From 5d2f4c41d801c9f9a9111ab71de4f41b9a35dded Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 10:08:57 -0500 Subject: [PATCH 01/17] Remove legacy container builds based on php56 --- 1.14.15/Dockerfile | 65 ----- 1.14.15/README.md | 294 -------------------- 1.14.15/docker-compose.yml | 79 ------ 1.14.15/install-simplesamlphp.sh | 280 ------------------- 1.14.16/Dockerfile | 55 ---- 1.14.16/README.md | 294 -------------------- 1.14.16/docker-compose.yml | 79 ------ 1.14.16/install-simplesamlphp.sh | 280 ------------------- 1.14.17/Dockerfile | 55 ---- 1.14.17/README.md | 161 ----------- 1.14.17/docker-compose.yml | 78 ------ 1.14.17/install-simplesamlphp.sh | 280 ------------------- 1.15.0/haproxy.cfg | 49 ---- {1.15.0 => 1.17.1}/Dockerfile | 2 +- {1.15.0 => 1.17.1}/README.md | 0 {1.15.0 => 1.17.1}/docker-compose.yml | 0 {1.14.17 => 1.17.1}/haproxy.cfg | 0 {1.15.0 => 1.17.1}/install-simplesamlphp.sh | 0 latest | 2 +- 19 files changed, 2 insertions(+), 2051 deletions(-) delete mode 100644 1.14.15/Dockerfile delete mode 100644 1.14.15/README.md delete mode 100644 1.14.15/docker-compose.yml delete mode 100644 1.14.15/install-simplesamlphp.sh delete mode 100644 1.14.16/Dockerfile delete mode 100644 1.14.16/README.md delete mode 100644 1.14.16/docker-compose.yml delete mode 100644 1.14.16/install-simplesamlphp.sh delete mode 100644 1.14.17/Dockerfile delete mode 100644 1.14.17/README.md delete mode 100644 1.14.17/docker-compose.yml delete mode 100644 1.14.17/install-simplesamlphp.sh delete mode 100644 1.15.0/haproxy.cfg rename {1.15.0 => 1.17.1}/Dockerfile (99%) rename {1.15.0 => 1.17.1}/README.md (100%) rename {1.15.0 => 1.17.1}/docker-compose.yml (100%) rename {1.14.17 => 1.17.1}/haproxy.cfg (100%) rename {1.15.0 => 1.17.1}/install-simplesamlphp.sh (100%) diff --git a/1.14.15/Dockerfile b/1.14.15/Dockerfile deleted file mode 100644 index 4719dc8..0000000 --- a/1.14.15/Dockerfile +++ /dev/null @@ -1,65 +0,0 @@ -FROM centos:7 -MAINTAINER Adam Zheng adam.w.zheng@icloud.com - -ENV S6_RELEASE 1.19.1.1 -ENV SIMPLESAMLPHP_RELEASE 1.14.15 - -#Add S6 Overlay (Build via Docker 1.12) -ADD https://github.com/just-containers/s6-overlay/releases/download/v$S6_RELEASE/s6-overlay-amd64.tar.gz /tmp/ -RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \ - && tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin - -#Add S6 Overlay (Build via Docker CE 17) -#ADD https://github.com/just-containers/s6-overlay/releases/download/v$S6_RELEASE/s6-overlay-amd64.tar.gz /tmp/ -#RUN mv /tmp/bin/* /usr/bin/ \ -# && mv /tmp/etc/* /etc/ \ -# && mv /tmp/init / \ -# && mv /tmp/libexec/ / \ -# && rm -v /tmp/usr/bin/execlineb \ -# && mv /tmp/usr/bin/* /usr/bin/ \ -# && rm -rfv /tmp/* - -#Install SimpleSAMLphp Requirements -RUN yum -y install epel-release -RUN rpm -Uvh https://centos7.iuscommunity.org/ius-release.rpm -RUN echo -e '[nginx]\nname=nginx repo\nbaseurl=http://nginx.org/packages/centos/7/$basearch/\ngpgcheck=0\nenabled=1' > /etc/yum.repos.d/nginx.repo -RUN yum -y install nginx php56u-fpm php56u-fpm-nginx php56u-dom php56u-mbstring php56u-mcrypt php56u-pdo php56u-pecl-memcache php56u-ldap sendmail -RUN sed -i 's/user = apache/user = nginx/' /etc/php-fpm.d/www.conf \ - && sed -i 's/group = apache/group = nginx/' /etc/php-fpm.d/www.conf - -#Configure webserver -RUN echo -e 'server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name _;\n root /var/simplesamlphp/www/;\n index index.php;\n\n location /simplesaml {\n alias /var/simplesamlphp/www/;\n location ~ ^(?/simplesaml)(?.+?.php)(?/.*)?$ {\n include fastcgi_params;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_split_path_info ^(.+?.php)(/.+)$;\n fastcgi_param SCRIPT_FILENAME $document_root$phpfile;\n fastcgi_param PATH_INFO $pathinfo if_not_empty;\n }\n }\n\n location ~ .php$ {\n fastcgi_split_path_info ^(.+.php)(/.+)$;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n include fastcgi_params;\n add_header Cache-control no-cache;\n }\n}' > /etc/nginx/conf.d/default.conf \ - && mkdir -p /var/lib/php/session/ \ - && chown -Rv nginx:nginx /var/lib/php/session/ - -#Download SimpleSAMLphp, Archive must remain present for seeding post install. -RUN curl -Lo /var/simplesamlphp.tar.gz https://github.com/simplesamlphp/simplesamlphp/releases/download/v$SIMPLESAMLPHP_RELEASE/simplesamlphp-$SIMPLESAMLPHP_RELEASE.tar.gz \ - && tar xzf /var/simplesamlphp.tar.gz --directory /var \ - && mv /var/simplesamlphp-* /var/simplesamlphp \ - && touch /var/simplesamlphp/cert/breadcrumb \ - && touch /var/simplesamlphp/log/breadcrumb - -#Redirect NGINX Logs -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -#Add Service NGINX to be Monitored by S6 -RUN mkdir -p /etc/services.d/nginx/ \ - && touch /etc/services.d/nginx/run \ - && echo '#!/usr/bin/execlineb -P' > /etc/services.d/nginx/run \ - && echo 'nginx -g "daemon off;"' >> /etc/services.d/nginx/run - -#Add Service PHP-FPM to be Monitored by S6 -RUN mkdir -p /etc/services.d/php-fpm/ \ - && touch /etc/services.d/php-fpm/run \ - && echo '#!/usr/bin/execlineb -P' > /etc/services.d/php-fpm/run \ - && echo '/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \ - && sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/php-fpm.conf - -#Copy the SimpleSAMLphp CLI Install Script into the Container to be executed on startup -COPY install-simplesamlphp.sh /etc/cont-init.d/ -RUN chmod u+x /etc/cont-init.d/install-simplesamlphp.sh - -RUN yum -y update && yum clean all && > /var/log/yum.log - -ENTRYPOINT ["/init"] diff --git a/1.14.15/README.md b/1.14.15/README.md deleted file mode 100644 index f685172..0000000 --- a/1.14.15/README.md +++ /dev/null @@ -1,294 +0,0 @@ -[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.14.15.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.14.15 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.14.15.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.14.15 "Get your own image badge on microbadger.com") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -### Supported tags and respective `Dockerfile` links - -- [`1.14.15`, `latest` (*1.14.15/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.15/Dockerfile) - -### How to use this image - -Useless Simple Example: To startup an unconfigured local install with default values, no ssl: - -Start a `venatorfox/simplesamlphp` instance, expose port 80. - -```console -$ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest -``` -Visit the site at http://localhost, default unconfigured username is "admin" and password is "123". #superSecure - -See below for available runtime environment variables for a more specific configuration. - -> The config.php will be created at run and baked into the SimpleSAMLphp Core Install. -> This will allow easy future upgrades, as you can simply destroy the container and bring it up with a new version. -> The docker environment variables configured at runtime will be applied to the default config, pulled from SimpleSAMLphp. - -> The purpose of this image is to store as much ephemeral data inside the container as possible for easy upgrades. -> This is controlled by how you mount docker volumes. Examples are presented below. - -### Supported Volume Mount Options for Pre-Seeding - -The following directories will pre-seed if they are mounted. -If attempting to mount an subdirectory, it will not pre-seed and therefore must pre-exist. - -If the directory is not mounted, it will use its ephemeral counterpart in the container which is ideal, explained below. -Note that once a directory is mounted, it will need to be upgraded manually for future SimpleSAMLphp releases if applicable. -If a mounted directory disappears from the host, it will pre-seed again with defaults from the SimpleSAMLphp install on restart. -If reverting to a default directory is desired, remove the host directory and adjust the docker run command to exclude the mount. - -Some directories will probably never need manually updated as SimpleSAMLphp will not update them in new versions. -`/cert` and `/metadata` are examples of directories that should always be volume mounted, as it contains data that must persist, is very organization specific, and will probably never or rarely be changed by SimpleSAMLphp releases. - -Something like `/bin` should never be volume mounted unless it's for development purposes, as it will likley be upgraded by SimpleSAMLphp in new versions. - -Be sure to check new SimpleSAMLphp releases to see if manual upgrades need done to a directory that was mounted. -Check [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install) installation section 5 for specifics. - -Individual files can also be mounted, but will not pre-seed content. It must pre-exist before starting the container. -Mounting the `authsources.php` file is a good example, as `/config` will probably not be mounted. -Another example, if using composer, the `composer.json` and `composer.lock` files will need mounted. - -This will vary greatly depending on use. A compose file similar to a production instance as is at the end of this README. - -| Directory | Opinion | -| ------ | ------ | -| /var/simplesamlphp/attributemap | -- | -| /var/simplesamlphp/bin | Probably should not be volume mounted. | -| /var/simplesamlphp/cert | Should always be volume mounted. | -| /var/simplesamlphp/config | Should probably not be volume mounted as its mostly configured by docker. | -| /var/simplesamlphp/config-templates | -- | -| /var/simplesamlphp/dictionaries | Can be mounted for customized user messages. | -| /var/simplesamlphp/docs | -- | -| /var/simplesamlphp/extra | -- | -| /var/simplesamlphp/lib | -- | -| /var/simplesamlphp/log | If using docker log redirection (not working yet), this cannot be volume mounted. If docker logs write to a file, this should be volume mounted so logs do not grow inside the container. | -| /var/simplesamlphp/metadata | Should always be volume mounted, very specific to organization. | -| /var/simplesamlphp/metadata-templates | -- | -| /var/simplesamlphp/modules | Can be volume mounted for easier module customization | -| /var/simplesamlphp/schemas | -- | -| /var/simplesamlphp/templates | -- | -| /var/simplesamlphp/tests | -- | -| /var/simplesamlphp/tools | -- | -| /var/simplesamlphp/vendor | -- | -| /var/simplesamlphp/www | Can be volume mounted for easier www customization | - -### Runtime Environment Variables - -The following variables can be overridden at run or in docker-compose. -It is recommended to set them properly and not use default values. -(Unless you want an authentication service with no SSL, with your admin password being 123 (Can you not, kthx)). - -| Variable | Default Value | Description | -| ------ | ------ | ------ | -| CONFIG_BASEURLPATH | simplesaml/ | If using SSL behind a proxy enter the base URL here, otherwise IdP metadata will use http://. Format is [(https)://(hostname)[:port]]/[path/to/simplesaml/]. | -| DOCKER_REDIRECTLOGS | false | Redirect logs written to the log file by SimpleSAMLphp to `/proc/1/fd/1`. This does not work yet due to permissions issues. If someone knows how to resolve this please let me know or contribute a fix to the Git repository. Thanks! | -| CONFIG_AUTHADMINPASSWORD | SSHA256 hash of '123' | Plain text works as well. Use PWGen to generate a hash for this variable. Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7. | -| CONFIG_SECRETSALT | defaultsecretsalt | Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7 if help is needed for generating one. | -| CONFIG_TECHNICALCONTACT_NAME | Administrator | Name of the Admin of Rainy Clouds, 42nd of Their Name, Breaker of Sanity, and ~~Destroyer~~ Protector of the Federation | -| CONFIG_TECHNICALCONTACT_EMAIL | na@example.org | Address of hate mail and applicaton exception logs to send to. Mail support is not yet supported in this container, it is coming soon. Best to turn off mail error reporting option and direct users to the proper email until its implemented. | -| CONFIG_LANGUAGEDEFAULT | en | -- | -| CONFIG_TIMEZONE | America/Chicago | Visit the [php.net man pages](http://php.net/manual/en/timezones.america.php) for the options, the one linked is for 'Murica. | -| CONFIG_TEMPDIR | /tmp/simplesaml | -- | -| CONFIG_SHOWERRORS | true | Shows detailed errors to the user if one occurs. | -| CONFIG_ERRORREPORTING | true | Allow users to send reports from SimpleSAMLphp to the technicalcontact. Not yet working. | -| CONFIG_ADMINPROTECTINDEXPAGE | false | Require admin password to access frontpage_federation index | -| CONFIG_ADMINPROTECTMETADATA | false | Require admin password to access public IdP metadata | -| CONFIG_DEBUG | false | Enable debugging to logs, requires CONFIG_LOGGINGLEVEL be set to DEBUG | -| CONFIG_LOGGINGLEVEL | NOTICE | Options are ERR, WARNING, NOTICE, INFO, DEBUG | -| CONFIG_LOGGINGHANDLER | file | Default different from official default of syslog due to systemd not running in containers. | -| CONFIG_LOGFILE | simplesamlphp.log | -- | -| CONFIG_ENABLESAML20IDP | false | Enable SAML20 IdP | -| CONFIG_ENABLESHIB13IDP | false | Enable Shibboleth13 IdP | -| CONFIG_SESSIONDURATION | 8 * (60 * 60) | -- | -| CONFIG_SESSIONDATASTORETIMEOUT | (4 * 60 * 60) | -- | -| CONFIG_SESSIONSTATETIMEOUT | (60 * 60) | -- | -| CONFIG_SESSIONCOOKIELIFETIME | 0 | -- | -| CONFIG_SESSIONREMEMBERMEENABLE | false | -- | -| CONFIG_SESSIONREMEMBERMECHECKED | false | -- | -| CONFIG_SESSIONREMEMBERMELIFETIME | (14 * 86400) | -- | -| CONFIG_SESSIONCOOKIESECURE | false | -- | -| CONFIG_ENABLEHTTPPOST | false | -- | -| CONFIG_THEMEUSE | default | -- | -| CONFIG_STORETYPE | phpsession | If using `memcache` option, CONFIG_MEMCACHESTORESERVERS and CONFIG_MEMCACHESTOREPREFIX will need to be set. | -| CONFIG_MEMCACHESTORESERVERS | See Format Below* | Was unable to make this an easy variable, the format of the array is given below in a 2x2 example. Keep the format but replace the hostnames. | -| CONFIG_MEMCACHESTOREPREFIX | null | `simplesamlphp` can be used in most cases. | -| WWW_INDEX | core/frontpage_welcome.php | Page to direct to if a user accesses the IdP/SP directly. Can be set to an authentication test for example. | -| OPENLDAP_TLS_REQCERT | demand | As per ldap man pages, Options are `never` `allow` `try` `demand`. If using Active Directory or OpenLDAP with TLS, logins will be rejected if the directory certificate is self-signed with the default `demand` value. This can be set to `never` for testing purposes. Refer to ldap.conf man page section 5 for more details. | - -Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this template and replace the hostnames. Check compose file for usage example: -```console - 'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ), -``` - -### Maintenance - -This is being actively maintained and is running in production. -Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired. - -### Todos - - Figure out logging to docker stdio - - Add support for mail to be sent during exceptions - - Add ability for stats to be sent to docker stdio or to mounted file - -### More Complex/Practical Compose Example, IdP SSL Termination with HAProxy -This example will run HAProxy with snakeoil SSL termination for https://localhost. -It will also bring up 4 memcached containers, 2 pairs of 2, for phpsession. -This is useful for running a SimpleSAMLphp cluster via some orchestration service such as Rancher. - -Since SimpleSAMLphp will not care about the webroot, an entry to the hosts file can be added to whatever for testing. -Be sure to adjust the HOST environment variable below for whatever localhost self-signed certificate desired. -Of course in production use a real CA, like LetsEncrypt. - -This will be more in line with what would be seen in a production environment. (minus the demo 123 password, salt, etc) -Note the choices of volume mounts of what to keep ephemeral, and what to keep persistant. -The more volumes, the more manual upgrades might be. -Check SimpleSAMLphp's upgrade notes to see if updates occured in a specified directory. - -Note that running this compose file will create files in `/opt/docker/volumes/` on your host. -You can remove this after toying with the example. - -Run the following two commands: -```console -mkdir -p /opt/docker/volumes/simplesamlphp-haproxy/ssl -docker run --rm -v /opt/docker/volumes/simplesamlphp-haproxy/ssl:/ssl -e HOST=localhost -e TYPE=pem project42/selfsignedcert -``` - -Then, create this `haproxy.cfg` at `/opt/docker/volumes/simplesamlphp-haproxy/haproxy.cfg` -```console -global - #debug - chroot /var/lib/haproxy - user haproxy - group haproxy - pidfile /var/run/haproxy.pid - - # Default SSL material locations - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - - # Default ciphers to use on SSL-enabled listening sockets. - ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 - ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS - - spread-checks 4 - tune.maxrewrite 1024 - tune.ssl.default-dh-param 2048 - -defaults - mode http - balance roundrobin - - option dontlognull - option dontlog-normal - option redispatch - - maxconn 5000 - timeout connect 5s - timeout client 20s - timeout server 20s - timeout queue 30s - timeout http-request 5s - timeout http-keep-alive 15s - -frontend http-in - bind *:80 - reqadd X-Forwarded-Proto:\ http - default_backend nodes-http - -frontend https-in - bind *:443 ssl crt /etc/haproxy/ssl/localhost.pem - reqadd X-Forwarded-Proto:\ https - default_backend nodes-http - -backend nodes-http - redirect scheme https if !{ ssl_fc } - server node1 simplesamlphp:80 check -``` - -Finally, save this v2 compose file as `docker-compose-example.yml` somewhere. -Run `docker-compose -f docker-compose-example.yml up` to bring the stack up. -After install, visit https://localhost (or whatever URL you chose) -Use `docker-compose -f docker-compose-example.yml down` to destroy containers after playing. - -```console -version: '2' - -services: - - simplesamlphp: - container_name: simplesamlphp - image: venatorfox/simplesamlphp:1.14.15 - environment: - - CONFIG_BASEURLPATH=https://localhost/simplesaml/ -# To login to this example setup, use 123 for the password. - - CONFIG_AUTHADMINPASSWORD={SSHA256}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw== - - CONFIG_SECRETSALT=exampleabcdefghijklmnopqrstuvwxy - - CONFIG_TECHNICALCONTACT_NAME=Adam Zheng - - CONFIG_TECHNICALCONTACT_EMAIL=adam.zheng@esu10.org - - CONFIG_LANGUAGEDEFAULT=en - - CONFIG_TIMEZONE=America/Chicago - - CONFIG_SHOWERRORS=true - - CONFIG_ERRORREPORTING=true - - CONFIG_ADMINPROTECTINDEXPAGE=true - - CONFIG_ADMINPROTECTMETADATA=false - - CONFIG_DEBUG=FALSE - - CONFIG_LOGGINGLEVEL=INFO - - CONFIG_LOGGINGHANDLER=file - - CONFIG_LOGFILE=simplesamlphp.log - - CONFIG_ENABLESAML20IDP=true - - CONFIG_SESSIONCOOKIESECURE=false - - CONFIG_ENABLEHTTPPOST=false -# - CONFIG_THEMEUSE=nebraskacloudAuth:nebraskaCloud - - CONFIG_STORETYPE=memcache - - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - - CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => array(\n array(\n array('hostname' => 'idp-mc-a01'),\n array('hostname' => 'idp-mc-a02'),\n ),\n array(\n array('hostname' => 'idp-mc-b01'),\n array('hostname' => 'idp-mc-b02'),\n ), -# - WWW_INDEX=core/authenticate.php?as=admin - - OPENLDAP_TLS_REQCERT=always - volumes: -# - /opt/docker/volumes/simplesamlphp/config/authsources.php:/var/simplesamlphp/config/authsources.php - - /opt/docker/volumes/simplesamlphp/cert/:/var/simplesamlphp/cert/ - - /opt/docker/volumes/simplesamlphp/dictionaries/:/var/simplesamlphp/dictionaries/ - - /opt/docker/volumes/simplesamlphp/log/:/var/simplesamlphp/log - - /opt/docker/volumes/simplesamlphp/metadata/:/var/simplesamlphp/metadata - - /opt/docker/volumes/simplesamlphp/modules/:/var/simplesamlphp/modules - - /opt/docker/volumes/simplesamlphp/templates/:/var/simplesamlphp/templates - - /opt/docker/volumes/simplesamlphp/www/:/var/simplesamlphp/www - restart: always - - idp-mc-a01: - container_name: idp-mc-a01 - image: memcached - restart: always - - idp-mc-a02: - container_name: idp-mc-a02 - image: memcached - restart: always - - idp-mc-b01: - container_name: idp-mc-b01 - image: memcached - restart: always - - idp-mc-b02: - container_name: idp-mc-b02 - image: memcached - restart: always - - simplesamlphp-haproxy: - container_name: simplesamlphp-haproxy - image: million12/haproxy:1.7.8 - depends_on: - - simplesamlphp - links: - - simplesamlphp - ports: - - 80:80 - - 443:443 - volumes: - - /opt/docker/volumes/simplesamlphp-haproxy:/etc/haproxy - restart: always - cap_add: - - NET_ADMIN -``` - -License ----- -MIT diff --git a/1.14.15/docker-compose.yml b/1.14.15/docker-compose.yml deleted file mode 100644 index 7693c3f..0000000 --- a/1.14.15/docker-compose.yml +++ /dev/null @@ -1,79 +0,0 @@ -version: '2' - -services: - - simplesamlphp: - container_name: simplesamlphp - image: venatorfox/simplesamlphp:1.14.15 - environment: - - CONFIG_BASEURLPATH=https://localhost/simplesaml/ -# To login to this example setup, use 123 for the password. - - CONFIG_AUTHADMINPASSWORD={SSHA256}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw== - - CONFIG_SECRETSALT=exampleabcdefghijklmnopqrstuvwxy - - CONFIG_TECHNICALCONTACT_NAME=Adam Zheng - - CONFIG_TECHNICALCONTACT_EMAIL=adam.zheng@esu10.org - - CONFIG_LANGUAGEDEFAULT=en - - CONFIG_TIMEZONE=America/Chicago - - CONFIG_SHOWERRORS=true - - CONFIG_ERRORREPORTING=true - - CONFIG_ADMINPROTECTINDEXPAGE=true - - CONFIG_ADMINPROTECTMETADATA=false - - CONFIG_DEBUG=FALSE - - CONFIG_LOGGINGLEVEL=INFO - - CONFIG_LOGGINGHANDLER=file - - CONFIG_LOGFILE=simplesamlphp.log - - CONFIG_ENABLESAML20IDP=true - - CONFIG_SESSIONCOOKIESECURE=false - - CONFIG_ENABLEHTTPPOST=false -# - CONFIG_THEMEUSE=nebraskacloudAuth:nebraskaCloud - - CONFIG_STORETYPE=memcache - - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - - CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => array(\n array(\n array('hostname' => 'idp-mc-a01'),\n array('hostname' => 'idp-mc-a02'),\n ),\n array(\n array('hostname' => 'idp-mc-b01'),\n array('hostname' => 'idp-mc-b02'),\n ), -# - WWW_INDEX=core/authenticate.php?as=admin - - OPENLDAP_TLS_REQCERT=always - volumes: -# - /opt/docker/volumes/simplesamlphp/config/authsources.php:/var/simplesamlphp/config/authsources.php - - /opt/docker/volumes/simplesamlphp/cert/:/var/simplesamlphp/cert/ - - /opt/docker/volumes/simplesamlphp/dictionaries/:/var/simplesamlphp/dictionaries/ - - /opt/docker/volumes/simplesamlphp/log/:/var/simplesamlphp/log - - /opt/docker/volumes/simplesamlphp/metadata/:/var/simplesamlphp/metadata - - /opt/docker/volumes/simplesamlphp/modules/:/var/simplesamlphp/modules - - /opt/docker/volumes/simplesamlphp/templates/:/var/simplesamlphp/templates - - /opt/docker/volumes/simplesamlphp/www/:/var/simplesamlphp/www - restart: always - - idp-mc-a01: - container_name: idp-mc-a01 - image: memcached - restart: always - - idp-mc-a02: - container_name: idp-mc-a02 - image: memcached - restart: always - - idp-mc-b01: - container_name: idp-mc-b01 - image: memcached - restart: always - - idp-mc-b02: - container_name: idp-mc-b02 - image: memcached - restart: always - - simplesamlphp-haproxy: - container_name: simplesamlphp-haproxy - image: million12/haproxy:1.7.8 - depends_on: - - simplesamlphp - links: - - simplesamlphp - ports: - - 80:80 - - 443:443 - volumes: - - /opt/docker/volumes/simplesamlphp-haproxy:/etc/haproxy - restart: always - cap_add: - - NET_ADMIN diff --git a/1.14.15/install-simplesamlphp.sh b/1.14.15/install-simplesamlphp.sh deleted file mode 100644 index c24197b..0000000 --- a/1.14.15/install-simplesamlphp.sh +++ /dev/null @@ -1,280 +0,0 @@ -#!/usr/bin/with-contenv /bin/bash - -#Default runtime variables if none are supplied at Docker container creation - -DOCKER_REDIRECTLOGS=${DOCKER_REDIRECTLOGS:=false} - -CONFIG_BASEURLPATH=${CONFIG_BASEURLPATH:=simplesaml/} - -#This SSHA256 hash is '123' for the default password. -CONFIG_AUTHADMINPASSWORD=${CONFIG_AUTHADMINPASSWORD:=\{SSHA256\}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw==} -CONFIG_SECRETSALT=${CONFIG_SECRETSALT:=defaultsecretsalt} -CONFIG_TECHNICALCONTACT_NAME=${CONFIG_TECHNICALCONTACT_NAME:=Administrator} -CONFIG_TECHNICALCONTACT_EMAIL=${CONFIG_TECHNICALCONTACT_EMAIL:=na@example.org} -CONFIG_LANGUAGEDEFAULT=${CONFIG_LANGUAGEDEFAULT:=en} -CONFIG_TIMEZONE=${CONFIG_TIMEZONE:=America/Chicago} - -CONFIG_TEMPDIR=${CONFIG_TEMPDIR:=/tmp/simplesaml} -CONFIG_SHOWERRORS=${CONFIG_SHOWERRORS:=true} -CONFIG_ERRORREPORTING=${CONFIG_ERRORREPORTING:=true} -CONFIG_ADMINPROTECTINDEXPAGE=${CONFIG_ADMINPROTECTINDEXPAGE:=false} -CONFIG_ADMINPROTECTMETADATA=${CONFIG_ADMINPROTECTMETADATA:=false} - -CONFIG_DEBUG=${CONFIG_DEBUG:=false} -CONFIG_LOGGINGLEVEL=${CONFIG_LOGGINGLEVEL:=NOTICE} -CONFIG_LOGGINGHANDLER=${CONFIG_LOGGINGLHANDLER:=file} -CONFIG_LOGFILE=${CONFIG_LOGFILE:='simplesamlphp.log'} - -CONFIG_ENABLESAML20IDP=${CONFIG_ENABLESAML20IDP:=false} -CONFIG_ENABLESHIB13IDP=${CONFIG_ENABLESHIB13IDP:=false} -CONFIG_ENABLEADFSIDP=${CONFIG_ENABLEADFSIDP:=false} -CONFIG_ENABLEWSFEDSP=${CONFIG_ENABLEWSFEDSP:=false} -CONFIG_ENABLEAUTHMEMCOOKIE=${CONFIG_ENABLEAUTHMEMCOOKIE:=false} - -CONFIG_SESSIONDURATION=${CONFIG_SESSIONDURATION:=8 * (60 * 60)} -CONFIG_SESSIONDATASTORETIMEOUT=${CONFIG_SESSIONDATASTORETIMEOUT:=(4 * 60 * 60)} -CONFIG_SESSIONSTATETIMEOUT=${CONFIG_SESSIONSTATETIMEOUT:=(60 * 60)} -CONFIG_SESSIONCOOKIELIFETIME=${CONFIG_SESSIONCOOKIELIFETIME:=0} - -CONFIG_SESSIONREMEMBERMEENABLE=${CONFIG_SESSIONREMEMBERMEENABLE:=false} -CONFIG_SESSIONREMEMBERMECHECKED=${CONFIG_SESSIONREMEMBERMECHECKED:=false} -CONFIG_SESSIONREMEMBERMELIFETIME=${CONFIG_SESSIONREMEMBERMELIFETIME:=(14 * 86400)} - -CONFIG_SESSIONCOOKIESECURE=${CONFIG_SESSIONCOOKIESECURE:=false} -CONFIG_ENABLEHTTPPOST=${CONFIG_ENABLEHTTPPOST:=false} -CONFIG_THEMEUSE=${CONFIG_THEMEUSE:=default} -CONFIG_STORETYPE=${CONFIG_STORETYPE:=phpsession} - -WWW_INDEX=${WWW_INDEX:=core/frontpage_welcome.php} -OPENLDAP_TLS_REQCERT=${OPENLDAP_TLS_REQCERT:=demand} - -if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then - echo "[$0] DOCKER_REDIRECTLOGS was set to 'true', so setting CONFIG_LOGGINGHANDLER to 'file'" - CONFIG_LOGGINGHANDLER=file - if [ "$CONFIG_LOGFILE" != "simplesamlphp.log" ]; then - echo "[$0] [WARN] DOCKER_REDIRECTLOGS was set to true, but CONFIG_LOGFILE was set away from the default. It makes no sense to do this as logs are redirected to a pipe." - echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false' and volume mount the logs directory to the host." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - fi - if [ -z "$(ls -A /var/simplesamlphp/log/)" ]; then - if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then - echo "[$0] [WARN] DOCKER_REDIRECTLOGS is set to true but the log directory is volume mounted. It makes no sense to do this as logs are redirected to a pipe." - echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false'." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - fi - else - if [ "$CONFIG_LOGGINGHANDLER" = "file" ]; then - echo "[$0] [WARN] CONFIG_LOGGINGHANDLER is set to 'file' but the log directory is not volume mounted." - echo "[$0] [WARN] This will cause the container to grow with a logfile and is in most cases very undesirable." - echo "[$0] Pausing 5 seconds due to above warning." - fi - fi - ln -sf /proc/1/fd/1 /var/simplesamlphp/log/$CONFIG_LOGFILE -fi - -#Only set memcache vars if storetype is memcache -if [ "$CONFIG_STORETYPE" == "memcache" ]; then - CONFIG_MEMCACHESTORESERVERS=${CONFIG_MEMCACHESTORESERVERS:=" 'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ),"} - CONFIG_MEMCACHESTOREPREFIX=${CONFIG_MEMCACHESTOREPREFIX:=null} -fi - -#Check to see what directories were volume mounted -if [ -z "$(ls -A /var/simplesamlphp/)" ]; then - echo "[$0] [WARN] New install, The entire SimpleSAMLphp directory seems to be Docker volume mounted as it is empty. This is fine for testing but highly not recommended in production. Please see the Dockerfile README for more info." >&2 - tar xf /var/simplesamlphp.tar.gz -C /var/ > /dev/null - mv /var/simplesamlphp-*/* /var/simplesamlphp/ > /dev/null - rm -rf /var/simplesamlphp-* > /dev/null - echo "[$0] [WARN] Install Complete. Nothing is ephemeral in the SimpleSAMLphp install so updates need done manually from the host volume this point forward." >&2 -else - if [ -z "$(ls -A /var/simplesamlphp/attributemap/)" ]; then - echo "[$0] attributemap directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/attributemap > /dev/null - mv /simplesamlphp-1.*/attributemap/* /var/simplesamlphp/attributemap/ - echo "[$0] Seed complete. Directory attributemap will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/bin/)" ]; then - echo "[$0] bin directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/bin > /dev/null - mv /simplesamlphp-1.*/bin/* /var/simplesamlphp/bin/ - echo "[$0] Seed complete. Directory bin will not be part of future upgrades and will need upgraded manually." - fi - ls -A /var/simplesamlphp/cert/breadcrumb &> /dev/null - if ! [ $? -ne 0 ]; then - echo "[$0] [WARN] cert directory is not volume mounted and probably should be." - echo "[$0] Pausing 3 seconds due to above warning." - sleep 3 - fi - if [ -z "$(ls -A /var/simplesamlphp/config/)" ]; then - echo "[$0] config directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/config > /dev/null - mv /simplesamlphp-1.*/config/* /var/simplesamlphp/config/ - echo "[$0] Seed complete. Directory config will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/config-templates/)" ]; then - echo "[$0] config-templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/config-templates > /dev/null - mv /simplesamlphp-1.*/config-templates/* /var/simplesamlphp/config-templates/ - echo "[$0] Seed complete. Directory config-templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/dictionaries/)" ]; then - echo "[$0] dictionaries directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/dictionaries > /dev/null - mv /simplesamlphp-1.*/dictionaries/* /var/simplesamlphp/dictionaries/ - echo "[$0] Seed complete. Directory dictionaries will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/docs/)" ]; then - echo "[$0] docs directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/docs > /dev/null - mv /simplesamlphp-1.*/docs/* /var/simplesamlphp/docs/ - echo "[$0] Seed complete. Directory docs will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/extra/)" ]; then - echo "[$0] extra directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/extra > /dev/null - mv /simplesamlphp-1.*/extra/* /var/simplesamlphp/extra/ - echo "[$0] Seed complete. Directory extra will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/lib/)" ]; then - echo "[$0] lib directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/lib > /dev/null - mv /simplesamlphp-1.*/lib/* /var/simplesamlphp/lib/ - echo "[$0] Seed complete. Directory lib will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/metadata/)" ]; then - echo "[$0] metadata directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/metadata > /dev/null - mv /simplesamlphp-1.*/metadata/* /var/simplesamlphp/metadata/ - echo "[$0] Seed complete. Directory metadata will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/metadata-templates/)" ]; then - echo "[$0] metadata-templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/metadata-templates > /dev/null - mv /simplesamlphp-1.*/metadata-templates/* /var/simplesamlphp/metadata-templates/ - echo "[$0] Seed complete. Directory metadata-templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/modules/)" ]; then - echo "[$0] modules directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/modules > /dev/null - mv /simplesamlphp-1.*/modules/* /var/simplesamlphp/modules/ - echo "[$0] Seed complete. Directory modules will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/schemas/)" ]; then - echo "[$0] schemas directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/schemas > /dev/null - mv /simplesamlphp-1.*/schemas/* /var/simplesamlphp/schemas/ - echo "[$0] Seed complete. Directory schemas will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/templates/)" ]; then - echo "[$0] templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/templates > /dev/null - mv /simplesamlphp-1.*/templates/* /var/simplesamlphp/templates/ - echo "[$0] Seed complete. Directory templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/tests/)" ]; then - echo "[$0] tests directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/tests > /dev/null - mv /simplesamlphp-1.*/tests/* /var/simplesamlphp/tests/ - echo "[$0] Seed complete. Directory tests will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/tools/)" ]; then - echo "[$0] tools directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/tools > /dev/null - mv /simplesamlphp-1.*/tools/* /var/simplesamlphp/tools/ - echo "[$0] Seed complete. Directory tools will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/vendor/)" ]; then - echo "[$0] vendor directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/vendor > /dev/null - mv /simplesamlphp-1.*/vendor/* /var/simplesamlphp/vendor/ - echo "[$0] Seed complete. Directory vendor will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/www/)" ]; then - echo "[$0] www directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/www > /dev/null - mv /simplesamlphp-1.*/www/* /var/simplesamlphp/www/ - echo "[$0] Seed complete. Directory www will not be part of future upgrades and will need upgraded manually." - fi - rm -rf /simplesamlphp-*/ -fi - -ls -A /var/simplesamlphp/config/.dockersetupdone &> /dev/null -if ! [ $? -ne 0 ]; then - echo "[$0] Breadcrumb located, skipping firstime config." - echo "[$0] Done" - exit 0 -fi - -#Apply server certificate check in a TLS session -echo -e "TLS_REQCERT\t$OPENLDAP_TLS_REQCERT" >> /etc/openldap/ldap.conf - -#Configure SimpleSAMLphp from runtime variables. - -echo "[$0] Apply Configuration to config.php..." - -#Apply Configurations -sed -i "s|'baseurlpath' => 'simplesaml/'|'baseurlpath' => '$CONFIG_BASEURLPATH'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'auth.adminpassword' => '123'|'auth.adminpassword' => '$CONFIG_AUTHADMINPASSWORD'|g" /var/simplesamlphp/config/config.php -sed -i "s|'secretsalt' => 'defaultsecretsalt'|'secretsalt' => '$CONFIG_SECRETSALT'|g" /var/simplesamlphp/config/config.php -sed -i "s|'technicalcontact_name' => 'Administrator'|'technicalcontact_name' => '$CONFIG_TECHNICALCONTACT_NAME'|g" /var/simplesamlphp/config/config.php -sed -i "s|'technicalcontact_email' => 'na@example.org'|'technicalcontact_email' => '$CONFIG_TECHNICALCONTACT_EMAIL'|g" /var/simplesamlphp/config/config.php -sed -i "s|'language.default' => 'en'|'language.default' => '$CONFIG_LANGUAGEDEFAULT'|g" /var/simplesamlphp/config/config.php -sed -i "s|'timezone' => null|'timezone' => '$CONFIG_TIMEZONE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'tempdir' => '/tmp/simplesaml'|'tempdir' => '$CONFIG_TEMPDIR'|g" /var/simplesamlphp/config/config.php -sed -i "s|'showerrors' => true|'showerrors' => $CONFIG_SHOWERRORS|g" /var/simplesamlphp/config/config.php -sed -i "s|'errorreporting' => true|'errorreporting' => $CONFIG_ERRORREPORTING|g" /var/simplesamlphp/config/config.php -sed -i "s|'admin.protectindexpage' => false|'admin.protectindexpage' => $CONFIG_ADMINPROTECTINDEXPAGE|g" /var/simplesamlphp/config/config.php -sed -i "s|'admin.protectmetadata' => false|'admin.protectmetadata' => $CONFIG_ADMINPROTECTMETADATA|g" /var/simplesamlphp/config/config.php - -sed -i "s|'debug' => false|'debug' => $CONFIG_DEBUG|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.level' => SimpleSAML_Logger::NOTICE|'logging.level' => SimpleSAML_Logger::$CONFIG_LOGGINGLEVEL|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.handler' => 'syslog'|'logging.handler' => '$CONFIG_LOGGINGHANDLER'|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.logfile' => 'simplesamlphp.log'|'logging.logfile' => '$CONFIG_LOGFILE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'enable.saml20-idp' => false|'enable.saml20-idp' => $CONFIG_ENABLESAML20IDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.shib13-idp' => false|'enable.shib13-idp' => $CONFIG_ENABLESHIB13IDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.adfs-idp' => false|'enable.adfs-idp' => $CONFIG_ENABLEADFSIDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.wsfed-sp' => false|'enable.wsfed-sp' => $CONFIG_ENABLEWSFEDSP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.authmemcookie' => false|'enable.authmemcookie' => $CONFIG_ENABLEAUTHMEMCOOKIE|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.duration' => 8 \* (60 \* 60)|'session.duration' => $CONFIG_SESSIONDURATION|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.datastore.timeout' => (4 \* 60 \* 60)|'session.datastore.timeout' => $CONFIG_SESSIONDATASTORETIMEOUT|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.state.timeout' => (60 \* 60)|'session.state.timeout' => $CONFIG_SESSIONSTATETIMEOUT|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.cookie.lifetime' => 0|'session.cookie.lifetime' => $CONFIG_SESSIONCOOKIELIFETIME|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.rememberme.enable' => false|'session.rememberme.enable' => $CONFIG_SESSIONREMEMBERMEENABLE|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.rememberme.checked' => false|'session.rememberme.checked' => $CONFIG_SESSIONREMEMBERMECHECKED|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.rememberme.lifetime' => (14 \* 86400)|'session.rememberme.lifetime' => $CONFIG_SESSIONREMEMBERMELIFETIME|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.cookie.secure' => false|'session.cookie.secure' => $CONFIG_SESSIONCOOKIESECURE|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.http_post' => false|'enable.http_post' => $CONFIG_ENABLEHTTPPOST|g" /var/simplesamlphp/config/config.php - -sed -i "s|'theme.use' => 'default'|'theme.use' => '$CONFIG_THEMEUSE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'store.type' => 'phpsession',|'store.type' => '$CONFIG_STORETYPE',|g" /var/simplesamlphp/config/config.php - -sed -i "s|'core/frontpage_welcome.php'|'$WWW_INDEX'|g" /var/simplesamlphp/www/index.php - -#Only configure redundant memcache if storetype is set to memcache -if [ "$CONFIG_STORETYPE" == "memcache" ]; then - sed -i "/ 'memcache_store.servers' => array(/{n;N;N;d}" /var/simplesamlphp/config/config.php - sed -i "s| 'memcache_store.servers' => array(|$CONFIG_MEMCACHESTORESERVERS|g" /var/simplesamlphp/config/config.php - sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => '$CONFIG_MEMCACHESTOREPREFIX'|g" /var/simplesamlphp/config/config.php - if [ "$CONFIG_MEMCACHESTOREPREFIX" == "null" ]; then - echo "[$0] [WARN] CONFIG_STORETYPE was set to 'memcache', but CONFIG_MEMCACHESTOREPREFIX was not set from null. This will not work. Setting CONFIG_MEMCACHESTOREPREFIX to 'simpleSAMLphp'." - echo "[$0] To avoid this warning in the future, set CONFIG_MEMCACHESTOREPREFIX to something, 'simpleSAMLphp' is the suggested default if memcache is enabled." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => $CONFIG_MEMCACHESTOREPREFIX|g" /var/simplesamlphp/config/config.php - fi -fi - -chown php-fpm:php-fpm /var/simplesamlphp/log - -touch /var/simplesamlphp/config/.dockersetupdone - -echo "[$0] Configuration Complete. Saved .dockersetupdone breadcrumb to config directory to prevent config rerun." diff --git a/1.14.16/Dockerfile b/1.14.16/Dockerfile deleted file mode 100644 index c8c7444..0000000 --- a/1.14.16/Dockerfile +++ /dev/null @@ -1,55 +0,0 @@ -FROM centos:7 -MAINTAINER Adam Zheng adam.w.zheng@icloud.com - -ENV S6_RELEASE 1.20.0.0 -ENV SIMPLESAMLPHP_RELEASE 1.14.16 - -#Add S6 Overlay -ADD https://github.com/just-containers/s6-overlay/releases/download/v$S6_RELEASE/s6-overlay-amd64.tar.gz /tmp/ -RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \ - && tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin - -#Install SimpleSAMLphp Requirements -RUN yum -y install epel-release \ - && rpm -Uvh https://centos7.iuscommunity.org/ius-release.rpm \ - && echo -e '[nginx]\nname=nginx repo\nbaseurl=http://nginx.org/packages/centos/7/$basearch/\ngpgcheck=0\nenabled=1' > /etc/yum.repos.d/nginx.repo \ - && yum -y install nginx php56u-fpm php56u-fpm-nginx php56u-dom php56u-mbstring php56u-mcrypt php56u-pdo php56u-pecl-memcache php56u-ldap sendmail \ - && sed -i 's/user = apache/user = nginx/' /etc/php-fpm.d/www.conf \ - && sed -i 's/group = apache/group = nginx/' /etc/php-fpm.d/www.conf - -#Configure webserver -RUN echo -e 'server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name _;\n root /var/simplesamlphp/www/;\n index index.php;\n\n location /simplesaml {\n alias /var/simplesamlphp/www/;\n location ~ ^(?/simplesaml)(?.+?.php)(?/.*)?$ {\n include fastcgi_params;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_split_path_info ^(.+?.php)(/.+)$;\n fastcgi_param SCRIPT_FILENAME $document_root$phpfile;\n fastcgi_param PATH_INFO $pathinfo if_not_empty;\n }\n }\n\n location ~ .php$ {\n fastcgi_split_path_info ^(.+.php)(/.+)$;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n include fastcgi_params;\n add_header Cache-control no-cache;\n }\n}' > /etc/nginx/conf.d/default.conf \ - && mkdir -p /var/lib/php/session/ \ - && chown -Rv nginx:nginx /var/lib/php/session/ - -#Download SimpleSAMLphp, Archive must remain present for seeding post install. -RUN curl -Lo /var/simplesamlphp.tar.gz https://github.com/simplesamlphp/simplesamlphp/releases/download/v$SIMPLESAMLPHP_RELEASE/simplesamlphp-$SIMPLESAMLPHP_RELEASE.tar.gz \ - && tar xzf /var/simplesamlphp.tar.gz --directory /var \ - && mv /var/simplesamlphp-* /var/simplesamlphp \ - && touch /var/simplesamlphp/cert/breadcrumb \ - && touch /var/simplesamlphp/log/breadcrumb - -#Redirect NGINX Logs -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -#Add Service NGINX to be Monitored by S6 -RUN mkdir -p /etc/services.d/nginx/ \ - && touch /etc/services.d/nginx/run \ - && echo '#!/usr/bin/execlineb -P' > /etc/services.d/nginx/run \ - && echo 'nginx -g "daemon off;"' >> /etc/services.d/nginx/run - -#Add Service PHP-FPM to be Monitored by S6 -RUN mkdir -p /etc/services.d/php-fpm/ \ - && touch /etc/services.d/php-fpm/run \ - && echo '#!/usr/bin/execlineb -P' > /etc/services.d/php-fpm/run \ - && echo '/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \ - && sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/php-fpm.conf - -#Copy the SimpleSAMLphp CLI Install Script into the Container to be executed on startup -COPY install-simplesamlphp.sh /etc/cont-init.d/ -RUN chmod u+x /etc/cont-init.d/install-simplesamlphp.sh - -RUN yum -y update && yum clean all && > /var/log/yum.log - -ENTRYPOINT ["/init"] diff --git a/1.14.16/README.md b/1.14.16/README.md deleted file mode 100644 index 7121b8a..0000000 --- a/1.14.16/README.md +++ /dev/null @@ -1,294 +0,0 @@ -[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.14.16.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.14.16 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.14.16.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.14.16 "Get your own image badge on microbadger.com") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) - -Supported tags and respective `Dockerfile` links - -- [`1.14.16`, `latest` (*1.14.16/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.16/Dockerfile) -- [`1.14.15` (*1.14.15/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.15/Dockerfile) - -### How to use this image - -Start a `venatorfox/simplesamlphp` instance, expose port 80. - -```console -$ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest -``` -Visit the site at http://localhost, default unconfigured username is "admin" and password is "123". #superSecure - -See below for available runtime environment variables for a more specific configuration. - -> The config.php will be created at run and baked into the SimpleSAMLphp Core Install. -> This will allow easy future upgrades, as you can simply destroy the container and bring it up with a new version. -> The docker environment variables configured at runtime will be applied to the default config, pulled from SimpleSAMLphp. - -> The purpose of this image is to store as much ephemeral data inside the container as possible for easy upgrades. -> This is controlled by how you mount docker volumes. Examples are presented below. - -### Supported Volume Mount Options for Pre-Seeding - -The following directories will pre-seed if they are mounted. -If attempting to mount an subdirectory, it will not pre-seed and therefore must pre-exist. - -If the directory is not mounted, it will use its ephemeral counterpart in the container which is ideal, explained below. -Note that once a directory is mounted, it will need to be upgraded manually for future SimpleSAMLphp releases if applicable. -If a mounted directory disappears from the host, it will pre-seed again with defaults from the SimpleSAMLphp install on restart. -If reverting to a default directory is desired, remove the host directory and adjust the docker run command to exclude the mount. - -Some directories will probably never need manually updated as SimpleSAMLphp will not update them in new versions. -`/cert` and `/metadata` are examples of directories that should always be volume mounted, as it contains data that must persist, is very organization specific, and will probably never or rarely be changed by SimpleSAMLphp releases. - -Something like `/bin` should never be volume mounted unless it's for development purposes, as it will likley be upgraded by SimpleSAMLphp in new versions. - -Be sure to check new SimpleSAMLphp releases to see if manual upgrades need done to a directory that was mounted. -Check [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install) installation section 5 for specifics. - -Individual files can also be mounted, but will not pre-seed content. It must pre-exist before starting the container. -Mounting the `authsources.php` file is a good example, as `/config` will probably not be mounted. -Another example, if using composer, the `composer.json` and `composer.lock` files will need mounted. - -This will vary greatly depending on use. A compose file similar to a production instance as is at the end of this README. - -| Directory | Opinion | -| ------ | ------ | -| /var/simplesamlphp/attributemap | -- | -| /var/simplesamlphp/bin | Probably should not be volume mounted. | -| /var/simplesamlphp/cert | Should always be volume mounted. | -| /var/simplesamlphp/config | Should probably not be volume mounted as its mostly configured by docker. | -| /var/simplesamlphp/config-templates | -- | -| /var/simplesamlphp/dictionaries | Can be mounted for customized user messages. | -| /var/simplesamlphp/docs | -- | -| /var/simplesamlphp/extra | -- | -| /var/simplesamlphp/lib | -- | -| /var/simplesamlphp/log | If using docker log redirection (not working yet), this cannot be volume mounted. If docker logs write to a file, this should be volume mounted so logs do not grow inside the container. | -| /var/simplesamlphp/metadata | Should always be volume mounted, very specific to organization. | -| /var/simplesamlphp/metadata-templates | -- | -| /var/simplesamlphp/modules | Can be volume mounted for easier module customization | -| /var/simplesamlphp/schemas | -- | -| /var/simplesamlphp/templates | -- | -| /var/simplesamlphp/tests | -- | -| /var/simplesamlphp/tools | -- | -| /var/simplesamlphp/vendor | -- | -| /var/simplesamlphp/www | Can be volume mounted for easier www customization | - -### Runtime Environment Variables - -The following variables can be overridden at run or in docker-compose. -It is recommended to set them properly and not use default values. -(Unless you want an authentication service with no SSL, with your admin password being 123 (Can you not, kthx)). - -| Variable | Default Value | Description | -| ------ | ------ | ------ | -| CONFIG_BASEURLPATH | simplesaml/ | If using SSL behind a proxy enter the base URL here, otherwise IdP metadata will use http://. Format is [(https)://(hostname)[:port]]/[path/to/simplesaml/]. | -| DOCKER_REDIRECTLOGS | false | Redirect logs written to the log file by SimpleSAMLphp to `/proc/1/fd/1`. This does not work yet due to permissions issues. If someone knows how to resolve this please let me know or contribute a fix to the Git repository. Thanks! | -| CONFIG_AUTHADMINPASSWORD | SSHA256 hash of '123' | Plain text works as well. Use PWGen to generate a hash for this variable. Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7. | -| CONFIG_SECRETSALT | defaultsecretsalt | Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7 if help is needed for generating one. | -| CONFIG_TECHNICALCONTACT_NAME | Administrator | Name of the Admin of Rainy Clouds, 42nd of Their Name, Breaker of Sanity, and ~~Destroyer~~ Protector of the Federation | -| CONFIG_TECHNICALCONTACT_EMAIL | na@example.org | Address of hate mail and applicaton exception logs to send to. Mail support is not yet supported in this container, it is coming soon. Best to turn off mail error reporting option and direct users to the proper email until its implemented. | -| CONFIG_LANGUAGEDEFAULT | en | -- | -| CONFIG_TIMEZONE | America/Chicago | Visit the [php.net man pages](http://php.net/manual/en/timezones.america.php) for the options, the one linked is for 'Murica. | -| CONFIG_TEMPDIR | /tmp/simplesaml | -- | -| CONFIG_SHOWERRORS | true | Shows detailed errors to the user if one occurs. | -| CONFIG_ERRORREPORTING | true | Allow users to send reports from SimpleSAMLphp to the technicalcontact. Not yet working. | -| CONFIG_ADMINPROTECTINDEXPAGE | false | Require admin password to access frontpage_federation index | -| CONFIG_ADMINPROTECTMETADATA | false | Require admin password to access public IdP metadata | -| CONFIG_DEBUG | false | Enable debugging to logs, requires CONFIG_LOGGINGLEVEL be set to DEBUG | -| CONFIG_LOGGINGLEVEL | NOTICE | Options are ERR, WARNING, NOTICE, INFO, DEBUG | -| CONFIG_LOGGINGHANDLER | file | Default different from official default of syslog due to systemd not running in containers. | -| CONFIG_LOGFILE | simplesamlphp.log | -- | -| CONFIG_ENABLESAML20IDP | false | Enable SAML20 IdP | -| CONFIG_ENABLESHIB13IDP | false | Enable Shibboleth13 IdP | -| CONFIG_SESSIONDURATION | 8 * (60 * 60) | -- | -| CONFIG_SESSIONDATASTORETIMEOUT | (4 * 60 * 60) | -- | -| CONFIG_SESSIONSTATETIMEOUT | (60 * 60) | -- | -| CONFIG_SESSIONCOOKIELIFETIME | 0 | -- | -| CONFIG_SESSIONREMEMBERMEENABLE | false | -- | -| CONFIG_SESSIONREMEMBERMECHECKED | false | -- | -| CONFIG_SESSIONREMEMBERMELIFETIME | (14 * 86400) | -- | -| CONFIG_SESSIONCOOKIESECURE | false | -- | -| CONFIG_ENABLEHTTPPOST | false | -- | -| CONFIG_THEMEUSE | default | -- | -| CONFIG_STORETYPE | phpsession | If using `memcache` option, CONFIG_MEMCACHESTORESERVERS and CONFIG_MEMCACHESTOREPREFIX will need to be set. | -| CONFIG_MEMCACHESTORESERVERS | See Format Below* | Was unable to make this an easy variable, the format of the array is given below in a 2x2 example. Keep the format but replace the hostnames. | -| CONFIG_MEMCACHESTOREPREFIX | null | `simplesamlphp` can be used in most cases. | -| WWW_INDEX | core/frontpage_welcome.php | Page to direct to if a user accesses the IdP/SP directly. Can be set to an authentication test for example. | -| OPENLDAP_TLS_REQCERT | demand | As per ldap man pages, Options are `never` `allow` `try` `demand`. If using Active Directory or OpenLDAP with TLS, logins will be rejected if the directory certificate is self-signed with the default `demand` value. This can be set to `never` for testing purposes. Refer to ldap.conf man page section 5 for more details. | - -Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this template and replace the hostnames. Check compose file for usage example: -```console - 'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ), -``` - -### Maintenance - -This is being actively maintained and is running in production. -Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired. - -### Todos - - Figure out logging to docker stdio - - Add support for mail to be sent during exceptions - - Add ability for stats to be sent to docker stdio or to mounted file - -### More Complex/Practical Compose Example, IdP SSL Termination with HAProxy -This example will run HAProxy with snakeoil SSL termination for https://localhost. -It will also bring up 4 memcached containers, 2 pairs of 2, for phpsession. -This is useful for running a SimpleSAMLphp cluster via some orchestration service such as Rancher. - -Since SimpleSAMLphp will not care about the webroot, an entry to the hosts file can be added to whatever for testing. -Be sure to adjust the HOST environment variable below for whatever localhost self-signed certificate desired. -Of course in production use a real CA, like LetsEncrypt. - -This will be more in line with what would be seen in a production environment. (minus the demo 123 password, salt, etc) -Note the choices of volume mounts of what to keep ephemeral, and what to keep persistant. -The more volumes, the more manual upgrades might be. -Check SimpleSAMLphp's upgrade notes to see if updates occured in a specified directory. - -Note that running this compose file will create files in `/opt/docker/volumes/` on your host. -You can remove this after toying with the example. - -Run the following two commands: -```console -mkdir -p /opt/docker/volumes/simplesamlphp-haproxy/ssl -docker run --rm -v /opt/docker/volumes/simplesamlphp-haproxy/ssl:/ssl -e HOST=localhost -e TYPE=pem project42/selfsignedcert -``` - -Then, create this `haproxy.cfg` at `/opt/docker/volumes/simplesamlphp-haproxy/haproxy.cfg` -```console -global - #debug - chroot /var/lib/haproxy - user haproxy - group haproxy - pidfile /var/run/haproxy.pid - - # Default SSL material locations - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - - # Default ciphers to use on SSL-enabled listening sockets. - ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 - ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS - - spread-checks 4 - tune.maxrewrite 1024 - tune.ssl.default-dh-param 2048 - -defaults - mode http - balance roundrobin - - option dontlognull - option dontlog-normal - option redispatch - - maxconn 5000 - timeout connect 5s - timeout client 20s - timeout server 20s - timeout queue 30s - timeout http-request 5s - timeout http-keep-alive 15s - -frontend http-in - bind *:80 - reqadd X-Forwarded-Proto:\ http - default_backend nodes-http - -frontend https-in - bind *:443 ssl crt /etc/haproxy/ssl/localhost.pem - reqadd X-Forwarded-Proto:\ https - default_backend nodes-http - -backend nodes-http - redirect scheme https if !{ ssl_fc } - server node1 simplesamlphp:80 check -``` - -Finally, save this v2 compose file as `docker-compose-example.yml` somewhere. -Run `docker-compose -f docker-compose-example.yml up` to bring the stack up. -After install, visit https://localhost (or whatever URL you chose) -Use `docker-compose -f docker-compose-example.yml down` to destroy containers after playing. - -```console -version: '2' - -services: - - simplesamlphp: - container_name: simplesamlphp - image: venatorfox/simplesamlphp:1.14.16 - environment: - - CONFIG_BASEURLPATH=https://localhost/simplesaml/ -# To login to this example setup, use 123 for the password. - - CONFIG_AUTHADMINPASSWORD={SSHA256}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw== - - CONFIG_SECRETSALT=exampleabcdefghijklmnopqrstuvwxy - - CONFIG_TECHNICALCONTACT_NAME=Adam Zheng - - CONFIG_TECHNICALCONTACT_EMAIL=adam.zheng@esu10.org - - CONFIG_LANGUAGEDEFAULT=en - - CONFIG_TIMEZONE=America/Chicago - - CONFIG_SHOWERRORS=true - - CONFIG_ERRORREPORTING=true - - CONFIG_ADMINPROTECTINDEXPAGE=true - - CONFIG_ADMINPROTECTMETADATA=false - - CONFIG_DEBUG=FALSE - - CONFIG_LOGGINGLEVEL=INFO - - CONFIG_LOGGINGHANDLER=file - - CONFIG_LOGFILE=simplesamlphp.log - - CONFIG_ENABLESAML20IDP=true - - CONFIG_SESSIONCOOKIESECURE=false - - CONFIG_ENABLEHTTPPOST=false -# - CONFIG_THEMEUSE=nebraskacloudAuth:nebraskaCloud - - CONFIG_STORETYPE=memcache - - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - - CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => array(\n array(\n array('hostname' => 'idp-mc-a01'),\n array('hostname' => 'idp-mc-a02'),\n ),\n array(\n array('hostname' => 'idp-mc-b01'),\n array('hostname' => 'idp-mc-b02'),\n ), -# - WWW_INDEX=core/authenticate.php?as=admin - - OPENLDAP_TLS_REQCERT=always - volumes: -# - /opt/docker/volumes/simplesamlphp/config/authsources.php:/var/simplesamlphp/config/authsources.php - - /opt/docker/volumes/simplesamlphp/cert/:/var/simplesamlphp/cert/ - - /opt/docker/volumes/simplesamlphp/dictionaries/:/var/simplesamlphp/dictionaries/ - - /opt/docker/volumes/simplesamlphp/log/:/var/simplesamlphp/log - - /opt/docker/volumes/simplesamlphp/metadata/:/var/simplesamlphp/metadata - - /opt/docker/volumes/simplesamlphp/modules/:/var/simplesamlphp/modules - - /opt/docker/volumes/simplesamlphp/templates/:/var/simplesamlphp/templates - - /opt/docker/volumes/simplesamlphp/www/:/var/simplesamlphp/www - restart: always - - idp-mc-a01: - container_name: idp-mc-a01 - image: memcached - restart: always - - idp-mc-a02: - container_name: idp-mc-a02 - image: memcached - restart: always - - idp-mc-b01: - container_name: idp-mc-b01 - image: memcached - restart: always - - idp-mc-b02: - container_name: idp-mc-b02 - image: memcached - restart: always - - simplesamlphp-haproxy: - container_name: simplesamlphp-haproxy - image: million12/haproxy:1.7.9 - depends_on: - - simplesamlphp - links: - - simplesamlphp - ports: - - 80:80 - - 443:443 - volumes: - - /opt/docker/volumes/simplesamlphp-haproxy:/etc/haproxy - restart: always - cap_add: - - NET_ADMIN -``` - -License ----- -MIT diff --git a/1.14.16/docker-compose.yml b/1.14.16/docker-compose.yml deleted file mode 100644 index c970ce8..0000000 --- a/1.14.16/docker-compose.yml +++ /dev/null @@ -1,79 +0,0 @@ -version: '2' - -services: - - simplesamlphp: - container_name: simplesamlphp - image: venatorfox/simplesamlphp:1.14.16 - environment: - - CONFIG_BASEURLPATH=https://localhost/simplesaml/ -# To login to this example setup, use 123 for the password. - - CONFIG_AUTHADMINPASSWORD={SSHA256}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw== - - CONFIG_SECRETSALT=exampleabcdefghijklmnopqrstuvwxy - - CONFIG_TECHNICALCONTACT_NAME=Adam Zheng - - CONFIG_TECHNICALCONTACT_EMAIL=adam.zheng@esu10.org - - CONFIG_LANGUAGEDEFAULT=en - - CONFIG_TIMEZONE=America/Chicago - - CONFIG_SHOWERRORS=true - - CONFIG_ERRORREPORTING=true - - CONFIG_ADMINPROTECTINDEXPAGE=true - - CONFIG_ADMINPROTECTMETADATA=false - - CONFIG_DEBUG=FALSE - - CONFIG_LOGGINGLEVEL=INFO - - CONFIG_LOGGINGHANDLER=file - - CONFIG_LOGFILE=simplesamlphp.log - - CONFIG_ENABLESAML20IDP=true - - CONFIG_SESSIONCOOKIESECURE=false - - CONFIG_ENABLEHTTPPOST=false -# - CONFIG_THEMEUSE=nebraskacloudAuth:nebraskaCloud - - CONFIG_STORETYPE=memcache - - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - - CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => array(\n array(\n array('hostname' => 'idp-mc-a01'),\n array('hostname' => 'idp-mc-a02'),\n ),\n array(\n array('hostname' => 'idp-mc-b01'),\n array('hostname' => 'idp-mc-b02'),\n ), -# - WWW_INDEX=core/authenticate.php?as=admin - - OPENLDAP_TLS_REQCERT=always - volumes: -# - /opt/docker/volumes/simplesamlphp/config/authsources.php:/var/simplesamlphp/config/authsources.php - - /opt/docker/volumes/simplesamlphp/cert/:/var/simplesamlphp/cert/ - - /opt/docker/volumes/simplesamlphp/dictionaries/:/var/simplesamlphp/dictionaries/ - - /opt/docker/volumes/simplesamlphp/log/:/var/simplesamlphp/log - - /opt/docker/volumes/simplesamlphp/metadata/:/var/simplesamlphp/metadata - - /opt/docker/volumes/simplesamlphp/modules/:/var/simplesamlphp/modules - - /opt/docker/volumes/simplesamlphp/templates/:/var/simplesamlphp/templates - - /opt/docker/volumes/simplesamlphp/www/:/var/simplesamlphp/www - restart: always - - idp-mc-a01: - container_name: idp-mc-a01 - image: memcached - restart: always - - idp-mc-a02: - container_name: idp-mc-a02 - image: memcached - restart: always - - idp-mc-b01: - container_name: idp-mc-b01 - image: memcached - restart: always - - idp-mc-b02: - container_name: idp-mc-b02 - image: memcached - restart: always - - simplesamlphp-haproxy: - container_name: simplesamlphp-haproxy - image: million12/haproxy:1.7.9 - depends_on: - - simplesamlphp - links: - - simplesamlphp - ports: - - 80:80 - - 443:443 - volumes: - - /opt/docker/volumes/simplesamlphp-haproxy:/etc/haproxy - restart: always - cap_add: - - NET_ADMIN diff --git a/1.14.16/install-simplesamlphp.sh b/1.14.16/install-simplesamlphp.sh deleted file mode 100644 index 89caad5..0000000 --- a/1.14.16/install-simplesamlphp.sh +++ /dev/null @@ -1,280 +0,0 @@ -#!/usr/bin/with-contenv /bin/bash - -#Default runtime variables if none are supplied at Docker container creation - -DOCKER_REDIRECTLOGS=${DOCKER_REDIRECTLOGS:=false} - -CONFIG_BASEURLPATH=${CONFIG_BASEURLPATH:=simplesaml/} - -#This SSHA256 hash is '123' for the default password. -CONFIG_AUTHADMINPASSWORD=${CONFIG_AUTHADMINPASSWORD:=\{SSHA256\}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw==} -CONFIG_SECRETSALT=${CONFIG_SECRETSALT:=defaultsecretsalt} -CONFIG_TECHNICALCONTACT_NAME=${CONFIG_TECHNICALCONTACT_NAME:=Administrator} -CONFIG_TECHNICALCONTACT_EMAIL=${CONFIG_TECHNICALCONTACT_EMAIL:=na@example.org} -CONFIG_LANGUAGEDEFAULT=${CONFIG_LANGUAGEDEFAULT:=en} -CONFIG_TIMEZONE=${CONFIG_TIMEZONE:=America/Chicago} - -CONFIG_TEMPDIR=${CONFIG_TEMPDIR:=/tmp/simplesaml} -CONFIG_SHOWERRORS=${CONFIG_SHOWERRORS:=true} -CONFIG_ERRORREPORTING=${CONFIG_ERRORREPORTING:=true} -CONFIG_ADMINPROTECTINDEXPAGE=${CONFIG_ADMINPROTECTINDEXPAGE:=false} -CONFIG_ADMINPROTECTMETADATA=${CONFIG_ADMINPROTECTMETADATA:=false} - -CONFIG_DEBUG=${CONFIG_DEBUG:=false} -CONFIG_LOGGINGLEVEL=${CONFIG_LOGGINGLEVEL:=NOTICE} -CONFIG_LOGGINGHANDLER=${CONFIG_LOGGINGLHANDLER:=file} -CONFIG_LOGFILE=${CONFIG_LOGFILE:='simplesamlphp.log'} - -CONFIG_ENABLESAML20IDP=${CONFIG_ENABLESAML20IDP:=false} -CONFIG_ENABLESHIB13IDP=${CONFIG_ENABLESHIB13IDP:=false} -CONFIG_ENABLEADFSIDP=${CONFIG_ENABLEADFSIDP:=false} -CONFIG_ENABLEWSFEDSP=${CONFIG_ENABLEWSFEDSP:=false} -CONFIG_ENABLEAUTHMEMCOOKIE=${CONFIG_ENABLEAUTHMEMCOOKIE:=false} - -CONFIG_SESSIONDURATION=${CONFIG_SESSIONDURATION:=8 * (60 * 60)} -CONFIG_SESSIONDATASTORETIMEOUT=${CONFIG_SESSIONDATASTORETIMEOUT:=(4 * 60 * 60)} -CONFIG_SESSIONSTATETIMEOUT=${CONFIG_SESSIONSTATETIMEOUT:=(60 * 60)} -CONFIG_SESSIONCOOKIELIFETIME=${CONFIG_SESSIONCOOKIELIFETIME:=0} - -CONFIG_SESSIONREMEMBERMEENABLE=${CONFIG_SESSIONREMEMBERMEENABLE:=false} -CONFIG_SESSIONREMEMBERMECHECKED=${CONFIG_SESSIONREMEMBERMECHECKED:=false} -CONFIG_SESSIONREMEMBERMELIFETIME=${CONFIG_SESSIONREMEMBERMELIFETIME:=(14 * 86400)} - -CONFIG_SESSIONCOOKIESECURE=${CONFIG_SESSIONCOOKIESECURE:=false} -CONFIG_ENABLEHTTPPOST=${CONFIG_ENABLEHTTPPOST:=false} -CONFIG_THEMEUSE=${CONFIG_THEMEUSE:=default} -CONFIG_STORETYPE=${CONFIG_STORETYPE:=phpsession} - -WWW_INDEX=${WWW_INDEX:=core/frontpage_welcome.php} -OPENLDAP_TLS_REQCERT=${OPENLDAP_TLS_REQCERT:=demand} - -if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then - echo "[$0] DOCKER_REDIRECTLOGS was set to 'true', so setting CONFIG_LOGGINGHANDLER to 'file'" - CONFIG_LOGGINGHANDLER=file - if [ "$CONFIG_LOGFILE" != "simplesamlphp.log" ]; then - echo "[$0] [WARN] DOCKER_REDIRECTLOGS was set to true, but CONFIG_LOGFILE was set away from the default. It makes no sense to do this as logs are redirected to a pipe." - echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false' and volume mount the logs directory to the host." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - fi - if [ -z "$(ls -A /var/simplesamlphp/log/)" ]; then - if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then - echo "[$0] [WARN] DOCKER_REDIRECTLOGS is set to true but the log directory is volume mounted. It makes no sense to do this as logs are redirected to a pipe." - echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false'." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - fi - else - if [ "$CONFIG_LOGGINGHANDLER" = "file" ]; then - echo "[$0] [WARN] CONFIG_LOGGINGHANDLER is set to 'file' but the log directory is not volume mounted." - echo "[$0] [WARN] This will cause the container to grow with a logfile and is in most cases very undesirable." - echo "[$0] Pausing 5 seconds due to above warning." - fi - fi - ln -sf /proc/1/fd/1 /var/simplesamlphp/log/$CONFIG_LOGFILE -fi - -#Only set memcache vars if storetype is memcache -if [ "$CONFIG_STORETYPE" == "memcache" ]; then - CONFIG_MEMCACHESTORESERVERS=${CONFIG_MEMCACHESTORESERVERS:=" 'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ),"} - CONFIG_MEMCACHESTOREPREFIX=${CONFIG_MEMCACHESTOREPREFIX:=null} -fi - -#Check to see what directories were volume mounted -if [ -z "$(ls -A /var/simplesamlphp/)" ]; then - echo "[$0] [WARN] New install, The entire SimpleSAMLphp directory seems to be Docker volume mounted as it is empty. This is fine for testing but highly not recommended in production. Please see the Dockerfile README for more info." >&2 - tar xf /var/simplesamlphp.tar.gz -C /var/ > /dev/null - mv /var/simplesamlphp-*/* /var/simplesamlphp/ > /dev/null - rm -rf /var/simplesamlphp-* > /dev/null - echo "[$0] [WARN] Install Complete. Nothing is ephemeral in the SimpleSAMLphp install so updates need done manually from the host volume this point forward." >&2 -else - if [ -z "$(ls -A /var/simplesamlphp/attributemap/)" ]; then - echo "[$0] attributemap directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/attributemap > /dev/null - mv /simplesamlphp-1.*/attributemap/* /var/simplesamlphp/attributemap/ - echo "[$0] Seed complete. Directory attributemap will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/bin/)" ]; then - echo "[$0] bin directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/bin > /dev/null - mv /simplesamlphp-1.*/bin/* /var/simplesamlphp/bin/ - echo "[$0] Seed complete. Directory bin will not be part of future upgrades and will need upgraded manually." - fi - ls -A /var/simplesamlphp/cert/breadcrumb &> /dev/null - if ! [ $? -ne 0 ]; then - echo "[$0] [WARN] cert directory is not volume mounted and probably should be." - echo "[$0] Pausing 3 seconds due to above warning." - sleep 3 - fi - if [ -z "$(ls -A /var/simplesamlphp/config/)" ]; then - echo "[$0] config directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/config > /dev/null - mv /simplesamlphp-1.*/config/* /var/simplesamlphp/config/ - echo "[$0] Seed complete. Directory config will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/config-templates/)" ]; then - echo "[$0] config-templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/config-templates > /dev/null - mv /simplesamlphp-1.*/config-templates/* /var/simplesamlphp/config-templates/ - echo "[$0] Seed complete. Directory config-templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/dictionaries/)" ]; then - echo "[$0] dictionaries directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/dictionaries > /dev/null - mv /simplesamlphp-1.*/dictionaries/* /var/simplesamlphp/dictionaries/ - echo "[$0] Seed complete. Directory dictionaries will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/docs/)" ]; then - echo "[$0] docs directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/docs > /dev/null - mv /simplesamlphp-1.*/docs/* /var/simplesamlphp/docs/ - echo "[$0] Seed complete. Directory docs will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/extra/)" ]; then - echo "[$0] extra directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/extra > /dev/null - mv /simplesamlphp-1.*/extra/* /var/simplesamlphp/extra/ - echo "[$0] Seed complete. Directory extra will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/lib/)" ]; then - echo "[$0] lib directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/lib > /dev/null - mv /simplesamlphp-1.*/lib/* /var/simplesamlphp/lib/ - echo "[$0] Seed complete. Directory lib will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/metadata/)" ]; then - echo "[$0] metadata directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/metadata > /dev/null - mv /simplesamlphp-1.*/metadata/* /var/simplesamlphp/metadata/ - echo "[$0] Seed complete. Directory metadata will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/metadata-templates/)" ]; then - echo "[$0] metadata-templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/metadata-templates > /dev/null - mv /simplesamlphp-1.*/metadata-templates/* /var/simplesamlphp/metadata-templates/ - echo "[$0] Seed complete. Directory metadata-templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/modules/)" ]; then - echo "[$0] modules directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/modules > /dev/null - mv /simplesamlphp-1.*/modules/* /var/simplesamlphp/modules/ - echo "[$0] Seed complete. Directory modules will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/schemas/)" ]; then - echo "[$0] schemas directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/schemas > /dev/null - mv /simplesamlphp-1.*/schemas/* /var/simplesamlphp/schemas/ - echo "[$0] Seed complete. Directory schemas will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/templates/)" ]; then - echo "[$0] templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/templates > /dev/null - mv /simplesamlphp-1.*/templates/* /var/simplesamlphp/templates/ - echo "[$0] Seed complete. Directory templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/tests/)" ]; then - echo "[$0] tests directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/tests > /dev/null - mv /simplesamlphp-1.*/tests/* /var/simplesamlphp/tests/ - echo "[$0] Seed complete. Directory tests will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/tools/)" ]; then - echo "[$0] tools directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/tools > /dev/null - mv /simplesamlphp-1.*/tools/* /var/simplesamlphp/tools/ - echo "[$0] Seed complete. Directory tools will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/vendor/)" ]; then - echo "[$0] vendor directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/vendor > /dev/null - mv /simplesamlphp-1.*/vendor/* /var/simplesamlphp/vendor/ - echo "[$0] Seed complete. Directory vendor will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/www/)" ]; then - echo "[$0] www directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/www > /dev/null - mv /simplesamlphp-1.*/www/* /var/simplesamlphp/www/ - echo "[$0] Seed complete. Directory www will not be part of future upgrades and will need upgraded manually." - fi - rm -rf /simplesamlphp-*/ -fi - -ls -A /var/simplesamlphp/config/.dockersetupdone &> /dev/null -if ! [ $? -ne 0 ]; then - echo "[$0] Breadcrumb located, skipping firstime config." - echo "[$0] Done" - exit 0 -fi - -#Apply server certificate check in a TLS session -echo -e "TLS_REQCERT\t$OPENLDAP_TLS_REQCERT" >> /etc/openldap/ldap.conf - -#Configure SimpleSAMLphp from runtime variables. - -echo "[$0] Apply Configuration to config.php..." - -#Apply Configurations -sed -i "s|'baseurlpath' => 'simplesaml/'|'baseurlpath' => '$CONFIG_BASEURLPATH'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'auth.adminpassword' => '123'|'auth.adminpassword' => '$CONFIG_AUTHADMINPASSWORD'|g" /var/simplesamlphp/config/config.php -sed -i "s|'secretsalt' => 'defaultsecretsalt'|'secretsalt' => '$CONFIG_SECRETSALT'|g" /var/simplesamlphp/config/config.php -sed -i "s|'technicalcontact_name' => 'Administrator'|'technicalcontact_name' => '$CONFIG_TECHNICALCONTACT_NAME'|g" /var/simplesamlphp/config/config.php -sed -i "s|'technicalcontact_email' => 'na@example.org'|'technicalcontact_email' => '$CONFIG_TECHNICALCONTACT_EMAIL'|g" /var/simplesamlphp/config/config.php -sed -i "s|'language.default' => 'en'|'language.default' => '$CONFIG_LANGUAGEDEFAULT'|g" /var/simplesamlphp/config/config.php -sed -i "s|'timezone' => null|'timezone' => '$CONFIG_TIMEZONE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'tempdir' => '/tmp/simplesaml'|'tempdir' => '$CONFIG_TEMPDIR'|g" /var/simplesamlphp/config/config.php -sed -i "s|'showerrors' => true|'showerrors' => $CONFIG_SHOWERRORS|g" /var/simplesamlphp/config/config.php -sed -i "s|'errorreporting' => true|'errorreporting' => $CONFIG_ERRORREPORTING|g" /var/simplesamlphp/config/config.php -sed -i "s|'admin.protectindexpage' => false|'admin.protectindexpage' => $CONFIG_ADMINPROTECTINDEXPAGE|g" /var/simplesamlphp/config/config.php -sed -i "s|'admin.protectmetadata' => false|'admin.protectmetadata' => $CONFIG_ADMINPROTECTMETADATA|g" /var/simplesamlphp/config/config.php - -sed -i "s|'debug' => false|'debug' => $CONFIG_DEBUG|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.level' => SimpleSAML_Logger::NOTICE|'logging.level' => SimpleSAML_Logger::$CONFIG_LOGGINGLEVEL|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.handler' => 'syslog'|'logging.handler' => '$CONFIG_LOGGINGHANDLER'|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.logfile' => 'simplesamlphp.log'|'logging.logfile' => '$CONFIG_LOGFILE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'enable.saml20-idp' => false|'enable.saml20-idp' => $CONFIG_ENABLESAML20IDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.shib13-idp' => false|'enable.shib13-idp' => $CONFIG_ENABLESHIB13IDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.adfs-idp' => false|'enable.adfs-idp' => $CONFIG_ENABLEADFSIDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.wsfed-sp' => false|'enable.wsfed-sp' => $CONFIG_ENABLEWSFEDSP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.authmemcookie' => false|'enable.authmemcookie' => $CONFIG_ENABLEAUTHMEMCOOKIE|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.duration' => 8 \* (60 \* 60)|'session.duration' => $CONFIG_SESSIONDURATION|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.datastore.timeout' => (4 \* 60 \* 60)|'session.datastore.timeout' => $CONFIG_SESSIONDATASTORETIMEOUT|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.state.timeout' => (60 \* 60)|'session.state.timeout' => $CONFIG_SESSIONSTATETIMEOUT|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.cookie.lifetime' => 0|'session.cookie.lifetime' => $CONFIG_SESSIONCOOKIELIFETIME|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.rememberme.enable' => false|'session.rememberme.enable' => $CONFIG_SESSIONREMEMBERMEENABLE|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.rememberme.checked' => false|'session.rememberme.checked' => $CONFIG_SESSIONREMEMBERMECHECKED|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.rememberme.lifetime' => (14 \* 86400)|'session.rememberme.lifetime' => $CONFIG_SESSIONREMEMBERMELIFETIME|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.cookie.secure' => false|'session.cookie.secure' => $CONFIG_SESSIONCOOKIESECURE|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.http_post' => false|'enable.http_post' => $CONFIG_ENABLEHTTPPOST|g" /var/simplesamlphp/config/config.php - -sed -i "s|'theme.use' => 'default'|'theme.use' => '$CONFIG_THEMEUSE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'store.type' => 'phpsession',|'store.type' => '$CONFIG_STORETYPE',|g" /var/simplesamlphp/config/config.php - -sed -i "s|'core/frontpage_welcome.php'|'$WWW_INDEX'|g" /var/simplesamlphp/www/index.php - -#Only configure redundant memcache if storetype is set to memcache -if [ "$CONFIG_STORETYPE" == "memcache" ]; then - sed -i "/ 'memcache_store.servers' => array(/{n;N;N;d}" /var/simplesamlphp/config/config.php - sed -i "s| 'memcache_store.servers' => array(|$CONFIG_MEMCACHESTORESERVERS|g" /var/simplesamlphp/config/config.php - sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => '$CONFIG_MEMCACHESTOREPREFIX'|g" /var/simplesamlphp/config/config.php - if [ "$CONFIG_MEMCACHESTOREPREFIX" == "null" ]; then - echo "[$0] [WARN] CONFIG_STORETYPE was set to 'memcache', but CONFIG_MEMCACHESTOREPREFIX was not set from null. This will not work. Setting CONFIG_MEMCACHESTOREPREFIX to 'simpleSAMLphp'." - echo "[$0] To avoid this warning in the future, set CONFIG_MEMCACHESTOREPREFIX to something, 'simpleSAMLphp' is the suggested default if memcache is enabled." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => $CONFIG_MEMCACHESTOREPREFIX|g" /var/simplesamlphp/config/config.php - fi -fi - -chown php-fpm:php-fpm /var/simplesamlphp/log/ - -touch /var/simplesamlphp/config/.dockersetupdone - -echo "[$0] Configuration Complete. Saved .dockersetupdone breadcrumb to config directory to prevent config rerun." diff --git a/1.14.17/Dockerfile b/1.14.17/Dockerfile deleted file mode 100644 index c1bc808..0000000 --- a/1.14.17/Dockerfile +++ /dev/null @@ -1,55 +0,0 @@ -FROM centos:7 -MAINTAINER Adam Zheng adam.w.zheng@icloud.com - -ENV S6_RELEASE 1.21.2.0 -ENV SIMPLESAMLPHP_RELEASE 1.14.17 - -#Add S6 Overlay -ADD https://github.com/just-containers/s6-overlay/releases/download/v$S6_RELEASE/s6-overlay-amd64.tar.gz /tmp/ -RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \ - && tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin - -#Install SimpleSAMLphp Requirements -RUN yum -y install epel-release \ - && rpm -Uvh https://centos7.iuscommunity.org/ius-release.rpm \ - && echo -e '[nginx]\nname=nginx repo\nbaseurl=http://nginx.org/packages/centos/7/$basearch/\ngpgcheck=0\nenabled=1' > /etc/yum.repos.d/nginx.repo \ - && yum -y install nginx php56u-fpm php56u-fpm-nginx php56u-dom php56u-mbstring php56u-mcrypt php56u-pdo php56u-pecl-memcache php56u-ldap sendmail \ - && sed -i 's/user = apache/user = nginx/' /etc/php-fpm.d/www.conf \ - && sed -i 's/group = apache/group = nginx/' /etc/php-fpm.d/www.conf - -#Configure webserver -RUN echo -e 'server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name _;\n root /var/simplesamlphp/www/;\n index index.php;\n\n location /simplesaml {\n alias /var/simplesamlphp/www/;\n location ~ ^(?/simplesaml)(?.+?.php)(?/.*)?$ {\n include fastcgi_params;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_split_path_info ^(.+?.php)(/.+)$;\n fastcgi_param SCRIPT_FILENAME $document_root$phpfile;\n fastcgi_param PATH_INFO $pathinfo if_not_empty;\n }\n }\n\n location ~ .php$ {\n fastcgi_split_path_info ^(.+.php)(/.+)$;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n include fastcgi_params;\n add_header Cache-control no-cache;\n }\n}' > /etc/nginx/conf.d/default.conf \ - && mkdir -p /var/lib/php/session/ \ - && chown -Rv nginx:nginx /var/lib/php/session/ - -#Download SimpleSAMLphp, Archive must remain present for seeding post install. -RUN curl -Lo /var/simplesamlphp.tar.gz https://github.com/simplesamlphp/simplesamlphp/releases/download/v$SIMPLESAMLPHP_RELEASE/simplesamlphp-$SIMPLESAMLPHP_RELEASE.tar.gz \ - && tar xzf /var/simplesamlphp.tar.gz --directory /var \ - && mv /var/simplesamlphp-* /var/simplesamlphp \ - && touch /var/simplesamlphp/cert/breadcrumb \ - && touch /var/simplesamlphp/log/breadcrumb - -#Redirect NGINX Logs -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log - -#Add Service NGINX to be Monitored by S6 -RUN mkdir -p /etc/services.d/nginx/ \ - && touch /etc/services.d/nginx/run \ - && echo '#!/usr/bin/execlineb -P' > /etc/services.d/nginx/run \ - && echo 'nginx -g "daemon off;"' >> /etc/services.d/nginx/run - -#Add Service PHP-FPM to be Monitored by S6 -RUN mkdir -p /etc/services.d/php-fpm/ \ - && touch /etc/services.d/php-fpm/run \ - && echo '#!/usr/bin/execlineb -P' > /etc/services.d/php-fpm/run \ - && echo '/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \ - && sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/php-fpm.conf - -#Copy the SimpleSAMLphp CLI Install Script into the Container to be executed on startup -COPY install-simplesamlphp.sh /etc/cont-init.d/ -RUN chmod u+x /etc/cont-init.d/install-simplesamlphp.sh - -RUN yum -y update && yum clean all && rm -rf /var/cache/yum && > /var/log/yum.log - -ENTRYPOINT ["/init"] diff --git a/1.14.17/README.md b/1.14.17/README.md deleted file mode 100644 index 6ac3e04..0000000 --- a/1.14.17/README.md +++ /dev/null @@ -1,161 +0,0 @@ -[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.14.17.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.14.17 "Get your own version badge on microbadger.com") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.14.17.