diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a504873
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,182 @@
+FROM rockylinux:8.6 AS php-build
+
+RUN dnf -y install dnf-plugins-core
+RUN yum -y install epel-release
+RUN dnf config-manager --set-enabled powertools
+RUN yum -y update && yum -y install \
+ autoconf \
+ bison \
+ gcc \
+ httpd-devel \
+ libargon2-devel \
+ libcurl-devel \
+ libedit-devel \
+ libsodium-devel \
+ libxml2-devel \
+ libxslt-devel \
+ make \
+ mariadb-devel \
+ oniguruma-devel \
+ openldap-devel \
+ openssl-devel \
+ postgresql-devel \
+ re2c \
+ sqlite-devel \
+ findutils \
+ wget
+
+WORKDIR /usr/local/src
+
+ARG PHP_VERSION=7.4.30
+ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
+
+RUN mkdir php-src \
+ && wget -O php-src.tar.gz ${PHP_SRC_URL} \
+ && tar zxf php-src.tar.gz -C php-src --strip-components=1 \
+ && rm php-src.tar.gz
+
+ENV PHP_CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV PHP_CPPFLAGS="$PHP_CFLAGS"
+ENV PHP_LDFLAGS="-Wl,-O1 -Wl,--hash-style=both -pie"
+
+RUN cd php-src \
+ && ./buildconf --force \
+ && ./configure \
+ --disable-cgi \
+ --enable-mbstring \
+ --enable-mysqlnd \
+ --with-apxs2=/usr/bin/apxs \
+ --with-config-file-path=/usr/local/etc/php \
+ --with-config-file-scan-dir=/usr/local/etc/php/conf.d \
+ --with-curl \
+ --with-ldap \
+ --with-libdir=lib64 \
+ --with-libedit \
+ --with-mysqli \
+ --with-openssl \
+ --with-password-argon2 \
+ --with-pdo-mysql \
+ --with-pdo-pgsql \
+ --with-pgsql \
+ --with-sodium \
+ --with-xsl \
+ --with-zlib \
+ && export CFLAGS="$PHP_CFLAGS" \
+ && export CPPFLAGS="$PHP_CPPFLAGS" \
+ && export LDFLAGS="$PHP_LDFLAGS" \
+ && make -j "$(nproc)" \
+ && make install
+
+FROM i2incommon/shibboleth_sp:3.4.0_02092023_rocky8_multiarch
+
+RUN rm -f /etc/yum.repos.d/security:shibboleth.repo
+RUN dnf -y install dnf-plugins-core && dnf config-manager --set-enabled powertools
+RUN yum -y update && yum -y install \
+ libedit-devel \
+ autoconf \
+ bison \
+ gcc \
+ httpd-devel \
+ libargon2-devel \
+ libcurl-devel \
+ libsodium-devel \
+ libxml2-devel \
+ libxslt-devel \
+ make \
+ mariadb-devel \
+ oniguruma-devel \
+ openldap-devel \
+ openssl-devel \
+ postgresql-devel \
+ re2c \
+ wget \
+ supervisor \
+ && yum clean -y all
+
+COPY --from=php-build /usr/lib64/httpd/modules/libphp7.so /usr/lib64/httpd/modules/
+COPY --from=php-build /usr/local/lib/php /usr/local/lib/php/
+COPY --from=php-build /usr/local/include/php /usr/local/include/php/
+COPY --from=php-build /usr/local/bin /usr/local/bin/
+
+RUN /usr/local/bin/php -v
+
+ARG COMANAGE_REGISTRY_VERSION=4.1.0
+ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/${COMANAGE_REGISTRY_VERSION}.tar.gz
+ENV COMANAGE_REGISTRY_VERSION ${COMANAGE_REGISTRY_VERSION}
+
+LABEL comanage_registry_version=${COMANAGE_REGISTRY_VERSION}
+LABEL comanage_registry_src_url=${COMANAGE_REGISTRY_SRC_URL}
+
+ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry
+
+WORKDIR "$COMANAGE_REGISTRY_DIR"
+
+RUN mkdir -p "${COMANAGE_REGISTRY_DIR}" \
+ && wget -O comanage.tar.gz ${COMANAGE_REGISTRY_SRC_URL} \
+ && tar -zxf comanage.tar.gz -C ${COMANAGE_REGISTRY_DIR} --strip-components=1 \
+ && rm -f comanage.tar.gz \
+ && rm -f ${COMANAGE_REGISTRY_DIR}/app/tmp \
+ && cp -r ${COMANAGE_REGISTRY_DIR}/app/tmp.dist ${COMANAGE_REGISTRY_DIR}/app/tmp \
+ && chown -R apache:apache ${COMANAGE_REGISTRY_DIR}/app/tmp \
+ && cd /var/www/html \
+ && ln -s ${COMANAGE_REGISTRY_DIR}/app/webroot registry \
+ && rm -rf ${COMANAGE_REGISTRY_DIR}/local/* \
+ && ln -s ${COMANAGE_REGISTRY_DIR}/local /local
+
+COPY container_files/httpd/000-comanage.conf /etc/httpd/conf.d/
+COPY container_files/httpd/10-php7.conf /etc/httpd/conf.modules.d/
+COPY container_files/httpd/php.conf /etc/httpd/conf.d/
+COPY container_files/system/supervisord.conf /usr/local/etc/supervisord.conf
+COPY container_files/shibboleth/shibd.logger /etc/shibboleth/
+COPY container_files/shibboleth/native.logger /etc/shibboleth/
+COPY container_files/httpd/httpd.conf /etc/httpd/conf/
+COPY container_files/system/sendtierbeacon.sh /usr/local/bin/sendtierbeacon.sh
+COPY container_files/system/setupcron.sh /usr/local/bin/setupcron.sh
+
+RUN cd /etc/httpd/conf.d \
+ && rm -f autoindex.conf ssl.conf userdir.conf welcome.conf \
+ && cd /etc/httpd \
+ && ln -s /etc/pki/tls/certs/localhost.crt cert.pem \
+ && ln -s /etc/pki/tls/private/localhost.key privkey.pem \
+ && chmod 755 /usr/local/bin/sendtierbeacon.sh \
+ && chmod 755 /usr/local/bin/setupcron.sh \
+ && /usr/local/bin/setupcron.sh
+
+# Allow values for first administrator bootstrapped into the
+# platform to be specified at image build time, in addition to
+# being injected at run time through the entrypoint script.
+ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME
+ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME
+ARG COMANAGE_REGISTRY_ADMIN_USERNAME
+ARG COMANAGE_REGISTRY_ENABLE_POOLING
+
+# Set simple defaults for first administrator bootstrapped into the
+# platform to make simple evaluation of the platform easier.
+ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME:-Registry}
+ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME:-Admin}
+ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME:-registry.admin}
+ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING:-No}
+
+EXPOSE 80 443
+
+COPY container_files/system/docker-comanage-entrypoint /usr/local/bin/
+COPY container_files/system/docker-comanage-shibboleth-sp-entrypoint /usr/local/bin/
+COPY container_files/system/docker-supervisord-entrypoint /usr/local/bin/
+
+# TIER Beacon Opt-out
+#
+# Completely uncomment the following ENV line to prevent the containers from
+# sending analytics information to Internet2. With the default/release
+# configuration, it will only send product (Shibb/Grouper/COmanage) and version
+# (3.3.1-17040, etc) once daily between midnight and 4am. There is no
+# configuration or private information collected or sent. This data helps with
+# the scaling and funding of TIER. Please do not disable it if you find the
+# TIER tools useful. To keep it commented, keep multiple comments on the
+# following line (to prevent other scripts from processing it).
+##### ENV TIER_BEACON_OPT_OUT True
+
+ENV TIER_RELEASE=20230215
+ENV TIER_MAINTAINER=i2incommon
+
+ENTRYPOINT ["docker-supervisord-entrypoint"]
+
diff --git a/container_files/httpd/000-comanage.conf b/container_files/httpd/000-comanage.conf
new file mode 100644
index 0000000..b198062
--- /dev/null
+++ b/container_files/httpd/000-comanage.conf
@@ -0,0 +1,86 @@
+# COmanage Registry Apache HTTP Server configuration
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+Listen 443
+ServerName %%SERVER_NAME%%
+PassEnv ENV
+PassEnv USERTOKEN
+
+
+ServerName http://%%SERVER_NAME%%:80
+RewriteEngine On
+RewriteCond %{HTTPS} off
+RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]
+
+
+
+
+ServerName https://%%SERVER_NAME%%:443
+
+PassEnv ENV
+PassEnv USERTOKEN
+
+DocumentRoot /var/www/html
+
+RedirectMatch ^/$ /registry/
+
+ErrorLogFormat "httpd;ssl_error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
+ErrorLog /tmp/logpipe
+LogLevel warn
+
+LogFormat "httpd;ssl_access_log;%{ENV}e;%{USERTOKEN}e;%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
+CustomLog /tmp/logpipe ssl_combined
+
+Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+
+SSLEngine on
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+SSLHonorCipherOrder on
+
+SSLCertificateFile /etc/httpd/cert.pem
+SSLCertificateKeyFile /etc/httpd/privkey.pem
+
+
+Options Indexes FollowSymLinks
+DirectoryIndex index.php
+AllowOverride All
+Require all granted
+
+
+
+SetHandler shib
+
+
+
+AuthType shibboleth
+ShibRequestSetting requireSession 1
+Require valid-user
+
+
+
+AuthType shibboleth
+Require shibboleth
+
+
+RewriteEngine On
+RewriteCond %{QUERY_STRING} !after_redirect
+RewriteRule ^/registry/auth/logout.* https://%%SERVER_NAME%%/Shibboleth.sso/Logout?return=https://%%SERVER_NAME%%/registry/auth/logout/?after_redirect [L,R]
+
+
diff --git a/container_files/httpd/10-php7.conf b/container_files/httpd/10-php7.conf
new file mode 100644
index 0000000..64ef2d7
--- /dev/null
+++ b/container_files/httpd/10-php7.conf
@@ -0,0 +1,3 @@
+
+ LoadModule php7_module modules/libphp7.so
+
diff --git a/container_files/httpd/httpd.conf b/container_files/httpd/httpd.conf
new file mode 100644
index 0000000..3cbc05a
--- /dev/null
+++ b/container_files/httpd/httpd.conf
@@ -0,0 +1,74 @@
+# COmanage Registry Apache HTTP Server configuration
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ServerRoot "/etc/httpd"
+Listen 80
+Include conf.modules.d/*.conf
+User apache
+Group apache
+ServerAdmin root@localhost
+
+
+ AllowOverride none
+ Require all denied
+
+
+DocumentRoot "/var/www/html"
+
+
+ AllowOverride None
