docker-compose.yml

version: '3.7'

# RUN: docker-compose up --build -d

services:

  inca-logger:
    image: umputun/docker-logger
    container_name: "logger"
    hostname: "logger"
    restart: always
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "5"
    environment:
      - LOG_FILES=true
      - LOG_SYSLOG=false
      - EXCLUDE=monit,docker-logger
      - MAX_FILES=10
      - MAX_SIZE=50
      - MAX_AGE=20
      - DEBUG=false
      - TIME_ZONE=UTC
    volumes:
      - ./logs:/srv/logs
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - jstack

  jstack-nginx-backend:
    image: nginx:stable
    container_name: jstack-nginx-backend
    hostname: jstack-nginx-backend
    restart: always
    volumes:
      - ./compose/nginx/backend/html/awesomekb:/usr/share/nginx/html/awesomekb.jstack.com
      - ./compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf
      - ./compose/nginx/backend/awesomekb.conf:/etc/nginx/conf.d/awesomekb.conf
    networks:
      - jstack

  inca-authelia:
    image: clems4ever/authelia:latest
    container_name: inca-authelia
    hostname: inca-authelia
    environment:
      - NODE_TLS_REJECT_UNAUTHORIZED=0
    restart: always
    volumes:
      - ./compose/authelia/config.yml:/etc/authelia/config.yml:ro
    depends_on:
      - inca-redis
      - jstack-ldap
    networks:
      - jstack

  jstack-nginx-portal:
    image: nginx:alpine
    container_name: jstack-nginx-portal
    hostname: jstack-nginx-portal
    volumes:
      - ./compose/nginx/portal/nginx.conf:/etc/nginx/nginx.conf
      - ./compose/nginx/portal/ssl:/etc/ssl
      - ./compose/nginx/portal/.htpasswd:/usr/share/nginx/.htpasswd
    ports:
      - "443:443"
    networks:
      - jstack

  jstack-ldap:
    image: osixia/openldap
    container_name: jstack-ldap
    hostname: jstack-ldap
    ulimits:
      nofile:
        soft: 1024
        hard: 1024
    environment:
      LDAP_TLS: 'true'
      LDAP_ORGANISATION: "Jaguar Stack"
      LDAP_DOMAIN: "jstack.com"
      LDAP_ADMIN_PASSWORD: "password"
    volumes:
      - /var/lib/ldap
      - /etc/ldap/slapd.d
      - /container/service/slapd/assets/certs/
    depends_on:
      - inca-logger
    networks:
      - jstack

  jstack-ldap-admin:
    image: osixia/phpldapadmin
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "jstack-ldap"
    depends_on:
      - inca-logger
      - jstack-ldap
    networks:
      - jstack

  inca-redis:
    image: redis:4.0-alpine
    command: redis-server --requirepass authelia
    networks:
      - jstack

  smtp:
    image: schickling/mailcatcher
    networks:
      - jstack

  inca-mongo:
    image: mongo:3.4
    command: mongod --auth
    environment:
      - MONGO_INITDB_ROOT_USERNAME=authelia
      - MONGO_INITDB_ROOT_PASSWORD=authelia
    depends_on:
      - inca-logger
    ports:
      - "27017:27017"
    networks:
      - jstack

