Skip to content

Commit

Permalink
initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
Paul Caskey authored and Paul Caskey committed May 12, 2017
1 parent bfdfd75 commit 7b6b50b
Show file tree
Hide file tree
Showing 2 changed files with 661 additions and 0 deletions.
99 changes: 99 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
FROM tier/shibboleth_idp

ARG maintainer=tier
ARG imagename=shibboleth_idp
ARG version=3.3.1
ENV VERSION=$version
ENV IMAGENAME=$imagename
ENV MAINTAINER=$maintainer

# ensure the following locations are accurate if you plan to burn your configuration into your containers by uncommenting the relevant section below
# they represent the folder names/paths on your build host of the relevant config material needed to run the container
ARG TOMCFG=config/tomcat
ARG TOMLOG=logs/tomcat
ARG TOMCERT=credentials/tomcat
ARG TOMWWWROOT=wwwroot
ARG SHBCFG=config/shib-idp/conf
ARG SHBCREDS=credentials/shib-idp
ARG SHBVIEWS=config/shib-idp/views
ARG SHBEDWAPP=config/shib-idp/edit-webapp
ARG SHBMSGS=config/shib-idp/messages
ARG SHBMD=config/shib-idp/metadata
ARG SHBLOG=logs/shib-idp



# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage) and version (3.3.1-17040, etc)
# once daily between midnight and 4am. There is no configuration or private information collected or sent.
# This data helps with the scalaing and funding of TIER. Please do not disable it if you find the TIER tools useful.
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT True



# Uncomment the following commands to download the JDK to your Shibboleth IDP image.
# ==> By uncommenting these next 11 lines, you agree to the Oracle Binary Code License Agreement for Java SE (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
ENV JAVA_OPTS=-Xmx3000m -XX:MaxPermSize=256m
ENV JAVA_VERSION 8u131
ENV BUILD_VERSION b11
ENV JAVA_BUNDLE_ID d54c1d3a095b4ff2b6607d096fa80163
ENV JAVA_HOME /usr/java/latest
RUN wget -nv --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/$JAVA_VERSION-$BUILD_VERSION/$JAVA_BUNDLE_ID/jdk-$JAVA_VERSION-linux-x64.rpm" -O /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
yum -y install /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
rm -f /tmp/jdk-$JAVA_VERSION-$BUILD_VERSION-linux-x64.rpm && \
alternatives --install /usr/bin/java jar $JAVA_HOME/bin/java 200000 && \
alternatives --install /usr/bin/javaws javaws $JAVA_HOME/bin/javaws 200000 && \
alternatives --install /usr/bin/javac javac $JAVA_HOME/bin/javac 200000

# Uncomment the following commands to download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
# ==> By uncommenting these next 8 lines, you agree to the Oracle Binary Code License Agreement for Java SE Platform Products (http://www.oracle.com/technetwork/java/javase/terms/license/index.html)
RUN yum -y install unzip \
&& wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" \
http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip \
&& echo "f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59 jce_policy-8.zip" | sha256sum -c - \
&& unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/local_policy.jar -d $JAVA_HOME/jre/lib/security/ \
&& unzip -oj jce_policy-8.zip UnlimitedJCEPolicyJDK8/US_export_policy.jar -d $JAVA_HOME/jre/lib/security/ \
&& rm jce_policy-8.zip \
&& chmod -R 640 $JAVA_HOME/jre/lib/security/


RUN chown -R root:root /opt/shibboleth/shibboleth-identity-provider-$version && \
rm -rf /usr/local/tomcat/webapps/* && \
ANT_OPTS="-Didp.target.dir=/opt/shibboleth/current" /opt/shibboleth/current/bin/build.sh && \
ln -s /opt/shibboleth/current /opt/shibboleth-idp && \
ln -s /opt/shibboleth-idp/war/idp.war $CATALINA_HOME/webapps/idp.war

# for a mounted config
VOLUME ["/usr/local/tomcat/conf", \
"/usr/local/tomcat/webapps/ROOT", \
"/usr/local/tomcat/logs", \
"/opt/certs", \
"/opt/shibboleth/shibboleth-identity-provider-$VERSION/conf", \
"/opt/shibboleth/shibboleth-identity-provider-$VERSION/credentials", \
"/opt/shibboleth/shibboleth-identity-provider-$VERSION/views", \
"/opt/shibboleth/shibboleth-identity-provider-$VERSION/edit-webapp", \
"/opt/shibboleth/shibboleth-identity-provider-$VERSION/messages", \
"/opt/shibboleth/shibboleth-identity-provider-$VERSION/metadata", \
"/opt/shibboleth/shibboleth-identity-provider-$VERSION/logs"]

#
# for a burned config, *uncomment* the COPY lines below and *comment* the lines of the VOLUME command above
#
# consider not doing the volumes below as it creates a run-time dependency and a better solution would be to use syslog from the container
# VOLUME ["/usr/local/tomcat/logs", "/opt/shibboleth-idp/logs"]
#
## COPY ${TOMCFG} /usr/local/tomcat/conf
## COPY ${TOMCERT} /opt/certs
## COPY ${TOMWWWROOT} /usr/local/tomcat/webapps/ROOT
## COPY ${SHBCFG} /opt/shibboleth/shibboleth-identity-provider-$VERSION/conf
## COPY ${SHBCREDS} /opt/shibboleth/shibboleth-identity-provider-$VERSION/credentials
## COPY ${SHBVIEWS} /opt/shibboleth/shibboleth-identity-provider-$VERSION/views
## COPY ${SHBEDWAPP} /opt/shibboleth/shibboleth-identity-provider-$VERSION/edit-webapp
## COPY ${SHBMSGS} /opt/shibboleth/shibboleth-identity-provider-$VERSION/messages
## COPY ${SHBMD} /opt/shibboleth/shibboleth-identity-provider-$VERSION/metadata


EXPOSE 8443

CMD ["/usr/bin/startup.sh"]
Loading

0 comments on commit 7b6b50b

Please sign in to comment.