Add Docker deployment: docker/ directory, Dockerfiles, init scripts and .env-driven configuration#643
Add Docker deployment: docker/ directory, Dockerfiles, init scripts and .env-driven configuration#643tomasecastro wants to merge 6 commits intolirantal:masterfrom
Conversation
…nd .env-driven configuration
Summary
- Add a docker/ directory with Dockerfiles and adjusted init scripts to run daloRADIUS + FreeRADIUS + MariaDB in Docker.
- Add docker-compose.yml to orchestrate services (radius-mysql, radius, radius-web).
- Make all DB credentials, RADIUS client secret, timezone and related settings configurable through .env.
- Fix permissions and log directory handling so FreeRADIUS can write radacct/log files inside the container.
- Provide migration/import guidance for NAS rows from an existing FreeRADIUS DB.
What changed
- Added: docker/ (contains Dockerfiles for freeradius and daloradius, init scripts for DB and server)
- Added: docker-compose.yml
- Added: example .env (used by compose and init scripts)
- Modified: daloRADIUS Dockerfile to work within the docker/ layout and honor .env values
- Adjusted init scripts to read environment variables (MYSQL_*, DEFAULT_CLIENT_SECRET, TZ, etc.) and to create required dirs with correct ownership (freerad:freerad)
Configuration (important)
- All secrets and environment values are driven by .env:
- MYSQL_HOST, MYSQL_PORT, MYSQL_DATABASE, MYSQL_USER, MYSQL_PASSWORD, MYSQL_ROOT_PASSWORD
- DEFAULT_CLIENT_SECRET, DEFAULT_FREERADIUS_SERVER, TZ
- MAIL_SMTPADDR, MAIL_PORT, MAIL_FROM, MAIL_AUTH
- Defaults in .env are placeholders; replace before production.
Migration notes
- To migrate NAS rows from an existing RADIUS DB:
1. Dump only the nas table from source: mysqldump --no-create-info --skip-lock-tables ... nas > nas_data.sql
2. Convert INSERTs to REPLACE (avoid PK conflicts): sed -E 's/INSERT INTO `nas`/REPLACE INTO `nas`/g' nas_data.sql > nas_replace.sql
3. Import to target: docker exec -i radius-mysql mysql -u${MYSQL_USER} -p"${MYSQL_PASSWORD}" ${MYSQL_DATABASE} < nas_replace.sql
4. Ensure each nas.secret matches the shared secret configured on your NAS devices.
5. Restart FreeRADIUS: docker-compose restart radius
How to test
1. Copy a .env into the project root with proper values.
2. docker-compose build
3. docker-compose up -d
4. Verify FreeRADIUS reads clients from SQL (read_clients = yes in mods-available/sql) and that nas.secret values match routers.
5. Monitor logs: docker logs -f radius | grep -E "Ignoring request|unknown client|radacct|Permission denied"
6. For debug, stop background freeradius and run freeradius -X inside the container.
Security & notes
- Do not store production secrets in public repos.
- Default example secrets are placeholders; replace them.
- On Windows hosts prefer named Docker volumes for /var/log/freeradius to avoid host-bind permission issues.
Files of interest
- docker/ (new)
- docker/freeradius/Dockerfile (Freeradius build and init)
- docker/daloradius/Dockerfile (web UI build)
- docker/init-db-*.sh (DB/init helpers adjusted to Docker paths)
- docker/init-freeradius.sh (creates DB schema, enables sql module, sets read_clients=yes)
- docker-compose.yml (new)
- .env (new/example)
Request
- Please review Dockerfiles and init scripts for security and style.
- Merge if acceptable; I can follow-up with tests or adjust variable names if you prefer different defaults.
PR Compliance Guide 🔍Below is a summary of compliance checks for this PR:
Compliance status legend🟢 - Fully Compliant🟡 - Partial Compliant 🔴 - Not Compliant ⚪ - Requires Further Human Verification 🏷️ - Compliance label |
|||||||||||||||||||||||||||||
PR Code Suggestions ✨Explore these optional code suggestions:
|
||||||||||||||||||||||
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive Docker deployment support for daloRADIUS, enabling containerized deployment of the complete stack (FreeRADIUS, daloRADIUS web UI, and MariaDB) with environment-driven configuration.
