mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-29 00:11:21 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
20f916ca345707b8fc7eaecb2700a9b511cefeac
opencloud/deployments/examples/ocis_ldap/docker-compose.yml
Ralf Haferkamp 91a0301ea0 Adapt deployment examples for new LDAP config
2022-04-11 18:17:21 +02:00

150 lines
5.6 KiB
YAML
Raw Blame History

---
version: "3.7"
services:
traefik:
image: traefik:v2.5
networks:
ocis-net:
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
# letsencrypt configuration
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
- "--certificatesResolvers.http.acme.storage=/certs/acme.json"
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http"
# enable dashboard
- "--api.dashboard=true"
# define entrypoints
- "--entryPoints.http.address=:80"
- "--entryPoints.http.http.redirections.entryPoint.to=https"
- "--entryPoints.http.http.redirections.entryPoint.scheme=https"
- "--entryPoints.https.address=:443"
# docker provider (get configuration from container labels)
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.routers.traefik.tls.certresolver=http"
- "traefik.http.routers.traefik.service=api@internal"
logging:
driver: "local"
restart: always
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
networks:
ocis-net:
depends_on:
- ldap-server
entrypoint:
- /bin/sh
- /entrypoint-override.sh
environment:
# CS3 users from ldap specific configuration
LDAP_URI: ldaps://ldap-server
LDAP_INSECURE: "true"
LDAP_BIND_DN: "cn=admin,dc=owncloud,dc=com"
LDAP_BIND_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
LDAP_GROUP_BASE_DN: "dc=owncloud,dc=com"
LDAP_GROUPFILTER: "(objectclass=owncloud)"
LDAP_GROUP_OBJECTCLASS: "groupOfUniqueNames"
LDAP_USER_BASE_DN: "dc=owncloud,dc=com"
LDAP_USERFILTER: "(objectclass=owncloud)"
LDAP_USER_OBEJECTCLASS: "inetOrgPerson"
LDAP_LOGIN_ATTRIBUTES: "uid,mail"
IDP_LDAP_LOGIN_ATTRIBUTE: "uid"
IDP_LDAP_UUID_ATTRIBUTE: "ownclouduuid"
IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary
PROXY_ACCOUNT_BACKEND_TYPE: cs3
# web ui
WEB_UI_CONFIG: "/var/tmp/ocis/.config/web-config.json"
# General oCIS config
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_DOMAIN: ${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# change default secrets
OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
# INSECURE: needed if oCIS / Traefik is using self generated certificates
OCIS_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# demo users
ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
volumes:
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
- ./config/ocis/web-config.dist.json:/config/web-config.dist.json
- ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml
- ocis-data:/var/lib/ocis
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.entrypoints=https"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)"
- "traefik.http.routers.ocis.tls.certresolver=http"
- "traefik.http.routers.ocis.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: "local"
restart: always
ldap-server:
image: osixia/openldap:latest
networks:
ocis-net:
command: --copy-service --loglevel debug
environment:
LDAP_TLS_VERIFY_CLIENT: never
LDAP_DOMAIN: owncloud.com
LDAP_ORGANISATION: ownCloud
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
LDAP_RFC2307BIS_SCHEMA: "true"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
ports:
- "127.0.0.1:389:389"
- "127.0.0.1:636:636"
volumes:
- ./config/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
logging:
driver: "local"
restart: always
ldap-manager:
image: osixia/phpldapadmin:0.9.0
networks:
ocis-net:
environment:
PHPLDAPADMIN_LDAP_HOSTS: ldap-server
PHPLDAPADMIN_HTTPS: "false"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ldap-manager.entrypoints=https"
- "traefik.http.routers.ldap-manager.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.owncloud.test}`)"
- "traefik.http.routers.ldap-manager.tls.certresolver=http"
- "traefik.http.routers.ldap-manager.service=ldap-manager"
- "traefik.http.services.ldap-manager.loadbalancer.server.port=80"
logging:
driver: "local"
restart: always
volumes:
certs:
ocis-data:
networks:
ocis-net:
Reference in New Issue View Git Blame Copy Permalink