53 lines
2.0 KiB
Docker
53 lines
2.0 KiB
Docker
FROM debian:bookworm-slim
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
# 1) Install Supervisor, slapd, ldap-utils, Apache2+PHP, wget, unzip, envsubst
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
supervisor \
|
|
slapd ldap-utils \
|
|
wget unzip gnupg \
|
|
apache2 libapache2-mod-php php php-ldap php-mbstring php-xml \
|
|
gettext-base \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# 2) Download and install Hydra binary (v2.3.0) with the correct filename
|
|
RUN HYDRA_VERSION=v2.3.0 && \
|
|
HYDRA_FILENAME="hydra_${HYDRA_VERSION}-linux_64bit.tar.gz" && \
|
|
wget -qO /tmp/hydra.tar.gz \
|
|
https://github.com/ory/hydra/releases/download/${HYDRA_VERSION}/${HYDRA_FILENAME} && \
|
|
mkdir -p /usr/local/bin/hydra_tmp && \
|
|
tar -xzf /tmp/hydra.tar.gz -C /usr/local/bin/hydra_tmp && \
|
|
mv /usr/local/bin/hydra_tmp/hydra /usr/local/bin/hydra && \
|
|
chmod +x /usr/local/bin/hydra && \
|
|
rm -rf /usr/local/bin/hydra_tmp /tmp/hydra.tar.gz
|
|
|
|
# 3) Install LAM (osixia/ldap-account-manager) under /var/www/lam
|
|
RUN LAM_VERSION=1.2.1 && \
|
|
wget -qO /tmp/lam.zip https://github.com/osixia/ldap-account-manager/releases/download/${LAM_VERSION}/ldap-account-manager_${LAM_VERSION}.zip && \
|
|
unzip /tmp/lam.zip -d /var/www/html && \
|
|
mv /var/www/html/ldap-account-manager /var/www/html/lam && \
|
|
rm /tmp/lam.zip
|
|
|
|
# 4) Enable Apache modules required by LAM
|
|
RUN a2enmod php8.2 ldap rewrite
|
|
|
|
# 5) Copy Supervisor config and entrypoint
|
|
COPY supervisord.conf /etc/supervisor/supervisord.conf
|
|
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
|
RUN chmod +x /usr/local/bin/entrypoint.sh
|
|
|
|
# 6) Copy all template files into /templates
|
|
COPY templates/ /templates/
|
|
|
|
# 7) Create empty folder for LAM config (will be filled at runtime)
|
|
RUN mkdir -p /var/www/lam/config
|
|
RUN chown -R www-data:www-data /var/www/lam
|
|
|
|
# 8) Expose ports: LDAP=389, LDAPS=636, Hydra Public=4444, Hydra Admin=4445, HTTP=80
|
|
EXPOSE 389 636 4444 4445 80
|
|
|
|
# 9) At runtime, entrypoint.sh does all the envsubst + slapd reconfiguration + supervisord
|
|
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|