Skip to content
Permalink
fceab79784
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

ShibbIdP_noVM_Windows/Dockerfile

Go to file
 
 
Cannot retrieve contributors at this time
147 lines (128 sloc) 8.92 KB
Raw Blame
FROM microsoft/windowsservercore:latest
#settings
#ENV JAVA_VERSION=8u171
#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8
#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171
ENV JAVA_OPTS='-Xmx3000m'
ENV TOMCAT_MAJOR_VERSION=9
ENV TOMCAT_VERSION=9.0.10
ENV CATALINA_HOME=c:\\Tomcat
ENV IDP_VERSION=3.3.3.1
###
#ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER
#below is for Zulu Java
ENV JAVA_HOME='c:\zulujava\zulu-8\'
ENV JAVA_INSTALL_FILENAME=zulu8.28.0.1-jdk8.0.163-win_x64.msi
#below is for Oracle Java
#ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER
RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine )
ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi
###install Zulu Java
RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%')
RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm SHA256).Hash.ToLower() -eq 'c5854c4c7c45f70715d57856b1fc7fea2e18ebdf31ad032dbd3bdc240af5a8a7') { ` \
start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \
} Else { throw 'bad hash comparison on Zulu Java download' }
RUN del C:\%JAVA_INSTALL_FILENAME%
##install Oracle Java
#RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe')
#RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq 'd5256b3d1a6da959ea98ea2a2be3a05a7df9d1a5cd75db3930f935ab71ce43b8') { ` \
# start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \
# } Else { throw 'bad hash comparison on Java download' }
#RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe
##install Oracle Java Cryptography Extensions
#RUN powershell ` \
# $ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \
# $c = New-Object System.Net.Cookie ; ` \
# $c.Name = 'oraclelicense' ; ` \
# $c.Value = 'accept-securebackup-cookie' ; ` \
# $c.Domain = 'oracle.com' ; ` \
# $ws.Cookies.Add($c) ; ` \
# Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip'
#RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \
# Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \
# copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \
# } Else { throw 'bad hash comparison on JCE download' }
#RUN del c:\jce_policy-8.zip
##install Tomcat
COPY config.ini c:\config.ini
RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe')
RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA1).Hash.ToLower() -eq '9370f560ca2dab41d13300e16571f930cdedc76a') { ` \
start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=C:\Tomcat' ` \
} Else { throw 'bad hash comparison on Tomcat download' }
RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe
#copy temp SSL cert for tomcat in c:\sslcert
COPY keystore.jks c:\\sslcert\\keystore.jks
#copy temp tomcat config file (listening on 443, cert at c:\sslcert\keystore.jks
COPY server.xml c:\\Tomcat\\conf\\server.xml
#cleanup tomcat install
RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF
##install Shibb
RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi')
RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '0268f22f49c1d136d8357597ac4a644c565d7f32') { ` \
start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \
} Else { throw 'bad hash comparison on IdP download' }
RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi
#link IdP's war file to Tomcat
RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war
#copy TIER beacon script
RUN mkdir c:\util
RUN mkdir c:\opt\certs
COPY sendtierbeacon.ps1 c:\\util
#schedule script to run (at random time)
#RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm"
#The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround
COPY TIER_Beacon_Task.xml c:\TIER_Beacon_Task.xml
RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm
RUN del c:\TIER_Beacon_Task.xml
#################################################
### Settings for a burned-in config (default) ###
#################################################
# Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below.
# They represent the folder names/paths on your build host of the relevant config material needed to run the container. You can also specify these
# with --build-arg in your 'docker build' command.
#ARG TOMCFG=config\\tomcat
#ARG TOMLOG=logs\\tomcat
#ARG TOMCERT=credentials\\tomcat
#ARG TOMWWWROOT=wwwroot
#ARG SHBCFG=config\\shib-idp\\conf
#ARG SHBCREDS=credentials\\shib-idp
#ARG SHBVIEWS=config\\shib-idp\\views
#ARG SHBEDWAPP=config\\shib-idp\\edit-webapp
#ARG SHBMSGS=config\\shib-idp\\messages
#ARG SHBMD=config\\shib-idp\\metadata
#ARG SHBLOG=logs\\shib-idp
# Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up)
#
# consider not doing the one volume below (which maps the IdP's logs folder to a local folder) as it creates a run-time
# dependency and a better solution might be to use syslog from the container
# VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"]
#
#ADD $TOMCFG c:\\Tomcat\\conf
#ADD $TOMCERT c:\\sslcert
#ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT
#ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf
#ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials
#ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views
#ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp
#ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages
#ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata
#
###############################################################################
# remove existing files from the installer so that secrets can propagate (UNCOMMENT if you are using secrets)
#!# RUN del c:\opt\shibboleth-idp\conf\idp.properties
#!# RUN del c:\opt\shibboleth-idp\conf\ldap.properties
#!# RUN del c:\opt\shibboleth-idp\conf\relying-party.xml
#!# RUN del c:\opt\shibboleth-idp\conf\attribute-filter.xml
#!# RUN del c:\opt\shibboleth-idp\conf\attribute-resolver.xml
#!# RUN del c:\opt\shibboleth-idp\conf\metadata-providers.xml
#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.key
#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.crt
#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.key
#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.crt
#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.jks
#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.kver
#establish a healthcheck command so that docker might know the container's true state
HEALTHCHECK --interval=2m --timeout=30s \
CMD powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (new-object System.Net.WebClient).DownloadString("https://127.0.0.1/idp/status")
EXPOSE 443
CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ]