Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
218 lines (204 sloc) 5.66 KB
version: '3.7'
# RUN: docker-compose up --build -d
services:
inca-logger:
image: umputun/docker-logger
container_name: "logger"
hostname: "logger"
restart: always
logging:
driver: json-file
options:
max-size: "10m"
max-file: "5"
environment:
- LOG_FILES=true
- LOG_SYSLOG=false
- EXCLUDE=monit,docker-logger
- MAX_FILES=10
- MAX_SIZE=50
- MAX_AGE=20
- DEBUG=false
- TIME_ZONE=UTC
volumes:
- ./logs:/srv/logs
- /var/run/docker.sock:/var/run/docker.sock
networks:
- jstack
jstack-nginx-backend:
image: nginx:stable
container_name: jstack-nginx-backend
hostname: jstack-nginx-backend
restart: always
volumes:
- ./compose/nginx/backend/html/awesomekb:/usr/share/nginx/html/awesomekb.jstack.com
- ./compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf
- ./compose/nginx/backend/awesomekb.conf:/etc/nginx/conf.d/awesomekb.conf
networks:
- jstack
inca-authelia:
image: clems4ever/authelia:latest
container_name: inca-authelia
hostname: inca-authelia
environment:
- NODE_TLS_REJECT_UNAUTHORIZED=0
restart: always
volumes:
- ./compose/authelia/config.yml:/etc/authelia/config.yml:ro
depends_on:
- inca-redis
- jstack-ldap
networks:
- jstack
jstack-nginx-portal:
image: nginx:alpine
container_name: jstack-nginx-portal
hostname: jstack-nginx-portal
volumes:
- ./compose/nginx/portal/nginx.conf:/etc/nginx/nginx.conf
- ./compose/nginx/portal/ssl:/etc/ssl
- ./compose/nginx/portal/.htpasswd:/usr/share/nginx/.htpasswd
ports:
- "443:443"
networks:
- jstack
jstack-ldap:
image: osixia/openldap
container_name: jstack-ldap
hostname: jstack-ldap
ulimits:
nofile:
soft: 1024
hard: 1024
environment:
LDAP_TLS: 'true'
LDAP_ORGANISATION: "Jaguar Stack"
LDAP_DOMAIN: "jstack.com"
LDAP_ADMIN_PASSWORD: "password"
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
depends_on:
- inca-logger
networks:
- jstack
jstack-ldap-admin:
image: osixia/phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: "jstack-ldap"
depends_on:
- inca-logger
- jstack-ldap
networks:
- jstack
inca-redis:
image: redis:4.0-alpine
command: redis-server --requirepass authelia
networks:
- jstack
smtp:
image: schickling/mailcatcher
networks:
- jstack
inca-mongo:
image: mongo:3.4
command: mongod --auth
environment:
- MONGO_INITDB_ROOT_USERNAME=authelia
- MONGO_INITDB_ROOT_PASSWORD=authelia
depends_on:
- inca-logger
ports:
- "27017:27017"
networks:
- jstack
httpbin:
image: citizenstig/httpbin
networks:
- jstack
## This docker image allows the end user to change his/her own password via self-service.
inca-selfservice:
image: tiredofit/self-service-password:latest
container_name: inca-selfservice
volumes:
- ./compose/selfservice/data/:/www/ssp
- ./compose/selfservice/logs/:/www/logs
environment:
- VIRTUAL_HOST=selfservice-kb.balcos.io
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
- ZABBIX_HOSTNAME=ssp-app
- LDAP_SERVER=ldap://jstack-ldap
- LDAP_STARTTLS=false
- LDAP_BINDDN=cn=admin,dc=jstack,dc=com
- LDAP_BINDPASS=YourLDAPAdminPass
- LDAP_BASE_SEARCH=ou=users,dc=jstack,dc=com
- LDAP_LOGIN_ATTRIBUTE=cn
- LDAP_FULLNAME_ATTRIBUTE=cn
# Active Directory mode
# true: use unicodePwd as password field
# false: LDAPv3 standard behavior
- ADMODE=false
# Force account unlock when password is changed
- AD_OPT_FORCE_UNLOCK=false
# Force user change password at next login
- AD_OPT_FORCE_PWD_CHANGE=false
# Allow user with expired password to change password
- AD_OPT_CHANGE_EXPIRED_PASSWORD=false
- PASSWORD_HASH=CRYPT
# Local password policy
# This is applied before directory password policy
# Minimal length
- PASSWORD_MIN_LENGTH=12
# Maximal length
- PASSWORD_MAX_LENGTH=30
# Minimal lower characters
- PASSWORD_MIN_LOWERCASE=1
# Minimal upper characters
- PASSWORD_MIN_UPPERCASE=1
# Minimal digit characters
- PASSWORD_MIN_DIGIT=1
# Minimal special characters
- PASSWORD_MIN_SPECIAL=0
# Dont reuse the same password as currently
- PASSWORD_NO_REUSE=true
# Show policy constraints message:
# always
# never
# onerror
- PASSWORD_SHOW_POLICY=onerror
# Position of password policy constraints message:
# above - the form
# below - the form
- PASSWORD_SHOW_POLICY_POSITION=above
# Who changes the password?
# applicable for question/answer save
# user: the user itself
# manager: the above binddn
- WHO_CAN_CHANGE_PASSWORD=user
## Questions/answers
# Use questions/answers?
# true (default)
# false
- QUESTIONS_ENABLED=false
# Reset URL (if behind a reverse proxy)
- IS_BEHIND_PROXY=true
# Display help messages
- SHOW_HELP=true
# Language
- LANG=en
# Debug mode
- DEBUG_MODE=false
# Encryption, decryption keyphrase
- SECRETEKEY=SomeRandomKey
## Mail
# LDAP mail attribute
- LDAP_MAIL_ATTRIBUTE=mail
# Notify users anytime their password is changed
- NOTIFY_ON_CHANGE=true
networks:
- jstack
networks:
jstack:
driver: bridge