Add: OpenLdap and tools

minio/docker-compose.traefik.yml

@@ -0,0 +1,34 @@
+
+networks:
+  front:
+    external: true
+    name: ${APP_PROXY_NETWORK}
+
+services:
+  minio:
+    networks:
+      front:
+      default:
+    environment:
+     - MINIO_DOMAIN=minio.$APP_TOP_DOMAIN
+     - MINIO_SERVER_URL=https://minio.$APP_TOP_DOMAIN
+     - MINIO_BROWSER_REDIRECT_URL=https://minio-console.$APP_TOP_DOMAIN
+
+    labels:
+     - "traefik.enable=true"
+
+     # Console
+     - "traefik.http.routers.minio-console.rule=Host(`minio-console.$APP_TOP_DOMAIN`)"
+     - "traefik.http.routers.minio-console.entrypoints=front-https"
+     - "traefik.http.routers.minio-console.tls=true"
+     - "traefik.http.routers.minio-console.tls.certresolver=$TRAEFIK_CERTRESOLV"
+     - "traefik.http.routers.minio-console.service=minio-console"
+     - "traefik.http.services.minio-console.loadbalancer.server.port=9001"
+
+     # APi
+     - "traefik.http.routers.minio.rule=Host(`minio.$APP_TOP_DOMAIN`)"
+     - "traefik.http.routers.minio.entrypoints=front-https"
+     - "traefik.http.routers.minio.tls=true"
+     - "traefik.http.routers.minio.tls.certresolver=$TRAEFIK_CERTRESOLV"
+     - "traefik.http.routers.minio.service=minio"
+     - "traefik.http.services.minio.loadbalancer.server.port=9000"

minio/docker-compose.yml

@@ -0,0 +1,21 @@
+version: "3.9"
+
+networks:
+  default:
+    name: ${APP_MINIO_NETWORK}
+
+
+services:
+  minio:
+    image: quay.io/minio/minio:latest
+    command: server --console-address ":9001" /data
+    restart: always
+    volumes:
+     - ./data:/data
+     - ./config:/root/.minio
+    environment:
+     - MINIO_ROOT_USER=$MINIO_ROOT_USER
+     - MINIO_ROOT_PASSWORD=$MINIO_ROOT_PASSWORD
+     - MINIO_DOMAIN=minio.$APP_TOP_DOMAIN
+     - MINIO_SERVER_URL=https://minio.$APP_TOP_DOMAIN
+     - MINIO_BROWSER_REDIRECT_URL=https://minio-console.$APP_TOP_DOMAIN

openldap/.env

@@ -0,0 +1,11 @@
+APP_IMAGE=traefik
+APP_VERSION=v2.6.1
+
+APP_PUBLIC_IP="127.0.0.1"
+APP_NETWORK=''
+
+APP_DOMAIN=dev
+APP_ADMIN_EMAIL=admin@dev
+
+TRAEFIK_CERTRESOLV=default
+TRAEFIK_CERTRESOLV_PROVIDER=''

openldap/README.md

@@ -0,0 +1,10 @@
+# OpenLDAP Server
+
+
+## Self-serve configuration
+
+## LUM configuration
+
+For lUM, an initial config step is required:
+
+https://lum.dev.box/setup/

openldap/docker-compose.debug.yml

@@ -0,0 +1,4 @@
+services:
+  openldap:
+    command: --loglevel debug
+      

openldap/docker-compose.expose.yml

@@ -0,0 +1,5 @@
+services:
+  openldap:
+    ports:
+      - 389:389
+      

openldap/docker-compose.lemon-ldap.yml

@@ -0,0 +1,36 @@
+
+
+
+
+
+services:
+
+  lemon:
+    image: coudot/lemonldap-ng:2.0.14
+    restart: always
+
+    volumes:
+      - ./lemonldap-etc/:/etc/lemonldap-ng
+      - ./lemonldap-conf/:/var/lib/lemonldap-ng/conf
+        #- ./lemonldap-psessions/:/var/lib/lemonldap-ng/psessions
+        #- ./lemonldap-sessions/:/var/lib/lemonldap-ng/sessions
+      - ./lemonldap-logs:/var/log/nginx
+
+    environment:
+      - SSODOMAIN=$APP_TOP_DOMAIN
+      - PORTAL_HOSTNAME=auth.$APP_TOP_DOMAIN
+      - MANAGER_HOSTNAME=lemon.$APP_TOP_DOMAIN
+      - HANDLER_HOSTNAME=handler.$APP_TOP_DOMAIN
+      - TEST1_HOSTNAME=mytest1.$APP_TOP_DOMAIN
+      - TEST2_HOSTNAME=mytest2.$APP_TOP_DOMAIN
+      - LOGLEVEL=debug
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.lemon.entrypoints: front-http,front-https
+        #traefik.http.routers.lemon.rule: Host(`(auth|lemon|handler).$APP_TOP_DOMAIN`)
+      traefik.http.routers.lemon.rule: Host(`auth.$APP_TOP_DOMAIN`,`lemon.$APP_TOP_DOMAIN`,`handler.$APP_TOP_DOMAIN`)
+        #traefik.http.routers.lemon.rule: Host(`lemon.$APP_TOP_DOMAIN`)
+      traefik.http.routers.lemon.service: lemon
+      traefik.http.routers.lemon.tls: "true"
+      traefik.http.routers.lemon.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.services.lemon.loadbalancer.server.port: '80'

