From: RehanRaza Date: Fri, 29 May 2020 15:46:40 +0000 (+0200) Subject: Enable http using an environment variable X-Git-Tag: BronzeRC0~2 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?p=sim%2Fa1-interface.git;a=commitdiff_plain;h=d728781c6965e0f2b7876ea084e1af191531eb36 Enable http using an environment variable Change-Id: I29bfb49e6538dbad87e5a030b42ba03c45545150 Issue-ID: NONRTRIC-232 Signed-off-by: RehanRaza --- diff --git a/near-rt-ric-simulator/Dockerfile b/near-rt-ric-simulator/Dockerfile index 2c5dfcd..b079d73 100644 --- a/near-rt-ric-simulator/Dockerfile +++ b/near-rt-ric-simulator/Dockerfile @@ -24,6 +24,7 @@ RUN pip install connexion[swagger-ui] #install nginx RUN apt-get update RUN apt-get install -y nginx=1.14.* +RUN apt-get install -y nginx-extras #install curl RUN apt-get install -y curl diff --git a/near-rt-ric-simulator/README.md b/near-rt-ric-simulator/README.md index 5152042..a55d8d7 100644 --- a/near-rt-ric-simulator/README.md +++ b/near-rt-ric-simulator/README.md @@ -154,7 +154,12 @@ file "pass" stores the password when you run the shell script Start the a1-interface container without specifing external certificates: 'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=STD\_1.1.3 -e REMOTE_HOSTS_LOGGING=1 a1test' -It will listen to http 8085 port and https 8185 port(using default certificates) at the same time. +It will listen to https 8185 port(using default certificates) by default. +Http can be enabled on port 8085 using an environment variable "ALLOW_HTTP". +If this environment variable is left out or set to false, the nginx server will send +"444 Connection Closed Without Response" when making a call using http. +Example command to enable http: +'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=OSC\_2.1.0 -e ALLOW_HTTP=true a1test' This certificates/key can be overriden by mounting a volume when using "docker run" or "docker-compose" In 'docker run', use field: @@ -163,7 +168,7 @@ In 'docker-compose.yml', use field: volumes: - ./certificate:/usr/src/app/cert:ro -In docker run the full command could look like this:
'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=STD\_1.1.3 -e REMOTE_HOSTS_LOGGING=1 --volume /PATH_TO_CERT_DIR/certificate:/usr/src/app/cert a1test' +In docker run the full command could look like this:
'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=STD\_1.1.3 -e ALLOW_HTTP=true -e REMOTE_HOSTS_LOGGING=1 --volume /PATH_TO_CERT_DIR/certificate:/usr/src/app/cert a1test' http port 8085 and https port 8185 The variable for A1 version is set with the '-e' flag. With logging of remote host enabled "-e REMOTE_HOSTS_LOGGING=1 " diff --git a/near-rt-ric-simulator/nginx.conf b/near-rt-ric-simulator/nginx.conf index f21e173..3087a3f 100644 --- a/near-rt-ric-simulator/nginx.conf +++ b/near-rt-ric-simulator/nginx.conf @@ -3,6 +3,8 @@ worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; +env ALLOW_HTTP; + events { worker_connections 768; # multi_accept on; @@ -27,9 +29,26 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; + perl_set $allow_http 'sub { return $ENV{"ALLOW_HTTP"}; }'; + server { # simple reverse-proxy - listen 8085; + listen 8085; listen [::]:8085; + server_name localhost; + if ($allow_http != true) { + return 444; + } + + # serve dynamic requests + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:2222; + } + } + + server { # simple reverse-proxy listen 8185 ssl; listen [::]:8185 ssl; server_name localhost; @@ -37,7 +56,6 @@ http { ssl_certificate_key /usr/src/app/cert/key.crt; ssl_password_file /usr/src/app/cert/pass; - # serve dynamic requests location / { proxy_set_header Host $host;