irst commit

johann8 · johann8 · commit dca8a0a24794 · 2023-04-17T10:26:07.000+02:00
diff --git a/.env b/.env
@@ -0,0 +1,42 @@
+##### SYSTEM
+TZ=Europe/Berlin
+DOCKERDIR=/opt/inventory
+
+### Network
+DOMAINNAME=changeme.de
+HOSTNAME_OCS=ocs
+HOSTNAME_INVENTORY=ocsinventory            # For inventory - client access
+PORT_OCS=80
+HOSTNAME_GLPI=glpi
+PORT_GLPI=8080
+#PORT1=8082
+SUBNET_FRONTEND=172.16.208
+SUBNET_BACKEND=172.16.209
+
+### APP OCS
+VERSION_OCS=latest
+OCS_SSL_ENABLED=0
+OCS_DB_SERVER=mariadb
+OCS_DB_PORT=3306
+OCS_DB_NAME=ocsweb
+OCS_DB_USER=ocs
+# pwgen -1cnsB 25 1
+OCS_DB_PASS=MyPassword123
+
+
+### APP GLPI
+GLPI_LANG=de_DE
+VERSION=latest
+UPLOAD_MAX_FILESIZE=100M
+POST_MAX_SIZE=50M
+MARIADB_GLPI_HOST=mariadb
+MARIADB_GLPI_PORT=3306
+MARIADB_GLPI_DATABASE=glpi
+MARIADB_GLPI_USER=glpi
+# pwgen -1cnsB 25 1
+MARIADB_GLPI_PASSWORD=MyPassword456
+
+### MYSQL DB
+VERSION_DB=10.9
+# pwgen -1cnsB 30 1
+MARIADB_ROOT_PASSWORD=MySuperPassword789
diff --git a/README.md b/README.md
@@ -0,0 +1,125 @@
+<h1 align="center">GLPI - IT Asset Management</h1>
+
+<p align='justify'>
+
+<a href="https://glpi-project.org">GLPI</a> - is an open source IT Asset Management, issue tracking system and service desk system. This software is written in PHP and distributed as open-source software under the GNU General Public License.
+
+GLPI is a web-based application helping companies to manage their information system. The solution is able to build an inventory of all the organization's assets and to manage administrative and financial tasks. The system's functionalities help IT Administrators to create a database of technical resources, as well as a management and history of maintenances actions. Users can declare incidents or requests (based on asset or not) thanks to the Helpdesk feature.
+</p>
+
+- [GLPI Docker Image](#glpi-docker-image)
+- [Install GLPI docker container](#install-glpi-docker-container)
+  - [Setup Timezone](#setup-timezone)
+  - [Setup General](#setup-general)
+  - [Setup Plugins via CLI](#setup-plugins-via-cli)
+  - [Setup OCS Inventory NG](#setup-ocs-inventory-ng)
+  - [Setup Mailgate](#setup-mailgate)
+  - [Setup Memcached](#setup-memcached)
+
+## GLPI Docker Image
+Image is based on [Alpine 3.17](https://hub.docker.com/repository/docker/johann8/bacularis/general)
+
+| pull | size | version | platform |
+|:---------------------------------:|:----------------------------------:|:--------------------------------:|:--------------------------------:|
+| ![Docker Pulls](https://img.shields.io/docker/pulls/johann8/alpine-glpi?style=flat-square) | ![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/johann8/alpine-glpi/latest) | [![](https://img.shields.io/docker/v/johann8/alpine-glpi?sort=date)](https://hub.docker.com/r/johann8/alpine-glpi/tags "Version badge") | ![](https://img.shields.io/badge/platform-amd64-blue "Platform badge") |
+
+## Install GLPI docker container
+- create folders
+
+```bash
+DOCKERDIR=/opt/inventory
+mkdir -p ${DOCKERDIR}/data/ocsinventory/{perlcomdata,ocsreportsdata,varlibdata,httpdconfdata} 
+mkdir -p ${DOCKERDIR}/data/nginx/{config,certs,auth}
+chown -R 101:101 ${DOCKERDIR}/data/ocsinventory/perlcomdata/
+chown -R 101:101 ${DOCKERDIR}/data/ocsinventory/ocsreportsdata/
+chown -R 101:101 ${DOCKERDIR}/data/ocsinventory/varlibdata/
+mkdir -p ${DOCKERDIR}/data/{glpi,crond,crontabs,mariadb}
+mkdir -p ${DOCKERDIR}/data/glpi/{files,plugins,config}
