Updated the GUI to HTTPS

author GuangrongFu <fu.guangrong@zte.com.cn>

Mon, 5 Nov 2018 09:05:02 +0000 (17:05 +0800)

committer GuangrongFu <fu.guangrong@zte.com.cn>

Mon, 5 Nov 2018 09:05:02 +0000 (17:05 +0800)
author GuangrongFu <fu.guangrong@zte.com.cn>
Mon, 5 Nov 2018 09:05:02 +0000 (17:05 +0800)
committer GuangrongFu <fu.guangrong@zte.com.cn>
Mon, 5 Nov 2018 09:05:02 +0000 (17:05 +0800)
diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile

index fb45a5b..080d7ca 100644 (file)
--- a/rulemgt-standalone/src/main/assembly/Dockerfile
+++ b/rulemgt-standalone/src/main/assembly/Dockerfile
@@ -2,7 +2,7 @@ FROM openresty/openresty:alpine
  
  MAINTAINER "Guangrong Fu" <fu.guangrong@zte.com.cn>
  
-EXPOSE 9101 9104 9201
+EXPOSE 9101 9104 9105 9201
  
  ENV HOSTNAME holmes-rule-mgmt
  
@@ -37,8 +37,13 @@ RUN apk upgrade \
  
  #add the frontend pacakge to the docker images
  RUN rm /etc/nginx/conf.d/default.conf
+RUN mkdir -p /etc/ssl/certs/
+RUN mkdir /etc/ssl/private
  ADD holmes-rulemgt-frontend-*.tar.gz /usr/local/openresty/nginx/html
  ADD nginx.conf /usr/local/openresty/nginx/conf
+ADD holmes-frontend.key /etc/ssl/private
+ADD holmes-frontend-selfsigned.crt /etc/ssl/certs
+ADD dhparam.pem /etc/ssl/certs
  
  #add the backend package to the docker image
  RUN mkdir /home/holmes
diff --git a/rulemgt-standalone/src/main/assembly/dhparam.pem b/rulemgt-standalone/src/main/assembly/dhparam.pem

new file mode 100644 (file)

index 0000000..ecc68c8
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAzmfJw2tg+s07Ybn4qP4F4ZfqqlkEZniXXJie5zV2HOvgxmKWyYtT
+wp3BKBjlHdHl/XBf3lpMVq7k9alifP3FvgQLHd0rQPCDxhdtIHpjrcPJvtyyJH+f
+HNTebhZfeUFXiXwhqnnkCxuEqg3rwyICYecVLGrgNIlmtxqjlBGWUyv9SLqU7EXw
+RppBP4JUPSY5B3aRAOIzlKvhtpNcQNFTselxtE7shSnP1dyLOeM6bc+Sg9lEYgXY
+pIHMqi7U7wqE/nDFXEp5zeu5/f8I4MEZ3cKX2cr2p9cCielQmRq4B5+pSfeV6QPK
+YDKWtOb0QOzIAIZZEwkGUqAS4Cy+ES0gswIBAg==
+-----END DH PARAMETERS-----
diff --git a/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt b/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt

new file mode 100644 (file)

index 0000000..a4eb017
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5TCCAs2gAwIBAgIJALcg4t8oEk0mMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
+VQQGEwJDTjEQMA4GA1UECAwHU2ljaHVhbjEQMA4GA1UEBwwHQ2hlbmdkdTENMAsG
+A1UECgwET05BUDENMAsGA1UECwwET05BUDEPMA0GA1UEAwwGSE9MTUVTMSYwJAYJ
+KoZIhvcNAQkBFhdmdS5ndWFuZ3JvbmdAenRlLmNvbS5jbjAeFw0xODExMDUwNjI2
+MjlaFw0xOTExMDUwNjI2MjlaMIGIMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHU2lj
+aHVhbjEQMA4GA1UEBwwHQ2hlbmdkdTENMAsGA1UECgwET05BUDENMAsGA1UECwwE
+T05BUDEPMA0GA1UEAwwGSE9MTUVTMSYwJAYJKoZIhvcNAQkBFhdmdS5ndWFuZ3Jv
+bmdAenRlLmNvbS5jbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMe3
+q6rZkRPUk5CuCbz6+ncvl5YW10Ghx/g9NSMVlYQ+rPLBod8E5z2rjPLzOplvZ6mA
+Au/7lgF+isDXqvaNVLDJJtdX2qW5Cbx4zTRm6oLOXZB106YV/KEDvRGJkw25gNDy
+o7i9OScP/77FQ2YWqINW6gk1d7ZrueIV2BcXehHRtG2rQ07C71hvPQNTWULsBNjh
+3FIGu0N0FcJoazXob8xKgeCYPl0bV0E4X8UHtVEd7PTHzr0oQ4L3P2xmOH0JqWYX
+T+SpExwBi2GtyKomaHmkU1j2eK9O3zyf4Mj9LyDWncowyFaMAD8Fl7ZA7S3grGX9
+/Bc5cq3bua9/frRvIVkCAwEAAaNQME4wHQYDVR0OBBYEFADgWM5ts9EaR+1idclt
+nXVSH9STMB8GA1UdIwQYMBaAFADgWM5ts9EaR+1idcltnXVSH9STMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBADk+4d69VB4f9xy8B9MOwF6L5f28ucco
+po4l96NLfPhYBD1f3TlmHDM3KlIFHrY9kUvLminW93nNgcRQnT/r+RQJZMbV5r4b
+q6yYXaxhhtqbu8fz18V2mnhNrakFP+wyDCy66ZJ2QlfKAju9WKNevz6L8lVmYKvd
+sA6p03/FRgyZ+74kkxupjxjEY4oVg1JYXgN54aZmRB8svQUaeWfsSVzZ/RcMb7d1
+gj43EbqjzEc25g2fegorkecIGr7DjYEp1nZcTrS8uTDouXjz8G1Y4hQZ9kux14P7
+tVVpDJCf0lPubwfpgE3wlHPIQHIf4aHNqnazDmmYIpu3yvQIimqKhzI=
+-----END CERTIFICATE-----
diff --git a/rulemgt-standalone/src/main/assembly/holmes-frontend.key b/rulemgt-standalone/src/main/assembly/holmes-frontend.key

new file mode 100644 (file)

index 0000000..8f5f65d
--- /dev/null
+++ b/rulemgt-standalone/src/main/assembly/holmes-frontend.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHt6uq2ZET1JOQ
+rgm8+vp3L5eWFtdBocf4PTUjFZWEPqzywaHfBOc9q4zy8zqZb2epgALv+5YBforA
+16r2jVSwySbXV9qluQm8eM00ZuqCzl2QddOmFfyhA70RiZMNuYDQ8qO4vTknD/++
+xUNmFqiDVuoJNXe2a7niFdgXF3oR0bRtq0NOwu9Ybz0DU1lC7ATY4dxSBrtDdBXC
+aGs16G/MSoHgmD5dG1dBOF/FB7VRHez0x869KEOC9z9sZjh9CalmF0/kqRMcAYth
+rciqJmh5pFNY9nivTt88n+DI/S8g1p3KMMhWjAA/BZe2QO0t4Kxl/fwXOXKt27mv
+f360byFZAgMBAAECggEAcpgs5CdaWyqKUWXLKKhJtsGUFQaeFIajmwhjyPHFjM/5
+pID+RF0n4fbhNTXi1c9ah6NwDAsrk0fsjaIx8q49fgKtSrqaNqTptT8LX5n9zXhj
+r1QsUQwknK7seXea7TEXfMz8rC/G72b6s5e0iItPvazNNON9ASrmyZcHGpjZ7gaE
+vr1kY8BrdVBnZtPk7iwTpkHZHWm6dnlBo6z+7On2OTbRPzVm8ShfhoYsd3kifurk
+LVaCfDknc5qSHle8EFv6yBODxqzhei0nTD2WU7IeJYz9MBBQUPprUSihSnVUddKw
+x55ZuHmQT1leluwzyASGw8Mz3QPHUJJSNMk7y0ISQQKBgQD6+ppCaRiMoMk7f42/
+qoMvv+qbGidn1wZUWmTUbqjLjjD2lFXPK9fA1A2lHX4LdAOLgjOQBQ+d11kntPm3
+H3yS3JspCbKtXqx+oVO+lfBabAYwwu3giJt692oUN7xD//wiTcaOAxRC2W9zP6CW
+YFGeUA+M56nWWZXcVxBgMgdNBQKBgQDLtofYnU6RTE3hjPQcx+vGS40VtTmnBZQf
+l62FVl6U/63NDBy0Xo3XoBPcoLEbqYuIQBn6dZKzCSSMXlaRYG/04QR4zmCSFAum
+3sNMKQNBmqBga7u+1nyE13gQIlLDIa0Y+agraU/eOzsKgpbKLglit9WaILjx/vlM
+iUphYsATRQKBgQDbbk1+sMpQ8abfCUeSgu9NyTrCPtyjEkGrcJjljpav2fL/M3PO
+vSNWqVAAw8dXFiifScfxLCuaMhT1/Wmy7KmK8awK9jqtD7A6yqwgXpGVTQsgiN1X
+ybg+i6DIam6E+YOlLmDh+tk1FUw29DNgJnhVtOPTqxw3l33J9qkPoc32TQKBgDEs
+oqY7ctfIH5Suvc6kw9leK3RuBri2tAbcSlrBeptlDMNOhS9VE9BVJ/Y+JAKVbsU5
+FAxNjVgCgPwRWbxGF0B5gObYip84j4d8hpA/5jVT6hrcZrmudOhsSuM6JdhMrMg2
+m82+4jS2/42N8HBlpIZb8gf+liZ0ciFzkqzndY4xAoGAOkgLc3+fSpm/MZeYWpA9
+HgGGl5XSR5dbr+/Gu3IDxB46MHkeXydZOh4ygXUTnWIEmU9TUVQyBjfcSnUZyOSW
+q2ne9D/6EvPgrbaeDZtMAPaiZ4tWiLqaTZM+axUNYS4zSTLzX7XM5L4+kj4pkkLl
+apeR9l7WuCkEQGGcXCWzr8o=
+-----END PRIVATE KEY-----
diff --git a/rulemgt-standalone/src/main/assembly/nginx.conf b/rulemgt-standalone/src/main/assembly/nginx.conf

index 3714419..a41168a 100644 (file)
--- a/rulemgt-standalone/src/main/assembly/nginx.conf
+++ b/rulemgt-standalone/src/main/assembly/nginx.conf
@@ -27,9 +27,18 @@ http {
  
      keepalive_timeout  65;
  
+    ssl_session_cache   shared:SSL:10m;
+    ssl_session_timeout 10m;
+
      server {
          listen       9104;
          server_name  localhost;
+        return 302 https://$server_name$request_uri;
+        }
+
+    server {
+        listen       9105 ssl;
+        server_name  localhost;
  
          location / {
              root   /usr/local/openresty/nginx/html;
@@ -39,5 +48,9 @@ http {
              add_header Cache-Control no-cache;
              root html;
          }
+
+        ssl_certificate /etc/ssl/certs/holmes-frontend-selfsigned.crt;
+        ssl_certificate_key /etc/ssl/private/holmes-frontend.key;
+        ssl_dhparam /etc/ssl/certs/dhparam.pem;
      }
  }
author	GuangrongFu <fu.guangrong@zte.com.cn>
	Mon, 5 Nov 2018 09:05:02 +0000 (17:05 +0800)
committer	GuangrongFu <fu.guangrong@zte.com.cn>
	Mon, 5 Nov 2018 09:05:02 +0000 (17:05 +0800)
rulemgt-standalone/src/main/assembly/Dockerfile		patch \| blob \| history
rulemgt-standalone/src/main/assembly/dhparam.pem	[new file with mode: 0644]	patch \| blob
rulemgt-standalone/src/main/assembly/holmes-frontend-selfsigned.crt	[new file with mode: 0644]	patch \| blob
rulemgt-standalone/src/main/assembly/holmes-frontend.key	[new file with mode: 0644]	patch \| blob
rulemgt-standalone/src/main/assembly/nginx.conf		patch \| blob \| history