  httpbin:
    image: citizenstig/httpbin
    networks:
      - jstack

## This docker image allows the end user to change his/her own password via self-service.
  inca-selfservice:
    image: tiredofit/self-service-password:latest
    container_name: inca-selfservice
    volumes:
      - ./compose/selfservice/data/:/www/ssp
      - ./compose/selfservice/logs/:/www/logs
    environment:
      - VIRTUAL_HOST=selfservice-kb.balcos.io
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=80
      - ZABBIX_HOSTNAME=ssp-app
      - LDAP_SERVER=ldap://jstack-ldap
      - LDAP_STARTTLS=false
      - LDAP_BINDDN=cn=admin,dc=jstack,dc=com
      - LDAP_BINDPASS=YourLDAPAdminPass
      - LDAP_BASE_SEARCH=ou=users,dc=jstack,dc=com
      - LDAP_LOGIN_ATTRIBUTE=cn
      - LDAP_FULLNAME_ATTRIBUTE=cn
      # Active Directory mode
      # true: use unicodePwd as password field
      # false: LDAPv3 standard behavior
      - ADMODE=false
      # Force account unlock when password is changed
      - AD_OPT_FORCE_UNLOCK=false
      # Force user change password at next login
      - AD_OPT_FORCE_PWD_CHANGE=false
      # Allow user with expired password to change password
      - AD_OPT_CHANGE_EXPIRED_PASSWORD=false
      - PASSWORD_HASH=CRYPT
      # Local password policy
      # This is applied before directory password policy
      # Minimal length
      - PASSWORD_MIN_LENGTH=12
      # Maximal length
      - PASSWORD_MAX_LENGTH=30
      # Minimal lower characters
      - PASSWORD_MIN_LOWERCASE=1
      # Minimal upper characters
      - PASSWORD_MIN_UPPERCASE=1
      # Minimal digit characters
      - PASSWORD_MIN_DIGIT=1
      # Minimal special characters
      - PASSWORD_MIN_SPECIAL=0
      # Dont reuse the same password as currently
      - PASSWORD_NO_REUSE=true
      # Show policy constraints message:
      # always
      # never
      # onerror
      - PASSWORD_SHOW_POLICY=onerror
      # Position of password policy constraints message:
      # above - the form
      # below - the form
      - PASSWORD_SHOW_POLICY_POSITION=above
      # Who changes the password?
      # applicable for question/answer save
      # user: the user itself
      # manager: the above binddn
      - WHO_CAN_CHANGE_PASSWORD=user
      ## Questions/answers
      # Use questions/answers?
      # true (default)
      # false
      - QUESTIONS_ENABLED=false
      # Reset URL (if behind a reverse proxy)
      - IS_BEHIND_PROXY=true
      # Display help messages
      - SHOW_HELP=true
      # Language
      - LANG=en
      # Debug mode
      - DEBUG_MODE=false
      # Encryption, decryption keyphrase
      - SECRETEKEY=SomeRandomKey
      ## Mail
      # LDAP mail attribute
      - LDAP_MAIL_ATTRIBUTE=mail
      # Notify users anytime their password is changed
      - NOTIFY_ON_CHANGE=true
    networks:
      - jstack

networks:
  jstack:
    driver: bridge
	version: '3.7'

	# RUN: docker-compose up --build -d

	services:

	inca-logger:
	image: umputun/docker-logger
	container_name: "logger"
	hostname: "logger"
	restart: always
	logging:
	driver: json-file
	options:
	max-size: "10m"
	max-file: "5"
	environment:
	- LOG_FILES=true
	- LOG_SYSLOG=false
	- EXCLUDE=monit,docker-logger
	- MAX_FILES=10
	- MAX_SIZE=50
	- MAX_AGE=20
	- DEBUG=false
	- TIME_ZONE=UTC
	volumes:
	- ./logs:/srv/logs
	- /var/run/docker.sock:/var/run/docker.sock
	networks:
	- jstack

	jstack-nginx-backend:
	image: nginx:stable
	container_name: jstack-nginx-backend
	hostname: jstack-nginx-backend
	restart: always
	volumes:
	- ./compose/nginx/backend/html/awesomekb:/usr/share/nginx/html/awesomekb.jstack.com
	- ./compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf
	- ./compose/nginx/backend/awesomekb.conf:/etc/nginx/conf.d/awesomekb.conf
	networks:
	- jstack

	inca-authelia:
	image: clems4ever/authelia:latest
	container_name: inca-authelia
	hostname: inca-authelia
	environment:
	- NODE_TLS_REJECT_UNAUTHORIZED=0
	restart: always
	volumes:
	- ./compose/authelia/config.yml:/etc/authelia/config.yml:ro
	depends_on:
	- inca-redis
	- jstack-ldap
	networks:
	- jstack

	jstack-nginx-portal:
	image: nginx:alpine
	container_name: jstack-nginx-portal
	hostname: jstack-nginx-portal
	volumes:
	- ./compose/nginx/portal/nginx.conf:/etc/nginx/nginx.conf
	- ./compose/nginx/portal/ssl:/etc/ssl
	- ./compose/nginx/portal/.htpasswd:/usr/share/nginx/.htpasswd
	ports:
	- "443:443"
	networks:
	- jstack

	jstack-ldap:
	image: osixia/openldap
	container_name: jstack-ldap
	hostname: jstack-ldap
	ulimits:
	nofile:
	soft: 1024
	hard: 1024
	environment:
	LDAP_TLS: 'true'
	LDAP_ORGANISATION: "Jaguar Stack"
	LDAP_DOMAIN: "jstack.com"
	LDAP_ADMIN_PASSWORD: "password"
	volumes:
	- /var/lib/ldap
	- /etc/ldap/slapd.d
	- /container/service/slapd/assets/certs/
	depends_on:
	- inca-logger
	networks:
	- jstack

