pierrecdn / phpipam Goto Github PK
View Code? Open in Web Editor NEWphpIPAM Docker image
License: GNU Lesser General Public License v3.0
phpIPAM Docker image
License: GNU Lesser General Public License v3.0
/bin/ping
seems to lack the setuid bit:
docker run -ti --rm pierrecdn/phpipam:1.3.2 ls -l /bin/ping
-rwxr-xr-x 1 root root 61240 Nov 10 2016 /bin/ping
which results in ping: socket: Operation not permitted
when pinging using www-data
user
Strangely enough, barely installing iputils-ping in php:7.2-apache image makes /bin/ping
setuid-ed and I cannot quickly find something in your code that changes this behaviour.
Can you make /bin/ping
setuid-ed ?
Do you plan to include a discoveryCheck cron in the container?
I have configured this container to run on a private network; port 80 is already in use on the host and I would prefer to have it on a private net anyway. I'm pretty sure I have the docker compose YAML configured right, but setup complains that the phpipam user is denied access.
docker-compose.yml follows:
ipam:
image: pierrecdn/phpipam
container_name: phpipam
ports:
- 29030:80
environment:
- MYSQL_ENV_MYSQL_ROOT_PASSWORD=${MYSQLPASSWORD}
links:
- phpipam-mysql:mysql
restart:
always
phpipam-mysql:
image: mysql:5.6
container_name: phpipam-mysql
environment:
- MYSQL_ROOT_PASSWORD=${MYSQLPASSWORD}
volumes:
- /opt/appdata/phpipam:/var/lib/mysql
restart:
always
It looks like the link to the MySQL container doesn't work completely; the container attempts to connect to the wrong IP:
Database error: Could not connect to database! SQLSTATE[HY000] [1045] Access denied for user 'phpipam'@'172.18.0.5' (using password: YES).
Note that 172.18.0.5 is the IP of the phpipam container - the MySQL container has no internal IP. The password is defined in an environment file and there are other containers using variables from that file
Suggestions welcome (and I hope this formatting works).
Hi - I specified the MySQL instance using the environment variable "MYSQL_ENV_MYSQL_HOST". However, it seems that the container does not use this because I receive the following error.
Could not connect to database! SQLSTATE[HY000] [1045] Access denied for user 'phpipam_user'@'phpipam.br0.10' (using password: NO)
The environment variable for the user is correct, though, but "phpipam.br0.10" should be the mysql container and not the phpipam container it's currently trying to connect to.
Using the instructions to spin up a MySQL docker image, then linking the PHPIPAM docker image to it, the install URL is not accessible from http://<ip>[:<specific_port>]/install/
. Forbidden: don't have permission. When browsing to the direct URL of the install.php file http://<ip>[:<specific_port>]/install/index.php
, am presented with a Mod_rewrite error.
NGINX not running as a container but on same machine as docker.
When I connect directly via http://site.com:8080/
it works fine.
When connecting through NGINX it fails, note it is https to the reverse proxy forwarding to http.
I have several other similar applications running as docker containers in this exact same configuration that work fine. Any thoughts on what the issue might be?
docker-compose config:
version: '2'
services:
mysql:
image: mysql:5.6
environment:
- MYSQL_ROOT_PASSWORD=xxxxx
restart: always
volumes:
- db_data:/var/lib/mysql
ipam:
depends_on:
- mysql
image: pierrecdn/phpipam
environment:
- MYSQL_ENV_MYSQL_ROOT_PASSWORD=xxxxx
ports:
- "8080:80"
volumes:
db_data:
NGINX Config snippet
server {
listen 443 ssl;
server_name kb1.xxxx.com;
ssl_certificate /etc/ssl/certs/wxxxx.crt;
ssl_certificate_key /etc/ssl/certs/wxxx.key;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_set_header X-Real-IP $remote_addr;
add_header X-Frame-Option ALLOWALL;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Thank-you!
Is it possible? "I get GoogleAuthenticator submodule missing." error
container doesn"t work.
When I go http://[:<specific_port>]/
I got error 302 and ... nothing
10.72.253.3 - - [25/Sep/2015:06:43:40 +0000] "GET / HTTP/1.1" 302 634 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36"
10.72.253.3 - - [25/Sep/2015:06:43:40 +0000] "GET /?page=upgrade HTTP/1.1" 302 7110 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36"
10.72.253.3 - - [25/Sep/2015:06:43:40 +0000] "GET /?page=login HTTP/1.1" 302 7853 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.99 Safari/537.36"
Unless I'm missing it, which is quite possible, I don't see a way to edit he PHP.ini file for this to allow me to change things . From what I see, I need to edit it for the max_input_vars and bump it up to allow me to scan like a /22 with full hostnames.
Hi!
Please add a tested cron (for autodiscovery) support to the docker image.
We tried to install the cron and configure the autodiscovery and checkping but it failed via cronjob (manual start via command line from container it worked)
Thanks
Tamas
Would it just be as simple as changing the dockerfile so that the phpIPAM version reads 1.4.2 instead of 1.4?
Would it be possible to add an optional environment variable to configure the BASE directive to the config.php file? https://phpipam.net/documents/prettified-links-with-mod_rewrite/
This would allow the container to stand behind a reverse proxy with a relative URL.
Hi
Attached Docker file installs extensions necessary for LDAP support (allowing AD authentication) and for multi-thread so that subnet scanning is possible. Also fixes the config.php file so that it goes to the correct place with the correct name.
Additionally, have changed the php.ini file so that it sets timezone as UTC.
Thanks for your work ๐
Docerfile is not working I have this error
Step 10/12 : RUN tar -xzf /tmp/${PHPIPAM_VERSION}.tar.gz -C ${WEB_REPO}/ --strip-components=1
---> Running in f74eb8a4abc5
tar (child): /tmp/1.2.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
The command '/bin/sh -c tar -xzf /tmp/${PHPIPAM_VERSION}.tar.gz -C ${WEB_REPO}/ --strip-components=1' returned a non-zero code: 2
Hi,
When a setup the snmp feature, I have this message : Missing snmp support in php
Do tou have some solution for me.
G.
This looks great, came right up with compose.
What is the strategy for local parameters in config.php? Do you have an environment variable to point to a local config.php?
Unable to upload new logo because permissions are wrong in container
Hey,
awesome, running was a breeze. How are the cron jobs (Alive Check/ Discovery Check) handled?
I might be mistaken, but I only seen apache processes in the container.
-Chris.
Hello,
Is it possible to add inside the Docker File Timezone configuration as there is some logs it will be interesting.
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ /etc/timezone
As there is some logs it will be interesting.
I am using docker compose so we could add inside into the docker compose a environnement variable :
ENV TZ=Europe/Paris
Regards,
The ability to add SRV records was recently added to phpipam here any chance this image could be updated to include this?
When I put in the address of the computer running the docker of PHPIPAM, nothing shows up in the browser. The output of Docker is:
192.168.1.6 - - [20/Apr/2017:07:31:07 +0000] "GET /?page=login HTTP/1.1" 302 786
4 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ch
rome/57.0.2987.133 Safari/537.36"
But nothing shows up on screen with Firefox or Chrome.
The actual line that the Dockerfile replaces is not $db['host'] = 'localhost' but rather $db['host'] = '127.0.0.1'; so Dockerfile line 66 fails in setting the variable to 'getenv("MYSQL_ENV_MYSQL_HOST")'
Regarding issue : phpipam/phpipam#2290
Unless specified otherwise, phpipam injects a standard user/password for later database access once the initial injection is done.
This results in impossibility to connect as the default host for the connection is localhost
, which prevents phpipam container to connect to the database.
The reference to --link
should be modified as --link
is a deprecated feature .
$ docker run -ti -d -p 80:80 -e MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw --name ipam --link phpipam-mysql:mysql pierrecdn/phpipam
Warning: The --link flag is a legacy feature of Docker. It may eventually be removed. Unless you absolutely need to continue using it, we recommend that you use user-defined networks to facilitate communication between two containers instead of using --link. One feature that user-defined networks do not support that you can do with --link is sharing environment variables between containers. However, you can use other mechanisms such as volumes to share environment variables between containers in a more controlled way.
``` - https://docs.docker.com/network/links/
This feature has already been removed from stable builds of `podman` ... will endeavour to propose a solution shortly. For search purposes the following error is observed;
Error: unknown flag: --link
Initial installation fails and doesn't create a database to get to login screen.
Unless I am missing something in the setup guide, I had to do the following to work around.
