From cbbf7f93f272ddff1c615eb287c7556972a16357 Mon Sep 17 00:00:00 2001
From: Tommy Carpenter <tommy@research.att.com>
Date: Fri, 31 May 2019 09:21:31 -0400
Subject: Add HTTPS Flag

Issue-ID: DCAEGEN2-1549
Change-Id: I24f84d13ddc4e4163c02814c2f841a5485dbf7a7
Signed-off-by: Tommy Carpenter <tommy@research.att.com>
---
 README.md | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index a4e69ab..4fe43f9 100644
--- a/README.md
+++ b/README.md
@@ -74,16 +74,39 @@ You need `tox`; then just run:
 # Deployment
 
 ## HTTPS
-Details coming soon
+
+The default non HTTPS port is 10000. The default HTTPS port is 10443.
+
+To deploy with HTTPS, you must then set three ENVs:
+1. `USE_HTTPS=1` (any other value, HTTPS is not used)
+2. `HTTPS_KEY_PATH`: path to the `.key` file (including the filename)
+3. `HTTPS_CERT_PATH`: path to the .crt file (including the filename)
+
+If `USE_HTTPS` is set, but the other two are not supplied or do not exist, the CBS will crash immediately.
+
+For testing, I created a self signed cert with
+
+    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/k.key -out /tmp/c.crt -subj "/C=US/ST=NJ/L=foo/O=ONAP/OU=ONAP/CN=configbinding"
 
 ## Docker
+### Without HTTPS
 
     sudo docker run -dt -p 10000:10000 -e CONSUL_HOST=<YOUR_HOST>cbs:X.Y.Z
 
-If you wish to turn ON HTTP healthchecks and turn OFF HTTPS healthchecks, swith 10000 and 443 above. That will work even with `v7` of registrator (that is, `SERVICE_x_CHECK_HTTP` was already supported)
+###With HTTPS
+Mount the key and crt into `/opt/`; in theory other paths should work if the ENV is set correctly, but this one has been tested and `/opt` is gauranteed to exist in the container because that's where the logs go.
+
+
+    docker run -dt -p 10443:10443 -e CONSUL_HOST=<YOUR_HOST> -e USE_HTTPS=1 -e HTTPS_KEY_PATH=/opt/k.key -e HTTPS_CERT_PATH=/opt/c.crt -v /tmp/k.key:/opt/k.key -v /tmp/c.crt:/opt/c.crt cbs:X.Y.
+
 
 ## Locally for development (no docker)
+###Without HTTPS
 It is recommended that you do this step in a virtualenv.
 (set -x is Fish notaion, change for Bash etc. accordingly)
 
-    pip install --ignore-installed .; set -x CONSUL_HOST <YOUR_HOST>; ./run.py
+    pip install --ignore-installed .; set -x CONSUL_HOST <YOUR_HOST>; run.py
+
+###With HTTPS
+
+    pip install --ignore-installed .; set -x CONSUL_HOST <YOUR_HOST>; set -x USE_HTTPS 1; set -x USE_HTTPS 1; set -x HTTPS_KEY_PATH /tmp/k.key; set -x HTTPS_CERT_PATH /tmp/c.crt; run.py
-- 
cgit 1.2.3-korg