Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

Backporting the work done in appliance to get to the bottom of a cach…

…e error
  • Loading branch information
Jim Van Fleet
Jim Van Fleet committed Sep 23, 2016
1 parent 0676323 commit 4cfa05b8e961c22b54377341f28ece7baf18682c
Showing with 177 additions and 1 deletion.
  1. +4 −1 Dockerfile
  2. +22 −0 certs/server.crt
  3. +18 −0 certs/server.csr
  4. +27 −0 certs/server.key
  5. +99 −0 conf/00-comanage-443.conf
  6. +7 −0 tests/running.bats
@@ -8,5 +8,8 @@ LABEL Version=$version
ENV VERSION=$version

#ADD ./container_files /opt/
#RUN ln -s /opt/etc/httpd/conf.d/virtual_host_443.conf /etc/httpd/conf.d/00-comanage-443.conf
COPY autoexec/ /opt/autoexec/
COPY certs/ /opt/httpd/ssl/
COPY conf/00-comanage-443.conf /opt/etc/httpd/conf.d/virtual_host_443.conf
RUN ln -s /opt/etc/httpd/conf.d/virtual_host_443.conf /etc/httpd/conf.d/00-comanage-443.conf
VOLUME /etc/httpd/logs
@@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDrDCCApQCCQCqx2/xzYm5ejANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMC
VVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHEwlDaGFybG90dGUx
DzANBgNVBAoTBkxldnZlbDEPMA0GA1UECxMGRG9ja2VyMREwDwYDVQQDEwhiaWdm
bGVldDEmMCQGCSqGSIb3DQEJARYXamltLnZhbi5mbGVldEBsZXZ2ZWwuaW8wHhcN
MTYwODEyMTY0MTMyWhcNMTcwODEyMTY0MTMyWjCBlzELMAkGA1UEBhMCVVMxFzAV
BgNVBAgTDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHEwlDaGFybG90dGUxDzANBgNV
BAoTBkxldnZlbDEPMA0GA1UECxMGRG9ja2VyMREwDwYDVQQDEwhiaWdmbGVldDEm
MCQGCSqGSIb3DQEJARYXamltLnZhbi5mbGVldEBsZXZ2ZWwuaW8wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe3SNdeVXz0QEvwI8WSKp3XjF1Z6baCbhK
tlxwCexvt1CbtUmvBM6ztDmYwqdMwKvQB/UfVdilgUR8Ywo6VQTQ4pv+xYVAaVTo
AWNR/UD2/F+MriV+kVDLRfeql4os0C96c6yNthe1bQbrT4BZR0eOT7vBi3ozN38G
acUH2+owv2TnzVp27dGW2WIrWxL8G49w+Jy8K/nVdrEr48F/6349NHXizBdycpVG
MIdD62qmBb3SdWezKXmczOlHTLtXhKSZO+bQaYA81sGPkDB7NsUkHV1t8kMBt8sC
MPP4K5BAqIJdigg6nBINIuoa0mdMI37W7phUcLnjg5FsZUn95DMvAgMBAAEwDQYJ
KoZIhvcNAQELBQADggEBAGhWie1wkXg8V3rG4nGvDLVCFi8V4fPLF5dL5HCULGde
i9Xz+v412qt1kxgDDwlSZ3oRP1z/tKIywRgLD0NcBJYHqzJN+5gg+ZJMHLEn/bOf
CS6H91dWD93vlcdBMhyh/rz1PafBWc+TyaNuvihSz4V7kpUdUQ7ovXwv3yeSJelT
OFzQbjx+roSfFOK7CuIEOee42MAcaqD5LpnGCIujPQgAje3OdyDeofoFA0XehY/Y
QzooAqSqYhomN6G4RFRAiYwXVkhKbeLBdOOs3rjdymcrFSvwWUJKx7EtpUegucEw
krFR4hpkGmKABuhVZp/g1zxzeodkwRyJFrQEecFQIN4=
-----END CERTIFICATE-----
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIC3TCCAcUCAQAwgZcxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJv
bGluYTESMBAGA1UEBxMJQ2hhcmxvdHRlMQ8wDQYDVQQKEwZMZXZ2ZWwxDzANBgNV
BAsTBkRvY2tlcjERMA8GA1UEAxMIYmlnZmxlZXQxJjAkBgkqhkiG9w0BCQEWF2pp
bS52YW4uZmxlZXRAbGV2dmVsLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3t0jXXlV89EBL8CPFkiqd14xdWem2gm4SrZccAnsb7dQm7VJrwTOs7Q5
mMKnTMCr0Af1H1XYpYFEfGMKOlUE0OKb/sWFQGlU6AFjUf1A9vxfjK4lfpFQy0X3
qpeKLNAvenOsjbYXtW0G60+AWUdHjk+7wYt6Mzd/BmnFB9vqML9k581adu3Rltli
K1sS/BuPcPicvCv51XaxK+PBf+t+PTR14swXcnKVRjCHQ+tqpgW90nVnsyl5nMzp
R0y7V4SkmTvm0GmAPNbBj5AwezbFJB1dbfJDAbfLAjDz+CuQQKiCXYoIOpwSDSLq
GtJnTCN+1u6YVHC544ORbGVJ/eQzLwIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEB
AJ6hDOof0VueZkGT9wIz/5pKJgoTe9kTNnnHfnXitROwxEEF5gyFPICXkALbJkC7
HqNl+wd/cG010CoeAI5rcoYDvfY5WAmIOXQF2Zo4EV6XgfBwnk/Jz1T6TvryB14o
Pp/jwJzurEi90bCHmxELIJwHQPGxbLdF5ScNTg26xXkt6FI4w9utTzh85Pgmxir6
7niVc3MvR9eyWVXF3NiakQw9oM8FsfRY2i3c87ugcuH0LDrVUFkz4GqS8vC6N1Ao
L/KAmBvfz25bq+GaXSKb2OQyvNHcM8lquP0vQKsvrs1ecUY4YILBy1yCEGUSxDGM
kH3F2FuaT22hbNM1JxrLo2Q=
-----END CERTIFICATE REQUEST-----
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA3t0jXXlV89EBL8CPFkiqd14xdWem2gm4SrZccAnsb7dQm7VJ
rwTOs7Q5mMKnTMCr0Af1H1XYpYFEfGMKOlUE0OKb/sWFQGlU6AFjUf1A9vxfjK4l
fpFQy0X3qpeKLNAvenOsjbYXtW0G60+AWUdHjk+7wYt6Mzd/BmnFB9vqML9k581a
du3RltliK1sS/BuPcPicvCv51XaxK+PBf+t+PTR14swXcnKVRjCHQ+tqpgW90nVn
syl5nMzpR0y7V4SkmTvm0GmAPNbBj5AwezbFJB1dbfJDAbfLAjDz+CuQQKiCXYoI
OpwSDSLqGtJnTCN+1u6YVHC544ORbGVJ/eQzLwIDAQABAoIBAEDDmLRgP1ckRKkA
11QNd+RKbisFHRq9ul2T0xcH+zqX1gf5zdjbl8nnNNmsr3uBfixtM5GQm+20vBc9
nMpIzKZ7RAPsmIWYVoE5bgh0hT2BJ681KFY4mncH9SoQ8amGMlXuaZWg9hDWBy24
o77OFQBJMXHUO4XIudQ+RnC7OrpBSZDIRq9pF4CIAOZ5muWTeK8IHF7CYfMlcz9z
F2y+MbUHYwVstQZlnhHA8zB2jAdy58PhCf44niGSI/ny9ww/ntSpqM/qM6pqv0H6
GMV/ZA4UhJ7rbDzfUrTVfuJJDZr0X00RjKQBwLYqGA+vegwgyQU0RX0uL+vKHNYz
z5Uba1ECgYEA9BK4Y/ofxZTiXVEc1JM3NsCTPJgySzsgcmvtLh9Md4tXHd9kliW2
4I2e/Alt6dwXwEOxUV1drc6B+A4Y09KMaAWQRxAsVY5khotChPAIhYXXDir9srEW
nR1Y5pBdMw89PQgIDKBHK9gp+Fo3InxsHN+QdfJmyXDzOvFBRLOgkdkCgYEA6cEY
konEDB7Kd4S7lYKuk1euvFp1XUk5MSXmz2JR6uvB5RaJJNvXBuZB0i60jeUHgA3V
mouwjuX1zsVSRQEtQ37eiQ2p7ivd1j86SlMBRzFxFempGV00IZevXiBxtfnx38Lw
mYYOWMXdX0CsV/HHvUpTrkC1F8rIP1tXj0IhwEcCgYEAq1q1P+OsCLBlWDSJNCkC
+5qqBEGqFa02M37YLqhkrA0UpXFgEhX6VZ63/qS0GRqfRimAROpyyYKRNtDW12gb
kTBOwcV2Cr8Ejn0Yv3Ix2WREvrqqEJlJkha3gm/aLu3FBaMs24hvTzXdCXJ1AO4v
jPncVyJOzaBR85DLTOt7kMkCgYAHoRjHN53hc2PSUM+6ioBeKL94QE+SUuB9/Smy
XRglXbp/WqPxQweanwtI6+NSukXrZQgyuhpyH4lNTV1pCSfMCykCOiLwthfQdVHW
