Skip to content
Snippets Groups Projects
Commit 4a99d399 authored by jabertwo's avatar jabertwo
Browse files

WIP: jameicavnc an uffd

parent 4b5cbf9f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
site.yml
+ 1
0
View file @ 4a99d399
......@@ -386,6 +386,7 @@
- {
role: verwaltung/docker_jameica, tags: [ jameicavnc, docker_services ],
servicename: "jameicavnc",
basedir: /srv/jameica-vnc,
domain: "verwaltung-jameica.warpzone.ms"
}
- {
......
testserver/docker_jameica/templates/docker-compose.yml
+ 3
2
View file @ 4a99d399
......@@ -4,8 +4,8 @@ services:
build: .
restart: always
environment:
DISPLAY_WIDTH: 1440
DISPLAY_HEIGHT: 900
DISPLAY_WIDTH: 1920
DISPLAY_HEIGHT: 1080
RUN_XTERM: "no"
volumes:
- /srv/jameica:/jameica/
......@@ -13,6 +13,7 @@ services:
- {{basedir}}/work:/jameica-work/
networks:
- default
- web
labels:
- com.centurylinklabs.watchtower.enable=false
- traefik.enable=true
......
verwaltung/docker_jameica/tasks/main.yml
+ 6
5
View file @ 4a99d399
---
- include_tasks: ../functions/get_secret.yml
with_items:
- { path: /srv/ldap/secret/ldap_readonly_pass, length: -1 }
- { path: "{{ basedir }}/secrets/forward_auth_secret", length: 64 }
- { path: "{{ basedir }}/secrets/oauth_client_secret", length: 64 }
- name: "create folder struct for {{ servicename }}"
file:
path: "{{item}}"
state: "directory"
with_items:
- "/srv/jameica-vnc/"
- "/srv/jameica-vnc/work"
- "{{basedir}}/"
- "{{basedir}}/work"
- "{{basedir}}/secrets"
- name: Konfig-Dateien erstellen
template:
src: "{{item}}"
dest: "/srv/jameica-vnc/{{item}}"
dest: "{{basedir}}/{{item}}"
with_items:
- "docker-compose.yml"
- "Dockerfile"
- "jameica.conf"
- "jameica.sh"
- "nginx.conf"
register: config_files
- name: "stop {{ servicename }} docker"
......
verwaltung/docker_jameica/templates/docker-compose.yml
+ 26
31
View file @ 4a99d399
......@@ -4,54 +4,49 @@ services:
build: .
restart: always
environment:
DISPLAY_WIDTH: 1440
DISPLAY_HEIGHT: 900
DISPLAY_WIDTH: 1920
DISPLAY_HEIGHT: 1080
RUN_XTERM: "no"
volumes:
- /srv/jameica:/jameica/
- /srv/data-jameica:/jameica-data/
- /srv/jameica-vnc/work:/jameica-work/
- {{basedir}}/work:/jameica-work/
networks:
- default
labels:
- com.centurylinklabs.watchtower.enable=false
ldap_auth:
image: pinepain/ldap-auth-proxy:latest
restart: always
environment:
LOG_LEVEL: "info"
LISTEN: ":8888"
LDAP_SERVER: "ldap://{{ ldap_ip_ext }}"
LDAP_BASE: "{{ ldap_base_dn }}"
LDAP_BIND_DN: "{{ ldap_readonly_bind_dn }}"
LDAP_BIND_PASSWORD: "{{ ldap_readonly_pass }}"
#(&(uid=%s)(memberof=CN=verwaltung,OU=groups,DC=warpzone,DC=ms))
LDAP_USER_FILTER: "(&(uid=%s)(memberof=CN=vorstand,OU=groups,DC=warpzone,DC=ms))"
#LDAP_GROUP_FILTER: "(&(objectClass=groupOfUniqueNames)(member=uid=%s,ou=Users,o=${OID},dc=jumpcloud,dc=com))"
HEADERS_MAP: "X-LDAP-Mail:mail,X-LDAP-UID:uid,X-LDAP-CN:cn"
networks:
- default
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-auth
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8080
nginx:
image: nginx:1
auth:
image: thomseddon/traefik-forward-auth:2.2
restart: always
depends_on:
- vnc
- ldap_auth
volumes:
- /srv/jameica-vnc/nginx.conf:/etc/nginx/conf.d/default.conf:ro
environment:
LOG_LEVEL: info
DEFAULT_ACTION: auth
DEFAULT_PROVIDER: generic-oauth
SECRET: {{ forward_auth_secret }}
PROVIDERS_GENERIC_OAUTH_AUTH_URL: {{ oauth_global.authorize_url }}
PROVIDERS_GENERIC_OAUTH_TOKEN_URL: {{ oauth_global.token_url }}
PROVIDERS_GENERIC_OAUTH_USER_URL: {{ oauth_global.userinfo_url }}
PROVIDERS_GENERIC_OAUTH_CLIENT_ID: {{ servicename }}
PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET: {{ oauth_client_secret }}
PROVIDERS_GENERIC_OAUTH_SCOPE: profile
PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE: header
labels:
- com.centurylinklabs.watchtower.enable=false
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
- traefik.http.middlewares.{{ servicename }}-auth.forwardauth.address=http://auth:4181
- traefik.http.middlewares.{{ servicename }}-auth.forwardauth.authResponseHeaders=X-Forwarded-User
- traefik.http.services.{{ servicename }}-auth.loadbalancer.server.port=4181
networks:
- default
- web
networks:
web:
external: true
\ No newline at end of file
verwaltung/docker_jameica/templates/nginx.conf deleted 100644 → 0
+ 0
57
View file @ 4b5cbf9f
server {
listen 80;
listen [::]:80;
server_name verwaltung-jameica.warpzone.ms;
root /dev/null;
index index.html;
location = / {
return 301 https://$host/vnc.html;
}
location / {
# Enable Authentication
auth_request /auth-proxy;
# Enable websockets for the noVNC console to work
proxy_http_version 1.1;
proxy_set_header Connection $http_connection;
proxy_set_header Origin http://$host;
proxy_set_header Upgrade $http_upgrade;
# VNC connection timeout
proxy_read_timeout 61s;
# Disable cache
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://vnc:8080/;
proxy_redirect off;
}
location = /auth-proxy {
internal;
proxy_pass http://ldap_auth:8888/auth;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_cache_valid 202 10m;
# The following directive adds the cookie to the cache key
proxy_cache_key "$http_authorization";
proxy_set_header X-Ldap-Group "*";
}
}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment