{"id":19335176,"url":"https://github.com/lemonldapng/lemonldap-ng-docker","last_synced_at":"2025-04-09T20:11:46.213Z","repository":{"id":46296298,"uuid":"43550702","full_name":"LemonLDAPNG/lemonldap-ng-docker","owner":"LemonLDAPNG","description":"Dockerize LemonLDAP::NG","archived":false,"fork":false,"pushed_at":"2025-03-31T15:49:15.000Z","size":107,"stargazers_count":53,"open_issues_count":6,"forks_count":32,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-09T20:11:42.908Z","etag":null,"topics":["docker","lemonldap"],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LemonLDAPNG.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-10-02T12:06:51.000Z","updated_at":"2025-04-05T11:06:27.000Z","dependencies_parsed_at":"2024-03-13T09:51:53.427Z","dependency_job_id":"63e45b75-4ac3-495f-8ae3-9a0c41c7e3ca","html_url":"https://github.com/LemonLDAPNG/lemonldap-ng-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Flemonldap-ng-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Flemonldap-ng-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Flemonldap-ng-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LemonLDAPNG%2Flemonldap-ng-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LemonLDAPNG","download_url":"https://codeload.github.com/LemonLDAPNG/lemonldap-ng-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248103872,"owners_count":21048245,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","lemonldap"],"created_at":"2024-11-10T03:05:53.220Z","updated_at":"2025-04-09T20:11:46.176Z","avatar_url":"https://github.com/LemonLDAPNG.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LemonLDAP::NG in Docker\n\n![LL::NG+Docker](http://lemonldap-ng.org/_media/documentation/lemonldap-ng-docker.png)\n\n## Build the image\n\nUse the docker build command:\n\n```\n    sudo docker buildx build -t lemonldap-ng:latest .\n```\n\n\u003e [!NOTE]\n\u003e If you would like to deploy the container on port `:80` you will need to use `sudo` to build and deploy the image.\n\u003e Building and deploying without `sudo` can be used to deploy containers on port \u003e 1024.\n\n## Run the image\n\nThe image will run LemonLDAP::NG in demo mode (see http://lemonldap-ng.org/documentation/latest/authdemo).\n\nAdd auth.example.com/manager.example.com/test1.example.com/test2.example.com to /etc/hosts on the host\n```\n    echo \"127.0.0.1 auth.example.com manager.example.com reload.example.com test1.example.com test2.example.com\" | sudo tee -a /etc/hosts\n```\nMap the container port 80 to host port 80 (option -p) when you run the container to be able to access it\n```\n    sudo docker run -d -p 80:80 lemonldapng/lemonldap-ng:latest\n```\nThen connect to http://auth.example.com with your browser and log in with dwho/dwho.\n\n## Configuration\n\nYou may use the following environment variables to configure the container\n\n* `SSODOMAIN`: change the default `example.com` domain with something else\n* `LOGLEVEL`: Set LLNG verbosity (for `docker logs`). Possible values: `error`, `warn`, `notice`, `info`, `debug`\n* `FASTCGI_LISTEN_PORT`: Listen on a port instead of using a UNIX socket. If you use this variable, you will probably want to map this port on your host.