Docker を使用するインストール
Docker 化された Weblate デプロイでは、数秒で個人の Weblate インスタンスを起動して実行できます。Weblate が必要なプログラムすべて含まれています。PostgreSQL が、デフォルト データベースとして設定されています。
ハードウェア要件
Weblate は、最新のハードウェアであれば問題なく動作します。以下は、Weblate を単一のホスト(Weblate、データベース、Web サーバー)で動作させるために必要な最小限の構成:
2 GB の RAM
2 CPU コア
1 GB の記憶容量(HDD or SSD)
メモリは多ければ多いほど良い - すべてのレベル(ファイルシステム、データベース、Weblate)でキャッシュとして使用します。
同時使用者が多い場合、必要な CPU コアの数が増えます。数百の翻訳コンポーネントを使用する場合は、少なくとも 4 GB の RAM が必要です。
一般的なデータベース ストレージの使用量は、ホストサーバーで管理する 100 万語の単語につき約 300 MB 必要です。リポジトリのクローンに必要なストレージ スペースはさまざまですが、Weblate は、シャロー クローンを実行してサイズを最小限に抑える努力をします。
注釈
実際に必要な Weblate のインストールの要件は、Weblate で管理する翻訳のサイズによって大きく変化します。
インストール
次の例は、docker-compose がインストール済みの Docker 環境が動作していることを前提としています。手順については、Docker のドキュメントを確認してください。
weblate-docker リポジトリのクローンの作成:
git clone https://github.com/WeblateOrg/docker-compose.git weblate-docker cd weblate-docker設定した内容で
docker-compose.override.ymlファイルを作成する(環境変数の完全なリストについては、:ref:'docker-environment' を確認すること):version: '3' services: weblate: ports: - 80:8080 environment: WEBLATE_EMAIL_HOST: smtp.example.com WEBLATE_EMAIL_HOST_USER: user WEBLATE_EMAIL_HOST_PASSWORD: pass WEBLATE_SERVER_EMAIL: weblate@example.com WEBLATE_DEFAULT_FROM_EMAIL: weblate@example.com WEBLATE_SITE_DOMAIN: weblate.example.com WEBLATE_ADMIN_PASSWORD: password for the admin user WEBLATE_ADMIN_EMAIL: weblate.admin@example.com
注釈
WEBLATE_ADMIN_PASSWORDが設定されていない場合は、最初の起動時に表示されるランダムなパスワードで、管理者ユーザーのアカウントが作成されます。この例では、ポート 80 で Weblate をリッスンします。変更する場合は、
docker-compose.override.ymlファイルのポート マッピングを編集してください。Weblate コンテナを起動する:
docker-compose up
Enjoy your Weblate deployment, it's accessible on port 80 of the weblate container.
バージョン 2.15-2 で変更: The setup has changed recently, priorly there was separate web server container, since 2.15-2 the web server is embedded in the Weblate container.
バージョン 3.7.1-6 で変更: In July 2019 (starting with the 3.7.1-6 tag), the containers are not running as a root user. This has changed the exposed port from 80 to 8080.
参考
Choosing Docker hub tag
You can use following tags on Docker hub, see https://hub.docker.com/r/weblate/weblate/tags/ for full list of available ones.
タグ名 |
解説 |
Use case |
|---|---|---|
|
Weblate stable release, matches latest tagged release |
Rolling updates in a production environment |
|
Weblate 安定版のリリース |
Well defined deploy in a production environment |
|
Weblate stable release with development changes in the Docker container (for example updated dependencies) |
Rolling updates in a staging environment |
|
Weblate stable release with development changes in the Docker container (for example updated dependencies) |
Well defined deploy in a staging environment |
|
Development version Weblate from Git |
Rollling updates to test upcoming Weblate features |
|
Development version Weblate from Git |
Well defined deploy to test upcoming Weblate features |
Every image is tested by our CI before it gets published, so even the bleeding version should be quite safe to use.
Docker container with HTTPS support
Please see インストール for generic deployment instructions, this section only mentions differences compared to it.
Using own SSL certificates
バージョン 3.8-3 で追加.
In case you have own SSL certificate you want to use, simply place the files into the Weblate data volume (see Docker container volumes):
ssl/fullchain.pemcontaining the certificate including any needed CA certificatesssl/privkey.pemcontaining the private key
Both of these files must be owned by the same user as the one starting the docker container and have file mask set to 600 (readable and writable only by the owning user).
Additionally, Weblate container will now accept SSL connections on port 4443, you will want to include the port forwarding for HTTPS in docker compose override:
version: '3'
services:
weblate:
ports:
- 80:8080
- 443:4443
If you already host other sites on the same server, it is likely ports 80 and 443 are used by a reverse proxy, such as NGINX. To pass the HTTPS connection from NGINX to the docker container, you can use the following configuration:
server {
listen 443;
listen [::]:443;
server_name <SITE_URL>;
ssl_certificate /etc/letsencrypt/live/<SITE>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<SITE>/privkey.pem;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_pass https://127.0.0.1:<EXPOSED_DOCKER_PORT>;
}
}
Replace <SITE_URL>, <SITE> and <EXPOSED_DOCKER_PORT> with actual values from your environment.
