Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
midPoint_container/Dockerfile
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
115 lines (88 sloc)
4.14 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Building assumes midpoint-dist.tar.gz is present in the current directory. | |
# | |
FROM tier/shibboleth_sp:3.0.4_03122019 | |
MAINTAINER info@evolveum.com | |
RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems | |
RUN curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo | |
RUN yum -y update | |
RUN yum -y install \ | |
zulu-11 \ | |
cron \ | |
supervisor \ | |
libcurl \ | |
&& yum clean -y all | |
RUN rm /etc/shibboleth/sp-signing-key.pem /etc/shibboleth/sp-signing-cert.pem /etc/shibboleth/sp-encrypt-key.pem /etc/shibboleth/sp-encrypt-cert.pem\ | |
&& cd /etc/httpd/conf.d/ \ | |
&& rm -f autoindex.conf ssl.conf userdir.conf welcome.conf | |
COPY container_files/supervisor/supervisord.conf /etc/supervisor/supervisord.conf | |
COPY container_files/httpd/conf/* /etc/httpd/conf.d/ | |
COPY container_files/shibboleth/* /etc/shibboleth/ | |
COPY container_files/usr-local-bin/* /usr/local/bin/ | |
COPY container_files/opt-tier/* /opt/tier/ | |
RUN chmod 755 /opt/tier/setenv.sh \ | |
&& chmod 755 /usr/local/bin/sendtierbeacon.sh \ | |
&& chmod 755 /usr/local/bin/setup-cron.sh \ | |
&& chmod 755 /usr/local/bin/setup-timezone.sh \ | |
&& chmod 755 /usr/local/bin/start-midpoint.sh \ | |
&& chmod 755 /usr/local/bin/start-httpd.sh \ | |
&& chmod 755 /usr/local/bin/startup.sh \ | |
&& chmod 755 /usr/local/bin/healthcheck.sh | |
RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \ | |
&& mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.auth.shibboleth \ | |
&& touch /etc/httpd/conf.d/shib.conf.auth.internal \ | |
&& sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \ | |
&& echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \ | |
&& sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \ | |
&& sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \ | |
&& echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \ | |
&& echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf | |
# Build arguments | |
ARG MP_VERSION=4.0.1 | |
ARG MP_DIST_FILE=midpoint-dist.tar.gz | |
ENV MP_DIR /opt/midpoint | |
RUN mkdir -p ${MP_DIR}/var | |
COPY ${MP_DIST_FILE} ${MP_DIR} | |
COPY container_files/mp-dir/ ${MP_DIR}/ | |
RUN echo 'Extracting midPoint archive...' \ | |
&& tar xzf ${MP_DIR}/${MP_DIST_FILE} -C ${MP_DIR} --strip-components=1 | |
# Disabled because of wider compatibility issues (e.g. AWS) | |
# TODO: consider all the consequences | |
#VOLUME ${MP_DIR}/var | |
# Repository parameters | |
ENV REPO_DATABASE_TYPE mariadb | |
ENV REPO_JDBC_URL default | |
ENV REPO_HOST midpoint_data | |
ENV REPO_PORT default | |
ENV REPO_DATABASE registry | |
ENV REPO_USER registry_user | |
ENV REPO_PASSWORD_FILE /run/secrets/mp_database_password.txt | |
ENV REPO_MISSING_SCHEMA_ACTION create | |
ENV REPO_UPGRADEABLE_SCHEMA_ACTION stop | |
# Logging parameters | |
ENV ENV demo | |
ENV USERTOKEN "" | |
# Authentication/web | |
ENV AUTHENTICATION internal | |
ENV SSO_HEADER uid | |
ENV AJP_ENABLED true | |
ENV AJP_PORT 9090 | |
ENV LOGOUT_URL https://localhost:8443/Shibboleth.sso/Logout | |
# Other parameters | |
ENV MP_KEYSTORE_PASSWORD_FILE /run/secrets/mp_keystore_password.txt | |
ENV MP_MEM_MAX 2048m | |
ENV MP_MEM_INIT 1024m | |
ENV TIMEZONE UTC | |
ENV TIER_RELEASE not-released-yet | |
ENV TIER_MAINTAINER tier | |
# TIER Beacon Opt-out | |
# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2. | |
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage/midPoint) and version (4.0, etc) | |
# once daily between midnight and 4am. There is no configuration or private information collected or sent. | |
# This data helps with the scaling and funding of TIER. Please do not disable it if you find the TIER tools useful. | |
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it). | |
##### ENV TIER_BEACON_OPT_OUT true | |
# requires MP_VERSION and TIER_xyz variables so we have to execute it here | |
RUN /opt/tier/setenv.sh | |
HEALTHCHECK --interval=1m --timeout=30s --start-period=2m CMD /usr/local/bin/healthcheck.sh | |
CMD ["/usr/local/bin/startup.sh"] |