diff --git a/.env b/.env index 28c50c9ed3..7cddb9563e 100644 --- a/.env +++ b/.env @@ -10,8 +10,18 @@ # The "@deprecated" tag targets a deprecated variable. # # For better readability, see url below : -# https://docs.phraseanet.com/4.1/en/EnvironnementVariables.html -# +# https://docs.phraseanet.com/4.1/en/Admin/EnvironnementVariables.html + + +# --- ATTENTION POINTS FOR PHRASEANET CONFIGURATION ---------------------------- +# 1. Default Passwords: Ensure all default passwords defined in this configuration are changed to secure, personalized passwords before deployment. +# 2. MariaDB Container: The provided MariaDB container is not ready for production as-is and requires adjustments. It is recommended to use an external, redundant service for the primary datastore. +# 3. Configuration Persistence: Changes made in this file need appropriate backups as they are crucial for system restoration and disaster recovery. +# 4. Environment Specifics: Ensure that settings like database hosts, ports, and credentials are correctly configured for your specific environment. +# 5. Environment Variable Customization: Environment variables should be tailored to fit the specific needs and usage intentions of the application. Always review and adjust these settings to align with operational requirements. +# 6. Plugin Dependencies: some features, such as SAML authentication, require additional paid plugins not included in the public images. + + # --- Phraseanet stack composition ------------------------------------------------------------------------------------- @@ -41,10 +51,11 @@ # Profiles service list: # - "app" : launch Phraseanet and Workers. # - "setup" : launch a Phraseanet installation and configuration container, this container is launched to perform a default installation and -# each time it is necessary to update the Phraseanet configuration using the env variables +# each time it is necessary to update the Phraseanet configuration using the env variables. +# when an update is performed, the current 'config' repository is backuped in # - "gateway-classic" : launch nginx service. -# - "gateway-traefik" : nginx is launched behind a traefik service, the traefik is include in this stack (todo) -# or Traefik include in Phrasea Stack. +# - "gateway-traefik" : nginx is launched behind a traefik service, at this time `traefik` is not include in this stack but you can use your own +# or use `Traefik` include in Phrasea Stack. # - "workers" : launch one worker container by kind of Jobs, you can also # choose to launch only some workers, see worker profile list below. # - "worker" : launch one container worker with all jobs run on it. @@ -58,8 +69,9 @@ # - "builder" : launch the builder container, for dev only. # - "elk" : launch an elk stack, for dev only. # - "squid" : reverse proxy for dev only. -# - "mailhog" : for catching all email emit by app for dev. +# - "mailhog" : for catching all email emit by app for dev and testing. # - "db-backup" : launch and run a container to cron database backups and backup file's rotation. +# - "pma" : launch a phpmyadmin container for test and dev purpose. # - "mysql8" : launch a mysql8 container (beta), (/!\ do not mix with the "db" profile) # Because this is the primary datastore, you should use you own SGDD service for production needs. # @@ -126,7 +138,6 @@ COMPOSE_FILE=docker-compose.yml:docker-compose.datastores.yml:docker-compose.too # Define which profiles you want to use in "docker-compose". # @run - COMPOSE_PROFILES=app,setup,gateway-classic,db,elasticsearch,rabbitmq,redis,redis-session,worker,mailhog,db-backup @@ -143,34 +154,72 @@ PHRASEANET_DOCKER_REGISTRY=local # Docker images tag. # @run -PHRASEANET_DOCKER_TAG=4.1.11 +PHRASEANET_DOCKER_TAG=4.1.12 # Stack Name # An optionnal Name for the stack # @run STACK_NAME= -# --- Phraseanet containers resources limit settings ------------------------------------------------------------------------------------ +# --- CPU and Memory Configuration for Docker Services ------------------------------------------------------------------- +# These settings are only active if 'docker-compose.limits.yml' is specified in the COMPOSE_FILE variable. +# they define the resources allocated to the containers, for more explanation see the docker compose documentation +# Number of CPUs allocated to the worker service. +# @run WORKER_CPU=2 + +# Number of CPUs allocated to the gateway service. +# @run GATEWAY_CPU=2 + +# Number