Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
ShibbIdP_noVM_Windows/Dockerfile
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
168 lines (144 sloc)
10.3 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM mcr.microsoft.com/windows/servercore:ltsc2016 | |
| #settings | |
| ENV JAVA_OPTS='-Xmx3000m' | |
| ENV TOMCAT_MAJOR_VERSION=9 | |
| ENV TOMCAT_VERSION=9.0.30 | |
| ENV CATALINA_HOME=c:\\Tomcat | |
| ENV IDP_VERSION=3.4.6 | |
| ENV TIERVERSION=20200109 | |
| ### JAVA ### | |
| # | |
| ##below are settings for Corretto Java | |
| ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_232' | |
| ENV CORRETTO_URL_PERM='https://corretto.aws/downloads/latest/amazon-corretto-8-x64-windows-jdk.msi' | |
| ENV CORRETTO_INSTALL_FILE='amazon-corretto-8-x64-windows-jdk.msi' | |
| ##below is for Zulu Java | |
| #ENV JAVA_HOME='c:\zulujava\zulu-8\' | |
| #ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi | |
| ##below is for Oracle Java | |
| #ENV JAVA_VERSION=8u171 | |
| #ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 | |
| #ENV JAVA_INSTALL_FOLDER=jre1.8.0_171 | |
| #ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER | |
| RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) | |
| ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi | |
| ###install Corretto Java | |
| RUN powershell (new-object System.Net.WebClient).Downloadfile('%CORRETTO_URL_PERM%', 'C:\%CORRETTO_INSTALL_FILE%') | |
| RUN powershell If ((Get-FileHash C:\%CORRETTO_INSTALL_FILE% -Algorithm MD5).Hash.ToLower() -eq '620ee139aac5f05ab404006b5e33378f') { ` \ | |
| start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%CORRETTO_INSTALL_FILE%','/qn' ` \ | |
| } Else { throw 'bad hash comparison on Corretto Java download' } | |
| RUN del C:\%CORRETTO_INSTALL_FILE% | |
| ###install Zulu Java | |
| #RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') | |
| #RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'cf7825107dd71cd9a6455c2855838966') { ` \ | |
| # start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ | |
| # } Else { throw 'bad hash comparison on Zulu Java download' } | |
| #RUN del C:\%JAVA_INSTALL_FILENAME% | |
| ##install Oracle Java | |
| #RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe') | |
| #RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq 'd5256b3d1a6da959ea98ea2a2be3a05a7df9d1a5cd75db3930f935ab71ce43b8') { ` \ | |
| # start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \ | |
| # } Else { throw 'bad hash comparison on Java download' } | |
| #RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe | |
| ##install Oracle Java Cryptography Extensions | |
| #RUN powershell ` \ | |
| # $ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \ | |
| # $c = New-Object System.Net.Cookie ; ` \ | |
| # $c.Name = 'oraclelicense' ; ` \ | |
| # $c.Value = 'accept-securebackup-cookie' ; ` \ | |
| # $c.Domain = 'oracle.com' ; ` \ | |
| # $ws.Cookies.Add($c) ; ` \ | |
| # Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip' | |
| #RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \ | |
| # Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \ | |
| # copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \ | |
| # } Else { throw 'bad hash comparison on JCE download' } | |
| #RUN del c:\jce_policy-8.zip | |
| ##install Tomcat | |
| COPY container_files/config.ini c:\\config.ini | |
| RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') | |
| RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ | |
| '07356fd3c8e57437f5b6e1afc3cc7ea6d62f7855095b5c99dfda54b86298a5fa078d29bda3e939b87a89e4565b8a68d01590da18051ea76bb472e5dc8034f653') ` \ | |
| { ` \ | |
| start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ | |
| } Else { throw 'bad hash comparison on Tomcat download' } | |
| RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe | |
| #copy temp SSL cert for tomcat in c:\sslcert | |
| COPY container_files/keystore.jks c:\\sslcert\\keystore.jks | |
| #copy temp tomcat config file (listening on 443, cert at c:\sslcert\keystore.jks | |
| COPY container_files/server.xml c:\\Tomcat\\conf\\server.xml | |
| #cleanup tomcat install | |
| RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF | |
| ##install Shibb | |
| RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi') | |
| RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '5fde8b86acfa8fafb92b94a7dcddc5ba5ce24e34') { ` \ | |
| start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \ | |
| } Else { throw 'bad hash comparison on IdP download' } | |
| RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi | |
| ##add JSTL | |
| ADD https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar c:\\opt\\shibboleth-idp\\edit-webapp\\WEB-INF\\lib\\jstl-1.2.jar | |
| RUN C:/opt/shibboleth-idp/bin/build.bat -noinput -S -q -Didp.target.dir=c:/opt/shibboleth-idp | |
| #link IdP's war file to Tomcat | |
| RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war | |
| #copy TIER beacon script | |
| RUN mkdir c:\util | |
| RUN mkdir c:\opt\certs | |
| COPY container_files/sendtierbeacon.ps1 c:\\util | |
| #schedule script to run (at random time) | |
| #RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm" | |
| #The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround | |
| COPY container_files/TIER_Beacon_Task.xml c:\\TIER_Beacon_Task.xml | |
| RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm | |
| RUN del c:\TIER_Beacon_Task.xml | |
| ################################################# | |
| ### Settings for a burned-in config (default) ### | |
| ################################################# | |
| # Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below. | |
| # They represent the folder names/paths on your build host of the relevant config material needed to run the container. You can also specify these | |
| # with --build-arg in your 'docker build' command. | |
| #ARG TOMCFG=config\\tomcat | |
| #ARG TOMLOG=logs\\tomcat | |
| #ARG TOMCERT=credentials\\tomcat | |
| #ARG TOMWWWROOT=wwwroot | |
| #ARG SHBCFG=config\\shib-idp\\conf | |
| #ARG SHBCREDS=credentials\\shib-idp | |
| #ARG SHBVIEWS=config\\shib-idp\\views | |
| #ARG SHBEDWAPP=config\\shib-idp\\edit-webapp | |
| #ARG SHBMSGS=config\\shib-idp\\messages | |
| #ARG SHBMD=config\\shib-idp\\metadata | |
| #ARG SHBLOG=logs\\shib-idp | |
| # Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up) | |
| # | |
| # consider not doing the one volume below (which maps the IdP's logs folder to a local folder) as it creates a run-time | |
| # dependency and a better solution might be to use syslog from the container | |
| # VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"] | |
| # | |
| #ADD $TOMCFG c:\\Tomcat\\conf | |
| #ADD $TOMCERT c:\\sslcert | |
| #ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT | |
| #ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf | |
| #ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials | |
| #ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views | |
| #ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp | |
| #ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages | |
| #ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata | |
| # | |
| ############################################################################### | |
| # remove existing files from the installer so that secrets can propagate (UNCOMMENT if you are using secrets) | |
| #!# RUN del c:\opt\shibboleth-idp\conf\idp.properties | |
| #!# RUN del c:\opt\shibboleth-idp\conf\ldap.properties | |
| #!# RUN del c:\opt\shibboleth-idp\conf\relying-party.xml | |
| #!# RUN del c:\opt\shibboleth-idp\conf\attribute-filter.xml | |
| #!# RUN del c:\opt\shibboleth-idp\conf\attribute-resolver.xml | |
| #!# RUN del c:\opt\shibboleth-idp\conf\metadata-providers.xml | |
| #!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.key | |
| #!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.crt | |
| #!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.key | |
| #!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.crt | |
| #!# RUN del c:\opt\shibboleth-idp\credentials\sealer.jks | |
| #!# RUN del c:\opt\shibboleth-idp\credentials\sealer.kver | |
| #establish a healthcheck command so that docker might know the container's true state | |
| HEALTHCHECK --interval=2m --timeout=30s \ | |
| CMD powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (new-object System.Net.WebClient).DownloadString("https://127.0.0.1/idp/status") | |
| EXPOSE 443 | |
| CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ] |