From 046e3cc3250628d003ab69ea6616f11311b9284b Mon Sep 17 00:00:00 2001
From: Adam W Zheng <adam.w.zheng@icloud.com>
Date: Fri, 5 Jul 2019 15:43:31 -0500
Subject: [PATCH] Log SimpleSAMLphp logs to container logs, partially resolves
 #1

---
 1.17.2/README.md                |  7 ++-----
 1.17.2/install-simplesamlphp.sh | 28 ++++++++++++++++++++--------
 2 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/1.17.2/README.md b/1.17.2/README.md
index 7ec4c06..f900766 100644
--- a/1.17.2/README.md
+++ b/1.17.2/README.md
@@ -72,7 +72,7 @@ This will vary greatly depending on use. A compose file similar to a production
 | /var/simplesamlphp/extra | -- |
 | /var/simplesamlphp/lib | -- |
 | /var/simplesamlphp/locales | Mount for customized user messages and translations. |
-| /var/simplesamlphp/log | If using docker log redirection (not working yet), this cannot be volume mounted. If docker logs write to a file, this should be volume mounted so logs do not grow inside the container. |
+| /var/simplesamlphp/log | If using docker log redirection, this cannot be volume mounted. If docker logs write to a file, this should be volume mounted so logs do not grow inside the container. |
 | /var/simplesamlphp/metadata | Should always be volume mounted, very specific to organization. |
 | /var/simplesamlphp/metadata-templates | -- |
 | /var/simplesamlphp/modules | Can be volume mounted for easier module customization |
@@ -92,7 +92,7 @@ It is recommended to set them properly and not use default values.
 | Variable | Default Value | Description |
 | ------ | ------ | ------ |
 | CONFIG_BASEURLPATH | simplesaml/ | If using SSL behind a proxy enter the base URL here, otherwise IdP metadata will use http://. Format is [(https)://(hostname)[:port]]/[path/to/simplesaml/]. |
-| DOCKER_REDIRECTLOGS | false | Redirect logs written to the log file by SimpleSAMLphp to `/proc/1/fd/1`. This does not work yet due to permissions issues. If someone knows how to resolve this please let me know or contribute a fix to the Git repository. Thanks! |
+| DOCKER_REDIRECTLOGS | false | Redirect logs written to the log file by SimpleSAMLphp to `/dev/console`. Please run with -t as a TTY will need allocated for this to work. |
 | CONFIG_AUTHADMINPASSWORD | SSHA256 hash of '123' | Plain text works as well. Use PWGen to generate a hash for this variable. Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7. |
 | CONFIG_SECRETSALT | defaultsecretsalt | Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7 if help is needed for generating one. |
 | CONFIG_TECHNICALCONTACT_NAME | Administrator | Name of the Admin of Rainy Clouds, 42nd of Their Name, Breaker of Sanity, and ~~Destroyer~~ Protector of the Federation |
@@ -146,6 +146,3 @@ Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this templa
 
 This is being actively maintained and is running in production for several organizations.
 Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired.
-
-### Todos
- - Figure out logging to docker stdio
diff --git a/1.17.2/install-simplesamlphp.sh b/1.17.2/install-simplesamlphp.sh
index 69a3070..9564a7f 100644
--- a/1.17.2/install-simplesamlphp.sh
+++ b/1.17.2/install-simplesamlphp.sh
@@ -62,6 +62,7 @@ POSTFIX_MYDESTINATION=${POSTFIX_MYDESTINATION:=}
 if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then
   echo "[$0] DOCKER_REDIRECTLOGS was set to 'true', so setting CONFIG_LOGGINGHANDLER to 'file'"
   CONFIG_LOGGINGHANDLER=file
+
   if [ "$CONFIG_LOGFILE" != "simplesamlphp.log" ]; then
     echo "[$0] [WARN] DOCKER_REDIRECTLOGS was set to true, but CONFIG_LOGFILE was set away from the default. It makes no sense to do this as logs are redirected to a pipe."
     echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false' and volume mount the logs directory to the host."
@@ -75,15 +76,26 @@ if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then
       echo "[$0] Pausing 5 seconds due to above warning."
       sleep 5
     fi
-  else
-    if [ "$CONFIG_LOGGINGHANDLER" = "file" ]; then
-      echo "[$0] [WARN] CONFIG_LOGGINGHANDLER is set to 'file'  but the log directory is not volume mounted."
-      echo "[$0] [WARN] This will cause the container to grow with a logfile and is in most cases very undesirable."
-      echo "[$0] Pausing 5 seconds due to above warning."
-      sleep 5
-    fi
   fi
-  ln -sf /proc/1/fd/1 /var/simplesamlphp/log/$CONFIG_LOGFILE
+
+  echo "[$0] Check for TTY"
+  if [ ! -e /dev/console ]; then
+    echo "[$0] [WARN] DOCKER_REDIRECTLOGS is set to true but no TTY is available for console."
+    echo "[$0] SimpleSAMLphp logs will NOT redirect. Destroy and re-run with -t to allocate a TTY."
+    echo "[$0] Pausing 5 seconds due to above warning."
+    sleep 5
+  else
+    echo "[$0] Creating symlink $CONFIG_LOGFILE targeting /dev/console to redirect logs"
+    ln -sf /dev/console /var/simplesamlphp/log/$CONFIG_LOGFILE
+    chown nginx:nginx /var/simplesamlphp/log/$CONFIG_LOGFILE
+  fi
+fi
+
+if [ "$CONFIG_LOGGINGHANDLER" = "file" ] && [ ! -z "$(ls -A /var/simplesamlphp/log/)" ] && [ ! -L /var/simplesamlphp/log/$CONFIG_LOGFILE ]; then
+  echo "[$0] [WARN] CONFIG_LOGGINGHANDLER is set to 'file'  but the log directory is not volume mounted."
+  echo "[$0] [WARN] This will cause the container to grow with a logfile and is in most cases very undesirable."
+  echo "[$0] Pausing 5 seconds due to above warning."
+  sleep 5
 fi
 
 #Only set memcache vars if storetype is memcache