Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: docker/eduroam-freeradius
base: main
Choose a base ref
...
head repository: docker/eduroam-freeradius
compare: 3.0.x-20191126-dev
Choose a head ref
Can’t automatically merge. Don’t worry, you can still create the pull request.
  • 3 commits
  • 2 files changed
  • 1 contributor

Commits on Nov 26, 2019

  1. Update Dockerfile

    @chubing
    chubing committed Nov 26, 2019
    Loading status checks…
    Copy the full SHA
    22a1dab View commit details

  2. Update Dockerfile

    @chubing
    chubing committed Nov 26, 2019
    Loading status checks…
    Copy the full SHA
    63f5de2 View commit details

Commits on Feb 14, 2020

  1. Update README.md

    @chubing
    chubing committed Feb 14, 2020
    Loading status checks…
    Copy the full SHA
    faf3366 View commit details
Showing with 123 additions and 84 deletions.
  1. +3 −83 Dockerfile
  2. +120 −1 README.md
86 changes: 3 additions & 83 deletions Dockerfile
View file
@@ -1,93 +1,13 @@
ARG from=centos:centos7
FROM ${from} as build

#
# Install build tools
#
RUN yum groupinstall -y "Development Tools"
RUN yum install -y rpmdevtools
RUN yum install -y openssl

#
# Create build directory
#
RUN mkdir -p /usr/local/src/repositories
WORKDIR /usr/local/src/repositories

#
# Shallow clone the FreeRADIUS source
#
ARG source=https://github.com/FreeRADIUS/freeradius-server.git
ARG release=v3.0.x

RUN git clone --depth 1 --single-branch --branch ${release} ${source}
WORKDIR freeradius-server
FROM ${from}

#
# Other requirements
#
RUN yum install -y openssl freeradius freeradius-mysql freeradius-utils php-common php-gd php-curl php-mysql mysql-server php-db mysql-client
RUN yum install -y apache2 libapache2-mod-php php-mail php-mime php-pear

# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS
RUN echo $'[ltb-project]\n\
name=LTB project packages\n\
baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\
enabled=1\n\
gpgcheck=1\n\
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\
> /etc/yum.repos.d/ltb-project.repo
RUN rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project

# EPEL repository for freetds and hiredis
RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

#
# Install build dependencies
#
RUN [ -e redhat/freeradius.spec ] && yum-builddep -y redhat/freeradius.spec

#
# Create RPM build environment
#
ENV BUILDDIR=/root/rpmbuild
RUN rpmdev-setuptree

RUN ./configure
RUN make freeradius-server-$(cat VERSION).tar.bz2
RUN cp freeradius-server-$(cat VERSION).tar.bz2 $BUILDDIR/SOURCES/
RUN cp -r redhat/* $BUILDDIR/SOURCES/
RUN cp -r redhat/freeradius.spec $BUILDDIR/SPECS/
WORKDIR $BUILDDIR

#
# Build the server
#
ENV QA_RPATHS=0x0003
RUN rpmbuild -bb --define '_release $release' "$BUILDDIR/SPECS/freeradius.spec"

RUN mkdir /root/rpms
RUN mv $BUILDDIR/RPMS/*/*.rpm /root/rpms/

#
# Clean environment and run the server
#
FROM ${from}
COPY --from=build /root/rpms /tmp/

# Use LTB's openldap packages intead of the distribution version to avoid linking against NSS
RUN echo $'[ltb-project]\n\
name=LTB project packages\n\
baseurl=https://ltb-project.org/rpm/$releasever/$basearch\n\
enabled=1\n\
gpgcheck=1\n\
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LTB-project'\
> /etc/yum.repos.d/ltb-project.repo \
&& rpm --import https://ltb-project.org/lib/RPM-GPG-KEY-LTB-project \
\
# EPEL repository for freetds and hiredis
&& yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
\
&& yum install -y /tmp/*.rpm

COPY docker-entrypoint.sh /

EXPOSE 1812/udp 1813/udp
121 changes: 120 additions & 1 deletion README.md
View file
@@ -1 +1,120 @@
# eduroam-freeradius
# eduroam-freeradius

### Commands for installing FreeRadius on CentOS 8:

## Install FreeRadius
sudo dnf install -y @freeradius freeradius-utils freeradius-mysql

## Enable and start radiusd service:
sudo systemctl enable --now radiusd.service

## Add firewall rule for Radius in Firewalld:
sudo firewall-cmd --add-service=radius --permanent &&\
sudo firewall-cmd --reload



## Install MariaDB:
sudo dnf module install mariadb

## Enable and start MariaDB:
sudo systemctl enable --now mariadb.service

## Securely configure MariaDB:
sudo mysql_secure_installation



## Create SQL database in MariaDB for Radius:
mysql -u root -p

MariaDB [(none)]> CREATE DATABASE radius;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "SuperStrongPassword";
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> quit;
Bye


## Initialize database for Radius (as root):
sudo su -
mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql

## Exit root shell:
exit

## Enable MySQL mod for Radius:
sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/

## Edit the SQL config file to point to MySQL database:
sudo vim /etc/raddb/mods-available/sql

## Uncomment or add and configure the following parts of the SQL config file undert the 'sql {' section:
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
#
server = "localhost"
port = 3306
login = "radius"
password = "SuperStrongPassword"

## Change group ownership of SQL config file and restart Radius:
sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql &&\
sudo systemctl restart radiusd

## Install Apache + PHP for Daloradius web interface:
sudo dnf -y install @httpd @php
sudo dnf -y install php-{cli,curl,mysqlnd,devel,gd,pear,mbstring,xml,pear}
sudo pear install MDB2 DB

## Start and enable Apache and php-fpm:
sudo systemctl enable --now httpd.service php-fpm.service

## Configure Firewalld for Apache:
sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

## Download Daloradius (as root):
sudo su -
curl -L -O 'https://github.com/lirantal/daloradius/archive/master.zip' &&\
unzip master.zip &&\
rm master.zip &&\
mv daloradius-master/ /opt/daloradius

## Import Daloradius database tables (as root):
mysql -u root -p radius < /opt/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p radius < /opt/daloradius/contrib/db/mysql-daloradius.sql

## Exit root shell:
exit

## Remove default Apache web root and replace with Daloradius, fixing permissions as well:
sudo rm -rf /var/www/html &&\
sudo cp -r /opt/daloradius /var/www/html &&\
sudo chown -R apache:apache /var/www/html/

## Edit Daloradius' config file:
sudo vim /var/www/html/library/daloradius.conf.php

## Specifically, the following values should be edited:
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'SuperStrongPassword';
$configValues['CONFIG_DB_NAME'] = 'radius';

## Restart Apache and Radius:
sudo systemctl restart radiusd.service httpd.service

## Configure SELinux to allow Apache to access Daloradius web root:
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?"
sudo restorecon -Rv /var/www/html/


## Daloradius should now be accessible on port 80 (http) of the host. Default creds are:
username: administrator
password: radius