Key Changes:
- Docker orchestration via docker-compose.yml with three services (radius-mysql, radius, radius-web)
- Environment-based configuration through .env file for all database credentials, RADIUS secrets, and mail settings
- Automated initialization scripts for database schema creation and FreeRADIUS configuration
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 23 comments.
Show a summary per file
| File | Description |
|---|---|
| docker-compose.yml | Orchestrates three services with environment variable interpolation from .env; updated to use docker/ subdirectory structure |
| .env | Centralized environment configuration for MySQL credentials, RADIUS secrets, timezone, and mail settings |
| docker/freeradius/Dockerfile-freeradius | FreeRADIUS container build based on official freeradius-server image with required utilities |
| docker/freeradius/init-freeradius.sh | Initialization script that configures FreeRADIUS SQL modules, creates database schema, and manages container startup |
| docker/daloradius/Dockerfile | daloRADIUS web UI container based on Debian 13 with Apache and PHP 8 |
| docker/daloradius/init.sh | Initialization script for daloRADIUS configuration and database setup |
| Dockerfile | Updated log file path from /tmp to /var/log/freeradius for consistency with Docker deployment |
Critical Issues Found:
- Dockerfile path case mismatches in docker-compose.yml will cause build failures on Linux
- .env file with production credentials should not be committed to version control
- Several shell script issues with sed delimiter handling and exit code capture
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # docker environment overrides | ||
| # Timezone (set to your preferred TZ) | ||
| TZ=Europe/Madrid | ||
|
|
||
| # MariaDB settings (change as needed) | ||
| MYSQL_HOST=radius-mysql | ||
| MYSQL_PORT=3306 | ||
| MYSQL_DATABASE=radius | ||
| MYSQL_USER=radius | ||
| MYSQL_PASSWORD=radiusdbpw | ||
| MYSQL_ROOT_PASSWORD=radiusrootdbpw | ||
|
|
||
| # daloRADIUS optional settings | ||
| DEFAULT_CLIENT_SECRET=testing123 | ||
| DEFAULT_FREERADIUS_SERVER=radius | ||
| MAIL_SMTPADDR=127.0.0.1 | ||
| MAIL_PORT=25 | ||
| MAIL_FROM=root@daloradius.xdsl.by | ||
| MAIL_AUTH= No newline at end of file |
There was a problem hiding this comment.
The .env file contains weak default credentials ('radiusdbpw', 'radiusrootdbpw', 'testing123') and should not be committed to version control with these values. Consider renaming this to '.env.example' and adding '.env' to .gitignore to prevent accidental commits of production credentials.
| build: | ||
| context: . | ||
| dockerfile: Dockerfile-freeradius | ||
| dockerfile: docker/freeradius/dockerfile-freeradius |
There was a problem hiding this comment.
The dockerfile path uses lowercase 'dockerfile-freeradius' but should use consistent casing. Docker is case-sensitive on Linux systems, and this could cause build failures if the actual filename uses different casing.
| dockerfile: docker/freeradius/dockerfile-freeradius | |
| dockerfile: docker/freeradius/Dockerfile-freeradius |
| radius-mysql: | ||
| image: mariadb:10 | ||
| container_name: radius-mysql | ||
| restart: unless-stopped |
There was a problem hiding this comment.
Exposing MySQL port 3306 to the host could be a security risk in production environments. Consider removing this port mapping or adding a comment warning that it should be removed in production deployments.
