diff options
| author |   r.bogacki <r.bogacki@samsung.com> | 2019-10-01 08:58:51 +0200 |
|---|---|---|
| committer |   Oren Kleks <orenkle@amdocs.com> | 2019-10-06 06:18:49 +0000 |
| commit | e69e424aa205dce56cebda5babce30fe260b10f8 (patch) | |
| tree | 6571456c8ddfdfdb7b7165bd4881e10e1960d526 | |
| parent | 12d0516104bae658d9a83e4eff767ac57d575556 (diff) | |
Enabled HTTPS for sdc-workflow-designer
-Enabled HTTPS for frontend and backend
-Updated paths and passwords for a certificates
Issue-ID: SDC-2479
Signed-off-by: Robert Bogacki <r.bogacki@samsung.com>
Change-Id: Ibccdae478c047aac1a69192e3c257ea31dc39cac
| -rw-r--r-- | workflow-designer-be/pom.xml | 2 | ||||
| -rw-r--r-- | workflow-designer-be/src/main/resources/application-dev.properties | 14 | ||||
| -rw-r--r-- | workflow-designer-be/src/main/resources/application.properties | 8 | ||||
| -rw-r--r-- | workflow-designer-be/src/main/resources/assembly.xml | 23 | ||||
| -rw-r--r-- | workflow-designer-be/src/main/resources/org.onap.sdc.p12 | bin | 4051 -> 0 bytes | |||
| -rw-r--r-- | workflow-designer-init/src/main/docker/Dockerfile | 2 | ||||
| -rw-r--r-- | workflow-designer-ui/docker/Dockerfile | 6 | ||||
| -rw-r--r-- | workflow-designer-ui/docker/org.onap.sdc.p12 | bin | 0 -> 4459 bytes | |||
| -rw-r--r-- | workflow-designer-ui/docker/org.onap.sdc.trust.jks | bin | 0 -> 1413 bytes | |||
| -rw-r--r-- | workflow-designer-ui/docker/startup.sh | 10 |
10 files changed, 47 insertions, 18 deletions
diff --git a/workflow-designer-be/pom.xml b/workflow-designer-be/pom.xml index d617b072..40b7074f 100644 --- a/workflow-designer-be/pom.xml +++ b/workflow-designer-be/pom.xml @@ -188,8 +188,8 @@ <from>openjdk:8-jdk-alpine</from> <user>root</user> <assembly> - <descriptorRef>artifact</descriptorRef> <targetDir>/</targetDir> + <descriptor>${project.basedir}/src/main/resources/assembly.xml</descriptor> </assembly> <entryPoint> java ${JAVA_OPTIONS} -jar /${project.build.finalName}.jar diff --git a/workflow-designer-be/src/main/resources/application-dev.properties b/workflow-designer-be/src/main/resources/application-dev.properties index 98eda721..2fdd9076 100644 --- a/workflow-designer-be/src/main/resources/application-dev.properties +++ b/workflow-designer-be/src/main/resources/application-dev.properties @@ -1,5 +1,5 @@ #/ -# Copyright © 2016-2018 European Support Limited +# Copyright � 2016-2018 European Support Limited # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,12 +17,12 @@ server.servlet.context-path=/ http.port=${HTTP_PORT:8080} server.port=${SERVER_PORT:8443} -server.ssl.enabled=${SERVER_SSL_ENABLED:false} -server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:} -server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:} -server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:} +server.ssl.enabled=${SERVER_SSL_ENABLED:true} +server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:!ppJ.JvWn0hGh)oVF]([Kv)^} +server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:/etc/server-https-keystore/org.onap.sdc.p12} +server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:PKCS12} -sdc.be.protocol=${SDC_PROTOCOL:} +sdc.be.protocol=${SDC_PROTOCOL:https} sdc.be.endpoint=${SDC_ENDPOINT:} sdc.be.external.user=${SDC_USER:} sdc.be.external.password=${SDC_PASSWORD:} @@ -55,4 +55,4 @@ logging.file=${java.io.tmpdir}/application.log logging.pattern.console= %d{yyyy-MM-dd HH:mm:ss} - %msg%n # Logging pattern for file -logging.pattern.file= %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%
\ No newline at end of file +logging.pattern.file= %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg% diff --git a/workflow-designer-be/src/main/resources/application.properties b/workflow-designer-be/src/main/resources/application.properties index e7224a75..44b048ac 100644 --- a/workflow-designer-be/src/main/resources/application.properties +++ b/workflow-designer-be/src/main/resources/application.properties @@ -18,11 +18,11 @@ http.port=${HTTP_PORT:8080} server.port=${SERVER_PORT:8443} server.ssl.enabled=${SERVER_SSL_ENABLED:true} -server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:rTIS;B4kM]2GHcNK2c3B4&Ng} -server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:classpath:org.onap.sdc.p12} -server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:PKCS12} +server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:} +server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:} +server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:} -sdc.be.protocol=${SDC_PROTOCOL:https} +sdc.be.protocol=${SDC_PROTOCOL:} sdc.be.endpoint=${SDC_ENDPOINT:} sdc.be.external.user=${SDC_USER:} sdc.be.external.password=${SDC_PASSWORD:} diff --git a/workflow-designer-be/src/main/resources/assembly.xml b/workflow-designer-be/src/main/resources/assembly.xml new file mode 100644 index 00000000..f8b802c4 --- /dev/null +++ b/workflow-designer-be/src/main/resources/assembly.xml @@ -0,0 +1,23 @@ +<assembly + xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.1" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.1 http://maven.apache.org/xsd/assembly-1.1.1.xsd"> + <id>sdc-wfd-be-files</id> + <includeBaseDirectory>false</includeBaseDirectory> + <fileSets> + <fileSet> + <includes> + <include>${project.build.finalName}.jar</include> + </includes> + <directory>${project.build.directory}</directory> + <outputDirectory>/</outputDirectory> + </fileSet> + <fileSet> + <includes> + <include>org.onap.sdc.p12</include> + </includes> + <directory>${project.basedir}/../workflow-designer-ui/docker</directory> + <outputDirectory>/etc/server-https-keystore</outputDirectory> + </fileSet> + </fileSets> +</assembly> diff --git a/workflow-designer-be/src/main/resources/org.onap.sdc.p12 b/workflow-designer-be/src/main/resources/org.onap.sdc.p12 Binary files differdeleted file mode 100644 index ee000dc7..00000000 --- a/workflow-designer-be/src/main/resources/org.onap.sdc.p12 +++ /dev/null diff --git a/workflow-designer-init/src/main/docker/Dockerfile b/workflow-designer-init/src/main/docker/Dockerfile index 399f216c..9db22839 100644 --- a/workflow-designer-init/src/main/docker/Dockerfile +++ b/workflow-designer-init/src/main/docker/Dockerfile @@ -6,4 +6,4 @@ COPY create_keyspaces.cql create_tables.cql start.sh ./ RUN chmod 744 start.sh -ENTRYPOINT ["./start.sh"]
\ No newline at end of file +ENTRYPOINT ["./start.sh"] diff --git a/workflow-designer-ui/docker/Dockerfile b/workflow-designer-ui/docker/Dockerfile index 83e8d5ac..2a0ef24c 100644 --- a/workflow-designer-ui/docker/Dockerfile +++ b/workflow-designer-ui/docker/Dockerfile @@ -7,10 +7,12 @@ USER root ARG ARTIFACT +COPY org.onap.sdc.p12 org.onap.sdc.trust.jks /etc/sdc-cert/ + ADD ${ARTIFACT} ${JETTY_BASE}/webapps/ -RUN chown -R jetty:jetty ${JETTY_BASE}/webapps +RUN chown -R jetty:jetty ${JETTY_BASE}/webapps /etc/sdc-cert COPY startup.sh . RUN chmod 744 startup.sh -ENTRYPOINT [ "./startup.sh" ]
\ No newline at end of file +ENTRYPOINT [ "./startup.sh" ] diff --git a/workflow-designer-ui/docker/org.onap.sdc.p12 b/workflow-designer-ui/docker/org.onap.sdc.p12 Binary files differnew file mode 100644 index 00000000..d03ca1c9 --- /dev/null +++ b/workflow-designer-ui/docker/org.onap.sdc.p12 diff --git a/workflow-designer-ui/docker/org.onap.sdc.trust.jks b/workflow-designer-ui/docker/org.onap.sdc.trust.jks Binary files differnew file mode 100644 index 00000000..d07ce1a6 --- /dev/null +++ b/workflow-designer-ui/docker/org.onap.sdc.trust.jks diff --git a/workflow-designer-ui/docker/startup.sh b/workflow-designer-ui/docker/startup.sh index 359e6aca..431a0cda 100644 --- a/workflow-designer-ui/docker/startup.sh +++ b/workflow-designer-ui/docker/startup.sh @@ -7,12 +7,16 @@ if [ "$HTTPS_ENABLED" = "true" ] then echo "enable ssl" if [ -z "$KEYSTORE_PATH" ]; then + + keystore_pass="!ppJ.JvWn0hGh)oVF]([Kv)^" + truststore_pass="].][xgtze]hBhz*wy]}m#lf*" + java -jar "${JETTY_HOME}/start.jar" --add-to-start=https,ssl \ jetty.sslContext.keyStorePath=$KEYSTORE_PATH \ - jetty.sslContext.keyStorePassword=$KEYSTORE_PASSWORD \ + jetty.sslContext.keyStorePassword=${KEYSTORE_PASS:-$keystore_pass} \ jetty.sslContext.keyStoreType=$KEYSTORE_TYPE \ jetty.sslContext.trustStorePath=$TRUSTSTORE_PATH \ - jetty.sslContext.trustStorePassword=$TRUSTSTORE_PASSWORD \ + jetty.sslContext.trustStorePassword=${TRUSTSTORE_PASS:-$truststore_pass} \ jetty.sslContext.trustStoreType=$TRUSTSTORE_TYPE \ else echo "Using jetty default SSL" @@ -22,4 +26,4 @@ else echo "no ssl required" fi -java -DproxyTo=$BACKEND $JAVA_OPTIONS -jar $JETTY_HOME/start.jar
\ No newline at end of file +java -DproxyTo=$BACKEND $JAVA_OPTIONS -jar $JETTY_HOME/start.jar |