Skip to content

Commit

Permalink
First commit
Browse files Browse the repository at this point in the history
  • Loading branch information
@skoranda
skoranda committed Feb 10, 2017
0 parents commit 85ba0ae
Show file tree
Hide file tree
Showing 4 changed files with 322 additions and 0 deletions.
36 changes: 36 additions & 0 deletions comanage-registry/000-comanage.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]
</VirtualHost>

<VirtualHost *:443>

DocumentRoot /var/www/html

RedirectMatch ^/$ /registry/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

LogLevel warn

Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on

SSLCertificateFile /etc/apache2/cert.pem
SSLCertificateKeyFile /etc/apache2/privkey.pem
SSLCertificateChainFile /etc/apache2/chain.pem

<Directory /var/www/html/registry>
Options Indexes FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>

</VirtualHost>
103 changes: 103 additions & 0 deletions comanage-registry/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# Copyright (C) 2010-15 University Corporation for Advanced Internet Development, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the specific language governing
# permissions and limitations under the License.

# Official PHP image with Apache HTTPD includes
# --with-openssl
# --with-mbstring
# but xls, pdo, pdo_mysql, pdo_pgsql, mysqli, pgsql,
# and ldap extensions must be built.
FROM php:7.0-apache

ARG COMANAGE_REGISTRY_VERSION=develop
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/$COMANAGE_REGISTRY_VERSION.tar.gz

# Default values for first administrator bootstrapped
# into the platform, most likely overridden at build time
# using build arguments.
ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Registry
ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Admin
ARG COMANAGE_REGISTRY_ADMIN_USERNAME=registry.admin
ARG COMANAGE_REGISTRY_ENABLE_POOLING=No

LABEL comanage_registry_version=$COMANAGE_REGISTRY_VERSION
LABEL comanage_registry_src_url=$COMANAGE_REGISTRY_SRC_URL

ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry
ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}
ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}
ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME}
ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING}

RUN apt-get update && apt-get install -y \
libldap-2.4-2 \
libldap2-dev \
libmysqlclient18 \
libmysqlclient-dev \
libpq-dev \
libxml2 \
libxslt1-dev \
libxslt1.1 \
ssl-cert \
wget \
zlib1g \
&& docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \
&& docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu \
&& docker-php-ext-configure mysqli --with-mysqli=/usr/bin/mysql_config \
&& docker-php-ext-install xsl pdo pdo_mysql pdo_pgsql mysqli pgsql ldap \
&& docker-php-source delete \
&& apt-get purge -y \
libldap2-dev \
libmysqlclient-dev \
libpq-dev \
&& apt-get clean

COPY 000-comanage.conf /etc/apache2/sites-available/000-comanage.conf

WORKDIR "$COMANAGE_REGISTRY_DIR"

RUN mkdir -p "$COMANAGE_REGISTRY_DIR" \
&& wget -O comanage.tar.gz $COMANAGE_REGISTRY_SRC_URL \
&& tar -zxf comanage.tar.gz -C "$COMANAGE_REGISTRY_DIR" --strip-components=1 \
&& rm -f comanage.tar.gz \
&& rm -f "$COMANAGE_REGISTRY_DIR/app/tmp" \
&& cp -r "$COMANAGE_REGISTRY_DIR/app/tmp.dist" "$COMANAGE_REGISTRY_DIR/app/tmp" \
&& chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp" \
&& cd /var/www/html \
&& ln -s "$COMANAGE_REGISTRY_DIR/app/webroot" registry \
&& cd "$COMANAGE_REGISTRY_DIR" \
&& rm -rf local \
&& mkdir -p /local \
&& ln -s /local local \
&& a2enmod headers \
&& a2enmod ssl \
&& a2enmod rewrite \
&& a2dissite 000-default.conf \
&& a2ensite 000-comanage.conf \
&& a2disconf other-vhosts-access-log \
&& cd /etc/apache2 \
&& ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem cert.pem \
&& ln -s /etc/ssl/private/ssl-cert-snakeoil.key privkey.pem \
&& ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem chain.pem \
&& sed -ie 's/'"'"'engine'"'"' => '"'"'FileLog'"'"'/'"'"'engine'"'"' => '"'"'ConsoleLog'"'"'/' "$COMANAGE_REGISTRY_DIR/app/Config/bootstrap.php"

