Merge pull request #81 from LDAPAccountManager/docker

Docker
This commit is contained in:
gruberroland 2019-12-07 21:49:13 +01:00 committed by GitHub
commit 1bc26a314e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 163 additions and 15 deletions

18
lam-packaging/docker/.env Normal file
View File

@ -0,0 +1,18 @@
# domain of LDAP database root entry, will be converted to dc=...,dc=...
LDAP_DOMAIN=my-domain.com
# LDAP base DN to overwrite value generated by LDAP_DOMAIN
LDAP_BASE_DN=dc=my-domain,dc=com
# LDAP server URL
LDAP_SERVER=ldap://ldap:389
# LDAP admin user (set as login user for LAM)
LDAP_USER=cn=admin111,dc=my-domain,dc=com
# LDAP admin password
LDAP_ADMIN_PASSWORD=adminpw
# LAM configuration master password and password for server profile "lam"
LAM_PASSWORD=lam
# docker-compose only, LDAP organisation name for OpenLDAP
LDAP_ORGANISATION="LDAP Account Manager Demo"
# docker-compose only, password for LDAP read-only user
LDAP_READONLY_USER_PASSWORD=readonlypw

View File

@ -25,32 +25,59 @@
# You can change the port 8080 if needed. # You can change the port 8080 if needed.
# #
FROM debian:stretch FROM debian:buster-slim
MAINTAINER Roland Gruber <post@rolandgruber.de> LABEL maintainer="Roland Gruber <post@rolandgruber.de>"
ARG LAM_RELEASE=6.9 ARG LAM_RELEASE=6.9
# update OS ENV \
RUN apt-get update \ DEBIAN_FRONTEND=noninteractive \
&& apt-get upgrade -y DEBUG=''
# install requirements RUN apt-get update && \
RUN apt-get install -y wget apache2 libapache2-mod-php php php-ldap php-zip php-xml php-curl php-gd php-imagick php-mcrypt php-tcpdf php-phpseclib fonts-dejavu php-monolog apt-get install --no-install-recommends -y \
apache2 \
ca-certificates \
dumb-init \
fonts-dejavu \
libapache2-mod-php \
php \
php-curl \
php-gd \
php-imagick \
php-ldap \
php-monolog \
php-phpseclib \
php-xml \
php-zip \
wget \
&& \
rm /etc/apache2/sites-enabled/*default* && \
rm -rf /var/cache/apt /var/lib/apt/lists/*
# install LAM # install LAM
RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \ RUN wget http://prdownloads.sourceforge.net/lam/ldap-account-manager_${LAM_RELEASE}-1_all.deb?download \
&& dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb -O /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
dpkg -i /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb && \
rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb
# cleanup # redirect Apache logging
RUN apt-get autoremove -y && apt-get clean all \ RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
&& rm -f /tmp/ldap-account-manager_${LAM_RELEASE}-1_all.deb \ # because there is no logging set in the lam vhost logging goes to other_vhost_access.log
&& rm /etc/apache2/sites-enabled/*default* RUN ln -sf /dev/stdout /var/log/apache2/other_vhosts_access.log
# add redirect for / # add redirect for /
RUN a2enmod rewrite RUN a2enmod rewrite
RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \ RUN echo "RewriteEngine on" >> /etc/apache2/conf-enabled/laminit.conf \
&& echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf && echo "RewriteRule ^/$ /lam/ [R,L]" >> /etc/apache2/conf-enabled/laminit.conf
# start Apache when container starts COPY start.sh /usr/local/bin/start.sh
ENTRYPOINT service apache2 start && sleep infinity
WORKDIR /var/lib/ldap-account-manager/config
# start Apache when container starts
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD [ "/usr/local/bin/start.sh" ]
HEALTHCHECK --interval=1m --timeout=10s \
CMD wget -qO- http://localhost/lam/ | grep -q '<title>LDAP Account Manager</title>'

View File

@ -0,0 +1,44 @@
version: '3.5'
services:
ldap-account-manager:
build:
context: .
args:
- LAM_RELEASE=6.9
image: ldapaccountmanager/lam:latest
restart: unless-stopped
ports:
- "8080:80"
volumes:
- lametc/:/etc/ldap-account-manager
- lamconfig/:/var/lib/ldap-account-manager/config
- lamsession/:/var/lib/ldap-account-manager/sess
environment:
- LAM_PASSWORD=${LAM_PASSWORD}
- LAM_LANG=en_US
- LDAP_SERVER=${LDAP_SERVER}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
- DEBUG=true
ldap:
image: osixia/openldap:latest
restart: unless-stopped
environment:
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
command: "--loglevel info --copy-service"
volumes:
- ldap:/var/lib/ldap
- slapd:/etc/ldap/slapd.d
volumes:
lametc:
lamconfig:
lamsession:
ldap:
slapd:

54
lam-packaging/docker/start.sh Executable file
View File

@ -0,0 +1,54 @@
#!/bin/bash
#
# Docker start script for LDAP Account Manager
# This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
# Copyright (C) 2019 Felix Bartels
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
set -eu # unset variables are errors & non-zero return values exit the whole script
[ "$DEBUG" ] && set -x
LAM_LANG="${LAM_LANG:-en_US}"
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
EOF
unset LAM_PASSWORD
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
s|^Admins:.*|Admins: ${LDAP_ADMIN_USER}|;
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
EOF
echo "Starting Apache"
rm -f /run/apache2/apache2.pid
set +u
# shellcheck disable=SC1091
source /etc/apache2/envvars
exec /usr/sbin/apache2 -DFOREGROUND

View File

@ -4,6 +4,7 @@ December 2019 7.0
- YubiKey: support to configure multiple verification servers - YubiKey: support to configure multiple verification servers
- Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish - Deactivated non-maintained translations: Catalan, Czech, Hungarian, Polish and Turkish
Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included). Contact us if you would like to take over. Translators get LAM Pro for free (commercial use included).
- Docker updates
- Fixed bugs: - Fixed bugs:
-> Missing CSS for Duo -> Missing CSS for Duo
-> Editing of DNs with comma on Windows (210) -> Editing of DNs with comma on Windows (210)

View File

@ -318,6 +318,10 @@
<para>You can run LAM inside Docker.</para> <para>You can run LAM inside Docker.</para>
<para>Possible environment variables are documented in the <ulink
url="https://github.com/LDAPAccountManager/lam/blob/develop/lam-packaging/docker/.env">sample
.env</ulink> file.</para>
<para>See here:</para> <para>See here:</para>
<para><ulink <para><ulink