	jstack-ldap-admin:
	image: osixia/phpldapadmin
	environment:
	PHPLDAPADMIN_LDAP_HOSTS: "jstack-ldap"
	depends_on:
	- inca-logger
	- jstack-ldap
	networks:
	- jstack

	inca-redis:
	image: redis:4.0-alpine
	command: redis-server --requirepass authelia
	networks:
	- jstack

	smtp:
	image: schickling/mailcatcher
	networks:
	- jstack

	inca-mongo:
	image: mongo:3.4
	command: mongod --auth
	environment:
	- MONGO_INITDB_ROOT_USERNAME=authelia
	- MONGO_INITDB_ROOT_PASSWORD=authelia
	depends_on:
	- inca-logger
	ports:
	- "27017:27017"
	networks:
	- jstack

	httpbin:
	image: citizenstig/httpbin
	networks:
	- jstack

	## This docker image allows the end user to change his/her own password via self-service.
	inca-selfservice:
	image: tiredofit/self-service-password:latest
	container_name: inca-selfservice
	volumes:
	- ./compose/selfservice/data/:/www/ssp
	- ./compose/selfservice/logs/:/www/logs
	environment:
	- VIRTUAL_HOST=selfservice-kb.balcos.io
	- VIRTUAL_NETWORK=nginx-proxy
	- VIRTUAL_PORT=80
	- ZABBIX_HOSTNAME=ssp-app
	- LDAP_SERVER=ldap://jstack-ldap
	- LDAP_STARTTLS=false
	- LDAP_BINDDN=cn=admin,dc=jstack,dc=com
	- LDAP_BINDPASS=YourLDAPAdminPass
	- LDAP_BASE_SEARCH=ou=users,dc=jstack,dc=com
	- LDAP_LOGIN_ATTRIBUTE=cn
	- LDAP_FULLNAME_ATTRIBUTE=cn
	# Active Directory mode
	# true: use unicodePwd as password field
	# false: LDAPv3 standard behavior
	- ADMODE=false
	# Force account unlock when password is changed
	- AD_OPT_FORCE_UNLOCK=false
	# Force user change password at next login
	- AD_OPT_FORCE_PWD_CHANGE=false
	# Allow user with expired password to change password
	- AD_OPT_CHANGE_EXPIRED_PASSWORD=false
	- PASSWORD_HASH=CRYPT
	# Local password policy
	# This is applied before directory password policy
	# Minimal length
	- PASSWORD_MIN_LENGTH=12
	# Maximal length
	- PASSWORD_MAX_LENGTH=30
	# Minimal lower characters
	- PASSWORD_MIN_LOWERCASE=1
	# Minimal upper characters
	- PASSWORD_MIN_UPPERCASE=1
	# Minimal digit characters
	- PASSWORD_MIN_DIGIT=1
	# Minimal special characters
	- PASSWORD_MIN_SPECIAL=0
	# Dont reuse the same password as currently
	- PASSWORD_NO_REUSE=true
	# Show policy constraints message:
	# always
	# never
	# onerror
	- PASSWORD_SHOW_POLICY=onerror
	# Position of password policy constraints message:
	# above - the form
	# below - the form
	- PASSWORD_SHOW_POLICY_POSITION=above
	# Who changes the password?
	# applicable for question/answer save
	# user: the user itself
	# manager: the above binddn
	- WHO_CAN_CHANGE_PASSWORD=user
	## Questions/answers
	# Use questions/answers?
	# true (default)
	# false
	- QUESTIONS_ENABLED=false
	# Reset URL (if behind a reverse proxy)
	- IS_BEHIND_PROXY=true
	# Display help messages
	- SHOW_HELP=true
	# Language
	- LANG=en
	# Debug mode
	- DEBUG_MODE=false
	# Encryption, decryption keyphrase
	- SECRETEKEY=SomeRandomKey
	## Mail
	# LDAP mail attribute
	- LDAP_MAIL_ATTRIBUTE=mail
	# Notify users anytime their password is changed
	- NOTIFY_ON_CHANGE=true
	networks:
	- jstack

	networks:
	jstack:
	driver: bridge