COPY docker-comanage-entrypoint /usr/local/bin/

# expose COmanage Registry local directory
VOLUME ["/local"]

ENTRYPOINT ["docker-comanage-entrypoint"]

WORKDIR /var/www/html

EXPOSE 80 443

CMD ["apache2-foreground"]
103 changes: 103 additions & 0 deletions comanage-registry/Dockerfile.template
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
# Copyright (C) 2010-15 University Corporation for Advanced Internet Development, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the specific language governing
# permissions and limitations under the License.

# Official PHP image with Apache HTTPD includes
# --with-openssl
# --with-mbstring
# but xls, pdo, pdo_mysql, pdo_pgsql, mysqli, pgsql,
# and ldap extensions must be built.
FROM php:7.0-apache

ARG COMANAGE_REGISTRY_VERSION=%%COMANAGE_REGISTRY_VERSION%%
ARG COMANAGE_REGISTRY_SRC_URL=https://github.com/Internet2/comanage-registry/archive/$COMANAGE_REGISTRY_VERSION.tar.gz

# Default values for first administrator bootstrapped
# into the platform, most likely overridden at build time
# using build arguments.
ARG COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Registry
ARG COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Admin
ARG COMANAGE_REGISTRY_ADMIN_USERNAME=registry.admin
ARG COMANAGE_REGISTRY_ENABLE_POOLING=No

LABEL comanage_registry_version=$COMANAGE_REGISTRY_VERSION
LABEL comanage_registry_src_url=$COMANAGE_REGISTRY_SRC_URL

ENV COMANAGE_REGISTRY_DIR /srv/comanage-registry
ENV COMANAGE_REGISTRY_ADMIN_GIVEN_NAME ${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}
ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME ${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}
ENV COMANAGE_REGISTRY_ADMIN_USERNAME ${COMANAGE_REGISTRY_ADMIN_USERNAME}
ENV COMANAGE_REGISTRY_ENABLE_POOLING ${COMANAGE_REGISTRY_ENABLE_POOLING}

RUN apt-get update && apt-get install -y \
libldap-2.4-2 \
libldap2-dev \
libmysqlclient18 \
libmysqlclient-dev \
libpq-dev \
libxml2 \
libxslt1-dev \
libxslt1.1 \
ssl-cert \
wget \
zlib1g \
&& docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql \
&& docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu \
&& docker-php-ext-configure mysqli --with-mysqli=/usr/bin/mysql_config \
&& docker-php-ext-install xsl pdo pdo_mysql pdo_pgsql mysqli pgsql ldap \
&& docker-php-source delete \
&& apt-get purge -y \
libldap2-dev \
libmysqlclient-dev \
libpq-dev \
&& apt-get clean

COPY 000-comanage.conf /etc/apache2/sites-available/000-comanage.conf

WORKDIR "$COMANAGE_REGISTRY_DIR"