openldap/docker-compose.lum.yml

@@ -0,0 +1,40 @@
+
+
+networks:
+  proxy:
+    name: ${APP_PROXY_NETWORK}
+
+services:
+
+  manager:
+    image: wheelybird/ldap-user-manager:latest
+    restart: always
+
+    networks:
+      proxy:
+      default:
+
+    environment:
+      - "SERVER_HOSTNAME=lum.$APP_TOP_DOMAIN"
+      - "LDAP_URI=$LDAP_SERVER_URI"
+      - "LDAP_BASE_DN=$LDAP_BASE_DN"
+      - "LDAP_ADMINS_GROUP=admins"
+      - "LDAP_ADMIN_BIND_DN=cn=admin,$LDAP_BASE_DN"
+      - "LDAP_ADMIN_BIND_PWD=$LDAP_ADMIN_PASSWORD"
+        #- "LDAP_ADMIN_BIND_PWD=admin"
+      - "LDAP_IGNORE_CERT_ERRORS=true"
+      - "NO_HTTPS=true"
+      - "ACCEPT_WEAK_PASSWORDS=true"
+
+      # MrJK Tweaking
+      - "USERNAME_REGEX=^[a-z][a-zA-Z0-9._-]{2,32}$$"
+
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.lum.entrypoints: front-http,front-https
+      traefik.http.routers.lum.rule: Host(`lum.$APP_TOP_DOMAIN`)
+      traefik.http.routers.lum.service: lum
+      traefik.http.routers.lum.tls: "true"
+      traefik.http.routers.lum.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.services.lum.loadbalancer.server.port: '80'
+

openldap/docker-compose.self-service.yml

@@ -0,0 +1,28 @@
+
+networks:
+  proxy:
+    name: ${APP_PROXY_NETWORK}
+
+
+services:
+
+  selfservice:
+    image: docker.io/ltbproject/self-service-password:latest
+    restart: always
+    networks:
+      proxy:
+      default:
+
+    volumes:
+      - ./selfserve/config.inc.php:/var/www/conf/config.inc.local.php
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.selfserve.entrypoints: front-http,front-https
+        #traefik.http.routers.selfserve.rule: Host(`(auth|selfserve|handler).$APP_TOP_DOMAIN`)
+      traefik.http.routers.selfserve.rule: Host(`self.$APP_TOP_DOMAIN`)
+        #traefik.http.routers.selfserve.rule: Host(`selfserve.$APP_TOP_DOMAIN`)
+      traefik.http.routers.selfserve.service: selfserve
+      traefik.http.routers.selfserve.tls: "true"
+      traefik.http.routers.selfserve.tls.certresolver: $TRAEFIK_CERTRESOLV
+      traefik.http.services.selfserve.loadbalancer.server.port: '80'
+

openldap/docker-compose.yml

@@ -0,0 +1,27 @@
+version: "3.9"
+
+networks:
+  default:
+    name: ${APP_NETWORK}
+
+
+services:
+  openldap:
+    image: osixia/openldap:latest
+    restart: always
+    networks:
+      default:
+        aliases:
+          - ldap
+    environment:
+      - "LDAP_ORGANISATION=$LDAP_ORGANISATION"
+      - "LDAP_DOMAIN=$LDAP_DOMAIN"
+      - "LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD"
+      - "LDAP_RFC2307BIS_SCHEMA=true"
+      - "LDAP_REMOVE_CONFIG_AFTER_SETUP=true"
+      - "LDAP_TLS_VERIFY_CLIENT=never"
+      - "LDAP_TLS=false"
+    volumes:
+      - ./ldap_data:/var/lib/ldap
+      - ./ldap_config:/etc/ldap/slapd.d
+

traefik/.env

@@ -2,11 +2,10 @@ APP_IMAGE=traefik
 APP_VERSION=v2.6.1
 
 APP_PUBLIC_IP="127.0.0.1"
-APP_NETWORK=
+APP_NETWORK=''
 
 APP_DOMAIN=dev
 APP_ADMIN_EMAIL=admin@dev
 
-# Let's encrypt config
 TRAEFIK_CERTRESOLV=default
-TRAEFIK_CERTRESOLV_PROVIDER=
+TRAEFIK_CERTRESOLV_PROVIDER=''

traefik/docker-compose.debug.yml

@@ -5,4 +5,5 @@ services:
       - TRAEFIK_LOG_LEVEL=debug
       - TRAEFIK_ACCESSLOG=true
       - TRAEFIK_API_DEBUG=true
+      - TRAEFIK_ACCESSLOG_FILEPATH=
 

traefik/docker-compose.https.yml

@@ -4,6 +4,8 @@ services:
   traefik:
     ports:
       - "$APP_PUBLIC_IP:443:443"
+    labels:
+      - "traefik.http.routers.dashboard.tls=true"
     environment:
 
       # Entrypoints

traefik/docker-compose.yml

@@ -54,6 +54,6 @@ services:
       - "traefik.http.routers.dashboard.service=dashboard" # <== Enabling the api to be a service to access
       - "traefik.http.routers.dashboard.entrypoints=$TRAEFIK_ENTRYPOINTS"
       #- "traefik.http.routers.dashboard.tls=true"
-        #- "traefik.http.routers.dashboard.tls.certresolver=tls_barbu_it_net"
+      - "traefik.http.routers.dashboard.tls.certresolver=$TRAEFIK_CERTRESOLV"
       - "traefik.http.services.dashboard.loadbalancer.server.port=8080"