samwightt/mediawiki
0
0
Fork 0
forked from coop-cloud/mediawiki
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Working SimpleSAML

Browse Source
This commit is contained in:
3wc 2020-09-13 14:57:12 +02:00
parent 36feb5062d
commit 40007e53b3
3 changed files with 62 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.envrc.sample
View File

@ -8,9 +8,15 @@ export MEDIAWIKI_SITENAMESPACE="Example_Wiki"
export MEDIAWIKI_EMAIL_CONTACT="info@wiki.example.com" export MEDIAWIKI_EMAIL_CONTACT="info@wiki.example.com"
export MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com" export MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com"
export SAML_CONTACT_NAME="Sam Ell"
export SAML_CONTACT_EMAIL="saml@example.com"
export DB_ROOT_PASSWORD_VERSION=v1 export DB_ROOT_PASSWORD_VERSION=v1
export DB_PASSWORD_VERSION=v1 export DB_PASSWORD_VERSION=v1
export MEDIAWIKI_SECRET_KEY_VERSION=v1 export MEDIAWIKI_SECRET_KEY_VERSION=v1
export SAML_ADMIN_PASSWORD_VERSION=v1
export LOCAL_SETTINGS_CONF_VERSION=v1 export LOCAL_SETTINGS_CONF_VERSION=v1
export HTACCESS_CONF_VERSION=v1 export HTACCESS_CONF_VERSION=v1
export ENTRYPOINT_CONF_VERSION=v1 export ENTRYPOINT_CONF_VERSION=v1
export SAML_ENTRYPOINT_CONF_VERSION=v1

36
compose.yml
View File

@ -61,14 +61,17 @@ services:
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
entrypoint: /docker-entrypoint2.sh entrypoint: /docker-entrypoint2.sh
simplesamlphp:
simplesaml:
image: venatorfox/simplesamlphp:latest image: venatorfox/simplesamlphp:latest
secrets:
- saml_admin_password
environment: environment:
- CONFIG_BASEURLPATH=${DOMAIN}/simplesamlphp - CONFIG_BASEURLPATH=https://${DOMAIN}/simplesaml/
- CONFIG_AUTHADMINPASSWORD={SSHA256}MjJSiMlkQLa+fqI+CmQ1x1oUJ7OGucYpznKxBBHpgfC+Oh+7B9vgGw== - CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password
- CONFIG_SECRETSALT=exampleabcdefghijklmnopqrstuvwxy - CONFIG_SECRETSALT=exampleabcdefghijklmnopqrstuvwxy
- CONFIG_TECHNICALCONTACT_NAME=Adam W Zheng - CONFIG_TECHNICALCONTACT_NAME=${SAML_CONTACT_NAME}
- CONFIG_TECHNICALCONTACT_EMAIL=helo@autonomic.zone - CONFIG_TECHNICALCONTACT_EMAIL=${SAML_CONTACT_EMAIL}
- CONFIG_SHOWERRORS=true - CONFIG_SHOWERRORS=true
- CONFIG_ERRORREPORTING=true - CONFIG_ERRORREPORTING=true
- CONFIG_ADMINPROTECTINDEXPAGE=true - CONFIG_ADMINPROTECTINDEXPAGE=true
@ -78,15 +81,29 @@ services:
#- CONFIG_MEMCACHESTOREPREFIX=simplesamlphp #- CONFIG_MEMCACHESTOREPREFIX=simplesamlphp
#- CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => [\n [\n ['hostname' => 'some-memcacheda01'],\n ['hostname' => 'some-memcacheda02'],\n ],\n [\n ['hostname' => 'some-memcachedb01'],\n ['hostname' => 'some-memcachedb02'],\n ], #- CONFIG_MEMCACHESTORESERVERS= 'memcache_store.servers' => [\n [\n ['hostname' => 'some-memcacheda01'],\n ['hostname' => 'some-memcacheda02'],\n ],\n [\n ['hostname' => 'some-memcachedb01'],\n ['hostname' => 'some-memcachedb02'],\n ],
- OPENLDAP_TLS_REQCERT=allow - OPENLDAP_TLS_REQCERT=allow
- MTA_NULLCLIENT=false - MTA_NULLCLIENT=true
- POSTFIX_MYHOSTNAME=${DOMAIN} - POSTFIX_MYHOSTNAME=${DOMAIN}
- POSTFIX_MYORIGIN=$$mydomain - POSTFIX_MYORIGIN=$$mydomain
- POSTFIX_INETINTERFACES=loopback-only - POSTFIX_INETINTERFACES=loopback-only
- DOCKER_REDIRECTLOGS=true - DOCKER_REDIRECTLOGS=true
tty: true
configs:
- source: entrypoint_saml_conf
target: /docker-entrypoint.simplesaml.sh
mode: 0555
volumes: volumes:
- simplesaml:/var/simplesamlphp/ - simplesaml:/var/simplesamlphp/
networks: networks:
- internal - internal
- proxy
entrypoint: /docker-entrypoint.simplesaml.sh
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.services.${STACK_NAME}_simplesaml.loadbalancer.server.port=80"
- "traefik.http.routers.${STACK_NAME}_simplesaml.rule=(Host(`${DOMAIN}`) && PathPrefix(`/simplesaml`))"
- "traefik.http.routers.${STACK_NAME}_simplesaml.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}_simplesaml.tls.certresolver=${LETS_ENCRYPT_ENV}"
volumes: volumes:
mariadb: mariadb:
@ -109,6 +126,9 @@ secrets:
mediawiki_secret_key: mediawiki_secret_key:
name: ${STACK_NAME}_mediawiki_secret_key_${MEDIAWIKI_SECRET_KEY_VERSION} name: ${STACK_NAME}_mediawiki_secret_key_${MEDIAWIKI_SECRET_KEY_VERSION}
external: true external: true
saml_admin_password:
name: ${STACK_NAME}_saml_admin_password_${MEDIAWIKI_SECRET_KEY_VERSION}
external: true
configs: configs:
LocalSettings_conf: LocalSettings_conf:
@ -123,3 +143,7 @@ configs:
name: ${STACK_NAME}_entrypoint2_${ENTRYPOINT_CONF_VERSION} name: ${STACK_NAME}_entrypoint2_${ENTRYPOINT_CONF_VERSION}
file: entrypoint.sh.tmpl file: entrypoint.sh.tmpl
template_driver: golang template_driver: golang
entrypoint_saml_conf:
name: ${STACK_NAME}_entrypoint_saml_${ENTRYPOINT_CONF_VERSION}
file: entrypoint.simplesaml.sh.tmpl
template_driver: golang

26
entrypoint.simplesaml.sh.tmpl Normal file
View File

@ -0,0 +1,26 @@
#!/usr/bin/env bash
set -e
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
file_env "CONFIG_AUTHADMINPASSWORD"
/init "$@"