of CPUs allocated to the PHP-FPM service. +# @run FPM_CPU=2 + +# Maximum memory that the worker service can use. +# @run WORKER_MEMORY_LIMIT=2048M + +# Maximum memory that the gateway service can use. +# @run GATEWAY_MEMORY_LIMIT=2048M + +# Maximum memory that the PHP-FPM service can use. +# @run FPM_MEMORY_LIMIT=2048M + +# Reserved memory for the worker service. +# @run WORKER_MEMORY_RESERVATION=256M + +# Reserved memory for the gateway service. +# @run GATEWAY_MEMORY_RESERVATION=256M + +# Reserved memory for the PHP-FPM service. +# @run FPM_MEMORY_RESERVATION=256M + # --- Phraseanet container network settings ------------------------------------------------------------------------------------ +# Phraseanet network settings are used to define the network configuration +# of the Phraseanet stack when traefik is used. +# see phraseanet under traefik in Phrasea stack # Phrasea network Name, the name of Phrasea network and see by traefik # @run PHRASEA_NETWORK_NAME=ps_internal + +# Domain Name used by traefik in Phrasea stack # @run PHRASEA_DOMAIN=phrasea.local + +# Phrasea Gateway IP, the IP of the gateway container (traefik) in the Phrasea stack # @run PHRASEA_GATEWAY_IP=172.30.0.1 + +# Phrasea Gateway Name, the name of the gateway container (traefik) in the Phrasea stack # @run PHRASEA_COMPOSE_PROJECT_NAME=ps @@ -210,25 +259,64 @@ PHRASEANET_MAINTENANCE=0 # @run PHRASEANET_MAINTENANCE_MESSAGE= -# Activate restrictions -# restrictions can be based -# on IP and/or password -# configuration exemple : -# GATEWAY_ALLOWED_IPS=10.0.0.1,10.0.1.1 -# GATEWAY_DENIED_IPS=172.1.0.1,172.1.0.2 -# GATEWAY_USERS="user1:password1,user2:password2" +# --- RabbitMQ settings ------------------------------------------------------------------------------------------------ + +# RabbitMQ user account : create an account in RabbitMQ container and use it +# in Phraseanet configuration. +# @run +RABBITMQ_DEFAULT_USER=alchemy + +# RabbitMQ password account. +# @run +RABBITMQ_DEFAULT_PASS=vdh4dpe5Wy3R + +# RabbitMQ Http interface management port. +# @run +RABBITMQ_MANAGEMENT_PORT=10811 + +# rabbit hostname, need also for the name of rabbit database dir to avoid random name after dc down/up +# @run +RABBITMQ_HOSTNAME=rabbit_phraseanet + +# --- Gateway settings (NGINX) ----------------------------------------------------------------------------------------- + +# Value applied to "send_timeout", "keepalive_timeout", "client_header_timeout" +# and "client_body_timeout" nginx settings. +# @run +GATEWAY_SEND_TIMEOUT=120 + +# Timeout for establishing a connection with a proxied server. See [documentation| +# http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout]. +# @run +GATEWAY_PROXY_TIMEOUT=120 + +# Value applied to "fastcgi_connect_timeout", "fastcgi_read_timeout" +# and "fastcgi_send_timeout" nginx settings. +# @run +GATEWAY_FASTCGI_TIMEOUT=300 + +# Activate application access restrictions. +# Restrictions can be based on IP and/or password. Use these settings to control who can access the application. + +# Allowed IPs: Comma-separated list of IP addresses that are allowed to access the gateway. +# Uncomment and specify IPs to enable. Example: GATEWAY_ALLOWED_IPS=10.0.0.1,10.0.1.1 # @run GATEWAY_ALLOWED_IPS= + +# Denied IPs: Comma-separated list of IP addresses that are denied access to the gateway. +# Uncomment and specify IPs to enable. Example: GATEWAY_DENIED_IPS=172.1.0.1,172.1.0.2 # @run GATEWAY_DENIED_IPS= + +# Users: Specifies credentials for accessing the gateway. Format "username:password". +# Uncomment and specify user credentials to enable. Example: GATEWAY_USERS="user1:password1,user2:password2" # @run GATEWAY_USERS= - -# Manage http incoming request limits by verbs -# this feature is based on ip adresses and need PHRASEANET_TRUSTED_PROXIES -# defined to get real_ip +# HTTP requests quota management. +# Manage http incoming request limits by verbs using the "ngx_http_limit_req_module" module. +# this feature is based on ip adresses and need PHRASEANET_TRUSTED_PROXIES defined to get real_ip # READ is for GET and HEAD requests # WRITE is for POST, PUT, DELETE and PATCH requests # Enabling the requests Limit @@ -272,44 +360,6 @@ GATEWAY_FASTCGI_HTTPS=off # @run GATEWAY_CSP= -# --- RabbitMQ settings ------------------------------------------------------------------------------------------------ - -# RabbitMQ user account : create an account in RabbitMQ container and use it -# in Phraseanet