coop-cloud-chaos-patchs
/
docker-simplesamlphp
mirror of https://github.com/3-w-c/docker-simplesamlphp.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docker-simplesamlphp/examples/README.md

3.9 KiB
Raw Blame History

Pulls on Docker Hub Stars on Docker Hub GitHub Open Issues License: MIT

Examples

This directory contains some example files in order to run the venatorfox/simplesamlphp in a more complex manner. (ie. with SSL termination, HAProxy, etc...) These examples assume this is installed in a non-orchestrated manner on a host.

The following examples are provided here:

  • Super basic with all the default options
  • HAProxy SSL Termination, Let's Encrypt CA, and common configurations via docker-compose
  • HAProxy SSL Termination, Let's Encrypt CA, and common configurations via systemd

Super basic with all the default options

1 liner, just to see how SimpleSAMLphp looks.

Start a venatorfox/simplesamlphp instance, expose port 80.

$ docker run --name some-simplesamlphp -p80:80 venatorfox/simplesamlphp:latest

Visit the site at http://localhost, default unconfigured username is "admin" and password is "123".

HAProxy SSL Termination, and common configurations via docker-compose

This is recommended for testing. Compose is not recommended for production.

This example will run HAProxy with snakeoil SSL termination for https://localhost. It will also bring up 4 memcached containers, 2 pairs of 2, for session. This is useful for running multiple SimpleSAMLphp instances for session sharing.

You will need the haproxy.cfg and docker-compose.yml files from the examples directory.

Since SimpleSAMLphp will not care about the webroot, an entry to the hosts file can be added to whatever for testing. HAProxy will handle SSL. Be sure to adjust the HOST environment variable below for whatever localhost self-signed certificate desired. Of course in production use a real CA, like LetsEncrypt.

This will be more in line with what would be seen in a production environment. (minus the demo 123 password, salt, etc) Note the choices of volume mounts of what to keep ephemeral, and what to keep persistant. The more volumes, the more manual labor will need to happen when upgrades occur. Check SimpleSAMLphp's upgrade notes to see if updates occured in a specified directory.

Note that running this compose file will create files in /srv/docker/volumes/ on your host. You can remove this after toying with the example.

Run the following two commands to generate a self-signed SSL certificate:

mkdir -p /srv/docker/volumes/some-haproxy/ssl
docker run --rm -v /srv/docker/volumes/some-haproxy/ssl:/ssl -e HOST=localhost -e TYPE=pem project42/selfsignedcert

Save the haproxy.cfg to /srv/docker/volumes/some-haproxy/haproxy.cfg

Compose version in this example is v3.5
Run docker-compose -f docker-compose.yml up to bring the stack up with your variables. After install, visit https://localhost.
Use docker-compose -f docker-compose.yml down to destroy all containers.

HAProxy SSL Termination, Let's Encrypt CA, and common configurations via systemd

This is recommended for production for non-orchestrated installs. These unit files will start containers utilizing, memcached, haproxy, and simplesaml

//TODO