Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
182 lines (157 sloc)
6.61 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM rockylinux:8.6 AS php-build | |
| RUN dnf -y install dnf-plugins-core | |
| RUN yum -y install epel-release | |
| RUN dnf config-manager --set-enabled powertools | |
| RUN yum -y update && yum -y install \ | |
| autoconf \ | |
| bison \ | |
| gcc \ | |
| httpd-devel \ | |
| libargon2-devel \ | |
| libcurl-devel \ | |
| libedit-devel \ | |
| libsodium-devel \ | |
| libxml2-devel \ | |
| libxslt-devel \ | |
| make \ | |
| mariadb-devel \ | |
| oniguruma-devel \ | |
| openldap-devel \ | |
| openssl-devel \ | |
| postgresql-devel \ | |
| re2c \ | |
| sqlite-devel \ | |
| findutils \ | |
| wget | |
| WORKDIR /usr/local/src | |
| ARG PHP_VERSION=7.4.30 | |
| ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz | |
| RUN mkdir php-src \ | |
| && wget -O php-src.tar.gz ${PHP_SRC_URL} \ | |
| && tar zxf php-src.tar.gz -C php-src --strip-components=1 \ | |
| && rm php-src.tar.gz | |
| ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2" | |
| ENV PHP_CPPFLAGS="$PHP_CFLAGS" | |
| ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie" | |
| RUN cd php-src \ | |
| && ./buildconf --force \ | |
| && ./configure \ | |
| --disable-cgi \ | |
| --enable-mbstring \ | |
| --enable-mysqlnd \ | |
| --with-apxs2=/usr/bin/apxs \ | |
| --with-config-file-path=/usr/local/etc/php \ | |
| --with-config-file-scan-dir=/usr/local/etc/php/conf.d \ | |
| --with-curl \ | |
| --with-ldap \ | |
| --with-libdir=lib64 \ | |
| --with-libedit \ | |
| --with-mysqli \ | |
| --with-openssl \ | |
| --with-password-argon2 \ | |
| --with-pdo-mysql \ | |
| --with-pdo-pgsql \ | |
| --with-pgsql \ | |
| --with-sodium \ | |
| --with-xsl \ | |
| --with-zlib \ | |
| && export CFLAGS="$PHP_CFLAGS" \ | |
| && export CPPFLAGS="$PHP_CPPFLAGS" \ | |
| && export LDFLAGS="$PHP_LDFLAGS" \ | |
| && make -j "$(nproc)" \ | |
| && make install | |
| FROM i2incommon/shibboleth_sp:3.4.0_02092023_rocky8_multiarch | |
| RUN rm -f /etc/yum.repos.d/security:shibboleth.repo | |
| RUN dnf -y install dnf-plugins-core && dnf config-manager --set-enabled powertools | |
| RUN yum -y update && yum -y install \ | |
| libedit-devel \ | |
| autoconf \ | |
| bison \ | |
| gcc \ | |
| httpd-devel \ | |
| libargon2-devel \ | |
| libcurl-devel \ | |
| libsodium-devel \ | |
| libxml2-devel \ | |
| libxslt-devel \ | |
| make \ | |
| mariadb-devel \ | |
| oniguruma-devel \ | |
| openldap-devel \ | |
| openssl-devel \ | |
| postgresql-devel \ | |
| re2c \ | |
| wget \ | |
| supervisor \ | |
| && yum clean -y all | |
| COPY --from=php-build /usr/lib64/httpd/modules/libphp7.so /usr/lib64/httpd/modules/ | |
| COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/ | |
| COPY --from=php-build /usr/local/include/php /usr/local/include/php/ | |
| COPY --from=php-build /usr/local/bin /usr/local/bin/ | |
| RUN /usr/local/bin/php -v | |
| ARG COMANAGE_REGISTRY_VERSION=4.1.0 | |
| ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz | |
| ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION} | |
| LABEL comanage_registry_version=${COMANAGE_REGISTRY_VERSION} | |
| LABEL comanage_registry_src_url=${COMANAGE_REGISTRY_SRC_URL} | |
| ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry | |
| WORKDIR "$COMANAGE_REGISTRY_DIR" | |
| RUN mkdir -p "${COMANAGE_REGISTRY_DIR}" \ | |
| && wget -O comanage.tar.gz ${COMANAGE_REGISTRY_SRC_URL} \ | |
