Merge pull request #5 from aservo/fix/default_hostname_for_containers

Fix / default hostname for containers
aservo · Jan 9, 2023 · 2daa63e · 2daa63e
2 parents 1589008 + d33e8f6
commit 2daa63e
Show file tree

Hide file tree

Showing 18 changed files with 84 additions and 81 deletions.
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -2,4 +2,8 @@
 
 set -euo pipefail
 
+if [[ -z "${SERVER_HOSTNAME:-}" ]]; then
+  export SERVER_HOSTNAME="0.0.0.0"
+fi
+
 exec "$@"
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "private": true,
   "name": "central-saml-logout",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "A dedicated service to perform a SAML 2.0 Single Logout (SLO)",
   "license": "Apache License, Version 2.0",
   "homepage": "https://github.com/aservo/central-saml-logout#readme",

diff --git a/test/services/central-saml-logout/docker-start.sh b/test/services/central-saml-logout/docker-start.sh
@@ -8,10 +8,10 @@ docker run \
   --net=host \
   --env 'SERVER_HOSTNAME=0.0.0.0' \
   --env 'SERVER_PORT=8191' \
-  --env 'BASE_URL=http://localhost:8181/slo' \
+  --env 'BASE_URL=http://127.0.0.1:8181/slo' \
   --env 'PATH_PREFIX=/app-prefix' \
-  --env 'IDP_METADATA=http://localhost:8190/realms/master/protocol/saml/descriptor' \
-  --env 'COOKIES_TO_CLEAR=[{"domain":"localhost","name":"central-saml-logout-session-client-prefix"}]' \
+  --env 'IDP_METADATA=http://127.0.0.1:8190/realms/master/protocol/saml/descriptor' \
+  --env 'COOKIES_TO_CLEAR=[{"domain":"127.0.0.1","name":"central-saml-logout-session-client-prefix"}]' \
   central-saml-logout:latest
 
 docker run \
@@ -20,13 +20,13 @@ docker run \
   --net=host \
   --env 'SERVER_HOSTNAME=0.0.0.0' \
   --env 'SERVER_PORT=8192' \
-  --env 'BASE_URL=http://localhost:8182/slo' \
+  --env 'BASE_URL=http://127.0.0.1:8182/slo' \
   --env 'PATH_PREFIX=/app-prefix' \
-  --env 'IDP_METADATA=http://localhost:8190/realms/master/protocol/saml/descriptor' \
-  --env 'COOKIES_TO_CLEAR=[{"domain":"localhost","name":"central-saml-logout-session-client-prefix"}]' \
+  --env 'IDP_METADATA=http://127.0.0.1:8190/realms/master/protocol/saml/descriptor' \
+  --env 'COOKIES_TO_CLEAR=[{"domain":"127.0.0.1","name":"central-saml-logout-session-client-prefix"}]' \
   central-saml-logout:latest
 
-while ! nc -z localhost 8191 || ! nc -z localhost 8192; do
+while ! nc -z 127.0.0.1 8191 || ! nc -z 127.0.0.1 8192; do
   echo "Waiting 5 seconds for application instances to come up."
   sleep 5
 done

diff --git a/test/services/keycloak/docker-start.sh b/test/services/keycloak/docker-start.sh
@@ -6,12 +6,12 @@ docker run \
   --name keycloak-slo-test-container \
   --detach \
   --net=host \
-  --env "HTTP_PORT=8190" \
+  --env "KC_HTTP_PORT=8190" \
   --env "KEYCLOAK_ADMIN=admin" \
   --env "KEYCLOAK_ADMIN_PASSWORD=password" \
   slo-with-keycloak-test:latest
 
-while ! nc -z localhost 8190; do
+while ! nc -z 127.0.0.1 8190; do
   echo "Waiting 5 seconds for Keycloak to come up."
   sleep 5
 done

