coop-cloud-chaos-patchs
/
docker-simplesamlphp
mirror of https://github.com/3-w-c/docker-simplesamlphp.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add null client support, resovles #2

This commit is contained in:
Adam W Zheng 2019-03-18 17:43:52 -05:00
parent 23a8a2f15e
commit fd90c365d1
4 changed files with 57 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
1.17.1/Dockerfile
View File

@ -11,7 +11,7 @@ RUN tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" \
#Install SimpleSAMLphp Requirements
RUN yum -y install centos-release-scl \
&& yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo rh-php72-php-ldap sclo-php72-php-pecl-memcached \
&& yum -y install rh-nginx114 rh-php72 rh-php72-php-fpm rh-php72-php-mbstring rh-php72-php-pdo rh-php72-php-ldap sclo-php72-php-pecl-memcached postfix \
&& sed -i 's/user = apache/user = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf \
&& sed -i 's/group = apache/group = nginx/' /etc/opt/rh/rh-php72/php-fpm.d/www.conf
@ -48,6 +48,12 @@ RUN mkdir -p /etc/services.d/php-fpm/ \
&& echo '/opt/rh/rh-php72/root/usr/sbin/php-fpm' >> /etc/services.d/php-fpm/run --nodaemonize \
&& sed -i 's|pid = /run/php-fpm/php-fpm.pid|pid = /run/php-fpm.pid|g' /etc/opt/rh/rh-php72/php-fpm.conf
#Add Service Postfix to be Monitored by S6
RUN mkdir -p /etc/services.d/postfix/ \
&& touch /etc/services.d/postfix/run \
&& echo '#!/usr/bin/execlineb -P' > /etc/services.d/postfix/run \
&& echo '/usr/sbin/postfix start' >> /etc/services.d/postfix/run
#Copy the SimpleSAMLphp CLI Install Script into the Container to be executed on startup
COPY install-simplesamlphp.sh /etc/cont-init.d/
RUN chmod u+x /etc/cont-init.d/install-simplesamlphp.sh

14
1.17.1/README.md
View File

@ -31,7 +31,7 @@ The next sections below will show available runtime environment variables for a
> This is controlled by how you mount docker volumes. Examples are presented below.
### More Complex Examples
Some more complex (ie. with SSL termination, memcache, etc...) setup examples are located in the README.md within the [examples directory].
Some more complex (ie. with SSL termination, memcache, null client, etc...) setup examples are located in the README.md within the [examples directory](https://github.com/Venator-Fox/docker-simplesamlphp/tree/master/examples).
### Supported Volume Mount Options for Pre-Seeding
@ -127,18 +127,24 @@ It is recommended to set them properly and not use default values.
| CONFIG_MEMCACHESTOREPREFIX | null | `simplesamlphp` can be used in most cases. |
| WWW_INDEX | core/frontpage_welcome.php | Page to direct to if a user accesses the IdP/SP directly. Can be set to an authentication test for example. |
| OPENLDAP_TLS_REQCERT | demand | As per ldap man pages, Options are `never` `allow` `try` `demand`. If using Active Directory or OpenLDAP with TLS, logins will be rejected if the directory certificate is self-signed with the default `demand` value. This can be set to `never` for testing purposes. Refer to ldap.conf man page section 5 for more details. |
| MTA_NULLCLIENT | false | Set to true to configure null client for sending e-mails. Visit the [Postfix Standard Configuration Examples](http://www.postfix.org/STANDARD_CONFIGURATION_README.html) for explaination of a null client. If this is set to false, postfix will be purged from the container. |
| POSTFIX_MYHOSTNAME| host.domain.tld | Set to the FQDN of your host. ie `auth.example.com` |
| POSTFIX_MYORIGIN | $myhostname | Set to `$mydomain` as per postfix docs for null client |
| POSTFIX_RELAYHOST | $mydomain | Set to `$mydomain` again as per postfix docs for null client |
| POSTFIX_INETINTERFACES | localhost | Set to loopback-only as per postfix docs for null client |
| POSTFIX_MYDESTINATION | | Leave as empty string as per postfix docs for null client |
Default CONFIG_MEMCACHESTORESERVERS format, 2 pair of 2 example. Use this template and replace the hostnames. Check compose file for usage example:
```console
'memcache_store.servers' => array(\n array(\n array('hostname' => 'mc_a1'),\n array('hostname' => 'mc_a2'),\n ),\n array(\n array('hostname' => 'mc_b1'),\n array('hostname' => 'mc_b2'),\n ),
```
> For the POSTFIX_ environment variables, the $ character will need to be escaped with another $. ie. enter `$$mydomain`.
### Maintenance
This is being actively maintained and is running in production for several organizations.
Please [create an issue](https://github.com/Venator-Fox/docker-simplesamlphp/issues) if needed or if additional variables/features are desired.
### Todos
- Figure out logging to docker stdio
- Add support for mail to be sent during exceptions
- Add ability for stats to be sent to docker stdio or to mounted file
- Figure out logging to docker stdio

