#!/bin/sh # NORDUnet 2017 echo "Starting $0" # Setup ssl keys METADATADIR=/metadata KEYDIR=/etc/ssl export KEYDIR METADATA if [ ! -f "$METADATADIR/apache-sp/sp-key.pem" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then mkdir $METADATADIR/apache-sp > /dev/null 2>&1 shib-keygen -o $METADATADIR/apache-sp -h $SP_HOSTNAME #2>/dev/null fi if [ ! -f "$KEYDIR/private/shibsp.key" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then cp $METADATADIR/apache-sp/sp-key.pem "$KEYDIR/private/shibsp.key" cp $METADATADIR/apache-sp/sp-cert.pem "$KEYDIR/certs/shibsp.crt" fi if [ ! -f "$METADATADIR/apache-sp/${SP_HOSTNAME}.key" -o ! -f "$METADATADIR/apache-sp/${SP_HOSTNAME}.crt" ]; then make-ssl-cert generate-default-snakeoil --force-overwrite cp /etc/ssl/private/ssl-cert-snakeoil.key "$METADATADIR/apache-sp/${SP_HOSTNAME}.key" cp /etc/ssl/certs/ssl-cert-snakeoil.pem "$METADATADIR/apache-sp/${SP_HOSTNAME}.crt" fi if [ ! -f "$KEYDIR/private/${SP_HOSTNAME}.key" -o ! -f "$KEYDIR/certs/${SP_HOSTNAME}.crt" ]; then cp $METADATADIR/apache-sp/${SP_HOSTNAME}.key "$KEYDIR/private/${SP_HOSTNAME}.key" cp $METADATADIR/apache-sp/${SP_HOSTNAME}.crt "$KEYDIR/certs/${SP_HOSTNAME}.crt" fi # Fetch metadata if [ -z "$SKIP_METADATA" ]; then until curl http://shibboleth-docker:8080/idp/shibboleth -o /var/www/metadata.xml do sleep 5 done fi chown -R www-data:www-data /var/www/ chmod -R a+r /var/www/ # Setup shibd sed -i -e "s/__SP_HOSTNAME__/$SP_HOSTNAME/g" -e "s%__KEYDIR__%$KEYDIR%g" /etc/shibboleth/shibboleth2.xml adduser -- _shibd ssl-cert mkdir -p /var/log/shibboleth mkdir -p /var/log/apache2 /var/lock/apache2 # Setup apache sed -i -e "s/__SP_HOSTNAME__/$SP_HOSTNAME/g" -e "s%__KEYDIR__%$KEYDIR%g" /etc/apache2/sites-available/*.conf a2enmod proxy a2enmod proxy_http a2ensite sp service shibd start rm -f /var/run/apache2/apache2.pid env APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_DIR=/var/run/apache2 APACHE_PID_FILE=/var/run/apache2/apache2.pid APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data APACHE_LOG_DIR=/var/log/apache2 apache2 -DFOREGROUND