Docker

Docker images are available at quay.io/bgo_bioimagerie, see docker-compose.yml as compose example.

Update docker-compose.yml file environment sections with your setup.

Some variables are defined in a .env file for sensitive and custom data.

Example:

PFM_WEB_URL=http://localhost:4000
PFM_ADMIN=pfmadmin
# Warning, those are secrets!!!
# min 8 characters
PFM_ADMIN_PASSWORD=mysensitivesuperadminpassword
PFM_ADMIN_EMAIL=admin@pfm.org
PFM_ADMIN_APIKEY=123456
PFM_INFLUXDB_TOKEN=123456
MYSQL_ROOT_PASSWORD=xxxx
MYSQL_PASSWORD=xxxx
....

See example docker/env.example for your .env file.

Exemple docker-compose.yml use local docker volumes to save database etc. Only local host mounted volume is data directory which contains space upload files, which should be writable by container www-data user and shared among pfm instances.

Though most data are in docker volumes, data must be backuped to an external system (databases).

Following env variables can be used to override Config/conf.ini:

• DEBUG: 0 # activate debug log level
• DEBUG_SQL: 1 # activate sql log level (not for production)
• MYSQL_HOST: mysql # mysql server name
  • MYSQL_DBNAME: platform_manager # name of the database on the mysql server
  • MYSQL_USER: platform_manager # Admin account to connect to mysql
  • MYSQL_PASS: platform_manager # Password to connect to mysql
  • MYSQL_ADMIN_PWD: ${MYSQL_ROOT_PASSWORD} # used for statistics
• SMTP_HOST: mailhog # smtp host name
• SMTP_PORT: 25 # smtp port
• SMTP_FROM: support@genouest.org # mail from address
• SMTP_TLS: 0 # activate tls support for smtp, false by default
• PFM_MODE: prod # optional [dev|prod|test], dev mode adds a console in browser with sql info
• PFM_ADMIN_USER: pfmadmin # superadmin user name (automatically created)
• PFM_ADMIN_EMAIL: admin@pfm.org # superadmin email
• PFM_ADMIN_PASSWORD: ${PFM_ADMIN_PASSWORD} # superadmin password
• PFM_ADMIN_APIKEY: ${PFM_ADMIN_APIKEY} # superadmin apikey, ifnot set, will be generated at account creation
• PFM_HEADLESS: 0|1 # optional headless mode (navbar) , default 0
• PFM_ROOTWEB: # optional, default / to serve app with prefix
• PFM_PUBLIC_URL: ${PFM_WEB_URL} # public http address for pfm service
• PFM_AMQP_HOST: pfm-rabbitmq # host for rabbitmq
  • PFM_AMQP_USER: pfm # rabbitmq user
  • PFM_AMQP_PASSWORD: pfm # rabbitmq password
• PFM_OPENID: ${PFM_OPENID} # comma separated list of external openid providers (google, orcid)
  • PFM_OPENID_GOOGLE_ICON: /externals/auth/btn_google_signin_dark_normal_web.png
  • PFM_OPENID_GOOGLE_URL: ${PFM_OPENID_GOOGLE_URL}
  • PFM_OPENID_GOOGLE_LOGIN: ${PFM_OPENID_GOOGLE_LOGIN}
  • PFM_OPENID_GOOGLE_CLIENT_ID: ${PFM_OPENID_GOOGLE_CLIENT_ID}
  • PFM_OPENID_GOOGLE_CLIENT_SECRET: ${PFM_OPENID_GOOGLE_CLIENT_SECRET}
• PFM_INFLUXDB_URL: http://influxdb:8086 # influxdb url
  • PFM_INFLUXDB_TOKEN: ${PFM_INFLUXDB_TOKEN} # influxdb access token
  • PFM_INFLUXDB_ORG: pfm # influxdb default organization
• PFM_ALLOW_REGISTRATION: 0 # (dis)allow user self registration
• PFM_JWT_SECRET: ${PFM_JWT_SECRET} # JWT tokens secret
• PFM_MODULES: # comma separated list of modules to load (in addition to those defined in conf.ini)
• PFM_REDIS_HOST: redis # optional, redis host name, needed for prometheus stats
• PFM_GRAFANA_URL: http://grafana:3000 # optional, grafana url
  • PFM_GRAFANA_USER: admin
  • PFM_GRAFANA_PASSWORD: ${PFM_ADMIN_PASSWORD}
• PFM_SENTRY_DSN: # optional, catch errors and send to an external Sentry server
• PFM_HELPDESK_EMAIL: # optional, base email used for helpdesk module support@pfm.org for example, users will write to support+space1@pfm.org
  • PFM_HELPDESK_IMAP_SERVER: ${PFM_HELPDESK_IMAP_SERVER} # hostname of imap provider
  • PFM_HELPDESK_IMAP_PORT: 110 # optional port of imap
  • PFM_HELPDESK_IMAP_USER: ${PFM_HELPDESK_IMAP_USER} # mail account name
  • PFM_HELPDESK_IMAP_PASSWORD: ${PFM_HELPDESK_IMAP_PASSWORD} # mail account password
  • PFM_HELPDESK_IMAP_TLS: [’’ (default), ‘/ssl’] # empty string or /ssl if using tls
• PFM_TIMEZONE: server timezone (Europe/Paris, …, defaults to UTC)
• PFM_MEMORY: sets php memory_limit (PFM_MEMORY: 1024M for example, else use default php settings) for pfm-events, pfm-helpdesk

And .env file should define (according to variables used):

• PFM_WEB_URL=http://localhost:4000

• PFM_ADMIN=pfmadmin

• PFM_ADMIN_PASSWORD=admin4genouest # min 8 characters

• PFM_ADMIN_EMAIL=admin@pfm.org

• PFM_ADMIN_APIKEY=123456

• PFM_INFLUXDB_TOKEN=123456

• PFM_OPENID= # comma separated list of supported providers, if empty no external auth

• If PFM_OPENID is defined:

  • PFM_OPENID_GOOGLE_URL=https://oauth2.googleapis.com/token
  • PFM_OPENID_GOOGLE_LOGIN=https://accounts.google.com/o/oauth2/v2/auth
  • PFM_OPENID_GOOGLE_CLIENT_ID=XXX
  • PFM_OPENID_GOOGLE_CLIENT_SECRET=XXX

• MYSQL_ROOT_PASSWORD=XXX

• MYSQL_PASSWORD=XXX

• PFM_JWT_SECRET=xxxx # used for jwt messages in different actions

• PFM_HELPDESK_EMAIL=myemail@mydomain

• PFM_HELPDESK_IMAP_SERVER=x.y.z # keep empty if not using helpdesk

• PFM_HELPDESK_IMAP_USER=yyyy

• PFM_HELPDESK_IMAP_PASSWORD=xxxxx

• PFM_LDAP_HOST: # optional LDAP configuration overiding ldap.ini, leave empty if non

  • PFM_LDAP_PORT: 389 # ldap port to use, default 389 or 636 if tls enabled
  • PFM_LDAP_USER: "" # ldap user id if not anonymous search/bind
  • PFM_LDAP_PASSWORD: "" # ldap user password
  • PFM_LDAP_DN: "" # base dn for ldap (dc=pfm,dc=org for example)
  • PFM_LDAP_SEARCH_DN: "" # base dn for user search and binding (ou=people,dc=pfm,dc=org for example)
  • PFM_LDAP_TLS: [0|1] # use TLS
  • PFM_LDAP_DEFAULT_STATUS: [1|2] visitor or user
  • PFM_LDAP_SEARCH_ATTR: “uid” ldap search attributes (pipe separated, ex: “uid|mail”)
  • PFM_LDAP_NAME_ATTR: “sn” ldap name attribute
  • PFM_LDAP_FIRSTNAME_ATTR: “givenname” ldap firstname attribute
  • PFM_LDAP_MAIL_ATTR: “mail” ldap email attribute
  • PFM_USE: [0|1] use ldap , if ldap_host is set, pfm_use is set to 1 by default unless explicitely set

See install