-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile-centos
59 lines (50 loc) · 2.29 KB
/
Dockerfile-centos
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
FROM centos:7
LABEL maintainer=bensalemtaher@gmail.com
# Build Argument's
ARG MOD_AUTH_OPENIDC=https://github.com/zmartzone/mod_auth_openidc/releases/download/v2.3.8/mod_auth_openidc-2.3.8-1.el7.x86_64.rpm
ARG LIBCJOSE=https://github.com/zmartzone/mod_auth_openidc/releases/download/v2.3.0/cjose-0.5.1-1.el7.centos.x86_64.rpm
# Install Apache and needed packages
RUN yum -y --setopt=tsflags=nodocs update && \
yum -y upgrade && \
yum -y --setopt=tsflags=nodocs install epel-release httpd mod_ssl openssl libcrypto10 jansson curl hiredis hiredis-devel && \
yum clean all
# Delete unneeded modules
RUN rm -fr /etc/httpd/conf.modules.d/01-cgi.conf && \
rm -fr /etc/httpd/conf.modules.d/00-dav.conf && \
rm -fr /etc/httpd/conf.modules.d/00-lua.conf && \
rm -fr /etc/httpd/conf.modules.d/00-proxy.conf && \
rm -fr /etc/httpd/conf.modules.d/00-systemd.conf
# insatll mod_auth_openidc module
RUN curl -s -L -o cjose.rpm $LIBCJOSE && yum localinstall -y cjose.rpm && rm cjose.rpm
RUN curl -s -L -o mod_auth_openidc.rpm $MOD_AUTH_OPENIDC && yum localinstall -y mod_auth_openidc.rpm && rm mod_auth_openidc.rpm
# Generate selfsigned cert's
RUN mkdir -p /etc/httpd/ssl
RUN openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/httpd/ssl/server.key \
-out /etc/httpd/ssl/server.crt \
-subj "/C=US/ST=MA/L=Boston/O=T.Tech/OU=IT DevOps/CN=localhost"
# Copy site.
ADD app /usr/httpd/htdocs
# Update httpd config.
ADD ./conf/centos/httpd.conf /etc/httpd/conf/httpd.conf
ADD ./conf/centos/httpd-ssl.conf /etc/httpd/conf.d/ssl.conf
# Import env variables and update httpd conf with the right params
COPY env_vars .
RUN . ./env_vars && \
sed \
-e "s|OIDC_PASS_PHRASE|${OIDC_PASS_PHRASE}|g" \
-e "s|OIDC_METADATA_URL|${OIDC_METADATA_URL}|g" \
-e "s|OIDC_CLIENT_ID|${OIDC_CLIENT_ID}|g" \
-e "s|OIDC_SCOPE|${OIDC_SCOPE}|g" \
-e "s|OIDC_CLIENT_SECRET|${OIDC_CLIENT_SECRET}|g" \
-e "s|OIDC_REDIRECT_URL|${OIDC_REDIRECT_URL}|g" \
-e "s|OIDC_RESPONSE_TYPE|${OIDC_RESPONSE_TYPE}|g" \
-e "s|OIDC_PASS_CLAILS_AS|${OIDC_PASS_CLAILS_AS}|g" \
-e "s|OIDC_CLAIM_PREFIX|${OIDC_CLAIM_PREFIX}|g" \
-e "s|OIDC_PASS_ID_TOKEN_AS|${OIDC_PASS_ID_TOKEN_AS}|g" \
-i /etc/httpd/conf.d/ssl.conf && \
rm env_vars
# Expose http and https
EXPOSE 443
EXPOSE 80
CMD ["/bin/sh", "-c", "rm -rf /run/httpd/* /tmp/httpd* && apachectl -DFOREGROUND"]