MAINTAINER "Guangrong Fu" <fu.guangrong@zte.com.cn>
-EXPOSE 9101 9104 9105 9201
+EXPOSE 9101 9104 9201
ENV HOSTNAME holmes-rule-mgmt
&& apk add --no-cache nss
-
#add the frontend pacakge to the docker images
RUN rm /etc/nginx/conf.d/default.conf
RUN mkdir -p /etc/ssl/certs/
RUN mkdir /etc/ssl/private
ADD holmes-rulemgt-frontend-*.tar.gz /usr/local/openresty/nginx/html/
-ADD nginx.conf /usr/local/openresty/nginx/conf
+ADD nginx-https.conf /usr/local/openresty/nginx/conf
+ADD nginx-http.conf /usr/local/openresty/nginx/conf
ADD holmes-frontend.key /etc/ssl/private
ADD holmes-frontend-selfsigned.crt /etc/ssl/certs
ADD dhparam.pem /etc/ssl/certs
fi
echo DB_PORT=$DB_PORT
+if [ -z ${ENABLE_ENCRYPT} ]; then
+ export ENABLE_ENCRYPT=true
+fi
+echo ENABLE_ENCRYPT=$ENABLE_ENCRYPT
+
KEY_PATH="$main_path/conf/holmes.keystore"
KEY_PASSWORD="holmes"
-
#HTTPS Configurations
sed -i "s|keyStorePath:.*|keyStorePath: $KEY_PATH|" "$main_path/conf/rulemgt.yml"
sed -i "s|keyStorePassword:.*|keyStorePassword: $KEY_PASSWORD|" "$main_path/conf/rulemgt.yml"
+if [ ${ENABLE_ENCRYPT} == true ]; then
+ sed -i "s|type:\s*https\?$|type: https|" "$main_path/conf/rulemgt.yml"
+ sed -i "s|#\?keyStorePath|keyStorePath|" "$main_path/conf/rulemgt.yml"
+ sed -i "s|#\?keyStorePassword|keyStorePassword|" "$main_path/conf/rulemgt.yml"
+ sed -i "s|#\?validateCerts|validateCerts|" "$main_path/conf/rulemgt.yml"
+ sed -i "s|#\?validatePeers|validatePeers|" "$main_path/conf/rulemgt.yml"
+else
+ sed -i 's|type:\s*https\?$|type: http|' "$main_path/conf/rulemgt.yml"
+ sed -i "s|#\?keyStorePath|#keyStorePath|" "$main_path/conf/rulemgt.yml"
+ sed -i "s|#\?keyStorePassword|#keyStorePassword|" "$main_path/conf/rulemgt.yml"
+ sed -i "s|#\?validateCerts|#validateCerts|" "$main_path/conf/rulemgt.yml"
+ sed -i "s|#\?validatePeers|#validatePeers|" "$main_path/conf/rulemgt.yml"
+fi
+
./bin/initDB.sh $JDBC_USERNAME $JDBC_PASSWORD $DB_NAME $DB_PORT "${URL_JDBC%:*}"
#echo Registered UI to MSB.
-nginx -c /usr/local/openresty/nginx/conf/nginx.conf
+if [ ${ENABLE_ENCRYPT} == true ]; then
+ nginx -c /usr/local/openresty/nginx/conf/nginx-https.conf
+else
+ nginx -c /usr/local/openresty/nginx/conf/nginx-http.conf
+fi
echo nginx started.
"$JAVA" $JAVA_OPTS -classpath "$class_path" org.onap.holmes.rulemgt.RuleActiveApp server "$main_path/conf/rulemgt.yml"
connector:
type: https
port: 9101
- keyStorePath: E:\Codes\ONAP\holmes\rule-management\rulemgt-standalone\src\main\assembly\conf\holmes.keystore
+ keyStorePath: /home/holmes/conf/holmes.keystore
keyStorePassword: holmes
validateCerts: false
validatePeers: false
--- /dev/null
+#user nobody;
+worker_processes 1;
+
+error_log logs/error.log;
+error_log logs/error.log notice;
+error_log logs/error.log info;
+
+pid logs/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ #access_log logs/access.log main;
+
+ sendfile on;
+
+ keepalive_timeout 65;
+
+ server {
+ listen 9104;
+ server_name _;
+
+ location / {
+ root /usr/local/openresty/nginx/html;
+
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_redirect off;
+
+ if ($uri ~ "/api/holmes-rule-mgmt/(.*)") {
+ proxy_pass http://$host:9101$request_uri;
+ break;
+ }
+
+ if ($uri ~ "/api/holmes-engine-mgmt/(.*)") {
+ proxy_pass http://$host:9102$request_uri;
+ break;
+ }
+ }
+
+ location ~*.(htm|html){
+ add_header Cache-Control no-cache;
+ root html;
+ }
+ }
+}