Closed 3XC1T3D closed 2 years ago
We're using it right now with our Synology and it seems to work very fine. Thank you. In LDAP connection we had to leave TLS off and the connection set to ldaps://name.of.server. (So it uses the 636 port instead of normal 389) At first we didn't get the connection to the syspass-db to work, but after some days of waiting it mysteriously worked (same on the normal dockerfile). Only part we've changed is the left side of: ` ports:
I've added the certificates to the container and in Synology to bind it to the reverse proxy (dunno what's really needed, but seem to work)
Hello, sorry for the late reply...
I know Docker installations are tricky because the network, but setting a fixed IP address would lead to an IP address conflict on many environments, since Docker is a dynamic environment and many people doesn't care about IPAM related stuff.
Anyway, I'll take some useful parts from your composer file like certificates handling.
Many thanks for your contribution @3XC1T3D !
Hi @nuxsmin ,
yeah i know the fact with the fixed ip address, but i think it's the only way to run it productive in Docker. Eventually you make a hint in the docker compose readme.
Thank you, for your work :)
Hello,
I had the same problem with the non exposed ports in the syspass-app container.
In my opinion, configuring ports: - "80:80" - "443:443" by default is mandatory to facilitate docker deployment.
It happens also in v3.2.1.
Regards.
@kfeina I agree with you, but taking into account that sysPass is a security application, it could be risky to use these default HTTP/S ports for inexperienced users or non-tested installations. That is the fact because these ports are set randomly.
Regards
I've fiddled around and made this solution: You only need to get the public certificate .pem (rename it to .crt) / .crt of the CA and put it in a folder to mount it:
volumes:
This also allows renewing of the certificate on an easy way.
Maybe "update-ca-certificates" should be added to entrypoint.sh ? @nuxsmin
Hi,
i worked a little bit with your docker-compose file and it wasn't very handy. For exmaple if i shout down the appliction and databse and restartet it (docker compose down and up) because of the docker link feature, the container are getting dhcp ip adresses. Also i exposed the Port 80 and 443 like in your Documentation. Also i am using LDAPS. Therefore i changed a little bit of the compose file. If your interested to merge some changes to yours, feel free.