configuration. -# @run -RABBITMQ_DEFAULT_USER=alchemy - -# RabbitMQ password account. -# @run -RABBITMQ_DEFAULT_PASS=vdh4dpe5Wy3R - -# RabbitMQ Http interface management port. -# @run -RABBITMQ_MANAGEMENT_PORT=10811 - -# rabbit hostname, need also for the name of rabbit database dir to avoid random name after dc down/up -# @run -RABBITMQ_HOSTNAME=rabbit_phraseanet - -# --- Gateway settings (nginx) ----------------------------------------------------------------------------------------- - -# Value applied to "send_timeout", "keepalive_timeout", "client_header_timeout" -# and "client_body_timeout" nginx settings. -# @run -GATEWAY_SEND_TIMEOUT=120 - -# Timeout for establishing a connection with a proxied server. See [documentation| -# http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout]. -# @run -GATEWAY_PROXY_TIMEOUT=120 - -# Value applied to "fastcgi_connect_timeout", "fastcgi_read_timeout" -# and "fastcgi_send_timeout" nginx settings. -# @run -GATEWAY_FASTCGI_TIMEOUT=300 - - - # --- PHP settings ----------------------------------------------------------------------------------------------------- # Maximum request body size for Php and Nginx. Example "1G" @@ -340,8 +390,11 @@ REQUEST_TERMINATE_TIMEOUT=300s # Maximum amount of memory a script may consume (128MB) # http://php.net/memory-limit +# Memory limit in FPM context # @run FPM_MEMORY_LIMIT=2048M +# Memory limit for php-cli +# @run PHP_CLI_MEMORY_LIMIT=2048M # Temporary directory for HTTP uploaded files (will use system default if not @@ -501,39 +554,65 @@ DB_BACKUP_CRON_TIME= DB_BACKUP_GZIP_LEVEL=9 -# --- Pusher settings -------------------------------------------------------------------------------------- +# --- Pusher Settings --- +# Phraseanet use the Pusher service to notify users of asynchronous downloads https://pusher.com. +# These settings are required when asynchronous downloads are enabled via 'download_async / enabled=true' in configuration.yml. +# A Pusher account is necessary. +# For account setup and further details, refer to the official Pusher documentation at https://pusher.com/docs. -# Pusher settings used when PHRASEANET_DOWNLOAD_ASYNC=true (configuration.yml: download_async / enabled=true) +# Pusher Authentication Key: Key used for authenticating with the Pusher API. # @run -PUSHER_AUTH_KEY +PUSHER_AUTH_KEY= -# pusher secret +# Pusher Secret: Secret key for secure interactions with the Pusher API. # @run -PUSHER_SECRET +PUSHER_SECRET= -# pusher app_id +# Pusher App ID: The unique identifier for your Pusher application. # @run -PUSHER_APP_ID +PUSHER_APP_ID= -# --- Application cache settings --------------------------------------------------------------------------------------------------- +# --- Application Cache Settings --- +# Configuration for caching mechanisms within the application. +# Supports 'redis' for distributed caching or 'arraycache' for in-memory caching. +# These settings are effective when the corresponding cache type is enabled in the system configuration. -# Cache setting type can be "redis" or "arraycache" +# Cache Type: Specifies the caching mechanism ('redis' or 'arraycache'). # @run PHRASEANET_CACHE_TYPE=redis + +# Cache Host: Hostname or IP address of the cache server. # @run PHRASEANET_CACHE_HOST=redis + +# Cache Port: Port number on which the cache server is running. # @run PHRASEANET_CACHE_PORT=6379 -# PHP session management : this must be related to the SESSION_SAVE_HANDLER parameter. type can be redis, file or native +# --- PHP Session Management Settings --- +# Configures storage mechanism for PHP sessions, correlating with the SESSION_SAVE_HANDLER setting. +# Options are 'redis', 'file', or 'native'. +# 'redis' : Using Redis as a session storage mechanism. +# 'file' : Using file-based session storage. +# 'native' : Using PHP’s built-in session management which is file-based but can be configured to use a custom session handler. +# When `native` is choseen see also SESSION_SAVE_HANDLER and SESSION_SAVE_PATH setting in php section +# 'native' is mandatory for environments where SAML authentication is enabled, +# see SAML section below + +# Session Type: Specifies the session storage mechanism. # @run PHRASEANET_SESSION_TYPE=redis + +# Session Host: Hostname or IP address of the session storage server. # @run PHRASEANET_SESSION_HOST=redis-session + +# Session Port: Port number on which the session storage server is running. # @run PHRASEANET_SESSION_PORT=6379 + # --- Phraseanet general settings -------------------------------------------------------------------------------------- # Variables below are used in the "configuration.yml" file: @@ -571,6 +650,7 @@ PHRASEANET_ADMIN_ACCOUNT_ID= # @run PHRASEANET_ADMIN_ACCOUNT_EMAIL=admin@alchemy.fr +# require to be change for securitie reasons # @run PHRASEANET_ADMIN_ACCOUNT_PASSWORD=iJRqXU0MwbyJewQLBbra6IWHsWly @@ -578,40 +658,66 @@ PHRASEANET_ADMIN_ACCOUNT_PASSWORD=iJRqXU0MwbyJewQLBbra6IWHsWly # @run PHRASEANET_DOWNLOAD_ASYNC=false -# User Session duration settings +# --- User Session Duration Settings --- +# These settings control the lifetime and idle timeout of user sessions in the application. + +# User Session Idle Timeout: Duration in seconds a session can remain inactive before being ended by the server. +# This setting helps manage resources efficiently and improves security by limiting the risk of sessions being hijacked during periods of inactivity. # @run PHRASEANET_USER_SESSION_IDLE=14400 + +# User Session Lifetime: Maximum duration in seconds that a session can exist, regardless of activity. +# This setting defines the absolute maximum time a session will remain active, +# after which it will be terminated to prevent long-lived sessions. +# @run PHRASEANET_USER_SESSION_LIFETIME=86400 -# --- Phraseanet MySQL settings ---------------------------------------------------------------------------------------- +# --- Phraseanet SGBD Settings --- +# Configure the database settings for Phraseanet. +# Note: The default settings provided below are for initial setup and development purposes only. +# For production environments, ensure to use secure credentials and consider connecting to a managed database service for enhanced security and performance. +# SGBD Host: Specifies the hostname or IP address of the database server. # @install PHRASEANET_DB_HOST=db +# SGBD Port: Specifies the port number on which the database server is accessible. # @install PHRASEANET_DB_PORT=3306 +# SGBD User: Username for accessing the database. Change from default 'root' to a user with lesser privileges for security reasons. # @install -PHRASEANET_DB_USER=root +PHRASEANET_DB_USER=root # Recommend changing to a specific, non-root user for production. +# SGBD Password: Password for the database user. Ensure to change this from the default for security reasons. # @install -PHRASEANET_DB_PASSWORD=root - +PHRASEANET_DB_PASSWORD=root # Strongly recommend setting a strong, unique password for production. -# --- Phraseanet database settings ------------------------------------------------------------------------------------- +# --- Phraseanet Database Settings --------------------------------------------------------------------------------------- +# Configure the initial database settings for Phraseanet installation. +# These settings specify the templates and database identifiers used during the setup process. +# Note: The databases specified here exist by default in the provided 'db' container. +# If using an external database server, ensure these databases are created prior to installation. +# Database Template: Specifies the template for database setup, guiding the initial configuration structure. # @install INSTALL_DB_TEMPLATE=DublinCore +# Application Database Identifier: Specifies the identifier for the primary application database. +# Typically named as 'ab_master' or similar; adjust as needed. # @install INSTALL_APPBOX=ab_master +# Data Database Identifier: Specifies the identifier for the primary data storage database. +# Typically named as 'db_databox1' or similar; adjust as needed. # @install INSTALL_DATABOX=db_databox1 + + # --- Phraseanet languages settings ------------------------------------------------------------------------------------ # Available languages (list of language code separated by comma). @@ -624,157 +730,217 @@ PHRASEANET_DEFAULT_LANGUAGE=en -# --- Phraseanet binaries execution timeouts settings ------------------------------------------------------------------ +# --- Phraseanet Binaries Execution Timeouts Settings --- +# These settings define the maximum allowed execution time for various media processing tools used by Phraseanet. +# If a process exceeds the specified timeout, it will be considered as having encountered an error. +# This ensures that system resources are not indefinitely tied up by processes that have stalled or are taking too long to complete. + +# --- Phraseanet Binaries Execution Timeouts