FIX simplesamlphp sp can't bind to port 80 in kube

Only happened when I tried to deploy on kubernetes. Might be because we're running as www-data and not root, so it doesn't have permission. This wasn't an issue with docker compose because local docker apparently treats all ports as unprivileged. Changed the sp port to 8080, this is mainly apache configuration and adjusting traefik.
ubc · Jul 17, 2024 · 520d974 · 520d974
1 parent 6c0bb1b
commit 520d974
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 2 deletions.
diff --git a/LocalSettings.php b/LocalSettings.php
@@ -640,6 +640,7 @@ function loadenv($envName, $default = "") {
             'realNameAttribute' => 'urn:oid:2.16.840.1.113730.3.1.241',
             # mail attribute, email address
             'emailAttribute' => 'urn:oid:0.9.2342.19200300.100.1.3',
+            # UBCAuth required attributes:
             # eduPersonAffiliation, an array of (staff, student, faculty, etc)
             'eduPersonAffiliationAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
             # non-standard attributes, uncertain OIDs

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -54,7 +54,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.sp.rule=PathPrefix(`/_saml2`)"
       - "traefik.http.routers.sp.entrypoints=wiki"
-      - "traefik.http.services.sp.loadBalancer.server.port=80"
+      - "traefik.http.services.sp.loadBalancer.server.port=8080"
   web: &app
     #image: ubcctlt/mediawiki
     build: .

diff --git a/docker/simplesamlphp/sp/Dockerfile.sp b/docker/simplesamlphp/sp/Dockerfile.sp
@@ -33,10 +33,13 @@ RUN composer install && \
 COPY config/ config/
 
 COPY apache.conf /etc/apache2/sites-available/000-default.conf
+COPY ports.conf /etc/apache2/ports.conf
 
 # copy our custom entrypoint
 COPY custom-entrypoint /usr/local/bin/
 
+EXPOSE 8080
+
 # The wiki extension expects the simplesamlphp SP to be installed on the same
 # server and will import modules from the running SP. But we want the SP to run
 # in its own container. The only way the wiki container will be able to access

diff --git a/docker/simplesamlphp/sp/apache.conf b/docker/simplesamlphp/sp/apache.conf
@@ -1,4 +1,4 @@
-<VirtualHost *:80>
+<VirtualHost *:8080>
 	# The ServerName directive sets the request scheme, hostname and port that
 	# the server uses to identify itself. This is used when creating
 	# redirection URLs. In the context of virtual hosts, the ServerName

diff --git a/docker/simplesamlphp/sp/ports.conf b/docker/simplesamlphp/sp/ports.conf
@@ -0,0 +1,15 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 8080
+
+<IfModule ssl_module>
+	Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+	Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet