mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
add an entrypoint script that allows setting secrets from a file; version the upstream containers
This commit is contained in:
parent
df889ee2fe
commit
859ed97ca8
10
Dockerfile
10
Dockerfile
@ -1,5 +1,5 @@
|
|||||||
# Build image
|
# Build image
|
||||||
FROM rust:alpine AS chef
|
FROM rust:alpine3.14 AS chef
|
||||||
|
|
||||||
RUN set -x \
|
RUN set -x \
|
||||||
# Add user
|
# Add user
|
||||||
@ -40,7 +40,7 @@ RUN cargo build --release -p lldap \
|
|||||||
&& ./app/build.sh
|
&& ./app/build.sh
|
||||||
|
|
||||||
# Final image
|
# Final image
|
||||||
FROM alpine
|
FROM alpine:3.14
|
||||||
|
|
||||||
RUN set -x \
|
RUN set -x \
|
||||||
# Add user
|
# Add user
|
||||||
@ -54,16 +54,20 @@ RUN set -x \
|
|||||||
# Create the /data folder
|
# Create the /data folder
|
||||||
&& mkdir /data && chown app:app /data
|
&& mkdir /data && chown app:app /data
|
||||||
|
|
||||||
|
RUN apk add --no-cache bash
|
||||||
|
|
||||||
USER app
|
USER app
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY --chown=app:app --from=builder /app/app/index.html /app/app/main.js app/
|
COPY --chown=app:app --from=builder /app/app/index.html /app/app/main.js app/
|
||||||
COPY --chown=app:app --from=builder /app/app/pkg app/pkg
|
COPY --chown=app:app --from=builder /app/app/pkg app/pkg
|
||||||
COPY --chown=app:app --from=builder /app/target/release/lldap lldap
|
COPY --chown=app:app --from=builder /app/target/release/lldap lldap
|
||||||
|
COPY docker-entrypoint.sh .
|
||||||
|
|
||||||
ENV LDAP_PORT=3890
|
ENV LDAP_PORT=3890
|
||||||
ENV HTTP_PORT=17170
|
ENV HTTP_PORT=17170
|
||||||
|
|
||||||
EXPOSE ${LDAP_PORT} ${HTTP_PORT}
|
EXPOSE ${LDAP_PORT} ${HTTP_PORT}
|
||||||
|
|
||||||
CMD ["/app/lldap", "run", "--config-file", "/data/lldap_config.toml"]
|
ENTRYPOINT ["/app/docker-entrypoint.sh"]
|
||||||
|
CMD ["run", "--config-file", "/data/lldap_config.toml"]
|
||||||
|
@ -71,6 +71,8 @@ Configure the server by copying the `lldap_config.docker_template.toml` to
|
|||||||
Environment variables should be prefixed with `LLDAP_` to override the
|
Environment variables should be prefixed with `LLDAP_` to override the
|
||||||
configuration.
|
configuration.
|
||||||
|
|
||||||
|
Secrets can also be set through a file. The filename should be specified by the variables `LLDAP_JWT_SECRET_FILE` or `LLDAP_USER_PASS_FILE`, and the file contents are loaded into the respective configuration parameters. Note that `_FILE` variables take precedence.
|
||||||
|
|
||||||
Example for docker compose:
|
Example for docker compose:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
18
docker-entrypoint.sh
Executable file
18
docker-entrypoint.sh
Executable file
@ -0,0 +1,18 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
for SECRET in LLDAP_JWT_SECRET LLDAP_LDAP_USER_PASS; do
|
||||||
|
FILE_VAR="${SECRET}_FILE"
|
||||||
|
SECRET_FILE="${!FILE_VAR:-}"
|
||||||
|
if [[ -n "$SECRET_FILE" ]]; then
|
||||||
|
if [[ -f "$SECRET_FILE" ]]; then
|
||||||
|
declare "$SECRET=$(cat $SECRET_FILE)"
|
||||||
|
export "$SECRET"
|
||||||
|
echo "[entrypoint] Set $SECRET from $SECRET_FILE"
|
||||||
|
else
|
||||||
|
echo "[entrypoint] Could not read contents of $SECRET_FILE (specified in $FILE_VAR)" >&2
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
exec /app/lldap "$@"
|
Loading…
Reference in New Issue
Block a user