Simple Docker Deployment - GluuFederation/gluu-docker GitHub Wiki

This is an example deployment mechanism as a proof of concept. It is not a sustainable build (there are no persistent volumes for data) and should not be taken as such. For demo purposes only. Please see a more stable stand-alone deployment option, which handles persistence better.

Installing Docker

Refer to https://docs.docker.com/install/linux/docker-ce/ubuntu/ for installing Docker CE in Ubuntu.

Deploying Containers

Get the IP address of the machine and save it as environment variable for later use:

export IPADDR=$(ip route get 1 | awk '{print $NF;exit}')
  1. Deploy consul container:

    docker run -d \
        --name consul \
        --net=host \
        consul agent \
        -server \
        -bind=$IPADDR \
        -retry-join=$IPADDR \
        -bootstrap \
        -client=$IPADDR \
        -ui
    
  2. Generate initial cluster configuration:

    docker run --rm \
        gluufederation/config-init:3.1.2_dev \
        generate \
        --kv-host $IPADDR \
        --ldap-type opendj \
        --domain ${hostname} \
        --admin-pw ${password} \
        --org-name 'Gluu Inc.' \
        --country-code US \
        --state TX \
        --city Austin \
        --email [email protected] 
    

    NOTE, if domain is not publicly available, add it to the /etc/hosts file.

  3. Deploy OpenDJ container:

    docker run -d \
        --name opendj-init \
        -e GLUU_KV_HOST=$IPADDR \
        -e GLUU_LDAP_INIT=true \
        -e GLUU_LDAP_INIT_HOST=$IPADDR \
        -e GLUU_LDAP_INIT_PORT=1636 \
        -p 1636:1636 \
        -p 8989:8989 \
        -p 4444:4444 \
        gluufederation/opendj:3.1.2_dev
    

    Note that this will take some time and it's necessary for this to finish before you can continue. Track it with docker logs -f opendj-init until you get "The Directory Server has started successfully" notification.

  4. Deploy oxAuth container:

    docker run -d \
        --name oxauth \
        -e GLUU_KV_HOST=$IPADDR \
        -e GLUU_LDAP_URL=$IPADDR:1636 \
        -p 8081:8080 \
        gluufederation/oxauth:3.1.2_dev
    
  5. Deploy nginx container:

    docker run -d \
        --name nginx \
        -e GLUU_KV_HOST=$IPADDR \
        -e GLUU_OXAUTH_BACKEND=$IPADDR:8081 \
        -e GLUU_OXTRUST_BACKEND=$IPADDR:8082 \
        -e GLUU_OXSHIBBOLETH_BACKEND=$IPADDR:8086 \
        -e GLUU_OXPASSPORT_BACKEND=$IPADDR:8090 \
        -p 80:80 \
        -p 443:443 \
        gluufederation/nginx:3.1.2_dev
    
  6. Deploy oxTrust container:

    docker run -d \
        --name oxtrust \
        -e GLUU_KV_HOST=$IPADDR \
        -e GLUU_LDAP_URL=$IPADDR:1636 \
        -e GLUU_OXTRUST_CONFIG_GENERATION=true \
        -v /tmp/shared-shibboleth-idp:/opt/shared-shibboleth-idp \
        --add-host=${hostname}:$IPADDR \
        -p 8082:8080 \
        gluufederation/oxtrust:3.1.2_dev
    

    This will deploy an oxTrust container with a volume mapped to /tmp/shared-shibboleth-idp for use with the oxShibboleth container as well as create all the necessary configuration files.

  7. (Optional) Deploy oxPassport container:

    docker run -d \
        --name oxpassport \
        -e GLUU_KV_HOST=$IPADDR \
        --add-host=${hostname}:$IPADDR \
        -p 8090:8090 \
        gluufederation/oxpassport:3.1.2_dev
    
  8. (Optional) Deploy oxShibboleth container:

    docker run -d \
        --name oxshibboleth \
        -e GLUU_KV_HOST=$IPADDR \
        -e GLUU_KV_PORT=8500 \
        -e GLUU_LDAP_URL=$IPADDR:1636 \
        -v /tmp/shared-shibboleth-idp:/opt/shared-shibboleth-idp \
        -p 8086:8080 \
        gluufederation/oxshibboleth:3.1.2_dev
    
  9. Open the browser, visit https://${hostname}/ to log in to oxTrust.