afornerot/ninedocker
1
0
Fork 0
Code Issues 26 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: afornerot:3823cd85a81091f91e4998b69c0a251c6481abab
Branches Tags
afornerot:develop afornerot:master
...
compare: afornerot:develop
Branches Tags
afornerot:develop afornerot:master

70 Commits
3823cd85a8 ... develop

Author SHA1 Message Date
Arno
41cff70194 svg 2025-07-27 15:45:31 +00:00
Arno
4638c183f4 svg 2025-07-27 15:05:10 +00:00
afornerot
241dec7128 svg 2025-07-27 16:25:41 +02:00
Arno
2ab1955ce2 svg keepass 2025-07-26 18:22:49 +00:00
afornerot
1a8f4d6613 add keeweb 2025-07-26 17:20:03 +02:00
afornerot
194144120f add nineconfig 2025-04-09 22:10:05 +02:00
afornerot
8a519d247d correction env keycloak / cas 2025-04-09 19:07:39 +02:00
afornerot
5a67e7c050 docker-compose down 2025-04-07 13:57:34 +02:00
afornerot
e1dabdc413 correctin env keycloak 2025-04-07 12:08:19 +02:00
root
b4d7d688c7 add script eole 2025-02-18 16:59:50 +01:00
afornerot
c14b74590d nineapache82 as noroot 2025-01-04 10:59:24 +01:00
afornerot
a6bed85c2d supervisor 2024-12-29 17:12:47 +01:00
afornerot
ea54b12e59 add supervisor to nineapache 2024-12-29 11:46:47 +01:00
Arno
8dbcfd0433 oidc komga 2024-12-28 11:13:07 +00:00
afornerot
d2932d7c32 add komga 2024-12-27 16:40:37 +01:00
afornerot
153e816ad6 add komga 2024-12-27 16:39:11 +01:00
afornerot
b4a318ae28 add ninecompta 2024-12-26 19:02:09 +01:00
afornerot
5bce95543f theme keycloak 2024-12-26 10:41:45 +01:00
afornerot
31b63dec72 piwigo 2024-12-23 16:57:55 +01:00
afornerot
617d57d9e4 add nineschool 2024-12-23 16:23:48 +01:00
Arno
3846066b0c svg 2024-11-13 10:29:50 +00:00
Arno
f1ad1cc9ba svg 2024-11-13 10:28:44 +00:00
afornerot
dc47e660a8 redirection par défaut 2024-11-13 10:58:14 +01:00
afornerot
8acb110c78 svg 2024-11-13 09:56:52 +01:00
Arno
e44d2a71ac svg 2024-11-03 15:29:28 +00:00
Arno
fc51943ace svg 2024-11-03 13:22:39 +00:00
Arno
b7bfb0d6a7 svg 2024-11-01 16:04:34 +00:00
Arno
3a1ef938c3 svg 2024-10-31 13:59:21 +00:00
Arno
d25321ae9b svg 2024-10-27 09:52:20 +00:00
Arno
8dcccf70d4 svg 2024-10-26 16:04:12 +00:00
Arno
b5e5a75d36 svg 2024-10-26 10:16:37 +00:00
Arno
6410bf5e34 svg 2024-10-25 12:53:07 +00:00
Arno
e9bc584efa correction image wp 2024-10-23 13:36:49 +00:00
Arno
82a4442472 delete phpinfo nineapach 2024-10-22 18:46:55 +00:00
Arno
d217884d35 init nv01 2024-10-21 19:46:38 +00:00
afornerot
73a8539886 add nineapache82 2024-10-21 20:23:21 +02:00
Arno
94b01aa71e correction env.merge et realm keycloak 2024-10-21 15:00:05 +00:00
afornerot
701e30433e add sentinel + correction ninegate/nineskeletor + add nine pull 2024-09-28 17:26:05 +02:00
afornerot
071919ad82 add sentinel + correction ninegate/nineskeletor + add nine pull 2024-09-28 17:25:52 +02:00
afornerot
dc62da5bdf resolution volume ninegate nineboard ninefolio 2024-09-25 22:13:34 +02:00
afornerot
a71cb12a42 resolution volume ninegate nineboard ninefolio 2024-09-25 22:13:05 +02:00
afornerot
273e808071 correctif nineboard 2024-09-22 21:01:11 +02:00
afornerot
c90885d903 correctif nineboard 2024-09-22 14:40:44 +02:00
afornerot
9f7f35b46d correctif nineboard 2024-09-22 11:14:57 +02:00
afornerot
38f3cbb106 correstion nineskeletor 2024-09-22 10:38:32 +02:00
afornerot
2ca0cef4f6 correstion CAS nextcloud 2024-09-22 10:35:25 +02:00
afornerot
55e4226456 svg 2024-09-21 17:42:47 +02:00
afornerot
777e0c50f3 svg 2024-09-21 17:10:28 +02:00
afornerot
aacd73e3c4 ninefolio 2024-09-21 09:26:38 +02:00
afornerot
4714e705ad ajout ninefolio 2024-09-20 18:08:33 +02:00
afornerot
91b42232f0 ajout ninefolio 2024-09-20 18:04:55 +02:00
Benjamin Bohard
49c06fec1a Test d’une méthode d’agrégation des variables d’environnement. 2024-09-18 15:33:58 +02:00
Benjamin Bohard
be14957a0e Ajout d’une passerelle de messagerie pour les conteneurs. 2024-09-18 15:33:04 +02:00
Benjamin Bohard
a8226e2942 tweaking parameters to allow connection on ninegate 2024-09-02 14:42:21 +02:00
afornerot
96d79adb77 correctif dicos template keycloak 2024-08-02 16:00:42 +02:00
afornerot
0e972cdcaf début de réécriture readme 2024-08-02 16:00:08 +02:00
afornerot
1a2cdc01af mise à jour image nineapache afin d'ajouter mariadb-client nativement 2024-08-02 15:59:47 +02:00
afornerot
710dc0be31 svg keycloak 2024-07-31 09:10:42 +02:00
afornerot
51d50ddefa svg keycloak 2024-07-31 09:09:48 +02:00
afornerot
49b4876e35 svg 2024-07-28 17:46:07 +02:00
afornerot
3b9c462720 svg 2024-07-28 16:57:55 +02:00
afornerot
0c97bd132c svg 2024-07-27 11:07:36 +02:00
afornerot
a15f4fe103 svg 2024-07-27 11:05:26 +02:00
afornerot
cc4abaf240 svg 2024-07-27 11:01:26 +02:00
afornerot
2539235c79 svg 2024-07-27 10:19:39 +02:00
afornerot
ccd2d4e1c0 svg 2024-07-26 23:18:04 +02:00
afornerot
3a532e592a svg 2024-07-26 22:40:50 +02:00
afornerot
34fb5c2c2d svg 2024-07-26 22:34:20 +02:00
afornerot
a918b46e6c svg 2024-07-25 15:52:37 +02:00
Ubuntu
9cd1409df3 svg 2024-07-24 14:11:40 +00:00
553 changed files with 7070 additions and 1296 deletions
Expand all files Collapse all files

74
.gitignore vendored
View File

@ -1,45 +1,43 @@
.env.local
/env/*.local
/tmp
**/.env.local
**/.env.merge
/volume/mariadb/mysql
/docker-compose.yml
/volume/minio/data
/services/10-nineapache/volume
/volume/nextcloud/data
/volume/nextcloud/html
/volume/nextcloud/app
/services/15-mariadb/volume/mysql
/volume/ninegate/data/private/*
!/volume/ninegate/data/private/.gitkeep
/volume/ninegate/data/public/*
!/volume/ninegate/data/public/avatar
/volume/ninegate/data/public/avatar/*
!/volume/ninegate/data/public/avatar/admin.jpg
!/volume/ninegate/data/public/avatar/noavatar.png
!/volume/ninegate/data/public/avatar/system.jpg
!/volume/ninegate/data/public/logo
/volume/ninegate/data/public/logo/*
!/volume/ninegate/data/public/logo/logo.png
!/volume/ninegate/data/public/header
/volume/ninegate/data/public/header/*
!/volume/ninegate/data/public/header/header.png
!/volume/ninegate/data/public/icon
/volume/ninegate/data/public/icon/*
!/volume/ninegate/data/public/icon/icon_*.png
/services/30-minio/volume/data
/services/30-openldap/volume/data
/services/30-openldap/volume/nine/ldif/nine.ldif
/services/30-redis/volume
/services/40-keycloak/volume/realm/realm-export.json
/services/50-keeweb/volume
/services/50-komga/volume
/services/50-nextcloud/volume/data
/services/50-nextcloud/volume/html
/services/50-nextcloud/volume/app
/services/50-nineboard/volume/data
/services/50-ninecompta/volume/data
/services/50-ninefolio/volume/data
/services/50-ninefolio/volume/apache
/services/50-ninegate/volume/data
/services/50-nineschool/volume/data
/services/50-nineskeletor/volume/data/private/*
!/services/50-nineskeletor/volume/data/private/.gitkeep
/services/50-nineskeletor/volume/data/public/*
!/services/50-nineskeletor/volume/data/public/.gitkeep
/services/50-nineskeletor/volume/apache
/services/50-wordpress/volume/data
/volume/nineboard/data/private/*
!/volume/nineboard/data/private/.gitkeep
/volume/nineboard/data/public/*
!/volume/nineboard/data/public/avatar
/volume/nineboard/data/public/avatar/*
!/volume/nineboard/data/public/avatar/admin.jpg
!/volume/nineboard/data/public/avatar/noavatar.png
!/volume/nineboard/data/public/avatar/system.jpg
!/volume/nineboard/data/public/logo
/volume/nineboard/data/public/logo/*
!/volume/nineboard/data/public/logo/logo.png
/volume/openldap/data
/volume/wordpress/data

232
docker-compose.yml
View File

@ -1,232 +0,0 @@
version: '3'
services:
#== SERVICES OUTILS =======================================================================================================================
# Nineapache
# Reverse proxy de l'ensemble des services
# Seul port ouvert sur l'exterieur
nineapache:
image: reg.cadoles.com/envole/nineapache:8.1
container_name: nine-nineapache
restart: unless-stopped
healthcheck:
test: curl --fail http://localhost || exit 1
interval: 1s
timeout: 60s
env_file: ./tmp/.env.nineapache
networks:
- nine-network
ports:
- "80:80"
volumes:
- ./volume/nineapache/nine/apache.conf:/etc/apache2/conf.d/zapp.conf
# Mariadb
# Base de données des services
# Port interne 3306
mariadb:
image: docker.io/library/mariadb
container_name: nine-mariadb
restart: unless-stopped
healthcheck:
test: /nine/check.sh
interval: 1s
timeout: 60s
env_file: ./tmp/.env.mariadb
networks:
- nine-network
volumes:
- ./volume/mariadb/mysql:/var/lib/mysql
- ./volume/mariadb/nine:/nine
# Redis
# Base de données redis pour les services qui souhaitent stocker leur session en bdd
# Port interne 6379
redis:
image: redis:4.0
container_name: nine-redis
environment:
- TZ=Europe/Paris
# Minio
# Stocakge S3
# Port interne 9000 pour le stockage / Port interne 9001 pour l'interface web
minio:
image: minio/minio
container_name: nine-minio
restart: unless-stopped
env_file: ./tmp/.env.minio
networks:
- nine-network
volumes:
- './volume/minio/data:/data'
command: server /data --console-address ":9001"
# Openldap
# Annuaire
# Port interne 1389 & 1636
openldap:
image: docker.io/bitnami/openldap:2
container_name: nine-openldap
restart: unless-stopped
healthcheck:
test: /nine/check.sh
interval: 1s
timeout: 60s
env_file: ./tmp/.env.openldap
networks:
- nine-network
volumes:
- './volume/openldap/data:/bitnami/openldap'
- './volume/openldap/nine:/nine'
# Keycloak
# serveur SSO
# Port interne 8999 & 8443
keycloak:
image: reg.cadoles.com/envole/keycloak:24.0.5
container_name: nine-keycloak
restart: unless-stopped
healthcheck:
test: curl --fail http://127.0.0.1:9990 || exit 1
interval: 1s
timeout: 60s
env_file: ./tmp/.env.keycloak
networks:
- nine-network
ports:
- 8999:8999
- 8443:8443
volumes:
- './volume/keycloak/nine:/nine'
command:
- start-dev
- --import-realm
#== SERVICES APPLICATIF =======================================================================================================================
# Nextcloud
# Hébergement de fichiers et une plateforme de collaboration
# Port interne 80
nextcloud:
image: reg.cadoles.com/envole/nextcloud
container_name: nine-nextcloud
restart: unless-stopped
healthcheck:
test: curl --fail http://localhost || exit 1
interval: 1s
timeout: 60s
env_file: ./tmp/.env.nextcloud
networks:
- nine-network
volumes:
- ./volume/nextcloud/html:/var/www/html
- ./volume/nextcloud/app:/var/www/html/custom_apps
- ./volume/nextcloud/data:/var/www/html/data
- ./volume/nextcloud/nine:/nine
- ./volume/nextcloud/prestart:/docker-entrypoint-hooks.d/before-starting
# Nineboard
# Tableaux de bord collaboratif
# Port interne 80
nineboard:
image: reg.cadoles.com/envole/nineboard
container_name: nine-nineboard
restart: unless-stopped
healthcheck:
test: curl --fail http://localhost/nineboard || exit 1
interval: 1s
timeout: 60s
env_file: ./tmp/.env.nineboard
networks:
- nine-network
volumes:
- ./volume/nineboard/data/private:/app/uploads
- ./volume/nineboard/data/public:/app/public/uploads
# Ninegate
# Portail collaboratif
# Port interne 80
ninegate:
image: reg.cadoles.com/envole/ninegate
container_name: nine-ninegate
restart: unless-stopped
healthcheck:
test: curl --fail http://localhost/ninegate || exit 1
interval: 1s
timeout: 60s
env_file: ./tmp/.env.ninegate
networks:
- nine-network
volumes:
- ./volume/ninegate/data/private:/app/uploads
- ./volume/ninegate/data/public:/app/public/uploads
# Wiki.js
# Wiki
# Port interne 3000
wiki:
image: linuxserver/dokuwiki
container_name: nine-wiki
env_file: ./tmp/.env.wiki
networks:
- nine-network
ports:
- 9000:80
# Wordpress
# Reseau de blog
# Port interne 80
wordpress:
image: reg.cadoles.com/envole/wordpress
container_name: nine-wordpress
restart: unless-stopped
healthcheck:
test: curl --fail http://localhost/wordpress || exit 1
interval: 1s
timeout: 60s
env_file: ./tmp/.env.wordpress
networks:
nine-network:
aliases:
- blog
volumes:
- ./volume/wordpress/data:/app/public/wp-content
#== SERVIVES DEVELOPPEUR ==================================================================================================================
# Adminer
# Gestionnaire BDD
# Port interne 8080
adminer:
image: docker.io/library/adminer
container_name: nine-adminer
restart: unless-stopped
env_file: ./tmp/.env.adminer
networks:
- nine-network
ports:
- 9100:8080
# Phpldapadmin
# Gestionnaire Annuaire
# Port interne 80
phpldapadmin:
image: docker.io/osixia/phpldapadmin:latest
container_name: nine-phpldapadmin
restart: unless-stopped
env_file: ./tmp/.env.phpldapadmin
networks:
- nine-network
ports:
- "9101:80"
#== NETWORKS ==============================================================================================================================
networks:
nine-network:
name: nine-network

