introduced volumes for the shib & ssl certificates

bd2f05e6 · Alexander König · 4ef7cb86 · bd2f05e6 · bd2f05e6 · bd2f05e6
Commit bd2f05e6 authored 7 years ago by Alexander König
--- a/Dockerfile.nginx
+++ b/Dockerfile.nginx
@@ -89,8 +89,8 @@ RUN touch /opt/repository/sources/lindat-aai-discovery/aai.js
 RUN make aai.min.js

 # copy certificate for clarin-dev
-COPY commul-customization/certs/clarin-dev.key /etc/ssl/private/
-COPY commul-customization/certs/clarin-dev_eurac_edu.crt /etc/ssl/certs/
+# COPY commul-customization/certs/clarin-dev.key /etc/ssl/private/
+# COPY commul-customization/certs/clarin-dev_eurac_edu.crt /etc/ssl/certs/

 # if deployed on clarin instead of clarin-dev comment the two lines above and uncomment the following lines


--- a/commul-customization/default-ssl
+++ b/commul-customization/default-ssl
@@ -18,8 +18,8 @@ server {
  index index.html index.htm;

  ssl on;
-  ssl_certificate /etc/ssl/certs/clarin-dev_eurac_edu.crt;
-  ssl_certificate_key /etc/ssl/private/clarin-dev.key;
+  ssl_certificate /etc/ssl/lindat/clarin-dev_eurac_edu.crt;
+  ssl_certificate_key /etc/ssl/lindat/clarin-dev.key;

  ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers RC4:HIGH:!aNULL:!MD5;

--- a/commul-customization/shibboleth2.xml
+++ b/commul-customization/shibboleth2.xml
@@ -70,7 +70,7 @@
            <Logout>SAML2 Local</Logout>
            
            <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
-            <Handler type="MetadataGenerator" Location="/Metadata" signing="false" template="lindat.eurac.edu.template.metadata.xml"/>
+            <Handler type="MetadataGenerator" Location="/Metadata" signing="false" template="clarin.eurac.edu.template.metadata.xml"/>

            <!-- Status reporting service. -->
            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
@@ -148,7 +148,7 @@
        <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>

        <!-- Simple file-based resolver for using a single keypair. -->
-	<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
+	<CredentialResolver type="File" key="certs/sp-key.pem" certificate="certs/sp-cert.pem"/>

        <!--
        The default settings can be overridden by creating ApplicationOverride elements (see

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,6 +14,9 @@ services:
                context: .
                dockerfile: Dockerfile.nginx
             image: eurac_nginx
+             volumes:
+               - ../volumes/shib-certs:/opt/shibboleth-sp-fastcgi/etc/shibboleth/certs
+               - ../volumes/ssl-certs:/etc/ssl/lindat
             hostname: clarin-dev.eurac.edu
             restart: always
             ports: