FIX simplesamlphp sp can't bind to port 80 in kube

ionparticle · ionparticle · commit 520d97463ae8 · 2024-07-17T10:33:27.000-07:00
Only happened when I tried to deploy on kubernetes. Might be because
we're running as www-data and not root, so it doesn't have permission.
This wasn't an issue with docker compose because local docker apparently
treats all ports as unprivileged.

Changed the sp port to 8080, this is mainly apache configuration and
adjusting traefik.
diff --git a/LocalSettings.php b/LocalSettings.php
@@ -640,6 +640,7 @@ function loadenv($envName, $default = "") {
             'realNameAttribute' => 'urn:oid:2.16.840.1.113730.3.1.241',
             # mail attribute, email address
             'emailAttribute' => 'urn:oid:0.9.2342.19200300.100.1.3',
+            # UBCAuth required attributes:
             # eduPersonAffiliation, an array of (staff, student, faculty, etc)
             'eduPersonAffiliationAttribute' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.1',
             # non-standard attributes, uncertain OIDs
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -54,7 +54,7 @@ services:
       - "traefik.enable=true"
       - "traefik.http.routers.sp.rule=PathPrefix(`/_saml2`)"
       - "traefik.http.routers.sp.entrypoints=wiki"
-      - "traefik.http.services.sp.loadBalancer.server.port=80"
+      - "traefik.http.services.sp.loadBalancer.server.port=8080"
   web: &app
     #image: ubcctlt/mediawiki
     build: .
diff --git a/docker/simplesamlphp/sp/Dockerfile.sp b/docker/simplesamlphp/sp/Dockerfile.sp
@@ -33,10 +33,13 @@ RUN composer install && \
 COPY config/ config/
 
 COPY apache.conf /etc/apache2/sites-available/000-default.conf
+COPY ports.conf /etc/apache2/ports.conf
 
 # copy our custom entrypoint
 COPY custom-entrypoint /usr/local/bin/
 
+EXPOSE 8080
+
 # The wiki extension expects the simplesamlphp SP to be installed on the same
 # server and will import modules from the running SP. But we want the SP to run
 # in its own container. The only way the wiki container will be able to access
diff --git a/docker/simplesamlphp/sp/apache.conf b/docker/simplesamlphp/sp/apache.conf
@@ -1,4 +1,4 @@
-<VirtualHost *:80>
+<VirtualHost *:8080>
 	# The ServerName directive sets the request scheme, hostname and port that
 	# the server uses to identify itself. This is used when creating
 	# redirection URLs. In the context of virtual hosts, the ServerName
diff --git a/docker/simplesamlphp/sp/ports.conf b/docker/simplesamlphp/sp/ports.conf
@@ -0,0 +1,15 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 8080
+
+<IfModule ssl_module>
+	Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+	Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<VirtualHost *:80>`
	`1`	`+<VirtualHost *:8080>`
`2`	`2`	`# The ServerName directive sets the request scheme, hostname and port that`
`3`	`3`	`# the server uses to identify itself. This is used when creating`
`4`	`4`	`# redirection URLs. In the context of virtual hosts, the ServerName`