Skip to content

Dockerized GLPI

This docker container contains GLPI and is intended to be production ready and requires minimal configuration to use.

Info

TLDR The docker container is available on dockerhub. docker pull nofusscomputing/docker-glpi:dev

This container is designed to be ephemeral with all data residing within docker volumes. Outside of this container, the only reqirements is hard disk space and a MySQL/MariaDB database.

Features

To see a full list of changes/features see the changelog.

  • Data Volumes for (relative paths are for glpi www root, /var/www/html)

    • config/

    • data/

    • files/

    • plugins/

    • marketplace/

    • /var/log/

  • Inventory endpoints only available with use of feature flag

  • Container health check reports for all services (apache, cron, supervisord)

  • GLPI cron script scheduled within container cron. See notes below.

  • GLPI WWW root setup under public/

Cron

Cron is installed as part of the image and runs automagically on container start. GLPI cron script is also scheduled to run every minute. However for GLPI to use the CLI cron, you must configure it.

Once GLPI has been setup and configured:

  1. navigate to Setup -> Automatic Actions

  2. select all items in the list

  3. click the Actions button

  4. select Update

  5. select Run Mode

  6. select CLI

  7. click Submit

Now GLPI will use the CLI cron script to run automagic actions.

Inventory

It is posssible to use the inventory features available within GLPI, however by default access to the endpoints is disabled and behind a feature flag.The image by default will return HTTP/404 for the following paths:

  • plugins/fusioninventory/ fusioninventory

  • front/inventory.php Native (non-GlpiInventory plugin)

  • marketplace/glpiinventory/ GlpiInventory plugin (Marketplace installed)

  • plugins/glpiinventory/ GlpiInventory plugin (plugin folder installed)

To enable an inventory endpoint, using the values above, set environmental variable GLPI_INVENTORY_PATH when launching the container. i.e. to use GLPI native inventory GLPI_INVENTORY_PATH=front/inventory.php. on launching the container with this variable set, that endpoint is available for use for the inventory feature of GLPI.

Tip

when using either marketplace/glpiinventory/ or plugins/glpiinventory/ as the inventory path you are required to prepend index.php to the end of the server directive in agent.cfg. i.e. server = https://my-glpi-server/plugins/glpiinventory/index.php

Warning

It is strongly advised that when using the inventory features of GLPI, that the endpoints be configured for client authentication.

Client Authentication

Due to the limitations of the inventory agents, mTLS is not available so HTTP Basic Authentication is configurable. by default, when you set the environmental variable GLPI_INVENTORY_PATH HTTP basic auth is enabled by default. To configure the users follow these steps:

  1. run command from within the container htpasswd -c /apache-passwd-glpi-inventory {Username to create}

  2. enter the password and confirm when prompted

  3. configure the user and password entries in the agent.cfg file.

Tip

Ensure you limit the permissions on the agent.cfg file as it contains a password in clear text. Only the user the agent is run as requires access and you are encouraged to limit to that user only.

Warning

HTTP Basic authentication is inherently insecure. to overcome this shortfall, ONLY use HTTP Basic Auth over a secure connection (https).

Running the container

To quickly setup a container the following docker-compose.yaml file could be used.

docker-compose.yaml
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
version: "3.2"

services:


  mariadb:
    image: mariadb:latest
    container_name: mariadb
    hostname: mariadb
    volumes:
      - /opt/mysql/mysql:/var/lib/mysql
    environment:
      - MARIADB_ROOT_PASSWORD=********
      - MARIADB_DATABASE=glpi
      - MARIADB_USER=********
      - MARIADB_PASSWORD=********
    restart: always


  ingress:
    image: nginx:latest-alpine
    container_name : ingress
    hostname: ingress
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /opt/ingress/conf.d:/etc/nginx/conf.d:ro
      - /opt/ingress/http:/http:ro
      - /opt/ingress/ssl:/ssl:ro
    environment:
      - TIMEZONE=UTC
    restart: always
    networks:
      - ingress
      - default


  glpi:
    image: nofusscomputing/docker-glpi:dev
    container_name : glpi
    hostname: glpi
    ports:
      - "80:80"
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - /opt/glpi/plugins:/var/www/html/plugins
      - /opt/glpi/files:/var/www/html/files
      - /opt/glpi/config:/var/www/html/config
      - /opt/glpi/marketplace:/var/www/html/marketplace
    environment:
      - TIMEZONE=UTC
      - GLPI_INVENTORY_PATH=/plugins/glpiinventory/
    restart: always
    networks:
      - default


volumes:
  data_mysql:


networks:
  default:
    external: no
  ingress:
    external: yes

About:

This page forms part of our Project Docker GLPI.

Page Metadata
Version: ToDo: place files short git commit here
Date Created: 2023-08-29
Date Edited: 2023-08-29

Contribution:

Would You like to contribute to our Docker GLPI project? You can assist in the following ways:

 

ToDo: Add the page list of contributors