diff --git a/public/v4/apps/remark42.yml b/public/v4/apps/remark42.yml new file mode 100644 index 0000000..cfc25d8 --- /dev/null +++ b/public/v4/apps/remark42.yml @@ -0,0 +1,571 @@ +captainVersion: 4 +services: + $$cap_appname: + image: umputun/remark42:$$cap_tag_version + hostname: $$cap_appname.$$cap_root_domain + restart: always + environment: + REMARK_URL: 'https://$$cap_appname.$$cap_root_domain' + SECRET: '$$cap_secret' + SITE: '$$cap_site' + STORE_TYPE: '$$cap_store_type' + STORE_BOLT_PATH: '$$cap_store_bolt_path' + STORE_BOLT_TIMEOUT: '$$cap_store_bolt_timeout' + ADMIN_SHARED_ID: '$$cap_admin_shared_id' + ADMIN_SHARED_EMAIL: '$$cap_admin_shared_email' + BACKUP_PATH: '$$cap_backup' + MAX_BACKUP_FILES: '$$cap_max_back' + CACHE_TYPE: '$$cap_cache_type' + CACHE_REDIS_ADDR: '$$cap_cache_redis_addr' + CACHE_MAX_ITEMS: '$$cap_cache_max_items' + CACHE_MAX_VALUE: '$$cap_cache_max_value' + CACHE_MAX_SIZE: '$$cap_cache_max_size' + AVATAR_TYPE: '$$cap_avatar_type' + AVATAR_FS_PATH: '$$cap_avatar_fs_path' + AVATAR_BOLT_FILE: '$$cap_avatar_bolt_file' + AVATAR_URI: '$$cap_avatar_uri' + AVATAR_RSZ_LMT: '$$cap_avatar_rsz_lmt' + IMAGE_TYPE: '$$cap_image_type' + IMAGE_MAX_SIZE: '$$cap_image_max_size' + IMAGE_FS_PATH: '$$cap_image_fs_path' + IMAGE_FS_STAGING: '$$cap_image_fs_staging' + IMAGE_FS_PARTITIONS: '$$cap_image_fs_partitions' + IMAGE_BOLT_FILE: '$$cap_image_bolt_file' + IMAGE_RESIZE_WIDTH: '$$cap_image_resize_width' + IMAGE_RESIZE_HEIGHT: '$$cap_image_resize_height' + AUTH_TTL_JWT: '$$cap_auth_ttl_jwt' + AUTH_TTL_COOKIE: '$$cap_auth_ttl_cookie' + AUTH_SEND_JWT_HEADER: '$$cap_auth_send-jwt_header' + AUTH_SAME_SITE: '$$cap_auth_same_site' + AUTH_GOOGLE_CID: '$$cap_auth_google_cid' + AUTH_GOOGLE_CSEC: '$$cap_auth_google_csec' + AUTH_FACEBOOK_CID: '$$cap_auth_facebook_cid' + AUTH_FACEBOOK_CSEC: '$$cap_auth_facebook_csec' + AUTH_MICROSOFT_CID: '$$cap_auth_microsoft_cid' + AUTH_MICROSOFT_CSEC: '$$cap_auth_microsoft_csec' + AUTH_GITHUB_CID: '$$cap_auth_github_cid' + AUTH_GITHUB_CSEC: '$$cap_auth_github_csec' + AUTH_TWITTER_CID: '$$cap_auth_twitter_cid' + AUTH_TWITTER_CSEC: '$$cap_auth_twitter_csec' + AUTH_PATREON_CID: '$$cap_auth_patreon_cid' + AUTH_PATREON_CSEC: '$$cap_auth_patreon_csec' + AUTH_TELEGRAM: '$$cap_auth_telegram' + AUTH_YANDEX_CID: '$$cap_auth_yandex_cid' + AUTH_YANDEX_CSEC: '$$cap_auth_yandex_csec' + AUTH_DEV: '$$cap_auth_dev' + AUTH_ANON: '$$cap_auth_anon' + AUTH_EMAIL_ENABLE: '$$cap_auth_email_enable' + AUTH_EMAIL_FROM: '$$cap_auth_email_from' + AUTH_EMAIL_SUBJ: '$$cap_auth_email_subj' + AUTH_EMAIL_CONTENT_TYPE: '$$cap_auth_email_content_type' + NOTIFY_USERS: '$$cap_notify_users' + NOTIFY_ADMINS: '$$cap_notify_admins' + NOTIFY_QUEUE: '$$cap_notify_queue' + NOTIFY_TELEGRAM_CHAN: '$$cap_notify_telegram_chan' + NOTIFY_SLACK_TOKEN: '$$cap_notify_slack_token' + NOTIFY_SLACK_CHAN: '$$cap_notify_slack_chan' + NOTIFY_WEBHOOK_URL: '$$cap_notify_webhook_url' + NOTIFY_WEBHOOK_HEADERS: '$$cap_notify_webhook_headers' + NOTIFY_WEBHOOK_TIMEOUT: '$$cap_notify_webhook_timeout' + NOTIFY_EMAIL_FROM: '$$cap_notify_email_fromAddress' + NOTIFY_EMAIL_VERIFICATION_SUBJ: '$$cap_notify_email_verification_subj' + TELEGRAM_TOKEN: '$$cap_telegram_token' + TELEGRAM_TIMEOUT: '$$cap_telegram_timeout' + SMTP_HOST: '$$cap_smtp_host' + SMTP_PORT: '$$cap_smtp_port' + SMTP_USERNAME: '$$cap_smtp_username' + SMTP_PASSWORD: '$$cap_smtp_password' + SMTP_TLS: '$$cap_smtp_tls' + SMTP_TIMEOUT: '$$cap_smtp_timeout' + SSL_TYPE: '$$cap_ssl_type' + SSL_PORT: '$$cap_ssl_port' + SSL_CERT: '$$cap_ssl_cert' + SSL_KEY: '$$cap_ssl_key' + SSL_ACME_LOCATION: '$$cap_ssl_acme_location' + SSL_ACME_EMAIL: '$$cap_ssl_acme_email' + MAX_COMMENT_SIZE: '$$cap_max_comment' + MAX_VOTES: '$$cap_max_votes' + VOTES_IP: '$$cap_votes_ip' + ANON_VOTE: '$$cap_anon_vote' + VOTES_IP_TIME: '$$cap_votes-ip_time' + LOW_SCORE: '$$cap_low_score' + CRITICAL_SCORE: '$$cap_critical_score' + POSITIVE_SCORE: '$$cap_positive_score' + RESTRICTED_WORDS: '$$cap_restricted_words' + RESTRICTED_NAMES: '$$cap_restricted_names' + EDIT_TIME: '$$cap_edit_time' + ADMIN_EDIT: '$$cap_admin_edit' + READONLY_AGE: '$$cap_read_age' + IMAGE_PROXY_HTTP2HTTPS: '$$cap_image_proxy_http2https' + IMAGE_PROXY_CACHE_EXTERNAL: '$$cap_image-proxy_cache_external' + EMOJI: '$$cap_emoji' + SIMPLE_VIEW: '$$cap_simple_view' + PROXY_CORS: '$$cap_proxy_cors' + ALLOWED_HOSTS: '$$cap_appname.$$cap_root_domain,$$cap_allowed_hosts' + REMARK_ADDRESS: '$$cap_address' + REMARK_PORT: '$$cap_port' + REMARK_WEB_ROOT: '$$cap_web_root' + UPDATE_LIMIT: '$$cap_update_limit' + SUBSCRIBERS_ONLY: '$$cap_subscribers_only' + ADMIN_PASSWD: '$$cap_admin_passwd' + DEBUG: '$$cap_dbg' + volumes: + - $$cap_appname-data:/srv/var + caproverExtra: + containerHttpPort: '8080' +caproverOneClickApp: + variables: + - id: $$cap_tag_version + label: Remark42 docker image tag + defaultValue: 'v1.9.0' + description: Valid tag from https://hub.docker.com/r/umputun/remark42/tags + validRegex: /.+/ + - id: $$cap_secret + label: SECRET + defaultValue: '$$cap_gen_random_hex(10)' + description: the shared secret key used to sign JWT, should be a random, long, hard-to-guess string + validRegex: /.+/ + - id: $$cap_site + label: SITE + defaultValue: 'remark' + description: site name(s), _multi_ + - id: $$cap_store_type + label: STORE_TYPE + defaultValue: 'bolt' + description: type of storage, `bolt` or `rpc` + - id: $$cap_store_bolt_path + label: STORE_BOLT_PATH + defaultValue: './var' + description: parent directory for the bolt files + - id: $$cap_store_bolt_timeout + label: STORE_BOLT_TIMEOUT + defaultValue: '30s' + description: boltdb access timeout + - id: $$cap_admin_shared_id + label: ADMIN_SHARED_ID + defaultValue: '' + description: admin IDs (list of user IDs), _multi_ + - id: $$cap_admin_shared_email + label: ADMIN_SHARED_EMAIL + defaultValue: '' + description: admin emails, _multi_ + - id: $$cap_backup + label: BACKUP_PATH + defaultValue: './var/backup' + description: backups location + - id: $$cap_max_back + label: MAX_BACKUP_FILES + defaultValue: '10' + description: max backup files to keep + - id: $$cap_cache_type + label: CACHE_TYPE + defaultValue: 'mem' + description: type of cache, `redis_pub_sub` or `mem` or `none` + - id: $$cap_cache_redis_addr + label: CACHE_REDIS_ADDR + defaultValue: '127.0.0.1:6379' + description: address of Redis PubSub instance, turn `redis_pub_sub` cache on for distributed cache + - id: $$cap_cache_max_items + label: CACHE_MAX_ITEMS + defaultValue: '1000' + description: max number of cached items, `0` - unlimited + - id: $$cap_cache_max_value + label: CACHE_MAX_VALUE + defaultValue: '65536' + description: max size of the cached value, `0` - unlimited + - id: $$cap_cache_max_size + label: CACHE_MAX_SIZE + defaultValue: '50000000' + description: max size of all cached values, `0` - unlimited + - id: $$cap_avatar_type + label: AVATAR_TYPE + defaultValue: 'fs' + description: type of avatar storage, `fs`, `bolt`, or `uri` + - id: $$cap_avatar_fs_path + label: AVATAR_FS_PATH + defaultValue: './var/avatars' + description: avatars location for `fs` store + - id: $$cap_avatar_bolt_file + label: AVATAR_BOLT_FILE + defaultValue: './var/avatars.db' + description: avatars bolt file location + - id: $$cap_avatar_uri + label: AVATAR_URI + defaultValue: './var/avatars' + description: avatars store URI + - id: $$cap_avatar_rsz_lmt + label: AVATAR_RSZ_LMT + defaultValue: '0 (disabled)' + description: max image size for resizing avatars on save + - id: $$cap_image_type + label: IMAGE_TYPE + defaultValue: 'fs' + description: type of image storage, `fs`, `bolt` + - id: $$cap_image_max_size + label: IMAGE_MAX_SIZE + defaultValue: '5000000' + description: max size of image file + - id: $$cap_image_fs_path + label: IMAGE_FS_PATH + defaultValue: './var/pictures' + description: permanent location of images + - id: $$cap_image_fs_staging + label: IMAGE_FS_STAGING + defaultValue: './var/pictures.staging' + description: staging location of images + - id: $$cap_image_fs_partitions + label: IMAGE_FS_PARTITIONS + defaultValue: '100' + description: number of image partitions + - id: $$cap_image_bolt_file + label: IMAGE_BOLT_FILE + defaultValue: '/var/pictures.db' + description: images bolt file location + - id: $$cap_image_resize_width + label: IMAGE_RESIZE_WIDTH + defaultValue: '2400' + description: width of a resized image + - id: $$cap_image_resize_height + label: IMAGE_RESIZE_HEIGHT + defaultValue: '900' + description: height of a resized image + - id: $$cap_auth_ttl_jwt + label: AUTH_TTL_JWT + defaultValue: '5m' + description: JWT TTL + - id: $$cap_auth_ttl_cookie + label: AUTH_TTL_COOKIE + defaultValue: '200h' + description: cookie TTL + - id: $$cap_auth_send_jwt_header + label: AUTH_SEND_JWT_HEADER + defaultValue: 'false' + description: send JWT as a header instead of a cookie + validRegex: /^(false|true)$/ + - id: $$cap_auth_same_site + label: AUTH_SAME_SITE + defaultValue: 'default' + description: set same site policy for cookies (`default`, `none`, `lax` or `strict`) + - id: $$cap_auth_google_cid + label: AUTH_GOOGLE_CID + defaultValue: '' + description: Google OAuth client ID + - id: $$cap_auth_google_csec + label: AUTH_GOOGLE_CSEC + defaultValue: '' + description: Google OAuth client secret + - id: $$cap_auth_facebook_cid + label: AUTH_FACEBOOK_CID + defaultValue: '' + description: Facebook OAuth client ID + - id: $$cap_auth_facebook_csec + label: AUTH_FACEBOOK_CSEC + defaultValue: '' + description: Facebook OAuth client secret + - id: $$cap_auth_microsoft_cid + label: AUTH_MICROSOFT_CID + defaultValue: '' + description: Microsoft OAuth client ID + - id: $$cap_auth_microsoft_csec + label: AUTH_MICROSOFT_CSEC + defaultValue: '' + description: Microsoft OAuth client secret + - id: $$cap_auth_github_cid + label: AUTH_GITHUB_CID + defaultValue: '' + description: GitHub OAuth client ID + - id: $$cap_auth_github_csec + label: AUTH_GITHUB_CSEC + defaultValue: '' + description: GitHub OAuth client secret + - id: $$cap_auth_twitter_cid + label: AUTH_TWITTER_CID + defaultValue: '' + description: Twitter Consumer API Key + - id: $$cap_auth_twitter_csec + label: AUTH_TWITTER_CSEC + defaultValue: '' + description: Twitter Consumer API Secret key + - id: $$cap_auth_patreon_cid + label: AUTH_PATREON_CID + defaultValue: '' + description: Patreon OAuth Client ID + - id: $$cap_auth_patreon_csec + label: AUTH_PATREON_CSEC + defaultValue: '' + description: Patreon OAuth Client Secret + - id: $$cap_auth_telegram + label: AUTH_TELEGRAM + defaultValue: 'false' + description: Enable Telegram auth (telegram.token must be present) + validRegex: /^(false|true)$/ + - id: $$cap_auth_yandex_cid + label: AUTH_YANDEX_CID + defaultValue: '' + description: Yandex OAuth client ID + - id: $$cap_auth_yandex_csec + label: AUTH_YANDEX_CSEC + defaultValue: '' + description: Yandex OAuth client secret + - id: $$cap_auth_dev + label: AUTH_DEV + defaultValue: 'false' + description: local OAuth2 server, development mode only + validRegex: /^(false|true)$/ + - id: $$cap_auth_anon + label: AUTH_ANON + defaultValue: 'false' + description: enable anonymous login + validRegex: /^(false|true)$/ + - id: $$cap_auth_email_enable + label: AUTH_EMAIL_ENABLE + defaultValue: 'false' + description: enable auth via email + validRegex: /^(false|true)$/ + - id: $$cap_auth_email_from + label: AUTH_EMAIL_FROM + defaultValue: '' + description: email from + - id: $$cap_auth_email_subj + label: AUTH_EMAIL_SUBJ + defaultValue: 'remark42 confirmation' + description: email subject + - id: $$cap_auth_email_content_type + label: AUTH_EMAIL_CONTENT_TYPE + defaultValue: 'text/html' + description: email content type + - id: $$cap_notify_users + label: NOTIFY_USERS + defaultValue: 'none' + description: type of user notifications (Telegram, email) + - id: $$cap_notify_admins + label: NOTIFY_ADMINS + defaultValue: 'none' + description: type of admin notifications (Telegram, Slack, webhook and/or email) + - id: $$cap_notify_queue + label: NOTIFY_QUEUE + defaultValue: '100' + description: size of notification queue + - id: $$cap_notify_telegram_chan + label: NOTIFY_TELEGRAM_CHAN + defaultValue: '' + description: the ID of telegram channel for admin notifications + - id: $$cap_notify_slack_token + label: NOTIFY_SLACK_TOKEN + defaultValue: '' + description: Slack token + - id: $$cap_notify_slack_chan + label: NOTIFY_SLACK_CHAN + defaultValue: 'general' + description: Slack channel for admin notifications + - id: $$cap_notify_webhook_url + label: NOTIFY_WEBHOOK_URL + defaultValue: '' + description: Webhook notification URL for admin notifications + - id: $$cap_notify_webhook_template + label: NOTIFY_WEBHOOK_TEMPLATE + defaultValue: '{\"text\": \"{{.Text}}\"}' + description: Webhook payload template + - id: $$cap_notify_webhook_headers + label: NOTIFY_WEBHOOK_HEADERS + defaultValue: '' + description: HTTP header in format Header1:Value1,Header2:Value2,... + - id: $$cap_notify_webhook_timeout + label: NOTIFY_WEBHOOK_TIMEOUT + defaultValue: '5s' + description: Webhook connection timeout + - id: $$cap_notify_email_fromAddress + label: NOTIFY_EMAIL_FROM + defaultValue: '' + description: from email