Community Edition Linux Setup
I am trying to get the Apache Web Gateway with Docker running on a development RHEL 8 machine so I do not have to config the Web Gateway and Apache apart from each other. I noticed the Apache Web Gateway docker image is using IRIS Community Edition. However when I try to run the docker image with podman I am running into issues with the IRIS setup. I was wondering if someone could help me. When I get the image to run I am seeing the following errors...
[iris] | [ERROR] Required Linux capability cap_setuid is missing.
[iris] | [ERROR] Required Linux capability cap_dac_override is missing.
[iris] | [ERROR] Required Linux capability cap_fowner is missing.
[iris] | [ERROR] Required Linux capability cap_setgid is missing.
[iris] | [ERROR] Required Linux capability cap_kill is missing.
[iris] | [FATAL] Your IRIS container is missing one or more required Linux capabilities.
it is using the iris-config.json that was in the image to launch IRIS
more iris-config.json
{
"Security.SSLConfigs": {
"%SuperServer": {
"CAFile": "/usr/irissys/mgr/CA_Server.cer",
"CertificateFile": "/usr/irissys/mgr/iris_server.cer",
"Name": "%SuperServer",
"PrivateKeyFile": "/usr/irissys/mgr/iris_server.key",
"Type": "1",
"VerifyPeer": 3
}
},
"Security.System": {
"SSLSuperServer":1
},
"Security.Services": {
"%Service_WebGateway": {
"ClientSystems": "172.16.238.50;127.0.0.1;172.16.238.20"
}
}
}
What could be missing that I can add to help the IRIS Community Edition run as part of the Docker for the Apache Web Gateway?
I have modified docker-compose.yml to include command: --check-caps false without any luck
[root@int-lxiris-vd02 docker-webgateway-sample]# more docker-compose.yml
version: '3.6'
services:
webgateway:
image: tls-ssl-webgateway
command: --check-caps false
container_name: tls-ssl-webgateway
build:
context: .
dockerfile: Dockerfile
networks:
app_net:
ipv4_address: 172.16.238.50
ports:
# change the local port already used on your system.
- "80:80"
- "443:443"
environment:
- IRIS_HOST=172.16.238.20
- IRIS_PORT=1972
# Replace by the list of ip address allowed to open the CSP system manager
# https://localhost/csp/bin/Systems/Module.cxw
- "SYSTEM_MANAGER=${LOCAL_IP}"
# the list of web apps
# /csp allow to the webgateway to redirect all request starting by /csp to the iris instance
# You can specify a list separate by a space : "IRIS_WEBAPPS=/csp/sys /api /isc /swagger-ui"
- "IRIS_WEBAPPS=/csp/sys"
volumes:
# Mount certificates files.
- ./certificates/webgateway_client.cer:/opt/webgateway/bin/webgateway_client.cer
- ./certificates/webgateway_client.key:/opt/webgateway/bin/webgateway_client.key
- ./certificates/CA_Server.cer:/opt/webgateway/bin/CA_Server.cer
- ~/webgateway-apache-certificates/apache_webgateway.cer:/etc/apache2/certificate/apache_webgateway.cer
- ~/webgateway-apache-certificates/apache_webgateway.key:/etc/apache2/certificate/apache_webgateway.key
hostname: webgateway
command: ["--ssl"]
iris:
image: intersystemsdc/iris-community:latest
command: --check-caps false
container_name: tls-ssl-iris
networks:
app_net:
ipv4_address: 172.16.238.20
volumes:
- ./iris-config-files:/opt/config-files
# Mount certificates files.
- ./certificates/CA_Server.cer:/usr/irissys/mgr/CA_Server.cer
- ./certificates/iris_server.cer:/usr/irissys/mgr/iris_server.cer
- ./certificates/iris_server.key:/usr/irissys/mgr/iris_server.key
hostname: iris
# Load the IRIS configuration file ./iris-config-files/iris-config.json
command: ["-a","sh /opt/config-files/configureIris.sh"]
networks:
app_net:
ipam:
driver: default
config:
- subnet: "172.16.238.0/24"
You may have only 1 command: in each build
the 2nd overwrites the first
iris:
image: intersystemsdc/iris-community:latest
command: --check-caps false
container_name: tls-ssl-iris
networks:
app_net:
ipv4_address: 172.16.238.20
volumes:
- ./iris-config-files:/opt/config-files
# Mount certificates files.
- ./certificates/CA_Server.cer:/usr/irissys/mgr/CA_Server.cer
- ./certificates/iris_server.cer:/usr/irissys/mgr/iris_server.cer
- ./certificates/iris_server.key:/usr/irissys/mgr/iris_server.key
hostname: iris
# Load the IRIS configuration file ./iris-config-files/iris-config.json
command: ["-a","sh /opt/config-files/configureIris.sh"]
this worked as multi-line
command:
- -a
- sh /opt/config-files/configureIris.sh
- --check-caps false
BUT
command: ["-a","sh /opt/config-files/configureIris.sh","--check-caps false"]
works as well