teleport 10 passwordless update

2025-01-23 14:50:57 +01:00 · 2022-08-30 19:01:48 +02:00 · 2022-08-30 19:01:48 +02:00 · ba2c9ebbb2
commit ba2c9ebbb2
parent d5b6dc0409
4 changed files with 94 additions and 31 deletions
--- a/docker-compose/teleport/README..md
+++ b/docker-compose/teleport/README..md
@ -1 +1,29 @@
-TODO: #19 Insert teleport readme
+# Teleport Boilerplates
+
+//TODO Add Description
+
+Tested with teleport 10
+
+## Deployment
+
+Copy the `docker-compose.yml`, and `config/teleport.yml` files into your project folder and start the container.
+
+## Configuration
+
+### Create a new user
+
+```bash
+
+```
+
+## Best-Practices & Post-Installation
+
+### Enable passwordless
+
+To enable passwordless feature remove the **(Optional) Passwordless Authentication** statements from the `config/teleport.yml` file and re-start the container.
+
+### Get a trusted SSL cert from Letsencrypt
+
+To get a trusted SSL cert from Letsnecrypt remove the **(Optional) ACME** statements from the `config/teleport.yml` file and re-start the container.
+
+*Note, you need a public DNS Record that points to your-server-url.*
--- a/docker-compose/teleport/config/teleport.yml
+++ b/docker-compose/teleport/config/teleport.yml
@ -0,0 +1,44 @@
+version: v2
+teleport:
+  nodename: your-server-name
+  data_dir: /var/lib/teleport
+  log:
+    output: stderr
+    severity: INFO
+    format:
+      output: text
+  ca_pin: ""
+  diag_addr: ""
+auth_service:
+  enabled: "yes"
+  listen_addr: 0.0.0.0:3025
+  proxy_listener_mode: multiplex
+  cluster_name: your-server-url
+  # ---
+  # (Optional) Passwordless Authentication
+  # authentication:
+  #   type: local
+  #   second_factor: on
+  #   webauthn:
+  #     rp_id: your-server-url
+  #   connector_name: passwordless
+  # ---
+ssh_service:
+  enabled: "yes"
+  commands:
+  - name: hostname
+    command: [hostname]
+    period: 1m0s
+proxy_service:
+  enabled: "yes"
+  web_listen_addr: 0.0.0.0:443
+  public_addr: your-server-url
+  https_keypairs: []
+  acme: {}
+  # ---
+  # (Optional) ACME
+  # acme:
+  #   enabled: "yes"
+  #   email: your-email-address
+  # ---
+
--- a/docker-compose/teleport/docker-compose.yml
+++ b/docker-compose/teleport/docker-compose.yml
@ -0,0 +1,21 @@
+version: '3'
+
+volumes:
+  teleport-data:
+  
+services:
+
+  teleport:
+    image: quay.io/gravitational/teleport:10.0.2
+    user: 1000:1000
+    container_name: teleport
+    entrypoint: /bin/sh
+    command: -c "/usr/bin/dumb-init teleport start -d -c /etc/teleport/teleport.yml"
+    ports:
+      - "3023:3023"
+      - "3024:3024"
+      - "3025:3025"
+      - "443:443"
+    volumes:
+      - .config:/etc/teleport
+      - teleport-data:/var/lib/teleport
--- a/docker-compose/teleport/teleport.yaml
+++ b/docker-compose/teleport/teleport.yaml
@ -1,30 +0,0 @@
---
-version: '2'
-
-services:
-
-  configure:
-    image: quay.io/gravitational/teleport:4.3
-    container_name: teleport-configure
-    entrypoint: /bin/sh
-    hostname: dev.the-digital-life.com
-    command: -c "if [ ! -f /etc/teleport/teleport.yaml ]; then teleport configure > /etc/teleport/teleport.yaml; fi"
-    volumes:
-      - ./teleport/config:/etc/teleport
-
-  teleport:
-    image: quay.io/gravitational/teleport:4.3
-    container_name: teleport
-    entrypoint: /bin/sh
-    hostname: dev.the-digital-life.com
-    command: -c "sleep 1 && /bin/dumb-init teleport start -c /etc/teleport/teleport.yaml"
-    ports:
-      - "3023:3023"
-      - "3024:3024"
-      - "3025:3025"
-      - "3080:3080"
-    volumes:
-      - ./teleport/config:/etc/teleport
-      - ./teleport/data:/var/lib/teleport
-    depends_on:
-      - configure