Quick Start: SSP

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

services:
    ssp:
        image: ltbproject/self-service-password
        volumes:
            - ./ssp.conf.php:/var/www/conf/config.inc.local.php
        networks:
            - traefik-net

networks:
    traefik-net:
        external: true

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

<?php
// general
$keyphrase = "mysecret";
// $debug = true;
// $smarty_debug = true;
$login_forbidden_chars = "*()&|";

// ldap connection
// ldap-srv is your ldap service name in docker compose file
$ldap_url = "ldap://ldap-srv:1389";
$ldap_binddn = "cn=admin,dc=chaos,dc=io";
$ldap_bindpw = "secret";
$who_change_password = "manager";
$ldap_base = "ou=users,dc=chaos,dc=io";
$ldap_filter = "(&(objectClass=person)(uid={login}))";

// password policy
$hash = "auto";
$pwd_min_length = 12;
$pwd_max_length = 30;
$pwd_min_lower = 1;
$pwd_min_upper = 1;
$pwd_min_digit = 1;
$pwd_min_special = 1;
$pwd_special_chars = "^a-zA-Z0-9"; // This means special characters are all characters except alphabetical letters and digits.
$pwd_no_special_at_ends = true; // Special characters are not allowed at the beginning or at the end of the password.
$pwd_show_policy = "always"; // never, onerror, always
$pwd_show_policy_pos = "above"; // above, below
$show_extended_error = true;

// reset by mail tokens
$use_tokens = true;
$mail_address_use_ldap = true;

?>

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

http:
    routers:
        ssp:
            rule: "Host(`ssp.x.internal`)"
            service: "ssp"
            tls: { }

    services:
        ssp:
            loadBalancer:
                servers:
                    -   url: "http://ssp"

1

127.0.0.1 ssp.x.internal

1
2
3
4

docker compose up -d
# Alternative commands:
# docker compose -p ssp up -d
# docker compose -f ./compose.yml -p ssp up -d