33
1.17.1/install-simplesamlphp.sh
View File

@ -52,6 +52,13 @@ CONFIG_STORETYPE=${CONFIG_STORETYPE:=phpsession}
WWW_INDEX=${WWW_INDEX:=core/frontpage_welcome.php}
OPENLDAP_TLS_REQCERT=${OPENLDAP_TLS_REQCERT:=demand}
MTA_NULLCLIENT=${MTA_NULLCLIENT:=false}
POSTFIX_MYHOSTNAME=${POSTFIX_MYHOSTNAME:=host.domain.tld}
POSTFIX_MYORIGIN=${POSTFIX_MYORIGIN:='$myhostname'}
POSTFIX_RELAYHOST=${POSTFIX_RELAYHOST:='$mydomain'}
POSTFIX_INETINTERFACES=${POSTFIX_INETINTERFACES:='localhost'}
POSTFIX_MYDESTINATION=${POSTFIX_MYDESTINATION:=}
if [ "$DOCKER_REDIRECTLOGS" = "true" ]; then
echo "[$0] DOCKER_REDIRECTLOGS was set to 'true', so setting CONFIG_LOGGINGHANDLER to 'file'"
CONFIG_LOGGINGHANDLER=file
@ -276,6 +283,32 @@ sed -i "s|'store.type' => 'phpsession',|'store.type'
sed -i "s|'core/frontpage_welcome.php'|'$WWW_INDEX'|g" /var/simplesamlphp/www/index.php
#Only configure null cient for mail if MTA_NULLCLIENT is true, else remove postfix
if [ "$MTA_NULLCLIENT" == "true" ]; then
echo "[$0] MTA_NULLCLIENT was set to true, configuring postfix..."
sed -i "s|#myhostname = host.domain.tld|myhostname = $POSTFIX_MYHOSTNAME|g" /etc/postfix/main.cf
sed -i "s|#myorigin = \$myhostname|myorigin = $POSTFIX_MYORIGIN|g" /etc/postfix/main.cf
sed -i "s|#relayhost = \$mydomain|relayhost = $POSTFIX_RELAYHOST|g" /etc/postfix/main.cf
sed -i "s|inet_interfaces = localhost|inet_interfaces = $POSTFIX_INETINTERFACES|g" /etc/postfix/main.cf
sed -i "s|mydestination = \$myhostname, localhost.\$mydomain, localhost|mydestination = $POSTFIX_MYDESTINATION|1" /etc/postfix/main.cf
if [ "$POSTFIX_MYDESTINATION" != "" ] ; then
echo "[$0] [WARN] Only null client is supported in this image. POSTFIX_MYDESTINATION must be set to an empty string but was set to '$POSTFIX_MYDESTINATION'."
echo "[$0] To avoid this warning in the future, set POSTFIX_MYDESTINATION to an empty string."
echo "[$0] Pausing 5 seconds due to above warning."
sleep 5
fi
echo "[$0] Configured null client."
elif [ "$MTA_NULLCLIENT" == "false" ]; then
echo "[$0] MTA_NULLCLIENT was set to false, removing postfix and mariadb-libs"
yum remove -y postfix mariadb-libs > /dev/null
rm -rf /etc/services.d/postfix/
else
echo "[$0] [WARN] Unsupported value for MTA_NULLCLIENT. Expecting 'true' or 'false', but was set to '$MTA_NULLCLIENT'.
echo "[$0] To avoid this warning in the future, set MTA_NULLCLIENT to a valid value. Doing nothing.
echo "[$0] Pausing 5 seconds due to above warning."
sleep 5
fi
#Check for valid phpsession configuration
if [ "$CONFIG_STORETYPE" == "phpsession" ] && [ "$CONFIG_SESSIONPHPSESSIONSAVEPATH" == "null" ]; then
echo "[$0] [WARN] CONFIG_STORETYPE was set to 'phpsession', but CONFIG_SESSIONPHPSESSIONSAVEPATH was not set from null. This will not work. Setting CONFIG_SESSIONPHPSESSIONSAVEPATH to '/var/lib/php/session/'."

8
examples/docker-compose/docker-compose.yml
View File

@ -30,6 +30,12 @@ services:
- CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => [\n [\n ['hostname' => 'some-memcacheda01'],\n ['hostname' => 'some-memcacheda02'],\n ],\n [\n ['hostname' => 'some-memcachedb01'],\n ['hostname' => 'some-memcachedb02'],\n ],
# - WWW_INDEX=core/authenticate.php?as=admin
- OPENLDAP_TLS_REQCERT=always
- MTA_NULLCLIENT=true
- POSTFIX_MYHOSTNAME=auth.example.com
- POSTFIX_MYORIGIN=$$mydomain
- POSTFIX_RELAYHOST=$$mydomain
- POSTFIX_INETINTERFACES=loopback-only
- POSTFIX_MYDESTINATION=
volumes:
# - /srv/docker/volumes/some-simplesamlphp01/cache/:/var/simplesamlphp/cache/:Z
# - /srv/docker/volumes/some-simplesamlphp01/config/authsources.php:/var/simplesamlphp/config/authsources.php:Z
@ -86,7 +92,7 @@ services:
- 80:80
- 443:443
volumes:
- /srv/docker/volumes/some-haproxy:/etc/haproxy
- /srv/docker/volumes/some-haproxy:/etc/haproxy/:Z
restart: always
cap_add:
- NET_ADMIN