From 365efba8eed6ba3dbc7f7c50c2bd93312da2a162 Mon Sep 17 00:00:00 2001 From: Patrick Brady Date: Wed, 20 Mar 2019 15:36:50 -0700 Subject: [PATCH] Changes for cdt over https Change cdt to run on nginx image Configure nginx to use https Add sample certificates for https Change-Id: Ie93cf7e5b0e6a287753ffd54edace5492ad667b3 Signed-off-by: Patrick Brady Issue-ID: APPC-1551 --- cdt/pom.xml | 38 +++++++++++++++++++++++ cdt/src/main/docker/Dockerfile | 17 +++-------- cdt/src/main/resources/cert/cdt-cert.pem | 32 ++++++++++++++++++++ cdt/src/main/resources/cert/cdt-key.pem | 52 ++++++++++++++++++++++++++++++++ cdt/src/main/resources/nginx.conf | 27 +++++++++++++++++ cdt/src/main/scripts/startCdt.sh | 6 ++-- 6 files changed, 157 insertions(+), 15 deletions(-) create mode 100644 cdt/src/main/resources/cert/cdt-cert.pem create mode 100644 cdt/src/main/resources/cert/cdt-key.pem create mode 100644 cdt/src/main/resources/nginx.conf diff --git a/cdt/pom.xml b/cdt/pom.xml index 3d592a0..bd408b5 100644 --- a/cdt/pom.xml +++ b/cdt/pom.xml @@ -96,6 +96,44 @@ limitations under the License. + + copy-resources + + copy-resources + + validate + + ${basedir}/target/docker-stage + + + src/main/resources + + nginx.conf + + false + + + + + + copy-certs + + copy-resources + + validate + + ${basedir}/target/docker-stage/cert + + + src/main/resources/cert + + *.pem + + false + + + + diff --git a/cdt/src/main/docker/Dockerfile b/cdt/src/main/docker/Dockerfile index 4fe3d4f..514ddba 100644 --- a/cdt/src/main/docker/Dockerfile +++ b/cdt/src/main/docker/Dockerfile @@ -20,17 +20,10 @@ # ============LICENSE_END============================================ # Base Alpine with added packages needed for ONAP -FROM httpd:2.4-alpine +FROM nginx:1.15.9-alpine MAINTAINER APP-C Team (appc@lists.openecomp.org) -RUN sed -i -e "s/80/18080/" /usr/local/apache2/conf/httpd.conf; \ -addgroup -S cdt && adduser -S cdt -G cdt - -COPY --chown=cdt:cdt config-design-tool /usr/local/apache2/htdocs/ - -COPY --chown=cdt:cdt startCdt.sh /opt/startCdt.sh - -RUN chown -R cdt:cdt /opt; \ -chown -R cdt:cdt /usr/local/apache2 - -USER cdt:cdt +COPY config-design-tool /opt/cdt +COPY startCdt.sh /opt/startCdt.sh +COPY cert /opt/cert +COPY nginx.conf /etc/nginx/nginx.conf diff --git a/cdt/src/main/resources/cert/cdt-cert.pem b/cdt/src/main/resources/cert/cdt-cert.pem new file mode 100644 index 0000000..a85760b --- /dev/null +++ b/cdt/src/main/resources/cert/cdt-cert.