diff options
Diffstat (limited to 'packages/policy-gui-docker')
| -rw-r--r-- | packages/policy-gui-docker/src/main/docker/Dockerfile | 25 | ||||
| -rw-r--r-- | packages/policy-gui-docker/src/main/docker/etc/nginx/http.d/default.conf (renamed from packages/policy-gui-docker/src/main/docker/nginx/default.conf.template) | 9 | ||||
| -rw-r--r-- | packages/policy-gui-docker/src/main/docker/etc/nginx/nginx.conf (renamed from packages/policy-gui-docker/src/main/docker/nginx/nginx.conf) | 0 | ||||
| -rw-r--r-- | packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key | 32 | ||||
| -rw-r--r-- | packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem | 33 | ||||
| -rw-r--r-- | packages/policy-gui-docker/src/main/docker/index.html (renamed from packages/policy-gui-docker/src/main/docker/nginx/index.html) | 0 | ||||
| -rw-r--r-- | packages/policy-gui-docker/src/main/docker/policy-gui.sh | 1 |
7 files changed, 81 insertions, 19 deletions
diff --git a/packages/policy-gui-docker/src/main/docker/Dockerfile b/packages/policy-gui-docker/src/main/docker/Dockerfile index 8820139..0e8bcc2 100644 --- a/packages/policy-gui-docker/src/main/docker/Dockerfile +++ b/packages/policy-gui-docker/src/main/docker/Dockerfile @@ -26,30 +26,23 @@ ARG POLICY_LOGS=/var/log/onap/policy/gui ENV POLICY_LOGS=$POLICY_LOGS ENV POLICY_HOME=$POLICY_HOME/gui -ENV CLAMP_REST_URL=http://0.0.0.0 RUN mkdir -p $POLICY_HOME $POLICY_LOGS $POLICY_HOME/bin $POLICY_HOME/lib && \ chown -R policy:policy $POLICY_HOME $POLICY_LOGS && \ apk update && \ - apk add --no-cache gettext nginx + apk add --no-cache nginx -WORKDIR $POLICY_HOME -COPY policy-gui.sh ./bin/ -COPY /maven/gui-editor-apex-uber.jar ./lib/ -COPY /maven/gui-pdp-monitoring-uber.jar ./lib/ -COPY nginx/nginx.conf /etc/nginx/nginx.conf -COPY nginx/default.conf.template /etc/nginx/templates/default.conf.template -COPY nginx/index.html /usr/share/nginx/html/ -ADD /maven/gui-clamp-html.tar.gz /usr/share/nginx/html/ -ADD /maven/gui-pdp-monitoring-html.tar.gz /usr/share/nginx/html/ -RUN rm /etc/nginx/conf.d/default.conf && \ - ln -sf /dev/stdout /var/log/nginx/access.log && \ +COPY --chown=policy:policy etc/ /etc/ +COPY --chown=policy:policy policy-gui.sh $POLICY_HOME/bin/ +COPY --chown=policy:policy /maven/*.jar $POLICY_HOME/lib/ +ADD --chown=policy:policy index.html /maven/*-html.tar.gz /usr/share/nginx/html/ +RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ ln -sf /dev/stderr /var/log/nginx/error.log && \ touch /var/run/nginx.pid && \ - chown -R policy:policy . /etc/nginx /usr/share/nginx /var/lib/nginx /var/log/nginx /var/run/nginx.pid && \ - chmod 755 bin/*.sh + chown -R policy:policy /etc/nginx /usr/share/nginx /var/lib/nginx /var/log/nginx /var/run/nginx.pid && \ + chmod 755 $POLICY_HOME/bin/*.sh USER policy WORKDIR $POLICY_HOME/bin ENTRYPOINT [ "./policy-gui.sh" ] -EXPOSE 8080 +EXPOSE 2443 diff --git a/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template b/packages/policy-gui-docker/src/main/docker/etc/nginx/http.d/default.conf index d407827..2c589c4 100644 --- a/packages/policy-gui-docker/src/main/docker/nginx/default.conf.template +++ b/packages/policy-gui-docker/src/main/docker/etc/nginx/http.d/default.conf @@ -1,5 +1,9 @@ server { - listen 8080; + listen 2443 default ssl; + ssl_protocols TLSv1.2; + ssl_certificate /etc/ssl/clamp.pem; + ssl_certificate_key /etc/ssl/clamp.key; + ssl_verify_client optional_no_ca; location / { root /usr/share/nginx/html; @@ -8,7 +12,8 @@ server { } location /clamp/restservices/clds/ { - proxy_pass ${CLAMP_REST_URL}/restservices/clds/; + proxy_pass https://policy-clamp-backend:8443/restservices/clds/; + proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; } location /pdp-monitoring/papservices/monitoring/ { diff --git a/packages/policy-gui-docker/src/main/docker/nginx/nginx.conf b/packages/policy-gui-docker/src/main/docker/etc/nginx/nginx.conf index aac9bb6..aac9bb6 100644 --- a/packages/policy-gui-docker/src/main/docker/nginx/nginx.conf +++ b/packages/policy-gui-docker/src/main/docker/etc/nginx/nginx.conf diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key new file mode 100644 index 0000000..bcbb9f1 --- /dev/null +++ b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.key @@ -0,0 +1,32 @@ +Bag Attributes + friendlyName: clamp@clamp.onap.org + localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 +Key Attributes: <No Attributes> +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCTB30nMh0hczIk +vWJo7Omg7cAHhz50NBhLB7u+60oXRGCya4SqssqqxNnNqNQQP9MmflW2q/bZepWn +8Rk23X6CLmoIUlrj8BMPkUCRqzgvlaWPSNAK5QcOp6GUvXTuX4EsaWxJhbs9Ujz2 ++qi137iNOqfAx1sUygah1kjALrqHkXDqJGvIfxU5ES0akBi/lB7A3WpE52KTioSF +JS5Kbnpj1ogffGNKyAiNqU61LcF1FjWmINat2z3ZMk/3Xm+HCDg/GLPnbh4E1KoE +10O22AMys6YGEyPvgRfrTF13DsDX52PmmUHbkSB6kwS/CeV5Uu++8b6T2IWpPyZ2 ++5ptmL+tAgMBAAECggEBAIUplzRUswWEq7mSvPqC9+YE7pLi7rGYLRhnXKdBuszv +5RQzROjFHcEkoI8fhVFiPP70FPVpMh0uZTTBrDCA0v9cwjPfQuqGmPzUdUJ5bF3M +jzICpEn5vDaNpE5ueOUcIoXyxVyhfj+/p++YfgybHy7qHN0AsYFWqEMTLLjCmbYF +pZozbAcGQoAR8PSfwuvgusuEezrhYertHsdFwlfZhDtJvnm/4YKRUVEBzuaaA7B9 +sUhnQFS8ScqiUbkAGdjfY9wOYRHnQgjtqiP8poIzLkqCNSoVctgh5Pdv4jp4HO90 +J5QC+f7m7rOoWUw8EYbRo/4C4Mckh0GQQ+oP4xzrtZECgYEA3DYALFgOEY+0RR1K +61HAKqdNy1YbeuidpCBEJEwmIbzdgO1DcJdNznbfdRlmS7VB9orwRfNbf7Hxm2w/ +/xn9USENXWx7fvDoISqSDegvEsBSq5hSEMVl3f7CfQZrYl1f6gxfe7L/jtmbn0eQ +avsr9RaUCWP794DEXKuA9pC8hVsCgYEAquy5I4hO4jNBQ6v5+omjsEgk4513/RNs +f47Md8bsDHKJMbCMKCdqM1D3J1xbgV3DgSv0yNlKdU2wenWdgQAyBtz18NBgno85 +YNanFhp1CymgLFHdLJHSOqAkzutSuCNnGTT6AKspOQvy+cuj7XsnbsxtYK3Cgw5h +Mom3RnUy9ZcCgYAnForHVEYDBgAYuI9g39z9dT8Q1dMA6SN6S6Ps0Xt/R5gF15e9 +941/FYiqr3yB+cWgrp7hu8XFD9/0F63waTuW2AgYSjZNnROHN5g/UbRxXqQOA3al +tXRUiHEbYjVTe4GX+ORF/8rvH19JUZmn87ekxII4fH/wOfIhBOxaV+yuuwKBgHtz +5Tizz/3y9TWSdkgtt6uwP+yipLKGn/v1wNrWM1G+PDdGg8TQyxTrasfkHjdu6LFY +dUHIJ85X4ZphbvRolrl8SKq5Zr+/RLsb7qy5SUZZt1Wrfysc25H6bvuA3ksfTuzW +5acr+Oc6KTGgkvMI229cebe1aONNtIhTDav3JGpbAoGAX5DQvNreqnP8qSAvUN2I +TAHXIzawR3f6vgGgVIdkHkiS2eKzs/fgP3VAK80TbrGSR8HvBcPEcR/icOn1u/e6 +tDp0j6mGt5aPKK9VQkBn94bW35T12FUbdB+L8FWWTUrfiVWJtEW8tEsKil5ac8U4 +Bn3vC5WUeKhW6v6kD4AigqE= +-----END PRIVATE KEY----- diff --git a/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem new file mode 100644 index 0000000..a01b587 --- /dev/null +++ b/packages/policy-gui-docker/src/main/docker/etc/ssl/clamp.pem @@ -0,0 +1,33 @@ +Bag Attributes + friendlyName: clamp@clamp.onap.org + localKeyID: 54 69 6D 65 20 31 35 38 30 38 32 39 30 36 35 34 37 39 +subject=CN = clamp, emailAddress = mark.d.manager@people.osaaf.com, OU = clamp@clamp.onap.org:DEV, OU = OSAAF, O = ONAP, C = US + +issuer=C = US, O = ONAP, OU = OSAAF, CN = intermediateCA_9 + +-----BEGIN CERTIFICATE----- +MIIEWDCCA0CgAwIBAgIILw1zyDGqB5IwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDIwNDEyMjM1MloXDTIxMDIwNDEyMjM1Mlow +gY8xDjAMBgNVBAMMBWNsYW1wMS4wLAYJKoZIhvcNAQkBFh9tYXJrLmQubWFuYWdl +ckBwZW9wbGUub3NhYWYuY29tMSEwHwYDVQQLDBhjbGFtcEBjbGFtcC5vbmFwLm9y +ZzpERVYxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJV +UzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJMHfScyHSFzMiS9Ymjs +6aDtwAeHPnQ0GEsHu77rShdEYLJrhKqyyqrE2c2o1BA/0yZ+Vbar9tl6lafxGTbd +foIuaghSWuPwEw+RQJGrOC+VpY9I0ArlBw6noZS9dO5fgSxpbEmFuz1SPPb6qLXf +uI06p8DHWxTKBqHWSMAuuoeRcOoka8h/FTkRLRqQGL+UHsDdakTnYpOKhIUlLkpu +emPWiB98Y0rICI2pTrUtwXUWNaYg1q3bPdkyT/deb4cIOD8Ys+duHgTUqgTXQ7bY +AzKzpgYTI++BF+tMXXcOwNfnY+aZQduRIHqTBL8J5XlS777xvpPYhak/Jnb7mm2Y +v60CAwEAAaOB/jCB+zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUzfIed+18wgFs7E6q0b6BbMICtfsw +RwYDVR0RBEAwPoIFY2xhbXCCCmNsYW1wLW9uYXCCHWNsYW1wLmFwaS5zaW1wbGVk +ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQBizhsW +XrJ9wQy3PrBxgh90sOF15tayXPRZSFYPoQb5LhRh3IY/PvXLaSHlkgPHlCLLx36S +0/DiVf86/83ABvyaq9gJIyg/m4ntNae23OKH1AkA1aN+JCKA8yhsAzDBcRF6Aj7E +VJ+vQlSzz5oh+efP1e/8DUMd1/WwbTXvRd0Iqv/fyZunbjb82qNMrsK1mQ2q+87A +0jx9u1EdeMihP6vWiuKzlwy4mKoNT573SPpvaOkjX3yDlmf2CTQZ9vdAvjmFmVsH +1wyrNZOIgW4VjluiZfAk3mOEskrZiP/7aUXnxmNnYTpgZMbhiouLbRrTc4lLEyhx +G7A61/KGTsLZlvxb +-----END CERTIFICATE----- diff --git a/packages/policy-gui-docker/src/main/docker/nginx/index.html b/packages/policy-gui-docker/src/main/docker/index.html index 98742ae..98742ae 100644 --- a/packages/policy-gui-docker/src/main/docker/nginx/index.html +++ b/packages/policy-gui-docker/src/main/docker/index.html diff --git a/packages/policy-gui-docker/src/main/docker/policy-gui.sh b/packages/policy-gui-docker/src/main/docker/policy-gui.sh index bb2d9c9..050cbb7 100644 --- a/packages/policy-gui-docker/src/main/docker/policy-gui.sh +++ b/packages/policy-gui-docker/src/main/docker/policy-gui.sh @@ -30,7 +30,6 @@ echo "Starting gui-pdp-monitoring" $JAVA_HOME/bin/java -jar "$POLICY_HOME/lib/gui-pdp-monitoring-uber.jar" -p 17999 & echo "Starting nginx" -envsubst '${CLAMP_REST_URL}' < /etc/nginx/templates/default.conf.template > /etc/nginx/conf.d/default.conf nginx -g "daemon on;" wait |