Merge pull request #61 from Telecominfraproject/WIFI-1319-SslIssue

Wifi 1319 ssl issue
2025-10-31 02:27:52 +00:00 · 2021-02-22 14:32:54 -05:00
parent 8670131e21 b833901b14
commit 0060ce09ac
9 changed files with 47 additions and 7 deletions
--- a/tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
+++ b/tip-wlan/charts/nginx-ingress-controller/templates/controller-configmap.yaml
@@ -7,4 +7,5 @@ metadata:
    {{- include "common.labels" . | nindent 4 }}
 data:
    external-status-address: {{ .Values.controller.config.externalStatusAddress }}
-    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    client-max-body-size: {{ .Values.controller.config.clientMaxBodySize }}
+    error-log-level: {{ .Values.controller.config.errorLogLevel }}
--- a/tip-wlan/charts/nginx-ingress-controller/values.yaml
+++ b/tip-wlan/charts/nginx-ingress-controller/values.yaml
@@ -56,6 +56,8 @@ controller:
    ## Max message size coming from the Client
    clientMaxBodySize: "20m"

+    ## Error 
+    errorLogLevel: "error"
  ## It is recommended to use your own TLS certificates and keys
  defaultTLS:
    ## The base64-encoded TLS certificate for the default HTTPS server. If not specified, a pre-generated self-signed certificate is used.
--- a/tip-wlan/charts/wlan-portal-service/resources/config/logback.xml
+++ b/tip-wlan/charts/wlan-portal-service/resources/config/logback.xml
@@ -7,7 +7,7 @@
 <!-- For professional support please see                            -->
 <!--    http://www.qos.ch/shop/products/professionalSupport         -->
 <!--                                                                -->
-<configuration>
+<configuration scan="true" scanPeriod="30 seconds">
  <conversionRule conversionWord="filteredStack"
                  converterClass="com.telecominfraproject.wlan.server.exceptions.logback.ExceptionCompressingConverter" />

--- a/tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties
+++ b/tip-wlan/charts/wlan-portal-service/resources/config/ssl.properties
@@ -0,0 +1,14 @@
+truststorePass={{ .Values.global.certificatePasswords.sslTruststore }}
+truststoreFile=file:///opt/tip-wlan/certs/truststore.jks
+truststoreType=JKS
+truststoreProvider=SUN
+
+keyAlias=1
+keystorePass={{ .Values.global.certificatePasswords.sslKeystore }}
+keystoreFile=file:///opt/tip-wlan/certs/server.pkcs12
+keystoreType=pkcs12
+keystoreProvider=SunJSSE
+
+sslProtocol=TLS
+sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
+sslCiphers=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA
--- a/tip-wlan/charts/wlan-portal-service/templates/secret.yaml
+++ b/tip-wlan/charts/wlan-portal-service/templates/secret.yaml
@@ -0,0 +1,10 @@
+{{- if not .Values.tlsv13.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "common.fullname" . }}-ssl-config
+  namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+  ssl.properties: {{ tpl ( .Files.Get "resources/config/ssl.properties" ) . | b64enc }}
+{{- end }}
--- a/tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
+++ b/tip-wlan/charts/wlan-portal-service/templates/statefulset.yaml
@@ -113,9 +113,12 @@ spec:
          - mountPath: /opt/tip-wlan/certs/server.pkcs12
            name: certificates
            subPath: server.pkcs12
-          - mountPath: /app/portal/logback.xml
+          - mountPath: /app/portal/log
            name: logback-config
-            subPath: logback.xml
+          {{- if not .Values.tlsv13.enabled }}
+          - mountPath: /app/portal/certs
+            name: ssl-config
+          {{- end }}
          - mountPath: {{ $file_store_path }}
            name: file-store-data
          {{- include "jmxPrometheus.configVolumeMount" . | nindent 10 }}
@@ -155,6 +158,11 @@ spec:
      - name: logback-config
        configMap:
            name: {{ include "common.fullname" . }}-log-config
+      {{- if not .Values.tlsv13.enabled }}
+      - name: ssl-config
+        secret:
+          secretName: {{ include "common.fullname" . }}-ssl-config
+      {{- end }}
      {{- if not .Values.persistence.enabled }}
      - name: file-store-data
        emptyDir: {}
--- a/tip-wlan/charts/wlan-portal-service/values.yaml
+++ b/tip-wlan/charts/wlan-portal-service/values.yaml
@@ -153,3 +153,6 @@ env:
 # on the PV
 filestore:
  internal: "/tmp/filestore"
+
+tlsv13:
+  enabled: true
--- a/tip-wlan/charts/wlan-prov-service/values.yaml
+++ b/tip-wlan/charts/wlan-prov-service/values.yaml
@@ -128,7 +128,7 @@ affinity: {}

 postgresql:
  url: postgresql
-  image: postgres:latest
+  image: postgres:11

 env:
  protocol: https
--- a/tip-wlan/example-values/microk8s-basic/values.yaml
+++ b/tip-wlan/example-values/microk8s-basic/values.yaml
@@ -31,6 +31,8 @@ wlan-cloud-graphql-gw:
  enabled: true
  env:
    portalsvc: tip-wlan-wlan-portal-service:9051
+  service:
+    type: ClusterIP
  ingress:
    hosts:
      - host: wlan-ui-graphql.wlan.local
@@ -45,8 +47,6 @@ wlan-cloud-static-portal:
  enabled: true
  env:
    graphql: https://wlan-ui-graphql.wlan.local
-  service:
-    type: NodePort
  ingress:
    hosts:
      - host: wlan-ui.wlan.local
@@ -67,6 +67,8 @@ wlan-portal-service:
    type: LoadBalancer
    annotations:
      metallb.universe.tf/allow-shared-ip: default
+  tlsv13:
+    enabled: false

 wlan-prov-service:
  enabled: true