Docker AIO and GitLab self-managed #154

Author: sriramveeraghanta

mint.json

@@ -68,6 +68,7 @@
       "group": "Install",
       "pages": [
         "self-hosting/methods/docker-compose",
+        "self-hosting/methods/docker-aio",
         "self-hosting/methods/docker-swarm",
         "self-hosting/methods/kubernetes",
         "self-hosting/methods/coolify",
@@ -79,7 +80,6 @@
               "self-hosting/methods/airgapped-edition-kubernetes"
             ]
         },
-        
         "self-hosting/methods/podman-quadlets"
       ]
     },

self-hosting/govern/integrations/github.mdx

@@ -74,13 +74,13 @@ To configure GitHub integration, you'll need to create a GitHub App within your
 
 1. Go to **Settings \> Developer Settings \> GitHub Apps** in your GitHub organization.
 
-      2. Click **New GitHub App**.
+2. Click **New GitHub App**.
          ![Create GitHub App](/images/integrations/github/create-github-app.webp)
 
-      3. In the **Register new GitHub App** page, provide a **GitHub App name** and **Homepage URL**.
+3. In the **Register new GitHub App** page, provide a **GitHub App name** and **Homepage URL**.
          ![App name and homepage URL](/images/integrations/github/app-name-homepage-url.webp)
 
-      4. In the **Identifying and authorizing users** section, add the following **Callback URLS**. 
+4. In the **Identifying and authorizing users** section, add the following **Callback URLS**. 
 
             **For Plane cloud instance**  
 
@@ -99,7 +99,7 @@ To configure GitHub integration, you'll need to create a GitHub App within your
          These URLs allow Plane to verify and enable workspace connection with the Github App.
          ![Add Callback URL](/images/integrations/github/add-callback-url.webp)
 
-      5. In the **Post installation** section, add the below **Setup URL**.  
+5. In the **Post installation** section, add the below **Setup URL**.  
 
             **For Plane cloud instance**  
             ```bash
@@ -114,9 +114,9 @@ To configure GitHub integration, you'll need to create a GitHub App within your
          Redirects users to this URL after GitHub app installation.
          ![Add setup URL](/images/integrations/github/add-setup-url.webp)
 
-      6. Turn on **Redirect on update**.
+6. Turn on **Redirect on update**.
 
-      7. In the **Webhook** section, add the below **Webhook URL**.  
+7. In the **Webhook** section, add the below **Webhook URL**.  
 
             **For Plane cloud instance**  
             ```bash

self-hosting/govern/integrations/gitlab.mdx

@@ -5,13 +5,29 @@ sidebarTitle: GitLab
 
 This guide walks you through setting up a GitLab application to enable GitLab integration for your Plane workspace on a self-hosted instance. Since self-hosted environments don’t come pre-configured for GitLab, you’ll need to create an application, configure authentication, and set the necessary permissions to ensure seamless integration.
 
+This guide covers configuration for both:
+
+- **[GitLab.com](/self-hosting/govern/integrations/gitlab?edition=gitlab-cloud#create-gitlab-application)**   
+The standard cloud-hosted GitLab service
+
+- **[GitLab Self-managed](/self-hosting/govern/integrations/gitlab?edition=gitlab-self-managed#create-gitlab-application)**   
+Self-hosted GitLab instances for organizations with specific compliance or security requirements
+
 In this guide, you’ll:
 
-1. [Create and configure a GitLab Application](/self-hosting/govern/integrations/gitlab#create-a-gitlab-application)
+1. [Create and configure a GitLab Application](/self-hosting/govern/integrations/gitlab#create-gitlab-application)
 2. [Configure your Plane instance](/self-hosting/govern/integrations/gitlab#configure-plane-instance)
 
+<Warning>
+**Activate GitLab integration**
+
+After creating and configuring the GitLab application and configuring the instance as detailed on this page, you'll need to [setup the GitLab integration](https://docs.plane.so/integrations/gitlab) within Plane. 
+</Warning>
+
 ## Create GitLab Application
 
+<Tabs>
+<Tab title="GitLab Cloud">
 1. On the left sidebar in GitLab, select your avatar.
 
 2. Select **Preferences** tab.
@@ -27,7 +43,7 @@ In this guide, you’ll:
     ```bash
     https://[YOUR_DOMAIN]/silo/api/gitlab/auth/callback
     ```
-7. You can choose to check or leave the **Confidential** box unchecked—both options work for Plane.
+7. Check the **Confidential** box.
 
     ![Add app details](/images/integrations/gitlab/add-app-details.webp)
 
@@ -39,14 +55,65 @@ In this guide, you’ll:
     |`read_api`|Allows read-only access to all groups, projects, container registry, and package registry.|
     |`read_user`|Grants read-only access to user profiles via the /user API endpoint, including username, public email, and full name. Also provides access to /users endpoints.|
     |`read_repository`|Enables read-only access to repositories in private projects via Git-over-HTTP or the Repository Files API.|
-    |`write_repository`|Allows read/write access to repositories on private projects via Git-over-HTTP (not through the API).|
     |`profile`|Grants read-only access to the user's profile data using OpenID Connect.|
     |`email`|Provides read-only access to the user's primary email address using OpenID Connect.|
 
 9. Click **Save Application** to finalize the setup.
+</Tab>
+
+<Tab title="GitLab Self-managed">
+1. Log in to your GitLab instance.
+2. Click on your profile icon in the top-right corner.
+3. From the dropdown menu that appears, select **Edit profile**.
+4. Look for and select the **Applications** option within this menu.
+
+![GitLab Applications](https://media.docs.plane.so/integrations/gitlab/gitlab-applications.webp#center)
+
+5. On the Applications page, click **Add new application** to begin configuring your OAuth application.
+
+Fill in the application details with the following configuration:
+
+    - **Name**  
+    Enter a descriptive name for your application (e.g., `Plane Local Dev` or `Plane Integration`).
+
+    - **Redirect URI**  
+    The redirect URI depends on your Plane deployment:
+
+        **For Plane Cloud:**
+        ```
+        https://silo.plane.so/api/oauth/gitlab-enterprise/auth/callback
+        ```
+
+        **For Plane Self-Hosted:**
+        ```
+        https://<your-domain>/silo/api/oauth/gitlab-enterprise/auth/callback
+        ```
+
+    Replace `<your-domain>` with your actual Plane instance domain.
+
+    - **Confidential**  
+    Keep the **Confidential** checkbox enabled. This ensures the application uses a client secret for secure authentication.
+
+    - **Scopes**  
+    Select the following scopes to grant Plane the necessary permissions:
+
+        - **api** - Grants complete read/write access to the API, including all groups and projects
+        - **read_api** - Grants read access to the API, including all groups and projects
+        - **read_user** - Grants read-only access to your profile information
+        - **read_repository** - Grants read-only access to repositories on private projects
+        - **profile** - Grants read-only access to the user's profile data using OpenID Connect
+        - **email** - Grants read-only access to the user's primary email address using OpenID Connect
+
+6. Click **Save application** to create the OAuth application.
+</Tab>
+</Tabs>
+
 
 ## Configure Plane instance
 
+<Tabs>
+<Tab title="GitLab Cloud">
+
 1. Copy the **Application ID** and **Secret** from the newly created application.
     ![Copy credentials](/images/integrations/gitlab/copy-credentials.webp)
 
@@ -58,4 +125,15 @@ In this guide, you’ll:
     ```
 3. Save the file and restart the instance. 
 
