Cherry picked "abdfdbc4761fb03031a328379aec93546fd44fd8": Gatekeeper port (default 2009) is now also used inside the docker network

2026-01-02 12:35:24 +01:00 · 2019-06-25 22:01:06 +02:00
parent 138dea305e
commit c8db12b681
6 changed files with 91 additions and 7 deletions
--- a/cyphernodeconf_docker/prompters/010_gatekeeper.js
+++ b/cyphernodeconf_docker/prompters/010_gatekeeper.js
@@ -90,6 +90,6 @@ module.exports = {
    }];
  },
  templates: function( props ) {
-    return [ 'keys.properties', 'api.properties', 'cert.pem', 'key.pem' ];
+    return [ 'keys.properties', 'api.properties', 'cert.pem', 'key.pem', 'default.conf' ];
  }
 };
--- a/cyphernodeconf_docker/templates/gatekeeper/default.conf
+++ b/cyphernodeconf_docker/templates/gatekeeper/default.conf
@@ -0,0 +1,41 @@
+server {
+  listen       <%= gatekeeper_port %> ssl;
+  server_name  localhost;
+
+  ssl_certificate /etc/ssl/certs/cert.pem;
+  ssl_certificate_key /etc/ssl/private/key.pem;
+
+  location /s/ {
+    auth_request /auth;
+    root /etc/nginx/conf.d;
+  }
+
+  location /v0/ {
+    auth_request /auth;
+    proxy_pass http://proxy:8888/;
+
+    # Up default 60 second timeout for 3 minutes (OTS stamping can take time)
+    proxy_connect_timeout       180;
+    proxy_send_timeout          180;
+    proxy_read_timeout          180;
+    send_timeout                180;
+
+  }
+
+  location /auth {
+    internal;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME /etc/nginx/conf.d/auth.sh;
+    fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+  }
+
+  #error_page  404              /404.html;
+
+  # redirect server error pages to the static page /50x.html
+  #
+  error_page   500 502 503 504  /50x.html;
+  location = /50x.html {
+      root   /usr/share/nginx/html;
+  }
+
+}
--- a/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml
+++ b/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml
@@ -8,13 +8,14 @@ services:
    image: cyphernode/gatekeeper:<%= gatekeeper_version %>
    <% if( gatekeeper_expose ) { %>
    ports:
-      - "<%= gatekeeper_port %>:443"
+      - "<%= gatekeeper_port %>:<%= gatekeeper_port %>"
    <% } %>
    volumes:
      - "<%= gatekeeper_datapath %>/certs:/etc/ssl/certs"
      - "<%= gatekeeper_datapath %>/private:/etc/ssl/private"
      - "<%= gatekeeper_datapath %>/keys.properties:/etc/nginx/conf.d/keys.properties"
      - "<%= gatekeeper_datapath %>/api.properties:/etc/nginx/conf.d/api.properties"
+      - "<%= gatekeeper_datapath %>/default.conf:/etc/nginx/conf.d/default.conf"
      - "<%= gatekeeper_datapath %>/htpasswd:/etc/nginx/conf.d/status/htpasswd"
      - "<%= gatekeeper_datapath %>/installation.json:/etc/nginx/conf.d/s/stats/installation.json"
      - "<%= gatekeeper_datapath %>/client.7z:/etc/nginx/conf.d/s/stats/client.7z"
--- a/cyphernodeconf_docker/templates/installer/testfeatures.sh
+++ b/cyphernodeconf_docker/templates/installer/testfeatures.sh
@@ -24,7 +24,7 @@ checkgatekeeper() {
  sleep 2

  echo "  Testing expired request... " > /dev/console
-  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/getblockinfo)
+  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/getblockinfo)
  [ "${rc}" -ne "403" ] && return 10

  # Let's test authentication (signature)
@@ -34,7 +34,7 @@ checkgatekeeper() {
  token="$h64.$p64.a$s"

  echo "  Testing bad signature... " > /dev/console
-  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/getblockinfo)
+  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/getblockinfo)
  [ "${rc}" -ne "403" ] && return 30

  # Let's test authorization (action access for groups)
@@ -42,7 +42,7 @@ checkgatekeeper() {
  token="$h64.$p64.$s"

  echo "  Testing watcher trying to do a spender action... " > /dev/console
-  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/getbalance)
+  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/getbalance)
  [ "${rc}" -ne "403" ] && return 40

  id="002"
@@ -52,7 +52,7 @@ checkgatekeeper() {
  token="$h64.$p64.$s"

  echo "  Testing spender trying to do an internal action call... " > /dev/console
-  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/conf)
+  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/conf)
  [ "${rc}" -ne "403" ] && return 50


@@ -63,7 +63,7 @@ checkgatekeeper() {
  token="$h64.$p64.$s"

  echo "  Testing admin trying to do an internal action call... " > /dev/console
-  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/conf)
+  rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/conf)
  [ "${rc}" -ne "403" ] && return 60

  echo -e "\e[1;36mGatekeeper rocks!" > /dev/console
--- a/dist/setup.sh
+++ b/dist/setup.sh
@@ -376,6 +376,7 @@ install_docker() {
    sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/private > /dev/null 2>&1
  fi

+  copy_file $cyphernodeconf_filepath/gatekeeper/default.conf $GATEKEEPER_DATAPATH/default.conf 1 $SUDO_REQUIRED
  copy_file $cyphernodeconf_filepath/gatekeeper/api.properties $GATEKEEPER_DATAPATH/api.properties 1 $SUDO_REQUIRED
  copy_file $cyphernodeconf_filepath/gatekeeper/keys.properties $GATEKEEPER_DATAPATH/keys.properties 1 $SUDO_REQUIRED
  copy_file $cyphernodeconf_filepath/config.7z $GATEKEEPER_DATAPATH/config.7z 1 $SUDO_REQUIRED
--- a/install/generator-cyphernode/generators/app/templates/gatekeeper/default.conf
+++ b/install/generator-cyphernode/generators/app/templates/gatekeeper/default.conf
@@ -0,0 +1,41 @@
+server {
+  listen       <%= gatekeeper_port %> ssl;
+  server_name  localhost;
+
+  ssl_certificate /etc/ssl/certs/cert.pem;
+  ssl_certificate_key /etc/ssl/private/key.pem;
+
+  location /s/ {
+    auth_request /auth;
+    root /etc/nginx/conf.d;
+  }
+
+  location /v0/ {
+    auth_request /auth;
+    proxy_pass http://proxy:8888/;
+
+    # Up default 60 second timeout for 3 minutes (OTS stamping can take time)
+    proxy_connect_timeout       180;
+    proxy_send_timeout          180;
+    proxy_read_timeout          180;
+    send_timeout                180;
+
+  }
+
+  location /auth {
+    internal;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME /etc/nginx/conf.d/auth.sh;
+    fastcgi_pass  unix:/var/run/fcgiwrap.socket;
+  }
+
+  #error_page  404              /404.html;
+
+  # redirect server error pages to the static page /50x.html
+  #
+  error_page   500 502 503 504  /50x.html;
+  location = /50x.html {
+      root   /usr/share/nginx/html;
+  }
+
+}