change to lets encrypt
This commit is contained in:
Vassiliy Yegorov
28
.env.example
28
.env.example
@@ -1,13 +1,18 @@
|
|||||||
# Service name
|
# Service name
|
||||||
#
|
#
|
||||||
SERVICE_NAME=freeipa
|
SERVICE_NAME=freeipa
|
||||||
IP_ADDRESS=10.10.10.68
|
|
||||||
EXTERNAL_PORT=8443
|
# FreeIPA hostname
|
||||||
|
#
|
||||||
|
FREEIPA_HOST=dss1.test.local
|
||||||
|
|
||||||
|
FREEIPA_PASS=
|
||||||
|
|
||||||
# Docker image
|
# Docker image
|
||||||
#
|
#
|
||||||
#DOCKER_IMAGE_FREEIPA=vasyakrg/freeipa
|
#add LETSENCRYPT generator
|
||||||
DOCKER_IMAGE_FREEIPA=freeipa/freeipa-server
|
DOCKER_IMAGE_FREEIPA=vasyakrg/freeipa
|
||||||
|
#DOCKER_IMAGE_FREEIPA=freeipa/freeipa-server
|
||||||
DOCKER_IMAGE_BACKUP=vasyakrg/backup
|
DOCKER_IMAGE_BACKUP=vasyakrg/backup
|
||||||
|
|
||||||
# Container name
|
# Container name
|
||||||
@@ -15,6 +20,9 @@ DOCKER_IMAGE_BACKUP=vasyakrg/backup
|
|||||||
CONTAINER_NAME_FREEIPA=server
|
CONTAINER_NAME_FREEIPA=server
|
||||||
CONTAINER_NAME_BACKUP=backup
|
CONTAINER_NAME_BACKUP=backup
|
||||||
|
|
||||||
|
USE_LETSENCRYPT_CERTS=yes
|
||||||
|
LETSENCRYPT_EMAIL=test@gmail.com
|
||||||
|
|
||||||
# Backup settings
|
# Backup settings
|
||||||
#
|
#
|
||||||
BACKUP_DIR=/srv/backup
|
BACKUP_DIR=/srv/backup
|
||||||
@@ -26,20 +34,10 @@ S3_HOST_BASE=
|
|||||||
S3_BACKET=
|
S3_BACKET=
|
||||||
S3_PATH=
|
S3_PATH=
|
||||||
|
|
||||||
# FreeIPA IP
|
|
||||||
#
|
|
||||||
IPA_SERVER_IP=
|
|
||||||
|
|
||||||
# DNS settings
|
# DNS settings
|
||||||
#
|
#
|
||||||
#DNS_SERVER=8.8.8.8
|
#DNS_SERVER=8.8.8.8
|
||||||
#DNS_SEARCH=
|
#DNS_SEARCH=
|
||||||
|
|
||||||
# FreeIPA hostname
|
|
||||||
#
|
|
||||||
FREEIPA_HOST=dss1.test.local
|
|
||||||
FREEIPA_REALM=TEST.LOCAL
|
|
||||||
|
|
||||||
FREEIPA_PASS=
|
|
||||||
|
|
||||||
SERVICE_DATA=/srv/services/freeipa/data
|
SERVICE_DATA=/srv/services/freeipa/data
|
||||||
|
WEBPROXY_DATA=/srv/services/data/webproxy
|
||||||
|
|||||||
@@ -4,6 +4,8 @@ services:
|
|||||||
# backup:
|
# backup:
|
||||||
# image: ${DOCKER_IMAGE_BACKUP}
|
# image: ${DOCKER_IMAGE_BACKUP}
|
||||||
# container_name: ${SERVICE_NAME}_${CONTAINER_NAME_BACKUP}
|
# container_name: ${SERVICE_NAME}_${CONTAINER_NAME_BACKUP}
|
||||||
|
# depends_on:
|
||||||
|
# - freeipa
|
||||||
# command: freeipa backup --service freeipa_${FREEIPA_HOST} --data /data --cert /data/cert --storage S3://${S3_PATH} --container ${SERVICE_NAME}_${CONTAINER_NAME_FREEIPA}
|
# command: freeipa backup --service freeipa_${FREEIPA_HOST} --data /data --cert /data/cert --storage S3://${S3_PATH} --container ${SERVICE_NAME}_${CONTAINER_NAME_FREEIPA}
|
||||||
# volumes:
|
# volumes:
|
||||||
