aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md18
-rw-r--r--packages/policy-gui-docker/src/main/docker/Dockerfile4
-rw-r--r--packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key32
-rw-r--r--packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem33
-rw-r--r--packages/policy-gui-docker/src/main/docker/nginx/default.conf.template7
5 files changed, 87 insertions, 7 deletions
diff --git a/README.md b/README.md
index 6322319..4bff635 100644
--- a/README.md
+++ b/README.md
@@ -13,10 +13,10 @@ To build it using Maven 3, run: mvn clean install -P docker
# Docker image
Maven produces a single docker image containing the policy GUIs. These are exposed on
-the same port (8080) using different URLs:
-- Apex Policy Editor: http://localhost:8080/apex-editor
-- PDP Monitoring UI: http://localhost:8080/pdp-monitoring
-- CLAMP Designer UI: http://localhost:8080/clamp
+the same port (2443) using different URLs:
+- Apex Policy Editor: http://localhost:2443/apex-editor
+- PDP Monitoring UI: http://localhost:2443/pdp-monitoring
+- CLAMP Designer UI: http://localhost:2443/clamp
## Building
You can use the following command to build the policy-gui docker image:
@@ -38,8 +38,16 @@ backend, then CLAMP_REST_URL should be set to `https://policy-clamp-backend:8443
If running clamp backend on localhost port 8443, the policy-gui docker image would be
started like this:
```
-docker run -p 8080:8080 \
+docker run -p 2443:2443 \
--add-host host.docker.internal:host-gateway \
--env CLAMP_REST_URL=https://host.docker.internal:8443 \
onap/policy-gui
```
+
+## Client Credentials
+A certificate must be added in the browser and is required to log in properly:
+
+[org.onap.clamp.p12 (from clamp master)](URL "https://gerrit.onap.org/r/gitweb?p=clamp.git;a=blob_plain;f=src/main/resources/clds/aaf/org.onap.clamp.p12;hb=refs/heads/master")
+(Password: "China in the Spring")
+
+See onap/clamp repo README for details.
diff --git a/packages/policy-gui-docker/src/main/docker/Dockerfile b/packages/policy-gui-docker/src/main/docker/Dockerfile
index 8820139..681a58d 100644
--- a/packages/policy-gui-docker/src/main/docker/Dockerfile
+++ b/packages/policy-gui-docker/src/main/docker/Dockerfile
@@ -37,6 +37,8 @@ WORKDIR $POLICY_HOME
COPY policy-gui.sh ./bin/
COPY /maven/gui-editor-apex-uber.jar ./lib/
COPY /maven/gui-pdp-monitoring-uber.jar ./lib/
+COPY etc/ssl/clamp.key /etc/ssl/clamp.key
+COPY etc/ssl/clamp.pem /etc/ssl/clamp.pem
COPY nginx/nginx.conf /etc/nginx/nginx.conf
COPY nginx/default.conf.template /etc/nginx/templates/default.conf.template
COPY nginx/index.html /usr/share/nginx/html/
@@ -52,4 +54,4 @@ RUN rm /etc/nginx/conf.d/default.conf && \
USER policy
WORKDIR $POLICY_HOME/bin
ENTRYPOINT [ "./policy-gui.sh" ]
-EXPOSE 8080
+EXPOSE 2443
diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key
new file mode 100644
index 0000000..bcbb9f1
--- /dev/null
+++ b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: clamp@clamp.onap.org
+ localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCTB30nMh0hczIk
+vWJo7Omg7cAHhz50NBhLB7u+60oXRGCya4SqssqqxNnNqNQQP9MmflW2q/bZepWn
+8Rk23X6CLmoIUlrj8BMPkUCRqzgvlaWPSNAK5QcOp6GUvXTuX4EsaWxJhbs9Ujz2
++qi137iNOqfAx1sUygah1kjALrqHkXDqJGvIfxU5ES0akBi/lB7A3WpE52KTioSF
+JS5Kbnpj1ogffGNKyAiNqU61LcF1FjWmINat2z3ZMk/3Xm+HCDg/GLPnbh4E1KoE
+10O22AMys6YGEyPvgRfrTF13DsDX52PmmUHbkSB6kwS/CeV5Uu++8b6T2IWpPyZ2
++5ptmL+tAgMBAAECggEBAIUplzRUswWEq7mSvPqC9+YE7pLi7rGYLRhnXKdBuszv
+5RQzROjFHcEkoI8fhVFiPP70FPVpMh0uZTTBrDCA0v9cwjPfQuqGmPzUdUJ5bF3M
+jzICpEn5vDaNpE5ueOUcIoXyxVyhfj+/p++YfgybHy7qHN0AsYFWqEMTLLjCmbYF
+pZozbAcGQoAR8PSfwuvgusuEezrhYertHsdFwlfZhDtJvnm/4YKRUVEBzuaaA7B9
+sUhnQFS8ScqiUbkAGdjfY9wOYRHnQgjtqiP8poIzLkqCNSoVctgh5Pdv4jp4HO90
+J5QC+f7m7rOoWUw8EYbRo/4C4Mckh0GQQ+oP4xzrtZECgYEA3DYALFgOEY+0RR1K
+61HAKqdNy1YbeuidpCBEJEwmIbzdgO1DcJdNznbfdRlmS7VB9orwRfNbf7Hxm2w/
+/xn9USENXWx7fvDoISqSDegvEsBSq5hSEMVl3f7CfQZrYl1f6gxfe7L/jtmbn0eQ
+avsr9RaUCWP794DEXKuA9pC8hVsCgYEAquy5I4hO4jNBQ6v5+omjsEgk4513/RNs
+f47Md8bsDHKJMbCMKCdqM1D3J1xbgV3DgSv0yNlKdU2wenWdgQAyBtz18NBgno85
+YNanFhp1CymgLFHdLJHSOqAkzutSuCNnGTT6AKspOQvy+cuj7XsnbsxtYK3Cgw5h
+Mom3RnUy9ZcCgYAnForHVEYDBgAYuI9g39z9dT8Q1dMA6SN6S6Ps0Xt/R5gF15e9
+941/FYiqr3yB+cWgrp7hu8XFD9/0F63waTuW2AgYSjZNnROHN5g/UbRxXqQOA3al
+tXRUiHEbYjVTe4GX+ORF/8rvH19JUZmn87ekxII4fH/wOfIhBOxaV+yuuwKBgHtz
+5Tizz/3y9TWSdkgtt6uwP+yipLKGn/v1wNrWM1G+PDdGg8TQyxTrasfkHjdu6LFY
+dUHIJ85X4ZphbvRolrl8SKq5Zr+/RLsb7qy5SUZZt1Wrfysc25H6bvuA3ksfTuzW
+5acr+Oc6KTGgkvMI229cebe1aONNtIhTDav3JGpbAoGAX5DQvNreqnP8qSAvUN2I
+TAHXIzawR3f6vgGgVIdkHkiS2eKzs/fgP3VAK80TbrGSR8HvBcPEcR/icOn1u/e6
+tDp0j6mGt5aPKK9VQkBn94bW35T12FUbdB+L8FWWTUrfiVWJtEW8tEsKil5ac8U4
+Bn3vC5WUeKhW6v6kD4AigqE=
+-----END PRIVATE KEY-----
diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem
new file mode 100644
index 0000000..a01b587
--- /dev/null
+++ b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem
@@ -0,0 +1,33 @@
+Bag Attributes
+ friendlyName: clamp@clamp.onap.org
+ localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39
+subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US
+
+issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9
+
+-----BEGIN CERTIFICATE-----
+MIIEWDCCA0CgAwIBAgIILw1zyDGqB5IwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTIwMDIwNDEyMjM1MloXDTIxMDIwNDEyMjM1Mlow
+gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl
+ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y
+ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV
+UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMHfScyHSFzMiS9Ymjs
+6aDtwAeHPnQ0GEsHu77rShdEYLJrhKqyyqrE2c2o1BA/0yZ+Vbar9tl6lafxGTbd
+foIuaghSWuPwEw+RQJGrOC+VpY9I0ArlBw6noZS9dO5fgSxpbEmFuz1SPPb6qLXf
+uI06p8DHWxTKBqHWSMAuuoeRcOoka8h/FTkRLRqQGL+UHsDdakTnYpOKhIUlLkpu
+emPWiB98Y0rICI2pTrUtwXUWNaYg1q3bPdkyT/deb4cIOD8Ys+duHgTUqgTXQ7bY
+AzKzpgYTI++BF+tMXXcOwNfnY+aZQduRIHqTBL8J5XlS777xvpPYhak/Jnb7mm2Y
+v60CAwEAAaOB/jCB+zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
+Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
+81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
+MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUzfIed+18wgFs7E6q0b6BbMICtfsw
+RwYDVR0RBEAwPoIFY2xhbXCCCmNsYW1wLW9uYXCCHWNsYW1wLmFwaS5zaW1wbGVk
+ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQBizhsW
+XrJ9wQy3PrBxgh90sOF15tayXPRZSFYPoQb5LhRh3IY/PvXLaSHlkgPHlCLLx36S
+0/DiVf86/83ABvyaq9gJIyg/m4ntNae23OKH1AkA1aN+JCKA8yhsAzDBcRF6Aj7E
+VJ+vQlSzz5oh+efP1e/8DUMd1/WwbTXvRd0Iqv/fyZunbjb82qNMrsK1mQ2q+87A
+0jx9u1EdeMihP6vWiuKzlwy4mKoNT573SPpvaOkjX3yDlmf2CTQZ9vdAvjmFmVsH
+1wyrNZOIgW4VjluiZfAk3mOEskrZiP/7aUXnxmNnYTpgZMbhiouLbRrTc4lLEyhx
+G7A61/KGTsLZlvxb
+-----END CERTIFICATE-----
diff --git a/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template b/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template
index d407827..9b3348a 100644
--- a/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template
+++ b/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template
@@ -1,5 +1,9 @@
server {
- listen 8080;
+ listen 2443 default ssl;
+ ssl_protocols TLSv1.2;
+ ssl_certificate /etc/ssl/clamp.pem;
+ ssl_certificate_key /etc/ssl/clamp.key;
+ ssl_verify_client optional_no_ca;
location / {
root /usr/share/nginx/html;
@@ -9,6 +13,7 @@ server {
location /clamp/restservices/clds/ {
proxy_pass ${CLAMP_REST_URL}/restservices/clds/;
+ proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
}
location /pdp-monitoring/papservices/monitoring/ {