diff options
author | Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com> | 2021-03-01 14:00:50 +0100 |
---|---|---|
committer | Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com> | 2021-03-05 10:34:22 +0100 |
commit | 3a379f80dd6df7ea28210e46c2cea81a64b95534 (patch) | |
tree | 7d576ffb18dc2bc42ab865af8bdd1f57313e899d | |
parent | b4c81d195c09cc2a7623316d417de7624f2b6bb2 (diff) |
move httpserver from pnf-simulator repo to nf-simulator/pm-https-server directly.
Change-Id: I80b7db9dbe02389cb2a81cdbfb201830349ca5b7
Issue-ID: INT-1869
Signed-off-by: Tomasz Pietruszkiewicz <tomasz.pietruszkiewicz@nokia.com>
-rw-r--r-- | .gitignore | 4 | ||||
-rw-r--r-- | Dockerfile | 22 | ||||
-rw-r--r-- | Makefile | 30 | ||||
-rw-r--r-- | README.md | 33 | ||||
-rw-r--r-- | docker-compose.yml | 23 | ||||
-rw-r--r-- | pom.xml | 119 | ||||
-rw-r--r-- | resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz | bin | 0 -> 2046 bytes | |||
-rw-r--r-- | resources/apache2.conf | 228 | ||||
-rw-r--r-- | resources/cert/key.pem | 28 | ||||
-rw-r--r-- | resources/cert/keystore.pem | 26 | ||||
-rw-r--r-- | resources/cert/truststore.pem | 28 | ||||
-rwxr-xr-x | resources/lib/libjwt.so.1.7.0 | bin | 0 -> 133400 bytes | |||
-rw-r--r-- | resources/local/.htpasswd | 1 | ||||
-rw-r--r-- | resources/local/upload.php | 18 | ||||
-rw-r--r-- | resources/mods-enabled/auth_jwt.load | 1 | ||||
-rw-r--r-- | resources/modules/mod_authnz_jwt.so | bin | 0 -> 146696 bytes | |||
-rw-r--r-- | resources/ports.conf | 14 | ||||
-rw-r--r-- | resources/sites-enabled/000-default.conf | 132 |
18 files changed, 707 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3490fc7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +**/*.iml +**/.idea +**/target +**/logs
\ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..2a86bfa --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +FROM httpd:2.4 + +RUN apt-get update \ + && apt-get -y install vim libapache2-mod-php php php-curl \ + && rm -rf /var/lib/apt/lists/* \ + && a2enmod mpm_prefork \ + && a2dismod mpm_event \ + && a2enmod rewrite \ + && a2enmod ssl + +ENV APACHE_LOG_DIR /var/log/apache2 +ENV APACHE_LOCK_DIR /var/lock/apache2 +ENV APACHE_PID_FILE /var/run/apache2.pid + +COPY --chown=root:root target/ / + +RUN chmod 644 /usr/local/apache2/passwd/.htpasswd \ + && chmod 644 /usr/local/apache2/conf/httpd.conf \ + && chmod 644 /usr/lib/x86_64-linux-gnu/libjwt.so.1 \ + && chmod 644 /usr/local/apache2/modules/mod_authnz_jwt.so \ + && touch /usr/local/apache2/htdocs/index.html +CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1a0064a --- /dev/null +++ b/Makefile @@ -0,0 +1,30 @@ +default: + @echo "There is no default target. Use: make <specific_target>" +build: + @echo "##### Build PM Https Server docker image #####" + mkdir -p target/usr/local/apache2/passwd/ && cp resources/local/.htpasswd target/usr/local/apache2/passwd/ + mkdir -p target/usr/local/apache2/conf/ && cp resources/local/upload.php target/usr/local/apache2/conf/ + mkdir -p target/etc/apache2/sites-enabled/ && cp resources/sites-enabled/000-default.conf target/etc/apache2/sites-enabled/000-default.conf + cp resources/ports.conf target/etc/apache2/ + cp resources/apache2.conf target/etc/apache2/ + mkdir -p target/etc/apache2/certs && cp resources/cert/* target/etc/apache2/certs + mkdir -p target/usr/lib/x86_64-linux-gnu/ && cp resources/lib/libjwt.so.1.7.0 target/usr/lib/x86_64-linux-gnu/libjwt.so.1 + mkdir -p target/usr/local/apache2/modules/ && cp resources/modules/mod_authnz_jwt.so target/usr/local/apache2/modules/mod_authnz_jwt.so + mkdir -p target//etc/apache2/mods-enabled/ && cp resources/mods-enabled/auth_jwt.load target/etc/apache2/mods-enabled/auth_jwt.load + docker build . -t onap/org.onap.integration.simulators.pmhttpsserver + @echo "##### DONE #####" +start: + @echo "##### Start PM Https Server #####" + docker-compose -f docker-compose.yml up + @echo "##### DONE #####" +stop: + @echo "##### Stop PM Https Server #####" + docker-compose -f docker-compose.yml down + rm -rf ~/httpservervolumes/ || true + @echo "##### DONE #####" +upload-file: + @echo "##### Upload file to PM Https Server #####" + curl -F "uploaded_file=@./resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz" -u demo:demo123456! http://localhost:32080/upload.php + @echo "\n##### DONE #####" +clean: + rm -rf target
\ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..792820c --- /dev/null +++ b/README.md @@ -0,0 +1,33 @@ +PM Https Server +--------------- + +### Build an image +``` +make build +``` + +### Start PM Https Server +``` +make start +``` + +### Stop PM Https Server +``` +make stop +``` + +### Use event with PM Https Server +``` +make upload-file +``` + +### clean target +``` +make clean +``` + +### mod_authnz_jwt.so + +External library `mod_authnz_jwt.so` was added to the Apache server. This library wasn't changed in any way. +This library is supplied under the Apache License, Version 2.0 (the "License"). More info is available at +https://github.com/AnthonyDeroche/mod_authnz_jwt . diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..784ec0e --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,23 @@ +version: "2.1" + +services: + http-server: + image: onap/org.onap.integration.simulators.pmhttpsserver + ports: + - "32080:80" + - "8080:8080" + - "32443:443" + - "32000:32000" + - "32100:32100" + volumes: + - ~/httpservervolumes/:/usr/local/apache2/htdocs + - ./logs:/var/log/apache2 + command: bash -c " + echo 'Http Server start'; + while [[ $$(ls -1 /etc/apache2/certs/ | wc -l) != '3' ]]; do echo 'Waiting for certs...'; sleep 3; done; + chmod 777 /usr/local/apache2/htdocs; + cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php; + touch /usr/local/apache2/htdocs/index.html; + /usr/sbin/apache2ctl -D FOREGROUND; + " + restart: on-failure @@ -0,0 +1,119 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + Simulator + ================================================================================ + Copyright (C) 2020 Nokia. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.onap.oparent</groupId> + <artifactId>oparent</artifactId> + <version>3.2.0</version> + </parent> + + <artifactId>pmhttpsserver</artifactId> + <version>1.0.0-SNAPSHOT</version> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format> + <docker.registry>nexus3.onap.org:10003</docker.registry> + <docker.image.tag>latest</docker.image.tag> + <dependency.directory.name>libs</dependency.directory.name> + <dependency.directory.location>${project.build.directory}/${dependency.directory.name}</dependency.directory.location> + <proxy>""</proxy> + </properties> + <profiles> + <profile> + <id>docker</id> + <activation> + <activeByDefault>false</activeByDefault> + </activation> + <properties> + <os.detected.name>linux</os.detected.name> + <os.detected.arch>x86_64</os.detected.arch> + <os.detected.classifier>${os.detected.name}-${os.detected.arch}</os.detected.classifier> + </properties> + <build> + <plugins> + <plugin> + <groupId>io.fabric8</groupId> + <artifactId>docker-maven-plugin</artifactId> + <version>${docker-maven-plugin.version}</version> + <executions> + <execution> + <id>docker-build-image</id> + <phase>package</phase> + <goals> + <goal>build</goal> + </goals> + </execution> + <execution> + <id>docker-push-image</id> + <phase>deploy</phase> + <goals> + <goal>push</goal> + </goals> + </execution> + </executions> + <configuration> + <skipPush>${skipDockerPush}</skipPush> + <verbose>true</verbose> + <imagePullPolicy>IfNotPresent</imagePullPolicy> + <images> + <image> + <alias>${project.artifactId}</alias> + <name>${docker-image.namespace}/${docker-image.name.prefix}.${artifactId}</name> + <registry>${onap.nexus.dockerregistry.daily}</registry> + <build> + <dockerFileDir>${project.basedir}</dockerFileDir> + <tags> + <tag>${project.version}-STAGE-${maven.build.timestamp}Z</tag> + </tags> + </build> + </image> + </images> + </configuration> + </plugin> + </plugins> + </build> + </profile> + </profiles> + + <distributionManagement> + <repository> + <id>ecomp-releases</id> + <name>Integration simulators Release Repository</name> + <url>${nexusproxy}${releaseNexusPath}</url> + </repository> + <snapshotRepository> + <id>ecomp-snapshots</id> + <name>Integration simulators Snapshot Repository</name> + <url>${nexusproxy}${snapshotNexusPath}</url> + </snapshotRepository> + <site> + <id>ecomp-site</id> + <url>dav:${nexusproxy}${sitePath}</url> + </site> + </distributionManagement> + +</project> diff --git a/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz b/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz Binary files differnew file mode 100644 index 0000000..3af5ea8 --- /dev/null +++ b/resources/E_VES_bulkPM_IF_3GPP_3_example_1.xml.gz diff --git a/resources/apache2.conf b/resources/apache2.conf new file mode 100644 index 0000000..13c805f --- /dev/null +++ b/resources/apache2.conf @@ -0,0 +1,228 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the Mutex documentation (available +# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. +<Directory /> + Options FollowSymLinks + AllowOverride None + Require all denied +</Directory> + +<Directory /usr/share> + AllowOverride None + Require all granted +</Directory> + +<Directory /var/www/> + Options Indexes FollowSymLinks + AllowOverride None + Require all granted +</Directory> + +#<Directory /srv/> +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +#</Directory> + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +#AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# +<FilesMatch "^\.ht"> + Require all denied +</FilesMatch> + + +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet +ServerName httpserver.onap.org diff --git a/resources/cert/key.pem b/resources/cert/key.pem new file mode 100644 index 0000000..b56438e --- /dev/null +++ b/resources/cert/key.pem @@ -0,0 +1,28 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqgpwzCGIg4buO +aAZ/MQlt2pVeIKYCgY+7HK4DH1DooF8q04lJptKlqOWBCN9OUUGzM8eOYhQgpkyE +chdgwtbLNhZ5IigEjy2Mn1T6jWuASpm/uurSDRkWZQWQB2Kyk3Fkz3iepYX1dOdI +L2vIEnZPovTgEAZPsx4XRXtulpu01oZjizRV538Kcppfo0o8yM42fFecKuh2UZjR +kcIG1Bo+JaMJ//m8FHBslYrzxbE60Fs8ey66AUo+dK3S+P8c+r0vso7ql8QtKcrW +HMfx2HNwq0T/nU1QiH+NhTmDMl9YgAY7SK1LBQFv7JxW0ipLrPDZPfFT479Z7ngw +GcgMsFKZAgMBAAECggEAVST/huRKzAysscH0bJM6GCcsq2I2Q84azd7Wbiy3JFLg +8uvLBIJPcfXTFQovKFafLjNPFSSY1Gz2jLTEQ8dHpxYNRtPtk8lDf5MYxjzUT63w +9LMMC3QK8QnlKzTk7jN+Tk7j9qTFLfsAeyVi9vdxKPdAvJqD7EyPXCOQLXr7qeMd +Z13q9gMPEb4fwJ1p/edZyxaL1yxiTukk1kgd6PZLaktBJ929YAGuGGRsPIpJffo4 +iOmUDlRqypLgyEVrDGvuS3omA5zSRnmhF8Nka4EsOCzY0aIV/Bgpnyfb3pfVECjf +GNLeq01Jpq7MCBxujx7anfh6lTvP0xDkeqb3+vEfmQKBgQDVetxjr8ZMGUWzY0q6 +wKGtVCmzQ96MiMIaIUW1rBI5/wMbmr8sLF1jZyt5+sSUlTTqktmSqQQg+dPifZz8 +qrVJNxPCfCdqIz1weYjML29BI7SOk1frl7KrJf1qLPmL4Vy9mpJju+B1LnafvJMe +5hEbGHFkBPyy8xDWZzCOsxHzcwKBgQDMeMNyw3bI3MPRg9KuV6R2nZNnvPjxmBSK +2W+jpj48TCl2z46cnCkGNwlP97+nGoJfabRoTC+jlshpnv/Fipt6xAioLwXfUxCL +GckY0ictMJdFHiHu2sisp9n0PW1JXdcdHwvOonb5ZVTcTdULRnbKH1VhGPiQCE0r +SvD+oogWwwKBgGO8JJ7GDiSbYf7vEoixWld6DIld2elaMyS2CrVXkKRbyX3qDAp9 +J5w7JQq154VrN++nb9Ke9/jX/u+/s8ovjsaH3slr65YgpKGZhhmux5FtNvutRtQg +aS6gbwZdwLBjN0q1nlLOAY19iZoTJcC3x6IbB06tLcoE2Qbx6rOgYXCVAoGAZqPQ +aNGZ1SaM3aVwore4BRsAnbiMtqoC1dhkZB/VaetJfSyfiBoTtdz2vb+94yI5g6/K +MfjciR/tpqd7+Suk9LFnLxW7uuk1ir385orHw7V6meWQXxhQV+tCS4pyS7vheerV +wHppgrPNL3Gamjha9QdZko44aATix/KsmwX3joUCgYEAo4w5L7yqGLMgTfkxDmOy +C9UFhKesrOZBPP6qDZz34jvaCiipWq6Gwd7wnoC2zrgtASGIIKcXAaNqzfvw7gEz +5wKSvw8lwmPJQvMntUJin1TqNgRo7xPOx1C1BnDF9UU4auv8nR89BbYhX+40fkuj +3DlFmSndvwhil6gy/1srmIs= +-----END RSA PRIVATE KEY----- diff --git a/resources/cert/keystore.pem b/resources/cert/keystore.pem new file mode 100644 index 0000000..2ab3eed --- /dev/null +++ b/resources/cert/keystore.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEcTCCAtmgAwIBAgIUe6XM/Mon47supO+rWFSbiFBeNiswDQYJKoZIhvcNAQEL +BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMDRkODRmYTRhODhkNTA3ZGIxFTATBgNV +BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr +c3RhcnQwHhcNMjAxMjI4MTIzNjU3WhcNMjIxMjI4MTIyODEyWjCBgjEcMBoGA1UE +AwwTaHR0cHNlcnZlci1vbmFwLm9yZzENMAsGA1UECwwET05BUDEZMBcGA1UECgwQ +TGludXgtRm91bmRhdGlvbjEWMBQGA1UEBwwNU2FuLUZyYW5jaXNjbzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCqgpwzCGIg4buOaAZ/MQlt2pVeIKYCgY+7HK4DH1DooF8q04lJ +ptKlqOWBCN9OUUGzM8eOYhQgpkyEchdgwtbLNhZ5IigEjy2Mn1T6jWuASpm/uurS +DRkWZQWQB2Kyk3Fkz3iepYX1dOdIL2vIEnZPovTgEAZPsx4XRXtulpu01oZjizRV +538Kcppfo0o8yM42fFecKuh2UZjRkcIG1Bo+JaMJ//m8FHBslYrzxbE60Fs8ey66 +AUo+dK3S+P8c+r0vso7ql8QtKcrWHMfx2HNwq0T/nU1QiH+NhTmDMl9YgAY7SK1L +BQFv7JxW0ipLrPDZPfFT479Z7ngwGcgMsFKZAgMBAAGjfzB9MAwGA1UdEwEB/wQC +MAAwHwYDVR0jBBgwFoAUd1DNCRzI4WLLgdg4GnsxyxfCkrQwHQYDVR0lBBYwFAYI +KwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSAtkT7PNLyP3voHno7YcJXYfO4 +ETAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQELBQADggGBAIBgig4otdzAQedD +ke9vWQMbBRA1yaPytR4BGigAQiLFRvDzq2qZR+LL2/+fTb0njzk2Npw6cAGcA/gQ +/+P3eGpktJldC8y5YRj0aHeay8pUNn9pU62hjY25CQuTSY5wRKIkGYfOQkEclZ8+ +d8jlNgYRQU6aqRnJsO2uTn4pjgeFtGFaApmX9qaAc8pLXB7vJOuSCP0YrQsV7YOv +Ew921NwMiJU/PSMLgCir0j1MCGeEp2Vlu0qPkJMfHh2li+pFw7jfGKwCf1RAtjGu +fqJjrdFx/AGXh0e858dW8y4wcS3Q4ED6zk9VMlKRLm8cwjcY6aVUlh7Tj+xpu+x8 +rExBbG27xzs5VK2Kcdniuy4dvyQZ9tlah/GLbnFkPqqIy6BhSFNbzqlq+fmTb1O+ +f/rNHJPfKmlvJFSCHkBcOO3rl66bwrzrg5qgWt1O4aF5bO7T9OmihJLMQp1TGZSA +wBWySAcZhtpzLrxyaChOHO7vdM3mHDZSfsKkNpBB6j7uSx+EAw== +-----END CERTIFICATE----- diff --git a/resources/cert/truststore.pem b/resources/cert/truststore.pem new file mode 100644 index 0000000..e2509e9 --- /dev/null +++ b/resources/cert/truststore.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEszCCAxugAwIBAgIUQi4FHo9reCoqZM8C9hgp/ld8RMowDQYJKoZIhvcNAQEL +BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMDRkODRmYTRhODhkNTA3ZGIxFTATBgNV +BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr +c3RhcnQwHhcNMjAxMjI4MTIzNjU3WhcNMzAxMjI4MTIzNjU3WjBhMSMwIQYKCZIm +iZPyLGQBAQwTYy0wNGQ4NGZhNGE4OGQ1MDdkYjEVMBMGA1UEAwwMTWFuYWdlbWVu +dENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJ +KoZIhvcNAQEBBQADggGPADCCAYoCggGBAKlGZ0r/WxJCAOzi39sFJsAcQwsdPxtR +WkSHI1gHKnHRsHdOJ/b8E/jGy16qWD18twvTt2DUGE4gFrG25HacqwOsklfSHaZl +fTJQrPCRLLVGZfLVusDJeaeT2LyEFDCkgyONErfxKRlo42aSQgcv4erhkUYeCKHq +qHP3a3s5xShBRZSCVGHtsJro4AkeJYHGHBTjhzigY49oMMMf9ZPjOCnfimeebcMM +SbBmvceGyi2QjzavhoqhLOY2MLBciyYGf6LyR0hRRQJhrsiSyVYVDUTVl/BjiRSc +HPfdciY37Db7gVSNIoc01jAHuf3gEZnLgSbmA+BOpuXLaI1qrDWVl6JmGWri19ru +JdrJ8xXUQUe5PXlJceQZEMPbIp3yMdwrLrY697iGMh1SKhwXLUBkbvXYFHQiiC+3 +5JHndEw/ISBMcF0fd/ykxma+IckKiQfm77Qfn+KCuHwqesbh99wMlDS9NL3SH9m9 +VBjYE7heB+jsh1NAZthomSUH+/VqgPik9QIDAQABo2MwYTAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFHdQzQkcyOFiy4HYOBp7McsXwpK0MB0GA1UdDgQWBBR3 +UM0JHMjhYsuB2DgaezHLF8KStDAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggGBADmXPjO/7I2SipGNhGU0Ask68eEL+Dz3V58JsKg+0bvtkeCUK64AAqyV +hus1GqU1IcGwuM+k8rEM0BYLnImeU5mZeLXg9Tbq6Li+9a5UlFNJOJB4F7VaKkx/ +EgafkKb9ptpkcsz2cHLP1ZaKtlywYYUWtDe+fGl9pw1CWkzrcDeKdvxFk+GgC67v +ZnIlYR3vkWxGMqkp2faCyCbaJxkOKzbBYvq9afXZuwd+6wzLXS2i+uNEUoNPVfXv +H0b2P4xKHtEROTk5nprSeJC3tRTBbPmVKqTx+O8lTtaL6Tew2x9/weUIHGTfVZZl +TOE5G0qiO7WHXcO17YkjEaKXOV/p9r2czIhzp2HXgCeP4SYhYaVrd3kn5gEelc8J +8vuVz0t5VD7R+xV1dwYE8w8CMDXov3rRbqpXGldcvjTXncOmbj3Zfy17xHYRxf+v +AdVVVBlx6O2mAx9YQNZCyMAUMUU6C4UzD4Jo4I6/EPCGaD3OqTANJgWYiBf/r+SP +UD0yuqV3pQ== +-----END CERTIFICATE----- diff --git a/resources/lib/libjwt.so.1.7.0 b/resources/lib/libjwt.so.1.7.0 Binary files differnew file mode 100755 index 0000000..b22c527 --- /dev/null +++ b/resources/lib/libjwt.so.1.7.0 diff --git a/resources/local/.htpasswd b/resources/local/.htpasswd new file mode 100644 index 0000000..e991d18 --- /dev/null +++ b/resources/local/.htpasswd @@ -0,0 +1 @@ +demo:$apr1$UhwaUkTW$lTHMzOU2TyNn6qM8P/zS3. diff --git a/resources/local/upload.php b/resources/local/upload.php new file mode 100644 index 0000000..31dbaa3 --- /dev/null +++ b/resources/local/upload.php @@ -0,0 +1,18 @@ +<?PHP + if(!empty($_FILES['uploaded_file'])) + { + $dirpath = ""; + $path = $dirpath . basename( $_FILES['uploaded_file']['name']); + $filename = $_FILES['uploaded_file']['name']; + $filepath = '/usr/local/apache2/htdocs/'.