update webproxy, directory, wordpress_server

Workbench/comanage/Dockerfile

@@ -1,5 +1,4 @@
 FROM i2incommon/comanage-registry:4.3.2-20231211
-#FROM i2incommon/comanage-registry:4.1.0-20230117
 
 ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson
 ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson

Workbench/comanage_cron/Dockerfile

@@ -1,5 +1,4 @@
 FROM i2incommon/comanage-registry-cron:4.3.2-20231211
-#FROM i2incommon/comanage-registry-cron:4.1.0-20230117
 
 ENV COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Anderson
 ENV COMANAGE_REGISTRY_ADMIN_USERNAME=banderson

Workbench/directory/Dockerfile

@@ -1,18 +1,19 @@
-FROM centos:centos7
+FROM rockylinux:8.9
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>"
 
-RUN yum install -y epel-release yum-utils \
+RUN dnf module enable -y php:7.4
+RUN yum install -y epel-release \
     && yum update -y \
-    && yum install -y 389-ds-base phpMyAdmin phpldapadmin mod_ssl net-tools wget \
+    && yum install -y phpldapadmin mod_ssl net-tools wget epel-release yum-utils php php-common php-opcache php-cli php-gd mod_php php-pgsql php-curl php-zip php-mbstring \
     && yum clean all \
     && rm -rf /var/cache/yum
-
-RUN yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm && yum-config-manager --enable remi-php73
-
-RUN yum -y install php php-common php-opcache php-mcrypt php-cli php-gd php-curl mod_php php-pgsql
-
-#wget https://github.com/phppgadmin/phppgadmin/releases/download/REL_7-13-0/phpPgAdmin-7.13.0.tar.gz
+RUN yum module enable -y 389-ds:1.4
+RUN yum install -y 389-ds-base 389-ds-base-devel 389-ds-base-legacy-tools
+RUN yum install --allowerasing -y curl-full libcurl-full
+RUN rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-8.rpm
+RUN yum --enablerepo=remi,remi-test  install -y phpMyAdmin
+RUN yum install -y php71-php-mcrypt
 
 RUN wget https://github.com/phppgadmin/phppgadmin/archive/refs/tags/REL_7-13-0.tar.gz \
     && tar -xvf REL_7-13-0.tar.gz && mv phppgadmin-REL_7-13-0/ /usr/share/phpPgAdmin/ \
@@ -38,8 +39,15 @@ RUN useradd ldapadmin \
     && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
     ldapadd -H ldap:/// -f /seed-data/data.ldif -x -D "cn=Directory Manager" -w password \
     && ldapmodify -H ldap:/// -f /seed-data/incwbperson-obj.ldif -x -D "cn=Directory Manager" -w password \
-	&& ldapmodify -H ldap:/// -f /seed-data/edumember-obj.ldif -x -D "cn=Directory Manager" -w password
+    && ldapmodify -H ldap:/// -f /seed-data/edumember-obj.ldif -x -D "cn=Directory Manager" -w password \
+    && ldapmodify -H ldap:/// -f /seed-data/ldappublickey-obj.ldif -x -D "cn=Directory Manager" -w password \
+    && ldapmodify -H ldap:/// -f /seed-data/voperson-obj.ldif -x -D "cn=Directory Manager" -w password \
+    && ldapmodify -H ldap:/// -f /seed-data/voposixaccount-obj.ldif -x -D "cn=Directory Manager" -w password
+
+RUN openssl req -new -nodes -newkey rsa:2048 -subj "/commonName=localhost.localdomain" -batch -keyout /etc/pki/tls/private/localhost.key -out localhost.csr
+RUN openssl x509 -req -days 1825 -in localhost.csr -signkey /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt
+RUN mkdir -p /run/php-fpm/
 
 EXPOSE 389 443
 
-CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && httpd -DFOREGROUND && sleep infinity
+CMD rm -rf /var/lock/dirsrv/slapd-dir/server/* && /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-dir && php-fpm -D && httpd -DFOREGROUND && sleep infinity

