From dd6a7fa137605db8e2eec437167c438af0ea2447 Mon Sep 17 00:00:00 2001
From: tangpeng <tang.peng5@zte.com.cn>
Date: Sat, 30 Mar 2019 07:54:52 +0000
Subject: Modified HTTP/S Related Funcs

Change-Id: I554a7a93c49ef29f586e4b494d832c552987993e
Issue-ID: HOLMES-203
Signed-off-by: tangpeng <tang.peng5@zte.com.cn>
---
 rulemgt-standalone/src/main/assembly/Dockerfile    |  6 +-
 rulemgt-standalone/src/main/assembly/bin/run.sh    | 26 ++++++++-
 .../src/main/assembly/conf/rulemgt.yml             |  2 +-
 .../src/main/assembly/nginx-http.conf              | 57 +++++++++++++++++++
 .../src/main/assembly/nginx-https.conf             | 64 ++++++++++++++++++++++
 rulemgt-standalone/src/main/assembly/nginx.conf    | 64 ----------------------
 6 files changed, 149 insertions(+), 70 deletions(-)
 create mode 100644 rulemgt-standalone/src/main/assembly/nginx-http.conf
 create mode 100644 rulemgt-standalone/src/main/assembly/nginx-https.conf
 delete mode 100644 rulemgt-standalone/src/main/assembly/nginx.conf

(limited to 'rulemgt-standalone')

diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile
index 434b620..35d3a3b 100644
--- a/rulemgt-standalone/src/main/assembly/Dockerfile
+++ b/rulemgt-standalone/src/main/assembly/Dockerfile
@@ -2,7 +2,7 @@ FROM openresty/openresty:alpine
 
 MAINTAINER "Guangrong Fu" <fu.guangrong@zte.com.cn>
 
-EXPOSE 9101 9104 9105 9201
+EXPOSE 9101 9104 9201
 
 ENV HOSTNAME holmes-rule-mgmt
 
@@ -37,13 +37,13 @@ RUN apk upgrade \
     && apk add --no-cache nss
 
 
-
 #add the frontend pacakge to the docker images
 RUN rm /etc/nginx/conf.d/default.conf
 RUN mkdir -p /etc/ssl/certs/
 RUN mkdir /etc/ssl/private
 ADD holmes-rulemgt-frontend-*.tar.gz /usr/local/openresty/nginx/html/
-ADD nginx.conf /usr/local/openresty/nginx/conf
+ADD nginx-https.conf /usr/local/openresty/nginx/conf
+ADD nginx-http.conf /usr/local/openresty/nginx/conf
 ADD holmes-frontend.key /etc/ssl/private
 ADD holmes-frontend-selfsigned.crt /etc/ssl/certs
 ADD dhparam.pem /etc/ssl/certs
diff --git a/rulemgt-standalone/src/main/assembly/bin/run.sh b/rulemgt-standalone/src/main/assembly/bin/run.sh
index daa803c..d500e5e 100644
--- a/rulemgt-standalone/src/main/assembly/bin/run.sh
+++ b/rulemgt-standalone/src/main/assembly/bin/run.sh
@@ -70,13 +70,31 @@ if [ ! -z ${URL_JDBC} ] && [ `expr index $URL_JDBC :` != 0 ]; then
 fi
 echo DB_PORT=$DB_PORT
 
+if [ -z ${ENABLE_ENCRYPT} ]; then
+    export ENABLE_ENCRYPT=true
+fi
+echo ENABLE_ENCRYPT=$ENABLE_ENCRYPT
+
 KEY_PATH="$main_path/conf/holmes.keystore"
 KEY_PASSWORD="holmes"
-
 #HTTPS Configurations
 sed -i "s|keyStorePath:.*|keyStorePath: $KEY_PATH|" "$main_path/conf/rulemgt.yml"
 sed -i "s|keyStorePassword:.*|keyStorePassword: $KEY_PASSWORD|" "$main_path/conf/rulemgt.yml"
 
+if [ ${ENABLE_ENCRYPT} == true ]; then
+    sed -i "s|type:\s*https\?$|type: https|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?keyStorePath|keyStorePath|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?keyStorePassword|keyStorePassword|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?validateCerts|validateCerts|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?validatePeers|validatePeers|" "$main_path/conf/rulemgt.yml"
+else
+    sed -i 's|type:\s*https\?$|type: http|' "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?keyStorePath|#keyStorePath|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?keyStorePassword|#keyStorePassword|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?validateCerts|#validateCerts|" "$main_path/conf/rulemgt.yml"
+    sed -i "s|#\?validatePeers|#validatePeers|" "$main_path/conf/rulemgt.yml"
+fi
+
 
 ./bin/initDB.sh $JDBC_USERNAME $JDBC_PASSWORD $DB_NAME $DB_PORT "${URL_JDBC%:*}"
 
@@ -88,7 +106,11 @@ sed -i "s|keyStorePassword:.*|keyStorePassword: $KEY_PASSWORD|" "$main_path/conf
 #echo Registered UI to MSB.
 
