diff --git a/Adminer/docker-compose.yml b/Adminer/docker-compose.yml new file mode 100644 index 00000000..3d00ec68 --- /dev/null +++ b/Adminer/docker-compose.yml @@ -0,0 +1,28 @@ +### adminer + adminer: + container_name: guacamole-adminer + hostname: guacamole-adminer + depends_on: + - postgres + image: adminer + restart: always + networks: + - back_network + - docker-traefik_front_network + labels: + - "traefik.enable=true" + - "traefik.docker.network=docker-traefik_front_network" +# HTTP +# - "traefik.http.routers.adminer-http.rule=Host(`adminer.10.0.4.29.traefik.me`)" + - "traefik.http.routers.adminer-http.rule=Host(`adminer.tips-of-mine.local`)" + + - "traefik.http.routers.adminer-http.entrypoints=http" +# HTTPS +# - "traefik.http.routers.adminer-https.rule=Host(`adminer.10.0.4.29.traefik.me`)" + - "traefik.http.routers.adminer-https.rule=Host(`adminer.tips-of-mine.local`)" + - "traefik.http.routers.adminer-https.entrypoints=https" + - "traefik.http.routers.adminer-https.tls=true" + - "traefik.http.routers.adminer.service=adminer-service" +# Middleware +# Service + - "traefik.http.services.adminer-service.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/Guacamole/docker-compose.yml b/Guacamole/docker-compose.yml index 4454306c..eb904b1a 100644 --- a/Guacamole/docker-compose.yml +++ b/Guacamole/docker-compose.yml @@ -1,72 +1,166 @@ - -version: '3' - -# networks -# create a network 'guacnetwork_net' in mode 'bridged' +#### NETWORKS networks: - guacnetwork_net: + docker-traefik_front_network: + external: true + back_network: driver: bridge + attachable: true -# services +#### SERVICES services: - # guacd + +### guacd guacd: - container_name: guacamole_guacd + container_name: guacamole-guacd + hostname: guacamole-guacd image: guacamole/guacd:latest networks: - guacnetwork_net: + - back_network restart: always volumes: - ./drive:/drive:rw - - ./record:/record:rw - # postgres + - ./record:/var/lib/guacamole/recordings:rw + +### postgres postgres: - container_name: guacamole_postgres + container_name: guacamole-postgres + hostname: guacamole-postgres environment: PGDATA: /var/lib/postgresql/data/guacamole POSTGRES_DB: guacamole_db - POSTGRES_PASSWORD: 'PasswordHere123456' + POSTGRES_PASSWORD: 'P@ssword!Here!123456' POSTGRES_USER: guacamole_user - image: postgres:15.2-alpine -# networks: -# guacnetwork_net: + TZ: Europe/Paris + image: postgres:15.6-alpine + networks: + - back_network restart: always volumes: - - ./init:/docker-entrypoint-initdb.d:z - - ./data:/var/lib/postgresql/data:Z + - ./init:/docker-entrypoint-initdb.d:ro + - ./data:/var/lib/postgresql/data:rw - # guacamole +### adminer + adminer: + container_name: guacamole-adminer + hostname: guacamole-adminer + depends_on: + - postgres + image: adminer + restart: always + networks: + - back_network + - docker-traefik_front_network + labels: + - "traefik.enable=true" + - "traefik.docker.network=docker-traefik_front_network" +# HTTP +# - "traefik.http.routers.adminer-http.rule=Host(`adminer.10.0.4.29.traefik.me`)" + - "traefik.http.routers.adminer-http.rule=Host(`adminer.tips-of-mine.local`)" + + - "traefik.http.routers.adminer-http.entrypoints=http" +# HTTPS +# - "traefik.http.routers.adminer-https.rule=Host(`adminer.10.0.4.29.traefik.me`)" + - "traefik.http.routers.adminer-https.rule=Host(`adminer.tips-of-mine.local`)" + - "traefik.http.routers.adminer-https.entrypoints=https" + - "traefik.http.routers.adminer-https.tls=true" + - "traefik.http.routers.adminer.service=adminer-service" +# Middleware +# Service + - "traefik.http.services.adminer-service.loadbalancer.server.port=8080" + +### guacamole guacamole: - container_name: guacamole_frontend + container_name: guacamole-app + hostname: guacamole-app depends_on: - guacd - postgres environment: +### GUACD + GUACD_HOME: "/opt/guac_home" GUACD_HOSTNAME: guacd - POSTGRES_DATABASE: guacamole_db + RECORDING_SEARCH_PATH: "/var/lib/guacamole/recordings" +### PostgreSQL POSTGRES_HOSTNAME: postgres - POSTGRES_PASSWORD: 'PasswordHere123456' + POSTGRESQL_PORT: 5432 + POSTGRES_DATABASE: guacamole_db POSTGRES_USER: guacamole_user - LDAP_HOSTNAME: "10.0.4.2" - LDAP_PORT: 389 - LDAP_ENCRYPTION_METHOD: "none" - LDAP_USER_BASE_DN: "ou=utilisateurs,dc=tips-of-mine,dc=local" - LDAP_USERNAME_ATTRIBUTE: "sAMAccountName" - LDAP_SEARCH_BIND_DN: "cn=service-guacamole,ou=Services,ou=utilisateurs,dc=tips-of-mine,dc=local" - LDAP_SEARCH_BIND_PASSWORD: "some_password" - LDAP_GROUP_BASE_DN: "ou=groupes,dc=tips-of-mine,dc=local" - LDAP_GROUP_NAME_ATTRIBUTE: "cn" + POSTGRES_PASSWORD: 'P@ssword!Here!123456' +### Active Directory +# Controler de domaine +# LDAP_HOSTNAME: "10.0.4.4" +# LDAP_PORT: 389 +# LDAP_ENCRYPTION_METHOD: "none" +# LDAP_MAX_SEARCH_RESULTS: "10000" +# Recherche des utilisateurs +# LDAP_USER_BASE_DN: "OU=Utilisateurs,OU=Societe,DC=tips-of-mine,DC=local" +# LDAP_USERNAME_ATTRIBUTE: "samAccountName" +# LDAP_USER_SEARCH_FILTER: "(&(objectClass=User)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=GDL-Guacamole-Access,OU=Guacamole,OU=Services,OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local))" +# Utilisateur pour connexion AD +# LDAP_SEARCH_BIND_DN: "CN=Service Guacamole,OU=Services,OU=Societe,DC=tips-of-mine,DC=local" +# LDAP_SEARCH_BIND_PASSWORD: "some_password" +# Recherche des groupes +# LDAP_GROUP_BASE_DN: "OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local" +# LDAP_GROUP_SEARCH_FILTER: "(objectClass=Group)" +# LDAP_GROUP_NAME_ATTRIBUTE: "cn" +# LDAP_MEMBER_AATRIBUTE: "member" +### OpenID + OPENID_AUTHORIZATION_ENDPOINT: https://authentik.tips-of-mine.local/application/o/authorize/ + OPENID_CLIENT_ID: f71Je39kparABozs1MLcLURECvQMNy9Fih0linvs + OPENID_ISSUER: https://authentik.tips-of-mine.local/application/o/guacamole/ + OPENID_JWKS_ENDPOINT: https://authentik.tips-of-mine.local/application/o/guacamole/jwks/ + OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local +### +# OPENID_AUTHORIZATION_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/auth +# OPENID_JWKS_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/certs +# OPENID_ISSUER: https://keycloak.tips-of-mine.local/realms/master +# OPENID_CLIENT_ID: guacamole +# OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local +# Priority +# EXTENSION_PRIORITY: ldap +### Extension Guacamole +# TOTP_ENABLED: "true" +# TOTP_ISSUER: "Guacamole IT Tips-Of-Mine" +# TOTP_DIGITS: 6 +# TOTP_PERIOD: 60 +# TOTP_MODE: sha1 image: guacamole/guacamole:latest links: - guacd -# networks: -# guacnetwork_net: - ports: + networks: + - docker-traefik_front_network + - back_network +# ports: ## enable next line if not using nginx ## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. ## enable next line when using nginx - - 8080/tcp +# - 8080/tcp restart: always volumes: - ./guacamole-config:/config - + - ./guac_home:/opt/guac_home + - ./record:/var/lib/guacamole/recordings:ro + - ./drive:/drive:rw + labels: + - "traefik.enable=true" + - "traefik.docker.network=docker-traefik_front_network" +# HTTP +# - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.10.0.4.29.traefik.me`)" + - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.tips-of-mine.local`)" + - "traefik.http.routers.guacamole-http.entrypoints=http" +# HTTPS +# - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.10.0.4.29.traefik.me`)" + - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.tips-of-mine.local`)" + - "traefik.http.routers.guacamole-https.entrypoints=https" + - "traefik.http.routers.guacamole-https.service=guacamole-service" + - "traefik.http.routers.guacamole-https.middlewares=guacamole-addprefix" + - "traefik.http.routers.guacamole-https.tls=true" +# - "traefik.http.routers.guacamole-https.tls.certResolver=le" +# - "traefik.http.routers.guacamole-https.tls.options=default" +# Middleware +# - "traefik.http.middlewares.guacamole-headers.headers.stsincludesubdomains=true" +# - "traefik.http.middlewares.guacamole-headers.headers.stsseconds=315360000" +# - "traefik.http.middlewares.guacamole-headers.headers.forcestsheader=true" + - "traefik.http.middlewares.guacamole-addprefix.addprefix.prefix=/guacamole" +# Service + - "traefik.http.services.guacamole-service.loadbalancer.server.port=8080" diff --git a/Keycloak/.env b/Keycloak/.env new file mode 100644 index 00000000..e43c1a08 --- /dev/null +++ b/Keycloak/.env @@ -0,0 +1,3 @@ +KC_DB_PASSWORD=admin +KC_HOSTNAME=keycloak.tips-of-mine.local +KEYCLOAK_ADMIN_PASSWORD=admin diff --git a/Keycloak/docker-compose.yaml b/Keycloak/docker-compose.yaml index c42cbdd7..13fd0335 100644 --- a/Keycloak/docker-compose.yaml +++ b/Keycloak/docker-compose.yaml @@ -1,53 +1,64 @@ -version: '3' +#### networks +networks: + docker-traefik_front_network: + external: true + back_network: + driver: bridge + attachable: true + + +#### services services: - postgresql: - image: postgres:16 + postgres: + container_name: keycloak-postgres + hostname: keycloak-postgres + image: postgres:15.6-alpine + restart: always + healthcheck: + test: ["CMD", "pg_isready", "-U", "keycloak"] environment: - - POSTGRES_USER=keycloak - - POSTGRES_DB=keycloak - - POSTGRES_PASSWORD=SUPERsecret + POSTGRES_DB: keycloak_db + POSTGRES_USER: keycloak_user + POSTGRES_PASSWORD: 'P@ssword!Here!123456' volumes: - - '/home/ubuntu/docker/keycloak/postgresql_data:/var/lib/postgresql/data' + - ./data:/var/lib/postgresql/data networks: - keycloak: + - back_network keycloak: - image: quay.io/keycloak/keycloak:22.0.3 + container_name: keycloak-app + hostname: keycloak-app + image: quay.io/keycloak/keycloak:latest + command: ["start-dev", "--import-realm"] restart: always - command: start - depends_on: - - postgresql environment: - - KC_PROXY_ADDRESS_FORWARDING=true - - KC_HOSTNAME_STRICT=false - - KC_HOSTNAME=keycloak.jimsgarage.co.uk - - KC_PROXY=edge - - KC_HTTP_ENABLED=true - - KC_DB=postgres - - KC_DB_USERNAME=keycloak - - KC_DB_PASSWORD=SUPERsecret - - KC_DB_URL_HOST=postgres - - KC_DB_URL_PORT=5432 - - KC_DB_URL_DATABASE=keycloak - - KEYCLOAK_ADMIN=admin - - KEYCLOAK_ADMIN_PASSWORD=password + KC_DB: postgres + KC_DB_USERNAME: keycloak_user + KC_DB_PASSWORD: P@ssword!Here!123456 + KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak_db" + KC_HOSTNAME: keycloak.tips-of-mine.local + KC_METRICS_ENABLED: true + KC_LOG_LEVEL: INFO + KC_REALM_NAME: grafana + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: keycloak + KC_PROXY: edge + ports: + - 8282:8080 networks: - proxy: - keycloak: + - back_network + - docker-traefik_front_network labels: - "traefik.enable=true" - - "traefik.http.routers.keycloak.entrypoints=http" - - "traefik.http.routers.keycloak.rule=Host(`keycloak.yourdomain.com`)" - - "traefik.http.middlewares.keycloak-https-redirect.redirectscheme.scheme=https" - - "traefik.http.routers.keycloak.middlewares=keycloak-https-redirect" - - "traefik.http.routers.keycloak-secure.entrypoints=https" - - "traefik.http.routers.keycloak-secure.rule=Host(`keycloak.yourdomain.com`)" - - "traefik.http.routers.keycloak-secure.tls=true" - - "traefik.http.routers.keycloak-secure.service=keycloak" - - "traefik.http.services.keycloak.loadbalancer.server.port=8080" - - "traefik.docker.network=proxy" - -networks: - proxy: - external: true - keycloak: + - "traefik.docker.network=docker-traefik_front_network" +# HTTP + - "traefik.http.routers.keycloak-http.rule=Host(`keycloak.tips-of-mine.local`)" + - "traefik.http.routers.keycloak-http.entrypoints=http" +# HTTPS + - "traefik.http.routers.keycloak-https.rule=Host(`keycloak.tips-of-mine.local`)" + - "traefik.http.routers.keycloak-https.entrypoints=https" + - "traefik.http.routers.keycloak-https.tls=true" + - "traefik.http.routers.keycloak-https.service=keycloak-service" +# Middleware +# Service + - "traefik.http.services.keycloak-service.loadbalancer.server.port=8080" diff --git a/00_Install/portainer-agent-stack.yml b/Portainer/portainer-agent-stack.yml similarity index 100% rename from 00_Install/portainer-agent-stack.yml rename to Portainer/portainer-agent-stack.yml diff --git a/Traefik/configs/traefik.yml