Adding keys to persistent volume

3 files changed, 19 insertions, 4 deletions

diff --git a/.gitignore b/.gitignore
index e43b0f9..cb6aaa7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .DS_Store
+metadata/
diff --git a/README.md b/README.md
index 5b05ebc..a712d04 100755
--- a/README.md
+++ b/README.md
@@ -65,6 +65,10 @@ hlk@bujin:hlk$ cat /etc/hosts
 
 Then you should be able to go to: https://sp.nordu.dev/secure/
 
+Getting metadata out from the Apache SP
+```
+ curl -k https://sp.nordu.dev/Shibboleth.sso/Metadata > sp-metadata.xml
+```
 
 # Resources
 Links from Jesper Rosenkilde
@@ -156,6 +160,12 @@ StaticPKIXX509Credential
 
 # Other Links
 
+http://www.jeesty.com/shibboleth
+Description of how Shibd works with Apache
+
+
+https://github.com/nginx-shib/nginx-http-shibboleth
+Maybe a working Nginx with Shibb?
 
 https://shibboleth.net/products/metadata-aggregator.html
 Metadata Aggregator provides a command line tool and REST-based web service to support publishers and consumers of metadata.
diff --git a/apache-sp/entrypoint.sh b/apache-sp/entrypoint.sh
index a552c6c..c61f369 100644
--- a/apache-sp/entrypoint.sh
+++ b/apache-sp/entrypoint.sh
@@ -5,12 +5,16 @@
 echo "Starting $0"
 
 # Setup ssl keys
+METADATADIR=/metadata
 KEYDIR=/etc/ssl
-export KEYDIR
+export KEYDIR METADATA
+if [ ! -f "$METADATADIR/apache-sp/sp-key.pem" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then
+   mkdir $METADATADIR/apache-sp > /dev/null 2>&1
+   shib-keygen -o $METADATADIR/apache-sp -h $SP_HOSTNAME #2>/dev/null
+fi
 if [ ! -f "$KEYDIR/private/shibsp.key" -o ! -f "$KEYDIR/certs/shibsp.crt" ]; then
-   shib-keygen -o /tmp -h $SP_HOSTNAME #2>/dev/null
-   mv /tmp/sp-key.pem "$KEYDIR/private/shibsp.key"
-   mv /tmp/sp-cert.pem "$KEYDIR/certs/shibsp.crt"
+   cp $METADATADIR/apache-sp/sp-key.pem "$KEYDIR/private/shibsp.key"
+   cp $METADATADIR/apache-sp/sp-cert.pem "$KEYDIR/certs/shibsp.crt"
 fi
 
 if [ ! -f "$KEYDIR/private/${SP_HOSTNAME}.key" -o ! -f "$KEYDIR/certs/${SP_HOSTNAME}.crt" ]; then