Tidy, update for latest abra
This commit is contained in:
parent
c6c836d4fd
commit
ecf91f0154
|
@ -19,15 +19,15 @@ export ENTRYPOINT_CONF_VERSION=v1
|
||||||
|
|
||||||
# SAML
|
# SAML
|
||||||
|
|
||||||
#export COMPOSE="compose.yml compose.simplesaml.yml"
|
#export COMPOSE_FILE="compose.yml:compose.simplesaml.yml"
|
||||||
|
|
||||||
#export SAML_ENABLED=1
|
#export SAML_ENABLED=1
|
||||||
#export SAML_CONTACT_NAME="Sam Ell"
|
#export SAML_CONTACT_NAME="Sam Ell"
|
||||||
#export SAML_CONTACT_EMAIL="saml@example.com"
|
#export SAML_CONTACT_EMAIL="saml@example.com"
|
||||||
|
|
||||||
#export SAML_EMAIL_ATTRIBUTE=email
|
#export SAML_EMAIL_ATTRIBUTE=mail
|
||||||
#export SAML_REAL_NAME_ATTRIBUTE=realname
|
#export SAML_REAL_NAME_ATTRIBUTE=realname
|
||||||
#export SAML_AUTH_SOURCE_ID=dev-sp
|
#export SAML_AUTH_SOURCE_ID=default-sp
|
||||||
#export SAML_USERNAME_ATTRIBUTE=user
|
#export SAML_USERNAME_ATTRIBUTE=user
|
||||||
|
|
||||||
#export SAML_ADMIN_PASSWORD_VERSION=v1
|
#export SAML_ADMIN_PASSWORD_VERSION=v1
|
||||||
|
|
|
@ -172,7 +172,7 @@ wfLoadExtension( 'PluggableAuth' );
|
||||||
wfLoadExtension( 'SimpleSAMLphp' );
|
wfLoadExtension( 'SimpleSAMLphp' );
|
||||||
|
|
||||||
$wgSimpleSAMLphp_InstallDir = "/var/simplesamlphp/";
|
$wgSimpleSAMLphp_InstallDir = "/var/simplesamlphp/";
|
||||||
$wgSimpleSAMLphp_AuthSourceId = "{{ env "SAML_SERVICE_PROVIDER" }}";
|
$wgSimpleSAMLphp_AuthSourceId = "{{ env "SAML_AUTH_SOURCE_ID" }}";
|
||||||
$wgSimpleSAMLphp_RealNameAttribute = "{{ env "SAML_REAL_NAME_ATTRIBUTE" }}";
|
$wgSimpleSAMLphp_RealNameAttribute = "{{ env "SAML_REAL_NAME_ATTRIBUTE" }}";
|
||||||
$wgSimpleSAMLphp_EmailAttribute = "{{ env "SAML_EMAIL_ATTRIBUTE" }}";
|
$wgSimpleSAMLphp_EmailAttribute = "{{ env "SAML_EMAIL_ATTRIBUTE" }}";
|
||||||
$wgSimpleSAMLphp_UsernameAttribute = "{{ env "SAML_USERNAME_ATTRIBUTE" }}";
|
$wgSimpleSAMLphp_UsernameAttribute = "{{ env "SAML_USERNAME_ATTRIBUTE" }}";
|
||||||
|
|
10
README.md
10
README.md
|
@ -16,7 +16,7 @@ Based on [`mediawiki-ve-bundle`][mediawiki-ve].
|
||||||
```
|
```
|
||||||
abra secret_generate db_password v1
|
abra secret_generate db_password v1
|
||||||
abra secret_generate db_root_password v1
|
abra secret_generate db_root_password v1
|
||||||
abra secret_generate mediawiki_secret_key "pwgen -n 64 1"
|
abra secret_generate mediawiki_secret_key v1 "pwgen -n 64 1"
|
||||||
```
|
```
|
||||||
6. `abra deploy`
|
6. `abra deploy`
|
||||||
7. `abra run mediawiki /bin/bash` to open a shell
|
7. `abra run mediawiki /bin/bash` to open a shell
|
||||||
|
@ -37,20 +37,20 @@ system. Patches to make this configurable are welcome!