177
env/.env vendored
View File

@ -13,7 +13,8 @@ RELEASE_SYSTEM=linux
# GLOBAL
APP_ENV=PROD
WEB_URL=nine.local
PROTOCOLE=http
PROTOCOLE=https
REDIRECT_PATH=/ninegate
# ADMIN USER
ADMIN_USER=admin
@ -21,18 +22,45 @@ ADMIN_PASSWORD=changeme
ADMIN_EMAIL=admin@noreply.fr
# MASTERIDENTITY
# SQL or SSO or (to do LDAP)
# SQL or SSO or LDAP
MASTERIDENTITY=SQL
# AUTHENTIFICATION
# SQL or CAS (todo LDAP or OPENID)
MODE_AUTH=SQL
MODE_AUTH=CAS
# REGISTRATION
# none or byadmin or byuser
MODEREGISTRATION=byadmin
# SERVER SMTP
MAILER_DSN=sendmail://default
# NINEAPACHE
# Il sert de reverse proxy
NINEAPACHE_SERVICE_NAME=nineapache
NINEAPACHE_ACTIVATE=1
NINEAPACHE_LOCAL=1
NINEAPACHE_LETSENCRYPT=0
# FAKESMTP
# fake-smtp server
FAKESMTP_SERVICE_NAME=fakesmtp
FAKESMTP_ACTIVATE=0
FAKESMTP_LOCAL=0
FAKESMTP_URL=${PROTOCOLE}://${WEB_URL}/fakesmtp
# MTA
# passerelle courriel
MTA_SERVICE_NAME=mta
MTA_ACTIVATE=0
MTA_LOCAL=1
MTA_RELAY_HOST=
MTA_RELAY_PORT=
MTA_RELAY_USER="user"
MTA_RELAY_HOST="$FAKESMTP_SERVICE_NAME"
MTA_RELAY_PORT=2525
# MARIADB
MARIADB_SERVICE_NAME=mariadb
@ -48,21 +76,32 @@ MARIADB_PASSWORD=${ADMIN_PASSWORD}
REDIS_SERVICE_NAME=redis
REDIS_ACTIVATE=1
REDIS_LOCAL=1
REDIS_HOST=${REDIS_SERVICE_NAME}
REDIS_PORT=6379
# SENTINEL
SENTINEL_SERVICE_NAME=sentinel
SENTINEL_ACTIVATE=0
SENTINEL_LOCAL=1
SENTINEL_HOST=${SENTINEL_SERVICE_NAME}
SENTINEL_PORT=26379
# MINIO
MINIO_SERVICE_NAME=minio
MINIO_ACTIVATE=1
MINIO_ACTIVATE=0
MINIO_LOCAL=1
MINIO_HOST=${MINIO_SERVICE_NAME}
MINIO_PORT=7200
MINIO_URL=${PROTOCOLE}://${WEB_URL}/minio
MINIO_PORT=9000
MINIO_URL=${PROTOCOLE}://${WEB_URL}:9001
# LDAP
# OPENLDAP
# LDAP_SYNC Si MASTERIDENTITY = SQL permet la synchronisation des utilisateurs SQL vers LDAP
OPENLDAP_SERVICE_NAME=openldap
LDAP_ACTIVATE=1
LDAP_LOCAL=1
OPENLDAP_ACTIVATE=1
OPENLDAP_LOCAL=1
# LDAP
LDAP_ACTIVATE=${OPENLDAP_ACTIVATE}
LDAP_TYPE=LDAP
LDAP_HOST=${OPENLDAP_SERVICE_NAME}
LDAP_PORT=1389
@ -71,37 +110,86 @@ LDAP_BASEDN=dc=nine,dc=org
LDAP_ADMIN_USERNAME=${ADMIN_USER}
LDAP_USER=cn=${LDAP_ADMIN_USERNAME},${LDAP_BASEDN}
LDAP_PASSWORD=${ADMIN_PASSWORD}
LDAP_BASEUSER=ou=users,ou=ninegate,${LDAP_BASEDN}
LDAP_BASENIVEAU01=ou=niveau01,ou=ninegate,${LDAP_BASEDN}
LDAP_BASENIVEAU02=ou=niveau02,ou=ninegate,${LDAP_BASEDN}
LDAP_BASEGROUP=ou=groups,ou=ninegate,${LDAP_BASEDN}
LDAP_OUORGANISATION=nine
LDAP_OUNIVEAU01=niveau01
LDAP_OUNIVEAU02=niveau02
LDAP_OUNIVEAU03=niveau03
LDAP_OUNIVEAU04=niveau04
LDAP_OUGROUP=groups
LDAP_BASEORGANISATION=ou=${LDAP_OUORGANISATION},${LDAP_BASEDN}
LDAP_BASENIVEAU01=ou=${LDAP_OUNIVEAU01},${LDAP_BASEORGANISATION}
LDAP_BASENIVEAU02=ou=${LDAP_OUNIVEAU02},${LDAP_BASEORGANISATION}
LDAP_BASENIVEAU03=ou=${LDAP_OUNIVEAU03},${LDAP_BASEORGANISATION}
LDAP_BASENIVEAU04=ou=${LDAP_OUNIVEAU04},${LDAP_BASEORGANISATION}
LDAP_BASEUSER=ou=users,${LDAP_BASEORGANISATION}
LDAP_BASEGROUP=ou=${LDAP_OUGROUP},${LDAP_BASEORGANISATION}
LDAP_SYNC=1
LDAP_TEMPLATE=open
LDAP_USERNAME=uid
LDAP_FIRSTNAME=givenname
LDAP_FIRSTNAME=givenName
LDAP_LASTNAME=sn
LDAP_DISPLAYNAME=displayName
LDAP_EMAIL=mail
LDAP_MEMBER=memberUid
LDAP_MEMBEROF=memberOf
LDAP_GROUP_GID=gidnumber
LDAP_GROUP_NAME=cn
LDAP_GROUP_MEMBER=memberUid
LDAP_GROUP_MEMBERISDN=0
LDAP_LOGIN_FILTER="(&(${LDAP_USERNAME}=%uid)(objectClass=person)(!(description=Computer)))"
LDAP_USER_FILTER="(&(${LDAP_USERNAME}=*)(objectClass=person)(!(description=Computer)))"
LDAP_LOGIN_FILTER="(&(${LDAP_USERNAME}=%uid%)(objectClass=person)(!(description=Computer)))"
LDAP_GROUP_FILTER="(&(objectClass=posixGroup))"
SCRIBE_GROUP=1
SCRIBE_MASTER=1
OPENLDAPREQNIVEAU01="(&(uid=*)(objectclass=inetOrgPerson)(!(description=Computer)))"
OPENLDAPSYNCHROGROUP=0
OPENLDAPREQGROUP=
OPENLDAPREQGROUP="(&(objectClass=posixGroup))"
# KEYCLOAK
KEYCLOAK_SERVICE_NAME=keycloak
KEYCLOAK_ACTIVATE=1
KEYCLOAK_LOCAL=1
KEYCLOAK_USER=${ADMIN_USER}-keycloak
KEYCLOAK_PASSWORD=${ADMIN_PASSWORD}-keycloak
# CAS
KEYCLOAK_SERVICE_NAME=keycloak
CAS_ACTIVATE=1
CAS_LOCAL=1
CAS_USER=${ADMIN_USER}-keycloak
CAS_PASSWORD=${ADMIN_PASSWORD}-keycloak
CAS_HOST=${WEB_URL}
CAS_PORT=8999
CAS_PORT=443
CAS_PATH=/auth/realms/nine/protocol/cas
CAS_URL=${PROTOCOLE}://${CAS_HOST}:${CAS_PORT}
CAS_USERNAME=${LDAP_USERNAME}
CAS_MAIL=${LDAP_EMAIL}
CAS_LASTNAME=${LDAP_LASTNAME}
CAS_FIRSTNAME=${LDAP_FIRSTNAME}
# DOKUWIKI
DOKUWIKI_SERVICE_NAME=dokuwiki
DOKUWIKI_ACTIVATE=0
DOKUWIKI_LOCAL=1
DOKUWIKI_URL=${PROTOCOLE}://${WEB_URL}/dokuwiki
# KEEWEB
KEEWEB_SERVICE_NAME=keeweb
KEEWEB_ACTIVATE=0
KEEWEB_LOCAL=1
KEEWEB_URL=${PROTOCOLE}://${WEB_URL}/keeweb
# KOMGA
KOMGA_SERVICE_NAME=komga
KOMGA_ACTIVATE=0
KOMGA_LOCAL=1
KOMGA_URL=${PROTOCOLE}://${WEB_URL}/komga
# NEXTCLOUD
NEXTCLOUD_SERVICE_NAME=nextcloud
NEXTCLOUD_ACTIVATE=1
NEXTCLOUD_LOCAL=1
NEXTCLOUD_URL=${PROTOCOLE}://${WEB_URL}/nextcloud
NEXTCLOUD_SAMBA=0
# NINEBOARD
NINEBOARD_SERVICE_NAME=nineboard
@ -109,12 +197,17 @@ NINEBOARD_ACTIVATE=1
NINEBOARD_LOCAL=1
NINEBOARD_URL=${PROTOCOLE}://${WEB_URL}/nineboard
# NEXTCLOUD
NEXTCLOUD_SERVICE_NAME=nextcloud
NEXTCLOUD_ACTIVATE=0
NEXTCLOUD_LOCAL=1
NEXTCLOUD_URL=${PROTOCOLE}://${WEB_URL}/nextcloud
NEXTCLOUD_SAMBA=0
# NINECOMPTA
NINECOMPTA_SERVICE_NAME=ninecompta
NINECOMPTA_ACTIVATE=0
NINECOMPTA_LOCAL=1
NINECOMPTA_URL=${PROTOCOLE}://${WEB_URL}/ninecompta
# NINEFOLIO
NINEFOLIO_SERVICE_NAME=ninefolio
NINEFOLIO_ACTIVATE=0
NINEFOLIO_LOCAL=1
NINEFOLIO_URL=${PROTOCOLE}://${WEB_URL}/ninefolio
# NINEGATE
NINEGATE_SERVICE_NAME=ninegate
@ -122,11 +215,17 @@ NINEGATE_ACTIVATE=1
NINEGATE_LOCAL=1
NINEGATE_URL=${PROTOCOLE}://${WEB_URL}/ninegate
# WIKI
WIKI_SERVICE_NAME=wiki
WIKI_ACTIVATE=1
WIKI_LOCAL=1
WIKI_URL=${PROTOCOLE}://${WEB_URL}/wiki
# NINESCHOOL
NINESCHOOL_SERVICE_NAME=nineschool
NINESCHOOL_ACTIVATE=1
NINESCHOOL_LOCAL=1
NINESCHOOL_URL=${PROTOCOLE}://${WEB_URL}/nineschool
# PIWIGO
PIWIGO_SERVICE_NAME=piwigo
PIWIGO_ACTIVATE=0
PIWIGO_LOCAL=1
PIWIGO_URL=${PROTOCOLE}://${WEB_URL}/piwigo
# WORDPRESS
WORDPRESS_SERVICE_NAME=wordpress
@ -134,11 +233,17 @@ WORDPRESS_ACTIVATE=1
WORDPRESS_LOCAL=1
WORDPRESS_URL=${PROTOCOLE}://${WEB_URL}/wordpress
# NINECONFIG
NINECONFIG_SERVICE_NAME=nineconfig
NINECONFIG_ACTIVATE=1
NINECONFIG_LOCAL=1
NINECONFIG_URL="${PROTOCOLE}://${WEB_URL}/nineconfig"
# ADMINER
ADMINER_SERVICE_NAME=adminer
ADMINER_ACTIVATE=1
ADMINER_LOCAL=1
ADMINER_URL=${PROTOCOLE}://${WEB_URL}/adminer/?server=${MARIADB_SERVICE_NAME}&username=${MARIADB_USER}
ADMINER_URL="${PROTOCOLE}://${WEB_URL}/adminer/?server=${MARIADB_SERVICE_NAME}&username=${MARIADB_USER}"
# PHPLDAPADMIN
PHPLDAPADMIN_SERVICE_NAME=phpldapadmin

6
env/.env.zapp.nineboard vendored
View File

@ -1,6 +0,0 @@
# == NINEBOARD ============================================================================================================================
APP_AUTH=${MODE_AUTH}
APP_ALIAS=nineboard

186
misc/e-ihm.sh
View File

@ -1,186 +0,0 @@
#!/bin/bash
TPUT=/usr/bin/tput
#test si TPUT est utilisable
if [ ! "$TERM" = "" ] && $TPUT hpa 60 >/dev/null 2>&1 && $TPUT setaf 1 >/dev/null 2>&1; then
FANCYTTY=1
else
FANCYTTY=0
fi
Pause() {
if [ "$ModeTxt" == "yes" ];then
echo
elif [ "$ModeEad" == "yes" ];then
echo "<br>"
else
[ $FANCYTTY = 1 ] && $TPUT setaf 6
echo " Appuyez sur Entrée pour continuer ..."
[ $FANCYTTY = 1 ] && $TPUT sgr0
read BiDon
fi
}
Echo() {
if [ "$ModeEad" != "yes" ];
then
echo "$1"
else
echo "$1<br>"
fi
}
EchoColor() {
if [ "$ModeTxt" = "yes" ];then
echo "$1"
elif [ "$ModeEad" = "yes" ];then
echo "<FONT color=\"$3\"> $1 </FONT><br>"
else
[ "$FANCYTTY" = 1 ] && $TPUT setaf $2
echo "$1"
[ "$FANCYTTY" = 1 ] && $TPUT sgr0
fi
}
EchoRouge() {
EchoColor "$1" "1" "red"
}
EchoVert() {
EchoColor "$1" "2" "green"
}
EchoOrange() {
EchoColor "$1" "3" "orange"
}
EchoBleu() {
EchoColor "$1" "4" "blue"
}
EchoMagenta() {
EchoColor "$1" "5" "magenta"
}
EchoCyan() {
EchoColor "$1" "6" "cyan"
}
EchoBlanc() {
EchoColor "$1" "7" "white"
}
EchoGras() {
if [ "$ModeTxt" == "yes" ];then
echo "$1"
elif [ "$ModeEad" == "yes" ];then
echo "<b> $1 </b><br>"
else
[ $FANCYTTY = 1 ] && $TPUT bold
echo "$1"
[ $FANCYTTY = 1 ] && $TPUT sgr0
fi
}
Clear() {
if [ "$ModeEad" != "yes" -a "$ModeTxt" != "yes" ];then
clear
fi
}
Question_ouinon() {
#attention, il faut synchroniser les modifications avec /usr/share/pyshared/pyeole/ihm.py
question=$1
[ "$2" = "" ] && interactive='True' || interactive=$2
[ "$3" = "" ] && default="non" || default=$3
[ "$4" = "" ] && level="info" || level=$4
[ "$5" = "" ] && default_uninteractive=$default || default_uninteractive=$5
[ ! "$interactive" = "True" ] && [ ! "$interactive" = "False" ] && echo "Question_ouinon : interactive doit être True ou False" && exit 1
[ ! "$default" = "oui" ] && [ ! "$default" = "non" ] && echo "Question_ouinon : default doit etre oui ou non" && exit 1
[ ! "$default_uninteractive" = "oui" ] && [ ! "$default_uninteractive" = "non" ] && echo "Question_ouinon : default_uninteractive doit etre oui ou non" && exit 1
[ ! "$level" = "info" ] && [ ! "$level" = "warn" ] && [ ! "$level" = "err" ] && echo "Question_ouinon : level doit etre info, warn ou err" && exit 1
#non interactive
if [ "$interactive" = "False" ]; then
Rep=default_uninteractive
else
question="$question [oui/non]"
if [ $level = "info" ]; then
echo "$question"
elif [ $level = "warn" ]; then
EchoOrange "$question"
else
EchoRouge "$question"
fi
echo -n "[$default] : "
read Rep
#passe en minuscule
Rep=`echo $Rep | tr A-Z a-z`
fi
if [ "$default" = "non" ]; then
if [ "$Rep" = "oui" -o "$Rep" = "o" -o "$Rep" = "yes" -o "$Rep" = "y" ];then
return 0
else
return 1
fi
else
if [ "$Rep" = "non" -o "$Rep" = "n" -o "$Rep" = "no" ];then
return 1
else
return 0
fi
fi
}
EchoStart() {
for i in $(eval echo "{1..30}")
do
ligne+="="
done
clear
}
BigTitle(){
size=`tput cols`
nb=${#1}
nbchar=$(($size - $nb - 4))
ligne=""
for i in $(eval echo "{1..$size}")
do
ligne+="="
done
finligne=""
for i in $(eval echo "{1..$nbchar}")
do
finligne+="="
done
echo
EchoVert $ligne
EchoVert "== $1 $finligne"
EchoVert $ligne
echo
}
Title(){
size=`tput cols`
nb=${#1}
nbchar=$(($size - $nb - 4))
ligne=""
for i in $(eval echo "{1..$size}")
do
ligne+="="
done
finligne=""
for i in $(eval echo "{1..$nbchar}")
do
finligne+="="
done
echo
EchoCyan "== $1 $finligne"
echo
}

22
misc/images/apache/nine.conf
View File

@ -1,22 +0,0 @@
ProxyPass /auth http://nine.local:8080/auth retry=0 keepalive=On
ProxyPassReverse /auth http://nine.local:8080/auth retry=0
ProxyPass /ninegate http://nine.local:9000/ninegate retry=0 keepalive=On
ProxyPassReverse /ninegate http://nine.local:9000/ninegate retry=0
ProxyPass /wssninegate ws://nine.local:9000/wssninegate retry=0 keepalive=On
ProxyPassReverse /wssninegate ws://nine.local:9000/wssninegate retry=0
ProxyPass /nextcloud http://nine.local:9001 retry=0 keepalive=On
ProxyPassReverse /nextcloud http://nine.local:9001 retry=0
ProxyPass /adminer http://nine.local:9100 retry=0 keepalive=On
ProxyPassReverse /adminer http://nine.local:9100 retry=0
ProxyPass /phpldapadmin http://nine.local:9101/phpldapadmin retry=0 keepalive=On
ProxyPassReverse /phpldapadmin http://nine.local:9101/phpldapadmin retry=0
ProxyPass /nineapache http://nine.local:9102 retry=0 keepalive=On
ProxyPassReverse /nineapache http://nine.local:9102 retry=0

32
misc/images/keeweb/containers/Dockerfile Executable file
View File

@ -0,0 +1,32 @@
FROM reg.cadoles.com/envole/nineapache:8.2
USER root
# Installe Node.js + npm
RUN apk add --no-cache nodejs npm
# Crée le dossier de l'app
WORKDIR /app
# Installe webdav-server localement (dans /app/node_modules)
RUN npm install webdav-server@2
# Copie ton script WebDAV dans /app
COPY webdav.js /app/webdav.js
# Installe KeeWeb
RUN curl -L https://github.com/keeweb/keeweb/releases/download/v1.18.7/KeeWeb-1.18.7.html.zip -o /tmp/keeweb.zip \
&& unzip /tmp/keeweb.zip -d /app/public \
&& sed -i 's|<base href="/"|<base href="/keeweb/"|' /app/public/index.html \
&& mv /app/public/index.html /app/public/index.php
# Crée le dossier de stockage
RUN mkdir -p /data && chown apache:apache /data
# Copie la conf Apache
COPY apache.conf /etc/apache2/conf.d/zapp.conf
# Démarre Apache + WebDAV
USER apache
ENV NODE_PATH=/app/node_modules
CMD sh -c "node /app/webdav.js & httpd -D FOREGROUND"

16
misc/images/keeweb/containers/apache.conf Normal file
View File

@ -0,0 +1,16 @@
ServerName nineapache.local
DocumentRoot "/app/public"
Alias /keeweb /app/public
<Location "/keeweb/webdav">
ProxyPass http://127.0.0.1:9999/
ProxyPassReverse http://127.0.0.1:9999/
</Location>
<Directory "/app/public">
Options FollowSymLinks
AllowOverride Limit Options FileInfo
DirectoryIndex index.php
Require all granted
</Directory>

78
misc/images/keeweb/containers/webdav.js Normal file
View File

@ -0,0 +1,78 @@
const webdav = require('webdav-server').v2;
const fs = require('fs');
const path = require('path');
const adminUser = process.env.WEBDAV_USER || 'admin';
const adminPass = process.env.WEBDAV_PASS || 'password';
const WEB_URL = process.env.WEB_URL || 'localhost';
const PROTOCOLE = process.env.PROTOCOLE || 'http';
const ALLOWED_ORIGIN = `${PROTOCOLE}://${WEB_URL}`;
const ROOT_DIR = '/data';
// Auth
const userManager = new webdav.SimpleUserManager();
const user = userManager.addUser(adminUser, adminPass, false);
const privilegeManager = new webdav.SimplePathPrivilegeManager();
privilegeManager.setRights(user, '/', ['all']);
// ✅ LoggingFileSystem étend PhysicalFileSystem
class LoggingFileSystem extends webdav.PhysicalFileSystem {
move(ctx, source, destination, callback) {
console.log(`🟡 MOVE requested from ${source.toString()} to ${destination.toString()}`);
const srcPath = path.join(ROOT_DIR, source.toString());
const destPath = path.join(ROOT_DIR, destination.toString());
fs.promises.mkdir(path.dirname(destPath), { recursive: true })
.then(() => fs.promises.rename(srcPath, destPath))
.then(() => {
console.log(`✅ MOVE succeeded: ${srcPath} -> ${destPath}`);
if (typeof callback === 'function') callback(null);
})
.catch(err => {
console.error(`❌ MOVE failed: ${err.message}`);
if (typeof callback === 'function') callback(err);
});
}
}
// Serveur WebDAV
const server = new webdav.WebDAVServer({
port: 9999,
hostname: '0.0.0.0',
httpAuthentication: new webdav.HTTPBasicAuthentication(userManager, 'default realm'),
privilegeManager,
rootFileSystem: new LoggingFileSystem(ROOT_DIR),
responseHeaders: {
'Access-Control-Allow-Origin': ALLOWED_ORIGIN,
'Access-Control-Allow-Credentials': 'true',
'Access-Control-Allow-Headers': 'Authorization, Depth, Content-Type',
'Access-Control-Allow-Methods': 'GET, PUT, OPTIONS, MKCOL, PROPFIND, DELETE, COPY, MOVE, LOCK, UNLOCK'
}
});
// Ajout header Last-Modified
server.beforeRequest((arg, next) => {
const { request, response, requested } = arg;
if (request.method === 'GET' || request.method === 'HEAD') {
const filePath = path.join(ROOT_DIR, decodeURIComponent(requested.path.toString()));
fs.stat(filePath, (err, stats) => {
if (!err && stats.isFile()) {
response.setHeader('Last-Modified', stats.mtime.toUTCString());
console.log(`[INFO] Added Last-Modified: ${stats.mtime.toUTCString()} for ${filePath}`);
}
next();
});
} else {
next();
}
});
// Start
server.start(() => {
console.log(`✅ WebDAV server ready at http://0.0.0.0:9999`);
console.log(`🔐 Auth: user="${adminUser}", pass="***"`);
console.log(`🌐 CORS: Allow-Origin = ${ALLOWED_ORIGIN}`);
});

14
misc/images/keeweb/docker-compose.yml Executable file
View File

@ -0,0 +1,14 @@
version: '3'
services:
keeweb:
build:
context: ./containers
image: reg.cadoles.com/envole/keeweb
container_name: keeweb
ports:
- "80:80"
- "443:443"
environment:
WEBDAV_USER: tonuser
WEBDAV_PASS: tonpassword

33
misc/images/mta/containers/Dockerfile Executable file
View File

@ -0,0 +1,33 @@
FROM debian:buster-slim
RUN set -eux; \
apt-get update; \
apt-get install -y \
exim4-daemon-light \
tini \
; \
rm -rf /var/lib/apt/lists/*; \
ln -svfT /etc/hostname /etc/mailname
# https://blog.dhampir.no/content/exim4-line-length-in-debian-stretch-mail-delivery-failed-returning-message-to-sender
# https://serverfault.com/a/881197
# https://bugs.debian.org/828801
RUN echo "IGNORE_SMTP_LINE_LENGTH_LIMIT='true'" >> /etc/exim4/exim4.conf.localmacros
RUN set -eux; \
mkdir -p /var/spool/exim4 /var/log/exim4; \
chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4
COPY set-exim4-update-conf docker-entrypoint.sh /usr/local/bin/
RUN set -eux; \
set-exim4-update-conf \
dc_eximconfig_configtype 'internet' \
dc_hide_mailname 'true' \
dc_local_interfaces '0.0.0.0 ; ::0' \
dc_other_hostnames '' \
dc_relay_nets '0.0.0.0/0' \
;
EXPOSE 25
ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["exim", "-bd", "-v"]

