Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
@pcaskey
Latest commit f5b1c4e Jan 9, 2020 History
1 contributor

Users who have contributed to this file

FROM mcr.microsoft.com/windows/servercore:ltsc2016
#settings
ENV JAVA_OPTS='-Xmx3000m'
ENV TOMCAT_MAJOR_VERSION=9
ENV TOMCAT_VERSION=9.0.30
ENV CATALINA_HOME=c:\\Tomcat
ENV IDP_VERSION=3.4.6
ENV TIERVERSION=20200109
### JAVA ###
#
##below are settings for Corretto Java
ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_232'
ENV CORRETTO_URL_PERM='https://corretto.aws/downloads/latest/amazon-corretto-8-x64-windows-jdk.msi'
ENV CORRETTO_INSTALL_FILE='amazon-corretto-8-x64-windows-jdk.msi'
##below is for Zulu Java
#ENV JAVA_HOME='c:\zulujava\zulu-8\'
#ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi
##below is for Oracle Java
#ENV JAVA_VERSION=8u171
#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8
#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171
#ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER
RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine )
ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi
###install Corretto Java
RUN powershell (new-object System.Net.WebClient).Downloadfile('%CORRETTO_URL_PERM%', 'C:\%CORRETTO_INSTALL_FILE%')
RUN powershell If ((Get-FileHash C:\%CORRETTO_INSTALL_FILE% -Algorithm MD5).Hash.ToLower() -eq '620ee139aac5f05ab404006b5e33378f') { ` \
start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%CORRETTO_INSTALL_FILE%','/qn' ` \
} Else { throw 'bad hash comparison on Corretto Java download' }
RUN del C:\%CORRETTO_INSTALL_FILE%
###install Zulu Java
#RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%')
#RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'cf7825107dd71cd9a6455c2855838966') { ` \
# start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \
# } Else { throw 'bad hash comparison on Zulu Java download' }
#RUN del C:\%JAVA_INSTALL_FILENAME%
##install Oracle Java
#RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe')
#RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq 'd5256b3d1a6da959ea98ea2a2be3a05a7df9d1a5cd75db3930f935ab71ce43b8') { ` \
# start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \
# } Else { throw 'bad hash comparison on Java download' }
#RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe
##install Oracle Java Cryptography Extensions
#RUN powershell ` \
# $ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \
# $c = New-Object System.Net.Cookie ; ` \
# $c.Name = 'oraclelicense' ; ` \
# $c.Value = 'accept-securebackup-cookie' ; ` \
# $c.Domain = 'oracle.com' ; ` \
# $ws.Cookies.Add($c) ; ` \
# Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip'
#RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \
# Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \
# copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \
# } Else { throw 'bad hash comparison on JCE download' }
#RUN del c:\jce_policy-8.zip
##install Tomcat
COPY container_files/config.ini c:\\config.ini
RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe')
RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \
'07356fd3c8e57437f5b6e1afc3cc7ea6d62f7855095b5c99dfda54b86298a5fa078d29bda3e939b87a89e4565b8a68d01590da18051ea76bb472e5dc8034f653') ` \
{ ` \
start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \
} Else { throw 'bad hash comparison on Tomcat download' }
RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe
#copy temp SSL cert for tomcat in c:\sslcert
COPY container_files/keystore.jks c:\\sslcert\\keystore.jks
#copy temp tomcat config file (listening on 443, cert at c:\sslcert\keystore.jks
COPY container_files/server.xml c:\\Tomcat\\conf\\server.xml
#cleanup tomcat install
RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF
##install Shibb
RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi')
RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '5fde8b86acfa8fafb92b94a7dcddc5ba5ce24e34') { ` \
start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \
} Else { throw 'bad hash comparison on IdP download' }
RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi
##add JSTL
ADD https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar c:\\opt\\shibboleth-idp\\edit-webapp\\WEB-INF\\lib\\jstl-1.2.jar
RUN C:/opt/shibboleth-idp/bin/build.bat -noinput -S -q -Didp.target.dir=c:/opt/shibboleth-idp
#link IdP's war file to Tomcat
RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war
#copy TIER beacon script
RUN mkdir c:\util
RUN mkdir c:\opt\certs
COPY container_files/sendtierbeacon.ps1 c:\\util
#schedule script to run (at random time)
#RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm"
#The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround
COPY container_files/TIER_Beacon_Task.xml c:\\TIER_Beacon_Task.xml
RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm
RUN del c:\TIER_Beacon_Task.xml
#################################################
### Settings for a burned-in config (default) ###
#################################################
# Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below.
# They represent the folder names/paths on your build host of the relevant config material needed to run the container. You can also specify these
# with --build-arg in your 'docker build' command.
#ARG TOMCFG=config\\tomcat
#ARG TOMLOG=logs\\tomcat
#ARG TOMCERT=credentials\\tomcat
#ARG TOMWWWROOT=wwwroot
#ARG SHBCFG=config\\shib-idp\\conf
#ARG SHBCREDS=credentials\\shib-idp
#ARG SHBVIEWS=config\\shib-idp\\views
#ARG SHBEDWAPP=config\\shib-idp\\edit-webapp
#ARG SHBMSGS=config\\shib-idp\\messages
#ARG SHBMD=config\\shib-idp\\metadata
#ARG SHBLOG=logs\\shib-idp
# Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up)
#
# consider not doing the one volume below (which maps the IdP's logs folder to a local folder) as it creates a run-time
# dependency and a better solution might be to use syslog from the container
# VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"]
#
#ADD $TOMCFG c:\\Tomcat\\conf
#ADD $TOMCERT c:\\sslcert
#ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT
#ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf
#ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials
#ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views
#ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp
#ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages
#ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata
#
###############################################################################
# remove existing files from the installer so that secrets can propagate (UNCOMMENT if you are using secrets)
#!# RUN del c:\opt\shibboleth-idp\conf\idp.properties
#!# RUN del c:\opt\shibboleth-idp\conf\ldap.properties
#!# RUN del c:\opt\shibboleth-idp\conf\relying-party.xml
#!# RUN del c:\opt\shibboleth-idp\conf\attribute-filter.xml
#!# RUN del c:\opt\shibboleth-idp\conf\attribute-resolver.xml
#!# RUN del c:\opt\shibboleth-idp\conf\metadata-providers.xml
#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.key
#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.crt
#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.key
#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.crt
#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.jks
#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.kver
#establish a healthcheck command so that docker might know the container's true state
HEALTHCHECK --interval=2m --timeout=30s \
CMD powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (new-object System.Net.WebClient).DownloadString("https://127.0.0.1/idp/status")
EXPOSE 443
CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ]