From 98faf5068d7ebd26096540a60b417eb8a2a9c140 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 10 Jul 2019 10:26:05 -0500 Subject: [PATCH 1/6] Update Dockerfile --- Dockerfile | 166 ----------------------------------------------------- 1 file changed, 166 deletions(-) diff --git a/Dockerfile b/Dockerfile index 496850c..a2feedb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -105,172 +105,6 @@ RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; RUN del c:\TIER_Beacon_Task.xml -################################################# -### Settings for a burned-in config (default) ### -################################################# -# Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below. -# They represent the folder names/paths on your build host of the relevant config material needed to run the container. You can also specify these -# with --build-arg in your 'docker build' command. - -#ARG TOMCFG=config\\tomcat -#ARG TOMLOG=logs\\tomcat -#ARG TOMCERT=credentials\\tomcat -#ARG TOMWWWROOT=wwwroot -#ARG SHBCFG=config\\shib-idp\\conf -#ARG SHBCREDS=credentials\\shib-idp -#ARG SHBVIEWS=config\\shib-idp\\views -#ARG SHBEDWAPP=config\\shib-idp\\edit-webapp -#ARG SHBMSGS=config\\shib-idp\\messages -#ARG SHBMD=config\\shib-idp\\metadata -#ARG SHBLOG=logs\\shib-idp - -# Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up) -# -# consider not doing the one volume below (which maps the IdP's logs folder to a local folder) as it creates a run-time -# dependency and a better solution might be to use syslog from the container -# VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"] -# - -#ADD $TOMCFG c:\\Tomcat\\conf -#ADD $TOMCERT c:\\sslcert -#ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT -#ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf -#ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials -#ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views -#ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp -#ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages -#ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata -# -############################################################################### - -# remove existing files from the installer so that secrets can propagate (UNCOMMENT if you are using secrets) -#!# RUN del c:\opt\shibboleth-idp\conf\idp.properties -#!# RUN del c:\opt\shibboleth-idp\conf\ldap.properties -#!# RUN del c:\opt\shibboleth-idp\conf\relying-party.xml -#!# RUN del c:\opt\shibboleth-idp\conf\attribute-filter.xml -#!# RUN del c:\opt\shibboleth-idp\conf\attribute-resolver.xml -#!# RUN del c:\opt\shibboleth-idp\conf\metadata-providers.xml -#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.key -#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.crt -#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.key -#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.crt -#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.jks -#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.kver - -#establish a healthcheck command so that docker might know the container's true state -HEALTHCHECK --interval=2m --timeout=30s \ - CMD powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (new-object System.Net.WebClient).DownloadString("https://127.0.0.1/idp/status") - -EXPOSE 443 - -CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ] -======= -FROM mcr.microsoft.com/windows/servercore:ltsc2016 - -#settings -ENV JAVA_OPTS='-Xmx3000m' -ENV TOMCAT_MAJOR_VERSION=9 -ENV TOMCAT_VERSION=9.0.21 -ENV CATALINA_HOME=c:\\Tomcat -ENV IDP_VERSION=3.4.4 -ENV TIERVERSION=20190701 - -### -##below is for Corretto Java -ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_212' -ENV CORRETTO_VERSION='8.212.04.2' -##below is for Zulu Java -#ENV JAVA_HOME='c:\zulujava\zulu-8\' -#ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi -##below is for Oracle Java -#ENV JAVA_VERSION=8u171 -#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 -#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171 -#ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER - -RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) -ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi - -###install Corretto Java -RUN powershell (new-object System.Net.WebClient).Downloadfile('https://d3pxv6yz143wms.cloudfront.net/%CORRETTO_VERSION%/amazon-corretto-%CORRETTO_VERSION%-1-windows-x64.msi', 'C:\corretto-java-%CORRETTO_VERSION%') -RUN powershell If ((Get-FileHash C:\corretto-java-%CORRETTO_VERSION% -Algorithm MD5).Hash.ToLower() -eq 'a030757f394ffdd73018e24e2ec1991f') { ` \ - start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\corretto-java-%CORRETTO_VERSION%','/qn' ` \ - } Else { throw 'bad hash comparison on Zulu Java download' } -RUN del C:\corretto-java-%CORRETTO_VERSION% - -###install Zulu Java -#RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') -#RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'cf7825107dd71cd9a6455c2855838966') { ` \ -# start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ -# } Else { throw 'bad hash comparison on Zulu Java download' } -#RUN del C:\%JAVA_INSTALL_FILENAME% - -##install Oracle Java -#RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe') -#RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq 'd5256b3d1a6da959ea98ea2a2be3a05a7df9d1a5cd75db3930f935ab71ce43b8') { ` \ -# start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \ -# } Else { throw 'bad hash comparison on Java download' } -#RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe - -##install Oracle Java Cryptography Extensions -#RUN powershell ` \ -# $ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \ -# $c = New-Object System.Net.Cookie ; ` \ -# $c.Name = 'oraclelicense' ; ` \ -# $c.Value = 'accept-securebackup-cookie' ; ` \ -# $c.Domain = 'oracle.com' ; ` \ -# $ws.Cookies.Add($c) ; ` \ -# Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip' -#RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \ -# Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \ -# copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \ -# } Else { throw 'bad hash comparison on JCE download' } -#RUN del c:\jce_policy-8.zip - - -##install Tomcat -COPY container_files/config.ini c:\\config.ini -RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') -RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ - '18bb722854b434d11e03e75c04254c095e92716a70d4159331685d4f472640bdb2662f1c013e99fd600112519d2a4ca76f9cf278a59e49ae37b1c76db6995d0d') ` \ - { ` \ - start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ - } Else { throw 'bad hash comparison on Tomcat download' } -RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe - -#copy temp SSL cert for tomcat in c:\sslcert -COPY container_files/keystore.jks c:\\sslcert\\keystore.jks -#copy temp tomcat config file (listening on 443, cert at c:\sslcert\keystore.jks -COPY container_files/server.xml c:\\Tomcat\\conf\\server.xml -#cleanup tomcat install -RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF - -##install Shibb -RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi') -RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '821fdb7c178a247059142f8fbd6d7a895057e2fe') { ` \ - start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \ - } Else { throw 'bad hash comparison on IdP download' } -RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi - -##add JSTL -ADD https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar c:\\opt\\shibboleth-idp\\edit-webapp\\WEB-INF\\lib\\jstl-1.2.jar -RUN C:/opt/shibboleth-idp/bin/build.bat -noinput -S -q -Didp.target.dir=c:/opt/shibboleth-idp - -#link IdP's war file to Tomcat -RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war - -#copy TIER beacon script -RUN mkdir c:\util -RUN mkdir c:\opt\certs -COPY container_files/sendtierbeacon.ps1 c:\\util -#schedule script to run (at random time) -#RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm" -#The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround -COPY container_files/TIER_Beacon_Task.xml c:\\TIER_Beacon_Task.xml -RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm -RUN del c:\TIER_Beacon_Task.xml - - ################################################# ### Settings for a burned-in config (default) ### ################################################# From 279bab8c2802b2cfd6092beeeffda757e63138e7 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 12 Jul 2019 14:49:59 +0000 Subject: [PATCH 2/6] bump tomcat to 9.0.22 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4a77f3e..7dacb73 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2016 #settings ENV JAVA_OPTS='-Xmx3000m' ENV TOMCAT_MAJOR_VERSION=9 -ENV TOMCAT_VERSION=9.0.21 +ENV TOMCAT_VERSION=9.0.22 ENV CATALINA_HOME=c:\\Tomcat ENV IDP_VERSION=3.4.4 ENV TIERVERSION=20190701 @@ -65,7 +65,7 @@ RUN del C:\corretto-java-%CORRETTO_VERSION% COPY container_files/config.ini c:\\config.ini RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ - '18bb722854b434d11e03e75c04254c095e92716a70d4159331685d4f472640bdb2662f1c013e99fd600112519d2a4ca76f9cf278a59e49ae37b1c76db6995d0d') ` \ + '6c57ebde8f72762729e6ea6d1ccbc2bba4b5fb81f98b9cb1e8a19028828d56263c90b55b8d31bbc52582ef0e90cc00d07f30885122b2fcb27f4f2ad6dcb099f0') ` \ { ` \ start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ } Else { throw 'bad hash comparison on Tomcat download' } From 29ed9857308c373fca434683ea3688805080625a Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 12 Jul 2019 14:53:10 +0000 Subject: [PATCH 3/6] tomcaat 9.0.22 --- Dockerfile | 165 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..7dacb73 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,165 @@ +FROM mcr.microsoft.com/windows/servercore:ltsc2016 + +#settings +ENV JAVA_OPTS='-Xmx3000m' +ENV TOMCAT_MAJOR_VERSION=9 +ENV TOMCAT_VERSION=9.0.22 +ENV CATALINA_HOME=c:\\Tomcat +ENV IDP_VERSION=3.4.4 +ENV TIERVERSION=20190701 + +### +##below is for Corretto Java +ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_212' +ENV CORRETTO_VERSION='8.212.04.2' +##below is for Zulu Java +#ENV JAVA_HOME='c:\zulujava\zulu-8\' +#ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi +##below is for Oracle Java +#ENV JAVA_VERSION=8u171 +#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 +#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171 +#ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER + +RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) +ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi + +###install Corretto Java +RUN powershell (new-object System.Net.WebClient).Downloadfile('https://d3pxv6yz143wms.cloudfront.net/%CORRETTO_VERSION%/amazon-corretto-%CORRETTO_VERSION%-1-windows-x64.msi', 'C:\corretto-java-%CORRETTO_VERSION%') +RUN powershell If ((Get-FileHash C:\corretto-java-%CORRETTO_VERSION% -Algorithm MD5).Hash.ToLower() -eq 'a030757f394ffdd73018e24e2ec1991f') { ` \ + start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\corretto-java-%CORRETTO_VERSION%','/qn' ` \ + } Else { throw 'bad hash comparison on Zulu Java download' } +RUN del C:\corretto-java-%CORRETTO_VERSION% + +###install Zulu Java +#RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') +#RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'cf7825107dd71cd9a6455c2855838966') { ` \ +# start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ +# } Else { throw 'bad hash comparison on Zulu Java download' } +#RUN del C:\%JAVA_INSTALL_FILENAME% + +##install Oracle Java +#RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe') +#RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq 'd5256b3d1a6da959ea98ea2a2be3a05a7df9d1a5cd75db3930f935ab71ce43b8') { ` \ +# start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \ +# } Else { throw 'bad hash comparison on Java download' } +#RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe + +##install Oracle Java Cryptography Extensions +#RUN powershell ` \ +# $ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \ +# $c = New-Object System.Net.Cookie ; ` \ +# $c.Name = 'oraclelicense' ; ` \ +# $c.Value = 'accept-securebackup-cookie' ; ` \ +# $c.Domain = 'oracle.com' ; ` \ +# $ws.Cookies.Add($c) ; ` \ +# Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip' +#RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \ +# Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \ +# copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \ +# } Else { throw 'bad hash comparison on JCE download' } +#RUN del c:\jce_policy-8.zip + + +##install Tomcat +COPY container_files/config.ini c:\\config.ini +RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') +RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ + '6c57ebde8f72762729e6ea6d1ccbc2bba4b5fb81f98b9cb1e8a19028828d56263c90b55b8d31bbc52582ef0e90cc00d07f30885122b2fcb27f4f2ad6dcb099f0') ` \ + { ` \ + start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ + } Else { throw 'bad hash comparison on Tomcat download' } +RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe + +#copy temp SSL cert for tomcat in c:\sslcert +COPY container_files/keystore.jks c:\\sslcert\\keystore.jks +#copy temp tomcat config file (listening on 443, cert at c:\sslcert\keystore.jks +COPY container_files/server.xml c:\\Tomcat\\conf\\server.xml +#cleanup tomcat install +RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF + +##install Shibb +RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi') +RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '821fdb7c178a247059142f8fbd6d7a895057e2fe') { ` \ + start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \ + } Else { throw 'bad hash comparison on IdP download' } +RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi + +##add JSTL +ADD https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar c:\\opt\\shibboleth-idp\\edit-webapp\\WEB-INF\\lib\\jstl-1.2.jar +RUN C:/opt/shibboleth-idp/bin/build.bat -noinput -S -q -Didp.target.dir=c:/opt/shibboleth-idp + +#link IdP's war file to Tomcat +RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war + +#copy TIER beacon script +RUN mkdir c:\util +RUN mkdir c:\opt\certs +COPY container_files/sendtierbeacon.ps1 c:\\util +#schedule script to run (at random time) +#RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm" +#The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround +COPY container_files/TIER_Beacon_Task.xml c:\\TIER_Beacon_Task.xml +RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm +RUN del