Public | Automated Build

Last pushed: 23 days ago
Dockerfile
FROM centos:centos7 MAINTAINER Unicon, Inc. LABEL idp.java.version="8.0.172" \ idp.jetty.version="9.3.23.v20180228" \ idp.version="3.3.3" ENV JETTY_HOME=/opt/jetty-home \ JETTY_BASE=/opt/shib-jetty-base \ JETTY_MAX_HEAP=2048m \ JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=changeme \ JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=changeme \ PATH=$PATH:$JRE_HOME/bin RUN yum -y update \ && yum -y install wget tar which \ && yum -y clean all RUN set -x; \ java_version=8.0.172; \ zulu_version=8.30.0.1; \ java_hash=0a101a592a177c1c7bc63738d7bc2930; \ jetty_version=9.3.23.v20180228; \ jetty_hash=731bd5c54c4f60c9a6ceaadd1f5fd1e2feda021d; \ idp_version=3.3.3; \ idp_hash=742a772f19e11c55af8a18f16463b736230fc447cd8c4aaf4bf242c5b074087c; \ dta_hash=2f547074b06952b94c35631398f36746820a7697; \ useradd jetty -U -s /bin/false \ # Download Java, verify the hash, and install \ && cd / \ && wget http://cdn.azul.com/zulu/bin/zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \ && echo "$java_hash zulu$zulu_version-jdk$java_version-linux_x64.tar.gz" | md5sum -c - \ && tar -zxvf zulu$zulu_version-jdk$java_version-linux_x64.tar.gz -C /opt \ && rm zulu$zulu_version-jdk$java_version-linux_x64.tar.gz \ && ln -s /opt/zulu$zulu_version-jdk$java_version-linux_x64/jre/ /opt/jre-home \ # Download Jetty, verify the hash, and install, initialize a new base \ && cd / \ && wget http://central.maven.org/maven2/org/eclipse/jetty/jetty-distribution/$jetty_version/jetty-distribution-$jetty_version.tar.gz \ && echo "$jetty_hash jetty-distribution-$jetty_version.tar.gz" | sha1sum -c - \ && tar -zxvf jetty-distribution-$jetty_version.tar.gz -C /opt \ && rm jetty-distribution-$jetty_version.tar.gz \ && ln -s /opt/jetty-distribution-$jetty_version/ /opt/jetty-home \ # Config Jetty \ && cd / \ && cp /opt/jetty-home/bin/jetty.sh /etc/init.d/jetty \ && mkdir -p /opt/shib-jetty-base/modules /opt/shib-jetty-base/lib/ext /opt/shib-jetty-base/resources \ && cd /opt/shib-jetty-base \ && touch start.ini \ && /opt/jre-home/bin/java -jar ../jetty-home/start.jar --add-to-startd=http,https,deploy,ext,annotations,jstl \ # Download Shibboleth IdP, verify the hash, and install \ && cd / \ && wget https://shibboleth.net/downloads/identity-provider/$idp_version/shibboleth-identity-provider-$idp_version.tar.gz \ && echo "$idp_hash shibboleth-identity-provider-$idp_version.tar.gz" | sha256sum -c - \ && tar -zxvf shibboleth-identity-provider-$idp_version.tar.gz -C /opt \ && rm /shibboleth-identity-provider-$idp_version.tar.gz \ && ln -s /opt/shibboleth-identity-provider-$idp_version/ /opt/shibboleth-idp \ # Download the library to allow SOAP Endpoints, verify the hash, and place \ && cd / \ && wget https://build.shibboleth.net/nexus/content/repositories/releases/net/shibboleth/utilities/jetty9/jetty9-dta-ssl/1.0.0/jetty9-dta-ssl-1.0.0.jar \ && echo "$dta_hash jetty9-dta-ssl-1.0.0.jar" | sha1sum -c - \ && mv jetty9-dta-ssl-1.0.0.jar /opt/shib-jetty-base/lib/ext/ \ # Setting owner ownership and permissions on new items in this command && chown -R root:jetty /opt \ && chmod -R 640 /opt \ && chmod 750 /opt/jre-home/bin/java COPY bin/ /usr/local/bin/ COPY opt/shib-jetty-base/ /opt/shib-jetty-base/ COPY opt/shibboleth-idp/ /opt/shibboleth-idp/ # Setting owner ownership and permissions on new items from the COPY command RUN mkdir /opt/shib-jetty-base/logs \ && chown -R root:jetty /opt/shib-jetty-base \ && chmod -R 640 /opt/shib-jetty-base \ && chmod -R 750 /opt/shibboleth-idp/bin \ && chmod 750 /usr/local/bin/run-jetty.sh /usr/local/bin/init-idp.sh # Opening 4443 (browser TLS), 8443 (mutual auth TLS) EXPOSE 4443 8443 CMD ["run-jetty.sh"]