moony
/
dockerfiles
mirror of https://github.com/vimagick/dockerfiles
1
2
Fork 0
Code Issues Releases Wiki Activity

update openldap

This commit is contained in:
kev 2019-09-27 09:29:09 +08:00
parent d45838ce06
commit 70c4e53571
3 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
openldap/README.md
View File

@ -60,11 +60,14 @@ services:
phpldapadmin:
image: osixia/phpldapadmin
command: "--loglevel debug"
ports:
- "8080:80"
environment:
- PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
# PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
- PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
- PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_TRUST_PROXY_SSL=true
extra_hosts:
- ldap.easypi.pro:x.x.x.x
depends_on:
@ -72,7 +75,7 @@ services:
restart: always
```
> :warnning: I haven't figured out how to connect phpldapadmin to openladp via STARTTLS:
> :warnning: I haven't figured out how to connect [phpldapadmin][1] to openladp via STARTTLS:
>> openldap_1 | 5d8a7abe conn=1023 fd=12 ACCEPT from IP=172.29.0.1:59342 (IP=0.0.0.0:389)
>> openldap_1 | 5d8a7abe conn=1023 op=0 EXT oid=1.3.6.1.4.1.1466.20037
>> openldap_1 | 5d8a7abe conn=1023 op=0 STARTTLS
@ -118,3 +121,5 @@ dn:cn=admin,dc=ldap,dc=easypi,dc=pro
## References
- https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls
[1]: https://github.com/commandprompt/phpldapadmin/blob/master/config/config.php.example

5
openldap/docker-compose.yml
View File

@ -29,11 +29,14 @@ services:
phpldapadmin:
image: osixia/phpldapadmin
command: "--loglevel debug"
ports:
- "8080:80"
environment:
- PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
# PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
- PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
- PHPLDAPADMIN_HTTPS=false
- PHPLDAPADMIN_TRUST_PROXY_SSL=true
extra_hosts:
- ldap.easypi.pro:x.x.x.x
depends_on:

23
openldap/nginx.conf Normal file
View File

@ -0,0 +1,23 @@
server {
listen 80;
server_name ldap.easypi.pro;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name ldap.easypi.pro;
ssl_certificate ssl/easypi.pro/fullchain.pem;
ssl_certificate_key ssl/easypi.pro/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}