diff options
Diffstat (limited to 'httpserver')
| -rw-r--r-- | httpserver/.gitignore | 1 | ||||
| -rw-r--r-- | httpserver/Dockerfile | 23 | ||||
| -rw-r--r-- | httpserver/README.md | 6 | ||||
| -rw-r--r-- | httpserver/docker-compose.yml | 9 | ||||
| -rw-r--r-- | httpserver/pom.xml | 4 | ||||
| -rw-r--r-- | httpserver/resources/.htaccess | 5 | ||||
| -rw-r--r-- | httpserver/resources/apache-config.conf | 49 | ||||
| -rw-r--r-- | httpserver/resources/apache2.conf | 2 | ||||
| -rwxr-xr-x | httpserver/resources/lib/libjwt.so.1.7.0 | bin | 0 -> 133400 bytes | |||
| -rw-r--r-- | httpserver/resources/local/.htpasswd (renamed from httpserver/resources/.htpasswd) | 0 | ||||
| -rw-r--r-- | httpserver/resources/local/upload.php (renamed from httpserver/resources/upload.php) | 0 | ||||
| -rw-r--r-- | httpserver/resources/mods-enabled/auth_jwt.load | 1 | ||||
| -rw-r--r-- | httpserver/resources/modules/mod_authnz_jwt.so | bin | 0 -> 146696 bytes | |||
| -rw-r--r-- | httpserver/resources/ports.conf | 14 | ||||
| -rw-r--r-- | httpserver/resources/sites-enabled/000-default.conf | 132 |
15 files changed, 180 insertions, 66 deletions
diff --git a/httpserver/.gitignore b/httpserver/.gitignore new file mode 100644 index 0000000..98d8a5a --- /dev/null +++ b/httpserver/.gitignore @@ -0,0 +1 @@ +logs diff --git a/httpserver/Dockerfile b/httpserver/Dockerfile index 893b5ba..99acb9a 100644 --- a/httpserver/Dockerfile +++ b/httpserver/Dockerfile @@ -11,9 +11,20 @@ ENV APACHE_LOG_DIR /var/log/apache2 ENV APACHE_LOCK_DIR /var/lock/apache2 ENV APACHE_PID_FILE /var/run/apache2.pid -ADD resources/.htpasswd /usr/local/apache2/passwd/.htpasswd -ADD resources/.htaccess /usr/local/apache2/htdocs/.htaccess -ADD resources/upload.php /usr/local/apache2/conf/upload.php -ADD resources/apache-config.conf /etc/apache2/sites-enabled/000-default.conf -ADD resources/apache2.conf /etc/apache2/apache2.conf -ADD resources/cert/ /etc/apache2/certs/ +COPY --chown=root:root resources/local/.htpasswd /usr/local/apache2/passwd/.htpasswd +COPY --chown=root:root resources/local/upload.php /usr/local/apache2/conf/upload.php +COPY --chown=root:root resources/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.conf +COPY --chown=root:root resources/ports.conf /etc/apache2/ports.conf +COPY --chown=root:root resources/apache2.conf /etc/apache2/apache2.conf +COPY --chown=root:root resources/cert/ /etc/apache2/certs/ + +COPY --chown=root:root resources/lib/libjwt.so.1.7.0 /usr/lib/x86_64-linux-gnu/libjwt.so.1 +COPY --chown=root:root resources/modules/mod_authnz_jwt.so /usr/local/apache2/modules/mod_authnz_jwt.so +COPY --chown=root:root resources/mods-enabled/auth_jwt.load /etc/apache2/mods-enabled/auth_jwt.load + +RUN chmod 644 /usr/local/apache2/passwd/.htpasswd +RUN chmod 644 /usr/local/apache2/conf/httpd.conf +RUN chmod 644 /usr/lib/x86_64-linux-gnu/libjwt.so.1 +RUN chmod 644 /usr/local/apache2/modules/mod_authnz_jwt.so +RUN touch /usr/local/apache2/htdocs/index.html +CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"] diff --git a/httpserver/README.md b/httpserver/README.md index 3b6fda4..0d6bcc0 100644 --- a/httpserver/README.md +++ b/httpserver/README.md @@ -15,3 +15,9 @@ make start-http-server ``` make stop-http-server ``` + +### mod_authnz_jwt.so + +External library `mod_authnz_jwt.so` was added to the Apache server. This library wasn't changed in any way. +This library is supplied under the Apache License, Version 2.0 (the "License"). More info is available at +https://github.com/AnthonyDeroche/mod_authnz_jwt . diff --git a/httpserver/docker-compose.yml b/httpserver/docker-compose.yml index db1ee4b..0b80465 100644 --- a/httpserver/docker-compose.yml +++ b/httpserver/docker-compose.yml @@ -4,17 +4,20 @@ services: http-server: image: onap/org.onap.integration.simulators.httpserver ports: - - "7080:80" - - "7443:443" + - "32080:80" + - "8080:8080" + - "32443:443" + - "32000:32000" + - "32100:32100" volumes: - ~/httpservervolumes/:/usr/local/apache2/htdocs - - ./resources/.htaccess:/usr/local/apache2/htdocs/.htaccess - ./logs:/var/log/apache2 command: bash -c " echo 'Http Server start'; while [[ $$(ls -1 /etc/apache2/certs/ | wc -l) != '3' ]]; do echo 'Waiting for certs...'; sleep 3; done; chmod 777 /usr/local/apache2/htdocs; cp /usr/local/apache2/conf/upload.php /usr/local/apache2/htdocs/upload.php; + touch /usr/local/apache2/htdocs/index.html; /usr/sbin/apache2ctl -D FOREGROUND; " restart: on-failure diff --git a/httpserver/pom.xml b/httpserver/pom.xml index b0468f4..b775a83 100644 --- a/httpserver/pom.xml +++ b/httpserver/pom.xml @@ -27,11 +27,11 @@ <parent> <groupId>org.onap.integration.simulators.pnf-simulator</groupId> <artifactId>integration-pnf-simulator</artifactId> - <version>1.0.4-SNAPSHOT</version> + <version>1.0.5-SNAPSHOT</version> </parent> <artifactId>httpserver</artifactId> - <version>1.0.4-SNAPSHOT</version> + <version>1.0.5-SNAPSHOT</version> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> diff --git a/httpserver/resources/.htaccess b/httpserver/resources/.htaccess deleted file mode 100644 index f8ba228..0000000 --- a/httpserver/resources/.htaccess +++ /dev/null @@ -1,5 +0,0 @@ - AuthType Basic - AuthName "Secure file" - AuthBasicProvider file - AuthUserFile "/usr/local/apache2/passwd/.htpasswd" - Require valid-user diff --git a/httpserver/resources/apache-config.conf b/httpserver/resources/apache-config.conf deleted file mode 100644 index 910e20f..0000000 --- a/httpserver/resources/apache-config.conf +++ /dev/null @@ -1,49 +0,0 @@ -<VirtualHost *:80> - ServerAdmin httpserver-onap.org - ServerName httpserver-onap.org - - DocumentRoot /usr/local/apache2/htdocs - <Directory /usr/local/apache2/htdocs> - Options Indexes FollowSymLinks MultiViews - AllowOverride AuthConfig - Require all granted - </Directory> - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined -</VirtualHost> - -<IfModule mod_ssl.c> -<VirtualHost *:443> - ServerAdmin httpserver-onap.org - ServerName httpserver-onap.org - - DocumentRoot /usr/local/apache2/htdocs - <Directory /usr/local/apache2/htdocs> - SSLVerifyClient optional - SSLVerifyDepth 2 - SSLOptions +FakeBasicAuth +StrictRequire - <RequireAll> - Require ssl-verify-client - </RequireAll> - Options Indexes FollowSymLinks MultiViews - AuthType Basic - AuthName "Secure file" - AuthBasicProvider file - AuthUserFile "/usr/local/apache2/passwd/.htpasswd" - Require valid-user - </Directory> - - SSLCACertificateFile /etc/apache2/certs/truststore.pem - SSLCertificateFile /etc/apache2/certs/keystore.pem - SSLCertificateKeyFile /etc/apache2/certs/key.pem - SSLEngine on - SSLProtocol -all +TLSv1.2 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined -</VirtualHost> -</IfModule> diff --git a/httpserver/resources/apache2.conf b/httpserver/resources/apache2.conf index e43e3f6..13c805f 100644 --- a/httpserver/resources/apache2.conf +++ b/httpserver/resources/apache2.conf @@ -186,7 +186,7 @@ Include ports.conf # for additional configuration directives. See also the AllowOverride # directive. # -AccessFileName .htaccess +#AccessFileName .htaccess # # The following lines prevent .htaccess and .htpasswd files from being diff --git a/httpserver/resources/lib/libjwt.so.1.7.0 b/httpserver/resources/lib/libjwt.so.1.7.0 Binary files differnew file mode 100755 index 0000000..b22c527 --- /dev/null +++ b/httpserver/resources/lib/libjwt.so.1.7.0 diff --git a/httpserver/resources/.htpasswd