Docker images configuration
This section covers the configuration details that applies to both images.
Environment variables
You can also modify the behaviour of Tuleap with environment variables.
General
TULEAP_FQDN
: the Tuleap server name (without protocol).
Database
TULEAP_SYS_DBHOST
: database server name. See database installation for specific configuration.DB_ADMIN_USER
: admin user (root
or equivalent).DB_ADMIN_PASSWORD
: admin user password.TULEAP_SYS_DBPASSWD
: application user (typicallytuleapadm
) password.TULEAP_SYS_DBPORT
: define this variable if your database runs on a port different of3306
.TULEAP_SYS_ENABLESSL
: can be either0
to disable or1
to enable encryption of traffic with database. Default is0
TULEAP_SYS_DB_SSL_VERIFY_CERT
: can be either0
to disable or1
to enable verification of database’s certificates. Default is0
. WARNING: perl code (used for subversion core and some maintenance scripts) cannot enforce this, those parts will do encryption without certificate verification.TULEAP_SYS_DB_SSL_CA
: path toward a custom CA file for certifacte verification.
Site administration
SITE_ADMINISTRATOR_PASSWORD
: tuleapadmin
user password.TULEAP_SYS_EMAIL_ADMIN
: email address where all the system emails will be redirected (since 13.8).
Redis
TULEAP_FPM_SESSION_MODE
: you can set it toredis
so php sessions will be stored in a Redis K/V store. This also activate usage of redis for Tuleap (background events, etc).TULEAP_REDIS_SERVER
: needed if you setredis
forTULEAP_FPM_SESSION_MODE
.TULEAP_REDIS_PORT
: needed if redis is listening on port that is not6379
(the default).TULEAP_REDIS_PASSWORD
: needed if redis requires a password.TULEAP_REDIS_USE_TLS
: set to 1 if you want to encrypt the connection to Redis.
Email
TULEAP_EMAIL_TRANSPORT
: email transport (sendmail by default). (since 13.12).TULEAP_EMAIL_RELAYHOST
: email relay host (none by default).
Warning
Please note that not all plugins can be used with this configuration setting (email_relay) and you might need to customize the image to fit your needs.
TLS Certificates
Tuleap container generate a self signed certificate can only communicate in https. In order to have a valid certificate for your end users you either need to:
Delegate the certificate management to your ingress controller (Kubernetes)
Have a reverse proxy in front of the Tuleap container to deal with the certificate
I you don’t want to bother with a reverse proxy, you can modify the certificate generated by tuleap and set yours:
They key must be
/data/etc/pki/tls/private/localhost.key.pem
The cert must be
/data/etc/pki/tls/certs/localhost.cert.pem
If you need something more complex, use a reverse proxy.