|
1 | | -#!/usr/bin/env bash |
| 1 | +#!/usr/bin/env sh |
| 2 | + |
| 3 | +set -e |
2 | 4 |
|
3 | 5 | # for Click library to work in satosa-saml-metadata |
4 | | -export LC_ALL=C.UTF-8 |
5 | | -export LANG=C.UTF-8 |
| 6 | +export LC_ALL="C.UTF-8" |
| 7 | +export LANG="C.UTF-8" |
6 | 8 |
|
7 | | -# exit immediately on failure |
8 | | -set -e |
| 9 | +if [ -z "${DATA_DIR}" ] |
| 10 | +then DATA_DIR=/opt/satosa/etc |
| 11 | +fi |
9 | 12 |
|
10 | | -if [ -z "${DATA_DIR}" ]; then |
11 | | - DATA_DIR=/opt/satosa/etc |
| 13 | +if [ ! -d "${DATA_DIR}" ] |
| 14 | +then mkdir -p "${DATA_DIR}" |
12 | 15 | fi |
13 | 16 |
|
14 | | -if [ ! -d "${DATA_DIR}" ]; then |
15 | | - mkdir -p "${DATA_DIR}" |
| 17 | +if [ -z "${PROXY_PORT}" ] |
| 18 | +then PROXY_PORT="8000" |
16 | 19 | fi |
17 | 20 |
|
18 | | -if [ -z "${PROXY_PORT}" ]; then |
19 | | - PROXY_PORT="8000" |
| 21 | +if [ -z "${METADATA_DIR}" ] |
| 22 | +then METADATA_DIR="${DATA_DIR}" |
20 | 23 | fi |
21 | 24 |
|
22 | | -if [ -z "${METADATA_DIR}" ]; then |
23 | | - METADATA_DIR="${DATA_DIR}" |
| 25 | +if [ ! -d "${DATA_DIR}/attributemaps" ] |
| 26 | +then cp -pr /opt/satosa/attributemaps "${DATA_DIR}/attributemaps" |
24 | 27 | fi |
25 | 28 |
|
26 | | -cd ${DATA_DIR} |
| 29 | +# activate virtualenv |
| 30 | +. /opt/satosa/bin/activate |
27 | 31 |
|
28 | | -mkdir -p ${METADATA_DIR} |
| 32 | +# generate metadata for frontend(IdP interface) and backend(SP interface) |
| 33 | +# write the result to mounted volume |
| 34 | +mkdir -p "${METADATA_DIR}" |
| 35 | +satosa-saml-metadata \ |
| 36 | + "${DATA_DIR}/proxy_conf.yaml" \ |
| 37 | + "${DATA_DIR}/metadata.key" \ |
| 38 | + "${DATA_DIR}/metadata.crt" \ |
| 39 | + --dir "${METADATA_DIR}" |
29 | 40 |
|
30 | | -if [ ! -d ${DATA_DIR}/attributemaps ]; then |
31 | | - cp -pr /opt/satosa/attributemaps ${DATA_DIR}/attributemaps |
| 41 | +# if the user provided a gunicorn configuration, use it |
| 42 | +if [ -f "$GUNICORN_CONF" ] |
| 43 | +then conf_opt="--config ${GUNICORN_CONF}" |
32 | 44 | fi |
33 | 45 |
|
34 | | -# Activate virtualenv |
35 | | -. /opt/satosa/bin/activate |
36 | | - |
37 | | -# generate metadata for front- (IdP) and back-end (SP) and write it to mounted volume |
| 46 | +# if HTTPS cert is available, use it |
| 47 | +https_key="${DATA_DIR}/https.key" |
| 48 | +https_crt="${DATA_DIR}/https.crt" |
| 49 | +if [ -f "$https_key" -a -f "$https_crt" ] |
| 50 | +then https_opts="--keyfile ${https_key} --certfile ${https_crt}" |
| 51 | +fi |
38 | 52 |
|
39 | | -satosa-saml-metadata proxy_conf.yaml ${DATA_DIR}/metadata.key ${DATA_DIR}/metadata.crt --dir ${METADATA_DIR} |
| 53 | +# if a chain is available, use it |
| 54 | +chain_pem="${DATA_DIR}/chain.pem" |
| 55 | +if [ -f "$chain_pem" ] |
| 56 | +then chain_opts="--ca-certs chain.pem" |
| 57 | +fi |
40 | 58 |
|
41 | 59 | # start the proxy |
42 | | -if [[ -f https.key && -f https.crt ]]; then # if HTTPS cert is available, use it |
43 | | - exec gunicorn -b0.0.0.0:${PROXY_PORT} --keyfile https.key --certfile https.crt satosa.wsgi:app |
44 | | -else |
45 | | - exec gunicorn -b0.0.0.0:${PROXY_PORT} satosa.wsgi:app |
46 | | -fi |
| 60 | +exec gunicorn $conf_opt \ |
| 61 | + -b 0.0.0.0:"${PROXY_PORT}" \ |
| 62 | + satosa.wsgi:app \ |
| 63 | + $https_opts \ |
| 64 | + $chain_opts \ |
| 65 | + ; |
0 commit comments