Correction

2024-04-21 17:14:48 +02:00
parent 8a25f53c99
commit 8a524c3e51
11 changed files with 357 additions and 141 deletions
--- a/Controle-A-Distance/Guacamole/docker-compose-traefik.yml
+++ b/Controle-A-Distance/Guacamole/docker-compose-traefik.yml
@@ -0,0 +1,166 @@
+#### NETWORKS
+networks:
+  docker-traefik_front_network:
+    external: true
+  back_network:
+    driver: bridge
+    attachable: true
+
+#### SERVICES
+services:
+
+### guacd
+  guacd:
+    container_name: guacamole-guacd
+    hostname: guacamole-guacd
+    image: guacamole/guacd:latest
+    networks:
+    - back_network
+    restart: always
+    volumes:
+    - ./drive:/drive:rw
+    - ./record:/var/lib/guacamole/recordings:rw
+
+### postgres
+  postgres:
+    container_name: guacamole-postgres
+    hostname: guacamole-postgres
+    environment:
+      PGDATA: /var/lib/postgresql/data/guacamole
+      POSTGRES_DB: guacamole_db
+      POSTGRES_PASSWORD: 'P@ssword!Here!123456'
+      POSTGRES_USER: guacamole_user
+      TZ: Europe/Paris
+    image: postgres:15.6-alpine
+    networks:
+    - back_network
+    restart: always
+    volumes:
+    - ./init:/docker-entrypoint-initdb.d:ro
+    - ./data:/var/lib/postgresql/data:rw
+
+### adminer
+  adminer:
+    container_name: guacamole-adminer
+    hostname: guacamole-adminer
+    depends_on:
+    - postgres
+    image: adminer
+    restart: always
+    networks:
+    - back_network
+    - docker-traefik_front_network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=docker-traefik_front_network"
+# HTTP
+#      - "traefik.http.routers.adminer-http.rule=Host(`adminer.10.0.4.29.traefik.me`)"
+      - "traefik.http.routers.adminer-http.rule=Host(`adminer.tips-of-mine.local`)"
+
+      - "traefik.http.routers.adminer-http.entrypoints=http"
+# HTTPS
+#      - "traefik.http.routers.adminer-https.rule=Host(`adminer.10.0.4.29.traefik.me`)"
+      - "traefik.http.routers.adminer-https.rule=Host(`adminer.tips-of-mine.local`)"
+      - "traefik.http.routers.adminer-https.entrypoints=https"
+      - "traefik.http.routers.adminer-https.tls=true"
+      - "traefik.http.routers.adminer.service=adminer-service"
+# Middleware
+# Service
+      - "traefik.http.services.adminer-service.loadbalancer.server.port=8080"
+
+### guacamole
+  guacamole:
+    container_name: guacamole-app
+    hostname: guacamole-app
+    depends_on:
+    - guacd
+    - postgres
+    environment:
+### GUACD
+      GUACD_HOME: "/opt/guac_home"
+      GUACD_HOSTNAME: guacd
+      RECORDING_SEARCH_PATH: "/var/lib/guacamole/recordings"
+### PostgreSQL
+      POSTGRES_HOSTNAME: postgres
+      POSTGRESQL_PORT: 5432
+      POSTGRES_DATABASE: guacamole_db
+      POSTGRES_USER: guacamole_user
+      POSTGRES_PASSWORD: 'P@ssword!Here!123456'
+### Active Directory
+# Controler de domaine
+#      LDAP_HOSTNAME: "10.0.4.4"
+#      LDAP_PORT: 389
+#      LDAP_ENCRYPTION_METHOD: "none"
+#      LDAP_MAX_SEARCH_RESULTS: "10000"
+# Recherche des utilisateurs
+#      LDAP_USER_BASE_DN: "OU=Utilisateurs,OU=Societe,DC=tips-of-mine,DC=local"
+#      LDAP_USERNAME_ATTRIBUTE: "samAccountName"
+#      LDAP_USER_SEARCH_FILTER: "(&(objectClass=User)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=GDL-Guacamole-Access,OU=Guacamole,OU=Services,OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local))"
+# Utilisateur pour connexion AD
+#      LDAP_SEARCH_BIND_DN: "CN=Service Guacamole,OU=Services,OU=Societe,DC=tips-of-mine,DC=local"
+#      LDAP_SEARCH_BIND_PASSWORD: "some_password"
+# Recherche des groupes
+#      LDAP_GROUP_BASE_DN: "OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local"
+#      LDAP_GROUP_SEARCH_FILTER: "(objectClass=Group)"
+#      LDAP_GROUP_NAME_ATTRIBUTE: "cn"
+#      LDAP_MEMBER_AATRIBUTE: "member"
+### OpenID
+      OPENID_AUTHORIZATION_ENDPOINT: https://authentik.tips-of-mine.local/application/o/authorize/
+      OPENID_CLIENT_ID: f71Je39kparABozs1MLcLURECvQMNy9Fih0linvs
+      OPENID_ISSUER: https://authentik.tips-of-mine.local/application/o/guacamole/
+      OPENID_JWKS_ENDPOINT: https://authentik.tips-of-mine.local/application/o/guacamole/jwks/
+      OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local
+###
+#      OPENID_AUTHORIZATION_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/auth
+#      OPENID_JWKS_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/certs
+#      OPENID_ISSUER: https://keycloak.tips-of-mine.local/realms/master
+#      OPENID_CLIENT_ID: guacamole
+#      OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local
+# Priority
+#      EXTENSION_PRIORITY: ldap
+### Extension Guacamole
+#      TOTP_ENABLED: "true"
+#      TOTP_ISSUER: "Guacamole IT Tips-Of-Mine"
+#      TOTP_DIGITS: 6
+#      TOTP_PERIOD: 60
+#      TOTP_MODE: sha1
+    image: guacamole/guacamole:latest
+    links:
+    - guacd
+    networks:
+    - docker-traefik_front_network
+    - back_network
+#    ports:
+## enable next line if not using nginx
+##    - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
+## enable next line when using nginx
+#    - 8080/tcp
+    restart: always
+    volumes:
+      - ./guacamole-config:/config
+      - ./guac_home:/opt/guac_home
+      - ./record:/var/lib/guacamole/recordings:ro
+      - ./drive:/drive:rw
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=docker-traefik_front_network"
+# HTTP
+#      - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.10.0.4.29.traefik.me`)"
+      - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.tips-of-mine.local`)"
+      - "traefik.http.routers.guacamole-http.entrypoints=http"
+# HTTPS
+#      - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.10.0.4.29.traefik.me`)"
+      - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.tips-of-mine.local`)"
+      - "traefik.http.routers.guacamole-https.entrypoints=https"
+      - "traefik.http.routers.guacamole-https.service=guacamole-service"
+      - "traefik.http.routers.guacamole-https.middlewares=guacamole-addprefix"
+      - "traefik.http.routers.guacamole-https.tls=true"
+#      - "traefik.http.routers.guacamole-https.tls.certResolver=le"
+#      - "traefik.http.routers.guacamole-https.tls.options=default"
+# Middleware
+#      - "traefik.http.middlewares.guacamole-headers.headers.stsincludesubdomains=true"
+#      - "traefik.http.middlewares.guacamole-headers.headers.stsseconds=315360000"
+#      - "traefik.http.middlewares.guacamole-headers.headers.forcestsheader=true"
+      - "traefik.http.middlewares.guacamole-addprefix.addprefix.prefix=/guacamole"
+# Service
+      - "traefik.http.services.guacamole-service.loadbalancer.server.port=8080"