Automatic SSL certificates using Let’s Encrypt
In case you want to use Let’s Encrypt
automatically generated SSL certificates on public installation, you need to
add a reverse HTTPS proxy an additional Docker container, https-portal will be used for that.
This is made use of in the docker-compose-https.yml file. Then create
a docker-compose-https.override.yml file with your settings:
version: '3'
services:
weblate:
environment:
WEBLATE_EMAIL_HOST: smtp.example.com
WEBLATE_EMAIL_HOST_USER: user
WEBLATE_EMAIL_HOST_PASSWORD: pass
WEBLATE_SITE_DOMAIN: weblate.example.com
WEBLATE_ADMIN_PASSWORD: password for admin user
https-portal:
environment:
DOMAINS: 'weblate.example.com -> http://weblate:8080'
Whenever invoking docker-compose you need to pass both files to it, and then do:
docker-compose -f docker-compose-https.yml -f docker-compose-https.override.yml build
docker-compose -f docker-compose-https.yml -f docker-compose-https.override.yml up
Upgrading the Docker container
Usually it is good idea to only update the Weblate container and keep the PostgreSQL container at the version you have, as upgrading PostgreSQL is quite painful and in most cases does not bring many benefits.
バージョン 4.10-1 で変更: Weblate 4.10-1 以降の Docker コンテナーは、PostgreSQL 10 以降が必要な Django 4.0 を使用するため、Weblate をアップグレードする前に PostgreSQL コンテナのアップグレードをしてください。参照: 4.9 から 4.10 にアップグレード および PostgreSQL コンテナのアップグレード。
You can do this by sticking with the existing docker-compose and just pull the latest images and then restart:
# Fetch latest versions of the images
docker-compose pull
# Stop and destroy the containers
docker-compose down
# Spawn new containers in the background
docker-compose up -d
# Follow the logs during upgrade
docker-compose logs -f
The Weblate database should be automatically migrated on first startup, and there should be no need for additional manual actions.
注釈
Upgrades across major versions are not supported by Weblate. For example,
if you are on 3.x series and want to upgrade to 4.x, first upgrade to the
latest 4.0.x-y image (at time of writing this it is the 4.0.4-5), which
will do the migration and then continue upgrading to newer versions.
docker-compose リポジトリを更新したくなるかもしれませんが、ほとんどの場合は必要ありません。PostgreSQL サーバのアップグレードについては、PostgreSQL コンテナのアップグレード を参照してください。
PostgreSQL コンテナのアップグレード
PostgreSQL コンテナは、バージョンの自動アップグレードには対応していません。手動でアップグレードしてください。次の手順は、アップグレードの方法の中の 1 つです。
Weblate コンテナの停止:
docker-compose stop weblate cache
データベースのバックアップ:
docker-compose exec database pg_dumpall --clean --username weblate > backup.sqlデータベース コンテナの停止:
docker-compose stop database
PostgreSQL ボリュームの削除:
docker-compose rm -v database docker volume remove weblate_postgres-data
新しい PostgreSQL のバージョンを使用するように :file:`docker-compose.yml`を編集します。
データベース コンテナの起動:
docker-compose up -d database
データベースをバックアップから復元:
cat backup.sql | docker-compose exec -T database psql --username weblate --dbname postgres
残りのコンテナをすべて起動:
docker-compose up -d
管理者としてサイン イン
After container setup, you can sign in as admin user with password provided
in WEBLATE_ADMIN_PASSWORD, or a random password generated on first
start if that was not set.
To reset admin password, restart the container with
WEBLATE_ADMIN_PASSWORD set to new password.
Number of processes and memory consumption
The number of worker processes for both uWSGI and Celery is determined automatically based on number of CPUs. This works well for most cloud virtual machines as these typically have few CPUs and good amount of memory.
CPU のコア数が多く、メモリ不足の問題が発生する場合、ワーカーの数を減らしてみてください。ワーカー数の設定例:
environment:
WEBLATE_WORKERS: 2
You can also fine-tune individual worker categories:
environment:
WEB_WORKERS: 4
CELERY_MAIN_OPTIONS: --concurrency 2
CELERY_NOTIFY_OPTIONS: --concurrency 1
CELERY_TRANSLATE_OPTIONS: --concurrency 1
Scaling horizontally
バージョン 4.6 で追加.
You can run multiple Weblate containers to scale the service horizontally. The
/app/data volume has to be shared by all containers, it is recommended
to use cluster filesystem such as GlusterFS for this. The /app/cache
volume should be separate for each container.
Each Weblate container has defined role using WEBLATE_SERVICE
environment variable. Please follow carefully the documentation as some of the
services should be running just once in the cluster and the ordering of the
services matters as well.
You can find example setup in the docker-compose repo as
docker-compose-split.yml.
Docker environment variables
Many of Weblate's 設定 can be set in the Docker container using environment variables:
Generic settings
- WEBLATE_LOGLEVEL
Configures the logging verbosity.
- WEBLATE_LOGLEVEL_DATABASE
Configures the logging of the database queries verbosity.
- WEBLATE_SITE_TITLE
Changes the site-title shown in the header of all pages.
- WEBLATE_SITE_DOMAIN
サイトのドメインを設定します。このパラメーターは必須です。
- WEBLATE_ADMIN_NAME
- WEBLATE_ADMIN_EMAIL
Configures the site-admin's name and e-mail. It is used for both
ADMINSsetting and creating admin user (seeWEBLATE_ADMIN_PASSWORDfor more info on that).例:
environment: WEBLATE_ADMIN_NAME: Weblate admin WEBLATE_ADMIN_EMAIL: noreply@example.com
- WEBLATE_ADMIN_PASSWORD
Sets the password for the admin user.
If not set and admin user does not exist, it is created with a random password shown on first container startup.
If not set and admin user exists, no action is performed.
If set the admin user is adjusted on every container startup to match
WEBLATE_ADMIN_PASSWORD,WEBLATE_ADMIN_NAMEandWEBLATE_ADMIN_EMAIL.
警告
It might be a security risk to store password in the configuration file. Consider using this variable only for initial setup (or let Weblate generate random password on initial startup) or for password recovery.
- WEBLATE_ADMIN_PASSWORD_FILE
Sets the path to a file containing the password for the admin user.
- WEBLATE_SERVER_EMAIL
The email address that error messages are sent from.
- WEBLATE_DEFAULT_FROM_EMAIL
送信用のメールアドレスを設定します。
- WEBLATE_CONTACT_FORM
問い合わせフォームの動作を設定します。参照:
CONTACT_FORM。
- WEBLATE_ALLOWED_HOSTS
ALLOWED_HOSTSを使用して、許可する HTTP ホスト名を設定します。デフォルトは
*で、すべてのホスト名を許可します。例:
environment: WEBLATE_ALLOWED_HOSTS: weblate.example.com,example.com
- WEBLATE_REGISTRATION_OPEN
Configures whether registrations are open by toggling
REGISTRATION_OPEN.例:
environment: WEBLATE_REGISTRATION_OPEN: 0
- WEBLATE_REGISTRATION_ALLOW_BACKENDS
Configure which authentication methods can be used to create new account via
REGISTRATION_ALLOW_BACKENDS.例:
environment: WEBLATE_REGISTRATION_OPEN: 0 WEBLATE_REGISTRATION_ALLOW_BACKENDS: azuread-oauth2,azuread-tenant-oauth2
- WEBLATE_TIME_ZONE
Configures the used time zone in Weblate, see
TIME_ZONE.注釈
To change the time zone of the Docker container itself, use the
TZenvironment variable.例:
environment: WEBLATE_TIME_ZONE: Europe/Prague
- WEBLATE_ENABLE_HTTPS
Makes Weblate assume it is operated behind a reverse HTTPS proxy, it makes Weblate use HTTPS in e-mail and API links or set secure flags on cookies.
ヒント
Please see
ENABLE_HTTPSdocumentation for possible caveats.注釈
This does not make the Weblate container accept HTTPS connections, you need to configure that as well, see Docker container with HTTPS support for examples.
例:
environment: WEBLATE_ENABLE_HTTPS: 1
- WEBLATE_INTERLEDGER_PAYMENT_POINTERS
バージョン 4.12.1 で追加.
Lets Weblate set the meta[name=monetization] field in the head of the document. If multiple are specified, chooses one randomly.
- WEBLATE_IP_PROXY_HEADER
Lets Weblate fetch the IP address from any given HTTP header. Use this when using a reverse proxy in front of the Weblate container.
Enables
IP_BEHIND_REVERSE_PROXYand setsIP_PROXY_HEADER.注釈
The format must conform to Django's expectations. Django transforms raw HTTP header names as follows:
converts all characters to uppercase
replaces any hyphens with underscores
prepends
HTTP_prefix
So
X-Forwarded-Forwould be mapped toHTTP_X_FORWARDED_FOR.例:
environment: WEBLATE_IP_PROXY_HEADER: HTTP_X_FORWARDED_FOR
- WEBLATE_SECURE_PROXY_SSL_HEADER
A tuple representing a HTTP header/value combination that signifies a request is secure. This is needed when Weblate is running behind a reverse proxy doing SSL termination which does not pass standard HTTPS headers.
例:
environment: WEBLATE_SECURE_PROXY_SSL_HEADER: HTTP_X_FORWARDED_PROTO,https
- WEBLATE_REQUIRE_LOGIN
Enables
REQUIRE_LOGINto enforce authentication on whole Weblate.例:
environment: WEBLATE_REQUIRE_LOGIN: 1
- WEBLATE_LOGIN_REQUIRED_URLS_EXCEPTIONS
- WEBLATE_ADD_LOGIN_REQUIRED_URLS_EXCEPTIONS
- WEBLATE_REMOVE_LOGIN_REQUIRED_URLS_EXCEPTIONS
Adds URL exceptions for authentication required for the whole Weblate installation using
LOGIN_REQUIRED_URLS_EXCEPTIONS.You can either replace whole settings, or modify default value using
ADDandREMOVEvariables.
- WEBLATE_GOOGLE_ANALYTICS_ID
Configures ID for Google Analytics by changing
GOOGLE_ANALYTICS_ID.
- WEBLATE_GITHUB_USERNAME
Configures GitHub username for GitHub pull-requests by changing
GITHUB_USERNAME.
- WEBLATE_GITHUB_TOKEN
バージョン 4.3 で追加.
Configures GitHub personal access token for GitHub pull-requests via API by changing
GITHUB_TOKEN.
- WEBLATE_GITLAB_USERNAME
Configures GitLab username for GitLab merge-requests by changing
GITLAB_USERNAME
- WEBLATE_GITLAB_TOKEN
Configures GitLab personal access token for GitLab merge-requests via API by changing
GITLAB_TOKEN
- WEBLATE_PAGURE_USERNAME
PAGURE_USERNAMEを変更して、Pagure merge-requests 用の Pagure ユーザー名を設定する
- WEBLATE_PAGURE_TOKEN
PAGURE_TOKENを変更して、API 経由の Pagure のマージリクエストに対して、Pagure の個人用アクセス トークンを構成する
- WEBLATE_DEFAULT_PULL_MESSAGE
PAGURE_TOKENを変更して、API 経由の Pagure のプルリクエストに対して、Pagure の個人用アクセス トークンを構成する
- WEBLATE_SIMPLIFY_LANGUAGES
Configures the language simplification policy, see
SIMPLIFY_LANGUAGES.
- WEBLATE_DEFAULT_ACCESS_CONTROL
Configures the default アクセス制御 for new projects, see
DEFAULT_ACCESS_CONTROL.
- WEBLATE_DEFAULT_RESTRICTED_COMPONENT
Configures the default value for アクセス制限 for new components, see
DEFAULT_RESTRICTED_COMPONENT.
- WEBLATE_DEFAULT_TRANSLATION_PROPAGATION
Configures the default value for 翻訳の自動反映の有効化 for new components, see
DEFAULT_TRANSLATION_PROPAGATION.
- WEBLATE_DEFAULT_COMMITER_EMAIL
Configures
DEFAULT_COMMITER_EMAIL.
- WEBLATE_DEFAULT_COMMITER_NAME
Configures
DEFAULT_COMMITER_NAME.
- WEBLATE_DEFAULT_SHARED_TM
DEFAULT_SHARED_TMの設定。
- WEBLATE_AKISMET_API_KEY
Configures the Akismet API key, see
AKISMET_API_KEY.
- WEBLATE_GPG_IDENTITY
Configures GPG signing of commits, see
WEBLATE_GPG_IDENTITY.
- WEBLATE_URL_PREFIX
Configures URL prefix where Weblate is running, see
URL_PREFIX.
- WEBLATE_SILENCED_SYSTEM_CHECKS
Configures checks which you do not want to be displayed, see
SILENCED_SYSTEM_CHECKS.
- WEBLATE_CSP_SCRIPT_SRC
- WEBLATE_CSP_IMG_SRC
- WEBLATE_CSP_CONNECT_SRC
- WEBLATE_CSP_STYLE_SRC
- WEBLATE_CSP_FONT_SRC
Allows to customize
Content-Security-PolicyHTTP header.
- WEBLATE_LICENSE_FILTER
LICENSE_FILTERの設定。
- WEBLATE_LICENSE_REQUIRED
LICENSE_REQUIREDの設定
- WEBLATE_WEBSITE_REQUIRED
WEBSITE_REQUIREDの設定
- WEBLATE_HIDE_VERSION
HIDE_VERSIONの設定。
- WEBLATE_BASIC_LANGUAGES
BASIC_LANGUAGESの設定。
- WEBLATE_DEFAULT_AUTO_WATCH
DEFAULT_AUTO_WATCHの設定。
- WEBLATE_RATELIMIT_ATTEMPTS
- WEBLATE_RATELIMIT_LOCKOUT
- WEBLATE_RATELIMIT_WINDOW
バージョン 4.6 で追加.
接続制限を設定する。
ヒント
You can set configuration for any rate limiter scopes. To do that add
WEBLATE_prefix to any of setting described in 接続制限.
- WEBLATE_API_RATELIMIT_ANON
- WEBLATE_API_RATELIMIT_USER
バージョン 4.11 で追加.
API リクエストの接続制限の設定。デフォルトでは、匿名ユーザーの場合は 100 リクエスト / 日、認証済みユーザーの場合は 5000 リクエスト / 時間に制限しています。
参考
- WEBLATE_ENABLE_AVATARS
バージョン 4.6.1 で追加.
ENABLE_AVATARSの設定。
- WEBLATE_LIMIT_TRANSLATION_LENGTH_BY_SOURCE_LENGTH
バージョン 4.9 で追加.
- WEBLATE_SSH_EXTRA_ARGS
バージョン 4.9 で追加.
SSH_EXTRA_ARGSの設定。
- WEBLATE_BORG_EXTRA_ARGS
バージョン 4.9 で追加.
BORG_EXTRA_ARGSの設定。
Machine translation settings
ヒント
Configuring API key for a service automatically configures it in MT_SERVICES.
