From b60176ee9308a6e41f90e157c25d5f7ae35dbab3 Mon Sep 17 00:00:00 2001 From: Felix Bartels <1257835+fbartels@users.noreply.github.com> Date: Wed, 18 Sep 2019 07:30:54 +0200 Subject: [PATCH] move optional containers into their own compose files (#246) * move playground into its own compose file fixes #245 * move ldap-admin and ssp into their own directories fixes #244 * remove command for konnect from meet example --- .gitignore | 1 + README.md | 4 --- docker-compose.yml | 61 -------------------------------- examples/meet/docker-compose.yml | 1 - ldap-extras/README.md | 26 ++++++++++++++ ldap-extras/ldap-extras.yml | 53 +++++++++++++++++++++++++++ playground/README.md | 17 ++++++--- playground/playground.yml | 12 +++++++ 8 files changed, 105 insertions(+), 70 deletions(-) create mode 100644 ldap-extras/README.md create mode 100644 ldap-extras/ldap-extras.yml create mode 100644 playground/playground.yml diff --git a/.gitignore b/.gitignore index fe595e4..3bc42b0 100644 --- a/.gitignore +++ b/.gitignore @@ -3,6 +3,7 @@ !.travis.yml .travis/config.yml data/* +dive.log .env *.env docker-compose.override.yml diff --git a/README.md b/README.md index 727ba81..0f1891f 100644 --- a/README.md +++ b/README.md @@ -13,10 +13,6 @@ This repository contains an easy to replicate recipe to spin up a [Kopano](https - now run `docker-compose up` and you will see how the remaining Docker images are pulled and then everything is started - after startup has succeeded you can access the Kopano WebApp by going to `https://kopano.demo/webapp` - there are already some users created in the demo ldap. These users all have a password that is identical to the username, e.g. the password for `user1` user `user1`. -- you can also access phpLDAPadmin by going to `https://kopano.demo/ldap-admin` - - you can access the ldap-admin web frontent in readonly mode with: `LDAP_BIND_DN` env var as login dn and the `LDAP_BIND_PW` env var provided by the .env file (which is generated by the setup.sh) - - if you want to modify the ldap content you can access the ldap-admin web frontend by using the `cn=admin,` appending the `LDAP_BASE_DN` env var as the login dn and `LDAP_ADMIN_PASSWORD` as the password - - lookup kopano documentation on how to manage users using the ldap interface: https://documentation.kopano.io/kopanocore_administrator_manual/user_management.html#user-management-from-openldap **Note:** There have been reports about the ldap demo not starting up on MacOS. It is recommended to use a Linux OS if you want to use the bundled LDAP image. diff --git a/docker-compose.yml b/docker-compose.yml index 655e2de..5331799 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -43,57 +43,6 @@ services: networks: - ldap-net - ldap-admin: - image: osixia/phpldapadmin:0.7.2 - restart: unless-stopped - depends_on: - - ldap - environment: - - PHPLDAPADMIN_LDAP_HOSTS=ldap - - PHPLDAPADMIN_HTTPS=false - networks: - - ldap-net - - web-net - - password-self-service: - image: tiredofit/self-service-password:3.0 - restart: unless-stopped - domainname: ${LDAP_DOMAIN} - depends_on: - - ldap - - mail - environment: - - SSP_VERSION=1.3 - - LDAP_SERVER=ldap://ldap:389 - - LDAP_BINDDN=cn=admin,${LDAP_BASE_DN} - - LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD} - - LDAP_BASE_SEARCH=${LDAP_BASE_DN} - - MAIL_FROM=noreply@${LDAP_DOMAIN} - - SMTP_HOST=mail - - SMTP_PORT=25 - - SMTP_SECURE_TYPE=false - - SMTP_AUTOTLS=false - - QUESTIONS_ENABLED=false - - PASSWORD_NO_REUSE=true - - WHO_CAN_CHANGE_PASSWORD=user - - SECRETEKEY=${SELF_SERVICE_SECRETEKEY} - - BACKGROUND=. - - PASSWORD_MIN_LENGTH=${SELF_SERVICE_PASSWORD_MIN_LENGTH} - - PASSWORD_MAX_LENGTH=${SELF_SERVICE_PASSWORD_MAX_LENGTH} - - PASSWORD_MIN_LOWERCASE=${SELF_SERVICE_PASSWORD_MIN_LOWERCASE} - - PASSWORD_MIN_UPPERCASE=${SELF_SERVICE_PASSWORD_MIN_UPPERCASE} - - PASSWORD_MIN_DIGIT=${SELF_SERVICE_PASSWORD_MIN_DIGIT} - - PASSWORD_MIN_SPECIAL=${SELF_SERVICE_PASSWORD_MIN_SPECIAL} - - PASSWORD_HASH=CRYPT - env_file: - - password-self-service.env - expose: - - "80" - networks: - - web-net # provide web-frontend - - ldap-net # access ldap user base and write passwords - - kopano-net # send mail directly to mailstack - mail: image: tvial/docker-mailserver:release-v6.1.0 restart: unless-stopped @@ -457,16 +406,6 @@ services: - kopano-net - web-net - kopano_playground: - image: ${docker_repo:-zokradonh}/kopano_playground - restart: unless-stopped - depends_on: - - kopano_kapi - - kopano_konnect - networks: - - kopano-net - - web-net - kopano_kwmserver: image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest} restart: unless-stopped diff --git a/examples/meet/docker-compose.yml b/examples/meet/docker-compose.yml index 72d5f21..02883aa 100644 --- a/examples/meet/docker-compose.yml +++ b/examples/meet/docker-compose.yml @@ -95,7 +95,6 @@ services: kopano_konnect: image: ${docker_repo:-kopano}/kopano_konnect:${KONNECT_VERSION:-latest} restart: unless-stopped - command: wrapper.sh depends_on: - kopano_ssl - web diff --git a/ldap-extras/README.md b/ldap-extras/README.md new file mode 100644 index 0000000..a731ca2 --- /dev/null +++ b/ldap-extras/README.md @@ -0,0 +1,26 @@ +# LDAP extras for kopano-docker + +This directory contains a compose file including optional containers. + +## How to use this compose file? + + 1. Add the `ldap-extras.yml` to the `COMPOSE_FILE` variable in your `.env` file. + + Example: +``` +COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:ldap-extras/ldap-extras.yml +``` + + 2. Run `docker-compose up -d`. + + ## ldap-admin + +After startup you can access phpLDAPadmin by going to `https://kopano.demo/ldap-admin` + +To login use the `cn=admin,$LDAP_BASE_DN` and `LDAP_BIND_PW` from the `.env` file. + +Check https://documentation.kopano.io/kopanocore_administrator_manual/user_management.html#user-management-from-openldap to learn more about Kopanos LDAP possibilities. + +## password-self-service + +After startup you can access [Self Service Password](https://ltb-project.org/documentation/self-service-password) by visiting `https://kopano.demo/password-reset/`. diff --git a/ldap-extras/ldap-extras.yml b/ldap-extras/ldap-extras.yml new file mode 100644 index 0000000..b291f70 --- /dev/null +++ b/ldap-extras/ldap-extras.yml @@ -0,0 +1,53 @@ +version: "3.5" + +services: + ldap-admin: + image: osixia/phpldapadmin:0.7.2 + restart: unless-stopped + depends_on: + - ldap + environment: + - PHPLDAPADMIN_LDAP_HOSTS=ldap + - PHPLDAPADMIN_HTTPS=false + networks: + - ldap-net + - web-net + + password-self-service: + image: tiredofit/self-service-password:3.0 + restart: unless-stopped + domainname: ${LDAP_DOMAIN} + depends_on: + - ldap + - mail + environment: + - SSP_VERSION=1.3 + - LDAP_SERVER=ldap://ldap:389 + - LDAP_BINDDN=cn=admin,${LDAP_BASE_DN} + - LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD} + - LDAP_BASE_SEARCH=${LDAP_BASE_DN} + - MAIL_FROM=noreply@${LDAP_DOMAIN} + - SMTP_HOST=mail + - SMTP_PORT=25 + - SMTP_SECURE_TYPE=false + - SMTP_AUTOTLS=false + - QUESTIONS_ENABLED=false + - PASSWORD_NO_REUSE=true + - WHO_CAN_CHANGE_PASSWORD=user + - SECRETEKEY=${SELF_SERVICE_SECRETEKEY} + - BACKGROUND=. + - PASSWORD_MIN_LENGTH=${SELF_SERVICE_PASSWORD_MIN_LENGTH} + - PASSWORD_MAX_LENGTH=${SELF_SERVICE_PASSWORD_MAX_LENGTH} + - PASSWORD_MIN_LOWERCASE=${SELF_SERVICE_PASSWORD_MIN_LOWERCASE} + - PASSWORD_MIN_UPPERCASE=${SELF_SERVICE_PASSWORD_MIN_UPPERCASE} + - PASSWORD_MIN_DIGIT=${SELF_SERVICE_PASSWORD_MIN_DIGIT} + - PASSWORD_MIN_SPECIAL=${SELF_SERVICE_PASSWORD_MIN_SPECIAL} + - PASSWORD_HASH=CRYPT + env_file: + - password-self-service.env + expose: + - "80" + networks: + - web-net # provide web-frontend + - ldap-net # access ldap user base and write passwords + - kopano-net # send mail directly to mailstack diff --git a/playground/README.md b/playground/README.md index 88ad156..3de2874 100644 --- a/playground/README.md +++ b/playground/README.md @@ -1,9 +1,18 @@ -# Kopano Playground image +# Kopano Kapi Playground and OIDC Playground image [![](https://images.microbadger.com/badges/image/zokradonh/kopano_playground.svg)](https://microbadger.com/images/zokradonh/kopano_playground "Microbadger size/labels") [![](https://images.microbadger.com/badges/version/zokradonh/kopano_playground.svg)](https://microbadger.com/images/zokradonh/kopano_playground "Microbadger version") -Example applications to test Konnect and Kapi. +This project includes a Docker container to easily inspect the data returned by the Kopano Rest API (Kapi), as well as the OpenID (Connect) Service Provider. -## What are and how can I use the Kapi Playground and OIDC Playground? +## How to use the Kopano Playground? -This project includes a Docker container to easily inspect the data returned by the Kopano Rest API (KAPI), as well as the OpenID (Connect) Service Provider. To explore these applications you need to pass the URL of the "Issuer" when opening these. For the Kapi Playground this would for example be `https://kopano.demo/kapi-playground/?iss=https://kopano.demo`. For the OIDC Playground it would be `https://kopano.demo/oidc-playground/?discovery_uri=https://kopano.demo/.well-known/openid-configuration&discovery=auto`. \ No newline at end of file + 1. Add the `playground.yml` to the `COMPOSE_FILE` variable in your `.env` file. + + Example: +``` +COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:playground/playground.yml +``` + + 2. Run `docker-compose up -d`. + + To explore these applications you need to pass the URL of the "Issuer" when opening these. For the Kapi Playground this would for example be `https://kopano.demo/kapi-playground/?iss=https://kopano.demo`. For the OIDC Playground it would be `https://kopano.demo/oidc-playground/?discovery_uri=https://kopano.demo/.well-known/openid-configuration&discovery=auto`. diff --git a/playground/playground.yml b/playground/playground.yml new file mode 100644 index 0000000..10079e0 --- /dev/null +++ b/playground/playground.yml @@ -0,0 +1,12 @@ +version: "3.5" + +services: + kopano_playground: + image: ${docker_repo:-zokradonh}/kopano_playground + restart: unless-stopped + depends_on: + - kopano_kapi + - kopano_konnect + networks: + - kopano-net + - web-net