Commit 2cf87aa1 authored by Ľuboslav Pivarč's avatar Ľuboslav Pivarč
Browse files

init

parent f1162917
FROM ubuntu:18.04
LABEL maintainer="456130@mail.muni.cz"
# apache2 and mellon module installation
RUN apt-get update &&\
apt-get install -y apache2 &&\
apt-get install -y libapache2-mod-auth-mellon &&\
apt-get clean
RUN ln -sf /proc/self/fd/1 /var/log/apache2/access.log && \
ln -sf /proc/self/fd/2 /var/log/apache2/error.log
COPY ./proxy.conf /etc/apache2/sites-available/proxy.conf
COPY ./http_cbiood.edirex.ics.muni.cz_mellon.key \
./http_cbiood.edirex.ics.muni.cz_mellon.cert \
/etc/apache2/mellon/
COPY mellon.conf mellon.conf
COPY start.sh start.sh
COPY idp-metadata.xml idp-metadata.xml
COPY http_cbiood.edirex.ics.muni.cz_mellon.xml /sp-metadata.xml
RUN rm -rf /etc/apache2/sites-enabled/*
RUN a2enmod proxy && \
a2enmod proxy_http && \
a2enmod rewrite && \
a2enmod ssl && \
a2enmod headers && \
a2ensite proxy.conf && \
mkdir /etc/apache2/ssl &&\
mkdir /etc/apache2/sites-enabled/routes
ENV TZ=Europe/Prague
RUN chmod +x start.sh
EXPOSE 80
#Flask
RUN apt-get install -y python3 && \
apt-get install -y python3-pip && \
pip3 install Flask
ENV LC_ALL=C.UTF-8 \
LANG=C.UTF-8 \
FLASK_APP=/secure-routing/app/app.py
COPY ./secure-routing /secure-routing
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN mkdir -p /var/log/supervisor
#supervisor
RUN apt-get update && \
apt-get install -y supervisor && \
apt-get clean
EXPOSE 5000
CMD [ "/start.sh" ]
# APACHE SAML Configuration
# Build
command:
docker build -t <repo>/<image-name>:<tag>
example:
docker build -t lpivo/k8s-saml:t1 .
docker build --build-arg SOURCE=/mylocation/secure-routing \
-t lpivo/k8s-saml:t1 .
args:
SOURCE -> location of python app source code
-> default=./secure-routing
#!/bin/sh
#Run if you dont have sp metadata which are registered on idp
#create metadata
./helper.sh "http://cbiood.edirex.ics.muni.cz/mellon" "http://cbiood.edirex.ics.muni.cz/mellon"
#!/usr/bin/env bash
set -e
PROG="$(basename "$0")"
printUsage() {
echo "Usage: $PROG ENTITY-ID ENDPOINT-URL"
echo ""
echo "Example:"
echo " $PROG urn:someservice https://sp.example.org/mellon"
echo ""
}
if [ "$#" -lt 2 ]; then
printUsage
exit 1
fi
ENTITYID="$1"
if [ -z "$ENTITYID" ]; then
echo "$PROG: An entity ID is required." >&2
exit 1
fi
BASEURL="$2"
if [ -z "$BASEURL" ]; then
echo "$PROG: The URL to the MellonEndpointPath is required." >&2
exit 1
fi
if ! echo "$BASEURL" | grep -q '^https\?://'; then
echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2
exit 1
fi
HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^:/]*\).*#\1#')"
BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
OUTFILE="$(echo "$ENTITYID" | sed 's/[^0-9A-Za-z.]/_/g' | sed 's/__*/_/g')"
echo "Output files:"
echo "Private key: $OUTFILE.key"
echo "Certificate: $OUTFILE.cert"
echo "Metadata: $OUTFILE.xml"
echo "Host: $HOST"
echo
echo "Endpoints:"
echo "SingleLogoutService: $BASEURL/logout"
echo "AssertionConsumerService: $BASEURL/postResponse"
echo
# No files should not be readable by the rest of the world.
umask 0077
TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)"
cat >"$TEMPLATEFILE" <<EOF
RANDFILE = /dev/urandom
[req]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
[req_distinguished_name]
commonName = $HOST
EOF
openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null
rm -f "$TEMPLATEFILE"
CERT="$(grep -v '^-----' "$OUTFILE.cert")"
cat >"$OUTFILE.xml" <<EOF
<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>$CERT</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
</SPSSODescriptor>
</EntityDescriptor>
EOF
umask 0777
chmod go+r "$OUTFILE.xml"
chmod go+r "$OUTFILE.cert"
-----BEGIN CERTIFICATE-----
MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx
IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz
MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj
cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l
XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h
dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7
QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA
8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8
SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M
nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ
X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh
SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW
coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx
DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex
TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR
pcO5
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc1CCTviVfJfDB
0fn+YXqFA9tU2a4iQAjxzglWxlxfOnM5uEv7z3LZdE614u/GpVKYJcfvH2F3CFov
MoJZCJRM0hdq6KZAd9G3JQY+KzFw3Nh/+xXd5wH8n3+6DnC2d+oB/xRYcHtB5MEY
GBKBSVNntLivkIHixF4Uq0m6KIrUX05SkN7ZEidtky4SJOCqRfWjonQAFkDzGhbZ
czEyjEjqZwjyxeUjYolrfnV5Z9L1wn6bxFkQVPkMsXWSp5yRqHW2x1jEAPxIHUHb
JXbnptomOmBAR9dgNyEtOHj0cPawSibmErC5NaIHbrAZMZOyvxrvmOi6zsyfP/CD
caXMN38BAgMBAAECggEAW8kv4Tjff7TdZTJJnpoVusPnnlT8M/A5x4fECfVY35wD
2LHpoziOnCPjs2YoE4ET23mYqKN6d2dZVNTBqRAP0/5fDWi18YXb/Su+dIivfCHP
OyK57AngoYgKJuNppe4hrcLASiI2mSTjvYgD6Qj5SdmsCg0eb4r/L8giVOYVDj/o
4jm4x7GNTyRN20P4h+tfum3kYHjvmDrL6RWunaChR6+Y33JGO7pW/q6uhonZCUxX
vUqkZ/UKuMRa43lFWWo2QHt2f0ELRjtZwFA9LSqBnf6rZ/p7dubN7g5+l57PScAT
4vWYsC5JLT8OM989w4urvVae4jrN3DafOg13qnV6IQKBgQD8lf4psasvIfE6isAL
uh3nRLV7cpU1YFfZM17j2lleXlHmqu+9oXK5oCtAXoXLvh4N33F5BskXOByKwAMP
+0XDdM7rhVqQdyOe/WYObcCQqCMeuj+XxGyhwRoXjTX3yzwZN9oGAlIhRvGsaLnc
3dANzsVKVVMDuzR+BfLNEW/UIwKBgQDf0D8mhHUh8Mu01HCZlOwQHuRCxje9mNN+
fuTJ977X0tJw2z3t74yLN5x2Y/U0OQUxHXBBhqNjsWeMF9kFAZn1mMqTCVlo0NZz
UNXC3wZAY//cVtY4E8M8Fl4q6bLF+byAYdIoSrWNkznElTM0425EwSvE9SS4qQ8G
Ebad3JBwiwKBgQDu3YYLtfp2SzoOq9JsBKls4RxjTvvuC1toi10sS3yCct4vLu4j
vf95rg/ZAsqy3+saIXn1A0a+T5EmYelDftP9wIRCVM1Nm22zWF3gPUiDRI5Z67Zh
9x7oZW4gYals2eTO0HO9hQpYb/fynONQDPBJboZDAqfL+ojsuQFhjyDbUwKBgFqO
sw6Np6ss9+9ZyZmKtR0ssqUF+MXBEUnsY/wIPvKqfbVmMB+WvmISBT+t4CfaLmya
AbKxnGiY/lGj0I6DAF1sDgMCVGfhn/OWsHchsDDbhUoM5K5Z6LPmRQHN/yS1kHzN
l6/v0pfPCx+sUsTChPpSwrf1jH8fAFIvVpl3BgZTAoGATZbsq6cX3lbq0EFnLY/G
nhTXoyrywxrnhMUfhhxuSBY7ENFrjf/p5lXum3UuY730ss2nKHkfzZHne0+r9D1/
Y1wPE/4HYyJ5p3Z45fOwoEz0Ik9hNrzs0mVRaCni7ZyVso+iavJIAu4jTYaxjYfp
2l5/pzZ5owWLz0OZk1BAYUA=
-----END PRIVATE KEY-----
<EntityDescriptor entityID="http://cbiood.edirex.ics.muni.cz/mellon" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx
IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz
MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj
cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l
XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h
dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7
QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA
8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8
SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M
nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ
X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh
SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW
coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx
DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex
TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR
pcO5</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</KeyDescriptor>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://cbiood.edirex.ics.muni.cz/mellon/logout"/>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://cbiood.edirex.ics.muni.cz/mellon/postResponse" index="0"/>
</SPSSODescriptor>
</EntityDescriptor>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
entityID="https://login.europdx.eu/idp/">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<shibmd:Scope regexp="false">europdx.eu</shibmd:Scope>
<mdui:UIInfo><mdui:DisplayName xml:lang="en">EuroPDX research infrastructure AAI</mdui:DisplayName>
<mdui:Description xml:lang="en">
This service is identity provider for EuroPDX community.
</mdui:Description>
<mdui:InformationURL xml:lang="en">https://europdx.eu</mdui:InformationURL>
<mdui:PrivacyStatementURL xml:lang="en">https://TBA</mdui:PrivacyStatementURL>
<mdui:Keywords xml:lang="en">EuroPDX proxy biology life sciences</mdui:Keywords>
<mdui:Logo width="96" height="96">
https://login.elixir-czech.org/media/elixir-96x96.jpg
</mdui:Logo>
</mdui:UIInfo>
</md:Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.europdx.eu/proxy/saml2/idp/SingleLogoutService.php"/>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.europdx.eu/proxy/saml2/idp/SSOService.php"/>
</md:IDPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">EuroPDX</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">EuroPDX</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">https://europdx.eu</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>EuroPDX</md:GivenName>
<md:SurName>AAI</md:SurName>
<md:EmailAddress>vyskocilpavel@muni.cz</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
AuthType Mellon
MellonEnable auth
Require valid-user
include /etc/apache2/fqdn.conf
<VirtualHost *:80>
ServerName ${SERVERNAME}
ServerAdmin ${EMAILADMIN}
ErrorLog "/var/log/apache2/error.log"
CustomLog "/var/log/apache2/access.log" common
TransferLog "/var/log/apache2/access.log"
ProxyPreserveHost On
<Location / >
MellonSPPrivateKeyFile /etc/apache2/mellon/sp_key.pem
MellonSPCertFile /etc/apache2/mellon/sp_cert.pem
MellonSPMetadataFile /etc/apache2/mellon/sp-metadata.xml
MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml
# Mapping of attribute names to something readable
MellonSetEnv "name" "urn:oid:2.16.840.1.113730.3.1.241"
MellonSetEnv "mail" "urn:oid:0.9.2342.19200300.100.1.3"
MellonSetEnv "eppn" "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
MellonSetEnv "entitlement" "urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
MellonSetEnv "eduPersonUniqueId" "urn:oid:1.3.6.1.4.1.5923.1.1.1.13"
</Location>
IncludeOptional /etc/apache2/sites-enabled/routes/*.conf
</Virtualhost>
#!/bin/sh
mellon=/etc/apache2/mellon
mellonconf=/etc/apache2/sites-enabled/mellon/
cd /$mellon
# move mellon metadata
mv /sp-metadata.xml /${mellon}/sp-metadata.xml
mv /idp-metadata.xml $mellon
mv ${mellon}/*.cert ${mellon}/sp_cert.pem
mv ${mellon}/*.key ${mellon}/sp_key.pem
# mellon conf
mkdir $mellonconf
mv /mellon.conf ${mellonconf}
# create fqdn.conf
echo "Define FQDN ${HOST}" >/etc/apache2/fqdn.conf
echo "Define EMAILADMIN ${ADMIN_USER}" >> /etc/apache2/fqdn.conf
# run Apache
#/usr/sbin/apache2ctl -D FOREGROUND
#run supervisor
/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
[supervisorctl]
[supervisord]
nodaemon=true
[program:flaskAPI]
stdout_logfile=/dev/stdout
stdout_maxbytes=0
stdout_logfile_maxbytes=0
command=flask run --host=0.0.0.0
[program:apache2]
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
stdout_maxbytes=0
stderr_maxbytes=0
stdout_logfile_maxbytes=0
stdout_logfile=/dev/stdout
user=root
killasgroup=true
stopasgroup=true
command=/usr/sbin/apache2ctl -D FOREGROUND
ARG TAG=2.0.0
FROM cbioportal/cbioportal:$TAG AS build
MAINTAINER Luboslav Pivarc <456130@muni.cz>
COPY ./log4j.properties /cbioportal/src/main/resources/log4j.properties
COPY ./portal.properties /cbioportal/src/main/resources/portal.properties
COPY ./settings.xml /root/.m2/settings.xml
COPY ./context.xml /usr/local/tomcat/conf/context.xml
COPY ./logo_EurOPDX.png /cbioportal/portal/src/main/webapp/images/logo_EurOPDX.png
RUN mvn -DskipTests clean install
RUN ls $PORTAL_HOME/portal/target/
FROM tomcat:8-jre8
MAINTAINER Luboslav Pivarc <456130@muni.cz>
ENV APP_NAME="cbioportal" \
PORTAL_HOME="/cbioportal"
#======== Install Prerequisites ===============#
RUN apt-get update && apt-get install -y --no-install-recommends \
libmysql-java \
patch \
python3 \
python3-jinja2 \
python3-mysqldb \
python3-requests \
&& ln -s /usr/share/java/mysql-connector-java.jar "$CATALINA_HOME"/lib/ \
&& rm -rf $CATALINA_HOME/webapps/examples \
&& rm -rf /var/lib/apt/lists/*
#======== Copy from first stage ===========================#
COPY --from=build $PORTAL_HOME/portal/target/cbioportal.war $CATALINA_HOME/webapps/cbioportal.war
COPY --from=build $PORTAL_HOME/core/src/main/scripts/ $PORTAL_HOME/core/src/main/scripts/
COPY --from=build $PORTAL_HOME/scripts/target/scripts*.jar $PORTAL_HOME/scripts/target/
COPY --from=build /usr/local/tomcat/conf/context.xml /usr/local/tomcat/conf/context.xml
COPY --from=build /cbioportal/src/main/resources/portal.properties /cbioportal/portal.properties
COPY ./data-loading /etc/data-loading
COPY ./start.sh /start.sh
RUN chmod +x /start.sh
WORKDIR $PORTAL_HOME
EXPOSE 8080
#======== symbol links & subtitute db host & run app ===============#
CMD /start.sh
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
<!-- Default set of monitored resources. If one of these changes, the -->
<!-- web application will be reloaded. -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<!--
<Manager pathname="" />
-->
<Resource name="jdbc/cbioportal" auth="Container" type="javax.sql.DataSource"
maxActive="100" maxIdle="30" maxWait="10000"
username="cbio" password="P@ssword1"
driverClassName="com.mysql.jdbc.Driver"
connectionProperties="zeroDateTimeBehavior=convertToNull;"
url="jdbc:mysql://cbiodb:3306/cbioportal"/>
</Context>
# Change INFO to DEBUG, if you want to see debugging info on underlying libraries we use.
log4j.rootLogger=INFO, a
# Change INFO to DEBUG, if you want see debugging info on our packages and spring security packages.
log4j.category.org.mskcc=INFO
log4j.logger.org.springframework.security=INFO
# Use the JVM option, e.g.: "java -DPORTAL_HOME=/pathto/portal_homedir",
# or - "java -DPORTAL_HOME=$PORTAL_HOME", where PORTAL_HOME is shell (environment) variable.
## IMPORTANT - THRESHOLD SHOULD NOT BE DEBUG FOR PRODUCTION, CREDENTIALS CAN BE DISPLAYED!
log4j.appender.a = org.apache.log4j.rolling.RollingFileAppender
log4j.appender.a.rollingPolicy = org.apache.log4j.rolling.TimeBasedRollingPolicy
log4j.appender.a.rollingPolicy.FileNamePattern = ${java.io.tmpdir}/cbioportal.log.%d.gz
log4j.appender.a.File = ${java.io.tmpdir}/cbioportal.log
log4j.appender.a.layout = org.apache.log4j.PatternLayout
log4j.appender.a.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} [%t] %-5p %c - %m%n
log4j.appender.a.append = true
\ No newline at end of file
# app name
app.name=cbioportal1
# database
db.user=cbio
db.password=P@ssword1
db.host=cbiodb
db.portal_db_name=cbioportal
db.driver=com.mysql.jdbc.Driver
db.connection_string=jdbc:mysql://cbiodb/
db.tomcat_resource_name=jdbc/cbioportal
# this should normally be set to false. In some cases you could set this to true (e.g. for testing a feature of a newer release that is not related to the schema change in expected db version above):
db.suppress_schema_version_mismatch_errors=false
app.version=${timestamp}
db.version=${db.version}
# web page cosmetics
skin.title=EurOPDX cBioPortal
skin.email_contact=it at europdx eu
skin.authorization_message=Access to this portal is only available to authorized users of EurOPDX consortium.
skin.example_study_queries=tcga\ntcga -provisional\ntcga -moratorium\ntcga OR icgc\n-"cell line"\nprostate mskcc\nesophageal OR stomach\nserous\nbreast
skin.data_sets_header=The portal currently contains data from the following cancer genomics studies. The table below lists the number of available samples per data type and tumor.
skin.data_sets_footer=
#skin.examples_right_column_html=<ul><li><a href="case.do#/patient?studyId=ucec_tcga_pub&caseId=TCGA-BK-A0CC">Patient view of an endometrial cancer case</a></li></ul>
# documentation pages
#skin.documentation.baseurl=https://raw.githubusercontent.com/cBioPortal/cbioportal/master/docs/
skin.documentation.baseurl=https://gitlab.ics.muni.cz/europdx/cbioportal/cbio-public-info/raw/master/