- WEBLATE_MT_APERTIUM_APY
Enables Apertium machine translation and sets
MT_APERTIUM_APY
- WEBLATE_MT_AWS_REGION
- WEBLATE_MT_AWS_ACCESS_KEY_ID
- WEBLATE_MT_AWS_SECRET_ACCESS_KEY
Configures AWS machine translation.
environment: WEBLATE_MT_AWS_REGION: us-east-1 WEBLATE_MT_AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE WEBLATE_MT_AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
- WEBLATE_MT_DEEPL_KEY
Enables DeepL machine translation and sets
MT_DEEPL_KEY
- WEBLATE_MT_DEEPL_API_URL
使用する DeepL API のバージョンを設定します。参照:
MT_DEEPL_API_URL。
- WEBLATE_MT_LIBRETRANSLATE_KEY
Enables LibreTranslate machine translation and sets
MT_LIBRETRANSLATE_KEY
- WEBLATE_MT_LIBRETRANSLATE_API_URL
使用する LibreTranslate API のバージョンを設定します。参照:
MT_LIBRETRANSLATE_API_URL。
- WEBLATE_MT_GOOGLE_KEY
Enables Google 翻訳 and sets
MT_GOOGLE_KEY
- WEBLATE_MT_GOOGLE_CREDENTIALS
Enables Google Translate API V3(Advanced) and sets
MT_GOOGLE_CREDENTIALS
- WEBLATE_MT_GOOGLE_PROJECT
Enables Google Translate API V3(Advanced) and sets
MT_GOOGLE_PROJECT
- WEBLATE_MT_GOOGLE_LOCATION
Enables Google Translate API V3(Advanced) and sets
MT_GOOGLE_LOCATION
- WEBLATE_MT_MICROSOFT_COGNITIVE_KEY
Enables Microsoft Cognitive Services Translator and sets
MT_MICROSOFT_COGNITIVE_KEY
- WEBLATE_MT_MICROSOFT_ENDPOINT_URL
Sets
MT_MICROSOFT_ENDPOINT_URL, please note this is supposed to contain domain name only.
- WEBLATE_MT_MICROSOFT_REGION
Sets
MT_MICROSOFT_REGION
- WEBLATE_MT_MICROSOFT_BASE_URL
- WEBLATE_MT_MODERNMT_KEY
Enables ModernMT and sets
MT_MODERNMT_KEY.
- WEBLATE_MT_MYMEMORY_ENABLED
Enables MyMemory machine translation and sets
MT_MYMEMORY_EMAILtoWEBLATE_ADMIN_EMAIL.例:
environment: WEBLATE_MT_MYMEMORY_ENABLED: 1
- WEBLATE_MT_MICROSOFT_TERMINOLOGY_ENABLED
Microsoft Terminology Service 機械翻訳の有効化。
environment: WEBLATE_MT_MICROSOFT_TERMINOLOGY_ENABLED: 1
- WEBLATE_MT_SAP_BASE_URL
- WEBLATE_MT_SAP_SANDBOX_APIKEY
- WEBLATE_MT_SAP_USERNAME
- WEBLATE_MT_SAP_PASSWORD
- WEBLATE_MT_SAP_USE_MT
Configures SAP Translation Hub machine translation.
environment: WEBLATE_MT_SAP_BASE_URL: "https://example.hana.ondemand.com/translationhub/api/v1/" WEBLATE_MT_SAP_USERNAME: "user" WEBLATE_MT_SAP_PASSWORD: "password" WEBLATE_MT_SAP_USE_MT: 1
Authentication settings
LDAP
- WEBLATE_AUTH_LDAP_SERVER_URI
- WEBLATE_AUTH_LDAP_USER_DN_TEMPLATE
- WEBLATE_AUTH_LDAP_USER_ATTR_MAP
- WEBLATE_AUTH_LDAP_BIND_DN
- WEBLATE_AUTH_LDAP_BIND_PASSWORD
- WEBLATE_AUTH_LDAP_CONNECTION_OPTION_REFERRALS
- WEBLATE_AUTH_LDAP_USER_SEARCH
- WEBLATE_AUTH_LDAP_USER_SEARCH_FILTER
- WEBLATE_AUTH_LDAP_USER_SEARCH_UNION
- WEBLATE_AUTH_LDAP_USER_SEARCH_UNION_DELIMITER
LDAP authentication configuration.
Example for direct bind:
environment: WEBLATE_AUTH_LDAP_SERVER_URI: ldap://ldap.example.org WEBLATE_AUTH_LDAP_USER_DN_TEMPLATE: uid=%(user)s,ou=People,dc=example,dc=net # map weblate 'full_name' to ldap 'name' and weblate 'email' attribute to 'mail' ldap attribute. # another example that can be used with OpenLDAP: 'full_name:cn,email:mail' WEBLATE_AUTH_LDAP_USER_ATTR_MAP: full_name:name,email:mail
Example for search and bind:
environment: WEBLATE_AUTH_LDAP_SERVER_URI: ldap://ldap.example.org WEBLATE_AUTH_LDAP_BIND_DN: CN=ldap,CN=Users,DC=example,DC=com WEBLATE_AUTH_LDAP_BIND_PASSWORD: password WEBLATE_AUTH_LDAP_USER_ATTR_MAP: full_name:name,email:mail WEBLATE_AUTH_LDAP_USER_SEARCH: CN=Users,DC=example,DC=com
Example for union search and bind:
environment: WEBLATE_AUTH_LDAP_SERVER_URI: ldap://ldap.example.org WEBLATE_AUTH_LDAP_BIND_DN: CN=ldap,CN=Users,DC=example,DC=com WEBLATE_AUTH_LDAP_BIND_PASSWORD: password WEBLATE_AUTH_LDAP_USER_ATTR_MAP: full_name:name,email:mail WEBLATE_AUTH_LDAP_USER_SEARCH_UNION: ou=users,dc=example,dc=com|ou=otherusers,dc=example,dc=com
Example with search and bind against Active Directory:
environment: WEBLATE_AUTH_LDAP_BIND_DN: CN=ldap,CN=Users,DC=example,DC=com WEBLATE_AUTH_LDAP_BIND_PASSWORD: password WEBLATE_AUTH_LDAP_SERVER_URI: ldap://ldap.example.org WEBLATE_AUTH_LDAP_CONNECTION_OPTION_REFERRALS: 0 WEBLATE_AUTH_LDAP_USER_ATTR_MAP: full_name:name,email:mail WEBLATE_AUTH_LDAP_USER_SEARCH: CN=Users,DC=example,DC=com WEBLATE_AUTH_LDAP_USER_SEARCH_FILTER: (sAMAccountName=%(user)s)
参考
GitHub
- WEBLATE_SOCIAL_AUTH_GITHUB_KEY
- WEBLATE_SOCIAL_AUTH_GITHUB_SECRET
- WEBLATE_SOCIAL_AUTH_GITHUB_ORG_KEY
- WEBLATE_SOCIAL_AUTH_GITHUB_ORG_SECRET
- WEBLATE_SOCIAL_AUTH_GITHUB_ORG_NAME
- WEBLATE_SOCIAL_AUTH_GITHUB_TEAM_KEY
- WEBLATE_SOCIAL_AUTH_GITHUB_TEAM_SECRET
Bitbucket
- WEBLATE_SOCIAL_AUTH_BITBUCKET_OAUTH2_KEY
- WEBLATE_SOCIAL_AUTH_BITBUCKET_OAUTH2_SECRET
- WEBLATE_SOCIAL_AUTH_BITBUCKET_KEY
- WEBLATE_SOCIAL_AUTH_BITBUCKET_SECRET
Bitbucket 認証 の有効化。
Facebook
- WEBLATE_SOCIAL_AUTH_FACEBOOK_KEY
- WEBLATE_SOCIAL_AUTH_FACEBOOK_SECRET
Facebook OAuth 2 の有効化。
Google
- WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_KEY
- WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET
- WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
- WEBLATE_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS
Google OAuth 2 の有効化。
GitLab
- WEBLATE_SOCIAL_AUTH_GITLAB_KEY
- WEBLATE_SOCIAL_AUTH_GITLAB_SECRET
- WEBLATE_SOCIAL_AUTH_GITLAB_API_URL
GitLab OAuth 2 の有効化。
Azure Active Directory
- WEBLATE_SOCIAL_AUTH_AZUREAD_OAUTH2_KEY
- WEBLATE_SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET
Enables Azure Active Directory authentication, see Microsoft Azure Active Directory.
Azure Active Directory with Tenant support
- WEBLATE_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY
- WEBLATE_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET
- WEBLATE_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID
Enables Azure Active Directory authentication with Tenant support, see Microsoft Azure Active Directory.
Keycloak
- WEBLATE_SOCIAL_AUTH_KEYCLOAK_KEY
- WEBLATE_SOCIAL_AUTH_KEYCLOAK_SECRET
- WEBLATE_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY
- WEBLATE_SOCIAL_AUTH_KEYCLOAK_ALGORITHM
- WEBLATE_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL
- WEBLATE_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL
Enables Keycloak authentication, see documentation.
Linux vendors
You can enable authentication using Linux vendors authentication services by setting following variables to any value.
- WEBLATE_SOCIAL_AUTH_FEDORA
- WEBLATE_SOCIAL_AUTH_OPENSUSE
- WEBLATE_SOCIAL_AUTH_UBUNTU
Slack
- WEBLATE_SOCIAL_AUTH_SLACK_KEY
SAML
Self-signed SAML keys are automatically generated on first container startup.
In case you want to use own keys, place the certificate and private key in
/app/data/ssl/saml.crt and /app/data/ssl/saml.key.
- WEBLATE_SAML_IDP_ENTITY_ID
- WEBLATE_SAML_IDP_URL
Other authentication settings
- WEBLATE_NO_EMAIL_AUTH
Disables e-mail authentication when set to any value. See パスワード認証の無効化.
PostgreSQL database setup
データベースは docker-compose.yml によって作成されるので、この設定は、Weblate と PostgreSQL の両方のコンテナに影響を与えます。
- POSTGRES_PASSWORD
PostgreSQL password.
- POSTGRES_PASSWORD_FILE
Path to the file containing the PostgreSQL password. Use as an alternative to POSTGRES_PASSWORD.
- POSTGRES_USER
PostgreSQL username.
- POSTGRES_DATABASE
PostgreSQL database name.
- POSTGRES_HOST
PostgreSQL server hostname or IP address. Defaults to
database.
- POSTGRES_PORT
PostgreSQL server port. Defaults to none (uses the default value).
- POSTGRES_SSL_MODE
Configure how PostgreSQL handles SSL in connection to the server, for possible choices see SSL Mode Descriptions
- POSTGRES_ALTER_ROLE
Configures name of role to alter during migrations, see Weblate で PostgreSQL を使用するための設定.
- POSTGRES_CONN_MAX_AGE
バージョン 4.8.1 で追加.
The lifetime of a database connection, as an integer of seconds. Use 0 to close database connections at the end of each request (this is the default behavior).
Enabling connection persistence will typically, cause more open connection to the database. Please adjust your database configuration prior enabling.
設定例:
environment: POSTGRES_CONN_MAX_AGE: 3600
- POSTGRES_DISABLE_SERVER_SIDE_CURSORS
バージョン 4.9.1 で追加.
Disable server side cursors in the database. This is necessary in some pgbouncer setups.
設定例:
environment: POSTGRES_DISABLE_SERVER_SIDE_CURSORS: 1
Database backup settings
- WEBLATE_DATABASE_BACKUP
Configures the daily database dump using
DATABASE_BACKUP. Defaults toplain.
Caching server setup
Using Redis is strongly recommended by Weblate and you have to provide a Redis instance when running Weblate in Docker.
参考
- REDIS_HOST
The Redis server hostname or IP address. Defaults to
cache.
- REDIS_PORT
The Redis server port. Defaults to
6379.
- REDIS_DB
The Redis database number, defaults to
1.
- REDIS_PASSWORD
The Redis server password, not used by default.
- REDIS_TLS
Enables using SSL for Redis connection.
- REDIS_VERIFY_SSL
Can be used to disable SSL certificate verification for Redis connection.
Email server setup
To make outgoing e-mail work, you need to provide a mail server.
Example TLS configuration:
environment:
WEBLATE_EMAIL_HOST: smtp.example.com
WEBLATE_EMAIL_HOST_USER: user
WEBLATE_EMAIL_HOST_PASSWORD: pass
Example SSL configuration:
environment:
WEBLATE_EMAIL_HOST: smtp.example.com
WEBLATE_EMAIL_PORT: 465
WEBLATE_EMAIL_HOST_USER: user
WEBLATE_EMAIL_HOST_PASSWORD: pass
WEBLATE_EMAIL_USE_TLS: 0
WEBLATE_EMAIL_USE_SSL: 1
参考
- WEBLATE_EMAIL_HOST
Mail server hostname or IP address.
- WEBLATE_EMAIL_PORT
Mail server port, defaults to 25.
参考
- WEBLATE_EMAIL_HOST_USER
メール認証ユーザー。
- WEBLATE_EMAIL_HOST_PASSWORD
メール認証のパスワード。
- WEBLATE_EMAIL_HOST_PASSWORD_FILE
メール認証用パスワードを含むファイルへのパス。
- WEBLATE_EMAIL_USE_SSL
Whether to use an implicit TLS (secure) connection when talking to the SMTP server. In most e-mail documentation, this type of TLS connection is referred to as SSL. It is generally used on port 465. If you are experiencing problems, see the explicit TLS setting
WEBLATE_EMAIL_USE_TLS.バージョン 4.11 で変更: SSL/TLS への対応は、
WEBLATE_EMAIL_PORTの設定により自動的に有効となります。
- WEBLATE_EMAIL_USE_TLS
Whether to use a TLS (secure) connection when talking to the SMTP server. This is used for explicit TLS connections, generally on port 587 or 25. If you are experiencing connections that hang, see the implicit TLS setting
WEBLATE_EMAIL_USE_SSL.バージョン 4.11 で変更: SSL/TLS への対応は、
WEBLATE_EMAIL_PORTの設定により自動的に有効となります。
- WEBLATE_EMAIL_BACKEND
Configures Django back-end to use for sending e-mails.
- WEBLATE_AUTO_UPDATE
Weblate がリポジトリを更新するかどうか、どのように更新するかを設定します。
参考
注釈
This is a Boolean setting (use
"true"or"false").
サイト統合
- WEBLATE_GET_HELP_URL
GET_HELP_URLの設定。
- WEBLATE_STATUS_URL
STATUS_URLの設定。
- WEBLATE_PRIVACY_URL
PRIVACY_URLの設定。
Error reporting
It is recommended to collect errors from the installation systematically, see エラー レポートの収集.
To enable support for Rollbar, set the following:
- ROLLBAR_KEY
Your Rollbar post server access token.
- ROLLBAR_ENVIRONMENT
Your Rollbar environment, defaults to
production.
To enable support for Sentry, set following:
- SENTRY_DSN
Your Sentry DSN.
- SENTRY_ENVIRONMENT
Your Sentry Environment (optional).
CDN の現地化
- WEBLATE_LOCALIZE_CDN_URL
- WEBLATE_LOCALIZE_CDN_PATH
バージョン 4.2.1 で追加.
Configuration for JavaScript 現地語化 CDN.
The
WEBLATE_LOCALIZE_CDN_PATHis path within the container. It should be stored on the persistent volume and not in the transient storage.One of possibilities is storing that inside the Weblate data dir:
environment: WEBLATE_LOCALIZE_CDN_URL: https://cdn.example.com/ WEBLATE_LOCALIZE_CDN_PATH: /app/data/l10n-cdn
注釈
You are responsible for setting up serving of the files generated by Weblate, it only does stores the files in configured location.
