FreeIPA

FreeIPA 是一个用于 Linux/Unix 环境的开源身份管理系统,它提供集中式的账号管理和身份验证,其集成 389 目录服务器(一种 LDAP 实现)、NTP、DNS、MIT Kerberos 等

services:
  freeipa:
    image: harbor.alpha-quant.tech/3rd/docker.io/freeipa/freeipa-server:rocky-9-4.12.2
    domainname: freeipa.alpha-quant.tech
    container_name: freeipa
    ports:
      # - "11080:80/tcp"
      - "80:80/tcp"
      - "443:443/tcp"
      # DNS
      - "53:53/tcp"
      - "53:53/udp"
      # LDAP(S)
      - "389:389/tcp"
      - "636:636/tcp"
      # Kerberos
      - "88:88/tcp"
      - "88:88/udp"
      - "464:464/tcp"
      - "464:464/udp"
      # NTP
      - "123:123/udp"
    dns:
      - 114.114.114.114
    tty: true
    stdin_open: true
    environment:
      IPA_SERVER_HOSTNAME: freeipa.alpha-quant.tech
      TZ: "Asia/Shanghai"
    command:
      - --domain=freeipa.alpha-quant.tech
      - --realm=freeipa.alpha-quant.tech
      # freeipa 的 admin 管理员账号
      - --admin-password=123456.com
      - --http-pin=123456
      - --dirsrv-pin=123456
      - --ds-password=12345678
      - --no-dnssec-validation
      - --no-host-dns
      - --setup-dns
      - --auto-forwarders
      - --allow-zone-overlap
      # 自动无人工干预安装
      - --unattended
    cap_add:
      - SYS_TIME
      - NET_ADMIN
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - ./free-ipa/data:/data
      - ./free-ipa/logs:/var/logs
    # sysctls:
    #   - net.ipv6.conf.all.disable_ipv6=0
    #   - net.ipv6.conf.lo.disable_ipv6=0
    security_opt:
      - "seccomp:unconfined"
    networks:
      - freeipa
networks:
  freeipa:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.28.1.0/24
          gateway: 172.28.1.254