Update: alpha2
This commit is contained in:
parent
56f3eaa797
commit
79611b022d
@ -111,6 +111,7 @@ local global_vars_default(runtime) =
|
||||
app_puid: '1000',
|
||||
app_pgid: '1000',
|
||||
|
||||
app_lang: 'en_US',
|
||||
app_tz: 'UTC',
|
||||
app_tz_var: 'TZ',
|
||||
app_tz_mount: false,
|
||||
@ -134,14 +135,16 @@ local global_vars_default(runtime) =
|
||||
app_user_email: 'user@' + self.app_domain,
|
||||
app_user_passwd: 'user',
|
||||
|
||||
# Other implementations standard:
|
||||
# mysql_network_name
|
||||
# pgsql_network_name
|
||||
# ldap_network_name
|
||||
# wireguard_network_name
|
||||
# traefik_network_name
|
||||
# Like:
|
||||
# traefik_network_name: ns + sep + 'traefik',
|
||||
# Generic networks
|
||||
net_vpn: runtime.paasify_ns + runtime.paasify_sep + 'vpn',
|
||||
net_proxy: runtime.paasify_ns + runtime.paasify_sep + 'proxy',
|
||||
net_ldap: runtime.paasify_ns + runtime.paasify_sep + 'ldap',
|
||||
net_sql: runtime.paasify_ns + runtime.paasify_sep + 'sql',
|
||||
net_nosql: runtime.paasify_ns + runtime.paasify_sep + 'nosql',
|
||||
net_queue: runtime.paasify_ns + runtime.paasify_sep + 'queue',
|
||||
net_ostorage: runtime.paasify_ns + runtime.paasify_sep + 'ostorage', # Object storage
|
||||
net_fstorage: runtime.paasify_ns + runtime.paasify_sep + 'fstorage', # File storage
|
||||
net_bstorage: runtime.paasify_ns + runtime.paasify_sep + 'bstorage', # Block storage
|
||||
|
||||
#FUTURE app_dir_prefix: std.get(user_data, 'app_dir_prefix', './')
|
||||
# app_dir_logs: ResolvePath(std.get(user_data, 'app_dir_logs', './logs/'), cwd),
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
services:
|
||||
authelia:
|
||||
expose:
|
||||
- ${APP_EXPOSE_IP}:${APP_EXPOSE_PORT:-9091}:9091
|
||||
- ${app_expose_ip}:${app_expose_port:-9091}:9091
|
||||
|
||||
@ -23,9 +23,9 @@ services:
|
||||
#- 'traefik.http.routers.authelia.tls.certresolver=letsencrypt'
|
||||
#- 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.example.com' # yamllint disable-line rule:line-length
|
||||
#
|
||||
- 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.trustForwardHeader=true'
|
||||
- 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${APP_DOMAIN}'
|
||||
- 'traefik.http.middlewares.${TRAEFIK_SVC_AUTH:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
|
||||
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.trustForwardHeader=true'
|
||||
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.address=http://authelia:9091/api/verify?rd=https://${app_fqdn}'
|
||||
- 'traefik.http.middlewares.${traefik_svc_auth:-authelia}.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email' # yamllint disable-line rule:line-length
|
||||
healthcheck:
|
||||
disable: true
|
||||
environment:
|
||||
@ -38,10 +38,10 @@ services:
|
||||
|
||||
|
||||
# MISC
|
||||
#- AUTHELIA_DEFAULT_REDICTION_URL=${APP_DOMAIN}
|
||||
- AUTHELIA_DEFAULT_REDIRECTION_URL=https://${APP_DOMAIN}
|
||||
- AUTHELIA_SESSION_DOMAIN=${APP_TOP_DOMAIN}
|
||||
#- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${APP_TOP_DOMAIN}
|
||||
#- AUTHELIA_DEFAULT_REDICTION_URL=${app_fqdn}
|
||||
- AUTHELIA_DEFAULT_REDIRECTION_URL=https://${app_fqdn}
|
||||
- AUTHELIA_SESSION_DOMAIN=${app_domain}
|
||||
#- AUTHELIA_AUTHENTIFICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL=https://users.auth.${app_domain}
|
||||
|
||||
# LDAP configuration
|
||||
# DOES NOT WORK: - AUTHELIA_AUTHENTIFICATION_BACKEND_LDAP=true
|
||||
|
||||
@ -8,16 +8,16 @@ services:
|
||||
- "9999:80"
|
||||
|
||||
volumes:
|
||||
###- ./lametc/:/etc/ldap-account-manager
|
||||
- ./lamconfig/:/var/lib/ldap-account-manager/config
|
||||
- ./lamsession/:/var/lib/ldap-account-manager/sess
|
||||
###- $app_dir_conf:/etc/ldap-account-manager
|
||||
- $app_dir_conf:/var/lib/ldap-account-manager/config
|
||||
- $app_dir_conf/sess:/var/lib/ldap-account-manager/sess
|
||||
|
||||
environment:
|
||||
- LAM_PASSWORD=${LAM_PASSWORD}
|
||||
- LAM_LANG=en_US
|
||||
- LDAP_SERVER=${LDAP_SERVER}
|
||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||
- ADMIN_USER=cn=admin,${LDAP_BASE_DN}
|
||||
- LAM_PASSWORD=${ldap_admin_bind_passwd}
|
||||
- LAM_LANG=${app_lang}
|
||||
- LDAP_SERVER=${ldap_uri_server}
|
||||
- LDAP_DOMAIN=${ldap_domain}
|
||||
- LDAP_BASE_DN=${ldap_base_dn}
|
||||
- ADMIN_USER=${ldap_admin_bind_dn}
|
||||
- DEBUG=true
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
name: ${APP_PROXY_NETWORK}
|
||||
name: ${net_proxy}
|
||||
|
||||
services:
|
||||
|
||||
@ -10,8 +10,8 @@ services:
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.http.routers.lum.entrypoints: front-http,front-https
|
||||
traefik.http.routers.lum.rule: Host(`lum.$APP_TOP_DOMAIN`)
|
||||
traefik.http.routers.lum.rule: Host(`lum.$app_domain`)
|
||||
traefik.http.routers.lum.service: lum
|
||||
traefik.http.routers.lum.tls: "true"
|
||||
traefik.http.routers.lum.tls.certresolver: $TRAEFIK_CERTRESOLV
|
||||
traefik.http.routers.lum.tls.certresolver: $traefik_svc_certresolver
|
||||
traefik.http.services.lum.loadbalancer.server.port: '80'
|
||||
|
||||
@ -1,29 +1,18 @@
|
||||
version: "3.7"
|
||||
|
||||
#networks:
|
||||
# ldap:
|
||||
# external: true
|
||||
# name: ${APP_LDAP_NETWORK}
|
||||
|
||||
services:
|
||||
|
||||
lum:
|
||||
image: wheelybird/ldap-user-manager:latest
|
||||
#restart: always
|
||||
|
||||
#networks:
|
||||
# ldap:
|
||||
|
||||
environment:
|
||||
- "SERVER_HOSTNAME=lum.$APP_TOP_DOMAIN"
|
||||
- "LDAP_URI=$LDAP_SERVER_URI"
|
||||
- "LDAP_BASE_DN=$LDAP_BASE_DN"
|
||||
- "SERVER_HOSTNAME=lum.$app_domain"
|
||||
- "LDAP_URI=$ldap_uri"
|
||||
- "LDAP_BASE_DN=$ldap_base_dn"
|
||||
- "LDAP_ADMINS_GROUP=admins"
|
||||
- "LDAP_ADMIN_BIND_DN=cn=admin,$LDAP_BASE_DN"
|
||||
- "LDAP_ADMIN_BIND_PWD=$LDAP_ADMIN_PASSWORD"
|
||||
#- "LDAP_ADMIN_BIND_PWD=admin"
|
||||
- "LDAP_ADMIN_BIND_DN=$ldap_admin_bind_dn"
|
||||
- "LDAP_ADMIN_BIND_PWD=$ldap_admin_bind_passwd"
|
||||
- "LDAP_IGNORE_CERT_ERRORS=true"
|
||||
- "NO_HTTPS=true"
|
||||
- "NO_HTTPS=true" # Tofix, we can't use: ldap_tls here ...
