summaryrefslogtreecommitdiff
path: root/apache-sp/entrypoint.sh
blob: 34589e3756ffbf66b14f8816a9083f328d9544db (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

#!/bin/sh

# NORDUnet 2017

echo "Starting $0"

# Setup ssl keys
METADATADIR=/metadata
KEYDIR=/etc/ssl
export KEYDIR METADATA
if [ ! -f "$METADATADIR/apache-sp/sp-key.pem" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then
   mkdir $METADATADIR/apache-sp > /dev/null 2>&1
   shib-keygen -o $METADATADIR/apache-sp -h $SP_HOSTNAME #2>/dev/null
fi
if [ ! -f "$KEYDIR/private/shibsp.key" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then
   cp $METADATADIR/apache-sp/sp-key.pem "$KEYDIR/private/shibsp.key"
   cp $METADATADIR/apache-sp/sp-cert.pem "$KEYDIR/certs/shibsp.crt"
fi

if [ ! -f "$METADATADIR/apache-sp/${SP_HOSTNAME}.key" -o ! -f "$METADATADIR/apache-sp/${SP_HOSTNAME}.crt" ]; then
   make-ssl-cert generate-default-snakeoil --force-overwrite
   cp /etc/ssl/private/ssl-cert-snakeoil.key "$METADATADIR/apache-sp/${SP_HOSTNAME}.key"
   cp /etc/ssl/certs/ssl-cert-snakeoil.pem "$METADATADIR/apache-sp/${SP_HOSTNAME}.crt"
fi

if [ ! -f "$KEYDIR/private/${SP_HOSTNAME}.key" -o ! -f "$KEYDIR/certs/${SP_HOSTNAME}.crt" ]; then
   cp $METADATADIR/apache-sp/${SP_HOSTNAME}.key "$KEYDIR/private/${SP_HOSTNAME}.key"
   cp $METADATADIR/apache-sp/${SP_HOSTNAME}.crt "$KEYDIR/certs/${SP_HOSTNAME}.crt"
fi

# Fetch metadata
if [ -z "$SKIP_METADATA" ]; then
  until curl http://shibboleth-docker:8080/idp/shibboleth -o /var/www/metadata.xml
  do
    sleep 5
  done
fi

chown -R www-data:www-data /var/www/
chmod -R a+r /var/www/

# Setup shibd
sed -i -e "s/__SP_HOSTNAME__/$SP_HOSTNAME/g" -e "s%__KEYDIR__%$KEYDIR%g" /etc/shibboleth/shibboleth2.xml

adduser -- _shibd ssl-cert
mkdir -p /var/log/shibboleth
mkdir -p /var/log/apache2 /var/lock/apache2


# Setup apache

sed -i -e "s/__SP_HOSTNAME__/$SP_HOSTNAME/g" -e "s%__KEYDIR__%$KEYDIR%g" /etc/apache2/sites-available/*.conf

a2enmod proxy
a2enmod proxy_http
a2ensite sp

service shibd start
rm -f /var/run/apache2/apache2.pid

env APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_DIR=/var/run/apache2 APACHE_PID_FILE=/var/run/apache2/apache2.pid APACHE_RUN_USER=www-data APACHE_RUN_GROUP=www-data APACHE_LOG_DIR=/var/log/apache2 apache2 -DFOREGROUND
generated by cgit v1.1 at 2025-07-04 15:06:09 +0000