Change docker run for mysql to --name mysql not phpipam-mysql.
docker run --name mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -v /my_dir/phpipam:/var/lib/mysql -d mysql:5.6
Change ipam run for the link to mysql
docker run -ti -d -p 80:80 -e MYSQL_ENV_MYSQL_PASSWORD=my-secret-pw --name ipam --link mysql:mysql pierrecdn/phpipam
This allowed the initial installation to go right to the login in screen. I couldn't find the default password in the setup guide, so I went to:
localhost/?page=install
Recreated the DB, and assigned a new admin password. Is this right or did I miss something in the initial guide?
Not really sure that's a phpipam issue or a container issue.
ping is working fine from inside the container, so it's not a networking issue.
When I run a discovery on my network, it returns "No alive host found!".
If I manually run php functions/scripts/pingCheck.php
then the web interface is updated with the result without issues.
I'm not sure if that's a privilege issue with www-data
or some bug in php-ipam.
db connect is not working when using this docker-compose. After enterning credentials for automatic installation the following errors are shown:
Database error: Could not connect to database! SQLSTATE[HY000] [1045] Access denied for user 'root'@'172.22.0.4' (using password: NO)
Error: Could not connect to database! SQLSTATE[HY000] [1045] Access denied for user 'root'@'172.22.0.4' (using password: NO)
DB and tables are going to be created, but app container is trying to connect to his own ip.
docker-composer file:
version: '2'
services:
phpipam-mysql:
image: mysql:5.6
container_name: phpipam-mysql
environment:
- MYSQL_ROOT_PASSWORD=Password1
volumes:
- /usr/local/phpipam/ipam-mysql:/var/lib/mysql
phpipam:
image: pierrecdn/phpipam
container_name: phpipam
environment:
- MYSQL_ROOT_PASSWORD=Password1
links:
- phpipam-mysql:mysql
ports:
- 80:80
It looks like composer version 2 or higher is not editing /etc/hosts anymore. Maybe this is the root cause.
possible to set a TZ variable in the container? I noticed it is set to UTC, but would be nice to have ability to change this.
Thanks again for the great container and quick support.
Thanks for pierrecdn. i want to change to chinese language. in "Hi, phpIPAM Admin",i select to chinese, and in "phpIPAM Server settings",i set default language to chinese, in "User management",i select Chinese,but ,it's no effect. always english.
some informations:
CentOS Linux release 7.5.1804 (Core)
Docker version 18.06.1-ce, build e68fc7a
pierrecdn/phpipam latest
mysql 5.6
thanks.
"Please configure config.php $gmaps_api_key to enable."
It would be great if a variable could be added to the container to alter the google maps API key from the container configuration.
When trying to run any ping scan from the local agent, I get a JSON error.
"Invalid JSON response - JSON_ERROR_SYNTAX"
I don't have an explanation, but I ran into an issue where all other variables were properly inserted, but host was still set to :
$db['host'] = '127.0.0.1';
Manually running
sed -i -e "s/\['host'\] = '127.0.0.1'/\['host'\] = getenv(\"MYSQL_ENV_MYSQL_HOST\") ?: \"mysql\"/" config.php
from within the running container fixed the issue ๐คทโโ๏ธ
The default docker-compose
example doesn't seem to work.
I run this:
$ cat docker-compose.yml
---
version: '2'
services:
mysql:
image: mysql:5.6
environment:
- MYSQL_ROOT_PASSWORD=my-secret-pw
restart: always
volumes:
- db_data:/var/lib/mysql
ipam:
depends_on:
- mysql
image: pierrecdn/phpipam
environment:
- MYSQL_ENV_MYSQL_USER=root
- MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw
- MYSQL_ENV_MYSQL_HOST=mysql
ports:
- "8088:80"
volumes:
db_data:
$ docker-compose up
Starting ipam_mysql_1 ... done
Starting ipam_ipam_1 ... done
Attaching to ipam_mysql_1, ipam_ipam_1
ipam_1 | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.32.3. Set the 'ServerName' directive globally to suppress this message
ipam_1 | AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.32.3. Set the 'ServerName' directive globally to suppress this message
ipam_1 | [Fri May 03 14:31:05.228124 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) configured -- resuming normal operations
ipam_1 | [Fri May 03 14:31:05.228182 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'
mysql_1 | 2019-05-03 14:31:05 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
mysql_1 | 2019-05-03 14:31:05 0 [Note] mysqld (mysqld 5.6.44) starting as process 1 ...
mysql_1 | 2019-05-03 14:31:05 1 [Note] Plugin 'FEDERATED' is disabled.
[ ... ]
It is impossible to set Prettify links to yes. Probably problem is on apache rewrite.
without Prettify links racks was not display (image of the racks)
becouse the link to generate it is:
/app/tools/racks/draw_rack.php?rackId=2
I assume that the Prettify links must be turn on
Hi,
That so easy to user many thank !!!
When a use for export / import data whith file, I have a error message.
Upload directory is not writable or do not exist.
do you have some solutions ?
G.
I am attempting to run this in a podman pod but the port is not being exposed. Below is the commands I am using to setup the pod
podman run -dt --pod new:phpipam --name phpipam-mysql -p 8080:80 -e MYSQL_ROOT_PASSWORD=password -v /opt/phpipam:/var/lib/mysql -d docker.io/library/mysql:5.6
podman run -dt --pod phpipam -ti -d -e MYSQL_ENV_MYSQL_ROOT_PASSWORD=password docker.io/pierrecdn/phpipam:latest
When both containers are up and running in the pod I cannot access phpipam on port 8080
1.4.5 was recebtly released with several crytical security fixes. Thanks!
I see that all recommendations for auto discovery rely on cron. How does this get implemented in Docker?
enable-gd-native-ttf
is removed in PHP 7.2. Build fails.
https://github.com/pierrecdn/phpipam/blob/master/Dockerfile#L29
i have a Server(CentOS Linux release 7.5.1804 (Core),3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux),Docker version 18.09.0, build 4d60db4 and phpIPAM IP address management [v1.3.2]. it's works. i select "Bandwidth calculator",it's wrong.
Oops! Something went wrong!
Provided http error code is: 400: Bad Request.
i cant find logs. any can help me. thanks.
https://i.bmp.ovh/imgs/2018/12/ac34273220b9e9ab.png
In this docker image, unable to use Radius Authentication because missing php-ipam
.
I installed php7.4-radius
via apt but I think this is not correct way for this docker image.
Could you add support for Radius Authentication?
Hello,
I have a probleme when i build image on raspberry.
I have this error:
configure: error: Cannot find ldap libraries in /usr/lib/x86_64-linux-gnu.
Removing intermediate container 98783f8dc2c0
The command '/bin/sh -c docker-php-ext-configure mysqli --with-mysqli=mysqlnd && docker-php-ext-install mysqli && docker-php-ext-configure gd --with-freetype-dir=/usr/include/freetype2 --with-png-dir=/usr/include --with-jpeg-dir=/usr/include && docker-php-ext-install gd && docker-php-ext-install curl && docker-php-ext-install json && docker-php-ext-install snmp && docker-php-ext-install sockets && docker-php-ext-install pdo_mysql && docker-php-ext-install gettext && ln -s /usr/include/x86_64-linux-gnu/gmp.h /usr/include/gmp.h && docker-php-ext-configure gmp --with-gmp=/usr/include/x86_64-linux-gnu && docker-php-ext-install gmp && docker-php-ext-install pcntl && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu && docker-php-ext-install ldap && pecl install mcrypt-1.0.1 && docker-php-ext-enable mcrypt && echo ". /etc/environment" >> /etc/apache2/envvars && a2enmod rewrite' returned a non-zero code: 1
Can you help me with this problem or publish an image for ARM ?
Thanks a lot.
Currently the MYSQL environment variables cover almost all the options, except for customising the DB name.
$db['name'] = 'phpipam';
Can you please make it so we can customise that with environment variables as well.
Thanks
hello,
I know it's not ideal as security is really important but do you think is it possible to setup to add an environment variable to run the API without SSL, I'm getting this message whilst trying to enable API access:
API server requires SSL. Please set $api_allow_unsafe in config.php to override
thanks and congrat for the contribution.
is possible to set some crontab into this container?
some crontab like pingcheck functions/scripts/pingCheck.php
This:
ipam:
image: pierrecdn/phpipam
ports:
- "80:80"
links:
- phpipam-mysql
phpipam-mysql:
image: mysql:5.6
environment:
- MYSQL_ROOT_PASSWORD=my-secret-pw
volumes:
- /my_dir/phpipam:/var/lib/mysql
Creates an environment that looks like this:
PHPIPAM_PHPIPAM_MYSQL_1_ENV_MYSQL_MAJOR=5.6
PHPIPAM_PHPIPAM_MYSQL_1_PORT_3306_TCP=tcp://172.17.0.3:3306
PHPIPAM_MYSQL_1_ENV_MYSQL_MAJOR=5.6
PHPIPAM_MYSQL_1_PORT_3306_TCP=tcp://172.17.0.3:3306
HOSTNAME=da87c9c27341
PHPIPAM_MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw
PHPIPAM_SOURCE=https://github.com/phpipam/phpipam/archive/
PHP_INI_DIR=/usr/local/etc/php
PHPIPAM_PHPIPAM_MYSQL_1_PORT_3306_TCP_PROTO=tcp
PHPIPAM_MYSQL_1_PORT_3306_TCP_PROTO=tcp
PHPIPAM_PHPIPAM_MYSQL_1_PORT_3306_TCP_PORT=3306
PHPIPAM_MYSQL_1_PORT_3306_TCP_PORT=3306
PHPIPAM_PHPIPAM_MYSQL_1_ENV_MYSQL_VERSION=5.6.30-1debian8
PHPIPAM_MYSQL_1_ENV_MYSQL_VERSION=5.6.30-1debian8
PHPIPAM_MYSQL_PORT_3306_TCP_PORT=3306
PHPIPAM_MYSQL_PORT_3306_TCP=tcp://172.17.0.3:3306
PHPIPAM_PHPIPAM_MYSQL_1_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw
PHPIPAM_MYSQL_1_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw
PHPIPAM_VERSION=1.16.003
PHPIPAM_MYSQL_ENV_MYSQL_VERSION=5.6.30-1debian8
SHLVL=1
HOME=/root
PHPIPAM_MYSQL_NAME=/phpipam_ipam_1/phpipam-mysql
PHPIPAM_MYSQL_PORT_3306_TCP_PROTO=tcp
PHPIPAM_MYSQL_PORT_3306_TCP_ADDR=172.17.0.3
PHPIPAM_PHPIPAM_MYSQL_1_PORT=tcp://172.17.0.3:3306
PHPIPAM_MYSQL_1_PORT=tcp://172.17.0.3:3306
PHP_EXTRA_BUILD_DEPS=apache2-dev
PHPIPAM_PHPIPAM_MYSQL_1_NAME=/phpipam_ipam_1/phpipam_phpipam-mysql_1
PHPIPAM_MYSQL_1_NAME=/phpipam_ipam_1/phpipam-mysql_1
PHPIPAM_PHPIPAM_MYSQL_1_PORT_3306_TCP_ADDR=172.17.0.3
PHPIPAM_MYSQL_1_PORT_3306_TCP_ADDR=172.17.0.3
PHPIPAM_MYSQL_ENV_MYSQL_MAJOR=5.6
PHPIPAM_MYSQL_PORT=tcp://172.17.0.3:3306
The problem is that the HOSTNAME isn't going to be correct. It's hardcoded as "mysql" but it'll be phpipam-mysql because of the way container linking works. The MYSQL_ENV_MYSQL_ROOT_PASSWORD variable also isn't right. It seems the right way to go about it is to figure out how to derive the linked container name and never hardcode it.
If you can loop through environmental attributes you could look for
(.*)_(.*)_ENV_MYSQL_ROOT_PASSWORD
and it should give you the name of both sides of your links. I imagine there is a more dockery way to do this, but I'm a newbie.. I was only able to identify that there was a problem, I couldn't come up with a good fix for it. :)
docker compose instructions say:
ipam:
depends_on:
- mysql
image: pierrecdn/phpipam
environment:
- MYSQL_ENV_MYSQL_USER=root
- MYSQL_ENV_MYSQL_PASSWORD=my-secret-pw
- MYSQL_ENV_MYSQL_HOST=mysql
but in latest docker phpipam image config.php it is
$db['pass'] = getenv("MYSQL_ENV_MYSQL_ROOT_PASSWORD");
you can not use SSL on LDAP with this image.
For this to work, you must export the ROOT certificate in base 64 and paste it in /usr/local/share/ca-certificates then run the command: update-ca-certificates
Would it be possible to modify the image?
Thx
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.