This repository has been archived by the owner on Jun 11, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathDockerfile
65 lines (50 loc) · 2.73 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Build stage
FROM debian:buster-slim AS build
# Install dependencies
RUN apt-get update \
&& apt-get install --no-install-recommends -y gnupg2 ca-certificates wget git mercurial build-essential lsb-release devscripts fakeroot quilt libssl-dev libpcre3-dev zlib1g-dev debhelper \
&& rm -rf /var/lib/apt/lists/*
# Add Nginx repository and install
RUN wget -qO - https://nginx.org/keys/nginx_signing.key | apt-key add - \
&& echo "deb http://nginx.org/packages/debian/ buster nginx" > /etc/apt/sources.list.d/nginx.list \
&& apt-get update && apt-get install --no-install-recommends -y nginx \
&& rm -rf /var/lib/apt/lists/*
# Install pkg-oss
WORKDIR /root/
RUN mkdir -p /root/nginx-modules/deb/ \
&& wget -qO tip.tar.gz https://hg.nginx.org/pkg-oss/archive/tip.tar.gz \
&& tar -xvf tip.tar.gz && mv pkg-oss-* pkg-oss/ && rm -f tip.tar.gz
# Build Nginx modules
RUN pkg-oss/build_module.sh --skip-depends -y -o /root/nginx-modules/deb/ -n shibboleth -v `nginx -v 2>&1 | sed -n -e 's|^.*/||p' | tr -d '\n'` https://github.com/nginx-shib/nginx-http-shibboleth.git \
&& pkg-oss/build_module.sh --skip-depends -y -o /root/nginx-modules/deb/ -n headersmore -v `nginx -v 2>&1 | sed -n -e 's|^.*/||p' | tr -d '\n'` https://github.com/openresty/headers-more-nginx-module.git \
&& rm -f /root/nginx-modules/deb/*-dbg_*.deb
# Production stage
FROM debian:buster-slim
LABEL maintainer="Penn Labs"
# Install dependencies
RUN apt-get update \
&& apt-get install --no-install-recommends -y gnupg2 wget ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Add Shibboleth and Nginx repositories
RUN wget -qO - http://pkg.switch.ch/switchaai/SWITCHaai-swdistrib.asc | apt-key add - \
&& wget -qO - https://nginx.org/keys/nginx_signing.key | apt-key add - \
&& echo "deb http://pkg.switch.ch/switchaai/debian/ buster main" > /etc/apt/sources.list.d/switch-shibboleth.list \
&& echo "deb http://nginx.org/packages/debian/ buster nginx" > /etc/apt/sources.list.d/nginx.list
# Install Shibboleth, Nginx, and Supervisor
RUN apt-get update && apt-get install --no-install-recommends -y shibboleth=3.0.4+switchaai2~buster1 supervisor nginx \
&& rm -rf /var/lib/apt/lists/*
# Install Nginx modules
COPY --from=build /root/nginx-modules/deb/*.deb /tmp/
RUN dpkg -i /tmp/*.deb
# Copy config files
COPY nginx-default.conf /etc/nginx/conf.d/default.conf
COPY supervisord.conf /etc/supervisor/
COPY nginx/ /etc/nginx/
COPY shibd.logger /etc/shibboleth/
# Set up Shibboleth directories
RUN mkdir /opt/shibboleth && chown _shibd:_shibd /opt/shibboleth
RUN mkdir /run/shibboleth && chown _shibd:_shibd /run/shibboleth
# Allow Nginx to access Shibboleth sockets
RUN adduser nginx _shibd
EXPOSE 80 443
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]