diff --git a/test/services/keycloak/docker/realms/realm-export.json b/test/services/keycloak/docker/realms/realm-export.json
@@ -4,18 +4,18 @@
   "clients": [
     {
       "id": "f64e4da3-d5c1-4ded-bd90-53afca9cc6bf",
-      "clientId": "http://localhost:8181/slo/app-prefix/login/callback",
+      "clientId": "http://127.0.0.1:8181/slo/app-prefix/login/callback",
       "name": "slo app 8181",
       "description": "",
-      "rootUrl": "http://localhost:8181/slo/app-prefix",
-      "adminUrl": "http://localhost:8181/slo/app-prefix/login/callback",
+      "rootUrl": "http://127.0.0.1:8181/slo/app-prefix",
+      "adminUrl": "http://127.0.0.1:8181/slo/app-prefix/login/callback",
       "baseUrl": "",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "http://localhost:8181/slo/app-prefix/*"
+        "http://127.0.0.1:8181/slo/app-prefix/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -61,18 +61,18 @@
     },
     {
       "id": "7bae782f-9563-4dbb-a714-3328ee35245b",
-      "clientId": "http://localhost:8182/slo/app-prefix/login/callback",
+      "clientId": "http://127.0.0.1:8182/slo/app-prefix/login/callback",
       "name": "slo app 8182",
       "description": "",
-      "rootUrl": "http://localhost:8182/slo/app-prefix",
-      "adminUrl": "http://localhost:8182/slo/app-prefix/login/callback",
+      "rootUrl": "http://127.0.0.1:8182/slo/app-prefix",
+      "adminUrl": "http://127.0.0.1:8182/slo/app-prefix/login/callback",
       "baseUrl": "",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "http://localhost:8182/slo/app-prefix/*"
+        "http://127.0.0.1:8182/slo/app-prefix/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -117,18 +117,18 @@
     },
     {
       "id": "cb784ffe-94f6-4dbf-a6a5-36a83296d05e",
-      "clientId": "http://localhost:8183/test-client/client-prefix/login/callback",
+      "clientId": "http://127.0.0.1:8183/test-client/client-prefix/login/callback",
       "name": "test client 8183",
       "description": "",
-      "rootUrl": "http://localhost:8183/test-client/client-prefix",
-      "adminUrl": "http://localhost:8183/test-client/client-prefix/login/callback",
+      "rootUrl": "http://127.0.0.1:8183/test-client/client-prefix",
+      "adminUrl": "http://127.0.0.1:8183/test-client/client-prefix/login/callback",
       "baseUrl": "",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "http://localhost:8183/test-client/client-prefix/*"
+        "http://127.0.0.1:8183/test-client/client-prefix/*"
       ],
       "webOrigins": [],
       "notBefore": 0,
@@ -174,18 +174,18 @@
     },
     {
       "id": "b250b858-edfb-4a40-8cb5-ac373753b812",
-      "clientId": "http://localhost:8184/test-client/client-prefix/login/callback",
+      "clientId": "http://127.0.0.1:8184/test-client/client-prefix/login/callback",
       "name": "test client 8184",
       "description": "",
-      "rootUrl": "http://localhost:8184/test-client/client-prefix",
-      "adminUrl": "http://localhost:8184/test-client/client-prefix/login/callback",
+      "rootUrl": "http://127.0.0.1:8184/test-client/client-prefix",
+      "adminUrl": "http://127.0.0.1:8184/test-client/client-prefix/login/callback",
       "baseUrl": "",
       "surrogateAuthRequired": false,
       "enabled": true,
       "alwaysDisplayInConsole": false,
       "clientAuthenticatorType": "client-secret",
       "redirectUris": [
-        "http://localhost:8184/test-client/client-prefix/*"
+        "http://127.0.0.1:8184/test-client/client-prefix/*"
       ],
       "webOrigins": [],
       "notBefore": 0,

diff --git a/test/services/keycloak/docker/start.sh b/test/services/keycloak/docker/start.sh
@@ -11,6 +11,5 @@ fi
 /opt/keycloak/bin/kc.sh start-dev \
   --auto-build \
   --http-enabled=true \
-  --http-port="$HTTP_PORT" \
   --hostname-strict=false \
   --hostname-strict-https=false
diff --git a/test/services/proxy/docker-start.sh b/test/services/proxy/docker-start.sh
@@ -16,7 +16,7 @@ docker run \
   --env "PROXY=nginx" \
   slo-with-proxy-test:latest
 
-while ! nc -z localhost 8181 || ! nc -z localhost 8182 || ! nc -z localhost 8183 || ! nc -z localhost 8184; do
+while ! nc -z 127.0.0.1 8181 || ! nc -z 127.0.0.1 8182 || ! nc -z 127.0.0.1 8183 || ! nc -z 127.0.0.1 8184; do
   echo "Waiting 5 seconds for the proxy servers to come up."
   sleep 5
 done

diff --git a/test/services/proxy/docker/proxy.conf.apache2.txt b/test/services/proxy/docker/proxy.conf.apache2.txt
@@ -1,20 +1,20 @@
 Listen 8181
 Listen 8183
-ServerName localhost
+ServerName 127.0.0.1
 
 <VirtualHost *:8181>
 
     ProxyRequests Off
 
-    ServerName localhost
+    ServerName 127.0.0.1
 
     <Proxy *>
         Order deny,allow
         Allow from all
     </Proxy>
 
-    ProxyPass /slo http://localhost:8191
-    ProxyPassReverse /slo http://localhost:8191
+    ProxyPass /slo http://127.0.0.1:8191
+    ProxyPassReverse /slo http://127.0.0.1:8191
 
 </VirtualHost>
 
@@ -23,20 +23,20 @@ ServerName localhost
     ProxyRequests Off
     RewriteEngine on
 
-    ServerName localhost
+    ServerName 127.0.0.1
 
     Header set Access-Control-Allow-Credentials "true"
     Header set Access-Control-Allow-Headers "Set-Cookie"
-    Header set Access-Control-Allow-Origin "http://localhost:8181"
+    Header set Access-Control-Allow-Origin "http://127.0.0.1:8181"
 
-    RewriteRule ^/test-client/client-prefix/logout/local$ "http://localhost:8181/slo/app-prefix/logout?http://localhost:8183/test-client/client-prefix/status" [R=302,L]
+    RewriteRule ^/test-client/client-prefix/logout/local$ "http://127.0.0.1:8181/slo/app-prefix/logout?http://127.0.0.1:8183/test-client/client-prefix/status" [R=302,L]
 
     <Proxy *>
         Order deny,allow
         Allow from all
     </Proxy>
 
-    ProxyPass /test-client http://localhost:8193
-    ProxyPassReverse /test-client http://localhost:8193
+    ProxyPass /test-client http://127.0.0.1:8193
+    ProxyPassReverse /test-client http://127.0.0.1:8193
 
 </VirtualHost>
diff --git a/test/services/proxy/docker/proxy.conf.nginx.txt b/test/services/proxy/docker/proxy.conf.nginx.txt
@@ -7,7 +7,7 @@ server {
 
     location ~ ^/slo/ {
         rewrite ^/slo/(.*)$ /$1 break;
-        proxy_pass http://localhost:8192;
+        proxy_pass http://127.0.0.1:8192;
     }
 }
 
@@ -20,14 +20,14 @@ server {
 
     add_header Access-Control-Allow-Credentials true;
     add_header Access-Control-Allow-Headers Set-Cookie;
-    add_header Access-Control-Allow-Origin http://localhost:8182;
+    add_header Access-Control-Allow-Origin http://127.0.0.1:8182;
 
     location ~ ^/test-client/client-prefix/logout/local$ {
-         return 302 http://localhost:8182/slo/app-prefix/logout?http://localhost:8184/test-client/client-prefix/status;
+         return 302 http://127.0.0.1:8182/slo/app-prefix/logout?http://127.0.0.1:8184/test-client/client-prefix/status;
     }
 
 	location ~ ^/test-client/ {
 	    rewrite ^/test-client/(.*)$ /$1 break;
-        proxy_pass http://localhost:8194;
+        proxy_pass http://127.0.0.1:8194;
 	}
 }
diff --git a/test/services/test-client/docker-start.sh b/test/services/test-client/docker-start.sh
@@ -8,9 +8,9 @@ docker run \
   --net=host \
   --env 'SERVER_HOSTNAME=0.0.0.0' \
   --env 'SERVER_PORT=8193' \
-  --env 'BASE_URL=http://localhost:8183/test-client' \
+  --env 'BASE_URL=http://127.0.0.1:8183/test-client' \
   --env 'PATH_PREFIX=/client-prefix' \
-  --env 'IDP_METADATA=http://localhost:8190/realms/master/protocol/saml/descriptor' \
+  --env 'IDP_METADATA=http://127.0.0.1:8190/realms/master/protocol/saml/descriptor' \
   central-saml-logout:latest
 
 docker run \
@@ -19,12 +19,12 @@ docker run \
   --net=host \
   --env 'SERVER_HOSTNAME=0.0.0.0' \
   --env 'SERVER_PORT=8194' \
-  --env 'BASE_URL=http://localhost:8184/test-client' \
+  --env 'BASE_URL=http://127.0.0.1:8184/test-client' \
   --env 'PATH_PREFIX=/client-prefix' \
-  --env 'IDP_METADATA=http://localhost:8190/realms/master/protocol/saml/descriptor' \
+  --env 'IDP_METADATA=http://127.0.0.1:8190/realms/master/protocol/saml/descriptor' \
   central-saml-logout:latest
 
