Last active
March 4, 2024 22:37
-
-
Save Wildcarde/600c4848370efdd8a767d924686f4a52 to your computer and use it in GitHub Desktop.
A quick docker compose for setting up openldap and ldap-ui behind traefik using tls termination for LDAPS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2' | |
| services: | |
| ldap: | |
| image: bitnami/openldap:2.6 | |
| env_file: .env | |
| networks: | |
| - default | |
| - proxy | |
| ports: | |
| - 1389:1389 | |
| # - 1636:1636 | |
| restart: unless-stopped | |
| healthcheck: | |
| test: "ldapsearch -x -b dc=nichebuilt,dc=club cn > /dev/null" | |
| interval: 30s | |
| retries: 2 | |
| timeout: 2s | |
| environment: | |
| BITNAMI_DEBUG: 'true' | |
| #volumes: ## will need to configure this if you want persistent storage for ldap | |
| # - ./openldap-data:/bitnami/openldap/ | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.tcp.routers.ldap-srv.entrypoints=ldaps" | |
| - "traefik.tcp.routers.ldap-srv.tls=true" | |
| - "traefik.tcp.routers.ldap-srv.tls.certresolver=letsencrypt-resolver" | |
| - "traefik.tcp.routers.ldap-srv.rule=HostSNI(`${SERVICE_HOSTNAME}`)" | |
| - "traefik.tcp.services.ldap-srv.loadbalancer.server.port=1389" | |
| - "traefik.docker.network=proxy" | |
| webgui: | |
| image: dnknth/ldap-ui | |
| restart: unless-stopped | |
| networks: | |
| - default | |
| - proxy | |
| ports: | |
| - 5000:5000 | |
| environment: | |
| LDAP_URL: 'ldap://ldap:1389/' | |
| BASE_DN: ${LDAP_ROOT} | |
| BIND_PATTERN: cn=%s,${LDAP_ROOT} | |
| healthcheck: | |
| test: "wget -q -O /dev/null http://localhost:5000" | |
| interval: 30s | |
| retries: 2 | |
| timeout: 2s | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.ldap-web-http.entrypoints=http" | |
| - "traefik.http.routers.ldap-web-https.entrypoints=https" | |
| - "traefik.http.routers.ldap-web-https.tls=true" | |
| - "traefik.http.routers.ldap-web-https.tls.certresolver=letsencrypt-resolver" | |
| - "traefik.http.routers.ldap-web-http.middlewares=ldap-web-redirectscheme@docker" | |
| - "traefik.http.routers.ldap-web-http.rule=Host(`${SERVICE_HOSTNAME}`)" | |
| - "traefik.http.routers.ldap-web-https.rule=Host(`${SERVICE_HOSTNAME}`)" | |
| - "traefik.http.middlewares.ldap-web-redirectscheme.redirectscheme.scheme=https" | |
| - "traefik.http.middlewares.ldap-web-redirectscheme.redirectscheme.permanent=true" | |
| - "traefik.http.services.ldap-web.loadbalancer.server.port=5000" | |
| - "traefik.docker.network=proxy" | |
| networks: | |
| proxy: | |
| external: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| api: | |
| dashboard: true | |
| insecure: true | |
| entryPoints: | |
| http: | |
| address: ":80" | |
| https: | |
| address: ":443" | |
| ldaps: #need to add this in order to allow for forwarding and termination | |
| address: ":1636/tcp" | |
| providers: | |
| docker: | |
| watch: true | |
| endpoint: "unix:///var/run/docker.sock" | |
| exposedByDefault: false | |
| network: proxy | |
| file: | |
| directory: /etc/traefik/dynamic | |
| watch: false | |
| http: | |
| middlewares: | |
| https-redirect: | |
| redirectscheme: | |
| scheme: https | |
| permanent: true | |
| certificatesResolvers: | |
| letsencrypt-resolver: | |
| acme: | |
| email: xxxx@xxx.xxx | |
| storage: /letsencrypt/acme.json | |
| httpChallenge: | |
| entryPoint: http |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment