Add new HTTPS listener on port 8443
Changes made:
expose port 8443 from container
added new listener to listen on that port
added cert when starting up
Change-Id: I5106192d55d51fd340f28b9eace0c5ea83afcd99
Issue-ID: SDNC-528
Signed-off-by: Rotundo, Alfred (ar3165) <ar3165@att.com>
Former-commit-id: 77710f34952c5ac8d6f8250d90b03b43de1a4a5b
diff --git a/admportal/config/admportal.json b/admportal/config/admportal.json
index 830b762..38fd043 100644
--- a/admportal/config/admportal.json
+++ b/admportal/config/admportal.json
@@ -25,7 +25,7 @@
"docker0": "172.17.0.1",
"virbr0": "192.168.122.1"
},
- "svclogicPropertiesDb01": "/opt/openecomp/sdnc/data/properties/svclogic.properties.sdnctldb01",
+ "svclogicPropertiesDb01": "/opt/onap/sdnc/data/properties/svclogic.properties.sdnctldb01",
"databases": [
"dbhost|sdnctldb01"
],
@@ -45,8 +45,8 @@
"odlConexusPort": "8181",
"odlUser": "admin",
"odlPasswd": "admin",
- "ConexusNetwork_sslCert": "",
- "ConexusNetwork_sslKey": "",
+ "ConexusNetwork_sslCert": "/opt/onap/sdnc/data/stores/org.onap.sdnc.p12",
+ "ConexusNetwork_sslKey": "?w5&!M;8v1XF;:Xd;g*%S$IY",
"AppNetwork_sslCert": "",
"AppNetwork_sslKey": "",
"hostnameList": [
diff --git a/admportal/shell/www b/admportal/shell/www
index 29710db..5c639e8 100755
--- a/admportal/shell/www
+++ b/admportal/shell/www
@@ -1,14 +1,42 @@
#!/usr/bin/env node
var debug = require('debug')('admportal');
var app = require('../server/app');
+var constants = require('constants');
var properties = require(process.env.SDNC_CONFIG_DIR + '/admportal.json');
-var out_file = "/opt/openecomp/sdnc/admportal/logs/http_admportal.log";
-var error_file = "/opt/openecomp/sdnc/admportal/logs/error_http_admportal.log";
-var cwd = "/opt/openecomp/sdnc/admportal";
+var out_file = "/opt/onap/sdnc/admportal/logs/http_admportal.log";
+var error_file = "/opt/onap/sdnc/admportal/logs/error_http_admportal.log";
+var cwd = "/opt/onap/sdnc/admportal";
-app.set('port', properties.nonSslPort || 8181 );
+var fs = require('fs.extra');
+var https = require('https');
+var http_port = properties.nonSslPort;
+var https_port = properties.ConexusNetworkPort;
+var cert_pswd = process.env.CERT_PSWD;
-var server = app.listen(app.get('port'), function() {
- console.log('Express server listening on port ' + server.address().port);
- debug('Express server listening on port ' + server.address().port);
-});
+if (typeof http_port != 'undefined' && http_port.length > 0)
+{
+ app.set('port', http_port );
+ var server = app.listen(app.get('port'), function()
+ {
+ console.log('Express server listening on port ' + server.address().port);
+ debug('Express server listening on port ' + server.address().port);
+ });
+}
+
+if (typeof https_port != 'undefined' && https_port.length > 0)
+{
+ var sslOptions = {
+ pfx: fs.readFileSync(properties.ConexusNetwork_sslCert),
+ passphrase: properties.ConexusNetwork_sslKey,
+ secureOptions: constants.SSL_OP_NO_TLSv1|constants.SSL_OP_NO_SSLv2|constants.SSL_OP_NO_SSLv3,
+ ciphers: [ "AES128-GCM-SHA256","!RC4","HIGH","!MD5","!aNULL","!EDH","!3DES" ].join(':'),
+ honorCipherOrder: true,
+ requestCert: true,
+ rejectUnauthorized: false
+ };
+ app.set('port', https_port);
+ var secureServer = https.createServer(sslOptions,app).listen(app.get('port'), function(){
+ console.log('Express server (https) listening on port ' + secureServer.address().port);
+ debug('Express server (https) listening on port ' + secureServer.address().port);
+ });
+}
diff --git a/installation/admportal/pom.xml b/installation/admportal/pom.xml
index a7b4967..180cb92 100644
--- a/installation/admportal/pom.xml
+++ b/installation/admportal/pom.xml
@@ -69,7 +69,7 @@
<executions>
<execution>
<id>generate-images</id>
- <phase>generate-sources</phase>
+ <phase>process-sources</phase>
<goals>
<goal>build</goal>
</goals>
@@ -129,6 +129,25 @@
</resources>
</configuration>
</execution>
+ <execution>
+ <id>copy-keystores</id>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals><!-- here the phase you need -->
+ <phase>validate</phase>
+ <configuration>
+ <outputDirectory>${basedir}/target/docker-stage/opt/onap/sdnc/data/stores</outputDirectory>
+ <resources>
+ <resource>
+ <directory>../src/main/stores</directory>
+ <includes>
+ <include>*.p12</include>
+ </includes>
+ <filtering>false</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
</executions>
</plugin>
<plugin>
diff --git a/installation/admportal/src/main/docker/Dockerfile b/installation/admportal/src/main/docker/Dockerfile
index abaa056..21cd7a3 100644
--- a/installation/admportal/src/main/docker/Dockerfile
+++ b/installation/admportal/src/main/docker/Dockerfile
@@ -9,4 +9,4 @@
COPY opt /opt
#ENTRYPOINT exec /opt/openecomp/sdnc/admportal/shell/startssl.sh
-EXPOSE 8843
+EXPOSE 8843 8443
diff --git a/installation/src/main/properties/admportal.json b/installation/src/main/properties/admportal.json
index 8d567d0..38fd043 100755
--- a/installation/src/main/properties/admportal.json
+++ b/installation/src/main/properties/admportal.json
@@ -45,8 +45,8 @@
"odlConexusPort": "8181",
"odlUser": "admin",
"odlPasswd": "admin",
- "ConexusNetwork_sslCert": "",
- "ConexusNetwork_sslKey": "",
+ "ConexusNetwork_sslCert": "/opt/onap/sdnc/data/stores/org.onap.sdnc.p12",
+ "ConexusNetwork_sslKey": "?w5&!M;8v1XF;:Xd;g*%S$IY",
"AppNetwork_sslCert": "",
"AppNetwork_sslKey": "",
"hostnameList": [
diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml
index 12ca37b..4e0de9b 100644
--- a/installation/src/main/yaml/docker-compose.yml
+++ b/installation/src/main/yaml/docker-compose.yml
@@ -81,6 +81,7 @@
- "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"
ports:
- "8843:8843"
+ - "8443:8443"
links:
- db:dbhost
- db:sdnctldb01
@@ -89,6 +90,7 @@
environment:
- MYSQL_ROOT_PASSWORD=openECOMP1.0
- SDNC_CONFIG_DIR=/opt/onap/sdnc/data/properties
+ - CERT_PSWD=onap3.0
logging:
driver: "json-file"
options: