Tips-Of-Mine/Docker
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Hubert Cornet 2024-04-01 13:04:10 +02:00
parent 11b5fd8ff4
commit a572f949d3
7 changed files with 240 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Adminer/docker-compose.yml Normal file
View File

@ -0,0 +1,28 @@
### adminer
adminer:
container_name: guacamole-adminer
hostname: guacamole-adminer
depends_on:
- postgres
image: adminer
restart: always
networks:
- back_network
- docker-traefik_front_network
labels:
- "traefik.enable=true"
- "traefik.docker.network=docker-traefik_front_network"
# HTTP
# - "traefik.http.routers.adminer-http.rule=Host(`adminer.10.0.4.29.traefik.me`)"
- "traefik.http.routers.adminer-http.rule=Host(`adminer.tips-of-mine.local`)"
- "traefik.http.routers.adminer-http.entrypoints=http"
# HTTPS
# - "traefik.http.routers.adminer-https.rule=Host(`adminer.10.0.4.29.traefik.me`)"
- "traefik.http.routers.adminer-https.rule=Host(`adminer.tips-of-mine.local`)"
- "traefik.http.routers.adminer-https.entrypoints=https"
- "traefik.http.routers.adminer-https.tls=true"
- "traefik.http.routers.adminer.service=adminer-service"
# Middleware
# Service
- "traefik.http.services.adminer-service.loadbalancer.server.port=8080"