skin.documentation.markdown=true
skin.documentation.faq=FAQ.md
skin.documentation.about=About-Us.md
skin.documentation.skin.news=News.md
skin.documentation.oql=Onco-Query-Language.md
# setting controlling the logos
skin.right_logo=logo_EurOPDX.png
skin.tag_line_image=tag_line.png
# setting controlling which tabs to hide.
skin.show_news_tab=true
skin.show_data_tab=true
skin.show_web_api_tab=true
skin.show_r_matlab_tab=true
skin.show_tutorials_tab=false
skin.show_faqs_tab=true
skin.show_tools_tab=true
skin.show_about_tab=true
# settings controlling the whats new blurb
skin.right_nav.whats_new_blurb=<a class="twitter-timeline" href="https://twitter.com/europdx" data-tweet-limit="1"> Tweets by @EurOPDX </a>
# setting controlling the blurb
skin.blurb=<p>Welcome to the european instance of cBioPortal which provides <b>visualization</b>, <b>analysis</b> and <b>download</b> of large-scale cancer genomics datasets of EurOPDX consortium. This portal is run by <a href="https://www.cerit-sc.cz/about/news/cerit-sc-member-participates-in-eu-h2020-project-as-the-it-task-leader">Masaryk University</a> for <a href="https://cordis.europa.eu/project/rcn/212589_en.html">EDIReX: European Distributed Infrastructure for Research on patient-derived cancer Xenografts</a> project with kind support of cBioPortal developers from Weill Cornell Medicine (WCM, New York, NY, USA).</p><p>Please adhere to <u><a href="http://cancergenome.nih.gov/abouttcga/policies/publicationguidelines"> the TCGA publication guidelines</a></u> when using TCGA data in your publications.</p> <p><b>Please cite</b> <a href="http://www.ncbi.nlm.nih.gov/pubmed/23550210">Gao et al. <i>Sci. Signal.</i> 2013</a> &amp; <a href="http://cancerdiscovery.aacrjournals.org/content/2/5/401.abstract">Cerami et al. <i>Cancer Discov.</i> 2012</a> when publishing results based on cBioPortal.</p>
# setting controlling the footer
skin.footer= | <a href="http://www.mskcc.org/mskcc/html/44.cfm">MSKCC</a> | <a href="http://europdx.eu/">EurOPDX</a> | <a href="http://www.ics.muni.cz/">ICS MU</a>
# setting controlling html for the contact
skin.login.contact_html=If you think you have received this message in error, please contact us at <a style="color:#FF0000" href="mailto:europdx-cbioportal@googlegroups.com">europdx-cbioportal@googlegroups.com</a>
# setting controlling the saml registration
skin.login.saml.registration_html=Sign in
# settings controlling what to show in the right navigation bar
skin.right_nav.show_data_sets=true
skin.right_nav.show_examples=true
skin.right_nav.show_testimonials=false
# settings controlling what to show in the right navigation bar
skin.study_view.link_text=To build your own case set, try out our enhanced Study View.
# authentication
## is authorization enabled at all? (true, false)
authorization=false
## enable and set this property to specify a study group to be used to identify public studies for which no specific authorization entries are needed in the `authorities` table
# always_show_study_group=
## which method of authentication to use (false, googleplus, saml, openid, ad, ldap, noauthsessionservice)
authenticate=false
## Should the permissions for groups and users be filtered by this instance's app.name?
## (true means the system only handles "CBIOPORTAL:someGroupPermission" groups, false means "someGroupPermission" works)
filter_groups_by_appname=true
## settings to connect to googleplus auth infrastructure
googleplus.consumer.key=
googleplus.consumer.secret=
## SAML settings
saml.sp.metadata.entityid=
saml.idp.metadata.location=
saml.idp.metadata.entityid=
# saml keystore settings:
saml.keystore.location=
saml.keystore.password=
saml.keystore.private-key.key=
saml.keystore.private-key.password=
saml.keystore.default-key=
# How to send SAML request messages to the IDP.
# Set to "specificBinding" to configure specific binding:
saml.idp.comm.binding.settings=defaultBinding
# Configure the specific binding if above is specificBinding. Leave empty if defaultBinding.
# Options: bindings:HTTP-POST, bindings:HTTP-Redirect, bindings:PAOS, profiles:holder-of-key:SSO:browser
saml.idp.comm.binding.type=
# Change this to configure your custom UserDetails parser (default: org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl)
saml.custom.userservice.class=org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl
# Change this to configure to configure a custom logout URL: (default: /login.jsp?logout_success=true)
saml.logout.url=/login.jsp?logout_success=true
## settings to connect to an Active Directory domain controller
ad.domain=
ad.url=
## configuration for the LDAP access
ldap.user_search_base=DC=example,DC=com
ldap.url=ldap://ldap.example.com
ldap.manager.dn=CN=manager-user,DC=example,DC=com
ldap.manager.password=PASSWORD