...
Create a directory to store database state:
Code Block mkdir -p var/lib/postgresql/data
Create a directory to hold a database initialization script:
Code Block mkdir docker-entrypoint-initdb.d
Create the database initialization script file init-user-db.sh in the directory you just created with contents
Code Block #!/bin/bash set -e psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL CREATE USER ${COMANAGE_REGISTRY_DATABASE_USER} PASSWORD '${COMANAGE_REGISTRY_DATABASE_USER_PASSWORD}'; CREATE DATABASE ${COMANAGE_REGISTRY_DATABASE}; GRANT ALL PRIVILEGES ON DATABASE ${COMANAGE_REGISTRY_DATABASE} TO ${COMANAGE_REGISTRY_DATABASE_USER}; EOSQL
Create a directory to hold an X.509 certificate and private key for HTTPS (This approach uses the slashRoot mechanism. An alternative is to bind mount or COPY the files into the container/image and use the HTTPS_CERT_FILE and HTTPS_PRIVKEY_FILE environment variables):
Code Block mkdir -p opt/registry/slashRoot/etc/apache2 cp fullchain.pem opt/registry/slashRoot/etc/apache2/cert.pem cp privkey.pem opt/registry/slashRoot/etc/apache2/privkey.pem sudo chown 33 opt/registry/slashRoot/etc/apache2/*.pem sudo chmod 0600 opt/registry/slashRoot/etc/apache2/privkey.pem
Create a directory to hold Shibboleth SP configuration files (This approach uses the slashRoot mechanism. An alternative is to bind mount or COPY the files into the container/image and/or use environment variables to specify Shibboleth SP configuration details):
Code Block mkdir -p opt/registry/slashRoot/etc/shibboleth cp shibboleth2.xml opt/registry/slashRoot/etc/shibboleth/shibboleth2.xml cp attribute-map.xml opt/registry/slashRoot/etc/shibboleth/attribute-map.xml cp sp-encrypt-cert.pem opt/registry/slashRoot/etc/shibboleth/sp-encrypt-cert.pem cp sp-encrypt-key.pem opt/registry/slashRoot/etc/shibboleth/sp-encrypt-key.pem cp sp-signing-cert.pem opt/registry/slashRoot/etc/shibboleth/sp-signing-cert.pem cp sp-signing-key.pem opt/registry/slashRoot/etc/shibboleth/sp-signing-key.pem sudo chown 999 opt/registry/slashRoot/etc/shibboleth/*.pem sudo chmod 0600 opt/registry/slashRoot/etc/shibboleth/*-key.pem
Create the Compose YAML file docker-compose.yml with contents (note that the value for COMANAGE_REGISTRY_ADMIN_USERNAME should be the value that your Shibboleth SP configuration will write into the Apache HTTP Server $REMOTE_USER CGI environment variable)
Code Block services: comanage-registry-database: image: postgres:14 volumes: - ${PWD}/var/lib/postgresql/data:/var/lib/postgresql/data - ${PWD}/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d environment: - POSTGRES_PASSWORD=aHTVzRj7y4fLrXyYIG97 - COMANAGE_REGISTRY_DATABASE=registry - COMANAGE_REGISTRY_DATABASE_USER=registry_user - COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=GoHElRGInSwx1mQJlPdw comanage-registry: image: comanageproject/comanage-registry:4.1.12-shibboleth-sp-supervisor-1 volumes: - ${PWD}/opt/registry/slashRoot:/opt/registry/slashRoot environment: - COMANAGE_REGISTRY_ADMIN_GIVEN_NAME=Scott - COMANAGE_REGISTRY_ADMIN_FAMILY_NAME=Koranda - COMANAGE_REGISTRY_ADMIN_USERNAME=scott.koranda@cilogon.org - COMANAGE_REGISTRY_DATASOURCE=Database/Postgres - COMANAGE_REGISTRY_DATABASE=registry - COMANAGE_REGISTRY_DATABASE_HOST=comanage-registry-database - COMANAGE_REGISTRY_DATABASE_USER=registry_user - COMANAGE_REGISTRY_DATABASE_USER_PASSWORD=GoHElRGInSwx1mQJlPdw - COMANAGE_REGISTRY_EMAIL_FROM_EMAIL=registry@example.com - COMANAGE_REGISTRY_EMAIL_FROM_NAME=Registry - COMANAGE_REGISTRY_EMAIL_TRANSPORT=Smtp - COMANAGE_REGISTRY_EMAIL_HOST=tls://smtp.gmail.com - COMANAGE_REGISTRY_EMAIL_PORT=465 - COMANAGE_REGISTRY_EMAIL_ACCOUNT=registry@example.com - COMANAGE_REGISTRY_EMAIL_ACCOUNT_PASSWORD=Pr3gP6PvaTlxusMMhHEp - COMANAGE_REGISTRY_SECURITY_SALT=HH5WyMJIZ81uwHkPWpalUHSt9sAMIKHILDmNX8pI - COMANAGE_REGISTRY_SECURITY_SEED=076674830359094113871495332036 - COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN=registry.example.com ports: - "80:80" - "443:443"
Start the containers:
Code Block docker compose up -d
- Wait for the images to be pulled and the containers to start.
- Browse to the value you used for COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN.
To stop the containers:
Code Block docker compose down
...