From c8db12b681c291da9117970c0a9165e0c75d2d81 Mon Sep 17 00:00:00 2001 From: SKP Date: Tue, 25 Jun 2019 22:01:06 +0200 Subject: [PATCH] Cherry picked "abdfdbc4761fb03031a328379aec93546fd44fd8": Gatekeeper port (default 2009) is now also used inside the docker network --- .../prompters/010_gatekeeper.js | 2 +- .../templates/gatekeeper/default.conf | 41 +++++++++++++++++++ .../installer/docker/docker-compose.yaml | 3 +- .../templates/installer/testfeatures.sh | 10 ++--- dist/setup.sh | 1 + .../app/templates/gatekeeper/default.conf | 41 +++++++++++++++++++ 6 files changed, 91 insertions(+), 7 deletions(-) create mode 100644 cyphernodeconf_docker/templates/gatekeeper/default.conf create mode 100644 install/generator-cyphernode/generators/app/templates/gatekeeper/default.conf diff --git a/cyphernodeconf_docker/prompters/010_gatekeeper.js b/cyphernodeconf_docker/prompters/010_gatekeeper.js index 74d0666..97d496b 100644 --- a/cyphernodeconf_docker/prompters/010_gatekeeper.js +++ b/cyphernodeconf_docker/prompters/010_gatekeeper.js @@ -90,6 +90,6 @@ module.exports = { }]; }, templates: function( props ) { - return [ 'keys.properties', 'api.properties', 'cert.pem', 'key.pem' ]; + return [ 'keys.properties', 'api.properties', 'cert.pem', 'key.pem', 'default.conf' ]; } }; diff --git a/cyphernodeconf_docker/templates/gatekeeper/default.conf b/cyphernodeconf_docker/templates/gatekeeper/default.conf new file mode 100644 index 0000000..b92d0d8 --- /dev/null +++ b/cyphernodeconf_docker/templates/gatekeeper/default.conf @@ -0,0 +1,41 @@ +server { + listen <%= gatekeeper_port %> ssl; + server_name localhost; + + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /etc/ssl/private/key.pem; + + location /s/ { + auth_request /auth; + root /etc/nginx/conf.d; + } + + location /v0/ { + auth_request /auth; + proxy_pass http://proxy:8888/; + + # Up default 60 second timeout for 3 minutes (OTS stamping can take time) + proxy_connect_timeout 180; + proxy_send_timeout 180; + proxy_read_timeout 180; + send_timeout 180; + + } + + location /auth { + internal; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /etc/nginx/conf.d/auth.sh; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} diff --git a/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml b/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml index 9aa92a7..d4701d3 100644 --- a/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml +++ b/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml @@ -8,13 +8,14 @@ services: image: cyphernode/gatekeeper:<%= gatekeeper_version %> <% if( gatekeeper_expose ) { %> ports: - - "<%= gatekeeper_port %>:443" + - "<%= gatekeeper_port %>:<%= gatekeeper_port %>" <% } %> volumes: - "<%= gatekeeper_datapath %>/certs:/etc/ssl/certs" - "<%= gatekeeper_datapath %>/private:/etc/ssl/private" - "<%= gatekeeper_datapath %>/keys.properties:/etc/nginx/conf.d/keys.properties" - "<%= gatekeeper_datapath %>/api.properties:/etc/nginx/conf.d/api.properties" + - "<%= gatekeeper_datapath %>/default.conf:/etc/nginx/conf.d/default.conf" - "<%= gatekeeper_datapath %>/htpasswd:/etc/nginx/conf.d/status/htpasswd" - "<%= gatekeeper_datapath %>/installation.json:/etc/nginx/conf.d/s/stats/installation.json" - "<%= gatekeeper_datapath %>/client.7z:/etc/nginx/conf.d/s/stats/client.7z" diff --git a/cyphernodeconf_docker/templates/installer/testfeatures.sh b/cyphernodeconf_docker/templates/installer/testfeatures.sh index 000485b..c9e75a9 100644 --- a/cyphernodeconf_docker/templates/installer/testfeatures.sh +++ b/cyphernodeconf_docker/templates/installer/testfeatures.sh @@ -24,7 +24,7 @@ checkgatekeeper() { sleep 2 echo " Testing expired request... " > /dev/console - rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/getblockinfo) + rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/getblockinfo) [ "${rc}" -ne "403" ] && return 10 # Let's test authentication (signature) @@ -34,7 +34,7 @@ checkgatekeeper() { token="$h64.$p64.a$s" echo " Testing bad signature... " > /dev/console - rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/getblockinfo) + rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/getblockinfo) [ "${rc}" -ne "403" ] && return 30 # Let's test authorization (action access for groups) @@ -42,7 +42,7 @@ checkgatekeeper() { token="$h64.$p64.$s" echo " Testing watcher trying to do a spender action... " > /dev/console - rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/getbalance) + rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/getbalance) [ "${rc}" -ne "403" ] && return 40 id="002" @@ -52,7 +52,7 @@ checkgatekeeper() { token="$h64.$p64.$s" echo " Testing spender trying to do an internal action call... " > /dev/console - rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/conf) + rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/conf) [ "${rc}" -ne "403" ] && return 50 @@ -63,7 +63,7 @@ checkgatekeeper() { token="$h64.$p64.$s" echo " Testing admin trying to do an internal action call... " > /dev/console - rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper/v0/conf) + rc=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $token" --cacert /gatekeeper/certs/cert.pem https://gatekeeper:<%= gatekeeper_port %>/v0/conf) [ "${rc}" -ne "403" ] && return 60 echo -e "\e[1;36mGatekeeper rocks!" > /dev/console diff --git a/dist/setup.sh b/dist/setup.sh index 71962f6..790084c 100755 --- a/dist/setup.sh +++ b/dist/setup.sh @@ -376,6 +376,7 @@ install_docker() { sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/private > /dev/null 2>&1 fi + copy_file $cyphernodeconf_filepath/gatekeeper/default.conf $GATEKEEPER_DATAPATH/default.conf 1 $SUDO_REQUIRED copy_file $cyphernodeconf_filepath/gatekeeper/api.properties $GATEKEEPER_DATAPATH/api.properties 1 $SUDO_REQUIRED copy_file $cyphernodeconf_filepath/gatekeeper/keys.properties $GATEKEEPER_DATAPATH/keys.properties 1 $SUDO_REQUIRED copy_file $cyphernodeconf_filepath/config.7z $GATEKEEPER_DATAPATH/config.7z 1 $SUDO_REQUIRED diff --git a/install/generator-cyphernode/generators/app/templates/gatekeeper/default.conf b/install/generator-cyphernode/generators/app/templates/gatekeeper/default.conf new file mode 100644 index 0000000..b92d0d8 --- /dev/null +++ b/install/generator-cyphernode/generators/app/templates/gatekeeper/default.conf @@ -0,0 +1,41 @@ +server { + listen <%= gatekeeper_port %> ssl; + server_name localhost; + + ssl_certificate /etc/ssl/certs/cert.pem; + ssl_certificate_key /etc/ssl/private/key.pem; + + location /s/ { + auth_request /auth; + root /etc/nginx/conf.d; + } + + location /v0/ { + auth_request /auth; + proxy_pass http://proxy:8888/; + + # Up default 60 second timeout for 3 minutes (OTS stamping can take time) + proxy_connect_timeout 180; + proxy_send_timeout 180; + proxy_read_timeout 180; + send_timeout 180; + + } + + location /auth { + internal; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /etc/nginx/conf.d/auth.sh; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +}