From b1961a04c191ebbc726de507d98c85966b7a6a71 Mon Sep 17 00:00:00 2001
From: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Date: Wed, 24 Feb 2021 14:46:37 +0100
Subject: Add JWT support in HTTP/HTTPS based locations - pnf-simulator -
 update containers to version 1.0.5

Issue-ID: DCAEGEN2-2536
Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: If6b938db03fc8b5e5a5a6435ad0559061fa5b4ad
---
 .../resources/sites-enabled/000-default.conf       | 132 +++++++++++++++++++++
 1 file changed, 132 insertions(+)
 create mode 100644 httpserver/resources/sites-enabled/000-default.conf

(limited to 'httpserver/resources/sites-enabled')

diff --git a/httpserver/resources/sites-enabled/000-default.conf b/httpserver/resources/sites-enabled/000-default.conf
new file mode 100644
index 0000000..58e95ce
--- /dev/null
+++ b/httpserver/resources/sites-enabled/000-default.conf
@@ -0,0 +1,132 @@
+<VirtualHost *:80>
+  ServerAdmin httpserver-onap.org
+  ServerName httpserver-onap.org
+
+  DocumentRoot /usr/local/apache2/htdocs
+  <Directory /usr/local/apache2/htdocs>
+      Options Indexes FollowSymLinks MultiViews
+      AllowOverride None
+      AuthType Basic
+      AuthName "Secure file"
+      AuthBasicProvider file
+      AuthUserFile "/usr/local/apache2/passwd/.htpasswd"
+      Require valid-user
+  </Directory>
+
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+<VirtualHost *:32000>
+
+	ServerAdmin httpserver-onap.org
+	DocumentRoot "/usr/local/apache2/htdocs"
+
+	AuthJWTSignatureAlgorithm HS256
+	AuthJWTSignatureSharedSecret Q0hBTkdFTUU=
+    AuthJWTIss onap
+	<Directory "/usr/local/apache2/htdocs">
+		AllowOverride None
+        Options Indexes FollowSymLinks MultiViews
+        AuthType jwt
+        AuthName "Restricted Content"
+        Require valid-user
+        RewriteEngine On
+        RewriteCond %{HTTP:Authorization} ^(.*)
+        RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+	</Directory>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerAdmin httpserver-onap.org
+    ServerName httpserver-onap.org
+
+    DocumentRoot /usr/local/apache2/htdocs
+    <Directory /usr/local/apache2/htdocs>
+        SSLVerifyClient optional
+        SSLVerifyDepth 2
+        SSLOptions +FakeBasicAuth +StrictRequire
+        <RequireAll>
+            Require ssl-verify-client
+        </RequireAll>
+        Options Indexes FollowSymLinks MultiViews
+        AuthType Basic
+        AuthName "Secure file"
+        AuthBasicProvider file
+        AuthUserFile "/usr/local/apache2/passwd/.htpasswd"
+        Require valid-user
+    </Directory>
+
+    SSLCACertificateFile /etc/apache2/certs/truststore.pem
+    SSLCertificateFile /etc/apache2/certs/keystore.pem
+    SSLCertificateKeyFile /etc/apache2/certs/key.pem
+    SSLEngine on
+    SSLProtocol -all +TLSv1.2
+    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+    SSLHonorCipherOrder off
+    SSLSessionTickets off
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+
+<VirtualHost *:8080>
+	ServerAdmin httpserver-onap.org
+	ServerName  httpserver-onap.org
+
+	DocumentRoot /usr/local/apache2/htdocs
+	<Directory "/usr/local/apache2/htdocs">
+	    Require all granted
+	</Directory>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	SSLEngine on
+	SSLProtocol -all +TLSv1.2
+	SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+    SSLHonorCipherOrder off
+	SSLSessionTickets off
+
+	SSLCACertificateFile /etc/apache2/certs/truststore.pem
+    SSLCertificateFile /etc/apache2/certs/keystore.pem
+    SSLCertificateKeyFile /etc/apache2/certs/key.pem
+</VirtualHost>
+
+<VirtualHost *:32100>
+
+	ServerAdmin httpserver-onap.org
+    ServerName httpserver-onap.org
+
+    DocumentRoot /usr/local/apache2/htdocs
+	AuthJWTSignatureAlgorithm HS256
+	AuthJWTSignatureSharedSecret Q0hBTkdFTUU=
+    AuthJWTIss onap
+	<Directory "/usr/local/apache2/htdocs">
+        AllowOverride None
+        Options Indexes FollowSymLinks MultiViews
+        AuthType jwt
+        AuthName "Restricted Content"
+        Require valid-user
+        RewriteEngine On
+        RewriteCond %{HTTP:Authorization} ^(.*)
+        RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+    </Directory>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	SSLEngine on
+	SSLProtocol -all +TLSv1.2
+	SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+   	SSLHonorCipherOrder off
+    SSLSessionTickets off
+
+    SSLCACertificateFile /etc/apache2/certs/truststore.pem
+    SSLCertificateFile /etc/apache2/certs/keystore.pem
+    SSLCertificateKeyFile /etc/apache2/certs/key.pem
+</VirtualHost>
+</IfModule>
-- 
cgit 1.2.3-korg