c:\TIER_Beacon_Task.xml + + +################################################# +### Settings for a burned-in config (default) ### +################################################# +# Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below. +# They represent the folder names/paths on your build host of the relevant config material needed to run the container. You can also specify these +# with --build-arg in your 'docker build' command. + +#ARG TOMCFG=config\\tomcat +#ARG TOMLOG=logs\\tomcat +#ARG TOMCERT=credentials\\tomcat +#ARG TOMWWWROOT=wwwroot +#ARG SHBCFG=config\\shib-idp\\conf +#ARG SHBCREDS=credentials\\shib-idp +#ARG SHBVIEWS=config\\shib-idp\\views +#ARG SHBEDWAPP=config\\shib-idp\\edit-webapp +#ARG SHBMSGS=config\\shib-idp\\messages +#ARG SHBMD=config\\shib-idp\\metadata +#ARG SHBLOG=logs\\shib-idp + +# Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up) +# +# consider not doing the one volume below (which maps the IdP's logs folder to a local folder) as it creates a run-time +# dependency and a better solution might be to use syslog from the container +# VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"] +# + +#ADD $TOMCFG c:\\Tomcat\\conf +#ADD $TOMCERT c:\\sslcert +#ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT +#ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf +#ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials +#ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views +#ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp +#ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages +#ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata +# +############################################################################### + +# remove existing files from the installer so that secrets can propagate (UNCOMMENT if you are using secrets) +#!# RUN del c:\opt\shibboleth-idp\conf\idp.properties +#!# RUN del c:\opt\shibboleth-idp\conf\ldap.properties +#!# RUN del c:\opt\shibboleth-idp\conf\relying-party.xml +#!# RUN del c:\opt\shibboleth-idp\conf\attribute-filter.xml +#!# RUN del c:\opt\shibboleth-idp\conf\attribute-resolver.xml +#!# RUN del c:\opt\shibboleth-idp\conf\metadata-providers.xml +#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.key +#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.crt +#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.key +#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.crt +#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.jks +#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.kver + +#establish a healthcheck command so that docker might know the container's true state +HEALTHCHECK --interval=2m --timeout=30s \ + CMD powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (new-object System.Net.WebClient).DownloadString("https://127.0.0.1/idp/status") + +EXPOSE 443 + +CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ] From 291f609abf9dc000ec61227da0db34a787c11546 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Tue, 20 Aug 2019 19:10:59 +0000 Subject: [PATCH 4/6] bump tomcat, java --- Dockerfile | 15 ++++++++------- container_files/config.ini | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7dacb73..f148e7b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,15 +3,16 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2016 #settings ENV JAVA_OPTS='-Xmx3000m' ENV TOMCAT_MAJOR_VERSION=9 -ENV TOMCAT_VERSION=9.0.22 +ENV TOMCAT_VERSION=9.0.24 ENV CATALINA_HOME=c:\\Tomcat ENV IDP_VERSION=3.4.4 -ENV TIERVERSION=20190701 +ENV TIERVERSION=20190801 ### ##below is for Corretto Java -ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_212' -ENV CORRETTO_VERSION='8.212.04.2' +ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_222' +ENV CORRETTO_VERSION='8.222.10.1' +ENV CORRETTO_FILE_VERSION='8.222.10.3' ##below is for Zulu Java #ENV JAVA_HOME='c:\zulujava\zulu-8\' #ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi @@ -25,8 +26,8 @@ RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi ###install Corretto Java -RUN powershell (new-object System.Net.WebClient).Downloadfile('https://d3pxv6yz143wms.cloudfront.net/%CORRETTO_VERSION%/amazon-corretto-%CORRETTO_VERSION%-1-windows-x64.msi', 'C:\corretto-java-%CORRETTO_VERSION%') -RUN powershell If ((Get-FileHash C:\corretto-java-%CORRETTO_VERSION% -Algorithm MD5).Hash.ToLower() -eq 'a030757f394ffdd73018e24e2ec1991f') { ` \ +RUN powershell (new-object System.Net.WebClient).Downloadfile('https://d3pxv6yz143wms.cloudfront.net/%CORRETTO_VERSION%/amazon-corretto-%CORRETTO_FILE_VERSION%-windows-x64.msi', 'C:\corretto-java-%CORRETTO_VERSION%') +RUN powershell If ((Get-FileHash C:\corretto-java-%CORRETTO_VERSION% -Algorithm MD5).Hash.ToLower() -eq '29da4f86581537a74a5784ef81d4c5d1') { ` \ start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\corretto-java-%CORRETTO_VERSION%','/qn' ` \ } Else { throw 'bad hash comparison on Zulu Java download' } RUN del C:\corretto-java-%CORRETTO_VERSION% @@ -65,7 +66,7 @@ RUN del C:\corretto-java-%CORRETTO_VERSION% COPY container_files/config.ini c:\\config.ini RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ - '6c57ebde8f72762729e6ea6d1ccbc2bba4b5fb81f98b9cb1e8a19028828d56263c90b55b8d31bbc52582ef0e90cc00d07f30885122b2fcb27f4f2ad6dcb099f0') ` \ + '3f3484af82ebd5eab7a7581bb6dbdab4b42ce507cafe17dd7b6aabb0cada4e6b0fbe4b89190d70339e73dd6f69dbd779a3426f41638e52ec587607d1b1a9c4ce') ` \ { ` \ start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ } Else { throw 'bad hash comparison on Tomcat download' } diff --git a/container_files/config.ini b/container_files/config.ini index adb7884..2db99c5 100644 --- a/container_files/config.ini +++ b/container_files/config.ini @@ -1,2 +1,2 @@ -JavaHome=C:/Program Files/Amazon Corretto/jdk1.8.0_212 +JavaHome=C:/Program Files/Amazon Corretto/jdk1.8.0_222 From a097c1ead278a44b0fda90ebb25ee9ce6b5a10f6 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 21 Aug 2019 13:21:15 +0000 Subject: [PATCH 5/6] minor change to a comment --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f148e7b..070fc54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ENV IDP_VERSION=3.4.4 ENV TIERVERSION=20190801 ### -##below is for Corretto Java +##below are settings for Corretto Java ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_222' ENV CORRETTO_VERSION='8.222.10.1' ENV CORRETTO_FILE_VERSION='8.222.10.3' From 555b5df31192733b2cdbf0f30d7bc3e83fb97c24 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 21 Aug 2019 13:25:30 +0000 Subject: [PATCH 6/6] update Dockerfile --- Dockerfile | 166 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 166 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..070fc54 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,166 @@ +FROM mcr.microsoft.com/windows/servercore:ltsc2016 + +#settings +ENV JAVA_OPTS='-Xmx3000m' +ENV TOMCAT_MAJOR_VERSION=9 +ENV TOMCAT_VERSION=9.0.24 +ENV CATALINA_HOME=c:\\Tomcat +ENV IDP_VERSION=3.4.4 +ENV TIERVERSION=20190801 + +### +##below are settings for Corretto Java +ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_222' +ENV CORRETTO_VERSION='8.222.10.1' +ENV CORRETTO_FILE_VERSION='8.222.10.3' +##below is for Zulu Java +#ENV JAVA_HOME='c:\zulujava\zulu-8\' +#ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi +##below is for Oracle Java +#ENV JAVA_VERSION=8u171 +#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 +#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171 +#ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER + +RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) +ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi + +###install Corretto Java +RUN powershell (new-object System.Net.WebClient).Downloadfile('https://d3pxv6yz143wms.cloudfront.net/%CORRETTO_VERSION%/amazon-corretto-%CORRETTO_FILE_VERSION%-windows-x64.msi', 'C:\corretto-java-%CORRETTO_VERSION%') +RUN powershell If ((Get-FileHash C:\corretto-java-%CORRETTO_VERSION% -Algorithm MD5).Hash.ToLower() -eq '29da4f86581537a74a5784ef81d4c5d1') { ` \ + start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\corretto-java-%CORRETTO_VERSION%','/qn' ` \ + } Else { throw 'bad hash comparison on Zulu Java download' } +RUN del C:\corretto-java-%CORRETTO_VERSION% + +###install Zulu Java +#RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') +#RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'cf7825107dd71cd9a6455c2855838966') { ` \ +# start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ +# } Else { throw 'bad hash comparison on Zulu Java download' } +#RUN del C:\%JAVA_INSTALL_FILENAME% + +##install Oracle Java +#RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe') +#RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq 'd5256b3d1a6da959ea98ea2a2be3a05a7df9d1a5cd75db3930f935ab71ce43b8') { ` \ +# start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \ +# } Else { throw 'bad hash comparison on Java download' } +#RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe + +##install Oracle Java Cryptography Extensions +#RUN powershell ` \ +# $ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \ +# $c = New-Object System.Net.Cookie ; ` \ +# $c.Name = 'oraclelicense' ; ` \ +# $c.Value = 'accept-securebackup-cookie' ; ` \ +# $c.Domain = 'oracle.com' ; ` \ +# $ws.Cookies.Add($c) ; ` \ +# Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip' +#RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \ +# Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \ +# copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \ +# } Else { throw 'bad hash comparison on JCE download' } +#RUN del c:\jce_policy-8.zip + + +##install Tomcat +COPY