-4. Once you've completed the instance configuration, [activate the GitLab integration in Plane](https://docs.plane.so/integrations/gitlab).
+4. Once you've completed the instance configuration, [activate the GitLab integration in Plane](https://docs.plane.so/integrations/gitlab?edition=gitlab-cloud).
+
+</Tab>
+
+<Tab title="GitLab Self-managed">
+
+1. Copy the **Application ID** and **Secret** from the newly created application.
+    ![Copy credentials](/images/integrations/gitlab/copy-credentials.webp)
+
+2. Once you've created the application, [activate the GitLab Self-managed integration in Plane](https://docs.plane.so/integrations/gitlab?edition=gitlab-self-managed).
+</Tab>
+</Tabs>

self-hosting/methods/docker-aio.mdx

@@ -0,0 +1,189 @@
+---
+title: Docker AIO (All-in-One) • Commercial Edition
+sidebarTitle: Docker AIO
+---
+
+The Plane Commercial All-in-One (AIO) Docker image packages all Plane services into a single container, making it the fastest way to get Plane running. 
+
+## What's included
+
+Your single AIO container includes all these services running together:
+
+- **Web App** - The main Plane web interface you'll use
+- **Space** - Public project spaces for external collaboration  
+- **Admin** - Administrative interface
+- **API Server** - Backend API
+- **Live Server** - Real-time collaboration features
+- **Silo** - Integration services
+- **Monitor** - Feature flags and payments
+- **Email Server** - SMTP server for notifications
+- **Proxy** (Port 80, 20025, 20465, 20587) - Caddy reverse proxy
+- **Worker and Beat Worker** - Background task processing
+
+### Port Mapping
+
+The following ports are exposed:
+- `80`: Main web interface (HTTP)
+- `443`: HTTPS (if SSL configured)
+- `20025`: SMTP port 25
+- `20465`: SMTP port 465 (SSL/TLS)
+- `20587`: SMTP port 587 (STARTTLS)
+
+## Prerequisites
+
+- [Docker](https://docs.docker.com/engine/)
+- Set up these external services:
+    - *PostgreSQL*  
+    For data storage
+    - *Redis*  
+    For caching and session management
+    - *RabbitMQ*
+    For message queuing
+    - *S3-compatible storage*  
+    For file uploads (AWS S3 or MinIO)
+
+## Install Plane
+
+1. Download the image with:
+    ```bash
+    docker pull artifacts.plane.so/makeplane/plane-aio-commercial:stable
+    ```
+
+2. Run the following command to deploy the Plane AIO container. Make sure to replace all placeholder values (e.g., `your-domain.com`, `user:pass`) with your actual configuration.
+
+    <Warning>
+        All environment variables are required for the container to function correctly.
+    </Warning>
+
+    ```bash
+    docker run --name plane-aio --rm -it \
+        -p 80:80 \
+        -p 20025:20025 \
+        -p 20465:20465 \
+        -p 20587:20587 \
+        -e DOMAIN_NAME=your-domain.com \
+        -e DATABASE_URL=postgresql://user:pass@host:port/database \
+        -e REDIS_URL=redis://host:port \
+        -e AMQP_URL=amqp://user:pass@host:port/vhost \
+        -e AWS_REGION=us-east-1 \
+        -e AWS_ACCESS_KEY_ID=your-access-key \
+        -e AWS_SECRET_ACCESS_KEY=your-secret-key \
+        -e AWS_S3_BUCKET_NAME=your-bucket \
+        artifacts.plane.so/makeplane/plane-aio-commercial:stable
+    ```
+
+    If you're running on an IP address, use this example:
+
+    ```bash
+    MYIP=192.168.68.169
+    docker run --name myaio --rm -it \
+    -p 80:80 \
+    -p 20025:20025 \
+    -p 20465:20465 \
+    -p 20587:20587 \
+    -e DOMAIN_NAME=${MYIP} \
+    -e DATABASE_URL=postgresql://plane:plane@${MYIP}:15432/plane \
