-
Notifications
You must be signed in to change notification settings - Fork 0
/
start.sh
executable file
·97 lines (77 loc) · 2.91 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/usr/bin/env bash
# for Click library to work in satosa-saml-metadata
export LC_ALL=C.UTF-8
export LANG=C.UTF-8
# exit immediately on failure
set -e
# Configuration details that may be injected through environment
# variables or the contents of files.
injectable_config_vars=(
SATOSA_LDAP_BIND_PASSWORD
SATOSA_STATE_ENCRYPTION_KEY
SATOSA_USER_ID_HASH_SALT
)
# If the file associated with a configuration variable is present then
# read the value from it into the appropriate variable. So for example
# if the variable SATOSA_LDAP_BIND_PASSWORD_FILE exists and its
# value points to a file on the file system then read the contents
# of that file into the variable SATOSA_LDAP_BIND_PASSWORD.
for config_var in "${injectable_config_vars[@]}"
do
eval file_name=\$"${config_var}_FILE";
if [ -e "$file_name" ]; then
declare "${config_var}"=`cat $file_name`
fi
done
# Define and create DATA_DIR if it does not already exist.
if [ -z "${DATA_DIR}" ]; then
DATA_DIR=/etc/satosa
fi
if [ ! -d "${DATA_DIR}" ]; then
mkdir -p "${DATA_DIR}"
fi
# Export SATOSA sensitive environment variables.
if [ -n "${SATOSA_STATE_ENCRYPTION_KEY}" ]; then
export SATOSA_STATE_ENCRYPTION_KEY
fi
if [ -n "${SATOSA_USER_ID_HASH_SALT}" ]; then
export SATOSA_USER_ID_HASH_SALT
fi
# Inject secrets into yaml configurations.
if [ -f "${DATA_DIR}/plugins/ldap_attribute_store.yaml" ]; then
sed -i -e s@%%SATOSA_LDAP_BIND_PASSWORD%%@"${SATOSA_LDAP_BIND_PASSWORD}"@ "${DATA_DIR}/plugins/ldap_attribute_store.yaml"
fi
# Copy SAML certificates and associated private keys into place.
if [ -n "${SATOSA_FRONTEND_CERT_FILE}" ] && [ -n "${SATOSA_FRONTEND_KEY_FILE}" ]; then
cp "${SATOSA_FRONTEND_CERT_FILE}" "${DATA_DIR}/frontend.crt"
cp "${SATOSA_FRONTEND_KEY_FILE}" "${DATA_DIR}/frontend.key"
chmod 644 "${DATA_DIR}/frontend.crt"
chmod 600 "${DATA_DIR}/frontend.key"
fi
if [ -n "${SATOSA_BACKEND_CERT_FILE}" ] && [ -n "${SATOSA_BACKEND_KEY_FILE}" ]; then
cp "${SATOSA_BACKEND_CERT_FILE}" "${DATA_DIR}/backend.crt"
cp "${SATOSA_BACKEND_KEY_FILE}" "${DATA_DIR}/backend.key"
chmod 644 "${DATA_DIR}/backend.crt"
chmod 600 "${DATA_DIR}/backend.key"
fi
# Copy HTTPS certificate and key into place.
if [ -n "${SATOSA_HTTPS_CERT_FILE}" ] && [ -n "${SATOSA_HTTPS_KEY_FILE}" ]; then
cp "${SATOSA_HTTPS_CERT_FILE}" "${DATA_DIR}/https.crt"
cp "${SATOSA_HTTPS_KEY_FILE}" "${DATA_DIR}/https.key"
chmod 644 "${DATA_DIR}/https.crt"
chmod 600 "${DATA_DIR}/https.key"
fi
if [ -z "${PROXY_PORT}" ]; then
PROXY_PORT="8000"
fi
if [ -z "${METADATA_DIR}" ]; then
METADATA_DIR="${DATA_DIR}"
fi
cd ${DATA_DIR}
mkdir -p ${METADATA_DIR}
# start the proxy
if [[ -f https.key && -f https.crt ]]; then # if HTTPS cert is available, use it
exec gunicorn -b0.0.0.0:${PROXY_PORT} --keyfile https.key --certfile https.crt satosa.wsgi:app
else
exec gunicorn -b0.0.0.0:${PROXY_PORT} --forwarded-allow-ips='*' satosa.wsgi:app
fi