pour démarrer un script quand sympa est up. doit-être démarré au boot de la machine

bin/checkPahekoLdap.py

@@ -163,12 +163,12 @@ with Ldap() as ldap:
     ldap_forwardings = ldap.get_mail_forwardings()
     for ldap_user in ldap_forwardings:
         ldap_user = ldap_user[1]
-        paheko_entry = [x for x in membres if x["email"] == ldap_user["mail"][0].decode() or (x["emails_rattaches"] and ldap_user["mail"][0].decode() in x["emails_rattaches"])]
+        paheko_entry = [x for x in membres if x["email"] == ldap_user["mailAlias"][0].decode() or (x["forward"] and ldap_user["mailAlias"][0].decode() in x["forward"])]
         paheko_entry = paheko_entry[0] if len(paheko_entry) else None
         if paheko_entry:
             pass
         else:
-            not_in_paheko.append(ldap_user["mail"][0].decode() + " (forwarding)")
+            not_in_paheko.append(ldap_user["mailAlias"][0].decode() + " (forwarding)")
 
 
 print("Mails dans paheko mais pas dans le LDAP :")

bin/container.sh

@@ -191,6 +191,11 @@ saveComposes () {
 		. $KAZ_KEY_DIR/env-etherpadDB
 		saveDB ${etherpadDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" etherpad mysql
 		;;
+       gitea)
+    echo "save gitea"
+    . $KAZ_KEY_DIR/env-gitDB
+    saveDB ${gitDBName} "${MYSQL_USER}" "${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" gitea mysql
+		;;
 	    framadate)
 		echo "save date"
 		. $KAZ_KEY_DIR/env-framadateDB

bin/createUser.sh

@@ -606,7 +606,7 @@ userPassword: {CRYPT}${pass}\n\n' | ldapmodify -c -H ldap://${LDAP_IP} -D \"cn=$
 	# l'équipe existe t-elle déjà ?
 	nb=$(docker exec mattermostServ bin/mmctl team list | grep -w "${EQUIPE_AGORA}" | wc -l)
 	if [ "${nb}" == "0" ];then # non, on la créé en mettant le user en admin de l'équipe
-	    echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display_name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
+	    echo "docker exec -i mattermostServ bin/mmctl team create --name ${EQUIPE_AGORA} --display-name ${EQUIPE_AGORA} --email ${EMAIL_SOUHAITE}" --private | tee -a "${CMD_INIT}"
 	fi
 	# puis ajouter le user à l'équipe
 	echo "docker exec -i mattermostServ bin/mmctl team users add ${EQUIPE_AGORA} ${EMAIL_SOUHAITE}" | tee -a "${CMD_INIT}"

bin/gestUsers.sh

@@ -13,7 +13,7 @@ setKazVars
 . $KAZ_KEY_DIR/env-sympaServ
 . $KAZ_KEY_DIR/env-paheko
 
