blacklabelops/crowd
"Users can come from anywhere: Active Directory, LDAP, Crowd itself, or any mix thereof. Control permissions to all your applications in one place – Atlassian, Subversion, Google Apps, or your own apps." - [Source]
Version | Tags | Dockerfile |
---|---|---|
2.12.0 | 2.12.0, latest | Dockerfile |
Older tags remain but are not supported/rebuild.
You may also like:
Docker-Compose:
$ curl -O https://raw.githubusercontent.com/blacklabelops/crowd/master/docker-compose.yml
$ docker-compose up -d
Crowd will be available at http://yourdockerhost:8095
Docker-CLI:
Just type and follow the manual installation procedure in your browser:
$ docker run -d -p 8095:8095 --name crowd blacklabelops/crowd
Point your browser to http://yourdockerhost:8095
Firstly, start the database server for Crowd:
Note: Change Password!
$ docker run --name postgres_crowd -d \
-e 'POSTGRES_DB=crowddb' \
-e 'POSTGRES_USER=crowddb' \
-e 'POSTGRES_PASSWORD=jellyfish' \
blacklabelops/postgres
Secondly, start Crowd:
$ docker run -d --name crowd \
--link postgres_crowd:postgres_crowd \
-p 8095:8095 blacklabelops/crowd
Starts Crowd and links it to the postgresql instances. JDBC URL: jdbc:postgresql://postgres_crowd/crowddb
Thirdly, configure your Crowd yourself and fill it with a test license.
Point your browser to http://yourdockerhost:8095
Set up Crowd
New installation
Database configuration
choose JDBC connection
and fill out the form:org.postgresql.Driver
jdbc:postgresql://postgres_crowd:5432/crowddb
crowddb
jellyfish
org.hibernate.dialect.PostgreSQLDialect
Options
choose http://localhost:8095/crowd
for field Base URL
otherwise you won't be able to connect later on.Set the Splash Screens context to empty string and crowd to root context.
$ docker run -d --name crowd \
-e "CROWD_URL=http://localhost:8095" \
-e "SPLASH_CONTEXT=" \
-e "CROWD_CONTEXT=ROOT" \
-p 8095:8095 blacklabelops/crowd
Splash context will never be shown, crowd will be shown under http://youdockerhost:8095/
Disable all contexts to make sub application inaccessible (e.g. you do not use them)
You can disable applications by setting their context to empty string:
Example:
$ docker run -d --name crowd \
-e "CROWD_URL=http://localhost:8095" \
-e "SPLASH_CONTEXT=" \
-e "CROWD_CONTEXT=ROOT" \
-e "CROWDID_CONTEXT=" \
-e "OPENID_CLIENT_CONTEXT=" \
-p 8095:8095 blacklabelops/crowd
Subapplications will not be accessible anymore. Crowd will run under root context under http://youdockerhost:8095/
Crowd requires that you install a CA Certificate if you want to allow crowd to add users, or change passwords, in Active Directory (More information).
This is done automatically for any certificates that are present in the 'certs' directory in your persistant volume. For example, if you had called your volume 'crowd', you simply need to copy the certificate to /var/lib/dockers/volumes/crowd/_data/certs (if you are using the default storage location).
You can validate that you have exported the correct certificate by checking that the 'CA' attribute is set to true
[root@docker2 volumes]# openssl x509 -in crowd/_data/certs/client.crt -inform der -text -noout | grep CA:
CA:TRUE
[root@docker volumes]#
You will see the certificate being imported when the container is started.
You can specify your proxy host and proxy port with the environment variables CROWD_PROXY_NAME and CROWD_PROXY_PORT. The value will be set inside the Atlassian server.xml at startup!
When you use https then you also have to include the environment variable CROWD_PROXY_SCHEME.
Example HTTPS:
Just type:
$ docker run -d --name crowd \
-e "CROWD_PROXY_NAME=myhost.example.com" \
-e "CROWD_PROXY_PORT=443" \
-e "CROWD_PROXY_SCHEME=https" \
blacklabelops/crowd
Will set the values inside the server.xml in /opt/crowd/.../server.xml
This is an example on running Atlassian Crowd behind NGINX with 2 Docker commands!
First start Crowd:
$ docker run -d --name crowd \
-e "CROWD_PROXY_NAME=192.168.99.100" \
-e "CROWD_PROXY_PORT=80" \
-e "CROWD_PROXY_SCHEME=http" \
blacklabelops/crowd
Example with dockertools
Then start NGINX:
$ docker run -d \
-p 80:80 \
--name nginx \
--link crowd:crowd \
-e "SERVER1REVERSE_PROXY_LOCATION1=/" \
-e "SERVER1REVERSE_PROXY_PASS1=http://crowd:8095" \
blacklabelops/nginx
Crowd will be available at http://192.168.99.100.
This is an example on running Atlassian Crowd behind NGINX-HTTPS with2 Docker commands!
Note: This is a self-signed certificate! Trusted certificates by letsencrypt are supported. Documentation can be found here: blacklabelops/nginx
First start Crowd:
$ docker run -d --name crowd \
-e "CROWD_PROXY_NAME=192.168.99.100" \
-e "CROWD_PROXY_PORT=80" \
-e "CROWD_PROXY_SCHEME=http" \
blacklabelops/crowd
Example with dockertools
Then start NGINX:
$ docker run -d \
-p 443:443 \
--name nginx \
--link crowd:crowd \
-e "SERVER1REVERSE_PROXY_LOCATION1=/" \
-e "SERVER1REVERSE_PROXY_PASS1=http://crowd:8095" \
-e "SERVER1CERTIFICATE_DNAME=/CN=CrustyClown/OU=SpringfieldEntertainment/O=crusty.springfield.com/L=Springfield/C=US" \
-e "SERVER1HTTPS_ENABLED=true" \
-e "SERVER1HTTP_ENABLED=false" \
blacklabelops/nginx
Crowd will be available at https://192.168.99.100.
The full feature list is documented here as this image is feature identical with the atlassian example: Readme.md
Leave a message and ask questions on Hipchat: blacklabelops/hipchat
This project is very grateful for code and examples from the repositories:
docker pull blacklabelops/crowd