|
||||
- "ACCEPT_WEAK_PASSWORDS=true"
|
||||
|
||||
# MrJK Tweaking
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
services:
|
||||
librespeed:
|
||||
ports:
|
||||
#- ${APP_EXPOSE_PORT:-80}:80
|
||||
- ${APP_EXPOSE_IP:-0.0.0.0}:${APP_EXPOSE_PORT:-80}:80
|
||||
#- ${app_expose_port:-80}:80
|
||||
- ${app_expose_ip:-0.0.0.0}:${app_expose_port:-80}:80
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
|
||||
networks:
|
||||
ldap:
|
||||
name: ${APP_LDAP_NETWORK:-s3}
|
||||
name: ${net_ldap:-s3}
|
||||
|
||||
services:
|
||||
minio:
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
networks:
|
||||
front:
|
||||
external: true
|
||||
name: ${APP_PROXY_NETWORK:-traefik}
|
||||
name: ${net_proxy:-traefik}
|
||||
|
||||
services:
|
||||
minio:
|
||||
|
||||
@ -2,7 +2,7 @@ version: "3.9"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${APP_S3_NETWORK:-s3}
|
||||
name: ${net_ostorage:-s3}
|
||||
|
||||
|
||||
services:
|
||||
|
||||
@ -17,20 +17,20 @@ services:
|
||||
- ./lemonldap-logs:/var/log/nginx
|
||||
|
||||
environment:
|
||||
- SSODOMAIN=$APP_TOP_DOMAIN
|
||||
- PORTAL_HOSTNAME=auth.$APP_TOP_DOMAIN
|
||||
- MANAGER_HOSTNAME=lemon.$APP_TOP_DOMAIN
|
||||
- HANDLER_HOSTNAME=handler.$APP_TOP_DOMAIN
|
||||
- TEST1_HOSTNAME=mytest1.$APP_TOP_DOMAIN
|
||||
- TEST2_HOSTNAME=mytest2.$APP_TOP_DOMAIN
|
||||
- SSODOMAIN=$app_domain
|
||||
- PORTAL_HOSTNAME=auth.$app_domain
|
||||
- MANAGER_HOSTNAME=lemon.$app_domain
|
||||
- HANDLER_HOSTNAME=handler.$app_domain
|
||||
- TEST1_HOSTNAME=mytest1.$app_domain
|
||||
- TEST2_HOSTNAME=mytest2.$app_domain
|
||||
- LOGLEVEL=debug
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.http.routers.lemon.entrypoints: front-http,front-https
|
||||
#traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$APP_TOP_DOMAIN`)
|
||||
traefik.http.routers.lemon.rule: Host(`auth.$APP_TOP_DOMAIN`,`lemon.$APP_TOP_DOMAIN`,`handler.$APP_TOP_DOMAIN`)
|
||||
#traefik.http.routers.lemon.rule: Host(`lemon.$APP_TOP_DOMAIN`)
|
||||
#traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$app_domain`)
|
||||
traefik.http.routers.lemon.rule: Host(`auth.$app_domain`,`lemon.$app_domain`,`handler.$app_domain`)
|
||||
#traefik.http.routers.lemon.rule: Host(`lemon.$app_domain`)
|
||||
traefik.http.routers.lemon.service: lemon
|
||||
traefik.http.routers.lemon.tls: "true"
|
||||
traefik.http.routers.lemon.tls.certresolver: $TRAEFIK_CERTRESOLV
|
||||
traefik.http.routers.lemon.tls.certresolver: $traefik_svc_certresolver
|
||||
traefik.http.services.lemon.loadbalancer.server.port: '80'
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
name: ${APP_PROXY_NETWORK}
|
||||
name: ${net_proxy}
|
||||
|
||||
|
||||
services:
|
||||
@ -18,11 +18,11 @@ services:
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.http.routers.selfserve.entrypoints: front-http,front-https
|
||||
#traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$APP_TOP_DOMAIN`)
|
||||
traefik.http.routers.selfserve.rule: Host(`self.$APP_TOP_DOMAIN`)