168
Guacamole/docker-compose.yml
View File

@ -1,72 +1,166 @@
#### NETWORKS
version: '3'
# networks
# create a network 'guacnetwork_net' in mode 'bridged'
networks: networks:
guacnetwork_net: docker-traefik_front_network:
external: true
back_network:
driver: bridge driver: bridge
attachable: true
# services #### SERVICES
services: services:
# guacd
### guacd
guacd: guacd:
container_name: guacamole_guacd container_name: guacamole-guacd
hostname: guacamole-guacd
image: guacamole/guacd:latest image: guacamole/guacd:latest
networks: networks:
guacnetwork_net: - back_network
restart: always restart: always
volumes: volumes:
- ./drive:/drive:rw - ./drive:/drive:rw
- ./record:/record:rw - ./record:/var/lib/guacamole/recordings:rw
# postgres
### postgres
postgres: postgres:
container_name: guacamole_postgres container_name: guacamole-postgres
hostname: guacamole-postgres
environment: environment:
PGDATA: /var/lib/postgresql/data/guacamole PGDATA: /var/lib/postgresql/data/guacamole
POSTGRES_DB: guacamole_db POSTGRES_DB: guacamole_db
POSTGRES_PASSWORD: 'PasswordHere123456' POSTGRES_PASSWORD: 'P@ssword!Here!123456'
POSTGRES_USER: guacamole_user POSTGRES_USER: guacamole_user
image: postgres:15.2-alpine TZ: Europe/Paris
# networks: image: postgres:15.6-alpine
# guacnetwork_net: networks:
- back_network
restart: always restart: always
volumes: volumes:
- ./init:/docker-entrypoint-initdb.d:z - ./init:/docker-entrypoint-initdb.d:ro
- ./data:/var/lib/postgresql/data:Z - ./data:/var/lib/postgresql/data:rw
# guacamole ### adminer
adminer:
container_name: guacamole-adminer
hostname: guacamole-adminer
depends_on:
- postgres
image: adminer
restart: always
networks:
- back_network
- docker-traefik_front_network
labels:
- "traefik.enable=true"
- "traefik.docker.network=docker-traefik_front_network"
# HTTP
# - "traefik.http.routers.adminer-http.rule=Host(`adminer.10.0.4.29.traefik.me`)"
- "traefik.http.routers.adminer-http.rule=Host(`adminer.tips-of-mine.local`)"
- "traefik.http.routers.adminer-http.entrypoints=http"
# HTTPS
# - "traefik.http.routers.adminer-https.rule=Host(`adminer.10.0.4.29.traefik.me`)"
- "traefik.http.routers.adminer-https.rule=Host(`adminer.tips-of-mine.local`)"
- "traefik.http.routers.adminer-https.entrypoints=https"
- "traefik.http.routers.adminer-https.tls=true"
- "traefik.http.routers.adminer.service=adminer-service"
# Middleware
# Service
- "traefik.http.services.adminer-service.loadbalancer.server.port=8080"
### guacamole
guacamole: guacamole:
container_name: guacamole_frontend container_name: guacamole-app
hostname: guacamole-app
depends_on: depends_on:
- guacd - guacd
- postgres - postgres
environment: environment:
### GUACD
GUACD_HOME: "/opt/guac_home"
GUACD_HOSTNAME: guacd GUACD_HOSTNAME: guacd
POSTGRES_DATABASE: guacamole_db RECORDING_SEARCH_PATH: "/var/lib/guacamole/recordings"
### PostgreSQL
POSTGRES_HOSTNAME: postgres POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: 'PasswordHere123456' POSTGRESQL_PORT: 5432
POSTGRES_DATABASE: guacamole_db
POSTGRES_USER: guacamole_user POSTGRES_USER: guacamole_user
LDAP_HOSTNAME: "10.0.4.2" POSTGRES_PASSWORD: 'P@ssword!Here!123456'
LDAP_PORT: 389 ### Active Directory
LDAP_ENCRYPTION_METHOD: "none" # Controler de domaine
LDAP_USER_BASE_DN: "ou=utilisateurs,dc=tips-of-mine,dc=local" # LDAP_HOSTNAME: "10.0.4.4"
LDAP_USERNAME_ATTRIBUTE: "sAMAccountName" # LDAP_PORT: 389
LDAP_SEARCH_BIND_DN: "cn=service-guacamole,ou=Services,ou=utilisateurs,dc=tips-of-mine,dc=local" # LDAP_ENCRYPTION_METHOD: "none"
LDAP_SEARCH_BIND_PASSWORD: "some_password" # LDAP_MAX_SEARCH_RESULTS: "10000"
LDAP_GROUP_BASE_DN: "ou=groupes,dc=tips-of-mine,dc=local" # Recherche des utilisateurs
LDAP_GROUP_NAME_ATTRIBUTE: "cn" # LDAP_USER_BASE_DN: "OU=Utilisateurs,OU=Societe,DC=tips-of-mine,DC=local"
# LDAP_USERNAME_ATTRIBUTE: "samAccountName"
# LDAP_USER_SEARCH_FILTER: "(&(objectClass=User)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=GDL-Guacamole-Access,OU=Guacamole,OU=Services,OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local))"
# Utilisateur pour connexion AD
# LDAP_SEARCH_BIND_DN: "CN=Service Guacamole,OU=Services,OU=Societe,DC=tips-of-mine,DC=local"
# LDAP_SEARCH_BIND_PASSWORD: "some_password"
# Recherche des groupes
# LDAP_GROUP_BASE_DN: "OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local"
# LDAP_GROUP_SEARCH_FILTER: "(objectClass=Group)"
# LDAP_GROUP_NAME_ATTRIBUTE: "cn"
# LDAP_MEMBER_AATRIBUTE: "member"
### OpenID
OPENID_AUTHORIZATION_ENDPOINT: https://authentik.tips-of-mine.local/application/o/authorize/
OPENID_CLIENT_ID: f71Je39kparABozs1MLcLURECvQMNy9Fih0linvs
OPENID_ISSUER: https://authentik.tips-of-mine.local/application/o/guacamole/
OPENID_JWKS_ENDPOINT: https://authentik.tips-of-mine.local/application/o/guacamole/jwks/
OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local
###
# OPENID_AUTHORIZATION_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/auth
# OPENID_JWKS_ENDPOINT: https://keycloak.tips-of-mine.local/realms/master/protocol/openid-connect/certs
# OPENID_ISSUER: https://keycloak.tips-of-mine.local/realms/master
# OPENID_CLIENT_ID: guacamole
# OPENID_REDIRECT_URI: https://guacamole.tips-of-mine.local
# Priority
# EXTENSION_PRIORITY: ldap
### Extension Guacamole
# TOTP_ENABLED: "true"
# TOTP_ISSUER: "Guacamole IT Tips-Of-Mine"
# TOTP_DIGITS: 6
# TOTP_PERIOD: 60
# TOTP_MODE: sha1
image: guacamole/guacamole:latest image: guacamole/guacamole:latest
links: links:
- guacd - guacd
# networks: networks:
# guacnetwork_net: - docker-traefik_front_network
ports: - back_network
# ports:
## enable next line if not using nginx ## enable next line if not using nginx
## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. ## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
## enable next line when using nginx ## enable next line when using nginx
- 8080/tcp # - 8080/tcp
restart: always restart: always
volumes: volumes:
- ./guacamole-config:/config - ./guacamole-config:/config
- ./guac_home:/opt/guac_home
- ./record:/var/lib/guacamole/recordings:ro
- ./drive:/drive:rw
labels:
- "traefik.enable=true"
- "traefik.docker.network=docker-traefik_front_network"
# HTTP
# - "traefik.http.routers.guacamole-http.rule=Host(`guacamole.10.0.4.29.traefik.me`)"
- "traefik.http.routers.guacamole-http.rule=Host(`guacamole.tips-of-mine.local`)"
- "traefik.http.routers.guacamole-http.entrypoints=http"
# HTTPS
# - "traefik.http.routers.guacamole-https.rule=Host(`guacamole.10.0.4.29.traefik.me`)"
- "traefik.http.routers.guacamole-https.rule=Host(`guacamole.tips-of-mine.local`)"
- "traefik.http.routers.guacamole-https.entrypoints=https"
- "traefik.http.routers.guacamole-https.service=guacamole-service"
- "traefik.http.routers.guacamole-https.middlewares=guacamole-addprefix"
- "traefik.http.routers.guacamole-https.tls=true"
# - "traefik.http.routers.guacamole-https.tls.certResolver=le"
# - "traefik.http.routers.guacamole-https.tls.options=default"
# Middleware
# - "traefik.http.middlewares.guacamole-headers.headers.stsincludesubdomains=true"
# - "traefik.http.middlewares.guacamole-headers.headers.stsseconds=315360000"
# - "traefik.http.middlewares.guacamole-headers.headers.forcestsheader=true"
- "traefik.http.middlewares.guacamole-addprefix.addprefix.prefix=/guacamole"
# Service
- "traefik.http.services.guacamole-service.loadbalancer.server.port=8080"