-while ! nc -z localhost 8193 || ! nc -z localhost 8194; do
+while ! nc -z 127.0.0.1 8193 || ! nc -z 127.0.0.1 8194; do
   echo "Waiting 5 seconds for test clients to come up."
   sleep 5
 done

diff --git a/test/src/client-login-and-logout-via-apache2.test.js b/test/src/client-login-and-logout-via-apache2.test.js
@@ -2,15 +2,15 @@ describe('Use case: client login and logout via apache2', () => {
 
     it('should have an inactive session at the beginning', async () => {
 
-        await page.goto('http://localhost:8183/test-client/client-prefix/status');
+        await page.goto('http://127.0.0.1:8183/test-client/client-prefix/status');
 
         const content = await page.$eval('*', x => x.innerText);
         expect(content).toEqual('Session inactive');
     });
 
     it('should show the Keycloak login page', async () => {
 
-        await page.goto('http://localhost:8183/test-client/client-prefix/login');
+        await page.goto('http://127.0.0.1:8183/test-client/client-prefix/login');
 
         await expect(page.title()).resolves.toMatch('Sign in to master');
     });
@@ -29,23 +29,23 @@ describe('Use case: client login and logout via apache2', () => {
 
     it('should have an active session', async () => {
 
-        await page.goto('http://localhost:8183/test-client/client-prefix/status');
+        await page.goto('http://127.0.0.1:8183/test-client/client-prefix/status');
 
         const content = await page.$eval('*', x => x.innerText);
         expect(content).toEqual('Session active');
     });
 
     it('should be possible to logout via SLO directly', async () => {
 
-        await page.goto('http://localhost:8183/test-client/client-prefix/logout');
+        await page.goto('http://127.0.0.1:8183/test-client/client-prefix/logout');
 
         const content = await page.$eval('*', x => x.innerText);
         expect(content).toEqual('Logout was successful');
     });
 
     it('should have an inactive session again', async () => {
 
-        await page.goto('http://localhost:8183/test-client/client-prefix/status');
+        await page.goto('http://127.0.0.1:8183/test-client/client-prefix/status');
 
         const content = await page.$eval('*', x => x.innerText);
         expect(content).toEqual('Session inactive');

diff --git a/test/src/client-login-and-logout-via-nginx.test.js b/test/src/client-login-and-logout-via-nginx.test.js
@@ -2,15 +2,15 @@ describe('Use case: client login and logout via nginx', () => {
 
     it('should have an inactive session at the beginning', async () => {
 
-        await page.goto('http://localhost:8184/test-client/client-prefix/status');
+        await page.goto('http://127.0.0.1:8184/test-client/client-prefix/status');
 
         const content = await page.$eval('*', x => x.innerText);
         expect(content).toEqual('Session inactive');
     });
 
     it('should show the Keycloak login page', async () => {
 
-        await page.goto('http://localhost:8184/test-client/client-prefix/login');
+        await page.goto('http://127.0.0.1:8184/test-client/client-prefix/login');
 
         await expect(page.title()).resolves.toMatch('Sign in to master');
     });
@@ -29,23 +29,23 @@ describe('Use case: client login and logout via nginx', () => {
 
     it('should have an active session', async () => {
 
-        await page.goto('http://localhost:8184/test-client/client-prefix/status');
+        await page.goto('http://127.0.0.1:8184/test-client/client-prefix/status');
 
         const content = await page.$eval('*', x => x.innerText);
         expect(content).toEqual('Session active');
     });
 
     it('should be possible to logout via SLO directly', async () => {
 
-        await page.goto('http://localhost:8184/test-client/client-prefix/logout');
+        await page.goto('http://127.0.0.1:8184/test-client/client-prefix/logout');
 
         const content = await page.$eval('*', x => x.innerText);
         expect(content).toEqual('Logout was successful');
     });
 
     it('should have an inactive session again', async () => {
 
-        await page.goto('http://localhost:8184/test-client/client-prefix/status');
+        await page.goto('http://127.0.0.1:8184/test-client/client-prefix/status');
 
         const content = await page.$eval('*', x => x.innerText);
         expect(content).toEqual('Session inactive');