+ # Allow open access:
+ Require all granted
+
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+DirectoryIndex index.html
+
+
+ Require all denied
+
+
+PassEnv ENV
+PassEnv USERTOKEN
+
+ErrorLogFormat "httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
+ErrorLog "/tmp/logpipe"
+LogLevel warn
+
+LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+CustomLog "/tmp/logpipe" combined
+
+TypesConfig /etc/mime.types
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType text/html .shtml
+AddOutputFilter INCLUDES .shtml
+
+AddDefaultCharset UTF-8
+
+MIMEMagicFile conf/magic
+
+EnableSendfile on
+
+IncludeOptional conf.d/*.conf
diff --git a/container_files/httpd/php.conf b/container_files/httpd/php.conf
new file mode 100644
index 0000000..ffda6de
--- /dev/null
+++ b/container_files/httpd/php.conf
@@ -0,0 +1,10 @@
+
+ SetHandler application/x-httpd-php
+
+
+AddType text/html .php
+
+DirectoryIndex index.php
+
+#php_value session.save_handler "files"
+#php_value session.save_path "/var/lib/php/session"
diff --git a/container_files/shibboleth/attribute-map.xml b/container_files/shibboleth/attribute-map.xml
new file mode 100644
index 0000000..a974e0d
--- /dev/null
+++ b/container_files/shibboleth/attribute-map.xml
@@ -0,0 +1,154 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/container_files/shibboleth/native.logger b/container_files/shibboleth/native.logger
new file mode 100644
index 0000000..0b01f32
--- /dev/null
+++ b/container_files/shibboleth/native.logger
@@ -0,0 +1,39 @@
+# set overall behavior
+log4j.rootCategory=INFO, native_log, warn_log
+
+# fairly verbose for DEBUG, so generally leave at INFO
+log4j.category.XMLTooling.XMLObject=INFO
+log4j.category.XMLTooling.KeyInfoResolver=INFO
+log4j.category.Shibboleth.IPRange=INFO
+log4j.category.Shibboleth.PropertySet=INFO
+
+# raise for low-level tracing of SOAP client HTTP/SSL behavior
+log4j.category.XMLTooling.libcurl=INFO
+
+# useful categories to tune independently:
+#
+# tracing of SAML messages and security policies
+#log4j.category.OpenSAML.MessageDecoder=DEBUG
+#log4j.category.OpenSAML.MessageEncoder=DEBUG
+#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
+# interprocess message remoting
+#log4j.category.Shibboleth.Listener=DEBUG
+# mapping of requests to applicationId
+#log4j.category.Shibboleth.RequestMapper=DEBUG
+# high level session cache operations
+#log4j.category.Shibboleth.SessionCache=DEBUG
+# persistent storage and caching
+#log4j.category.XMLTooling.StorageService=DEBUG
+
+# define the appender
+
+log4j.appender.native_log=org.apache.log4j.FileAppender
+log4j.appender.native_log.fileName=/tmp/logpipe
+log4j.appender.native_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.native_log.layout.ConversionPattern=shibd;native.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+
+log4j.appender.warn_log=org.apache.log4j.FileAppender
+log4j.appender.warn_log.fileName=/tmp/logpipe
+log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.warn_log.layout.ConversionPattern=shibd;native_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+log4j.appender.warn_log.threshold=WARN
diff --git a/container_files/shibboleth/shibboleth.repo b/container_files/shibboleth/shibboleth.repo
new file mode 100644
index 0000000..f8b0e00
--- /dev/null
+++ b/container_files/shibboleth/shibboleth.repo
@@ -0,0 +1,10 @@
+[shibboleth]
+name=Shibboleth (CentOS_7)
+# Please report any problems to https://shibboleth.atlassian.net/jira
+type=rpm-md
+mirrorlist=https://shibboleth.net/cgi-bin/mirrorlist.cgi/CentOS_7
+gpgcheck=1
+gpgkey=https://shibboleth.net/downloads/service-provider/RPMS/repomd.xml.key
+ https://shibboleth.net/downloads/service-provider/RPMS/cantor.repomd.xml.key
+enabled=0
+
diff --git a/container_files/shibboleth/shibd.logger b/container_files/shibboleth/shibd.logger
new file mode 100644
index 0000000..41300f2
--- /dev/null
+++ b/container_files/shibboleth/shibd.logger
@@ -0,0 +1,63 @@
+# set overall behavior
+log4j.rootCategory=INFO, shibd_log, warn_log
+
+# fairly verbose for DEBUG, so generally leave at INFO
+log4j.category.XMLTooling.XMLObject=INFO
