Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
ShibbIdP_noVM_Windows/Dockerfile
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
160 lines (141 sloc)
9.18 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM microsoft/windowsservercore:latest | |
#settings | |
ENV JAVA_VERSION=8u151 | |
ENV JAVA_BUNDLE_ID=227552_e758a0de34e24606bca991d704f6dcbf | |
ENV JAVA_INSTALL_FOLDER=jre1.8.0_151 | |
ENV JAVA_OPTS=-XX:+UseG1GC\ -Xmx2000m | |
ENV TOMCAT_MAJOR_VERSION=8 | |
ENV TOMCAT_VERSION=8.0.47 | |
ENV CATALINA_HOME=c:\\Tomcat | |
ENV IDP_VERSION=3.3.2.0 | |
### | |
ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER | |
ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER | |
RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) | |
ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi | |
##install Java | |
RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe') | |
RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq '4378d712c510930d066bfa256b24e07dfea5ed31aa514afb7c7dd72fcce9bb68') { ` \ | |
start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \ | |
} Else { throw 'bad hash comparison on Java download' } | |
RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe | |
##install Java Cryptography Extensions | |
RUN powershell ` \ | |
$ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \ | |
$c = New-Object System.Net.Cookie ; ` \ | |
$c.Name = 'oraclelicense' ; ` \ | |
$c.Value = 'accept-securebackup-cookie' ; ` \ | |
$c.Domain = 'oracle.com' ; ` \ | |
$ws.Cookies.Add($c) ; ` \ | |
Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip' | |
RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \ | |
Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \ | |
copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \ | |
} Else { throw 'bad hash comparison on JCE download' } | |
RUN del c:\jce_policy-8.zip | |
##install Tomcat | |
RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') | |
RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA1).Hash.ToLower() -eq '51d81b52d595a4d575bbe89ef4fa137e9367a080') { ` \ | |
start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist "/S,/D=C:\Tomcat" ` \ | |
} Else { throw 'bad hash comparison on Tomcat download' } | |
RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe | |
#copy temp SSL cert for tomcat in c:\sslcert | |
COPY keystore.jks c:\\sslcert\\keystore.jks | |
#copy temp tomcat config file (listening on 443, cert at c:\sslcert\keystore.jks | |
COPY server.xml c:\\Tomcat\\conf\\server.xml | |
#cleanup tomcat install | |
RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF | |
##install Shibb | |
RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi') | |
RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq 'fca024981da85a77c8389563d584230593f5d399') { ` \ | |
start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \ | |
} Else { throw 'bad hash comparison on IdP download' } | |
RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi | |
#link IdP's war file to Tomcat | |
RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war | |
#copy TIER beacon script | |
RUN mkdir c:\util | |
RUN mkdir c:\opt\certs | |
COPY sendtierbeacon.ps1 c:\\util | |
#schedule script to run (at random time) | |
#RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm" | |
#The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround | |
COPY TIER_Beacon_Task.xml c:\TIER_Beacon_Task.xml | |
RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm | |
RUN del c:\TIER_Beacon_Task.xml | |
############################################################################## | |
############################################### | |
### Settings for a mounted config (default) ### | |
############################################### | |
# | |
# for Windows containers, the directories below (in the VOLUME stmt) **must** be empty or non-existent | |
# therefore, the use a mounted config on windows, those directories must be cleared first | |
# | |
# need to ensure directories below are empty or non-existent (required by Windows) | |
# This should do it (via a rename, due to bugs doing deletes): | |
# (for mounted config, uncomment remaining lines in this section) | |
#RUN powershell $paths='c:\Tomcat\conf','c:\Tomcat\webapps\ROOT','c:\Tomcat\logs','c:\sslcert','c:\opt\shibboleth-idp\conf','c:\opt\shibboleth-idp\credentials','c:\opt\shibboleth-idp\views','c:\opt\shibboleth-idp\edit-webapp','c:\opt\shibboleth-idp\messages','c:\opt\shibboleth-idp\metadata','c:\opt\shibboleth-idp\logs' ; \ | |
# Foreach ($path IN $paths) {Rename-Item -Path $path -NewName ((Split-Path $path -leaf) + '.dist') -Force} | |
# | |
#VOLUME ["c:/Tomcat/conf", \ | |
# "c:/Tomcat/webapps/ROOT", \ | |
# "c:/Tomcat/logs", \ | |
# "c:/sslcert", \ | |
# "c:/opt/shibboleth-idp/conf", \ | |
# "c:/opt/shibboleth-idp/credentials", \ | |
# "c:/opt/shibboleth-idp/views", \ | |
# "c:/opt/shibboleth-idp/edit-webapp", \ | |
# "c:/opt/shibboleth-idp/messages", \ | |
# "c:/opt/shibboleth-idp/metadata", \ | |
# "c:/opt/shibboleth-idp/logs"] | |
# | |
############################################################################# | |
################################################# | |
### Settings for a burned-in config (default) ### | |
################################################# | |
# Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below. | |
# They represent the folder names/paths on your build host of the relevant config material needed to run the container. You can also specify these | |
# with --build-arg in your 'docker build' command. | |
ARG TOMCFG=config\\tomcat | |
ARG TOMLOG=logs\\tomcat | |
ARG TOMCERT=credentials\\tomcat | |
ARG TOMWWWROOT=wwwroot | |
ARG SHBCFG=config\\shib-idp\\conf | |
ARG SHBCREDS=credentials\\shib-idp | |
ARG SHBVIEWS=config\\shib-idp\\views | |
ARG SHBEDWAPP=config\\shib-idp\\edit-webapp | |
ARG SHBMSGS=config\\shib-idp\\messages | |
ARG SHBMD=config\\shib-idp\\metadata | |
ARG SHBLOG=logs\\shib-idp | |
# Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up) | |
# | |
# consider not doing the one volume below (which maps the IdP's logs folder to a local folder) as it creates a run-time | |
# dependency and a better solution might be to use syslog from the container | |
# VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"] | |
# | |
ADD $TOMCFG c:\\Tomcat\\conf | |
ADD $TOMCERT c:\\sslcert | |
ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT | |
ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf | |
ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials | |
ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views | |
ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp | |
ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages | |
ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata | |
# | |
############################################################################### | |
# remove existing files from the installer so that secrets can propagate | |
RUN del c:\opt\shibboleth-idp\conf\idp.properties | |
RUN del c:\opt\shibboleth-idp\conf\ldap.properties | |
RUN del c:\opt\shibboleth-idp\conf\relying-party.xml | |
RUN del c:\opt\shibboleth-idp\conf\attribute-filter.xml | |
RUN del c:\opt\shibboleth-idp\conf\attribute-resolver.xml | |
RUN del c:\opt\shibboleth-idp\conf\metadata-providers.xml | |
RUN del c:\opt\shibboleth-idp\credentials\idp-signing.key | |
RUN del c:\opt\shibboleth-idp\credentials\idp-signing.crt | |
RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.key | |
RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.crt | |
RUN del c:\opt\shibboleth-idp\credentials\sealer.jks | |
RUN del c:\opt\shibboleth-idp\credentials\sealer.kver | |
EXPOSE 443 | |
CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ] | |