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.14.17 "Get your own image badge on microbadger.com") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) - -Supported tags and respective `Dockerfile` links - -- [`1.14.17`, `latest` (*1.14.17/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.17/Dockerfile) -- [`1.14.16` (*1.14.16/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.16/Dockerfile) -- [`1.14.15` (*1.14.15/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.15/Dockerfile) - -### How to use this image - -Start a `venatorfox/simplesamlphp` instance, expose port 80. - -```console -$ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest -``` -Visit the site at http://localhost, default unconfigured username is "admin" and password is "123". #superSecure - -See below for available runtime environment variables for a more specific configuration. - -> The config.php will be created at run and baked into the SimpleSAMLphp Core Install. -> This will allow easy future upgrades, as you can simply destroy the container and bring it up with a new version. -> The docker environment variables configured at runtime will be applied to the default config, pulled from SimpleSAMLphp. - -> The purpose of this image is to store as much ephemeral data inside the container as possible for easy upgrades. -> This is controlled by how you mount docker volumes. Examples are presented below. - -### Supported Volume Mount Options for Pre-Seeding - -The following directories will pre-seed if they are mounted. -If attempting to mount an subdirectory, it will not pre-seed and therefore must pre-exist. - -If the directory is not mounted, it will use its ephemeral counterpart in the container which is ideal, explained below. -Note that once a directory is mounted, it will need to be upgraded manually for future SimpleSAMLphp releases if applicable. -If a mounted directory disappears from the host, it will pre-seed again with defaults from the SimpleSAMLphp install on restart. -If reverting to a default directory is desired, remove the host directory and adjust the docker run command to exclude the mount. - -Some directories will probably never need manually updated as SimpleSAMLphp will not update them in new versions. -`/cert` and `/metadata` are examples of directories that should always be volume mounted, as it contains data that must persist, is very organization specific, and will probably never or rarely be changed by SimpleSAMLphp releases. - -Something like `/bin` should never be volume mounted unless it's for development purposes, as it will likley be upgraded by SimpleSAMLphp in new versions. - -Be sure to check new SimpleSAMLphp releases to see if manual upgrades need done to a directory that was mounted. -Check [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install) installation section 5 for specifics. - -Individual files can also be mounted, but will not pre-seed content. It must pre-exist before starting the container. -Mounting the `authsources.php` file is a good example, as `/config` will probably not be mounted. -Another example, if using composer, the `composer.json` and `composer.lock` files will need mounted. - -This will vary greatly depending on use. A compose file similar to a production instance as is at the end of this README. - -| Directory | Opinion | -| ------ | ------ | -| /var/simplesamlphp/attributemap | -- | -| /var/simplesamlphp/bin | Probably should not be volume mounted. | -| /var/simplesamlphp/cert | Should always be volume mounted. | -| /var/simplesamlphp/config | Should probably not be volume mounted as its mostly configured by docker. | -| /var/simplesamlphp/config-templates | -- | -| /var/simplesamlphp/dictionaries | Can be mounted for customized user messages. | -| /var/simplesamlphp/docs | -- | -| /var/simplesamlphp/extra | -- | -| /var/simplesamlphp/lib | -- | -| /var/simplesamlphp/log | If using docker log redirection (not working yet), this cannot be volume mounted. If docker logs write to a file, this should be volume mounted so logs do not grow inside the container. | -| /var/simplesamlphp/metadata | Should always be volume mounted, very specific to organization. | -| /var/simplesamlphp/metadata-templates | -- | -| /var/simplesamlphp/modules | Can be volume mounted for easier module customization | -| /var/simplesamlphp/schemas | -- | -| /var/simplesamlphp/templates | -- | -| /var/simplesamlphp/tests | -- | -| /var/simplesamlphp/tools | -- | -| /var/simplesamlphp/vendor | -- | -| /var/simplesamlphp/www | Can be volume mounted for easier www customization | - -### Runtime Environment Variables - -The following variables can be overridden at run or in docker-compose. -It is recommended to set them properly and not use default values. -(Unless you want an authentication service with no SSL, with your admin password being 123 (Can you not, kthx)). - -| Variable | Default Value | Description | -| ------ | ------ | ------ | -| CONFIG_BASEURLPATH | simplesaml/ | If using SSL behind a proxy enter the base URL here, otherwise IdP metadata will use http://. Format is [(https)://(hostname)[:port]]/[path/to/simplesaml/]. | -| DOCKER_REDIRECTLOGS | false | Redirect logs written to the log file by SimpleSAMLphp to `/proc/1/fd/1`. This does not work yet due to permissions issues. If someone knows how to resolve this please let me know or contribute a fix to the Git repository. Thanks! | -| CONFIG_AUTHADMINPASSWORD | SSHA256 hash of '123' | Plain text works as well. Use PWGen to generate a hash for this variable. Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7. | -| CONFIG_SECRETSALT | defaultsecretsalt | Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7 if help is needed for generating one. | -| CONFIG_TECHNICALCONTACT_NAME | Administrator | Name of the Admin of Rainy Clouds, 42nd of Their Name, Breaker of Sanity, and ~~Destroyer~~ Protector of the Federation | -| CONFIG_TECHNICALCONTACT_EMAIL | na@example.org | Address of hate mail and applicaton exception logs to send to. Mail support is not yet supported in this container, it is coming soon. Best to turn off mail error reporting option and direct users to the proper email until its implemented. | -| CONFIG_LANGUAGEDEFAULT | en | -- | -| CONFIG_TIMEZONE | America/Chicago | Visit the [php.net man pages](http://php.net/manual/en/timezones.america.php) for the options, the one linked is for 'Murica. | -| CONFIG_TEMPDIR | /tmp/simplesaml | -- | -| CONFIG_SHOWERRORS | true | Shows detailed errors to the user if one occurs. | -| CONFIG_ERRORREPORTING | true | Allow users to send reports from SimpleSAMLphp to the technicalcontact. Not yet working. | -| CONFIG_ADMINPROTECTINDEXPAGE | false | Require admin password to access frontpage_federation index | -| CONFIG_ADMINPROTECTMETADATA | false | Require admin password to access public IdP metadata | -| CONFIG_DEBUG | false | Enable debugging to logs, requires CONFIG_LOGGINGLEVEL be set to DEBUG | -| CONFIG_LOGGINGLEVEL | NOTICE | Options are ERR, WARNING, NOTICE, INFO, DEBUG | -| CONFIG_LOGGINGHANDLER | file | Default different from official default of syslog due to systemd not running in containers. | -| CONFIG_LOGFILE | simplesamlphp.log | -- | -| CONFIG_ENABLESAML20IDP | false | Enable SAML20 IdP | -| CONFIG_ENABLESHIB13IDP | false | Enable Shibboleth13 IdP | -| CONFIG_SESSIONDURATION | 8 * (60 * 60) | -- | -| CONFIG_SESSIONDATASTORETIMEOUT | (4 * 60 * 60) | -- | -| CONFIG_SESSIONSTATETIMEOUT | (60 * 60) | -- | -| CONFIG_SESSIONCOOKIELIFETIME | 0 | -- | -| CONFIG_SESSIONREMEMBERMEENABLE | false | -- | -| CONFIG_SESSIONREMEMBERMECHECKED | false | -- | -| CONFIG_SESSIONREMEMBERMELIFETIME | (14 * 86400) | -- | -| CONFIG_SESSIONCOOKIESECURE | false | -- | -| CONFIG_ENABLEHTTPPOST | false | -- | -| CONFIG_THEMEUSE | default | -- | -| CONFIG_STORETYPE | phpsession | If using `memcache` option, CONFIG_MEMCACHESTORESERVERS and CONFIG_MEMCACHESTOREPREFIX will need to be set. | -| CONFIG_MEMCACHESTORESERVERS | See Format Below* | Was unable to make this an easy variable, the format of the array is given below in a 2x2 example. Keep the format but replace the hostnames. | -| CONFIG_MEMCACHESTOREPREFIX | null | `simplesamlphp` can be used in most cases. | -| WWW_INDEX | core/frontpage_welcome.php | Page to direct to if a user accesses the IdP/SP directly. Can be set to an authentication test for example. | -| OPENLDAP_TLS_REQCERT | demand | As per ldap man pages, Options are `never` `allow` `try` `demand`. If using Active Directory or OpenLDAP with TLS, logins will be rejected if the directory certificate is self-signed with the default `demand` value. This can be set to `never` for testing purposes. Refer to ldap.conf man page section 5 for more details. | - -Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this template and replace the hostnames. Check compose file for usage example: -```console - 'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ), -``` - -### Maintenance - -This is being actively maintained and is running in production. -Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired. - -### Todos - - Figure out logging to docker stdio - - Add support for mail to be sent during exceptions - - Add ability for stats to be sent to docker stdio or to mounted file - -### More Complex/Practical Compose Example, IdP SSL Termination with HAProxy -This example will run HAProxy with snakeoil SSL termination for https://localhost. -It will also bring up 4 memcached containers, 2 pairs of 2, for phpsession. -This is useful for running a SimpleSAMLphp cluster via some orchestration service such as Rancher. - -You will need the `haproxy.cfg` and `docker-compose.yml` files from the Git repository. - -Since SimpleSAMLphp will not care about the webroot, an entry to the hosts file can be added to whatever for testing. -Be sure to adjust the HOST environment variable below for whatever localhost self-signed certificate desired. -Of course in production use a real CA, like LetsEncrypt. - -This will be more in line with what would be seen in a production environment. (minus the demo 123 password, salt, etc) -Note the choices of volume mounts of what to keep ephemeral, and what to keep persistant. -The more volumes, the more manual upgrades might be. -Check SimpleSAMLphp's upgrade notes to see if updates occured in a specified directory. - -Note that running this compose file will create files in `/opt/docker/volumes/` on your host. -You can remove this after toying with the example. - -Run the following two commands: -```console -mkdir -p /opt/docker/volumes/idp-haproxy/ssl -docker run --rm -v /opt/docker/volumes/idp-haproxy/ssl:/ssl -e HOST=localhost -e TYPE=pem project42/selfsignedcert -``` - -Save the `haproxy.cfg` to `/opt/docker/volumes/idp-haproxy/haproxy.cfg` - -Finally, save the v2 compose file as `docker-compose.yml` somewhere. -Run `docker-compose -f docker-compose.yml up` to bring the stack up. -After install, visit https://localhost (or whatever URL you chose) -Use `docker-compose -f docker-compose.yml down` to destroy containers after playing. diff --git a/1.14.17/docker-compose.yml b/1.14.17/docker-compose.yml deleted file mode 100644 index b38bb5e..0000000 --- a/1.14.17/docker-compose.yml +++ /dev/null @@ -1,78 +0,0 @@ -version: '2' - -services: - - idp01-simplesamlphp: - container_name: idp01-simplesamlphp - image: venatorfox/simplesamlphp:1.14.17 - environment: - - CONFIG_BASEURLPATH=https://localhost/simplesaml/ -# To login to this example setup, use 123 for the password. - - CONFIG_AUTHADMINPASSWORD={SSHA256}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw== - - CONFIG_SECRETSALT=exampleabcdefghijklmnopqrstuvwxy - - CONFIG_TECHNICALCONTACT_NAME=Adam Zheng - - CONFIG_TECHNICALCONTACT_EMAIL=adam.zheng@esu10.org - - CONFIG_LANGUAGEDEFAULT=en - - CONFIG_TIMEZONE=America/Chicago - - CONFIG_SHOWERRORS=true - - CONFIG_ERRORREPORTING=true - - CONFIG_ADMINPROTECTINDEXPAGE=true - - CONFIG_ADMINPROTECTMETADATA=false - - CONFIG_DEBUG=FALSE - - CONFIG_LOGGINGLEVEL=INFO - - CONFIG_LOGGINGHANDLER=file - - CONFIG_LOGFILE=simplesamlphp.log - - CONFIG_ENABLESAML20IDP=true - - CONFIG_SESSIONCOOKIESECURE=false - - CONFIG_ENABLEHTTPPOST=false - - CONFIG_STORETYPE=memcache - - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - - CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => array(\n array(\n array('hostname' => 'a01-memcached'),\n array('hostname' => 'a02-memcached'),\n ),\n array(\n array('hostname' => 'b01-memcached'),\n array('hostname' => 'b02-memcached'),\n ), -# - WWW_INDEX=core/authenticate.php?as=admin - - OPENLDAP_TLS_REQCERT=always - volumes: -# - /opt/docker/volumes/idp-simplesamlphp/config/authsources.php:/var/simplesamlphp/config/authsources.php - - /opt/docker/volumes/idp-simplesamlphp/cert/:/var/simplesamlphp/cert/ - - /opt/docker/volumes/idp-simplesamlphp/dictionaries/:/var/simplesamlphp/dictionaries/ - - /opt/docker/volumes/idp-simplesamlphp/log/:/var/simplesamlphp/log - - /opt/docker/volumes/idp-simplesamlphp/metadata/:/var/simplesamlphp/metadata - - /opt/docker/volumes/idp-simplesamlphp/modules/:/var/simplesamlphp/modules - - /opt/docker/volumes/idp-simplesamlphp/templates/:/var/simplesamlphp/templates - - /opt/docker/volumes/idp-simplesamlphp/www/:/var/simplesamlphp/www - restart: always - - a01-memcached: - container_name: a01-memcached - image: memcached:latest - restart: always - - a02-memcached: - container_name: a02-memcached - image: memcached:latest - restart: always - - b01-memcached: - container_name: b01-memcached - image: memcached:1.5.2-alpine - restart: always - - b02-memcached: - container_name: b02-memcached - image: memcached:1.5.2-alpine - restart: always - - idp-haproxy: - container_name: idp-haproxy - image: million12/haproxy:1.7.9 - depends_on: - - idp01-simplesamlphp - links: - - idp01-simplesamlphp - ports: - - 80:80 - - 443:443 - volumes: - - /opt/docker/volumes/idp-haproxy:/etc/haproxy - restart: always - cap_add: - - NET_ADMIN diff --git a/1.14.17/install-simplesamlphp.sh b/1.14.17/install-simplesamlphp.sh deleted file mode 100644 index 89caad5..0000000 --- a/1.14.17/install-simplesamlphp.sh +++ /dev/null @@ -1,280 +0,0 @@ -#!/usr/bin/with-contenv /bin/bash - -#Default runtime variables if none are supplied at Docker container creation - -DOCKER_REDIRECTLOGS=${DOCKER_REDIRECTLOGS:=false} - -CONFIG_BASEURLPATH=${CONFIG_BASEURLPATH:=simplesaml/} - -#This SSHA256 hash is '123' for the default password. -CONFIG_AUTHADMINPASSWORD=${CONFIG_AUTHADMINPASSWORD:=\{SSHA256\}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw==} -CONFIG_SECRETSALT=${CONFIG_SECRETSALT:=defaultsecretsalt} -CONFIG_TECHNICALCONTACT_NAME=${CONFIG_TECHNICALCONTACT_NAME:=Administrator} -CONFIG_TECHNICALCONTACT_EMAIL=${CONFIG_TECHNICALCONTACT_EMAIL:=na@example.org} -CONFIG_LANGUAGEDEFAULT=${CONFIG_LANGUAGEDEFAULT:=en} -CONFIG_TIMEZONE=${CONFIG_TIMEZONE:=America/Chicago} - -CONFIG_TEMPDIR=${CONFIG_TEMPDIR:=/tmp/simplesaml} -CONFIG_SHOWERRORS=${CONFIG_SHOWERRORS:=true} -CONFIG_ERRORREPORTING=${CONFIG_ERRORREPORTING:=true} -CONFIG_ADMINPROTECTINDEXPAGE=${CONFIG_ADMINPROTECTINDEXPAGE:=false} -CONFIG_ADMINPROTECTMETADATA=${CONFIG_ADMINPROTECTMETADATA:=false} - -CONFIG_DEBUG=${CONFIG_DEBUG:=false} -CONFIG_LOGGINGLEVEL=${CONFIG_LOGGINGLEVEL:=NOTICE} -CONFIG_LOGGINGHANDLER=${CONFIG_LOGGINGLHANDLER:=file} -CONFIG_LOGFILE=${CONFIG_LOGFILE:='simplesamlphp.log'} - -CONFIG_ENABLESAML20IDP=${CONFIG_ENABLESAML20IDP:=false} -CONFIG_ENABLESHIB13IDP=${CONFIG_ENABLESHIB13IDP:=false} -CONFIG_ENABLEADFSIDP=${CONFIG_ENABLEADFSIDP:=false} -CONFIG_ENABLEWSFEDSP=${CONFIG_ENABLEWSFEDSP:=false} -CONFIG_ENABLEAUTHMEMCOOKIE=${CONFIG_ENABLEAUTHMEMCOOKIE:=false} - -CONFIG_SESSIONDURATION=${CONFIG_SESSIONDURATION:=8 * (60 * 60)} -CONFIG_SESSIONDATASTORETIMEOUT=${CONFIG_SESSIONDATASTORETIMEOUT:=(4 * 60 * 60)} -CONFIG_SESSIONSTATETIMEOUT=${CONFIG_SESSIONSTATETIMEOUT:=(60 * 60)} -CONFIG_SESSIONCOOKIELIFETIME=${CONFIG_SESSIONCOOKIELIFETIME:=0} - -CONFIG_SESSIONREMEMBERMEENABLE=${CONFIG_SESSIONREMEMBERMEENABLE:=false} -CONFIG_SESSIONREMEMBERMECHECKED=${CONFIG_SESSIONREMEMBERMECHECKED:=false} -CONFIG_SESSIONREMEMBERMELIFETIME=${CONFIG_SESSIONREMEMBERMELIFETIME:=(14 * 86400)} - -CONFIG_SESSIONCOOKIESECURE=${CONFIG_SESSIONCOOKIESECURE:=false} -CONFIG_ENABLEHTTPPOST=${CONFIG_ENABLEHTTPPOST:=false} -CONFIG_THEMEUSE=${CONFIG_THEMEUSE:=default} -CONFIG_STORETYPE=${CONFIG_STORETYPE:=phpsession} - -WWW_INDEX=${WWW_INDEX:=core/frontpage_welcome.php} -OPENLDAP_TLS_REQCERT=${OPENLDAP_TLS_REQCERT:=demand} - -if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then - echo "[$0] DOCKER_REDIRECTLOGS was set to 'true', so setting CONFIG_LOGGINGHANDLER to 'file'" - CONFIG_LOGGINGHANDLER=file - if [ "$CONFIG_LOGFILE" != "simplesamlphp.log" ]; then - echo "[$0] [WARN] DOCKER_REDIRECTLOGS was set to true, but CONFIG_LOGFILE was set away from the default. It makes no sense to do this as logs are redirected to a pipe." - echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false' and volume mount the logs directory to the host." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - fi - if [ -z "$(ls -A /var/simplesamlphp/log/)" ]; then - if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then - echo "[$0] [WARN] DOCKER_REDIRECTLOGS is set to true but the log directory is volume mounted. It makes no sense to do this as logs are redirected to a pipe." - echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false'." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - fi - else - if [ "$CONFIG_LOGGINGHANDLER" = "file" ]; then - echo "[$0] [WARN] CONFIG_LOGGINGHANDLER is set to 'file' but the log directory is not volume mounted." - echo "[$0] [WARN] This will cause the container to grow with a logfile and is in most cases very undesirable." - echo "[$0] Pausing 5 seconds due to above warning." - fi - fi - ln -sf /proc/1/fd/1 /var/simplesamlphp/log/$CONFIG_LOGFILE -fi - -#Only set memcache vars if storetype is memcache -if [ "$CONFIG_STORETYPE" == "memcache" ]; then - CONFIG_MEMCACHESTORESERVERS=${CONFIG_MEMCACHESTORESERVERS:=" 'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ),"} - CONFIG_MEMCACHESTOREPREFIX=${CONFIG_MEMCACHESTOREPREFIX:=null} -fi - -#Check to see what directories were volume mounted -if [ -z "$(ls -A /var/simplesamlphp/)" ]; then - echo "[$0] [WARN] New install, The entire SimpleSAMLphp directory seems to be Docker volume mounted as it is empty. This is fine for testing but highly not recommended in production. Please see the Dockerfile README for more info." >&2 - tar xf /var/simplesamlphp.tar.gz -C /var/ > /dev/null - mv /var/simplesamlphp-*/* /var/simplesamlphp/ > /dev/null - rm -rf /var/simplesamlphp-* > /dev/null - echo "[$0] [WARN] Install Complete. Nothing is ephemeral in the SimpleSAMLphp install so updates need done manually from the host volume this point forward." >&2 -else - if [ -z "$(ls -A /var/simplesamlphp/attributemap/)" ]; then - echo "[$0] attributemap directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/attributemap > /dev/null - mv /simplesamlphp-1.*/attributemap/* /var/simplesamlphp/attributemap/ - echo "[$0] Seed complete. Directory attributemap will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/bin/)" ]; then - echo "[$0] bin directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/bin > /dev/null - mv /simplesamlphp-1.*/bin/* /var/simplesamlphp/bin/ - echo "[$0] Seed complete. Directory bin will not be part of future upgrades and will need upgraded manually." - fi - ls -A /var/simplesamlphp/cert/breadcrumb &> /dev/null - if ! [ $? -ne 0 ]; then - echo "[$0] [WARN] cert directory is not volume mounted and probably should be." - echo "[$0] Pausing 3 seconds due to above warning." - sleep 3 - fi - if [ -z "$(ls -A /var/simplesamlphp/config/)" ]; then - echo "[$0] config directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/config > /dev/null - mv /simplesamlphp-1.*/config/* /var/simplesamlphp/config/ - echo "[$0] Seed complete. Directory config will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/config-templates/)" ]; then - echo "[$0] config-templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/config-templates > /dev/null - mv /simplesamlphp-1.*/config-templates/* /var/simplesamlphp/config-templates/ - echo "[$0] Seed complete. Directory config-templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/dictionaries/)" ]; then - echo "[$0] dictionaries directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/dictionaries > /dev/null - mv /simplesamlphp-1.*/dictionaries/* /var/simplesamlphp/dictionaries/ - echo "[$0] Seed complete. Directory dictionaries will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/docs/)" ]; then - echo "[$0] docs directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/docs > /dev/null - mv /simplesamlphp-1.*/docs/* /var/simplesamlphp/docs/ - echo "[$0] Seed complete. Directory docs will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/extra/)" ]; then - echo "[$0] extra directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/extra > /dev/null - mv /simplesamlphp-1.*/extra/* /var/simplesamlphp/extra/ - echo "[$0] Seed complete. Directory extra will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/lib/)" ]; then - echo "[$0] lib directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/lib > /dev/null - mv /simplesamlphp-1.*/lib/* /var/simplesamlphp/lib/ - echo "[$0] Seed complete. Directory lib will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/metadata/)" ]; then - echo "[$0] metadata directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/metadata > /dev/null - mv /simplesamlphp-1.*/metadata/* /var/simplesamlphp/metadata/ - echo "[$0] Seed complete. Directory metadata will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/metadata-templates/)" ]; then - echo "[$0] metadata-templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/metadata-templates > /dev/null - mv /simplesamlphp-1.*/metadata-templates/* /var/simplesamlphp/metadata-templates/ - echo "[$0] Seed complete. Directory metadata-templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/modules/)" ]; then - echo "[$0] modules directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/modules > /dev/null - mv /simplesamlphp-1.