diff options
Diffstat (limited to 'httpserver')
-rw-r--r-- | httpserver/.gitignore | 1 | ||||
-rw-r--r-- | httpserver/Dockerfile | 34 | ||||
-rw-r--r-- | httpserver/Makefile | 18 | ||||
-rw-r--r-- | httpserver/README.md | 23 | ||||
-rw-r--r-- | httpserver/docker-compose.yml | 23 | ||||
-rw-r--r-- | httpserver/pom.xml | 119 | ||||
-rw-r--r-- | httpserver/resources/apache2.conf | 228 | ||||
-rw-r--r-- | httpserver/resources/cert/key.pem | 28 | ||||
-rw-r--r-- | httpserver/resources/cert/keystore.pem | 26 | ||||
-rw-r--r-- | httpserver/resources/cert/truststore.pem | 28 | ||||
-rwxr-xr-x | httpserver/resources/lib/libjwt.so.1.7.0 | bin | 0 -> 133400 bytes | |||
-rw-r--r-- | httpserver/resources/local/.htpasswd | 1 | ||||
-rw-r--r-- | httpserver/resources/local/upload.php | 18 | ||||
-rw-r--r-- | httpserver/resources/mods-enabled/auth_jwt.load | 1 | ||||
-rw-r--r-- | httpserver/resources/modules/mod_authnz_jwt.so | bin | 0 -> 146696 bytes | |||
-rw-r--r-- | httpserver/resources/ports.conf | 14 | ||||
-rw-r--r-- | httpserver/resources/sites-enabled/000-default.conf | 132 |
17 files changed, 694 insertions, 0 deletions
diff --git a/httpserver/.gitignore b/httpserver/.gitignore new file mode 100644 index 0000000..98d8a5a --- /dev/null +++ b/httpserver/.gitignore @@ -0,0 +1 @@ +logs diff --git a/httpserver/Dockerfile b/httpserver/Dockerfile new file mode 100644 index 0000000..9b801d4 --- /dev/null +++ b/httpserver/Dockerfile @@ -0,0 +1,34 @@ +FROM httpd:2.4 + +RUN apt-get update && apt-get -y install nano vim libapache2-mod-php php php-curl + +RUN a2enmod mpm_prefork +RUN a2dismod mpm_event +RUN a2enmod rewrite +RUN a2enmod ssl + +ENV APACHE_LOG_DIR /var/log/apache2 +ENV APACHE_LOCK_DIR /var/lock/apache2 +ENV APACHE_PID_FILE /var/run/apache2.pid + +COPY --chown=root:root resources/local/.htpasswd /usr/local/apache2/passwd/.htpasswd +COPY --chown=root:root resources/local/upload.php /usr/local/apache2/conf/upload.php +COPY --chown=root:root resources/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.conf +COPY --chown=root:root resources/ports.conf /etc/apache2/ports.conf +COPY --chown=root:root resources/apache2.conf /etc/apache2/apache2.conf +COPY --chown=root:root resources/cert/ /etc/apache2/certs/ + +COPY --chown=root:root resources/lib/libjwt.so.1.7.0 /usr/lib/x86_64-linux-gnu/libjwt.so.1 +COPY --chown=root:root resources/modules/mod_authnz_jwt.so /usr/local/apache2/modules/mod_authnz_jwt.so +COPY --chown=root:root resources/mods-enabled/auth_jwt.load /etc/apache2/mods-enabled/auth_jwt.load + +RUN chmod 644 /usr/local/apache2/passwd/.htpasswd +RUN chmod 644 /usr/local/apache2/conf/httpd.conf +RUN chmod 644 /usr/lib/x86_64-linux-gnu/libjwt.so.1 +RUN chmod 644 /usr/local/apache2/modules/mod_authnz_jwt.so +RUN touch /usr/local/apache2/htdocs/index.html +CMD if [ -f /etc/apache2/certs/cacert.pem ]; then cp /etc/apache2/certs/cacert.pem /etc/apache2/certs/truststore.pem; fi \ + && if [ -f /etc/apache2/certs/cert.pem ]; then cp /etc/apache2/certs/cert.pem /etc/apache2/certs/keystore.pem; fi \ + && chmod 777 /usr/local/apache2/htdocs \ + && cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php \ + && /usr/sbin/apache2ctl -D FOREGROUND diff --git a/httpserver/Makefile b/httpserver/Makefile new file mode 100644 index 0000000..e3bae34 --- /dev/null +++ b/httpserver/Makefile @@ -0,0 +1,18 @@ +default: + @echo "There is no default target. Use: make <specific_target>" + +build-http-server: + @echo "##### Build http server docker image #####" + docker build . -t onap/org.onap.integration.simulators.httpserver + @echo "##### DONE #####" + +start-http-server: + @echo "##### Start Http Server #####" + docker-compose -f docker-compose.yml up + @echo "##### DONE #####" + +stop-http-server: + @echo "##### Stop Http Server #####" + docker-compose -f docker-compose.yml down + rm -rf ~/httpservervolumes/ || true + @echo "##### DONE #####" diff --git a/httpserver/README.md b/httpserver/README.md new file mode 100644 index 0000000..0d6bcc0 --- /dev/null +++ b/httpserver/README.md @@ -0,0 +1,23 @@ +Http server +--------------- + +### Build an image +``` +make build-http-server +``` + +### Start http server +``` +make start-http-server +``` + +### Stop http server +``` +make stop-http-server +``` + +### mod_authnz_jwt.so + +External library `mod_authnz_jwt.so` was added to the Apache server. This library wasn't changed in any way. +This library is supplied under the Apache License, Version 2.0 (the "License"). More info is available at +https://github.com/AnthonyDeroche/mod_authnz_jwt . diff --git a/httpserver/docker-compose.yml b/httpserver/docker-compose.yml new file mode 100644 index 0000000..0b80465 --- /dev/null +++ b/httpserver/docker-compose.yml @@ -0,0 +1,23 @@ +version: "2.1" + +services: + http-server: + image: onap/org.onap.integration.simulators.httpserver + ports: + - "32080:80" + - "8080:8080" + - "32443:443" + - "32000:32000" + - "32100:32100" + volumes: + - ~/httpservervolumes/:/usr/local/apache2/htdocs + - ./logs:/var/log/apache2 + command: bash -c " + echo 'Http Server start'; + while [[ $$(ls -1 /etc/apache2/certs/ | wc -l) != '3' ]]; do echo 'Waiting for certs...'; sleep 3; done; + chmod 777 /usr/local/apache2/htdocs; + cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php; + touch /usr/local/apache2/htdocs/index.html; + /usr/sbin/apache2ctl -D FOREGROUND; + " + restart: on-failure diff --git a/httpserver/pom.xml b/httpserver/pom.xml new file mode 100644 index 0000000..b775a83 --- /dev/null +++ b/httpserver/pom.xml @@ -0,0 +1,119 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + Simulator + ================================================================================ + Copyright (C) 2020 Nokia. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + + <parent> + <groupId>org.onap.integration.simulators.pnf-simulator</groupId> + <artifactId>integration-pnf-simulator</artifactId> + <version>1.0.5-SNAPSHOT</version> + </parent> + + <artifactId>httpserver</artifactId> + <version>1.0.5-SNAPSHOT</version> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <maven.build.timestamp.format>yyyyMMdd'T'HHmmss</maven.build.timestamp.format> + <docker.registry>nexus3.onap.org:10003</docker.registry> + <docker.image.tag>latest</docker.image.tag> + <dependency.directory.name>libs</dependency.directory.name> + <dependency.directory.location>${project.build.directory}/${dependency.directory.name}</dependency.directory.location> + <proxy>""</proxy> + </properties> + <profiles> + <profile> + <id>docker</id> + <activation> + <activeByDefault>false</activeByDefault> + </activation> + <properties> + <os.detected.name>linux</os.detected.name> + <os.detected.arch>x86_64</os.detected.arch> + <os.detected.classifier>${os.detected.name}-${os.detected.arch}</os.detected.classifier> + </properties> + <build> + <plugins> + <plugin> + <groupId>io.fabric8</groupId> + <artifactId>docker-maven-plugin</artifactId> + <version>${docker-maven-plugin.version}</version> + <executions> + <execution> + <id>docker-build-image</id> + <phase>package</phase> + <goals> + <goal>build</goal> + </goals> + </execution> + <execution> + <id>docker-push-image</id> + <phase>deploy</phase> + <goals> + <goal>push</goal> + </goals> + </execution> + </executions> + <configuration> + <skipPush>${skipDockerPush}</skipPush> + <verbose>true</verbose> + <imagePullPolicy>IfNotPresent</imagePullPolicy> + <images> + <image> + <alias>${project.artifactId}</alias> + <name>${docker-image.namespace}/${docker-image.name.prefix}.${artifactId}</name> + <registry>${onap.nexus.dockerregistry.daily}</registry> + <build> + <dockerFileDir>${project.basedir}</dockerFileDir> + <tags> + <tag>${project.version}-STAGE-${maven.build.timestamp}Z</tag> + </tags> + </build> + </image> + </images> + </configuration> + </plugin> + </plugins> + </build> + </profile> + </profiles> + + <distributionManagement> + <repository> + <id>ecomp-releases</id> + <name>Integration simulators Release Repository</name> + <url>${nexusproxy}${releaseNexusPath}</url> + </repository> + <snapshotRepository> + <id>ecomp-snapshots</id> + <name>Integration simulators Snapshot Repository</name> + <url>${nexusproxy}${snapshotNexusPath}</url> + </snapshotRepository> + <site> + <id>ecomp-site</id> + <url>dav:${nexusproxy}${sitePath}</url> + </site> + </distributionManagement> + +</project> diff --git a/httpserver/resources/apache2.conf b/httpserver/resources/apache2.conf new file mode 100644 index 0000000..13c805f --- /dev/null +++ b/httpserver/resources/apache2.conf @@ -0,0 +1,228 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the Mutex documentation (available +# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. +<Directory /> + Options FollowSymLinks + AllowOverride None + Require all denied +</Directory> + +<Directory /usr/share> + AllowOverride None + Require all granted +</Directory> + +<Directory /var/www/> + Options Indexes FollowSymLinks + AllowOverride None + Require all granted +</Directory> + +#<Directory /srv/> +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +#</Directory> + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +#AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# +<FilesMatch "^\.ht"> + Require all denied +</FilesMatch> + + +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet +ServerName httpserver.onap.org diff --git a/httpserver/resources/cert/key.pem b/httpserver/resources/cert/key.pem new file mode 100644 index 0000000..b56438e --- /dev/null +++ b/httpserver/resources/cert/key.pem @@ -0,0 +1,28 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqgpwzCGIg4buO +aAZ/MQlt2pVeIKYCgY+7HK4DH1DooF8q04lJptKlqOWBCN9OUUGzM8eOYhQgpkyE +chdgwtbLNhZ5IigEjy2Mn1T6jWuASpm/uurSDRkWZQWQB2Kyk3Fkz3iepYX1dOdI +L2vIEnZPovTgEAZPsx4XRXtulpu01oZjizRV538Kcppfo0o8yM42fFecKuh2UZjR +kcIG1Bo+JaMJ//m8FHBslYrzxbE60Fs8ey66AUo+dK3S+P8c+r0vso7ql8QtKcrW +HMfx2HNwq0T/nU1QiH+NhTmDMl9YgAY7SK1LBQFv7JxW0ipLrPDZPfFT479Z7ngw +GcgMsFKZAgMBAAECggEAVST/huRKzAysscH0bJM6GCcsq2I2Q84azd7Wbiy3JFLg +8uvLBIJPcfXTFQovKFafLjNPFSSY1Gz2jLTEQ8dHpxYNRtPtk8lDf5MYxjzUT63w +9LMMC3QK8QnlKzTk7jN+Tk7j9qTFLfsAeyVi9vdxKPdAvJqD7EyPXCOQLXr7qeMd +Z13q9gMPEb4fwJ1p/edZyxaL1yxiTukk1kgd6PZLaktBJ929YAGuGGRsPIpJffo4 +iOmUDlRqypLgyEVrDGvuS3omA5zSRnmhF8Nka4EsOCzY0aIV/Bgpnyfb3pfVECjf +GNLeq01Jpq7MCBxujx7anfh6lTvP0xDkeqb3+vEfmQKBgQDVetxjr8ZMGUWzY0q6 +wKGtVCmzQ96MiMIaIUW1rBI5/wMbmr8sLF1jZyt5+sSUlTTqktmSqQQg+dPifZz8 +qrVJNxPCfCdqIz1weYjML29BI7SOk1frl7KrJf1qLPmL4Vy9mpJju+B1LnafvJMe +5hEbGHFkBPyy8xDWZzCOsxHzcwKBgQDMeMNyw3bI3MPRg9KuV6R2nZNnvPjxmBSK +2W+jpj48TCl2z46cnCkGNwlP97+nGoJfabRoTC+jlshpnv/Fipt6xAioLwXfUxCL +GckY0ictMJdFHiHu2sisp9n0PW1JXdcdHwvOonb5ZVTcTdULRnbKH1VhGPiQCE0r +SvD+oogWwwKBgGO8JJ7GDiSbYf7vEoixWld6DIld2elaMyS2CrVXkKRbyX3qDAp9 +J5w7JQq154VrN++nb9Ke9/jX/u+/s8ovjsaH3slr65YgpKGZhhmux5FtNvutRtQg +aS6gbwZdwLBjN0q1nlLOAY19iZoTJcC3x6IbB06tLcoE2Qbx6rOgYXCVAoGAZqPQ +aNGZ1SaM3aVwore4BRsAnbiMtqoC1dhkZB/VaetJfSyfiBoTtdz2vb+94yI5g6/K +MfjciR/tpqd7+Suk9LFnLxW7uuk1ir385orHw7V6meWQXxhQV+tCS4pyS7vheerV +wHppgrPNL3Gamjha9QdZko44aATix/KsmwX3joUCgYEAo4w5L7yqGLMgTfkxDmOy +C9UFhKesrOZBPP6qDZz34jvaCiipWq6Gwd7wnoC2zrgtASGIIKcXAaNqzfvw7gEz +5wKSvw8lwmPJQvMntUJin1TqNgRo7xPOx1C1BnDF9UU4auv8nR89BbYhX+40fkuj +3DlFmSndvwhil6gy/1srmIs= +-----END RSA PRIVATE KEY----- diff --git a/httpserver/resources/cert/keystore.pem b/httpserver/resources/cert/keystore.pem new file mode 100644 index 0000000..2ab3eed --- /dev/null +++ b/httpserver/resources/cert/keystore.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEcTCCAtmgAwIBAgIUe6XM/Mon47supO+rWFSbiFBeNiswDQYJKoZIhvcNAQEL +BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMDRkODRmYTRhODhkNTA3ZGIxFTATBgNV +BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr +c3RhcnQwHhcNMjAxMjI4MTIzNjU3WhcNMjIxMjI4MTIyODEyWjCBgjEcMBoGA1UE +AwwTaHR0cHNlcnZlci1vbmFwLm9yZzENMAsGA1UECwwET05BUDEZMBcGA1UECgwQ +TGludXgtRm91bmRhdGlvbjEWMBQGA1UEBwwNU2FuLUZyYW5jaXNjbzETMBEGA1UE +CAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCqgpwzCGIg4buOaAZ/MQlt2pVeIKYCgY+7HK4DH1DooF8q04lJ +ptKlqOWBCN9OUUGzM8eOYhQgpkyEchdgwtbLNhZ5IigEjy2Mn1T6jWuASpm/uurS +DRkWZQWQB2Kyk3Fkz3iepYX1dOdIL2vIEnZPovTgEAZPsx4XRXtulpu01oZjizRV +538Kcppfo0o8yM42fFecKuh2UZjRkcIG1Bo+JaMJ//m8FHBslYrzxbE60Fs8ey66 +AUo+dK3S+P8c+r0vso7ql8QtKcrWHMfx2HNwq0T/nU1QiH+NhTmDMl9YgAY7SK1L +BQFv7JxW0ipLrPDZPfFT479Z7ngwGcgMsFKZAgMBAAGjfzB9MAwGA1UdEwEB/wQC +MAAwHwYDVR0jBBgwFoAUd1DNCRzI4WLLgdg4GnsxyxfCkrQwHQYDVR0lBBYwFAYI +KwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSAtkT7PNLyP3voHno7YcJXYfO4 +ETAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQELBQADggGBAIBgig4otdzAQedD +ke9vWQMbBRA1yaPytR4BGigAQiLFRvDzq2qZR+LL2/+fTb0njzk2Npw6cAGcA/gQ +/+P3eGpktJldC8y5YRj0aHeay8pUNn9pU62hjY25CQuTSY5wRKIkGYfOQkEclZ8+ +d8jlNgYRQU6aqRnJsO2uTn4pjgeFtGFaApmX9qaAc8pLXB7vJOuSCP0YrQsV7YOv +Ew921NwMiJU/PSMLgCir0j1MCGeEp2Vlu0qPkJMfHh2li+pFw7jfGKwCf1RAtjGu +fqJjrdFx/AGXh0e858dW8y4wcS3Q4ED6zk9VMlKRLm8cwjcY6aVUlh7Tj+xpu+x8 +rExBbG27xzs5VK2Kcdniuy4dvyQZ9tlah/GLbnFkPqqIy6BhSFNbzqlq+fmTb1O+ +f/rNHJPfKmlvJFSCHkBcOO3rl66bwrzrg5qgWt1O4aF5bO7T9OmihJLMQp1TGZSA +wBWySAcZhtpzLrxyaChOHO7vdM3mHDZSfsKkNpBB6j7uSx+EAw== +-----END CERTIFICATE----- diff --git a/httpserver/resources/cert/truststore.pem b/httpserver/resources/cert/truststore.pem new file mode 100644 index 0000000..e2509e9 --- /dev/null +++ b/httpserver/resources/cert/truststore.pem @@ -0,0 +1,28 @@ +-----BEGIN CERTIFICATE----- +MIIEszCCAxugAwIBAgIUQi4FHo9reCoqZM8C9hgp/ld8RMowDQYJKoZIhvcNAQEL +BQAwYTEjMCEGCgmSJomT8ixkAQEME2MtMDRkODRmYTRhODhkNTA3ZGIxFTATBgNV +BAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNr +c3RhcnQwHhcNMjAxMjI4MTIzNjU3WhcNMzAxMjI4MTIzNjU3WjBhMSMwIQYKCZIm +iZPyLGQBAQwTYy0wNGQ4NGZhNGE4OGQ1MDdkYjEVMBMGA1UEAwwMTWFuYWdlbWVu +dENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJ +KoZIhvcNAQEBBQADggGPADCCAYoCggGBAKlGZ0r/WxJCAOzi39sFJsAcQwsdPxtR +WkSHI1gHKnHRsHdOJ/b8E/jGy16qWD18twvTt2DUGE4gFrG25HacqwOsklfSHaZl +fTJQrPCRLLVGZfLVusDJeaeT2LyEFDCkgyONErfxKRlo42aSQgcv4erhkUYeCKHq +qHP3a3s5xShBRZSCVGHtsJro4AkeJYHGHBTjhzigY49oMMMf9ZPjOCnfimeebcMM +SbBmvceGyi2QjzavhoqhLOY2MLBciyYGf6LyR0hRRQJhrsiSyVYVDUTVl/BjiRSc +HPfdciY37Db7gVSNIoc01jAHuf3gEZnLgSbmA+BOpuXLaI1qrDWVl6JmGWri19ru +JdrJ8xXUQUe5PXlJceQZEMPbIp3yMdwrLrY697iGMh1SKhwXLUBkbvXYFHQiiC+3 +5JHndEw/ISBMcF0fd/ykxma+IckKiQfm77Qfn+KCuHwqesbh99wMlDS9NL3SH9m9 +VBjYE7heB+jsh1NAZthomSUH+/VqgPik9QIDAQABo2MwYTAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFHdQzQkcyOFiy4HYOBp7McsXwpK0MB0GA1UdDgQWBBR3 +UM0JHMjhYsuB2DgaezHLF8KStDAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggGBADmXPjO/7I2SipGNhGU0Ask68eEL+Dz3V58JsKg+0bvtkeCUK64AAqyV +hus1GqU1IcGwuM+k8rEM0BYLnImeU5mZeLXg9Tbq6Li+9a5UlFNJOJB4F7VaKkx/ +EgafkKb9ptpkcsz2cHLP1ZaKtlywYYUWtDe+fGl9pw1CWkzrcDeKdvxFk+GgC67v +ZnIlYR3vkWxGMqkp2faCyCbaJxkOKzbBYvq9afXZuwd+6wzLXS2i+uNEUoNPVfXv +H0b2P4xKHtEROTk5nprSeJC3tRTBbPmVKqTx+O8lTtaL6Tew2x9/weUIHGTfVZZl +TOE5G0qiO7WHXcO17YkjEaKXOV/p9r2czIhzp2HXgCeP4SYhYaVrd3kn5gEelc8J +8vuVz0t5VD7R+xV1dwYE8w8CMDXov3rRbqpXGldcvjTXncOmbj3Zfy17xHYRxf+v +AdVVVBlx6O2mAx9YQNZCyMAUMUU6C4UzD4Jo4I6/EPCGaD3OqTANJgWYiBf/r+SP +UD0yuqV3pQ== +-----END CERTIFICATE----- diff --git a/httpserver/resources/lib/libjwt.so.1.7.0 b/httpserver/resources/lib/libjwt.so.1.7.0 Binary files differnew file mode 100755 index 0000000..b22c527 --- /dev/null +++ b/httpserver/resources/lib/libjwt.so.1.7.0 diff --git a/httpserver/resources/local/.htpasswd b/httpserver/resources/local/.htpasswd new file mode 100644 index 0000000..e991d18 --- /dev/null +++ b/httpserver/resources/local/.htpasswd @@ -0,0 +1 @@ +demo:$apr1$UhwaUkTW$lTHMzOU2TyNn6qM8P/zS3. diff --git a/httpserver/resources/local/upload.php b/httpserver/resources/local/upload.php new file mode 100644 index 0000000..31dbaa3 --- /dev/null +++ b/httpserver/resources/local/upload.php @@ -0,0 +1,18 @@ +<?PHP + if(!empty($_FILES['uploaded_file'])) + { + $dirpath = ""; + $path = $dirpath . basename( $_FILES['uploaded_file']['name']); + $filename = $_FILES['uploaded_file']['name']; + $filepath = '/usr/local/apache2/htdocs/'.$path; + + if (file_exists($filepath)) { + echo "The file $filename exists" .PHP_EOL; + } else if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) { + echo "The file ". basename( $_FILES['uploaded_file']['name']). + " has been uploaded" .PHP_EOL; + } else{ + echo "There was an error uploading the file, please try again!" .PHP_EOL; + } + } +?> diff --git a/httpserver/resources/mods-enabled/auth_jwt.load b/httpserver/resources/mods-enabled/auth_jwt.load new file mode 100644 index 0000000..72eb3af --- /dev/null +++ b/httpserver/resources/mods-enabled/auth_jwt.load @@ -0,0 +1 @@ +LoadModule auth_jwt_module /usr/local/apache2/modules/mod_authnz_jwt.so diff --git a/httpserver/resources/modules/mod_authnz_jwt.so b/httpserver/resources/modules/mod_authnz_jwt.so Binary files differnew file mode 100644 index 0000000..2e2e834 --- /dev/null +++ b/httpserver/resources/modules/mod_authnz_jwt.so diff --git a/httpserver/resources/ports.conf b/httpserver/resources/ports.conf new file mode 100644 index 0000000..b7a16cd --- /dev/null +++ b/httpserver/resources/ports.conf @@ -0,0 +1,14 @@ +Listen 80 http +Listen 32000 http + +<IfModule ssl_module> + Listen 443 https + Listen 8080 https + Listen 32100 https +</IfModule> + +<IfModule mod_gnutls.c> + Listen 443 https + Listen 8080 https + Listen 32100 https +</IfModule> diff --git a/httpserver/resources/sites-enabled/000-default.conf b/httpserver/resources/sites-enabled/000-default.conf new file mode 100644 index 0000000..58e95ce --- /dev/null +++ b/httpserver/resources/sites-enabled/000-default.conf @@ -0,0 +1,132 @@ +<VirtualHost *:80> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory /usr/local/apache2/htdocs> + Options Indexes FollowSymLinks MultiViews + AllowOverride None + AuthType Basic + AuthName "Secure file" + AuthBasicProvider file + AuthUserFile "/usr/local/apache2/passwd/.htpasswd" + Require valid-user + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> +<VirtualHost *:32000> + + ServerAdmin httpserver-onap.org + DocumentRoot "/usr/local/apache2/htdocs" + + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<IfModule mod_ssl.c> +<VirtualHost *:443> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory /usr/local/apache2/htdocs> + SSLVerifyClient optional + SSLVerifyDepth 2 + SSLOptions +FakeBasicAuth +StrictRequire + <RequireAll> + Require ssl-verify-client + </RequireAll> + Options Indexes FollowSymLinks MultiViews + AuthType Basic + AuthName "Secure file" + AuthBasicProvider file + AuthUserFile "/usr/local/apache2/passwd/.htpasswd" + Require valid-user + </Directory> + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<VirtualHost *:8080> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory "/usr/local/apache2/htdocs"> + Require all granted + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem +</VirtualHost> + +<VirtualHost *:32100> + + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem +</VirtualHost> +</IfModule> |