-
-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathreadme-vars.yml
102 lines (101 loc) · 5.76 KB
/
readme-vars.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
---
# project information
project_name: ldap-auth
project_url: "https://github.com/nginxinc/nginx-ldap-auth"
project_logo: "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/ldap-auth-logo.png"
project_blurb: "[{{ project_name|capitalize }}]({{ project_url }}) software is for authenticating users who request protected resources from servers proxied by nginx. It includes a daemon (ldap-auth) that communicates with an authentication server, and a webserver daemon that generates an authentication cookie based on the user’s credentials. The daemons are written in Python for use with a Lightweight Directory Access Protocol (LDAP) authentication server (OpenLDAP or Microsoft Windows Active Directory 2003 and 2012)."
project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
# supported architectures
available_architectures:
- {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
- {arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
# container parameters
param_usage_include_ports: true
param_container_name: "{{ project_name }}"
param_ports:
- {external_port: "8888", internal_port: "8888", port_desc: "the port for ldap auth daemon"}
- {external_port: "9000", internal_port: "9000", port_desc: "the port for ldap login page"}
# optional container parameters
opt_param_usage_include_env: true
opt_param_env_vars:
- {env_var: "FERNETKEY", env_value: "", desc: "Optionally define a custom valid fernet key (only needed if container is frequently recreated, or if using multi-node setups, invalidating previous authentications)"}
- {env_var: "CERTFILE", env_value: "", desc: "Optionally point this to a certificate file to enable HTTP over SSL (HTTPS) for the ldap auth daemon"}
- {env_var: "KEYFILE", env_value: "", desc: "Optionally point this to the private key file, matching the certificate file referred to in CERTFILE"}
readonly_supported: true
nonroot_supported: true
# application setup block
app_setup_block_enabled: true
app_setup_block: |
- This container itself does not have any settings and it relies on the pertinent information passed through in http headers of incoming requests. Make sure that your webserver is set up with the right config.
- Here's a sample config: [nginx-ldap-auth.conf](https://github.com/nginxinc/nginx-ldap-auth/blob/master/nginx-ldap-auth.conf).
- Unlike the upstream project, this image encodes the cookie information with fernet, using a randomly generated key during container creation (or optionally user defined).
- Also unlike the upstream project, this image serves the login page at `/ldaplogin` (as well as `/login`) to prevent clashes with reverse proxied apps that may also use `/login` for their internal auth.
# init diagram
init_diagram: |
"ldap-auth:latest": {
docker-mods
base {
fix-attr +\nlegacy cont-init
}
docker-mods -> base
legacy-services
custom services
init-services -> legacy-services
init-services -> custom services
custom services -> legacy-services
legacy-services -> ci-service-check
init-migrations -> init-adduser
init-os-end -> init-config
init-config -> init-config-end
init-crontab-config -> init-config-end
init-ldap-config -> init-config-end
init-config -> init-crontab-config
init-mods-end -> init-custom-files
base -> init-envfile
init-config -> init-ldap-config
base -> init-migrations
init-config-end -> init-mods
init-mods-package-install -> init-mods-end
init-mods -> init-mods-package-install
init-adduser -> init-os-end
init-envfile -> init-os-end
init-custom-files -> init-services
init-services -> svc-cron
svc-cron -> legacy-services
init-services -> svc-ldap-app
svc-ldap-app -> legacy-services
init-services -> svc-ldap-daemon
svc-ldap-daemon -> legacy-services
}
Base Images: {
"baseimage-alpine:3.21"
}
"ldap-auth:latest" <- Base Images
# changelog
changelogs:
- {date: "25.12.24:", desc: "Add `legacy-cgi`. Fix fernet key storage."}
- {date: "22.12.24:", desc: "Rebase to Alpine 3.21. Add support for read-only and non-root."}
- {date: "30.06.24:", desc: "Rebase to Alpine 3.20."}
- {date: "23.12.23:", desc: "Rebase to Alpine 3.19."}
- {date: "20.06.23:", desc: "Sync upstream changes, including the ability to disable referrals with `X-Ldap-DisableReferrals`."}
- {date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf."}
- {date: "30.12.22:", desc: "Rebase to alpine 3.17."}
- {date: "19.09.22:", desc: "Rebase to alpine 3.15."}
- {date: "14.05.21:", desc: "Add linuxserver wheel index."}
- {date: "12.02.21:", desc: "Clean up cargo/rust cache."}
- {date: "10.02.21:", desc: "Rebasing to alpine 3.13."}
- {date: "08.09.20:", desc: "Set form action correctly."}
- {date: "30.07.20:", desc: "Fix bug related to unset optional `CERTFILE` and `KEYFILE` vars."}
- {date: "27.07.20:", desc: "Add support for HTTP over SSL (HTTPS)."}
- {date: "21.07.20:", desc: "Add support for optional user defined fernet key."}
- {date: "02.06.20:", desc: "Rebasing to alpine 3.12, serve login page at `/ldaplogin` as well as `/login`, to prevent clashes with reverese proxied apps."}
- {date: "17.05.20:", desc: "Add support for self-signed CA certs."}
- {date: "20.02.20:", desc: "Switch to python3."}
- {date: "19.12.19:", desc: "Rebasing to alpine 3.11."}
- {date: "01.07.19:", desc: "Fall back to base64 encoding when basic http auth is used."}
- {date: "28.06.19:", desc: "Rebasing to alpine 3.10."}
- {date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag."}
- {date: "22.02.19:", desc: "Rebasing to alpine 3.9."}
- {date: "18.09.18:", desc: "Update pip"}
- {date: "14.09.18:", desc: "Add TZ parameter, remove unnecessary PUID/PGID params"}
- {date: "11.08.18:", desc: "Initial release."}