*/modules/* /var/simplesamlphp/modules/ - echo "[$0] Seed complete. Directory modules will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/schemas/)" ]; then - echo "[$0] schemas directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/schemas > /dev/null - mv /simplesamlphp-1.*/schemas/* /var/simplesamlphp/schemas/ - echo "[$0] Seed complete. Directory schemas will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/templates/)" ]; then - echo "[$0] templates directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/templates > /dev/null - mv /simplesamlphp-1.*/templates/* /var/simplesamlphp/templates/ - echo "[$0] Seed complete. Directory templates will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/tests/)" ]; then - echo "[$0] tests directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/tests > /dev/null - mv /simplesamlphp-1.*/tests/* /var/simplesamlphp/tests/ - echo "[$0] Seed complete. Directory tests will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/tools/)" ]; then - echo "[$0] tools directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/tools > /dev/null - mv /simplesamlphp-1.*/tools/* /var/simplesamlphp/tools/ - echo "[$0] Seed complete. Directory tools will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/vendor/)" ]; then - echo "[$0] vendor directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/vendor > /dev/null - mv /simplesamlphp-1.*/vendor/* /var/simplesamlphp/vendor/ - echo "[$0] Seed complete. Directory vendor will not be part of future upgrades and will need upgraded manually." - fi - if [ -z "$(ls -A /var/simplesamlphp/www/)" ]; then - echo "[$0] www directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/www > /dev/null - mv /simplesamlphp-1.*/www/* /var/simplesamlphp/www/ - echo "[$0] Seed complete. Directory www will not be part of future upgrades and will need upgraded manually." - fi - rm -rf /simplesamlphp-*/ -fi - -ls -A /var/simplesamlphp/config/.dockersetupdone &> /dev/null -if ! [ $? -ne 0 ]; then - echo "[$0] Breadcrumb located, skipping firstime config." - echo "[$0] Done" - exit 0 -fi - -#Apply server certificate check in a TLS session -echo -e "TLS_REQCERT\t$OPENLDAP_TLS_REQCERT" >> /etc/openldap/ldap.conf - -#Configure SimpleSAMLphp from runtime variables. - -echo "[$0] Apply Configuration to config.php..." - -#Apply Configurations -sed -i "s|'baseurlpath' => 'simplesaml/'|'baseurlpath' => '$CONFIG_BASEURLPATH'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'auth.adminpassword' => '123'|'auth.adminpassword' => '$CONFIG_AUTHADMINPASSWORD'|g" /var/simplesamlphp/config/config.php -sed -i "s|'secretsalt' => 'defaultsecretsalt'|'secretsalt' => '$CONFIG_SECRETSALT'|g" /var/simplesamlphp/config/config.php -sed -i "s|'technicalcontact_name' => 'Administrator'|'technicalcontact_name' => '$CONFIG_TECHNICALCONTACT_NAME'|g" /var/simplesamlphp/config/config.php -sed -i "s|'technicalcontact_email' => 'na@example.org'|'technicalcontact_email' => '$CONFIG_TECHNICALCONTACT_EMAIL'|g" /var/simplesamlphp/config/config.php -sed -i "s|'language.default' => 'en'|'language.default' => '$CONFIG_LANGUAGEDEFAULT'|g" /var/simplesamlphp/config/config.php -sed -i "s|'timezone' => null|'timezone' => '$CONFIG_TIMEZONE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'tempdir' => '/tmp/simplesaml'|'tempdir' => '$CONFIG_TEMPDIR'|g" /var/simplesamlphp/config/config.php -sed -i "s|'showerrors' => true|'showerrors' => $CONFIG_SHOWERRORS|g" /var/simplesamlphp/config/config.php -sed -i "s|'errorreporting' => true|'errorreporting' => $CONFIG_ERRORREPORTING|g" /var/simplesamlphp/config/config.php -sed -i "s|'admin.protectindexpage' => false|'admin.protectindexpage' => $CONFIG_ADMINPROTECTINDEXPAGE|g" /var/simplesamlphp/config/config.php -sed -i "s|'admin.protectmetadata' => false|'admin.protectmetadata' => $CONFIG_ADMINPROTECTMETADATA|g" /var/simplesamlphp/config/config.php - -sed -i "s|'debug' => false|'debug' => $CONFIG_DEBUG|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.level' => SimpleSAML_Logger::NOTICE|'logging.level' => SimpleSAML_Logger::$CONFIG_LOGGINGLEVEL|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.handler' => 'syslog'|'logging.handler' => '$CONFIG_LOGGINGHANDLER'|g" /var/simplesamlphp/config/config.php -sed -i "s|'logging.logfile' => 'simplesamlphp.log'|'logging.logfile' => '$CONFIG_LOGFILE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'enable.saml20-idp' => false|'enable.saml20-idp' => $CONFIG_ENABLESAML20IDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.shib13-idp' => false|'enable.shib13-idp' => $CONFIG_ENABLESHIB13IDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.adfs-idp' => false|'enable.adfs-idp' => $CONFIG_ENABLEADFSIDP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.wsfed-sp' => false|'enable.wsfed-sp' => $CONFIG_ENABLEWSFEDSP|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.authmemcookie' => false|'enable.authmemcookie' => $CONFIG_ENABLEAUTHMEMCOOKIE|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.duration' => 8 \* (60 \* 60)|'session.duration' => $CONFIG_SESSIONDURATION|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.datastore.timeout' => (4 \* 60 \* 60)|'session.datastore.timeout' => $CONFIG_SESSIONDATASTORETIMEOUT|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.state.timeout' => (60 \* 60)|'session.state.timeout' => $CONFIG_SESSIONSTATETIMEOUT|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.cookie.lifetime' => 0|'session.cookie.lifetime' => $CONFIG_SESSIONCOOKIELIFETIME|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.rememberme.enable' => false|'session.rememberme.enable' => $CONFIG_SESSIONREMEMBERMEENABLE|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.rememberme.checked' => false|'session.rememberme.checked' => $CONFIG_SESSIONREMEMBERMECHECKED|g" /var/simplesamlphp/config/config.php -sed -i "s|'session.rememberme.lifetime' => (14 \* 86400)|'session.rememberme.lifetime' => $CONFIG_SESSIONREMEMBERMELIFETIME|g" /var/simplesamlphp/config/config.php - -sed -i "s|'session.cookie.secure' => false|'session.cookie.secure' => $CONFIG_SESSIONCOOKIESECURE|g" /var/simplesamlphp/config/config.php -sed -i "s|'enable.http_post' => false|'enable.http_post' => $CONFIG_ENABLEHTTPPOST|g" /var/simplesamlphp/config/config.php - -sed -i "s|'theme.use' => 'default'|'theme.use' => '$CONFIG_THEMEUSE'|g" /var/simplesamlphp/config/config.php - -sed -i "s|'store.type' => 'phpsession',|'store.type' => '$CONFIG_STORETYPE',|g" /var/simplesamlphp/config/config.php - -sed -i "s|'core/frontpage_welcome.php'|'$WWW_INDEX'|g" /var/simplesamlphp/www/index.php - -#Only configure redundant memcache if storetype is set to memcache -if [ "$CONFIG_STORETYPE" == "memcache" ]; then - sed -i "/ 'memcache_store.servers' => array(/{n;N;N;d}" /var/simplesamlphp/config/config.php - sed -i "s| 'memcache_store.servers' => array(|$CONFIG_MEMCACHESTORESERVERS|g" /var/simplesamlphp/config/config.php - sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => '$CONFIG_MEMCACHESTOREPREFIX'|g" /var/simplesamlphp/config/config.php - if [ "$CONFIG_MEMCACHESTOREPREFIX" == "null" ]; then - echo "[$0] [WARN] CONFIG_STORETYPE was set to 'memcache', but CONFIG_MEMCACHESTOREPREFIX was not set from null. This will not work. Setting CONFIG_MEMCACHESTOREPREFIX to 'simpleSAMLphp'." - echo "[$0] To avoid this warning in the future, set CONFIG_MEMCACHESTOREPREFIX to something, 'simpleSAMLphp' is the suggested default if memcache is enabled." - echo "[$0] Pausing 5 seconds due to above warning." - sleep 5 - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => $CONFIG_MEMCACHESTOREPREFIX|g" /var/simplesamlphp/config/config.php - fi -fi - -chown php-fpm:php-fpm /var/simplesamlphp/log/ - -touch /var/simplesamlphp/config/.dockersetupdone - -echo "[$0] Configuration Complete. Saved .dockersetupdone breadcrumb to config directory to prevent config rerun." diff --git a/1.15.0/haproxy.cfg b/1.15.0/haproxy.cfg deleted file mode 100644 index 323da92..0000000 --- a/1.15.0/haproxy.cfg +++ /dev/null @@ -1,49 +0,0 @@ -global - #debug - chroot /var/lib/haproxy - user haproxy - group haproxy - pidfile /var/run/haproxy.pid - - # Default SSL material locations - ca-base /etc/ssl/certs - crt-base /etc/ssl/private - - # Default ciphers to use on SSL-enabled listening sockets. - ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 - ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS - - spread-checks 4 - tune.maxrewrite 1024 - tune.ssl.default-dh-param 2048 - -defaults - mode http - balance roundrobin - - option dontlognull - option dontlog-normal - option redispatch - - maxconn 5000 - timeout connect 5s - timeout client 20s - timeout server 20s - timeout queue 30s - timeout http-request 5s - timeout http-keep-alive 15s - -frontend http-in - bind *:80 - reqadd X-Forwarded-Proto:\ http - default_backend nodes-http - -frontend https-in - bind *:443 ssl crt /etc/haproxy/ssl/localhost.pem - reqadd X-Forwarded-Proto:\ https - default_backend nodes-http - -backend nodes-http - redirect scheme https if !{ ssl_fc } - server node1 idp01-simplesamlphp:80 check - # server node2 idp02-simplesamlphp:80 check diff --git a/1.15.0/Dockerfile b/1.17.1/Dockerfile similarity index 99% rename from 1.15.0/Dockerfile rename to 1.17.1/Dockerfile index da7b704..d22ee49 100644 --- a/1.15.0/Dockerfile +++ b/1.17.1/Dockerfile @@ -2,7 +2,7 @@ FROM centos:7 MAINTAINER Adam Zheng adam.w.zheng@icloud.com ENV S6_RELEASE 1.21.2.1 -ENV SIMPLESAMLPHP_RELEASE 1.15.0 +ENV SIMPLESAMLPHP_RELEASE 1.17.1 #Add S6 Overlay ADD https://github.com/just-containers/s6-overlay/releases/download/v$S6_RELEASE/s6-overlay-amd64.tar.gz /tmp/ diff --git a/1.15.0/README.md b/1.17.1/README.md similarity index 100% rename from 1.15.0/README.md rename to 1.17.1/README.md diff --git a/1.15.0/docker-compose.yml b/1.17.1/docker-compose.yml similarity index 100% rename from 1.15.0/docker-compose.yml rename to 1.17.1/docker-compose.yml diff --git a/1.14.17/haproxy.cfg b/1.17.1/haproxy.cfg similarity index 100% rename from 1.14.17/haproxy.cfg rename to 1.17.1/haproxy.cfg diff --git a/1.15.0/install-simplesamlphp.sh b/1.17.1/install-simplesamlphp.sh similarity index 100% rename from 1.15.0/install-simplesamlphp.sh rename to 1.17.1/install-simplesamlphp.sh diff --git a/latest b/latest index d19d089..507266b 120000 --- a/latest +++ b/latest @@ -1 +1 @@ -1.15.0 \ No newline at end of file +1.17.1 \ No newline at end of file From 97b85c393a388f70c22bb83055822d7ae97a2345 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 10:14:22 -0500 Subject: [PATCH 02/17] Use latest release of s6-overlay --- 1.17.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index d22ee49..279501a 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -1,7 +1,7 @@ FROM centos:7 MAINTAINER Adam Zheng adam.w.zheng@icloud.com -ENV S6_RELEASE 1.21.2.1 +ENV S6_RELEASE 1.22.0.0 ENV SIMPLESAMLPHP_RELEASE 1.17.1 #Add S6 Overlay From aa0cbc18c01a935191e1cc90527910f9d538db18 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 10:17:36 -0500 Subject: [PATCH 03/17] Switch from MAINTAINER to LABEL As per https://docs.docker.com/engine/reference/builder/#/maintainer-deprecated --- 1.17.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index 279501a..ea197d4 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -1,5 +1,5 @@ FROM centos:7 -MAINTAINER Adam Zheng adam.w.zheng@icloud.com +LABEL maintainer="Adam W Zheng " ENV S6_RELEASE 1.22.0.0 ENV SIMPLESAMLPHP_RELEASE 1.17.1 From db16db4e3223ec97afda3a5df68f7bb4a1caa875 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 10:34:54 -0500 Subject: [PATCH 04/17] Change repo from EPEL to Red Hat Software Collections For nginx, php, and its extensions --- 1.17.1/Dockerfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index ea197d4..9d17fa0 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -10,12 +10,10 @@ RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \ && tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin #Install SimpleSAMLphp Requirements -RUN yum -y install epel-release \ - && rpm -Uvh https://centos7.iuscommunity.org/ius-release.rpm \ - && echo -e '[nginx]\nname=nginx repo\nbaseurl=http://nginx.org/packages/centos/7/$basearch/\ngpgcheck=0\nenabled=1' > /etc/yum.repos.d/nginx.repo \ - && yum -y install nginx php56u-fpm php56u-fpm-nginx php56u-dom php56u-mbstring php56u-pdo php56u-pecl-memcache php56u-ldap sendmail \ - && sed -i 's/user = apache/user = nginx/' /etc/php-fpm.d/www.conf \ - && sed -i 's/group = apache/group = nginx/' /etc/php-fpm.d/www.conf +RUN yum -y install centos-release-scl \ + && yum -y install nginx rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo php-pecl-memcache rh-php72-php-ldap \ + && sed -i 's/user = apache/user = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf \ + && sed -i 's/group = apache/group = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf #Configure webserver RUN echo -e 'server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name _;\n root /var/simplesamlphp/www/;\n index index.php;\n\n location /simplesaml {\n alias /var/simplesamlphp/www/;\n location ~ ^(?/simplesaml)(?.+?.php)(?/.*)?$ {\n include fastcgi_params;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_split_path_info ^(.+?.php)(/.+)$;\n fastcgi_param SCRIPT_FILENAME $document_root$phpfile;\n fastcgi_param PATH_INFO $pathinfo if_not_empty;\n }\n }\n\n location ~ .php$ {\n fastcgi_split_path_info ^(.+.php)(/.+)$;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n include fastcgi_params;\n add_header Cache-control no-cache;\n }\n}' > /etc/nginx/conf.d/default.conf \ From 6034ee0f16426456ce3ba1e03ca61c8375d47558 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 11:30:40 -0500 Subject: [PATCH 05/17] Update paths --- 1.17.1/Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index 9d17fa0..57d6d72 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -11,7 +11,7 @@ RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \ #Install SimpleSAMLphp Requirements RUN yum -y install centos-release-scl \ - && yum -y install nginx rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo php-pecl-memcache rh-php72-php-ldap \ + && yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo php-pecl-memcache rh-php72-php-ldap \ && sed -i 's/user = apache/user = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf \ && sed -i 's/group = apache/group = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf @@ -28,21 +28,21 @@ RUN curl -Lo /var/simplesamlphp.tar.gz https://github.com/simplesamlphp/simplesa && touch /var/simplesamlphp/log/breadcrumb #Redirect NGINX Logs -RUN ln -sf /dev/stdout /var/log/nginx/access.log \ - && ln -sf /dev/stderr /var/log/nginx/error.log +RUN ln -sf /dev/stdout /var/opt/rh/rh-nginx114/log/nginx/access.log \ + && ln -sf /dev/stderr /var/opt/rh/rh-nginx114/log/nginx/error.log #Add Service NGINX to be Monitored by S6 RUN mkdir -p /etc/services.d/nginx/ \ && touch /etc/services.d/nginx/run \ && echo '#!/usr/bin/execlineb -P' > /etc/services.d/nginx/run \ - && echo 'nginx -g "daemon off;"' >> /etc/services.d/nginx/run + && echo '/opt/rh/rh-nginx114/root/usr/sbin/nginx -g "daemon off;"' >> /etc/services.d/nginx/run #Add Service PHP-FPM to be Monitored by S6 RUN mkdir -p /etc/services.d/php-fpm/ \ && touch /etc/services.d/php-fpm/run \ && echo '#!/usr/bin/execlineb -P' > /etc/services.d/php-fpm/run \ - && echo '/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \ - && sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/php-fpm.conf + && echo '/opt/rh/rh-php72/root/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \ + && sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/opt/rh/rh-php72/php-fpm.conf #Copy the SimpleSAMLphp CLI Install Script into the Container to be executed on startup COPY install-simplesamlphp.sh /etc/cont-init.d/ From 1ace0d88086e3e390675164d4bc6232e6cf24299 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 15:08:08 -0500 Subject: [PATCH 06/17] Configure rh-nginx --- 1.17.1/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index 57d6d72..3120b7a 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -16,7 +16,10 @@ RUN yum -y install centos-release-scl \ && sed -i 's/group = apache/group = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf #Configure webserver -RUN echo -e 'server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name _;\n root /var/simplesamlphp/www/;\n index index.php;\n\n location /simplesaml {\n alias /var/simplesamlphp/www/;\n location ~ ^(?/simplesaml)(?.+?.php)(?/.*)?$ {\n include fastcgi_params;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_split_path_info ^(.+?.php)(/.+)$;\n fastcgi_param SCRIPT_FILENAME $document_root$phpfile;\n fastcgi_param PATH_INFO $pathinfo if_not_empty;\n }\n }\n\n location ~ .php$ {\n fastcgi_split_path_info ^(.+.php)(/.+)$;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n include fastcgi_params;\n add_header Cache-control no-cache;\n }\n}' > /etc/nginx/conf.d/default.conf \ +RUN echo -e 'server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name _;\n root /var/simplesamlphp/www/;\n index index.php;\n\n location /simplesaml {\n alias /var/simplesamlphp/www/;\n location ~ ^(?/simplesaml)(?.+?.php)(?/.*)?$ {\n include fastcgi_params;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_split_path_info ^(.+?.php)(/.+)$;\n fastcgi_param SCRIPT_FILENAME $document_root$phpfile;\n fastcgi_param PATH_INFO $pathinfo if_not_empty;\n }\n }\n\n location ~ .php$ {\n fastcgi_split_path_info ^(.+.php)(/.+)$;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n include fastcgi_params;\n add_header Cache-control no-cache;\n }\n}' > /etc/opt/rh/rh-nginx114/nginx/conf.d/default.conf \ + && sed -i '/ listen 80 default_server;/d' /etc/opt/rh/rh-nginx114/nginx/nginx.conf \ + && sed -i '/ listen \[::\]:80 default_server;/d' /etc/opt/rh/rh-nginx114/nginx/nginx.conf \ + && sed -i '/ server_name _;/d' /etc/opt/rh/rh-nginx114/nginx/nginx.conf \ && mkdir -p /var/lib/php/session/ \ && chown -Rv nginx:nginx /var/lib/php/session/ From 37bf612e16a616975e28ff7ffe0ffe03b2969a47 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 15:23:12 -0500 Subject: [PATCH 07/17] Adjust permissions --- 1.17.1/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index 3120b7a..ab35ec9 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -21,14 +21,16 @@ RUN echo -e 'server {\n listen 80 default_server;\n listen [:: && sed -i '/ listen \[::\]:80 default_server;/d' /etc/opt/rh/rh-nginx114/nginx/nginx.conf \ && sed -i '/ server_name _;/d' /etc/opt/rh/rh-nginx114/nginx/nginx.conf \ && mkdir -p /var/lib/php/session/ \ - && chown -Rv nginx:nginx /var/lib/php/session/ + && chown -Rv nginx:nginx /var/lib/php/session/ \ + && chmod a+t /var/lib/php/session/ #Download SimpleSAMLphp, Archive must remain present for seeding post install. RUN curl -Lo /var/simplesamlphp.tar.gz https://github.com/simplesamlphp/simplesamlphp/releases/download/v$SIMPLESAMLPHP_RELEASE/simplesamlphp-$SIMPLESAMLPHP_RELEASE.tar.gz \ && tar xzf /var/simplesamlphp.tar.gz --directory /var \ && mv /var/simplesamlphp-* /var/simplesamlphp \ && touch /var/simplesamlphp/cert/breadcrumb \ - && touch /var/simplesamlphp/log/breadcrumb + && touch /var/simplesamlphp/log/breadcrumb \ + && chown -Rv nginx:nginx /var/simplesamlphp/log/ #Redirect NGINX Logs RUN ln -sf /dev/stdout /var/opt/rh/rh-nginx114/log/nginx/access.log \ From f8b537acaa8127392c4bdf2b684f9fdfa910a5a8 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 15:39:09 -0500 Subject: [PATCH 08/17] Fix incorrect package --- 1.17.1/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index ab35ec9..30e0a6a 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -11,7 +11,7 @@ RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \ #Install SimpleSAMLphp Requirements RUN yum -y install centos-release-scl \ - && yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo php-pecl-memcache rh-php72-php-ldap \ + && yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo rh-php72-php-ldap sclo-php72-php-pecl-memcached \ && sed -i 's/user = apache/user = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf \ && sed -i 's/group = apache/group = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf From 976a3643bb74f980234c44f06db6c34d86c29714 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 16:04:03 -0500 Subject: [PATCH 09/17] Update directory seed structure --- 1.17.1/install-simplesamlphp.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/1.17.1/install-simplesamlphp.sh b/1.17.1/install-simplesamlphp.sh index 98569df..ffd6f22 100644 --- a/1.17.1/install-simplesamlphp.sh +++ b/1.17.1/install-simplesamlphp.sh @@ -176,6 +176,12 @@ else mv /simplesamlphp-1.*/schemas/* /var/simplesamlphp/schemas/ echo "[$0] Seed complete. Directory schemas will not be part of future upgrades and will need upgraded manually." fi + if [ -z "$(ls -A /var/simplesamlphp/src/)" ]; then + echo "[$0] src directory seems to be Docker volume mounted as it is empty. Seeding." + tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/src > /dev/null + mv /simplesamlphp-1.*/src/* /var/simplesamlphp/src/ + echo "[$0] Seed complete. Directory src will not be part of future upgrades and will need upgraded manually." + fi if [ -z "$(ls -A /var/simplesamlphp/templates/)" ]; then echo "[$0] templates directory seems to be Docker volume mounted as it is empty. Seeding." tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/templates > /dev/null @@ -188,12 +194,6 @@ else mv /simplesamlphp-1.*/tests/* /var/simplesamlphp/tests/ echo "[$0] Seed complete. Directory tests will not be part of future upgrades and will need upgraded manually." fi - if [ -z "$(ls -A /var/simplesamlphp/tools/)" ]; then - echo "[$0] tools directory seems to be Docker volume mounted as it is empty. Seeding." - tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/tools > /dev/null - mv /simplesamlphp-1.*/tools/* /var/simplesamlphp/tools/ - echo "[$0] Seed complete. Directory tools will not be part of future upgrades and will need upgraded manually." - fi if [ -z "$(ls -A /var/simplesamlphp/vendor/)" ]; then echo "[$0] vendor directory seems to be Docker volume mounted as it is empty. Seeding." tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/vendor > /dev/null From eadbdc7445304c4e6f9718f6228f531ec9e798b8 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 16:11:39 -0500 Subject: [PATCH 10/17] Move logging directory ownership setting from dockerfile to install script --- 1.17.1/Dockerfile | 3 +-- 1.17.1/install-simplesamlphp.sh | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index 30e0a6a..adf7e6f 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -29,8 +29,7 @@ RUN curl -Lo /var/simplesamlphp.tar.gz https://github.com/simplesamlphp/simplesa && tar xzf /var/simplesamlphp.tar.gz --directory /var \ && mv /var/simplesamlphp-* /var/simplesamlphp \ && touch /var/simplesamlphp/cert/breadcrumb \ - && touch /var/simplesamlphp/log/breadcrumb \ - && chown -Rv nginx:nginx /var/simplesamlphp/log/ + && touch /var/simplesamlphp/log/breadcrumb #Redirect NGINX Logs RUN ln -sf /dev/stdout /var/opt/rh/rh-nginx114/log/nginx/access.log \ diff --git a/1.17.1/install-simplesamlphp.sh b/1.17.1/install-simplesamlphp.sh index ffd6f22..64b583d 100644 --- a/1.17.1/install-simplesamlphp.sh +++ b/1.17.1/install-simplesamlphp.sh @@ -283,7 +283,7 @@ if [ "$CONFIG_STORETYPE" == "memcache" ]; then fi fi -chown php-fpm:php-fpm /var/simplesamlphp/log/ +chown nginx:nginx /var/simplesamlphp/log/ touch /var/simplesamlphp/config/.dockersetupdone From 4e1fa5b1bdba4e2a8f9b92be8dbae202f7d0d753 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 17:49:47 -0500 Subject: [PATCH 11/17] Add configuration options to install script related to phpsession --- 1.17.1/install-simplesamlphp.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/1.17.1/install-simplesamlphp.sh b/1.17.1/install-simplesamlphp.sh index 64b583d..9fb213d 100644 --- a/1.17.1/install-simplesamlphp.sh +++ b/1.17.1/install-simplesamlphp.sh @@ -36,6 +36,10 @@ CONFIG_SESSIONDATASTORETIMEOUT=${CONFIG_SESSIONDATASTORETIMEOUT:=(4 * 60 * 60)} CONFIG_SESSIONSTATETIMEOUT=${CONFIG_SESSIONSTATETIMEOUT:=(60 * 60)} CONFIG_SESSIONCOOKIELIFETIME=${CONFIG_SESSIONCOOKIELIFETIME:=0} +CONFIG_SESSIONPHPSESSIONCOOKIENAME=${CONFIG_SESSIONPHPSESSIONCOOKIENAME:=SimpleSAML} +CONFIG_SESSIONPHPSESSIONSAVEPATH=${CONFIG_SESSIONPHPSESSIONSAVEPATH:=null} +CONFIG_SESSIONPHPSESSIONHTTPONLY=${CONFIG_SESSIONPHPSESSIONHTTPONLY:=true} + CONFIG_SESSIONREMEMBERMEENABLE=${CONFIG_SESSIONREMEMBERMEENABLE:=false} CONFIG_SESSIONREMEMBERMECHECKED=${CONFIG_SESSIONREMEMBERMECHECKED:=false} CONFIG_SESSIONREMEMBERMELIFETIME=${CONFIG_SESSIONREMEMBERMELIFETIME:=(14 * 86400)} @@ -255,6 +259,10 @@ sed -i "s|'session.datastore.timeout' => (4 \* 60 \* 60)|'session.datastore.time sed -i "s|'session.state.timeout' => (60 \* 60)|'session.state.timeout' => $CONFIG_SESSIONSTATETIMEOUT|g" /var/simplesamlphp/config/config.php sed -i "s|'session.cookie.lifetime' => 0|'session.cookie.lifetime' => $CONFIG_SESSIONCOOKIELIFETIME|g" /var/simplesamlphp/config/config.php +sed -i "s|'session.phpsession.cookiename' => 'SimpleSAML'|'session.phpsession.cookiename' => '$CONFIG_SESSIONPHPSESSIONCOOKIENAME'|g" /var/simplesamlphp/config/config.php +sed -i "s|'session.phpsession.savepath' => null|'session.phpsession.savepath' => '$CONFIG_SESSIONPHPSESSIONSAVEPATH'|g" /var/simplesamlphp/config/config.php +sed -i "s|'session.phpsession.httponly' => true|'session.phpsession.httponly' => $CONFIG_SESSIONPHPSESSIONHTTPONLY|g" /var/simplesamlphp/config/config.php + sed -i "s|'session.rememberme.enable' => false|'session.rememberme.enable' => $CONFIG_SESSIONREMEMBERMEENABLE|g" /var/simplesamlphp/config/config.php sed -i "s|'session.rememberme.checked' => false|'session.rememberme.checked' => $CONFIG_SESSIONREMEMBERMECHECKED|g" /var/simplesamlphp/config/config.php sed -i "s|'session.rememberme.lifetime' => (14 \* 86400)|'session.rememberme.lifetime' => $CONFIG_SESSIONREMEMBERMELIFETIME|g" /var/simplesamlphp/config/config.php @@ -268,6 +276,16 @@ sed -i "s|'store.type' => 'phpsession',|'store.type' sed -i "s|'core/frontpage_welcome.php'|'$WWW_INDEX'|g" /var/simplesamlphp/www/index.php +#Check for valid phpsession configuration +if [ "$CONFIG_STORETYPE" == "phpsession" ] && [ "$CONFIG_SESSIONPHPSESSIONSAVEPATH" == "null" ]; then + echo "[$0] [WARN] CONFIG_STORETYPE was set to 'phpsession', but CONFIG_SESSIONPHPSESSIONSAVEPATH was not set from null. This will not work. Setting CONFIG_SESSIONPHPSESSIONSAVEPATH to '/var/lib/php/session/'." + echo "[$0] To avoid this warning in the future, set CONFIG_SESSIONPHPSESSIONSAVEPATH to a valid value, '/var/lib/php/session' is the suggested default if phpsession is used." + echo "[$0] Pausing 5 seconds due to above warning." + sleep 5 + CONFIG_SESSIONPHPSESSIONSAVEPATH=/var/lib/php/session/ + sed -i "s|'session.phpsession.savepath' => 'null'|'session.phpsession.savepath' => '$CONFIG_SESSIONPHPSESSIONSAVEPATH'|g" /var/simplesamlphp/config/config.php +fi + #Only configure redundant memcache if storetype is set to memcache if [ "$CONFIG_STORETYPE" == "memcache" ]; then sed -i "/ 'memcache_store.servers' => array(/{n;N;N;d}" /var/simplesamlphp/config/config.php @@ -278,7 +296,6 @@ if [ "$CONFIG_STORETYPE" == "memcache" ]; then echo "[$0] To avoid this warning in the future, set CONFIG_MEMCACHESTOREPREFIX to something, 'simpleSAMLphp' is the suggested default if memcache is enabled." echo "[$0] Pausing 5 seconds due to above warning." sleep 5 - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => $CONFIG_MEMCACHESTOREPREFIX|g" /var/simplesamlphp/config/config.php fi fi From c654264ec212644e4bb26651da918b94106b3059 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 18:40:26 -0500 Subject: [PATCH 12/17] Update README.md for 1.17.1 --- 1.17.1/README.md | 25 ++++++++++++++++++------- README.md | 4 ++-- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/1.17.1/README.md b/1.17.1/README.md index 750c9ee..1fcc5a1 100644 --- a/1.17.1/README.md +++ b/1.17.1/README.md @@ -1,11 +1,13 @@ -[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.15.0.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.15.0.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.15.0.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) Supported tags and respective `Dockerfile` links +> ~~Depreciated~~ builds are not recommended, as they utilized php56 which is EOL as of the end of 2018. -- [`1.15.0`, `latest` (*1.15.0/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.15.0/Dockerfile) -- [`1.14.17` (*1.14.17/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.17/Dockerfile) -- [`1.14.16` (*1.14.16/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.16/Dockerfile) -- [`1.14.15` (*1.14.15/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.15/Dockerfile) +- [`1.17.1`, `latest` (*1.17.1/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.1/Dockerfile) +- ~~[`1.15.0` (*1.15.0/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.15.0/Dockerfile)~~ +- ~~[`1.14.17` (*1.14.17/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.17/Dockerfile)~~ +- ~~[`1.14.16` (*1.14.16/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.16/Dockerfile)~~ +- ~~[`1.14.15` (*1.14.15/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.15/Dockerfile)~~ ### How to use this image @@ -57,6 +59,7 @@ This will vary greatly depending on use. A compose file similar to a production | /var/simplesamlphp/cert | Should always be volume mounted. | | /var/simplesamlphp/config | Should probably not be volume mounted as its mostly configured by docker. | | /var/simplesamlphp/config-templates | -- | +| /var/simplesamlphp/data | -- | | /var/simplesamlphp/dictionaries | Depreciated as of 1.15.0. Use locales instead. | | /var/simplesamlphp/docs | -- | | /var/simplesamlphp/extra | -- | @@ -67,9 +70,9 @@ This will vary greatly depending on use. A compose file similar to a production | /var/simplesamlphp/metadata-templates | -- | | /var/simplesamlphp/modules | Can be volume mounted for easier module customization | | /var/simplesamlphp/schemas | -- | +| /var/simplesamlphp/src | -- | | /var/simplesamlphp/templates | -- | | /var/simplesamlphp/tests | -- | -| /var/simplesamlphp/tools | -- | | /var/simplesamlphp/vendor | -- | | /var/simplesamlphp/www | Can be volume mounted for easier www customization | @@ -104,6 +107,9 @@ It is recommended to set them properly and not use default values. | CONFIG_SESSIONDATASTORETIMEOUT | (4 * 60 * 60) | -- | | CONFIG_SESSIONSTATETIMEOUT | (60 * 60) | -- | | CONFIG_SESSIONCOOKIELIFETIME | 0 | -- | +| CONFIG_SESSIONPHPSESSIONCOOKIENAME | SimpleSAML | -- | +| CONFIG_SESSIONPHPSESSIONSAVEPATH | null | This must be set to a valid path if using phpsession, otherwise a redirect loop on login will occur. `/var/lib/php/session/` will be inserted if phpsession is used while this value is still unconfigured. | +| CONFIG_SESSIONPHPSESSIONHTTPONLY | true | -- | | CONFIG_SESSIONREMEMBERMEENABLE | false | -- | | CONFIG_SESSIONREMEMBERMECHECKED | false | -- | | CONFIG_SESSIONREMEMBERMELIFETIME | (14 * 86400) | -- | @@ -123,7 +129,7 @@ Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this templa ### Maintenance -This is being actively maintained and is running in production. +This is being actively maintained and is running in production for several organizations. Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired. ### Todos @@ -162,3 +168,8 @@ Finally, save the v2 compose file as `docker-compose.yml` somewhere. Run `docker-compose -f docker-compose.yml up` to bring the stack up. After install, visit https://localhost (or whatever URL you chose) Use `docker-compose -f docker-compose.yml down` to destroy containers after playing. + +### Example using systemd +This is recommended for production for non-orchestrated installs. These unit files will start containers utilizing, memcached, haproxy, and simplesaml. + +//TODO diff --git a/README.md b/README.md index 0620bdf..cadb050 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.15.0.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.15.0.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.15.0.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) ### About this Repo This is the Git repo for the Docker image [venatorfox/simplesamlphp](https://hub.docker.com/r/venatorfox/simplesamlphp/). Please view the [Docker Hub Page](https://hub.docker.com/r/venatorfox/simplesamlphp/) for the full readme on how to use this Docker image. -The full readme pushed there is located in the [latest Dockerfile directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/1.15.0). +The full readme pushed there is located in the [latest Dockerfile directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/1.17.1). From 5d594f62a93ccdc804d411f811555bbffbe8897f Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Tue, 12 Mar 2019 18:59:37 -0500 Subject: [PATCH 13/17] Move examples to dedicated directory with their own README.md --- examples/README.md | 18 ++++++++++++++++++ .../docker-compose}/docker-compose.yml | 0 {1.17.1 => examples/haproxy}/haproxy.cfg | 0 3 files changed, 18 insertions(+) create mode 100644 examples/README.md rename {1.17.1 => examples/docker-compose}/docker-compose.yml (100%) rename {1.17.1 => examples/haproxy}/haproxy.cfg (100%) diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 0000000..0e7b759 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,18 @@ +[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.15.0.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +### Examples + +This directory contains some example files in order to run the [venatorfox/simplesamlphp](https://hub.docker.com/r/venatorfox/simplesamlphp/) in a more complex manner. (ie. with SSL termination, HAProxy, etc...) These examples assume this is installed in a non-orchestrated manner on a host. + +The following examples are provided here: +- Super basic with all the default options +- HAProxy SSL Termination, Let's Encrypt CA, and common configurations via docker-compose +- HAProxy SSL Termination, Let's Encrypt CA, and common configurations via systemd + +#### Super basic with all the default options +// TODO + +#### HAProxy SSL Termination, Let's Encrypt CA, and common configurations via docker-compose +// TODO + +#### HAProxy SSL Termination, Let's Encrypt CA, and common configurations via systemd +// TODO \ No newline at end of file diff --git a/1.17.1/docker-compose.yml b/examples/docker-compose/docker-compose.yml similarity index 100% rename from 1.17.1/docker-compose.yml rename to examples/docker-compose/docker-compose.yml diff --git a/1.17.1/haproxy.cfg b/examples/haproxy/haproxy.cfg similarity index 100% rename from 1.17.1/haproxy.cfg rename to examples/haproxy/haproxy.cfg From 7d6a4b670f26382e803a30fc7803c3db03f94111 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Fri, 15 Mar 2019 15:10:14 -0500 Subject: [PATCH 14/17] Update install script to read converted array declarations for memcache_store.servers --- 1.17.1/install-simplesamlphp.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/1.17.1/install-simplesamlphp.sh b/1.17.1/install-simplesamlphp.sh index 9fb213d..c517ba8 100644 --- a/1.17.1/install-simplesamlphp.sh +++ b/1.17.1/install-simplesamlphp.sh @@ -288,8 +288,8 @@ fi #Only configure redundant memcache if storetype is set to memcache if [ "$CONFIG_STORETYPE" == "memcache" ]; then - sed -i "/ 'memcache_store.servers' => array(/{n;N;N;d}" /var/simplesamlphp/config/config.php - sed -i "s| 'memcache_store.servers' => array(|$CONFIG_MEMCACHESTORESERVERS|g" /var/simplesamlphp/config/config.php + sed -i "/ 'memcache_store.servers' => \[/{n;N;N;d}" /var/simplesamlphp/config/config.php + sed -i "s| 'memcache_store.servers' => \[|$CONFIG_MEMCACHESTORESERVERS|g" /var/simplesamlphp/config/config.php sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => '$CONFIG_MEMCACHESTOREPREFIX'|g" /var/simplesamlphp/config/config.php if [ "$CONFIG_MEMCACHESTOREPREFIX" == "null" ]; then echo "[$0] [WARN] CONFIG_STORETYPE was set to 'memcache', but CONFIG_MEMCACHESTOREPREFIX was not set from null. This will not work. Setting CONFIG_MEMCACHESTOREPREFIX to 'simpleSAMLphp'." From b45be7c52b040dbe617b17843717127ff9b17485 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Fri, 15 Mar 2019 17:21:10 -0500 Subject: [PATCH 15/17] Update example files --- examples/docker-compose/docker-compose.yml | 90 ++++++++++++++-------- examples/haproxy/haproxy.cfg | 6 +- 2 files changed, 60 insertions(+), 36 deletions(-) diff --git a/examples/docker-compose/docker-compose.yml b/examples/docker-compose/docker-compose.yml index 6ecd71e..d42072f 100644 --- a/examples/docker-compose/docker-compose.yml +++ b/examples/docker-compose/docker-compose.yml @@ -1,17 +1,17 @@ -version: '2' +version: '3.5' services: - idp01-simplesamlphp: - container_name: idp01-simplesamlphp - image: venatorfox/simplesamlphp:1.15.0 + some-simplesamlphp01: + container_name: some-simplesamlphp01 + image: venatorfox/simplesamlphp:1.17.1 environment: - CONFIG_BASEURLPATH=https://localhost/simplesaml/ # To login to this example setup, use 123 for the password. - CONFIG_AUTHADMINPASSWORD={SSHA256}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw== - CONFIG_SECRETSALT=exampleabcdefghijklmnopqrstuvwxy - - CONFIG_TECHNICALCONTACT_NAME=Adam Zheng - - CONFIG_TECHNICALCONTACT_EMAIL=adam.zheng@esu10.org + - CONFIG_TECHNICALCONTACT_NAME=Adam W Zheng + - CONFIG_TECHNICALCONTACT_EMAIL=adam.w.zheng@icloud.com - CONFIG_LANGUAGEDEFAULT=en - CONFIG_TIMEZONE=America/Chicago - CONFIG_SHOWERRORS=true @@ -27,53 +27,77 @@ services: - CONFIG_ENABLEHTTPPOST=false - CONFIG_STORETYPE=memcache - CONFIG_MEMCACHESTOREPREFIX=simplesamlphp - - CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => array(\n array(\n array('hostname' => 'a01-memcached'),\n array('hostname' => 'a02-memcached'),\n ),\n array(\n array('hostname' => 'b01-memcached'),\n array('hostname' => 'b02-memcached'),\n ), + - CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => [\n [\n ['hostname' => 'some-memcacheda01'],\n ['hostname' => 'some-memcacheda02'],\n ],\n [\n ['hostname' => 'some-memcachedb01'],\n ['hostname' => 'some-memcachedb02'],\n ], # - WWW_INDEX=core/authenticate.php?as=admin - OPENLDAP_TLS_REQCERT=always volumes: -# - /opt/docker/volumes/idp-simplesamlphp/cache/:/var/simplesamlphp/cache/:Z -# - /opt/docker/volumes/idp-simplesamlphp/config/authsources.php:/var/simplesamlphp/config/authsources.php:Z - - /opt/docker/volumes/idp-simplesamlphp/cert/:/var/simplesamlphp/cert/:Z - - /opt/docker/volumes/idp-simplesamlphp/locales/:/var/simplesamlphp/locales/:Z - - /opt/docker/volumes/idp-simplesamlphp/log/:/var/simplesamlphp/log/:Z - - /opt/docker/volumes/idp-simplesamlphp/metadata/:/var/simplesamlphp/metadata/:Z - - /opt/docker/volumes/idp-simplesamlphp/modules/:/var/simplesamlphp/modules/:Z - - /opt/docker/volumes/idp-simplesamlphp/templates/:/var/simplesamlphp/templates/:Z - - /opt/docker/volumes/idp-simplesamlphp/www/:/var/simplesamlphp/www/:Z +# - /srv/docker/volumes/some-simplesamlphp01/cache/:/var/simplesamlphp/cache/:Z +# - /srv/docker/volumes/some-simplesamlphp01/config/authsources.php:/var/simplesamlphp/config/authsources.php:Z + - /srv/docker/volumes/some-simplesamlphp01/cert/:/var/simplesamlphp/cert/:Z + - /srv/docker/volumes/some-simplesamlphp01/locales/:/var/simplesamlphp/locales/:Z + - /srv/docker/volumes/some-simplesamlphp01/log/:/var/simplesamlphp/log/:Z + - /srv/docker/volumes/some-simplesamlphp01/metadata/:/var/simplesamlphp/metadata/:Z + - /srv/docker/volumes/some-simplesamlphp01/modules/:/var/simplesamlphp/modules/:Z + - /srv/docker/volumes/some-simplesamlphp01/templates/:/var/simplesamlphp/templates/:Z + - /srv/docker/volumes/some-simplesamlphp01/www/:/var/simplesamlphp/www/:Z restart: always + networks: + backend: + ipv4_address: 172.20.31.10 - a01-memcached: - container_name: a01-memcached + some-memcacheda01: + container_name: some-memcacheda01 image: memcached:latest restart: always + networks: + backend: + ipv4_address: 172.20.31.20 - a02-memcached: - container_name: a02-memcached + some-memcacheda02: + container_name: some-memcacheda02 image: memcached:latest restart: always + networks: + backend: + ipv4_address: 172.20.31.21 - b01-memcached: - container_name: b01-memcached - image: memcached:1.5.2-alpine + some-memcachedb01: + container_name: some-memcachedb01 + image: memcached:latest restart: always + networks: + backend: + ipv4_address: 172.20.31.30 - b02-memcached: - container_name: b02-memcached - image: memcached:1.5.2-alpine + some-memcachedb02: + container_name: some-memcachedb02 + image: memcached:latest restart: always + networks: + backend: + ipv4_address: 172.20.31.31 - idp-haproxy: - container_name: idp-haproxy - image: million12/haproxy:1.7.9 + some-haproxy: + container_name: some-haproxy + image: million12/haproxy:latest depends_on: - - idp01-simplesamlphp - links: - - idp01-simplesamlphp + - some-simplesamlphp01 ports: - 80:80 - 443:443 volumes: - - /opt/docker/volumes/idp-haproxy:/etc/haproxy + - /srv/docker/volumes/some-haproxy:/etc/haproxy restart: always cap_add: - NET_ADMIN + networks: + backend: + ipv4_address: 172.20.31.40 + +networks: + backend: + name: backend + driver: bridge + ipam: + config: + - subnet: 172.20.31.0/26 diff --git a/examples/haproxy/haproxy.cfg b/examples/haproxy/haproxy.cfg index 323da92..59e10a5 100644 --- a/examples/haproxy/haproxy.cfg +++ b/examples/haproxy/haproxy.cfg @@ -10,7 +10,7 @@ global crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. - ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12 + ssl-default-bind-options no-tls-tickets force-tlsv12 ssl-min-ver TLSv1.2 ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS spread-checks 4 @@ -45,5 +45,5 @@ frontend https-in backend nodes-http redirect scheme https if !{ ssl_fc } - server node1 idp01-simplesamlphp:80 check - # server node2 idp02-simplesamlphp:80 check + server node1 some-simplesamlphp01:80 check + # server node2 some-simplesamlphp02:80 check From 23a8a2f15e8f8695d1651b6a6875062096d7aab0 Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Sun, 17 Mar 2019 16:27:15 -0500 Subject: [PATCH 16/17] Update documentation --- 1.17.1/README.md | 55 ++++++++++------------------------------------ README.md | 5 +++-- examples/README.md | 52 ++++++++++++++++++++++++++++++++++++++----- 3 files changed, 62 insertions(+), 50 deletions(-) diff --git a/1.17.1/README.md b/1.17.1/README.md index 1fcc5a1..c059a0c 100644 --- a/1.17.1/README.md +++ b/1.17.1/README.md @@ -1,4 +1,4 @@ -[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.15.0.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.17.1.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.17.1 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) Supported tags and respective `Dockerfile` links > ~~Depreciated~~ builds are not recommended, as they utilized php56 which is EOL as of the end of 2018. @@ -11,6 +11,8 @@ Supported tags and respective `Dockerfile` links ### How to use this image +The following 1 liner will get you up and running with a default configuration. + Start a `venatorfox/simplesamlphp` instance, expose port 80. ```console @@ -18,7 +20,8 @@ $ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest ``` Visit the site at http://localhost, default unconfigured username is "admin" and password is "123". -See below for available runtime environment variables for a more specific configuration. +Of course, running with the default configuration and no volumes is not what is desired. +The next sections below will show available runtime environment variables for a more specific configuration. > The config.php will be created at run and baked into the SimpleSAMLphp Core Install. > This will allow easy future upgrades, as you can simply destroy the container and bring it up with a new version. @@ -27,10 +30,13 @@ See below for available runtime environment variables for a more specific config > The purpose of this image is to store as much ephemeral data inside the container as possible for easy upgrades. > This is controlled by how you mount docker volumes. Examples are presented below. +### More Complex Examples +Some more complex (ie. with SSL termination, memcache, etc...) setup examples are located in the README.md within the [examples directory]. + ### Supported Volume Mount Options for Pre-Seeding -The following directories will pre-seed if they are mounted. -If attempting to mount an subdirectory, it will not pre-seed and therefore must pre-exist. +The following directories will pre-seed if they are mounted. +Subdirectores will not seed, so data must already exist if volume mounting a subdirectory. If the directory is not mounted, it will use its ephemeral counterpart in the container which is ideal, explained below. Note that once a directory is mounted, it will need to be upgraded manually for future SimpleSAMLphp releases if applicable. @@ -57,7 +63,7 @@ This will vary greatly depending on use. A compose file similar to a production | /var/simplesamlphp/bin | Probably should not be volume mounted. | | /var/simplesamlphp/cache | -- | | /var/simplesamlphp/cert | Should always be volume mounted. | -| /var/simplesamlphp/config | Should probably not be volume mounted as its mostly configured by docker. | +| /var/simplesamlphp/config | Should probably not be volume mounted as it is configured via runtime environment variables. This should stay ephemeral. | | /var/simplesamlphp/config-templates | -- | | /var/simplesamlphp/data | -- | | /var/simplesamlphp/dictionaries | Depreciated as of 1.15.0. Use locales instead. | @@ -135,41 +141,4 @@ Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/iss ### Todos - Figure out logging to docker stdio - Add support for mail to be sent during exceptions - - Add ability for stats to be sent to docker stdio or to mounted file - -### More Complex/Practical Compose Example, IdP SSL Termination with HAProxy -This example will run HAProxy with snakeoil SSL termination for https://localhost. -It will also bring up 4 memcached containers, 2 pairs of 2, for phpsession. -This is useful for running a SimpleSAMLphp cluster via some orchestration service such as Rancher. - -You will need the `haproxy.cfg` and `docker-compose.yml` files from the Git repository. - -Since SimpleSAMLphp will not care about the webroot, an entry to the hosts file can be added to whatever for testing. -Be sure to adjust the HOST environment variable below for whatever localhost self-signed certificate desired. -Of course in production use a real CA, like LetsEncrypt. - -This will be more in line with what would be seen in a production environment. (minus the demo 123 password, salt, etc) -Note the choices of volume mounts of what to keep ephemeral, and what to keep persistant. -The more volumes, the more manual upgrades might be. -Check SimpleSAMLphp's upgrade notes to see if updates occured in a specified directory. - -Note that running this compose file will create files in `/opt/docker/volumes/` on your host. -You can remove this after toying with the example. - -Run the following two commands: -```console -mkdir -p /opt/docker/volumes/idp-haproxy/ssl -docker run --rm -v /opt/docker/volumes/idp-haproxy/ssl:/ssl -e HOST=localhost -e TYPE=pem project42/selfsignedcert -``` - -Save the `haproxy.cfg` to `/opt/docker/volumes/idp-haproxy/haproxy.cfg` - -Finally, save the v2 compose file as `docker-compose.yml` somewhere. -Run `docker-compose -f docker-compose.yml up` to bring the stack up. -After install, visit https://localhost (or whatever URL you chose) -Use `docker-compose -f docker-compose.yml down` to destroy containers after playing. - -### Example using systemd -This is recommended for production for non-orchestrated installs. These unit files will start containers utilizing, memcached, haproxy, and simplesaml. - -//TODO + - Add ability for stats to be sent to docker stdio or to mounted file \ No newline at end of file diff --git a/README.md b/README.md index cadb050..4e62891 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ -[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.15.0.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.17.1.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.17.1 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) + ### About this Repo This is the Git repo for the Docker image [venatorfox/simplesamlphp](https://hub.docker.com/r/venatorfox/simplesamlphp/). Please view the [Docker Hub Page](https://hub.docker.com/r/venatorfox/simplesamlphp/) for the full readme on how to use this Docker image. -The full readme pushed there is located in the [latest Dockerfile directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/1.17.1). +Instructions and how to use images are located at: [latest Dockerfile directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/1.17.1). diff --git a/examples/README.md b/examples/README.md index 0e7b759..b9fee96 100644 --- a/examples/README.md +++ b/examples/README.md @@ -1,4 +1,5 @@ -[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.15.0.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.15.0 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.17.1.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.17.1.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.17.1 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) + ### Examples This directory contains some example files in order to run the [venatorfox/simplesamlphp](https://hub.docker.com/r/venatorfox/simplesamlphp/) in a more complex manner. (ie. with SSL termination, HAProxy, etc...) These examples assume this is installed in a non-orchestrated manner on a host. @@ -9,10 +10,51 @@ The following examples are provided here: - HAProxy SSL Termination, Let's Encrypt CA, and common configurations via systemd #### Super basic with all the default options -// TODO +> 1 liner, just to see how SimpleSAMLphp looks. -#### HAProxy SSL Termination, Let's Encrypt CA, and common configurations via docker-compose -// TODO +Start a `venatorfox/simplesamlphp` instance, expose port 80. + +```console +$ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest +``` +Visit the site at http://localhost, default unconfigured username is "admin" and password is "123". + +#### HAProxy SSL Termination, and common configurations via docker-compose +> This is recommended for testing. Compose is not recommended for production. + +This example will run HAProxy with snakeoil SSL termination for https://localhost. +It will also bring up 4 memcached containers, 2 pairs of 2, for session. +This is useful for running multiple SimpleSAMLphp instances for session sharing. + +You will need the `haproxy.cfg` and `docker-compose.yml` files from the examples directory. + +Since SimpleSAMLphp will not care about the webroot, an entry to the hosts file can be added to whatever for testing. HAProxy will handle SSL. +Be sure to adjust the HOST environment variable below for whatever localhost self-signed certificate desired. +Of course in production use a real CA, like LetsEncrypt. + +This will be more in line with what would be seen in a production environment. (minus the demo 123 password, salt, etc) +Note the choices of volume mounts of what to keep ephemeral, and what to keep persistant. +The more volumes, the more manual labor will need to happen when upgrades occur. +Check SimpleSAMLphp's upgrade notes to see if updates occured in a specified directory. + +Note that running this compose file will create files in `/srv/docker/volumes/` on your host. +You can remove this after toying with the example. + +Run the following two commands to generate a self-signed SSL certificate: +```console +mkdir -p /srv/docker/volumes/some-haproxy/ssl +docker run --rm -v /srv/docker/volumes/some-haproxy/ssl:/ssl -e HOST=localhost -e TYPE=pem project42/selfsignedcert +``` + +Save the `haproxy.cfg` to `/srv/docker/volumes/some-haproxy/haproxy.cfg` + +Compose version in this example is v3.5 +Run `docker-compose -f docker-compose.yml up` to bring the stack up with your variables. +After install, visit https://localhost. +Use `docker-compose -f docker-compose.yml down` to destroy all containers. #### HAProxy SSL Termination, Let's Encrypt CA, and common configurations via systemd -// TODO \ No newline at end of file +> This is recommended for production for non-orchestrated installs. These unit files will start containers utilizing, memcached, haproxy, and simplesaml + +//TODO + From fd90c365d1af6b7f8eacfe07e2c80e0fbdeecfac Mon Sep 17 00:00:00 2001 From: Adam W Zheng Date: Mon, 18 Mar 2019 17:43:52 -0500 Subject: [PATCH 17/17] Add null client support, resovles #2 --- 1.17.1/Dockerfile | 8 +++++- 1.17.1/README.md | 14 ++++++--- 1.17.1/install-simplesamlphp.sh | 33 ++++++++++++++++++++++ examples/docker-compose/docker-compose.yml | 8 +++++- 4 files changed, 57 insertions(+), 6 deletions(-) diff --git a/1.17.1/Dockerfile b/1.17.1/Dockerfile index adf7e6f..8bb9d03 100644 --- a/1.17.1/Dockerfile +++ b/1.17.1/Dockerfile @@ -11,7 +11,7 @@ RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \ #Install SimpleSAMLphp Requirements RUN yum -y install centos-release-scl \ - && yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo rh-php72-php-ldap sclo-php72-php-pecl-memcached \ + && yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo rh-php72-php-ldap sclo-php72-php-pecl-memcached postfix \ && sed -i 's/user = apache/user = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf \ && sed -i 's/group = apache/group = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf @@ -48,6 +48,12 @@ RUN mkdir -p /etc/services.d/php-fpm/ \ && echo '/opt/rh/rh-php72/root/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \ && sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/opt/rh/rh-php72/php-fpm.conf +#Add Service Postfix to be Monitored by S6 +RUN mkdir -p /etc/services.d/postfix/ \ + && touch /etc/services.d/postfix/run \ + && echo '#!/usr/bin/execlineb -P' > /etc/services.d/postfix/run \ + && echo '/usr/sbin/postfix start' >> /etc/services.d/postfix/run + #Copy the SimpleSAMLphp CLI Install Script into the Container to be executed on startup COPY install-simplesamlphp.sh /etc/cont-init.d/ RUN chmod u+x /etc/cont-init.d/install-simplesamlphp.sh diff --git a/1.17.1/README.md b/1.17.1/README.md index c059a0c..91a3ad7 100644 --- a/1.17.1/README.md +++ b/1.17.1/README.md @@ -31,7 +31,7 @@ The next sections below will show available runtime environment variables for a > This is controlled by how you mount docker volumes. Examples are presented below. ### More Complex Examples -Some more complex (ie. with SSL termination, memcache, etc...) setup examples are located in the README.md within the [examples directory]. +Some more complex (ie. with SSL termination, memcache, null client, etc...) setup examples are located in the README.md within the [examples directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/examples). ### Supported Volume Mount Options for Pre-Seeding @@ -127,18 +127,24 @@ It is recommended to set them properly and not use default values. | CONFIG_MEMCACHESTOREPREFIX | null | `simplesamlphp` can be used in most cases. | | WWW_INDEX | core/frontpage_welcome.php | Page to direct to if a user accesses the IdP/SP directly. Can be set to an authentication test for example. | | OPENLDAP_TLS_REQCERT | demand | As per ldap man pages, Options are `never` `allow` `try` `demand`. If using Active Directory or OpenLDAP with TLS, logins will be rejected if the directory certificate is self-signed with the default `demand` value. This can be set to `never` for testing purposes. Refer to ldap.conf man page section 5 for more details. | +| MTA_NULLCLIENT | false | Set to true to configure null client for sending e-mails. Visit the [Postfix Standard Configuration Examples](http://www.postfix.org/STANDARD_CONFIGURATION_README.html) for explaination of a null client. If this is set to false, postfix will be purged from the container. | +| POSTFIX_MYHOSTNAME| host.domain.tld | Set to the FQDN of your host. ie `auth.example.com` | +| POSTFIX_MYORIGIN | $myhostname | Set to `$mydomain` as per postfix docs for null client | +| POSTFIX_RELAYHOST | $mydomain | Set to `$mydomain` again as per postfix docs for null client | +| POSTFIX_INETINTERFACES | localhost | Set to loopback-only as per postfix docs for null client | +| POSTFIX_MYDESTINATION | | Leave as empty string as per postfix docs for null client | Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this template and replace the hostnames. Check compose file for usage example: ```console 'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ), ``` +> For the POSTFIX_ environment variables, the $ character will need to be escaped with another $. ie. enter `$$mydomain`. + ### Maintenance This is being actively maintained and is running in production for several organizations. Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired. ### Todos - - Figure out logging to docker stdio - - Add support for mail to be sent during exceptions - - Add ability for stats to be sent to docker stdio or to mounted file \ No newline at end of file + - Figure out logging to docker stdio \ No newline at end of file diff --git a/1.17.1/install-simplesamlphp.sh b/1.17.1/install-simplesamlphp.sh index c517ba8..69a3070 100644 --- a/1.17.1/install-simplesamlphp.sh +++ b/1.17.1/install-simplesamlphp.sh @@ -52,6 +52,13 @@ CONFIG_STORETYPE=${CONFIG_STORETYPE:=phpsession} WWW_INDEX=${WWW_INDEX:=core/frontpage_welcome.php} OPENLDAP_TLS_REQCERT=${OPENLDAP_TLS_REQCERT:=demand} +MTA_NULLCLIENT=${MTA_NULLCLIENT:=false} +POSTFIX_MYHOSTNAME=${POSTFIX_MYHOSTNAME:=host.domain.tld} +POSTFIX_MYORIGIN=${POSTFIX_MYORIGIN:='$myhostname'} +POSTFIX_RELAYHOST=${POSTFIX_RELAYHOST:='$mydomain'} +POSTFIX_INETINTERFACES=${POSTFIX_INETINTERFACES:='localhost'} +POSTFIX_MYDESTINATION=${POSTFIX_MYDESTINATION:=} + if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then echo "[$0] DOCKER_REDIRECTLOGS was set to 'true', so setting CONFIG_LOGGINGHANDLER to 'file'" CONFIG_LOGGINGHANDLER=file @@ -276,6 +283,32 @@ sed -i "s|'store.type' => 'phpsession',|'store.type' sed -i "s|'core/frontpage_welcome.php'|'$WWW_INDEX'|g" /var/simplesamlphp/www/index.php +#Only configure null cient for mail if MTA_NULLCLIENT is true, else remove postfix +if [ "$MTA_NULLCLIENT" == "true" ]; then + echo "[$0] MTA_NULLCLIENT was set to true, configuring postfix..." + sed -i "s|#myhostname = host.domain.tld|myhostname = $POSTFIX_MYHOSTNAME|g" /etc/postfix/main.cf + sed -i "s|#myorigin = \$myhostname|myorigin = $POSTFIX_MYORIGIN|g" /etc/postfix/main.cf + sed -i "s|#relayhost = \$mydomain|relayhost = $POSTFIX_RELAYHOST|g" /etc/postfix/main.cf + sed -i "s|inet_interfaces = localhost|inet_interfaces = $POSTFIX_INETINTERFACES|g" /etc/postfix/main.cf + sed -i "s|mydestination = \$myhostname, localhost.\$mydomain, localhost|mydestination = $POSTFIX_MYDESTINATION|1" /etc/postfix/main.cf + if [ "$POSTFIX_MYDESTINATION" != "" ] ; then + echo "[$0] [WARN] Only null client is supported in this image. POSTFIX_MYDESTINATION must be set to an empty string but was set to '$POSTFIX_MYDESTINATION'." + echo "[$0] To avoid this warning in the future, set POSTFIX_MYDESTINATION to an empty string." + echo "[$0] Pausing 5 seconds due to above warning." + sleep 5 + fi + echo "[$0] Configured null client." +elif [ "$MTA_NULLCLIENT" == "false" ]; then + echo "[$0] MTA_NULLCLIENT was set to false, removing postfix and mariadb-libs" + yum remove -y postfix mariadb-libs > /dev/null + rm -rf /etc/services.d/postfix/ +else + echo "[$0] [WARN] Unsupported value for MTA_NULLCLIENT. Expecting 'true' or 'false', but was set to '$MTA_NULLCLIENT'. + echo "[$0] To avoid this warning in the future, set MTA_NULLCLIENT to a valid value. Doing nothing. + echo "[$0] Pausing 5 seconds due to above warning." + sleep 5 +fi + #Check for valid phpsession configuration if [ "$CONFIG_STORETYPE" == "phpsession" ] && [ "$CONFIG_SESSIONPHPSESSIONSAVEPATH" == "null" ]; then echo "[$0] [WARN] CONFIG_STORETYPE was set to 'phpsession', but CONFIG_SESSIONPHPSESSIONSAVEPATH was not set from null. This will not work. Setting CONFIG_SESSIONPHPSESSIONSAVEPATH to '/var/lib/php/session/'." diff --git a/examples/docker-compose/docker-compose.yml b/examples/docker-compose/docker-compose.yml index d42072f..5787bab 100644 --- a/examples/docker-compose/docker-compose.yml +++ b/examples/docker-compose/docker-compose.yml @@ -30,6 +30,12 @@ services: - CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => [\n [\n ['hostname' => 'some-memcacheda01'],\n ['hostname' => 'some-memcacheda02'],\n ],\n [\n ['hostname' => 'some-memcachedb01'],\n ['hostname' => 'some-memcachedb02'],\n ], # - WWW_INDEX=core/authenticate.php?as=admin - OPENLDAP_TLS_REQCERT=always + - MTA_NULLCLIENT=true + - POSTFIX_MYHOSTNAME=auth.example.com + - POSTFIX_MYORIGIN=$$mydomain + - POSTFIX_RELAYHOST=$$mydomain + - POSTFIX_INETINTERFACES=loopback-only + - POSTFIX_MYDESTINATION= volumes: # - /srv/docker/volumes/some-simplesamlphp01/cache/:/var/simplesamlphp/cache/:Z # - /srv/docker/volumes/some-simplesamlphp01/config/authsources.php:/var/simplesamlphp/config/authsources.php:Z @@ -86,7 +92,7 @@ services: - 80:80 - 443:443 volumes: - - /srv/docker/volumes/some-haproxy:/etc/haproxy + - /srv/docker/volumes/some-haproxy:/etc/haproxy/:Z restart: always cap_add: - NET_ADMIN