+log4j.category.XMLTooling.KeyInfoResolver=INFO
+log4j.category.Shibboleth.IPRange=INFO
+log4j.category.Shibboleth.PropertySet=INFO
+
+# raise for low-level tracing of SOAP client HTTP/SSL behavior
+log4j.category.XMLTooling.libcurl=INFO
+
+# useful categories to tune independently:
+#
+# tracing of SAML messages and security policies
+#log4j.category.OpenSAML.MessageDecoder=DEBUG
+#log4j.category.OpenSAML.MessageEncoder=DEBUG
+#log4j.category.OpenSAML.SecurityPolicyRule=DEBUG
+#log4j.category.XMLTooling.SOAPClient=DEBUG
+# interprocess message remoting
+#log4j.category.Shibboleth.Listener=DEBUG
+# mapping of requests to applicationId
+#log4j.category.Shibboleth.RequestMapper=DEBUG
+# high level session cache operations
+#log4j.category.Shibboleth.SessionCache=DEBUG
+# persistent storage and caching
+#log4j.category.XMLTooling.StorageService=DEBUG
+
+# logs XML being signed or verified if set to DEBUG
+log4j.category.XMLTooling.Signature.Debugger=INFO, sig_log
+log4j.additivity.XMLTooling.Signature.Debugger=false
+
+# the tran log blocks the "default" appender(s) at runtime
+# Level should be left at INFO for this category
+log4j.category.Shibboleth-TRANSACTION=INFO, tran_log
+log4j.additivity.Shibboleth-TRANSACTION=false
+# uncomment to suppress particular event types
+#log4j.category.Shibboleth-TRANSACTION.AuthnRequest=WARN
+#log4j.category.Shibboleth-TRANSACTION.Login=WARN
+#log4j.category.Shibboleth-TRANSACTION.Logout=WARN
+
+# define the appenders
+
+log4j.appender.shibd_log=org.apache.log4j.FileAppender
+log4j.appender.shibd_log.fileName=/tmp/logpipe
+log4j.appender.shibd_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.shibd_log.layout.ConversionPattern=shibd;shibd.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+
+log4j.appender.warn_log=org.apache.log4j.FileAppender
+log4j.appender.warn_log.fileName=/tmp/logpipe
+log4j.appender.warn_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.warn_log.layout.ConversionPattern=shibd;shibd_warn.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+log4j.appender.warn_log.threshold=WARN
+
+log4j.appender.tran_log=org.apache.log4j.FileAppender
+log4j.appender.tran_log.fileName=/tmp/logpipe
+log4j.appender.tran_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.tran_log.layout.ConversionPattern=shibd;transaction.log;${ENV};${USERTOKEN};%d{%Y-%m-%d %H:%M:%S} %p %c %x: %m%n
+
+log4j.appender.sig_log=org.apache.log4j.FileAppender
+log4j.appender.sig_log.fileName=/tmp/logpipe
+log4j.appender.sig_log.layout=org.apache.log4j.PatternLayout
+log4j.appender.sig_log.layout.ConversionPattern=shibd;signature.log${ENV};${USERTOKEN};%m
diff --git a/container_files/system/docker-comanage-entrypoint b/container_files/system/docker-comanage-entrypoint
new file mode 100755
index 0000000..6191e13
--- /dev/null
+++ b/container_files/system/docker-comanage-entrypoint
@@ -0,0 +1,350 @@
+#!/bin/bash
+
+# COmanage Registry Dockerfile entrypoint
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if [ -n "$COMANAGE_DEBUG" ]
+then
+ OUTPUT=/dev/stdout
+else
+ OUTPUT=/dev/null
+fi
+
+# Configuration details that may be injected through environment
+# variables or the contents of files.
+
+injectable_config_vars=(
+ COMANAGE_REGISTRY_DATASOURCE
+ COMANAGE_REGISTRY_DATABASE
+ COMANAGE_REGISTRY_DATABASE_HOST
+ COMANAGE_REGISTRY_DATABASE_USER
+ COMANAGE_REGISTRY_DATABASE_USER_PASSWORD
+ COMANAGE_REGISTRY_EMAIL_FROM
+ COMANAGE_REGISTRY_EMAIL_TRANSPORT
+ COMANAGE_REGISTRY_EMAIL_HOST
+ COMANAGE_REGISTRY_EMAIL_PORT
+ COMANAGE_REGISTRY_EMAIL_ACCOUNT
+ COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD
+ COMANAGE_REGISTRY_SECURITY_SALT
+ COMANAGE_REGISTRY_SECURITY_SEED
+ ENV
+ HTTPS_CERT_FILE
+ HTTPS_PRIVKEY_FILE
+ SERVER_NAME
+ USERTOKEN
+)
+
+# If the file associated with a configuration variable is present then
+# read the value from it into the appropriate variable. So for example
+# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
+# value points to a file on the file system then read the contents
+# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.
