From 8e049c9e5481c2eda89ecdeb9ecd7b5670f372bb Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Wed, 30 Jun 2021 16:54:33 +0200 Subject: [PATCH] Add a docker image --- .dockerignore | 20 ++++++++++ Dockerfile | 55 ++++++++++++++++++++++++++ README.md | 38 ++++++++++++++++++ lldap_config.docker_template.toml | 65 +++++++++++++++++++++++++++++++ 4 files changed, 178 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100644 lldap_config.docker_template.toml diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..c07c711 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,20 @@ +# Don't track git +.git/* + +# Don't track cargo generated files +target/* +app/target/* +model/target/* + +# Don't track the generated JS +app/pkg/* + +# Don't track changes to the Dockerfile, triggering a rebuild without cache +Dockerfile +.dockerignore + +# Various config files that shouldn't be tracked +lldap_config.toml +server_key +users.db* +.gitignore diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9de935c --- /dev/null +++ b/Dockerfile @@ -0,0 +1,55 @@ +# Build image +FROM rust:alpine AS builder + +RUN set -x \ + # Add user + && addgroup --gid 10001 app \ + && adduser --disabled-password \ + --gecos '' \ + --ingroup app \ + --home /app \ + --uid 10001 \ + app +RUN set -x \ + # Install required packages + && apk add npm openssl-dev musl-dev +USER app +WORKDIR /app +RUN set -x \ + # Install build tools + && RUSTFLAGS=-Ctarget-feature=-crt-static cargo install wasm-pack \ + && npm install rollup +# Build +COPY --chown=app:app . /app +RUN cargo build --release +# TODO: release mode. +RUN ./app/build.sh + + +# Final image +FROM alpine + +RUN set -x \ + # Add user + && addgroup --gid 10001 app \ + && adduser --disabled-password \ + --gecos '' \ + --ingroup app \ + --home /app \ + --uid 10001 \ + app + +RUN mkdir /data && chown app:app /data +USER app +WORKDIR /app +COPY --chown=app:app --from=builder /app/app/index.html app/index.html +COPY --chown=app:app --from=builder /app/app/main.js app/main.js +COPY --chown=app:app --from=builder /app/app/pkg app/pkg +COPY --chown=app:app --from=builder /app/target/release/lldap lldap + +ENV LDAP_PORT=3890 +ENV HTTP_PORT=17170 + +EXPOSE ${LDAP_PORT} ${HTTP_PORT} + +CMD ["/app/lldap", "--config_file", "/data/lldap_config.toml"] diff --git a/README.md b/README.md index 3c4c2aa..266dae4 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,44 @@ Make sure that you run `cargo fmt` in each crate that you modified (top-level, ### Setup +#### With Docker + +The image is available at `nitnelave/lldap`. You should persist the `/data` +folder, which contains your configuration, the database and the private key +file (unless you move them in the config). + +Configure the server by copying the `lldap_config.docker_template.toml` to +`/data/lldap_config.toml` and updating the configuration values (especially the +`jwt_secret` and `ldap_user_pass`, unless you override them with env variables). + +Example for docker compose: + +```yaml +volumes: + lldap_data: + driver: local + +services: + lldap: + image: nitnelave/lldap + ports: + # For LDAP + - "3890:3890" + # For the web front-end + - "17170:17170" + volumes: + - "lldap_data:/data" + environment: + - JWT_SECRET=REPLACE_WITH_RANDOM + - LDAP_USER_PASS=REPLACE_WITH_PASSWORD + - LDAP_BASE_DN=dc=example,dc=com +``` + +Then the service will listen on two ports, one for LDAP and one for the web +front-end. + +#### From source + To bring up the server, you'll need to compile the frontend. In addition to cargo, you'll need: diff --git a/lldap_config.docker_template.toml b/lldap_config.docker_template.toml new file mode 100644 index 0000000..d625eb4 --- /dev/null +++ b/lldap_config.docker_template.toml @@ -0,0 +1,65 @@ +## Default configuration for Docker. +## All the values can be overridden through environment variables. For +## instance, "ldap_port" can be overridden with the "LDAP_PORT" variable. + +## The port on which to have the LDAP server. +#ldap_port = 3890 + +## The port on which to have the HTTP server, for user login and +## administration. +#http_port = 17170 + +## Random secret for JWT signature. +## This secret should be random, and should be shared with application +## servers that need to consume the JWTs. +## Changing this secret will invalidate all user sessions and require +## them to re-login. +## You should probably set it through the JWT_SECRET environment +## variable from a secret ".env" file. +## You can generate it with (on linux): +## LC_ALL=C tr -dc 'A-Za-z0-9!"#%&'\''()*+,-./:;<=>?@[\]^_{|}~'