Compare commits
27 Commits
master
...
mkdocs_aut
Author | SHA1 | Date |
---|---|---|
Michael Grote | 36b41fb1e0 | |
Michael Grote | 302e0da3ee | |
Michael Grote | 539923e05b | |
Michael Grote | 5bfb4a94ef | |
Michael Grote | b4a96f5075 | |
Michael Grote | 21d97816c2 | |
Michael Grote | a9b2e4e826 | |
Michael Grote | 35f0cca04c | |
Michael Grote | f812eb94ce | |
Michael Grote | 1fda98cdff | |
Michael Grote | b928915e03 | |
Michael Grote | e10e8c19eb | |
Michael Grote | 68ce37c8b3 | |
Michael Grote | 4c9d1d7329 | |
Michael Grote | 17e129462c | |
Michael Grote | 8bebb00257 | |
Michael Grote | 15ba8d9058 | |
Michael Grote | fb3d3ace42 | |
Michael Grote | eef278ba88 | |
Michael Grote | 290a341f02 | |
Michael Grote | 78790144d8 | |
Michael Grote | 5f46886412 | |
Michael Grote | 1b21aa441a | |
Michael Grote | 61ad5f14ce | |
Michael Grote | 53f38b332c | |
Michael Grote | 878899c644 | |
Michael Grote | 09a3cc1f2a |
|
@ -0,0 +1,59 @@
|
|||
version: '3'
|
||||
services:
|
||||
Keycloak:
|
||||
image: quay.io/keycloak/keycloak:23.0.2
|
||||
command: ['start-dev']
|
||||
environment:
|
||||
KC_DB_PASSWORD: password
|
||||
KC_DB_URL_HOST: keycloak-db
|
||||
KC_DB_USERNAME: keycloak
|
||||
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: password
|
||||
|
||||
KC_HOSTNAME: docker10.mgrote.net
|
||||
ports:
|
||||
- "8089:8080" # Externe-Portnummer:Interne-Portnummer
|
||||
depends_on:
|
||||
- keycloak-db
|
||||
container_name: keycloak-app
|
||||
volumes:
|
||||
- keycloak:/opt/keycloak/data
|
||||
networks:
|
||||
- intern
|
||||
- auth
|
||||
- traefik
|
||||
|
||||
keycloak-db:
|
||||
image: "postgres:16.2"
|
||||
container_name: keycloak-db
|
||||
environment:
|
||||
POSTGRES_DB: keycloak
|
||||
POSTGRES_USER: keycloak
|
||||
POSTGRES_PASSWORD: password
|
||||
volumes:
|
||||
- db16:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD", "pg_isready", "-U", "keycloak"]
|
||||
interval: 10s
|
||||
start_period: 30s
|
||||
networks:
|
||||
- intern
|
||||
|
||||
######## Volumes ########
|
||||
volumes:
|
||||
db16:
|
||||
keycloak:
|
||||
######## Networks ########
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
auth:
|
||||
external: true
|
||||
intern:
|
||||
# todo
|
||||
# prufen ob dier uzielcontsainer alle netwzwerke rbaucht
|
||||
# healtchecks
|
||||
# verison gesetzt
|
||||
# dashbaord
|
||||
# start-dev umstellen
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
services:
|
||||
######## App ########
|
||||
lldap:
|
||||
image: nitnelave/lldap:stable
|
||||
image: nitnelave/lldap:v0.5.0
|
||||
container_name: lldap-app
|
||||
restart: always
|
||||
ports:
|
||||
|
@ -37,9 +37,7 @@ services:
|
|||
LLDAP_SMTP_OPTIONS__PORT: 25
|
||||
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: NONE
|
||||
LLDAP_SMTP_OPTIONS__USER: info@mgrote.net
|
||||
labels:
|
||||
- com.centurylinklabs.watchtower.enable=true
|
||||
- com.centurylinklabs.watchtower.depends-on=lldap-db
|
||||
|
||||
######## DB ########
|
||||
lldap-db:
|
||||
image: mariadb:10.6.14
|
||||
|
@ -57,8 +55,6 @@ services:
|
|||
- MYSQL_INITDB_SKIP_TZINFO=1
|
||||
networks:
|
||||
- intern
|
||||
labels:
|
||||
- com.centurylinklabs.watchtower.enable=true
|
||||
|
||||
######## Volumes ########
|
||||
volumes:
|
||||
|
@ -71,3 +67,11 @@ networks:
|
|||
external: true
|
||||
mail-relay:
|
||||
external: true
|
||||
auth:
|
||||
external: true
|
||||
# ToDo
|
||||
# Secrets
|
||||
# db heraltcheck
|
||||
# https://github.com/lldap/lldap/blob/main/example_configs/keycloak.md
|
||||
# secrets in ekycloak anapssen
|
||||
# dashbaord
|
|
@ -52,6 +52,8 @@ services:
|
|||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
whoami: {}
|
||||
oauth2-proxy: {}
|
||||
######## Volumes ########
|
||||
volumes:
|
||||
acme_data:
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
version: "3"
|
||||
services:
|
||||
whoami:
|
||||
image: traefik/whoami
|
||||
container_name: whoami-app
|
||||
restart: always
|
||||
ports:
|
||||
- "4421:80"
|
||||
networks:
|
||||
auth:
