Gists/Authelia+OpenLDAP+WebUI.yml

116 lines
3.3 KiB
YAML

services:
authelia:
image: authelia/authelia
container_name: authelia
volumes:
- ./authelia:/config
networks:
- default
labels:
traefik.enable: true
traefik.http.routers.authelia.rule: Host(`auth.domain.tld`)
traefik.http.routers.authelia.entrypoints: https
traefik.http.routers.authelia.tls: true
#traefik.http.routers.authelia.middlewares: security@file
traefik.http.services.authelia.loadbalancer.server.port: 9091
expose:
- 9091
depends_on:
- openldap
- postgres
- redis
restart: always
environment:
- TZ=Europe/Lisbon
redis:
image: redis:alpine
container_name: redis
volumes:
- ./redis:/data
networks:
- default
expose:
- 6379
restart: always
environment:
- TZ=Europe/Lisbon
postgres:
image: postgres
container_name: auth_postgres
restart: always
environment:
- POSTGRES_USER=authelia
- POSTGRES_PASSWORD=authelia
- POSTGRES_DB=authelia
networks:
- default
volumes:
- ./postgres:/var/lib/postgresql/data
openldap:
image: osixia/openldap:latest
container_name: openldap
volumes:
- ./ldap/db:/var/lib/ldap
- ./ldap/conf:/etc/ldap/slapd.d
networks:
- default
expose:
- 389
- 636
restart: always
environment:
TZ: "Europe/Lisbon"
LDAP_ORGANISATION: "" # Org name
LDAP_DOMAIN: "" # domain.tld
LDAP_BASE_DN: "dc=domain,dc=tld" # edit domain tld
LDAP_ADMIN_PASSWORD: "" # password for admin@domain.tld
LDAP_CONFIG_PASSWORD: "" # password for config (not sure what this does)
LDAP_READONLY_USER: "false"
LDAP_READONLY_USER_USERNAME: "readonly"
LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_RFC2307BIS_SCHEMA: "true"
LDAP_BACKEND: "mdb"
LDAP_REPLICATION: "false"
KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
ldap-user-manager:
image: wheelybird/ldap-user-manager:v1.4
container_name: ldap-user-manager
networks:
- default
expose:
- 80
- 443
restart: always
depends_on:
- openldap
environment:
TZ: "Europe/Lisbon"
SERVER_HOSTNAME: "ldap.domain.tld" # url for webui
ORGANISATION_NAME: "" # Org name
LDAP_URI: "ldap://openldap"
LDAP_BASE_DN: "dc=domain,dc=tld" # edit domain tld same as above
LDAP_REQUIRE_STARTTLS: "FALSE"
LDAP_ADMINS_GROUP: "admins" # admin group
LDAP_ADMIN_BIND_DN: "cn=admin,dc=domain,dc=tld" # edit domain tld
LDAP_ADMIN_BIND_PWD: "" # admin password set above
LDAP_USES_NIS_SCHEMA: "false"
EMAIL_DOMAIN: "gmail.com" # email @this.part.here
NO_HTTPS: "true"
SMTP_HOSTNAME: "" # email SMTP
SMTP_HOST_PORT: 465
SMTP_USERNAME: "" # email username (usually your email)
SMTP_PASSWORD: "" #email password
SMTP_USE_TLS: "true"
EMAIL_FROM_ADDRESS: "" # your email address
labels:
traefik.enable: true
traefik.http.routers.ldap-user-manager.rule: Host(`ldap.domain.tld`)
traefik.http.routers.ldap-user-manager.entrypoints: https
traefik.http.routers.ldap-user-manager.tls: true
#traefik.http.routers.ldap-user-manager.middlewares: security@file
traefik.http.services.ldap-user-manager.loadbalancer.server.port: 80