Update documentation
This commit is contained in:
Adam W Zheng
parent
b45be7c52b
commit
23a8a2f15e
|
|
@ -1,4 +1,4 @@
|
|||
[](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [](https://opensource.org/licenses/MIT)
|
||||
[](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [](https://microbadger.com/images/venatorfox/simplesamlphp:1.17.1 "View layer metadata on MicroBadger") [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [](https://opensource.org/licenses/MIT)
|
||||
|
||||
Supported tags and respective `Dockerfile` links
|
||||
> ~~Depreciated~~ builds are not recommended, as they utilized php56 which is EOL as of the end of 2018.
|
||||
|
|
@ -11,6 +11,8 @@ Supported tags and respective `Dockerfile` links
|
|||
|
||||
### How to use this image
|
||||
|
||||
The following 1 liner will get you up and running with a default configuration.
|
||||
|
||||
Start a `venatorfox/simplesamlphp` instance, expose port 80.
|
||||
|
||||
```console
|
||||
|
|
@ -18,7 +20,8 @@ $ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest
|
|||
```
|
||||
Visit the site at http://localhost, default unconfigured username is "admin" and password is "123".
|
||||
|
||||
See below for available runtime environment variables for a more specific configuration.
|
||||
Of course, running with the default configuration and no volumes is not what is desired.
|
||||
The next sections below will show available runtime environment variables for a more specific configuration.
|
||||
|
||||
> The config.php will be created at run and baked into the SimpleSAMLphp Core Install.
|
||||
> This will allow easy future upgrades, as you can simply destroy the container and bring it up with a new version.
|
||||
|
|
@ -27,10 +30,13 @@ See below for available runtime environment variables for a more specific config
|
|||
> The purpose of this image is to store as much ephemeral data inside the container as possible for easy upgrades.
|
||||
> This is controlled by how you mount docker volumes. Examples are presented below.
|
||||
|
||||
### More Complex Examples
|
||||
Some more complex (ie. with SSL termination, memcache, etc...) setup examples are located in the README.md within the [examples directory].
|
||||
|
||||
### Supported Volume Mount Options for Pre-Seeding
|
||||
|
||||
The following directories will pre-seed if they are mounted.
|
||||
If attempting to mount an subdirectory, it will not pre-seed and therefore must pre-exist.
|
||||
The following directories will pre-seed if they are mounted.
|
||||
Subdirectores will not seed, so data must already exist if volume mounting a subdirectory.
|
||||
|
||||
If the directory is not mounted, it will use its ephemeral counterpart in the container which is ideal, explained below.
|
||||
Note that once a directory is mounted, it will need to be upgraded manually for future SimpleSAMLphp releases if applicable.
|
||||
|
|
@ -57,7 +63,7 @@ This will vary greatly depending on use. A compose file similar to a production
|
|||
| /var/simplesamlphp/bin | Probably should not be volume mounted. |
|
||||
| /var/simplesamlphp/cache | -- |
|
||||
| /var/simplesamlphp/cert | Should always be volume mounted. |
|
||||
| /var/simplesamlphp/config | Should probably not be volume mounted as its mostly configured by docker. |
|
||||
| /var/simplesamlphp/config | Should probably not be volume mounted as it is configured via runtime environment variables. This should stay ephemeral. |
|
||||
| /var/simplesamlphp/config-templates | -- |
|
||||
| /var/simplesamlphp/data | -- |
|
||||
| /var/simplesamlphp/dictionaries | Depreciated as of 1.15.0. Use locales instead. |
|
||||
|
|
@ -135,41 +141,4 @@ Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/iss
|
|||
### Todos
|
||||
- Figure out logging to docker stdio
|
||||
- Add support for mail to be sent during exceptions
|
||||
- Add ability for stats to be sent to docker stdio or to mounted file
|
||||
|
||||
### More Complex/Practical Compose Example, IdP SSL Termination with HAProxy
|
||||
This example will run HAProxy with snakeoil SSL termination for https://localhost.
|
||||
It will also bring up 4 memcached containers, 2 pairs of 2, for phpsession.
|
||||
This is useful for running a SimpleSAMLphp cluster via some orchestration service such as Rancher.
|
||||
|
||||
You will need the `haproxy.cfg` and `docker-compose.yml` files from the Git repository.
|
||||
|
||||
Since SimpleSAMLphp will not care about the webroot, an entry to the hosts file can be added to whatever for testing.
|
||||
Be sure to adjust the HOST environment variable below for whatever localhost self-signed certificate desired.
|
||||
Of course in production use a real CA, like LetsEncrypt.
|
||||
|
||||
This will be more in line with what would be seen in a production environment. (minus the demo 123 password, salt, etc)
|
||||
Note the choices of volume mounts of what to keep ephemeral, and what to keep persistant.
|
||||
The more volumes, the more manual upgrades might be.
|
||||
Check SimpleSAMLphp's upgrade notes to see if updates occured in a specified directory.
|
||||
|
||||
Note that running this compose file will create files in `/opt/docker/volumes/` on your host.
|
||||
You can remove this after toying with the example.
|
||||
|
||||
Run the following two commands:
|
||||
```console
|
||||
mkdir -p /opt/docker/volumes/idp-haproxy/ssl
|
||||
docker run --rm -v /opt/docker/volumes/idp-haproxy/ssl:/ssl -e HOST=localhost -e TYPE=pem project42/selfsignedcert
|
||||
```
|
||||
|
||||
Save the `haproxy.cfg` to `/opt/docker/volumes/idp-haproxy/haproxy.cfg`
|
||||
|
||||
Finally, save the v2 compose file as `docker-compose.yml` somewhere.