3
Keycloak/.env Normal file
View File

@ -0,0 +1,3 @@
KC_DB_PASSWORD=admin
KC_HOSTNAME=keycloak.tips-of-mine.local
KEYCLOAK_ADMIN_PASSWORD=admin

95
Keycloak/docker-compose.yaml
View File

@ -1,53 +1,64 @@
version: '3' #### networks
networks:
docker-traefik_front_network:
external: true
back_network:
driver: bridge
attachable: true
#### services
services: services:
postgresql: postgres:
image: postgres:16 container_name: keycloak-postgres
hostname: keycloak-postgres
image: postgres:15.6-alpine
restart: always
healthcheck:
test: ["CMD", "pg_isready", "-U", "keycloak"]
environment: environment:
- POSTGRES_USER=keycloak POSTGRES_DB: keycloak_db
- POSTGRES_DB=keycloak POSTGRES_USER: keycloak_user
- POSTGRES_PASSWORD=SUPERsecret POSTGRES_PASSWORD: 'P@ssword!Here!123456'
volumes: volumes:
- '/home/ubuntu/docker/keycloak/postgresql_data:/var/lib/postgresql/data' - ./data:/var/lib/postgresql/data
networks: networks:
keycloak: - back_network
keycloak: keycloak:
image: quay.io/keycloak/keycloak:22.0.3 container_name: keycloak-app
hostname: keycloak-app
image: quay.io/keycloak/keycloak:latest
command: ["start-dev", "--import-realm"]
restart: always restart: always
command: start
depends_on:
- postgresql
environment: environment:
- KC_PROXY_ADDRESS_FORWARDING=true KC_DB: postgres
- KC_HOSTNAME_STRICT=false KC_DB_USERNAME: keycloak_user
- KC_HOSTNAME=keycloak.jimsgarage.co.uk KC_DB_PASSWORD: P@ssword!Here!123456
- KC_PROXY=edge KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak_db"
- KC_HTTP_ENABLED=true KC_HOSTNAME: keycloak.tips-of-mine.local
- KC_DB=postgres KC_METRICS_ENABLED: true
- KC_DB_USERNAME=keycloak KC_LOG_LEVEL: INFO
- KC_DB_PASSWORD=SUPERsecret KC_REALM_NAME: grafana
- KC_DB_URL_HOST=postgres KEYCLOAK_ADMIN: admin
- KC_DB_URL_PORT=5432 KEYCLOAK_ADMIN_PASSWORD: keycloak
- KC_DB_URL_DATABASE=keycloak KC_PROXY: edge
- KEYCLOAK_ADMIN=admin ports:
- KEYCLOAK_ADMIN_PASSWORD=password - 8282:8080
networks: networks:
proxy: - back_network
keycloak: - docker-traefik_front_network
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.keycloak.entrypoints=http" - "traefik.docker.network=docker-traefik_front_network"
- "traefik.http.routers.keycloak.rule=Host(`keycloak.yourdomain.com`)" # HTTP
- "traefik.http.middlewares.keycloak-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.keycloak-http.rule=Host(`keycloak.tips-of-mine.local`)"
- "traefik.http.routers.keycloak.middlewares=keycloak-https-redirect" - "traefik.http.routers.keycloak-http.entrypoints=http"
- "traefik.http.routers.keycloak-secure.entrypoints=https" # HTTPS
- "traefik.http.routers.keycloak-secure.rule=Host(`keycloak.yourdomain.com`)" - "traefik.http.routers.keycloak-https.rule=Host(`keycloak.tips-of-mine.local`)"
- "traefik.http.routers.keycloak-secure.tls=true" - "traefik.http.routers.keycloak-https.entrypoints=https"
- "traefik.http.routers.keycloak-secure.service=keycloak" - "traefik.http.routers.keycloak-https.tls=true"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080" - "traefik.http.routers.keycloak-https.service=keycloak-service"
- "traefik.docker.network=proxy" # Middleware
# Service
networks: - "traefik.http.services.keycloak-service.loadbalancer.server.port=8080"
proxy:
external: true
keycloak:

0
00_Install/portainer-agent-stack.yml → Portainer/portainer-agent-stack.yml
View File

49
Traefik/configs/traefik.yml
View File

@ -8,35 +8,29 @@ global:
entryPoints: entryPoints:
http: http:
address: ":80" address: ":80"
# forwardedHeaders:
# insecure: true
http: http:
redirections: redirections:
entryPoint: entryPoint:
to: "https" to: https
scheme: "https" scheme: https
https: https:
address: ":443" address: ":443"
# forwardedHeaders:
# insecure: true
# http:
# middlewares:
# - secureHeaders@file
# tls:
# certResolver: letsencrypt
metrics: metrics:
address: ":8181" address: ":8181"
# Access logs
# accessLog: fields:
# headers:
# names:
# User-Agent: keep
providers: providers:
docker: docker:
endpoint: "unix:///var/run/docker.sock" endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false exposedByDefault: false
<<<<<<< HEAD
<<<<<<< HEAD
# network: "interne"
=======
network: "interne"
>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0
=======
# network: "interne"
>>>>>>> 788e10b187487aabd04ab6b559995c1fa0994cb3
watch: true watch: true
file: file:
directory: /etc/traefik/dynamic directory: /etc/traefik/dynamic
@ -44,16 +38,21 @@ providers:
providersThrottleDuration: 10 providersThrottleDuration: 10
certificatesResolvers: certificatesResolvers:
letsencrypt: cloudflare:
acme: acme:
email: admin@tips-of-mine.fr
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
tlschallenge: true tlschallenge: true
httpchallenge: httpchallenge:
entrypoint: http entrypoint: http
email: admin@tips-of-mine.fr
storage: /etc/traefik/acme/acme.json
api: api:
insecure: true # insecure: true
dashboard: true dashboard: true
log: log:
@ -68,18 +67,18 @@ accesslog:
bufferingSize: 100 bufferingSize: 100
# format: common # format: common
# Ajout de la partie métrique qui concerne Prometheus # Ajout de la partie métrique qui concerne Prometheus
metrics: metrics:
prometheus: prometheus:
# Nom du point d'entrée défini au dessus # Nom du point d'entrée défini au dessus
entryPoint: metrics entryPoint: metrics
# On configure la latence des métriques # On configure la latence des métriques
buckets: buckets:
- 0.1 - 0.1
- 0.3 - 0.3
- 1.2 - 1.2
- 5.0 - 5.0
# Ajout des métriques sur les points d'entrée # Ajout des métriques sur les points d'entrée
addEntryPointsLabels: true addEntryPointsLabels: true
# Ajout des services # Ajout des services
addServicesLabels: true addServicesLabels: true

