mirror of
https://github.com/3-w-c/docker-simplesamlphp.git
synced 2024-10-31 23:30:49 +00:00
commit
697bd21f5d
63
1.18.3/Dockerfile
Normal file
63
1.18.3/Dockerfile
Normal file
@ -0,0 +1,63 @@
|
||||
FROM centos:7
|
||||
LABEL maintainer="Adam W Zheng <adam.w.zheng@icloud.com>"
|
||||
|
||||
ENV S6_RELEASE 1.22.1.0
|
||||
ENV SIMPLESAMLPHP_RELEASE 1.18.3
|
||||
|
||||
#Add s6-overlay
|
||||
ADD https://github.com/just-containers/s6-overlay/releases/download/v$S6_RELEASE/s6-overlay-amd64.tar.gz /tmp/
|
||||
RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \
|
||||
&& tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin
|
||||
|
||||
#Install simplesamlphp requirements
|
||||
RUN yum -y install centos-release-scl \
|
||||
&& yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo rh-php72-php-ldap sclo-php72-php-pecl-memcached postfix \
|
||||
&& sed -i 's/user = apache/user = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf \
|
||||
&& sed -i 's/group = apache/group = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf
|
||||
|
||||
#Configure webserver
|
||||
RUN echo -e 'server {\n listen 80 default_server;\n listen [::]:80 default_server;\n server_name _;\n root /var/simplesamlphp/www/;\n index index.php;\n\n location /simplesaml {\n alias /var/simplesamlphp/www/;\n location ~ ^(?<prefix>/simplesaml)(?<phpfile>.+?.php)(?<pathinfo>/.*)?$ {\n include fastcgi_params;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_split_path_info ^(.+?.php)(/.+)$;\n fastcgi_param SCRIPT_FILENAME $document_root$phpfile;\n fastcgi_param PATH_INFO $pathinfo if_not_empty;\n }\n }\n\n location ~ .php$ {\n fastcgi_split_path_info ^(.+.php)(/.+)$;\n fastcgi_pass 127.0.0.1:9000;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n include fastcgi_params;\n add_header Cache-control no-cache;\n }\n}' > /etc/opt/rh/rh-nginx114/nginx/conf.d/default.conf \
|
||||
&& sed -i '/ listen 80 default_server;/d' /etc/opt/rh/rh-nginx114/nginx/nginx.conf \
|
||||
&& sed -i '/ listen \[::\]:80 default_server;/d' /etc/opt/rh/rh-nginx114/nginx/nginx.conf \
|
||||
&& sed -i '/ server_name _;/d' /etc/opt/rh/rh-nginx114/nginx/nginx.conf \
|
||||
&& mkdir -p /var/lib/php/session/ \
|
||||
&& chown -Rv nginx:nginx /var/lib/php/session/ \
|
||||
&& chmod a+t /var/lib/php/session/
|
||||
|
||||
#Download simplesamlphp and retain archive for seeding
|
||||
RUN curl -Lo /var/simplesamlphp.tar.gz https://github.com/simplesamlphp/simplesamlphp/releases/download/v$SIMPLESAMLPHP_RELEASE/simplesamlphp-$SIMPLESAMLPHP_RELEASE.tar.gz \
|
||||
&& tar xzf /var/simplesamlphp.tar.gz --directory /var \
|
||||
&& mv /var/simplesamlphp-* /var/simplesamlphp \
|
||||
&& touch /var/simplesamlphp/cert/breadcrumb \
|
||||
&& touch /var/simplesamlphp/log/breadcrumb
|
||||
|
||||
#Redirect nginx logs
|
||||
RUN ln -sf /dev/stdout /var/opt/rh/rh-nginx114/log/nginx/access.log \
|
||||
&& ln -sf /dev/stderr /var/opt/rh/rh-nginx114/log/nginx/error.log
|
||||
|
||||
#Add service nginx to s6-supervisor
|
||||
RUN mkdir -p /etc/services.d/nginx/ \
|
||||
&& touch /etc/services.d/nginx/run \
|
||||
&& echo '#!/usr/bin/execlineb -P' > /etc/services.d/nginx/run \
|
||||
&& echo '/opt/rh/rh-nginx114/root/usr/sbin/nginx -g "daemon off;"' >> /etc/services.d/nginx/run
|
||||
|
||||
#Add service php-fpm to s6-supervisor
|
||||
RUN mkdir -p /etc/services.d/php-fpm/ \
|
||||
&& touch /etc/services.d/php-fpm/run \
|
||||
&& echo '#!/usr/bin/execlineb -P' > /etc/services.d/php-fpm/run \
|
||||
&& echo '/opt/rh/rh-php72/root/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \
|
||||
&& sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/opt/rh/rh-php72/php-fpm.conf
|
||||
|
||||
#Add service postfix to s6-supervisor
|
||||
RUN mkdir -p /etc/services.d/postfix/ \
|
||||
&& touch /etc/services.d/postfix/run \
|
||||
&& echo '#!/usr/bin/execlineb -P' > /etc/services.d/postfix/run \
|
||||
&& echo '/usr/libexec/postfix/master -c /etc/postfix -d' >> /etc/services.d/postfix/run
|
||||
|
||||
#Copy the simplesamlphp install script into the container to be executed on startup
|
||||
COPY install-simplesamlphp.sh /etc/cont-init.d/
|
||||
RUN chmod u+x /etc/cont-init.d/install-simplesamlphp.sh
|
||||
|
||||
RUN yum -y update && yum clean all && rm -rf /var/cache/yum && > /var/log/yum.log
|
||||
|
||||
ENTRYPOINT ["/init"]
|
158
1.18.3/README.md
Normal file
158
1.18.3/README.md
Normal file
@ -0,0 +1,158 @@
|
||||
[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.18.3.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.18.3.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.18.3 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
|
||||
|
||||
Supported tags and respective `Dockerfile` links
|
||||
> ~~Depreciated~~ builds are not recommended, as they utilized php56 which is EOL as of the end of 2018.
