75 lines
2.6 KiB
YAML
75 lines
2.6 KiB
YAML
version: "3.8"
|
|
services:
|
|
app:
|
|
volumes:
|
|
- "simplesaml:/var/simplesamlphp/"
|
|
- "simplesaml_log:/var/simplesamlphp/log"
|
|
environment:
|
|
- SAML_AUTH_SOURCE_ID
|
|
- SAML_EMAIL_ATTRIBUTE
|
|
- SAML_REAL_NAME_ATTRIBUTE
|
|
- SAML_SERVICE_PROVIDER
|
|
- SAML_USERNAME_ATTRIBUTE
|
|
simplesaml:
|
|
image: venatorfox/simplesamlphp:latest
|
|
secrets:
|
|
- saml_admin_password
|
|
- saml_secret_salt
|
|
environment:
|
|
- DOMAIN
|
|
- CONFIG_BASEURLPATH=https://${DOMAIN}/simplesaml/
|
|
- CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password
|
|
- CONFIG_SECRETSALT_FILE=/run/secrets/saml_secret_salt
|
|
- CONFIG_TECHNICALCONTACT_NAME
|
|
- CONFIG_TECHNICALCONTACT_EMAIL
|
|
- CONFIG_SHOWERRORS=true
|
|
- CONFIG_ERRORREPORTING=true
|
|
- CONFIG_ADMINPROTECTINDEXPAGE=true
|
|
- CONFIG_LOGGINGLEVEL=INFO
|
|
- CONFIG_ENABLESAML20IDP=true
|
|
- CONFIG_STORETYPE=sql
|
|
#- CONFIG_MEMCACHESTOREPREFIX=simplesamlphp
|
|
#- CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => [\n [\n ['hostname' => 'memcached']\n ],
|
|
- OPENLDAP_TLS_REQCERT=allow
|
|
- MTA_NULLCLIENT=true
|
|
- POSTFIX_MYHOSTNAME=${DOMAIN}
|
|
- POSTFIX_MYORIGIN=$$mydomain
|
|
- POSTFIX_INETINTERFACES=loopback-only
|
|
- DOCKER_REDIRECTLOGS=false
|
|
# Required if DOCKER_REDIRECTLOGS=true
|
|
# tty: true
|
|
configs:
|
|
- source: entrypoint_saml_conf
|
|
target: /docker-entrypoint.simplesaml.sh
|
|
mode: 0555
|
|
volumes:
|
|
- simplesaml:/var/simplesamlphp/
|
|
- simplesaml_log:/var/simplesamlphp/log
|
|
networks:
|
|
- proxy
|
|
entrypoint: /docker-entrypoint.simplesaml.sh
|
|
deploy:
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy"
|
|
- "traefik.http.services.${STACK_NAME}_simplesaml.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.${STACK_NAME}_simplesaml.rule=(Host(`${DOMAIN}`) && PathPrefix(`/simplesaml`))"
|
|
- "traefik.http.routers.${STACK_NAME}_simplesaml.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}_simplesaml.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- coop-cloud.${STACK_NAME}.simplesaml.version=latest-9308832b
|
|
volumes:
|
|
simplesaml:
|
|
simplesaml_log:
|
|
secrets:
|
|
saml_admin_password:
|
|
name: ${STACK_NAME}_saml_admin_password_${SECRET_SAML_ADMIN_PASSWORD_VERSION}
|
|
external: true
|
|
saml_secret_salt:
|
|
name: ${STACK_NAME}_saml_secret_salt_${SECRET_SAML_SECRET_SALT_VERSION}
|
|
external: true
|
|
configs:
|
|
entrypoint_saml_conf:
|
|
name: ${STACK_NAME}_entrypoint_saml_${SAML_ENTRYPOINT_CONF_VERSION}
|
|
file: entrypoint.simplesaml.sh.tmpl
|
|
template_driver: golang
|