RUN mkdir -p "$COMANAGE_REGISTRY_DIR" \
&& wget -O comanage.tar.gz $COMANAGE_REGISTRY_SRC_URL \
&& tar -zxf comanage.tar.gz -C "$COMANAGE_REGISTRY_DIR" --strip-components=1 \
&& rm -f comanage.tar.gz \
&& rm -f "$COMANAGE_REGISTRY_DIR/app/tmp" \
&& cp -r "$COMANAGE_REGISTRY_DIR/app/tmp.dist" "$COMANAGE_REGISTRY_DIR/app/tmp" \
&& chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp" \
&& cd /var/www/html \
&& ln -s "$COMANAGE_REGISTRY_DIR/app/webroot" registry \
&& cd "$COMANAGE_REGISTRY_DIR" \
&& rm -rf local \
&& mkdir -p /local \
&& ln -s /local local \
&& a2enmod headers \
&& a2enmod ssl \
&& a2enmod rewrite \
&& a2dissite 000-default.conf \
&& a2ensite 000-comanage.conf \
&& a2disconf other-vhosts-access-log \
&& cd /etc/apache2 \
&& ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem cert.pem \
&& ln -s /etc/ssl/private/ssl-cert-snakeoil.key privkey.pem \
&& ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem chain.pem \
&& sed -ie 's/'"'"'engine'"'"' => '"'"'FileLog'"'"'/'"'"'engine'"'"' => '"'"'ConsoleLog'"'"'/' "$COMANAGE_REGISTRY_DIR/app/Config/bootstrap.php"

COPY docker-comanage-entrypoint /usr/local/bin/

# expose COmanage Registry local directory
VOLUME ["/local"]

ENTRYPOINT ["docker-comanage-entrypoint"]

WORKDIR /var/www/html

EXPOSE 80 443

CMD ["apache2-foreground"]
80 changes: 80 additions & 0 deletions comanage-registry/docker-comanage-entrypoint
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
#!/bin/bash

# Copyright (C) 2010-15 University Corporation for Advanced Internet Development, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the specific language governing
# permissions and limitations under the License.

# Database initialization or schema management using adodb
# is idempotent so we always run it at startup.
pushd "$COMANAGE_REGISTRY_DIR/app" > /dev/null 2>&1
./Console/cake database > /dev/null 2>&1
popd > /dev/null 2>&1

# We only want to run the setup script once since it creates
# state in the database. Until COmanage Registry has a better
# mechanism for telling us if setup has already been run
# we create an ephemeral CakePHP script to tell us.
SETUP_ALREADY_SCRIPT="$COMANAGE_REGISTRY_DIR/app/Console/Command/SetupAlreadyShell.php"

cat >> $SETUP_ALREADY_SCRIPT <<"EOF"
<?php
class SetupAlreadyShell extends AppShell {
var $uses = array('Co');
function main() {
$args = array();
$args['conditions']['Co.name'] = 'COmanage';
$args['contain'] = false;
$co = $this->Co->find('first', $args);
if(!empty($co)) {
$this->error('Setup already');
}
}
}
EOF

pushd /srv/comanage-registry/app > /dev/null 2>&1
./Console/cake setupAlready > /dev/null 2>&1
setup_already=$?

rm -f "$SETUP_ALREADY_SCRIPT"

if [ $setup_already -eq 0 ]; then
rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.salt" > /dev/null 2>&1
rm -f "$COMANAGE_REGISTRY_DIR/local/Config/security.seed" > /dev/null 2>&1
./Console/cake setup --admin-given-name "${COMANAGE_REGISTRY_ADMIN_GIVEN_NAME}" \
--admin-family-name "${COMANAGE_REGISTRY_ADMIN_FAMILY_NAME}" \
--admin-username "${COMANAGE_REGISTRY_ADMIN_USERNAME}" \
--enable-pooling "${COMANAGE_REGISTRY_ENABLE_POOLING}" > /dev/null 2>&1
fi

popd > /dev/null 2>&1

# Running CakePHP console commands generates cache files so
# set the ownership of those files appropriately.
chown -R www-data:www-data "$COMANAGE_REGISTRY_DIR/app/tmp"

# Make sure the directory structure we need is available
# in the data volume for $COMANAGE_REGISTRY_DIR/local
mkdir -p "$COMANAGE_REGISTRY_DIR/local/Config"
mkdir -p "$COMANAGE_REGISTRY_DIR/local/Plugin"
mkdir -p "$COMANAGE_REGISTRY_DIR/local/View/Pages/public"
mkdir -p "$COMANAGE_REGISTRY_DIR/local/webroot/img"

# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi

exec "$@"

0 comments on commit 85ba0ae

Please sign in to comment.