|
||||
|
||||
- [`1.18.3`, `latest` (*1.18.3/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.18.3/Dockerfile)
|
||||
- [`1.18.2` (*1.18.2/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.18.2/Dockerfile)
|
||||
- [`1.18.1` (*1.18.1/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.18.1/Dockerfile)
|
||||
- [`1.18.0` (*1.18.0/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.18.0/Dockerfile)
|
||||
- [`1.17.8` (*1.17.8/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.8/Dockerfile)
|
||||
- [`1.17.7` (*1.17.7/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.7/Dockerfile)
|
||||
- [`1.17.6` (*1.17.6/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.6/Dockerfile)
|
||||
- [`1.17.5` (*1.17.5/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.5/Dockerfile)
|
||||
- [`1.17.4` (*1.17.4/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.4/Dockerfile)
|
||||
- [`1.17.3` (*1.17.3/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.3/Dockerfile)
|
||||
- [`1.17.2` (*1.17.2/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.2/Dockerfile)
|
||||
- [`1.17.1` (*1.17.1/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.17.1/Dockerfile)
|
||||
- ~~[`1.15.0` (*1.15.0/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.15.0/Dockerfile)~~
|
||||
- ~~[`1.14.17` (*1.14.17/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.17/Dockerfile)~~
|
||||
- ~~[`1.14.16` (*1.14.16/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.16/Dockerfile)~~
|
||||
- ~~[`1.14.15` (*1.14.15/Dockerfile*)](https://github.com/Venator-Fox/docker-simplesamlphp/blob/master/1.14.15/Dockerfile)~~
|
||||
|
||||
### How to use this image
|
||||
|
||||
The following 1 liner will get you up and running with a default configuration.
|
||||
|
||||
Start a `venatorfox/simplesamlphp` instance, expose port 80.
|
||||
|
||||
```console
|
||||
$ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest
|
||||
```
|
||||
Visit the site at http://localhost, default unconfigured username is "admin" and password is "123".
|
||||
|
||||
Of course, running with the default configuration and no volumes is not what is desired.
|
||||
The next sections below will show available runtime environment variables for a more specific configuration.
|
||||
|
||||
> The config.php will be created at run and baked into the SimpleSAMLphp Core Install.
|
||||
> This will allow easy future upgrades, as you can simply destroy the container and bring it up with a new version.
|
||||
> The docker environment variables configured at runtime will be applied to the default config, pulled from SimpleSAMLphp.
|
||||
|
||||
> The purpose of this image is to store as much ephemeral data inside the container as possible for easy upgrades.
|
||||
> This is controlled by how you mount docker volumes. Examples are presented below.
|
||||
|
||||
### More Complex Examples
|
||||
Some more complex (ie. with SSL termination, memcache, null client, etc...) setup examples are located in the README.md within the [examples directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/examples).
|
||||
|
||||
### Supported Volume Mount Options for Pre-Seeding
|
||||
|
||||
The following directories will pre-seed if they are mounted.
|
||||
Subdirectores will not seed, so data must already exist if volume mounting a subdirectory.
|
||||
|
||||
If the directory is not mounted, it will use its ephemeral counterpart in the container which is ideal, explained below.
|
||||
Note that once a directory is mounted, it will need to be upgraded manually for future SimpleSAMLphp releases if applicable.
|
||||
If a mounted directory disappears from the host, it will pre-seed again with defaults from the SimpleSAMLphp install on restart.
|
||||
If reverting to a default directory is desired, remove the host directory and adjust the docker run command to exclude the mount.
|
||||
|
||||
Some directories will probably never need manually updated as SimpleSAMLphp will not update them in new versions.
|
||||
`/cert` and `/metadata` are examples of directories that should always be volume mounted, as it contains data that must persist, is very organization specific, and will probably never or rarely be changed by SimpleSAMLphp releases.
|
||||
|
||||
Something like `/bin` should never be volume mounted unless it's for development purposes, as it will likley be upgraded by SimpleSAMLphp in new versions.
|
||||
|
||||
Be sure to check new SimpleSAMLphp releases to see if manual upgrades need done to a directory that was mounted.
|
||||
Check [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install) installation section 5 for specifics.
|
||||
|
||||
Individual files can also be mounted, but will not pre-seed content. It must pre-exist before starting the container.
|
||||
Mounting the `authsources.php` file is a good example, as `/config` will probably not be mounted.
|
||||
Another example, if using composer, the `composer.json` and `composer.lock` files will need mounted.
|
||||
|
||||
This will vary greatly depending on use. A compose file similar to a production instance as is at the end of this README.
|
||||
|
||||
| Directory | Opinion |
|
||||
| ------ | ------ |
|
||||
| /var/simplesamlphp/attributemap | Mount if additional mappings are needed. |
|
||||
| /var/simplesamlphp/bin | Probably should not be volume mounted. |
|
||||
| /var/simplesamlphp/cache | -- |
|
||||
| /var/simplesamlphp/cert | Should always be volume mounted. |
|
||||
| /var/simplesamlphp/config | Should probably not be volume mounted as it is configured via runtime environment variables. This should stay ephemeral. |
|
||||
| /var/simplesamlphp/config-templates | -- |
|
||||
| /var/simplesamlphp/data | -- |
|
||||
| /var/simplesamlphp/dictionaries | Depreciated as of 1.15.0. Use locales instead. |
|
||||
| /var/simplesamlphp/docs | -- |
|
||||
| /var/simplesamlphp/extra | -- |
|
||||
| /var/simplesamlphp/lib | -- |
|
||||
| /var/simplesamlphp/locales | Mount for customized user messages and translations. |
|
||||
| /var/simplesamlphp/log | If using docker log redirection, this cannot be volume mounted. If docker logs write to a file, this should be volume mounted so logs do not grow inside the container. |
|
||||
| /var/simplesamlphp/metadata | Should always be volume mounted, very specific to organization. |
|
||||
| /var/simplesamlphp/metadata-templates | -- |
|
||||
| /var/simplesamlphp/modules | Can be volume mounted for easier module customization |
|
||||
| /var/simplesamlphp/schemas | -- |
|
||||
| /var/simplesamlphp/src | -- |
|
||||
| /var/simplesamlphp/templates | -- |
|
||||
| /var/simplesamlphp/tests | -- |
|
||||
| /var/simplesamlphp/vendor | -- |
|
||||
| /var/simplesamlphp/www | Can be volume mounted for easier www customization |
|
||||
|
||||
### Runtime Environment Variables
|
||||
|
||||
The following variables can be overridden at run or in docker-compose.
|
||||
It is recommended to set them properly and not use default values.
|
||||
(Unless you want an authentication service with no SSL, with your admin password being 123 (Can you not, kthx)).
|
||||
|
||||
| Variable | Default Value | Description |
|
||||
| ------ | ------ | ------ |
|
||||
| CONFIG_BASEURLPATH | simplesaml/ | If using SSL behind a proxy enter the base URL here, otherwise IdP metadata will use http://. Format is [(https)://(hostname)[:port]]/[path/to/simplesaml/]. |
|
||||
| CONFIG_AUTHADMINPASSWORD | SSHA256 hash of '123' | Plain text works as well. Use PWGen to generate a hash for this variable. Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7. |
|
||||
| CONFIG_SECRETSALT | defaultsecretsalt | Refer to [SimpleSAMLphp docs](https://simplesamlphp.org/docs/stable/simplesamlphp-install), installation guide section 7 if help is needed for generating one. |
|
||||
| CONFIG_TECHNICALCONTACT_NAME | Administrator | Name of the Admin of Rainy Clouds, 42nd of Their Name, Breaker of Sanity, and ~~Destroyer~~ Protector of the Federation |
|
||||
| CONFIG_TECHNICALCONTACT_EMAIL | na@example.org | Address of hate mail and applicaton exception logs to send to. |
|
||||
| CONFIG_LANGUAGEDEFAULT | en | -- |
|
||||
| CONFIG_TIMEZONE | America/Chicago | Visit the [php.net man pages](http://php.net/manual/en/timezones.america.php) for the options, the one linked is for 'Murica. |
|
||||
| CONFIG_TEMPDIR | /tmp/simplesaml | -- |
|
||||
| CONFIG_SHOWERRORS | true | Shows detailed errors to the user if one occurs. |
|
||||
| CONFIG_ERRORREPORTING | true | Allow users to send reports from SimpleSAMLphp to the technicalcontact. |
|
||||
| CONFIG_ADMINPROTECTINDEXPAGE | false | Require admin password to access frontpage_federation index. |
|
||||
| CONFIG_ADMINPROTECTMETADATA | false | Require admin password to access public IdP metadata. |
|
||||
| CONFIG_DEBUG | false | Enable debugging to logs, requires CONFIG_LOGGINGLEVEL be set to DEBUG. |
|
||||
| CONFIG_LOGGINGLEVEL | NOTICE | Options are ERR, WARNING, NOTICE, INFO, DEBUG |
|
||||
| CONFIG_LOGGINGHANDLER | file | Default different from official default of syslog due to systemd not running in containers. |
|
||||
| CONFIG_LOGFILE | simplesamlphp.log | -- |
|
||||
| CONFIG_ENABLESAML20IDP | false | Enable SAML20 IdP |
|
||||
| CONFIG_ENABLESHIB13IDP | false | Enable Shibboleth13 IdP |
|
||||
| CONFIG_SESSIONDURATION | 8 * (60 * 60) | -- |
|
||||
| CONFIG_SESSIONDATASTORETIMEOUT | (4 * 60 * 60) | -- |
|
||||
| CONFIG_SESSIONSTATETIMEOUT | (60 * 60) | -- |
|
||||
| CONFIG_SESSIONCOOKIELIFETIME | 0 | -- |
|
||||
| CONFIG_SESSIONPHPSESSIONCOOKIENAME | SimpleSAML | -- |
|
||||
| CONFIG_SESSIONPHPSESSIONSAVEPATH | null | This must be set to a valid path if using phpsession, otherwise a redirect loop on login will occur. `/var/lib/php/session/` will be inserted if phpsession is used while this value is still unconfigured. |
|
||||
| CONFIG_SESSIONPHPSESSIONHTTPONLY | true | -- |
|
||||
| CONFIG_SESSIONREMEMBERMEENABLE | false | -- |
|
||||
| CONFIG_SESSIONREMEMBERMECHECKED | false | -- |
|
||||
| CONFIG_SESSIONREMEMBERMELIFETIME | (14 * 86400) | -- |
|
||||
| CONFIG_SESSIONCOOKIESECURE | false | -- |
|
||||
| CONFIG_ENABLEHTTPPOST | false | -- |
|
||||
| CONFIG_THEMEUSE | default | -- |
|
||||
| CONFIG_STORETYPE | phpsession | If using `memcache` option, CONFIG_MEMCACHESTORESERVERS and CONFIG_MEMCACHESTOREPREFIX will need to be set. |
|
||||
| CONFIG_MEMCACHESTORESERVERS | See Format Below* | Was unable to make this an easy variable, the format of the array is given below in a 2x2 example. Keep the format but replace the hostnames. |
|
||||
| CONFIG_MEMCACHESTOREPREFIX | null | `simplesamlphp` can be used in most cases. |
|
||||
| WWW_INDEX | core/frontpage_welcome.php | Page to direct to if a user accesses the IdP/SP directly. Can be set to an authentication test for example. |
|
||||
| OPENLDAP_TLS_REQCERT | demand | As per ldap man pages, Options are `never` `allow` `try` `demand`. If using Active Directory or OpenLDAP with TLS, logins will be rejected if the directory certificate is self-signed with the default `demand` value. This can be set to `never` for testing purposes. Refer to ldap.conf man page section 5 for more details. |
|
||||
| MTA_NULLCLIENT | false | Set to true to configure null client for sending e-mails. Visit the [Postfix Standard Configuration Examples](http://www.postfix.org/STANDARD_CONFIGURATION_README.html) for explaination of a null client. If this is set to false, postfix will be purged from the container. |
|
||||
| POSTFIX_MYHOSTNAME| host.domain.tld | Set to the FQDN of your host. ie `auth.example.com`. |
|
||||
| POSTFIX_MYORIGIN | $myhostname | Set to `$mydomain` as per postfix docs for null client. |
|
||||
| POSTFIX_RELAYHOST | $mydomain | Set to `$mydomain` again as per postfix docs for null client. |
|
||||
| POSTFIX_INETINTERFACES | localhost | Set to loopback-only as per postfix docs for null client. |
|
||||
| POSTFIX_MYDESTINATION | | Leave as empty string as per postfix docs for null client. |
|
||||
| DOCKER_REDIRECTLOGS | false | Redirect logs written to the log file by SimpleSAMLphp to `/dev/console`. Please run with -t as a TTY will need allocated for this to work. |
|
||||
|
||||
Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this template and replace the hostnames. Check compose file for usage example:
|
||||
```console
|
||||
'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ),
|
||||
```
|
||||
|
||||
> For the POSTFIX_ environment variables, the $ character will need to be escaped with another $. ie. enter `$$mydomain`.
|
||||
|
||||
### Maintenance
|
||||
|
||||
This is being actively maintained and is running in production for several organizations.
|
||||
Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired.
|
353
1.18.3/install-simplesamlphp.sh
Normal file
353
1.18.3/install-simplesamlphp.sh
Normal file
@ -0,0 +1,353 @@
|
||||
#!/usr/bin/with-contenv /bin/bash
|
||||
|
||||
#Default runtime variables if none are supplied at Docker container creation
|
||||
|
||||
DOCKER_REDIRECTLOGS=${DOCKER_REDIRECTLOGS:=false}
|
||||
|
||||
CONFIG_BASEURLPATH=${CONFIG_BASEURLPATH:=simplesaml/}
|
||||
|
||||
#This SSHA256 hash is '123' for the default password.
|
||||
CONFIG_AUTHADMINPASSWORD=${CONFIG_AUTHADMINPASSWORD:=\{SSHA256\}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw==}
|
||||
CONFIG_SECRETSALT=${CONFIG_SECRETSALT:=defaultsecretsalt}
|
||||
CONFIG_TECHNICALCONTACT_NAME=${CONFIG_TECHNICALCONTACT_NAME:=Administrator}
|
||||
CONFIG_TECHNICALCONTACT_EMAIL=${CONFIG_TECHNICALCONTACT_EMAIL:=na@example.org}
|
||||
CONFIG_LANGUAGEDEFAULT=${CONFIG_LANGUAGEDEFAULT:=en}
|
||||
CONFIG_TIMEZONE=${CONFIG_TIMEZONE:=America/Chicago}
|
||||
|
||||
CONFIG_TEMPDIR=${CONFIG_TEMPDIR:=/tmp/simplesaml}
|
||||
CONFIG_SHOWERRORS=${CONFIG_SHOWERRORS:=true}
|
||||
CONFIG_ERRORREPORTING=${CONFIG_ERRORREPORTING:=true}
|
||||
CONFIG_ADMINPROTECTINDEXPAGE=${CONFIG_ADMINPROTECTINDEXPAGE:=false}
|
||||
CONFIG_ADMINPROTECTMETADATA=${CONFIG_ADMINPROTECTMETADATA:=false}
|
||||
|
||||
CONFIG_DEBUG=${CONFIG_DEBUG:=false}
|
||||
CONFIG_LOGGINGLEVEL=${CONFIG_LOGGINGLEVEL:=NOTICE}
|
||||
CONFIG_LOGGINGHANDLER=${CONFIG_LOGGINGLHANDLER:=file}
|
||||
CONFIG_LOGFILE=${CONFIG_LOGFILE:='simplesamlphp.log'}
|
||||
|
||||
CONFIG_ENABLESAML20IDP=${CONFIG_ENABLESAML20IDP:=false}
|
