initial commit

a59667d3 · Pavel Břoušek · a59667d3 · a59667d3 · a59667d3
Commit a59667d3 authored 1 year ago by Pavel Břoušek
--- a/conformance_idp.conf
+++ b/conformance_idp.conf
+server {
+    listen 80;
+    http2 on;
+    location ^~ /simplesaml/ {
+        alias /var/simplesamlphp/public/;
+        include                 fastcgi_params;
+        fastcgi_split_path_info ^(.+?\.php)(/.+)$;
+        fastcgi_index           index.php;
+        fastcgi_param           SCRIPT_FILENAME $document_root$phpfile;
+        fastcgi_param           SCRIPT_NAME $prefix$phpfile;
+        fastcgi_param           PATH_INFO $fastcgi_path_info;
+        fastcgi_param           HTTP_PROXY "";
+        fastcgi_param           SIMPLESAMLPHP_CONFIG_DIR "/var/simplesamlphp/config";
+        fastcgi_param           REMOTE_ADDR $remote_addr;
+        location ~ ^(?<prefix>/simplesaml/)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
+            fastcgi_pass            conformance_idp:9000;
+        }
+    }
+}
--- a/conformance_idp/Dockerfile
+++ b/conformance_idp/Dockerfile
+ARG PHP_VERSION="8.3"
+ARG COMPOSER_VERSION="2"
+ARG SSP_VERSION="2.1.3"
+FROM mlocati/php-extension-installer AS extension_installer
+FROM composer/composer:${COMPOSER_VERSION} as composer
+FROM php:${PHP_VERSION}${PHP_VERSION:+-}fpm AS base
+ARG DEBIAN_FRONTEND=noninteractive
+# use production php.ini
+RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
+# install PHP extensions and their dependencies
+COPY --from=extension_installer /usr/bin/install-php-extensions /usr/bin/
+RUN install-php-extensions gmp intl pdo_mysql zip
+FROM base AS ssp_builder
+ARG SSP_VERSION
+ARG DEBIAN_FRONTEND=noninteractive
+ARG COMPOSER_ALLOW_SUPERUSER=1
+# add composer
+COPY --from=composer /usr/bin/composer /usr/bin/composer
+RUN apt update -y \
+    && apt install -y --no-install-recommends git wget zip
+# install SimpleSAMLphp
+RUN cd /var \
+    # TODO: git clone your module here etc., adapt as needed
+    && wget https://github.com/simplesamlphp/simplesamlphp/releases/download/v${SSP_VERSION}/simplesamlphp-${SSP_VERSION}.tar.gz -O simplesamlphp.tar.gz \
+    && tar -xzf simplesamlphp.tar.gz \
+    && mv simplesamlphp-${SSP_VERSION} simplesamlphp \
+    && cd simplesamlphp \
+    && /usr/bin/composer install --no-interaction --no-dev --no-progress \
+    && cp config/config.php.dist config/config.php \
+    && cp config/authsources.php.dist config/authsources.php \
+    && cp metadata/saml20-idp-hosted.php.dist metadata/saml20-idp-hosted.php \
+    && cp metadata/saml20-idp-remote.php.dist metadata/saml20-idp-remote.php \
+    && cp metadata/saml20-sp-remote.php.dist metadata/saml20-sp-remote.php \
+    && mkdir -p /tmp/cache/simplesamlphp
+# install conformance module
+RUN cd /var/simplesamlphp \
+    && composer config minimum-stability dev \
+    && composer config repositories.0 git https://github.com/cicnavi/simplesamlphp-module-conformance.git \
+    && composer require --no-progress cicnavi/simplesamlphp-module-conformance:dev-wip
+# modify config
+RUN sed -i "s/'session.cookie.secure' => true,/'session.cookie.secure' => false,/g" /var/simplesamlphp/config/config.php \
+    && sed -i "s/'cachedir' => '\/var\/cache\/simplesamlphp',/'cachedir' => '\/tmp\/cache\/simplesamlphp',/g" /var/simplesamlphp/config/config.php \
+    && sed -i "s/'auth.adminpassword' => '123',/'auth.adminpassword' => 'admin',/g" /var/simplesamlphp/config/config.php
+# finalize
+FROM base
+COPY --from=ssp_builder /var/simplesamlphp/ /var/simplesamlphp/
+EXPOSE 9000
+WORKDIR /var/simplesamlphp
--- a/docker-compose.yml
+++ b/docker-compose.yml
+version: '3'
+services:
+  mariadb:
+    image: bitnami/mariadb:11.2
+    container_name: mariadb
+    restart: always
+    environment:
+      - ALLOW_EMPTY_PASSWORD=yes
+      - MARIADB_SKIP_TEST_DB=yes
+  conformance_idp:
+    build: ./conformance_idp/.
+    container_name: conformance_idp
+    restart: always
+    depends_on:
+      - mariadb
+    volumes:
+      # TODO: - /path/to/config:/var/simplesamlphp/config:ro
+      # TODO: - /path/to/metadata:/var/simplesamlphp/metadata:ro
+      - public:/var/simplesamlphp/public
+  reverseproxy:
+    image: bitnami/nginx:1.25
+    container_name: reverseproxy
+    restart: always
+    depends_on:
+      - conformance_idp
+    volumes:
+      - ./conformance_idp.conf:/opt/bitnami/nginx/conf/server_blocks/conformance_idp.conf:ro
+      - public:/var/simplesamlphp/public:ro
+    ports:
+      - "80:80"
+      # TODO: - "443:443"
+    environment:
+      - NGINX_ENABLE_ABSOLUTE_REDIRECT=yes
+volumes:
+  public: