diff --git a/docker-compose.yml b/docker-compose.yml index bb16a0b..8a3db0f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -41,14 +41,43 @@ services: - ./init:/docker-entrypoint-initdb.d:z - ./data:/var/lib/postgresql/data:rw + # adminer + adminer: + container_name: guacamole-adminer + hostname: guacamole-adminer + depends_on: + - postgres + image: adminer + restart: always + networks: + - interne + labels: + - "traefik.enable=true" + - "traefik.docker.network=interne" +# HTTP + - "traefik.http.routers.adminer-http.rule=Host(`adminer.10.0.4.29.traefik.me`)" + - "traefik.http.routers.adminer-http.entrypoints=http" +# HTTPS + - "traefik.http.routers.adminer-https.rule=Host(`adminer.10.0.4.29.traefik.me`)" + - "traefik.http.routers.adminer-https.entrypoints=https" + - "traefik.http.routers.adminer-https.tls=true" + - "traefik.http.routers.adminer.service=adminer-service" +# Middleware +# Service + - "traefik.http.services.adminer-service.loadbalancer.server.port=8080" + # guacamole guacamole: - container_name: guacamole + container_name: guacamole-app + hostname: guacamole-app depends_on: - guacd - postgres environment: +### GUACD + GUACD_HOME: /guac_home GUACD_HOSTNAME: guacd +### PostgreSQL POSTGRES_HOSTNAME: postgres POSTGRESQL_PORT: 5432 POSTGRES_DATABASE: guacamole_db @@ -56,23 +85,25 @@ services: POSTGRES_PASSWORD: 'P@ssword!Here!123456' ### Active Directory # Controler de domaine - LDAP_HOSTNAME: "10.0.4.2" + LDAP_HOSTNAME: "10.0.4.4" LDAP_PORT: 389 LDAP_ENCRYPTION_METHOD: "none" + LDAP_MAX_SEARCH_RESULTS: "10000" # Recherche des utilisateurs - LDAP_USER_BASE_DN: "ou=utilisateurs,dc=tips-of-mine,dc=local" - LDAP_USERNAME_ATTRIBUTE: "userPrincipalName" - LDAP_USER_SEARCH_FILTER: "(&(objectClass=User)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=GDL-Guacamole-Access,OU=groupes,DC=tips-of-mine,DC=local))" + LDAP_USER_BASE_DN: "OU=Utilisateurs,OU=Societe,DC=tips-of-mine,DC=local" + LDAP_USERNAME_ATTRIBUTE: "samAccountName" + LDAP_USER_SEARCH_FILTER: "(&(objectClass=User)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=GDL-Guacamole-Access,OU=Guacamole,OU=Services,OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local))" # Utilisateur pour connexion AD - LDAP_SEARCH_BIND_DN: "cn=service-guacamole,ou=Services,ou=utilisateurs,dc=tips-of-mine,dc=local" + LDAP_SEARCH_BIND_DN: "CN=Service Guacamole,OU=Services,OU=Societe,DC=tips-of-mine,DC=local" LDAP_SEARCH_BIND_PASSWORD: "some_password" # Recherche des groupes - LDAP_GROUP_BASE_DN: "ou=groupes,dc=tips-of-mine,dc=local" + LDAP_GROUP_BASE_DN: "OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local" LDAP_GROUP_SEARCH_FILTER: "(objectClass=Group)" # LDAP_GROUP_NAME_ATTRIBUTE: "cn" -# LDAP_MEMBER_AATRIBUTE: "member" + LDAP_MEMBER_AATRIBUTE: "member" # Priority -# EXTENSION-PRIORITY: ldap +# EXTENSION_PRIORITY: ldap +### Extension Guacamole # TOTP_ENABLED: "true" # TOTP_ISSUER: "Guacamole IT Tips-Of-Mine" # TOTP_DIGITS: 6 @@ -83,7 +114,6 @@ services: - guacd networks: - interne - - externe # ports: ## enable next line if not using nginx ## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. @@ -92,15 +122,15 @@ services: restart: always volumes: - ./guacamole-config:/config + - ./guac_home:/guac_home labels: - "traefik.enable=true" - "traefik.docker.network=interne" # HTTP - - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.fr.dgs.group`)" + - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.10.0.4.29.traefik.me`)" - "traefik.http.routers.guacamole-http.entrypoints=http" - - "traefik.http.routers.guacamole-http.middlewares=" # HTTPS - - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.fr.dgs.group`)" + - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.10.0.4.29.traefik.me`)" - "traefik.http.routers.guacamole-https.entrypoints=https" - "traefik.http.routers.guacamole-https.service=guacamole-service" - "traefik.http.routers.guacamole-https.middlewares=guacamole-addprefix"