b/Traefik/configs/traefik.yml index 471031b3..ef45efbe 100644 --- a/Traefik/configs/traefik.yml +++ b/Traefik/configs/traefik.yml @@ -8,35 +8,29 @@ global: entryPoints: http: address: ":80" +# forwardedHeaders: +# insecure: true http: redirections: entryPoint: - to: "https" - scheme: "https" + to: https + scheme: https https: address: ":443" +# forwardedHeaders: +# insecure: true +# http: +# middlewares: +# - secureHeaders@file +# tls: +# certResolver: letsencrypt metrics: address: ":8181" -# Access logs -# accessLog: fields: -# headers: -# names: -# User-Agent: keep - providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false -<<<<<<< HEAD -<<<<<<< HEAD -# network: "interne" -======= - network: "interne" ->>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 -======= -# network: "interne" ->>>>>>> 788e10b187487aabd04ab6b559995c1fa0994cb3 watch: true file: directory: /etc/traefik/dynamic @@ -44,16 +38,21 @@ providers: providersThrottleDuration: 10 certificatesResolvers: - letsencrypt: + cloudflare: acme: + email: admin@tips-of-mine.fr + storage: acme.json + dnsChallenge: + provider: cloudflare + resolvers: + - "1.1.1.1:53" + - "1.0.0.1:53" tlschallenge: true httpchallenge: entrypoint: http - email: admin@tips-of-mine.fr - storage: /etc/traefik/acme/acme.json api: - insecure: true +# insecure: true dashboard: true log: @@ -68,18 +67,18 @@ accesslog: bufferingSize: 100 # format: common -# Ajout de la partie métrique qui concerne Prometheus +# Ajout de la partie métrique qui concerne Prometheus metrics: prometheus: - # Nom du point d'entrée défini au dessus + # Nom du point d'entrée défini au dessus entryPoint: metrics - # On configure la latence des métriques + # On configure la latence des métriques buckets: - 0.1 - 0.3 - 1.2 - 5.0 - # Ajout des métriques sur les points d'entrée + # Ajout des métriques sur les points d'entrée addEntryPointsLabels: true # Ajout des services addServicesLabels: true diff --git a/Traefik/docker-compose.yml b/Traefik/docker-compose.yml index 11e2b9f4..b4efaf86 100644 --- a/Traefik/docker-compose.yml +++ b/Traefik/docker-compose.yml @@ -1,3 +1,4 @@ + #### NETWORKS networks: back_network: @@ -26,24 +27,12 @@ services: - "./configs/dynamic:/etc/traefik/dynamic" - "./certificates/acme.json:/etc/traefik/acme/acme.json" - "./certificates:/etc/traefik/ssl" -<<<<<<< HEAD -<<<<<<< HEAD - "./log:/var/log" -======= - - "./traefik/log:/var/log" ->>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 -======= - - "./log:/var/log" ->>>>>>> 788e10b187487aabd04ab6b559995c1fa0994cb3 networks: - back_network - front_network -<<<<<<< HEAD ### Certificats -======= -# Certificats ->>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 reverse-proxy-https-helper: container_name: traefik-certificat image: alpine @@ -53,41 +42,19 @@ services: volumes: - "./certificates:/etc/traefik/ssl" networks: -<<<<<<< HEAD -# - back-network - front_network ### whoami -======= - - front_network - -# whoami ->>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 whoami: container_name: whoami hostname: whoami image: traefik/whoami -<<<<<<< HEAD - restart: always -======= restart: unless-stopped ->>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 networks: - front_network labels: - "traefik.enable=true" - "traefik.docker.network=front_network" -<<<<<<< HEAD -## HTTP - - "traefik.http.routers.whoami-http.rule=Host(`whoami.10.0.4.29.traefik.me`)" - - "traefik.http.routers.whoami-http.entrypoints=http" -## HTTPS - - "traefik.http.routers.whoami-https.rule=Host(`whoami.10.0.4.29.traefik.me`)" - - "traefik.http.routers.whoami-https.entrypoints=https" - - "traefik.http.routers.whoami-https.tls=true" -## Middleware -## Service -======= # HTTP - "traefik.http.routers.whoami-http.rule=Host(`whoami.10.0.4.29.traefik.me`)" - "traefik.http.routers.whoami-http.entrypoints=http" @@ -97,4 +64,3 @@ services: - "traefik.http.routers.whoami-https.tls=true" # Middleware # Service ->>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0