$path; + + if (file_exists($filepath)) { + echo "The file $filename exists" .PHP_EOL; + } else if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) { + echo "The file ". basename( $_FILES['uploaded_file']['name']). + " has been uploaded" .PHP_EOL; + } else{ + echo "There was an error uploading the file, please try again!" .PHP_EOL; + } + } +?> diff --git a/resources/mods-enabled/auth_jwt.load b/resources/mods-enabled/auth_jwt.load new file mode 100644 index 0000000..72eb3af --- /dev/null +++ b/resources/mods-enabled/auth_jwt.load @@ -0,0 +1 @@ +LoadModule auth_jwt_module /usr/local/apache2/modules/mod_authnz_jwt.so diff --git a/resources/modules/mod_authnz_jwt.so b/resources/modules/mod_authnz_jwt.so Binary files differnew file mode 100644 index 0000000..2e2e834 --- /dev/null +++ b/resources/modules/mod_authnz_jwt.so diff --git a/resources/ports.conf b/resources/ports.conf new file mode 100644 index 0000000..b7a16cd --- /dev/null +++ b/resources/ports.conf @@ -0,0 +1,14 @@ +Listen 80 http +Listen 32000 http + +<IfModule ssl_module> + Listen 443 https + Listen 8080 https + Listen 32100 https +</IfModule> + +<IfModule mod_gnutls.c> + Listen 443 https + Listen 8080 https + Listen 32100 https +</IfModule> diff --git a/resources/sites-enabled/000-default.conf b/resources/sites-enabled/000-default.conf new file mode 100644 index 0000000..58e95ce --- /dev/null +++ b/resources/sites-enabled/000-default.conf @@ -0,0 +1,132 @@ +<VirtualHost *:80> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory /usr/local/apache2/htdocs> + Options Indexes FollowSymLinks MultiViews + AllowOverride None + AuthType Basic + AuthName "Secure file" + AuthBasicProvider file + AuthUserFile "/usr/local/apache2/passwd/.htpasswd" + Require valid-user + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> +<VirtualHost *:32000> + + ServerAdmin httpserver-onap.org + DocumentRoot "/usr/local/apache2/htdocs" + + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<IfModule mod_ssl.c> +<VirtualHost *:443> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory /usr/local/apache2/htdocs> + SSLVerifyClient optional + SSLVerifyDepth 2 + SSLOptions +FakeBasicAuth +StrictRequire + <RequireAll> + Require ssl-verify-client + </RequireAll> + Options Indexes FollowSymLinks MultiViews + AuthType Basic + AuthName "Secure file" + AuthBasicProvider file + AuthUserFile "/usr/local/apache2/passwd/.htpasswd" + Require valid-user + </Directory> + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<VirtualHost *:8080> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory "/usr/local/apache2/htdocs"> + Require all granted + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem +</VirtualHost> + +<VirtualHost *:32100> + + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem +</VirtualHost> +</IfModule> |