+
+for config_var in "${injectable_config_vars[@]}"
+do
+ eval file_name=\$"${config_var}_FILE";
+
+ if [ -e "$file_name" ]; then
+ declare "${config_var}"=`cat $file_name`
+ fi
+done
+
+# Make sure the directory structure we need is available
+# in the data volume for $COMANAGE_REGISTRY_DIR/local
+mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config"
+mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin"
+mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public"
+mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img"
+
+# If the COmanage Registry database configuration file does not exist
+# then try to create it from injected information with reasonable defaults
+# that aid simple evaluation deployments.
+if [ ! -e "$COMANAGE_REGISTRY_DIR/local/Config/database.php" ]; then
+ cat > "$COMANAGE_REGISTRY_DIR/local/Config/database.php" < '${COMANAGE_REGISTRY_DATASOURCE:-Database/Mysql}',
+ 'persistent' => false,
+ 'host' => '${COMANAGE_REGISTRY_DATABASE_HOST:-comanage-registry-database}',
+ 'login' => '${COMANAGE_REGISTRY_DATABASE_USER:-registry_user}',
+ 'password' => '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD:-password}',
+ 'database' => '${COMANAGE_REGISTRY_DATABASE:-registry}',
+ 'prefix' => 'cm_',
+ );
+
+}
+EOF
+fi
+
+# If the COmanage Registry email configuration file does not exist
+# then try to create it from injected information with reasonable defaults
+# that aid simple evaluation deployments.
+email_config="$COMANAGE_REGISTRY_DIR/local/Config/email.php"
+
+if [ ! -e "$email_config" ]; then
+ # If the deployer has injected an email for from then use it,
+ # otherwise set a default purely as a template that can edited
+ # easier later.
+ if [ -n "$COMANAGE_REGISTRY_EMAIL_FROM" ]; then
+ email_from="$COMANAGE_REGISTRY_EMAIL_FROM"
+ else
+ email_from="array('account@gmail.com' => 'Registry')"
+ fi
+
+ # If the injected email from does not include a single quote (')
+ # then add them to make it a PHP string.
+ if [[ ! $email_from =~ .*"'".* ]]; then
+ email_from="'$email_from'"
+ fi
+
+ cat > "$email_config" < $email_from,
+ 'transport' => '${COMANAGE_REGISTRY_EMAIL_TRANSPORT:-Smtp}',
+ 'host' => '${COMANAGE_REGISTRY_EMAIL_HOST:-tls://smtp.gmail.com}',
+ 'port' => ${COMANAGE_REGISTRY_EMAIL_PORT:-465},
+EOF
+
+ # If the deployer has injected a username then add it to the configuration.
+ if [ -n "$COMANAGE_REGISTRY_EMAIL_ACCOUNT" ]; then
+ cat >> "$email_config" < '$COMANAGE_REGISTRY_EMAIL_ACCOUNT',
+EOF
+ fi
+
+ # If the deployer has injected a password then add it to the configuration.
+ if [ -n "$COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD" ]; then
+ cat >> "$email_config" < '$COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD',
+EOF
+ fi
+
+ # Complete the PHP array.
+ cat >> "$email_config" < $DATABASE_TEST_SCRIPT <<"EOF"
+error("Unable to connect to datasource");
+ }
+ $this->out("Connected to datasource");
+ }
+}
+EOF
+
+pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
+
+until ./Console/cake databaseTest > "$OUTPUT" 2>&1; do
+ >&2 echo "Database is unavailable - sleeping"
+ sleep 1
+done
+
+rm -f "$DATABASE_TEST_SCRIPT"
+
+popd > "$OUTPUT" 2>&1
+
+# We only want to run the setup script once since it creates
+# state in the database. Until COmanage Registry has a better
+# mechanism for telling us if setup has already been run
+# we create an ephemeral CakePHP script to tell us.
+SETUP_ALREADY_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/SetupAlreadyShell.php"
+
+cat > $SETUP_ALREADY_SCRIPT <<"EOF"
+Co->find('first', $args);
+ } catch (CakeException $e) {
+ $this->out('Not setup already');
+ }
+
+ if(empty($co)) {
+ $this->out('Not setup already');
+ } else {
+ $this->error('Setup already');
+ }
+ }
+}
+EOF
+
+pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
+./Console/cake setupAlready > "$OUTPUT" 2>&1
+setup_already=$?
+
+rm -f "$SETUP_ALREADY_SCRIPT"
+
+if [ $setup_already -eq 0 ]; then
+ rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" > "$OUTPUT" 2>&1
+ rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" > "$OUTPUT" 2>&1
+ # Run database twice until issue on develop branch is resolved. Since
+ # the command is idempotent normally it is not a problem to have it run
+ # more than once.
