...

2023-03-29 13:04:10 +00:00
parent 8167183686
commit 5ec489e0e0
28 changed files with 426 additions and 108 deletions
--- a/ipam/.env
+++ b/ipam/.env
@@ -0,0 +1,6 @@
+TZ=Europe/Berlin
+IPAM_DATABASE_WEBHOST=%
+SCAN_INTERVAL=1h
+MARIADB_HOST=ipam_db
+MARIADB_ROOT_PASSWORD=IPAMrootpwd
+
--- a/ipam/Dockerfile
+++ b/ipam/Dockerfile
@@ -0,0 +1,76 @@
+FROM php:7.2-apache
+MAINTAINER Pierre Cheynier <pierre.cheynier@gmail.com>
+
+ENV PHPIPAM_SOURCE https://github.com/phpipam/phpipam/
+ARG PHPIPAM_VERSION=1.5.1
+ENV PHPMAILER_SOURCE https://github.com/PHPMailer/PHPMailer/
+ARG PHPMAILER_VERSION=6.7.1
+ENV PHPSAML_SOURCE https://github.com/onelogin/php-saml/
+ARG PHPSAML_VERSION=3.4.1
+ENV WEB_REPO /var/www/html
+
+# Install required deb packages
+RUN sed -i /etc/apt/sources.list -e 's/$/ non-free'/ && \
+    apt-get update && apt-get -y upgrade && \
+    rm /etc/apt/preferences.d/no-debian-php && \
+    apt-get install -y libcurl4-gnutls-dev libgmp-dev libmcrypt-dev libfreetype6-dev libjpeg-dev libpng-dev libldap2-dev libsnmp-dev snmp-mibs-downloader iputils-ping && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install required packages and files required for snmp
+RUN mkdir -p /var/lib/mibs/ietf && \
+    curl -sL https://github.com/cisco/cisco-mibs/raw/main/v2/CISCO-SMI.my -o /var/lib/mibs/ietf/CISCO-SMI.txt && \
+    curl -sL https://github.com/cisco/cisco-mibs/raw/main/v2/CISCO-TC.my -o /var/lib/mibs/ietf/CISCO-TC.txt && \
+    curl -sL https://github.com/cisco/cisco-mibs/raw/main/v2/CISCO-VTP-MIB.my -o /var/lib/mibs/ietf/CISCO-VTP-MIB.txt && \
+    curl -sL https://github.com/cisco/cisco-mibs/raw/main/v2/MPLS-VPN-MIB.my -o /var/lib/mibs/ietf/MPLS-VPN-MIB.txt
+
+# Configure apache and required PHP modules
+RUN docker-php-ext-configure mysqli --with-mysqli=mysqlnd && \
+    docker-php-ext-install mysqli && \
+    docker-php-ext-configure gd --with-freetype-dir=/usr/include/freetype2 --with-png-dir=/usr/include --with-jpeg-dir=/usr/include && \
+    docker-php-ext-install gd && \
+    docker-php-ext-install curl && \
+    docker-php-ext-install json && \
+    docker-php-ext-install snmp && \
+    docker-php-ext-install sockets && \
+    docker-php-ext-install pdo_mysql && \
+    docker-php-ext-install gettext && \
+    ln -s /usr/include/$(uname -m)-linux-gnu/gmp.h /usr/include/gmp.h && \
+    docker-php-ext-configure gmp --with-gmp=/usr/include/$(uname -m)-linux-gnu && \
+    docker-php-ext-install gmp && \
+    docker-php-ext-install pcntl && \
+    docker-php-ext-configure ldap --with-libdir=lib/$(uname -m)-linux-gnu && \
+    docker-php-ext-install ldap && \
+    pecl install mcrypt-1.0.1 && \
+    docker-php-ext-enable mcrypt && \
+    echo ". /etc/environment" >> /etc/apache2/envvars && \
+    a2enmod rewrite
+
+COPY php.ini /usr/local/etc/php/
+
+# Copy phpipam sources to web dir
+ADD ${PHPIPAM_SOURCE}/archive/v${PHPIPAM_VERSION}.tar.gz /tmp/