33
misc/images/mta/containers/docker-entrypoint.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
set -Eeuo pipefail
if [ "$1" = 'exim' ]; then
if [ -n "${GMAIL_USER:-}" ] && [ -n "${GMAIL_PASSWORD:-}" ]; then
# see https://wiki.debian.org/GmailAndExim4
export EXIM4_SMARTHOST='smtp.gmail.com::587' \
EXIM4_SMARTHOST_USER="$GMAIL_USER" \
EXIM4_SMARTHOST_PASSWORD="$GMAIL_PASSWORD"
fi
unset GMAIL_USER GMAIL_PASSWORD # scrub env of creds
if [ -n "${EXIM4_SMARTHOST:-}" ]; then
set-exim4-update-conf \
dc_eximconfig_configtype 'smarthost' \
dc_smarthost "$EXIM4_SMARTHOST"
if [ -n "${EXIM4_SMARTHOST_USER:-}" ] && [ -n "${EXIM4_SMARTHOST_PASSWORD:-}" ]; then
echo "*:$EXIM4_SMARTHOST_USER:$EXIM4_SMARTHOST_PASSWORD" > /etc/exim4/passwd.client
fi
fi
unset EXIM4_SMARTHOST EXIM4_SMARTHOST_USER EXIM4_SMARTHOST_PASSWORD # scrub env of creds
if [ "$(id -u)" = '0' ]; then
mkdir -p /var/spool/exim4 /var/log/exim4 || :
chown -R Debian-exim:Debian-exim /var/spool/exim4 /var/log/exim4 || :
fi
if [ "$$" = 1 ]; then
set -- tini -- "$@"
fi
fi
exec "$@"

28
misc/images/mta/containers/set-exim4-update-conf Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/env bash
set -Eeuo pipefail
conf='/etc/exim4/update-exim4.conf.conf'
args=()
while [ "$#" -gt 0 ]; do
key="$1"
value="$2"
shift 2
if ! grep -qE "^#?${key}=" "$conf"; then
echo >&2 "error: '$key' not found in '$conf'"
exit 1
fi
sed_escaped_value="$(sed -e 's/[\/&]/\\&/g' <<<"$value")"
args+=( -e "s/^#?(${key})=.*/\1='${sed_escaped_value}'/" )
done
if [ "${#args[@]}" -eq 0 ]; then
echo >&2 "error: nothing to do?"
exit 1
fi
set -x
sed -ri "${args[@]}" "$conf"
update-exim4.conf -v

9
misc/images/nineapache7/containers/nineapache/Dockerfile → misc/images/nineapache74/containers/nineapache/Dockerfile
View File

@ -12,7 +12,9 @@ RUN apk add --no-cache \
curl \
unzip \
zip \
openssl
openssl \
mariadb-client \
supervisor
RUN apk add --no-cache \
apache2 \
@ -57,10 +59,13 @@ RUN curl -sS https://getcomposer.org/installer | php -- --1 --install-dir=/usr/l
RUN npm install -g n
RUN npm install -g yarn
RUN mkdir /etc/supervisor.d
COPY apache2.sh /etc/apache2/apache2.sh
RUN chmod +x /etc/apache2/apache2.sh
COPY php.local.ini /etc/php7/conf.d/
COPY apache.conf /etc/apache2/conf.d/zapp.conf
COPY httpd.conf /etc/apache2/httpd.conf
COPY site.conf /etc/apache2/conf.d/nine/site.conf
COPY ssl.conf /etc/apache2/conf.d/ssl.conf
COPY index.php /app/public/index.php

0
misc/images/nineapache7/containers/nineapache/apache2.sh → misc/images/nineapache74/containers/nineapache/apache2.sh
View File

483
misc/images/nineapache74/containers/nineapache/httpd.conf Normal file
View File

@ -0,0 +1,483 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens OS
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot /var/www
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/run/apache2
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule socache_redis_module modules/mod_socache_redis.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
#LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule brotli_module modules/mod_brotli.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule negotiation_module modules/mod_negotiation.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin you@example.com
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/localhost/htdocs"
<Directory "/var/www/localhost/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog logs/access.log common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog logs/access.log combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/localhost/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/apache2/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mime_magic_module>
MIMEMagicFile /etc/apache2/magic
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
# Load config files from the config directory "/etc/apache2/conf.d".
#
IncludeOptional /etc/apache2/conf.d/*.conf
IncludeOptional /etc/apache2/conf.d/nine/*.conf

2
misc/images/nineapache7/containers/nineapache/index.php → misc/images/nineapache74/containers/nineapache/index.php
View File

@ -1,8 +1,6 @@
<?php
echo "<html><head><title>Nineapache 7</title></head><body>";
echo "<h1><center>NINEAPACHE 7</center></h1>";
echo phpinfo();
echo "</body></html>";
?>

0
misc/images/nineapache7/containers/nineapache/php.local.ini → misc/images/nineapache74/containers/nineapache/php.local.ini
View File

0
misc/images/nineapache8/containers/nineapache/apache.conf → misc/images/nineapache74/containers/nineapache/site.conf
View File

0
misc/images/nineapache7/containers/nineapache/ssl.conf → misc/images/nineapache74/containers/nineapache/ssl.conf
View File

8
misc/images/nineapache7/docker-compose.yml → misc/images/nineapache74/docker-compose.yml
View File

@ -1,11 +1,11 @@
version: '3'
services:
nineapache:
nineapache74:
build:
context: ./containers/nineapache
image: reg.cadoles.com/envole/nineapache:7.4
container_name: nineapache7
container_name: nineapache74
ports:
- 8080:80
- "8080:80"
- "8443:443"

20
misc/images/nineapache8/containers/nineapache/Dockerfile → misc/images/nineapache81/containers/nineapache/Dockerfile
View File

@ -12,7 +12,11 @@ RUN apk add --no-cache \
curl \
unzip \
zip \
openssl
openssl \
mariadb-client \
certbot \
gettext \
supervisor
RUN apk add --no-cache \
apache2 \
@ -58,11 +62,21 @@ RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local
RUN npm install -g n
RUN npm install -g yarn
RUN mkdir /etc/supervisor.d
COPY apache2.sh /etc/apache2/apache2.sh
RUN chmod +x /etc/apache2/apache2.sh
COPY php.local.ini /etc/php81/conf.d/
COPY apache.conf /etc/apache2/conf.d/zapp.conf
COPY ssl.conf /etc/apache2/conf.d/ssl.conf
COPY httpd.conf /etc/apache2/httpd.conf
COPY site.conf /etc/apache2/conf.d/nine/site.conf
COPY sslself.conf /etc/apache2/conf.d/ssl.conf
COPY index.php /app/public/index.php
RUN mkdir /nine
COPY sslletsencrypt.conf /nine/ssl.conf
RUN mkdir -p /usr/local/apache2/htdocs/.well-known/acme-challenge
COPY addcertif.sh /nine/addcertif.sh
RUN chmod +x /nine/addcertif.sh
RUN echo "0 1 * * * /etc/apache2/addcertif.sh >> /var/log/addcertif.log 2>&1" >> /var/spool/cron/crontabs/root
CMD /etc/apache2/apache2.sh

15
misc/images/nineapache81/containers/nineapache/addcertif.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
if [[ $NINEAPACHE_LETSENCRYPT == 1 ]]
then
# On génère ou renouvel le certificat
echo "CERTIFICAT LETSENCRYPT"
certbot certonly --webroot -w /usr/local/apache2/htdocs -d ${WEB_URL} --non-interactive --agree-tos --email ${ADMIN_EMAIL}
# On supprime la conf ssl pour placer celle de letsencrypt en y placant la web_url
rm -f /etc/apache2/conf.d/ssl.conf
envsubst < "/nine/ssl.conf" > "/etc/apache2/conf.d/ssl.conf"
# On redemarre apache
httpd -k graceful
fi

0
misc/images/nineapache8/containers/nineapache/apache2.sh → misc/images/nineapache81/containers/nineapache/apache2.sh
View File

483
misc/images/nineapache81/containers/nineapache/httpd.conf Normal file
View File

@ -0,0 +1,483 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens OS
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot /var/www
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/run/apache2
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule socache_redis_module modules/mod_socache_redis.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
#LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule brotli_module modules/mod_brotli.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule negotiation_module modules/mod_negotiation.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin you@example.com
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/localhost/htdocs"
<Directory "/var/www/localhost/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog logs/access.log common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog logs/access.log combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/localhost/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/apache2/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mime_magic_module>
MIMEMagicFile /etc/apache2/magic
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
# Load config files from the config directory "/etc/apache2/conf.d".
#
IncludeOptional /etc/apache2/conf.d/*.conf
IncludeOptional /etc/apache2/conf.d/nine/*.conf

7
misc/images/nineapache81/containers/nineapache/index.php Normal file
View File

@ -0,0 +1,7 @@
<?php
echo "<html><head><title>Nineapache 8</title></head><body>";
echo "<h1><center>NINEAPACHE 8</center></h1>";
echo "</body></html>";
?>

0
misc/images/nineapache8/containers/nineapache/php.local.ini → misc/images/nineapache81/containers/nineapache/php.local.ini
View File

34
misc/images/nineapache81/containers/nineapache/site.conf Executable file
View File

@ -0,0 +1,34 @@
LoadModule rewrite_module modules/mod_rewrite.so
ServerName nineapache.local
DocumentRoot "/app/public"
# Alias pour le répertoire de validation de Certbot
Alias /.well-known/acme-challenge /usr/local/apache2/htdocs/.well-known/acme-challenge
# Exclure les requêtes pour .well-known/acme-challenge de la redirection vers index.php
<Location "/.well-known/acme-challenge">
Options None
AllowOverride None
Require all granted
</Location>
<Directory "/app/public">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
RewriteEngine On
# Exclure les requêtes vers .well-known/acme-challenge de la redirection
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge
# Règles de réécriture existantes
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
RewriteRule .* - [E=BASE:%1]
RewriteCond %{HTTP:Authorization} .+
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
RewriteCond %{ENV:REDIRECT_STATUS} =""
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ %{ENV:BASE}/index.php [L]
</Directory>

43
misc/images/nineapache81/containers/nineapache/sslletsencrypt.conf Normal file
View File

@ -0,0 +1,43 @@
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/app/public"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog logs/ssl_error.log
TransferLog logs/ssl_access.log
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/${WEB_URL}/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/${WEB_URL}/privkey.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/app/public/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

0
misc/images/nineapache8/containers/nineapache/ssl.conf → misc/images/nineapache81/containers/nineapache/sslself.conf
View File

7
misc/images/nineapache8/docker-compose.yml → misc/images/nineapache81/docker-compose.yml
View File

@ -1,10 +1,11 @@
version: '3'
services:
nineapache:
nineapache81:
build:
context: ./containers/nineapache
image: reg.cadoles.com/envole/nineapache:8.1
container_name: nineapache8
container_name: nineapache81
ports:
- 8080:443
- "8080:80"
- "8443:443"

90
misc/images/nineapache82/containers/nineapache/Dockerfile Executable file
View File

@ -0,0 +1,90 @@
FROM alpine:3.18
RUN apk update && apk upgrade
RUN apk add --no-cache \
bash \
sed \
vim \
ca-certificates \
openldap-clients \
wget \
npm \
git \
curl \
unzip \
zip \
openssl \
mariadb-client \
supervisor
RUN apk add --no-cache \
apache2 \
apache2-proxy \
apache2-ssl
RUN apk add --no-cache \
php82 \
php82-cli \
php82-apache2 \
php82-gd \
php82-zip \
php82-xml \
php82-ctype \
php82-simplexml \
php82-tokenizer \
php82-sodium \
php82-dom \
php82-pdo \
php82-pdo_pgsql \
php82-pdo_mysql \
php82-curl \
php82-ldap \
php82-pecl-igbinary \
php82-session \
php82-pecl-redis \
php82-fileinfo \
php82-xmlwriter \
php82-openssl \
php82-phar \
php82-iconv \
php82-mbstring \
php82-fpm \
php82-sockets \
php82-opcache \
php82-intl \
php82-bcmath \
php82-pecl-ssh2
RUN ln -s /usr/bin/php82 /usr/bin/php
RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
RUN npm install -g n
RUN npm install -g yarn
# Configurer les permissions pour Apache et PHP
RUN mkdir -p /etc/supervisor.d && \
mkdir -p /app/public && \
mkdir -p /etc/apache2/conf.d/nine && \
mkdir -p /var/log/apache2 && \
mkdir -p /run/apache2 && \
chown -R apache:apache /var/log/apache2 /etc/apache2 /app /etc/ssl/apache2 /run/apache2
# Copier les fichiers de configuration
COPY apache2.sh /etc/apache2/apache2.sh
COPY php.local.ini /etc/php82/conf.d/
COPY httpd.conf /etc/apache2/httpd.conf
COPY site.conf /etc/apache2/conf.d/nine/site.conf
COPY ssl.conf /etc/apache2/conf.d/ssl.conf
COPY index.php /app/public/index.php
# Donner les droits d'exécution au script
RUN chmod +x /etc/apache2/apache2.sh
# Commande de démarrage
USER apache
CMD ["/etc/apache2/apache2.sh"]

31
misc/images/nineapache82/containers/nineapache/apache2.sh Normal file
View File

@ -0,0 +1,31 @@
#!/bin/bash
envfile=/etc/apache2/conf.d/env.conf
haveenv=/etc/apache2/haveenv.txt
# Vérification de la permission d'écriture
if touch "$envfile" &>/dev/null; then
echo "GENERATION DES VARIABLES D'ENVIRONNEMENT"
rm -rf $envfile
rm -rf $haveenv
printf "\n# Expose environment variables to scripts.\nPassEnv" >> $envfile
compgen -e | while read name ; do
if [[ "$name" != "TERM" && "$name" != "HOME" && "$name" != "HOSTNAME" && "$name" != "PATH" && "$name" != "PWD" && "$name" != "SHLVL" ]]
then
touch $haveenv
printf " $name" >> $envfile
fi
done
printf "\n" >> $envfile
if [[ ! -f $haveenv ]]
then
rm -rf $envfile
fi
rm -rf $haveenv
fi
echo "START HTTPD"
httpd -DFOREGROUND

483
misc/images/nineapache82/containers/nineapache/httpd.conf Normal file
View File

@ -0,0 +1,483 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens OS
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot /var/www
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/run/apache2
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule socache_redis_module modules/mod_socache_redis.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
#LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule brotli_module modules/mod_brotli.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule negotiation_module modules/mod_negotiation.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin you@example.com
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/localhost/htdocs"
<Directory "/var/www/localhost/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog logs/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog logs/access.log common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog logs/access.log combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/localhost/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/apache2/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mime_magic_module>
MIMEMagicFile /etc/apache2/magic
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
# Load config files from the config directory "/etc/apache2/conf.d".
#
IncludeOptional /etc/apache2/conf.d/*.conf
IncludeOptional /etc/apache2/conf.d/nine/*.conf

1
misc/images/nineapache8/containers/nineapache/index.php → misc/images/nineapache82/containers/nineapache/index.php
View File

@ -2,7 +2,6 @@
echo "<html><head><title>Nineapache 8</title></head><body>";
echo "<h1><center>NINEAPACHE 8</center></h1>";
echo phpinfo();
echo "</body></html>";
?>

3
misc/images/nineapache82/containers/nineapache/php.local.ini Normal file
View File

@ -0,0 +1,3 @@
memory_limit = 512M
upload_max_filesize = 512M
post_max_size = 512M

3
misc/images/nineapache7/containers/nineapache/apache.conf → misc/images/nineapache82/containers/nineapache/site.conf
View File

@ -16,4 +16,5 @@ DocumentRoot "/app/public"
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ %{ENV:BASE}/index.php [L]
</Directory>
</Directory>

43
misc/images/nineapache82/containers/nineapache/ssl.conf Normal file
View File

@ -0,0 +1,43 @@
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES:!ADH
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/app/public"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog logs/ssl_error.log
TransferLog logs/ssl_access.log
SSLEngine on
SSLCertificateFile /etc/ssl/apache2/server.pem
SSLCertificateKeyFile /etc/ssl/apache2/server.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/app/public/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

11
misc/images/nineapache82/docker-compose.yml Executable file
View File

@ -0,0 +1,11 @@
version: '3'
services:
nineapache82:
build:
context: ./containers/nineapache
image: reg.cadoles.com/envole/nineapache:8.2
container_name: nineapache82
ports:
- "8081:80"
- "8443:443"

1
misc/images/piwigo/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
./volumes

10
misc/images/piwigo/containers/piwigo/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM reg.cadoles.com/envole/nineapache:8.1
RUN apk add php81-mysqli
RUN cd /app/public
RUN wget https://fr.piwigo.org/download/dlcounter.php?code=latest --output-document=/app/piwigo.zip
RUN rm -rf /app/public
RUN unzip /app/piwigo.zip -d /app
RUN mv /app/piwigo /app/public
COPY install-silent.php /app/public/
RUN rm -rf /app/piwigo.zip

399
misc/images/piwigo/containers/piwigo/install-silent.php Normal file
View File

