--- title: Ping Identity DevOps Docker Image - pingdirectoryproxy description: This docker image includes the Ping Identity PingDirectoryProxy product binaries and associated hook scripts to create and run a PingDirectoryProxy instance or instances. component: devops page_id: devops::docker-images/pingdirectoryproxy/README canonical_url: https://developer.pingidentity.com/devops/docker-images/pingdirectoryproxy/README.html section_ids: devops-ping-identity-devops-docker-image: Ping Identity DevOps Docker Image - pingdirectoryproxy devops-related-docker-images: Related Docker Images devops-environment-variables: Environment Variables devops-ports-exposed: Ports Exposed devops-running-a-pingdirectoryproxy-container: Running a PingDirectoryProxy container devops-running-a-sample-100sec-search-rate-test: Running a sample 100/sec search rate test devops-connecting-with-an-ldap-client: Connecting with an LDAP Client devops-stoppingremoving-the-container: Stopping/Removing the container devops-docker-container-hook-scripts: Docker Container Hook Scripts --- # Ping Identity DevOps Docker Image - `pingdirectoryproxy` ## Ping Identity DevOps Docker Image - `pingdirectoryproxy` This docker image includes the Ping Identity PingDirectoryProxy product binaries and associated hook scripts to create and run a PingDirectoryProxy instance or instances. ### Related Docker Images * `pingidentity/pingbase` - Parent Image > This image inherits inherits, and can use, Environment Variables from [pingidentity/pingbase](https://devops.pingidentity.com/docker-images/pingbase/) * `pingidentity/pingdatacommon` - Common Ping files (i.e. hook scripts)\\ ### Environment Variables In addition to environment variables inherited from **[pingidentity/pingbase](https://devops.pingidentity.com/docker-images/pingbase/)**, the following environment `ENV` variables can be used with this image. | ENV Variable | Default | Description | | ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SHIM | ${SHIM} | | | IMAGE\_VERSION | ${IMAGE\_VERSION} | | | IMAGE\_GIT\_REV | ${IMAGE\_GIT\_REV} | | | DATE | ${DATE} | | | PING\_PRODUCT\_VERSION | ${VERSION} | | | PING\_PRODUCT | PingDirectoryProxy | Ping product name | | LICENSE\_FILE\_NAME | PingDirectory.lic | Name of license File | | LICENSE\_DIR | ${PD\_LICENSE\_DIR} | PD License directory. This value is set from the pingbase docker file | | LICENSE\_SHORT\_NAME | PD | Short name used when retrieving license from License Server | | LICENSE\_VERSION | ${LICENSE\_VERSION} | Version used when retrieving license from License Server | | ADMIN\_USER\_NAME | admin | Replication administrative user | | STARTUP\_COMMAND | ${SERVER\_ROOT\_DIR}/bin/start-server | The command that the entrypoint will execute in the foreground to instantiate the container | | PD\_DELEGATOR\_PUBLIC\_HOSTNAME | localhost | Public hostname of the DA app | | STARTUP\_FOREGROUND\_OPTS | --nodetach | The command-line options to provide to the the startup command when the container starts with the server in the foreground. This is the normal start flow for the container | | STARTUP\_BACKGROUND\_OPTS | | The command-line options to provide to the the startup command when the container starts with the server in the background. This is the debug start flow for the container | | ROOT\_USER\_PASSWORD\_FILE | | Location of file with the root user password (i.e. cn=directory manager). Defaults to /SECRETS\_DIR/root-user-password | | KEYSTORE\_FILE | | Location of the keystore file containing the server certificate. If left undefined, the SECRETS\_DIR will be checked for a keystore. If that keystore does not exist, the server will generate a self-signed certificate. | | KEYSTORE\_PIN\_FILE | | Location of the pin file for the keystore defined in KEYSTORE\_FILE. You must specify a KEYSTORE\_PIN\_FILE when a KEYSTORE\_FILE is present. This value does not need to be defined when allowing the server to generate a self-signed certificate. | | KEYSTORE\_TYPE | | Format of the keystore defined in KEYSTORE\_FILE. One of "jks", "pkcs12", "pem", or "bcfks" (in FIPS mode). If not defined, the keystore format will be inferred based on the file extension of the KEYSTORE\_FILE, defaulting to "jks". | | TRUSTSTORE\_FILE | | Location of the truststore file for the server. If left undefined, the SECRETS\_DIR will be checked for a truststore. If that truststore does not exist, the server will generate a truststore, containing its own certificate. | | TRUSTSTORE\_PIN\_FILE | | Location of the pin file for the truststore defined in TRUSTSTORE\_FILE. You must specify a TRUSTSTORE\_PIN\_FILE when a TRUSTSTORE\_FILE is present. This value does not need to be defined when allowing the server to generate a truststore. | | TRUSTSTORE\_TYPE | | Format of the truststore defined in TRUSTSTORE\_FILE. One of "jks", "pkcs12", "pem", or "bcfks" (in FIPS mode). If not defined, the truststore format will be inferred based on the file extension of the TRUSTSTORE\_FILE, defaulting to "jks". | | TAIL\_LOG\_FILES | ${SERVER\_ROOT\_DIR}/logs/access ${SERVER\_ROOT\_DIR}/logs/errors ${SERVER\_ROOT\_DIR}/logs/failed-ops ${SERVER\_ROOT\_DIR}/logs/config-audit.log ${SERVER\_ROOT\_DIR}/logs/tools/.log ${SERVER\_BITS\_DIR}/logs/tools/.log | Files tailed once container has started | | PD\_PROFILE | ${STAGING\_DIR}/pd.profile | Directory for the profile used by the PingData manage-profile tool | | UNBOUNDID\_SKIP\_START\_PRECHECK\_NODETACH | true | Setting this variable to true speeds up server startup time by skipping an unnecessary JVM check. | | CERTIFICATE\_NICKNAME | | There is an additional certificate-based variable used to identity the certificate alias used within the `KEYSTORE_FILE`. That variable is called `CERTIFICATE_NICKNAME`, which identifies the certificate to use by the server in the `KEYSTORE_FILE`. If a value is not provided, the container will look at the list certs found in the `KEYSTORE_FILE` and if one - and only one - certificate is found of type `PrivateKeyEntry`, that alias will be used. | | RETRY\_TIMEOUT\_SECONDS | 180 | The default retry timeout in seconds for manage-topology and remove-defunct-server | | PINGDIRECTORY\_HOSTNAME | | Set this variable to configure Proxy for automatic server discovery with PingDirectory hostname JOIN\_PD\_TOPOLOGY must be enabled for PINGDIRECTORY\_HOSTNAME to take effect | | PINGDIRECTORY\_LDAPS\_PORT | | Set this variable to configure Proxy for automatic server discovery with PingDirectory LDAPS port JOIN\_PD\_TOPOLOGY must be enabled for PINGDIRECTORY\_LDAPS\_PORT to take effect | | JOIN\_PD\_TOPOLOGY | false | Setting this variable to true will configure proxy to join the topology of PingDirectory | | COLUMNS | 120 | Sets the number of columns in PingDirectoryProxy command-line tool output | ### Ports Exposed The following ports are exposed from the container. If a variable is used, then it may come from a parent container * ${LDAP\_PORT} * ${LDAPS\_PORT} * ${HTTPS\_PORT} * ${JMX\_PORT} ### Running a PingDirectoryProxy container The easiest way to test test a simple standalone image of PingDirectoryProxy is to cut/paste the following command into a terminal on a machine with docker. ```shell docker exec -it pingdirectoryproxy \ /opt/out/instance/bin/searchrate \ -b dc=example,dc=com \ --scope sub \ --filter "(uid=user.[1-9])" \ --attribute mail \ --numThreads 2 \ --ratePerSecond 100 ``` You can view the Docker logs with the command: ```shell docker logs -f pingdirectoryproxy ``` You should see the output from a PingDirectoryProxy install and configuration, ending with a message the the PingDirectoryProxy has started. After it starts, you will see some typical access logs. Simply `Ctrl-C` after to stop tailing the logs. ### Running a sample 100/sec search rate test With the PingDirectoryProxy running from the previous section, you can run a `searchrate` job that will send load to the directory at a rate if 100/sec using the following command. ```shell docker exec -it pingdirectoryproxy \ /opt/out/instance/bin/searchrate \ -b dc=example,dc=com \ --scope sub \ --filter "(uid=user.[1-9])" \ --attribute mail \ --numThreads 2 \ --ratePerSecond 100 ``` ### Connecting with an LDAP Client Connect an LDAP Client (such as Apache Directory Studio) to this container using the default ports and credentials | | | | ------------- | ----------------- | | LDAP Port | 1389 | | LDAP Base DN | dc=example,dc=com | | Root Username | cn=administrator | | Root Password | 2FederateM0re | ### Stopping/Removing the container To stop the container: ```shell docker container stop pingdirectoryproxy ``` To remove the container: ```shell docker container rm -f pingdirectoryproxy ``` ### Docker Container Hook Scripts Please go [here](https://github.com/pingidentity/pingidentity-devops-getting-started/tree/master/docs/docker-images/pingdirectoryproxy/hooks/README.md) for details on all pingdirectoryproxy hook scripts *** This document is auto-generated from *[pingdirectoryproxy/Dockerfile](https://github.com/pingidentity/pingidentity-docker-builds/blob/master/pingdirectoryproxy/Dockerfile)* Copyright © 2026 Ping Identity Corporation