X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=nginx%2Fconfig%2Fnginx.conf;fp=nginx%2Fconfig%2Fnginx.conf;h=cc61bd5c50d878390e315cd445fff46bf731ea23;hb=5c0154874432f3b08c9ad3a2cec990c7a3ab7c4b;hp=0000000000000000000000000000000000000000;hpb=aaa23d1262f744e7ac978ae19f9b8dcbb3e49253;p=oam%2Ftr069-adapter.git diff --git a/nginx/config/nginx.conf b/nginx/config/nginx.conf new file mode 100755 index 0000000..cc61bd5 --- /dev/null +++ b/nginx/config/nginx.conf @@ -0,0 +1,112 @@ +# ============LICENSE_START======================================================================== +# O-RAN-SC : tr-069-adapter +# ================================================================================================= +# Copyright (C) 2020 CommScope Inc Intellectual Property. +# ================================================================================================= +# This tr-069-adapter software file is distributed by CommScope Inc under the Apache License, +# Version 2.0 (the "License"); you may not use this file except in compliance with the License. You +# may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, +# either express or implied. See the License for the specific language governing permissions and +# limitations under the License. +# ===============LICENSE_END======================================================================= +worker_processes auto; + +events { worker_connections 1024; } + +http { + + sendfile on; + ssl_password_file /etc/nginx/ssl/tr069adapterCertPassPhrase; +# +# This Section is TR069Adapter for SSL Termination +# + server { + listen 1111 tr069adapterComm; + server_name netconfServerIP; + ssl_certificate /etc/nginx/ssl/tr069adapterSSLCert; + ssl_certificate_key /etc/nginx/ssl/tr069adapterSSLKey; + + ssl_client_certificate /etc/nginx/ssl/tr069adapterSSLClientTrustCRT; + ssl_verify_client on; + + location /viewAll { + proxy_pass http://netconfServerIP:8089; + } + + location /importFactory { + proxy_pass http://netconfServerIP:8089; + } + + location /importConfig { + proxy_pass http://netconfServerIP:9000; + } + + location /getConfig { + proxy_pass http://netconfServerIP:9000; + } + + location /netConfServerManagerService/listServers { + proxy_pass http://netconfServerIP:8181; + } + + location /CPEMgmt/acs { + proxy_pass http://netconfServerIP:9977; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + } + } + +# +# This Section is for Fault VES Collector +# + server { + listen 2222; + resolver faultvesCollectorDNSServer; + server_name netconfServerIP; + + location / { + proxy_pass https://faultvesCollectorHost:faultvesCollectorPort$request_uri; + proxy_ssl_certificate /etc/nginx/ssl/faultvesCollectorSSLCert; + proxy_ssl_certificate_key /etc/nginx/ssl/faultvesCollectorSSLKey; + proxy_ssl_password_file /etc/nginx/ssl/tr069adapterCertPassPhrase; + proxy_ssl_session_reuse on; + + proxy_ssl_trusted_certificate /etc/nginx/ssl/faultvesCollectorTrustCRT; + proxy_ssl_verify on; + proxy_ssl_verify_depth 2; + + proxy_set_header Authorization "Basic faultvesCollectorBasicAuthUserPassEncrypt"; + } + } + +# +# This Section is for PNF Reg VES Collector +# + + server { + listen 3333; + resolver pnfregvesCollectorDNSServer; + server_name netconfServerIP; + + location / { + proxy_pass https://pnfregvesCollectorHost:pnfregvesCollectorPort$request_uri; + proxy_ssl_certificate /etc/nginx/ssl/pnfregvesCollectorSSLCert; + proxy_ssl_certificate_key /etc/nginx/ssl/pnfregvesCollectorSSLKey; + proxy_ssl_password_file /etc/nginx/ssl/tr069adapterCertPassPhrase; + proxy_ssl_session_reuse on; + + proxy_ssl_trusted_certificate /etc/nginx/ssl/pnfregvesCollectorTrustCRT; + proxy_ssl_verify on; + proxy_ssl_verify_depth 2; + + proxy_set_header Authorization "Basic pnfregvesCollectorBasicAuthUserPassEncrypt"; + } + } +}