\n* `PROXY_RANGE`: if LLNG is running behind a reverse proxy, change the nginx configurations for `set_real_ip_from`. `PROXY_RANGE` will be the IP range of your proxy. ex: `172.0.0.0/8`\n* `PRESERVEFILES`: define folders for llng configuration that would need to be preserved, if empty folders are mounted they will be populated with original default configurations\n\nYou can also finely set the hostnames for each site\n\n* `PORTAL_HOSTNAME`: change the default `auth.example.com` domain with something else\n* `MANAGER_HOSTNAME`: change the default `manager.example.com` domain with something else\n* `HANDLER_HOSTNAME`: change the default `reload.example.com` domain with something else\n* `TEST1_HOSTNAME`: change the default `test1.example.com` domain with something else\n* `TEST2_HOSTNAME`: change the default `test2.example.com` domain with something else\n\nCustomisations to the themes such as logos, templates etc. can be listed in the following folders. The name of the custom theme folder in `htdocs/static` or `templates` are shared. You can use the following command to configure the variable `portalSkin` or modify `lmConfX.json`: `/usr/share/lemonldap-ng/bin/lemonldap-ng-cli set portalSkin CustomTheme`\n\n* /usr/share/lemonldap-ng/portal/htdocs/static/CustomTheme\n* /usr/share/lemonldap-ng/portal/htdocs/static/CustomTheme/css\n* /usr/share/lemonldap-ng/portal/htdocs/static/CustomTheme/js\n* /usr/share/lemonldap-ng/portal/htdocs/static/CustomTheme/images\n* /usr/share/lemonldap-ng/portal/templates/CustomTheme\n\nThe custom Perl plugins can be provided in the following locations with the code inserting the following `Package Lemonldap::NG::Portal:Plugins:CustomFolder` for plugins for examples:\n\n* /usr/share/perl5/Lemonldap/NG/Portal/Plugins/CustomPlugin\n* /usr/share/perl5/Lemonldap/NG/Portal/Register/CustomRegister\n* /usr/share/perl5/Lemonldap/NG/Portal/UserDB/CustomUserdb\n* /usr/share/perl5/Lemonldap/NG/Portal/Auth/CustomAuth\n* /usr/share/perl5/Lemonldap/NG/Portal/Captcha/CustomCaptcha\n* /usr/share/perl5/Lemonldap/NG/Portal/MenuTab/CustomMenuTab\n\nExample:\n\n```\n    sudo docker run -d --name lemonldap-ng -e SSODOMAIN=example.com -e LOGLEVEL=debug -p 80:80 lemonldapng/lemonldap-ng:latest\n```\n\nCommand to deploy fast-cgi-server and nginx connecting via port 9000:\n\n```\n    sudo docker run -d \\\n        --name lemonldap-ng \\\n        -e SSODOMAIN=example.com \\\n        -e PORTAL_HOSTNAME=auth.example.com \\\n        -e MANAGER_HOSTNAME=manager.example.com \\\n        -e HANDLER_HOSTNAME=reload.example.com \\\n        -e TEST1_HOSTNAME=test1.example.com \\\n        -e TEST2_HOSTNAME=test2.example.com \\\n        -e PRESERVEFILES=\"/etc/lemonldap-ng /var/lib/lemonldap-ng/conf /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/psessions /etc/nginx/sites-enabled\" \\\n        -e LOGLEVEL=debug \\\n        -e FASTCGI_LISTEN_PORT=9000 \\\n        -e PORT=80 \\\n        -e IPV4_ONLY=true \\\n        -p 80:80 \\\n        -p 9000:9000 \\\n        -v ./llng/etc:/etc/lemonldap-ng \\\n        -v ./llng/var-conf:/var/lib/lemonldap-ng/conf \\\n        -v ./llng/var-sessions:/var/lib/lemonldap-ng/sessions \\\n        -v ./llng/var-psessions:/var/lib/lemonldap-ng/psessions \\\n        -v ./llng/theme:/usr/share/lemonldap-ng/portal/htdocs/static/CustomTheme \\\n        -v ./llng/template:/usr/share/lemonldap-ng/portal/templates/CustomTheme \\\n        -v ./llng/plugins:/usr/share/perl5/Lemonldap/NG/Portal/Plugins/CustomPlugin \\\n        -v ./llng/register:/usr/share/perl5/Lemonldap/NG/Portal/Register/CustomRegister \\\n        -v ./llng/userdb:/usr/share/perl5/Lemonldap/NG/Portal/UserDB/CustomUserdb \\\n        -v ./llng/auth:/usr/share/perl5/Lemonldap/NG/Portal/Auth/CustomAuth \\\n        -v ./llng/captcha:/usr/share/perl5/Lemonldap/NG/Portal/Captcha/CustomCaptcha \\\n        -v ./llng/menutab:/usr/share/perl5/Lemonldap/NG/Portal/MenuTab/CustomMenuTab \\\n        -v ./llng/nginx:/etc/nginx/sites-enabled \\\n        lemonldapng/lemonldap-ng:latest\n```\n\nCommand to deploy fast-cgi-server and nginx with socket:\n\n```\n    sudo docker run -d \\\n        --name lemonldap-ng \\\n        -e SSODOMAIN=example.com \\\n        -e PORTAL_HOSTNAME=auth.example.com \\\n        -e MANAGER_HOSTNAME=manager.example.com \\\n        -e HANDLER_HOSTNAME=reload.example.com \\\n        -e TEST1_HOSTNAME=test1.example.com \\\n        -e TEST2_HOSTNAME=test2.example.com \\\n        -e PRESERVEFILES=\"/etc/lemonldap-ng /var/lib/lemonldap-ng/conf /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/psessions /etc/nginx/sites-enabled\" \\\n        -e LOGLEVEL=debug \\\n        -e PORT=80 \\\n        -e IPV4_ONLY=true \\\n        -p 80:80 \\\n        -v ./llng/etc:/etc/lemonldap-ng \\\n        -v ./llng/var-conf:/var/lib/lemonldap-ng/conf \\\n        -v ./llng/var-sessions:/var/lib/lemonldap-ng/sessions \\\n        -v ./llng/var-psessions:/var/lib/lemonldap-ng/psessions \\\n        -v ./llng/theme:/usr/share/lemonldap-ng/portal/htdocs/static/CustomTheme \\\n        -v ./llng/template:/usr/share/lemonldap-ng/portal/templates/CustomTheme \\\n        -v ./llng/plugins:/usr/share/perl5/Lemonldap/NG/Portal/Plugins/CustomPlugin \\\n        -v ./llng/register:/usr/share/perl5/Lemonldap/NG/Portal/Register/CustomRegister \\\n        -v ./llng/userdb:/usr/share/perl5/Lemonldap/NG/Portal/UserDB/CustomUserdb \\\n        -v ./llng/auth:/usr/share/perl5/Lemonldap/NG/Portal/Auth/CustomAuth \\\n        -v ./llng/captcha:/usr/share/perl5/Lemonldap/NG/Portal/Captcha/CustomCaptcha \\\n        -v ./llng/menutab:/usr/share/perl5/Lemonldap/NG/Portal/MenuTab/CustomMenuTab \\\n        -v ./llng/nginx:/etc/nginx/sites-enabled \\\n        lemonldapng/lemonldap-ng:latest\n```\nDon't forget to modify your `/etc/hosts` accordingly\n\n### SELinux\n\nTo deploy containers on SELinux distributions you can use the following:\n\n```\n    docker compose -f docker-compose-selinux.yaml up -d\n```\n\nor run the following command(port deployment):\n\n```\n    docker run -d \\\n        --name lemonldap-ng\n        -e SSODOMAIN=example.com \\\n        -e PORTAL_HOSTNAME=auth.example.com \\\n        -e MANAGER_HOSTNAME=manager.example.com \\\n        -e HANDLER_HOSTNAME=reload.example.com \\\n        -e TEST1_HOSTNAME=test1.example.com \\\n        -e TEST2_HOSTNAME=test2.example.com \\\n        -e PRESERVEFILES=\"/etc/lemonldap-ng /var/lib/lemonldap-ng/conf /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/psessions /etc/nginx/sites-enabled\" \\\n        -e LOGLEVEL=debug \\\n        -e FASTCGI_LISTEN_PORT=9000 \\\n        -e PORT=8080 \\\n        -e IPV4_ONLY=true \\\n        -p 8080:8080 \\\n        -p 9000:9000 \\\n        -v ./llng/etc:/etc/lemonldap-ng:Z \\\n        -v ./llng/var-conf:/var/lib/lemonldap-ng/conf:Z \\\n        -v ./llng/var-sessions:/var/lib/lemonldap-ng/sessions:Z \\\n        -v ./llng/var-psessions:/var/lib/lemonldap-ng/psessions:Z \\\n        -v ./llng/theme:/usr/share/lemonldap-ng/portal/htdocs/static/CustomTheme:Z \\\n        -v ./llng/template:/usr/share/lemonldap-ng/portal/templates/CustomTheme:Z \\\n        -v ./llng/plugins:/usr/share/perl5/Lemonldap/NG/Portal/Plugins/CustomPlugin:Z \\\n        -v ./llng/register:/usr/share/perl5/Lemonldap/NG/Portal/Register/CustomRegister:Z \\\n        -v ./llng/userdb:/usr/share/perl5/Lemonldap/NG/Portal/UserDB/CustomUserdb:Z \\\n        -v ./llng/auth:/usr/share/perl5/Lemonldap/NG/Portal/Auth/CustomAuth:Z \\\n        -v ./llng/captcha:/usr/share/perl5/Lemonldap/NG/Portal/Captcha/CustomCaptcha:Z \\\n        -v ./llng/menutab:/usr/share/perl5/Lemonldap/NG/Portal/MenuTab/CustomMenuTab:Z \\\n        -v ./llng/nginx:/etc/nginx/sites-enabled:Z \\\n        lemonldapng/lemonldap-ng:latest\n```\n\nor run the following command(socket deployment):\n\n```\n    docker run -d \\\n        --name lemonldap-ng\n        -e SSODOMAIN=example.com \\\n        -e PORTAL_HOSTNAME=auth.example.com \\\n        -e MANAGER_HOSTNAME=manager.example.com \\\n        -e HANDLER_HOSTNAME=reload.example.com \\\n        -e TEST1_HOSTNAME=test1.example.com \\\n        -e TEST2_HOSTNAME=test2.example.com \\\n        -e PRESERVEFILES=\"/etc/lemonldap-ng /var/lib/lemonldap-ng/conf /var/lib/lemonldap-ng/sessions /var/lib/lemonldap-ng/psessions /etc/nginx/sites-enabled\" \\\n        -e LOGLEVEL=debug \\\n        -e PORT=8080 \\\n        -e IPV4_ONLY=true \\\n        -p 8080:8080 \\\n        -v ./llng/etc:/etc/lemonldap-ng:Z \\\n        -v ./llng/var-conf:/var/lib/lemonldap-ng/conf:Z \\\n        -v ./llng/var-sessions:/var/lib/lemonldap-ng/sessions:Z \\\n        -v ./llng/var-psessions:/var/lib/lemonldap-ng/psessions:Z \\\n        -v ./llng/theme:/usr/share/lemonldap-ng/portal/htdocs/static/CustomTheme:Z \\\n        -v ./llng/template:/usr/share/lemonldap-ng/portal/templates/CustomTheme:Z \\\n        -v ./llng/plugins:/usr/share/perl5/Lemonldap/NG/Portal/Plugins/CustomPlugin:Z \\\n        -v ./llng/register:/usr/share/perl5/Lemonldap/NG/Portal/Register/CustomRegister:Z \\\n        -v ./llng/userdb:/usr/share/perl5/Lemonldap/NG/Portal/UserDB/CustomUserdb:Z \\\n        -v ./llng/auth:/usr/share/perl5/Lemonldap/NG/Portal/Auth/CustomAuth:Z \\\n        -v ./llng/captcha:/usr/share/perl5/Lemonldap/NG/Portal/Captcha/CustomCaptcha:Z \\\n        -v ./llng/menutab:/usr/share/perl5/Lemonldap/NG/Portal/MenuTab/CustomMenuTab:Z \\\n        -v ./llng/nginx:/etc/nginx/sites-enabled:Z \\\n        lemonldapng/lemonldap-ng:latest\n```\n\n## Reverse proxy configuration\n\nYou can use proxy pass functionality in httpd(Apache2) to redirect traffic to lemonldap-ng with the following configuration:\n\nHTTP:\n```\n\u003cVirtualHost *:80\u003e\n  ProxyPreserveHost On\n  ProxyRequests Off\n  CustomLog /var/log/httpd/llng.log combined\n  ServerName example.com\n  ServerAlias auth.example.com manager.example.com