diff options
Diffstat (limited to 'packages/policy-gui-docker/src/main')
4 files changed, 74 insertions, 2 deletions
diff --git a/packages/policy-gui-docker/src/main/docker/Dockerfile b/packages/policy-gui-docker/src/main/docker/Dockerfile index 8820139..681a58d 100644 --- a/packages/policy-gui-docker/src/main/docker/Dockerfile +++ b/packages/policy-gui-docker/src/main/docker/Dockerfile @@ -37,6 +37,8 @@ WORKDIR $POLICY_HOME COPY policy-gui.sh ./bin/ COPY /maven/gui-editor-apex-uber.jar ./lib/ COPY /maven/gui-pdp-monitoring-uber.jar ./lib/ +COPY etc/ssl/clamp.key /etc/ssl/clamp.key +COPY etc/ssl/clamp.pem /etc/ssl/clamp.pem COPY nginx/nginx.conf /etc/nginx/nginx.conf COPY nginx/default.conf.template /etc/nginx/templates/default.conf.template COPY nginx/index.html /usr/share/nginx/html/ @@ -52,4 +54,4 @@ RUN rm /etc/nginx/conf.d/default.conf && \ USER policy WORKDIR $POLICY_HOME/bin ENTRYPOINT [ "./policy-gui.sh" ] -EXPOSE 8080 +EXPOSE 2443 diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key new file mode 100644 index 0000000..bcbb9f1 --- /dev/null +++ b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: clamp@clamp.onap.org + localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 +Key Attributes: <No Attributes> +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCTB30nMh0hczIk +vWJo7Omg7cAHhz50NBhLB7u+60oXRGCya4SqssqqxNnNqNQQP9MmflW2q/bZepWn +8Rk23X6CLmoIUlrj8BMPkUCRqzgvlaWPSNAK5QcOp6GUvXTuX4EsaWxJhbs9Ujz2 ++qi137iNOqfAx1sUygah1kjALrqHkXDqJGvIfxU5ES0akBi/lB7A3WpE52KTioSF +JS5Kbnpj1ogffGNKyAiNqU61LcF1FjWmINat2z3ZMk/3Xm+HCDg/GLPnbh4E1KoE +10O22AMys6YGEyPvgRfrTF13DsDX52PmmUHbkSB6kwS/CeV5Uu++8b6T2IWpPyZ2 ++5ptmL+tAgMBAAECggEBAIUplzRUswWEq7mSvPqC9+YE7pLi7rGYLRhnXKdBuszv +5RQzROjFHcEkoI8fhVFiPP70FPVpMh0uZTTBrDCA0v9cwjPfQuqGmPzUdUJ5bF3M +jzICpEn5vDaNpE5ueOUcIoXyxVyhfj+/p++YfgybHy7qHN0AsYFWqEMTLLjCmbYF +pZozbAcGQoAR8PSfwuvgusuEezrhYertHsdFwlfZhDtJvnm/4YKRUVEBzuaaA7B9 +sUhnQFS8ScqiUbkAGdjfY9wOYRHnQgjtqiP8poIzLkqCNSoVctgh5Pdv4jp4HO90 +J5QC+f7m7rOoWUw8EYbRo/4C4Mckh0GQQ+oP4xzrtZECgYEA3DYALFgOEY+0RR1K +61HAKqdNy1YbeuidpCBEJEwmIbzdgO1DcJdNznbfdRlmS7VB9orwRfNbf7Hxm2w/ +/xn9USENXWx7fvDoISqSDegvEsBSq5hSEMVl3f7CfQZrYl1f6gxfe7L/jtmbn0eQ +avsr9RaUCWP794DEXKuA9pC8hVsCgYEAquy5I4hO4jNBQ6v5+omjsEgk4513/RNs +f47Md8bsDHKJMbCMKCdqM1D3J1xbgV3DgSv0yNlKdU2wenWdgQAyBtz18NBgno85 +YNanFhp1CymgLFHdLJHSOqAkzutSuCNnGTT6AKspOQvy+cuj7XsnbsxtYK3Cgw5h +Mom3RnUy9ZcCgYAnForHVEYDBgAYuI9g39z9dT8Q1dMA6SN6S6Ps0Xt/R5gF15e9 +941/FYiqr3yB+cWgrp7hu8XFD9/0F63waTuW2AgYSjZNnROHN5g/UbRxXqQOA3al +tXRUiHEbYjVTe4GX+ORF/8rvH19JUZmn87ekxII4fH/wOfIhBOxaV+yuuwKBgHtz +5Tizz/3y9TWSdkgtt6uwP+yipLKGn/v1wNrWM1G+PDdGg8TQyxTrasfkHjdu6LFY +dUHIJ85X4ZphbvRolrl8SKq5Zr+/RLsb7qy5SUZZt1Wrfysc25H6bvuA3ksfTuzW +5acr+Oc6KTGgkvMI229cebe1aONNtIhTDav3JGpbAoGAX5DQvNreqnP8qSAvUN2I +TAHXIzawR3f6vgGgVIdkHkiS2eKzs/fgP3VAK80TbrGSR8HvBcPEcR/icOn1u/e6 +tDp0j6mGt5aPKK9VQkBn94bW35T12FUbdB+L8FWWTUrfiVWJtEW8tEsKil5ac8U4 +Bn3vC5WUeKhW6v6kD4AigqE= +-----END PRIVATE KEY----- diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem new file mode 100644 index 0000000..a01b587 --- /dev/null +++ b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem @@ -0,0 +1,33 @@ +Bag Attributes + friendlyName: clamp@clamp.onap.org + localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 +subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US + +issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 + +-----BEGIN CERTIFICATE----- +MIIEWDCCA0CgAwIBAgIILw1zyDGqB5IwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDIwNDEyMjM1MloXDTIxMDIwNDEyMjM1Mlow +gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl +ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y +ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV +UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMHfScyHSFzMiS9Ymjs +6aDtwAeHPnQ0GEsHu77rShdEYLJrhKqyyqrE2c2o1BA/0yZ+Vbar9tl6lafxGTbd +foIuaghSWuPwEw+RQJGrOC+VpY9I0ArlBw6noZS9dO5fgSxpbEmFuz1SPPb6qLXf +uI06p8DHWxTKBqHWSMAuuoeRcOoka8h/FTkRLRqQGL+UHsDdakTnYpOKhIUlLkpu +emPWiB98Y0rICI2pTrUtwXUWNaYg1q3bPdkyT/deb4cIOD8Ys+duHgTUqgTXQ7bY +AzKzpgYTI++BF+tMXXcOwNfnY+aZQduRIHqTBL8J5XlS777xvpPYhak/Jnb7mm2Y +v60CAwEAAaOB/jCB+zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUzfIed+18wgFs7E6q0b6BbMICtfsw +RwYDVR0RBEAwPoIFY2xhbXCCCmNsYW1wLW9uYXCCHWNsYW1wLmFwaS5zaW1wbGVk +ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQBizhsW +XrJ9wQy3PrBxgh90sOF15tayXPRZSFYPoQb5LhRh3IY/PvXLaSHlkgPHlCLLx36S +0/DiVf86/83ABvyaq9gJIyg/m4ntNae23OKH1AkA1aN+JCKA8yhsAzDBcRF6Aj7E +VJ+vQlSzz5oh+efP1e/8DUMd1/WwbTXvRd0Iqv/fyZunbjb82qNMrsK1mQ2q+87A +0jx9u1EdeMihP6vWiuKzlwy4mKoNT573SPpvaOkjX3yDlmf2CTQZ9vdAvjmFmVsH +1wyrNZOIgW4VjluiZfAk3mOEskrZiP/7aUXnxmNnYTpgZMbhiouLbRrTc4lLEyhx +G7A61/KGTsLZlvxb +-----END CERTIFICATE----- diff --git a/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template b/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template index d407827..9b3348a 100644 --- a/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template +++ b/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template @@ -1,5 +1,9 @@ server { - listen 8080; + listen 2443 default ssl; + ssl_protocols TLSv1.2; + ssl_certificate /etc/ssl/clamp.pem; + ssl_certificate_key /etc/ssl/clamp.key; + ssl_verify_client optional_no_ca; location / { root /usr/share/nginx/html; @@ -9,6 +13,7 @@ server { location /clamp/restservices/clds/ { proxy_pass ${CLAMP_REST_URL}/restservices/clds/; + proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; } location /pdp-monitoring/papservices/monitoring/ { |