Workbench/directory/container_files/seed-data/ldappublickey-obj.ldif

@@ -0,0 +1,29 @@
+#
+# ldapPublicKey Objectclass
+#
+#
+# ldapPublicKey attribute
+#
+dn: cn=schema
+changetype: modify
+#
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 
+ NAME 'sshPublicKey' 
+ DESC 'MANDATORY: OpenSSH Public key' 
+ EQUALITY octetStringMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+-
+#
+add: objectclasses
+objectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 
+ NAME 'ldapPublicKey' 
+ DESC 'MANDATORY: OpenSSH LPK objectclass' 
+ SUP top 
+ AUXILIARY 
+ MUST ( sshPublicKey $ uid ) 
+ )
+#
+# end of LDIF
+#
+

Workbench/directory/container_files/seed-data/voperson-obj.ldif

@@ -0,0 +1,113 @@
+#
+# voPerson Objectclass
+#
+#
+# "voPerson" attributes
+#
+objectIdentifier: voPersonRoot 1.3.6.1.4.1.25178.4
+objectIdentifier: voPersonObjectClass voPersonRoot:1
+dn: cn=schema
+changetype: modify
+#
+add: attributetypes
+attributeTypes: ( voPersonObjectClass:10 
+ NAME 'voPersonAffiliation' 
+ DESC 'voPerson Affiliation Within Local Scope' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:13 
+ NAME 'voPersonApplicationPassword' 
+ DESC 'voPerson Application-Specific Password' 
+ EQUALITY octetStringMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) 
+attributeTypes: ( voPersonObjectClass:1 
+ NAME 'voPersonApplicationUID' 
+ DESC 'voPerson Application-Specific User Identifier' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:2 
+ NAME 'voPersonAuthorName' 
+ DESC 'voPerson Author Name' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:3 
+ NAME 'voPersonCertificateDN' 
+ DESC 'voPerson Certificate Distinguished Name' 
+ EQUALITY distinguishedNameMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+attributeTypes: ( voPersonObjectClass:4 
+ NAME 'voPersonCertificateIssuerDN' 
+ DESC 'voPerson Certificate Issuer DN' 
+ EQUALITY distinguishedNameMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+attributeTypes: ( voPersonObjectClass:11 
+ NAME 'voPersonExternalAffiliation' 
+ DESC 'voPerson Scoped External Affiliation' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:5 
+ NAME 'voPersonExternalID' 
+ DESC 'voPerson Scoped External Identifier' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:6 
+ NAME 'voPersonID' 
+ DESC 'voPerson Unique Identifier' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:7 
+ NAME 'voPersonPolicyAgreement' 
+ DESC 'voPerson Policy Agreement Indicator' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:12 
+ NAME 'voPersonScopedAffiliation' 
+ DESC 'voPerson Affiliation With Explicit Local Scope' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:8 
+ NAME 'voPersonSoRID' 
+ DESC 'voPerson External Identifier' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:9 
+ NAME 'voPersonStatus' 
+ DESC 'voPerson Status' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:15 
+ NAME 'voPersonToken' 
+ DESC 'voPerson Token' 
+ EQUALITY caseExactMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPersonObjectClass:14 
+ NAME 'voPersonVerifiedEmail' 
+ DESC 'voPerson Verified Email Address' 
+ EQUALITY caseIgnoreMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+-
+#
+add: objectclasses
+objectClasses: ( voPersonObjectClass 
+ NAME 'voPerson' 
+ AUXILIARY 
+ MAY ( voPersonAffiliation $ 
+  voPersonApplicationPassword $ 
+  voPersonApplicationUID $ 
+  voPersonAuthorName $ 
+  voPersonCertificateDN $ 
+  voPersonCertificateIssuerDN $ 
+  voPersonExternalAffiliation $ 
+  voPersonExternalID $ 
+  voPersonID $ 
+  voPersonPolicyAgreement $ 
+  voPersonScopedAffiliation $ 
+  voPersonSoRID $ 
+  voPersonStatus $ 
+  voPersonToken $ 
+  voPersonVerifiedEmail ) 
+ )
+#
+# end of LDIF
+#
+

