为了防止信息泄露,无法使用在线笔记平台,但又需要做笔记,因此,本地使用docker部署了一下outline平台,这里做个记录。
环境
- mac sonoma 14.2
- docker
1. outline初始化
本文使用docker部署,无关架构和系统,因此,最主要的是outline的配置文件,全文也是围绕这个展开
1.1 新建docker compose配置文件
在本地任意位置新建文件夹outline
,在文件夹中新建文件docker-compose.yml
,按照官网教程粘贴以下配置:
version: "3.2"
services:
outline:
image: docker.getoutline.com/outlinewiki/outline:latest
env_file: ./docker.env
ports:
- "3000:3000"
volumes:
- storage-data:/var/lib/outline/data
depends_on:
- postgres
- redis
redis:
image: redis
env_file: ./docker.env
ports:
- "6379:6379"
volumes:
- ./redis.conf:/redis.conf
command: ["redis-server", "/redis.conf"]
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 30s
retries: 3
postgres:
image: postgres
env_file: ./docker.env
ports:
- "5432:5432"
volumes:
- database-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD", "pg_isready", "-d", "outline", "-U", "user"]
interval: 30s
timeout: 20s
retries: 3
environment:
POSTGRES_USER: 'user'
POSTGRES_PASSWORD: 'pass'
POSTGRES_DB: 'outline'
https-portal:
image: steveltn/https-portal
env_file: ./docker.env
ports:
- '80:80'
- '443:443'
links:
- outline
restart: always
volumes:
- https-portal-data:/var/lib/https-portal
healthcheck:
test: ["CMD", "service", "nginx", "status"]
interval: 30s
timeout: 20s
retries: 3
environment:
DOMAINS: 'docs.mycompany.com -> http://outline:3000'
STAGE: 'production'
WEBSOCKET: 'true'
CLIENT_MAX_BODY_SIZE: '0'
volumes:
https-portal-data:
storage-data:
database-data:
1.2 新建docker.env配置文件
新建配置文件docker.env
,填入官网给的样例内容:
# –––––––––––––––– REQUIRED ––––––––––––––––
NODE_ENV=production
# Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32`
# in your terminal to generate a random value.
SECRET_KEY=generate_a_new_key
# Generate a unique random key. The format is not important but you could still use
# `openssl rand -hex 32` in your terminal to produce this.
UTILS_SECRET=generate_a_new_key
# For production point these at your databases, in development the default
# should work out of the box.
DATABASE_URL=postgres://user:pass@localhost:5432/outline
DATABASE_CONNECTION_POOL_MIN=
DATABASE_CONNECTION_POOL_MAX=
# Uncomment this to disable SSL for connecting to Postgres
# PGSSLMODE=disable
# For redis you can either specify an ioredis compatible url like this
REDIS_URL=redis://localhost:6379
# or alternatively, if you would like to provide additional connection options,
# use a base64 encoded JSON connection option object. Refer to the ioredis documentation
# for a list of available options.
# Example: Use Redis Sentinel for high availability
# {"sentinels":[{"host":"sentinel-0","port":26379},{"host":"sentinel-1","port":26379}],"name":"mymaster"}
# REDIS_URL=ioredis://eyJzZW50aW5lbHMiOlt7Imhvc3QiOiJzZW50aW5lbC0wIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InNlbnRpbmVsLTEiLCJwb3J0IjoyNjM3OX1dLCJuYW1lIjoibXltYXN0ZXIifQ==