reload.example.com test1.example.com test2.example.com\n  ProxyPass / http://127.0.0.1:8080/\n  ProxyPassReverse / http://127.0.0.1:8080/\n\u003c/VirtualHost\u003e\n```\n\nHTTPS:\n```\n\u003cVirtualHost *:80\u003e\n  ServerName example.com\n  ServerAlias auth.example.com manager.example.com reload.example.com test1.example.com test2.example.com\n\n  RewriteEngine On\n  RewriteCond %{HTTPS} off\n  RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]\n\u003c/VirtualHost\u003e\n\n\u003cVirtualHost *:443\u003e\n  ServerName example.com\n  CustomLog /var/log/httpd/llng.log combined\n\n  SSLEngine on\n  SSLCertificateChainFile \"/path/to/example.com.cacert.cert\"\n  SSLCertificateFile \"/path/to/example.com.cert\"\n  SSLCertificateKeyFile \"/path/to/example.com.key\"\n\n  ProxyPreserveHost On\n  ProxyRequests Off\n  ProxyPass / http://127.0.0.1:8080/\n  ProxyPassReverse / http://127.0.0.1:8080/\n\u003c/VirtualHost\u003e\n```\n\nFor SELinux we will need to allow the redirect of httpd traffic to the lemonldap-ng docker container (:80-\u003e:8080)\n\n```\nsudo setsebool -P httpd_can_network_relay on\n```\n\n### Using LLNG Handler\n\nLLNG provides functionality to redirect authentication via the Handler before redirecting the user to the application being protected. We provide the ability to mount nginx configuration by mounting a volume to the `/etc/nginx/sites-enabled/` folder and restarting the container. Example nginx configuration can be found [here](https://lemonldap-ng.org/documentation/latest/configvhost.html#reverse-proxy-1).\n\n## Cron session purge\n\nThe sessions in lemonldap-ng need to be purged on a regular basis, we will need to add the cronjobs using the command `crontab -e` for the following jobs.\n\n```\n# Lemonldap::NG::Handler Session Purge\n1 * * * * docker exec -it llng bash -c \"[ -x /usr/share/lemonldap-ng/bin/purgeLocalCache ] \u0026\u0026 if [ ! -d /run/systemd/system ]; then /usr/share/lemonldap-ng/bin/purgeLocalCache; fi\"\n# Lemonldap::NG::Portal Session Purge\n7 * * * * docker exec -it llng bash -c \"[ -x /usr/share/lemonldap-ng/bin/purgeCentralCache ] \u0026\u0026 if [ ! -d /run/systemd/system ]; then /usr/share/lemonldap-ng/bin/purgeCentralCache; fi\"\n```\n\n\u003e [!NOTE]\n\u003e If the build and deployment were conducted using `sudo` make sure to do the same for the `crontab` command.\n\n## Podman\n\nSimply swapping out `docker` with `podman` on the all the commands listed in this README. However you will be required to create volumes manually before executing the command or the compose file.\n\n```\nmkdir -p ./llng\nmkdir -p ./llng/etc\nmkdir -p ./llng/var-conf\nmkdir -p ./llng/var-sessions\nmkdir -p ./llng/var-psessions\nmkdir -p ./llng/theme\nmkdir -p ./llng/template\nmkdir -p ./llng/plugins\nmkdir -p ./llng/register\nmkdir -p ./llng/userdb\nmkdir -p ./llng/auth\nmkdir -p ./llng/captcha\nmkdir -p ./llng/menutab\nmkdir -p ./llng/nginx\n```\n\n## Docker hub\n\nSee also https://hub.docker.com/r/lemonldapng/lemonldap-ng/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flemonldapng%2Flemonldap-ng-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flemonldapng%2Flemonldap-ng-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flemonldapng%2Flemonldap-ng-docker/lists"}