-VERSION="16-10-2025"
+VERSION="16-11-2025"
 PRG=$(basename $0)
 RACINE=$(echo $PRG | awk '{print $1}')
 IFS=' '
@@ -184,9 +184,6 @@ infoEmail() {
 					echo " ------------------------------------------------"
 					printKazMsg " DETAILS DU COMPTE DANS NEXTCLOUD PRINCIPAL"
 					echo -e ""
-					#TEMP_USER_NC=$(mktemp /tmp/$RACINE.XXXXXXXXX.TEMP_USER_NC)
-					#curl -s -o $TEMP_USER_NC -X GET -H 'OCS-APIRequest:true' $httpProto://admin:$NEXTCLOUD_ADMIN_PASSWORD@$URL_NC/ocs/v1.php/cloud/users?search=$CHOIX_MAIL
-					#cat $TEMP_USER_NC | grep -i "element" | sed -e s/[\<\>\/]//g | sed -e s/element//g
 					echo -ne "${NC}"
 					echo -ne " - Nextcloud enable : "
 					echo -ne "${GREEN}"
@@ -278,8 +275,13 @@ searchDestroy() {
 			CHOIX_MAIL=""
 			searchEmail
 			REP_SEARCH_DESTROY=$CHOIX_MAIL
-			echo "CHOIX=$REP_SEARCH_DESTROY"
+			MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-			echo "domaine en cours : ${DOMAINE_EN_COURS}"
+			-x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
+			-w "${LDAP_ADMIN_PASSWORD}" \
+			-b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${REP_SEARCH_DESTROY}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
+			echo "Mail en cours = $REP_SEARCH_DESTROY"
+			echo "Mail de secours = ${MAIL_SECOURS}"
+			echo "Domaine en cours : ${DOMAINE_EN_COURS}"
 			echo "---------------------------------   SUPPRESION ----------------------------------------"
 			while :
 			do
@@ -335,10 +337,11 @@ searchDestroy() {
 						fi
 							echo -e "${NC}"
 							echo ""
-							echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans la liste info de sympa"
+							echo -e "${RED} suppression de ${REP_SEARCH_DESTROY} et ${MAIL_SECOURS} dans la liste info de sympa"
 							echo -e "${NC}"
 							echo ""
 							docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${REP_SEARCH_DESTROY}"
+							docker exec -ti sympaServ /usr/lib/sympa/bin/sympa_soap_client.pl --soap_url=${httpProto}://${URL_LISTE}/sympasoap --trusted_application=${SOAP_USER} --trusted_application_password=${SOAP_PASSWORD} --proxy_vars=USER_EMAIL=${LISTMASTER} --service=del --service_parameters="${NL_LIST},${MAIL_SECOURS}"
 							echo -e "${NC}"
 							echo ""
 							echo  -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le serveur de mail"
@@ -355,10 +358,6 @@ searchDestroy() {
                                                 echo  -e "${RED} suppression de ${REP_SEARCH_DESTROY} dans le ldap"
                                                 echo -e "${NC}"
                                                 echo ""
-						MAIL_SECOURS=$(ldapsearch -H ldap://${LDAP_IP} \
-                                                -x -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" \
-                                                -w "${LDAP_ADMIN_PASSWORD}" \
-                                                -b "${ldap_root}" "(&(objectclass=inetOrgPerson)(cn=*${REP_SEARCH_DESTROY}*))" | grep ^mailDeSecours | sed -e 's/^mailDeSecours: //')
 						ldapdelete -H ldap://${LDAP_IP} -D "cn=${LDAP_ADMIN_USERNAME},${ldap_root}" -x -w "${LDAP_ADMIN_PASSWORD}" "cn=${REP_SEARCH_DESTROY},ou=users,${ldap_root}"
 						if [ "$?" -eq "0" ]
 						then
@@ -373,7 +372,7 @@ searchDestroy() {
 							printKazError "Erreur de suppression"
 						fi
 						printKazMsg  "Envoi d'un message dans mattermost pour la suppression du compte"
-						docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le compte ${REP_SEARCH_DESTROY} est supprimé" >/dev/null 2>&1
+						docker exec -ti mattermostServ bin/mmctl post create kaz:Creation-Comptes --message "Le compte ${REP_SEARCH_DESTROY} est supprimé , mail envoyé à ${MAIL_SECOURS}" >/dev/null 2>&1
 						MAIL_SUPPR="Le compte ${REP_SEARCH_DESTROY} est supprimé"
 						OLDIFS=${IFS}
 		                                IFS=''
@@ -1199,4 +1198,3 @@ esac
 [ ! -e ${KAZ_CONF_DIR}/autorized-domains.txt ] && { echo "création de ${KAZ_CONF_DIR}/autorized-domains.txt" ; touch ${KAZ_CONF_DIR}/autorized-domains.txt;}
 ! grep $domain ${KAZ_CONF_DIR}/autorized-domains.txt && echo $domain >> ${KAZ_CONF_DIR}/autorized-domains.txt
 Main
-

