docker
Hub
ctrl+K
Sign inSign up

yadd/lemonldap-ng-portal

By yadd

Updated 4 days ago

LemonLDAP::NG Portal

Image

10K+

OverviewTags

yadd/lemonldap-ng-portal

Lemonldap::NG portal based on yadd/lemonldap-ng-base

This image is then scalable (see docker-compose example):

Tags

  • stable: latest lemonldap-ng* packages from Debian backports
  • stable-no-s6: the same without S6-overlay
  • 2.x.x: versioned lemonldap-ng* packages from Debian backports
  • 2.x.x-no-s6: the same without S6-overlay

You can also use the same tags with suffix "-hiperf" to use the portal with a better (but more resource intensive) engine.

Features (inherited from yadd/lemonldap-ng-base)

  • Update current configuration using given variables :
    • set domain (SSODOMAIN)
    • set portal (PORTAL)
    • set log level (LOGLEVEL)
    • if REDIS_SERVER is set, change globalStorage to Apache::Session::Browseable::Redis and configure it (indexes given by REDIS_INDEXES, default: "uid mail")
  • Upload local configuration into PostgreSQL database if:
    • PG_SERVER is given AND
    • PostgreSQL table is empty

Variables and default values

When running multiple portals using the same database, you should keep portal cron tasks only on one portal: Set environment variable PORTAL_CRON to no in all portal containers except one (or use one of yadd/lemonldap-ng-cron or yadd/lemonldap-ng-cron-task).

  • NPROC: the minimal number of FastCGI server to start (default: 7)
  • ENGINE: the FastCGI server engine. (default: FCGI). You can try FCGI::Engine::ProcManager. See also High performance portal.
  • RELAY: list of reverse-proxies to set. syntax: <servername>=https://<proxy-dest>/;<servername>=https://<proxy-dest>/...

See also yadd/lemonldap-ng-base

Docker-compose example

Example with Crowdsec enabled, Postgres database and Redis to share sessions.

version: "3.4"

services:
  db:
    image: yadd/lemonldap-ng-pg-database
    environment:
      - POSTGRES_PASSWORD=zz
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
    image: redis
  portal:
    image: yadd/lemonldap-ng-portal
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
      - CROWDSEC_SERVER=http://crowdsec:8080
      - CROWDSEC_KEY=myrandomstring
      - CROWDSEC_ACTION=reject
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
      crowdsec:
        condition: service_started
  manager:
    image: yadd/lemonldap-ng-manager
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
      portal:
        condition: service_started

  crowdsec:
    image: crowdsecurity/crowdsec
    environment:
      - BOUNCER_KEY_llng=myrandomstring

  haproxy:
    image: haproxy:2.6-bullseye
    ports:
      - 80:80
    volumes:
      - ./haproxy:/usr/local/etc/haproxy:ro
    sysctls:
      - net.ipv4.ip_unprivileged_port_start=0
    depends_on:
      - portal
      - manager

Repository and bug reports

Copyright and license

Copyright:

License: GNU General Public License v2.0

Docker Pull Command

docker pull yadd/lemonldap-ng-portal