|
||||
Run `docker-compose -f docker-compose.yml up` to bring the stack up.
|
||||
After install, visit https://localhost (or whatever URL you chose)
|
||||
Use `docker-compose -f docker-compose.yml down` to destroy containers after playing.
|
||||
|
||||
### Example using systemd
|
||||
This is recommended for production for non-orchestrated installs. These unit files will start containers utilizing, memcached, haproxy, and simplesaml.
|
||||
|
||||
//TODO
|
||||
- Add ability for stats to be sent to docker stdio or to mounted file
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
[](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [](https://opensource.org/licenses/MIT)
|
||||
[](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [](https://microbadger.com/images/venatorfox/simplesamlphp:1.17.1 "View layer metadata on MicroBadger") [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [](https://opensource.org/licenses/MIT)
|
||||
|
||||
### About this Repo
|
||||
|
||||
This is the Git repo for the Docker image [venatorfox/simplesamlphp](https://hub.docker.com/r/venatorfox/simplesamlphp/). Please view the [Docker Hub Page](https://hub.docker.com/r/venatorfox/simplesamlphp/) for the full readme on how to use this Docker image.
|
||||
|
||||
The full readme pushed there is located in the [latest Dockerfile directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/1.17.1).
|
||||
Instructions and how to use images are located at: [latest Dockerfile directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/1.17.1).
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
[](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [](https://opensource.org/licenses/MIT)
|
||||
[](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [](https://microbadger.com/images/venatorfox/simplesamlphp:1.17.1 "View layer metadata on MicroBadger") [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://hub.docker.com/r/venatorfox/simplesamlphp) [](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [](https://opensource.org/licenses/MIT)
|
||||
|
||||
### Examples
|
||||
|
||||
This directory contains some example files in order to run the [venatorfox/simplesamlphp](https://hub.docker.com/r/venatorfox/simplesamlphp/) in a more complex manner. (ie. with SSL termination, HAProxy, etc...) These examples assume this is installed in a non-orchestrated manner on a host.
|
||||
|
|
@ -9,10 +10,51 @@ The following examples are provided here:
|
|||
- HAProxy SSL Termination, Let's Encrypt CA, and common configurations via systemd
|
||||
|
||||
#### Super basic with all the default options
|
||||
// TODO
|
||||
> 1 liner, just to see how SimpleSAMLphp looks.
|
||||
|
||||
#### HAProxy SSL Termination, Let's Encrypt CA, and common configurations via docker-compose
|
||||
// TODO
|
||||
Start a `venatorfox/simplesamlphp` instance, expose port 80.
|
||||
|
||||
```console
|
||||
$ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest
|
||||
```
|
||||
Visit the site at http://localhost, default unconfigured username is "admin" and password is "123".
|
||||
|
||||
#### HAProxy SSL Termination, and common configurations via docker-compose
|
||||
> This is recommended for testing. Compose is not recommended for production.
|
||||
|
||||
This example will run HAProxy with snakeoil SSL termination for https://localhost.
|
||||
It will also bring up 4 memcached containers, 2 pairs of 2, for session.
|
||||
This is useful for running multiple SimpleSAMLphp instances for session sharing.
|
||||
|
||||
You will need the `haproxy.cfg` and `docker-compose.yml` files from the examples directory.
|
||||
|
||||
Since SimpleSAMLphp will not care about the webroot, an entry to the hosts file can be added to whatever for testing. HAProxy will handle SSL.
|
||||
Be sure to adjust the HOST environment variable below for whatever localhost self-signed certificate desired.
|
||||
Of course in production use a real CA, like LetsEncrypt.
|
||||
|
||||
This will be more in line with what would be seen in a production environment. (minus the demo 123 password, salt, etc)
|
||||
Note the choices of volume mounts of what to keep ephemeral, and what to keep persistant.
|
||||
The more volumes, the more manual labor will need to happen when upgrades occur.
|
||||
Check SimpleSAMLphp's upgrade notes to see if updates occured in a specified directory.
|
||||
|
||||
Note that running this compose file will create files in `/srv/docker/volumes/` on your host.
|
||||
You can remove this after toying with the example.
|
||||
|
||||
Run the following two commands to generate a self-signed SSL certificate:
|
||||
```console
|
||||
mkdir -p /srv/docker/volumes/some-haproxy/ssl
|
||||
docker run --rm -v /srv/docker/volumes/some-haproxy/ssl:/ssl -e HOST=localhost -e TYPE=pem project42/selfsignedcert
|
||||
```
|
||||
|
||||
Save the `haproxy.cfg` to `/srv/docker/volumes/some-haproxy/haproxy.cfg`
|
||||
|
||||
Compose version in this example is v3.5
|
||||
Run `docker-compose -f docker-compose.yml up` to bring the stack up with your variables.
|
||||
After install, visit https://localhost.
|
||||
Use `docker-compose -f docker-compose.yml down` to destroy all containers.
|
||||
|
||||
#### HAProxy SSL Termination, Let's Encrypt CA, and common configurations via systemd
|
||||
// TODO
|
||||
> This is recommended for production for non-orchestrated installs. These unit files will start containers utilizing, memcached, haproxy, and simplesaml
|
||||
|
||||
//TODO
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue