first commit

Author: tacxou

.gitignore

@@ -0,0 +1 @@
+.idea/

Dockerfile

@@ -0,0 +1,36 @@
+ARG BASE_IMAGE="azul/zulu-openjdk:21"
+ARG EXT_BUILD_COMMANDS=""
+ARG EXT_BUILD_OPTIONS=""
+
+FROM $BASE_IMAGE as overlay
+
+RUN cd /tmp && \
+    apt-get update && \
+    apt-get install -y git && \
+    git clone -b master --single-branch https://github.com/apereo/cas-overlay-template.git cas-overlay
+
+WORKDIR /tmp/cas-overlay
+
+COPY src/ /tmp/cas-overlay/src/
+
+RUN ./gradlew clean build $EXT_BUILD_COMMANDS --parallel --no-daemon $EXT_BUILD_OPTIONS
+
+FROM $BASE_IMAGE as cas
+
+RUN mkdir -p /etc/cas && \
+    cd /etc/cas && \
+    keytool -genkey -noprompt -keystore thekeystore -storepass changeit -keypass changeit -validity 3650 \
+      -keysize 2048 -keyalg RSA -dname "CN=localhost, OU=MyOU, O=MyOrg, L=Somewhere, S=VA, C=US"
+RUN if [ -r /etc/cas/config/certificate.pem ]; then \
+    keytool -noprompt -importcert -keystore /etc/ssl/certs/java/cacerts -storepass changeit \
+      -file /etc/cas/config/certificate.pem -alias "casclient"; \
+    fi
+
+WORKDIR /data
+
+COPY --from=overlay /tmp/cas-overlay/build/libs/cas.war .
+COPY rootfs /
+
+EXPOSE 8080 8443
+
+ENTRYPOINT ["java", "-server", "-noverify", "-Xmx2048M", "-jar", "cas.war"]

compose.yml

@@ -0,0 +1,23 @@
+version: '3'
+
+services:
+  cas:
+    container_name: cas
+    build: .
+    ports:
+      - "8080:8080"
+      - "8443:8443"
+    volumes:
+      - "./rootfs/etc/cas/config:/etc/cas/config"
+      - "./rootfs/etc/cas/services:/etc/cas/services"
+  wiki:
+    container_name: wiki
+    image: ghcr.io/requarks/wiki:2
+    ports:
+      - "3000:3000"
+    environment:
+      DB_TYPE: sqlite
+      TZ: Europe/Paris
+      DB_FILEPATH: /wiki/db/database.sqlite
+    volumes:
+      - "./db:/wiki/db"

db/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

rootfs/etc/cas/config/application.yml

@@ -0,0 +1,2 @@
+info:
+  description: CAS Configuration

rootfs/etc/cas/config/cas.properties

@@ -0,0 +1,49 @@
+server.servlet.context-path=/cas
+
+# By default and if you remove this setting, CAS runs on port 8080
+server.port=8443
+
+# To disable SSL configuration, comment out the following settings or set to blank values.
+server.ssl.keyStore=file:/etc/cas/thekeystore
+server.ssl.keyStorePassword=changeit
+server.ssl.keyPassword=changeit
+# server.ssl.ciphers=
+# server.ssl.clientAuth=
+# server.ssl.enabled=
+# server.ssl.keyAlias=
+# server.ssl.keyStoreProvider=
+# server.ssl.keyStoreType=
+# server.ssl.protocol=
+# server.ssl.trustStore=
+# server.ssl.trustStorePassword=
+# server.ssl.trustStoreProvider=
+# server.ssl.trustStoreType=
+
+server.maxHttpHeaderSize=2097152
+server.useForwardHeaders=true
+server.connectionTimeout=20000
+
+cas.server.name=https://host.docker.internal:8443
+cas.server.prefix=https://host.docker.internal:8443/cas
+
+#
+#
+#logging.config=file:/etc/cas/config/log4j2.xml
+; cas.serviceRegistry.initFromJson=true
+cas.service-registry.json.location=file:/etc/cas/services
+
+; cas.proxyPolicy.allowedToProxy=true
+
+# Logout configuration
+cas.logout.followServiceRedirects=true
+cas.logout.redirectParameter=service
+cas.logout.confirmLogout=true
+cas.slo.disabled=false
+
+cas.ticket.pt.timeToKillInSeconds=60
+cas.ticket.st.timeToKillInSeconds=60
+cas.ticket.tgt.primary.max-time-to-live-in-seconds=1209600
+cas.ticket.tgt.primary.time-to-kill-in-seconds=28800
+
+cas.authn.accept.users=user1::password1,user2::password2
+logging.config: file:/etc/cas/config/log4j2.xml

rootfs/etc/cas/config/log4j2.xml

@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!-- Specify the refresh internal in seconds. -->
+<Configuration monitorInterval="5" packages="org.apereo.cas.logging">
+    <Properties>
+        <!--
+        Default log directory is the current directory but that can be overridden with -Dcas.log.dir=<logdir>
+        Or you can change this property to a new default
+        -->
+        <Property name="cas.log.dir" >.</Property>
+        <!-- To see more CAS specific logging, adjust this property to info or debug or run server with -Dcas.log.leve=debug -->
+        <Property name="cas.log.level" >warn</Property>
+    </Properties>
+    <Appenders>
+        <Console name="console" target="SYSTEM_OUT">
+            <PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
+        </Console>
+        <RollingFile name="file" fileName="${sys:cas.log.dir}/cas.log" append="true"
+                     filePattern="${sys:cas.log.dir}/cas-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+        <RollingFile name="auditlogfile" fileName="${sys:cas.log.dir}/cas_audit.log" append="true"
+                     filePattern="${sys:cas.log.dir}/cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%d %p [%c] - %m%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+
+        <RollingFile name="perfFileAppender" fileName="${sys:cas.log.dir}/perfStats.log" append="true"
+                     filePattern="${sys:cas.log.dir}/perfStats-%d{yyyy-MM-dd-HH}-%i.log">
+            <PatternLayout pattern="%m%n"/>
+            <Policies>
+                <OnStartupTriggeringPolicy />
+                <SizeBasedTriggeringPolicy size="10 MB"/>
+                <TimeBasedTriggeringPolicy />
+            </Policies>
+        </RollingFile>
+
+        <CasAppender name="casAudit">
+            <AppenderRef ref="auditlogfile" />
+        </CasAppender>
+        <CasAppender name="casFile">
+            <AppenderRef ref="file" />
+        </CasAppender>
+        <CasAppender name="casConsole">
+            <AppenderRef ref="console" />
+        </CasAppender>
+        <CasAppender name="casPerf">
+            <AppenderRef ref="perfFileAppender" />
+        </CasAppender>
+    </Appenders>
+    <Loggers>
+        <!-- If adding a Logger with level set higher than warn, make category as selective as possible -->
+        <!-- Loggers inherit appenders from Root Logger unless additivity is false -->
+        <AsyncLogger name="org.apereo" level="${sys:cas.log.level}" includeLocation="true"/>
+        <AsyncLogger name="org.apereo.services.persondir" level="${sys:cas.log.level}" includeLocation="true"/>
+        <AsyncLogger name="org.apereo.cas.web.flow" level="info" includeLocation="true"/>
+        <AsyncLogger name="org.apache" level="warn" />
+        <AsyncLogger name="org.apache.http" level="error" />
+        <AsyncLogger name="org.springframework" level="warn" />
+        <AsyncLogger name="org.springframework.cloud.server" level="warn" />
+        <AsyncLogger name="org.springframework.cloud.client" level="warn" />
+        <AsyncLogger name="org.springframework.cloud.bus" level="warn" />
+        <AsyncLogger name="org.springframework.aop" level="warn" />
+        <AsyncLogger name="org.springframework.boot" level="warn" />
+        <AsyncLogger name="org.springframework.boot.actuate.autoconfigure" level="warn" />
+        <AsyncLogger name="org.springframework.webflow" level="warn" />
+        <AsyncLogger name="org.springframework.session" level="warn" />
+        <AsyncLogger name="org.springframework.amqp" level="error" />
+        <AsyncLogger name="org.springframework.integration" level="warn" />
+        <AsyncLogger name="org.springframework.messaging" level="warn" />
+        <AsyncLogger name="org.springframework.web" level="warn" />
+        <AsyncLogger name="org.springframework.orm.jpa" level="warn" />
+        <AsyncLogger name="org.springframework.scheduling" level="warn" />
+        <AsyncLogger name="org.springframework.context.annotation" level="error" />
+        <AsyncLogger name="org.springframework.boot.devtools" level="error" />
+        <AsyncLogger name="org.springframework.web.socket" level="warn" />
+        <AsyncLogger name="org.thymeleaf" level="warn" />
+        <AsyncLogger name="org.pac4j" level="warn" />
+        <AsyncLogger name="org.opensaml" level="warn"/>
+        <AsyncLogger name="net.sf.ehcache" level="warn" />
+        <AsyncLogger name="com.couchbase" level="warn" includeLocation="true"/>
+        <AsyncLogger name="com.ryantenney.metrics" level="warn" />
+        <AsyncLogger name="net.jradius" level="warn" />
+        <AsyncLogger name="org.openid4java" level="warn" />
+        <AsyncLogger name="org.ldaptive" level="warn" />
+        <AsyncLogger name="com.hazelcast" level="warn" />
+        <AsyncLogger name="org.jasig.spring" level="warn" />
+
+        <!-- Log perf stats only to perfStats.log -->
+        <AsyncLogger name="perfStatsLogger" level="info" additivity="false" includeLocation="true">
+            <AppenderRef ref="casPerf"/>
+        </AsyncLogger>
+
+        <!-- Log audit to all root appenders, and also to audit log (additivity is not false) -->
+        <AsyncLogger name="org.apereo.inspektr.audit.support" level="info" includeLocation="true" >
+            <AppenderRef ref="casAudit"/>
+        </AsyncLogger>
+
+        <!-- All Loggers inherit appenders specified here, unless additivity="false" on the Logger -->
+        <AsyncRoot level="warn">
+            <AppenderRef ref="casFile"/>
+            <!--
+                 For deployment to an application server running as service,
+                 delete the casConsole appender below
+            -->
+            <AppenderRef ref="casConsole"/>
+        </AsyncRoot>
+    </Loggers>
+</Configuration>

rootfs/etc/cas/services/Everything-1.json

@@ -0,0 +1,12 @@
+{
+  "@class" : "org.apereo.cas.services.RegexRegisteredService",
+  "serviceId" : ".*",
+  "name" : "Everything",
+  "id" : 1,
+  "description" : "Everything is accepted by this definition.",
+  "evaluationOrder" : 1,
+  "proxyPolicy" : {
+    "@class" : "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
+    "pattern": "^https?://.*"
+  }
+}

rootfs/etc/cas/services/wiki-1686237855.json

@@ -0,0 +1,6 @@
+{
+  "@class" : "org.apereo.cas.services.CasRegisteredService",
+  "serviceId" : "^(https?|imaps?|http?)://host.docker.internal:3000.*",
+  "name" : "wiki",
+  "id" : 1675427745
+}