docker: refactors security config in Dockerfile/entrypoint.sh (f5912f91) · Commits · ViaLactea / vlkb-soda

docker/Dockerfile

+9 −10

Original line number	Diff line number	Diff line
		@@ -19,10 +19,11 @@ ENV CATALINA_TMPDIR=/tmp

		ENV WEBAPP_DIR=/webapps/vlkb-cutout

		COPY ast_9.2.9-1_amd64.deb ./
		COPY deps/ast_9.2.9-1_amd64.deb ./
		RUN dpkg -i /root/ast_9.2.9-1_amd64.deb && ldconfig \
		&& mkdir -p ${WEBAPP_DIR} \
		&& mkdir -p /srv/surveys && mkdir -p /srv/cutouts
		&& mkdir -p /srv/surveys && mkdir -p /srv/cutouts \
		&& mkdir -p /etc/pki/tls


		ARG VLKB_VERSION
		@@ -33,7 +34,7 @@ RUN dpkg -i vlkb-${VLKB_VERSION}.deb vlkb-obscore-${VLKB_VERSION}.deb vlkbd-${VL
		&& cd ${WEBAPP_DIR} && jar -xf vlkb-cutout-${VLKB_VERSION}.war

		# Tomcat must load DB-driver (postgresql_*.jar), vlkb-cutout does not explicitely load DB-drivers
		COPY postgresql-*.jar /var/lib/tomcat9/lib
		COPY deps/postgresql-*.jar /var/lib/tomcat9/lib



		@@ -41,7 +42,7 @@ COPY postgresql-*.jar /var/lib/tomcat9/lib

		ENV INST_DIR=/usr/local

		COPY vlkbd_exec.sh ${INST_DIR}/bin
		COPY deps/vlkbd_exec.sh ${INST_DIR}/bin

		RUN mkdir -p ${INST_DIR}/etc/vlkb-obscore \
		&& mkdir -p ${INST_DIR}/etc/vlkbd \
		@@ -50,13 +51,11 @@ RUN mkdir -p ${INST_DIR}/etc/vlkb-obscore \

		# configure during docker build-time

		COPY config/vlkb-obscore.datasets.conf ${INST_DIR}/etc/vlkb-obscore/datasets.conf
		COPY config/vlkbd.datasets.conf ${INST_DIR}/etc/vlkbd/datasets.conf
		COPY deps/vlkb-obscore.datasets.conf ${INST_DIR}/etc/vlkb-obscore/datasets.conf
		COPY deps/vlkbd.datasets.conf ${INST_DIR}/etc/vlkbd/datasets.conf

		COPY config/auth.properties config/neatoken.properties config/iamtoken.properties ${WEBAPP_DIR}/WEB-INF/classes/

		#COPY ssl/keystore.jks /root/
		COPY ssl/server.xml ssl/server-connector-8080.xml ssl/server-connector-8443.xml /etc/tomcat9/
		# precofigure port 8080 (no SSL)
		COPY deps/server.xml deps/server-connector.xml /etc/tomcat9/

		# configure during docker run-time

docker/config/authpolicy.properties

deleted100644 → 0

+0 −6

Original line number	Diff line number	Diff line
		db_uri=jdbc:postgresql://127.0.0.1:5432/vialactea
		db_schema=datasets
		db_user_name=vialactea
		db_password=ia2vlkb

docker/config/context-cutout.xml

deleted100644 → 0

+0 −15

Original line number	Diff line number	Diff line
		<Context docBase="/webapps/vlkb-cutout">

		<Resources allowLinking="true">
		<PostResources readOnly="false"
		className="org.apache.catalina.webresources.DirResourceSet"
		base="/srv/cutouts"
		webAppMount="/cutouts"/>
		<PostResources readOnly="true"
		className="org.apache.catalina.webresources.DirResourceSet"
		base="/srv/surveys"
		webAppMount="/surveys"/>
		</Resources>

		</Context>

docker/config/formatresponsefilter.properties

deleted100644 → 0

+0 −7

Original line number	Diff line number	Diff line

		# used to retrieve extraCards to add to FITS_header (VLKB-only)
		surveys_metadata_abs_pathname=/srv/surveys/survey_populate.csv

		# these URL's are used to construct cutout merge requests strings in response.xml
		cutout_url=http://vlkb-devel.ia2.inaf.it:8080/vlkb/datasets/vlkb_cutout
		merge_url=http://vlkb-devel.ia2.inaf.it:8080/vlkb/datasets/vlkb_merge

docker/config/iamtoken.properties

deleted100644 → 0

+0 −10

Original line number	Diff line number	Diff line

		#jwks_url=https://iam-escape.cloud.cnaf.infn.it/jwk
		introspect=https://iam-escape.cloud.cnaf.infn.it/introspect
		client_name=02cc260f-9837-4907-b2cb-a1a2d764fb15
		client_password=AJMi3qrB6AHRp_6y55tEwU-IpJ8uZ6X4QXeQ3W4la6dc-BlkzAY1OQpAE9hb1W7-VfYl4208FUtjE2Cl3hUYLkQ

		resource_id=vlkb

		non_authn_username=anonymous