||||
CONFIG_ENABLESHIB13IDP=${CONFIG_ENABLESHIB13IDP:=false}
|
||||
CONFIG_ENABLEADFSIDP=${CONFIG_ENABLEADFSIDP:=false}
|
||||
CONFIG_ENABLEWSFEDSP=${CONFIG_ENABLEWSFEDSP:=false}
|
||||
CONFIG_ENABLEAUTHMEMCOOKIE=${CONFIG_ENABLEAUTHMEMCOOKIE:=false}
|
||||
|
||||
CONFIG_SESSIONDURATION=${CONFIG_SESSIONDURATION:=8 * (60 * 60)}
|
||||
CONFIG_SESSIONDATASTORETIMEOUT=${CONFIG_SESSIONDATASTORETIMEOUT:=(4 * 60 * 60)}
|
||||
CONFIG_SESSIONSTATETIMEOUT=${CONFIG_SESSIONSTATETIMEOUT:=(60 * 60)}
|
||||
CONFIG_SESSIONCOOKIELIFETIME=${CONFIG_SESSIONCOOKIELIFETIME:=0}
|
||||
|
||||
CONFIG_SESSIONPHPSESSIONCOOKIENAME=${CONFIG_SESSIONPHPSESSIONCOOKIENAME:=SimpleSAML}
|
||||
CONFIG_SESSIONPHPSESSIONSAVEPATH=${CONFIG_SESSIONPHPSESSIONSAVEPATH:=null}
|
||||
CONFIG_SESSIONPHPSESSIONHTTPONLY=${CONFIG_SESSIONPHPSESSIONHTTPONLY:=true}
|
||||
|
||||
CONFIG_SESSIONREMEMBERMEENABLE=${CONFIG_SESSIONREMEMBERMEENABLE:=false}
|
||||
CONFIG_SESSIONREMEMBERMECHECKED=${CONFIG_SESSIONREMEMBERMECHECKED:=false}
|
||||
CONFIG_SESSIONREMEMBERMELIFETIME=${CONFIG_SESSIONREMEMBERMELIFETIME:=(14 * 86400)}
|
||||
|
||||
CONFIG_SESSIONCOOKIESECURE=${CONFIG_SESSIONCOOKIESECURE:=false}
|
||||
CONFIG_ENABLEHTTPPOST=${CONFIG_ENABLEHTTPPOST:=false}
|
||||
CONFIG_THEMEUSE=${CONFIG_THEMEUSE:=default}
|
||||
CONFIG_STORETYPE=${CONFIG_STORETYPE:=phpsession}
|
||||
|
||||
WWW_INDEX=${WWW_INDEX:=core/frontpage_welcome.php}
|
||||
OPENLDAP_TLS_REQCERT=${OPENLDAP_TLS_REQCERT:=demand}
|
||||
|
||||
MTA_NULLCLIENT=${MTA_NULLCLIENT:=false}
|
||||
POSTFIX_MYHOSTNAME=${POSTFIX_MYHOSTNAME:=host.domain.tld}
|
||||
POSTFIX_MYORIGIN=${POSTFIX_MYORIGIN:='$myhostname'}
|
||||
POSTFIX_RELAYHOST=${POSTFIX_RELAYHOST:='$mydomain'}
|
||||
POSTFIX_INETINTERFACES=${POSTFIX_INETINTERFACES:='localhost'}
|
||||
POSTFIX_MYDESTINATION=${POSTFIX_MYDESTINATION:=}
|
||||
|
||||
if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then
|
||||
echo "[$0] DOCKER_REDIRECTLOGS was set to 'true', so setting CONFIG_LOGGINGHANDLER to 'file'"
|
||||
CONFIG_LOGGINGHANDLER=file
|
||||
|
||||
if [ "$CONFIG_LOGFILE" != "simplesamlphp.log" ]; then
|
||||
echo "[$0] [WARN] DOCKER_REDIRECTLOGS was set to true, but CONFIG_LOGFILE was set away from the default. It makes no sense to do this as logs are redirected to a pipe."
|
||||
echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false' and volume mount the logs directory to the host."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/log/)" ]; then
|
||||
if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then
|
||||
echo "[$0] [WARN] DOCKER_REDIRECTLOGS is set to true but the log directory is volume mounted. It makes no sense to do this as logs are redirected to a pipe."
|
||||
echo "[$0] If a simplesamlphp logfile is desired instead of docker logs, set DOCKER_REDIRECTLOGS to 'false'."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "[$0] Check for TTY"
|
||||
if [ ! -e /dev/console ]; then
|
||||
echo "[$0] [WARN] DOCKER_REDIRECTLOGS is set to true but no TTY is available for console."
|
||||
echo "[$0] SimpleSAMLphp logs will NOT redirect. Destroy and re-run with -t to allocate a TTY."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
else
|
||||
echo "[$0] Creating symlink $CONFIG_LOGFILE targeting /dev/console to redirect logs"
|
||||
ln -sf /dev/console /var/simplesamlphp/log/$CONFIG_LOGFILE
|
||||
chown nginx:nginx /var/simplesamlphp/log/$CONFIG_LOGFILE
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$CONFIG_LOGGINGHANDLER" = "file" ] && [ ! -z "$(ls -A /var/simplesamlphp/log/)" ] && [ ! -L /var/simplesamlphp/log/$CONFIG_LOGFILE ]; then
|
||||
echo "[$0] [WARN] CONFIG_LOGGINGHANDLER is set to 'file' but the log directory is not volume mounted."
|
||||
echo "[$0] [WARN] This will cause the container to grow with a logfile and is in most cases very undesirable."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
|
||||
#Only set memcache vars if storetype is memcache
|
||||
if [ "$CONFIG_STORETYPE" == "memcache" ]; then
|
||||
CONFIG_MEMCACHESTORESERVERS=${CONFIG_MEMCACHESTORESERVERS:=" 'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ),"}
|
||||
CONFIG_MEMCACHESTOREPREFIX=${CONFIG_MEMCACHESTOREPREFIX:=null}
|
||||
fi
|
||||
|
||||
#Check to see what directories were volume mounted
|
||||
if [ -z "$(ls -A /var/simplesamlphp/)" ]; then
|
||||
echo "[$0] [WARN] New install, The entire SimpleSAMLphp directory seems to be Docker volume mounted as it is empty. This is fine for testing but highly not recommended in production. Please see the Dockerfile README for more info." >&2
|
||||
tar xf /var/simplesamlphp.tar.gz -C /var/ > /dev/null
|
||||
mv /var/simplesamlphp-*/* /var/simplesamlphp/ > /dev/null
|
||||
rm -rf /var/simplesamlphp-* > /dev/null
|
||||
echo "[$0] [WARN] Install Complete. Nothing is ephemeral in the SimpleSAMLphp install so updates need done manually from the host volume this point forward." >&2
|
||||
else
|
||||
if [ -z "$(ls -A /var/simplesamlphp/attributemap/)" ]; then
|
||||
echo "[$0] attributemap directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/attributemap > /dev/null
|
||||
mv /simplesamlphp-1.*/attributemap/* /var/simplesamlphp/attributemap/
|
||||
echo "[$0] Seed complete. Directory attributemap will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/bin/)" ]; then
|
||||
echo "[$0] bin directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/bin > /dev/null
|
||||
mv /simplesamlphp-1.*/bin/* /var/simplesamlphp/bin/
|
||||
echo "[$0] Seed complete. Directory bin will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
ls -A /var/simplesamlphp/cert/breadcrumb &> /dev/null
|
||||
if ! [ $? -ne 0 ]; then
|
||||
echo "[$0] [WARN] cert directory is not volume mounted and probably should be."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/config/)" ]; then
|
||||
echo "[$0] config directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/config > /dev/null
|
||||
mv /simplesamlphp-1.*/config/* /var/simplesamlphp/config/
|
||||
echo "[$0] Seed complete. Directory config will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/config-templates/)" ]; then
|
||||
echo "[$0] config-templates directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/config-templates > /dev/null
|
||||
mv /simplesamlphp-1.*/config-templates/* /var/simplesamlphp/config-templates/
|
||||
echo "[$0] Seed complete. Directory config-templates will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/dictionaries/)" ]; then
|
||||
echo "[$0] dictionaries directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/dictionaries > /dev/null
|
||||
mv /simplesamlphp-1.*/dictionaries/* /var/simplesamlphp/dictionaries/
|
||||
echo "[$0] Seed complete. Directory dictionaries will not be part of future upgrades and will need upgraded manually."
|
||||
echo "[$0] [WARN] usage of dictionaries are deprecated in 1.15.0 and will be removed in 2.0. Use locales instead."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/docs/)" ]; then
|
||||
echo "[$0] docs directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/docs > /dev/null
|
||||
mv /simplesamlphp-1.*/docs/* /var/simplesamlphp/docs/
|
||||
echo "[$0] Seed complete. Directory docs will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/extra/)" ]; then
|
||||
echo "[$0] extra directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/extra > /dev/null
|
||||
mv /simplesamlphp-1.*/extra/* /var/simplesamlphp/extra/
|
||||
echo "[$0] Seed complete. Directory extra will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/lib/)" ]; then
|
||||
echo "[$0] lib directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/lib > /dev/null
|
||||
mv /simplesamlphp-1.*/lib/* /var/simplesamlphp/lib/
|
||||
echo "[$0] Seed complete. Directory lib will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/locales/)" ]; then
|
||||
echo "[$0] locales directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/locales > /dev/null
|
||||
mv /simplesamlphp-1.*/locales/* /var/simplesamlphp/locales/
|
||||
echo "[$0] Seed complete. Directory locales will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/metadata/)" ]; then
|
||||
echo "[$0] metadata directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/metadata > /dev/null
|
||||
mv /simplesamlphp-1.*/metadata/* /var/simplesamlphp/metadata/
|
||||
echo "[$0] Seed complete. Directory metadata will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/metadata-templates/)" ]; then
|
||||
echo "[$0] metadata-templates directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/metadata-templates > /dev/null
|
||||
mv /simplesamlphp-1.*/metadata-templates/* /var/simplesamlphp/metadata-templates/
|
||||
echo "[$0] Seed complete. Directory metadata-templates will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/modules/)" ]; then
|
||||
echo "[$0] modules directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/modules > /dev/null
|
||||
mv /simplesamlphp-1.*/modules/* /var/simplesamlphp/modules/
|
||||
echo "[$0] Seed complete. Directory modules will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/schemas/)" ]; then
|
||||
echo "[$0] schemas directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/schemas > /dev/null
|
||||
mv /simplesamlphp-1.*/schemas/* /var/simplesamlphp/schemas/
|
||||
echo "[$0] Seed complete. Directory schemas will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/src/)" ]; then
|
||||
echo "[$0] src directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/src > /dev/null
|
||||
mv /simplesamlphp-1.*/src/* /var/simplesamlphp/src/
|
||||
echo "[$0] Seed complete. Directory src will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/templates/)" ]; then
|
||||
echo "[$0] templates directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/templates > /dev/null
|
||||
mv /simplesamlphp-1.*/templates/* /var/simplesamlphp/templates/
|
||||
echo "[$0] Seed complete. Directory templates will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/tests/)" ]; then
|
||||
echo "[$0] tests directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/tests > /dev/null
|
||||
mv /simplesamlphp-1.*/tests/* /var/simplesamlphp/tests/
|
||||
echo "[$0] Seed complete. Directory tests will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/vendor/)" ]; then
|
||||
echo "[$0] vendor directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/vendor > /dev/null
|
||||
mv /simplesamlphp-1.*/vendor/* /var/simplesamlphp/vendor/
|
||||
echo "[$0] Seed complete. Directory vendor will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
if [ -z "$(ls -A /var/simplesamlphp/www/)" ]; then
|
||||
echo "[$0] www directory seems to be Docker volume mounted as it is empty. Seeding."
|
||||
tar xzvf /var/simplesamlphp.tar.gz simplesamlphp*/www > /dev/null
|
||||
mv /simplesamlphp-1.*/www/* /var/simplesamlphp/www/
|
||||
echo "[$0] Seed complete. Directory www will not be part of future upgrades and will need upgraded manually."
|
||||
fi
|
||||
rm -rf /simplesamlphp-*/
|
||||
fi
|
||||
|
||||
#Only configure null cient for mail if MTA_NULLCLIENT is true, else remove postfix
|
||||
if [ "$MTA_NULLCLIENT" == "true" ]; then
|
||||
echo "[$0] MTA_NULLCLIENT was set to true, configuring postfix..."