+ ./Console/cake database > "$OUTPUT" 2>&1 && \
+ ./Console/cake database > "$OUTPUT" 2>&1 && \
+ ./Console/cake setup --admin-given-name "${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}" \
+ --admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \
+ --admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \
+ --enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > "$OUTPUT" 2>&1
+ AUTO_GENERATED_SECURITY=1
+fi
+
+popd > "$OUTPUT" 2>&1
+
+# If COmanage Registry CakePHP security salt and seed have been
+# injected and the files do not otherwise exist create them.
+if [[ -n "$COMANAGE_REGISTRY_SECURITY_SALT" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" ) ]]; then
+ echo "$COMANAGE_REGISTRY_SECURITY_SALT" > "$COMANAGE_REGISTRY_DIR/local/Config/security.salt"
+fi
+
+if [[ -n "$COMANAGE_REGISTRY_SECURITY_SEED" && ( -n "$AUTO_GENERATED_SECURITY" || ! -e "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" ) ]]; then
+ echo "$COMANAGE_REGISTRY_SECURITY_SEED" > "$COMANAGE_REGISTRY_DIR/local/Config/security.seed"
+fi
+
+# We always run upgradeVersion since it will not make any changes
+# if the current and target versions are the same or if
+# an upgrade from the current to the target version is not allowed.
+pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
+
+./Console/cake upgradeVersion "${COMANAGE_REGISTRY_UPGRADE_VERSION_OPTS}" > "$OUTPUT" 2>&1
+
+popd > "$OUTPUT" 2>&1
+
+# Force a datbase update if requested. This is helpful when deploying
+# a new version of the code that does not result in a change in the
+# version number and so upgradeVersion does not fire. An example
+# of this scenario is when new code is introduced in the develop
+# branch but before a release happens.
+if [ -n "$COMANAGE_REGISTRY_DATABASE_SCHEMA_FORCE" ]; then
+ echo "Forcing a database schema update..." > "$OUTPUT" 2>&1
+ pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
+ ./Console/cake database > "$OUTPUT" 2>&1
+ popd > "$OUTPUT" 2>&1
+fi
+
+# Enable any supported non-core plugins if requested.
+if [ -n "$COMANAGE_REGISTRY_ENABLE_PLUGIN" ]; then
+ plugins=(`echo "$COMANAGE_REGISTRY_ENABLE_PLUGIN" | sed -e 's@,@ @'`) > "$OUTPUT" 2>&1
+ for plugin in "${plugins[@]}";
+ do
+ echo "Enabling available plugin $plugin..." > "$OUTPUT" 2>&1
+ pushd "$COMANAGE_REGISTRY_DIR/local/Plugin" > "$OUTPUT" 2>&1
+ ln -s "../../app/AvailablePlugin/$plugin" "$plugin" > "$OUTPUT" 2>&1
+ popd > "$OUTPUT" 2>&1
+ pushd "$COMANAGE_REGISTRY_DIR/app" > "$OUTPUT" 2>&1
+ ./Console/cake database > "$OUTPUT" 2>&1
+ popd > "$OUTPUT" 2>&1
+ done
+fi
+
+# Remove any cache files generated thus far.
+find "$COMANAGE_REGISTRY_DIR/app/tmp/cache" -type f -exec rm -f {} \;
+
+# If defined use configured location of Apache HTTP Server
+# HTTPS certificate and key files. The certificate file may also
+# include intermediate CA certificates, sorted from leaf to root.
+if [ -n "$HTTPS_CERT_FILE" ]; then
+ rm -f /etc/httpd/cert.pem
+ cp "$HTTPS_CERT_FILE" /etc/httpd/cert.pem
+ chown apache /etc/httpd/cert.pem
+ chmod 0644 /etc/httpd/cert.pem
+fi
+
+if [ -n "$HTTPS_PRIVKEY_FILE" ]; then
+ rm -f /etc/httpd/privkey.pem
+ cp "$HTTPS_PRIVKEY_FILE" /etc/httpd/privkey.pem
+ chown apache /etc/httpd/privkey.pem
+ chmod 0600 /etc/httpd/privkey.pem
+fi
+
+# If SERVER_NAME has not been injected try to determine
+# it from the HTTPS_CERT_FILE.
+if [ -z "$SERVER_NAME" ]; then
+ SERVER_NAME=`openssl x509 -in /etc/httpd/cert.pem -text -noout | sed -n '/X509v3 Subject Alternative Name:/ {n;p}' | sed -E 's/.*DNS:(.*)\s*$/\1/'`
+ if [ -z "$SERVER_NAME" ]; then
+ SERVER_NAME=`openssl x509 -in /etc/httpd/cert.pem -subject -noout | sed -E 's/subject=.*CN=(.*)\s*/\1/'`
+ fi
+fi
+
+# Configure Apache HTTP Server with the server name.