| restart: unless-stopped | |
| restart: unless-stopped | |
| # WARNING: Exposes MySQL to the host for local development only. | |
| # Remove this port mapping in production deployments. |
| sed -i "s/\$configValues\['CONFIG_DB_HOST'\] = .*;/\$configValues\['CONFIG_DB_HOST'\] = '$MYSQL_HOST';/" $DALORADIUS_CONF_PATH | ||
| sed -i "s/\$configValues\['CONFIG_DB_PORT'\] = .*;/\$configValues\['CONFIG_DB_PORT'\] = '$MYSQL_PORT';/" $DALORADIUS_CONF_PATH | ||
| sed -i "s/\$configValues\['CONFIG_DB_PASS'\] = .*;/\$configValues\['CONFIG_DB_PASS'\] = '$MYSQL_PASSWORD';/" $DALORADIUS_CONF_PATH | ||
| sed -i "s/\$configValues\['CONFIG_DB_USER'\] = .*;/\$configValues\['CONFIG_DB_USER'\] = '$MYSQL_USER';/" $DALORADIUS_CONF_PATH | ||
| sed -i "s/\$configValues\['CONFIG_DB_NAME'\] = .*;/\$configValues\['CONFIG_DB_NAME'\] = '$MYSQL_DATABASE';/" $DALORADIUS_CONF_PATH | ||
| sed -i "s/\$configValues\['FREERADIUS_VERSION'\] = .*;/\$configValues\['FREERADIUS_VERSION'\] = '3';/" $DALORADIUS_CONF_PATH | ||
| sed -i "s/\$configValues\['CONFIG_DB_PASSWORD_ENCRYPTION'\] = .*;/\$configValues\['CONFIG_DB_PASSWORD_ENCRYPTION'\] = 'no';/" $DALORADIUS_CONF_PATH | ||
| [ -n "$PASSWORD_MIN_LENGTH" ] && sed -i "s/\$configValues\['CONFIG_DB_PASSWORD_MIN_LENGTH'\] = .*;/\$configValues\['CONFIG_DB_PASSWORD_MIN_LENGTH'\] = '$PASSWORD_MIN_LENGTH';/" $DALORADIUS_CONF_PATH | ||
| [ -n "$PASSWORD_MAX_LENGTH" ] && sed -i "s/\$configValues\['CONFIG_DB_PASSWORD_MAX_LENGTH'\] = .*;/\$configValues\['CONFIG_DB_PASSWORD_MAX_LENGTH'\] = '$PASSWORD_MAX_LENGTH';/" $DALORADIUS_CONF_PATH | ||
|
|
||
| [ -n "$DEFAULT_FREERADIUS_SERVER" ] \ | ||
| && sed -i "s/\$configValues\['CONFIG_MAINT_TEST_USER_RADIUSSERVER'\] = .*;/\$configValues\['CONFIG_MAINT_TEST_USER_RADIUSSERVER'\] = '$DEFAULT_FREERADIUS_SERVER';/" $DALORADIUS_CONF_PATH \ | ||
| || sed -i "s/\$configValues\['CONFIG_MAINT_TEST_USER_RADIUSSERVER'\] = .*;/\$configValues\['CONFIG_MAINT_TEST_USER_RADIUSSERVER'\] = 'radius';/" $DALORADIUS_CONF_PATH | ||
| [ -n "$DEFAULT_FREERADIUS_PORT" ] && sed -i "s/\$configValues\['CONFIG_MAINT_TEST_USER_RADIUSPORT'\] = .*;/\$configValues\['CONFIG_MAINT_TEST_USER_RADIUSPORT'\] = '$DEFAULT_FREERADIUS_PORT';/" $DALORADIUS_CONF_PATH | ||
| [ -n "$DEFAULT_CLIENT_SECRET" ] && sed -i "s/\$configValues\['CONFIG_MAINT_TEST_USER_RADIUSSECRET'\] = .*;/\$configValues\['CONFIG_MAINT_TEST_USER_RADIUSSECRET'\] = '$DEFAULT_CLIENT_SECRET';/" $DALORADIUS_CONF_PATH | ||
|
|
||
| [ -n "$MAIL_SMTPADDR" ] && sed -i "s/\$configValues\['CONFIG_MAIL_SMTPADDR'\] = .*;/\$configValues\['CONFIG_MAIL_SMTPADDR'\] = '$MAIL_SMTPADDR';/" $DALORADIUS_CONF_PATH | ||
| [ -n "$MAIL_PORT" ] && sed -i "s/\$configValues\['CONFIG_MAIL_SMTPPORT'\] = .*;/\$configValues\['CONFIG_MAIL_SMTPPORT'\] = '$MAIL_PORT';/" $DALORADIUS_CONF_PATH | ||
| [ -n "$MAIL_FROM" ] && sed -i "s/\$configValues\['CONFIG_MAIL_SMTPFROM'\] = .*;/\$configValues\['CONFIG_MAIL_SMTPFROM'\] = '$MAIL_FROM';/" $DALORADIUS_CONF_PATH | ||
| [ -n "$MAIL_AUTH" ] && sed -i "s/\$configValues\['CONFIG_MAIL_SMTPAUTH'\] = .*;/\$configValues\['CONFIG_MAIL_SMTPAUTH'\] = '$MAIL_AUTH';/" $DALORADIUS_CONF_PATH |
There was a problem hiding this comment.