bin/lib/mattermost.py

@@ -2,8 +2,9 @@ import subprocess
 
 from .config import getDockersConfig, getSecretConfig
 
-mattermost_user = getSecretConfig("mattermostServ", "MM_ADMIN_USER")
+mattermost_user = getSecretConfig("mattermostAdmin", "mattermost_user")
-mattermost_pass = getSecretConfig("mattermostServ", "MM_ADMIN_PASSWORD")
+mattermost_pass = getSecretConfig("mattermostAdmin", "mattermost_pass")
+# mattermost_token = getSecretConfig("mattermostAdmin", "mattermost_token")
 mattermost_url = f"https://{getDockersConfig('matterHost')}.{getDockersConfig('domain')}"
 mmctl = "docker exec -i mattermostServ bin/mmctl"
 
@@ -23,6 +24,8 @@ class Mattermost:
     def authenticate(self):
          # Authentification sur MM
          cmd = f"{mmctl} auth login {mattermost_url} --name local-server --username {mattermost_user} --password {mattermost_pass}"
+         # ou (si ça casse le token ?)
+         # cmd = f"{mmctl} auth login {mattermost_url} --name local-server --access-token {mattermost_token}"
          subprocess.run(cmd, shell=True, stderr=subprocess.STDOUT, check=True)
 
 
@@ -131,4 +134,3 @@ class Mattermost:
         cmd = f"{mmctl} team delete {equipe} --confirm"
         output = subprocess.check_output(cmd, shell=True, stderr=subprocess.STDOUT)
         return output.decode()
-

bin/manageWiki.sh

@@ -117,7 +117,7 @@ Version(){
 Reload(){
     # $1 ContainerName
     if [ -f "${VOL_PREFIX}wikiData/_data/farms/init.sh" ]; then
-        ${SIMU} docker exec -ti "${1}" /dokuwiki/data/farms/init.sh
+        ${SIMU} docker exec -ti "${1}" /storage/data/farms/init.sh
         ${SIMU} pkill -KILL lighttpd
     fi
 }

config/orgaTmpl/docker-compose.yml

@@ -153,18 +153,19 @@ services:
 #}}
 #{{wiki
   dokuwiki:
-    image: mprasil/dokuwiki
+    image: dokuwiki/dokuwiki
     container_name: ${orga}-${dokuwikiServName}
     #disk_quota: 10G
     restart: ${restartPolicy}
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.${orga}-${dokuwikiServName}.rule=Host(`${orga}-${dokuwikiHost}.${domain}`){{FOREIGN_DW}}"
+      - "traefik.http.services.${orga}-${dokuwikiServName}.loadbalancer.server.port=8080"
     volumes:
-      - wikiData:/dokuwiki/data
+      - wikiData:/storage/data
-      - wikiConf:/dokuwiki/conf
+      - wikiConf:/storage/conf
-      - wikiPlugins:/dokuwiki/lib/plugins
+      - wikiPlugins:/storage/lib/plugins
-      - wikiLibtpl:/dokuwiki/lib/tpl
+      - wikiLibtpl:/storage/lib/tpl
       - wikiLogs:/var/log
     networks:
       - orgaNet

