Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
content:serverbasics:docker-freeipa [2025/01/11 18:32] – [Caddyfile] Daniel | content:serverbasics:docker-freeipa [2025/02/19 10:46] (aktuell) – Daniel | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
- | ====== FreeIPA ====== | + | ====== |
- | FreeIPA is a collection of Tools and a Web- GUI for managing an AD (Active Directory). | + | FreeIPA is a collection of Tools for managing an AD (Active Directory) |
As docker Image, it delivers LDAP for central storing of Users/ | As docker Image, it delivers LDAP for central storing of Users/ | ||
This chapter will describe, how to install FreeIPA in a rootless Docker- Environement, | This chapter will describe, how to install FreeIPA in a rootless Docker- Environement, | ||
- | |||
===== Prerequiusite ===== | ===== Prerequiusite ===== | ||
- | You will need a Docker- Host, that is rechable from the Internet with its fully qualifierd Domain- Name (FQDN) as described in the cahpters | + | You will need a Docker- Host, that is rechable from the Internet with its fully qualifierd Domain- Name (FQDN) as described in the chapters |
===== Docker composer ===== | ===== Docker composer ===== | ||
- | FreeIPA will not use a Database - all needed informations are stored into the Docker Data- Volume. | + | FreeIPA will not use a Database - all needed informations are stored into the Docker Data- Volume. Some Services - like LDAP will setup their own DB in that Directory. |
- | Frst, create a Directory in your Docker-Compose directry that you chose before in [[http:// | + | First, create a Directory in your Docker-Compose directry that you chose before in [[http:// |
Then, create your '' | Then, create your '' | ||
Zeile 56: | Zeile 54: | ||
command: | command: | ||
- -U | - -U | ||
- | - --domain=clients.[FQDN_HOSTNAME] | + | - --domain=clients.[DOMAINPART_OF_HOSTNAME] |
# Must match the last part of the Domain-Name and must be upper case and routed to the domain | # Must match the last part of the Domain-Name and must be upper case and routed to the domain | ||
- | - --realm=[DOMAINPART_OF_HOSTNAME] | + | - --realm=[DOMAINPART_OF_HOSTNAME_UPPERCASE] |
- --http-pin=[NEWHTTPDPIN] | - --http-pin=[NEWHTTPDPIN] | ||
- --dirsrv-pin=[NEWDIRSRVPIN] | - --dirsrv-pin=[NEWDIRSRVPIN] | ||
+ | #Bind/DNS Setup - use own Server Open Port 53 for this | ||
- --setup-dns | - --setup-dns | ||
# - --no-host-dns | # - --no-host-dns | ||
+ | - --setup-dns | ||
+ | # Save choice: | ||
+ | - --no-forwarders | ||
+ | # Will Forward unknow DNS- Queries to something else. May be a security- breach | ||
+ | # - --auto-forwarders | ||
+ | # - --forwarder=192.168.178.1 | ||
#NTP - not needed, this is the server which time is taken from / | #NTP - not needed, this is the server which time is taken from / | ||
#This server has also a chrony-daemon running here to sync time | #This server has also a chrony-daemon running here to sync time | ||
- --no-ntp | - --no-ntp | ||
# - --ntp-server=172.0.0.11 | # - --ntp-server=172.0.0.11 | ||
- | - --auto-forwarders | ||
- | # - --forwarder=192.168.178.1 | ||
#Error: Unable to determine the amount of available RAM | #Error: Unable to determine the amount of available RAM | ||
- --skip-mem-check | - --skip-mem-check | ||
Zeile 102: | Zeile 105: | ||
The caddy_data Volume contains the Certifictes for encryption from Caddy as described in [[.: | The caddy_data Volume contains the Certifictes for encryption from Caddy as described in [[.: | ||
- | |||
===== Caddyfile ===== | ===== Caddyfile ===== | ||
Zeile 125: | Zeile 127: | ||
</ | </ | ||
- | As the internal Certificate of FreeIPA will be self-signed, | + | As the internal Certificate of FreeIPA will be self-signed, |
===== Encryption ===== | ===== Encryption ===== | ||
Zeile 172: | Zeile 173: | ||
'' | '' | ||
- | |||
- | |||
===== LDAP - Zentrales AD ===== | ===== LDAP - Zentrales AD ===== | ||