|
||||
sed -i "s|#myhostname = host.domain.tld|myhostname = $POSTFIX_MYHOSTNAME|g" /etc/postfix/main.cf
|
||||
sed -i "s|#myorigin = \$myhostname|myorigin = $POSTFIX_MYORIGIN|g" /etc/postfix/main.cf
|
||||
sed -i "s|#relayhost = \$mydomain|relayhost = $POSTFIX_RELAYHOST|g" /etc/postfix/main.cf
|
||||
sed -i "s|inet_interfaces = localhost|inet_interfaces = $POSTFIX_INETINTERFACES|g" /etc/postfix/main.cf
|
||||
sed -i "s|inet_protocols = all|inet_protocols = ipv4|g" /etc/postfix/main.cf
|
||||
sed -i "s|mydestination = \$myhostname, localhost.\$mydomain, localhost|mydestination = $POSTFIX_MYDESTINATION|1" /etc/postfix/main.cf
|
||||
if [ "$POSTFIX_MYDESTINATION" != "" ] ; then
|
||||
echo "[$0] [WARN] Only null client is supported in this image. POSTFIX_MYDESTINATION must be set to an empty string but was set to '$POSTFIX_MYDESTINATION'."
|
||||
echo "[$0] To avoid this warning in the future, set POSTFIX_MYDESTINATION to an empty string."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
echo "[$0] Configured null client."
|
||||
elif [ "$MTA_NULLCLIENT" == "false" ]; then
|
||||
echo "[$0] MTA_NULLCLIENT was set to false, removing postfix and mariadb-libs"
|
||||
yum remove -y postfix mariadb-libs > /dev/null
|
||||
rm -rf /etc/services.d/postfix/
|
||||
else
|
||||
echo "[$0] [WARN] Unsupported value for MTA_NULLCLIENT. Expecting 'true' or 'false', but was set to '$MTA_NULLCLIENT'.
|
||||
echo "[$0] To avoid this warning in the future, set MTA_NULLCLIENT to a valid value. Doing nothing.
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
|
||||
#Apply server certificate check in a TLS session
|
||||
echo -e "TLS_REQCERT\t$OPENLDAP_TLS_REQCERT" >> /etc/openldap/ldap.conf
|
||||
|
||||
ls -A /var/simplesamlphp/config/.dockersetupdone &> /dev/null
|
||||
if ! [ $? -ne 0 ]; then
|
||||
echo "[$0] Breadcrumb located, skipping firstime config."
|
||||
echo "[$0] Done"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
#Configure SimpleSAMLphp from runtime variables.
|
||||
|
||||
echo "[$0] Apply Configuration to config.php..."
|
||||
|
||||
#Apply Configurations
|
||||
sed -i "s|'baseurlpath' => 'simplesaml/'|'baseurlpath' => '$CONFIG_BASEURLPATH'|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'auth.adminpassword' => '123'|'auth.adminpassword' => '$CONFIG_AUTHADMINPASSWORD'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'secretsalt' => 'defaultsecretsalt'|'secretsalt' => '$CONFIG_SECRETSALT'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'technicalcontact_name' => 'Administrator'|'technicalcontact_name' => '$CONFIG_TECHNICALCONTACT_NAME'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'technicalcontact_email' => 'na@example.org'|'technicalcontact_email' => '$CONFIG_TECHNICALCONTACT_EMAIL'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'language.default' => 'en'|'language.default' => '$CONFIG_LANGUAGEDEFAULT'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'timezone' => null|'timezone' => '$CONFIG_TIMEZONE'|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'tempdir' => '/tmp/simplesaml'|'tempdir' => '$CONFIG_TEMPDIR'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'showerrors' => true|'showerrors' => $CONFIG_SHOWERRORS|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'errorreporting' => true|'errorreporting' => $CONFIG_ERRORREPORTING|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'admin.protectindexpage' => false|'admin.protectindexpage' => $CONFIG_ADMINPROTECTINDEXPAGE|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'admin.protectmetadata' => false|'admin.protectmetadata' => $CONFIG_ADMINPROTECTMETADATA|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'debug' => false|'debug' => $CONFIG_DEBUG|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'logging.level' => SimpleSAML_Logger::NOTICE|'logging.level' => SimpleSAML_Logger::$CONFIG_LOGGINGLEVEL|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'logging.handler' => 'syslog'|'logging.handler' => '$CONFIG_LOGGINGHANDLER'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'logging.logfile' => 'simplesamlphp.log'|'logging.logfile' => '$CONFIG_LOGFILE'|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'enable.saml20-idp' => false|'enable.saml20-idp' => $CONFIG_ENABLESAML20IDP|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'enable.shib13-idp' => false|'enable.shib13-idp' => $CONFIG_ENABLESHIB13IDP|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'enable.adfs-idp' => false|'enable.adfs-idp' => $CONFIG_ENABLEADFSIDP|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'enable.wsfed-sp' => false|'enable.wsfed-sp' => $CONFIG_ENABLEWSFEDSP|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'enable.authmemcookie' => false|'enable.authmemcookie' => $CONFIG_ENABLEAUTHMEMCOOKIE|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'session.duration' => 8 \* (60 \* 60)|'session.duration' => $CONFIG_SESSIONDURATION|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'session.datastore.timeout' => (4 \* 60 \* 60)|'session.datastore.timeout' => $CONFIG_SESSIONDATASTORETIMEOUT|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'session.state.timeout' => (60 \* 60)|'session.state.timeout' => $CONFIG_SESSIONSTATETIMEOUT|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'session.cookie.lifetime' => 0|'session.cookie.lifetime' => $CONFIG_SESSIONCOOKIELIFETIME|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'session.phpsession.cookiename' => 'SimpleSAML'|'session.phpsession.cookiename' => '$CONFIG_SESSIONPHPSESSIONCOOKIENAME'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'session.phpsession.savepath' => null|'session.phpsession.savepath' => '$CONFIG_SESSIONPHPSESSIONSAVEPATH'|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'session.phpsession.httponly' => true|'session.phpsession.httponly' => $CONFIG_SESSIONPHPSESSIONHTTPONLY|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'session.rememberme.enable' => false|'session.rememberme.enable' => $CONFIG_SESSIONREMEMBERMEENABLE|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'session.rememberme.checked' => false|'session.rememberme.checked' => $CONFIG_SESSIONREMEMBERMECHECKED|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'session.rememberme.lifetime' => (14 \* 86400)|'session.rememberme.lifetime' => $CONFIG_SESSIONREMEMBERMELIFETIME|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'session.cookie.secure' => false|'session.cookie.secure' => $CONFIG_SESSIONCOOKIESECURE|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'enable.http_post' => false|'enable.http_post' => $CONFIG_ENABLEHTTPPOST|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'theme.use' => 'default'|'theme.use' => '$CONFIG_THEMEUSE'|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'store.type' => 'phpsession',|'store.type' => '$CONFIG_STORETYPE',|g" /var/simplesamlphp/config/config.php
|
||||
|
||||
sed -i "s|'core/frontpage_welcome.php'|'$WWW_INDEX'|g" /var/simplesamlphp/www/index.php
|
||||
|
||||
#Check for valid phpsession configuration
|
||||
if [ "$CONFIG_STORETYPE" == "phpsession" ] && [ "$CONFIG_SESSIONPHPSESSIONSAVEPATH" == "null" ]; then
|
||||
echo "[$0] [WARN] CONFIG_STORETYPE was set to 'phpsession', but CONFIG_SESSIONPHPSESSIONSAVEPATH was not set from null. This will not work. Setting CONFIG_SESSIONPHPSESSIONSAVEPATH to '/var/lib/php/session/'."
|
||||
echo "[$0] To avoid this warning in the future, set CONFIG_SESSIONPHPSESSIONSAVEPATH to a valid value, '/var/lib/php/session' is the suggested default if phpsession is used."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
CONFIG_SESSIONPHPSESSIONSAVEPATH=/var/lib/php/session/
|
||||
sed -i "s|'session.phpsession.savepath' => 'null'|'session.phpsession.savepath' => '$CONFIG_SESSIONPHPSESSIONSAVEPATH'|g" /var/simplesamlphp/config/config.php
|
||||
fi
|
||||
|
||||
#Only configure redundant memcache if storetype is set to memcache
|
||||
if [ "$CONFIG_STORETYPE" == "memcache" ]; then
|
||||
sed -i "/ 'memcache_store.servers' => \[/{n;N;N;d}" /var/simplesamlphp/config/config.php
|
||||
sed -i "s| 'memcache_store.servers' => \[|$CONFIG_MEMCACHESTORESERVERS|g" /var/simplesamlphp/config/config.php
|
||||
sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => '$CONFIG_MEMCACHESTOREPREFIX'|g" /var/simplesamlphp/config/config.php
|
||||
if [ "$CONFIG_MEMCACHESTOREPREFIX" == "null" ]; then
|
||||
echo "[$0] [WARN] CONFIG_STORETYPE was set to 'memcache', but CONFIG_MEMCACHESTOREPREFIX was not set from null. This will not work. Setting CONFIG_MEMCACHESTOREPREFIX to 'simpleSAMLphp'."
|
||||
echo "[$0] To avoid this warning in the future, set CONFIG_MEMCACHESTOREPREFIX to something, 'simpleSAMLphp' is the suggested default if memcache is enabled."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
sed -i "s|'memcache_store.prefix' => null|'memcache_store.prefix' => $CONFIG_MEMCACHESTOREPREFIX|g" /var/simplesamlphp/config/config.php
|
||||
fi
|
||||
fi
|
||||
|
||||
chown nginx:nginx /var/simplesamlphp/log/
|
||||
|
||||
touch /var/simplesamlphp/config/.dockersetupdone
|
||||
|
||||
echo "[$0] Configuration Complete. Saved .dockersetupdone breadcrumb to config directory to prevent config rerun."
|
@ -1,7 +1,7 @@
|
||||
[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.18.2.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.18.2.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.18.2 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
|
||||
[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.18.3.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.18.3.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.18.3 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
|
||||
|
||||
### About this Repo
|
||||
|
||||
This is the Git repo for the Docker image [venatorfox/simplesamlphp](https://hub.docker.com/r/venatorfox/simplesamlphp/). Please view the [Docker Hub Page](https://hub.docker.com/r/venatorfox/simplesamlphp/) for the full readme on how to use this Docker image.
|
||||
|
||||
Instructions and how to use images are located at: [latest Dockerfile directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/1.18.2).
|
||||
Instructions and how to use images are located at: [latest Dockerfile directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/1.18.3).
|
||||
|
@ -1,4 +1,4 @@
|
||||
[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.18.2.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.18.2.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.18.2 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
|
||||
[![](https://images.microbadger.com/badges/version/venatorfox/simplesamlphp:1.18.3.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/network "View Network") [![](https://images.microbadger.com/badges/image/venatorfox/simplesamlphp:1.18.3.svg)](https://microbadger.com/images/venatorfox/simplesamlphp:1.18.3 "View layer metadata on MicroBadger") [![Pulls on Docker Hub](https://img.shields.io/docker/pulls/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![Stars on Docker Hub](https://img.shields.io/docker/stars/venatorfox/simplesamlphp.svg)](https://hub.docker.com/r/venatorfox/simplesamlphp) [![GitHub Open Issues](https://img.shields.io/github/issues/Venator-Fox/docker-simplesamlphp.svg)](https://github.com/Venator-Fox/docker-simplesamlphp/issues) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
|
||||
|
||||
### Examples
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user