From 499e884eea7cfdcdc4e715ac8a7fea09f0fdf79e Mon Sep 17 00:00:00 2001
From: Jim Van Fleet <jim.van.fleet@levvel.io>
Date: Fri, 10 Mar 2017 11:56:50 -0500
Subject: [PATCH] Updating for sharing purposes

---
 Dockerfile |  36 +++++++++---------
 README.md  | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 126 insertions(+), 20 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 45986c4..2d48193 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -78,24 +78,24 @@ RUN mkdir -p "$CATALINA_HOME"
 
 # Not having trouble with this locally [JVF]
 # see https://www.apache.org/dist/tomcat/tomcat-8/KEYS
-# RUN set -ex \
-#     && for key in \
-#         05AB33110949707C93A279E3D3EFE6B686867BA6 \
-#         07E48665A34DCAFAE522E5E6266191C37C037D42 \
-#         47309207D818FFD8DCD3F83F1931D684307A10A5 \
-#         541FBE7D8F78B25E055DDEE13C370389288584E7 \
-#         61B832AC2F1C5A90F0F9B00A1C506407564C17A3 \
-#         713DA88BE50911535FE716F5208B0AB1D63011C7 \
-#         79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED \
-#         9BA44C2621385CB966EBA586F72C284D731FABEE \
-#         A27677289986DB50844682F8ACB77FC2E86E29AC \
-#         A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 \
-#         DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 \
-#         F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE \
-#         F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 \
-#     ; do \
-#         gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
-#     done
+RUN set -ex \
+    && for key in \
+        05AB33110949707C93A279E3D3EFE6B686867BA6 \
+        07E48665A34DCAFAE522E5E6266191C37C037D42 \
+        47309207D818FFD8DCD3F83F1931D684307A10A5 \
+        541FBE7D8F78B25E055DDEE13C370389288584E7 \
+        61B832AC2F1C5A90F0F9B00A1C506407564C17A3 \
+        713DA88BE50911535FE716F5208B0AB1D63011C7 \
+        79F7026C690BAA50B92CD8B66A3AD3F4F22C4FED \
+        9BA44C2621385CB966EBA586F72C284D731FABEE \
+        A27677289986DB50844682F8ACB77FC2E86E29AC \
+        A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 \
+        DCFD35E0BF8CA7344752DE8B6FB21E8933C60243 \
+        F3A04C595DB5B6A5F1ECA43E3B7BBB100D811BBE \
+        F7DA48BB64BCB84ECBA7EE6935CD23C10D498E23 \
+    ; do \
+        gpg --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+    done
 
 ENV TOMCAT_MAJOR 8
 ENV TOMCAT_VERSION 8.0.41
diff --git a/README.md b/README.md
index b3ccf75..6418e0e 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,112 @@
-# Shibboleth IdP Standalone
+# Supported tags and respective `Dockerfile` links
+
+_TBD_
+
+# What is Shibboleth IdP?
+
+Shibboleth is among the world's most widely deployed federated identity solutions, connecting users to applications both within and between organizations. Every software component of the Shibboleth system is free and open source.
+
+Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
+
+# How to use this image
+
+Since no two users of Shibboleth IdP are likely to configure it exactly alike, this image does not come with any default configuration.
+
+## Acquire Oracle Java
+
+
+You should visit a page similar to [this one](http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html) at Oracle to download the Oracle JDK.
+
+Select *the Linux x64 RPM* and agree to the Oracle Binary Code License Agreement.  
+
+## Acquire JCE
+
+You should visit a page similar to [this one](http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) at Oracle to download the Oracle Java Crypography Extension policy files.
+
+
+## Create a `Dockerfile`
+
+```dockerfile
+FROM tier/shibboleth_idp:3.3
+COPY jdk-8u121-linux-x64.rpm /tmp/oracle_jdk.rpm
+COPY jce_policy-8.zip /tmp/$oracle_jce_zip
+```
+
+Common additional sample configurations may include:
+
+```
+COPY server.xml /usr/local/tomcat/conf/
+COPY krb5.conf /etc/
+```
+
+
+## Build the container
+
+```console
+$ docker build -t my-shibboleth-idp .
+```
+
+## Test the configuration file
+
+```console
+$ docker run -it --rm --name shibboleth-idp-test-run my-shibboleth-idp /usr/local/tomcat/bin/startup.sh
+```
+
+## Run the container
+
+```console
+$ docker run -d --name my-running-haproxy my-haproxy
+```
+
+You may need to publish the ports your haproxy is listening on to the host by specifying the -p option, for example -p 8080:80 to publish port 8080 from the container host to port 80 in the container. Make sure the port you're using is free.
+
+## Directly via bind mount
+
+```console
+$ docker run -d --name my-running-haproxy -v /path/to/etc/haproxy:/usr/local/etc/haproxy:ro haproxy:1.7
+```
+
+Note that your host's `/path/to/etc/haproxy` folder should be populated with a file named `haproxy.cfg`. If this configuration file refers to any other files within that folder then you should ensure that they also exist (e.g. template files such as `400.http`, `404.http`, and so forth). However, many minimal configurations do not require any supporting files.
+
+### Reloading config
+
+If you used a bind mount for the config and have edited your `haproxy.cfg` file, you can use haproxy's graceful reload feature by sending a `SIGHUP` to the container:
+
+```console
+$ docker kill -s HUP my-running-haproxy
+```
+
+The entrypoint script in the image checks for running the command `haproxy` and replaces it with `haproxy-systemd-wrapper` from haproxy upstream which takes care of signal handling to do the graceful reload. Under the hood this uses the `-sf` option of haproxy so "there are two small windows of a few milliseconds each where it is possible that a few connection failures will be noticed during high loads" (see [Stopping and restarting HAProxy](http://www.haproxy.org/download/1.7/doc/management.txt)).
+
+# Image Variants
+
+The `haproxy` images come in many flavors, each designed for a specific use case.
+
+## `haproxy:<version>`
+
+This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of.
+
+# License
+
+
+# Supported Docker versions
+
+
+
+# User Feedback
+
+## Issues
+
+
+## Contributing
+
+
+## Documentation
+
+
+
+
 
-This version is designed for standalone, native Docker experience that should meet expectations for those who wish to operate Shibboleth IdP as a native Docker service.
 
 ## Before You Build