yadd/lemonldap-ng-portal
Lemonldap::NG portal based on yadd/lemonldap-ng-base
This image is then scalable (see docker-compose example):
stable
: latest lemonldap-ng* packages from Debian backportsstable-no-s6
: the same without S6-overlay2.x.x
: versioned lemonldap-ng* packages from Debian backports2.x.x-no-s6
: the same without S6-overlayYou can also use the same tags with suffix "-hiperf" to use the portal with a better (but more resource intensive) engine.
SSODOMAIN
)PORTAL
)LOGLEVEL
)REDIS_SERVER
is set, change globalStorage
to Apache::Session::Browseable::Redis
and configure it (indexes given by REDIS_INDEXES
, default: "uid mail")PG_SERVER
is given ANDWhen running multiple portals using the same database, you should keep portal cron tasks only on one portal: Set environment variable
PORTAL_CRON
tono
in all portal containers except one (or use one of yadd/lemonldap-ng-cron or yadd/lemonldap-ng-cron-task).
NPROC
: the minimal number of FastCGI server to start (default: 7)ENGINE
: the FastCGI server engine. (default: FCGI).
You can try FCGI::Engine::ProcManager.
See also High performance portal.RELAY
: list of reverse-proxies to set. syntax: <servername>=https://<proxy-dest>/;<servername>=https://<proxy-dest>/...
See also yadd/lemonldap-ng-base
Example with Crowdsec enabled, Postgres database and Redis to share sessions.
version: "3.4"
services:
db:
image: yadd/lemonldap-ng-pg-database
environment:
- POSTGRES_PASSWORD=zz
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
redis:
image: redis
portal:
image: yadd/lemonldap-ng-portal
environment:
- PG_SERVER=db
- REDIS_SERVER=redis:6379
- LOGGER=stderr
- USERLOGGER=stderr
- CROWDSEC_SERVER=http://crowdsec:8080
- CROWDSEC_KEY=myrandomstring
- CROWDSEC_ACTION=reject
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
crowdsec:
condition: service_started
manager:
image: yadd/lemonldap-ng-manager
environment:
- PG_SERVER=db
- REDIS_SERVER=redis:6379
- LOGGER=stderr
- USERLOGGER=stderr
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
portal:
condition: service_started
crowdsec:
image: crowdsecurity/crowdsec
environment:
- BOUNCER_KEY_llng=myrandomstring
haproxy:
image: haproxy:2.6-bullseye
ports:
- 80:80
volumes:
- ./haproxy:/usr/local/etc/haproxy:ro
sysctls:
- net.ipv4.ip_unprivileged_port_start=0
depends_on:
- portal
- manager
Copyright:
License: GNU General Public License v2.0
docker pull yadd/lemonldap-ng-portal