address + - id: $$cap_notify_email_verification_subj + label: NOTIFY_EMAIL_VERIFICATION_SUBJ + defaultValue: 'Email verification' + description: verification message subject + - id: $$cap_telegram_token + label: TELEGRAM_TOKEN + defaultValue: '' + description: Telegram token (used for auth and Telegram notifications) + - id: $$cap_telegram_timeout + label: TELEGRAM_TIMEOUT + defaultValue: '5s' + description: Telegram connection timeout + - id: $$cap_smtp_host + label: SMTP_HOST + defaultValue: '' + description: SMTP host + - id: $$cap_smtp_port + label: SMTP_PORT + defaultValue: '' + description: SMTP port + - id: $$cap_smtp_username + label: SMTP_USERNAME + defaultValue: '' + description: SMTP user name + - id: $$cap_smtp_password + label: SMTP_PASSWORD + defaultValue: '' + description: SMTP password + - id: $$cap_smtp_tls + label: SMTP_TLS + defaultValue: 'false' + description: enable TLS for SMTP + validRegex: /^(false|true)$/ + - id: $$cap_smtp_timeout + label: SMTP_TIMEOUT + defaultValue: '10s' + description: SMTP TCP connection timeout + - id: $$cap_ssl_type + label: SSL_TYPE + defaultValue: 'none' + description: '`none`-HTTP, `static`-HTTPS, `auto`-HTTPS + le' + - id: $$cap_ssl_port + label: SSL_PORT + defaultValue: '8443' + description: port for HTTPS server + - id: $$cap_ssl_cert + label: SSL_CERT + defaultValue: '' + description: path to the cert.pem file + - id: $$cap_ssl_key + label: SSL_KEY + defaultValue: '' + description: path to the key.pem file + - id: $$cap_ssl_acme_location + label: SSL_ACME_LOCATION + defaultValue: './var/acme' + description: dir where obtained le-certs will be stored + - id: $$cap_ssl_acme_email + label: SSL_ACME_EMAIL + defaultValue: '' + description: admin email for receiving notifications from LE + - id: $$cap_max_comment + label: MAX_COMMENT_SIZE + defaultValue: '2048' + description: comment's size limit + - id: $$cap_max_votes + label: MAX_VOTES + defaultValue: '-1' + description: votes limit per comment, `-1` - unlimited + - id: $$cap_votes_ip + label: VOTES_IP + defaultValue: 'false' + description: restrict votes from the same IP + validRegex: /^(false|true)$/ + - id: $$cap_anon_vote + label: ANON_VOTE + defaultValue: 'false' + description: allow voting for anonymous users, require VOTES_IP to be enabled as well + validRegex: /^(false|true)$/ + - id: $$cap_votes_ip_time + label: VOTES_IP_TIME + defaultValue: '5m' + description: same IP vote restriction time, `0s` - unlimited + - id: $$cap_low_score + label: LOW_SCORE + defaultValue: '-5' + description: low score threshold + - id: $$cap_critical_score + label: CRITICAL_SCORE + defaultValue: '-10' + description: critical score threshold + - id: $$cap_positive_score + label: POSITIVE_SCORE + defaultValue: 'false' + description: restricts comment's score to be only positive + validRegex: /^(false|true)$/ + - id: $$cap_restricted_words + label: RESTRICTED_WORDS + defaultValue: '' + description: words banned in comments (can use `*`), _multi_ + - id: $$cap_restricted_names + label: RESTRICTED_NAMES + defaultValue: '' + description: names prohibited to use by the user, _multi_ + - id: $$cap_edit_time + label: EDIT_TIME + defaultValue: '5m' + description: edit window + - id: $$cap_admin_edit + label: ADMIN_EDIT + defaultValue: 