From bd2f05e6a18d026d9485e8fa80ae14caed03113d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexander=20K=C3=B6nig?= <Alexander.Koenig@eurac.edu>
Date: Tue, 10 Oct 2017 17:22:36 +0200
Subject: [PATCH] introduced volumes for the shib & ssl certificates

---
 Dockerfile.nginx                     | 4 ++--
 commul-customization/default-ssl     | 4 ++--
 commul-customization/shibboleth2.xml | 4 ++--
 docker-compose.yml                   | 3 +++
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/Dockerfile.nginx b/Dockerfile.nginx
index 2692658..19c4b83 100644
--- a/Dockerfile.nginx
+++ b/Dockerfile.nginx
@@ -89,8 +89,8 @@ RUN touch /opt/repository/sources/lindat-aai-discovery/aai.js
 RUN make aai.min.js
 
 # copy certificate for clarin-dev
-COPY commul-customization/certs/clarin-dev.key /etc/ssl/private/
-COPY commul-customization/certs/clarin-dev_eurac_edu.crt /etc/ssl/certs/
+# COPY commul-customization/certs/clarin-dev.key /etc/ssl/private/
+# COPY commul-customization/certs/clarin-dev_eurac_edu.crt /etc/ssl/certs/
 
 # if deployed on clarin instead of clarin-dev comment the two lines above and uncomment the following lines
 
diff --git a/commul-customization/default-ssl b/commul-customization/default-ssl
index c9cb0ff..44c8c47 100644
--- a/commul-customization/default-ssl
+++ b/commul-customization/default-ssl
@@ -18,8 +18,8 @@ server {
   index index.html index.htm;
 
   ssl on;
-  ssl_certificate /etc/ssl/certs/clarin-dev_eurac_edu.crt;
-  ssl_certificate_key /etc/ssl/private/clarin-dev.key;
+  ssl_certificate /etc/ssl/lindat/clarin-dev_eurac_edu.crt;
+  ssl_certificate_key /etc/ssl/lindat/clarin-dev.key;
 
   ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers RC4:HIGH:!aNULL:!MD5;
diff --git a/commul-customization/shibboleth2.xml b/commul-customization/shibboleth2.xml
index d5721b9..80f9780 100644
--- a/commul-customization/shibboleth2.xml
+++ b/commul-customization/shibboleth2.xml
@@ -70,7 +70,7 @@
             <Logout>SAML2 Local</Logout>
             
             <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
-            <Handler type="MetadataGenerator" Location="/Metadata" signing="false" template="lindat.eurac.edu.template.metadata.xml"/>
+            <Handler type="MetadataGenerator" Location="/Metadata" signing="false" template="clarin.eurac.edu.template.metadata.xml"/>
 
             <!-- Status reporting service. -->
             <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
@@ -148,7 +148,7 @@
         <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
 
         <!-- Simple file-based resolver for using a single keypair. -->
-	<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
+	<CredentialResolver type="File" key="certs/sp-key.pem" certificate="certs/sp-cert.pem"/>
 
         <!--
         The default settings can be overridden by creating ApplicationOverride elements (see
diff --git a/docker-compose.yml b/docker-compose.yml
index 44d4642..c9caac2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,6 +14,9 @@ services:
                 context: .
                 dockerfile: Dockerfile.nginx
              image: eurac_nginx
+             volumes:
+               - ../volumes/shib-certs:/opt/shibboleth-sp-fastcgi/etc/shibboleth/certs
+               - ../volumes/ssl-certs:/etc/ssl/lindat
              hostname: clarin-dev.eurac.edu
              restart: always
              ports:
-- 
GitLab