summaryrefslogtreecommitdiffstats
path: root/rulemgt-standalone
diff options
context:
space:
mode:
Diffstat (limited to 'rulemgt-standalone')
-rw-r--r--rulemgt-standalone/src/main/assembly/Dockerfile7
-rw-r--r--rulemgt-standalone/src/main/assembly/dhparam.pem8
-rw-r--r--rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt23
-rw-r--r--rulemgt-standalone/src/main/assembly/holmes-frontend.key28
-rw-r--r--rulemgt-standalone/src/main/assembly/nginx.conf13
5 files changed, 78 insertions, 1 deletions
diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile
index fb45a5b..080d7ca 100644
--- a/rulemgt-standalone/src/main/assembly/Dockerfile
+++ b/rulemgt-standalone/src/main/assembly/Dockerfile
@@ -2,7 +2,7 @@ FROM openresty/openresty:alpine
MAINTAINER "Guangrong Fu" <fu.guangrong@zte.com.cn>
-EXPOSE 9101 9104 9201
+EXPOSE 9101 9104 9105 9201
ENV HOSTNAME holmes-rule-mgmt
@@ -37,8 +37,13 @@ RUN apk upgrade \
#add the frontend pacakge to the docker images
RUN rm /etc/nginx/conf.d/default.conf
+RUN mkdir -p /etc/ssl/certs/
+RUN mkdir /etc/ssl/private
ADD holmes-rulemgt-frontend-*.tar.gz /usr/local/openresty/nginx/html
ADD nginx.conf /usr/local/openresty/nginx/conf
+ADD holmes-frontend.key /etc/ssl/private
+ADD holmes-frontend-selfsigned.crt /etc/ssl/certs
+ADD dhparam.pem /etc/ssl/certs
#add the backend package to the docker image
RUN mkdir /home/holmes
diff --git a/rulemgt-standalone/src/main/assembly/dhparam.pem b/rulemgt-standalone/src/main/assembly/dhparam.pem
new file mode 100644
index 0000000..ecc68c8
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAzmfJw2tg+s07Ybn4qP4F4ZfqqlkEZniXXJie5zV2HOvgxmKWyYtT
+wp3BKBjlHdHl/XBf3lpMVq7k9alifP3FvgQLHd0rQPCDxhdtIHpjrcPJvtyyJH+f
+HNTebhZfeUFXiXwhqnnkCxuEqg3rwyICYecVLGrgNIlmtxqjlBGWUyv9SLqU7EXw
+RppBP4JUPSY5B3aRAOIzlKvhtpNcQNFTselxtE7shSnP1dyLOeM6bc+Sg9lEYgXY
+pIHMqi7U7wqE/nDFXEp5zeu5/f8I4MEZ3cKX2cr2p9cCielQmRq4B5+pSfeV6QPK
+YDKWtOb0QOzIAIZZEwkGUqAS4Cy+ES0gswIBAg==
+-----END DH PARAMETERS-----
diff --git a/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt b/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt
new file mode 100644
index 0000000..a4eb017
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5TCCAs2gAwIBAgIJALcg4t8oEk0mMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
+VQQGEwJDTjEQMA4GA1UECAwHU2ljaHVhbjEQMA4GA1UEBwwHQ2hlbmdkdTENMAsG
+A1UECgwET05BUDENMAsGA1UECwwET05BUDEPMA0GA1UEAwwGSE9MTUVTMSYwJAYJ
+KoZIhvcNAQkBFhdmdS5ndWFuZ3JvbmdAenRlLmNvbS5jbjAeFw0xODExMDUwNjI2
+MjlaFw0xOTExMDUwNjI2MjlaMIGIMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHU2lj
+aHVhbjEQMA4GA1UEBwwHQ2hlbmdkdTENMAsGA1UECgwET05BUDENMAsGA1UECwwE
+T05BUDEPMA0GA1UEAwwGSE9MTUVTMSYwJAYJKoZIhvcNAQkBFhdmdS5ndWFuZ3Jv
+bmdAenRlLmNvbS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMe3
+q6rZkRPUk5CuCbz6+ncvl5YW10Ghx/g9NSMVlYQ+rPLBod8E5z2rjPLzOplvZ6mA
+Au/7lgF+isDXqvaNVLDJJtdX2qW5Cbx4zTRm6oLOXZB106YV/KEDvRGJkw25gNDy
+o7i9OScP/77FQ2YWqINW6gk1d7ZrueIV2BcXehHRtG2rQ07C71hvPQNTWULsBNjh
+3FIGu0N0FcJoazXob8xKgeCYPl0bV0E4X8UHtVEd7PTHzr0oQ4L3P2xmOH0JqWYX
+T+SpExwBi2GtyKomaHmkU1j2eK9O3zyf4Mj9LyDWncowyFaMAD8Fl7ZA7S3grGX9
+/Bc5cq3bua9/frRvIVkCAwEAAaNQME4wHQYDVR0OBBYEFADgWM5ts9EaR+1idclt