+mkdir -p ${DOCKERDIR}/data/crond/{5min,15min,30min,hourly,daily,weekly,monthly}
+chown -R 100:101 ${DOCKERDIR}/data/glpi/*
+mkdir -p ${DOCKERDIR}/data/mariadb/{config,dbdata,socket}
+cd ${DOCKERDIR}
+tree -d -L 3 ${DOCKERDIR}
+```
+
+- Download config files
+
+```bash
+DOCKERDIR=//opt/inventory
+cd ${DOCKERDIR}
+wget https://raw.githubusercontent.com/johann8/alpine-glpi/master/docker-compose.yml
+wget https://raw.githubusercontent.com/johann8/alpine-glpi/master/docker-compose.override.yml
+wget https://raw.githubusercontent.com/johann8/alpine-glpi/master/.env
+```
+
+- Customize variable in .env file
+
+- Generate passwords for MariaDB
+```bash
+DOCKERDIR=/opt/inventory
+PASSWORD_OCS=$(pwgen -1cnsB 25 1); sed -i "s/MyPassword123/${PASSWORD_OCS}/" ${DOCKERDIR}/.env
+PASSWORD_GLPI=$(pwgen -1cnsB 25 1); sed -i "s/MyPassword456/${PASSWORD_GLPI}/" ${DOCKERDIR}/.env 
+PASSWORD_ROOT=$(pwgen -1cnsB 30 1); sed -i "s/MySuperPassword789/${PASSWORD_ROOT}/" ${DOCKERDIR}/.env
+cat ${DOCKERDIR}/.env
+```
+- Generate Nginx certificate for FQDN: ocsinventory.changeme.de
+```bash
+# Generate private key
+openssl genrsa -out /etc/pki/tls/private/ca.key 2048 
+
+# Generate CSR (Common Name is ocsinventory.changeme.de)
+openssl req -new -key /etc/pki/tls/private/ca.key -out /etc/pki/tls/private/ca.csr
+
+# Generate Self Signed Key
+openssl x509 -req -days 3650 -in /etc/pki/tls/private/ca.csr -signkey /etc/pki/tls/private/ca.key -out /etc/pki/tls/certs/ca.crt
+openssl x509 -in  /etc/pki/tls/certs/ca.crt -text -noout
+
+# convert crt to pem
+cd /etc/pki/tls/certs && openssl x509 -in ca.crt -out cacert.pem
+cd -
+openssl x509 -in  /etc/pki/tls/certs/cacert.pem -text -noout
+
+# copy certificates
+DOCKERDIR=/opt/inventory
+cp /etc/pki/tls/private/ca.key ${DOCKERDIR}/data/nginx/certs/ocs.key
+cp /etc/pki/tls/certs/ca.crt ${DOCKERDIR}/data/nginx/certs/ocs.crt
+cp /etc/pki/tls/certs/cacert.pem ${DOCKERDIR}/
+```
+- Run all docker container
+
+```bash
+DOCKERDIR=/opt/glpi
+cd ${DOCKERDIR}
+docker-compose up -d
+
+# show logs
+docker-compose logs
+
+# show running containers
+docker-compose ps
+```
+- Create GLPI Database
+```bash
+DOCKERDIR=/opt/inventory
+docker-compose exec mariadb bash
+mysql --batch --user=root --password=${MARIADB_ROOT_PASSWORD} -e "create database "${MARIADB_GLPI_DATABASE}" character set utf8mb4"
+mysql --batch --user=root --password=${MARIADB_ROOT_PASSWORD} -e "CREATE USER "${MARIADB_GLPI_USER}""
+mysql --batch --user=root --password=${MARIADB_ROOT_PASSWORD} -e "grant all on "${MARIADB_GLPI_DATABASE}".*  to '${MARIADB_GLPI_USER}'@'%' identified by '${MARIADB_GLPI_PASSWORD}'"
+mysql --batch --user=root --password=${MARIADB_ROOT_PASSWORD} -e "FLUSH PRIVILEGES"
+mysql --batch --user=root --password=${MARIADB_ROOT_PASSWORD} -e "show databases;"
+mysql --batch --user=root --password=${MARIADB_ROOT_PASSWORD} -e "select Host,User,Password from mysql.user;"
+exit
+```
+### Install Install OCS Inventory
+- Go to http://ocs.int.brg-recht.de/ocsreports/
+
+### Install GLPI
+- Go to http://glpi.mydomain.de
+- Enter the database connection details as shown in the picture
+![Connect to Database](https://raw.githubusercontent.com/johann8/alpine-glpi/master/docs/assets/screenshots/GLPI_Setup_01.PNG)
+- Choose the database glpi
+![Choose Database](https://raw.githubusercontent.com/johann8/alpine-glpi/master/docs/assets/screenshots/GLPI_Setup_02.PNG)
+
+- Run through the installation wizard and log in with glpi / glpi
+
+Enjoy!
