From af8d73d8b696d0df3c944250277f3b9ea5089bd5 Mon Sep 17 00:00:00 2001 From: ecaiyanlinux Date: Wed, 20 May 2020 11:17:33 +0200 Subject: [PATCH] Add default certificates for a1-interface The default certificates are in folder /usr/src/app/cert The default certificates can be overriden by mounting a volume in 'docker run' command or in a docker-compose.yml file ex: in 'docker run': docker run -it -p 8085:8085 -p 8185:8185 -e A1_VERSION=OSC_2.1.0 -e REMOTE_HOSTS_LOGGING=1 --volume "$PWD/certificate:/usr/src/app/cert" a1test in 'docker-compose.yml': volumes: - ./certificate:/usr/src/app/cert:ro Issue-ID: NONRTRIC-218 Signed-off-by: ecaiyanlinux Change-Id: I0db70fe403f8190257bb7fe910d08ab59b3b8ed3 --- near-rt-ric-simulator/Dockerfile | 1 + near-rt-ric-simulator/README.md | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/near-rt-ric-simulator/Dockerfile b/near-rt-ric-simulator/Dockerfile index 05a75fd..2c5dfcd 100644 --- a/near-rt-ric-simulator/Dockerfile +++ b/near-rt-ric-simulator/Dockerfile @@ -31,6 +31,7 @@ RUN apt-get install -y curl COPY src src COPY api api COPY nginx.conf nginx.conf +COPY certificate /usr/src/app/cert RUN chmod +x src/start.sh CMD src/start.sh ${A1_VERSION} diff --git a/near-rt-ric-simulator/README.md b/near-rt-ric-simulator/README.md index 8eb97c0..5152042 100644 --- a/near-rt-ric-simulator/README.md +++ b/near-rt-ric-simulator/README.md @@ -145,6 +145,24 @@ An env variable, A1\_VERSION need to be passed to the container at start to sele An env variable, REMOTE_HOSTS_LOGGING, can be set (any value is ok) and the the counter remote\_hosts will log the host names of all remote hosts that has accessed the A1 URIs. If host names cannot be resolved, the ip address of the remote host is logged instead. This logging is default off so must be configured to be enabled. If not configured, the counter remote\_hosts will return a fixed text indicating that host name logging is not enabled. Use this feature with caution, remote host lookup may take time in certain environments. The simulator can also run using the https protocol. The enable https, a valid certificate and key need to provided. There is self-signed certificate available in the certificate dir and that dir shall be mounted to the container to make it available +By default, this image has default certificates under /usr/src/app/cert +file "cert.crt" is the certificate file +file "key.crt" is the key file +file "generate_cert_and_key.sh" is a shell script to generate certificate and key +file "pass" stores the password when you run the shell script + +Start the a1-interface container without specifing external certificates: +'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=STD\_1.1.3 -e REMOTE_HOSTS_LOGGING=1 a1test' + +It will listen to http 8085 port and https 8185 port(using default certificates) at the same time. + +This certificates/key can be overriden by mounting a volume when using "docker run" or "docker-compose" +In 'docker run', use field: +--volume "$PWD/certificate:/usr/src/app/cert" a1test +In 'docker-compose.yml', use field: +volumes: + - ./certificate:/usr/src/app/cert:ro + In docker run the full command could look like this:
'docker run -it -p 8085:8085 -p 8185:8185 -e A1\_VERSION=STD\_1.1.3 -e REMOTE_HOSTS_LOGGING=1 --volume /PATH_TO_CERT_DIR/certificate:/usr/src/app/cert a1test' http port 8085 and https port 8185 The variable for A1 version is set with the '-e' flag. -- 2.16.6