Skip to content

cityofcapetown/dockerfiles-nginx-auth-ldap

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
bin
bin
 
 
config
config
 
 
test/my-secured-site
test/my-secured-site
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

cityofcapetown/nginx-auth-ldap

stars pulls

Nginx on Alpine w/ LDAP Authentication

Built to be compatible with the official Nginx image. Leverages the LDAP authentication module from kvspb/nginx-auth-ldap.

Intended to be used as a simple, modularised LDAP auth proxy in front of other applications.

Getting Started

By default, this image rolls it's own config, and uses the following env variables to substitute in various values:

  • BIND_DN - The DN of the user that will bind onto the LDAP server, e.g. "CN=My Service Account,OU=My Org Unit,DC=capetown,DC=gov,DC=za"
  • BIND_DN_PASSWORD - The password of the bind DN user.
  • LDAP_WELCOME_MSG - Message shown when prompting users for their username and password, e.g. "Hello, welcome to my app - please use your special credentials"
  • LDAP_URL - LDAP URL to bind, and search against. Defaults to ldap://capetown.gov.za:3268/dc=capetown,dc=gov,dc=za?sAMAccountName?sub?(objectClass=person) which is all users at the City of Cape Town, e.g. ldap://capetown.gov.za:3268/dc=capetown,dc=gov,dc=za?sAMAccountName?sub?(&(memberOf:1.2.840.113556.1.4.1941:=CN=My%20Group,OU=Resource%20Groups,OU=Groups,DC=capetown,DC=gov,DC=za)(objectClass=person))
  • BACKEND_SERVER - backend server (without protocol) to pass the authenticated user to, e.g. my-service.capetown.gov.za.

To limit access to a specific group, add it to the LDAP_URL (see the example above).

Command example:

$ docker run -it --rm --name nginx-ldap-proxy-test -p 8080:80 --env BACKEND_SERVER="192.168.16.1:8000" \
                                                              --env BIND_DN="CN=My Service Account,OU=My Org Unit,DC=capetown,DC=gov,DC=za" \
                                                              --env BIND_DN_PASSWORD="My Service Account's password" \
                                                              --env LDAP_WELCOME_MSG="Hello, World! Please use your normal credentials to access" \
                                                              cityofcapetown/nginx-ldap-proxy

Advanced Settings

Please see test/my-secured-site/secured.conf for an example of more advanced configurations.

Copyright Notice

The MIT License (MIT)

Copyright © 2017 Jacob Blain Christen and City of Cape Town

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

Nginx on Alpine with LDAP authentication module from kvspb/nginx-auth-ldap

hub.docker.com/r/dweomer/nginx-auth-ldap/

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Dockerfile 78.7%
  • Shell 19.2%
  • HTML 2.1%