FunctionalHacker/dotfiles
FunctionalHacker/dotfiles
2
0
Fork 0
Code Issues Pull requests Releases Activity

Switch from openldap to authentik

Browse source
This commit is contained in:
Marko Korhonen 2021-11-20 18:43:09 +02:00
parent fd56cd7631
commit 899f83d60d
4 changed files with 85 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docker/auth/.gitignore vendored
View file

@ -1,2 +0,0 @@
.ldap_admin_password_secret
.ldap_read_only_password_secret

44
docker/auth/docker-compose.yaml
View file

@ -1,44 +0,0 @@
version: "3.8"
services:
openldap:
container_name: openldap
image: osixia/openldap:1.5.0
restart: always
hostname: ldap.korhonen.cc
ports:
- "389:389"
- "636:636"
environment:
- LDAP_ORGANISATION=Korhonen
- LDAP_DOMAIN=korhonen.cc
- LDAP_ADMIN_PASSWORD_FILE=/run/secrets/ldap_admin_password
- LDAP_READ_ONLY_USER=true
- LDAP_READ_ONLY_USER_USERNAME=ldap-ro
- LDAP_READ_ONLY_USER_PASSWORD_FILE=/run/secrets/ldap_read_only_password
secrets:
- ldap_admin_password
- ldap_read_only_password
volumes:
- "/docker/auth/openldap/ldap:/var/lib/ldap"
- "/docker/auth/openldap/slapd.d/:/etc/ldap/slapd.d"
- "/docker/auth/openldap/lidf:/data/ldif"
phpldapadmin:
container_name: phpldapadmin
image: osixia/phpldapadmin
environment:
- PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_HOSTS=openldap
ports:
- "4588:80"
networks:
auth:
external: true
secrets:
ldap_admin_password:
file: ./.ldap_admin_password_secret
ldap_read_only_password:
file: ./.ldap_read_only_password_secret

84
docker/authentik/docker-compose.yaml Normal file
View file

@ -0,0 +1,84 @@
services:
redis:
container_name: authentik-redis
image: redis:alpine
restart: unless-stopped
networks:
- authentik
authentik:
container_name: authentik
image: ${AUTHENTIK_IMAGE:-goauthentik.io/server}:${AUTHENTIK_TAG:-2021.10.4}
restart: unless-stopped
command: server
volumes:
- /docker/authentik/media:/media
- /docker/authentik/custom-templates:/templates
- /docker/authentik/geoip:/geoip
env_file:
- .env
networks:
- authentik
- postgres
- proxy
ports:
- 9000:9000
labels:
- "traefik.enable=true"
- "traefik.http.routers.authentik-redirect.entrypoints=http"
- "traefik.http.routers.authentik-redirect.rule=Host(`sso.korhonen.cc`)"
- "traefik.http.middlewares.http2https.redirectscheme.scheme=https"
- "traefik.http.routers.authentik-redirect.middlewares=http2https"
- "traefik.http.routers.authentik.entrypoints=https"
- "traefik.http.routers.authentik.rule=Host(`sso.korhonen.cc`)"
- "traefik.http.routers.authentik.service=authentik"
- "traefik.docker.network=proxy"
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
authentik-worker:
container_name: authentik-worker
image: ${AUTHENTIK_IMAGE:-goauthentik.io/server}:${AUTHENTIK_TAG:-2021.10.4}
restart: unless-stopped
command: worker
networks:
- authentik
- postgres
user: root
volumes:
- /docker/authentik/backups:/backups
- /docker/authentik/media:/media
- /var/run/docker.sock:/var/run/docker.sock
- /docker/authentik/custom-templates:/templates
- /docker/authentik/geoip:/geoip
environment:
- AUTHENTIK_POSTGRESQL__HOST
- AUTHENTIK_POSTGRESQL__USER
- AUTHENTIK_POSTGRESQL__NAME
- AUTHENTIK_POSTGRESQL__PASSWORD
- AUTHENTIK_SECRET_KEY
env_file:
- .env
geoipupdate:
container_name: authentik-geoip
image: "maxmindinc/geoipupdate:latest"
volumes:
- /docker/authentik/geoip:/usr/share/GeoIP
environment:
GEOIPUPDATE_EDITION_IDS: "GeoLite2-City"
GEOIPUPDATE_FREQUENCY: "8"
env_file:
- .env
networks:
- authentik
networks:
authentik:
internal: true
postgres:
external: true
proxy:
external: true

2
dotdrop

@ -1 +1 @@
Subproject commit 24b43522a4f7f4294d2b5e3df18586c81476a984
Subproject commit 171f3df7eba99497c0fc42e60a18d8f8c7de055d