init_daloradius writes environment variables (e.g. MYSQL_HOST, MYSQL_PASSWORD, mail settings, RADIUS secrets) directly into daloradius.conf.php using sed without escaping, so a value containing quotes or PHP metacharacters can break out of the string literal and inject arbitrary PHP code. If an attacker can influence any of these environment variables or the .env file (for example via misconfigured deployment tooling or compromised CI), they can achieve remote code execution as the web server user when the config file is loaded. Use a safer templating mechanism or ensure all values are properly escaped for PHP string context before being substituted into the configuration file.
| mysql -h "$MYSQL_HOST" --skip-ssl -u root -p"$MYSQL_ROOT_PASSWORD" -e "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\`;" | ||
|
|
||
| # Create user for any host '%' and grant privileges (docker uses network connections, not localhost) | ||
| mysql -h "$MYSQL_HOST" --skip-ssl -u root -p"$MYSQL_ROOT_PASSWORD" -e "CREATE USER IF NOT EXISTS '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD';" | ||
| mysql -h "$MYSQL_HOST" --skip-ssl -u root -p"$MYSQL_ROOT_PASSWORD" -e "GRANT ALL PRIVILEGES ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%'; FLUSH PRIVILEGES;" | ||
|
|
||
| # Import schema using client option to disable SSL if server does not have it | ||
| mysql --skip-ssl -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" < $DALORADIUS_PATH/contrib/db/mariadb-daloradius.sql | ||
| echo "Database initialization for daloRADIUS completed." |
There was a problem hiding this comment.
The daloRADIUS database initialization uses mysql/mysqladmin with the --skip-ssl flag (including root connections), which disables TLS even if the MariaDB server supports it and forces credentials and schema traffic to be sent unencrypted. Anyone able to observe traffic on the Docker or host network can capture the root and application DB passwords as well as RADIUS-related data during initialization. Remove --skip-ssl and, where possible, require TLS for client connections to MariaDB so that database credentials and data are encrypted in transit.
| if [ -n "$DEFAULT_CLIENT_SECRET" ]; then | ||
| SECRET=$DEFAULT_CLIENT_SECRET | ||
| fi | ||
| echo "Adding client for $CIDR with default secret $SECRET" |
There was a problem hiding this comment.
init_database logs the NAS shared secret via echo "Adding client for $CIDR with default secret $SECRET", which exposes the RADIUS shared secret in plaintext logs. Anyone with access to container logs or aggregated log storage can retrieve this secret and then impersonate a NAS client against your FreeRADIUS instance. Remove the secret from the log message or mask it so that no usable shared secret value is ever written to logs.
| echo "Adding client for $CIDR with default secret $SECRET" | |
| echo "Adding client for $CIDR with configured shared secret" |
| sed -i 's|ca_file = "/etc/ssl/certs/my_ca.crt"|#ca_file = "/etc/ssl/certs/my_ca.crt"|' $RADIUS_PATH/mods-available/sql #disable sql encryption | ||
| sed -i 's|ca_path = "/etc/ssl/certs/"|#ca_path = "/etc/ssl/certs/"|' $RADIUS_PATH/mods-available/sql #disable sql encryption | ||
| sed -i 's|certificate_file = "/etc/ssl/certs/private/client.crt"|#certificate_file = "/etc/ssl/certs/private/client.crt"|' $RADIUS_PATH/mods-available/sql #disable sql encryption | ||
| sed -i 's|private_key_file = "/etc/ssl/certs/private/client.key"|#private_key_file = "/etc/ssl/certs/private/client.key"|' $RADIUS_PATH/mods-available/sql #disable sql encryption | ||
| sed -i 's|tls_required = yes|tls_required = no|' $RADIUS_PATH/mods-available/sql #disable sql encryption |
There was a problem hiding this comment.
