summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Mokry <mm117s@att.com>2018-08-22 11:07:09 -0500
committerMichael Mokry <mm117s@att.com>2018-08-22 11:07:09 -0500
commite1f88b91981a22cc63019d1d6b73089566425383 (patch)
treecccbd84ca14392fe6eba31ebaa450a0dc2937af1
parentc25e4d412eb573de020ba4e5da48f48451217f52 (diff)
policy/engine changes to support PE https
Enabled https connector in server.xml and modified the docker-install.sh to fix the default variable name for policy truststore Change-Id: I6db6a6d2353130c91c1f344ea7927d187150adca Issue-ID: POLICY-781 Signed-off-by: Michael Mokry <mm117s@att.com>
-rw-r--r--packages/base/src/files/install/servers/common/tomcat/conf/server.xml8
-rw-r--r--packages/base/src/files/install/servers/configs/conf/server.xml18
-rw-r--r--packages/base/src/files/install/servers/console/conf/server.xml16
-rw-r--r--packages/docker/src/main/docker/docker-install.sh3
4 files changed, 22 insertions, 23 deletions
diff --git a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
index 02c548c80..7bd6ca3d2 100644
--- a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
+++ b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
@@ -105,16 +105,18 @@
<!-- Use http instead of https
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
- passed in to the tomcat JVM:
+ passed in to the tomcat JVM: -->
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
- -->
+
+
+ <!-- Use http instead of https
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" />
+ maxThreads="150" />-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
diff --git a/packages/base/src/files/install/servers/configs/conf/server.xml b/packages/base/src/files/install/servers/configs/conf/server.xml
index 3bccc6ffb..9c45721b9 100644
--- a/packages/base/src/files/install/servers/configs/conf/server.xml
+++ b/packages/base/src/files/install/servers/configs/conf/server.xml
@@ -87,10 +87,11 @@
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
+ <!-- Use http instead of https -->
+<!-- <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" />
-
+ -->
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
@@ -104,24 +105,25 @@
OpenSSL style configuration is required as described in the APR/native
documentation -->
- <!--
+ <!--Use https instead of http
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
- passed in to the tomcat JVM:
+ passed in to the tomcat JVM: -->
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS"
+ clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
- -->
-
+ <!-- Use http instead of https
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" /> -->
+
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->
-
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
diff --git a/packages/base/src/files/install/servers/console/conf/server.xml b/packages/base/src/files/install/servers/console/conf/server.xml
index 5e6226742..dbeb6396d 100644
--- a/packages/base/src/files/install/servers/console/conf/server.xml
+++ b/packages/base/src/files/install/servers/console/conf/server.xml
@@ -107,25 +107,21 @@
-->
<!-- ONAP portal currently using http instead of https
-
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
- passed in to the tomcat JVM:
-
+ passed in to the tomcat JVM: -->
+
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
- truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
- -->
- <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" />
-
-
+ truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}" />
+
+<!--<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" /> -->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
-
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
diff --git a/packages/docker/src/main/docker/docker-install.sh b/packages/docker/src/main/docker/docker-install.sh
index 7176abf20..3700e5731 100644
--- a/packages/docker/src/main/docker/docker-install.sh
+++ b/packages/docker/src/main/docker/docker-install.sh
@@ -405,11 +405,10 @@ function configure_keystore() {
set -x
fi
- local DEFAULT_KEYSTORE_PASSWORD="Pol1cy_0nap"
local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap'
if [[ -n ${TRUSTSTORE_PASSWD} ]]; then
- keytool -storepasswd -storepass "${DEFAULT_TRUSTSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
+ keytool -storepasswd -storepass "${DEFAULT_KEYSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -storepass "${TRUSTSTORE_PASSWD}"
fi