# URL should point to the fully qualified, publicly accessible URL. If using a
# proxy the port in URL and PORT may be different.
URL=
PORT=3000
# See [documentation](docs/SERVICES.md) on running a separate collaboration
# server, for normal operation this does not need to be set.
COLLABORATION_URL=
# Specify what storage system to use. Possible value is one of "s3" or "local".
# For "local", the avatar images and document attachments will be saved on local disk.
FILE_STORAGE=local
# If "local" is configured for FILE_STORAGE above, then this sets the parent directory under
# which all attachments/images go. Make sure that the process has permissions to create
# this path and also to write files to it.
FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data
# Maximum allowed size for the uploaded attachment.
FILE_STORAGE_UPLOAD_MAX_SIZE=262144000
# Override the maximum size of document imports, generally this should be lower
# than the document attachment maximum size.
FILE_STORAGE_IMPORT_MAX_SIZE=
# Override the maximum size of workspace imports, these can be especially large
# and the files are temporary being automatically deleted after a period of time.
FILE_STORAGE_WORKSPACE_IMPORT_MAX_SIZE=
# To support uploading of images for avatars and document attachments in a distributed
# architecture an s3-compatible storage can be configured if FILE_STORAGE=s3 above.
AWS_ACCESS_KEY_ID=get_a_key_from_aws
AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key
AWS_REGION=xx-xxxx-x
AWS_S3_ACCELERATE_URL=
AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569
AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here
AWS_S3_FORCE_PATH_STYLE=true
AWS_S3_ACL=private
# –––––––––––––– AUTHENTICATION ––––––––––––––
# Third party signin credentials, at least ONE OF EITHER Google, Slack,
# or Microsoft is required for a working installation or you'll have no sign-in
# options.
# To configure Slack auth, you'll need to create an Application at
# => https://api.slack.com/apps
#
# When configuring the Client ID, add a redirect URL under "OAuth & Permissions":
# https://<URL>/auth/slack.callback
SLACK_CLIENT_ID=get_a_key_from_slack
SLACK_CLIENT_SECRET=get_the_secret_of_above_key
# To configure Google auth, you'll need to create an OAuth Client ID at
# => https://console.cloud.google.com/apis/credentials
#
# When configuring the Client ID, add an Authorized redirect URI:
# https://<URL>/auth/google.callback
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# To configure Microsoft/Azure auth, you'll need to create an OAuth Client. See
