local mount, profiles and new docs

.gitignore

@@ -17,3 +17,7 @@ example/private/*
 example_sp/djangosaml2_sp/sqlite3.db
 project/*
 docker-example/*
+Docker-compose/satosa-project/*
+Docker-compose/djangosaml2_sp/*
+Docker-compose/mongo/db/*
+Docker-compose/nginx/html/static/*

Docker-compose/.env.example

@@ -1,5 +1,8 @@
 SATOSA_HOSTNAME=localhost
 
+# Set Time Zone
+TZ="Europe/Rome"
+
 # MongoDB authentication
 MONGO_DBUSER=satosa
 MONGO_DBPASSWORD=thatpassword
@@ -8,7 +11,7 @@ MONGO_DBPASSWORD=thatpassword
 SATOSA_KEYS_FOLDER=./pki
 # Keys filename
 SATOSA_PRIVATE_KEY_FILENAME=privkey.pem
-SATOSA_PUBLIC_KEY=cert.pem
+SATOSA_PUBLIC_KEY_FILENAME=cert.pem
 
 # BE CAREFUL HERE!
 SATOSA_SALT=CHANGE_ME!

Docker-compose/docker-compose.yml

@@ -1,55 +1,62 @@
-version: '3'
 services:
   satosa-mongo:
+    profiles:
+      - demo
+      - mongo
+      - mongoexpress
     image: mongo
     container_name: satosa-mongo
-    restart: always
     environment:
       MONGO_INITDB_DATABASE: oidcop
       MONGO_INITDB_ROOT_USERNAME: "${MONGO_DBUSER:-satosa}"
       MONGO_INITDB_ROOT_PASSWORD: "${MONGO_DBPASSWORD:-thatpassword}"
+      TZ: "${TZ:-Europe/Rome}"
     volumes:
-      - mongodata:/data/db
-      - /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
+      - ./mongo/db:/data/db
       - ./mongo/init-mongo.sh:/docker-entrypoint-initdb.d/init-mongo.sh
+      # - mongodata:/data/db # to be used for external volumes
     ports:
       - '27017-27019:27017-27019'
     networks:
       - satosa-saml2spid
 
   satosa-mongo-express:
+    profiles:
+      - demo
+      - mongoexpress
     image: mongo-express
     container_name: satosa-mongo-express
-    restart: always
     ports:
       - 8082:8081
+    depends_on:
+      - satosa-mongo
     environment:
       ME_CONFIG_BASICAUTH_USERNAME: satosauser
       ME_CONFIG_BASICAUTH_PASSWORD: satosapw
       ME_CONFIG_MONGODB_ADMINUSERNAME: "${MONGO_DBUSER:-satosa}"
       ME_CONFIG_MONGODB_ADMINPASSWORD: "${MONGO_DBPASSWORD:-thatpassword}"
       ME_CONFIG_MONGODB_URL: mongodb://${MONGO_DBUSER:-satosa}:${MONGO_DBPASSWORD:-thatpassword}@satosa-mongo:27017/
+      : "${TZ:-Europe/Rome}"
     networks:
       - satosa-saml2spid
-  ## START: PARTE NUOVA
   django_sp:
+    profiles:
+      - demo
+      - dev
     build: 
-        context: ../      
+        context: ../
         args: 
-            - NODE_ENV=local        
+            - NODE_ENV=local
         dockerfile: example_sp/django.Dockerfile
     container_name: django_sp
-    #restart: always
     working_dir: /django_sp
     entrypoint: "sh ../entrypoint.sh"
     volumes:
-       - /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
-       - ../example_sp/djangosaml2_sp:/django_sp:rw
+       - ./djangosaml2_sp:/django_sp:rw
     ports:
       - "8000:8000"
     networks:
       - satosa-saml2spid
-## END: PARTE NUOVA
   satosa-saml2spid:
     image: ghcr.io/italia/satosa-saml2spid:latest
     #image: satosa-saml2spid:latest
@@ -59,17 +66,18 @@ services:
     #        - NODE_ENV=local        
     #    dockerfile: Dockerfile
     container_name: satosa-saml2spid
-    depends_on:
-      - satosa-mongo
+    # depends_on:
+    #  - satosa-mongo
     stdin_open: ${SATOSA_DEBUG:-false}   # enables PDB when attach to the compose
     tty: ${SATOSA_DEBUG:-false}   # enables PDB when attach to the compose
     environment:
+      - TZ=${TZ:-Europe/Rome}
       - SATOSA_BY_DOCKER=1
       - GET_IDEM_MDQ_KEY=${GET_IDEM_MDQ_KEY:-true}
 