+nXVSH9STMB8GA1UdIwQYMBaAFADgWM5ts9EaR+1idcltnXVSH9STMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBADk+4d69VB4f9xy8B9MOwF6L5f28ucco
+po4l96NLfPhYBD1f3TlmHDM3KlIFHrY9kUvLminW93nNgcRQnT/r+RQJZMbV5r4b
+q6yYXaxhhtqbu8fz18V2mnhNrakFP+wyDCy66ZJ2QlfKAju9WKNevz6L8lVmYKvd
+sA6p03/FRgyZ+74kkxupjxjEY4oVg1JYXgN54aZmRB8svQUaeWfsSVzZ/RcMb7d1
+gj43EbqjzEc25g2fegorkecIGr7DjYEp1nZcTrS8uTDouXjz8G1Y4hQZ9kux14P7
+tVVpDJCf0lPubwfpgE3wlHPIQHIf4aHNqnazDmmYIpu3yvQIimqKhzI=
+-----END CERTIFICATE-----
diff --git a/rulemgt-standalone/src/main/assembly/holmes-frontend.key b/rulemgt-standalone/src/main/assembly/holmes-frontend.key
new file mode 100644
index 0000000..8f5f65d
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/holmes-frontend.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHt6uq2ZET1JOQ
+rgm8+vp3L5eWFtdBocf4PTUjFZWEPqzywaHfBOc9q4zy8zqZb2epgALv+5YBforA
+16r2jVSwySbXV9qluQm8eM00ZuqCzl2QddOmFfyhA70RiZMNuYDQ8qO4vTknD/++
+xUNmFqiDVuoJNXe2a7niFdgXF3oR0bRtq0NOwu9Ybz0DU1lC7ATY4dxSBrtDdBXC
+aGs16G/MSoHgmD5dG1dBOF/FB7VRHez0x869KEOC9z9sZjh9CalmF0/kqRMcAYth
+rciqJmh5pFNY9nivTt88n+DI/S8g1p3KMMhWjAA/BZe2QO0t4Kxl/fwXOXKt27mv
+f360byFZAgMBAAECggEAcpgs5CdaWyqKUWXLKKhJtsGUFQaeFIajmwhjyPHFjM/5
+pID+RF0n4fbhNTXi1c9ah6NwDAsrk0fsjaIx8q49fgKtSrqaNqTptT8LX5n9zXhj
+r1QsUQwknK7seXea7TEXfMz8rC/G72b6s5e0iItPvazNNON9ASrmyZcHGpjZ7gaE
+vr1kY8BrdVBnZtPk7iwTpkHZHWm6dnlBo6z+7On2OTbRPzVm8ShfhoYsd3kifurk
+LVaCfDknc5qSHle8EFv6yBODxqzhei0nTD2WU7IeJYz9MBBQUPprUSihSnVUddKw
+x55ZuHmQT1leluwzyASGw8Mz3QPHUJJSNMk7y0ISQQKBgQD6+ppCaRiMoMk7f42/
+qoMvv+qbGidn1wZUWmTUbqjLjjD2lFXPK9fA1A2lHX4LdAOLgjOQBQ+d11kntPm3
+H3yS3JspCbKtXqx+oVO+lfBabAYwwu3giJt692oUN7xD//wiTcaOAxRC2W9zP6CW
+YFGeUA+M56nWWZXcVxBgMgdNBQKBgQDLtofYnU6RTE3hjPQcx+vGS40VtTmnBZQf
+l62FVl6U/63NDBy0Xo3XoBPcoLEbqYuIQBn6dZKzCSSMXlaRYG/04QR4zmCSFAum
+3sNMKQNBmqBga7u+1nyE13gQIlLDIa0Y+agraU/eOzsKgpbKLglit9WaILjx/vlM
+iUphYsATRQKBgQDbbk1+sMpQ8abfCUeSgu9NyTrCPtyjEkGrcJjljpav2fL/M3PO
+vSNWqVAAw8dXFiifScfxLCuaMhT1/Wmy7KmK8awK9jqtD7A6yqwgXpGVTQsgiN1X
+ybg+i6DIam6E+YOlLmDh+tk1FUw29DNgJnhVtOPTqxw3l33J9qkPoc32TQKBgDEs
+oqY7ctfIH5Suvc6kw9leK3RuBri2tAbcSlrBeptlDMNOhS9VE9BVJ/Y+JAKVbsU5
+FAxNjVgCgPwRWbxGF0B5gObYip84j4d8hpA/5jVT6hrcZrmudOhsSuM6JdhMrMg2
+m82+4jS2/42N8HBlpIZb8gf+liZ0ciFzkqzndY4xAoGAOkgLc3+fSpm/MZeYWpA9
+HgGGl5XSR5dbr+/Gu3IDxB46MHkeXydZOh4ygXUTnWIEmU9TUVQyBjfcSnUZyOSW
+q2ne9D/6EvPgrbaeDZtMAPaiZ4tWiLqaTZM+axUNYS4zSTLzX7XM5L4+kj4pkkLl
+apeR9l7WuCkEQGGcXCWzr8o=
+-----END PRIVATE KEY-----
diff --git a/rulemgt-standalone/src/main/assembly/nginx.conf b/rulemgt-standalone/src/main/assembly/nginx.conf
index 3714419..a41168a 100644
--- a/rulemgt-standalone/src/main/assembly/nginx.conf
+++ b/rulemgt-standalone/src/main/assembly/nginx.conf
@@ -27,9 +27,18 @@ http {
keepalive_timeout 65;
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+
server {
listen 9104;
server_name localhost;
+ return 302 https://$server_name$request_uri;
+ }
+
+ server {
+ listen 9105 ssl;
+ server_name localhost;
location / {
root /usr/local/openresty/nginx/html;
@@ -39,5 +48,9 @@ http {
add_header Cache-Control no-cache;
root html;
}
+
+ ssl_certificate /etc/ssl/certs/holmes-frontend-selfsigned.crt;
+ ssl_certificate_key /etc/ssl/private/holmes-frontend.key;
+ ssl_dhparam /etc/ssl/certs/dhparam.pem;
}
}