@ -0,0 +1,399 @@
<?php
// +-----------------------------------------------------------------------+
// | This file is part of Piwigo. |
// | |
// | For copyright and license information, please view the COPYING.txt |
// | file that was distributed with this source code. |
// +-----------------------------------------------------------------------+
//----------------------------------------------------------- include
define('PHPWG_ROOT_PATH','./');
define('DEFAULT_PREFIX_TABLE', 'piwigo_');
include(PHPWG_ROOT_PATH . 'include/config_default.inc.php');
@include(PHPWG_ROOT_PATH. 'local/config/config.inc.php');
defined('PWG_LOCAL_DIR') or define('PWG_LOCAL_DIR', 'local/');
include(PHPWG_ROOT_PATH . 'include/functions.inc.php');
include(PHPWG_ROOT_PATH . 'include/template.class.php');
// download database config file if exists
check_input_parameter('dl', $_GET, false, '/^[a-f0-9]{32}$/');
if (!empty($_GET['dl']) && file_exists(PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl']))
{
$filename = PHPWG_ROOT_PATH.$conf['data_location'].'pwg_'.$_GET['dl'];
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
header('Content-Disposition: attachment; filename="database.inc.php"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: '.filesize($filename));
echo file_get_contents($filename);
unlink($filename);
exit();
}
// Obtain various vars
echo "INSTALLATION PIWIGO\n";
echo "MYSQL_HOST = ".getenv('MYSQL_HOST')."\n";
echo "MYSQL_USER = ".getenv('MYSQL_USER')."\n";
echo "MYSQL_PASSWORD = ".getenv('MYSQL_PASSWORD')."\n";
echo "MYSQL_PREFIXE = ".getenv('MYSQL_PREFIXE')."\n";
echo "PIWIGO_LANGUAGE = ".getenv('PIWIGO_LANGUAGE')."\n";
echo "\n\n";
$dbhost = getenv('MYSQL_HOST');
$dbuser = getenv('MYSQL_USER');
$dbpasswd = getenv('MYSQL_PASSWORD');
$dbname = getenv('MYSQL_DATABASE');
$prefixeTable = (!empty(getenv('MYSQL_PREFIXE')) ? getenv('MYSQL_PREFIXE') : "piwigo_");
$dblayer = 'mysqli';
$admin_name = 'admin';
$admin_pass1 = 'changeme';
$admin_pass2 = 'changeme';
$admin_mail = 'admin@noreply.fr';
$is_newsletter_subscribe = false;
$infos = array();
$errors = array();
$_POST['dbhost'] = $dbhost;
$_POST['dbname'] = $dbname;
$_POST['dbuser'] = $dbuser;
$_POST['dbpasswd'] = $dbpasswd;
$config_file = PHPWG_ROOT_PATH.PWG_LOCAL_DIR .'config/database.inc.php';
if (@file_exists($config_file))
{
include($config_file);
// Is Piwigo already installed ?
if (defined("PHPWG_INSTALLED"))
{
//die('Piwigo is already installed');
}
}
include(PHPWG_ROOT_PATH . 'include/constants.php');
include(PHPWG_ROOT_PATH . 'admin/include/functions.php');
include(PHPWG_ROOT_PATH . 'admin/include/languages.class.php');
$languages = new languages('utf-8');
$language=getenv('PIWIGO_LANGUAGE');
if ('fr_FR' == $language) {
define('PHPWG_DOMAIN', 'fr.piwigo.org');
}
else if ('it_IT' == $language) {
define('PHPWG_DOMAIN', 'it.piwigo.org');
}
else if ('de_DE' == $language) {
define('PHPWG_DOMAIN', 'de.piwigo.org');
}
else if ('es_ES' == $language) {
define('PHPWG_DOMAIN', 'es.piwigo.org');
}
else if ('pl_PL' == $language) {
define('PHPWG_DOMAIN', 'pl.piwigo.org');
}
else if ('zh_CN' == $language) {
define('PHPWG_DOMAIN', 'cn.piwigo.org');
}
else if ('ru_RU' == $language) {
define('PHPWG_DOMAIN', 'ru.piwigo.org');
}
else if ('nl_NL' == $language) {
define('PHPWG_DOMAIN', 'nl.piwigo.org');
}
else if ('tr_TR' == $language) {
define('PHPWG_DOMAIN', 'tr.piwigo.org');
}
else if ('da_DK' == $language) {
define('PHPWG_DOMAIN', 'da.piwigo.org');
}
else if ('pt_BR' == $language) {
define('PHPWG_DOMAIN', 'br.piwigo.org');
}
else {
define('PHPWG_DOMAIN', 'piwigo.org');
}
define('PHPWG_URL', 'https://'.PHPWG_DOMAIN);
//----------------------------------------------------- template initialization
$template = new Template(PHPWG_ROOT_PATH.'admin/themes', 'clear');
$template->set_filenames( array('install' => 'install.tpl') );
if (!isset($step))
{
$step = 1;
}
//---------------------------------------------------------------- form analyze
include(PHPWG_ROOT_PATH .'include/dblayer/functions_'.$dblayer.'.inc.php');
include(PHPWG_ROOT_PATH . 'admin/include/functions_install.inc.php');
include(PHPWG_ROOT_PATH . 'admin/include/functions_upgrade.php');
echo "install_db_connect\n";
install_db_connect($infos, $errors);
if (count($errors) > 0)
{
print_r($errors);
}
echo "pwg_db_check_charset\n";
pwg_db_check_charset();
$file_content = '<?php
$conf[\'dblayer\'] = \''.$dblayer.'\';
$conf[\'db_base\'] = \''.$dbname.'\';
$conf[\'db_user\'] = \''.$dbuser.'\';
$conf[\'db_password\'] = \''.$dbpasswd.'\';
$conf[\'db_host\'] = \''.$dbhost.'\';
$prefixeTable = \''.$prefixeTable.'\';
define(\'PHPWG_INSTALLED\', true);
define(\'PWG_CHARSET\', \'utf-8\');
define(\'DB_CHARSET\', \'utf8\');
define(\'DB_COLLATE\', \'\');
?'.'>';
@umask(0111);
// writing the configuration file
if ( !($fp = @fopen( $config_file, 'w' )))
{
// make sure nobody can list files of _data directory
secure_directory(PHPWG_ROOT_PATH.$conf['data_location']);
$tmp_filename = md5(uniqid(time()));
$fh = @fopen( PHPWG_ROOT_PATH.$conf['data_location'] . 'pwg_' . $tmp_filename, 'w' );
@fputs($fh, $file_content, strlen($file_content));
@fclose($fh);
$template->assign(
array(
'config_creation_failed' => true,
'config_url' => 'install.php?dl='.$tmp_filename,
'config_file_content' => $file_content,
)
);
}
@fputs($fp, $file_content, strlen($file_content));
@fclose($fp);
// tables creation, based on piwigo_structure.sql
echo "************************here";
execute_sqlfile(
PHPWG_ROOT_PATH.'install/piwigo_structure-mysql.sql',
DEFAULT_PREFIX_TABLE,
$prefixeTable,
'mysql'
);
// We fill the tables with basic informations
execute_sqlfile(
PHPWG_ROOT_PATH.'install/config.sql',
DEFAULT_PREFIX_TABLE,
$prefixeTable,
'mysql'
);
$query = '
INSERT INTO '.$prefixeTable.'config (param,value,comment)
VALUES (\'secret_key\',\''.sha1(random_bytes(1000)).'\',
\'a secret key specific to the gallery for internal use\');';
pwg_query($query);
conf_update_param('piwigo_db_version', get_branch_from_version(PHPWG_VERSION));
conf_update_param('gallery_title', pwg_db_real_escape_string(l10n('Just another Piwigo gallery')));
conf_update_param(
'page_banner',
'<h1>%gallery_title%</h1>'."\n\n<p>".pwg_db_real_escape_string(l10n('Welcome to my photo gallery')).'</p>'
);
// fill languages table, only activate the current language
$languages->perform_action('activate', $language);
// fill $conf global array
load_conf_from_db();
// PWG_CHARSET is required for building the fs_themes array in the
// themes class
if (!defined('PWG_CHARSET'))
{
define('PWG_CHARSET', 'utf-8');
}
activate_core_themes();
activate_core_plugins();
$insert = array(
'id' => 1,
'galleries_url' => PHPWG_ROOT_PATH.'galleries/',
);
mass_inserts(SITES_TABLE, array_keys($insert), array($insert));
// webmaster admin user
$inserts = array(
array(
'id' => 1, // must be the same value as webmaster_id in config.sql
'username' => $admin_name,
'password' => md5($admin_pass1),
'mail_address' => $admin_mail,
),
array(
'id' => 2,
'username' => 'guest',
),
);
mass_inserts(USERS_TABLE, array_keys($inserts[0]), $inserts);
create_user_infos(array(1,2), array('language' => $language));
// Available upgrades must be ignored after a fresh installation. To
// make PWG avoid upgrading, we must tell it upgrades have already been
// made.
list($dbnow) = pwg_db_fetch_row(pwg_query('SELECT NOW();'));
define('CURRENT_DATE', $dbnow);
$datas = array();
foreach (get_available_upgrade_ids() as $upgrade_id)
{
$datas[] = array(
'id' => $upgrade_id,
'applied' => CURRENT_DATE,
'description' => 'upgrade included in installation',
);
}
mass_inserts(
UPGRADE_TABLE,
array_keys($datas[0]),
$datas
);
//------------------------------------------------------ start template output
foreach ($languages->fs_languages as $language_code => $fs_language)
{
if ($language == $language_code)
{
$template->assign('language_selection', $language_code);
}
$languages_options[$language_code] = $fs_language['name'];
}
$template->assign('language_options', $languages_options);
$template->assign(
array(
'T_CONTENT_ENCODING' => 'utf-8',
'RELEASE' => PHPWG_VERSION,
'F_ACTION' => 'install.php?language=' . $language,
'F_DB_HOST' => $dbhost,
'F_DB_USER' => $dbuser,
'F_DB_NAME' => $dbname,
'F_DB_PREFIX' => $prefixeTable,
'F_ADMIN' => $admin_name,
'F_ADMIN_EMAIL' => $admin_mail,
'EMAIL' => '<span class="adminEmail">'.$admin_mail.'</span>',
'F_NEWSLETTER_SUBSCRIBE' => $is_newsletter_subscribe,
'L_INSTALL_HELP' => l10n('Need help ? Ask your question on <a href="%s">Piwigo message board</a>.', PHPWG_URL.'/forum'),
));
//------------------------------------------------------ errors & infos display
if ($step == 1)
{
$template->assign('install', true);
}
else
{
pwg_activity('system', ACTIVITY_SYSTEM_CORE, 'install', array('version'=>PHPWG_VERSION));
$infos[] = l10n('Congratulations, Piwigo installation is completed');
if (isset($error_copy))
{
$errors[] = $error_copy;
}
else
{
session_set_save_handler('pwg_session_open',
'pwg_session_close',
'pwg_session_read',
'pwg_session_write',
'pwg_session_destroy',
'pwg_session_gc'
);
if ( function_exists('ini_set') )
{
ini_set('session.use_cookies', $conf['session_use_cookies']);
ini_set('session.use_only_cookies', $conf['session_use_only_cookies']);
ini_set('session.use_trans_sid', intval($conf['session_use_trans_sid']));
ini_set('session.cookie_httponly', 1);
}
session_name($conf['session_name']);
session_set_cookie_params(0, cookie_path());
register_shutdown_function('session_write_close');
$user = build_user(1, true);
log_user($user['id'], false);
// newsletter subscription
if ($is_newsletter_subscribe)
{
fetchRemote(
get_newsletter_subscribe_base_url($language).$admin_mail,
$result,
array(),
array('origin' => 'installation')
);
userprefs_update_param('show_newsletter_subscription', false);
}
// email notification
if (isset($_POST['send_credentials_by_mail']))
{
include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
$keyargs_content = array(
get_l10n_args('Hello %s,', $admin_name),
get_l10n_args('Welcome to your new installation of Piwigo!', ''),
get_l10n_args('', ''),
get_l10n_args('Here are your connection settings', ''),
get_l10n_args('', ''),
get_l10n_args('Link: %s', get_absolute_root_url()),
get_l10n_args('Username: %s', $admin_name),
get_l10n_args('Password: ********** (no copy by email)', ''),
get_l10n_args('Email: %s', $admin_mail),
get_l10n_args('', ''),
get_l10n_args('Don\'t hesitate to consult our forums for any help: %s', PHPWG_URL),
);
pwg_mail(
$admin_mail,
array(
'subject' => l10n('Just another Piwigo gallery'),
'content' => l10n_args($keyargs_content),
'content_format' => 'text/plain',
)
);
}
}
}
if (count($errors) != 0)
{
$template->assign('errors', $errors);
}
if (count($infos) != 0 )
{
$template->assign('infos', $infos);
}
//----------------------------------------------------------- html code display
?>

19
misc/images/sentinel/containers/Dockerfile Normal file
View File

@ -0,0 +1,19 @@
FROM redis:6-alpine
ENV SENTINEL_QUORUM 2
ENV SENTINEL_DOWN_AFTER 1000
ENV SENTINEL_FAILOVER 1000
RUN mkdir -p /redis
WORKDIR /redis
COPY sentinel.conf .
COPY sentinel-entrypoint.sh /usr/local/bin/
RUN chown redis:redis /redis/* && \
chmod +x /usr/local/bin/sentinel-entrypoint.sh
EXPOSE 26379
ENTRYPOINT ["sentinel-entrypoint.sh"]

7
misc/images/sentinel/containers/sentinel-entrypoint.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/sh
sed -i "s/\$SENTINEL_QUORUM/$SENTINEL_QUORUM/g" /redis/sentinel.conf
sed -i "s/\$SENTINEL_DOWN_AFTER/$SENTINEL_DOWN_AFTER/g" /redis/sentinel.conf
sed -i "s/\$SENTINEL_FAILOVER/$SENTINEL_FAILOVER/g" /redis/sentinel.conf
redis-server /redis/sentinel.conf --sentinel

9
misc/images/sentinel/containers/sentinel.conf Normal file
View File

@ -0,0 +1,9 @@
port 26379
dir /tmp
sentinel resolve-hostnames yes
sentinel monitor redismaster redis 6379 $SENTINEL_QUORUM
sentinel down-after-milliseconds redismaster $SENTINEL_DOWN_AFTER
sentinel parallel-syncs redismaster 1
sentinel failover-timeout redismaster $SENTINEL_FAILOVER

7
misc/images/wordpress/containers/wordpress/Dockerfile
View File

@ -9,13 +9,14 @@ RUN chmod +x /usr/local/bin/wp
# Configuration apache
RUN cd /app/public
COPY apache.conf /etc/apache2/conf.d/zapp.conf
COPY apache.conf /etc/apache2/conf.d/nine/site.conf
# Installation des sources wordpress
RUN wp core download --path=/app/public --locale=fr_FR
RUN chown -R apache:apache /app/public
RUN find /app/public -type d -exec chmod 755 {} +
RUN find /app/public -type f -exec chmod 644 {} +
RUN chmod -R u=rwX,g=rX,o=rX /app/public
#RUN find /app/public -type d -exec chmod 755 {} +
#RUN find /app/public -type f -exec chmod 644 {} +
RUN mkdir /docker
COPY entrypoint.sh /docker/entrypoint.sh

3
misc/images/wordpress/containers/wordpress/apache.conf
View File

@ -2,6 +2,7 @@ LoadModule rewrite_module modules/mod_rewrite.so
ServerName nineapache.local
DocumentRoot "/app/public"
Alias /wordpress /app/public
LogLevel alert rewrite:trace3
<Directory "/app/public">
Options FollowSymLinks
AllowOverride Limit Options FileInfo
@ -13,7 +14,7 @@ Alias /wordpress /app/public
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /wordpress/
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin

9
misc/images/wordpress/containers/wordpress/entrypoint.sh
View File

@ -79,8 +79,17 @@ wp site switch-language fr_FR
# Mise à jour theme / plugin / network
wp theme install twentytwentyfour --allow-root
wp theme enable twentytwentyfour --network
wp theme install lowfi --allow-root
wp theme enable lowfi --network
wp theme install astra --allow-root
wp theme enable astra --network
wp plugin install advanced-posts-listing --allow-root
wp plugin activate advanced-posts-listing --network
wp plugin install ultimate-addons-for-gutenberg --allow-root
wp plugin activate ultimate-addons-for-gutenberg --network
wp plugin install wordpress-importer --allow-root
wp plugin install envira-gallery-lite --allow-root
wp theme update --allow-root --all
wp plugin update --allow-root --all

BIN
misc/images/wordpress/containers/wordpress/wp-cli.phar
View File

Binary file not shown.

42
misc/tools/dicos.sh Executable file
View File

@ -0,0 +1,42 @@
dir=$1
if [ -f "$dir/dicos/.env.dicos" ]; then
dicos="$dir/dicos/.env.dicos"
# Exporter la variable
set -o allexport; source <(grep -v '^#' $dir/env/.env.merge | sed 's/^/export /'); set +o allexport
# Initialisation des tableaux
templates=()
destinations=()
# Lecture du fichier de configuration
while IFS='=' read -r key value; do
case "$key" in
templates)
IFS=',' read -ra templates <<< "$value"
;;
destinations)
IFS=',' read -ra destinations <<< "$value"
;;
*)
esac
done < "$dicos"
# Boucle sur les templates et leurs destinations
for i in "${!templates[@]}"; do
template="${templates[$i]}"
destination="${destinations[$i]}"
# Extraire le répertoire de destination
folder=$(dirname "$destination")
# Créer le répertoire de destination
mkdir -p "$folder"
# Copier le template vers l'emplacement de destination
cp "$template" "$destination"
envsubst < "$destination" > temp.conf && mv temp.conf "$destination"
done
fi

52
misc/tools/e-ihm.sh
View File

@ -184,3 +184,55 @@ Title(){
EchoCyan "== $1 $finligne"
echo
}
# Fonction pour fusionner plusieurs fichiers .env
mergeenv() {
# Vérifier si au moins deux fichiers .env sont fournis
if [ "$#" -lt 2 ]; then
echo "Usage: merge_env_files output_file .env_file1 .env_file2 [additional .env files...]"
return 1
fi
# Le premier argument est le fichier de sortie
output_file=$1
shift
# Déclaration des structures de données pour stocker les variables et maintenir l'ordre
declare -A env_vars
declare -a env_keys
# Fonction pour lire un fichier .env et mettre à jour les structures de données
read_env_file() {
local env_file=$1
# Lire chaque ligne du fichier .env
while IFS='=' read -r key value; do
# Ignorer les lignes vides et les commentaires
[[ -z "$key" || "$key" =~ ^# ]] && continue
# Vérifier si la variable existe déjà
if [[ -z "${env_vars[$key]}" ]]; then
# Ajouter la clé à la liste des clés si elle n'existe pas encore
env_keys+=("$key")
fi
# Mettre à jour le tableau associatif
env_vars["$key"]="$value"
done < "$env_file"
}
# Lire chaque fichier .env et mettre à jour les structures de données
for env_file in "$@"; do
if [ -f "$env_file" ]; then
read_env_file "$env_file"
fi
done
# Écrire les variables dans le fichier de sortie dans l'ordre d'apparition
{
for key in "${env_keys[@]}"; do
echo "$key=${env_vars[$key]}"
done
} > "$output_file"
}

15
misc/tools/eole.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# Include bibliotheque de fonction
. e-ihm.sh
Title "NETWORK"
EchoRouge "ATTENTION SOLUTION DE CONTOURNEMENT POUR LE POC"
EchoRouge "A résoudre si l'on souhaite mettre en production"
# On réinstall docker-ce car le reconf détruit le reseau docker, la reinstall de docker-ce rétablit le reseau
apt-get install docker-ce --reinstall
# ATTENTION A REVOIR car ouvre complétement le firewall
iptables -P INPUT ACCEPT

4
misc/tools/eolenine.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
cd /usr/share/envole/ninedocker
./nine.sh $1 $2

25
misc/tools/mergeenv.sh Executable file
View File

@ -0,0 +1,25 @@
#!/usr/bin/env -S -i bash
env_files="env/.env env/.env.local"
merged_env="env/.env.merge"
if [ -n "$1" ]
then
env_files="$env_files $1/env/.env $1/env/.env.local"
merged_env="$1/env/.env.merge"
fi
unset PWD
unset SHLVL
for env_file in $env_files
do
set -a
if [ -f "$env_file" ]
then
. $env_file
fi
set +a
done
unset username
export -p | cut -d" " -f3- | sed "/OLDPWD/d" | head -n -1 | sort > "$merged_env"
exit 0

