diff options
author | danielhanrahan <daniel.hanrahan@est.tech> | 2021-09-08 10:49:44 +0100 |
---|---|---|
committer | Daniel Hanrahan <daniel.hanrahan@est.tech> | 2021-09-10 08:23:04 +0000 |
commit | 1f68035b96e9336b737bc9a5d055c5ffdd016813 (patch) | |
tree | 9deb894ae8e5a9b3820555e79dbb1cdd7be0b5e1 /packages/policy-gui-docker | |
parent | f2047d16b47f086395856aefca6c5047b488d207 (diff) |
Ensure that login in policy-gui works with AAF
Add CLAMP SSL cert and key to Docker image
Change nginx port from 8080 to 2443 and enable SSL
Update README to include instructions on certificate login
Issue-ID: POLICY-3615
Signed-off-by: danielhanrahan <daniel.hanrahan@est.tech>
Change-Id: I5211d30c420d75a94621399f33763b8156c50b5b
Diffstat (limited to 'packages/policy-gui-docker')
4 files changed, 74 insertions, 2 deletions
diff --git a/packages/policy-gui-docker/src/main/docker/Dockerfile b/packages/policy-gui-docker/src/main/docker/Dockerfile index 8820139..681a58d 100644 --- a/packages/policy-gui-docker/src/main/docker/Dockerfile +++ b/packages/policy-gui-docker/src/main/docker/Dockerfile @@ -37,6 +37,8 @@ WORKDIR $POLICY_HOME COPY policy-gui.sh ./bin/ COPY /maven/gui-editor-apex-uber.jar ./lib/ COPY /maven/gui-pdp-monitoring-uber.jar ./lib/ +COPY etc/ssl/clamp.key /etc/ssl/clamp.key +COPY etc/ssl/clamp.pem /etc/ssl/clamp.pem COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/default.conf.template /etc/nginx/templates/default.conf.template COPY nginx/index.html /usr/share/nginx/html/ @@ -52,4 +54,4 @@ RUN rm /etc/nginx/conf.d/default.conf && \ USER policy WORKDIR $POLICY_HOME/bin ENTRYPOINT [ "./policy-gui.sh" ] -EXPOSE 8080 +EXPOSE 2443 diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key new file mode 100644 index 0000000..bcbb9f1 --- /dev/null +++ b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: clamp@clamp.onap.org + localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 +Key Attributes: <No Attributes> +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCTB30nMh0hczIk +vWJo7Omg7cAHhz50NBhLB7u+60oXRGCya4SqssqqxNnNqNQQP9MmflW2q/bZepWn +8Rk23X6CLmoIUlrj8BMPkUCRqzgvlaWPSNAK5QcOp6GUvXTuX4EsaWxJhbs9Ujz2 ++qi137iNOqfAx1sUygah1kjALrqHkXDqJGvIfxU5ES0akBi/lB7A3WpE52KTioSF +JS5Kbnpj1ogffGNKyAiNqU61LcF1FjWmINat2z3ZMk/3Xm+HCDg/GLPnbh4E1KoE +10O22AMys6YGEyPvgRfrTF13DsDX52PmmUHbkSB6kwS/CeV5Uu++8b6T2IWpPyZ2 ++5ptmL+tAgMBAAECggEBAIUplzRUswWEq7mSvPqC9+YE7pLi7rGYLRhnXKdBuszv +5RQzROjFHcEkoI8fhVFiPP70FPVpMh0uZTTBrDCA0v9cwjPfQuqGmPzUdUJ5bF3M +jzICpEn5vDaNpE5ueOUcIoXyxVyhfj+/p++YfgybHy7qHN0AsYFWqEMTLLjCmbYF +pZozbAcGQoAR8PSfwuvgusuEezrhYertHsdFwlfZhDtJvnm/4YKRUVEBzuaaA7B9 +sUhnQFS8ScqiUbkAGdjfY9wOYRHnQgjtqiP8poIzLkqCNSoVctgh5Pdv4jp4HO90 +J5QC+f7m7rOoWUw8EYbRo/4C4Mckh0GQQ+oP4xzrtZECgYEA3DYALFgOEY+0RR1K +61HAKqdNy1YbeuidpCBEJEwmIbzdgO1DcJdNznbfdRlmS7VB9orwRfNbf7Hxm2w/ +/xn9USENXWx7fvDoISqSDegvEsBSq5hSEMVl3f7CfQZrYl1f6gxfe7L/jtmbn0eQ +avsr9RaUCWP794DEXKuA9pC8hVsCgYEAquy5I4hO4jNBQ6v5+omjsEgk4513/RNs +f47Md8bsDHKJMbCMKCdqM1D3J1xbgV3DgSv0yNlKdU2wenWdgQAyBtz18NBgno85 +YNanFhp1CymgLFHdLJHSOqAkzutSuCNnGTT6AKspOQvy+cuj7XsnbsxtYK3Cgw5h +Mom3RnUy9ZcCgYAnForHVEYDBgAYuI9g39z9dT8Q1dMA6SN6S6Ps0Xt/R5gF15e9 +941/FYiqr3yB+cWgrp7hu8XFD9/0F63waTuW2AgYSjZNnROHN5g/UbRxXqQOA3al +tXRUiHEbYjVTe4GX+ORF/8rvH19JUZmn87ekxII4fH/wOfIhBOxaV+yuuwKBgHtz +5Tizz/3y9TWSdkgtt6uwP+yipLKGn/v1wNrWM1G+PDdGg8TQyxTrasfkHjdu6LFY +dUHIJ85X4ZphbvRolrl8SKq5Zr+/RLsb7qy5SUZZt1Wrfysc25H6bvuA3ksfTuzW +5acr+Oc6KTGgkvMI229cebe1aONNtIhTDav3JGpbAoGAX5DQvNreqnP8qSAvUN2I +TAHXIzawR3f6vgGgVIdkHkiS2eKzs/fgP3VAK80TbrGSR8HvBcPEcR/icOn1u/e6 +tDp0j6mGt5aPKK9VQkBn94bW35T12FUbdB+L8FWWTUrfiVWJtEW8tEsKil5ac8U4 +Bn3vC5WUeKhW6v6kD4AigqE= +-----END PRIVATE KEY----- diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem new file mode 100644 index 0000000..a01b587 --- /dev/null +++ b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem @@ -0,0 +1,33 @@ +Bag Attributes + friendlyName: clamp@clamp.onap.org + localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 +subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US + +issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 + +-----BEGIN CERTIFICATE----- +MIIEWDCCA0CgAwIBAgIILw1zyDGqB5IwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDIwNDEyMjM1MloXDTIxMDIwNDEyMjM1Mlow +gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl +ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y +ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV +UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMHfScyHSFzMiS9Ymjs +6aDtwAeHPnQ0GEsHu77rShdEYLJrhKqyyqrE2c2o1BA/0yZ+Vbar9tl6lafxGTbd +foIuaghSWuPwEw+RQJGrOC+VpY9I0ArlBw6noZS9dO5fgSxpbEmFuz1SPPb6qLXf +uI06p8DHWxTKBqHWSMAuuoeRcOoka8h/FTkRLRqQGL+UHsDdakTnYpOKhIUlLkpu +emPWiB98Y0rICI2pTrUtwXUWNaYg1q3bPdkyT/deb4cIOD8Ys+duHgTUqgTXQ7bY +AzKzpgYTI++BF+tMXXcOwNfnY+aZQduRIHqTBL8J5XlS777xvpPYhak/Jnb7mm2Y +v60CAwEAAaOB/jCB+zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUzfIed+18wgFs7E6q0b6BbMICtfsw +RwYDVR0RBEAwPoIFY2xhbXCCCmNsYW1wLW9uYXCCHWNsYW1wLmFwaS5zaW1wbGVk +ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQBizhsW +XrJ9wQy3PrBxgh90sOF15tayXPRZSFYPoQb5LhRh3IY/PvXLaSHlkgPHlCLLx36S +0/DiVf86/83ABvyaq9gJIyg/m4ntNae23OKH1AkA1aN+JCKA8yhsAzDBcRF6Aj7E +VJ+vQlSzz5oh+efP1e/8DUMd1/WwbTXvRd0Iqv/fyZunbjb82qNMrsK1mQ2q+87A +0jx9u1EdeMihP6vWiuKzlwy4mKoNT573SPpvaOkjX3yDlmf2CTQZ9vdAvjmFmVsH +1wyrNZOIgW4VjluiZfAk3mOEskrZiP/7aUXnxmNnYTpgZMbhiouLbRrTc4lLEyhx +G7A61/KGTsLZlvxb +-----END CERTIFICATE----- diff --git a/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template b/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template index d407827..9b3348a 100644 --- a/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template +++ b/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template @@ -1,5 +1,9 @@ server { - listen 8080; + listen 2443 default ssl; + ssl_protocols TLSv1.2; + ssl_certificate /etc/ssl/clamp.pem; + ssl_certificate_key /etc/ssl/clamp.key; + ssl_verify_client optional_no_ca; location / { root /usr/share/nginx/html; @@ -9,6 +13,7 @@ server { location /clamp/restservices/clds/ { proxy_pass ${CLAMP_REST_URL}/restservices/clds/; + proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; } location /pdp-monitoring/papservices/monitoring/ { |