Direkt zum Hauptinhalt

Docker installation

Beschreibung:


Installation

Pakete installieren

apt install docker.io docker-compose apparmor apparmor-utils curl openssl

Verzeichnisse anlegen

mkdir /root/libresign/datadocumenso/certs
mkdir /root/libresign/Documenso/data-db

.env Datei anlegen

POSTGRES_USER=docuuser
POSTGRES_PASSWORD=docupass
POSTGRES_DB=documenso
PORT=3000
NEXTAUTH_URL=http://localhost
NEXTAUTH_SECRET=your-secret-key
NEXT_PRIVATE_ENCRYPTION_KEY=your-encryption-key
NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=your-secondary-encryption-key
NEXT_PRIVATE_GOOGLE_CLIENT_ID=your-google-client-id
NEXT_PRIVATE_GOOGLE_CLIENT_SECRET=your-google-client-secret
NEXT_PUBLIC_WEBAPP_URL=http://localhost
NEXT_PRIVATE_INTERNAL_WEBAPP_URL=http://localhost:3000
NEXT_PUBLIC_MARKETING_URL=https://documenso.com
NEXT_PRIVATE_DATABASE_URL=postgres://docuuser:docupass@database:5432/documenso
NEXT_PRIVATE_DIRECT_DATABASE_URL=postgres://docuuser:docupass@database:5432/documenso
NEXT_PUBLIC_UPLOAD_TRANSPORT=database
NEXT_PRIVATE_SMTP_TRANSPORT=smtp
NEXT_PRIVATE_SMTP_HOST=smtp.example.com
NEXT_PRIVATE_SMTP_PORT=587
NEXT_PRIVATE_SMTP_USERNAME=smtp-user
NEXT_PRIVATE_SMTP_PASSWORD=smtp-password
NEXT_PRIVATE_SMTP_FROM_NAME=Documenso Support
NEXT_PRIVATE_SMTP_FROM_ADDRESS=support@documenso.com
NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=/opt/documenso/cert.p12
NEXT_PRIVATE_SIGNING_PASSPHRASE=signing-passphrase


Docker compose Datei anlegen

nano /root/libresign/docker-compose.yml

Inhalt

version: '3.8'

services:
  libresign:database:
    image: libresign/libresign:latest  # Verifizieren Sie das Image und Tag für LibreSign
    container_name: libresign
    ports: 
    - "80:80"postgres:15
    environment:
      - DATABASE_HOST=dbPOSTGRES_USER=${POSTGRES_USER:?err}
      - DATABASE_NAME=libresignPOSTGRES_PASSWORD=${POSTGRES_PASSWORD:?err}
      - DATABASE_USER=libreuserPOSTGRES_DB=${POSTGRES_DB:?err}
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U DATABASE_PASSWORD=librepass${POSTGRES_USER}']
      depends_on:interval: -10s
      dbtimeout: 5s
      retries: 5
    volumes:
      - ./.database-data:/app/var/lib/postgresql/data  # Speichert LibreSign-Daten imaußerhalb .data-Verzeichnisdes networks:Conta>

  - sign_network

  db:documenso:
    image: mariadb:documenso/documenso:latest
    container_name:depends_on:
      mariadb_libresigndatabase:
        condition: service_healthy
    environment:
      - MYSQL_ROOT_PASSWORD=rootpassPORT=${PORT:-3000}
      - MYSQL_DATABASE=libresignNEXTAUTH_URL=${NEXTAUTH_URL:-${NEXT_PUBLIC_WEBAPP_URL}}
      - MYSQL_USER=libreuserNEXTAUTH_SECRET=${NEXTAUTH_SECRET:?err}
      - MYSQL_PASSWORD=librepassNEXT_PRIVATE_ENCRYPTION_KEY=${NEXT_PRIVATE_ENCRYPTION_KEY:?err}
      - NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY:?>
      - NEXT_PRIVATE_GOOGLE_CLIENT_ID=${NEXT_PRIVATE_GOOGLE_CLIENT_ID}
      - NEXT_PRIVATE_GOOGLE_CLIENT_SECRET=${NEXT_PRIVATE_GOOGLE_CLIENT_SECRET}
      - NEXT_PUBLIC_WEBAPP_URL=${NEXT_PUBLIC_WEBAPP_URL:?err}
      - NEXT_PRIVATE_INTERNAL_WEBAPP_URL=${NEXT_PRIVATE_INTERNAL_WEBAPP_URL:-http://loc>
      - NEXT_PUBLIC_MARKETING_URL=${NEXT_PUBLIC_MARKETING_URL:-https://documenso.com}
      - NEXT_PRIVATE_DATABASE_URL=${NEXT_PRIVATE_DATABASE_URL:?err}
      - NEXT_PRIVATE_DIRECT_DATABASE_URL=${NEXT_PRIVATE_DIRECT_DATABASE_URL:-${NEXT_PRI>
      - NEXT_PUBLIC_UPLOAD_TRANSPORT=${NEXT_PUBLIC_UPLOAD_TRANSPORT:-database}
      #Diese Variablen werden nur benötigt wenn die Daten nicht in einer Datenbank sondern in einem S3
      #Bucket gespeichert werden sollen
      #- NEXT_PRIVATE_UPLOAD_ENDPOINT=${NEXT_PRIVATE_UPLOAD_ENDPOINT}
      #- NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE=${NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE}
      #- NEXT_PRIVATE_UPLOAD_REGION=${NEXT_PRIVATE_UPLOAD_REGION}
      #- NEXT_PRIVATE_UPLOAD_BUCKET=${NEXT_PRIVATE_UPLOAD_BUCKET}
      #- NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID=${NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID}
      #- NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY=${NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY}
      - NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT:?err}
      - NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST}
      - NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT}
      - NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME}
      - NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD}
      - NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME:?err}
      - NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS:?err}
      - NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/o>
      - NEXT_PRIVATE_SIGNING_PASSPHRASE=${NEXT_PRIVATE_SIGNING_PASSPHRASE}
    ports:
      - ${PORT:-3000}:${PORT:-3000}
    volumes:
      - ./.data-db:certs/cert.p12:/var/lib/mysqlopt/documenso/cert.p12  # SpeichertZertifikate MariaDB-Datenlokal im .data-db-Verzeichnis
    networks:
      - sign_network

networks:
  sign_network:
    driver: bridgespeichern

Zertifikat anlegen

Privaten 2048-Bit-RSA-Schlüssel erstellen

openssl genrsa -out cert.key 2048

Erstelle eine Zertifikatsignierungsanforderung (CSR)

openssl req -new -key cert.key -out cert.csr

Beantworte die Fragen (du kannst auch Platzhalter verwenden):

  • Country Name: Zwei-Buchstaben-Ländercode (z. B. DE)
  • State or Province: Bundesland oder Region
  • Locality: Stadt
  • Organization Name: Dein Unternehmens- oder Projektname
  • Organizational Unit Name: Abteilung (falls nicht zutreffend, leer lassen)
  • Common Name: Die Domain oder der Name (z. B. localhost oder example.com)
  • Email Address: Deine E-Mail-Adresse

Erstelle ein selbstsigniertes Zertifikat mit 100 Jahren Gültigkeit

openssl x509 -req -days 36500 -in cert.csr -signkey cert.key -out cert.crt

Konvertiere das Zertifikat in ein PKCS#12-Format, setzte deinen Namen, hier heißt es Documenso Certificat

openssl pkcs12 -export -out cert.p12 -inkey cert.key -in cert.crt -name "Documenso Certificate"

Du wirst aufgefordert, ein Passwort für die .p12-Datei festzulegen. Dieses Passwort musst du in der .env-Variable NEXT_PRIVATE_SIGNING_PASSPHRASE hinterlegen.

 

nach oben