# - /var/run/docker.sock:/var/run/docker.sock
|
# - /var/run/docker.sock:/var/run/docker.sock
|
||||||
@@ -22,20 +24,19 @@ services:
|
|||||||
# tmpfs:
|
# tmpfs:
|
||||||
# - /tmp
|
# - /tmp
|
||||||
# networks:
|
# networks:
|
||||||
# - freeipa
|
# - ${SERVICE_NAME}
|
||||||
|
|
||||||
freeipa:
|
freeipa:
|
||||||
image: ${DOCKER_IMAGE_FREEIPA}
|
image: ${DOCKER_IMAGE_FREEIPA}
|
||||||
container_name: ${SERVICE_NAME}_${CONTAINER_NAME_FREEIPA}
|
container_name: ${SERVICE_NAME}_${CONTAINER_NAME_FREEIPA}
|
||||||
volumes:
|
volumes:
|
||||||
- ${SERVICE_DATA}:/data
|
- ${SERVICE_DATA}:/data
|
||||||
# - ${WEBPROXY_DATA}/certs/${FREEIPA_HOST}:/data/cert:Z
|
- ${WEBPROXY_DATA}/certs/${FREEIPA_HOST}:/data/cert:Z
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
tmpfs:
|
tmpfs:
|
||||||
- /run
|
- /run
|
||||||
- /tmp
|
- /tmp
|
||||||
ports:
|
ports:
|
||||||
- ${IP_ADDRESS}:${EXTERNAL_PORT}:443
|
|
||||||
- "389:389"
|
- "389:389"
|
||||||
- "636:636"
|
- "636:636"
|
||||||
- "88:88"
|
- "88:88"
|
||||||
@@ -47,18 +48,18 @@ services:
|
|||||||
- "9443:9443"
|
- "9443:9443"
|
||||||
- "9444:9444"
|
- "9444:9444"
|
||||||
- "9445:9445"
|
- "9445:9445"
|
||||||
|
expose:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
environment:
|
environment:
|
||||||
- FREEIPA_HOST=${FREEIPA_HOST}
|
- FREEIPA_HOST=${FREEIPA_HOST}
|
||||||
- IPA_SERVER_IP=${IPA_SERVER_IP}
|
- IPA_SERVER_IP=${IPA_SERVER_IP}
|
||||||
# - IPA_SERVER_INSTALL_OPTS=-U -r {FREEIPA_OPTS}
|
|
||||||
- VIRTUAL_PROTO=https
|
- VIRTUAL_PROTO=https
|
||||||
- VIRTUAL_PORT=443
|
- VIRTUAL_PORT=443
|
||||||
- VIRTUAL_HOST=${FREEIPA_HOST}
|
- VIRTUAL_HOST=${FREEIPA_HOST}
|
||||||
# - PASSWORD=${FREEIPA_PASS}
|
- USE_LETSENCRYPT_CERTS=${USE_LETSENCRYPT_CERTS}
|
||||||
# - HTTPS_METHOD=noredirect
|
- LETSENCRYPT_HOST=${FREEIPA_HOST}
|
||||||
# - USE_LETSENCRYPT_CERTS=${USE_LETSENCRYPT_CERTS}
|
- LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
|
||||||
# - LETSENCRYPT_HOST=${FREEIPA_HOST}
|
|
||||||
# - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
|
|
||||||
hostname: ${FREEIPA_HOST}
|
hostname: ${FREEIPA_HOST}
|
||||||
restart: always
|
restart: always
|
||||||
sysctls:
|
sysctls:
|
||||||
@@ -68,8 +69,12 @@ services:
|
|||||||
cap_add:
|
cap_add:
|
||||||
- SYS_TIME
|
- SYS_TIME
|
||||||
networks:
|
networks:
|
||||||
- freeipa
|
- ${SERVICE_NAME}
|
||||||
|
- ${WEBPROXY_NETWORK}
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
freeipa:
|
freeipa:
|
||||||
name: ${SERVICE_NAME}
|
name: ${SERVICE_NAME}
|
||||||
|
webproxy:
|
||||||
|
external:
|
||||||
|
name: ${WEBPROXY_NETWORK}
|
||||||
|
|||||||
Reference in New Issue
Block a user