|
||||
#traefik.http.routers.selfserve.rule: Host(`selfserve.$APP_TOP_DOMAIN`)
|
||||
#traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$app_domain`)
|
||||
traefik.http.routers.selfserve.rule: Host(`self.$app_domain`)
|
||||
#traefik.http.routers.selfserve.rule: Host(`selfserve.$app_domain`)
|
||||
traefik.http.routers.selfserve.service: selfserve
|
||||
traefik.http.routers.selfserve.tls: "true"
|
||||
traefik.http.routers.selfserve.tls.certresolver: $TRAEFIK_CERTRESOLV
|
||||
traefik.http.routers.selfserve.tls.certresolver: $traefik_svc_certresolver
|
||||
traefik.http.services.selfserve.loadbalancer.server.port: '80'
|
||||
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
version: "3.9"
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: ${app_network_name}
|
||||
#networks:
|
||||
# default:
|
||||
# name: ${app_network_name}
|
||||
|
||||
|
||||
services:
|
||||
@ -13,14 +13,15 @@ services:
|
||||
default:
|
||||
aliases:
|
||||
- ldap
|
||||
- $ldap_uri_server
|
||||
environment:
|
||||
- "LDAP_ORGANISATION=$LDAP_ORGANISATION"
|
||||
- "LDAP_DOMAIN=$LDAP_DOMAIN"
|
||||
- "LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD"
|
||||
- "LDAP_ORGANISATION=${ldap_domain:-$app_fqdn}"
|
||||
- "LDAP_DOMAIN=${ldap_domain:-$app_fqdn}"
|
||||
- "LDAP_ADMIN_PASSWORD=$ldap_admin_bind_passwd"
|
||||
- "LDAP_RFC2307BIS_SCHEMA=true"
|
||||
- "LDAP_REMOVE_CONFIG_AFTER_SETUP=true"
|
||||
- "LDAP_TLS_VERIFY_CLIENT=never"
|
||||
- "LDAP_TLS=false"
|
||||
- "LDAP_TLS=${ldap_tls:-false}"
|
||||
volumes:
|
||||
- $app_dir_conf:/etc/ldap/slapd.d
|
||||
- $app_dir_data:/var/lib/ldap
|
||||
|
||||
@ -6,13 +6,13 @@ services:
|
||||
environment:
|
||||
|
||||
# Custom ACME certificates
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}=true
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_EMAIL=${APP_ADMIN_EMAIL}
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_STORAGE=/data/acme-${TRAEFIK_CERTRESOLV}.json
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE=true
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_PROVIDER=${TRAEFIK_CERTRESOLV_PROVIDER}
|
||||
#- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
|
||||
#- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53"
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}=true
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_EMAIL=${app_admin_email}
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_STORAGE=/data/acme-${traefik_svc_certresolver}.json
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE=true
|
||||
- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_PROVIDER=${traefik_svc_certresolver_PROVIDER}
|
||||
#- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
|
||||
#- TRAEFIK_CERTIFICATESRESOLVERS_${traefik_svc_certresolver}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53"
|
||||
|
||||
# ACME credentials for ovh-eu
|
||||
# - OVH_ENDPOINT=ovh-eu
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user