diff options
author | Krzysztof Gajewski <krzysztof.gajewski@nokia.com> | 2021-02-24 14:46:37 +0100 |
---|---|---|
committer | Krzysztof Gajewski <krzysztof.gajewski@nokia.com> | 2021-03-02 15:56:29 +0100 |
commit | b1961a04c191ebbc726de507d98c85966b7a6a71 (patch) | |
tree | c15b1ba29407d79740f02734c387695bb01a7026 /httpserver/resources | |
parent | 441945e8adf7e3adc524d761e61c179c83e9888d (diff) |
Add JWT support in HTTP/HTTPS based locations - pnf-simulator1.0.5
- update containers to version 1.0.5
Issue-ID: DCAEGEN2-2536
Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: If6b938db03fc8b5e5a5a6435ad0559061fa5b4ad
Diffstat (limited to 'httpserver/resources')
-rw-r--r-- | httpserver/resources/.htaccess | 5 | ||||
-rw-r--r-- | httpserver/resources/apache-config.conf | 49 | ||||
-rw-r--r-- | httpserver/resources/apache2.conf | 2 | ||||
-rwxr-xr-x | httpserver/resources/lib/libjwt.so.1.7.0 | bin | 0 -> 133400 bytes | |||
-rw-r--r-- | httpserver/resources/local/.htpasswd (renamed from httpserver/resources/.htpasswd) | 0 | ||||
-rw-r--r-- | httpserver/resources/local/upload.php (renamed from httpserver/resources/upload.php) | 0 | ||||
-rw-r--r-- | httpserver/resources/mods-enabled/auth_jwt.load | 1 | ||||
-rw-r--r-- | httpserver/resources/modules/mod_authnz_jwt.so | bin | 0 -> 146696 bytes | |||
-rw-r--r-- | httpserver/resources/ports.conf | 14 | ||||
-rw-r--r-- | httpserver/resources/sites-enabled/000-default.conf | 132 |
10 files changed, 148 insertions, 55 deletions
diff --git a/httpserver/resources/.htaccess b/httpserver/resources/.htaccess deleted file mode 100644 index f8ba228..0000000 --- a/httpserver/resources/.htaccess +++ /dev/null @@ -1,5 +0,0 @@ - AuthType Basic - AuthName "Secure file" - AuthBasicProvider file - AuthUserFile "/usr/local/apache2/passwd/.htpasswd" - Require valid-user diff --git a/httpserver/resources/apache-config.conf b/httpserver/resources/apache-config.conf deleted file mode 100644 index 910e20f..0000000 --- a/httpserver/resources/apache-config.conf +++ /dev/null @@ -1,49 +0,0 @@ -<VirtualHost *:80> - ServerAdmin httpserver-onap.org - ServerName httpserver-onap.org - - DocumentRoot /usr/local/apache2/htdocs - <Directory /usr/local/apache2/htdocs> - Options Indexes FollowSymLinks MultiViews - AllowOverride AuthConfig - Require all granted - </Directory> - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined -</VirtualHost> - -<IfModule mod_ssl.c> -<VirtualHost *:443> - ServerAdmin httpserver-onap.org - ServerName httpserver-onap.org - - DocumentRoot /usr/local/apache2/htdocs - <Directory /usr/local/apache2/htdocs> - SSLVerifyClient optional - SSLVerifyDepth 2 - SSLOptions +FakeBasicAuth +StrictRequire - <RequireAll> - Require ssl-verify-client - </RequireAll> - Options Indexes FollowSymLinks MultiViews - AuthType Basic - AuthName "Secure file" - AuthBasicProvider file - AuthUserFile "/usr/local/apache2/passwd/.htpasswd" - Require valid-user - </Directory> - - SSLCACertificateFile /etc/apache2/certs/truststore.pem - SSLCertificateFile /etc/apache2/certs/keystore.pem - SSLCertificateKeyFile /etc/apache2/certs/key.pem - SSLEngine on - SSLProtocol -all +TLSv1.2 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined -</VirtualHost> -</IfModule> diff --git a/httpserver/resources/apache2.conf b/httpserver/resources/apache2.conf index e43e3f6..13c805f 100644 --- a/httpserver/resources/apache2.conf +++ b/httpserver/resources/apache2.conf @@ -186,7 +186,7 @@ Include ports.conf # for additional configuration directives. See also the AllowOverride # directive. # -AccessFileName .htaccess +#AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being diff --git a/httpserver/resources/lib/libjwt.so.1.7.0 b/httpserver/resources/lib/libjwt.so.1.7.0 Binary files differnew file mode 100755 index 0000000..b22c527 --- /dev/null +++ b/httpserver/resources/lib/libjwt.so.1.7.0 diff --git a/httpserver/resources/.htpasswd b/httpserver/resources/local/.htpasswd index e991d18..e991d18 100644 --- a/httpserver/resources/.htpasswd +++ b/httpserver/resources/local/.htpasswd diff --git a/httpserver/resources/upload.php b/httpserver/resources/local/upload.php index 31dbaa3..31dbaa3 100644 --- a/httpserver/resources/upload.php +++ b/httpserver/resources/local/upload.php diff --git a/httpserver/resources/mods-enabled/auth_jwt.load b/httpserver/resources/mods-enabled/auth_jwt.load new file mode 100644 index 0000000..72eb3af --- /dev/null +++ b/httpserver/resources/mods-enabled/auth_jwt.load @@ -0,0 +1 @@ +LoadModule auth_jwt_module /usr/local/apache2/modules/mod_authnz_jwt.so diff --git a/httpserver/resources/modules/mod_authnz_jwt.so b/httpserver/resources/modules/mod_authnz_jwt.so Binary files differnew file mode 100644 index 0000000..2e2e834 --- /dev/null +++ b/httpserver/resources/modules/mod_authnz_jwt.so diff --git a/httpserver/resources/ports.conf b/httpserver/resources/ports.conf new file mode 100644 index 0000000..b7a16cd --- /dev/null +++ b/httpserver/resources/ports.conf @@ -0,0 +1,14 @@ +Listen 80 http +Listen 32000 http + +<IfModule ssl_module> + Listen 443 https + Listen 8080 https + Listen 32100 https +</IfModule> + +<IfModule mod_gnutls.c> + Listen 443 https + Listen 8080 https + Listen 32100 https +</IfModule> diff --git a/httpserver/resources/sites-enabled/000-default.conf b/httpserver/resources/sites-enabled/000-default.conf new file mode 100644 index 0000000..58e95ce --- /dev/null +++ b/httpserver/resources/sites-enabled/000-default.conf @@ -0,0 +1,132 @@ +<VirtualHost *:80> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory /usr/local/apache2/htdocs> + Options Indexes FollowSymLinks MultiViews + AllowOverride None + AuthType Basic + AuthName "Secure file" + AuthBasicProvider file + AuthUserFile "/usr/local/apache2/passwd/.htpasswd" + Require valid-user + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> +<VirtualHost *:32000> + + ServerAdmin httpserver-onap.org + DocumentRoot "/usr/local/apache2/htdocs" + + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<IfModule mod_ssl.c> +<VirtualHost *:443> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory /usr/local/apache2/htdocs> + SSLVerifyClient optional + SSLVerifyDepth 2 + SSLOptions +FakeBasicAuth +StrictRequire + <RequireAll> + Require ssl-verify-client + </RequireAll> + Options Indexes FollowSymLinks MultiViews + AuthType Basic + AuthName "Secure file" + AuthBasicProvider file + AuthUserFile "/usr/local/apache2/passwd/.htpasswd" + Require valid-user + </Directory> + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<VirtualHost *:8080> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory "/usr/local/apache2/htdocs"> + Require all granted + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem +</VirtualHost> + +<VirtualHost *:32100> + + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem +</VirtualHost> +</IfModule> |