       - BASE_DIR=/satosa_proxy
       - SATOSA_PRIVATE_KEY=${SATOSA_KEYS_FOLDER:-./pki}/${SATOSA_PRIVATE_KEY_FILENAME:-privkey.pem}
-      - SATOSA_PUBLIC_KEY=${SATOSA_KEYS_FOLDER:-./pki}/${SATOSA_CERT_FILENAME:-cert.pem}
+      - SATOSA_PUBLIC_KEY=${SATOSA_KEYS_FOLDER:-./pki}/${SATOSA_PUBLIC_KEY_FILENAME:-cert.pem}
       - SATOSA_BASE=https://${SATOSA_HOSTNAME:-localhost}
       - SATOSA_BASE_STATIC=https://${SATOSA_HOSTNAME:-localhost}/static
       - SATOSA_DISCO_SRV=https://${SATOSA_HOSTNAME:-localhost}/static/disco.html
@@ -110,8 +118,8 @@ services:
     ports:
       - "10000:10000"
     volumes:
-       - /usr/share/zoneinfo/Europe/Rome:/etc/localtime:ro
-       - ../docker-example:/satosa_proxy:rw
+      - ./satosa-project:/satosa_proxy:rw
+      # - satosadata:/satosa_proxy # to be used for external volumes
     working_dir: /satosa_proxy
     entrypoint: "sh entrypoint.sh"
     networks:
@@ -129,38 +137,42 @@ services:
     depends_on:
       - satosa-saml2spid
     ports:
-      - "80:80"
       - "443:443"
     volumes:
-      - ./nginx/nginx.conf_uwsgi_pass:/etc/nginx/nginx.conf:ro
-      - ./nginx/50x.html:/usr/share/nginx/html/50x.html:ro
-      - ./nginx/404.html:/usr/share/nginx/html/404.html:ro
-      - ./nginx/403.html:/usr/share/nginx/html/403.html:ro
-      - nginx_certs:/etc/nginx/certs:ro
-      - ../docker-example/static:/var/www/html
+      - ./nginx/conf.d:/etc/nginx/conf.d:ro
+      - ./nginx/html:/usr/share/nginx/html:ro
+      - ./nginx/certs:/etc/nginx/certs:ro
+      # - static:/usr/share/nginx/html # to be used for external volumes
     networks:
       - satosa-saml2spid
     environment:
       - NGINX_HOST=${SATOSA_HOSTNAME:-localhost}
 
   spid-samlcheck:
+    profiles:
+      - demo
+      - dev
     image: italia/spid-saml-check
     container_name: spid-samlcheck
     ports:
       - "8443:8443"
     networks:
       - satosa-saml2spid
-
-volumes:
-
-  mongodata:
-    name: satosa-saml2spid_mongodata
-    external: true
-
-  nginx_certs:
-    name: satosa-saml2spid_nginx_certs
-    external: true
-
 networks:
   satosa-saml2spid:
     name: satosa-saml2spid
+
+## External volumes 
+# volumes:
+#   mongodata:
+#     name: satosa-saml2spid_mongodata
+#     external: true
+#   nginx_certs:
+#     name: satosa-saml2spid_nginx_certs
+#     external: true
+#   satosadata:
+#     name: satosa-data
+#     external: true
+#   static:
+#     name: satosa-static
+#     external: true

Docker-compose/nginx/conf.d/default.conf

@@ -0,0 +1,57 @@
+server {
+    listen 443 ssl;
+    server_name  $NGINX_HOST;
+    ssl_protocols TLSv1.3;
+    ssl_certificate /etc/nginx/certs/proxy_local.pem;
+    ssl_certificate_key /etc/nginx/certs/proxy_local.key;
+
+    # max upload size
+    client_max_body_size 10m;
+
+    # very long url for delega ticket
+    large_client_header_buffers 4 16k;
+
+    # deny iFrame
+    add_header X-Frame-Options "DENY";
+
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+
+    root /usr/share/nginx/html;
+    try_files $uri/index.html $uri @satosa;
+
+    location @satosa {
+      include /etc/nginx/uwsgi_params;
+
+      uwsgi_pass satosa-saml2spid:10000;
+      uwsgi_param Host $host;
+      uwsgi_param X-Real-IP $remote_addr;
+      uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
+      uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
+      uwsgi_param HTTP_X_FORWARDED_PROTOCOL https;
+
+      uwsgi_connect_timeout 75s;
+      uwsgi_read_timeout 40;
+      uwsgi_buffer_size          128k;
+      uwsgi_buffers              4 256k;
+      uwsgi_busy_buffers_size    256k;
+      uwsgi_param SERVER_ADDR $server_addr;
+    }
+
+    error_page 404 /404.html;
+    location = /404.html {
+        root   /usr/share/nginx/html/errors;
+    }
+
+    error_page 403 /403.html;
+    location = /403.html {
+        root   /usr/share/nginx/html/errors;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    error_page 500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html/errors;
+    }
+}

Docker-compose/nginx/html/index.html

@@ -0,0 +1,4 @@
+<html>
+  <head></head>
+  <body></body>
+</html>