From: tangpeng Date: Sat, 30 Mar 2019 07:54:52 +0000 (+0000) Subject: Modified HTTP/S Related Funcs X-Git-Tag: 1.2.6~11^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=holmes%2Frule-management.git;a=commitdiff_plain;h=dd6a7fa137605db8e2eec437167c438af0ea2447 Modified HTTP/S Related Funcs Change-Id: I554a7a93c49ef29f586e4b494d832c552987993e Issue-ID: HOLMES-203 Signed-off-by: tangpeng --- diff --git a/rulemgt-standalone/src/main/assembly/Dockerfile b/rulemgt-standalone/src/main/assembly/Dockerfile index 434b620..35d3a3b 100644 --- a/rulemgt-standalone/src/main/assembly/Dockerfile +++ b/rulemgt-standalone/src/main/assembly/Dockerfile @@ -2,7 +2,7 @@ FROM openresty/openresty:alpine MAINTAINER "Guangrong Fu" -EXPOSE 9101 9104 9105 9201 +EXPOSE 9101 9104 9201 ENV HOSTNAME holmes-rule-mgmt @@ -37,13 +37,13 @@ RUN apk upgrade \ && apk add --no-cache nss - #add the frontend pacakge to the docker images RUN rm /etc/nginx/conf.d/default.conf RUN mkdir -p /etc/ssl/certs/ RUN mkdir /etc/ssl/private ADD holmes-rulemgt-frontend-*.tar.gz /usr/local/openresty/nginx/html/ -ADD nginx.conf /usr/local/openresty/nginx/conf +ADD nginx-https.conf /usr/local/openresty/nginx/conf +ADD nginx-http.conf /usr/local/openresty/nginx/conf ADD holmes-frontend.key /etc/ssl/private ADD holmes-frontend-selfsigned.crt /etc/ssl/certs ADD dhparam.pem /etc/ssl/certs diff --git a/rulemgt-standalone/src/main/assembly/bin/run.sh b/rulemgt-standalone/src/main/assembly/bin/run.sh index daa803c..d500e5e 100644 --- a/rulemgt-standalone/src/main/assembly/bin/run.sh +++ b/rulemgt-standalone/src/main/assembly/bin/run.sh @@ -70,13 +70,31 @@ if [ ! -z ${URL_JDBC} ] && [ `expr index $URL_JDBC :` != 0 ]; then fi echo DB_PORT=$DB_PORT +if [ -z ${ENABLE_ENCRYPT} ]; then + export ENABLE_ENCRYPT=true +fi +echo ENABLE_ENCRYPT=$ENABLE_ENCRYPT + KEY_PATH="$main_path/conf/holmes.keystore" KEY_PASSWORD="holmes" - #HTTPS Configurations sed -i "s|keyStorePath:.*|keyStorePath: $KEY_PATH|" "$main_path/conf/rulemgt.yml" sed -i "s|keyStorePassword:.*|keyStorePassword: $KEY_PASSWORD|" "$main_path/conf/rulemgt.yml" +if [ ${ENABLE_ENCRYPT} == true ]; then + sed -i "s|type:\s*https\?$|type: https|" "$main_path/conf/rulemgt.yml" + sed -i "s|#\?keyStorePath|keyStorePath|" "$main_path/conf/rulemgt.yml" + sed -i "s|#\?keyStorePassword|keyStorePassword|" "$main_path/conf/rulemgt.yml" + sed -i "s|#\?validateCerts|validateCerts|" "$main_path/conf/rulemgt.yml" + sed -i "s|#\?validatePeers|validatePeers|" "$main_path/conf/rulemgt.yml" +else + sed -i 's|type:\s*https\?$|type: http|' "$main_path/conf/rulemgt.yml" + sed -i "s|#\?keyStorePath|#keyStorePath|" "$main_path/conf/rulemgt.yml" + sed -i "s|#\?keyStorePassword|#keyStorePassword|" "$main_path/conf/rulemgt.yml" + sed -i "s|#\?validateCerts|#validateCerts|" "$main_path/conf/rulemgt.yml" + sed -i "s|#\?validatePeers|#validatePeers|" "$main_path/conf/rulemgt.yml" +fi + ./bin/initDB.sh $JDBC_USERNAME $JDBC_PASSWORD $DB_NAME $DB_PORT "${URL_JDBC%:*}" @@ -88,7 +106,11 @@ sed -i "s|keyStorePassword:.*|keyStorePassword: $KEY_PASSWORD|" "$main_path/conf #echo Registered UI to MSB. -nginx -c /usr/local/openresty/nginx/conf/nginx.conf +if [ ${ENABLE_ENCRYPT} == true ]; then + nginx -c /usr/local/openresty/nginx/conf/nginx-https.conf +else + nginx -c /usr/local/openresty/nginx/conf/nginx-http.conf +fi echo nginx started. "$JAVA" $JAVA_OPTS -classpath "$class_path" org.onap.holmes.rulemgt.RuleActiveApp server "$main_path/conf/rulemgt.yml" diff --git a/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml b/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml index 0f2504b..26a94e8 100644 --- a/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml +++ b/rulemgt-standalone/src/main/assembly/conf/rulemgt.yml @@ -15,7 +15,7 @@ server: connector: type: https port: 9101 - keyStorePath: E:\Codes\ONAP\holmes\rule-management\rulemgt-standalone\src\main\assembly\conf\holmes.keystore + keyStorePath: /home/holmes/conf/holmes.keystore keyStorePassword: holmes validateCerts: false validatePeers: false diff --git a/rulemgt-standalone/src/main/assembly/nginx-http.conf b/rulemgt-standalone/src/main/assembly/nginx-http.conf new file mode 100644 index 0000000..717d5cf --- /dev/null +++ b/rulemgt-standalone/src/main/assembly/nginx-http.conf @@ -0,0 +1,57 @@ +#user nobody; +worker_processes 1; + +error_log logs/error.log; +error_log logs/error.log notice; +error_log logs/error.log info; + +pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + + keepalive_timeout 65; + + server { + listen 9104; + server_name _; + + location / { + root /usr/local/openresty/nginx/html; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_redirect off; + + if ($uri ~ "/api/holmes-rule-mgmt/(.*)") { + proxy_pass http://$host:9101$request_uri; + break; + } + + if ($uri ~ "/api/holmes-engine-mgmt/(.*)") { + proxy_pass http://$host:9102$request_uri; + break; + } + } + + location ~*.(htm|html){ + add_header Cache-Control no-cache; + root html; + } + } +} diff --git a/rulemgt-standalone/src/main/assembly/nginx.conf b/rulemgt-standalone/src/main/assembly/nginx-https.conf similarity index 100% rename from rulemgt-standalone/src/main/assembly/nginx.conf rename to rulemgt-standalone/src/main/assembly/nginx-https.conf