686
nine.sh
View File

@ -3,81 +3,12 @@
#1 : action = default up
#2 : service = optionnel
# Fusionner l'ensemble des fichier .env en un seul
rm -f ./.env.local
cat ./env/.env* >> ./.env.local
. ./misc/e-ihm.sh
. ./env/.env
if [ -f ./env/.env.local ]
then
. ./env/.env.local
fi
# Include bibliotheque de fonction
. ./misc/tools/e-ihm.sh
# Start script
BigTitle "NINE"
# Include
. ./.env.local
#===========================================================================================================================================
#== ENV ====================================================================================================================================
#===========================================================================================================================================
#1 = service to stop if null all service
destroyall(){
Question_ouinon "Souhaitez-vous supprimer l'ensemble des containers : Attention cela supprimera vraiment tout ?"
if [[ "$?" = 0 ]]
then
destroy $NINEAPACHE_SERVICE_NAME 1
destroy $MARIADB_SERVICE_NAME 1
destroy $REDIS_SERVICE_NAME 1
destroy $MINIO_SERVICE_NAME 1
destroy $OPENLDAP_SERVICE_NAME 1
destroy $KEYCLOAK_SERVICE_NAME 1
destroy $NEXTCLOUD_SERVICE_NAME 1
destroy $NINEBOARD_SERVICE_NAME 1
destroy $NINEGATE_SERVICE_NAME 1
destroy $WIKI_SERVICE_NAME 1
destroy $WORDPRESS_SERVICE_NAME 1
destroy $ADMINER_SERVICE_NAME 1
destroy $PHPLDAPADMIN_SERVICE_NAME 1
fi
}
env() {
rm -rf ./tmp/.env.$1
mkdir -p ./tmp
cat ./env/.env >> ./tmp/.env.$1
if [[ -f ./env/.env.local ]]; then cat ./env/.env.local >> ./tmp/.env.$1; fi
if [[ -f ./env/.env.zapp.$1 ]]; then cat ./env/.env.zapp.$1 >> ./tmp/.env.$1; fi
if [[ -f ./env/.env.zapp.$1.local ]]; then cat ./env/.env.zapp.$1.local >> ./tmp/.env.$1; fi
};
#===========================================================================================================================================
#== ENVALL =================================================================================================================================
#===========================================================================================================================================
envall(){
env $NINEAPACHE_SERVICE_NAME
env $MARIADB_SERVICE_NAME
env $REDIS_SERVICE_NAME
env $MINIO_SERVICE_NAME
env $OPENLDAP_SERVICE_NAME
env $KEYCLOAK_SERVICE_NAME
env $NEXTCLOUD_SERVICE_NAME
env $NINEBOARD_SERVICE_NAME
env $NINEGATE_SERVICE_NAME
env $WIKI_SERVICE_NAME
env $WORDPRESS_SERVICE_NAME
env $ADMINER_SERVICE_NAME
env $PHPLDAPADMIN_SERVICE_NAME
}
#===========================================================================================================================================
#== STOP ===================================================================================================================================
#===========================================================================================================================================
@ -87,13 +18,26 @@ envall(){
stop() {
if [[ "$2" != 1 ]]; then Title "STOP"; fi
echo "docker-compose stop $1"
docker-compose stop $1
if [[ "$2" != 1 ]]; then echo; fi
if [[ "$2" != 1 ]]; then Title "REMOVE"; fi
if [[ "$1" != "" ]]; then
docker-compose rm -s -v -f "${1}"
else
docker-compose down
fi
if [[ "$2" != 1 ]]; then echo; fi
}
#===========================================================================================================================================
#== UPSERVICE ==============================================================================================================================
#== WAIT_FOR_CONTAINER =====================================================================================================================
#===========================================================================================================================================
#1 = service to up
#1 = service to wait
wait_for_container() {
container_id="nine-$1"
@ -114,208 +58,6 @@ wait_for_container() {
done;
}
upservice(){
docker-compose up -d $1
if [[ $2 == "wait" ]]
then
wait_for_container $1
fi
}
function upnineapache {
if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]]
then
Title ${NINEAPACHE_SERVICE_NAME^^}
EchoVert "CONTAINER"
upservice ${NINEAPACHE_SERVICE_NAME}
Echo
fi
}
function upmariadb {
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
Title "MARIADB"
EchoVert "CONTAINER"
upservice $MARIADB_SERVICE_NAME wait
Echo
fi
}
function upredis {
if [[ $REDIS_ACTIVATE == 1 && $REDIS_LOCAL == 1 ]]
then
Title "REDIS"
EchoVert "CONTAINER"
upservice $REDIS_SERVICE_NAME
Echo
fi
}
function upminio {
if [[ $MINIO_ACTIVATE == 1 && $MINIO_LOCAL == 1 ]]
then
Title "MINIO"
EchoVert "CONTAINER"
upservice $MINIO_SERVICE_NAME
Echo
fi
}
function upopenldap {
if [[ $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
then
Title ${OPENLDAP_SERVICE_NAME^^}
EchoVert "CONTAINER"
mkdir -p ./volume/openldap/data
chmod a+wr ./volume/openldap/data
upservice $OPENLDAP_SERVICE_NAME wait
docker-compose exec $OPENLDAP_SERVICE_NAME /nine/init.sh
Echo
fi
}
function upkeycloak {
if [[ $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
then
Title ${KEYCLOAK_SERVICE_NAME^^}
# CREATE BDD
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
EchoVert "DATABASE"
Echo ${KEYCLOAK_SERVICE_NAME^^}
docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $KEYCLOAK_SERVICE_NAME
Echo
fi
EchoVert "CONTAINER"
upservice $KEYCLOAK_SERVICE_NAME
Echo
fi
}
function upnextcloud {
if [[ $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]]
then
Title ${NEXTCLOUD_SERVICE_NAME^^}
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
EchoVert "DATABASE"
Echo ${NEXTCLOUD_SERVICE_NAME^^}
Echo
docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $NEXTCLOUD_SERVICE_NAME
fi
EchoVert "CONTAINER"
upservice ${NEXTCLOUD_SERVICE_NAME}
Echo
fi
}
function upnineboard {
if [[ $NINEBOARD_ACTIVATE == 1 && $NINEBOARD_LOCAL == 1 ]]
then
Title ${NINEBOARD_SERVICE_NAME^^}
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
EchoVert "DATABASE"
Echo ${NINEBOARD_SERVICE_NAME^^}
docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $NINEBOARD_SERVICE_NAME
Echo
fi
EchoVert "CONTAINER"
upservice ${NINEBOARD_SERVICE_NAME}
chmod -R a+wr ./volume/nineboard/data
Echo
fi
}
function upninegate {
if [[ $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]]
then
Title ${NINEGATE_SERVICE_NAME^^}
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
EchoVert "DATABASE"
Echo ${NINEGATE_SERVICE_NAME^^}
docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $NINEGATE_SERVICE_NAME
Echo
fi
EchoVert "CONTAINER"
upservice ${NINEGATE_SERVICE_NAME}
chmod -R a+wr ./volume/ninegate/data
Echo
fi
}
function upwiki {
if [[ $WIKI_ACTIVATE == 1 && $WIKI_LOCAL == 1 ]]
then
Title ${WIKI_SERVICE_NAME^^}
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
EchoVert "DATABASE"
Echo ${WIKI_SERVICE_NAME^^}
docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $WIKI_SERVICE_NAME
Echo
fi
EchoVert "CONTAINER"
upservice ${WIKI_SERVICE_NAME}
Echo
fi
}
function upwordpress {
if [[ $WORDPRESS_ACTIVATE == 1 && $WORDPRESS_LOCAL == 1 ]]
then
Title ${WORDPRESS_SERVICE_NAME^^}
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
EchoVert "DATABASE"
Echo ${WORDPRESS_SERVICE_NAME^^}
docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $WORDPRESS_SERVICE_NAME
Echo
fi
EchoVert "CONTAINER"
upservice ${WORDPRESS_SERVICE_NAME}
Echo
fi
}
function upadminer {
if [[ $ADMINER_ACTIVATE == 1 && $ADMINER_LOCAL == 1 ]]
then
Title ${ADMINER_SERVICE_NAME^^}
EchoVert "CONTAINER"
upservice ${ADMINER_SERVICE_NAME}
Echo
fi
}
function upphpldapadmin {
if [[ $PHPLDAPADMIN_ACTIVATE == 1 && $PHPLDAPADMIN_LOCAL == 1 ]]
then
Title ${PHPLDAPADMIN_SERVICE_NAME^^}
EchoVert "CONTAINER"
upservice ${PHPLDAPADMIN_SERVICE_NAME}
Echo
fi
}
#===========================================================================================================================================
#== UP =====================================================================================================================================
@ -329,194 +71,211 @@ up(){
# SERVICES
if [[ -z "$1" ]]
then
# NETWORK
if [[ "$RELEASE_SYSTEM" == "eole" ]]
then
Title "NETWORK"
EchoRouge "ATTENTION SOLUTION DE CONTOURNEMENT POUR LE POC"
EchoRouge "A résoudre si l'on souhaite mettre en production"
# On réinstall docker-ce car le reconf détruit le reseau docker, la reinstall de docker-ce rétablit le reseau
apt-get install docker-ce --reinstall
# ATTENTION A REVOIR car ouvre complétement le firewall
iptables -P INPUT ACCEPT
fi
# NINEAPACHE
upnineapache
# MARIADB
upmariadb
# REDIS
upredis
# MINIO
upminio
# OPENLDAP
upopenldap
# KEYCLOAK
upkeycloak
# NEXTCLOUD
upnextcloud
# NINEBOARD
upnineboard
# NINEGATE
upninegate
# WIKI
upwiki
# WORDPRESS
upwordpress
# ADMINER
upadminer
# PHPLDAPADMIN
upphpldapadmin
# Pour chaque répertoire service on execute sa fonction up
for key in $(for k in "${!services[@]}"; do echo "$k:${services[$k]}"; done | sort -t: -k2,2 | cut -d: -f1); do
up${key}
done
else
env ${1}
up${1}
fi
}
upservice(){
docker-compose up -d --remove-orphans $1
if [[ $2 == "wait" ]]
then
wait_for_container $1
fi
}
#===========================================================================================================================================
#== DESTROY ================================================================================================================================
#== DESTROYALL =============================================================================================================================
#===========================================================================================================================================
destroyall(){
Question_ouinon "Souhaitez-vous supprimer l'ensemble des containers : Attention cela supprimera vraiment tout ?"
if [[ "$?" = 0 ]]
then
destroy $NINEAPACHE_SERVICE_NAME 1
destroy $MARIADB_SERVICE_NAME 1
destroy $REDIS_SERVICE_NAME 1
destroy $MINIO_SERVICE_NAME 1
destroy $OPENLDAP_SERVICE_NAME 1
destroy $KEYCLOAK_SERVICE_NAME 1
destroy $NEXTCLOUD_SERVICE_NAME 1
destroy $NINEBOARD_SERVICE_NAME 1
destroy $NINEGATE_SERVICE_NAME 1
destroy $WIKI_SERVICE_NAME 1
destroy $WORDPRESS_SERVICE_NAME 1
destroy $ADMINER_SERVICE_NAME 1
destroy $PHPLDAPADMIN_SERVICE_NAME 1
# Pour chaque répertoire service on execute sa fonction destroy
# On part du dernier service vers le premiser
for key in $(for k in "${!services[@]}"; do echo "$k:${services[$k]}"; done | sort -t: -k2,2r | cut -d: -f1); do
destroy${key} 1
done
fi
}
#===========================================================================================================================================
#== PULL ===================================================================================================================================
#===========================================================================================================================================
pull(){
if [[ "$1" == "" ]]
then
Question_ouinon "Souhaitez-vous mettre à jour les images ?"
else
Question_ouinon "Souhaitez-vous mettre à jour l'images du service $1 ?"
fi
if [[ "$?" = 0 ]]
then
stop $1
docker-compose pull $1
fi
}
#===========================================================================================================================================
#== DESTROY ================================================================================================================================
#== ENV ====================================================================================================================================
#===========================================================================================================================================
#1 = service to destroy
#2 = ne pas poser de questions
# Construction des environnements mergés par service
env(){
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
mergeenv $dir/env/.env.merge env/.env.merge $dir/env/.env $dir/env/.env.local
#misc/tools/mergeenv.sh $dir
done
}
destroy(){
Title "DESTROY "${1^^}
#===========================================================================================================================================
#== DOCKERCOMPOSE ====================================================================================================================================
#===========================================================================================================================================
# Construction du dockercompose
stop $1 1
docker-compose rm -s -v -f "$1"
dockercompose() {
if [[ "$1" == "$MARIADB_SERVICE_NAME" && $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'ensemble des bases ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
sudo rm -rf volume/mariadb/mysql
fi
fi
echo "services:" > services.yml
echo "secrets:" > secrets.yml
echo "networks:" > networks.yml
echo " nine-network:" >> networks.yml
echo " name: nine-network" >> networks.yml
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
# Construction du docker-compose
if [ -f "$dir/dockercompose/dockercompose.yml" ]; then
unset section
while read; do
case $REPLY in
"services:")
section=${REPLY%:}
;;
"secrets:")
section=${REPLY%:}
;;
"networks:")
section=${REPLY%:}
;;
*)
if [ -n "$section" ]; then
echo "$REPLY" >> ${section}.yml
fi
;;
if [[ "$1" == "$OPENLDAP_SERVICE_NAME" && $LDAP_ACTIVATE == 1 && $LDAP_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer l'annuaire associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
sudo rm -rf volume/openldap/data
mkdir volume/openldap/data
chmod a+w volume/openldap/data -R
chmod a+r volume/openldap/data -R
fi
fi
esac
done < "$dir/dockercompose/dockercompose.yml"
fi
done
cat services.yml secrets.yml networks.yml > docker-compose.yml
rm -f services.yml secrets.yml networks.yml
if [[ "$1" == "$KEYCLOAK_SERVICE_NAME" && $CAS_ACTIVATE == 1 && $CAS_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $KEYCLOAK_SERVICE_NAME
fi
fi
}
if [[ "$1" == "$NINEGATE_SERVICE_NAME" && $NINEGATE_ACTIVATE == 1 && $NINEGATE_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $NINEGATE_SERVICE_NAME
fi
fi
#===========================================================================================================================================
#== APACHE =================================================================================================================================
#===========================================================================================================================================
# Construction conf apache
apache(){
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
keyservice="${dir##*-}"
valueservice="${dir##*/}"
if [[ "$1" == "$NINEBOARD_SERVICE_NAME" && $NINEBOARD_ACTIVATE == 1 && $NINEBOARD_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $NINEBOARD_SERVICE_NAME
fi
fi
mkdir -p services/10-nineapache/volume/apache
if [ -f "$dir/apache/apache.conf" ]; then
cp "$dir/apache/apache.conf" services/10-nineapache/volume/apache/$valueservice.conf
fi
done
}
if [[ "$1" == "$NEXTCLOUD_SERVICE_NAME" && $NEXTCLOUD_ACTIVATE == 1 && $NEXTCLOUD_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ainsi que les fichiers utilisateurs ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $NEXTCLOUD_SERVICE_NAME
sudo rm -rf volume/nextcloud/data
sudo rm -rf volume/nextcloud/html
sudo rm -rf volume/nextcloud/app
fi
fi
if [[ "$1" == "$WIKI_SERVICE_NAME" && $WIKI_ACTIVATE == 1 && $WIKI_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $WIKI_SERVICE_NAME
sudo rm -rf volume/wiki/data
fi
fi
#===========================================================================================================================================
#== TEMPLATE================================================================================================================================
#===========================================================================================================================================
# Templatisation
if [[ "$1" == "$WORDPRESS_SERVICE_NAME" && $WORDPRESS_ACTIVATE == 1 && $WORDPRESS_LOCAL == 1 ]]
then
if [[ -z $2 ]]; then Question_ouinon "Souhaitez-vous supprimer la BDD associé à $1 ?";fi
if [[ "$?" = 0 || -z $2 ]]
then
docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $WORDPRESS_SERVICE_NAME
sudo rm -rf volume/wordpress/data
fi
fi
template() {
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
misc/tools/dicos.sh $dir
done
}
#===========================================================================================================================================
#== SERVICES ===============================================================================================================================
#===========================================================================================================================================
# Liste des services
services() {
Title "SERVICES"
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
keyservice="${dir##*-}"
valueservice="${dir##*/}"
Echo $keyservice
done
}
#===========================================================================================================================================
#== MAIN ===================================================================================================================================
#===========================================================================================================================================
envall
# Include variable d'environnement global
mergeenv env/.env.merge env/.env env/.env.local
#misc/tools/mergeenv.sh
. env/.env.merge
# Include service
declare -A services
for dir in $(ls -d "services"/[0-9][0-9]-* | sort); do
keyservice="${dir##*-}"
valueservice="${dir##*/}"
# Include bibliotheque de fonction
if [ -f "$dir/misc/nine.sh" ]; then
. $dir/misc/nine.sh
fi
# Include variable d'environnement global
if [ -f "$dir/env/.env" ]; then
. $dir/env/.env
fi
# Include variable d'environnement local
if [ -f "$dir/env/.env.local" ]; then
. $dir/env/.env.local
fi
# Sauvegarder le service
services["$keyservice"]="$valueservice"
done
# Construction des environnements mergés par service
env
# Construction docker_compose
dockercompose
# Construction de la configuration apache
apache
# Templetisation
template
# Execution de la commande
if [[ $1 == "up" || $1 == "" ]]
then
up $2
elif [[ $1 == "uplogs" || $1 == "" ]]
then
up $2
docker-compose logs -f $2
elif [[ $1 == "stop" ]]
then
stop $2
@ -539,51 +298,86 @@ then
EchoRouge "Vous devez precisez un service"
EchoRouge "nine.sh destroy monservice"
else
destroy $2
destroy$2
fi
elif [[ $1 == "pull" ]]
then
pull $2
elif [[ $1 == "pulluplogs" ]]
then
pull $2
up $2
docker-compose logs -f $2
elif [[ $1 == "services" ]]
then
services
elif [[ $1 == "logs" ]]
then
docker-compose logs -f $2
elif [[ $1 == "iswait" ]]
then
wait_for_container $2
elif [[ $1 == "env" ]]
then
if [[ -z $2 ]]
then
EchoRouge "Vous devez precisez un service"
EchoRouge "nine.sh env monservice"
else
env $2
EchoVert "Fichier tmp/.env.$1 regénéré"
fi
elif [[ $1 == "regen" ]]
then
if [[ -z $2 ]]
then
destroyall
apache
template
up
else
destroy $2
up $2
destroy$2
apache
template
up$2
fi
elif [[ $1 == "regenlogs" ]]
then
if [[ -z $2 ]]
then
destroyall
apache
template
up
else
destroy$2
apache
template
up$2
fi
docker-compose logs -f $2
elif [[ $1 == "letsencrypt" ]]
then
Title ${NINEAPACHE_SERVICE_NAME^^} LETSENCRYPT
if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]]
then
docker-compose exec ${NINEAPACHE_SERVICE_NAME} /nine/addcertif.sh
else
EchoRouge "Service ${NINEAPACHE_SERVICE_NAME} non actif"
fi
else
EchoRouge "Action possible ="
EchoRouge "nine.sh > UP de l'ensemble des services actifs"
EchoRouge "nine.sh up > UP de l'ensemble des services actifs"
EchoRouge "nine.sh up monservice> UP de monservice"
EchoRouge "nine.sh uplogs > UP puis logs de l'ensemble des services actifs"
EchoRouge "nine.sh uplogs monservice> UP puis logs de monservice"
EchoRouge "nine.sh stop > STOP de l'ensemble des services"
EchoRouge "nine.sh stop monservice> STOP de monservice"
EchoRouge "nine.sh bash monservice> lance un terminel dans le conteneur de monservice"
EchoRouge "nine.sh destroyall> détruit l'ensemble des services avec l'ensemble des BDD et des volumes persistant"
EchoRouge "nine.sh destroy monservice> détruit monservices et si souhaitez sa BDD et ses volumes persistant"
EchoRouge "nine.sh stop monservice > STOP de monservice"
EchoRouge "nine.sh bash monservice > lance un terminel dans le conteneur de monservice"
EchoRouge "nine.sh destroyall > détruit l'ensemble des services avec l'ensemble des BDD et des volumes persistant"
EchoRouge "nine.sh destroy monservice > détruit monservices et si souhaitez sa BDD et ses volumes persistant"
EchoRouge "nine.sh pull > Mettre à jour l'ensemble des images"
EchoRouge "nine.sh pull monservice > Mettre à jour l'image de monservice"
EchoRouge "nine.sh pulluplogs > Mettre à jour l'ensemble des images et uplogs de l'ensemble des services"
EchoRouge "nine.sh pulluplogs monservice > Mettre à jour l'image de monservice et uplogs de mon service"
EchoRouge "nine.sh services > Liste des Services"
EchoRouge "nine.sh logs > LOGS de l'ensemble des services"
EchoRouge "nine.sh logs monservice > LOGS de monservice"
EchoRouge "nine.sh iswait monservice > monservice est-il en cours de construction"
EchoRouge "nine.sh env monservice > regeneration du fichier d'environnement de monservice"
EchoRouge "nine.sh regen > lance destroyall puis up sur l'ensemble des service"
EchoRouge "nine.sh regen monservice > lance destroy monservice puis up monservice"
EchoRouge "nine.sh letsencrypt > genere ou renouvelle le certificat letsencrypt"
fi
echo
echo
echo

161
readme.md
View File

@ -4,119 +4,68 @@
git clone --branch master https://forge.cadoles.com/afornerot/ninedocker.git
## Nine sur localhost
## Nine sur localhost
Vous devez ajouter un domaine dans votre host qui pointe sur 127.0.0.0
Sans personnalisation nine est configuré pour travailler avec nine.local et il écoute le port 7080
Sans personnalisation nine est configuré pour travailler avec nine.local et il écoute les ports 443 et 80
```
127.0.0.0 nine.local
```
## Comment personnaliser
# Structure du projet
Pour personnaliser la configuration de base
## env
- créer un fichier /env/.env.local
- et faite varier les variables d'environnement WEB_URL et PROTOCOLE
Ce pertoire contient l'ensemble des variables d'environnements de Ninedocker. Ne modifiez jamais le fichier .env, si vous souhaitez personnaliser votre environnement, initialisez un fichier .env.local au même emplacement. Dans ce fichier vous pourrez altérer les valeurs des variables présentes dans le .env.
### Host
### Variables "SERVICE"
Chaque service ont au minimum trois variables
```
- LESERVICE_SERVICE_NAME=leservice # Le nom du service
- LESERVICE_ACTIVATE=1 # Pour activer le service
- LESERVICE_LOCAL=1 # Pour indiquer si le service est hébergé sur ninedocker
```
Si vous souhaitez ajouter vos propres services à Ninedocker, ajoutez obligatoirement au moins trois variables dans votre .env.local:
```
- MONSERVICE_SERVICE_NAME=leservice
- MONSERVICE_ACTIVATE=1
- MONSERVICE_LOCAL=1
```
### Variables WEB_URL & PROTOCOLE
De base ninedocker est configuré pour fonctionner sur nine.local en https
Exemple de faire fonctionner le docker en local et en http
Vous devez donc modifier dans le .env.local pour être en phase avec votre environnement
```
WEB_URL=mondomaine
PROTOCOLE=https
```
### Ports & Services associés
### Variable MASTERIDENTITY
Les services suivants sont à l'écoute des ports
La variable MASTERIDENTITY peut prendre les valeurs SQL ou SSO ou LDAP. Elle permet d'indiquer à Ninegate ou Nineskeletor qui est le maître de l'indentité.
- 3306 = mariadb
- 9000 = ninegate
- 1389/1636 = openldap
- 8999/8443 = keycloak
- 9001 = nextcloud
- 9002 = nineboard
- 9003 = wordpress
- 9100 = adminer
- 9101 = phpldapadmin
- 9102 = nineapache
- Si **SQL** = c'est que c'est Ninegate ou Nineskeletor qui sont detenteur et maître de l'indentité. Dans ce cas Ninegate ou Nineskeletor seront capable de synchroniser leurs utilisateurs dans un annuaire. Si un service OPENLDAP est activé.
- Si **SSO** = c'est que c'est à la connexion en SSO aux différents services qui va autosubmit ou autoupdate l'utilisateur dans le service qui utilise le service SSO. Dans ce cas, il est impératif que votre mode d'authentification soit paramétré en CAS.
- Si **LDAP** = c'est que c'est le service OPENLDAP qui est maître de l'identité. Dans ce cas c'est à vous d'alimenter les utilisateurs dans l'annuaire. Le service PHPLDAPADMIN pourrait vous aider à cela. Certains service pourront se synchroniser avec votre annuaire pour récupérer d'avance votre structure organisationnelle
Si vous souhaitez ne pas attaquer vos services via leurs ports, vous devrez mettre en place un reverse proxy apache ou ngnix
### Variable MODE_AUTH
exemple apache
Cette variable permet de déterminer quel protocole d'authentification sera utilisé par les différents service
```
ProxyPass /auth http://0.0.0.0:8080/auth retry=0 keepalive=On
ProxyPassReverse /auth http://0.0.0.0:8080/auth retry=0
- **SQL** = sa propre mire d'authentification
- **CAS** = CAS le serveur CAS local ou externe
- **LDAP** = l'annuaire local ou externe dans ce cas la variable LDAP_LOGIN_FILTER est nécessaire
ProxyPass /ninegate http://0.0.0.0:9000/ninegate retry=0 keepalive=On
ProxyPassReverse /ninegate http://0.0.0.0:9000/ninegate retry=0
ProxyPass /wssninegate ws://0.0.0.0:9000/wssninegate retry=0 keepalive=On
ProxyPassReverse /wssninegate ws://0.0.0.0:9000/wssninegate retry=0
ProxyPass /nextcloud http://0.0.0.0:9001 retry=0 keepalive=On
ProxyPassReverse /nextcloud http://0.0.0.0:9001 retry=0
ProxyPass /nineboard http://0.0.0.0:9002/nineboard retry=0 keepalive=On
ProxyPassReverse /nineboard http://0.0.0.0:9002/nineboard retry=0
ProxyPass /wssnineboard ws://0.0.0.0:9002/wssnineboard retry=0 keepalive=On
ProxyPassReverse /wssnineboard ws://0.0.0.0:9002/wssnineboard retry=0
ProxyPass /wordpress http://0.0.0.0:9003/wordpress retry=0 keepalive=On
ProxyPassReverse /wordpress http://0.0.0.0:9003/wordpress retry=0
ProxyPass /adminer http://0.0.0.0:9100 retry=0 keepalive=On
ProxyPassReverse /adminer http://0.0.0.0:9100 retry=0
ProxyPass /phpldapadmin http://0.0.0.0:9101/phpldapadmin retry=0 keepalive=On
ProxyPassReverse /phpldapadmin http://0.0.0.0:9101/phpldapadmin retry=0
ProxyPass /nineapache http://0.0.0.0:9102 retry=0 keepalive=On
ProxyPassReverse /nineapache http://0.0.0.0:9102 retry=0
```
### Activer / Désactiver les services
Dans votre ./env/.env.local vous pouvez activer / désactiver des services via les variables suivante
```
MARIADB_ACTIVATE=
LDAP_ACTIVATE=
CAS_ACTIVATE=
NINEGATE_ACTIVATE=
NEXTCLOUD_ACTIVATE=
NINEBOARD_ACTIVATE=
WORDPRESS_ACTIVATE=
ADMINER_ACTIVATE=
PHPLDAPADMIN_ACTIVATE=
NINEAPACHE_ACTIVATE=
```
### Déporter des services
Certains services peuvent t'être distant et non géré par le docker nine. Pour cela garder le service actif mais indiquer lui qu'il n'est pas local via les variables suivantes
```
LDAP_LOCAL
CAS_LOCAL
NINEGATE_LOCAL
NEXTCLOUD_LOCAL
NINEBOARD_LOCAL
WORDPRESS_LOCAL
ADMINER_LOCAL
PHPLDAPADMIN_LOCAL
NINEAPACHE_LOCAL
```
S'il ne sont pas local en fonction du service vous devrez ajouter les variables nécessaire dans votre .env.local pour indiquer où se situe le service.
**LDAP**
### Variables LDAP
```
LDAP_HOST # Host de votre annuaire
@ -134,35 +83,7 @@ LDAP_EMAIL=mail # Attribut mail d'un utilisateur
LDAP_MEMBER=memberUid # Liste des uid utilisateur dans un groupe
```
### Personnaliser Ninegate
#### MASTERIDENTITY
Ce variable va vous permettre de déterminer qui est le maître de l'identité
**SQL**
- C'est ninegate le maître vous pouvez via l'interface de gestion de ninagate créer/modifier/supprimer des niveaux/groups/utilisateurs
- Vous pourrez activer l'auto inscription des utilisateurs
- Les utilisateurs pourront bénéficier d'un "Mot de passe oublié"
- Si vous avez activer le service LDAP, les utilisateurs pourront alors être synchroniser
**LDAP**
- C'est l'annuaire le maître vous ne plus créer/modifier/supprimer des utilisateurs dans l'interface de ninegate, ni bénéficier de l'auto inscription des utilisateurs ni de la fonctionnalité "Mot de passe oublié"
- Cela sera à vous de créer directement dans l'annuaire vos utilisateurs
- Vous pourrez créer des niveaux et des groupes
- Les niveau01s et les groupes pourront etre associé à une requete LDAP indiquant à Ninegate comment les récupérer et les synchroniser dans sa base
### MODE_AUTH
Quel protocole d'authentification sera utilisé par les différents service
- SQL = sa propre mire d'authentification
- CAS = CAS le serveur CAS local ou externe
- LDAP = l'annuaire local ou externe dans ce cas la variable LDAP_LOGIN_FILTER est nécessaire
#### Synchronisation
#### Variable LDAP_SYNC
Pour activer la synchronisation des comptes il est nessaire d'activer cette variable
@ -172,14 +93,14 @@ LDAP_SYNC
En fonction de votre MASTERIDENTITY vous pouvez synchroniser les utilisateurs
**Si masteridentity est à SQL = où sont synchronisées les datas dans l'annuaire**
**Si MASTERIDENTITY est à SQL = synchronisation des datas la BDD vers l'annuaire**
Attention dans ce cas ninegate attend une structure d'annuaire bien précise. Vous pouvez retrouver cette structure si vous souhaitez déporter votre annuaire à ces emplacements :
- schema = ./volume/openldap/nine/schema/cadoles.ldif
- ldif = ./volume/openldap/nine/ldif/cadoles.ldif
Voici les variables qui indiquera à ninegate où aller synchroniser son organisation
Voici les variables qui indiquera à Ninegate où aller synchroniser son organisation
```
LDAP_BASEUSER="ou=users,ou=ninegate,o=gouv,c=fr"
@ -188,7 +109,7 @@ LDAP_BASENIVEAU02="ou=niveau02,ou=ninegate,o=gouv,c=fr"
LDAP_BASEGROUP="ou=groups,ou=ninegate,o=gouv,c=fr"
```
**Si masteridentity est à LDAP**
**Si MASTERIDENTITY est à LDAP**
Dans l'interface de ninegate sur les niveaux vous devrait lui indiquer comment créer les utilisateurs de ce niveau via un filtre LDAP
@ -211,6 +132,6 @@ OPENLDAPSYNCHROGROUP
OPENLDAPREQGROUP
```
**Si masteridentity est à SSO**
**Si MASTERIDENTITY est à SSO**
Il n'y a pas de synchronisation, la création / modification des utilisateurs se fait à la connexion de ce dernier.

63
services/10-nineapache/apache/apache.conf Normal file
View File

@ -0,0 +1,63 @@
LoadModule rewrite_module modules/mod_rewrite.so
ServerName nineapache.local
# Log des rewrite
# LogLevel alert rewrite:trace3
# Forcer https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Options Proxy
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
#RequestHeader unset X-Forwarded-Host
#RequestHeader set X-Forwarded-Host "%{HTTP_HOST}s"
#RequestHeader set X-Forwarded-Server "%{HTTP_HOST}s"
#RequestHeader set X-Forwarded-For "%{REMOTE_ADDR}s"
RequestHeader set Host "%{HTTP_HOST}s"
RequestHeader set X-Forwarded-Proto "https"
# Alias pour le répertoire de validation de Certbot
Alias /.well-known/acme-challenge /usr/local/apache2/htdocs/.well-known/acme-challenge
# Exclure les requêtes pour .well-known/acme-challenge de la redirection vers index.php
<Location "/.well-known/acme-challenge">
Options None
Require all granted
</Location>
# Page interne au proxy
DocumentRoot "/app/public"
<Directory "/app/public">
# Rediriger la racine vers le chemin défini dans la variable REDIRECT_PATH
# en 302 pour que les navigateurs ne garde pas en cache la redirection
RewriteCond %{ENV:REDIRECT_PATH} !=""
RewriteRule ^/?$ %{ENV:REDIRECT_PATH} [R=302,L]
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
RewriteEngine On
# Exclure les requêtes vers .well-known/acme-challenge de la redirection
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
RewriteRule .* - [E=BASE:%1]
RewriteCond %{HTTP:Authorization} .+
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
RewriteCond %{ENV:REDIRECT_STATUS} =""
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ %{ENV:BASE}/index.php [L]
</Directory>

17
services/10-nineapache/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,17 @@
services:
# Nineapache
# Reverse proxy de l'ensemble des services
# Seul port ouvert sur l'exterieur
nineapache:
image: reg.cadoles.com/envole/nineapache:8.1
container_name: nine-nineapache
restart: unless-stopped
env_file: ./services/10-nineapache/env/.env.merge
networks:
- nine-network
ports:
- "80:80"
- "443:443"
volumes:
- ./services/10-nineapache/volume/apache:/etc/apache2/conf.d/nine
- ./services/10-nineapache/volume/letsencrypt:/etc/letsencrypt

0
volume/nineboard/data/private/.gitkeep → services/10-nineapache/env/.env vendored
View File

23
services/10-nineapache/misc/nine.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
function upnineapache {
if [[ $NINEAPACHE_ACTIVATE == 1 && $NINEAPACHE_LOCAL == 1 ]]
then
Title ${NINEAPACHE_SERVICE_NAME^^}
EchoVert "CONTAINER"
upservice ${NINEAPACHE_SERVICE_NAME}
Echo
fi
}
function destroynineapache {
if [[ $NINEAPACHE_LOCAL == 1 ]]
then
Title "DESTROY ${NINEAPACHE_SERVICE_NAME}"
stop ${NINEAPACHE_SERVICE_NAME} 1
docker-compose rm -s -v -f "${NINEAPACHE_SERVICE_NAME}"
rm -rf services/10-nineapache/volume/apache
echo ""
fi
}

0
volume/ninegate/data/private/.gitkeep → services/10-nineapache/volume/.gitkeep
View File

18
services/15-mariadb/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,18 @@
services:
# Mariadb
# Base de données des services
# Port interne 3306
mariadb:
image: docker.io/library/mariadb
container_name: nine-mariadb
restart: unless-stopped
healthcheck:
test: /nine/check.sh
interval: 1s
timeout: 60s
env_file: ./services/15-mariadb/env/.env.merge
networks:
- nine-network
volumes:
- ./services/15-mariadb/volume/mysql:/var/lib/mysql
- ./services/15-mariadb/volume/nine:/nine

0
env/.env.zapp.mariadb → services/15-mariadb/env/.env vendored
View File

35
services/15-mariadb/misc/nine.sh Normal file
View File

@ -0,0 +1,35 @@
#!/bin/bash
function upmariadb {
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
Title "MARIADB"
EchoVert "CONTAINER"
upservice $MARIADB_SERVICE_NAME wait
Echo
fi
}
function destroymariadb(){
if [[ $MARIADB_LOCAL == 1 ]]
then
Title "DESTROY $MARIADB_SERVICE_NAME"
stop $MARIADB_SERVICE_NAME 1
docker-compose rm -s -v -f "$MARIADB_SERVICE_NAME"
if [[ -z $1 ]]; then
Question_ouinon "Souhaitez-vous supprimer l'ensemble des bases ?";
response=$?
fi
if [[ "$response" == 0 || ! -z $1 ]]
then
EchoRouge "Suppression de l'ensemble des bases"
sudo rm -rf services/15-mariadb/volume/mysql
fi
echo ""
fi
}

0
volume/mariadb/nine/check.sh → services/15-mariadb/volume/nine/check.sh
View File

0
volume/mariadb/nine/delete.sh → services/15-mariadb/volume/nine/delete.sh
View File

3
services/15-mariadb/volume/nine/init.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
mariadb -u root -p$MARIADB_ROOT_PASSWORD -e "CREATE DATABASE IF NOT EXISTS $1;"
mariadb -u root -p$MARIADB_ROOT_PASSWORD -e "GRANT ALL PRIVILEGES ON $1.* TO '$MARIADB_USER'@'%';"

9
services/30-minio/apache/apache.conf Normal file
View File

@ -0,0 +1,9 @@
# Minio = pour l'instant je n'arrive pas à faire fonctionner la console minio derrière un proxy
#ProxyPass /minio http://minio:9001 retry=0 keepalive=On
#ProxyPassReverse /minio http://minio:9001 retry=0
#RewriteEngine On
#RewriteCond %{HTTP:Upgrade} =websocket [NC]
#RewriteRule /minio/(.*) ws://minio:9001/$1 [P,L]
#RewriteCond %{HTTP:Upgrade} !=websocket [NC]
#RewriteRule /minio/(.*) http://minio:9001/$1 [P,L]

15
services/30-minio/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,15 @@
services:
# Minio
# Stocakge S3
# Port interne 9000 pour le stockage / Port interne 9001 pour l'interface web
minio:
image: bitnami/minio
container_name: nine-minio
restart: unless-stopped
env_file: ./services/30-minio/env/.env.merge
ports:
- "9001:9001"
networks:
- nine-network
volumes:
- './services/30-minio/volume/data:/data'

6
env/.env.zapp.minio → services/30-minio/env/.env vendored
View File

@ -4,4 +4,10 @@
MINIO_ROOT_USER=${ADMIN_USER}
MINIO_ROOT_PASSWORD=${ADMIN_PASSWORD}
MINIO_DEFAULT_BUCKETS=nine
MINIO_API_PORT_NUMBER=9000
MINIO_CONSOLE_PORT_NUMBER=9001
#MINIO_SERVER_URL="${PROTOCOLE}://${WEB_URL}"
#MINIO_BROWSER_REDIRECT_URL="${MINIO_URL}"
#MINIO_SCHEME=${PROTOCOLE}
#BITNAMI_DEBUG=true

33
services/30-minio/misc/nine.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
function upminio {
if [[ $MINIO_ACTIVATE == 1 && $MINIO_LOCAL == 1 ]]
then
Title "MINIO"
EchoVert "CONTAINER"
upservice $MINIO_SERVICE_NAME
Echo
fi
}
function destroyminio(){
if [[ $MINIO_LOCAL == 1 ]]
then
Title "DESTROY $MINIO_SERVICE_NAME"
stop $MINIO_SERVICE_NAME 1
docker-compose rm -s -v -f "$MINIO_SERVICE_NAME"
if [[ -z $1 ]]; then
Question_ouinon "Souhaitez-vous supprimer les fichiers stockés dans $MINIO_SERVICE_NAME ?";
response=$?
fi
if [[ "$response" == 0 || ! -z $1 ]]
then
EchoRouge "Suppression des fichiers stockés sur $MINIO_SERVICE_NAME"
sudo rm -rf ./services/30-minio/volume/data
fi
echo ""
fi
}

0
services/30-minio/volume/.gitkeep Normal file
View File

14
services/30-mta/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,14 @@
# Passerelle courriel pour les autres conteneurs
services:
mta:
image: postfix
container_name: mta
restart: unless-stopped
env_file: ./services/30-mta/env/.env.merge
networks:
- nine-network
secrets:
- postfix_password
secrets:
postfix_password:
file: ./services/30-mta/secrets/postfix_password.txt

4
services/30-mta/env/.env vendored Normal file
View File

@ -0,0 +1,4 @@
POSTFIX_HOSTNAME="nine.local"
POSTFIX_RELAY_HOST="$MTA_RELAY_HOST:$MTA_RELAY_PORT"
POSTFIX_RELAY_USER="$MTA_RELAY_USER"
POSTFIX_RELAY_PASSWORD_FILE="/run/secrets/postfix_password"

22
services/30-mta/misc/nine.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
function upmta {
if [[ $MTA_ACTIVATE == 1 && $MTA_LOCAL == 1 ]]
then
Title ${MTA_SERVICE_NAME^^}
EchoVert "CONTAINER"
upservice ${MTA_SERVICE_NAME}
Echo
fi
}
function destroymta {
if [[ $MTA_LOCAL == 1 ]]
then
Title "DESTROY ${MTA_SERVICE_NAME}"
stop ${MTA_SERVICE_NAME} 1
docker-compose rm -s -v -f "${MTA_SERVICE_NAME}"
echo ""
fi
}

1
services/30-mta/secrets/postfix_password.txt Normal file
View File

@ -0,0 +1 @@
secret

2
services/30-openldap/dicos/.env.dicos Normal file
View File

@ -0,0 +1,2 @@
templates=services/30-openldap/tmpl/nine.ldif
destinations=services/30-openldap/volume/nine/ldif/nine.ldif

18
services/30-openldap/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,18 @@
services:
# Openldap
# Annuaire
# Port interne 1389 & 1636
openldap:
image: docker.io/bitnami/openldap:2
container_name: nine-openldap
restart: unless-stopped
healthcheck:
test: /nine/check.sh
interval: 1s
timeout: 60s
env_file: ./services/30-openldap/env/.env.merge
networks:
- nine-network
volumes:
- './services/30-openldap/volume/data:/bitnami/openldap'
- './services/30-openldap/volume/nine:/nine'

0
env/.env.zapp.openldap → services/30-openldap/env/.env vendored
View File

38
services/30-openldap/misc/nine.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
function upopenldap {
if [[ $OPENLDAP_ACTIVATE == 1 && $OPENLDAP_LOCAL == 1 ]]
then
Title ${OPENLDAP_SERVICE_NAME^^}
EchoVert "CONTAINER"
mkdir -p ./services/30-openldap/volume/data
chmod a+wr ./services/30-openldap/volume/data
upservice $OPENLDAP_SERVICE_NAME wait
docker-compose exec $OPENLDAP_SERVICE_NAME /nine/init.sh
Echo
fi
}
function destroyopenldap {
if [[ $OPENLDAP_LOCAL == 1 ]]
then
Title "DESTROY $OPENLDAP_SERVICE_NAME"
stop $OPENLDAP_SERVICE_NAME 1
docker-compose rm -s -v -f "$OPENLDAP_SERVICE_NAME"
if [[ -z $1 ]]; then
Question_ouinon "Souhaitez-vous supprimer l'annuaire associé à $OPENLDAP_SERVICE_NAME ?";
response=$?
fi
if [[ "$response" == 0 || ! -z $1 ]]
then
EchoRouge "Suppression de l'annuaire"
rm -rf ./services/30-openldap/volume/data
fi
echo ""
fi
}

66
services/30-openldap/tmpl/nine.ldif Executable file
View File

@ -0,0 +1,66 @@
# Entrée 3: ${LDAP_BASEORGANISATION}
dn: ${LDAP_BASEORGANISATION}
objectclass: organizationalUnit
objectclass: top
ou: ${LDAP_OUORGANISATION}
# Entrée 4: ${LDAP_BASENIVEAU01}
dn: ${LDAP_BASENIVEAU01}
objectclass: organizationalUnit
objectclass: top
ou: ${LDAP_OUNIVEAU01}
# Entrée 5: cn=${LDAP_OUORGANISATION},${LDAP_BASENIVEAU01}
dn: cn=${LDAP_OUORGANISATION},${LDAP_BASENIVEAU01}
objectclass: posixGroup
