From 4f24b3cdb73d28c40e0893c75a6bd97e8ad17c10 Mon Sep 17 00:00:00 2001 From: Avinash S Date: Thu, 8 Feb 2018 11:54:30 +0000 Subject: Initial commit for https for marketplace Add dockerfile provision for nginx with reverse proxy configuration to proxy https recevied from 8703 to tomcat at 8702. Currently selfsigned cert is used but can be enhanced for OCSP support. Need https functionality testing. Issue-ID: VNFSDK-199 Change-Id: I28ec76f3b1136a01901170ca3775a661d42edbb6 Signed-off-by: Avinash S --- .../docker-refrepo/src/main/docker/Dockerfile | 11 +++++ .../docker-refrepo/src/main/docker/certgen.sh | 2 + .../docker-refrepo/src/main/docker/nginx.conf | 47 ++++++++++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh create mode 100644 vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf (limited to 'vnfmarket-be/deployment/docker') diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile index 3baa2f6a..87114c93 100644 --- a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile +++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/Dockerfile @@ -19,6 +19,15 @@ ENV JAVA_HOME /usr/lib/jvm/jre WORKDIR /service # 20-mysq.txt +RUN yum install epel-release +RUN yum install nginx && \ + mkdir -p /etc/nginx/ssl +COPY nginx.conf /etc/nginx/nginx.conf +COPY certgen.sh . +CMD chmod +x ./certgen.sh && \ + ./certgen.sh +COPY example.key example.cert /etc/nginx/ssl/ +#CMD service nginx start # Set up mysql RUN wget -q http://repo.mysql.com/mysql-community-release-el7-5.noarch.rpm && rpm -ivh mysql-community-release-el7-5.noarch.rpm && rm -f mysql-community-release-el7-5.noarch.rpm @@ -35,6 +44,7 @@ ENV CATALINA_HOME /service # 50-microservice.txt - AUTOGENERATED, DO NOT MODIFY MANUALLY + # Set up microservice ADD ./STAGE /service RUN yum install -y gcc-c++ make && curl -sL https://rpm.nodesource.com/setup_6.x | bash - @@ -44,6 +54,7 @@ RUN cd /service/webapps/onapui/vnfmarket && npm install phantomjs-prebuilt@2.1. # https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.vnfsdk.refrepo.marketplace&a=vnf-sdk-marketplace-deployment&e=zip&c=&v=LATEST # RUN wget -q -O vnf-sdk-marketplace-1.0.0.zip "https://nexus.onap.org/service/local/repositories/snapshots/content/org/onap/vnfsdk/refrepo/vnf-sdk-marketplace-deployment/1.0.0/vnf-sdk-marketplace-deployment-1.0.0-20170515.020618-24.zip" && unzip -q -o -B vnf-sdk-marketplace-1.0.0.zip && rm -f vnf-sdk-marketplace-1.0.0.zip EXPOSE 8702 +EXPOSE 8703 # RUN echo ONAP vnf-sdk-marketplace 1.0.0 "https://nexus.onap.org/service/local/repositories/snapshots/content/org/openo/vnfsdk/refrepo/vnf-sdk-marketplace-deployment/1.0.0/vnf-sdk-marketplace-deployment-1.0.0-20170515.020618-24.zip" > ONAP_VERSION diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh new file mode 100644 index 00000000..1108c719 --- /dev/null +++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/certgen.sh @@ -0,0 +1,2 @@ +#/bin/sh +openssl req -nodes -newkey rsa:2048 -keyout example.key -out example.csr -subj "/C=IN/ST=Bangalore/L=Bangalore/O=Global Security/OU=ONAP/CN=example.com" diff --git a/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf new file mode 100644 index 00000000..34c4c367 --- /dev/null +++ b/vnfmarket-be/deployment/docker/docker-refrepo/src/main/docker/nginx.conf @@ -0,0 +1,47 @@ +daemon off; + +pid /run/nginx.pid + +events { + worker_connections 500; + # multi_accept on; +} +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + server { + listen *:8703 ssl; + server_name + ssl on; + ssl_certificate /etc/nginx/ssl/cert.crt; + ssl_certificate_key /etc/nginx/ssl/cert.key; + ssl_session_cache builtin:1000 shared:SSL:80m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + keepalive_timeout 70; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://localhost:8702; + proxy_read_timeout 90; + proxy_redirect off; + } + } +} -- cgit 1.2.3-korg