Add null client support, resolves #2
This commit is contained in:
parent
23a8a2f15e
commit
82ba838e0b
|
@ -11,7 +11,7 @@ RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \
|
|||
|
||||
#Install SimpleSAMLphp Requirements
|
||||
RUN yum -y install centos-release-scl \
|
||||
&& yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo rh-php72-php-ldap sclo-php72-php-pecl-memcached \
|
||||
&& yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo rh-php72-php-ldap sclo-php72-php-pecl-memcached postfix \
|
||||
&& sed -i 's/user = apache/user = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf \
|
||||
&& sed -i 's/group = apache/group = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf
|
||||
|
||||
|
@ -48,6 +48,12 @@ RUN mkdir -p /etc/services.d/php-fpm/ \
|
|||
&& echo '/opt/rh/rh-php72/root/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \
|
||||
&& sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/opt/rh/rh-php72/php-fpm.conf
|
||||
|
||||
#Add Service Postfix to be Monitored by S6
|
||||
RUN mkdir -p /etc/services.d/postfix/ \
|
||||
&& touch /etc/services.d/postfix/run \
|
||||
&& echo '#!/usr/bin/execlineb -P' > /etc/services.d/postfix/run \
|
||||
&& echo '/usr/sbin/postfix start' >> /etc/services.d/postfix/run
|
||||
|
||||
#Copy the SimpleSAMLphp CLI Install Script into the Container to be executed on startup
|
||||
COPY install-simplesamlphp.sh /etc/cont-init.d/
|
||||
RUN chmod u+x /etc/cont-init.d/install-simplesamlphp.sh
|
||||
|
|
|
@ -31,7 +31,7 @@ The next sections below will show available runtime environment variables for a
|
|||
> This is controlled by how you mount docker volumes. Examples are presented below.
|
||||
|
||||
### More Complex Examples
|
||||
Some more complex (ie. with SSL termination, memcache, etc...) setup examples are located in the README.md within the [examples directory].
|
||||
Some more complex (ie. with SSL termination, memcache, null client, etc...) setup examples are located in the README.md within the [examples directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/examples).
|
||||
|
||||
### Supported Volume Mount Options for Pre-Seeding
|
||||
|
||||
|
@ -127,18 +127,24 @@ It is recommended to set them properly and not use default values.
|
|||
| CONFIG_MEMCACHESTOREPREFIX | null | `simplesamlphp` can be used in most cases. |
|
||||
| WWW_INDEX | core/frontpage_welcome.php | Page to direct to if a user accesses the IdP/SP directly. Can be set to an authentication test for example. |
|
||||
| OPENLDAP_TLS_REQCERT | demand | As per ldap man pages, Options are `never` `allow` `try` `demand`. If using Active Directory or OpenLDAP with TLS, logins will be rejected if the directory certificate is self-signed with the default `demand` value. This can be set to `never` for testing purposes. Refer to ldap.conf man page section 5 for more details. |
|
||||
| MTA_NULLCLIENT | false | Set to true to configure null client for sending e-mails. Visit the [Postfix Standard Configuration Examples](http://www.postfix.org/STANDARD_CONFIGURATION_README.html) for explaination of a null client. If this is set to false, postfix will be purged from the container. |
|
||||
| POSTFIX_MYHOSTNAME| host.domain.tld | Set to the FQDN of your host. ie `auth.example.com` |
|
||||
| POSTFIX_MYORIGIN | $myhostname | Set to `$mydomain` as per postfix docs for null client |
|
||||
| POSTFIX_RELAYHOST | $mydomain | Set to `$mydomain` again as per postfix docs for null client |
|
||||
| POSTFIX_INETINTERFACES | localhost | Set to loopback-only as per postfix docs for null client |
|
||||
| POSTFIX_MYDESTINATION | | Leave as empty string as per postfix docs for null client |
|
||||
|
||||
Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this template and replace the hostnames. Check compose file for usage example:
|
||||
```console
|
||||
'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ),
|
||||
```
|
||||
|
||||
> For the POSTFIX_ environment variables, the $ character will need to be escaped with another $. ie. enter `$$mydomain`.
|
||||
|
||||
### Maintenance
|
||||
|
||||
This is being actively maintained and is running in production for several organizations.
|
||||
Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired.
