Enable http using an environment variable

Change-Id: I29bfb49e6538dbad87e5a030b42ba03c45545150
Issue-ID: NONRTRIC-232
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>

diff --git a/near-rt-ric-simulator/Dockerfile b/near-rt-ric-simulator/Dockerfile
index 2c5dfcd..b079d73 100644 (file)
--- a/near-rt-ric-simulator/Dockerfile
+++ b/near-rt-ric-simulator/Dockerfile
@@ -24,6 +24,7 @@ RUN pip install connexion[swagger-ui]
 #install nginx
 RUN apt-get update
 RUN apt-get install -y nginx=1.14.*
+RUN apt-get install -y nginx-extras
 
 #install curl
 RUN apt-get install -y curl

diff --git a/near-rt-ric-simulator/README.md b/near-rt-ric-simulator/README.md
index 5152042..a55d8d7 100644 (file)
--- a/near-rt-ric-simulator/README.md
+++ b/near-rt-ric-simulator/README.md
@@ -154,7 +154,12 @@ file "pass" stores the password when you run the shell script
 Start the a1-interface container without specifing external certificates:
 'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=STD\_1.1.3 -e REMOTE_HOSTS_LOGGING=1 a1test'
 
-It will listen to http 8085 port and https 8185 port(using default certificates) at the same time.
+It will listen to https 8185 port(using default certificates) by default.
+Http can be enabled on port 8085 using an environment variable "ALLOW_HTTP".
+If this environment variable is left out or set to false, the nginx server will send
+"444 Connection Closed Without Response" when making a call using http.
+Example command to enable http:
+'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=OSC\_2.1.0 -e ALLOW_HTTP=true a1test'
 
 This certificates/key can be overriden by mounting a volume when using "docker run" or "docker-compose"
 In 'docker run', use field:
@@ -163,7 +168,7 @@ In 'docker-compose.yml', use field:
 volumes:
       - ./certificate:/usr/src/app/cert:ro
 
-In docker run the full command could look like this:<br> 'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=STD\_1.1.3 -e REMOTE_HOSTS_LOGGING=1 --volume /PATH_TO_CERT_DIR/certificate:/usr/src/app/cert a1test'
+In docker run the full command could look like this:<br> 'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=STD\_1.1.3 -e ALLOW_HTTP=true -e REMOTE_HOSTS_LOGGING=1 --volume /PATH_TO_CERT_DIR/certificate:/usr/src/app/cert a1test'
 http port 8085 and https port 8185
 The variable for A1 version is set with the '-e' flag.
 With logging of remote host enabled "-e REMOTE_HOSTS_LOGGING=1 "

diff --git a/near-rt-ric-simulator/nginx.conf b/near-rt-ric-simulator/nginx.conf
index f21e173..3087a3f 100644 (file)
--- a/near-rt-ric-simulator/nginx.conf
+++ b/near-rt-ric-simulator/nginx.conf
@@ -3,6 +3,8 @@ worker_processes auto;
 pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 
+env ALLOW_HTTP;
+
 events {
     worker_connections 768;
     # multi_accept on;
@@ -27,9 +29,26 @@ http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
 
+    perl_set $allow_http 'sub { return $ENV{"ALLOW_HTTP"}; }';
+
     server { # simple reverse-proxy
-        listen      8085;
+       listen      8085;
         listen      [::]:8085;
+        server_name  localhost;
+       if ($allow_http != true) {
+           return 444;
+       }
+
+       # serve dynamic requests
+        location / {
+            proxy_set_header   Host                 $host;
+            proxy_set_header   X-Real-IP            $remote_addr;
+            proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
+            proxy_pass      http://localhost:2222;
+        }
+    }
+
+    server { # simple reverse-proxy
         listen      8185 ssl;
         listen      [::]:8185 ssl;
         server_name  localhost;
@@ -37,7 +56,6 @@ http {
         ssl_certificate_key /usr/src/app/cert/key.crt;
         ssl_password_file   /usr/src/app/cert/pass;
 
-
         # serve dynamic requests
         location / {
             proxy_set_header   Host                 $host;