diff options
| author | hc <haocheng.xie@respiree.com> | 2026-02-20 11:46:25 +0800 |
|---|---|---|
| committer | hc <haocheng.xie@respiree.com> | 2026-02-20 11:46:25 +0800 |
| commit | 712c7be06ba24bc427792bfa29d3d7c5c88b06dd (patch) | |
| tree | b1e034c4f1a91fcdee073c5224ab850d31d601e5 /docker-compose.yml | |
Diffstat (limited to 'docker-compose.yml')
| -rw-r--r-- | docker-compose.yml | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..ef5a7b7 --- /dev/null +++ b/docker-compose.yml | |||
| @@ -0,0 +1,95 @@ | |||
| 1 | services: | ||
| 2 | # =================== | ||
| 3 | # OpenLDAP (ARM-native, works great on M1/M2/M3) | ||
| 4 | # =================== | ||
| 5 | openldap: | ||
| 6 | image: osixia/openldap:1.5.0 | ||
| 7 | container_name: openldap | ||
| 8 | environment: | ||
| 9 | - LDAP_ORGANISATION=Lab | ||
| 10 | - LDAP_DOMAIN=lab.local | ||
| 11 | - LDAP_BASE_DN=dc=lab,dc=local | ||
| 12 | - LDAP_ADMIN_PASSWORD=admin123 | ||
| 13 | - LDAP_TLS=false | ||
| 14 | ports: | ||
| 15 | - "389:389" | ||
| 16 | - "636:636" | ||
| 17 | volumes: | ||
| 18 | - openldap-data:/var/lib/ldap | ||
| 19 | - openldap-config:/etc/ldap/slapd.d | ||
| 20 | restart: unless-stopped | ||
| 21 | |||
| 22 | # =================== | ||
| 23 | # Keycloak (OIDC/SAML Provider) | ||
| 24 | # =================== | ||
| 25 | keycloak: | ||
| 26 | image: quay.io/keycloak/keycloak:latest | ||
| 27 | container_name: keycloak | ||
| 28 | environment: | ||
| 29 | - KEYCLOAK_ADMIN=admin | ||
| 30 | - KEYCLOAK_ADMIN_PASSWORD=admin | ||
| 31 | - KC_HTTP_ENABLED=true | ||
| 32 | - KC_HOSTNAME_STRICT=false | ||
| 33 | ports: | ||
| 34 | - "8080:8080" | ||
| 35 | command: start-dev | ||
| 36 | depends_on: | ||
| 37 | - openldap | ||
| 38 | restart: unless-stopped | ||
| 39 | healthcheck: | ||
| 40 | test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080"] | ||
| 41 | interval: 5s | ||
| 42 | timeout: 5s | ||
| 43 | retries: 12 | ||
| 44 | |||
| 45 | # Disables HTTPS requirement and creates lab realm | ||
| 46 | keycloak-init: | ||
| 47 | image: curlimages/curl:latest | ||
| 48 | container_name: keycloak-init | ||
| 49 | depends_on: | ||
| 50 | keycloak: | ||
| 51 | condition: service_healthy | ||
| 52 | entrypoint: /bin/sh | ||
| 53 | command: | ||
| 54 | - -c | ||
| 55 | - | | ||
| 56 | echo "Waiting for Keycloak..." | ||
| 57 | sleep 10 | ||
| 58 | echo "Getting admin token..." | ||
| 59 | TOKEN=$$(curl -s -X POST "http://keycloak:8080/realms/master/protocol/openid-connect/token" \ | ||
| 60 | -H "Content-Type: application/x-www-form-urlencoded" \ | ||
| 61 | -d "username=admin" \ | ||
| 62 | -d "password=admin" \ | ||
| 63 | -d "grant_type=password" \ | ||
| 64 | -d "client_id=admin-cli" | sed 's/.*"access_token":"\([^"]*\)".*/\1/') | ||
| 65 | echo "Disabling SSL on master realm..." | ||
| 66 | curl -s -X PUT "http://keycloak:8080/admin/realms/master" \ | ||
| 67 | -H "Authorization: Bearer $$TOKEN" \ | ||
| 68 | -H "Content-Type: application/json" \ | ||
| 69 | -d '{"sslRequired":"NONE"}' | ||
| 70 | echo "Creating lab realm..." | ||
| 71 | curl -s -X POST "http://keycloak:8080/admin/realms" \ | ||
| 72 | -H "Authorization: Bearer $$TOKEN" \ | ||
| 73 | -H "Content-Type: application/json" \ | ||
| 74 | -d '{"realm":"lab","enabled":true,"sslRequired":"NONE"}' | ||
| 75 | echo "Done - master and lab realms ready with SSL disabled" | ||
| 76 | restart: "no" | ||
| 77 | |||
| 78 | # =================== | ||
| 79 | # LDAP Admin UI (browse LDAP visually) | ||
| 80 | # =================== | ||
| 81 | ldap-admin: | ||
| 82 | image: osixia/phpldapadmin | ||
| 83 | container_name: ldap-admin | ||
| 84 | environment: | ||
| 85 | - PHPLDAPADMIN_LDAP_HOSTS=openldap | ||
| 86 | - PHPLDAPADMIN_HTTPS=false | ||
| 87 | ports: | ||
| 88 | - "8081:80" | ||
| 89 | depends_on: | ||
| 90 | - openldap | ||
| 91 | restart: unless-stopped | ||
| 92 | |||
| 93 | volumes: | ||
| 94 | openldap-data: | ||
| 95 | openldap-config: | ||