|
||||
|
||||
### Todos
|
||||
- Figure out logging to docker stdio
|
||||
- Add support for mail to be sent during exceptions
|
||||
- Add ability for stats to be sent to docker stdio or to mounted file
|
||||
- Figure out logging to docker stdio
|
|
@ -52,6 +52,13 @@ CONFIG_STORETYPE=${CONFIG_STORETYPE:=phpsession}
|
|||
WWW_INDEX=${WWW_INDEX:=core/frontpage_welcome.php}
|
||||
OPENLDAP_TLS_REQCERT=${OPENLDAP_TLS_REQCERT:=demand}
|
||||
|
||||
MTA_NULLCLIENT=${MTA_NULLCLIENT:=false}
|
||||
POSTFIX_MYHOSTNAME=${POSTFIX_MYHOSTNAME:=host.domain.tld}
|
||||
POSTFIX_MYORIGIN=${POSTFIX_MYORIGIN:='$myhostname'}
|
||||
POSTFIX_RELAYHOST=${POSTFIX_RELAYHOST:='$mydomain'}
|
||||
POSTFIX_INETINTERFACES=${POSTFIX_INETINTERFACES:='localhost'}
|
||||
POSTFIX_MYDESTINATION=${POSTFIX_MYDESTINATION:=}
|
||||
|
||||
if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then
|
||||
echo "[$0] DOCKER_REDIRECTLOGS was set to 'true', so setting CONFIG_LOGGINGHANDLER to 'file'"
|
||||
CONFIG_LOGGINGHANDLER=file
|
||||
|
@ -276,6 +283,32 @@ sed -i "s|'store.type' => 'phpsession',|'store.type'
|
|||
|
||||
sed -i "s|'core/frontpage_welcome.php'|'$WWW_INDEX'|g" /var/simplesamlphp/www/index.php
|
||||
|
||||
#Only configure null cient for mail if MTA_NULLCLIENT is true, else remove postfix
|
||||
if [ "$MTA_NULLCLIENT" == "true" ]; then
|
||||
echo "[$0] MTA_NULLCLIENT was set to true, configuring postfix..."
|
||||
sed -i "s|#myhostname = host.domain.tld|myhostname = $POSTFIX_MYHOSTNAME|g" /etc/postfix/main.cf
|
||||
sed -i "s|#myorigin = \$myhostname|myorigin = $POSTFIX_MYORIGIN|g" /etc/postfix/main.cf
|
||||
sed -i "s|#relayhost = \$mydomain|relayhost = $POSTFIX_RELAYHOST|g" /etc/postfix/main.cf
|
||||
sed -i "s|inet_interfaces = localhost|inet_interfaces = $POSTFIX_INETINTERFACES|g" /etc/postfix/main.cf
|
||||
sed -i "s|mydestination = \$myhostname, localhost.\$mydomain, localhost|mydestination = $POSTFIX_MYDESTINATION|1" /etc/postfix/main.cf
|
||||
if [ "$POSTFIX_MYDESTINATION" != "" ] ; then
|
||||
echo "[$0] [WARN] Only null client is supported in this image. POSTFIX_MYDESTINATION must be set to an empty string but was set to '$POSTFIX_MYDESTINATION'."
|
||||
echo "[$0] To avoid this warning in the future, set POSTFIX_MYDESTINATION to an empty string."
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
echo "[$0] Configured null client."
|
||||
elif [ "$MTA_NULLCLIENT" == "false" ]; then
|
||||
echo "[$0] MTA_NULLCLIENT was set to false, removing postfix and mariadb-libs"
|
||||
yum remove -y postfix mariadb-libs > /dev/null
|
||||
rm -rf /etc/services.d/postfix/
|
||||
else
|
||||
echo "[$0] [WARN] Unsupported value for MTA_NULLCLIENT. Expecting 'true' or 'false', but was set to '$MTA_NULLCLIENT'.
|
||||
echo "[$0] To avoid this warning in the future, set MTA_NULLCLIENT to a valid value. Doing nothing.
|
||||
echo "[$0] Pausing 5 seconds due to above warning."
|
||||
sleep 5
|
||||
fi
|
||||
|
||||
#Check for valid phpsession configuration
|
||||
if [ "$CONFIG_STORETYPE" == "phpsession" ] && [ "$CONFIG_SESSIONPHPSESSIONSAVEPATH" == "null" ]; then
|
||||
echo "[$0] [WARN] CONFIG_STORETYPE was set to 'phpsession', but CONFIG_SESSIONPHPSESSIONSAVEPATH was not set from null. This will not work. Setting CONFIG_SESSIONPHPSESSIONSAVEPATH to '/var/lib/php/session/'."
|
||||
|
|
|
@ -30,6 +30,12 @@ services:
|
|||
- CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => [\n [\n ['hostname' => 'some-memcacheda01'],\n ['hostname' => 'some-memcacheda02'],\n ],\n [\n ['hostname' => 'some-memcachedb01'],\n ['hostname' => 'some-memcachedb02'],\n ],
|
||||
# - WWW_INDEX=core/authenticate.php?as=admin
|
||||
- OPENLDAP_TLS_REQCERT=always
|
||||
- MTA_NULLCLIENT=true
|
||||
- POSTFIX_MYHOSTNAME=auth.example.com
|
||||
- POSTFIX_MYORIGIN=$$mydomain
|
||||
- POSTFIX_RELAYHOST=$$mydomain
|
||||
- POSTFIX_INETINTERFACES=loopback-only
|
||||
- POSTFIX_MYDESTINATION=
|
||||
volumes:
|
||||
# - /srv/docker/volumes/some-simplesamlphp01/cache/:/var/simplesamlphp/cache/:Z
|
||||
# - /srv/docker/volumes/some-simplesamlphp01/config/authsources.php:/var/simplesamlphp/config/authsources.php:Z
|
||||
|
@ -86,7 +92,7 @@ services:
|
|||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- /srv/docker/volumes/some-haproxy:/etc/haproxy
|
||||
- /srv/docker/volumes/some-haproxy:/etc/haproxy/:Z
|
||||
restart: always
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
|
|
Loading…
Reference in New Issue