Workbench/directory/container_files/seed-data/voposixaccount-obj.ldif

@@ -0,0 +1,63 @@
+#
+# voPosixAccount Objectclass
+#
+#
+# "voPosixAccount" attributes
+#
+objectIdentifier: voPersonRoot 1.3.6.1.4.1.25178.4
+objectIdentifier: voPosixAccountObjectClass voPersonRoot:2
+objectIdentifier: voPosixGroupObjectClass voPersonRoot:3
+dn: cn=schema
+changetype: modify
+#
+add: attributetypes
+attributeTypes: ( voPosixAccountObjectClass:1 
+ NAME 'voPosixAccountGecos' 
+ DESC 'voPerson domain specific GECOS field' 
+ EQUALITY caseIgnoreMatch 
+ SUBSTR caseIgnoreSubstringsMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPosixAccountObjectClass:2 
+ NAME 'voPosixAccountGidNumber' 
+ DESC 'voPerson domain specific primary group identifier' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 
+attributeTypes: ( voPosixAccountObjectClass:3 
+ NAME 'voPosixAccountHomeDirectory' 
+ DESC 'voPerson domain specific absolute path to the home directory' 
+ EQUALITY caseExactMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPosixAccountObjectClass:4 
+ NAME 'voPosixAccountLoginShell' 
+ DESC 'voPerson domain specific path to the login shell' 
+ EQUALITY caseExactMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 
+attributeTypes: ( voPosixAccountObjectClass:5 
+ NAME 'voPosixAccountUidNumber' 
+ DESC 'voPerson domain specific unique user identifier' 
+ EQUALITY integerMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 
+-
+#
+add: objectclasses
+objectClasses: ( voPosixAccountObjectClass 
+ NAME 'voPosixAccount' 
+ AUXILIARY 
+ MUST ( cn $ 
+  uid $ 
+  voPosixAccountUidNumber $ 
+  voPosixAccountGidNumber $ 
+  voPosixAccountHomeDirectory ) 
+ MAY ( voPosixAccountLoginShell $ 
+  voPosixAccountGecos ) 
+ )
+objectClasses: ( voPosixGroupObjectClass 
+ NAME 'voPosixGroup' 
+ AUXILIARY 
+ MUST ( cn $ voPosixAccountGidNumber ) 
+ MAY ( memberUid ) 
+ )
+#
+# end of LDIF
+#
+

Workbench/docker-compose.yml

@@ -482,7 +482,7 @@ services:
       - net
     depends_on:
       - wordpress_data
-    command: bash -c 'if [ ! -s /var/www/html/wp-config.php ];  then while ! nc -z  wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="https://localhost/" --title="wordpress" --admin_user="banderson" --admin_password="password" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp  rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/wp plugin install jwt-authentication-for-wp-rest-api  --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root && /root/sed.sh; fi; /usr/local/bin/startup.sh;'
+    command: bash -c 'if [ ! -s /var/www/html/wp-config.php ];  then while ! nc -z  wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="https://localhost/" --title="wordpress" --admin_user="banderson" --admin_password="password" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp  rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/wp plugin install jwt-authentication-for-wp-rest-api  --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root && /root/sed.sh; fi; php-fpm -D; /usr/local/bin/startup.sh;'
     ports:
       - "80:80"
       - "12443:443"
@@ -592,6 +592,8 @@ services:
     volumes:
      - ad_samba_data:/var/lib/samba
      - ad_samba_cfg:/etc/samba/external
+    expose:
+      - 445
     ports:
       - 53:53
       - 53:53/udp
@@ -602,7 +604,6 @@ services:
       - 139:139
       - 389:389
       - 389:389/udp
-      - 445:445
       - 464:464
       - 464:464/udp
       - 636:636

Workbench/webproxy/Dockerfile

@@ -1,13 +1,14 @@
-FROM tier/shibboleth_sp:latest
+FROM i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch
 
 ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME
 
-RUN yum -y install cronie php composer php-bcmath jq
-RUN composer require php-amqplib/php-amqplib
-RUN composer install
-RUN mkdir -p /var/www/html/refresh
+RUN yum -y install cronie php php-json wget php-bcmath jq yum-utils
 
