Documentation for self-hosting with docker compose (#855)

## Purpose

Make self hosting of Docs easier with an example of a deployment
procedure with docker compose and document how to configure Docs.

While https://github.com/suitenumerique/docs/pull/583 propose an easy
way to deploy Docs with docker and Make, here we describe more in
details the various steps and requirements to deploy Docs.

## Proposal

- [x] example to deploy and configure keycloak
- [x] example to deploy and configure minio
- [x] example to configure proxy and certs
- [x] example to deploy and configure Docs

## Improvements
- [x] Rephrase description of environment variables and categorize
- [x] Use template for nginx conf  

Fixes https://github.com/suitenumerique/docs/issues/561
Supersedes https://github.com/suitenumerique/docs/pull/583

 A one liner quick start could be a nice addition:
- [ ] merge all services in a single compose
- [ ] scripts to generate secrets

Signed-off-by: unteem <timothee@indie.host>

env.d/production.dist/backend

@@ -0,0 +1,65 @@
+## Django
+DJANGO_ALLOWED_HOSTS=${DOCS_HOST}
+DJANGO_SECRET_KEY=<generate a random key>
+DJANGO_SETTINGS_MODULE=impress.settings
+DJANGO_CONFIGURATION=Production
+
+# Logging
+# Set to DEBUG level for dev only
+LOGGING_LEVEL_HANDLERS_CONSOLE=ERROR
+LOGGING_LEVEL_LOGGERS_ROOT=INFO
+LOGGING_LEVEL_LOGGERS_APP=INFO
+
+# Python
+PYTHONPATH=/app
+
+# Mail
+DJANGO_EMAIL_HOST=<smtp host> 
+DJANGO_EMAIL_HOST_USER=<smtp user> 
+DJANGO_EMAIL_HOST_PASSWORD=<smtp password>
+DJANGO_EMAIL_PORT=<smtp port> 
+DJANGO_EMAIL_FROM=<your email address>
+
+#DJANGO_EMAIL_USE_TLS=true # A flag to enable or disable TLS for email sending.
+#DJANGO_EMAIL_USE_SSL=true # A flag to enable or disable SSL for email sending.
+
+DJANGO_EMAIL_BRAND_NAME="La Suite Numérique" 
+DJANGO_EMAIL_LOGO_IMG="https://${DOCS_HOST}/assets/logo-suite-numerique.png"  
+
+# Media
+AWS_S3_ENDPOINT_URL=https://${S3_HOST}
+AWS_S3_ACCESS_KEY_ID=<s3 access key>
+AWS_S3_SECRET_ACCESS_KEY=<s3 secret key>
+AWS_STORAGE_BUCKET_NAME=${BUCKET_NAME}
+MEDIA_BASE_URL=https://${DOCS_HOST}
+
+# OIDC
+OIDC_OP_JWKS_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/certs
+OIDC_OP_AUTHORIZATION_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/auth
+OIDC_OP_TOKEN_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/token
+OIDC_OP_USER_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/userinfo
+OIDC_OP_LOGOUT_ENDPOINT=https://${KEYCLOAK_HOST}/realms/${REALM_NAME}/protocol/openid-connect/logout
+OIDC_RP_CLIENT_ID=<client_id>
+OIDC_RP_CLIENT_SECRET=<client secret>
+OIDC_RP_SIGN_ALGO=RS256
+OIDC_RP_SCOPES="openid email"
+#USER_OIDC_FIELD_TO_SHORTNAME
+#USER_OIDC_FIELDS_TO_FULLNAME
+
+LOGIN_REDIRECT_URL=https://${DOCS_HOST}
+LOGIN_REDIRECT_URL_FAILURE=https://${DOCS_HOST}
+LOGOUT_REDIRECT_URL=https://${DOCS_HOST}
+
+OIDC_REDIRECT_ALLOWED_HOSTS=["https://${DOCS_HOST}"]
+
+# AI
+#AI_FEATURE_ENABLED=true # is false by default
+#AI_BASE_URL=https://openaiendpoint.com
+#AI_API_KEY=<API key>
+#AI_MODEL=<model used> e.g. llama
+
+# Frontend
+#FRONTEND_THEME=mytheme 
+#FRONTEND_CSS_URL=https://storage.yourdomain.tld/themes/custom.css
+#FRONTEND_FOOTER_FEATURE_ENABLED=true
+#FRONTEND_URL_JSON_FOOTER=https://docs.domain.tld/contents/footer-demo.json

env.d/production.dist/common

@@ -0,0 +1,9 @@
+DOCS_HOST=docs.domain.tld
+KEYCLOAK_HOST=id.domain.tld
+S3_HOST=storage.domain.tld
+BACKEND_HOST=backend
+FRONTEND_HOST=frontend
+YPROVIDER_HOST=y-provider
+BUCKET_NAME=docs-media-storage
+REALM_NAME=docs
+#COLLABORATION_WS_URL=wss://${DOCS_HOST}/collaboration/ws/

env.d/production.dist/kc_postgresql

@@ -0,0 +1,13 @@
+# Postgresql db container configuration
+POSTGRES_DB=keycloak
+POSTGRES_USER=keycloak
+POSTGRES_PASSWORD=<generate postgres password>
+PGDATA=/var/lib/postgresql/data/pgdata
+
+# Keycloak postgresql configuration
+KC_DB=postgres
+KC_DB_SCHEMA=public
+KC_DB_HOST=postgresql
+KC_DB_NAME=${POSTGRES_DB}
+KC_DB_USER=${POSTGRES_USER}
+KC_DB_PASSWORD=${POSTGRES_PASSWORD}

env.d/production.dist/keycloak

@@ -0,0 +1,8 @@
+# Keycloak admin user
+KC_BOOTSTRAP_ADMIN_USERNAME=admin
+KC_BOOTSTRAP_ADMIN_PASSWORD=<generate your password>
+
+# Keycloak configuration
+KC_HOSTNAME=https://id.yourdomain.tld # Change with your own URL
+KC_PROXY_HEADERS=xforwarded # in this example we are running behind an nginx proxy
+KC_HTTP_ENABLED=true # in this example we are running behind an nginx proxy

env.d/production.dist/postgresql

@@ -0,0 +1,11 @@
+# App database configuration
+DB_HOST=postgresql
+DB_NAME=docs
+DB_USER=docs
+DB_PASSWORD=<generate a secure password>
+DB_PORT=5432
+
+# Postgresql db container configuration
+POSTGRES_DB=docs
+POSTGRES_USER=docs
+POSTGRES_PASSWORD=${DB_PASSWORD}

env.d/production.dist/yprovider

@@ -0,0 +1,7 @@
+Y_PROVIDER_API_BASE_URL=http://${YPROVIDER_HOST}:4444/api
+Y_PROVIDER_API_KEY=<generate a random key>
+COLLABORATION_SERVER_SECRET=<generate a random key>
+COLLABORATION_SERVER_ORIGIN=https://${DOCS_HOST}
+COLLABORATION_API_URL=https://${DOCS_HOST}/collaboration/api/ 
+COLLABORATION_BACKEND_BASE_URL=https://${DOCS_HOST}
+COLLABORATION_LOGGING=true