refactor(all): complete rework of the repo

Moving to a recipeless way of doing things
2023-06-09 12:17:09 +02:00
parent b13a5e892f
commit 351f693775
13 changed files with 109 additions and 123 deletions
--- a/files/alpine/sp-oidc/base/conf.d/Dockerfile
+++ b/files/alpine/sp-oidc/base/conf.d/Dockerfile
@ -1,14 +0,0 @@
-FROM reg.cadoles.com/proxy_cache/library/alpine:edge
-#FROM reg.cadoles.com/proxy_cache/library/httpd:alpine3.18
-
-# Adding testing repo
-RUN echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
-
-RUN apk update && apk add apache-mod-auth-openidc
-
-COPY conf.d/mod-auth-openidc.conf /etc/apache2/conf.d/mod-auth-openidc.conf
-COPY conf.d/default-vhost.conf /etc/apache2/conf.d/default-vhost.conf
-COPY scripts/httpd-foreground /usr/local/bin/
-
-CMD ["httpd-foreground"]
-
--- a/files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf
+++ b/files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf
@ -1,14 +0,0 @@
-LoadModule auth_openidc_module modules/mod_auth_openidc.so
-
-OIDCProviderMetadataURL ${SP_OIDC_PROVIDER_METADATA_URL} #http://portal.mse.local:8000/auth/.well-known/openid-configuration
-OIDCClientID ${SP_OIDC_CLIENT_NAME} #mse
-OIDCClientSecret ${SP_OIDC_CLIENT_SERCRET} #$mse&123456$
-OIDCProviderTokenEndpointAuth client_secret_basic
-OIDCCookieSameSite On
-OIDCSessionType client-cookie
-OIDCXForwardedHeaders X-Forwarded-Host
-# OIDCRedirectURI is a vanity URL that must point to a path protected by this module but must NOT point to any content
-OIDCRedirectURI  ${SP_OIDC_REDIRECT_URI} #http://portal.mse.local:8000/protected/redirect_uri
-OIDCCryptoPassphrase ${SP_OIDC_CRYPTO_PASSPHRASE} #$mse&123456$
-OIDCOAuthAcceptTokenAs header
-OIDCUnAutzAction 302 ${SP_OIDC_ERROR_URI} #http://portal.mse.local:8000/erreur?msg=mod_auth_fail
--- a/files/images/sp-oidc/base/Dockerfile
+++ b/files/images/sp-oidc/base/Dockerfile
@ -4,11 +4,17 @@ FROM reg.cadoles.com/proxy_cache/library/alpine:edge
 # Adding testing repo
 RUN echo "https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories

-RUN apk update && apk add apache-mod-auth-openidc
+RUN apk update && apk add apache-mod-auth-openidc apache2-ssl
+
+RUN mkdir -p /var/www/html

 COPY files/alpine/sp-oidc/base/conf.d/mod-auth-openidc.conf /etc/apache2/conf.d/mod-auth-openidc.conf
 COPY files/alpine/sp-oidc/base/conf.d/default-vhost.conf /etc/apache2/conf.d/default-vhost.conf
 COPY files/alpine/sp-oidc/base/scripts/httpd-foreground /usr/local/bin/

+RUN chmod +x /usr/local/bin/httpd-foreground
+RUN mkdir -p /var/www/html
+RUN chown apache:apache /var/www/html

-CMD ["httpd-foreground"]
+SHELL ["/bin/sh", "-c"]
+CMD ["/usr/local/bin/httpd-foreground"]
--- a/files/images/sp-oidc/base/conf.d/default-vhost.conf
+++ b/files/images/sp-oidc/base/conf.d/default-vhost.conf
--- a/files/images/sp-oidc/base/conf.d/mod-auth-openidc.conf
+++ b/files/images/sp-oidc/base/conf.d/mod-auth-openidc.conf
@ -0,0 +1,14 @@
+LoadModule auth_openidc_module modules/mod_auth_openidc.so
+
+OIDCProviderMetadataURL ${SP_OIDC_PROVIDER_METADATA_URL} 
+OIDCClientID ${SP_OIDC_CLIENT_NAME} 
+OIDCClientSecret ${SP_OIDC_CLIENT_SECRET} 
+OIDCProviderTokenEndpointAuth client_secret_basic
+OIDCCookieSameSite On
+OIDCSessionType client-cookie
+OIDCXForwardedHeaders X-Forwarded-Host
+# OIDCRedirectURI is a vanity URL that must point to a path protected by this module but must NOT point to any content
+OIDCRedirectURI  ${SP_OIDC_REDIRECT_URI} 
+OIDCCryptoPassphrase ${SP_OIDC_CRYPTO_PASSPHRASE} 
+OIDCOAuthAcceptTokenAs header
+OIDCUnAutzAction 302 ${SP_OIDC_ERROR_URI} 
--- a/files/images/sp-oidc/base/conf.d/scripts/httpd-foreground
+++ b/files/images/sp-oidc/base/conf.d/scripts/httpd-foreground
--- a/files/images/sp-oidc/base/conf.d/test_alpine-sp-oidc.sh
+++ b/files/images/sp-oidc/base/conf.d/test_alpine-sp-oidc.sh
--- a/files/images/sp-oidc/base/scripts/httpd-foreground
+++ b/files/images/sp-oidc/base/scripts/httpd-foreground
--- a/files/images/sp-shibboleth/base/Dockerfile
+++ b/files/images/sp-shibboleth/base/Dockerfile