Skip to content

guimard/llng-docker

BranchesTags

Repository files navigation

LemonLDAP::NG dockers

Some docker for a scalable Lemonldap::NG installation, ready to use with a Redis server to share sessions and a PostgreSQL server to share configuration. See docker-compose example.

List:

The yadd/lemonldap-ng-base isn't directly usable, just a base to build Lemonldap::NG components.

Image uses S6 overlay except PostgreSQL database, based on postgres:bookworm.

LemonLDAP::NG is installed using Debian backports packages, so using the last published version.

You can also use dev to build an image using the upstream repository. Set BRANCH to choose the upstream branch to clone.

Docker-compose examples:

1. Simple standalone LemonLDAP::NG

version: "3.4"

services:
  llng:
    image: yadd/lemonldap-ng-full
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    port: 80:80

2. Separate portal and manager, configuration shared by filesystem

In this example, manager is available on port 81, portal on port 80.

version: "3.4"

services:
  auth:
    image: yadd/lemonldap-ng-portal
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    volumes:
      - ./llng-var:/var/lib/lemonldap-ng
    port: 80:80

  auth:
    image: yadd/lemonldap-ng-manager
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    volumes:
      - ./llng-var:/var/lib/lemonldap-ng
    port: 81:80

3. Separate portal and manager using real databases

In this example, manager is available on port 81, portal on port 80. Configuration is stored in a PostgerSQL database, sessions in a Redis server. A crowdsec server is added to filter bad IP addresses.

version: "3.4"

services:
  db:
    image: yadd/lemonldap-ng-pg-database
    environment:
      - POSTGRES_PASSWORD=zz
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis

  auth:
    image: yadd/lemonldap-ng-portal
    depends_on:
      db:
        condition: service_healthy
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
      - CROWDSEC_SERVER=http://crowdsec:8080
      - CROWDSEC_KEY=myrandomstring
      - CROWDSEC_ACTION=reject
    port: 80:80

  manager:
    image: yadd/lemonldap-ng-manager
    depends_on:
      db:
        condition: service_healthy
      auth:
        condition: service_started
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
    port: 81:80

  crowdsec:
    image: crowdsecurity/crowdsec
    environment:
      - BOUNCER_KEY_llng=myrandomstring

4. Scalability

Here a haproxy server balance requests between 5 portals. It handles also he manager. To avoid multiplicating maintenance tasks, a yadd/lemonldap-ng-cron service handle them and portals are configured with PORTAL_CRON=no

version: "3.4"

services:
  db:
    image: yadd/lemonldap-ng-pg-database
    environment:
      - POSTGRES_PASSWORD=zz
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis

  portal:
    image: yadd/lemonldap-ng-portal
    depends_on:
      db:
        condition: service_healthy
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - PORTAL_CRON=no
      - CROWDSEC_SERVER=http://crowdsec:8080
      - CROWDSEC_KEY=myrandomstring
      - CROWDSEC_ACTION=reject
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
    scale: 5

  cron:
    image: yadd/lemonldap-ng-cron
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - PORTAL_CRON=no
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started

  manager:
    image: yadd/lemonldap-ng-manager
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
    depends_on:
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
      auth:
        condition: service_started

  crowdsec:
    image: crowdsecurity/crowdsec
    environment:
      - BOUNCER_KEY_llng=myrandomstring

  haproxy:
    image: haproxy:2.6-bullseye
    ports:
      - 80:80
    volumes:
      - ./haproxy:/usr/local/etc/haproxy:ro
    sysctls:
      - net.ipv4.ip_unprivileged_port_start=0
    depends_on:
      - portal
      - manager

Copyright and license

Copyright:

License: GNU General Public License v2.0

About

No description, website, or topics provided.

Resources

Readme

License

GPL-2.0 license

Security policy

Security policy
Activity

Stars

3 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases 10

ReCaptcha v3 Latest
Oct 25, 2024
+ 9 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages