Some docker for a scalable Lemonldap::NG installation, ready to use with a Redis server to share sessions and a PostgreSQL server to share configuration. See docker-compose example.
List:
- yadd/lemonldap-ng-portal: the portal
- yadd/lemonldap-ng-portal-hiperf: portal with better performances
 
- yadd/lemonldap-ng-manager: the manager
- yadd/lemonldap-ng-full: the portal and the manager in the same image
- yadd/lemonldap-ng-ssoaas-fastcgi-server: a FastCGI server to enable SSOaaS
- yadd/lemonldap-ng-pg-database: a ready to use PostgreSQL database
- yadd/lemonldap-ng-cron: a simple LLNG maintenance tasks runner,
to be used if tasks are disabled on portals. See examples.
- yadd/lemonldap-ng-crontask: simply launch portal cron task and exit
 
- yadd/lemonldap-ng-sessions-backup: backup sessions and exit
- yadd/lemonldap-ng-webpubsub: a Pub/Sub server based on HTTP
The yadd/lemonldap-ng-base isn't directly usable, just a base to build Lemonldap::NG components.
Image uses S6 overlay except PostgreSQL database, based on postgres:trixie.
LemonLDAP::NG is installed using Debian backports packages, so using the last published version.
You can also use dev to build an image using the upstream repository.
Set BRANCH to choose the upstream branch to clone.
version: "3.4"
services:
  llng:
    image: yadd/lemonldap-ng-full
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    port: 80:80In this example, manager is available on port 81, portal on port 80.
version: "3.4"
services:
  auth:
    image: yadd/lemonldap-ng-portal
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    volumes:
      - ./llng-var:/var/lib/lemonldap-ng
    port: 80:80
  auth:
    image: yadd/lemonldap-ng-manager
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    volumes:
      - ./llng-var:/var/lib/lemonldap-ng
    port: 81:80In this example, manager is available on port 81, portal on port 80. Configuration is stored in a PostgerSQL database, sessions in a Redis server. A crowdsec server is added to filter bad IP addresses.
version: "3.4"
services:
  db:
    image: yadd/lemonldap-ng-pg-database
    environment:
      - POSTGRES_PASSWORD=zz
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
    image: redis
  auth:
    image: yadd/lemonldap-ng-portal
    depends_on:
      db:
        condition: service_healthy
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
      - CROWDSEC_SERVER=http://crowdsec:8080
      - CROWDSEC_KEY=myrandomstring
      - CROWDSEC_ACTION=reject
    port: 80:80
  manager:
    image: yadd/lemonldap-ng-manager
    depends_on:
      db:
        condition: service_healthy
      auth:
        condition: service_started
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
    port: 81:80
  crowdsec:
    image: crowdsecurity/crowdsec
    environment:
      - BOUNCER_KEY_llng=myrandomstringHere a haproxy server balance requests between
5 portals. It handles also he manager.
To avoid multiplicating maintenance tasks, a yadd/lemonldap-ng-cron
service handle them and portals are configured with PORTAL_CRON=no
version: "3.4"
services:
  db:
    image: yadd/lemonldap-ng-pg-database
    environment:
      - POSTGRES_PASSWORD=zz
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5
  redis:
    image: redis
  portal:
    image: yadd/lemonldap-ng-portal
    depends_on:
      db:
        condition: service_healthy
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - PORTAL_CRON=no
      - CROWDSEC_SERVER=http://crowdsec:8080
      - CROWDSEC_KEY=myrandomstring
      - CROWDSEC_ACTION=reject
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
    scale: 5
  cron:
    image: yadd/lemonldap-ng-cron
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - PORTAL_CRON=no
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
  manager:
    image: yadd/lemonldap-ng-manager
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
    depends_on:
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
      auth:
        condition: service_started
  crowdsec:
    image: crowdsecurity/crowdsec
    environment:
      - BOUNCER_KEY_llng=myrandomstring
  haproxy:
    image: haproxy:2.6-bullseye
    ports:
      - 80:80
    volumes:
      - ./haproxy:/usr/local/etc/haproxy:ro
    sysctls:
      - net.ipv4.ip_unprivileged_port_start=0
    depends_on:
      - portal
      - managerCopyright:
- 2018-2024, Xavier Guimard [email protected]
- 2023-2024, LINAGORA https://linagora.com
License: GNU General Public License v2.0