+sed -i -e s@%%SERVER_NAME%%@"${SERVER_NAME:-unknown}"@g /etc/httpd/conf.d/000-comanage.conf
+
+# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
+if [[ $ENV =~ .*";".* ]]; then
+ ENV=`echo $ENV | tr -d ';'`
+ export ENV
+fi
+
+if [[ $USERTOKEN =~ .*";".* ]]; then
+ USERTOKEN=`echo $USERTOKEN | tr -d ';'`
+ export USERTOKEN
+fi
+
+# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
+if [[ $ENV =~ [[:space:]] ]]; then
+ ENV=`echo $ENV | tr -d [:space:]`
+ export ENV
+fi
+
+if [[ $USERTOKEN =~ [[:space:]] ]]; then
+ USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
+ export USERTOKEN
+fi
+
+# Create pipes to use for COmanage Registry instead of standard log files.
+rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1
+rm -f "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1
+mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" > "$OUTPUT" 2>&1
+mkfifo -m 666 "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" > "$OUTPUT" 2>&1
+
+# Format any output from COmanange Registry into standard TIER form.
+(cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/error.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;error.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
+(cat <> "$COMANAGE_REGISTRY_DIR/app/tmp/logs/debug.log" | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "comanage_registry;debug.log;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe)&
+
+# Start Apache HTTP Server
+exec /usr/sbin/httpd -DFOREGROUND
diff --git a/container_files/system/docker-comanage-shibboleth-sp-entrypoint b/container_files/system/docker-comanage-shibboleth-sp-entrypoint
new file mode 100755
index 0000000..11527b8
--- /dev/null
+++ b/container_files/system/docker-comanage-shibboleth-sp-entrypoint
@@ -0,0 +1,127 @@
+#!/bin/bash
+
+# COmanage Registry Shibboleth SP Dockerfile entrypoint
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if [ -n "$COMANAGE_DEBUG" ]
+then
+ OUTPUT=/dev/stdout
+else
+ OUTPUT=/dev/null
+fi
+
+# Configuration details that may be injected through environment
+# variables or the contents of files.
+#
+# SHIBBOLETH_SP_METADATA_PROVIDER_XML may also be injected in the
+# same way but because of the presence of special characters in the
+# XML it is handled differently.
+
+injectable_config_vars=(
+ SHIBBOLETH_SP_ENTITY_ID
+ SHIBBOLETH_SP_CERT
+ SHIBBOLETH_SP_PRIVKEY
+ SHIBBOLETH_SP_SAMLDS_URL
+)
+
+# If the file associated with a configuration variable is present then
+# read the value from it into the appropriate variable. So for example
+# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
+# value points to a file on the file system then read the contents
+# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.
+
+for config_var in "${injectable_config_vars[@]}"
+do
+ eval file_name=\$"${config_var}_FILE";
+
+ if [ -e "$file_name" ]; then
+ payload=`cat $file_name`
+ declare "${config_var}"="${payload}"
+ fi
+done
+
+# If no shibboleth2.xml file is present then create one using
+# injected information or defaults that are not particularly
+# useful in a federated context but will allow shibd to start.
+if [ ! -e /etc/shibboleth/shibboleth2.xml ]; then
+ cp /etc/shibboleth/shibboleth2.xml.template /etc/shibboleth/shibboleth2.xml
+ sed -i -e s@%%SHIBBOLETH_SP_ENTITY_ID%%@"${SHIBBOLETH_SP_ENTITY_ID:-https://comanage.registry/shibboleth}"@ /etc/shibboleth/shibboleth2.xml
+ sed -i -e s@%%SHIBBOLETH_SP_SAMLDS_URL%%@"${SHIBBOLETH_SP_SAMLDS_URL:-https://localhost/registry/pages/eds/index}"@ /etc/shibboleth/shibboleth2.xml
+
+ # The metadata provider injected input most likely contains special characters
+ # so use a sed script instead of simple substitution on the command line.
+
+ if [ -n "$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE" ]; then
+ xml_content_file="$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE"
+ else
+ xml_content_file=`/bin/mktemp`
+ echo ${SHIBBOLETH_SP_METADATA_PROVIDER_XML:-} > ${xml_content_file}
+ fi
+
+ sed_script_file=`/bin/mktemp`
+ cat > ${sed_script_file}< "$OUTPUT" 2>&1
+mkfifo -m 666 /tmp/logpipe > "$OUTPUT" 2>&1
+cat <> /tmp/logpipe &
+
+# Format any console output from httpd into standard TIER form.
+rm -f /tmp/loghttpd > "$OUTPUT" 2>&1
+mkfifo -m 666 /tmp/loghttpd > "$OUTPUT" 2>&1
+(cat <> /tmp/loghttpd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
+
+# Format any console output from shibd into standard TIER form.
+rm -f /tmp/logshibd > "$OUTPUT" 2>&1
+mkfifo -m 666 /tmp/logshibd > "$OUTPUT" 2>&1
+(cat <> /tmp/logshibd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "httpd;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
+
+# Format any console output from supervisord into standard TIER form.
