Commit b252b950 authored by Robert Butora's avatar Robert Butora
Browse files

docker: make TLS configurable (uses JKS keystore with password)

parent 4ee07f4b

docker/Dockerfile.soda

+1 −1
Original line number Diff line number Diff line
@@ -41,7 +41,7 @@ RUN echo "${INST_DIR}/lib" > /etc/ld.so.conf.d/ast.conf && ldconfig \ 
 && echo "fits_path_surveys=/srv/surveys" > $WEBAPP_DIR/WEB-INF/classes/cutout.properties



# change webapps-dir and preconfigure port 8080 (no SSL)

COPY deps/server.xml deps/server-connector.xml ${CATALINA_BASE}/conf/

COPY deps/server.xml deps/server-connector.xml* ${CATALINA_BASE}/conf/

COPY deps/soda.logging.properties ${CATALINA_BASE}/conf/

COPY deps/setenv.sh ${CATALINA_BASE}/bin/

docker/Dockerfile.soda.temurin-jammy

+1 −1
Original line number Diff line number Diff line
@@ -37,7 +37,7 @@ RUN echo "${INST_DIR}/lib" > /etc/ld.so.conf.d/ast.conf && ldconfig \ 
 && echo "fits_path_surveys=/srv/surveys" > $WEBAPP_DIR/WEB-INF/classes/cutout.properties



# pre-configure port 8080 (no TSL)

COPY deps/server.xml deps/server-connector.xml ${CATALINA_BASE}/conf/

COPY deps/server.xml deps/server-connector.xml* ${CATALINA_BASE}/conf/

COPY deps/soda.logging.properties ${CATALINA_BASE}/conf/

COPY deps/setenv.sh ${CATALINA_BASE}/bin/

docker/example-security/iamtoken/server-connector-8443.xml-self-signed-keystore-jksdocker/deps/server-connector.xml-8443

+1 −1
Original line number Diff line number Diff line
@@ -4,7 +4,7 @@ 
        <SSLHostConfig>

            <Certificate certificateKeyAlias="tomcat"

                         certificateKeystoreFile="/etc/pki/tls/keystore.jks"

                         certificateKeystorePassword="tomcatskassl"

                         certificateKeystorePasswordFile="/etc/pki/tls/keystore.pwd"

                         type="RSA" />

        </SSLHostConfig>

   </Connector>

docker/start-soda.sh.soda

+16 −7
Original line number Diff line number Diff line
@@ -8,13 +8,26 @@ whoami 
env





## configure SODA

# configure SODA



mkdir -p $CATALINA_BASE/conf/Catalina/localhost

cp $WEBAPP_DIR/META-INF/context.xml $CATALINA_BASE/conf/Catalina/localhost/$ACCESS_CONTEXT_ROOT.xml



# configure TLS



## Security

if [ -f /etc/pki/tls/keystore.jks ] && [ -f /etc/pki/tls/keystore.pwd ];

then

   cp $CATALINA_BASE/conf/server-connector.xml-8443 $CATALINA_BASE/conf/server-connector.xml

fi



case $KEYSTORE_ALIAS in

   *)

      echo $KEYSTORE_ALIAS

      sed -i "s/tomcat/$KEYSTORE_ALIAS/" $CATALINA_BASE/conf/server-connector.xml

      ;;

esac



# env SECURITY (deprecated)



case $SECURITY in

   iamtoken)
@@ -23,12 +36,8 @@ case $SECURITY in 
      cp /etc/pki/tls/iamtoken.properties $WEBAPP_DIR/WEB-INF/classes/

      rm -f $WEBAPP_DIR/WEB-INF/lib/jjwt-*0.11*.jar

      ;;

   tls)

      cp /etc/pki/tls/server-connector.xml $CATALINA_BASE/conf

      rm -f $WEBAPP_DIR/WEB-INF/lib/jjwt-*.jar

      ;;

   *)

      echo "Security not configured, runs open."

      echo "SECURITY not configured."

      ;;

esac