 
-nginx -c /usr/local/openresty/nginx/conf/nginx.conf
+if [ ${ENABLE_ENCRYPT} == true ]; then
+    nginx -c /usr/local/openresty/nginx/conf/nginx-https.conf
+else
+    nginx -c /usr/local/openresty/nginx/conf/nginx-http.conf
+fi
 echo nginx started.
 
 "$JAVA" $JAVA_OPTS -classpath "$class_path" org.onap.holmes.rulemgt.RuleActiveApp server "$main_path/conf/rulemgt.yml"
diff --git a/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml b/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml
index 0f2504b..26a94e8 100644
--- a/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml
+++ b/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml
@@ -15,7 +15,7 @@ server:
   connector:
     type: https
     port: 9101
-    keyStorePath: E:\Codes\ONAP\holmes\rule-management\rulemgt-standalone\src\main\assembly\conf\holmes.keystore
+    keyStorePath: /home/holmes/conf/holmes.keystore
     keyStorePassword: holmes
     validateCerts: false
     validatePeers: false
diff --git a/rulemgt-standalone/src/main/assembly/nginx-http.conf b/rulemgt-standalone/src/main/assembly/nginx-http.conf
new file mode 100644
index 0000000..717d5cf
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/nginx-http.conf
@@ -0,0 +1,57 @@
+#user  nobody;
+worker_processes  1;
+
+error_log  logs/error.log;
+error_log  logs/error.log  notice;
+error_log  logs/error.log  info;
+
+pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    server {
+        listen       9104;
+        server_name  _;
+
+        location / {
+            root   /usr/local/openresty/nginx/html;
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_redirect off;
+
+            if ($uri ~ "/api/holmes-rule-mgmt/(.*)") {
+                proxy_pass http://$host:9101$request_uri;
+                break;
+            }
+
+            if ($uri ~ "/api/holmes-engine-mgmt/(.*)") {
+                proxy_pass http://$host:9102$request_uri;
+                break;
+            }
+        }
+
+        location ~*.(htm|html){
+            add_header Cache-Control no-cache;
+            root html;
+        }
+    }
+}
diff --git a/rulemgt-standalone/src/main/assembly/nginx-https.conf b/rulemgt-standalone/src/main/assembly/nginx-https.conf
new file mode 100644
index 0000000..e4facf1
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/nginx-https.conf
@@ -0,0 +1,64 @@
+#user  nobody;
+worker_processes  1;
+
+error_log  logs/error.log;
+error_log  logs/error.log  notice;
+error_log  logs/error.log  info;
+
+pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 10m;
+
+    server {
+        listen       9104 ssl;
+        server_name  _;
+
+        location / {
+            root   /usr/local/openresty/nginx/html;
+
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_redirect off;
+
+            if ($uri ~ "/api/holmes-rule-mgmt/(.*)") {
+                proxy_pass https://$host:9101$request_uri;
+                break;
+            }
+
+            if ($uri ~ "/api/holmes-engine-mgmt/(.*)") {
+                proxy_pass https://$host:9102$request_uri;
+                break;
+            }
+        }
+
+        location ~*.(htm|html){
+            add_header Cache-Control no-cache;
+            root html;
+        }
+
+        ssl_certificate /etc/ssl/certs/holmes-frontend-selfsigned.crt;
+        ssl_certificate_key /etc/ssl/private/holmes-frontend.key;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
+    }
+}
diff --git a/rulemgt-standalone/src/main/assembly/nginx.conf b/rulemgt-standalone/src/main/assembly/nginx.conf
deleted file mode 100644
index e4facf1..0000000
--- a/rulemgt-standalone/src/main/assembly/nginx.conf
+++ /dev/null
@@ -1,64 +0,0 @@
-#user  nobody;
-worker_processes  1;
-
-error_log  logs/error.log;
-error_log  logs/error.log  notice;
-error_log  logs/error.log  info;
-
-pid        logs/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    #access_log  logs/access.log  main;
-
-    sendfile        on;
-
-    keepalive_timeout  65;
-
-    ssl_session_cache   shared:SSL:10m;
-    ssl_session_timeout 10m;
-
-    server {
-        listen       9104 ssl;
-        server_name  _;
-
-        location / {
-            root   /usr/local/openresty/nginx/html;
-
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_redirect off;
-
-            if ($uri ~ "/api/holmes-rule-mgmt/(.*)") {
-                proxy_pass https://$host:9101$request_uri;
-                break;
-            }
-
-            if ($uri ~ "/api/holmes-engine-mgmt/(.*)") {
-                proxy_pass https://$host:9102$request_uri;
-                break;
-            }
-        }
-
-        location ~*.(htm|html){
-            add_header Cache-Control no-cache;
-            root html;
-        }
-
-        ssl_certificate /etc/ssl/certs/holmes-frontend-selfsigned.crt;
-        ssl_certificate_key /etc/ssl/private/holmes-frontend.key;
-        ssl_dhparam /etc/ssl/certs/dhparam.pem;
-    }
-}
-- 
cgit 1.2.3-korg