From 712c7be06ba24bc427792bfa29d3d7c5c88b06dd Mon Sep 17 00:00:00 2001
From: hc <haocheng.xie@respiree.com>
Date: Fri, 20 Feb 2026 11:46:25 +0800
Subject: eheh

---
 docker-compose.yml | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100644 docker-compose.yml

(limited to 'docker-compose.yml')

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..ef5a7b7
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,95 @@
+services:
+  # ===================
+  # OpenLDAP (ARM-native, works great on M1/M2/M3)
+  # ===================
+  openldap:
+    image: osixia/openldap:1.5.0
+    container_name: openldap
+    environment:
+      - LDAP_ORGANISATION=Lab
+      - LDAP_DOMAIN=lab.local
+      - LDAP_BASE_DN=dc=lab,dc=local
+      - LDAP_ADMIN_PASSWORD=admin123
+      - LDAP_TLS=false
+    ports:
+      - "389:389"
+      - "636:636"
+    volumes:
+      - openldap-data:/var/lib/ldap
+      - openldap-config:/etc/ldap/slapd.d
+    restart: unless-stopped
+
+  # ===================
+  # Keycloak (OIDC/SAML Provider)
+  # ===================
+  keycloak:
+    image: quay.io/keycloak/keycloak:latest
+    container_name: keycloak
+    environment:
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+      - KC_HTTP_ENABLED=true
+      - KC_HOSTNAME_STRICT=false
+    ports:
+      - "8080:8080"
+    command: start-dev
+    depends_on:
+      - openldap
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/8080"]
+      interval: 5s
+      timeout: 5s
+      retries: 12
+
+  # Disables HTTPS requirement and creates lab realm
+  keycloak-init:
+    image: curlimages/curl:latest
+    container_name: keycloak-init
+    depends_on:
+      keycloak:
+        condition: service_healthy
+    entrypoint: /bin/sh
+    command:
+      - -c
+      - |
+        echo "Waiting for Keycloak..."
+        sleep 10
+        echo "Getting admin token..."
+        TOKEN=$$(curl -s -X POST "http://keycloak:8080/realms/master/protocol/openid-connect/token" \
+          -H "Content-Type: application/x-www-form-urlencoded" \
+          -d "username=admin" \
+          -d "password=admin" \
+          -d "grant_type=password" \
+          -d "client_id=admin-cli" | sed 's/.*"access_token":"\([^"]*\)".*/\1/')
+        echo "Disabling SSL on master realm..."
+        curl -s -X PUT "http://keycloak:8080/admin/realms/master" \
+          -H "Authorization: Bearer $$TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"sslRequired":"NONE"}'
+        echo "Creating lab realm..."
+        curl -s -X POST "http://keycloak:8080/admin/realms" \
+          -H "Authorization: Bearer $$TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"realm":"lab","enabled":true,"sslRequired":"NONE"}'
+        echo "Done - master and lab realms ready with SSL disabled"
+    restart: "no"
+
+  # ===================
+  # LDAP Admin UI (browse LDAP visually)
+  # ===================
+  ldap-admin:
+    image: osixia/phpldapadmin
+    container_name: ldap-admin
+    environment:
+      - PHPLDAPADMIN_LDAP_HOSTS=openldap
+      - PHPLDAPADMIN_HTTPS=false
+    ports:
+      - "8081:80"
+    depends_on:
+      - openldap
+    restart: unless-stopped
+
+volumes:
+  openldap-data:
+  openldap-config:
-- 
cgit