36
Traefik/docker-compose.yml
View File

@ -1,3 +1,4 @@
#### NETWORKS #### NETWORKS
networks: networks:
back_network: back_network:
@ -26,24 +27,12 @@ services:
- "./configs/dynamic:/etc/traefik/dynamic" - "./configs/dynamic:/etc/traefik/dynamic"
- "./certificates/acme.json:/etc/traefik/acme/acme.json" - "./certificates/acme.json:/etc/traefik/acme/acme.json"
- "./certificates:/etc/traefik/ssl" - "./certificates:/etc/traefik/ssl"
<<<<<<< HEAD
<<<<<<< HEAD
- "./log:/var/log" - "./log:/var/log"
=======
- "./traefik/log:/var/log"
>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0
=======
- "./log:/var/log"
>>>>>>> 788e10b187487aabd04ab6b559995c1fa0994cb3
networks: networks:
- back_network - back_network
- front_network - front_network
<<<<<<< HEAD
### Certificats ### Certificats
=======
# Certificats
>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0
reverse-proxy-https-helper: reverse-proxy-https-helper:
container_name: traefik-certificat container_name: traefik-certificat
image: alpine image: alpine
@ -53,41 +42,19 @@ services:
volumes: volumes:
- "./certificates:/etc/traefik/ssl" - "./certificates:/etc/traefik/ssl"
networks: networks:
<<<<<<< HEAD
# - back-network
- front_network - front_network
### whoami ### whoami
=======
- front_network
# whoami
>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0
whoami: whoami:
container_name: whoami container_name: whoami
hostname: whoami hostname: whoami
image: traefik/whoami image: traefik/whoami
<<<<<<< HEAD
restart: always
=======
restart: unless-stopped restart: unless-stopped
>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0
networks: networks:
- front_network - front_network
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=front_network" - "traefik.docker.network=front_network"
<<<<<<< HEAD
## HTTP
- "traefik.http.routers.whoami-http.rule=Host(`whoami.10.0.4.29.traefik.me`)"
- "traefik.http.routers.whoami-http.entrypoints=http"
## HTTPS
- "traefik.http.routers.whoami-https.rule=Host(`whoami.10.0.4.29.traefik.me`)"
- "traefik.http.routers.whoami-https.entrypoints=https"
- "traefik.http.routers.whoami-https.tls=true"
## Middleware
## Service
=======
# HTTP # HTTP
- "traefik.http.routers.whoami-http.rule=Host(`whoami.10.0.4.29.traefik.me`)" - "traefik.http.routers.whoami-http.rule=Host(`whoami.10.0.4.29.traefik.me`)"
- "traefik.http.routers.whoami-http.entrypoints=http" - "traefik.http.routers.whoami-http.entrypoints=http"
@ -97,4 +64,3 @@ services:
- "traefik.http.routers.whoami-https.tls=true" - "traefik.http.routers.whoami-https.tls=true"
# Middleware # Middleware
# Service # Service
>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0