uSzSgQea2nx9anBYJFZB8Tck5FqDnh4yNJDlTtfx0u+NE0Qcpn9isZP3idPNVZLf
Bx6I4wKBgQDagUD7YJ3oX/4mbBmWJ/z7fAWcUqdRC2kwVfOn2qdeRgVNXQD97u0f
ZUw7fH6MSKHkuQsM0UWxex2dxxfJaFH5aF5EqXzlT/9by4Ela9p6GtecyuNPDnm+
jReIeDTO73BnM0LJNPPyd/CSHvaVEgvVmjjNTkuBYpyk8HVXf/Cd/A==
-----END RSA PRIVATE KEY-----
@@ -0,0 +1,99 @@
# Licensed to the University Corporation for Advanced Internet Development,
# Inc. (UCAID) under one or more contributor license agreements. See the
# NOTICE file distributed with this work for additional information regarding
# copyright ownership. The UCAID licenses this file to You under the Apache
# License, Version 2.0 (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
<VirtualHost _default_:443>
ServerName https://localhost:443
UseCanonicalName On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLCompression off
SSLCertificateFile /opt/httpd/ssl/server.crt
SSLCertificateKeyFile /opt/httpd/ssl/server.key

# Optional parameter that will only be uncommented on initialization
# if the file exists:
#SSLCertificateChainFile CHANGE_TO_SSL_HTTPD_CHAIN

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0


<Directory />
AllowOverride none
Require all denied
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>

<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

<Directory "/var/www/html/registry">
Options Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>

ShibCompatValidUser Off
<Location "/Shibboleth.sso">
AuthType None
Require all granted
</Location>

<Location "/shibboleth-sp">
AuthType None
Require all granted
</Location>
Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css

<Directory "/var/www/html/registry/auth/login">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require shib-session
</Directory>

Redirect "/registry/users/logout" "https://localhost/Shibboleth.sso/Logout?return=https%3A//localhost/registry/"

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>

<Files ".ht*">
Require all denied
</Files>

</VirtualHost>
@@ -16,4 +16,11 @@ load ../common

@test "Leaves running comanage process" {
docker ps | grep my/comanage
}

@test "200 response possible" {
run docker exec -i comanage curl -o /dev/null --silent --head --write-out '%{http_code}\n' https://localhost/
echo ${output}
[ "$status" -eq 0 ]
[[ ${output} == *"302"* || ${output} == *"200"* ]]
}

0 comments on commit 4cfa05b

Please sign in to comment.
You can’t perform that action at this time.