summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
c25e4d4)
Enabled https connector in server.xml and modified the docker-install.sh
to fix the default variable name for policy truststore
Change-Id: I6db6a6d2353130c91c1f344ea7927d187150adca
Issue-ID: POLICY-781
Signed-off-by: Michael Mokry <mm117s@att.com>
<!-- Use http instead of https
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
<!-- Use http instead of https
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
- passed in to the tomcat JVM:
+ passed in to the tomcat JVM: -->
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
+
+
+ <!-- Use http instead of https
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
+ <!-- Use http instead of https -->
+<!-- <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" />
connectionTimeout="20000"
redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
OpenSSL style configuration is required as described in the APR/native
documentation -->
OpenSSL style configuration is required as described in the APR/native
documentation -->
+ <!--Use https instead of http
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
- passed in to the tomcat JVM:
+ passed in to the tomcat JVM: -->
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS"
+ clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
+ <!-- Use http instead of https
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" /> -->
+
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
-->
<!-- ONAP portal currently using http instead of https
-->
<!-- ONAP portal currently using http instead of https
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
Setting the keystore and truststore in the connector, overrides the javax.net.ssl system properties
- passed in to the tomcat JVM:
-
+ passed in to the tomcat JVM: -->
+
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"
- truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}"/>
- -->
- <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" />
-
-
+ truststoreFile="${{POLICY_HOME}}/etc/ssl/policy-truststore" truststorePass="${{TRUSTSTORE_PASSWD}}" />
+
+<!--<Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" /> -->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
- local DEFAULT_KEYSTORE_PASSWORD="Pol1cy_0nap"
local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap'
if [[ -n ${TRUSTSTORE_PASSWD} ]]; then
local DEFAULT_KEYSTORE_PASSWORD='Pol1cy_0nap'
if [[ -n ${TRUSTSTORE_PASSWD} ]]; then
- keytool -storepasswd -storepass "${DEFAULT_TRUSTSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
+ keytool -storepasswd -storepass "${DEFAULT_KEYSTORE_PASSWORD}" -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -new "${TRUSTSTORE_PASSWD}"
keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -storepass "${TRUSTSTORE_PASSWD}"
fi
keytool -list -keystore "${POLICY_HOME}/etc/ssl/policy-truststore" -storepass "${TRUSTSTORE_PASSWD}"
fi