dockers/dokuwiki/Dockerfile

@@ -1,85 +0,0 @@
-FROM --platform=${TARGETPLATFORM:-linux/amd64} crazymax/alpine-s6:3.12
-
-ARG TARGETPLATFORM
-ARG BUILDPLATFORM
-RUN printf "I am running on ${BUILDPLATFORM:-linux/amd64}, building for ${TARGETPLATFORM:-linux/amd64}\n$(uname -a)\n"
-
-LABEL maintainer="CrazyMax"
-
-########################################
-# APT local cache
-# work around because COPY failed if no source file
-COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] /
-RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true
-RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \
-	-e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
-	-e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
-	-e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
-	-e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
-	/etc/apt/sources.list; fi
-
-########################################
-RUN apk --update --no-cache add \
-    curl \
-    imagemagick \
-    inotify-tools \
-    libgd \
-    nginx \
-    php7 \
-    php7-cli \
-    php7-ctype \
-    php7-curl \
-    php7-fpm \
-    php7-gd \
-    php7-imagick \
-    php7-json \
-    php7-ldap \
-    php7-mbstring \
-    php7-openssl \
-    php7-pdo \
-    php7-pdo_sqlite \
-    php7-session \
-    php7-simplexml \
-    php7-sqlite3 \
-    php7-xml \
-    php7-zip \
-    php7-zlib \
-    shadow \
-    su-exec \
-    tar \
-    tzdata \
-  && rm -rf /tmp/* /var/cache/apk/* /var/www/*
-
-ENV S6_BEHAVIOUR_IF_STAGE2_FAILS="2" \
-  DOKUWIKI_VERSION="2020-07-29" \
-  DOKUWIKI_MD5="8867b6a5d71ecb5203402fe5e8fa18c9" \
-  TZ="UTC" \
-  PUID="1500" \
-  PGID="1500"
-
-RUN apk --update --no-cache add -t build-dependencies \
-    gnupg \
-    wget \
-  && cd /tmp \
-  && wget -q "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-$DOKUWIKI_VERSION.tgz" \
-  && echo "$DOKUWIKI_MD5  /tmp/dokuwiki-$DOKUWIKI_VERSION.tgz" | md5sum -c - | grep OK \
-  && tar -xzf "dokuwiki-$DOKUWIKI_VERSION.tgz" --strip 1 -C /var/www \
-  && apk del build-dependencies \
-  && rm -rf /root/.gnupg /tmp/* /var/cache/apk/*
-
-COPY rootfs /
-RUN  rm -f /dokuwiki.tgz
-COPY htaccess /dokuwiki/.htaccess
-
-RUN chmod a+x /usr/local/bin/* \
-  && addgroup -g ${PGID} dokuwiki \
-  && adduser -D -H -u ${PUID} -G dokuwiki -s /bin/sh dokuwiki
-
-EXPOSE 8000
-WORKDIR /var/www
-VOLUME [ "/data" ]
-
-ENTRYPOINT [ "/init" ]
-
-HEALTHCHECK --interval=10s --timeout=5s --start-period=20s \
-  CMD curl --fail http://127.0.0.1:12345/ping || exit 1

dockers/dokuwiki/docker-compose.yml

@@ -1,7 +1,7 @@
 services:
 
   dokuwiki:
-    image: mprasil/dokuwiki
+    image: dokuwiki/dokuwiki
     container_name: ${dokuwikiServName}
     restart: ${restartPolicy}
     # ports:
@@ -12,14 +12,15 @@ services:
     external_links:
       - ${smtpServName}:${smtpHost}.${domain}
     volumes:
-      - "dokuwikiData:/dokuwiki/data"
+      - "dokuwikiData:/storage/data"
-      - "dokuwikiConf:/dokuwiki/conf"
+      - "dokuwikiConf:/storage/conf"
-      - "dokuwikiPlugins:/dokuwiki/lib/plugins"
+      - "dokuwikiPlugins:/storage/lib/plugins"
-      - "dokuwikiLibtpl:/dokuwiki/lib/tpl"
+      - "dokuwikiLibtpl:/storage/lib/tpl"
       - "dokuwikiLogs:/var/log"
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.${dokuwikiServName}.rule=Host(`${dokuwikiHost}.${domain}`)"
+      - "traefik.http.services.${dokuwikiServName}.loadbalancer.server.port=8080"
       - "traefik.docker.network=dokuwikiNet"
 
 volumes:

