mirror of
https://github.com/lldap/lldap.git
synced 2024-11-25 09:06:03 +00:00
add an entrypoint script that allows setting secrets from a file; version the upstream containers
This commit is contained in:
parent
df889ee2fe
commit
859ed97ca8
3 changed files with 27 additions and 3 deletions
10
Dockerfile
10
Dockerfile
|
@ -1,5 +1,5 @@
|
|||
# Build image
|
||||
FROM rust:alpine AS chef
|
||||
FROM rust:alpine3.14 AS chef
|
||||
|
||||
RUN set -x \
|
||||
# Add user
|
||||
|
@ -40,7 +40,7 @@ RUN cargo build --release -p lldap \
|
|||
&& ./app/build.sh
|
||||
|
||||
# Final image
|
||||
FROM alpine
|
||||
FROM alpine:3.14
|
||||
|
||||
RUN set -x \
|
||||
# Add user
|
||||
|
@ -54,16 +54,20 @@ RUN set -x \
|
|||
# Create the /data folder
|
||||
&& mkdir /data && chown app:app /data
|
||||
|
||||
RUN apk add --no-cache bash
|
||||
|
||||
USER app
|
||||
WORKDIR /app
|
||||
|
||||
COPY --chown=app:app --from=builder /app/app/index.html /app/app/main.js app/
|
||||
COPY --chown=app:app --from=builder /app/app/pkg app/pkg
|
||||
COPY --chown=app:app --from=builder /app/target/release/lldap lldap
|
||||
COPY docker-entrypoint.sh .
|
||||
|
||||
ENV LDAP_PORT=3890
|
||||
ENV HTTP_PORT=17170
|
||||
|
||||
EXPOSE ${LDAP_PORT} ${HTTP_PORT}
|
||||
|
||||
CMD ["/app/lldap", "run", "--config-file", "/data/lldap_config.toml"]
|
||||
ENTRYPOINT ["/app/docker-entrypoint.sh"]
|
||||
CMD ["run", "--config-file", "/data/lldap_config.toml"]
|
||||
|
|
|
@ -71,6 +71,8 @@ Configure the server by copying the `lldap_config.docker_template.toml` to
|
|||
Environment variables should be prefixed with `LLDAP_` to override the
|
||||
configuration.
|
||||
|
||||
Secrets can also be set through a file. The filename should be specified by the variables `LLDAP_JWT_SECRET_FILE` or `LLDAP_USER_PASS_FILE`, and the file contents are loaded into the respective configuration parameters. Note that `_FILE` variables take precedence.
|
||||
|
||||
Example for docker compose:
|
||||
|
||||
```yaml
|
||||
|
|
18
docker-entrypoint.sh
Executable file
18
docker-entrypoint.sh
Executable file
|
@ -0,0 +1,18 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
for SECRET in LLDAP_JWT_SECRET LLDAP_LDAP_USER_PASS; do
|
||||
FILE_VAR="${SECRET}_FILE"
|
||||
SECRET_FILE="${!FILE_VAR:-}"
|
||||
if [[ -n "$SECRET_FILE" ]]; then
|
||||
if [[ -f "$SECRET_FILE" ]]; then
|
||||
declare "$SECRET=$(cat $SECRET_FILE)"
|
||||
export "$SECRET"
|
||||
echo "[entrypoint] Set $SECRET from $SECRET_FILE"
|
||||
else
|
||||
echo "[entrypoint] Could not read contents of $SECRET_FILE (specified in $FILE_VAR)" >&2
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
exec /app/lldap "$@"
|
Loading…
Reference in a new issue