container_files/config.ini c:\\config.ini +RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') +RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ + '3f3484af82ebd5eab7a7581bb6dbdab4b42ce507cafe17dd7b6aabb0cada4e6b0fbe4b89190d70339e73dd6f69dbd779a3426f41638e52ec587607d1b1a9c4ce') ` \ + { ` \ + start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ + } Else { throw 'bad hash comparison on Tomcat download' } +RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe + +#copy temp SSL cert for tomcat in c:\sslcert +COPY container_files/keystore.jks c:\\sslcert\\keystore.jks +#copy temp tomcat config file (listening on 443, cert at c:\sslcert\keystore.jks +COPY container_files/server.xml c:\\Tomcat\\conf\\server.xml +#cleanup tomcat install +RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF + +##install Shibb +RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi') +RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '821fdb7c178a247059142f8fbd6d7a895057e2fe') { ` \ + start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \ + } Else { throw 'bad hash comparison on IdP download' } +RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi + +##add JSTL +ADD https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar c:\\opt\\shibboleth-idp\\edit-webapp\\WEB-INF\\lib\\jstl-1.2.jar +RUN C:/opt/shibboleth-idp/bin/build.bat -noinput -S -q -Didp.target.dir=c:/opt/shibboleth-idp + +#link IdP's war file to Tomcat +RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war + +#copy TIER beacon script +RUN mkdir c:\util +RUN mkdir c:\opt\certs +COPY container_files/sendtierbeacon.ps1 c:\\util +#schedule script to run (at random time) +#RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm" +#The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround +COPY container_files/TIER_Beacon_Task.xml c:\\TIER_Beacon_Task.xml +RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm +RUN del c:\TIER_Beacon_Task.xml + + +################################################# +### Settings for a burned-in config (default) ### +################################################# +# Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below. +# They represent the folder names/paths on your build host of the relevant config material needed to run the container. You can also specify these +# with --build-arg in your 'docker build' command. + +#ARG TOMCFG=config\\tomcat +#ARG TOMLOG=logs\\tomcat +#ARG TOMCERT=credentials\\tomcat +#ARG TOMWWWROOT=wwwroot +#ARG SHBCFG=config\\shib-idp\\conf +#ARG SHBCREDS=credentials\\shib-idp +#ARG SHBVIEWS=config\\shib-idp\\views +#ARG SHBEDWAPP=config\\shib-idp\\edit-webapp +#ARG SHBMSGS=config\\shib-idp\\messages +#ARG SHBMD=config\\shib-idp\\metadata +#ARG SHBLOG=logs\\shib-idp + +# Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up) +# +# consider not doing the one volume below (which maps the IdP's logs folder to a local folder) as it creates a run-time +# dependency and a better solution might be to use syslog from the container +# VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"] +# + +#ADD $TOMCFG c:\\Tomcat\\conf +#ADD $TOMCERT c:\\sslcert +#ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT +#ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf +#ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials +#ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views +#ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp +#ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages +#ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata +# +############################################################################### + +# remove existing files from the installer so that secrets can propagate (UNCOMMENT if you are using secrets) +#!# RUN del c:\opt\shibboleth-idp\conf\idp.properties +#!# RUN del c:\opt\shibboleth-idp\conf\ldap.properties +#!# RUN del c:\opt\shibboleth-idp\conf\relying-party.xml +#!# RUN del c:\opt\shibboleth-idp\conf\attribute-filter.xml +#!# RUN del c:\opt\shibboleth-idp\conf\attribute-resolver.xml +#!# RUN del c:\opt\shibboleth-idp\conf\metadata-providers.xml +#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.key +#!# RUN del c:\opt\shibboleth-idp\credentials\idp-signing.crt +#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.key +#!# RUN del c:\opt\shibboleth-idp\credentials\idp-encryption.crt +#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.jks +#!# RUN del c:\opt\shibboleth-idp\credentials\sealer.kver + +#establish a healthcheck command so that docker might know the container's true state +HEALTHCHECK --interval=2m --timeout=30s \ + CMD powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}; (new-object System.Net.WebClient).DownloadString("https://127.0.0.1/idp/status") + +EXPOSE 443 + +CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ]