General Dockerfile improvements & automatic configuration
- add a docker-compose file for easy rebuilds and test deployments - switch to slim version of base image - instruct apt to run noninteractive - maintainer is deprecated in Dockerfile - reformat packages being installed and add ca-certificates - reduce layers and size while cleaning up in the indivdual layers - add proper startup script - make apache put logs on the console - add healthcheck - set lam password at startup - make more settings configurable through env variables - add ldap to the example compose file - predefine DEBUG var - Upgrade to Debian Buster Signed-off-by: Felix Bartels <felix@host-consultants.de>pull/76/head
parent
65412574a0
commit
75cfafebc9
@ -0,0 +1,10 @@
|
||||
LDAP_ORGANISATION="LDAP Account Manager Demo"
|
||||
LDAP_DOMAIN=mydomain.com
|
||||
LDAP_BASE_DN=dc=mydomain,dc=com
|
||||
LDAP_SERVER=ldap://ldap:389
|
||||
LDAP_ADMIN_PASSWORD=adminpw
|
||||
LDAP_READONLY_USER_PASSWORD=readonlypw
|
||||
LDAP_BIND_DN=cn=readonly,dc=mydomain,dc=com
|
||||
LDAP_SEARCH_BASE=dc=mydomain,dc=com
|
||||
|
||||
LAM_PASSWORD=lam
|
@ -0,0 +1,45 @@
|
||||
version: '3.5'
|
||||
services:
|
||||
ldap-account-manager:
|
||||
build:
|
||||
context: .
|
||||
args:
|
||||
- LAM_RELEASE=6.9
|
||||
image: ldapaccountmanager/lam:latest
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "8080:80"
|
||||
volumes:
|
||||
- lametc/:/etc/ldap-account-manager
|
||||
- lamconfig/:/var/lib/ldap-account-manager/config
|
||||
- lamsession/:/var/lib/ldap-account-manager/sess
|
||||
environment:
|
||||
- LAM_PASSWORD=${LAM_PASSWORD}
|
||||
- LAM_LANG=en_US
|
||||
- LAM_TIMEZONE=Europe/Berlin
|
||||
- LDAP_SERVER=${LDAP_SERVER}
|
||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
|
||||
- DEBUG=true
|
||||
ldap:
|
||||
image: osixia/openldap:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
||||
- LDAP_READONLY_USER=true
|
||||
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
||||
command: "--loglevel info --copy-service"
|
||||
volumes:
|
||||
- ldap:/var/lib/ldap
|
||||
- slapd:/etc/ldap/slapd.d
|
||||
|
||||
volumes:
|
||||
lametc:
|
||||
lamconfig:
|
||||
lamsession:
|
||||
ldap:
|
||||
slapd:
|
@ -0,0 +1,36 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -eu # unset variables are errors & non-zero return values exit the whole script
|
||||
[ "$DEBUG" ] && set -x
|
||||
|
||||
LAM_LANG="${LAM_LANG:-en_US}"
|
||||
export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
|
||||
LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); mt_srand((microtime() * 1000000)); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
|
||||
LAM_TIMEZONE="${LAM_TIMEZONE:-Europe/Berlin}"
|
||||
LDAP_HOST="${LDAP_HOST:-ldap://ldap:389}"
|
||||
LDAP_DOMAIN="${LDAP_DOMAIN:-mydomain.com}"
|
||||
LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
|
||||
ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
|
||||
|
||||
echo "Setting LAM password to: $LAM_PASSWORD"
|
||||
sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
|
||||
s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
|
||||
EOF
|
||||
unset LAM_PASSWORD
|
||||
|
||||
sed -i -f- /var/lib/ldap-account-manager/config/lam.conf <<- EOF
|
||||
s|^ServerURL:.*|ServerURL: ${LDAP_HOST}|;
|
||||
s|^Admins:.*|Admins: ${ADMIN_USER}|;
|
||||
s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
|
||||
s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
|
||||
s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
|
||||
s|^types: suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
|
||||
s|^types: suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
|
||||
EOF
|
||||
|
||||
echo "Starting Apache"
|
||||
rm -f /run/apache2/apache2.pid
|
||||
set +u
|
||||
# shellcheck disable=SC1091
|
||||
source /etc/apache2/envvars
|
||||
exec /usr/sbin/apache2 -DFOREGROUND
|
Loading…
Reference in New Issue