The FreeRADIUS SQL module is being explicitly reconfigured to disable TLS for database connections (ca_file/ca_path/client cert commented out and tls_required = no), forcing all RADIUS accounting and authentication data and DB credentials to travel in cleartext on the network. An attacker with access to the Docker network or underlying host network can sniff these connections to obtain passwords, RADIUS secrets, or other sensitive attributes. Keep TLS enabled for SQL (configure CA/client certs instead of commenting them out) or otherwise enforce encrypted connections between FreeRADIUS and MariaDB.
| sed -i 's|ca_file = "/etc/ssl/certs/my_ca.crt"|#ca_file = "/etc/ssl/certs/my_ca.crt"|' $RADIUS_PATH/mods-available/sql #disable sql encryption | |
| sed -i 's|ca_path = "/etc/ssl/certs/"|#ca_path = "/etc/ssl/certs/"|' $RADIUS_PATH/mods-available/sql #disable sql encryption | |
| sed -i 's|certificate_file = "/etc/ssl/certs/private/client.crt"|#certificate_file = "/etc/ssl/certs/private/client.crt"|' $RADIUS_PATH/mods-available/sql #disable sql encryption | |
| sed -i 's|private_key_file = "/etc/ssl/certs/private/client.key"|#private_key_file = "/etc/ssl/certs/private/client.key"|' $RADIUS_PATH/mods-available/sql #disable sql encryption | |
| sed -i 's|tls_required = yes|tls_required = no|' $RADIUS_PATH/mods-available/sql #disable sql encryption | |
| # Ensure SQL TLS options remain enabled (do not disable encryption) | |
| sed -i 's|#ca_file = "/etc/ssl/certs/my_ca.crt"|ca_file = "/etc/ssl/certs/my_ca.crt"|' $RADIUS_PATH/mods-available/sql | |
| sed -i 's|#ca_path = "/etc/ssl/certs/"|ca_path = "/etc/ssl/certs/"|' $RADIUS_PATH/mods-available/sql | |
| sed -i 's|#certificate_file = "/etc/ssl/certs/private/client.crt"|certificate_file = "/etc/ssl/certs/private/client.crt"|' $RADIUS_PATH/mods-available/sql | |
| sed -i 's|#private_key_file = "/etc/ssl/certs/private/client.key"|private_key_file = "/etc/ssl/certs/private/client.key"|' $RADIUS_PATH/mods-available/sql | |
| sed -i 's|tls_required = no|tls_required = yes|' $RADIUS_PATH/mods-available/sql |
|
@tomasecastro in the future, it is better to submit small changes in a PR so it is easier to review. It seems this code contribution was entirely made by a coding agent, so I'd like to ask you to please carefully review the code changes before we merge 🙏 |
|
@*lirantal*
Hi Liran, it wasn't fully completed, but part of it was. The rest was
learning how to organize Docker directories and name them correctly.
Most of it was migrating your database initialization scripts to adapt them
to the new structure so they work correctly in Docker, especially Docker
Compose.
I'll make the changes suggested by the Git Actions to improve security,
which I was forced to make because it wasn't working correctly when
deployed.
Thanks,
Tomas Castro
email: ***@***.***
msn: ***@***.***
skype: tomasecastro
El vie, 26 dic 2025 a la(s) 2:19 p.m., Liran Tal ***@***.***)
escribió:
… *lirantal* left a comment (lirantal/daloradius#643)
<#643 (comment)>
@tomasecastro <https://github.com/tomasecastro> in the future, it is
better to submit small changes in a PR so it is easier to review.
It seems this code contribution was entirely made by a coding agent, so
I'd like to ask you to please carefully review the code changes before we
merge 🙏
—
Reply to this email directly, view it on GitHub
<#643 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEV6XAC5H64KGJVKZVWHRV34DUYUJAVCNFSM6AAAAACQB35REGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMOJSHA2TQMJQGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
…certificates Summary: Implement TLS for MariaDB so FreeRADIUS and daloRADIUS communicate with the database over SSL. Add scripts and configuration to generate host certificates, create a secrets directory for sensitive keys, copy certs into the shared Docker volume and configure MariaDB to use them. After these changes MariaDB should start successfully with SSL enabled. Changes: Add script to create a new secrets directory to store sensitive data (Docker user keys, certs). Add script to generate CA, server certificate and key for MariaDB on the host. Add logic to copy generated certificates into the shared Docker volume (mariadb_certs). Add MariaDB TLS configuration file (mounted at /etc/mysql/conf.d/tls.cnf) to enable SSL and point to the cert files. Ensure docker-compose mounts the cert volume and tls.cnf so MariaDB runs with SSL. Notes: Changes are structured as small, focused PRs: secrets dir script, cert generation and copy, TLS config file, and compose volume mounts. No changes to application credentials; certificates are generated locally and mounted into containers. Test: Run this command: docker exec -it radius-mysql mysql -uroot -p -e "SHOW GLOBAL VARIABLES LIKE 'have_ssl'; SHOW VARIABLES LIKE 'ssl_%';" It will ask for the MariaDB root password. In this case: MYSQL_ROOT_PASSWORD=radiusrootdbpw Expected output similar to: +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_ssl | YES | +---------------+-------+ +---------------+---------------------------------------+ | Variable_name | Value | +---------------+---------------------------------------+ | ssl_ca | /etc/mysql/certs/mysql_ca.pem | | ssl_capath | | | ssl_cert | /etc/mysql/certs/mysql_server.pem | | ssl_cipher | | | ssl_crl | | | ssl_crlpath | | | ssl_key | /etc/mysql/certs/mysql_server.key.pem | +---------------+---------------------------------------+ This indicates MariaDB is configured to use SSL.
