openvpn-2fa-otp-freeradius-ldap

1
networks:
2
  ovpn-freeradius-lldap_net:
3
    name: ovpn-freeradius-lldap_net
4
    ipam:
5
      config:
6
        - subnet: 172.21.2.0/24
7
services:
8
  lldap:
9
    image: mirror.gcr.io/lldap/lldap:stable
10
    container_name: lldap
11
    networks:
12
      ovpn-freeradius-lldap_net:
13
        ipv4_address: 172.21.2.2
14
    ports:
15
      # For LDAP, not recommended to expose, see Usage section.
16
      - "3890:3890"
17
      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
18
      #- "636:6360"
19
      # For the web front-end
20
      - "17170:17170"
21
    volumes:
22
      - "./lldap/data:/data"
23
    environment:
24
      - UID=1000
25
      - GID=1000
26
      - TZ=Europe/Moscow
27
      - LLDAP_JWT_SECRET=REPLACE_WITH_RANDOM
28
      - LLDAP_KEY_SEED=REPLACE_WITH_RANDOM
29
      - LLDAP_LDAP_BASE_DN=dc=acme,dc=corp
30
  postgres:
31
    image: mirror.gcr.io/postgres:16.3-bookworm
32
    container_name: postgres
33
    restart: unless-stopped
34
    environment:
35
      POSTGRES_DB: "otpdb"
36
      POSTGRES_USER: "db_admin"
37
      POSTGRES_PASSWORD: "IrcfRqB0cQ2G"
38
      TZ: "Europe/Moscow"
39
    networks:
40
      ovpn-freeradius-lldap_net:
41
        ipv4_address: 172.21.2.3
42
    ports:
43
      - "5432:5432"
44
    volumes:
45
      - "./postgresql/init_db:/docker-entrypoint-initdb.d"
46
      - "./postgresql/data:/var/lib/postgresql/data"
47
    healthcheck:
48
      test: [ "CMD-SHELL", "pg_isready -U db_admin -d otpdb" ]
49
      interval: 10s
50
      timeout: 5s
51
      retries: 5
52
      start_period: 10s
53
  freeradius:
54
    image: "freeradius:otp"
55
    container_name: freeradius
56
    # Раскомментируйте строчку ниже для отладки freeradius
57
    # command: "freeradius -X"
58
    environment:
59
      TZ: "Europe/Moscow"
60
    networks:
61
      ovpn-freeradius-lldap_net:
62
        ipv4_address: 172.21.2.4
63
    ports:
64
      - "1812:1812"
65
      - "1813:1813"
66
    volumes:
67
      - "./freeradius/freeradius-config/sites-enabled:/etc/freeradius/sites-enabled"
68
      - "./freeradius/freeradius-config/mods-enabled/python3:/etc/freeradius/mods-enabled/python3"
69
      - "./freeradius/freeradius-config/clients.conf:/etc/freeradius/clients.conf"
70
      - "./freeradius/freeradius-plugin/strongpass-otp:/opt/strongpass-otp"
71
      - "./freeradius/logs/:/var/log/freeradius"
72
  auth-service:
73
    image: "mirror.gcr.io/debian:12.6-slim"
74
    container_name: auth-service
75
    command: "/app/auth-service --config /app/config.yml"
76
    environment:
77
      TZ: "Europe/Moscow"
78
    networks:
79
      ovpn-freeradius-lldap_net:
80
        ipv4_address: 172.21.2.5
81
    ports:
82
      - "12345:12345"
83
    volumes:
84
      - "./openvpn/auth-service:/app"
85
  openvpn:
86
    image: "openvpn:otp"
87
    container_name: openvpn
88
    # command: "sleep infinity"
89
    # command: "openvpn --config /etc/openvpn/openvpn.conf"
90
    cap_add:
91
     - NET_ADMIN
92
    privileged: true
93
    networks:
94
      ovpn-freeradius-lldap_net:
95
        ipv4_address: 172.21.2.6
96
    ports:
97
      - "1194:1194"
98
    volumes:
99
      - "./openvpn/openvpn-plugin:/opt/openvpn-plugin"
100
      - "./openvpn/server:/etc/openvpn/server"
101
      - "./openvpn/log:/var/log/openvpn"