diff options
author | Avinash S <avinash.s@huawei.com> | 2018-02-08 11:54:30 +0000 |
---|---|---|
committer | Avinash S <avinash.s@huawei.com> | 2018-02-08 12:05:51 +0000 |
commit | 4f24b3cdb73d28c40e0893c75a6bd97e8ad17c10 (patch) | |
tree | e14fba24935e2185281c1939d9c7b78793564ed5 | |
parent | 4906224d2f07f20145ab9eda96e738c296fa2ede (diff) |
Initial commit for https for marketplace
Add dockerfile provision for nginx with
reverse proxy configuration to proxy https recevied
from 8703 to tomcat at 8702. Currently selfsigned cert
is used but can be enhanced for OCSP support.
Need https functionality testing.
Issue-ID: VNFSDK-199
Change-Id: I28ec76f3b1136a01901170ca3775a661d42edbb6
Signed-off-by: Avinash S <avinash.s@huawei.com>
3 files changed, 60 insertions, 0 deletions
diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile index 3baa2f6a..87114c93 100644 --- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile +++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile @@ -19,6 +19,15 @@ ENV JAVA_HOME /usr/lib/jvm/jre WORKDIR /service # 20-mysq.txt +RUN yum install epel-release +RUN yum install nginx && \ + mkdir -p /etc/nginx/ssl +COPY nginx.conf /etc/nginx/nginx.conf +COPY certgen.sh . +CMD chmod +x ./certgen.sh && \ + ./certgen.sh +COPY example.key example.cert /etc/nginx/ssl/ +#CMD service nginx start # Set up mysql RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm @@ -35,6 +44,7 @@ ENV CATALINA_HOME /service # 50-microservice.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY + # Set up microservice ADD ./STAGE /service RUN yum install -y gcc-c++ make && curl -sL https://rpm.nodesource.com/setup_6.x | bash - @@ -44,6 +54,7 @@ RUN cd /service/webapps/onapui/vnfmarket && npm install phantomjs-prebuilt@2.1. # https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vnfsdk.refrepo.marketplace&a=vnf-sdk-marketplace-deployment&e=zip&c=&v=LATEST # RUN wget -q -O vnf-sdk-marketplace-1.0.0.zip "https://nexus.onap.org/service/local/repositories/snapshots/content/org/onap/vnfsdk/refrepo/vnf-sdk-marketplace-deployment/1.0.0/vnf-sdk-marketplace-deployment-1.0.0-20170515.020618-24.zip" && unzip -q -o -B vnf-sdk-marketplace-1.0.0.zip && rm -f vnf-sdk-marketplace-1.0.0.zip EXPOSE 8702 +EXPOSE 8703 # RUN echo ONAP vnf-sdk-marketplace 1.0.0 "https://nexus.onap.org/service/local/repositories/snapshots/content/org/openo/vnfsdk/refrepo/vnf-sdk-marketplace-deployment/1.0.0/vnf-sdk-marketplace-deployment-1.0.0-20170515.020618-24.zip" > ONAP_VERSION diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh new file mode 100644 index 00000000..1108c719 --- /dev/null +++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh @@ -0,0 +1,2 @@ +#/bin/sh +openssl req -nodes -newkey rsa:2048 -keyout example.key -out example.csr -subj "/C=IN/ST=Bangalore/L=Bangalore/O=Global Security/OU=ONAP/CN=example.com" diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf new file mode 100644 index 00000000..34c4c367 --- /dev/null +++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf @@ -0,0 +1,47 @@ +daemon off; + +pid /run/nginx.pid + +events { + worker_connections 500; + # multi_accept on; +} +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + server { + listen *:8703 ssl; + server_name + ssl on; + ssl_certificate /etc/nginx/ssl/cert.crt; + ssl_certificate_key /etc/nginx/ssl/cert.key; + ssl_session_cache builtin:1000 shared:SSL:80m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + keepalive_timeout 70; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://localhost:8702; + proxy_read_timeout 90; + proxy_redirect off; + } + } +} |