Merge "Modified HTTP/S Related Funcs"

5 files changed, 85 insertions, 6 deletions

diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile
index 434b620..35d3a3b 100644
--- a/rulemgt-standalone/src/main/assembly/Dockerfile
+++ b/rulemgt-standalone/src/main/assembly/Dockerfile
@@ -2,7 +2,7 @@ FROM openresty/openresty:alpine
 
 MAINTAINER "Guangrong Fu" <fu.guangrong@zte.com.cn>
 
-EXPOSE 9101 9104 9105 9201
+EXPOSE 9101 9104 9201
 
 ENV HOSTNAME holmes-rule-mgmt
 
@@ -37,13 +37,13 @@ RUN apk upgrade \
     && apk add --no-cache nss
 
 
-
 #add the frontend pacakge to the docker images
 RUN rm /etc/nginx/conf.d/default.conf
 RUN mkdir -p /etc/ssl/certs/
 RUN mkdir /etc/ssl/private
 ADD holmes-rulemgt-frontend-*.tar.gz /usr/local/openresty/nginx/html/
-ADD nginx.conf /usr/local/openresty/nginx/conf
+ADD nginx-https.conf /usr/local/openresty/nginx/conf
+ADD nginx-http.conf /usr/local/openresty/nginx/conf
 ADD holmes-frontend.key /etc/ssl/private
 ADD holmes-frontend-selfsigned.crt /etc/ssl/certs
 ADD dhparam.pem /etc/ssl/certs
diff --git a/rulemgt-standalone/src/main/assembly/bin/run.sh b/rulemgt-standalone/src/main/assembly/bin/run.sh
index daa803c..d500e5e 100644
--- a/rulemgt-standalone/src/main/assembly/bin/run.sh
+++ b/rulemgt-standalone/src/main/assembly/bin/run.sh
@@ -70,13 +70,31 @@ if [ ! -z ${URL_JDBC} ] && [ `expr index $URL_JDBC :` != 0 ]; then
 fi
 echo DB_PORT=$DB_PORT
 
+if [ -z ${ENABLE_ENCRYPT} ]; then
+    export ENABLE_ENCRYPT=true
+fi
+echo ENABLE_ENCRYPT=$ENABLE_ENCRYPT
+
 KEY_PATH="$main_path/conf/holmes.keystore"
 KEY_PASSWORD="holmes"
-
 #HTTPS Configurations
 sed -i "s|keyStorePath:.*|keyStorePath: $KEY_PATH|" "$main_path/conf/rulemgt.yml"
 sed -i "s|keyStorePassword:.*|keyStorePassword: $KEY_PASSWORD|" "$main_path/conf/rulemgt.yml"
 
+if [ ${ENABLE_ENCRYPT} == true ]; then
+    sed -i "s|type:\s*https\?$|type: https|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?keyStorePath|keyStorePath|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?keyStorePassword|keyStorePassword|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?validateCerts|validateCerts|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?validatePeers|validatePeers|" "$main_path/conf/rulemgt.yml"
+else
+    sed -i 's|type:\s*https\?$|type: http|' "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?keyStorePath|#keyStorePath|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?keyStorePassword|#keyStorePassword|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?validateCerts|#validateCerts|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?validatePeers|#validatePeers|" "$main_path/conf/rulemgt.yml"
+fi
+
 
 ./bin/initDB.sh $JDBC_USERNAME $JDBC_PASSWORD $DB_NAME $DB_PORT "${URL_JDBC%:*}"
 
@@ -88,7 +106,11 @@ sed -i "s|keyStorePassword:.*|keyStorePassword: $KEY_PASSWORD|" "$main_path/conf
 #echo Registered UI to MSB.
 
 
-nginx -c /usr/local/openresty/nginx/conf/nginx.conf
+if [ ${ENABLE_ENCRYPT} == true ]; then
+    nginx -c /usr/local/openresty/nginx/conf/nginx-https.conf
+else
+    nginx -c /usr/local/openresty/nginx/conf/nginx-http.conf
+fi
 echo nginx started.
 
 "$JAVA" $JAVA_OPTS -classpath "$class_path" org.onap.holmes.rulemgt.RuleActiveApp server "$main_path/conf/rulemgt.yml"
diff --git a/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml b/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml
index 0f2504b..26a94e8 100644
--- a/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml
+++ b/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml
@@ -15,7 +15,7 @@ server:
   connector:
     type: https
     port: 9101
-    keyStorePath: E:\Codes\ONAP\holmes\rule-management\rulemgt-standalone\src\main\assembly\conf\holmes.keystore
+    keyStorePath: /home/holmes/conf/holmes.keystore
     keyStorePassword: holmes
     validateCerts: false
     validatePeers: false
diff --git a/rulemgt-standalone/src/main/assembly/nginx-http.conf b/rulemgt-standalone/src/main/assembly/nginx-http.conf
new file mode 100644
index 0000000..717d5cf
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/nginx-http.conf
@@ -0,0 +1,57 @@
+#user  nobody;
+worker_processes  1;
+
+error_log  logs/error.log;
+error_log  logs/error.log  notice;
+error_log  logs/error.log  info;
+
+pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    server {
+        listen       9104;
+        server_name  _;
+
+        location / {
+            root   /usr/local/openresty/nginx/html;
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_redirect off;
+
+            if ($uri ~ "/api/holmes-rule-mgmt/(.*)") {
+                proxy_pass http://$host:9101$request_uri;
+                break;
+            }
+
+            if ($uri ~ "/api/holmes-engine-mgmt/(.*)") {
+                proxy_pass http://$host:9102$request_uri;
+                break;
+            }
+        }
+
+        location ~*.(htm|html){
+            add_header Cache-Control no-cache;
+            root html;
+        }
+    }
+}
diff --git a/rulemgt-standalone/src/main/assembly/nginx.conf b/rulemgt-standalone/src/main/assembly/nginx-https.conf
index e4facf1..e4facf1 100644
--- a/rulemgt-standalone/src/main/assembly/nginx.conf
+++ b/rulemgt-standalone/src/main/assembly/nginx-https.conf