dockers/ldap/docker-compose.yml

@@ -68,6 +68,16 @@ services:
       - /etc/timezone:/etc/timezone:ro
     networks:
       - ldapNet
+    # labels:
+    #   - "traefik.enable=true"
+    #   - "traefik.tcp.routers.${ldapServName}.rule=HostSNI(`ldap.${domain}`)"
+    #   - "traefik.tcp.routers.${ldapServName}.entrypoints=ldapsecure"
+    #   - "traefik.tcp.routers.${ldapServName}.tls=true"
+    #   - "traefik.tcp.routers.${ldapServName}.tls.domains[0].main=ldap.${domain}"
+    #   - "traefik.tcp.routers.${ldapServName}.tls.certResolver=letsencrypt"
+    #   - "traefik.tcp.routers.${ldapServName}.middlewares=ldap-ip-allowlist@file"
+    #   - "traefik.tcp.services.${ldapServName}.loadbalancer.server.port=389"
+    #   - "traefik.docker.network=ldapNet"
 
 volumes:
   openldapData:

dockers/mastodon/README.md

@@ -4,3 +4,9 @@ docker-compose run --rm web bundle exec rails db:setup
 Créer un compte admin :
 tootctl accounts create adminkaz --email admin@kaz.bzh --confirmed --role Owner
 tootctl accounts approve adminkaz
+
+après un upgrade mastodon j'ai du faire ça
+docker-compose run --rm web bundle exec rails db:migrate
+
+De la doc sur ldap :
+https://gist.github.com/sigmaris/5db742083a3406c7c385315634640650

dockers/mastodon/docker-compose.yml

@@ -1,6 +1,3 @@
-# This file is designed for production server deployment, not local development work
-# For a containerized local dev environment, see: https://github.com/mastodon/mastodon/blob/main/docs/DEVELOPMENT.md#docker
-
 services:
   db:
     container_name: ${mastodonDBName}
@@ -13,8 +10,6 @@ services:
       test: ['CMD', 'pg_isready', '-U', 'postgres']
     volumes:
       - postgres:/var/lib/postgresql/data
-    # environment:
-    #   - 'POSTGRES_HOST_AUTH_METHOD=trust'
     env_file:
       - ../../secret/env-mastodonDB
 
@@ -61,16 +56,11 @@ services:
   #     - '127.0.0.1:9200:9200'
 
   web:
-    # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
-    # build: .
     container_name: ${mastodonServName}
-    image: ghcr.io/mastodon/mastodon:v4.3.6
+    image: ghcr.io/mastodon/mastodon:v4.5.1
     restart: ${restartPolicy}
     environment:
       - LOCAL_DOMAIN=${mastodonHost}.${domain}
-      - SMTP_SERVER=smtp.${domain}
-      - SMTP_LOGIN=admin@${domain}
-      - SMTP_FROM_ADDRESS=admin@${domain}
     env_file:
       - env-config
       - ../../secret/env-mastodonServ
@@ -92,27 +82,20 @@ services:
       - images:/mastodon/app/javascript/images
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.koz.rule=Host(`${mastodonHost}.${domain}`)"
+      - "traefik.http.routers.mastodon.rule=Host(`${mastodonHost}.${domain}`)"
-      - "traefik.http.services.koz.loadbalancer.server.port=3000"
+      - "traefik.http.services.mastodon.loadbalancer.server.port=3000"
       - "traefik.docker.network=mastodonNet"
 
-
   streaming:
-    # You can uncomment the following lines if you want to not use the prebuilt image, for example if you have local code changes
-    # build:
-    #   dockerfile: ./streaming/Dockerfile
-    #   context: .
     container_name: ${mastodonStreamingName}
-    image: ghcr.io/mastodon/mastodon-streaming:v4.3.6
+    image: ghcr.io/mastodon/mastodon-streaming:v4.5.1
     restart: ${restartPolicy}
     environment:
       - LOCAL_DOMAIN=${mastodonHost}.${domain}
-      - SMTP_SERVER=smtp.${domain}
-      - SMTP_LOGIN=admin@${domain}
-      - SMTP_FROM_ADDRESS=admin@${domain}
     env_file:
       - env-config
       - ../../secret/env-mastodonServ
+      - ../../secret/env-mastodonDB
     command: node ./streaming/index.js
     networks:
       - mastodonNet
@@ -126,24 +109,20 @@ services:
       - redis
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.kozs.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))"
+      - "traefik.http.routers.mastodons.rule=(Host(`${mastodonHost}.${domain}`) && PathPrefix(`/api/v1/streaming`))"
-      - "traefik.http.services.kozs.loadbalancer.server.port=4000"
+      - "traefik.http.services.mastodons.loadbalancer.server.port=4000"
       - "traefik.docker.network=mastodonNet"
 