有効なアプリ、検査、アドオン、または自動修正の変更
バージョン 3.8-5 で追加.
The built-in configuration of enabled checks, add-ons or autofixes can be adjusted by the following variables:
- WEBLATE_ADD_APPS
- WEBLATE_REMOVE_APPS
- WEBLATE_ADD_CHECK
- WEBLATE_REMOVE_CHECK
- WEBLATE_ADD_AUTOFIX
- WEBLATE_REMOVE_AUTOFIX
- WEBLATE_ADD_ADDONS
- WEBLATE_REMOVE_ADDONS
例:
environment:
WEBLATE_REMOVE_AUTOFIX: weblate.trans.autofixes.whitespace.SameBookendingWhitespace
WEBLATE_ADD_ADDONS: customize.addons.MyAddon,customize.addons.OtherAddon
コンテナの設定
- WEBLATE_WORKERS
バージョン 4.6.1 で追加.
Base number of worker processes running in the container. When not set it is determined automatically on container startup based on number of CPU cores available.
使用する設定項目
CELERY_MAIN_OPTIONS、CELERY_NOTIFY_OPTIONS、CELERY_MEMORY_OPTIONS、CELERY_TRANSLATE_OPTIONS、CELERY_BACKUP_OPTIONS、CELERY_BEAT_OPTIONS、およびWEB_WORKERS。これらの設定を使用して微調整できます。
- CELERY_MAIN_OPTIONS
- CELERY_NOTIFY_OPTIONS
- CELERY_MEMORY_OPTIONS
- CELERY_TRANSLATE_OPTIONS
- CELERY_BACKUP_OPTIONS
- CELERY_BEAT_OPTIONS
These variables allow you to adjust Celery worker options. It can be useful to adjust concurrency (
--concurrency 16) or use different pool implementation (--pool=gevent).By default, the number of concurrent workers is based on
WEBLATE_WORKERS.例:
environment: CELERY_MAIN_OPTIONS: --concurrency 16
- WEB_WORKERS
Configure how many uWSGI workers should be executed.
It defaults to
WEBLATE_WORKERS.例:
environment: WEB_WORKERS: 32
- WEBLATE_SERVICE
Defines which services should be executed inside the container. Use this for Scaling horizontally.
サービス が 定義されている項目:
celery-beatCelery task scheduler, only one instance should be running. This container is also responsible for the database structure migrations and it should be started prior others.
celery-backupCelery worker for backups, only one instance should be running.
celery-celeryGeneric Celery worker.
celery-memory翻訳メモリ Celery ワーカー。
celery-notify通知 Celery ワーカー。
celery-translate自動翻訳 Celery ワーカー。
webWeb サーバー。
Docker container volumes
There are two volumes (data and cache) exported by the Weblate container. The other service containers (PostgreSQL or Redis) have their data volumes as well, but those are not covered by this document.
The data volume is used to store Weblate persistent data such as cloned repositories or to customize Weblate installation.
The placement of the Docker volume on host system depends on your Docker
configuration, but usually it is stored in
/var/lib/docker/volumes/weblate-docker_weblate-data/_data/ (the path
consist of name of your docker-compose directory, container, and volume names).
In the container it is mounted as /app/data.
The cache volume is mounted as /app/cache and is used to store static
files. Its content is recreated on container startup and the volume can be
mounted using ephemeral filesystem such as tmpfs.
When creating the volumes manually, the directories should be owned by UID 1000 as that is user used inside the container.
Further configuration customization
You can further customize Weblate installation in the data volume, see Docker container volumes.
Custom configuration files
You can additionally override the configuration in
/app/data/settings-override.py (see Docker container volumes). This is
executed at the end of built-in settings, after all environment settings
are loaded, and you can adjust or override them.
Replacing logo and other static files
バージョン 3.8-5 で追加.
The static files coming with Weblate can be overridden by placing into
/app/data/python/customize/static (see Docker container volumes). For
example creating /app/data/python/customize/static/favicon.ico will
replace the favicon.
ヒント
The files are copied to the corresponding location upon container startup, so a restart of Weblate is needed after changing the content of the volume.
This approach can be also used to override Weblate templates. For example
法的文書 documents can be placed into
/app/data/python/customize/templates/legal/documents.
Alternatively you can also include own module (see Weblate のカスタマイズ) and add it as separate volume to the Docker container, for example:
weblate:
volumes:
- weblate-data:/app/data
- ./weblate_customization/weblate_customization:/app/data/python/weblate_customization
environment:
WEBLATE_ADD_APPS: weblate_customization
Adding own Python modules
バージョン 3.8-5 で追加.
You can place own Python modules in /app/data/python/ (see
Docker container volumes) and they can be then loaded by Weblate, most likely by
using Custom configuration files.
PostgreSQL サーバーの設定
The PostgtreSQL container uses default PostgreSQL configuration and it won't effectively utilize your CPU cores or memory. It is recommended to customize the configuration to improve the performance.
The configuration can be adjusted as described in Database Configuration at https://hub.docker.com/_/postgres. The configuration matching your environment can be generated using https://pgtune.leopard.in.ua/.