Différences

Ci-dessous, les différences entre deux révisions de la page.

--- systeme:documenso:autohebergement [2026/04/11 20:54] – [Créer le fichier d'environnement] techer.charles_educ-valadon-limoges.fr
+++ systeme:documenso:autohebergement [2026/05/12 22:05] (Version actuelle) – [Générer les secrets] techer.charles_educ-valadon-limoges.fr
@@ Ligne 112: / Ligne 112: @@
 </code>
+==== Définir un accès Admin ====
+Tous les comptes créés sont de simple utilisateur.
+Pour donner les droits admin à un compte existant, il faut modifier directement dans la base de données le rôle du compte choisi :
+<code>
+docker compose -f compose.yml exec database \
+  psql -U documenso -d documenso -c "UPDATE \"User\" SET roles = '{ADMIN}' WHERE email = 'your@email.com';"
+</code>
 ==== Utiliser minIO ====
 Prérequis :
   * MinIO en fonctionnement (conteneur Docker)
-  * Un bucket dédié (ex : lycee)
+  * Un bucket dédié : documenso. Le proxy sharepoint-point fera le mappage vers les dossiers pédagogiques (administration, bts-sio, etc.)
   * Une clé d’accès + secret
   * L’API S3 activée (par défaut)
+<WRAP center round info>
+Le bucket doit être créé dans minio sinon Documenso ne le voit pas. Documenso ne découvre pas les buckets automatiquement :
+<code>
+mc mb minio/documenso
+</code>
+</WRAP>
 === Variables d’environnement Documenso ===
@@ Ligne 128: / Ligne 145: @@
 S3_ENDPOINT=http://minio:9000
 S3_REGION=us-east-1
-S3_BUCKET_NAME=lycee
+S3_BUCKET_NAME=documenso
 S3_ACCESS_KEY_ID=compteadmin
@@ Ligne 158: / Ligne 175: @@
   database:
     image: postgres:15
-    environment:
+    env_file:
-      - POSTGRES_USER=${POSTGRES_USER:?err}
+      - .env
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?err}
-      - POSTGRES_DB=${POSTGRES_DB:?err}
     healthcheck:
       test: ['CMD-SHELL', 'pg_isready -U ${POSTGRES_USER}']
@@ Ligne 175: / Ligne 190: @@
       database:
         condition: service_healthy
-    environment:
+    env_file:
-      - PORT=${PORT:-3000}
+      - .env
-      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET:?err}
-      - NEXT_PRIVATE_ENCRYPTION_KEY=${NEXT_PRIVATE_ENCRYPTION_KEY:?err}
-      - NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=${NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY:?err}
-      - NEXT_PRIVATE_GOOGLE_CLIENT_ID=${NEXT_PRIVATE_GOOGLE_CLIENT_ID}
-      - NEXT_PRIVATE_GOOGLE_CLIENT_SECRET=${NEXT_PRIVATE_GOOGLE_CLIENT_SECRET}
-      - NEXT_PUBLIC_WEBAPP_URL=${NEXT_PUBLIC_WEBAPP_URL:?err}
-      - NEXT_PRIVATE_INTERNAL_WEBAPP_URL=${NEXT_PRIVATE_INTERNAL_WEBAPP_URL:-http://localhost:$PORT}
-      - NEXT_PRIVATE_DATABASE_URL=${NEXT_PRIVATE_DATABASE_URL:?err}
-      - NEXT_PRIVATE_DIRECT_DATABASE_URL=${NEXT_PRIVATE_DIRECT_DATABASE_URL:-${NEXT_PRIVATE_DATABASE_URL}}
-      - NEXT_PUBLIC_UPLOAD_TRANSPORT=${NEXT_PUBLIC_UPLOAD_TRANSPORT:-database}
-      - NEXT_PRIVATE_UPLOAD_ENDPOINT=${NEXT_PRIVATE_UPLOAD_ENDPOINT}
-      - NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE=${NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE}
-      - NEXT_PRIVATE_UPLOAD_REGION=${NEXT_PRIVATE_UPLOAD_REGION}
-      - NEXT_PRIVATE_UPLOAD_BUCKET=${NEXT_PRIVATE_UPLOAD_BUCKET}
-      - NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID=${NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID}
-      - NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY=${NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY}
-      - NEXT_PRIVATE_SMTP_TRANSPORT=${NEXT_PRIVATE_SMTP_TRANSPORT:?err}
-      - NEXT_PRIVATE_SMTP_HOST=${NEXT_PRIVATE_SMTP_HOST}
-      - NEXT_PRIVATE_SMTP_PORT=${NEXT_PRIVATE_SMTP_PORT}
-      - NEXT_PRIVATE_SMTP_USERNAME=${NEXT_PRIVATE_SMTP_USERNAME}
-      - NEXT_PRIVATE_SMTP_PASSWORD=${NEXT_PRIVATE_SMTP_PASSWORD}
-      - NEXT_PRIVATE_SMTP_APIKEY_USER=${NEXT_PRIVATE_SMTP_APIKEY_USER}
-      - NEXT_PRIVATE_SMTP_APIKEY=${NEXT_PRIVATE_SMTP_APIKEY}
-      - NEXT_PRIVATE_SMTP_SECURE=${NEXT_PRIVATE_SMTP_SECURE}
-      - NEXT_PRIVATE_SMTP_APIKEY=${NEXT_PRIVATE_SMTP_APIKEY}
-      - NEXT_PRIVATE_SMTP_SECURE=${NEXT_PRIVATE_SMTP_SECURE}
-      - NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS=${NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS}
-      - NEXT_PRIVATE_SMTP_FROM_NAME=${NEXT_PRIVATE_SMTP_FROM_NAME:?err}
-      - NEXT_PRIVATE_SMTP_FROM_ADDRESS=${NEXT_PRIVATE_SMTP_FROM_ADDRESS:?err}
-      - NEXT_PRIVATE_SMTP_SERVICE=${NEXT_PRIVATE_SMTP_SERVICE}
-      - NEXT_PRIVATE_RESEND_API_KEY=${NEXT_PRIVATE_RESEND_API_KEY}
-      - NEXT_PRIVATE_MAILCHANNELS_API_KEY=${NEXT_PRIVATE_MAILCHANNELS_API_KEY}
-      - NEXT_PRIVATE_MAILCHANNELS_ENDPOINT=${NEXT_PRIVATE_MAILCHANNELS_ENDPOINT}
-      - NEXT_PRIVATE_MAILCHANNELS_DKIM_DOMAIN=${NEXT_PRIVATE_MAILCHANNELS_DKIM_DOMAIN}
-      - NEXT_PRIVATE_MAILCHANNELS_DKIM_SELECTOR=${NEXT_PRIVATE_MAILCHANNELS_DKIM_SELECTOR}
-      - NEXT_PRIVATE_MAILCHANNELS_DKIM_PRIVATE_KEY=${NEXT_PRIVATE_MAILCHANNELS_DKIM_PRIVATE_KEY}
-      - NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT=${NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT}
-      - NEXT_PUBLIC_POSTHOG_KEY=${NEXT_PUBLIC_POSTHOG_KEY}
-      - NEXT_PUBLIC_DISABLE_SIGNUP=${NEXT_PUBLIC_DISABLE_SIGNUP}
-      - NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS=${NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS}
-      - NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/opt/documenso/cert.p12}
-      - NEXT_PRIVATE_SIGNING_PASSPHRASE=${NEXT_PRIVATE_SIGNING_PASSPHRASE}
-      - NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS=${NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS}
     ports:
       - ${PORT:-3000}:${PORT:-3000}
@@ Ligne 225: / Ligne 197: @@
       - /opt/documenso/cert.p12:/opt/documenso/cert.p12:ro
+  minio:
+    image: minio/minio:latest
+    container_name: minio
+    command: server /data --console-address ":9001"
+    env_file:
+      - .env
+    volumes:
+      - minio-data:/data
+    ports:
+      - "9000:9000"
+      - "9001:9001"
+  sharepoint-proxy:
+    build: ./sharepoint-proxy
+    container_name: sharepoint-proxy
+    volumes:
+      - ./certs:/certs:ro
+    working_dir: /app
+    env_file:
+      - .env
+    depends_on:
+      - minio
+    ports:
+      - "8080:8080"
 volumes:
   database:
@@ Ligne 275: / Ligne 271: @@
 NEXT_PRIVATE_SMTP_FROM_NAME="Documenso"
-# configuration S3 pour minio
+# configuration minio
+MINIO_ROOT_USER="compteadmmin"
+MINIO_ROOT_PASSWORD="motdepasse"
+# configuration stockage S3 pour documenso
+NEXT_PUBLIC_UPLOAD_TRANSPORT=s3
+NEXT_PRIVATE_UPLOAD_ENDPOINT=http://minio:9000
+NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE=true
+NEXT_PRIVATE_UPLOAD_REGION=us-east-1
+NEXT_PRIVATE_UPLOAD_BUCKET=lycee
+NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID="compte"
+NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY="secret"
+# configuration stockage S3 pour minio
 STORAGE_PROVIDER=s3
@@ Ligne 287: / Ligne 296: @@
 S3_FORCE_PATH_STYLE=true
 S3_USE_SSL=false
+# configuration de sharepoint-proxy
+MINIO_ROOT_USER=admin
+MINIO_ROOT_PASSWORD=motdepasse
+TENANT_ID=<ID du tenant>
+CLIENT_ID=<ID de l'application dans Entra ID>
+SITE_PATH=tenant.sharepoint.com:/sites/site
+CERT_PATH=/certs/minio-sharepoint.pem
+KEY_PATH=/certs/minio-sharepoint.key
+AUTHORITY=https://login.microsoftonline.com/<ID du tenant>
+GRAPH_SCOPE=https://graph.microsoft.com/.default
+WEBHOOK_SECRET="super-secret-minio"
+DOCUMENT_LIBRARY="Documents"
 </code>