Usage witht nginx-proxy images which already expose 443

[reyman]

Hi, this is more a question than an issue, i try to run your image with the nginx proxy images which already expose an 443 port for SSL.

When i try to run your image like this :+1:

sudo docker run -p 443:443 -e VIRTUAL_HOST=ldap.comnmodel.org -e PHPLDAPADMIN_LDAP_HOSTS=ldap.comnmodel.org -d osixia/phpldapadmin

the run of phpldapadmin image failed because port 443 is already allocated.

Any idea to solve that ?

[osixia]

Hi, remove -p 443:443 then i guess there is some way to configure nginx proxy to proxy phpldapadmin container but i can't help you with that

[reyman]

Perhaps I can crosspost this case on nginxproxy repository..

[reyman]

Crossposter here : https://github.com/jwilder/nginx-proxy/issues/296#issuecomment-157832764

[reyman]

It seems that the 403 error i obtain (see crosspost) is due to docker-phpLDAPAdmin, what is the best way to debug ?

[osixia]

Here an example without ssl :

sudo docker run --name proxy -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy

docker run --name phpldapadmin -e VIRTUAL_HOST=foo.bar.com -e PHPLDAPADMIN_HTTPS=false -e PHPLDAPADMIN_LDAP_HOSTS=ldap.example.com -d osixia/phpldapadmin

then get the ip adress of the nginx-proxy container : sudo docker inspect -f "{{ .NetworkSettings.IPAddress }}" proxy

this return for example : 172.17.0.2

add in /etc/hosts : 172.17.0.2 foo.bar.com

go to foo.bar.com and phpLdapAdmin should show up !

[osixia]

With SSL enabled the "403 Forbidden" is due to the nginx proxy image that offload HTTPS and proxy only HTTP traffic.

example of nginx config generated by nginx proxy image :

... location / { proxy_pass http://foo.bar.com; } ...

so add -e PHPLDAPADMIN_HTTPS=false when you run the phpLdapAdmin image so the phpLdapAdmin server will listen on port 80 and wait HTTP connections.

[reyman]

Ok it works, i can connect to ldap.comnmodel.org , but now i have some problem to authenticate, arg... I try this (https://github.com/osixia/docker-openldap/issues/21) but i suppose this is not the good way to do. The ldap run correctly, the password is good, i can use ldapsearch to search cn=admin.

For an authentification error on connection on phpldapadmin, Docker image of openldap logs return nothing clear :

56648e38 conn=1013 fd=21 ACCEPT from IP=[::1]:45010 (IP=[::1]:389)
56648e38 conn=1013 op=0 EXT oid=1.3.6.1.4.1.1466.20037
56648e38 conn=1013 op=0 STARTTLS
56648e38 conn=1013 op=0 RESULT oid= err=0 text=
56648e38 conn=1013 fd=21 TLS established tls_ssf=256 ssf=256
56648e3d conn=1013 op=1 BIND dn="cn=admin,dc=comnmodel,dc=org" method=128
56648e3d conn=1013 op=1 BIND dn="cn=admin,dc=comnmodel,dc=org" mech=SIMPLE ssf=0
56648e3d conn=1013 op=1 RESULT tag=97 err=0 text=
56648e3d conn=1013 op=2 SRCH base="dc=comnmodel,dc=org" scope=2 deref=0 filter="(objectClass=*)"
56648e3d conn=1013 op=2 SRCH attr=admin
56648e3d conn=1013 op=2 SEARCH RESULT tag=101 err=0 nentries=2 text= 
56648e3d conn=1013 op=3 UNBIND
56648e3d conn=1013 fd=21 closed

But logs of phpldapadmin image show some problems it seems :

*** Running /etc/my_init.d/phpldapadmin...
Enabling site phpldapadmin.
To activate the new configuration, you need to run:
  service apache2 reload
link /container/service/phpldapadmin/assets/config.php to /var/www/phpldapadmin/config/config.php
tr: write error: Broken pipe
tr: write error
*** Running /etc/rc.local...
*** Booting runit daemon...
*** Runit started as PID 736
mknod: ‘/dev/xconsole’: File exists
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message

[reyman]

Any idea @osixia about these write error ? is it normal ?

The entry of config.php seem truncated, base and bind_id are not defined.

/*           
 * Autogenerated servers variables will come here
 */          
$servers->newServer('ldap_pla');
$servers->setValue('server','name','ldap.comnmodel.org');
$servers->setValue('server','host','ldap.comnmodel.org');

File stop after this last line.

I found that openldap work if i expose osixia/openldap port on the VPS Ip. osixia/PhpLdapadmin doesn't find the docker ldap directly on vps...

_Don't work : _

sudo docker run --name openLdap -e LDAP_ORGANISATION="comnmodel" -e LDAP_DOMAIN="comnmodel.org" -e LDAP_ADMIN_PASSWORD="mypassword" -d osixia/openldap

and with PHPLDAPADMIN_LDAP_HOSTS=localhost in

sudo docker run --name phpLDAPadmin -e VIRTUAL_HOST=ldap.comnmodel.org -e PHPLDAPADMIN_HTTPS=false -e PHPLDAPADMIN_LDAP_HOSTS=localhost -d osixia/phpldapadmin

Work :

sudo docker run --name openLdap -e LDAP_ORGANISATION="comnmodel" -e LDAP_DOMAIN="comnmodel.org" -e LDAP_ADMIN_PASSWORD="mypassword" -p 389:389 -p 636:636 -d osixia/openldap

and with PHPLDAPADMIN_LDAP_HOSTS=ldap.comnmodel.org in

sudo docker run --name phpLDAPadmin -e VIRTUAL_HOST=ldap.comnmodel.org -e PHPLDAPADMIN_HTTPS=false -e PHPLDAPADMIN_LDAP_HOSTS=ldap.comnmodel.org -d osixia/phpldapadmin

So, where is the problem with localhost (two docker run on the same vps) ? :/