From ba2c9ebbb28a290f781a54de811437fe07539ba5 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Tue, 30 Aug 2022 19:01:48 +0200 Subject: [PATCH] teleport 10 passwordless update --- docker-compose/teleport/README..md | 30 +++++++++++++- docker-compose/teleport/config/teleport.yml | 44 +++++++++++++++++++++ docker-compose/teleport/docker-compose.yml | 21 ++++++++++ docker-compose/teleport/teleport.yaml | 30 -------------- 4 files changed, 94 insertions(+), 31 deletions(-) create mode 100644 docker-compose/teleport/config/teleport.yml create mode 100644 docker-compose/teleport/docker-compose.yml delete mode 100644 docker-compose/teleport/teleport.yaml diff --git a/docker-compose/teleport/README..md b/docker-compose/teleport/README..md index 5a4c324..9f337c5 100644 --- a/docker-compose/teleport/README..md +++ b/docker-compose/teleport/README..md @@ -1 +1,29 @@ -TODO: #19 Insert teleport readme \ No newline at end of file +# Teleport Boilerplates + +//TODO Add Description + +Tested with teleport 10 + +## Deployment + +Copy the `docker-compose.yml`, and `config/teleport.yml` files into your project folder and start the container. + +## Configuration + +### Create a new user + +```bash + +``` + +## Best-Practices & Post-Installation + +### Enable passwordless + +To enable passwordless feature remove the **(Optional) Passwordless Authentication** statements from the `config/teleport.yml` file and re-start the container. + +### Get a trusted SSL cert from Letsencrypt + +To get a trusted SSL cert from Letsnecrypt remove the **(Optional) ACME** statements from the `config/teleport.yml` file and re-start the container. + +*Note, you need a public DNS Record that points to your-server-url.* \ No newline at end of file diff --git a/docker-compose/teleport/config/teleport.yml b/docker-compose/teleport/config/teleport.yml new file mode 100644 index 0000000..4f9b11d --- /dev/null +++ b/docker-compose/teleport/config/teleport.yml @@ -0,0 +1,44 @@ +version: v2 +teleport: + nodename: your-server-name + data_dir: /var/lib/teleport + log: + output: stderr + severity: INFO + format: + output: text + ca_pin: "" + diag_addr: "" +auth_service: + enabled: "yes" + listen_addr: 0.0.0.0:3025 + proxy_listener_mode: multiplex + cluster_name: your-server-url + # --- + # (Optional) Passwordless Authentication + # authentication: + # type: local + # second_factor: on + # webauthn: + # rp_id: your-server-url + # connector_name: passwordless + # --- +ssh_service: + enabled: "yes" + commands: + - name: hostname + command: [hostname] + period: 1m0s +proxy_service: + enabled: "yes" + web_listen_addr: 0.0.0.0:443 + public_addr: your-server-url + https_keypairs: [] + acme: {} + # --- + # (Optional) ACME + # acme: + # enabled: "yes" + # email: your-email-address + # --- + diff --git a/docker-compose/teleport/docker-compose.yml b/docker-compose/teleport/docker-compose.yml new file mode 100644 index 0000000..ceda2de --- /dev/null +++ b/docker-compose/teleport/docker-compose.yml @@ -0,0 +1,21 @@ +version: '3' + +volumes: + teleport-data: + +services: + + teleport: + image: quay.io/gravitational/teleport:10.0.2 + user: 1000:1000 + container_name: teleport + entrypoint: /bin/sh + command: -c "/usr/bin/dumb-init teleport start -d -c /etc/teleport/teleport.yml" + ports: + - "3023:3023" + - "3024:3024" + - "3025:3025" + - "443:443" + volumes: + - .config:/etc/teleport + - teleport-data:/var/lib/teleport diff --git a/docker-compose/teleport/teleport.yaml b/docker-compose/teleport/teleport.yaml deleted file mode 100644 index 2c7a788..0000000 --- a/docker-compose/teleport/teleport.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -version: '2' - -services: - - configure: - image: quay.io/gravitational/teleport:4.3 - container_name: teleport-configure - entrypoint: /bin/sh - hostname: dev.the-digital-life.com - command: -c "if [ ! -f /etc/teleport/teleport.yaml ]; then teleport configure > /etc/teleport/teleport.yaml; fi" - volumes: - - ./teleport/config:/etc/teleport - - teleport: - image: quay.io/gravitational/teleport:4.3 - container_name: teleport - entrypoint: /bin/sh - hostname: dev.the-digital-life.com - command: -c "sleep 1 && /bin/dumb-init teleport start -c /etc/teleport/teleport.yaml" - ports: - - "3023:3023" - - "3024:3024" - - "3025:3025" - - "3080:3080" - volumes: - - ./teleport/config:/etc/teleport - - ./teleport/data:/var/lib/teleport - depends_on: - - configure \ No newline at end of file