b/httpserver/resources/local/.htpasswd index e991d18..e991d18 100644 --- a/httpserver/resources/.htpasswd +++ b/httpserver/resources/local/.htpasswd diff --git a/httpserver/resources/upload.php b/httpserver/resources/local/upload.php index 31dbaa3..31dbaa3 100644 --- a/httpserver/resources/upload.php +++ b/httpserver/resources/local/upload.php diff --git a/httpserver/resources/mods-enabled/auth_jwt.load b/httpserver/resources/mods-enabled/auth_jwt.load new file mode 100644 index 0000000..72eb3af --- /dev/null +++ b/httpserver/resources/mods-enabled/auth_jwt.load @@ -0,0 +1 @@ +LoadModule auth_jwt_module /usr/local/apache2/modules/mod_authnz_jwt.so diff --git a/httpserver/resources/modules/mod_authnz_jwt.so b/httpserver/resources/modules/mod_authnz_jwt.so Binary files differnew file mode 100644 index 0000000..2e2e834 --- /dev/null +++ b/httpserver/resources/modules/mod_authnz_jwt.so diff --git a/httpserver/resources/ports.conf b/httpserver/resources/ports.conf new file mode 100644 index 0000000..b7a16cd --- /dev/null +++ b/httpserver/resources/ports.conf @@ -0,0 +1,14 @@ +Listen 80 http +Listen 32000 http + +<IfModule ssl_module> + Listen 443 https + Listen 8080 https + Listen 32100 https +</IfModule> + +<IfModule mod_gnutls.c> + Listen 443 https + Listen 8080 https + Listen 32100 https +</IfModule> diff --git a/httpserver/resources/sites-enabled/000-default.conf b/httpserver/resources/sites-enabled/000-default.conf new file mode 100644 index 0000000..58e95ce --- /dev/null +++ b/httpserver/resources/sites-enabled/000-default.conf @@ -0,0 +1,132 @@ +<VirtualHost *:80> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory /usr/local/apache2/htdocs> + Options Indexes FollowSymLinks MultiViews + AllowOverride None + AuthType Basic + AuthName "Secure file" + AuthBasicProvider file + AuthUserFile "/usr/local/apache2/passwd/.htpasswd" + Require valid-user + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> +<VirtualHost *:32000> + + ServerAdmin httpserver-onap.org + DocumentRoot "/usr/local/apache2/htdocs" + + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<IfModule mod_ssl.c> +<VirtualHost *:443> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory /usr/local/apache2/htdocs> + SSLVerifyClient optional + SSLVerifyDepth 2 + SSLOptions +FakeBasicAuth +StrictRequire + <RequireAll> + Require ssl-verify-client + </RequireAll> + Options Indexes FollowSymLinks MultiViews + AuthType Basic + AuthName "Secure file" + AuthBasicProvider file + AuthUserFile "/usr/local/apache2/passwd/.htpasswd" + Require valid-user + </Directory> + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> + +<VirtualHost *:8080> + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + <Directory "/usr/local/apache2/htdocs"> + Require all granted + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem +</VirtualHost> + +<VirtualHost *:32100> + + ServerAdmin httpserver-onap.org + ServerName httpserver-onap.org + + DocumentRoot /usr/local/apache2/htdocs + AuthJWTSignatureAlgorithm HS256 + AuthJWTSignatureSharedSecret Q0hBTkdFTUU= + AuthJWTIss onap + <Directory "/usr/local/apache2/htdocs"> + AllowOverride None + Options Indexes FollowSymLinks MultiViews + AuthType jwt + AuthName "Restricted Content" + Require valid-user + RewriteEngine On + RewriteCond %{HTTP:Authorization} ^(.*) + RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLProtocol -all +TLSv1.2 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + SSLHonorCipherOrder off + SSLSessionTickets off + + SSLCACertificateFile /etc/apache2/certs/truststore.pem + SSLCertificateFile /etc/apache2/certs/keystore.pem + SSLCertificateKeyFile /etc/apache2/certs/key.pem +</VirtualHost> +</IfModule> |