+rm -f /tmp/logsuperd > "$OUTPUT" 2>&1
+mkfifo -m 666 /tmp/logsuperd > "$OUTPUT" 2>&1
+(cat <> /tmp/logsuperd | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "supervisord;console;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
+
+# Format any output from cron into standard TIER form.
+rm -f /var/log/cron > "$OUTPUT" 2>&1
+rm -f /tmp/logcrond > "$OUTPUT" 2>&1
+mkfifo -m 666 /tmp/logcrond > "$OUTPUT" 2>&1
+ln -s /tmp/logcrond /var/log/cron > "$OUTPUT" 2>&1
+(cat <> /tmp/logcrond | awk -v ENV="$ENV" -v UT="$USERTOKEN" '{printf "crond;cron;%s;%s;%s\n", ENV, UT, $0; fflush()}' 1>/tmp/logpipe 2>&1)&
+
+# Close stdout and stderr for this process since supervisord will write
+# to its logfile and its children are configured to write to different
+# pipes.
+exec 1<&-
+exec 2<&-
+
+# Start supervisord
+exec /usr/bin/supervisord -c /usr/local/etc/supervisord.conf
diff --git a/container_files/system/sendtierbeacon.sh b/container_files/system/sendtierbeacon.sh
new file mode 100755
index 0000000..63e27f9
--- /dev/null
+++ b/container_files/system/sendtierbeacon.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+# COmanage Regsitry script to send TIER beacon
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOGHOST="collector.testbed.tier.internet2.edu"
+LOGPORT="5001"
+
+messagefile="/tmp/beaconmsg"
+
+if [ -z "$TIER_BEACON_OPT_OUT" ]; then
+ cat > $messagefile </dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; TIER beacon sent"
+ else
+ echo "tier_beacon;none;$ENV;$USERTOKEN;"`date`"; Failed to send TIER beacon"
+ fi
+
+ rm -f $messagefile 1>/dev/null 2>&1
+
+fi
diff --git a/container_files/system/setupcron.sh b/container_files/system/setupcron.sh
new file mode 100755
index 0000000..3f45f05
--- /dev/null
+++ b/container_files/system/setupcron.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# COmanage Registry shell script to install TIER beacon crontab
+#
+# Portions licensed to the University Corporation for Advanced Internet
+# Development, Inc. ("UCAID") under one or more contributor license agreements.
+# See the NOTICE file distributed with this work for additional information
+# regarding copyright ownership.
+#
+# UCAID licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+CRONFILE=/tmp/cronfile
+
+# Build and install crontab file with random start time
+# between midnight and 3:59am.
+echo "#send daily beacon to TIER Central" > ${CRONFILE}
+echo $(expr $RANDOM % 59) $(expr $RANDOM % 3) "* * * /usr/local/bin/sendtierbeacon.sh >> /tmp/logpipe 2>&1" >> ${CRONFILE}
+chmod 644 ${CRONFILE}
+crontab ${CRONFILE}
diff --git a/container_files/system/supervisord.conf b/container_files/system/supervisord.conf
new file mode 100644
index 0000000..6130af4
--- /dev/null
+++ b/container_files/system/supervisord.conf
@@ -0,0 +1,45 @@
+; COmanage Registry Docker supervisord configuration
+;
+; Portions licensed to the University Corporation for Advanced Internet
+; Development, Inc. ("UCAID") under one or more contributor license agreements.
+; See the NOTICE file distributed with this work for additional information
+; regarding copyright ownership.
+;
+; UCAID licenses this file to you under the Apache License, Version 2.0
+; (the "License"); you may not use this file except in compliance with the
+; License. You may obtain a copy of the License at:
+;
+; http://www.apache.org/licenses/LICENSE-2.0
+;
+; Unless required by applicable law or agreed to in writing, software
+; distributed under the License is distributed on an "AS IS" BASIS,
+; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+; See the License for the specific language governing permissions and
+; limitations under the License.
+
+[supervisord]
+logfile=/tmp/logsuperd
+logfile_maxbytes=0
+nodaemon=true
+user=root
+
+[program:httpd]
+command=/usr/local/bin/docker-comanage-entrypoint
+stdout_logfile=/tmp/loghttpd
+stdout_logfile_maxbytes=0
+stderr_logfile=/tmp/loghttpd
+stderr_logfile_maxbytes=0
+
+[program:shibd]
+command=/usr/local/bin/docker-comanage-shibboleth-sp-entrypoint
+stdout_logfile=/tmp/logshibd
+stdout_logfile_maxbytes=0
+stderr_logfile=/tmp/logshibd
+stderr_logfile_maxbytes=0
+
+[program:crond]
+command=/usr/sbin/crond -i -m off -n
+stdout_logfile=/tmp/logcrond
+stdout_logfile_maxbytes=0
+stderr_logfile=/tmp/logcrond
+stderr_logfile_maxbytes=0