| && tar -zxf comanage.tar.gz -C ${COMANAGE_REGISTRY_DIR} --strip-components=1 \ | |
| && rm -f comanage.tar.gz \ | |
| && rm -f ${COMANAGE_REGISTRY_DIR}/app/tmp \ | |
| && cp -r ${COMANAGE_REGISTRY_DIR}/app/tmp.dist ${COMANAGE_REGISTRY_DIR}/app/tmp \ | |
| && chown -R apache:apache ${COMANAGE_REGISTRY_DIR}/app/tmp \ | |
| && cd /var/www/html \ | |
| && ln -s ${COMANAGE_REGISTRY_DIR}/app/webroot registry \ | |
| && rm -rf ${COMANAGE_REGISTRY_DIR}/local/* \ | |
| && ln -s ${COMANAGE_REGISTRY_DIR}/local /local | |
| COPY container_files/httpd/000-comanage.conf /etc/httpd/conf.d/ | |
| COPY container_files/httpd/10-php7.conf /etc/httpd/conf.modules.d/ | |
| COPY container_files/httpd/php.conf /etc/httpd/conf.d/ | |
| COPY container_files/system/supervisord.conf /usr/local/etc/supervisord.conf | |
| COPY container_files/shibboleth/shibd.logger /etc/shibboleth/ | |
| COPY container_files/shibboleth/native.logger /etc/shibboleth/ | |
| COPY container_files/httpd/httpd.conf /etc/httpd/conf/ | |
| COPY container_files/system/sendtierbeacon.sh /usr/local/bin/sendtierbeacon.sh | |
| COPY container_files/system/setupcron.sh /usr/local/bin/setupcron.sh | |
| RUN cd /etc/httpd/conf.d \ | |
| && rm -f autoindex.conf ssl.conf userdir.conf welcome.conf \ | |
| && cd /etc/httpd \ | |
| && ln -s /etc/pki/tls/certs/localhost.crt cert.pem \ | |
| && ln -s /etc/pki/tls/private/localhost.key privkey.pem \ | |
| && chmod 755 /usr/local/bin/sendtierbeacon.sh \ | |
| && chmod 755 /usr/local/bin/setupcron.sh \ | |
| && /usr/local/bin/setupcron.sh | |
| # Allow values for first administrator bootstrapped into the | |
| # platform to be specified at image build time, in addition to | |
| # being injected at run time through the entrypoint script. | |
| ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME | |
| ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME | |
| ARG COMANAGE_REGISTRY_ADMIN_USERNAME | |
| ARG COMANAGE_REGISTRY_ENABLE_POOLING | |
| # Set simple defaults for first administrator bootstrapped into the | |
| # platform to make simple evaluation of the platform easier. | |
| ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME:-Registry} | |
| ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME:-Admin} | |
| ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME:-registry.admin} | |
| ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING:-No} | |
| EXPOSE 80 443 | |
| COPY container_files/system/docker-comanage-entrypoint /usr/local/bin/ | |
| COPY container_files/system/docker-comanage-shibboleth-sp-entrypoint /usr/local/bin/ | |
| COPY container_files/system/docker-supervisord-entrypoint /usr/local/bin/ | |
| # TIER Beacon Opt-out | |
| # | |
| # Completely uncomment the following ENV line to prevent the containers from | |
| # sending analytics information to Internet2. With the default/release | |
| # configuration, it will only send product (Shibb/Grouper/COmanage) and version | |
| # (3.3.1-17040, etc) once daily between midnight and 4am. There is no | |
| # configuration or private information collected or sent. This data helps with | |
| # the scaling and funding of TIER. Please do not disable it if you find the | |
| # TIER tools useful. To keep it commented, keep multiple comments on the | |
| # following line (to prevent other scripts from processing it). | |
| ##### ENV TIER_BEACON_OPT_OUT True | |
| ENV TIER_RELEASE=20230215 | |
| ENV TIER_MAINTAINER=i2incommon | |
| ENTRYPOINT ["docker-supervisord-entrypoint"] | |