= Services =

Docker

= Containers =

* aai-discovery, tag: docker.clarin.eu/aai-discovery:1.8.2.2
* md-conversion, tag: docker.clarin.eu/aai-md-conversion:1.0.0
* proxy, tag: docker.clarin.eu/aai-discovery-proxy:1.0.4
* IDP (v3.2), tag: 

== Setup == 

Pull images from the repository:
{{{
docker pull tianon/true
docker login docker.clarin.eu
docker pull docker.clarin.eu/aai-discovery:1.8.2.2
docker pull docker.clarin.eu/aai-discovery-proxy:1.0.4
}}}

Create containers:
{{{
docker create \
    --name aai-discovery-data \
    -v /data \
    tianon/true

docker create \
    --name aai-discovery \
    -p 8080:8080 \
    --volumes-from aai-discovery-data \
    -v /var/log/docker/aai-discovery/tomcat8:/var/log/tomcat8 \
    docker.clarin.eu/aai-discovery:1.8.2.2

docker create \
    --name proxy  \
    -p 80:80 -p 443:443 \
    -v /root/certstore:/etc/nginx/ssl \
    -v /var/log/docker/proxy/nginx/:/var/log/nginx/ \
    --link aai-discovery:tomcat \
    docker.clarin.eu/aai-discovery-proxy:1.0.4
}}}

Manage containers:
{{{
docker start|stop|restart aai-discovery
docker start|stop|restart proxy
}}}

== IDP v3.2 ==

Authentication flow configuration:
* https://wiki.shibboleth.net/confluence/display/IDP30/AuthenticationFlowSelection
* https://wiki.shibboleth.net/confluence/display/IDP30/AuthenticationConfiguration
* https://wiki.shibboleth.net/confluence/display/IDP30/PasswordAuthnConfiguration
* https://wiki.shibboleth.net/confluence/display/IDP30/LDAPAuthnConfiguration

Tomcat reverse proxy (X-FORWARDED-* headers):
* http://stackoverflow.com/questions/19916906/nginx-managed-ssl-with-tomcat-7

Building:
{{{
cd ~/docker-shibboleth-demo/shibboleth-idp
docker build -t docker.clarin.eu/idp:1.0.0 .
}}}

Initial run:
{{{
docker run --restart=always -d --name idp2 --volumes-from shibboleth-data --volumes-from shibboleth-idp-data -p 172.17.42.1:8081:8080 docker.clarin.eu/idp:1.0.0
}}}