Skip to content

Commit 5bebea1

Browse files
kchudykchudy
authored
Added compose for Firewall and LDAP (#139)
1 parent 35fd0ca commit 5bebea1

File tree

5 files changed

+218
-0
lines changed

5 files changed

+218
-0
lines changed

docker-compose2.0/docker-compose.firewall.yaml

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
services:
2+
core:
3+
image: ghcr.io/defguard/defguard:dev
4+
environment:
5+
DEFGUARD_COOKIE_INSECURE: "true"
6+
DEFGUARD_SECRET_KEY: defguard-secret-key-defguard-secret-key-defguard-secret-key-defguard-secret-key
7+
DEFGUARD_AUTH_SECRET: defguard-auth-secret
8+
DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret
9+
DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret
10+
DEFGUARD_DB_HOST: db
11+
DEFGUARD_DB_PORT: 5432
12+
DEFGUARD_DB_USER: defguard
13+
DEFGUARD_DB_PASSWORD: defguard
14+
DEFGUARD_DB_NAME: defguard
15+
DEFGUARD_ADOPT_EDGE: "edge1:50051"
16+
DEFGUARD_ADOPT_GATEWAY: "gateway1:50066"
17+
DEFGUARD_LOG_LEVEL: debug
18+
depends_on:
19+
- db
20+
- gateway1
21+
- edge1
22+
ports:
23+
- "8000:8000"
24+
networks:
25+
- default
26+
27+
edge1:
28+
image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha2
29+
volumes:
30+
- ./.volumes/certs2.0/edge1:/etc/defguard/certs
31+
ports:
32+
- "8080:8080"
33+
networks:
34+
- default
35+
36+
gateway1:
37+
image: ghcr.io/defguard/gateway:dev
38+
cap_add:
39+
- NET_ADMIN
40+
volumes:
41+
- ./.volumes/certs2.0/gateway1:/etc/defguard/certs
42+
ports:
43+
- "51820:51820/udp"
44+
environment:
45+
DEFGUARD_STATS_PERIOD: 10
46+
HEALTH_PORT: 55003
47+
networks:
48+
default:
49+
protected_net:
50+
ipv4_address: 10.10.20.2
51+
52+
db:
53+
image: postgres:18-alpine
54+
environment:
55+
POSTGRES_DB: defguard
56+
POSTGRES_USER: defguard
57+
POSTGRES_PASSWORD: defguard
58+
volumes:
59+
- ./.volumes/db2.0:/var/lib/postgresql
60+
ports:
61+
- "5432:5432"
62+
networks:
63+
- default
64+
65+
protected_app1:
66+
image: hashicorp/http-echo:1.0
67+
command: ["-text=Protected App #1"]
68+
networks:
69+
protected_net:
70+
ipv4_address: 10.10.20.20
71+
72+
protected_app2:
73+
image: hashicorp/http-echo:1.0
74+
command: ["-text=Protected App #2"]
75+
networks:
76+
protected_net:
77+
ipv4_address: 10.10.20.30
78+
79+
networks:
80+
default:
81+
protected_net:
82+
driver: bridge
83+
ipam:
84+
config:
85+
- subnet: 10.10.20.0/24

