Docker images configuration
This section covers the configuration details that applies to both images.
If you want the default configuration you can go to verify the image authencity.
Environment variables
You can also modify the behaviour of Tuleap with environment variables.
General
TULEAP_FQDN
: the Tuleap server name (without protocol).
Database
TULEAP_SYS_DBHOST
: database server name. See database installation for specific configuration.DB_ADMIN_USER
: admin user (root
or equivalent).DB_ADMIN_PASSWORD
: admin user password.TULEAP_SYS_DBPASSWD
: application user (typicallytuleapadm
) password.TULEAP_SYS_DBPORT
: define this variable if your database runs on a port different of3306
.TULEAP_SYS_ENABLESSL
: can be either0
to disable or1
to enable encryption of traffic with database. Default is0
TULEAP_SYS_DB_SSL_VERIFY_CERT
: can be either0
to disable or1
to enable verification of database’s certificates. Default is0
. WARNING: perl code (used for subversion core and some maintenance scripts) cannot enforce this, those parts will do encryption without certificate verification.TULEAP_SYS_DB_SSL_CA
: path toward a custom CA file for certifacte verification.
Site administration
SITE_ADMINISTRATOR_PASSWORD
: tuleapadmin
user password.TULEAP_SYS_EMAIL_ADMIN
: email address where all the system emails will be redirected (since 13.8).
Redis
TULEAP_FPM_SESSION_MODE
: you can set it toredis
so php sessions will be stored in a Redis K/V store.TULEAP_REDIS_SERVER
: needed if you setredis
forTULEAP_FPM_SESSION_MODE
.TULEAP_REDIS_PORT
: needed if redis is listening on port that is not6379
(the default).TULEAP_REDIS_PASSWORD
: needed if redis requires a password.TULEAP_REDIS_USE_TLS
: set to 1 if you want to encrypt the connection to Redis.
Email
TULEAP_EMAIL_TRANSPORT
: email transport (sendmail by default). (since 13.12).TULEAP_EMAIL_RELAYHOST
: email relay host (none by default).
Warning
Please note that not all plugins can be used with this configuration setting (email_relay) and you might need to customize the image to fit your needs.
Passwords
We recommend at least 20 chars but only alphabetical & numbers,
They are set at the first run only (not updated automatically).
TLS Certificates
Tuleap container generate a self signed certificate can only communicate in https. In order to have a valid certificate for your end users you either need to:
Delegate the certificate management to your ingress controller (Kubernetes)
Have a reverse proxy in front of the Tuleap container to deal with the certificate
I you don’t want to bother with a reverse proxy, you can modify the certificate generated by tuleap and set yours:
They key must be
/data/etc/pki/tls/private/localhost.key.pem
The cert must be
/data/etc/pki/tls/certs/localhost.cert.pem
If you need something more complex, use a reverse proxy.