LemonLDAP::NG dockers

Some docker for a scalable Lemonldap::NG installation, ready to use with a Redis server to share sessions and a PostgreSQL server to share configuration. See docker-compose example.

List:

yadd/lemonldap-ng-portal: the portal
- yadd/lemonldap-ng-portal-hiperf: portal with better performances
yadd/lemonldap-ng-manager: the manager
yadd/lemonldap-ng-full: the portal and the manager in the same image
yadd/lemonldap-ng-ssoaas-fastcgi-server: a FastCGI server to enable SSOaaS
yadd/lemonldap-ng-pg-database: a ready to use PostgreSQL database
yadd/lemonldap-ng-cron: a simple LLNG maintenance tasks runner, to be used if tasks are disabled on portals. See examples.

The yadd/lemonldap-ng-base isn't directly usable, just a base to build Lemonldap::NG components.

Image uses S6 overlay except PostgreSQL database, based on postgres:bookworm.

LemonLDAP::NG is installed using Debian backports packages, so using the last published version.

You can also use dev to build an image using the upstream repository. Set BRANCH to choose the upstream branch to clone.

Docker-compose examples:

1. Simple standalone LemonLDAP::NG

version: "3.4"

services:
  llng:
    image: yadd/lemonldap-ng-full
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    port: 80:80

2. Separate portal and manager, configuration shared by filesystem

In this example, manager is available on port 81, portal on port 80.

version: "3.4"

services:
  auth:
    image: yadd/lemonldap-ng-portal
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    volumes:
      - ./llng-var:/var/lib/lemonldap-ng
    port: 80:80

  auth:
    image: yadd/lemonldap-ng-manager
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
    volumes:
      - ./llng-var:/var/lib/lemonldap-ng
    port: 81:80

3. Separate portal and manager using real databases

In this example, manager is available on port 81, portal on port 80. Configuration is stored in a PostgerSQL database, sessions in a Redis server. A crowdsec server is added to filter bad IP addresses.

version: "3.4"

services:
  db:
    image: yadd/lemonldap-ng-pg-database
    environment:
      - POSTGRES_PASSWORD=zz
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis

  auth:
    image: yadd/lemonldap-ng-portal
    depends_on:
      db:
        condition: service_healthy
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
      - CROWDSEC_SERVER=http://crowdsec:8080
      - CROWDSEC_KEY=myrandomstring
      - CROWDSEC_ACTION=reject
    port: 80:80

  manager:
    image: yadd/lemonldap-ng-manager
    depends_on:
      db:
        condition: service_healthy
      auth:
        condition: service_started
    environment:
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - LOGGER=stderr
      - USERLOGGER=stderr
    port: 81:80

  crowdsec:
    image: crowdsecurity/crowdsec
    environment:
      - BOUNCER_KEY_llng=myrandomstring

4. Scalability

Here a haproxy server balance requests between 5 portals. It handles also he manager. To avoid multiplicating maintenance tasks, a yadd/lemonldap-ng-cron service handle them and portals are configured with PORTAL_CRON=no

version: "3.4"

services:
  db:
    image: yadd/lemonldap-ng-pg-database
    environment:
      - POSTGRES_PASSWORD=zz
    healthcheck:
      test: ["CMD-SHELL", "pg_isready"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis

  portal:
    image: yadd/lemonldap-ng-portal
    depends_on:
      db:
        condition: service_healthy
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - PORTAL_CRON=no
      - CROWDSEC_SERVER=http://crowdsec:8080
      - CROWDSEC_KEY=myrandomstring
      - CROWDSEC_ACTION=reject
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
    scale: 5

  cron:
    image: yadd/lemonldap-ng-cron
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
      - PORTAL_CRON=no
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started

  manager:
    image: yadd/lemonldap-ng-manager
    environment:
      - LOGGER=stderr
      - USERLOGGER=stderr
      - PG_SERVER=db
      - REDIS_SERVER=redis:6379
    depends_on:
    depends_on:
      db:
        condition: service_healthy
      redis:
        condition: service_started
      auth:
        condition: service_started

  crowdsec:
    image: crowdsecurity/crowdsec
    environment:
      - BOUNCER_KEY_llng=myrandomstring

  haproxy:
    image: haproxy:2.6-bullseye
    ports:
      - 80:80
    volumes:
      - ./haproxy:/usr/local/etc/haproxy:ro
    sysctls:
      - net.ipv4.ip_unprivileged_port_start=0
    depends_on:
      - portal
      - manager

Copyright and license

Copyright:

2018-2024, Xavier Guimard yadd@debian.org
2023-2024, LINAGORA https://linagora.com

License: GNU General Public License v2.0

Name	Name	Last commit message	Last commit date
Latest commit guimard v2.20.2-2 Mar 27, 2025 c9421d4 · Mar 27, 2025 History 385 Commits
.github/workflows	.github/workflows	Don't use cache when getting a refresh_token	Feb 17, 2025
base-no-s6	base-no-s6	Fix log dup	Mar 27, 2025
base	base	Fix log dup	Mar 27, 2025
cron-task	cron-task	Disable cron for task containers	Jul 15, 2024
cron	cron	Fix healthcheck doc for PG	Aug 14, 2024
dev	dev	Fix CI	Aug 12, 2024
full	full	Update admin logout patch	Mar 2, 2025
haproxy	haproxy	Update doc	Mar 4, 2023
manager-lite	manager-lite	Add manager with starman (not published)	Jan 18, 2025
manager	manager	Update admin logout patch	Mar 2, 2025
nginx-protected-by-lemonldap-ng-fastcgi-server	nginx-protected-by-lemonldap-ng-fastcgi-server	Initialize configuration key	Mar 17, 2023
pg	pg	Fix PG install from scratch	Aug 18, 2024
portal	portal	Fix logs patch	Mar 23, 2025
sessions-backup	sessions-backup	Update doc	Jul 17, 2024
ssoaas-fastcgi-server	ssoaas-fastcgi-server	hadolint DL3005	Jun 22, 2024
uwsgi-portal	uwsgi-portal	Fix logs patch	Mar 23, 2025
Changes.md	Changes.md	v2.20.2-2	Mar 27, 2025
LICENSE	LICENSE	Initial release	Dec 11, 2018
README.md	README.md	Fix healthcheck doc for PG	Aug 14, 2024
SECURITY.md	SECURITY.md	Create SECURITY.md	Jun 22, 2024
build-all	build-all	Fix cron	Aug 18, 2024
lemonldap-ng.list	lemonldap-ng.list	Initial release	Dec 11, 2018
transform	transform	Portal maintainance	Jan 29, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

LemonLDAP::NG dockers

Docker-compose examples:

1. Simple standalone LemonLDAP::NG

2. Separate portal and manager, configuration shared by filesystem

3. Separate portal and manager using real databases

4. Scalability

Copyright and license

About

Releases 14

Packages

Contributors 2

Languages

License

guimard/llng-docker

Folders and files

Latest commit

History

Repository files navigation

LemonLDAP::NG dockers

Docker-compose examples:

1. Simple standalone LemonLDAP::NG

2. Separate portal and manager, configuration shared by filesystem

3. Separate portal and manager using real databases

4. Scalability

Copyright and license

About

Resources

License

Security policy

Stars

Watchers

Forks

Releases 14

Packages 0

Contributors 2

Languages

Packages