docker-compose2.0/docker-compose.ldap.yaml

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
services:
2+
core:
3+
image: ghcr.io/defguard/defguard:dev
4+
environment:
5+
DEFGUARD_COOKIE_INSECURE: "true"
6+
DEFGUARD_SECRET_KEY: defguard-secret-key-defguard-secret-key-defguard-secret-key-defguard-secret-key
7+
DEFGUARD_AUTH_SECRET: defguard-auth-secret
8+
DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret
9+
DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret
10+
DEFGUARD_DB_HOST: db
11+
DEFGUARD_DB_PORT: 5432
12+
DEFGUARD_DB_USER: defguard
13+
DEFGUARD_DB_PASSWORD: defguard
14+
DEFGUARD_DB_NAME: defguard
15+
DEFGUARD_ADOPT_EDGE: "edge1:50051"
16+
DEFGUARD_ADOPT_GATEWAY: "gateway1:50066"
17+
depends_on:
18+
- db
19+
- gateway1
20+
- edge1
21+
ports:
22+
- "8000:8000"
23+
24+
edge1:
25+
image: ghcr.io/defguard/defguard-proxy:2.0.0-alpha2
26+
volumes:
27+
- ./.volumes/certs2.0/edge1:/etc/defguard/certs
28+
ports:
29+
- "8080:8080"
30+
31+
gateway1:
32+
image: ghcr.io/defguard/gateway:2.0.0-alpha2
33+
cap_add:
34+
- NET_ADMIN
35+
volumes:
36+
- ./.volumes/certs2.0/gateway1:/etc/defguard/certs
37+
ports:
38+
- "51820:51820/udp"
39+
environment:
40+
DEFGUARD_STATS_PERIOD: 10
41+
HEALTH_PORT: 55003
42+
43+
db:
44+
image: postgres:18-alpine
45+
environment:
46+
POSTGRES_DB: defguard
47+
POSTGRES_USER: defguard
48+
POSTGRES_PASSWORD: defguard
49+
volumes:
50+
- ./.volumes/db2.0:/var/lib/postgresql
51+
52+
mailpit:
53+
image: axllent/mailpit:latest
54+
container_name: mailpit
55+
ports:
56+
- "8025:8025" # web UI
57+
- "1025:1025" # SMTP
58+
59+
openldap:
60+
image: bitnamilegacy/openldap:2.6
61+
user: root
62+
restart: unless-stopped
63+
environment:
64+
LDAP_ADMIN_PASSWORD: "pass123"
65+
ports:
66+
- "389:1389"
67+
volumes:
68+
- ./ldap/entrypoint:/docker-entrypoint-initdb.d:ro
69+
- ./ldap/init.ldif:/ldifs/init.ldif:ro
70+
- ./ldap/custom.ldif:/schema/custom.ldif:ro
71+
- ./volumes/openldap:/bitnami/openldap
72+
73+
phpldapadmin:
74+
image: osixia/phpldapadmin:0.9.0
75+
restart: unless-stopped
76+
depends_on:
77+
- openldap
78+
environment:
79+
PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'openldap': [{'server': [{'host': 'openldap', 'port': 1389}]}]}]"
80+
PHPLDAPADMIN_HTTPS: "false"
81+
ports:
82+
- "8081:80"

docker-compose2.0/ldap/custom.ldif

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
dn: cn=module,cn=config
2+
cn: module
3+
objectClass: olcModuleList
4+
olcModuleLoad: memberof
5+
olcModulePath: /opt/bitnami/openldap/lib/openldap
6+
7+
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
8+
objectClass: olcOverlayConfig
9+
objectClass: olcMemberOfConfig
10+
olcOverlay: memberof
11+
olcMemberOfDangling: ignore
12+
olcMemberOfRefInt: TRUE
13+
olcMemberOfGroupOC: groupOfUniqueNames
14+
olcMemberOfMemberAD: uniqueMember

docker-compose2.0/ldap/entrypoint/set_access.sh

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
. /opt/bitnami/scripts/libopenldap.sh
2+
3+
ldap_start_bg
4+
5+
echo "Setting custom access permissions for ${LDAP_ROOT}"
6+
7+
cat <<EOF | ldapmodify -Y EXTERNAL -H "ldapi:///"
8+
dn: olcDatabase={-1}frontend,cn=config
9+
changetype: modify
10+
replace: olcAccess
11+
olcAccess: to attrs=userPassword,shadowLastChange
12+
by self write
13+
by group/groupOfUniqueNames/uniqueMember.exact="cn=admin,ou=groups,${LDAP_ROOT}" write
14+
by anonymous auth
15+
olcAccess: to *
16+
by self write
17+
by group/groupOfUniqueNames/uniqueMember.exact="cn=admin,ou=groups,${LDAP_ROOT}" write
18+
by * read
19+
EOF
20+
21+
22+
ldap_stop

docker-compose2.0/ldap/init.ldif

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
dn: dc=example,dc=org
2+
objectClass: top
3+
objectClass: dcObject
4+
objectClass: organization
5+
dc: example
6+
o: Example Org
7+
8+
dn: ou=users,dc=example,dc=org
9+
objectClass: organizationalUnit
10+
ou: users
11+
12+
dn: ou=groups,dc=example,dc=org
13+
ou: groups
14+
objectClass: organizationalUnit
15+
objectClass: top

0 commit comments

Comments
 (0)