Permalink
f07c60a Apr 3, 2018
2 contributors

Users who have contributed to this file

@pcaskey @chubing
74 lines (56 sloc) 3.76 KB
FROM tier/shibboleth_idp:appliance
COPY ./root/ /opt/shibboleth/$SHIB_PREFIX/
ARG maintainer=my
ARG imagename=shibboleth_idp
ARG version=3.3.1
ENV VERSION=$version
ENV IMAGENAME=$imagename
ENV MAINTAINER=$maintainer
# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage) and version (3.3.1-17040, etc)
# once daily between midnight and 4am. This data helps with the scalaing and funding of TIER.
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT True
ENV JAVA_OPTS=-Xmx3000m -XX:MaxPermSize=256m
# Uncomment all the following lines to download the JDK to your Shibboleth IDP image. By uncommenting these lines, you agree to the Oracle Binary Code License Agreement for Java SE (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
# ENV JAVA_VERSION 8u162
# ENV BUILD_VERSION b12
# ENV JAVA_BUNDLE_ID 0da788060d494f5095bf8624735fa2f1
# ENV JAVA_HOME /usr/java/latest
#
# RUN wget -nv --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/$JAVA_VERSION-$BUILD_VERSION/$JAVA_BUNDLE_ID/jdk-$JAVA_VERSION-linux-x64.rpm" -O /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
# yum -y install /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
# rm -f /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
# alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \
# alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \
# alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000
# Uncomment all the following lines to download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. By uncommenting these lines, you agree to the Oracle Binary Code License Agreement for Java SE Platform Products (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
# RUN yum -y install unzip \
# && wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
# http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip \
# && echo "f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59 jce_policy-8.zip" | sha256sum -c - \
# && unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/local_policy.jar -d $JAVA_HOME/jre/lib/security/ \
# && unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/US_export_policy.jar -d $JAVA_HOME/jre/lib/security/ \
# && rm jce_policy-8.zip \
# && chmod -R 640 $JAVA_HOME/jre/lib/security/
RUN chown -R root:root /opt/shibboleth/shibboleth-identity-provider-$version && \
rm -rf /usr/local/tomcat/webapps/* && \
ANT_OPTS="-Didp.target.dir=/opt/shibboleth/current" /opt/shibboleth/current/bin/build.sh && \
ln -s /opt/shibboleth/current /opt/shibboleth-idp && \
ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war && \
mkdir /opt/certs
RUN mkdir -p /usr/local/tomcat/webapps/ROOT
COPY ./conf/ /usr/local/tomcat/conf/
COPY ./etc/ /etc/
COPY ./autoexec/ /opt/autoexec/
COPY ./certs/ /opt/certs
COPY ./www/ /usr/local/tomcat/webapps/ROOT/
# If you are running in a staging environment and can use
# self-signed certs, you can uncomment the following line to automatically
# generate a keystore.
## RUN ln -s /opt/certs/gencert.sh /opt/autoexec/onbuild/gencert.sh
##RUN chmod +x /opt/certs/gencert.sh && /opt/autoexec/bin/onbuild.sh
RUN /opt/autoexec/bin/onbuild.sh
VOLUME ["/usr/local/tomcat/logs", "/opt/shibboleth/shibboleth-identity-provider-$VERSION/logs"]
EXPOSE 8443
CMD ["/usr/bin/startup.sh"]