objectclass: top
objectclass: sambaGroupMapping
objectclass: cadolesGroup
objectclass: cadolesSiren
cn: ${LDAP_OUORGANISATION}
gidnumber: 1
memberuid: ${ADMIN_USER}
cadolesMember: ${LDAP_USERNAME}=${ADMIN_USER},${LDAP_BASEUSER}
sambagrouptype: 2
sambasid: 1
siren: ${LDAP_OUORGANISATION}
# Entrée 6: ${LDAP_BASENIVEAU02}
dn: ${LDAP_BASENIVEAU02}
objectclass: organizationalUnit
objectclass: top
ou: ${LDAP_OUNIVEAU02}
# Entrée 7: ${LDAP_BASEGROUP}
dn: ${LDAP_BASEGROUP}
objectclass: organizationalUnit
objectclass: top
ou: ${LDAP_OUNIVEAU02}
# Entrée 8: ${LDAP_BASEUSER}
dn: ${LDAP_BASEUSER}
objectclass: organizationalUnit
objectclass: top
ou: users
# Entrée 9: ${LDAP_USERNAME}=${ADMIN_USER},${LDAP_BASEUSER}
dn: ${LDAP_USERNAME}=${ADMIN_USER},${LDAP_BASEUSER}
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: cadolesPerson
objectclass: cadolesSiren
objectclass: cadolesSiret
authlevel: simple
${LDAP_USERNAME}: ${ADMIN_USER}
cn: ${ADMIN_USER}
${LDAP_LASTNAME}: ${ADMIN_USER}
${LDAP_DISPLAYNAME}: ${ADMIN_USER}
${LDAP_FIRSTNAME}: ${ADMIN_USER}
${LDAP_EMAIL}: ${ADMIN_EMAIL}
siren: ${LDAP_OUORGANISATION}
${LDAP_OUNIVEAU01}: ${LDAP_OUNIVEAU01}
userpassword: {SSHA}JYfvUM9Hf/v/NbWR5zgUkt4E5lBRGuR2

1
services/30-openldap/volume/nine/changepassword.sh Executable file
View File

@ -0,0 +1 @@
ldappasswd -x -H ldap://${LDAP_HOST}:${LDAP_PORT} -D ${LDAP_USER} -w ${LDAP_PASSWORD} -s $2 "${LDAP_USERNAME}=$1,${LDAP_BASEUSER}"

0
volume/openldap/nine/check.sh → services/30-openldap/volume/nine/check.sh
View File

0
volume/openldap/nine/debug/debug.sh → services/30-openldap/volume/nine/debug/debug.sh
View File

0
volume/openldap/nine/debug/libopenldap.sh → services/30-openldap/volume/nine/debug/libopenldap.sh
View File

2
volume/openldap/nine/init.sh → services/30-openldap/volume/nine/init.sh
View File

@ -10,7 +10,7 @@ then
ldapdelete ou=users,${LDAP_BASEDN} -r -H ldap://${LDAP_HOST}:${LDAP_PORT} -D ${LDAP_USER} -w ${LDAP_PASSWORD} 2>/dev/null
# Integration du ldif de base
ldapadd -H ldap://${LDAP_HOST}:${LDAP_PORT} -D ${LDAP_USER} -w ${LDAP_PASSWORD} -f '/nine/ldif/cadoles.ldif' 2>/dev/null
ldapadd -H ldap://${LDAP_HOST}:${LDAP_PORT} -D ${LDAP_USER} -w ${LDAP_PASSWORD} -f '/nine/ldif/nine.ldif' 2>/dev/null
/nine/changepassword.sh admin ${ADMIN_PASSWORD}

0
services/30-openldap/volume/nine/ldif/.gitkeep Normal file
View File

0
volume/openldap/nine/schema/cadoles.ldif → services/30-openldap/volume/nine/schema/cadoles.ldif
View File

14
services/30-redis/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,14 @@
services:
# Redis
# Base de données redis pour les services qui souhaitent stocker leur session en bdd
# Port interne 6379
redis:
image: redis:4.0
container_name: nine-redis
env_file: ./services/30-redis/env/.env.merge
networks:
- nine-network
environment:
- TZ=Europe/Paris
volumes:
- ./services/30-redis/volume/data:/data:rw

3
services/30-redis/env/.env vendored Normal file
View File

@ -0,0 +1,3 @@
# == REDIS ================================================================================================================================

33
services/30-redis/misc/nine.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
function upredis {
if [[ $REDIS_ACTIVATE == 1 && $REDIS_LOCAL == 1 ]]
then
Title "REDIS"
EchoVert "CONTAINER"
upservice $REDIS_SERVICE_NAME
Echo
fi
}
function destroyredis(){
if [[ $REDIS_LOCAL == 1 ]]
then
Title "DESTROY $REDIS_SERVICE_NAME"
stop $REDIS_SERVICE_NAME 1
docker-compose rm -s -v -f "$REDIS_SERVICE_NAME"
if [[ -z $1 ]]; then
Question_ouinon "Souhaitez-vous supprimer la BDD associé à $REDIS_SERVICE_NAME ?";
response=$?
fi
if [[ "$response" == 0 || ! -z $1 ]]
then
EchoRouge "Delete BDD = $REDIS_SERVICE_NAME"
rm -rf services/30-redis/volume/data
fi
echo ""
fi
}

11
services/35-sentinel/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,11 @@
services:
# Sentinel
# Sentinel du servince redis
# Port interne 26379
sentinel:
image: reg.cadoles.com/envole/sentinel
container_name: nine-sentinel
env_file: ./services/35-sentinel/env/.env.merge
networks:
- nine-network

3
services/35-sentinel/env/.env vendored Normal file
View File

@ -0,0 +1,3 @@
# == SENTINEL ================================================================================================================================

23
services/35-sentinel/misc/nine.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
function upsentinel {
if [[ $SENTINEL_ACTIVATE == 1 && $SENTINEL_LOCAL == 1 ]]
then
Title "SENTINEL"
EchoVert "CONTAINER"
upservice $SENTINEL_SERVICE_NAME
Echo
fi
}
function destroysentinel(){
if [[ $SENTINEL_LOCAL == 1 ]]
then
Title "DESTROY $SENTINEL_SERVICE_NAME"
stop $SENTINEL_SERVICE_NAME 1
docker-compose rm -s -v -f "$SENTINEL_SERVICE_NAME"
echo ""
fi
}

4
services/40-keycloak/apache/apache.conf Normal file
View File

@ -0,0 +1,4 @@
# Keycloak
ProxyPass /auth http://keycloak:8999/auth retry=0 keepalive=On
ProxyPassReverse /auth http://keycloak:8999/auth retry=0

2
services/40-keycloak/dicos/.env.dicos Normal file
View File

@ -0,0 +1,2 @@
templates=services/40-keycloak/tmpl/realm-export.json
destinations=services/40-keycloak/volume/realm/realm-export.json

26
services/40-keycloak/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,26 @@
services:
# Keycloak
# serveur SSO
# Port interne 8999 & 8443
keycloak:
image: reg.cadoles.com/envole/keycloak:24.0.5
container_name: nine-keycloak
restart: unless-stopped
env_file: ./services/40-keycloak/env/.env.merge
networks:
- nine-network
volumes:
- ./services/40-keycloak/volume/realm:/opt/keycloak/data/import
- ./services/40-keycloak/volume/nine:/nine
- ./services/40-keycloak/volume/themes:/opt/keycloak/themes
command:
- start
- --spi-theme-static-max-age=-1
- --spi-theme-cache-themes=false
- --spi-theme-cache-templates=false
- --import-realm
- --proxy-headers
- xforwarded
- --http-relative-path
- /auth

13
env/.env.zapp.keycloak → services/40-keycloak/env/.env vendored
View File

@ -1,8 +1,8 @@
# == KEYCLOAK =============================================================================================================================
KEYCLOAK_ADMIN=${CAS_USER}
KEYCLOAK_ADMIN_PASSWORD=${CAS_PASSWORD}
KEYCLOAK_ADMIN=${KEYCLOAK_USER}
KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD}
KC_DB=mariadb
KC_DB_URL=jdbc:mariadb://${MARIADB_HOST}:${MARIADB_PORT}/keycloak
@ -12,12 +12,11 @@ KC_DB_PASSWORD=${MARIADB_PASSWORD}
KC_HTTPS_CERTIFICATE_FILE=/nine/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE=/nine/server.key.pem
KC_HOSTNAME_PATH=/auth
KC_HTTP_PORT=8999
KC_HOSTNAME=nine.local
KC_HOSTNAME_STRICT=false
KC_HOSTNAME=${WEB_URL}
KC_PROXY_ADDRESS_FORWARDING=true
KC_PROXY_HEADERS=xforwarded
KC_HTTP_PORT=8999
KC_HTTP_ENABLED=true
KC_IMPORT=/nine/realm-export.json
KC_HOSTNAME_STRICT=false

43
services/40-keycloak/misc/nine.sh Normal file
View File

@ -0,0 +1,43 @@
#!/bin/bash
function upkeycloak {
if [[ $KEYCLOAK_ACTIVATE == 1 && $KEYCLOAK_LOCAL == 1 ]]
then
Title ${KEYCLOAK_SERVICE_NAME^^}
# CREATE BDD
if [[ $MARIADB_ACTIVATE == 1 && $MARIADB_LOCAL == 1 ]]
then
EchoVert "DATABASE"
Echo ${KEYCLOAK_SERVICE_NAME^^}
docker-compose exec $MARIADB_SERVICE_NAME /nine/init.sh $KEYCLOAK_SERVICE_NAME
Echo
fi
EchoVert "CONTAINER"
upservice $KEYCLOAK_SERVICE_NAME
Echo
fi
}
function destroykeycloak {
if [[ $KEYCLOAK_LOCAL == 1 ]]
then
Title "DESTROY ${KEYCLOAK_SERVICE_NAME}"
stop ${KEYCLOAK_SERVICE_NAME} 1
docker-compose rm -s -v -f "${KEYCLOAK_SERVICE_NAME}"
if [[ -z $1 ]]; then
Question_ouinon "Souhaitez-vous supprimer la BDD associé à $KEYCLOAK_SERVICE_NAME ?";
response=$?
fi
if [[ "$response" == 0 || ! -z $1 ]]
then
EchoRouge "Delete BDD = $KEYCLOAK_SERVICE_NAME"
docker-compose exec $MARIADB_SERVICE_NAME /nine/delete.sh $KEYCLOAK_SERVICE_NAME
fi
echo ""
fi
}

2380
services/40-keycloak/tmpl/realm-export.json Normal file
View File

@ -0,0 +1,2380 @@
{
"id": "8c01436d-9073-418c-940e-6b6178066782",
"realm": "nine",
"displayName": "Keycloak",
"displayNameHtml": "<div class=\"kc-logo-text\"><span>Nine</span></div>",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 60,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": false,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxTemporaryLockouts": 0,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"defaultRole": {
"id": "c6cb73d9-9ced-4620-8c2a-f03306b7d0a2",
"name": "default-roles-nine",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
"containerId": "8c01436d-9073-418c-940e-6b6178066782"
},
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpPolicyCodeReusable": false,
"otpSupportedApplications": [
"totpAppFreeOTPName",
"totpAppGoogleName",
"totpAppMicrosoftAuthenticatorName"
],
"localizationTexts": {},
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyExtraOrigins": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"webAuthnPolicyPasswordlessExtraOrigins": [],
"scopeMappings": [
{
"clientScope": "offline_access",
"roles": [
"offline_access"
]
}
],
"clientScopeMappings": {
"account": [
{
"client": "account-console",
"roles": [
"manage-account",
"view-groups"
]
}
]
},
"clients": [
{
"id": "233d4e12-e0f2-4ac9-83ff-d83e408c41b1",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/nine/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/realms/nine/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"post.logout.redirect.uris": "+"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "948e92a9-d96a-4b75-9300-bb4ddf11166c",
"name": "full name",
"protocol": "cas",
"protocolMapper": "cas-full-name-mapper",
"consentRequired": false,
"config": {
"claim.name": "cn",
"jsonType.label": "String"
}
},
{
"id": "0493b3b4-6b22-47ca-8942-77b0d6f6b4c0",
"name": "email",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "email",
"claim.name": "mail",
"jsonType.label": "String"
}
},
{
"id": "f3c849e4-0e9e-4e64-a177-f58506a50942",
"name": "given name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "firstName",
"claim.name": "givenName",
"jsonType.label": "String"
}
},
{
"id": "c85e0aee-70df-4684-897a-178221e01856",
"name": "family name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "lastName",
"claim.name": "sn",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "b5094515-d074-49df-8354-11aa5a748f39",
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/nine/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/realms/nine/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"post.logout.redirect.uris": "+",
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "689cb46e-9af9-4967-97c8-c44dcc96fd9d",
"name": "full name",
"protocol": "cas",
"protocolMapper": "cas-full-name-mapper",
"consentRequired": false,
"config": {
"claim.name": "cn",
"jsonType.label": "String"
}
},
{
"id": "d798371a-1b03-4dd7-8b35-2dc736cfb384",
"name": "family name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "lastName",
"claim.name": "sn",
"jsonType.label": "String"
}
},
{
"id": "f9e1aaf2-6bf5-4652-9f37-4c3c94a5d6b9",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
},
{
"id": "528c18f8-2a2e-44fa-9429-77bdd8d679e9",
"name": "email",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "email",
"claim.name": "mail",
"jsonType.label": "String"
}
},
{
"id": "93f8c307-5296-4773-82f9-b2791c2302d7",
"name": "given name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "firstName",
"claim.name": "givenName",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "64bd651e-62b0-4d4c-846d-d41a64e9168d",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "b07a89df-98e3-4ed1-8611-4be22376db88",
"name": "full name",
"protocol": "cas",
"protocolMapper": "cas-full-name-mapper",
"consentRequired": false,
"config": {
"claim.name": "cn",
"jsonType.label": "String"
}
},
{
"id": "24437aa5-70c3-42d8-b279-9e9775de8bd1",
"name": "email",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "email",
"claim.name": "mail",
"jsonType.label": "String"
}
},
{
"id": "7c3eb243-db59-4f9d-a230-f26162d7fde1",
"name": "given name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "firstName",
"claim.name": "givenName",
"jsonType.label": "String"
}
},
{
"id": "aaf9c300-14af-4999-a0f6-cd01363d6f2c",
"name": "family name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "lastName",
"claim.name": "sn",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "29badf9a-5911-4c4c-a3bb-544e53a39603",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "38457dea-3c4d-45f7-9e57-bf57c21125cf",
"name": "full name",
"protocol": "cas",
"protocolMapper": "cas-full-name-mapper",
"consentRequired": false,
"config": {
"claim.name": "cn",
"jsonType.label": "String"
}
},
{
"id": "475e052f-bda8-4fbc-b0d8-90e1dd60cf5a",
"name": "family name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "lastName",
"claim.name": "sn",
"jsonType.label": "String"
}
},
{
"id": "d2ce31a8-bd06-4f59-ad2b-f0c99950eb13",
"name": "given name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "firstName",
"claim.name": "givenName",
"jsonType.label": "String"
}
},
{
"id": "6f1164c7-2b43-4957-a174-42e311dc2b2b",
"name": "email",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "email",
"claim.name": "mail",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "d1f15fb9-2780-44b7-b673-317bde459ee3",
"clientId": "nine-realm",
"name": "Nine Realm",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "0369c3c4-5619-458d-9968-474ce7468e36",
"clientId": "nine",
"name": "",
"description": "",
"rootUrl": "${PROTOCOLE}://${WEB_URL}",
"adminUrl": "${PROTOCOLE}://${WEB_URL}",
"baseUrl": "${PROTOCOLE}://${WEB_URL}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"${PROTOCOLE}://${WEB_URL}/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": true,
"protocol": "cas",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "51dda658-3bda-4426-a2ac-4a4116d47c5b",
"name": "full name",
"protocol": "cas",
"protocolMapper": "cas-full-name-mapper",
"consentRequired": false,
"config": {
"claim.name": "cn",
"jsonType.label": "String"
}
},
{
"id": "b0ef29ec-43e6-4de1-a32a-428b8cc9256f",
"name": "family name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "lastName",
"claim.name": "sn",
"jsonType.label": "String"
}
},
{
"id": "2513a533-dd8a-4ac9-a5e4-a112782747c2",
"name": "given name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "firstName",
"claim.name": "givenName",
"jsonType.label": "String"
}
},
{
"id": "53ade622-b842-40ab-9865-2d915edb33a9",
"name": "email",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "email",
"claim.name": "mail",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [],
"optionalClientScopes": []
},
{
"id": "f2669799-582f-4b47-af83-3d6e038ab26f",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
"baseUrl": "/admin/nine/console/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"/admin/nine/console/*"
],
"webOrigins": [
"+"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"post.logout.redirect.uris": "+",
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "f82de958-ae41-4c7d-a083-6e2d50c5a7d7",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
},
{
"id": "a03ae4fe-184c-4d69-9406-d09c14679b75",
"name": "email",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "email",
"claim.name": "mail",
"jsonType.label": "String"
}
},
{
"id": "a6df64fe-f3cb-4f4f-81fa-a07f97cc3f81",
"name": "family name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "lastName",
"claim.name": "sn",
"jsonType.label": "String"
}
},
{
"id": "1550aa6b-3498-4b21-9585-0744b340ab26",
"name": "given name",
"protocol": "cas",
"protocolMapper": "cas-usermodel-property-mapper",
"consentRequired": false,
"config": {
"user.attribute": "firstName",
"claim.name": "givenName",
"jsonType.label": "String"
}
},
{
"id": "9c698b95-7793-43af-9fd4-6ea8d1e77f0f",
"name": "full name",
"protocol": "cas",
"protocolMapper": "cas-full-name-mapper",
"consentRequired": false,
"config": {
"claim.name": "cn",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
],
"clientScopes": [
{
"id": "44f5b9b0-613d-474b-a01f-4a0034dfcbf0",
"name": "address",
"description": "OpenID Connect built-in scope: address",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${addressScopeConsentText}"
},
"protocolMappers": [
{
"id": "7fca379b-3748-448d-a3bc-b5594ba9a4d1",
"name": "address",
"protocol": "openid-connect",
"protocolMapper": "oidc-address-mapper",
"consentRequired": false,
"config": {
"user.attribute.formatted": "formatted",
"user.attribute.country": "country",
"introspection.token.claim": "true",
"user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
"user.attribute.street": "street",
"id.token.claim": "true",
"user.attribute.region": "region",
"access.token.claim": "true",
"user.attribute.locality": "locality"
}
}
]
},
{
"id": "f7c624a7-450e-4d80-9c79-7ffc13253ef1",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
"attributes": {
"consent.screen.text": "${samlRoleListScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "0b0c0090-6428-4f0d-9b4e-aa16a95aca86",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
}
]
},
{
"id": "1aecf9c9-4cfb-4d38-b2c7-b123c0b70f3c",
"name": "acr",
"description": "OpenID Connect scope for add acr (authentication context class reference) to the token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "9b0fccab-e157-458a-b8ee-588f4e6749f7",
"name": "acr loa level",
"protocol": "openid-connect",
"protocolMapper": "oidc-acr-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"introspection.token.claim": "true"
}
}
]
},
{
"id": "3f5c736b-6ee5-4b62-a8f3-9c5ce50c590b",
"name": "offline_access",
"description": "OpenID Connect built-in scope: offline_access",
"protocol": "openid-connect",
"attributes": {
"consent.screen.text": "${offlineAccessScopeConsentText}",
"display.on.consent.screen": "true"
}
},
{
"id": "108a7d33-774c-43e0-b53a-11bc47e370b1",
"name": "microprofile-jwt",
"description": "Microprofile - JWT built-in scope",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "08b725cb-24b7-40f8-84b2-06c1f603b6dd",
"name": "upn",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "upn",
"jsonType.label": "String"
}
},
{
"id": "74767889-becd-41c1-9f73-a95696e3a50a",
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"multivalued": "true",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"jsonType.label": "String"
}
}
]
},
{
"id": "dbb54e59-442b-4ba7-a57e-a7bfa1a69639",
"name": "phone",
"description": "OpenID Connect built-in scope: phone",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${phoneScopeConsentText}"
},
"protocolMappers": [
{
"id": "141307b6-f544-4952-aa08-bd25c5cbb064",
"name": "phone number verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "phoneNumberVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number_verified",
"jsonType.label": "boolean"
}
},
{
"id": "2ba0989c-e084-4a1c-b61d-b16e8163075a",
"name": "phone number",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "phoneNumber",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number",
"jsonType.label": "String"
}
}
]
},
{
"id": "a0bcda9b-a848-4b56-8e20-c04002a34275",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"consent.screen.text": "${rolesScopeConsentText}"
},
"protocolMappers": [
{
"id": "4144f3eb-7963-4a18-a3dd-e269042ee8e5",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String"
}
},
{
"id": "f94cef89-ceec-4644-b61b-08d13f8107ab",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {
"access.token.claim": "true",
"introspection.token.claim": "true"
}
},
{
"id": "8bdd8757-4f3b-4e81-89af-84771ba5f27f",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String"
}
}
]
},
{
"id": "30fc2b82-026a-4633-b44b-9aa00fad5dd2",
"name": "profile",
"description": "OpenID Connect built-in scope: profile",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${profileScopeConsentText}"
},
"protocolMappers": [
{
"id": "70d3b52d-e817-4530-8f39-c78fd36dd2ec",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "3981e8a2-b98c-4b5b-a829-a6c7a78e78aa",
"name": "picture",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "picture",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "picture",
"jsonType.label": "String"
}
},
{
"id": "b8ff8f12-b4ad-4824-b80e-3ed24d2cf0d5",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "f57f5e63-76e6-49cd-a626-6a1719178bb6",
"name": "gender",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "gender",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "gender",
"jsonType.label": "String"
}
},
{
"id": "93e59cd5-58da-4bc1-85bd-b3c30f22672c",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
},
{
"id": "3d5e9f25-6957-47a6-adf6-28dce56cde6c",
"name": "zoneinfo",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "zoneinfo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "zoneinfo",
"jsonType.label": "String"
}
},
{
"id": "b382c7d1-7eee-4116-a559-cc1b7995c02a",
"name": "website",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "website",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "website",
"jsonType.label": "String"
}
},
{
"id": "b0f598b6-4423-4851-9340-af4b4ce2372c",
"name": "updated at",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "updatedAt",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "updated_at",
"jsonType.label": "long"
}
},
{
"id": "1b46128d-59cf-4784-919a-6b6d239a7cb3",
"name": "middle name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "middleName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "middle_name",
"jsonType.label": "String"
}
},
{
"id": "3ecceb6a-19af-4dac-800d-02e1bf5e583c",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "731c33ad-e095-4773-ad96-6d7d15f6ca6a",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"introspection.token.claim": "true",
"userinfo.token.claim": "true"
}
},
{
"id": "5644efe6-3b6f-4da6-9a24-1050e187373d",
"name": "birthdate",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "birthdate",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "birthdate",
"jsonType.label": "String"
}
},
{
"id": "0b74b6fc-dd25-49c9-92b3-4c0c24c0f400",
"name": "nickname",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "nickname",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "nickname",
"jsonType.label": "String"
}
},
{
"id": "0da3ead5-e8da-44d4-b305-202250b8ba8e",
"name": "profile",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "profile",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "profile",
"jsonType.label": "String"
}
}
]
},
{
"id": "472d994e-e8b6-488e-b0dd-c22683a7288a",
"name": "email",
"description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${emailScopeConsentText}"
},
"protocolMappers": [
{
"id": "94581337-8186-4eed-b4a7-15dde470a949",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean"
}
},
{
"id": "789c447c-c5d4-41d1-bc57-f333fad86b3f",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"introspection.token.claim": "true",
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
}
]
},
{
"id": "f1befe1c-6a3d-4407-afce-bd5323b3617a",
"name": "web-origins",
"description": "OpenID Connect scope for add allowed web origins to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false",
"consent.screen.text": ""
},
"protocolMappers": [
{
"id": "9d42f847-50ea-4d25-b7c5-1390606a935d",
"name": "allowed web origins",
"protocol": "openid-connect",
"protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {
"access.token.claim": "true",
"introspection.token.claim": "true"
}
}
]
}
],
"defaultDefaultClientScopes": [
"acr",
"profile",
"email",
"roles",
"web-origins",
"role_list"
],
"defaultOptionalClientScopes": [
"microprofile-jwt",
"offline_access",
"address",
"phone"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"referrerPolicy": "no-referrer",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"xXSSProtection": "1; mode=block",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"identityProviders": [],
"identityProviderMappers": [],
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
"id": "23af680b-0b89-4857-b4f7-350b6c2e220d",
"name": "Full Scope Disabled",
"providerId": "scope",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "cdc6000c-d869-49cf-952d-4da8f1d415fb",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
"subComponents": {},
"config": {
"host-sending-registration-request-must-match": [
"true"
],
"client-uris-must-match": [
"true"
]
}
},
{
"id": "b5dc34f8-d83b-46e1-8937-f99477889e3d",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-address-mapper",
"saml-user-attribute-mapper",
"oidc-usermodel-attribute-mapper",
"saml-user-property-mapper",
"saml-role-list-mapper",
"oidc-full-name-mapper",
"oidc-usermodel-property-mapper",
"oidc-sha256-pairwise-sub-mapper"
]
}
},
{
"id": "70694b72-a05c-4333-b5a9-e999b8c94baf",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
"subComponents": {},
"config": {
"max-clients": [
"200"
]
}
},
{
"id": "e744782e-3ad6-43e5-b833-492954f741f3",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "anonymous",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "f4f0c4a7-3c81-47bc-a1f7-e064ade250a0",
"name": "Consent Required",
"providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "a458c0dd-a4b1-4f81-a1a3-f96e1d6876e7",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "4fe5808b-36cf-4d06-a450-f34ab07b1fc7",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"saml-user-attribute-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-usermodel-property-mapper",
"oidc-address-mapper",
"oidc-full-name-mapper",
"saml-user-property-mapper",
"oidc-usermodel-attribute-mapper",
"saml-role-list-mapper"
]
}
}
],
"org.keycloak.storage.UserStorageProvider": [
{
"id": "ec9f5ff8-7e9f-4bc3-a497-40d2529f230c",
"name": "ldap",
"providerId": "ldap",
"subComponents": {
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
{
"id": "675c4ceb-ad7e-4ad1-9248-9bd1baff6c0e",
"name": "MSAD account controls",
"providerId": "msad-user-account-control-mapper",
"subComponents": {},
"config": {
"always.read.enabled.value.from.ldap": [
"true"
]
}
},
{
"id": "e5364a67-473c-4b4f-8a0e-b1b20f96b2cc",
"name": "username",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"${LDAP_USERNAME}"
],
"is.mandatory.in.ldap": [
"true"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"false"
],
"user.model.attribute": [
"username"
]
}
},
{
"id": "56f2e0ab-bb99-40b7-95ed-def5758724b0",
"name": "creation date",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"whenCreated"
],
"is.mandatory.in.ldap": [
"false"
],
"always.read.value.from.ldap": [
"true"
],
"read.only": [
"true"
],
"user.model.attribute": [
"createTimestamp"
]
}
},
{
"id": "a74b9186-df91-40c9-8862-74088daa11b4",
"name": "email",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"${LDAP_EMAIL}"
],
"is.mandatory.in.ldap": [
"false"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"false"
],
"user.model.attribute": [
"email"
]
}
},
{
"id": "6ea199ee-b4f8-4610-b52d-3fe8b24e731d",
"name": "modify date",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"whenChanged"
],
"is.mandatory.in.ldap": [
"false"
],
"always.read.value.from.ldap": [
"true"
],
"read.only": [
"true"
],
"user.model.attribute": [
"modifyTimestamp"
]
}
},
{
"id": "8ed3a4f0-3c65-48fb-8d4b-60ca8c256893",
"name": "last name",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"${LDAP_LASTNAME}"
],
"is.mandatory.in.ldap": [
"true"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"lastName"
]
}
},
{
"id": "7993f193-0dd8-4901-8568-d19f5071be4c",
"name": "first name",
"providerId": "user-attribute-ldap-mapper",
"subComponents": {},
"config": {
"ldap.attribute": [
"${LDAP_FIRSTNAME}"
],
"is.mandatory.in.ldap": [
"true"
],
"read.only": [
"false"
],
"always.read.value.from.ldap": [
"true"
],
"user.model.attribute": [
"firstName"
]
}
}
]
},
"config": {
"fullSyncPeriod": [
"-1"
],
"pagination": [
"false"
],
"startTls": [
"false"
],
"connectionPooling": [
"false"
],
"usersDn": [
"${LDAP_BASEUSER}"
],
"cachePolicy": [
"DEFAULT"
],
"useKerberosForPasswordAuthentication": [
"false"
],
"importEnabled": [
"true"
],
"enabled": [
"true"
],
"usernameLDAPAttribute": [
"${LDAP_USERNAME}"
],
"bindDn": [
"${LDAP_USER}"
],
"bindCredential": [
"${LDAP_PASSWORD}"
],
"changedSyncPeriod": [
"-1"
],
"vendor": [
"ad"
],
"uuidLDAPAttribute": [
"${LDAP_USERNAME}"
],
"allowKerberosAuthentication": [
"false"
],
"connectionUrl": [
"ldap://${LDAP_HOST}:${LDAP_PORT}"
],
"syncRegistrations": [
"true"
],
"authType": [
"simple"
],
"krbPrincipalAttribute": [
"userPrincipalName"
],
"customUserSearchFilter": [
""
],
"searchScope": [
"2"
],
"useTruststoreSpi": [
"always"
],
"usePasswordModifyExtendedOp": [
"false"
],
"trustEmail": [
"false"
],
"userObjectClasses": [
"person, organizationalPerson"
],
"rdnLDAPAttribute": [
"${LDAP_USERNAME}"
],
"editMode": [
"READ_ONLY"
],
"validatePasswordPolicy": [
"false"
]
}
}
],
"org.keycloak.userprofile.UserProfileProvider": [
{
"id": "1a37be47-9d7f-4a11-9164-aec609d02ca5",
"providerId": "declarative-user-profile",
"subComponents": {},
"config": {
"kc.user.profile.config": [
"{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}]}"
]
}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "6081048e-5704-4c3b-857d-9e07abde9899",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "2f926d8a-0ead-4a97-a067-2cf87fa21e40",
"name": "hmac-generated-hs512",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS512"
]
}
},
{
"id": "4e12d30a-0ddd-4723-a1b9-3aa8a0bee122",
"name": "rsa-enc-generated",
"providerId": "rsa-enc-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"RSA-OAEP"
]
}
},
{
"id": "31d61106-da3a-42c4-b6b3-b683352ebb0f",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
}
]
},
"internationalizationEnabled": true,
"supportedLocales": [
"fr"
],
"defaultLocale": "fr",
"authenticationFlows": [
{
"id": "6f96a656-96bf-4dfb-ae4c-5a8f0b8b8dbd",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-email-verification",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Verify Existing Account by Re-authentication",
"userSetupAllowed": false
}
]
},
{
"id": "263ef5c8-371f-497a-849d-71e99baa0e69",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "bb77c574-7c8a-4b03-9621-a459eb698ab8",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "direct-grant-validate-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "79e04092-ee16-4d4a-9f46-6d6fa7c3a2b2",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-otp-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "20994506-5361-4b3a-bcbf-80df6479540e",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-confirm-link",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Account verification options",
"userSetupAllowed": false
}
]
},
{
"id": "80bdca65-5877-4f59-87db-4f3b5f9822c3",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-otp",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "196de53d-9fdb-43c6-877b-6e51916a5cb7",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "create unique user config",
"authenticator": "idp-create-user-if-unique",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Handle Existing Account",
"userSetupAllowed": false
}
]
},
{
"id": "3b58dbe7-a052-4312-b45b-63e9c3d47a23",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "First broker login - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "f93f00c3-a0cf-4ad7-bba2-e09cb1c3427f",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "auth-spnego",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "identity-provider-redirector",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 25,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "forms",
"userSetupAllowed": false
}
]
},
{
"id": "6fb1b243-94c1-49c8-9804-76f6120c509b",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "client-secret",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-secret-jwt",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "client-x509",
"authenticatorFlow": false,
"requirement": "ALTERNATIVE",
"priority": 40,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "71daf21d-4a0d-49cf-a599-6aedb9d5e6a6",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "direct-grant-validate-username",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "direct-grant-validate-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 30,
"autheticatorFlow": true,
"flowAlias": "Direct Grant - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "8cd7b199-c099-42a5-b7aa-bebfd443e713",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "82d55b45-138b-44ac-a6f4-98e375a64e55",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "review profile config",
"authenticator": "idp-review-profile",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "User creation or linking",
"userSetupAllowed": false
}
]
},
{
"id": "ef13a8d2-0127-4dcd-825e-92a7ac61dbff",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-username-password-form",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 20,
"autheticatorFlow": true,
"flowAlias": "Browser - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "ecfe5882-7d96-4872-a818-3e5b3aa562b1",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-page-form",
"authenticatorFlow": true,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": true,
"flowAlias": "registration form",
"userSetupAllowed": false
}
]
},
{
"id": "40a98efb-f838-41a8-834d-48bc7d298ea7",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-user-creation",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-password-action",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 50,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-recaptcha-action",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 60,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "registration-terms-and-conditions",
"authenticatorFlow": false,
"requirement": "DISABLED",
"priority": 70,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
},
{
"id": "8afc69e8-84b3-40f9-b448-2dc69c8c79ca",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "reset-credentials-choose-user",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-credential-email",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 20,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticator": "reset-password",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 30,
"autheticatorFlow": false,
"userSetupAllowed": false
},
{
"authenticatorFlow": true,
"requirement": "CONDITIONAL",
"priority": 40,
"autheticatorFlow": true,
"flowAlias": "Reset - Conditional OTP",
"userSetupAllowed": false
}
]
},
{
"id": "d46af357-91e5-49bc-af7d-dd3e072caeca",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "http-basic-authenticator",
"authenticatorFlow": false,
"requirement": "REQUIRED",
"priority": 10,
"autheticatorFlow": false,
"userSetupAllowed": false
}
]
}
],
"authenticatorConfig": [
{
"id": "1f02ebfc-cf2f-4ac0-9049-ce4227816999",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "6aa3b20f-9a1e-4e98-976e-ee941e638032",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
}
}
],
"requiredActions": [
{
"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": false,
"priority": 10,
"config": {}
},
{
"alias": "TERMS_AND_CONDITIONS",
"name": "Terms and Conditions",
"providerId": "TERMS_AND_CONDITIONS",
"enabled": false,
"defaultAction": false,
"priority": 20,
"config": {}
},
{
"alias": "UPDATE_PASSWORD",
"name": "Update Password",
"providerId": "UPDATE_PASSWORD",
"enabled": true,
"defaultAction": false,
"priority": 30,
"config": {}
},
{
"alias": "UPDATE_PROFILE",
"name": "Update Profile",
"providerId": "UPDATE_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 40,
"config": {}
},
{
"alias": "VERIFY_EMAIL",
"name": "Verify Email",
"providerId": "VERIFY_EMAIL",
"enabled": true,
"defaultAction": false,
"priority": 50,
"config": {}
},
{
"alias": "delete_account",
"name": "Delete Account",
"providerId": "delete_account",
"enabled": false,
"defaultAction": false,
"priority": 60,
"config": {}
},
{
"alias": "webauthn-register",
"name": "Webauthn Register",
"providerId": "webauthn-register",
"enabled": true,
"defaultAction": false,
"priority": 70,
"config": {}
},
{
"alias": "webauthn-register-passwordless",
"name": "Webauthn Register Passwordless",
"providerId": "webauthn-register-passwordless",
"enabled": true,
"defaultAction": false,
"priority": 80,
"config": {}
},
{
"alias": "VERIFY_PROFILE",
"name": "Verify Profile",
"providerId": "VERIFY_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 90,
"config": {}
},
{
"alias": "delete_credential",
"name": "Delete Credential",
"providerId": "delete_credential",
"enabled": true,
"defaultAction": false,
"priority": 100,
"config": {}
},
{
"alias": "update_user_locale",
"name": "Update User Locale",
"providerId": "update_user_locale",
"enabled": true,
"defaultAction": false,
"priority": 1000,
"config": {}
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"firstBrokerLoginFlow": "first broker login",
"attributes": {
"cibaBackchannelTokenDeliveryMode": "poll",
"cibaExpiresIn": "120",
"cibaAuthRequestedUserHint": "login_hint",
"parRequestUriLifespan": "60",
"cibaInterval": "5",
"realmReusableOtpCode": "false"
},
"keycloakVersion": "24.0.5",
"userManagedAccessAllowed": false,
"clientProfiles": {
"profiles": []
},
"clientPolicies": {
"policies": []
}
}

Some files were not shown because too many files have changed in this diff Show More