From 9d667bd7ceaa1647511c662bbaa73a358135d57b Mon Sep 17 00:00:00 2001 From: GuangrongFu Date: Mon, 5 Nov 2018 17:05:02 +0800 Subject: Updated the GUI to HTTPS Change-Id: Id981dbe228750727e1130756585577c82369d1ba Issue-ID: HOLMES-181 Signed-off-by: GuangrongFu --- rulemgt-standalone/src/main/assembly/Dockerfile | 7 +++++- rulemgt-standalone/src/main/assembly/dhparam.pem | 8 +++++++ .../main/assembly/holmes-frontend-selfsigned.crt | 23 ++++++++++++++++++ .../src/main/assembly/holmes-frontend.key | 28 ++++++++++++++++++++++ rulemgt-standalone/src/main/assembly/nginx.conf | 13 ++++++++++ 5 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 rulemgt-standalone/src/main/assembly/dhparam.pem create mode 100644 rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt create mode 100644 rulemgt-standalone/src/main/assembly/holmes-frontend.key diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile index fb45a5b..080d7ca 100644 --- a/rulemgt-standalone/src/main/assembly/Dockerfile +++ b/rulemgt-standalone/src/main/assembly/Dockerfile @@ -2,7 +2,7 @@ FROM openresty/openresty:alpine MAINTAINER "Guangrong Fu" -EXPOSE 9101 9104 9201 +EXPOSE 9101 9104 9105 9201 ENV HOSTNAME holmes-rule-mgmt @@ -37,8 +37,13 @@ RUN apk upgrade \ #add the frontend pacakge to the docker images RUN rm /etc/nginx/conf.d/default.conf +RUN mkdir -p /etc/ssl/certs/ +RUN mkdir /etc/ssl/private ADD holmes-rulemgt-frontend-*.tar.gz /usr/local/openresty/nginx/html ADD nginx.conf /usr/local/openresty/nginx/conf +ADD holmes-frontend.key /etc/ssl/private +ADD holmes-frontend-selfsigned.crt /etc/ssl/certs +ADD dhparam.pem /etc/ssl/certs #add the backend package to the docker image RUN mkdir /home/holmes diff --git a/rulemgt-standalone/src/main/assembly/dhparam.pem b/rulemgt-standalone/src/main/assembly/dhparam.pem new file mode 100644 index 0000000..ecc68c8 --- /dev/null +++ b/rulemgt-standalone/src/main/assembly/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAzmfJw2tg+s07Ybn4qP4F4ZfqqlkEZniXXJie5zV2HOvgxmKWyYtT +wp3BKBjlHdHl/XBf3lpMVq7k9alifP3FvgQLHd0rQPCDxhdtIHpjrcPJvtyyJH+f +HNTebhZfeUFXiXwhqnnkCxuEqg3rwyICYecVLGrgNIlmtxqjlBGWUyv9SLqU7EXw +RppBP4JUPSY5B3aRAOIzlKvhtpNcQNFTselxtE7shSnP1dyLOeM6bc+Sg9lEYgXY +pIHMqi7U7wqE/nDFXEp5zeu5/f8I4MEZ3cKX2cr2p9cCielQmRq4B5+pSfeV6QPK +YDKWtOb0QOzIAIZZEwkGUqAS4Cy+ES0gswIBAg== +-----END DH PARAMETERS----- diff --git a/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt b/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt new file mode 100644 index 0000000..a4eb017 --- /dev/null +++ b/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID5TCCAs2gAwIBAgIJALcg4t8oEk0mMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD +VQQGEwJDTjEQMA4GA1UECAwHU2ljaHVhbjEQMA4GA1UEBwwHQ2hlbmdkdTENMAsG +A1UECgwET05BUDENMAsGA1UECwwET05BUDEPMA0GA1UEAwwGSE9MTUVTMSYwJAYJ +KoZIhvcNAQkBFhdmdS5ndWFuZ3JvbmdAenRlLmNvbS5jbjAeFw0xODExMDUwNjI2 +MjlaFw0xOTExMDUwNjI2MjlaMIGIMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHU2lj +aHVhbjEQMA4GA1UEBwwHQ2hlbmdkdTENMAsGA1UECgwET05BUDENMAsGA1UECwwE +T05BUDEPMA0GA1UEAwwGSE9MTUVTMSYwJAYJKoZIhvcNAQkBFhdmdS5ndWFuZ3Jv +bmdAenRlLmNvbS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMe3 +q6rZkRPUk5CuCbz6+ncvl5YW10Ghx/g9NSMVlYQ+rPLBod8E5z2rjPLzOplvZ6mA +Au/7lgF+isDXqvaNVLDJJtdX2qW5Cbx4zTRm6oLOXZB106YV/KEDvRGJkw25gNDy +o7i9OScP/77FQ2YWqINW6gk1d7ZrueIV2BcXehHRtG2rQ07C71hvPQNTWULsBNjh +3FIGu0N0FcJoazXob8xKgeCYPl0bV0E4X8UHtVEd7PTHzr0oQ4L3P2xmOH0JqWYX +T+SpExwBi2GtyKomaHmkU1j2eK9O3zyf4Mj9LyDWncowyFaMAD8Fl7ZA7S3grGX9 +/Bc5cq3bua9/frRvIVkCAwEAAaNQME4wHQYDVR0OBBYEFADgWM5ts9EaR+1idclt +nXVSH9STMB8GA1UdIwQYMBaAFADgWM5ts9EaR+1idcltnXVSH9STMAwGA1UdEwQF +MAMBAf8wDQYJKoZIhvcNAQELBQADggEBADk+4d69VB4f9xy8B9MOwF6L5f28ucco +po4l96NLfPhYBD1f3TlmHDM3KlIFHrY9kUvLminW93nNgcRQnT/r+RQJZMbV5r4b +q6yYXaxhhtqbu8fz18V2mnhNrakFP+wyDCy66ZJ2QlfKAju9WKNevz6L8lVmYKvd +sA6p03/FRgyZ+74kkxupjxjEY4oVg1JYXgN54aZmRB8svQUaeWfsSVzZ/RcMb7d1 +gj43EbqjzEc25g2fegorkecIGr7DjYEp1nZcTrS8uTDouXjz8G1Y4hQZ9kux14P7 +tVVpDJCf0lPubwfpgE3wlHPIQHIf4aHNqnazDmmYIpu3yvQIimqKhzI= +-----END CERTIFICATE----- diff --git a/rulemgt-standalone/src/main/assembly/holmes-frontend.key b/rulemgt-standalone/src/main/assembly/holmes-frontend.key new file mode 100644 index 0000000..8f5f65d --- /dev/null +++ b/rulemgt-standalone/src/main/assembly/holmes-frontend.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHt6uq2ZET1JOQ +rgm8+vp3L5eWFtdBocf4PTUjFZWEPqzywaHfBOc9q4zy8zqZb2epgALv+5YBforA +16r2jVSwySbXV9qluQm8eM00ZuqCzl2QddOmFfyhA70RiZMNuYDQ8qO4vTknD/++ +xUNmFqiDVuoJNXe2a7niFdgXF3oR0bRtq0NOwu9Ybz0DU1lC7ATY4dxSBrtDdBXC +aGs16G/MSoHgmD5dG1dBOF/FB7VRHez0x869KEOC9z9sZjh9CalmF0/kqRMcAYth +rciqJmh5pFNY9nivTt88n+DI/S8g1p3KMMhWjAA/BZe2QO0t4Kxl/fwXOXKt27mv +f360byFZAgMBAAECggEAcpgs5CdaWyqKUWXLKKhJtsGUFQaeFIajmwhjyPHFjM/5 +pID+RF0n4fbhNTXi1c9ah6NwDAsrk0fsjaIx8q49fgKtSrqaNqTptT8LX5n9zXhj +r1QsUQwknK7seXea7TEXfMz8rC/G72b6s5e0iItPvazNNON9ASrmyZcHGpjZ7gaE +vr1kY8BrdVBnZtPk7iwTpkHZHWm6dnlBo6z+7On2OTbRPzVm8ShfhoYsd3kifurk +LVaCfDknc5qSHle8EFv6yBODxqzhei0nTD2WU7IeJYz9MBBQUPprUSihSnVUddKw +x55ZuHmQT1leluwzyASGw8Mz3QPHUJJSNMk7y0ISQQKBgQD6+ppCaRiMoMk7f42/ +qoMvv+qbGidn1wZUWmTUbqjLjjD2lFXPK9fA1A2lHX4LdAOLgjOQBQ+d11kntPm3 +H3yS3JspCbKtXqx+oVO+lfBabAYwwu3giJt692oUN7xD//wiTcaOAxRC2W9zP6CW +YFGeUA+M56nWWZXcVxBgMgdNBQKBgQDLtofYnU6RTE3hjPQcx+vGS40VtTmnBZQf +l62FVl6U/63NDBy0Xo3XoBPcoLEbqYuIQBn6dZKzCSSMXlaRYG/04QR4zmCSFAum +3sNMKQNBmqBga7u+1nyE13gQIlLDIa0Y+agraU/eOzsKgpbKLglit9WaILjx/vlM +iUphYsATRQKBgQDbbk1+sMpQ8abfCUeSgu9NyTrCPtyjEkGrcJjljpav2fL/M3PO +vSNWqVAAw8dXFiifScfxLCuaMhT1/Wmy7KmK8awK9jqtD7A6yqwgXpGVTQsgiN1X +ybg+i6DIam6E+YOlLmDh+tk1FUw29DNgJnhVtOPTqxw3l33J9qkPoc32TQKBgDEs +oqY7ctfIH5Suvc6kw9leK3RuBri2tAbcSlrBeptlDMNOhS9VE9BVJ/Y+JAKVbsU5 +FAxNjVgCgPwRWbxGF0B5gObYip84j4d8hpA/5jVT6hrcZrmudOhsSuM6JdhMrMg2 +m82+4jS2/42N8HBlpIZb8gf+liZ0ciFzkqzndY4xAoGAOkgLc3+fSpm/MZeYWpA9 +HgGGl5XSR5dbr+/Gu3IDxB46MHkeXydZOh4ygXUTnWIEmU9TUVQyBjfcSnUZyOSW +q2ne9D/6EvPgrbaeDZtMAPaiZ4tWiLqaTZM+axUNYS4zSTLzX7XM5L4+kj4pkkLl +apeR9l7WuCkEQGGcXCWzr8o= +-----END PRIVATE KEY----- diff --git a/rulemgt-standalone/src/main/assembly/nginx.conf b/rulemgt-standalone/src/main/assembly/nginx.conf index 3714419..a41168a 100644 --- a/rulemgt-standalone/src/main/assembly/nginx.conf +++ b/rulemgt-standalone/src/main/assembly/nginx.conf @@ -27,9 +27,18 @@ http { keepalive_timeout 65; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + server { listen 9104; server_name localhost; + return 302 https://$server_name$request_uri; + } + + server { + listen 9105 ssl; + server_name localhost; location / { root /usr/local/openresty/nginx/html; @@ -39,5 +48,9 @@ http { add_header Cache-Control no-cache; root html; } + + ssl_certificate /etc/ssl/certs/holmes-frontend-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/holmes-frontend.key; + ssl_dhparam /etc/ssl/certs/dhparam.pem; } } -- cgit 1.2.3-korg