Some docker for a scalable Lemonldap::NG installation, ready to use with a Redis server to share sessions and a PostgreSQL server to share configuration. See docker-compose example.
List:
- yadd/lemonldap-ng-portal: the portal
- yadd/lemonldap-ng-manager: the manager
- yadd/lemonldap-ng-full: the portal and the manager in the same image
- yadd/lemonldap-ng-ssoaas-fastcgi-server: a FastCGI server to enable SSOaaS
- yadd/lemonldap-ng-pg-database: a ready to use PostgreSQL database
- yadd/lemonldap-ng-cron: a simple LLNG maintenance tasks runner, to be used if tasks are disabled on portals. See examples.
The yadd/lemonldap-ng-base isn't directly usable, just a base to build Lemonldap::NG components.
Image uses S6 overlay except PostgreSQL database, based on postgres:bookworm.
LemonLDAP::NG is installed using Debian backports packages, so using the last published version.
You can also use dev to build an image using the upstream repository.
Set BRANCH to choose the upstream branch to clone.
version: "3.4"
services:
llng:
image: yadd/lemonldap-ng-full
environment:
- LOGGER=stderr
- USERLOGGER=stderr
port: 80:80In this example, manager is available on port 81, portal on port 80.
version: "3.4"
services:
auth:
image: yadd/lemonldap-ng-portal
environment:
- LOGGER=stderr
- USERLOGGER=stderr
volumes:
- ./llng-var:/var/lib/lemonldap-ng
port: 80:80
auth:
image: yadd/lemonldap-ng-manager
environment:
- LOGGER=stderr
- USERLOGGER=stderr
volumes:
- ./llng-var:/var/lib/lemonldap-ng
port: 81:80In this example, manager is available on port 81, portal on port 80. Configuration is stored in a PostgerSQL database, sessions in a Redis server. A crowdsec server is added to filter bad IP addresses.
version: "3.4"
services:
db:
image: yadd/lemonldap-ng-pg-database
environment:
- POSTGRES_PASSWORD=zz
healthcheck:
test: "exit 0"
redis:
image: redis
auth:
image: yadd/lemonldap-ng-portal
environment:
- PG_SERVER=db
- REDIS_SERVER=redis:6379
- LOGGER=stderr
- USERLOGGER=stderr
- CROWDSEC_SERVER=http://crowdsec:8080
- CROWDSEC_KEY=myrandomstring
- CROWDSEC_ACTION=reject
port: 80:80
manager:
image: yadd/lemonldap-ng-manager
environment:
- PG_SERVER=db
- REDIS_SERVER=redis:6379
- LOGGER=stderr
- USERLOGGER=stderr
port: 81:80
crowdsec:
image: crowdsecurity/crowdsec
environment:
- BOUNCER_KEY_llng=myrandomstringHere a haproxy server balance requests between
5 portals. It handles also he manager.
To avoid multiplicating maintenance tasks, a yadd/lemonldap-ng-cron
service handle them and portals are configured with PORTAL_CRON=no
version: "3.4"
services:
db:
image: yadd/lemonldap-ng-pg-database
environment:
- POSTGRES_PASSWORD=zz
healthcheck:
test: "exit 0"
redis:
image: redis
portal:
image: yadd/lemonldap-ng-portal
environment:
- LOGGER=stderr
- USERLOGGER=stderr
- PG_SERVER=db
- REDIS_SERVER=redis:6379
- PORTAL_CRON=no
- CROWDSEC_SERVER=http://crowdsec:8080
- CROWDSEC_KEY=myrandomstring
- CROWDSEC_ACTION=reject
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
scale: 5
cron:
image: yadd/lemonldap-ng-cron
environment:
- LOGGER=stderr
- USERLOGGER=stderr
- PG_SERVER=db
- REDIS_SERVER=redis:6379
- PORTAL_CRON=no
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
manager:
image: yadd/lemonldap-ng-manager
environment:
- LOGGER=stderr
- USERLOGGER=stderr
- PG_SERVER=db
- REDIS_SERVER=redis:6379
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
crowdsec:
image: crowdsecurity/crowdsec
environment:
- BOUNCER_KEY_llng=myrandomstring
haproxy:
image: haproxy:2.6-bullseye
ports:
- 80:80
volumes:
- ./haproxy:/usr/local/etc/haproxy:ro
sysctls:
- net.ipv4.ip_unprivileged_port_start=0
depends_on:
- portal
- managerCopyright:
- 2018-2023, Xavier Guimard yadd@debian.org
- 2023, LINAGORA https://linagora.com
License: GNU General Public License v2.0
