diff --git a/README.md b/README.md index cbf8278..78470a7 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,8 @@ $ docker run -it --rm tier/grouper:latest bin/gsh There are several things that are required for this image to successfully start. At a minimum, the `grouper.hibernate.properties` and `subject.properties` (or the old `sources.xml` equivalent) files need to be customized and available to the container at start-up. +Grouper config files maybe placed into `/opt/grouper/conf` and these files will be put into the appropriate location based on the role the container assumes. Docker Secrets starting with the name `grouper_` should take precedence over these files. (See below.) + ## Web Apps Configuration If starting the container to serve the Grouper UI, Grouper Web Services, Grouper SCIM Server components, a TLS key and cert(s) need to be applied to those containers. @@ -208,7 +210,7 @@ Here is a list of significant directories and files that deployers should be awa - `/etc/shibboleth/`: location to overlay the Shibboleth SP configuration files used by the image. - `/opt/tomcat/`: used to run Grouper UI and Grouper WS - `/opt/tomee/`: used to run the Grouper SCIM Server. -- `/var/run/`: location where Docker Secrets are mounted into the container. Secrets starting with `grouper_`, `shib_`, and `httpd_` have special meaning. See `Secrets/Configs` above. +- `/var/run/secrets`: location where Docker Secrets are mounted into the container. Secrets starting with `grouper_`, `shib_`, and `httpd_` have special meaning. See `Secrets/Configs` above. To examine baseline image files, one might run `docker run --name=temp -it tier/grouper bash` and browse through these file system endpoints. While the container is running one may copy files out of the image/container using something like `docker cp containerId:/opt/grouper/grouper.api/conf/grouper.properties .`, which will copy the `grouper.properties` to the Docker client's present working directory. These files can then be edited and applied via the mechanisms outlined above. @@ -226,6 +228,11 @@ $ docker run -it --rm \ Note: a less privileged database user maybe used when running the typical Grouper roles. This user need SELECT, INSERT, UPDATE, and DELETE privileges on the schema objects. +# Misc Notes + +- [HTTP Strict Transport Security (HSTS)](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) is enabled on the Apache HTTP Server. +- morphStrings functionality in Grouper is supported. It is recommended that the various morphString files be associated with the containers as Docker Secrets. Set the configuration file properties to use `/var/run/secrets/secretname`. + # License View [license information](TODO) for the software contained in this image.