   sidekiq:
-    # You can uncomment the following line if you want to not use the prebuilt image, for example if you have local code changes
-    # build: .
     container_name: ${mastodonSidekiqName}
-    image: ghcr.io/mastodon/mastodon:v4.3.6
+    image: ghcr.io/mastodon/mastodon:v4.5.1
     restart: ${restartPolicy}
     environment:
       - LOCAL_DOMAIN=${mastodonHost}.${domain}
-      - SMTP_SERVER=smtp.${domain}
-      - SMTP_LOGIN=admin@${domain}
-      - SMTP_FROM_ADDRESS=admin@${domain}
     env_file:
       - env-config
       - ../../secret/env-mastodonServ
+      - ../../secret/env-mastodonDB
     command: bundle exec sidekiq
     depends_on:
       - db

dockers/mastodon/env-config

@@ -67,7 +67,7 @@ ES_PASS=password
 # Sending mail
 # ------------
 #SMTP_SERVER=
-SMTP_PORT=587
+#SMTP_PORT=587
 #SMTP_LOGIN=
 #SMTP_PASSWORD=
 #SMTP_FROM_ADDRESS=

dockers/mattermost/docker-compose.yml

@@ -3,7 +3,7 @@
 services:
 
   app:
-    image: mattermost/mattermost-team-edition:11.0.2
+    image: mattermost/mattermost-team-edition:11.1
     container_name: ${mattermostServName}
     restart: ${restartPolicy}
     volumes:
@@ -16,7 +16,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
       - /etc/environment:/etc/environment:ro
-      - ./mostlymatter-amd64-v11.0.2:/mattermost/bin/mattermost
+      - ./mostlymatter-amd64-v11.1.0:/mattermost/bin/mattermost
     env_file:
       - ../../secret/env-${mattermostServName}
     environment:

dockers/sympa/wait-sympa.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+#quoi: lancer des cmdes iptables lorsque sympa est up 
+#quand: 02/12/2025
+#qui: fab
+
+CONTAINER="sympaServ"
+HOST_SCRIPT="/kaz/dockers/sympa/updateFirewall.sh"
+
+echo "On attend que sympa soit UP"
+
+# Boucle jusqu'à ce qu'il soit en état running
+while :; do
+    state=$(docker inspect -f '{{.State.Running}}' "$CONTAINER" 2>/dev/null)
+    if [ "$state" = "true" ]; then
+        echo "$CONTAINER est up. démarrage de  $HOST_SCRIPT..."
+        bash "$HOST_SCRIPT"
+        exit 0
+    fi
+    sleep 2
+done

dockers/traefik/conf/allow_ip.yml.dist

@@ -9,3 +9,10 @@ http:
       ipallowlist:
         sourceRange:
           - "127.0.0.1"
+
+tcp:
+  middlewares:
+    ldap-ip-allowlist:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1"

dockers/traefik/docker-compose.tmpl.yml.dist

@@ -1,12 +1,13 @@
 services:
   reverse-proxy:
-    image: traefik:v3.5.1
+    image: traefik:v3.6.2
     container_name: ${traefikServName}
     restart: ${restartPolicy}
     # Enables the web UI and tells Traefik to listen to docker
     ports:
       - ${MAIN_IP}:80:80
       - ${MAIN_IP}:443:443
+      - ${MAIN_IP}:636:636
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./conf:/etc/traefik/
@@ -24,6 +25,7 @@ services:
       - TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipallowlist@file
       - TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT=600
       - TRAEFIK_ENTRYPOINTS_websecure_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT=600
+      - TRAEFIK_ENTRYPOINTS_ldapsecure_ADDRESS=:636
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json