Settings --- +# These settings define the maximum allowed execution time in minutes for various media processing tools used by Phraseanet. +# If a process exceeds the specified timeout, it will be considered as having encountered an error. +# These timeouts should be adjusted based on the file sizes being processed. +# FFMPEG Timeout: Maximum execution time for FFMPEG processes, used for video encoding and processing. # @run PHRASEANET_FFMPEG_TIMEOUT=7200 +# FFPROBE Timeout: Maximum execution time for FFPROBE processes, used for video file analysis. # @run PHRASEANET_FFPROBE_TIMEOUT=120 +# Ghostscript Timeout: Maximum execution time for Ghostscript processes, used for processing PDFs and PostScript files. # @run PHRASEANET_GS_TIMEOUT=120 +# MP4Box Timeout: Maximum execution time for MP4Box processes, used for multimedia stream manipulation. # @run PHRASEANET_MP4BOX_TIMEOUT=120 +# SWFTools Timeout: Maximum execution time for SWFTools processes, used for processing SWF files. # @run PHRASEANET_SWFTOOLS_TIMEOUT=120 +# Unoconv Timeout: Maximum execution time for Unoconv processes, used for document conversion between various formats. # @run PHRASEANET_UNOCON_TIMEOUT=120 +# ExifTool Timeout: Maximum execution time for ExifTool processes, used for managing metadata within media files. # @run PHRASEANET_EXIFTOOL_TIMEOUT=120 -# --- Phraseanet RabbitMQ settings ------------------------------------------------------------------------------------- +# --- Phraseanet RabbitMQ Settings --- +# Configuration settings for RabbitMQ, used for message queuing within Phraseanet. +# These settings define how Phraseanet connects to the RabbitMQ server to handle asynchronous message queuing. +# RabbitMQ Host: The hostname or IP address of the RabbitMQ server. # @run PHRASEANET_RABBITMQ_HOST=rabbitmq +# RabbitMQ Port: The port number on which the RabbitMQ server is accessible. # @run PHRASEANET_RABBITMQ_PORT=5672 +# RabbitMQ SSL: Whether to use SSL/TLS to encrypt the connection. Set to 'false' to disable. # @run PHRASEANET_RABBITMQ_SSL=false +# RabbitMQ Virtual Host: The namespace where queues and exchanges are defined within RabbitMQ. # @run PHRASEANET_RABBITMQ_VHOST=/ +# RabbitMQ Heartbeat: The timeout interval in seconds for sending heartbeats to keep the connection alive. # @run PHRASEANET_RABBITMQ_HEARTBEAT=30 -# --- Phraseanet Elasticsearch settings ------------------------------------------------------------------------------------- -# They env variables are only used during installation process, edit configuration.yml file or use phraseanet admin GUI to modify them +# --- Phraseanet Elasticsearch Settings --- +# Initial configuration for Elasticsearch during the installation process of Phraseanet. +# Note: These environment variables are used only during installation. +# To modify these settings post-installation, use the configuration.yml file or the Phraseanet admin GUI. + +# Elasticsearch Host: The hostname or IP address of the Elasticsearch server. # @install PHRASEANET_ELASTICSEARCH_HOST=elasticsearch + +# Elasticsearch Port: The port number on which Elasticsearch is accessible. # @install PHRASEANET_ELASTICSEARCH_PORT=9200 + +# Elasticsearch Index: The default index name for Elasticsearch. Set to 'null' to use the default setting from Phraseanet. # @install PHRASEANET_ELASTICSEARCH_INDEX=null + +# Elasticsearch Number of Shards: The number of shards for the Elasticsearch index. # @install PHRASEANET_ELASTICSEARCH_SHARD=3 + +# Elasticsearch Number of Replicas: The number of replicas for each shard in the Elasticsearch index. # @install PHRASEANET_ELASTICSEARCH_REPLICAS=0 + +# Elasticsearch Minimum Score: The minimum score for search results to be considered relevant. # @install PHRASEANET_ELASTICSEARCH_MINSCORE=2 + +# Elasticsearch Highlight: Whether search results should be highlighted. Set to 'true' to enable. # @install PHRASEANET_ELASTICSEARCH_HIGHLIGHT=true + +# Elasticsearch Max Result Window: The maximum number of search results that can be returned in a single query. # @install PHRASEANET_ELASTICSEARCH_MAXRESULTWINDOW=500000 + +# Elasticsearch Populate Order: The default order in which search results are populated. # @install PHRASEANET_ELASTICSEARCH_POPULATEORDER=RECORD_ID + +# Elasticsearch Active Tab: The active tab in the Elasticsearch dashboard. Set to 'null' to use the default setting from Phraseanet. # @install PHRASEANET_ELASTICSEARCH_ACTIVETAB=null + +# Elasticsearch Facet Base: Base number for calculating facets in search results. # @install PHRASEANET_ELASTICSEARCH_FACET_BASE=10 + +# Elasticsearch Facet per Collection: Number of facets to be calculated for collection in search results. # @install PHRASEANET_ELASTICSEARCH_FACET_COLLECTION=10 + +# Elasticsearch Facet per Document Type: Number of facets to be calculated for document type in search results. # @install PHRASEANET_ELASTICSEARCH_FACET_DOCTYPE=10 + +# Elasticsearch Facet Orientation: Number of facets to be calculated based on the orientation of media in search results. # @install PHRASEANET_ELASTICSEARCH_FACET_ORIENTATION=10 -# --- Phraseanet network settings -------------------------------------------------------------------------------------- - -# Enter comma separated list of IP or SUBNETS for variables below: +# --- Phraseanet Network Settings --- +# Configure trusted IPs and network settings for secure access and operation within a controlled network environment. +# Trusted Proxies: Comma-separated list of IP addresses or subnets that are trusted as proxies by Phraseanet. # @run PHRASEANET_TRUSTED_PROXIES= +# Debug Allowed IP: Comma-separated list of IP addresses allowed to access debugging features. # @run PHRASEANET_DEBUG_ALLOWED_IP= +# Subnet IPs: Define the IP subnet within which Phraseanet services will operate. # @run PHRASEANET_SUBNET_IPS=172.32.0.0/16 +# --- Phraseanet API Settings --- +# Enable and configure the API settings to dictate how external applications interact with Phraseanet. - -# --- Phraseanet API settings ------------------------------------------------------------------------------------------ - +# API Enabled: Enables the API functionality, allowing for external access. # @run PHRASEANET_API_ENABLED=true +# API SSL: Enables SSL encryption for API connections, ensuring data security. # @run PHRASEANET_API_SSL=true +# API Auth Token Header Only: Restricts API authentication to headers only, enhancing security by not allowing token in URL. # @run PHRASEANET_API_AUTH_TOKEN_HEADER_ONLY=false +# --- Phraseanet Mapbox Geolocation Settings --- +# Configure settings for geolocation features within Phraseanet, using Mapbox services. +# Require a Mapbox account and access token to enable and use these features. - -# --- Phraseanet Mapbox geolocalisation settings ----------------------------------------------------------------------- - +# Mapbox Activate: Enables or disables Mapbox integration. # @run PHRASEANET_MAPBOX_ACTIVATE=false +# Mapbox Token: The access token for using Mapbox services. # @run PHRASEANET_MAPBOX_TOKEN= +# Mapbox Kind: Specifies the type of Mapbox service to use. # @run PHRASEANET_MAPBOX_KIND= +# --- Phraseanet Mail Settings --- +# Configure email sending capabilities and SMTP settings for Phraseanet. - -# --- Phraseanet mail settings ----------------------------------------------------------------------------------------- - +# Emitter Email: The email address that appears as the sender for emails sent by Phraseanet. # @run PHRASEANET_EMITTER_EMAIL=phraseanet@example.com +# Mail Object Prefix: A prefix for the subject line of emails sent by Phraseanet. # @run PHRASEANET_MAIL_OBJECT_PREFIX="phraseanet" -# Phraseanet SMTP settings: - -# Available values: -# - "true" : SMTP parameters are set from .env file. -# - "false" : SMTP parameters should be set in GUI. -# +# SMTP Enabled: Toggle to enable SMTP settings from .env file or disable to configure in GUI. # @run PHRASEANET_SMTP_ENABLED=true +# SMTP Host: The hostname of the SMTP server used for sending emails. # @run PHRASEANET_SMTP_HOST=mailhog +# SMTP Port: The port number on which the SMTP server is accessible. # @run PHRASEANET_SMTP_PORT=1025 +# SMTP Auth Enabled: Toggle to require authentication for sending emails via SMTP. # @run PHRASEANET_SMTP_AUTH_ENABLED=false +# SMTP Secure Mode: Defines the encryption method used (e.g., SSL, TLS), set to null to disable. # @run PHRASEANET_SMTP_SECURE_MODE=null +# SMTP User: Username for SMTP authentication, if required. # @run PHRASEANET_SMTP_USER= +# SMTP Password: Password for SMTP authentication, if required. # @run PHRASEANET_SMTP_PASSWORD= - # --- Phraseanet Workers and Scheduler settings ------------------------------------------------------------------------ # Define how many process are launched in the "worker" container: @@ -887,105 +1053,172 @@ LC_NAME=C.UTF-8 -# --- Phraseanet volumes location settings ----------------------------------------------------------------------------- +# --- Phraseanet Volumes Location Settings ------------------------------------------------------------------------------ +# Configure the directory paths for various operational and data storage aspects of Phraseanet. +# These settings specify the locations on the file system where different types of data and operational files are stored, +# ensuring proper data management and accessibility. +# Configuration Directory: Location for Phraseanet configuration files. # @run PHRASEANET_CONFIG_DIR=./config +# Logs Directory: Location for storing logs generated by Phraseanet operations. # @run PHRASEANET_LOGS_DIR=./logs +# Data Directory: General data storage location used by Phraseanet. +# any change here must be reflected in the db. # @run PHRASEANET_DATA_DIR=./datas +# Database Directory: Location for database volume storage. # @run PHRASEANET_DB_DIR=./volumes/db +# Elasticsearch Directory: Location for Elasticsearch data storage. # @run PHRASEANET_ELASTICSEARCH_DIR=./volumes/elasticsearch +# Thumbnails Directory: Location for storing generated thumbnails. # @run PHRASEANET_THUMBNAILS_DIR=./www/thumbnails +# Custom Directory: Location for custom scripts or extensions. # @run PHRASEANET_CUSTOM_DIR=./www/custom +# Plugins Directory: Location for Phraseanet plugins. # @run PHRASEANET_PLUGINS_DIR=./www/plugins +# Temporary Directory: Location for temporary files. # @run PHRASEANET_TMP_DIR=./tmp +# Cache Directory: Location for caching data to improve application performance. # @run PHRASEANET_CACHE_DIR=./cache +# Download Directory: Location for storing files that are available for download. # @run PHRASEANET_DOWNLOAD_DIR=./datas/download +# Lazaret Directory: Location for storing temporary or quarantined files before final processing or deletion. # @run PHRASEANET_LAZARET_DIR=./datas/lazaret +# Caption Directory: Location for storing caption data for media files. # @run PHRASEANET_CAPTION_DIR=./tmp/caption +# Worker Temporary Directory: Temporary storage for worker processes. # @run PHRASEANET_WORKER_TMP=./tmp/worker +# Backup Directory: Location for storing backup files. # @run PHRASEANET_BACKUP_DIR=./backup +# FTP Directory: Location for FTP uploads or downloads. # @run PHRASEANET_FTP_DIR=./ftp + # --- Phraseanet plugin support settings ------------------------------------------------------------------------------- +# Configure settings for enabling and managing plugins within Phraseanet. +# Plugins git repository, separated by comma. # @build PHRASEANET_PLUGINS= + +# key for git repository access # @build PHRASEANET_SSH_PRIVATE_KEY= -# --- ImageMagick default policy override setting ---------------------------------------------------------------------- +# --- ImageMagick Default Policy Override Setting --------------------------------------------------------------------- +# Configure specific operational limits for ImageMagick to manage resource usage and ensure performance and security. +# reference: https://imagemagick.org/script/security-policy.php +# Policy Version: Specifies the version of ImageMagick policies being applied. # @run IMAGEMAGICK_POLICY_VERSION=7 +# Maximum Width: Maximum width in pixels that ImageMagick is allowed to process. +# default value is 48,000 pixels # @run IMAGEMAGICK_POLICY_WIDTH=48KP -# @run -IMAGEMAGICK_POLICY_HEIGHT=48KPP - +# Map Limit: Maximum amount of memory map ImageMagick is allowed to allocate for image cache. +# default value is 2,048 Megabytes # @run IMAGEMAGICK_POLICY_MAP=2048MiB -# @run -IMAGEMAGICK_POLICY_MEMORY=2048MiB - +# Area Limit: Maximum area in pixels ImageMagick is allowed to allocate for an image. +# default value is 4,096 Megabytes # @run IMAGEMAGICK_POLICY_AREA=4096MB +# Disk Limit: Maximum amount of disk space ImageMagick is allowed to use for iamge cache. +# default value is 6 Gigabyte # @run IMAGEMAGICK_POLICY_DISK=6GiB +# Temporary Path: Location for ImageMagick's temporary files. +# default value is /tmp # @run IMAGEMAGICK_POLICY_TEMPORARY_PATH=/tmp +# --- New Relic Monitoring Settings --- +# Enable and configure the New Relic agent for platform monitoring to analyze and optimize the application's performance. +# refer to the official New Relic documentation at https://docs.newrelic.com/docs/agents/php-agent/getting-started/introduction-new-relic-php - -# --- New Relic monitoring settings ------------------------------------------------------------------------------------ - -# Enable (or not) the "New Relic" agent for plateform monitoring. +# New Relic Enabled: Toggle to enable or disable New Relic monitoring. # @run NEWRELIC_ENABLED=false +# New Relic License Key: The license key for your New Relic account. # @run NEWRELIC_LICENSE_KEY= +# New Relic App Name: The name of the application as registered in New Relic. # @run NEWRELIC_APP_NAME= +# --- SAML Authentication Settings -------------------------------------------------------------------------------------- +# Configure settings for SAML (Security Assertion Markup Language) authentication within Phraseanet to enable secure single sign-on (SSO) capabilities. +# Note: This setup requires an additional paid plugin that is not included in the public images. +# It also requires extra containers that must be declared in the Docker compose stack by adding 'phraseanet-saml-sp' to COMPOSE_PROFILE. + +# Allow Debug: Enables detailed logging for SAML operations. Useful for troubleshooting during setup and testing. +# @run +SAML_ALLOW_DEBUG=true + +# Phraseanet Host: The URL where Phraseanet is hosted, used in SAML exchanges. +# @run +SAML_PHRASEANET_HOST=http://127.0.0.1:8082 + +# Service Provider Config Directory: Path to the directory where the SAML service provider configuration is stored. +# @run +SAML_SP_CONFIG_DIR=./saml-config/ + +# Service Provider Auth Sources: Specifies the authentication sources configuration for the service provider. +# @run +SAML_SP_AUTHSOURCES= + +# Service Provider Certificate Directory: Path to the directory where the SAML service provider certificates are stored. +# @run +SAML_SP_CERT_DIR=./saml-cert/ + +# Identity Provider Metadata Configuration: Configuration details for the SAML identity provider. +# @run +SAML_IDP_METADATA_CONFIG= + +# Local Identity Provider Metadata Directory: Path to the directory where local metadata configurations for identity providers are stored. +# @run +SAML_IDP_METADATA_LOCAL_CONFIG_DIR=./saml-metadata/ + # --- Development purpose ---------------------------------------------------------------------------------------------- # See [Phraseanet development-mode documentation| @@ -1034,23 +1267,3 @@ SSH_AUTH_SOCK=/dev/null # This is need for PHraseanet SAML context on K8S # @run PHRASEANET_K8S_NAMESPACE= - -# -# SAML Service provider setting -# simplesamlphp as service provider for Phraseanet -# must be associated to a plugin -# on docker-compose staxk add the profile phraseanet-saml-sp -# @run -SAML_ALLOW_DEBUG=true -# @run -SAML_PHRASEANET_HOST=http://127.0.0.1:8082 -# @run -SAML_SP_CONFIG_DIR=./saml-config/ -# @run -SAML_SP_AUTHSOURCES= -# @run -SAML_SP_CERT_DIR=./saml-cert/ -# @run -SAML_IDP_METADATA_CONFIG= -# @run -SAML_IDP_METADATA_LOCAL_CONFIG_DIR=./saml-metadata/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 743c34da7e..4b3c297447 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,33 @@ # CHANGELOG +## 4.1.12 + +### Update Instructions + +- **Migration Patch**: + - A migration script for the configuration file is available. Run the following command in the setup container with Docker if the environment variable `PHRASEANET_UPGRADE=1` is set: + ``` + bin/setup system:upgrade + ``` + +### Version Summary + - Base image bump for Video encoding fix and newrelic agent installation. + - take in account default language setup in configuration. + - `.env`file documentation improvement. + +### Stack (Docker Compose and Helm) + +- **Phraseanet Base Image**: Bumped to 1.2.2 + +## What's Changed +* PHRAS-4109: Language : Secure cookie seems to be always needing HTTPS by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4566 +* PHRAS-4112 bump base image to 1.2.1 / fix MP4Box by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4567 +* PHRAS-4114 newrelic install fix by @nmaillat in https://github.com/alchemy-fr/Phraseanet/pull/4569 +* PHRAS-4111: Default language in the configuration file not taken into account on the homepage. by @aynsix in https://github.com/alchemy-fr/Phraseanet/pull/4570 + + +**Full Changelog**: https://github.com/alchemy-fr/Phraseanet/compare/4.1.11...4.1.12 +__ ## 4.1.11 ### Update Instructions diff --git a/lib/Alchemy/Phrasea/Core/Version.php b/lib/Alchemy/Phrasea/Core/Version.php index 7ecbf38059..42a4cacc06 100644 --- a/lib/Alchemy/Phrasea/Core/Version.php +++ b/lib/Alchemy/Phrasea/Core/Version.php @@ -17,7 +17,7 @@ class Version * @var string */ - private $number = '4.1.11'; + private $number = '4.1.12'; /** * @var string