From 70c4e535719eff4dbf7d50486610b399c655a27e Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Fri, 27 Sep 2019 09:29:09 +0800
Subject: [PATCH] update openldap

---
 openldap/README.md          |  9 +++++++--
 openldap/docker-compose.yml |  5 ++++-
 openldap/nginx.conf         | 23 +++++++++++++++++++++++
 3 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 openldap/nginx.conf

diff --git a/openldap/README.md b/openldap/README.md
index 44b6a71..5c885aa 100644
--- a/openldap/README.md
+++ b/openldap/README.md
@@ -60,11 +60,14 @@ services:
   
   phpldapadmin:
     image: osixia/phpldapadmin
+    command: "--loglevel debug"
     ports:
       - "8080:80"
     environment:
-      - PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
+      # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
+      - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
       - PHPLDAPADMIN_HTTPS=false
+      - PHPLDAPADMIN_TRUST_PROXY_SSL=true
     extra_hosts:
       - ldap.easypi.pro:x.x.x.x
     depends_on:
@@ -72,7 +75,7 @@ services:
     restart: always
 ```
 
-> :warnning: I haven't figured out how to connect phpldapadmin to openladp via STARTTLS:
+> :warnning: I haven't figured out how to connect [phpldapadmin][1] to openladp via STARTTLS:
 >> openldap_1      | 5d8a7abe conn=1023 fd=12 ACCEPT from IP=172.29.0.1:59342 (IP=0.0.0.0:389)
 >> openldap_1      | 5d8a7abe conn=1023 op=0 EXT oid=1.3.6.1.4.1.1466.20037
 >> openldap_1      | 5d8a7abe conn=1023 op=0 STARTTLS
@@ -118,3 +121,5 @@ dn:cn=admin,dc=ldap,dc=easypi,dc=pro
 ## References
 
 - https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls
+
+[1]: https://github.com/commandprompt/phpldapadmin/blob/master/config/config.php.example
diff --git a/openldap/docker-compose.yml b/openldap/docker-compose.yml
index 574bbca..56f09af 100644
--- a/openldap/docker-compose.yml
+++ b/openldap/docker-compose.yml
@@ -29,11 +29,14 @@ services:
   
   phpldapadmin:
     image: osixia/phpldapadmin
+    command: "--loglevel debug"
     ports:
       - "8080:80"
     environment:
-      - PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
+      # PHPLDAPADMIN_LDAP_HOSTS=#PYTHON2BASH:[{'ldap.easypi.pro':[{'server':[{'tls':True}]}]}]
+      - PHPLDAPADMIN_LDAP_HOSTS=ldaps://ldap.easypi.pro/
       - PHPLDAPADMIN_HTTPS=false
+      - PHPLDAPADMIN_TRUST_PROXY_SSL=true
     extra_hosts:
       - ldap.easypi.pro:x.x.x.x
     depends_on:
diff --git a/openldap/nginx.conf b/openldap/nginx.conf
new file mode 100644
index 0000000..873548c
--- /dev/null
+++ b/openldap/nginx.conf
@@ -0,0 +1,23 @@
+server {
+    listen              80;
+    server_name         ldap.easypi.pro;
+    return 302          https://$host$request_uri;
+}
+
+server {
+    listen                 443 ssl;
+    server_name            ldap.easypi.pro;
+    ssl_certificate        ssl/easypi.pro/fullchain.pem;
+    ssl_certificate_key    ssl/easypi.pro/privkey.pem;
+    ssl_protocols          TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers            HIGH:!aNULL:!MD5;
+    location / {
+        proxy_pass         http://127.0.0.1:8080;
+        proxy_set_header   Host $host;
+        proxy_http_version 1.1;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection "upgrade";
+    }
+}