From efaa5361e9003e859ac5e74a745d04ae9192764c Mon Sep 17 00:00:00 2001 From: villadalmine Date: Mon, 12 Sep 2016 16:02:12 -0300 Subject: [PATCH] Added httpd structure --- Dockerfile | 14 ++++++++++- container_files/bin/configure_httpd.sh | 15 ++++++++++- .../etc/httpd/conf.d/handlers.conf | 3 +++ container_files/etc/httpd/conf.d/ports.conf | 2 ++ container_files/etc/httpd/conf.d/ssl.conf | 6 +++++ .../{comanage.conf => virtual_host_443.conf} | 25 +------------------ .../etc/httpd/conf.d/virtual_host_80.conf | 5 ++++ .../etc/httpd/conf.modules.d/00-shib.conf | 1 + 8 files changed, 45 insertions(+), 26 deletions(-) create mode 100644 container_files/etc/httpd/conf.d/handlers.conf create mode 100644 container_files/etc/httpd/conf.d/ports.conf create mode 100644 container_files/etc/httpd/conf.d/ssl.conf rename container_files/etc/httpd/conf.d/{comanage.conf => virtual_host_443.conf} (76%) create mode 100644 container_files/etc/httpd/conf.d/virtual_host_80.conf create mode 100644 container_files/etc/httpd/conf.modules.d/00-shib.conf diff --git a/Dockerfile b/Dockerfile index 41681b7..99d3044 100644 --- a/Dockerfile +++ b/Dockerfile @@ -94,8 +94,20 @@ VOLUME /opt/shibboleth/ssl/ # Required volumes for mounting Apache SSL files into container VOLUME /opt/httpd/ssl/ +#Added ssl default conf +RUN ln -s /opt/etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf + +#Added shib module apache +RUN ln -s /opt/etc/httpd/conf.modules.d/00-shib.conf /etc/httpd/conf.modules.d/00-shib.conf +RUN ln -s /usr/lib64/shibboleth/mod_shib_24.so /etc/httpd/modules/mod_shib_24.so + +#Add httpd configuration +RUN ln -s /opt/etc/httpd/conf.d/ports.conf /etc/httpd/conf.d/ports.conf +RUN ln -s /opt/etc/httpd/conf.d/handlers.conf /etc/httpd/conf.d/handlers.conf +RUN ln -s /opt/etc/httpd/conf.d/virtual_host_80.conf /etc/httpd/conf.d/00-comanage-80.conf +RUN ln -s /opt/etc/httpd/conf.d/virtual_host_443.conf /etc/httpd/conf.d/00-comanage-443.conf # Port EXPOSE 80 443 -CMD ["/opt/bin/start.sh"] \ No newline at end of file +CMD ["/opt/bin/start.sh"] diff --git a/container_files/bin/configure_httpd.sh b/container_files/bin/configure_httpd.sh index d94aafe..4dd980f 100755 --- a/container_files/bin/configure_httpd.sh +++ b/container_files/bin/configure_httpd.sh @@ -1,5 +1,18 @@ #!/bin/bash log="/tmp/httpd.log" +date >> $log +echo "Configuring httpd: " > $log -echo "Configuring httpd: " > $log \ No newline at end of file +echo "Removing Listen 80 in httpd.conf" > $log +sed -i 's/^Listen 80$//' /etc/httpd/conf/httpd.conf + +for i in /usr/lib64/shibboleth/mod_shib_24.so /etc/httpd/modules/mod_shib_24.so /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/handlers.conf /etc/httpd/conf.d/ports.conf /etc/httpd/conf.modules.d/00-shib.conf /etc/httpd/conf.d/00-comanage_80.conf /etc/httpd/conf.d/00-comanage_443.conf + do + if [ -f $i ]; then + echo " $i is configured" >> $log + else + echo "$i is not configured >> $log + fi +date >> $log +echo "Configuration of httpd completed " >> $log diff --git a/container_files/etc/httpd/conf.d/handlers.conf b/container_files/etc/httpd/conf.d/handlers.conf new file mode 100644 index 0000000..e094143 --- /dev/null +++ b/container_files/etc/httpd/conf.d/handlers.conf @@ -0,0 +1,3 @@ +AddType text/html .php +php_value session.save_handler "files" +php_value session.save_path "/var/lib/php/session" diff --git a/container_files/etc/httpd/conf.d/ports.conf b/container_files/etc/httpd/conf.d/ports.conf new file mode 100644 index 0000000..cf2b7d0 --- /dev/null +++ b/container_files/etc/httpd/conf.d/ports.conf @@ -0,0 +1,2 @@ +Listen 80 http +Listen 443 https diff --git a/container_files/etc/httpd/conf.d/ssl.conf b/container_files/etc/httpd/conf.d/ssl.conf new file mode 100644 index 0000000..ccc067c --- /dev/null +++ b/container_files/etc/httpd/conf.d/ssl.conf @@ -0,0 +1,6 @@ +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +SSLCryptoDevice builtin diff --git a/container_files/etc/httpd/conf.d/comanage.conf b/container_files/etc/httpd/conf.d/virtual_host_443.conf similarity index 76% rename from container_files/etc/httpd/conf.d/comanage.conf rename to container_files/etc/httpd/conf.d/virtual_host_443.conf index 0b8e83a..28d17ea 100644 --- a/container_files/etc/httpd/conf.d/comanage.conf +++ b/container_files/etc/httpd/conf.d/virtual_host_443.conf @@ -1,25 +1,3 @@ -Listen 80 http -Listen 443 https - -AddType text/html .php -php_value session.save_handler "files" -php_value session.save_path "/var/lib/php/session" - -LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so - - -ServerName http://COMANAGE_SERVER_FQDN:80 -UseCanonicalName On -RedirectMatch (.*) https://COMANAGE_SERVER_FQDN$1 - - -SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog -SSLSessionCache shmcb:/run/httpd/sslcache(512000) -SSLSessionCacheTimeout 300 -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -SSLCryptoDevice builtin - ServerName https://COMANAGE_SERVER_FQDN:443 UseCanonicalName On @@ -103,5 +81,4 @@ Redirect "/registry/users/logout" "https://COMANAGE_SERVER_FQDN/Shibboleth.sso/L Require all denied - - + diff --git a/container_files/etc/httpd/conf.d/virtual_host_80.conf b/container_files/etc/httpd/conf.d/virtual_host_80.conf new file mode 100644 index 0000000..ffe62ec --- /dev/null +++ b/container_files/etc/httpd/conf.d/virtual_host_80.conf @@ -0,0 +1,5 @@ + +ServerName http://COMANAGE_SERVER_FQDN:80 +UseCanonicalName On +RedirectMatch (.*) https://COMANAGE_SERVER_FQDN$1 + diff --git a/container_files/etc/httpd/conf.modules.d/00-shib.conf b/container_files/etc/httpd/conf.modules.d/00-shib.conf new file mode 100644 index 0000000..0e5c7b2 --- /dev/null +++ b/container_files/etc/httpd/conf.modules.d/00-shib.conf @@ -0,0 +1 @@ +LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so