-#                   \"ldapRole\":\"editor\"
-#                },
-#                \"30\": {
-#                  \"ltRole\":\"manager\",
-#                   \"ldapRole\":\"manager\"
-#                },
-#                \"40\": {
-#                  \"ltRole\":\"admin\",
-#                   \"ldapRole\":\"administrators\"
-#                },
-#                \"50\": {
-#                  \"ltRole\":\"owner\",
-#                  \"ldapRole\":\"administrators\"
-#                }
-# }"
+# optional - Can be updated later in user settings for each user
+LEAN_LDAP_GROUP_ASSIGNMENT="{
+               \"5\": {
+                 \"ltRole\":\"readonly\",
+                 \"ldapRole\":\"readonly\"
+               },
+               \"10\": {
+                 \"ltRole\":\"commenter\",
+                  \"ldapRole\":\"commenter\"
+               },
+               \"20\": {
+                 \"ltRole\":\"editor\",
+                  \"ldapRole\":\"editor\"
+               },
+               \"30\": {
+                 \"ltRole\":\"manager\",
+                  \"ldapRole\":\"manager\"
+               },
+               \"40\": {
+                 \"ltRole\":\"admin\",
+                  \"ldapRole\":\"administrators\"
+               },
+               \"50\": {
+                 \"ltRole\":\"owner\",
+                 \"ldapRole\":\"administrators\"
+               }
+}"
 
 ## OpenID Connect
 # required
-# LEAN_OIDC_ENABLE = false
-# LEAN_OIDC_CLIENT_ID =
-# LEAN_OIDC_CLIENT_SECRET =
+LEAN_OIDC_ENABLE = false
+LEAN_OIDC_CLIENT_ID =
+LEAN_OIDC_CLIENT_SECRET =
 
-# required - the url for your provider (examples down below)
+# required - the URL for your provider (examples down below)
 #LEAN_OIDC_PROVIDER_URL =
 
+#Create User if it doesn't exist in Leantime db, otherwise fail login
+LEAN_OIDC_CREATE_USER = false
+
+# Default role for users created via OIDC (20 is editor)
+LEAN_OIDC_DEFAULT_ROLE = 20
+
 # optional - these will be read from the well-known configuration if possible
 #LEAN_OIDC_AUTH_URL_OVERRIDE =
 #LEAN_OIDC_TOKEN_URL_OVERRIDE =
@@ -153,12 +171,32 @@ LEAN_EMAIL_SMTP_PORT = ''                          # Port (usually one of 25, 46
 #LEAN_OIDC_FIELD_EMAIL =
 #LEAN_OIDC_FIELD_FIRSTNAME =
 #LEAN_OIDC_FIELD_LASTNAME =
+#LEAN_OIDC_FIELD_PHONE =
+#LEAN_OIDC_FIELD_JOBTITLE =
+#LEAN_OIDC_FIELD_JOBLEVEL=
+#LEAN_OIDC_FIELD_DEPARTMENT =
 
-## OpenID Connect setting for github
+## OpenID Connect setting for GitHub
 #LEAN_OIDC_PROVIDER_URL = https://token.actions.githubusercontent.com/
 #LEAN_OIDC_AUTH_URL_OVERRIDE = https://github.com/login/oauth/authorize
 #LEAN_OIDC_TOKEN_URL_OVERRIDE = https://github.com/login/oauth/access_token
 #LEAN_OIDC_USERINFO_URL_OVERRIDE = https://api.github.com/user,https://api.github.com/user/emails
-#LEAN_OIDC_SCOPES = user:email
+#LEAN_OIDC_SCOPES = user:email,read:user
 #LEAN_OIDC_FIELD_EMAIL = 0.email
+#LEAN_OIDC_FIELD_FIRSTNAME = name
+
+
+## Redis (for session storage and cache)
+LEAN_USE_REDIS = false                             # Set to true to use redis as session cache
+LEAN_REDIS_URL = ''                                # Add URL path such as tcp://1.2.3.4:6379. If you are using a password, add ?auth=yourverycomplexpasswordhere to your URL
+LEAN_REDIS_HOST = ''
+LEAN_REDIS_PORT = 6379
+LEAN_REDIS_PASSWORD = ''
+LEAN_REDIS_SCHEME = ''
+
+## Rate limiting
+LEAN_RATELIMIT_GENERAL = 1000
+LEAN_RATELIMIT_API = 10
+LEAN_RATELIMIT_AUTH = 20
+