Question
Scott Roth · Oct 11, 2022

Community Edition Linux Setup

I am trying to get the Apache Web Gateway with Docker running on a development RHEL 8 machine so I do not have to config the Web Gateway and Apache apart from each other. I noticed the Apache Web Gateway docker image is using IRIS Community Edition. However when I try to run the docker image with podman I am running into issues with the IRIS setup. I was wondering if someone could help me. When I get the image to run I am seeing the following errors...

[iris]       | [ERROR] Required Linux capability cap_setuid is missing.
[iris]       | [ERROR] Required Linux capability cap_dac_override is missing.
[iris]       | [ERROR] Required Linux capability cap_fowner is missing.
[iris]       | [ERROR] Required Linux capability cap_setgid is missing.
[iris]       | [ERROR] Required Linux capability cap_kill is missing.
[iris]       | [FATAL] Your IRIS container is missing one or more required Linux capabilities.

it is using the iris-config.json that was in the image to launch IRIS

more iris-config.json
{
    "Security.SSLConfigs": {
        "%SuperServer": {
            "CAFile": "/usr/irissys/mgr/CA_Server.cer",
            "CertificateFile": "/usr/irissys/mgr/iris_server.cer",
            "Name": "%SuperServer",
            "PrivateKeyFile": "/usr/irissys/mgr/iris_server.key",
            "Type": "1",
            "VerifyPeer": 3
        }
    },
    "Security.System": {
        "SSLSuperServer":1
    },
    "Security.Services": {
        "%Service_WebGateway": {
            "ClientSystems": "172.16.238.50;127.0.0.1;172.16.238.20"
        }
    }
}
 

What could be missing that I can add to help the IRIS Community Edition run as part of the Docker for the Apache Web Gateway?

Product version: IRIS 2022.1
0
1 100
Discussion (2)1
Log in or sign up to continue

I have modified docker-compose.yml to include command: --check-caps false without any luck

[root@int-lxiris-vd02 docker-webgateway-sample]# more docker-compose.yml
version: '3.6'
services:

  webgateway:
    image: tls-ssl-webgateway
    command: --check-caps false
    container_name: tls-ssl-webgateway
    build:
      context: .
      dockerfile: Dockerfile
    networks:
      app_net:
        ipv4_address: 172.16.238.50
    ports:
      # change the local port already used on your system.
      - "80:80"
      - "443:443"
    environment:
      - IRIS_HOST=172.16.238.20
      - IRIS_PORT=1972
      # Replace by the list of ip address allowed to open the CSP system manager
      # https://localhost/csp/bin/Systems/Module.cxw
      - "SYSTEM_MANAGER=${LOCAL_IP}"
      # the list of web apps
      # /csp allow to the webgateway to redirect all request starting by /csp to the iris instance
      # You can specify a list separate by a space : "IRIS_WEBAPPS=/csp/sys /api /isc /swagger-ui"
      - "IRIS_WEBAPPS=/csp/sys"
    volumes:
      # Mount certificates files.
      - ./certificates/webgateway_client.cer:/opt/webgateway/bin/webgateway_client.cer
      - ./certificates/webgateway_client.key:/opt/webgateway/bin/webgateway_client.key
      - ./certificates/CA_Server.cer:/opt/webgateway/bin/CA_Server.cer
      - ~/webgateway-apache-certificates/apache_webgateway.cer:/etc/apache2/certificate/apache_webgateway.cer
      - ~/webgateway-apache-certificates/apache_webgateway.key:/etc/apache2/certificate/apache_webgateway.key
    hostname: webgateway
    command: ["--ssl"]

  iris:
    image: intersystemsdc/iris-community:latest
    command: --check-caps false
    container_name: tls-ssl-iris
    networks:
      app_net:
        ipv4_address: 172.16.238.20
    volumes:
      - ./iris-config-files:/opt/config-files
      # Mount certificates files.
      - ./certificates/CA_Server.cer:/usr/irissys/mgr/CA_Server.cer
      - ./certificates/iris_server.cer:/usr/irissys/mgr/iris_server.cer
      - ./certificates/iris_server.key:/usr/irissys/mgr/iris_server.key
    hostname: iris
    # Load the IRIS configuration file ./iris-config-files/iris-config.json
    command: ["-a","sh /opt/config-files/configureIris.sh"]

networks:
  app_net:
    ipam:
      driver: default
      config:
        - subnet: "172.16.238.0/24"

You may have only 1 command: in each build
the 2nd overwrites the first

  iris:
    image: intersystemsdc/iris-community:latest
    command: --check-caps false
    container_name: tls-ssl-iris
    networks:
      app_net:
        ipv4_address: 172.16.238.20
    volumes:
      - ./iris-config-files:/opt/config-files
      # Mount certificates files.
      - ./certificates/CA_Server.cer:/usr/irissys/mgr/CA_Server.cer
      - ./certificates/iris_server.cer:/usr/irissys/mgr/iris_server.cer
      - ./certificates/iris_server.key:/usr/irissys/mgr/iris_server.key
    hostname: iris
    # Load the IRIS configuration file ./iris-config-files/iris-config.json
    command: ["-a","sh /opt/config-files/configureIris.sh"] 

this worked as multi-line 

command: 
    - -a
    - sh /opt/config-files/configureIris.sh 
      - --check-caps false

BUT  
         command: ["-a","sh /opt/config-files/configureIris.sh","--check-caps false"]

works as well