-
Notifications
You must be signed in to change notification settings - Fork 2
casestudy
Ondrej Kosarko edited this page May 28, 2024
·
1 revision
- create .env
SHIB_HOSTNAME=jm NGINX_TOMCAT=dev-5.pc:85 NGINX_NODE=dev-5.pc:85 NGINX_SERVER_NAMES="jm localhost" NGINX_RESOLVERS="1.1.1.1 8.8.8.8" NGINX_MAX_BODY_SIZE=10G - in ./nginx/ssl
(on win, you can use
openssl dhparam -out dhparam.pem 4096 openssl genrsa -out /out/serverkey.pem 2048 openssl req -new -x509 -key /out/serverkey.pem -out /out/servercert.pem -days 365 cp ./servercert.pem ./nginx_chain_cert.pemdocker run -it --rm -v %cd%:/out nginx /bin/bash -c "CMD") - in ./
mkdir -p ./shibboleth/overrides/etc/shibboleth/ curl https://www.eduid.cz/docs/metadata2021.eduid.cz.crt.pem -o ./shibboleth/overrides/etc/shibboleth/metadata2021.eduid.cz.crt.pem - in ./
docker compose up - open https://jm/Shibboleth.sso/DiscoFeed
- optionally, you can inspect logs, unless you changed the default contents or created
proxied-idp.xml, there will be errors/warnings in the logdocker exec -it dockerized-nginx-with-shibboleth-shibboleth-1 /bin/bash -c "tail /opt/shibboleth-sp/var/log/shibboleth/shibd_warn.log -f"
Update docker-compose.yml
diff --git a/docker-compose.yml b/docker-compose.yml
index ea2239d..6066460 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,7 @@ services:
# generate /ssl/dhparam.pem with openssl dhparam -out dhparam.pem 4096
- ./nginx/locations:/etc/nginx/locations
- ./nginx/ssl:/ssl
+ - ./nginx/conf/templates:/etc/nginx/templates
environment:
- NGINX_ENVSUBST_FILTER=NGINX_
- NGINX_SHIBAUTHORIZER=${NGINX_SHIBAUTHORIZER:-shibboleth:12344}