From c424ee433da5a88deae13dc4b487ff2a24a8d373 Mon Sep 17 00:00:00 2001 From: Daniel Dreibrodt Date: Mon, 12 Aug 2024 15:10:09 +0200 Subject: [PATCH 1/4] Enable ldaps on port 8443 --- Dockerfile | 9 +++++---- config/apache/ports.conf.mo | 8 ++++++++ config/apache/simplesamlphp.conf.mo | 21 +++++++++++++++++++++ 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index e5c9fea..bb77b49 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,13 +25,14 @@ RUN curl -sSL -o /tmp/simplesamlphp.tar.gz https://github.com/simplesamlphp/simp COPY config/simplesamlphp/config.php /var/www/simplesamlphp/config COPY config/simplesamlphp/authsources.php /var/www/simplesamlphp/config COPY config/simplesamlphp/saml20-sp-remote.php /var/www/simplesamlphp/metadata -COPY config/simplesamlphp/server.crt /var/www/simplesamlphp/cert/ -COPY config/simplesamlphp/server.pem /var/www/simplesamlphp/cert/ +COPY config/simplesamlphp/server.crt /etc/ssl/private/cert.crt +COPY config/simplesamlphp/server.pem /etc/ssl/private/private.key RUN echo " /var/www/simplesamlphp/metadata/shib13-sp-remote.php # Apache ENV HTTP_PORT 8080 +ENV HTTPS_PORT 8443 COPY config/apache/ports.conf.mo /tmp COPY config/apache/simplesamlphp.conf.mo /tmp @@ -40,7 +41,7 @@ RUN /tmp/mo /tmp/ports.conf.mo > /etc/apache2/ports.conf && \ # hadolint ignore=DL3059 RUN a2dissite 000-default.conf default-ssl.conf && \ - a2enmod rewrite && \ + a2enmod rewrite ssl && \ a2ensite simplesamlphp.conf # Clean up @@ -51,4 +52,4 @@ RUN rm -rf /tmp/* WORKDIR /var/www/simplesamlphp # General setup -EXPOSE ${HTTP_PORT} +EXPOSE ${HTTP_PORT} ${HTTPS_PORT} diff --git a/config/apache/ports.conf.mo b/config/apache/ports.conf.mo index ac4ad07..fca7aa7 100644 --- a/config/apache/ports.conf.mo +++ b/config/apache/ports.conf.mo @@ -1 +1,9 @@ Listen {{HTTP_PORT}} + + + Listen {{HTTPS_PORT}} + + + + Listen {{HTTPS_PORT}} + diff --git a/config/apache/simplesamlphp.conf.mo b/config/apache/simplesamlphp.conf.mo index c34f005..4e90d59 100644 --- a/config/apache/simplesamlphp.conf.mo +++ b/config/apache/simplesamlphp.conf.mo @@ -16,5 +16,26 @@ + + ServerName localhost + DocumentRoot /var/www/simplesamlphp + SSLEngine on + SSLCertificateFile /etc/ssl/private/cert.crt + SSLCertificateKeyFile /etc/ssl/private/private.key + Alias /simplesaml /var/www/simplesamlphp/www + + + RewriteEngine On + RewriteBase / + RewriteRule ^$ www [L] + RewriteRule ^/(.