Skip to content
Permalink
71280348a8
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
115 lines (88 sloc) 4.14 KB
#
# Building assumes midpoint-dist.tar.gz is present in the current directory.
#
FROM tier/shibboleth_sp:3.0.4_03122019
MAINTAINER info@evolveum.com
RUN rpm --import http://repos.azulsystems.com/RPM-GPG-KEY-azulsystems
RUN curl -o /etc/yum.repos.d/zulu.repo http://repos.azulsystems.com/rhel/zulu.repo
RUN yum -y update
RUN yum -y install \
zulu-11 \
cron \
supervisor \
libcurl \
&& yum clean -y all
RUN rm /etc/shibboleth/sp-signing-key.pem /etc/shibboleth/sp-signing-cert.pem /etc/shibboleth/sp-encrypt-key.pem /etc/shibboleth/sp-encrypt-cert.pem\
&& cd /etc/httpd/conf.d/ \
&& rm -f autoindex.conf ssl.conf userdir.conf welcome.conf
COPY container_files/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
COPY container_files/httpd/conf/* /etc/httpd/conf.d/
COPY container_files/shibboleth/* /etc/shibboleth/
COPY container_files/usr-local-bin/* /usr/local/bin/
COPY container_files/opt-tier/* /opt/tier/
RUN chmod 755 /opt/tier/setenv.sh \
&& chmod 755 /usr/local/bin/sendtierbeacon.sh \
&& chmod 755 /usr/local/bin/setup-cron.sh \
&& chmod 755 /usr/local/bin/setup-timezone.sh \
&& chmod 755 /usr/local/bin/start-midpoint.sh \
&& chmod 755 /usr/local/bin/start-httpd.sh \
&& chmod 755 /usr/local/bin/startup.sh \
&& chmod 755 /usr/local/bin/healthcheck.sh
RUN cp /dev/null /etc/httpd/conf.d/ssl.conf \
&& mv /etc/httpd/conf.d/shib.conf /etc/httpd/conf.d/shib.conf.auth.shibboleth \
&& touch /etc/httpd/conf.d/shib.conf.auth.internal \
&& sed -i 's/LogFormat "/LogFormat "httpd;access_log;%{ENV}e;%{USERTOKEN}e;/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nErrorLogFormat \"httpd;error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i\"" >> /etc/httpd/conf/httpd.conf \
&& sed -i 's/CustomLog "logs\/access_log"/CustomLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
&& sed -i 's/ErrorLog "logs\/error_log"/ErrorLog "\/tmp\/loghttpd"/g' /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv ENV" >> /etc/httpd/conf/httpd.conf \
&& echo -e "\nPassEnv USERTOKEN" >> /etc/httpd/conf/httpd.conf
# Build arguments
ARG MP_VERSION=4.0.1
ARG MP_DIST_FILE=midpoint-dist.tar.gz
ENV MP_DIR /opt/midpoint
RUN mkdir -p ${MP_DIR}/var
COPY ${MP_DIST_FILE} ${MP_DIR}
COPY container_files/mp-dir/ ${MP_DIR}/
RUN echo 'Extracting midPoint archive...' \
&& tar xzf ${MP_DIR}/${MP_DIST_FILE} -C ${MP_DIR} --strip-components=1
# Disabled because of wider compatibility issues (e.g. AWS)
# TODO: consider all the consequences
#VOLUME ${MP_DIR}/var
# Repository parameters
ENV REPO_DATABASE_TYPE mariadb
ENV REPO_JDBC_URL default
ENV REPO_HOST midpoint_data
ENV REPO_PORT default
ENV REPO_DATABASE registry
ENV REPO_USER registry_user
ENV REPO_PASSWORD_FILE /run/secrets/mp_database_password.txt
ENV REPO_MISSING_SCHEMA_ACTION create
ENV REPO_UPGRADEABLE_SCHEMA_ACTION stop
# Logging parameters
ENV ENV demo
ENV USERTOKEN ""
# Authentication/web
ENV AUTHENTICATION internal
ENV SSO_HEADER uid
ENV AJP_ENABLED true
ENV AJP_PORT 9090
ENV LOGOUT_URL https://localhost:8443/Shibboleth.sso/Logout
# Other parameters
ENV MP_KEYSTORE_PASSWORD_FILE /run/secrets/mp_keystore_password.txt
ENV MP_MEM_MAX 2048m
ENV MP_MEM_INIT 1024m
ENV TIMEZONE UTC
ENV TIER_RELEASE not-released-yet
ENV TIER_MAINTAINER tier
# TIER Beacon Opt-out
# Completely uncomment the following ENV line to prevent the containers from sending analytics information to Internet2.
# With the default/release configuration, it will only send product (Shibb/Grouper/COmanage/midPoint) and version (4.0, etc)
# once daily between midnight and 4am. There is no configuration or private information collected or sent.
# This data helps with the scaling and funding of TIER. Please do not disable it if you find the TIER tools useful.
# To keep it commented, keep multiple comments on the following line (to prevent other scripts from processing it).
##### ENV TIER_BEACON_OPT_OUT true
# requires MP_VERSION and TIER_xyz variables so we have to execute it here
RUN /opt/tier/setenv.sh
HEALTHCHECK --interval=1m --timeout=30s --start-period=2m CMD /usr/local/bin/healthcheck.sh
CMD ["/usr/local/bin/startup.sh"]