+RUN wget https://getcomposer.org/installer -O composer-installer.php
+RUN php composer-installer.php --filename=composer --install-dir=/usr/local/bin
+RUN composer require php-amqplib/php-amqplib && composer install
+RUN mkdir -p /var/www/html/refresh
 
 COPY container_files/httpd/refresh/index.php /var/www/html/refresh/
 COPY container_files/httpd/proxy.conf /etc/httpd/conf.d/
@@ -28,20 +29,11 @@ COPY container_files/system/setservername.sh /usr/local/bin/
 RUN chmod 755 /usr/local/bin/setservername.sh
 
 RUN mkdir -p /signalreload
-
 RUN mkdir -p /mdload
 COPY container_files/system/startWithMDLoad.sh /usr/local/bin/
 COPY container_files/mdload/ /mdload/
 RUN chmod 755 /usr/local/bin/startWithMDLoad.sh && chmod 755 /mdload/*.sh
 
-#install updated curl (for --data-raw)
-# see http://www.city-fan.org/ftp/contrib/yum-repo/ for more info and for correct version numbers
-#RUN rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/rhel7/x86_64/city-fan.org-release-3-10.rhel7.noarch.rpm
-RUN rpm -Uvh https://mirror.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-3-11.rhel7.noarch.rpm
-RUN yum-config-manager --enable city-fan.org
-RUN yum update curl -y
-
-
 # fix httpd logging for ssl logs
 RUN sed -i 's/TransferLog logs\/ssl_access_log/TransferLog \/tmp\/logpipe/g' /etc/httpd/conf.d/ssl.conf \
     && sed -i 's/ErrorLog logs\/ssl_error_log/ErrorLog \/tmp\/logpipe/g' /etc/httpd/conf.d/ssl.conf

Workbench/wordpress_server/Dockerfile

@@ -1,31 +1,25 @@
-FROM tier/shibboleth_sp:latest
+FROM i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch
 
 VOLUME /var/www/html
 
-#RUN mkdir /opt/tier/.wp-cli
-RUN mkdir /tmp/rpm
-#COPY container_files/wordpress/000-default.conf /etc/apache2/sites-available/
 COPY container_files/wordpress/sed.sh /root
 COPY container_files/wordpress/config-shibb.sql /root
 COPY container_files/wordpress/wp /root
 COPY container_files/wordpress/config.yml /root/.wp-cli
 COPY container_files/wordpress/wp-cli.yml /var/www/html
 COPY container_files/shibboleth/* /etc/shibboleth/
-COPY container_files/rpm/* /tmp/rpm/
 COPY container_files/system/setservername.sh /usr/local/bin/
 RUN chmod +x /root/wp
+RUN dnf module enable -y php:7.4
 RUN yum update -y 
-#RUN yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm \
-#    && yum install yum-utils \
-#    && yum-config-manager --enable remi-php72 \
-RUN yum install -y /tmp/rpm/*
-RUN yum install -y mariadb wget postfix nc
+RUN yum install -y php php-cli php-common php-gd php-curl php-json php-mysqlnd php-pdo php-zip php-mbstring libwebp mariadb wget postfix nc
+RUN rpm -Uvh https://rpms.remirepo.net/enterprise/remi-release-8.rpm
+RUN yum --enablerepo=remi,remi-test  install -y gd3php gd3php-devel php74-php-sodium
+
 RUN echo 'date.timezone="UTC"' >> /etc/php.ini
 
-RUN cat /etc/resolv.conf
 WORKDIR /var/www/html
 
-#RUN ln -sf /run/secrets/shib_sp-key.pem /etc/shibboleth/sp-key.pem
 RUN chown -R apache:apache /var/www/html
 COPY container_files/system/setservername.sh /usr/local/bin/
 RUN chmod 755 /usr/local/bin/setservername.sh #&& rm -f /etc/httpd/conf.d/ssl.conf
@@ -35,7 +29,7 @@ ARG CSPHOSTNAME=localhost
 ENV CSPHOSTNAME=$CSPHOSTNAME
 
 RUN /usr/local/bin/setservername.sh
-
+RUN mkdir -p /run/php-fpm/
 
 ENV LD_LIBRARY_PATH=/opt/shibboleth/lib64