|
||||||
3. Generate secrets:
|
3. Generate secrets:
|
||||||
```
|
```
|
||||||
abra secret_generate saml_admin_password v1
|
abra secret_generate saml_admin_password v1
|
||||||
abra secret_generate saml_secret_key v1 "pwgen -n 64 1"
|
abra secret_generate saml_secret_salt v1 "pwgen -n 64 1"
|
||||||
```
|
```
|
||||||
4. `abra deploy`
|
4. `abra deploy`
|
||||||
5. Copy your SimpleSAMLphp metadata and certificates to the container (assuming
|
5. Copy your SimpleSAMLphp metadata and certificates to the container (assuming
|
||||||
you have local `metadata` and `cert` folders:
|
you have local `metadata` and `cert` folders:
|
||||||
```
|
```
|
||||||
abra cp metadata simplesamlphp:/var/simplesamlphp/
|
abra cp metadata simplesaml:/var/simplesamlphp/
|
||||||
abra cp cert simplesamlphp:/var/simplesamlphp/
|
abra cp cert simplesaml:/var/simplesamlphp/
|
||||||
```
|
```
|
||||||
6. You can log into SimpleSAMLphp using the password you generated at
|
6. You can log into SimpleSAMLphp using the password you generated at
|
||||||
https://$DOMAIN/simplesaml/ and test authentication
|
https://$DOMAIN/simplesaml/ and test authentication
|
||||||
7. Edit SimpleSAMLphp's `config.php` and change `store.sql.dsn`:
|
7. Edit SimpleSAMLphp's `config.php` and change `store.sql.dsn`:
|
||||||
```
|
```
|
||||||
abra run simplesamlphp vim
|
abra run simplesaml vi /var/simplesamlphp/config/config.php
|
||||||
# find 'store.sql.dsn' and edit to:
|
# find 'store.sql.dsn' and edit to:
|
||||||
# 'sqlite:/var/simplesamlphp/data/simplesamlphp.sq3'
|
# 'sqlite:/var/simplesamlphp/data/simplesamlphp.sq3'
|
||||||
```
|
```
|
||||||
|
|
|
@ -7,11 +7,11 @@ services:
|
||||||
- 'simplesaml:/var/simplesamlphp/'
|
- 'simplesaml:/var/simplesamlphp/'
|
||||||
- 'simplesaml_log:/var/simplesamlphp/log'
|
- 'simplesaml_log:/var/simplesamlphp/log'
|
||||||
environment:
|
environment:
|
||||||
- SAML_AUTH_SOURCE_ID=${SAML_AUTH_SOURCE_ID}
|
- SAML_AUTH_SOURCE_ID
|
||||||
- SAML_EMAIL_ATTRIBUTE=${SAML_EMAIL_ATTRIBUTE}
|
- SAML_EMAIL_ATTRIBUTE
|
||||||
- SAML_REAL_NAME_ATTRIBUTE=${SAML_REAL_NAME_ATTRIBUTE}
|
- SAML_REAL_NAME_ATTRIBUTE
|
||||||
- SAML_SERVICE_PROVIDER=${SAML_SERVICE_PROVIDER}
|
- SAML_SERVICE_PROVIDER
|
||||||
- SAML_USERNAME_ATTRIBUTE=${SAML_USERNAME_ATTRIBUTE}
|
- SAML_USERNAME_ATTRIBUTE
|
||||||
|
|
||||||
simplesaml:
|
simplesaml:
|
||||||
image: venatorfox/simplesamlphp:latest
|
image: venatorfox/simplesamlphp:latest
|
||||||
|
@ -19,12 +19,12 @@ services:
|
||||||
- saml_admin_password
|
- saml_admin_password
|
||||||
- saml_secret_salt
|
- saml_secret_salt
|
||||||
environment:
|
environment:
|
||||||
- DOMAIN=${DOMAIN}
|
- DOMAIN
|
||||||
- CONFIG_BASEURLPATH=https://${DOMAIN}/simplesaml/
|
- CONFIG_BASEURLPATH=https://${DOMAIN}/simplesaml/
|
||||||
- CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password
|
- CONFIG_AUTHADMINPASSWORD_FILE=/run/secrets/saml_admin_password
|
||||||
- CONFIG_SECRETSALT_FILE=/run/secrets/saml_secret_salt
|
- CONFIG_SECRETSALT_FILE=/run/secrets/saml_secret_salt
|
||||||
- CONFIG_TECHNICALCONTACT_NAME=${SAML_CONTACT_NAME}
|
- CONFIG_TECHNICALCONTACT_NAME
|
||||||
- CONFIG_TECHNICALCONTACT_EMAIL=${SAML_CONTACT_EMAIL}
|
- CONFIG_TECHNICALCONTACT_EMAIL
|
||||||
- CONFIG_SHOWERRORS=true
|
- CONFIG_SHOWERRORS=true
|
||||||
- CONFIG_ERRORREPORTING=true
|
- CONFIG_ERRORREPORTING=true
|
||||||
- CONFIG_ADMINPROTECTINDEXPAGE=true
|
- CONFIG_ADMINPROTECTINDEXPAGE=true
|
||||||
|
|
14
compose.yml
14
compose.yml
|
@ -26,13 +26,13 @@ services:
|
||||||
mediawiki:
|
mediawiki:
|
||||||
image: 'revianlabs/mediawiki-ve-bundle'
|
image: 'revianlabs/mediawiki-ve-bundle'
|
||||||
environment:
|
environment:
|
||||||
- DOMAIN=${DOMAIN}
|
- DOMAIN
|
||||||
- STACK_NAME=${STACK_NAME}
|
- STACK_NAME
|
||||||
- MEDIAWIKI_EMAIL_CONTACT=${MEDIAWIKI_EMAIL_CONTACT}
|
- MEDIAWIKI_EMAIL_CONTACT
|
||||||
- MEDIAWIKI_EMAIL_FROM=${MEDIAWIKI_EMAIL_FROM}
|
- MEDIAWIKI_EMAIL_FROM
|
||||||
- MEDIAWIKI_SITENAME=${MEDIAWIKI_SITENAME}
|
- MEDIAWIKI_SITENAME
|
||||||
- MEDIAWIKI_SITENAMESPACE=${MEDIAWIKI_SITENAMESPACE}
|
- MEDIAWIKI_SITENAMESPACE
|
||||||
- SAML_ENABLED=${SAML_ENABLED}
|
- SAML_ENABLED
|
||||||
volumes:
|
volumes:
|
||||||
- 'mediawiki_images:/var/www/html/images'
|
- 'mediawiki_images:/var/www/html/images'
|
||||||
- 'parsoid:/usr/lib/parsoid'
|
- 'parsoid:/usr/lib/parsoid'
|
||||||
|
|
Reference in New Issue