…cates Summary: Enable TLS for MariaDB so FreeRADIUS and daloRADIUS communicate with the database over SSL. Add host-side scripts and configuration to generate a CA and server certificates, store secrets, copy certs into the shared Docker volume, and configure MariaDB to use them. After these changes MariaDB starts with SSL enabled. Changes: - Add scripts to create a secrets directory and generate CA + server certificate/key for MariaDB. - Copy generated certificates into the mariadb_certs Docker volume and set correct permissions/ownership. - Add MariaDB TLS configuration file (docker/mariadb/tls.cnf) mounted at /etc/mysql/conf.d/tls.cnf. - Update docker-compose to mount the cert volume and tls.cnf so MariaDB runs with SSL. - Add README in secrets describing generated files. - Update .gitignore: - Ignore /secrets/* but allow secrets/README.md - Ignore local .env - Fix IDE entry (.idea/) Other updates: - Added random password generation for SECRETS_DIR/mysql_root_password and for the database 'radius' user (mysql_password). - Added CRLF removal/sanitization for files edited on Windows before use on Linux. - Ensure generated password files (SECRETS_DIR/mysql_root_password and SECRETS_DIR/mysql_password) do not contain CRLF. - Install MariaDB client on the host so freeradius/daloradius schemas can be applied by the installer. - Added an informational summary at the end of the installer script with DB connection details.
Summary: Add .env.example Update install-docker-compose.sh to include Step 4 that guarantees .env will exist. If .env is missing the script copies .env.example Add creates a minimal .env, sanitizes CRLF/BOM and sets secure permissions.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
@tomasecastro I appreciate the work here. If you ever get time to finish and complete this to be a working setup then I'm happy to merge it. Let me know. |
User description
Summary
What changed
Configuration (important)
Migration notes
nas/REPLACE INTOnas/g' nas_data.sql > nas_replace.sqlHow to test
Security & notes
Files of interest
Request
PR Type
Enhancement
Description
Add Docker Compose orchestration with MariaDB, FreeRADIUS, and daloRADIUS services
Implement environment-driven configuration through .env file for all credentials and settings
Create initialization scripts for FreeRADIUS and daloRADIUS database and service setup
Configure FreeRADIUS SQL module with MySQL backend and client authentication from database
Update docker-compose.yml to use environment variables and fix volume mount paths
Diagram Walkthrough
File Walkthrough
init.sh
daloRADIUS initialization and database setup scriptdocker/daloradius/init.sh
substituting environment variables
networking (host '%')
init-freeradius.sh
FreeRADIUS SQL module configuration and initializationdocker/freeradius/init-freeradius.sh
environment-based credentials
support
secret
with log tailing
Dockerfile
Update daloRADIUS log file locationDockerfile
persistence
docker-compose.yml
Refactor docker-compose to use environment variablesdocker-compose.yml
all services
data
Dockerfile
daloRADIUS Docker image with Apache2 and PHPdocker/daloradius/Dockerfile
dependencies
MariaDB client
operators interfaces
normalization
Dockerfile-freeradius
FreeRADIUS Docker image with MySQL supportdocker/freeradius/Dockerfile-freeradius
timezone data
permissions
.env
Environment configuration file with service credentials.env
password)