Maison/samba-api/docker-compose-https.yml

version: '3.8'

services:
  samba-api:
    build: .
    ports:
      - "8000:8000"   # HTTP port (for internal use)
      - "8443:8443"   # HTTPS port (direct access)
    environment:
      - DEBUG=true
      - HOST=0.0.0.0
      - PORT=8000
      - HTTPS_PORT=8443
      - USE_HTTPS=true
      - SECRET_KEY=your-secret-key-change-in-production
      - SAMBA_DOMAIN=example.com
      - SAMBA_DC=samba-dc
      - SAMBA_ADMIN_USER=Administrator
      - SAMBA_ADMIN_PASSWORD=Admin123!@#
      - SAMBA_BASE_DN=DC=example,DC=com
      - LDAP_SERVER=ldap://samba-dc:389
      - LDAP_BIND_DN=Administrator@example.com
      - LDAP_BIND_PASSWORD=Admin123!@#
    depends_on:
      - samba-dc
    networks:
      - samba-network
    volumes:
      - ./logs:/app/logs
    restart: unless-stopped

  # Optional: Nginx reverse proxy for production HTTPS
  nginx-ssl:
    image: nginx:alpine
    ports:
      - "443:443"     # HTTPS
      - "80:80"       # HTTP (redirects to HTTPS)
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./ssl:/etc/nginx/ssl:ro
    depends_on:
      - samba-api
    networks:
      - samba-network
    restart: unless-stopped
    profiles:
      - production  # Only start with: docker-compose --profile production up

  samba-dc:
    image: hexah/samba-dc:4.22.3-05
    container_name: samba-dc
    hostname: dc01
    environment:
      - DOMAIN=example.com
      - DOMAINPASS=Admin123!@#
      - DNSFORWARDER=8.8.8.8
      - HOSTIP=172.20.0.2
    ports:
      - "5353:53"
      - "5353:53/udp"
      - "8088:88"
      - "8088:88/udp"
      - "8135:135"
      - "8137:137/udp"
      - "8138:138/udp"
      - "8139:139"
      - "8389:389"
      - "8389:389/udp"
      - "8445:445"
      - "8464:464"
      - "8464:464/udp"
      - "8636:636"
      - "9024:1024"
      - "9268:3268"
      - "9269:3269"
    networks:
      samba-network:
        ipv4_address: 172.20.0.2
    volumes:
      - samba-data:/var/lib/samba
      - samba-config:/etc/samba
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    devices:
      - "/dev/net/tun:/dev/net/tun"
    privileged: true

networks:
  samba-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

volumes:
  samba-data:
  samba-config: