From 6f4cfe32c9513dda74829217f272d98a936b62fe Mon Sep 17 00:00:00 2001
From: Jesper Brix Rosenkilde <jbr@nordu.net>
Date: Fri, 7 Jul 2017 14:58:12 +0200
Subject: Add sp

---
 apache-sp/entrypoint.sh | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 apache-sp/entrypoint.sh

(limited to 'apache-sp/entrypoint.sh')

diff --git a/apache-sp/entrypoint.sh b/apache-sp/entrypoint.sh
new file mode 100644
index 0000000..30714c4
--- /dev/null
+++ b/apache-sp/entrypoint.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Setup ssl keys
+KEYDIR=/etc/ssl
+export KEYDIR
+if [ ! -f "$KEYDIR/private/shibsp.key" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then
+   shib-keygen -o /tmp -h $SP_HOSTNAME #2>/dev/null
+   mv /tmp/sp-key.pem "$KEYDIR/private/shibsp.key"
+   mv /tmp/sp-cert.pem "$KEYDIR/certs/shibsp.crt"
+fi
+
+if [ ! -f "$KEYDIR/private/${SP_HOSTNAME}.key" -o ! -f "$KEYDIR/certs/${SP_HOSTNAME}.crt" ]; then
+   make-ssl-cert generate-default-snakeoil --force-overwrite
+   cp /etc/ssl/private/ssl-cert-snakeoil.key "$KEYDIR/private/${SP_HOSTNAME}.key"
+   cp /etc/ssl/certs/ssl-cert-snakeoil.pem "$KEYDIR/certs/${SP_HOSTNAME}.crt"
+fi
+
+
+# Setup shibd
+sed -i -e "s/__SP_HOSTNAME__/$SP_HOSTNAME/g" -e "s%__KEYDIR__%$KEYDIR%g" /etc/shibboleth/shibboleth2.xml
+
+adduser -- _shibd ssl-cert
+mkdir -p /var/log/shibboleth
+mkdir -p /var/log/apache2 /var/lock/apache2
+
+
+# Setup apache
+
+sed -i -e "s/__SP_HOSTNAME__/$SP_HOSTNAME/g" -e "s%__KEYDIR__%$KEYDIR%g" /etc/apache2/sites-available/*.conf
+
+a2enmod proxy
+a2enmod proxy_http
+a2ensite sp
+
+service shibd start
+rm -f /var/run/apache2/apache2.pid
+
+curl http://idp.nordu.dev/idp/shibboleth -o /var/www/metadata.xml
+chown www-data:www-data /var/www/metadata.xml && chmod a+r /var/www/metadata.xml
+
+env APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_DIR=/var/run/apache2 APACHE_PID_FILE=/var/run/apache2/apache2.pid APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data APACHE_LOG_DIR=/var/log/apache2 apache2 -DFOREGROUND
-- 
cgit v1.1


From cef764eca8d826b246f026861d44653aabdd3da9 Mon Sep 17 00:00:00 2001
From: Jesper Brix Rosenkilde <jbr@nordu.net>
Date: Fri, 7 Jul 2017 15:24:21 +0200
Subject: Make metadata available before shibd is started

---
 apache-sp/entrypoint.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'apache-sp/entrypoint.sh')

diff --git a/apache-sp/entrypoint.sh b/apache-sp/entrypoint.sh
index 30714c4..dc16803 100644
--- a/apache-sp/entrypoint.sh
+++ b/apache-sp/entrypoint.sh
@@ -14,6 +14,10 @@ if [ ! -f "$KEYDIR/private/${SP_HOSTNAME}.key" -o ! -f "$KEYDIR/certs/${SP_HOSTN
    cp /etc/ssl/certs/ssl-cert-snakeoil.pem "$KEYDIR/certs/${SP_HOSTNAME}.crt"
 fi
 
+# Fetch metadata
+curl http://shibboleth-docker:8080/idp/shibboleth -o /var/www/metadata.xml
+chown -R www-data:www-data /var/www/
+chmod -R a+r /var/www/
 
 # Setup shibd
 sed -i -e "s/__SP_HOSTNAME__/$SP_HOSTNAME/g" -e "s%__KEYDIR__%$KEYDIR%g" /etc/shibboleth/shibboleth2.xml
@@ -34,7 +38,4 @@ a2ensite sp
 service shibd start
 rm -f /var/run/apache2/apache2.pid
 
-curl http://idp.nordu.dev/idp/shibboleth -o /var/www/metadata.xml
-chown www-data:www-data /var/www/metadata.xml && chmod a+r /var/www/metadata.xml
-
 env APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_DIR=/var/run/apache2 APACHE_PID_FILE=/var/run/apache2/apache2.pid APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data APACHE_LOG_DIR=/var/log/apache2 apache2 -DFOREGROUND
-- 
cgit v1.1