diff --git a/assets/mariadb/config/my.cnf b/assets/mariadb/config/my.cnf
@@ -0,0 +1,30 @@
+[mysqld]
+default-time-zone              = 'Europe/Berlin'
+character-set-client-handshake = FALSE
+character-set-server           = utf8mb4
+collation-server               = utf8mb4_unicode_ci
+max_allowed_packet             = 192M
+max-connections                = 350
+key_buffer_size                = 0
+read_buffer_size               = 192K
+sort_buffer_size               = 2M
+innodb_buffer_pool_size        = 24M
+read_rnd_buffer_size           = 256K
+tmp_table_size                 = 24M
+performance_schema             = 0
+innodb-strict-mode             = 0
+thread_cache_size              = 8
+query_cache_type               = 0
+query_cache_size               = 0
+max_heap_table_size            = 48M
+thread_stack                   = 256K
+skip-host-cache
+#skip-name-resolve
+log-warnings                   = 0
+event_scheduler                = 1
+
+[client]
+default-character-set          = utf8mb4
+
+[mysql]
+default-character-set          = utf8mb4
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
@@ -0,0 +1,40 @@
+version: "3.3"
+services:
+
+  ocsapp:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+      - "traefik.http.routers.ocs-secure.entrypoints=websecure"
+      - "traefik.http.routers.ocs-secure.middlewares=default-chain@file,rate-limit@file"
+      - "traefik.http.routers.ocs-secure.rule=Host(`${HOSTNAME_OCS}.${DOMAINNAME}`)"
+      - "traefik.http.routers.ocs-secure.service=ocs"
+      #- "traefik.http.routers.ocs-secure.tls.certresolver=produktion"             # für eigene Zertifikate
+      - "traefik.http.routers.ocs-secure.tls.options=modern@file"
+      - "traefik.http.routers.ocs-secure.tls=true"
+      - "traefik.http.services.ocs.loadbalancer.sticky.cookie.httpOnly=true"
+      - "traefik.http.services.ocs.loadbalancer.sticky.cookie.secure=true"
+      - "traefik.http.services.ocs.loadbalancer.server.port=${PORT_OCS}"
+    networks:
+      - proxy
+
+  glpi:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+      - "traefik.http.routers.glpi-secure.entrypoints=websecure"
+      - "traefik.http.routers.glpi-secure.middlewares=default-chain@file,rate-limit@file"
+      - "traefik.http.routers.glpi-secure.rule=Host(`${HOSTNAME_GLPI}.${DOMAINNAME}`)"
+      - "traefik.http.routers.glpi-secure.service=glpi"
+      #- "traefik.http.routers.glpi-secure.tls.certresolver=produktion"             # für eigene Zertifikate
+      - "traefik.http.routers.glpi-secure.tls.options=modern@file"
+      - "traefik.http.routers.glpi-secure.tls=true"
+      - "traefik.http.services.glpi.loadbalancer.sticky.cookie.httpOnly=true"
+      - "traefik.http.services.glpi.loadbalancer.sticky.cookie.secure=true"
+      - "traefik.http.services.glpi.loadbalancer.server.port=${PORT_GLPI}"
+    networks:
+      - proxy
+
+networks:
+  proxy:
+    external: true
diff --git a/docker-compose.yml b/docker-compose.yml