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFczCCA1ugAwIBAgIJAKCleZSr2IiCMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNV +BAYTAlVTMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxDTALBgNVBAoMBE9OQVAxDTAL +BgNVBAsMBEFQUEMxDDAKBgNVBAMMA2NkdDAeFw0xOTAzMTkyMTMwNTNaFw0yMjAz +MTgyMTMwNTNaMFAxCzAJBgNVBAYTAlVTMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkx +DTALBgNVBAoMBE9OQVAxDTALBgNVBAsMBEFQUEMxDDAKBgNVBAMMA2NkdDCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKClqKr6xS0B7N4GJDZHShquYPbl +m09LH45uQ00MCgaMWCJdnCSLPggwBrDzfuRC3xZIvUZamZjGUya7/clQMORUoh9m ++FDnwzbyjjtZ/VZlRjqz/JydWXCSxR/DxgmO2EbCOjNlRA3b6nQhGo9MUB+++EiG +EGwBlrit2ru7efgQiTofPWfVk2SMQzmXpQffajKnGicTPjtZVgF1zyBOOwpyTPUN +zJVrxcUizTqbQ/aVapozu7anRGbqwrkMaSvU4pRUqCcy+ZPOCktLsDTVMLJR/yVo +e15r1MD65RS8122mGW55J/frbbX0NncJ4PA/D2a1VXwPVSmousmsYU6rjXdZG3vY +nQWPP34g4F7p7Zc0VrFQbJr5rquaddpkNoHbQN0H2uy84qU3ITZoAu9aw5D4sek8 +6eQ7a2B1QSnSm7vYd/3aakSOJb8KPFJ0ZGRJYUIHtFQevqQlgpR13q+lWqaHMWnu +9dP8WRx5Wcg+MotGbifuCbKekVe/ubUAhtj5UjvAZxltr25FBJ/AlwgU0HFglHcJ +dgN3YdP9sNSSyKO44Joi1nBYQAr59nj2D5o7zOYr6kh/b8eCzSC1U0cYia8OHwZw +mEpwkIOOyQhnin06oG4zNm7O5LnUGRfrPDCU8eID3qWJN5VeJFA1i/ucdLSjCX1I +nNVx9+olfG9YltnjAgMBAAGjUDBOMB0GA1UdDgQWBBRiKsbS2rOn4toAVQCRYlgw +Oz4vCjAfBgNVHSMEGDAWgBRiKsbS2rOn4toAVQCRYlgwOz4vCjAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAKvum2v/eDxeYsfg+DR/DFfRMxyW70RRKB +/KZWXce/fG8lKlAtLIoCfyh8T/gVG87IQx7N3aSEZuSRZOFWbY6xPC36nJrTUc6Q +ZuL1gg9k6ze5Nlt9bjJqFZ/HIhpKwHmTt6ORDbbXeXnH6KXU7YrFxH0zZKmERF5b +luvX494YwgJ8LMYQM8WeSDKZPfGDGwNh9eOocXbwlhOAwVjcAxQpVLdyjFqk9Ylf +FzlUPv/Kt1voPPI5s1FaF1AHLgzkCWuW7nGL2Zmxna9tfPwHE00UHoQ4nzk3gtFw +YFKzq2f04B7NA9JaX7A2qbtX69U21wcCE8FKGKNXeQSKLZRgv5d8ZLOFNaUy4zWD +bI/U/vSfxa0gUzcEykgmVKjpsKaMgBtx3gdytcaTEZv3yzqcaKbghDwbSqL4a8x5 +tOey+kIzStcyKNmwd1SCJ80pUrraEt73AelP/IjradBSJQiWi1VOhDWDtk7pJEXq +zJR2SBnKsirzo5hbAs+thzqbjw/DoyPb7+TXVPFaWhfSDK+iT4slQZWUntPxG/sv +8IPnk9F10sn+czdcpuFA6lFE9yphUYj6ezFz/lIQkcnhbCfTVJQd26d+G3xsbMw7 +98GTvwUGzDbEqnBjI1SN2Hm/ze3Ox8WLqius1dU1hSd8L6kqhgm4se92NQc4fubZ +mYiaY7xIxw== +-----END CERTIFICATE----- diff --git a/cdt/src/main/resources/cert/cdt-key.pem b/cdt/src/main/resources/cert/cdt-key.pem new file mode 100644 index 0000000..95b36c3 --- /dev/null +++ b/cdt/src/main/resources/cert/cdt-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCgpaiq+sUtAeze +BiQ2R0oarmD25ZtPSx+ObkNNDAoGjFgiXZwkiz4IMAaw837kQt8WSL1GWpmYxlMm +u/3JUDDkVKIfZvhQ58M28o47Wf1WZUY6s/ycnVlwksUfw8YJjthGwjozZUQN2+p0 +IRqPTFAfvvhIhhBsAZa4rdq7u3n4EIk6Hz1n1ZNkjEM5l6UH32oypxonEz47WVYB +dc8gTjsKckz1DcyVa8XFIs06m0P2lWqaM7u2p0Rm6sK5DGkr1OKUVKgnMvmTzgpL +S7A01TCyUf8laHtea9TA+uUUvNdtphlueSf362219DZ3CeDwPw9mtVV8D1UpqLrJ +rGFOq413WRt72J0Fjz9+IOBe6e2XNFaxUGya+a6rmnXaZDaB20DdB9rsvOKlNyE2 +aALvWsOQ+LHpPOnkO2tgdUEp0pu72Hf92mpEjiW/CjxSdGRkSWFCB7RUHr6kJYKU +dd6vpVqmhzFp7vXT/FkceVnIPjKLRm4n7gmynpFXv7m1AIbY+VI7wGcZba9uRQSf +wJcIFNBxYJR3CXYDd2HT/bDUksijuOCaItZwWEAK+fZ49g+aO8zmK+pIf2/Hgs0g +tVNHGImvDh8GcJhKcJCDjskIZ4p9OqBuMzZuzuS51BkX6zwwlPHiA96liTeVXiRQ +NYv7nHS0owl9SJzVcffqJXxvWJbZ4wIDAQABAoICAGp9RbCJaPkrxItswMZmPV4w +Z8BidbB7WOC+gMhrCZ5LnASzztR+pNEinNzhnCTNmzoXX7hqSFT4aphLl7DCApbo +70sno8VlzIb5BIWdYozJt2MkeniK6YXxFNC4ouclFILbL19waktRkzoF06hX6ukQ +W18f13TxHKsxO8SkQvbIZ17q5HaXIgxN2iYsOs5cL/aBxJlQbTlEP/nZ0UJV+Vc0 +a4Up74rBFSlXp3mJAOVNKIwtbOpoOLSMPCYUbwcKKGQxNgI+DSkINNSyyIxNIemi +5yIx/02Y50BBUGeNwrRBnawYjgEOw/wQdaY1GzHGa3wnChKhy09BNQiIxzwyBiSg +8KltUZl8C6TMntn8O/KUabU+9fHQ7YnFBSR3/1i1waEUZsCg2M5ZWToq4yaC9fUQ +1ccX/uxE0XcJPo4Icvwj+lLwjf4edMepmPG50hSZ4GguQr5i/KB6+IxSb3mzubm/ +pLbt/45k3je9UhkeWpwFWC9ZcFIlVgmjPhyphGRKAFLhDM1t8cyr9VIPpo2uNpMy +uCOtHPoZFo067kgq0TNByyVALE/MlBfnAccSsZL3XIM/Vaw2FBHujYAXIi5TbX2m +1tw9Jt2JjbSot1/QkrNDn52nY1w15R6TAL/SkSgFnDVJQAECKYYFyM8oPAQvZ6yA +N0+K4AcMGYbkBIt5me6BAoIBAQDVICHC+3l9DNio/Ix7SIwau77osOfVeSuTJ0Yu +GWDN8DM1Jd16MsgiiWbPH/bifpVaZUP6+2Dk0/ToGSdc+A+1YdbNmCzltO1Djriv +ZBBEsCYJOW7W5v17MRPkFkUZOmqO+D2nrSehqMs+3MzwMjBp0KRxjhwxCoJHiZng +OSFPMwLvG/bmFG6et+4Us7GXZ8u26SQPdTfUH1mn7YrDIUOrYSwuP9GMtKMNMNyL +Eik4tqoRo7jlFBctdubzIv+33ywOKyp/X73x0IzGR6CnnrjUinMCDqeSZz71f9Jo +lxC39SUyEeIhQCBRne/8IqB37Njuk9WS/oY/zPTrLPfSlOKjAoIBAQDA9umXadgH +9hlWI128q9/Kt4jnIMkrXdsLjN5fBcWYcQ0RrzO3MMddWQa2MgaYGXhvPZcEGsQp +DDpHFnEMnj3fINYtpNN1TEEJEYjOPIU8LZ4XRXxNZ7QCSR11eyY2qRFTydrglmoU +4RgZx0Hu0SJGELslUZebwSSgIvQu2L2zy1bEslURUwJBcdkPFt/H/f9HRogdvSyx +APLDTPp54Fidtxww9OGgMSe7+EVQYVsDwv7lLqIPhEi6jfYtKhy9YNPz7yZ94wXZ +OeVoqMQSecvARQiOi0e7k+k3jF4LxqgkGZbYANSTooeG4K7c9vB5mwcqMUncJd4H +wQwMG8RCJN/BAoIBADC0fCK0F4p1YhoURQJzjNkbKMDClOibHVMuuYIVeKL3jqxJ +r/iaHFSQM/eHpYMTTIxw8f0sb3M74Q8dmHpNkkFwT4eCjFgeZc53kks6weEApGCd +SHBCL5F0oMgSMs5WJD3yCx0DnDf8fB4slYUa4yd7b+kngdfPQACbOJgeVjdkP/pm +2KCx8KnC/NysSByCsvJlC0GhFxYZ6AJRbdG0C2Ph/BfBq+DM8yozjWMWzmbQj8Mi +OEHZuoZAUv0jdW8OyGGgicC8H4tgjptNiTBlPHYOAcRplvAFOkUeZfZS95YiptJv +dc8FeZ1NS6fCPgvKC7VSAY/rLMDt1Nbd2vC756MCggEABDRdGqN/xYyjOLFElZvZ +IH2nSgH44C0HXNUQ81kY2R19f2kl41P4xBvwfX/RjPbhHOtmovxCUfKmQm5GwFOi +XX5FrHDu+ptSv3PWW0gOTyVfUHp/HuCnl3UoYyrvxjkg24aGcmZUoWfWMpmY4i9E +Y+pxaXrBpu8qcSLR10N5vrUritWn7Ny2K97jL+T7s0vhiBgNVziMBL9UitTekFFH +HQikYJy1Xdw0VXAvcnTsmsRg8XV2qofjXc1CE/Ha9nVpqOMJH60Wr4kHaqRiwVRO +ED5w1UpLodazOjagxfjqKP81vjcmaqEb+uBibwYib0PlgBHa3iUlFV4reQgR2q8b +AQKCAQBjpj1Uy7wpeb1L3zkViE9VI00y3Kw7Ze5JXn+HNBlDy3FVDUJjNth9EQGJ +ZjSyqt96x0zi1Pz0DxSPqXsdLsUt+cX1uB6IPdJOVqaYDXeKqr/oit/iCwekysfd +R4HUWhx0EqCB9ufzNzP+P3MEGVA1d18c66OcG9OXKTheUkVByBQ/mdSTiZ2SVAhP +ZTPc53CjPYW4PZConIvwpmiTAnLo+wgMPYB9LD+J/fsddH8DTftxCnEPXgEQZKbx +u0z11D9B10Fac0iarN9QqApQ+OuIse2pEfnU8KF78NM8NDAP0/LxOdb8+sKj/8ER +YnR5Iq/jROkc0TOAMA+9oEs7hqSQ +-----END PRIVATE KEY----- diff --git a/cdt/src/main/resources/nginx.conf b/cdt/src/main/resources/nginx.conf new file mode 100644 index 0000000..61b5da8 --- /dev/null +++ b/cdt/src/main/resources/nginx.conf @@ -0,0 +1,27 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + server { + listen 18080 ssl; + server_name cdt; + ssl_certificate /opt/cert/cdt-cert.pem; + ssl_certificate_key /opt/cert/cdt-key.pem; + location / { + root /opt/cdt; + } + } +} \ No newline at end of file diff --git a/cdt/src/main/scripts/startCdt.sh b/cdt/src/main/scripts/startCdt.sh index 1f7f38d..d371799 100644 --- a/cdt/src/main/scripts/startCdt.sh +++ b/cdt/src/main/scripts/startCdt.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh ### # ============LICENSE_START======================================================= @@ -22,6 +22,6 @@ CDT_PORT=${CDT_PORT:-30232} echo "Setting CDT port to $CDT_PORT" -sed -i -e "s/30290/$CDT_PORT/" /usr/local/apache2/htdocs/main.bundle.js +sed -i -e "s/30290/$CDT_PORT/" /opt/cdt/main.bundle.js -exec /usr/local/bin/httpd-foreground \ No newline at end of file +exec /usr/sbin/nginx -g 'daemon off;' -- 2.16.6