+)$ www/$1 [L] + + + + + Require all granted + + + ServerName localhost From 556d4b79884fe02f63655938048c51ec220ffb78 Mon Sep 17 00:00:00 2001 From: Daniel Dreibrodt Date: Mon, 12 Aug 2024 15:10:21 +0200 Subject: [PATCH 2/4] Update default certificate --- config/simplesamlphp/server.crt | 35 ++++++++++++--------- config/simplesamlphp/server.pem | 55 +++++++++++++++++---------------- 2 files changed, 49 insertions(+), 41 deletions(-) diff --git a/config/simplesamlphp/server.crt b/config/simplesamlphp/server.crt index c5935f0..257fd9d 100644 --- a/config/simplesamlphp/server.crt +++ b/config/simplesamlphp/server.crt @@ -1,16 +1,23 @@ -----BEGIN CERTIFICATE----- -MIICmjCCAYICCQDX5sKPsYV3+jANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDAR0 -ZXN0MB4XDTE5MTIyMzA5MDI1MVoXDTIwMDEyMjA5MDI1MVowDzENMAsGA1UEAwwE -dGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdtDJ278DQTp84O -5Nq5F8s5YOR34GFOGI2Swb/3pU7X7918lVljiKv7WVM65S59nJSyXV+fa15qoXLf -sdRnq3yw0hTSTs2YDX+jl98kK3ksk3rROfYh1LIgByj4/4NeNpExgeB6rQk5Ay7Y -S+ARmMzEjXa0favHxu5BOdB2y6WvRQyjPS2lirT/PKWBZc04QZepsZ56+W7bd557 -tdedcYdY/nKI1qmSQClG2qgslzgqFOv1KCOw43a3mcK/TiiD8IXyLMJNC6OFW3xT -L/BG6SOZ3dQ9rjQOBga+6GIaQsDjC4Xp7Kx+FkSvgaw0sJV8gt1mlZy+27Sza6d+ -hHD2pWECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAm2fk1+gd08FQxK7TL04O8EK1 -f0bzaGGUxWzlh98a3Dm8+OPhVQRi/KLsFHliLC86lsZQKunYdDB+qd0KUk2oqDG6 -tstG/htmRYD/S/jNmt8gyPAVi11dHUqW3IvQgJLwxZtoAv6PNs188hvT1WK3VWJ4 -YgFKYi5XQYnR5sv69Vsr91lYAxyrIlMKahjSW1jTD3ByRfAQghsSLk6fV0OyJHyh -uF1TxOVBVf8XOdaqfmvD90JGIPGtfMLPUX4m35qaGAU48PwCL7L3cRHYs9wZWc0i -fXZcBENLtHYCLi5txR8c5lyHB9d3AQHzKHMFNjLswn5HsckKg83RH7+eVqHqGw== +MIID2jCCAsKgAwIBAgIEOPu2EjANBgkqhkiG9w0BAQsFADCBhTELMAkGA1UEBhMC +QVExFjAUBgNVBAMMDXNpbXBsZXNhbWxwaHAxFjAUBgNVBAgMDXNpbXBsZXNhbWxw +aHAxFjAUBgNVBAcMDXNpbXBsZXNhbWxwaHAxFjAUBgNVBAoMDXNpbXBsZXNhbWxw +aHAxFjAUBgNVBAsMDXNpbXBsZXNhbWxwaHAwHhcNMjQwODEyMTMwOTI3WhcNMzQw +ODEwMTMwOTI3WjCBhTELMAkGA1UEBhMCQVExFjAUBgNVBAMMDXNpbXBsZXNhbWxw +aHAxFjAUBgNVBAgMDXNpbXBsZXNhbWxwaHAxFjAUBgNVBAcMDXNpbXBsZXNhbWxw +aHAxFjAUBgNVBAoMDXNpbXBsZXNhbWxwaHAxFjAUBgNVBAsMDXNpbXBsZXNhbWxw +aHAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR9srNS61AjtJxaQKQ +pdyDdJc10NWYsHL0y0rvsu6WdSHhfjU1Af6MpmU8MyQz5Ea9T9iSKCI5tW9lxvMs +O9062XYMaYWAnkW5klz3GdQQMisGArTZrJ/YPuGL1aeWwL6i31g9rLV7SJLUKvba +Q1kh9Lm6TquojAjc2DnZMRLN5DCLE7vXWFPxDfePI91eepFX7qMUljhUkIa46PYj +fs5EKkPI6IvADqzLACroaZYKgskzCj9yApLSOkg+mOPQFJvKccMZBCa1tidbjCM+ +qp4bk1yDWlBSLM/G1+PRhCwzztI/4ecpPWO5KWKthJZDPKbzvmO5apyACktO1yuQ +P3E/AgMBAAGjUDBOMB0GA1UdDgQWBBQFoe7QFLVAk44hBZDtEbPt+8BxXDAfBgNV +HSMEGDAWgBQFoe7QFLVAk44hBZDtEbPt+8BxXDAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQB4ZHv1RbTjt0wOOLGPoiOZwoqWOYXHVwOsZGMxKDqvzl1u +C+N9zlQCQl6wTAak7YDjtL1cYbplyHwqKWgfyV98Js85xsRUhzGBzNTOxk4+DkVR +kMN6XYUVmbbZTcj7g8QcRWKs6rw86Vxo4Nv+RzsqpEqxA3RCMaZiu58/1G7j8sj3 +r+HsNb4JuWl4i32e7Fz+ZNsvmTs0zHbk0JoiWajNsbhwFnFhPZuxNUSZo7C8WlF9 +ScFRGQsGtwjdTPVQNTA++MwOVLALVYSBgdokNzfQcW5EknL+MXn7NroyUrrxCkcf +Dlousqb8GOwvn6Ut22o4LyljGlcToolkLcPsV6PC -----END CERTIFICATE----- diff --git a/config/simplesamlphp/server.pem b/config/simplesamlphp/server.pem index 9b144cd..1c2fdae 100644 --- a/config/simplesamlphp/server.pem +++ b/config/simplesamlphp/server.pem @@ -1,27 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAx20MnbvwNBOnzg7k2rkXyzlg5HfgYU4YjZLBv/elTtfv3XyV -WWOIq/tZUzrlLn2clLJdX59rXmqhct+x1GerfLDSFNJOzZgNf6OX3yQreSyTetE5 -9iHUsiAHKPj/g142kTGB4HqtCTkDLthL4BGYzMSNdrR9q8fG7kE50HbLpa9FDKM9 -LaWKtP88pYFlzThBl6mxnnr5btt3nnu1151xh1j+cojWqZJAKUbaqCyXOCoU6/Uo -I7DjdreZwr9OKIPwhfIswk0Lo4VbfFMv8EbpI5nd1D2uNA4GBr7oYhpCwOMLhens -rH4WRK+BrDSwlXyC3WaVnL7btLNrp36EcPalYQIDAQABAoIBADy43JWOqxYAQiEA -8fgTUcZkYzdNtPmL4PgCjpIYIrJ+F6A2FfeQ0gWj08/+59efEbVJFhtOnE+0YhJr -QGdvZYzi/iSu4KXDPaD2vACKr94Gj6Ve3aovJOdTzzpPjuV+I1lUXLpwQA3F2U1D -ON8yHHeFBZn2XSmX+9+B5sut0FZTHHDuVDJ3ZYkR8bXvJj17JmjZ0DfqCt7euqNP -GrvSKNuss/rXDc/bG3jNyC9uvUa9oduWOUQ9y1XiLC8EtTKVZlW/n8PHIEaSSixV -9tb034hJ0/cRwNZfCRKai7LIo53cs5AE6lUpohHYpHrZSTYRJib31eTv0RS0pa0c -bKUPkkECgYEA+ziw2qi2gQx5c2uQslhiaLrolrTejYCWpCyEJS/+Ht1clOUVrQpg -wNnP7udQmcd4i3zjzzUsRNnKiZeSXi5fVJMM+ZLyPipfYueZB1qD2vSlsN3VAwIj -p0avTowdzrKDeuHEkA1Dx6G7v6dSbMbdJZAu5WzcC2QH3o4e/nffhwkCgYEAyzgk -qNY/kIJjmZTcNgiHcEF4i09KDNttqqLV44RybQ4bqvkIQ51B2ZNQKkC5wOUG3eVz -lHOhK1L5U6IZutYSynop0+mk4DUO67sy/cn3XYCRAViAgYZ1mJmn/brjIwkSJnKL -Hagrf+s704YwYQohiUB3PoNuZ4Wx/8rSGd7qqZkCgYA6n079p1L3KC8LFPWt+Fv2 -bm8qA8jPIkuEwfKQLvPQxfz9rbtyJrLPLcSMziOLzvU9L4aFarYK1vuhQeJg4ddT -CAGGF5k5km+xx7N4+NE9/crQS+OSESS6uw7beGzYN+XgfeB9cOr5Ia+LGINuaLVg -N5YJ6W4rpksDzwxCezyI6QKBgQCjAS2mn/Psnin2Dwlz7fN1f46Jb9gd6ARXUrXu -AVcnUqGuyoJueb1QIHG08qYMq6iOZHYJJZapgaysAOJSk1QPRV43tLmjfeux+j40 -g8P/JBkr0ymAu7Gn7dhqFXYLrEL6w/YCm9oIiU87o+86Zz3vMd50LkhokTztyGou -hjgEQQKBgQDiohVC5mnZ8gUJhXuEUpXNMA4pQZycakSA9aL6lkMqbz1mMapJdEzS -HM5ETzOHXcJKActWKRHZqUAGGDf/FFntALy9Aw+BPjikMQdlVVOSQvUHBdHDiQsc -eXUbkRa9oPkkeq5QODpI1qJ8fctJgyKrr9MXztyvkWED7bA5wh0RKQ== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDR9srNS61AjtJx +aQKQpdyDdJc10NWYsHL0y0rvsu6WdSHhfjU1Af6MpmU8MyQz5Ea9T9iSKCI5tW9l +xvMsO9062XYMaYWAnkW5klz3GdQQMisGArTZrJ/YPuGL1aeWwL6i31g9rLV7SJLU +KvbaQ1kh9Lm6TquojAjc2DnZMRLN5DCLE7vXWFPxDfePI91eepFX7qMUljhUkIa4 +6PYjfs5EKkPI6IvADqzLACroaZYKgskzCj9yApLSOkg+mOPQFJvKccMZBCa1tidb +jCM+qp4bk1yDWlBSLM/G1+PRhCwzztI/4ecpPWO5KWKthJZDPKbzvmO5apyACktO +1yuQP3E/AgMBAAECggEAWZ5SP8BOaeDMODYPLzhsX/uy0viZQvwFhTEEgj1IkxXZ +6UqaYU7BnL0lNsXJbRDBlOpw0SmqOiGUM8fwYXAH5KePOIsNvbFQp32uipYOqv8O +2Bjton+JFp74XFxMlQ8eD5zvKBwAtmdqrH7OMKlQcSro33nW0TE8Uy9Duc21bgVz +MpiQCBcwDkMYjebEZhLjGRsNnNWOmYfG4PqwwiohoK5n8NRTT7YDEwCo4slR09lz +/rvCn2Gitn98WpUWVSZAzSW8/8tj5llXnLEMfms8GbAaggHPtf1eLflHi9reZtP4 +IBUyMbvhSBrzZ8OYd5CK6Zl7OaXeolxBcNx725ZniQKBgQDsa2VTmI39aatVdkiK +XknnmPv47bQIYvpoePaQKKJtsVVOwouldnamg+h1W5X7xvon3j6B/CQ05Omk1swP +4vTpbeomp6mNogIBEVOICZn7v/m9Kn9MTFinuf1yVjF06sKe9NkqcN/+Mvotd3DU +uMCnNmQuCNAjiT0niEDMzFOGtQKBgQDjWnunx4hmF3x9Bg5lopDWJmD7Sq7xaym9 +fcU6YfSfN/I6SFptZLdqsJh7x9WxVWndGWKoPtsB4yehh1w3mFZXhKeosSfmgwEW +jtDqgJimoeIVa8vtWxp3nvcAPNKNr0AQOS927hpS4d97niQUm/t36LpN0lhERD5u +JCelhC18owKBgQCIpT4ohhkzafrsZ3Rf/UVsBeFFLGaNHmArOBcSlVnkWsW6wvkh +xomnjsAx7KCQqJ33ox2v1YM7yz871iaV3BDARpY6h1eZlBTidxg3nY0RlBENg92V +xN7M+tQBXM4zDGk2pMBMJndgnig5VTqyyKIZQ3e9n7xlfbIKAlepx0NTrQKBgD7M +IVeof35jglkuMQ/VpVfhZexDJqs8RF04vh9wKxdHZrq+fWu15AuuF5ApFFdVFlah +ymRaaDfPPIUbVFdu1np6A61OsYy0JrrKW95KAuAT2tS736oB/f+IgwUnx6im/XT9 +tqSNA+xcw1PrzF987iqit8MDFKpWhz/48JKBPectAoGBALuqI52nagXQhlwACbBt +C8fg0t7XjoXt6GxIVx6nHL+QlKd2x8mzYbZRv3D6aG67z3vMxXwgdxEZymiwM7rn +xVhBDN+FhjF0XsQIy9PxYTV0y8oE8e/5aKm2vrUnK6XDxRmj8L40oLzDUOb2a6yP +07RD+ca1hlEi7fk9NuHV8Giu +-----END PRIVATE KEY----- From 904db0dab749dccf437526306a462c004d8d5927 Mon Sep 17 00:00:00 2001 From: Daniel Dreibrodt Date: Tue, 13 Aug 2024 12:24:20 +0200 Subject: [PATCH 3/4] Fix certificate location as it is used both for TLS and SAML --- Dockerfile | 4 ++-- config/apache/simplesamlphp.conf.mo | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index bb77b49..3325255 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,8 +25,8 @@ RUN curl -sSL -o /tmp/simplesamlphp.tar.gz https://github.com/simplesamlphp/simp COPY config/simplesamlphp/config.php /var/www/simplesamlphp/config COPY config/simplesamlphp/authsources.php /var/www/simplesamlphp/config COPY config/simplesamlphp/saml20-sp-remote.php /var/www/simplesamlphp/metadata -COPY config/simplesamlphp/server.crt /etc/ssl/private/cert.crt -COPY config/simplesamlphp/server.pem /etc/ssl/private/private.key +COPY config/simplesamlphp/server.crt /var/www/simplesamlphp/cert/cert.crt +COPY config/simplesamlphp/server.pem /var/www/simplesamlphp/cert/private.key RUN echo " /var/www/simplesamlphp/metadata/shib13-sp-remote.php diff --git a/config/apache/simplesamlphp.conf.mo b/config/apache/simplesamlphp.conf.mo index 4e90d59..01d8a8f 100644 --- a/config/apache/simplesamlphp.conf.mo +++ b/config/apache/simplesamlphp.conf.mo @@ -20,8 +20,8 @@ ServerName localhost DocumentRoot /var/www/simplesamlphp SSLEngine on - SSLCertificateFile /etc/ssl/private/cert.crt - SSLCertificateKeyFile /etc/ssl/private/private.key + SSLCertificateFile /var/www/simplesamlphp/cert/cert.crt + SSLCertificateKeyFile /var/www/simplesamlphp/cert/private.key Alias /simplesaml /var/www/simplesamlphp/www From 44a4a437ae07067c0ee359f4ce68f191bf9dde3b Mon Sep 17 00:00:00 2001 From: Daniel Dreibrodt Date: Tue, 13 Aug 2024 13:01:37 +0200 Subject: [PATCH 4/4] Fix cert paths --- Dockerfile | 4 ++-- config/apache/simplesamlphp.conf.mo | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3325255..c07b575 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,8 +25,8 @@ RUN curl -sSL -o /tmp/simplesamlphp.tar.gz https://github.com/simplesamlphp/simp COPY config/simplesamlphp/config.php /var/www/simplesamlphp/config COPY config/simplesamlphp/authsources.php /var/www/simplesamlphp/config COPY config/simplesamlphp/saml20-sp-remote.php /var/www/simplesamlphp/metadata -COPY config/simplesamlphp/server.crt /var/www/simplesamlphp/cert/cert.crt -COPY config/simplesamlphp/server.pem /var/www/simplesamlphp/cert/private.key +COPY config/simplesamlphp/server.crt /var/www/simplesamlphp/cert/ +COPY config/simplesamlphp/server.pem /var/www/simplesamlphp/cert/ RUN echo " /var/www/simplesamlphp/metadata/shib13-sp-remote.php diff --git a/config/apache/simplesamlphp.conf.mo b/config/apache/simplesamlphp.conf.mo index 01d8a8f..c77b8e6 100644 --- a/config/apache/simplesamlphp.conf.mo +++ b/config/apache/simplesamlphp.conf.mo @@ -20,8 +20,8 @@ ServerName localhost DocumentRoot /var/www/simplesamlphp SSLEngine on - SSLCertificateFile /var/www/simplesamlphp/cert/cert.crt - SSLCertificateKeyFile /var/www/simplesamlphp/cert/private.key + SSLCertificateFile /var/www/simplesamlphp/cert/server.crt + SSLCertificateKeyFile /var/www/simplesamlphp/cert/server.pem Alias /simplesaml /var/www/simplesamlphp/www