'false' + description: unlimited edit for admins + validRegex: /^(false|true)$/ + - id: $$cap_read_age + label: READONLY_AGE + defaultValue: '' + description: read-only age of comments, days + - id: $$cap_image_proxy_http2https + label: IMAGE_PROXY_HTTP2HTTPS + defaultValue: 'false' + description: enable HTTP->HTTPS proxy for images + validRegex: /^(false|true)$/ + - id: $$cap_image_proxy_cache_external + label: IMAGE_PROXY_CACHE_EXTERNAL + defaultValue: 'false' + description: enable caching external images to current image storage + validRegex: /^(false|true)$/ + - id: $$cap_emoji + label: EMOJI + defaultValue: 'false' + description: enable emoji support + validRegex: /^(false|true)$/ + - id: $$cap_simple_view + label: SIMPLE_VIEW + defaultValue: 'false' + description: minimized UI with basic info only + validRegex: /^(false|true)$/ + - id: $$cap_proxy_cors + label: PROXY_CORS + defaultValue: 'false' + description: disable internal CORS and delegate it to proxy + validRegex: /^(false|true)$/ + - id: $$cap_allowed_hosts + label: ALLOWED_HOSTS + defaultValue: '' + description: limit hosts/sources allowed to embed comments, enable all by default + - id: $$cap_address + label: REMARK_ADDRESS + defaultValue: '' + description: web server listening address, all interfaces by default + - id: $$cap_port + label: REMARK_PORT + defaultValue: '8080' + description: web server port + - id: $$cap_web_root + label: REMARK_WEB_ROOT + defaultValue: './web' + description: web server root directory + - id: $$cap_update_limit + label: UPDATE_LIMIT + defaultValue: '0.5' + description: updates/sec limit + - id: $$cap_subscribers_only + label: SUBSCRIBERS_ONLY + defaultValue: 'false' + description: enable commenting only for Patreon subscribers + validRegex: /^(false|true)$/ + - id: $$cap_admin_passwd + label: ADMIN_PASSWD + defaultValue: '' + description: password for `admin` basic auth + - id: $$cap_dbg + label: DEBUG + defaultValue: 'false' + description: debug mode + validRegex: /^(false|true)$/ + instructions: + start: |- + See description of the parameters below [in the documentation](https://remark42.com/docs/configuration/parameters/). + + _multi_ parameters separated by `,` in the environment, like `ADMIN_SHARED_EMAIL=admin@example.org,admin2@example.org` + end: |- + Done, Remark42 will be accessible at in a minute. + + You must **enable HTTPS** for this application as otherwise, it won't work. Then verify that it works by the URL above and then follow [documentation on installation](https://remark42.com/docs/getting-started/installation/) to add comments to your site. + + While following the installation guide, set `YOUR_SITE_ID` to `$$cap_site` and `REMARK_URL` to `https://$$cap_appname.$$cap_root_domain`, and then add your site domain name to `ALLOWED_HOSTS`. + displayName: Remark42 + isOfficial: true + description: Self-hosted, lightweight, and simple (yet functional) comment engine, which doesn't spy on users. It can be embedded into blogs, articles or any other place where readers add comments. + documentation: Taken from https://github.com/umputun/remark42 diff --git a/public/v4/logos/remark42.png b/public/v4/logos/remark42.png new file mode 100644 index 0000000..2824d5d Binary files /dev/null and b/public/v4/logos/remark42.png differ