Grist Grist is a modern relational spreadsheet. It combines the flexibility of a spreadsheet with the robustness of a database.
Create the usual dedicated user. Also, all data needs to be located in a dedicated folder that will be /data/grist:
useradd -d /data/daemons/grist -m grist mkdir /data/grist chown grist:grist /data/grist
Now, as grist user, create the following docker compose file:
services:
grist:
ports:
- 8484:8484
volumes:
- /data/grist:/persist
environment:
- GRIST_SESSION_SECRET=here_write_a_secret_passcode
- GRIST_DEFAULT_EMAIL=me@mydomain.com
- GRIST_FORWARD_AUTH_HEADER=Remote-Email
- GRIST_PROXY_AUTH_HEADER=Remote-Email
- APP_HOME_URL=https://grist.mydomain.com
- APP_DOC_URL=https://grist.mydomain.com
- GRIST_IGNORE_SESSION=true
stdin_open: true
tty: true
image: gristlabs/grist-oss
networks:
- grist-net
networks:
grist-net: {}
Remember to set an available port (8484)! I have not been able to make grist run as user grist inside the container, it will run as user 1001. This is not an issue, just a cosmetic annoyance.
Now pull it:
podman compose pull
Grist will happily inherit your SSO authentication from the reverse proxy, the key point are the following settings in your docker compose:
- GRIST_FORWARD_AUTH_HEADER=Remote-Email
- GRIST_PROXY_AUTH_HEADER=Remote-Email
- GRIST_IGNORE_SESSION=true
If you need multiple users, each one with it's own Grist user you will need to remove the GRIST_IGNORE_SESSION setting.
You can run Grist only on a sub-domain.
I assume it will be reachable as https://grist.mydomain.com.
Following this page create a NGINX config file called /etc/nginx/com.mydomain/grist/grist.conf like this:
server {
server_name grist.mydomain.com;
listen 443 ssl;
listen 8443 ssl;
access_log /var/log/nginx/grist.mydomain.com_access_log main;
error_log /var/log/nginx/grist.mydomain.com_error_log info;
include "com.mydomain/authelia_location.conf";
location / {
include "com.mydomain/authelia_proxy.conf";
include "com.mydomain/authelia_authrequest.conf";
proxy_pass http://127.0.0.1:8484;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
This will enable Authelia SSO (see here for your Grist installation as well.
To start it, and set it up on boot, as usual follow my indications Using Containers on Gentoo, so link the user-containers init script:
ln -s /etc/init.d/user-containers /etc/init.d/user-containers.grist
and create the following config file:
USER=grist DESCRIPTION="Online spreadsheet"
Add the service to the default runlevel and start it now:
rc-update add user-containers.grist default rc-service user-containers.grist start