12/10/2016: Running Shibboleth IDP on hyper.sh
Hyper.sh is a secure container hosting service. In this entry, I use a container to run the Shibboleth Identity Provider at hyper.sh
First start a centos container where you will run Shibboleth IDP. The command below run interactively.
./hyper run --expose 8080 --publish 80:8080 --size m2 -it --rm centos /bin/bash
On the hyper.sh page, attach a floating ip address to this container.
Now install some software packages using yum.
yum install -y tomcat tomcat-webapps tomcat-admin-webapps tomcat-docs-webapp tomcat-javadoc
Define some environment variables that are needed by tomcat.
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-1.b15.el7_2.x86_64/jre
export CATALINA_HOME=/var/lib/tomcat
export JAVA_OPTS="-Xms512"
Add the following two lines to /etc/tomcat/tomcat-users.xml
<role rolename="manager-gui"/>
<user username="admin" password="admin" roles="manager-gui"/>
Start tomcat just to make sure that everything is working so far.
/usr/libexec/tomcat/server start
Visit http://
Visit http://
Press ^C to stop tomcat.
Install and configure Shibboleth IDP.
curl -O https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-3.3.0.tar.gz
tar xfz shibboleth-identity-provider-3.3.0.tar.gz
rm shibboleth-identity-provider-3.3.0.tar.gz
cd shibboleth-identity-provider-3.3.0
bin/install.sh
cd /opt/shibboleth-idp/
Edit conf/access-control.xml to add ‘0.0.0.0/32’ to the list of allowed ranges.
Change the ownership of files.
chown -R tomcat *
Create the IDP web application.
cat << EOF > /etc/tomcat/Catalina/localhost/idp.xml
<Context docBase="/opt/shibboleth-idp/war/idp.war" privileged="true" antiResourceLocking="false" swallowOutput="true"/>
EOF
Start tomcat and visit the /manager page. You could now see the /idp application.
/usr/libexec/tomcat/server start
Pless ^C to stop tomcat.
Now install the JSTL jar file.
cd /opt/shibboleth-idp/edit-webapp/WEB-INF/lib
curl -O https://build.shibboleth.net/nexus/service/local/repositories/thirdparty/content/javax/servlet/jstl/1.2/jstl-1.2.jar
chown tomcat jstl-1.2.jar
Rebuild the war file.
cd ../../..
bin/build.sh
Start tomcat and visit the IDP page at http://
/usr/libexec/tomcat/server start
11/30/2016: Using hyper.sh for software development
Hyper.sh is a secure container hosting service. What makes it different from AWS (Amazon Web Services) is that you don’t start servers, but start docker images directly from Docker Hub or other registries. Hyper.sh is running the containers in a new way, in which multi-tenants’ containers are inherently safe to run side by side on bare metal, instead of being nested in VMs.
- Create a Docker volume to hold your project files.
./hyper volume create --name=development
- Create a Docker container where you can perform work. This container is about 25 cents per hour.
./hyper run --size m2 -it --rm --volume development:/projects centos /bin/bash
- Create SSH file so that GitHub knows who you are.
mkdir ~/.ssh
chmod 700 ~/.ssh
cat << EOF > ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
XTz8S7HbpSj3bz6PqT5AxIGk7jnCyLvjIuO9tk3wxFdYgiCkSpHE44Wku32MLJct
...
Bh0z0XMCgYEAjCsLw+zhObeKdTuhtmzzpHu7jaI97OET7+5MwGFZbzgcdf9f37FN
dEIHo1XYuxRpqFXMNz6kwZgs8k8+uPM4C8fu4r4UHqVbdZwzM5pvhQoo+qzvePNL
TmeVsBVUQPTs6K1IO3MEPfIN4m366MselXW0tLcvPi6hOPkl5Kzqj+o=
-----END RSA PRIVATE KEY-----
EOF
chmod 600 ~/.ssh/id_isa
- Install git so you can pull a project from GitHub.
yum install -y git
git config --global user.email "david.medinets@gmail.com"
git config --global user.name "medined"
git config --global push.default simple
git clone git@github.com:medined/medined.github.io.git
That’s - do your work - then git commit and exit the
Docker container.
PS - this entry was written inside a hyper.sh container.