# the guide for details on setting up your Azure App:
# => https://wiki.generaloutline.com/share/dfa77e56-d4d2-4b51-8ff8-84ea6608faa4
AZURE_CLIENT_ID=
AZURE_CLIENT_SECRET=
AZURE_RESOURCE_APP_ID=
# To configure generic OIDC auth, you'll need some kind of identity provider.
# See documentation for whichever IdP you use to acquire the following info:
# Redirect URI is https://<URL>/auth/oidc.callback
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_AUTH_URI=
OIDC_TOKEN_URI=
OIDC_USERINFO_URI=
OIDC_LOGOUT_URI=
# Specify which claims to derive user information from
# Supports any valid JSON path with the JWT payload
OIDC_USERNAME_CLAIM=preferred_username
# Display name for OIDC authentication
OIDC_DISPLAY_NAME=OpenID Connect
# Space separated auth scopes.
OIDC_SCOPES=openid profile email
# To configure the GitHub integration, you'll need to create a GitHub App at
# => https://github.com/settings/apps
#
# When configuring the Client ID, add a redirect URL under "Permissions & events":
# https://<URL>/api/github.callback
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
GITHUB_APP_NAME=
GITHUB_APP_ID=
GITHUB_APP_PRIVATE_KEY=
# –––––––––––––––– OPTIONAL ––––––––––––––––
# Base64 encoded private key and certificate for HTTPS termination. This is only
# required if you do not use an external reverse proxy. See documentation:
# https://wiki.generaloutline.com/share/1c922644-40d8-41fe-98f9-df2b67239d45
SSL_KEY=
SSL_CERT=
# If using a Cloudfront/Cloudflare distribution or similar it can be set below.
# This will cause paths to javascript, stylesheets, and images to be updated to
# the hostname defined in CDN_URL. In your CDN configuration the origin server
# should be set to the same as URL.
CDN_URL=
# Auto-redirect to https in production. The default is true but you may set to
# false if you can be sure that SSL is terminated at an external loadbalancer.
FORCE_HTTPS=true
# Have the installation check for updates by sending anonymized statistics to
# the maintainers
ENABLE_UPDATES=true
# How many processes should be spawned. As a reasonable rule divide your servers
# available memory by 512 for a rough estimate
WEB_CONCURRENCY=1
# You can remove this line if your reverse proxy already logs incoming http
# requests and this ends up being duplicative
DEBUG=http
# Configure lowest severity level for server logs. Should be one of
# error, warn, info, http, verbose, debug and silly
LOG_LEVEL=info
# For a complete Slack integration with search and posting to channels the
# following configs are also needed, some more details
# => https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
#
SLACK_VERIFICATION_TOKEN=your_token
SLACK_APP_ID=A0XXXXXXX
SLACK_MESSAGE_ACTIONS=true
# Optionally enable Sentry (sentry.io) to track errors and performance,
# and optionally add a Sentry proxy tunnel for bypassing ad blockers in the UI:
# https://docs.sentry.io/platforms/javascript/troubleshooting/#using-the-tunnel-option)
SENTRY_DSN=
SENTRY_TUNNEL=
# To support sending outgoing transactional emails such as "document updated" or
# "you've been invited" you'll need to provide authentication for an SMTP server
SMTP_HOST=
SMTP_PORT=
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM_EMAIL=
SMTP_REPLY_EMAIL=
SMTP_TLS_CIPHERS=
SMTP_SECURE=true
# The default interface language. See translate.getoutline.com for a list of
# available language codes and their rough percentage translated.
DEFAULT_LANGUAGE=en_US
# Optionally enable rate limiter at application web server
RATE_LIMITER_ENABLED=true
# Configure default throttling parameters for rate limiter
RATE_LIMITER_REQUESTS=1000
RATE_LIMITER_DURATION_WINDOW=60
# Iframely API config
IFRAMELY_URL=
IFRAMELY_API_KEY=
1.3 修改docker.env配置
对于上述docker.env
配置,首先设置SECRET_KEY
和UTILS_SECRET
。连续两次运行以下命令:
openssl rand -hex 32
将两次运行结果分别填入SECRET_KEY和UTILS_SECRET,例如:
SECRET_KEY=1da91ea4aed550f701150e54ccd911614c6bbadd5328df9958b5b078d5eed71b
UTILS_SECRET=e2ea8a49f8b80d5c246eb23eade0599c40abee09a770036c7f89daf7b30e6071
其他配置更改待后续分步骤进行。
2. 数据库初始化
2.1 数据库配置更改
更改docker.env
的配置DATABASE_URL
和REDIS_URL
,使outline能够直接访问到数据库(否则启动outline时会报错connection refused
):
DATABASE_URL=postgres://user:pass@postgres:5432/outline
REDIS_URL=redis://redis:6379
2.2 初始化数据库
在outline目录下,执行命令初始化数据库:
docker compose run --rm outline yarn db:create --env=production-ssl-disabled
3. Oauth配置
outline登录需要通过第三方Oauth认证,该认证可以任选Slack、Google、Microsoft等进行,本文选择了slack。
3.1 配置Slack Oauth认证
- 进入到slack官网,点击右上角的
your apps
:
- 点击右上角的
Create New App
新建app:
- 点击app的名称,进入到app管理界面,在
Basic Information
中,找到Client ID
和Client Secret
,分别复制保存:
- 点击
Oauth&Permissions
,找到Redirect URLs
,点击Add New Redirect URL
,填入形如https://wiki.xxx.xxx:port/auth/slack.callback
的url(其中,xxx.xxx
为自己的域名(如果没有,可以花几块钱去买一个);port
为想要outline运行的端口,默认为3000。本文由于端口被占用,因此采用了8799(该更改需要同步到docker-compose.yml
文件中),然后点击Save URLs
:
3.2 配置docker.env
- 编辑
docker.env
,将上一段步骤3中的Client ID
和Client Secret
分别填入字段SLACK_CLIENT_ID
和SLACK_CLIENT_SECRET
- 编辑
docker.env
,依据上一段步骤4中的设置,填入字段:
URL=https://wiki.xxx.xxx:8799
PORT=8799
COLLABORATION_URL=https://wiki.xxx.xxx:8799
IFRAMELY_URL=https://wiki.xxx.xxx:8799
4. 域名解析配置
在上文中,使用到了wiki.xxx.xxx
作为outline访问的地址,为了能够本地访问,因此,需要给子域名wiki
配置解析A记录127.0.0.1
。本文使用的域名在阿里云购入,因此,打开其控制台,找到自己的域名解析记录,点击添加记录:
5. https证书配置
由于slack的Oauth认证需要https
,因此,需要为域名wiki.xxx.xxx
设置SSL证书,这里使用腾讯云申请免费的SSL证书。
- 登录腾讯云后,进入证书管理页面,点击申请免费证书:
在弹窗中再次点击申请免费证书:
- 填入申请的域名和自己的邮箱(通知用),点击
提交申请,进行域名验证
:
-
根据页面上的解析记录显示,在自己的域名解析处新增解析记录,完成后点击验证域名:
- 验证成功后,等待10分钟左右,即可收到短信或邮箱通知SSL证书已签发
- 进入到证书管理页面,点击
下载
,选择nginx
进行下载:
- 将下载的证书解压,并对其中的
wiki.xxx.xxx_bundle.pem
和wiki.xxx.xxx.key
重命名为public.pem
和private.key
,将重命名后的文件复制到outline
目录下 - 编辑
docker-compose.yml
文件,更改其中的outline配置为(其中的ports
为上文自定义的port,默认为3000):
outline:
image: docker.getoutline.com/outlinewiki/outline:latest
env_file: ./docker.env
ports:
- "8799:8799"
volumes:
- storage-data:/var/lib/outline/data
- type: bind
source: ./private.key
target: /opt/outline/private.pem
read_only: true
- type: bind
source: ./public.pem
target: /opt/outline/public.pem
read_only: true
depends_on:
- postgres
- redis
6. 启动outline
- 进入到outline文件夹下,执行命令,启动outline:
docker compose up -d
- 待启动成功后,打开浏览器,输入域名
https://wiki.xxx.xxx:8799
,即可访问到本地的outline,点击首页正中央的蓝色登录按钮,即可自动登录,登录成功后页面如图所示:
至此,outline本地docker部署成功,点击右上角即可新建笔记