summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAvinash S <avinash.s@huawei.com>2018-02-08 11:54:30 +0000
committerAvinash S <avinash.s@huawei.com>2018-02-08 12:05:51 +0000
commit4f24b3cdb73d28c40e0893c75a6bd97e8ad17c10 (patch)
treee14fba24935e2185281c1939d9c7b78793564ed5
parent4906224d2f07f20145ab9eda96e738c296fa2ede (diff)
Initial commit for https for marketplace
Add dockerfile provision for nginx with reverse proxy configuration to proxy https recevied from 8703 to tomcat at 8702. Currently selfsigned cert is used but can be enhanced for OCSP support. Need https functionality testing. Issue-ID: VNFSDK-199 Change-Id: I28ec76f3b1136a01901170ca3775a661d42edbb6 Signed-off-by: Avinash S <avinash.s@huawei.com>
-rw-r--r--vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile11
-rw-r--r--vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh2
-rw-r--r--vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf47
3 files changed, 60 insertions, 0 deletions
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile
index 3baa2f6a..87114c93 100644
--- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile
@@ -19,6 +19,15 @@ ENV JAVA_HOME /usr/lib/jvm/jre
WORKDIR /service
# 20-mysq.txt
+RUN yum install epel-release
+RUN yum install nginx && \
+ mkdir -p /etc/nginx/ssl
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY certgen.sh .
+CMD chmod +x ./certgen.sh && \
+ ./certgen.sh
+COPY example.key example.cert /etc/nginx/ssl/
+#CMD service nginx start
# Set up mysql
RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm
@@ -35,6 +44,7 @@ ENV CATALINA_HOME /service
# 50-microservice.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY
+
# Set up microservice
ADD ./STAGE /service
RUN yum install -y gcc-c++ make && curl -sL https://rpm.nodesource.com/setup_6.x | bash -
@@ -44,6 +54,7 @@ RUN cd /service/webapps/onapui/vnfmarket && npm install phantomjs-prebuilt@2.1.
# https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vnfsdk.refrepo.marketplace&a=vnf-sdk-marketplace-deployment&e=zip&c=&v=LATEST
# RUN wget -q -O vnf-sdk-marketplace-1.0.0.zip "https://nexus.onap.org/service/local/repositories/snapshots/content/org/onap/vnfsdk/refrepo/vnf-sdk-marketplace-deployment/1.0.0/vnf-sdk-marketplace-deployment-1.0.0-20170515.020618-24.zip" && unzip -q -o -B vnf-sdk-marketplace-1.0.0.zip && rm -f vnf-sdk-marketplace-1.0.0.zip
EXPOSE 8702
+EXPOSE 8703
# RUN echo ONAP vnf-sdk-marketplace 1.0.0 "https://nexus.onap.org/service/local/repositories/snapshots/content/org/openo/vnfsdk/refrepo/vnf-sdk-marketplace-deployment/1.0.0/vnf-sdk-marketplace-deployment-1.0.0-20170515.020618-24.zip" > ONAP_VERSION
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh
new file mode 100644
index 00000000..1108c719
--- /dev/null
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh
@@ -0,0 +1,2 @@
+#/bin/sh
+openssl req -nodes -newkey rsa:2048 -keyout example.key -out example.csr -subj "/C=IN/ST=Bangalore/L=Bangalore/O=Global Security/OU=ONAP/CN=example.com"
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf
new file mode 100644
index 00000000..34c4c367
--- /dev/null
+++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf
@@ -0,0 +1,47 @@
+daemon off;
+
+pid /run/nginx.pid
+
+events {
+ worker_connections 500;
+ # multi_accept on;
+}
+http {
+
+ ##
+ # Basic Settings
+ ##
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ server {
+ listen *:8703 ssl;
+ server_name
+ ssl on;
+ ssl_certificate /etc/nginx/ssl/cert.crt;
+ ssl_certificate_key /etc/nginx/ssl/cert.key;
+ ssl_session_cache builtin:1000 shared:SSL:80m;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
+ ssl_prefer_server_ciphers on;
+ ssl_session_timeout 10m;
+ keepalive_timeout 70;
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass http://localhost:8702;
+ proxy_read_timeout 90;
+ proxy_redirect off;
+ }
+ }
+}