|
||||
|
||||
# This docker-compose file can be used to bring up an example instance of oauth2-proxy
|
||||
# for manual testing and exploration of features.
|
||||
# Alongside OAuth2-Proxy, this file also starts Keycloak to act as the identity provider,
|
||||
# whoami as an example upstream.
|
||||
#
|
||||
# This can either be created using docker-compose
|
||||
# docker-compose -f docker-compose-keycloak.yaml <command>
|
||||
# Or:
|
||||
# make keycloak-<command> (eg. make keycloak-up, make keycloak-down)
|
||||
#
|
||||
# Access http://oauth2-proxy.localtest.me:4180 to initiate a login cycle using user=admin@example.com, password=password
|
||||
# Access http://keycloak.localtest.me:9080 with the same credentials to check out the settings
|
||||
oauth2-proxy: # dashbaord
|
||||
container_name: oauth2-proxy
|
||||
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
|
||||
command: --config /oauth2-proxy.cfg
|
||||
hostname: oauth2-proxy
|
||||
volumes:
|
||||
- "./oauth2-proxy-keycloak.cfg:/oauth2-proxy.cfg"
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 4180:4180/tcp
|
||||
networks:
|
||||
auth:
|
||||
######## Networks ########
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
||||
auth:
|
||||
external: true
|
||||
|
||||
# todo
|
||||
# prufen ob dier uzielcontsainer alle netwzwerke rbaucht
|
||||
# healtchecks
|
||||
# verison gesetzt
|
|
@ -0,0 +1,18 @@
|
|||
http_address="0.0.0.0:4180"
|
||||
cookie_secret="OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w="
|
||||
email_domains="example.com"
|
||||
cookie_secure="false"
|
||||
upstreams="http://whoami.localtest.me:8080"
|
||||
cookie_domains=[".localtest.me"] # Required so cookie can be read on all subdomains.
|
||||
whitelist_domains=[".localtest.me"] # Required to allow redirection back to original requested target.
|
||||
|
||||
# keycloak provider
|
||||
client_secret="72341b6d-7065-4518-a0e4-50ee15025608"
|
||||
client_id="oauth2-proxy"
|
||||
redirect_url="http://oauth2-proxy.localtest.me:4180/oauth2/callback"
|
||||
|
||||
# in this case oauth2-proxy is going to visit
|
||||
# http://keycloak.localtest.me:9080/auth/realms/master/.well-known/openid-configuration for configuration
|
||||
oidc_issuer_url="http://keycloak.localtest.me:9080/auth/realms/master"
|
||||
provider="oidc"
|
||||
provider_display_name="Keycloak"
|
|
@ -1,40 +0,0 @@
|
|||
version: '3'
|
||||
services:
|
||||
wiki-webserver:
|
||||
container_name: wiki-webserver
|
||||
image: httpd:2.4@sha256:ba846154ade27292d216cce2d21f1c7e589f3b66a4a643bff0cdd348efd17aa3
|
||||
restart: always
|
||||
networks:
|
||||
- traefik
|
||||
ports:
|
||||
- 8087:80
|
||||
volumes:
|
||||
- /docker/wiki/site:/usr/local/apache2/htdocs/
|
||||
# /docker/wiki/site ist ein lokales Verzeichnis auf docker10
|
||||
# dieser Verzeichnis wird direkt in der wiki ci gemountet
|
||||
# und die daten werden dort reingeschrieben
|
||||
labels:
|
||||
traefik.http.routers.wiki.rule: Host(`wiki2.mgrote.net`)
|
||||
traefik.enable: true
|
||||
traefik.http.routers.wiki.tls: true
|
||||
traefik.http.routers.wiki.tls.certresolver: resolver_letsencrypt
|
||||
traefik.http.routers.wiki.entrypoints: entry_https
|
||||
traefik.http.services.wiki.loadbalancer.server.port: 80
|
||||
|
||||
traefik.http.routers.wiki.middlewares: nforwardauth
|
||||
# traefik.http.routers.wiki.middlewares: ldap_auth
|
||||
#
|
||||
# # ldapAuth Options
|
||||
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.enabled: true
|
||||
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.logLevel: DEBUG
|
||||
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.url: ldap://lldap-app
|
||||
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.port: 3890
|
||||
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.baseDN: "ou=people,dc=grote,dc=lan"
|
||||
# traefik.http.middlewares.ldap_auth.plugin.ldapAuth.attribute: uid
|
||||
|
||||
com.centurylinklabs.watchtower.enable: true
|
||||
|
||||
######## Networks ########
|
||||
networks:
|
||||
traefik:
|
||||
external: true
|
|
@ -59,8 +59,6 @@ compose_files:
|
|||
- name: navidrome
|
||||
state: present
|
||||
network: traefik
|
||||
- name: watchtower
|
||||
state: absent
|
||||
- name: routeros-config-export
|
||||
state: present
|
||||
- name: mail-relay
|
||||
|
@ -72,9 +70,14 @@ compose_files:
|
|||
- name: wiki
|
||||
state: present
|
||||
network: traefik
|
||||
- name: statping-ng
|
||||
state: absent
|
||||
|
||||
- name: lldap
|
||||
state: present
|
||||
- name: whoami
|
||||
state: present
|
||||
network: auth
|
||||
- name: keycloak
|
||||
state: present
|
||||
network: auth
|
||||
### oefenweb.ufw
|
||||
ufw_rules:
|
||||
- rule: allow
|
||||
|
|
Loading…
Reference in New Issue