+    -e REDIS_URL=redis://${MYIP}:16379 \
+    -e AMQP_URL=amqp://plane:plane@${MYIP}:15673/plane \
+    -e AWS_REGION=us-east-1 \
+    -e AWS_ACCESS_KEY_ID=<YOUR_AWS_ACCESS_KEY_ID> \
+    -e AWS_SECRET_ACCESS_KEY=<YOUR_AWS_SECRET_ACCESS_KEY> \
+    -e AWS_S3_BUCKET_NAME=plane-app \
+    -e AWS_S3_ENDPOINT_URL=http://${MYIP}:19000 \
+    -e FILE_SIZE_LIMIT=10485760 \
+    artifacts.plane.so/makeplane/plane-aio-commercial:stable
+    ```
+
+2. Once it's running, you can access the Plane application on the domain you provided during the deployment.
+
+## Volume mounts
+
+### Recommended persistent volumes
+```bash
+-v /path/to/logs:/app/logs \
+-v /path/to/data:/app/data 
+```
+
+### Workspace license DB
+```bash
+-v /path/to/monitordb:/app/monitor
+```
+
+### SSL certificate support
+For HTTPS support, mount certificates:
+```bash
+-v /path/to/certs:/app/email/tls
+```
+
+## Environment variables (optional)
+
+### Network and Protocol
+- `SITE_ADDRESS`: Server bind address (default: `:80`)
+- `APP_PROTOCOL`: Protocol to use (`http` or `https`, default: `http`)
+
+### Email configuration  
+- `INTAKE_EMAIL_DOMAIN`: Domain for intake emails (default: `intake.<DOMAIN_NAME>`)
+- `LISTEN_SMTP_PORT_25`: SMTP port 25 mapping (default: `20025`)
+- `LISTEN_SMTP_PORT_465`: SMTP port 465 mapping (default: `20465`) 
+- `LISTEN_SMTP_PORT_587`: SMTP port 587 mapping (default: `20587`)
+- `SMTP_DOMAIN`: SMTP server domain (default: `0.0.0.0`)
+- `TLS_CERT_PATH`: Path to TLS certificate file (optional)
+- `TLS_PRIV_KEY_PATH`: Path to TLS private key file (optional)
+
+### Security and secrets
+- `MACHINE_SIGNATURE`: Unique machine identifier (auto-generated if not provided)
+- `SECRET_KEY`: Django secret key (default provided)
+- `SILO_HMAC_SECRET_KEY`: Silo HMAC secret (default provided)
+- `AES_SECRET_KEY`: AES encryption key (default provided)
+- `LIVE_SERVER_SECRET_KEY`: Live server secret (default provided)
+
+### File handling
+- `FILE_SIZE_LIMIT`: Maximum file upload size in bytes (default: `5242880` = 5MB)
+
+### Integration callbacks
+- `INTEGRATION_CALLBACK_BASE_URL`: Base URL for OAuth callbacks
+
+### API configuration
+- `API_KEY_RATE_LIMIT`: API key rate limit (default: `60/minute`)
+
+### Third-party integrations
+- `GITHUB_CLIENT_ID`, `GITHUB_CLIENT_SECRET`: GitHub integration
+- `GITHUB_APP_NAME`, `GITHUB_APP_ID`, `GITHUB_PRIVATE_KEY`: GitHub App integration
+- `SLACK_CLIENT_ID`, `SLACK_CLIENT_SECRET`: Slack integration  
+- `GITLAB_CLIENT_ID`, `GITLAB_CLIENT_SECRET`: GitLab integration
+
+## Build the image
+
+To build the AIO image yourself:
+
+```bash
+cd deploy/aio/commercial
+./build.sh --release=v1.11.1 
+```
+
+Available build options:
+- `--release`: Plane version to build (required)
+- `--image-name`: Custom image name (default: `plane-aio-commercial`)
+
+## Troubleshoot
+The container will validate required environment variables on startup and display helpful error messages if any are missing.
+
+### Logs
+All service logs are available in `/app/logs/`:
+- Access logs: `/app/logs/access/`
+- Error logs: `/app/logs/error/`
+
+### Health checks
+The container runs multiple services managed by Supervisor. Check service status:
+```bash
+docker exec -it <container-name> supervisorctl status
+```
+
+## Production considerations
+
+- Use proper SSL certificates for HTTPS
+- Configure proper backup strategies for data
+- Monitor resource usage and scale accordingly
+- Use external load balancer for high availability
+- Regularly update to latest versions
+- Secure your environment variables and secrets