+RUN tar -xzf /tmp/v${PHPIPAM_VERSION}.tar.gz -C ${WEB_REPO}/ --strip-components=1
+# Copy referenced submodules into the right directory
+ADD ${PHPMAILER_SOURCE}/archive/v${PHPMAILER_VERSION}.tar.gz /tmp/
+RUN tar -xzf /tmp/v${PHPMAILER_VERSION}.tar.gz -C ${WEB_REPO}/functions/PHPMailer/ --strip-components=1
+ADD ${PHPSAML_SOURCE}/archive/refs/tags/${PHPSAML_VERSION}.tar.gz /tmp/
+RUN tar -xzf /tmp/${PHPSAML_VERSION}.tar.gz -C ${WEB_REPO}/functions/php-saml/ --strip-components=1
+
+# Use system environment variables into config.php
+ENV PHPIPAM_BASE /
+RUN cp ${WEB_REPO}/config.dist.php ${WEB_REPO}/config.php && \
+    chown www-data /var/www/html/app/admin/import-export/upload && \
+    chown www-data /var/www/html/app/subnets/import-subnet/upload && \
+    chown www-data /var/www/html/css/images/logo && \
+    echo "\$db['webhost'] = '%';" >> ${WEB_REPO}/config.php && \
+    sed -i -e "s/\['host'\] = '127.0.0.1'/\['host'\] = getenv(\"MYSQL_ENV_MYSQL_HOST\") ?: \"mysql\"/" \
+    -e "s/\['user'\] = 'phpipam'/\['user'\] = getenv(\"MYSQL_ENV_MYSQL_USER\") ?: \"root\"/" \
+    -e "s/\['name'\] = 'phpipam'/\['name'\] = getenv(\"MYSQL_ENV_MYSQL_DB\") ?: \"phpipam\"/" \
+    -e "s/\['pass'\] = 'phpipamadmin'/\['pass'\] = getenv(\"MYSQL_ENV_MYSQL_ROOT_PASSWORD\")/" \
+    -e "s/\['port'\] = 3306;/\['port'\] = 3306;\n\n\$password_file = getenv(\"MYSQL_ENV_MYSQL_PASSWORD_FILE\");\nif(file_exists(\$password_file))\n\$db\['pass'\] = preg_replace(\"\/\\\\s+\/\", \"\", file_get_contents(\$password_file));/" \
+    -e "s/define('BASE', \"\/\")/define('BASE', getenv(\"PHPIPAM_BASE\"))/" \
+    -e "s/\$gmaps_api_key.*/\$gmaps_api_key = getenv(\"GMAPS_API_KEY\") ?: \"\";/" \
+    -e "s/\$gmaps_api_geocode_key.*/\$gmaps_api_geocode_key = getenv(\"GMAPS_API_GEOCODE_KEY\") ?: \"\";/" \
+    ${WEB_REPO}/config.php
+
+EXPOSE 80
--- a/ipam/INSTALL.md
+++ b/ipam/INSTALL.md
@@ -0,0 +1,130 @@
+# docker-phpipam
+
+phpIPAM is an open-source web IP address management application. Its goal is to provide light and simple IP address management application.
+
+phpIPAM is developed and maintained by Miha Petkovsek, released under the GPL v3 license, project source is [here](https://github.com/phpipam/phpipam).
+
+Learn more on [phpIPAM homepage](http://phpipam.net).
+
+![phpIPAM logo](http://phpipam.net/wp-content/uploads/2014/12/phpipam_logo_small.png)
+
+## How to use this Docker image
+
+### Mysql
+
+Run a MySQL database, dedicated to phpipam.
+
+```bash
+$ docker run --name phpipam-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -v /my_dir/phpipam:/var/lib/mysql -d mysql:5.6
+```
+
+Here, we store data on the host system under `/my_dir/phpipam` and use a specific root password.
+
+### Phpipam
+
+```bash
+$ docker run -ti -d -p 80:80 -e MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw --name ipam --link phpipam-mysql:mysql pierrecdn/phpipam
+```
+
+We are linking the two containers and exposing the HTTP port.
+
+### First install scenario
+
+* Browse to `http://<ip>[:<specific_port>]/install/`
+* Step 1 : Choose 'Automatic database installation'
+
+![step1](https://cloud.githubusercontent.com/assets/4225738/8746785/01758b9e-2c8d-11e5-8643-7f5862c75efe.png)
+
+* Step 2 : Re-Enter connection information
+
+![step2](https://cloud.githubusercontent.com/assets/4225738/8746789/0ad367e2-2c8d-11e5-80bb-f5093801e139.png)
+
+* Note that these two first steps could be swapped by patching phpipam (see https://github.com/phpipam/phpipam/issues/25)
+* Step 3 : Configure the admin user password
+
+![step3](https://cloud.githubusercontent.com/assets/4225738/8746790/0c434bf6-2c8d-11e5-9ae7-b7d1021b7aa0.png)
+
+* You're done !
+
+![done](https://cloud.githubusercontent.com/assets/4225738/8746792/0d6fa34e-2c8d-11e5-8002-3793361ae34d.png)
+
+### Docker compose
+
+You can also create an all-in-one YAML deployment descriptor with Docker compose, like this:
+
+```yaml
+version: '2'
+
+services:
+  mysql:
+    image: mysql:5.6
+    environment:
+      - MYSQL_ROOT_PASSWORD=my-secret-pw
+    restart: always
+    volumes:
+      - db_data:/var/lib/mysql
+  ipam:
+    depends_on:
+      - mysql
+    image: pierrecdn/phpipam
+    environment:
+      - MYSQL_ENV_MYSQL_USER=root
+      - MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw
+      - MYSQL_ENV_MYSQL_HOST=mysql
+    ports:
+      - "80:80"
+volumes:
+  db_data:
+```
+
+And next :
+
+```bash
+$ docker-compose up -d
+```
+
+You can also point the `MYSQL_ENV_PASSWORD_FILE` environment variable to a file,
+in which case the contents of this file will be used as the password.
+This makes it possible to use docker secrets for instance:
+
+```yaml
+version: '3'
+
+services:
+  ipam:
+    environment:
+      - MYSQL_ENV_MYSQL_PASSWORD_FILE=/run/secrets/phpipam_mysql_root_password
+    secrets:
+      - phpipam_mysql_root_password
+```
+
+The secret can be created by running `echo my-secret-pw | docker secret create phpipam_mysql_root_password -`
+
+### Advanced Configuration
+
+Here is the list of the available environment variables in the phpipam container, pass them to docker using `-e`.
+None of them are actually needed to run the container, this is only to tweak the behavior.
+
+| Environment variable           | Default value | Description                                                                                              |
+| ------------------------------ |:-------------:| --------------------------------------------------------------------------------------------------------:|
+| MYSQL_ENV_MYSQL_HOST           | mysql         | The host used to reach the MySQL instance                                                                |
+| MYSQL_ENV_MYSQL_USER           | root          | The user to connect the MySQL instance                                                                   |
+| MYSQL_ENV_MYSQL_ROOT_PASSWORD  | (empty)       | The MySQL password. Can be set using the Web UI during the first install                                 |
+| MYSQL_ENV_MYSQL_DB             | phpipam       | The name of the MySQL DB to connect to                                                                   |
+| MYSQL_ENV_MYSQL_PASSWORD_FILE  | (empty)       | A file containing the password (if not using MYSQL_ROOT_PASSWORD) this allows to leverage docker secrets |
+| PHPIPAM_BASE                   | /             | The base URI under which phpipam runs. Useful when performing rewrites with a reverse-proxy              |
+| GMAPS_API_KEY                  | (empty)       | Google Maps API Key, used to display maps of your devices                                                |
+| GMAPS_API_GEOCODE_KEY          | (empty)       | Google Maps Geocode API Key, used to find coordinates from an address/ a location of your device         |
+
+### Specific integration (HTTPS, multi-host containers, etc.)
+
+Regarding your requirements and docker setup, you've to expose resources.
+
+For HTTPS, run a reverse-proxy in front of your phpipam container and link it to.
+
+For multi-host containers, expose ports, run etcd or consul to make service discovery works etc.
+
+### Notes
+
+phpIPAM is under heavy development by the amazing Miha.
+To upgrade the release version, just change the `PHPIPAM_VERSION` environment variable to the target release (see [here](https://github.com/phpipam/phpipam/releases)).
--- a/ipam/docker-compose.yml
+++ b/ipam/docker-compose.yml
@@ -2,45 +2,43 @@
 version: '3'

 services:
-  phpipam-web:
+  web:
    image: phpipam/phpipam-www:latest
-    container_name: phpipam_www
+    container_name: ipam_www
    ports:
      - "8080:80"
    environment:
-      - TZ=Europe/Berlin
-      - IPAM_DATABASE_HOST=phpipam-mariadb
-      - IPAM_DATABASE_PASS=IPAMpass
+      - TZ=${TZ}
+      - IPAM_DATABASE_HOST=${MARIADB_HOST}
+      - IPAM_DATABASE_PASS=${MARIADB_ROOT_PASSWORD}
      - IPAM_DATABASE_WEBHOST=%
    restart: unless-stopped
    volumes:
-      - phpipam-logo:/phpipam/css/images/logo
+      - ./volumes/logo:/phpipam/css/images/logo
    depends_on:
-      - phpipam-mariadb
+      - mariadb

-  phpipam-cron:
+  cron:
    image: phpipam/phpipam-cron:latest
-    container_name: phpipam_cron
+    container_name: ipam_cron
    environment:
-      - TZ=Europe/London
-      - IPAM_DATABASE_HOST=phpipam-mariadb
-      - IPAM_DATABASE_PASS=IPAMpass
-      - SCAN_INTERVAL=1h
+      - TZ=${TZ}
+      - SCAN_INTERVAL=1
+      - PHPIPAM_BASE=/
+      - MYSQL_ENV_MYSQL_USER=root
+      - MYSQL_ENV_MYSQL_DB=phpipam
+      - MYSQL_ENV_MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
+      - MYSQL_ENV_MYSQL_HOST=${MARIADB_HOST}
    restart: unless-stopped
    depends_on:
-      - phpipam-mariadb
+      - mariadb

-  phpipam-mariadb:
+  mariadb:
    image: mariadb:latest
-    container_name: phpipam_db
+    container_name: ipam_db
    environment:
-      - MYSQL_ROOT_PASSWORD=IPAMrootpwd
-      - MARIADB_USER=phpipam-mariadb
-      - MARIADB_PASSWORD=IPAMpass
+      - MARIADB_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD}
    restart: unless-stopped
    volumes:
-      - phpipam-db-data:/var/lib/mysql
+      - ./volumes/mariadb:/var/lib/mysql

-volumes:
-  phpipam-db-data:
-  phpipam-logo:
--- a/ipam/php.ini
+++ b/ipam/php.ini
@@ -0,0 +1,72 @@
+[PHP]
+engine = On
+short_open_tag = Off
+precision = 14
+output_buffering = 4096
+zlib.output_compression = Off
+implicit_flush = Off
+serialize_precision = 17
+zend.enable_gc = On
+expose_php = Off
+max_execution_time = 600
+max_input_time = 60
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+display_errors = Off
+log_errors = On
+log_errors_max_len = 1024
+default_mimetype = "text/html"
+default_charset = "UTF-8"
+file_uploads = On
+upload_max_filesize = 2M
+max_file_uploads = 20
+allow_url_fopen = On
+allow_url_include = Off
+default_socket_timeout = 60
+
+[Date]
+date.timezone = "UTC"
+
+[mail function]
+smtp_port = 25
+mail.add_x_header = On
+
+[SQL]
+sql.safe_mode = Off
+
+[MySQLi]
+mysqli.max_persistent = -1
+mysqli.allow_persistent = On
+mysqli.max_links = -1
+mysqli.cache_size = 2000
+mysqli.default_port = 3306
+mysqli.reconnect = Off
+
+[mysqlnd]
+mysqlnd.collect_statistics = On
+mysqlnd.collect_memory_statistics = Off
+
+[Session]
+session.save_handler = files
+session.use_strict_mode = 0
+session.use_cookies = 1
+session.use_only_cookies = 1
+session.name = PHPSESSID
+session.auto_start = 0
+session.cookie_lifetime = 0
+session.cookie_path = /
+session.cookie_domain =
+session.cookie_httponly =
+session.serialize_handler = php
+session.gc_probability = 1
+session.gc_divisor = 1000
+session.gc_maxlifetime = 1440
+session.cache_limiter = nocache
+session.cache_expire = 180
+session.use_trans_sid = 0
+session.hash_function = 0
+session.hash_bits_per_character = 5
+url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
+
+[ldap]
+ldap.max_links = -1
+