CAS miseenservice srv docker - IlanRuiz/Cours-TechES GitHub Wiki
Environnement laboratoire
Le laboratoire à été réalisé sous vmware workstation pro 17.
Deux réseau virtuels sont utilisé, l'un faisant office de WAN et l'autre de LAN
Serveur docker
Installation d'une machine debian 12 basique selon les procédures habituelles
root:Pa$$w0rd
deb:Pa$$w0rd
Ajout d'une IP static au serveur
allow-hotplug ens33
iface ens33 inet static
address 10.10.10.15/24
gateway 10.10.10.2
dns-nameservers 10.10.10.2
validation
input:
ping google.ch
output
root@cas-srv-docker:~# ping google.ch
PING google.ch (142.250.203.99) 56(84) bytes of data.
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=1 ttl=128 time=11.0 ms
64 bytes from zrh04s16-in-f3.1e100.net (142.250.203.99): icmp_seq=2 ttl=128 time=9.61 ms
^C
--- google.ch ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 9.611/10.299/10.988/0.688 ms
root@cas-srv-docker:~#
Installation de docker
sudo apt update
sudo apt install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
validation
input:
sudo docker run hello-world
output:
deb@cas-srv-docker:~$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete
Digest: sha256:4bd78111b6914a99dbc560e6a20eab57ff6655aea4a80c50b0c5491968cbc2e6
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
...
https://docs.docker.com/engine/install/debian/
Installation docker compose
sudo apt install docker-compose-plugin
validation
input
docker compose version
output
deb@cas-srv-docker:~$ docker compose version
Docker Compose version v2.24.1
Execution sans SU ou SUDO
Il faut créer un group nommé docker
Ajouter les membres requis
sudo groupadd docker
sudo usermod -aG docker $USER
Il faut se deconnecter de la session pour que les changements s'appliquent
Validation
Input:
docker ps -a
output
deb@cas-srv-docker:~/docker-cas$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ed5b1b22a96b ubuntu/squid "entrypoint.sh -f /e…" 6 minutes ago Up 6 minutes 0.0.0.0:8080->3128/tcp, :::8080->3128/tcp docker-cas-proxy-1
Squid proxy
Configuration de base
Test d'une configuration de base en tant que forward proxy
Ajouter la section conrespondante au fichier docker-compose.yaml
version: "3"
services:
proxy:
image: ubuntu/squid
ports:
- "8080:3128"
volumes:
- ./squid.conf:/etc/squid/squid.conf
- ./passwords:/etc/squid/passwords
restart: always
Les deux fichiers de configurations présent sont:
squid.conf => configuration du proxy
passwords => compte et mdp de l'utilisateur pour s'authentifier (test:test)
Validation
input
sudo docker compose up -d
output:
deb@cas-srv-docker:~/docker-cas$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ed5b1b22a96b ubuntu/squid "entrypoint.sh -f /e…" 11 minutes ago Up 11 minutes 0.0.0.0:8080->3128/tcp, :::8080->3128/tcp docker-cas-proxy-1
https://cloudinfrastructureservices.co.uk/how-to-setup-squid-proxy-docker-container-image/
https://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
Wordpress
...
db:
image: mysql:5.7
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: wordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
volumes:
db_data:
Essayer d'ajouter les mot de passe dans le fichier de variable d'environnements
Moodle
version: "3"
services:
proxy:
image: moodlehq/moodleapp:latest-test
ports:
- "8080:80"
restart: always
https://blog.programster.org/deploy-moodle-with-docker
OpenLDAP
version: '2'
services:
openldap:
image: osixia/openldap:1.5.0
container_name: openldap
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "IRS corp"
LDAP_DOMAIN: "irs.loc"
LDAP_ADMIN_PASSWORD: "admin"
LDAP_CONFIG_PASSWORD: "config"
LDAP_READONLY_USER: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
tty: true
stdin_open: true
volumes:
- /var/lib/ldap
- /etc/ldap/slapd.d
- /container/service/slapd/assets/certs/
ports:
- "389:389"
- "636:636"
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
environment:
PHPLDAPADMIN_LDAP_HOSTS: "openldap"
PHPLDAPADMIN_HTTPS: "false"
ports:
- "8081:80"
depends_on:
- openldap
https://medium.com/rahasak/deploy-ldap-directory-service-with-openldap-docker-8d9f438f1216