[#52] Support TLS for s3-gw

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-11-08 12:07:19 +03:00
parent fcc4b84805
commit 6e4817101d
8 changed files with 107 additions and 7 deletions

View file

@ -49,6 +49,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json COPY ./sn/wallet.json /config/wallet-sn.json

View file

@ -49,6 +49,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json COPY ./sn/wallet.json /config/wallet-sn.json

View file

@ -34,6 +34,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json COPY ./sn/wallet.json /config/wallet-sn.json

View file

@ -16,12 +16,12 @@ Entrypoint script starts blockchain, inner ring, storage, s3, and http gateway
services and configures it in the initial start. services and configures it in the initial start.
| Service | Port | | Service | Port |
|-----------------------------|-------| |-----------------------------|------------------|
| neo-go RPC | 30333 | | neo-go RPC | 30333 |
| FrostFS Storage gRPC API | 8080 | | FrostFS Storage gRPC API | 8080 |
| FrostFS Storage Control API | 16513 | | FrostFS Storage Control API | 16513 |
| FrostFS HTTP Gateway | 8081 | | FrostFS HTTP Gateway | 8081 |
| FrostFS S3 Gateway | 8084 | | FrostFS S3 Gateway | 8084, 8184 (TLS) |
# Limitations # Limitations

View file

@ -25,6 +25,7 @@ services:
- "30333:30333" # RPC - "30333:30333" # RPC
- "8080:8080" # FrostFS API RPC - "8080:8080" # FrostFS API RPC
- "8084:8084" # S3 Gateway - "8084:8084" # S3 Gateway
- "8184:8184" # S3 Gateway with TLS
- "16513:16513" # Control service - "16513:16513" # Control service
volumes: volumes:

View file

@ -11,6 +11,11 @@ peers:
server: server:
- address: 0.0.0.0:8084 - address: 0.0.0.0:8084
- address: 0.0.0.0:8184
tls:
enabled: true
cert_file: /config/s3-gw-tls.crt
key_file: /config/s3-gw-tls.key
logger: logger:
level: debug level: debug

36
s3-gw/s3-gw-tls.crt Normal file
View file

@ -0,0 +1,36 @@
-----BEGIN CERTIFICATE-----
MIIGOzCCBCOgAwIBAgIUYWyZ9RMzV7CIRScF85cb8kmjUK4wDQYJKoZIhvcNAQEL
BQAwgawxCzAJBgNVBAYTAlJVMRkwFwYDVQQIDBBTYWludCBQZXRlcnNidXJnMRcw
FQYDVQQHDA5TdC4gUGV0ZXJzYnVyZzEXMBUGA1UECgwOVHJ1ZSBDbG91ZCBMYWIx
FzAVBgNVBAsMDlRydWUgQ2xvdWQgTGFiMRUwEwYDVQQDDAxmcm9zdGZzLmluZm8x
IDAeBgkqhkiG9w0BCQEWEWluZm9AZnJvc3Rmcy5pbmZvMB4XDTI0MTEwODA5MzQ0
MFoXDTM0MTEwNjA5MzQ0MFowgawxCzAJBgNVBAYTAlJVMRkwFwYDVQQIDBBTYWlu
dCBQZXRlcnNidXJnMRcwFQYDVQQHDA5TdC4gUGV0ZXJzYnVyZzEXMBUGA1UECgwO
VHJ1ZSBDbG91ZCBMYWIxFzAVBgNVBAsMDlRydWUgQ2xvdWQgTGFiMRUwEwYDVQQD
DAxmcm9zdGZzLmluZm8xIDAeBgkqhkiG9w0BCQEWEWluZm9AZnJvc3Rmcy5pbmZv
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz6tgNXMCc6MGrI/2r/Il
sF4Nr6/RkX1kti+hH/3azbheaTD7rYqrP37F/qFoeRY6jXYzW1Bwhq5jqrUeqnDD
NsY6Gpedn2HJjD1A1zq96Sv3SU8gT0WsSArDaCQW9joYfIlKTjOBS1WBJbWfNEqX
R2ld6/L/x5DoyNJ5+DkdnT+lj1sCCy4uKIDgrM92v6O5MHCjZk6Tp9t5t64EboXH
Wz3gJHCdK76VstSWCJ6Huw6rHcqKTbolZy0CiM9G5m6XeBD7G/28iM9k17KkwZ2T
8w6IKRyrfknl/vPjLKWC3Nj5eJTQuucpLBIs/wK+jgABQYIYzejguj5HPqnSUQ6d
u7UbOWBgOppzkyKJyXY5qJbgZlsMp/lkcDyoyLwGL6+ucz6f5vW72aDHrX3+p5/7
HLbI7phK48OchcMMn9MG0dOZ/vhhvTQ2nNBza905ZZQRQt/AucC1nyCfyTlG5bjb
16EdDbDu0o2PFZqHI0rx/Ytw2FFg6J4PCImxxetimOr1TomcdcvdxdJNqPTTrB9J
fRoh7w1HIxBwXToJ2eUz3kfvI920Jxad8VxcAWVctO2MfDQ1uSUnvqouEswUGPdx
ifpOHcj24b7uDn8g015d/p3yDSEZzxVC6Uw6xZ9dt9CZDtQBDLrno8aAc1xYMmci
J9Q94FepyhV4tg8IwnyIljECAwEAAaNTMFEwHQYDVR0OBBYEFHSkza/3e5y8v9T+
BjBej6ZgqtoHMB8GA1UdIwQYMBaAFHSkza/3e5y8v9T+BjBej6ZgqtoHMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAIYOmcqr+gwbY0zIREcoovBw
z4K5uR1OYY1+HzhzvJHCuFpssCMEjCFQjs5lD726ASFhEYaPaLuDiXtdn2u5QpQd
KwO98HDpC5jVb77Z8Bthf0eKrqzjbr+m7WFa22CPgyav8vGlQ+sv1+4HjHclkeW8
CEtf4k6YjM3//C03JN93Yvsu4zmGbFLkSUVujwLOx/LzF+PbWv6d6tbP8QNufaBx
vk74xc8icHBkyNnYhUddBXimpJEKAbGiF13Hf6M0Lbx/m8QIQ9P4VVR8FYdygYh3
n7O7Ivusae3M+fapSYODwtp3OVC6lz07wC0+m+G08h7YBwcC7z+BofFawtilZuRg
bbtoy5PhQTSpLzYOUtJOA5ihM3EqXR4k4/oeitNF78ZZI27p8z2g6YJY9Mjk+AfL
f6jaBCSqJnnPB8NQtLN6VI2C3Q9/glhUkHLZkHs8DMxZsf+PpqjssU5kZGf0Viha
BCeClyHpK/sOWOYTKfprRtfcVEYmW7favXkhdfG3QaWc8bkpvfw7ZEVmfkUJ2iUB
xJ279uDAdnPcqA43Nw6BtRhxV5AVNfAOSzpsH9MIjRes5RS2FcAs/qt9p7ciCh3Z
QsrnZHUvbgpaWMJimS9bxcXAvWwGhjve/OUmpeXMrjrJfsRtjuK/w4sT9wXZUrbj
zp1TkSmKv3w1aF3xTsOv
-----END CERTIFICATE-----

52
s3-gw/s3-gw-tls.key Normal file
View file

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDPq2A1cwJzowas
j/av8iWwXg2vr9GRfWS2L6Ef/drNuF5pMPutiqs/fsX+oWh5FjqNdjNbUHCGrmOq
tR6qcMM2xjoal52fYcmMPUDXOr3pK/dJTyBPRaxICsNoJBb2Ohh8iUpOM4FLVYEl
tZ80SpdHaV3r8v/HkOjI0nn4OR2dP6WPWwILLi4ogOCsz3a/o7kwcKNmTpOn23m3
rgRuhcdbPeAkcJ0rvpWy1JYInoe7DqsdyopNuiVnLQKIz0bmbpd4EPsb/byIz2TX
sqTBnZPzDogpHKt+SeX+8+MspYLc2Pl4lNC65yksEiz/Ar6OAAFBghjN6OC6Pkc+
qdJRDp27tRs5YGA6mnOTIonJdjmoluBmWwyn+WRwPKjIvAYvr65zPp/m9bvZoMet
ff6nn/sctsjumErjw5yFwwyf0wbR05n++GG9NDac0HNr3TlllBFC38C5wLWfIJ/J
OUbluNvXoR0NsO7SjY8VmocjSvH9i3DYUWDong8IibHF62KY6vVOiZx1y93F0k2o
9NOsH0l9GiHvDUcjEHBdOgnZ5TPeR+8j3bQnFp3xXFwBZVy07Yx8NDW5JSe+qi4S
zBQY93GJ+k4dyPbhvu4OfyDTXl3+nfINIRnPFULpTDrFn1230JkO1AEMuuejxoBz
XFgyZyIn1D3gV6nKFXi2DwjCfIiWMQIDAQABAoICAQC5u3ailygcMDRp5aAmIJYg
tR3cgY0XaGTIpLSgnjQxRbH6trqBrcIXWdTPNaDwmzbnCk5IXxsk+ZdeN/sjSRLv
TD7vRabNw3G1IZt6Y6kygAX85O3quE+rZyT5YT3AHpmD2G5CnsIGlISbK2MmK4g9
cDl2K7Ej1bC827IGlV6tIx15p1WelkDmLM3FARAdudqJPlSFzcU1nY+w/cws5S01
p5NuQ+HuG9hbRtKhBtgyLp5QWLN1bQTC0Hixz2CD+2kxE07i6/7RBVwVpkrAd6S4
/8g7rM6cdo9jhNErPyRZTR1iAQbmApTKO79OnC+9ZLe61RZGIv/K0qR5oPzfTgk3
Gb1lOo36jdBFRNr9wwON726W4pyrMIRURe2zDqfa3SMeSK++6MSxQiam1KXh8C2y
3qa6uWHGrrVrQJQUwXEpE1jonJ43GWNmds1cYD0Mhu/vzicwuOiw9VAtiskYm848
XgIgq5fQoO0lWe2mVfqXfmX4ANwQ3Cw5GaZI8ZbbEJtgSv1NOt6MzIEgNrMjtXGT
B3AG1gwUxf7i6fYCwR6YVDw5F9ze+3BheFiaANVzZ1MGw6RCbDGV0a74ncRAYdGc
N2QFoRY8W0eCYWkqVsDzhITJ2g3/bG5cN/9jD+r3R9ACHf7z7xFCQYEZC5p3+mT0
+MvV1F0p94tHetokAMD6mQKCAQEA7z0olJxdVEbnLFabz1VBYFYpNE/FriQCl1in
Cgdvfd3QOER0UdcpUct7j51dBO4LnGCzCVf8R4CVnUuHqA+CDlezDF1aBZVDdVoH
ICpdeKwiUDsdijAnVvXqjo9aWaS+Elscz+hnbsTq0KTJOGasJLcPmG84oBEInofT
0hLpctS7ZksZc7KcX2dpD3E/x7uWnlgH4fO663K/IybUY/c62CcvOy3L0+w7D8/2
rKqD0tdK1QGTjStdx9MRnP5e96KN3OmvK4wbzqoyYc5Yqoc0EN53O7vedGy/IULM
2cnoqT+bFtdILNYIXr9+04Sf0HDnABq3ADY4NUEgyZfv+jANxwKCAQEA3jgBwRpd
BHBs3y6HTyIse4lPwrbHa2hhF57vfjfWOpx/261kyLjof3KsgV8WbjlZaTDfSfTr
+PfqJX7BDfu6tB7pKjCogXjPXcpV6HUQLaY+hY0BSVtZCAk6MG5qrCaC10Y7NRJ9
STwQJoq6j+gR2VdsyCAbamGpalLXRh1TG0MnNI3Qw+iRHNCwLY6K4J6/kG8S938R
7/PbP7ylIBi0XtLlGD+FDoNt851Rg2fPr9uk+mwWFAHJEjP3UZotK+LN/TGSYV9b
3IY40zTrt78pWwgdXXvyhZw0U0G3u7BpVXTavk2DHsCDYWFCd1LK6umLiopdN/T/
H3H20NHiFrUcRwKCAQBrFA+WvInVT8rmgHlKilkxmj7lCBNthvaV8PsKtRtE1cP9
ez4o50m6L35FYGSi8TzHKEzaEMR86GOOvKCiKxbF/qDIFvxU5WMFIl9wGSYu/bR5
/ouRL05cUMNEPYtt9huQsbEqqVWqMX78FdVuZh4EbN8RFi7dDeKyug6nxwkv+WFL
Pq/MphPxa6KNY93tMtwOUU5t5p4yBfDg9d84Qw7WcmtkbHH/j4s735QD4moQM4Zt
4j+9fryB1MncX8n3wo0GZJ2fux0zGeBlAGuVH+DA8CGj3cmKiKXfaDux+vokzrBG
v+KxFrc2WTWVzJWPQQlTdaGU+a+cvmLDeDrT2zA/AoIBAQC/U2VfRz2TFuEF/1+M
qJW3/29m7EwilAoUdkkpWRXf/OKw10eQ8nNrV+ZitOXxHPt4cBWv7WpGP92fTtUV
HwmPD5YdNyu93bBcxlrU/AVj6GCoR9E1waqUGq25CTha5AV/J/7OIQ8xwL7/EC60
vFCx2m3UmKBCJbfhzVWADruBG35j5z45jsFyF9O4RaQY5VV2G8wuv39II6M/60IY
smyJv/ZzvCzpZAuE1oxaIUVV2jzfR7RyoV7nh0qHPcFqqapFNysbHylOY1oFrujM
mZAXypLN7GvQ0b7TeB+jP65RX3z+oGomTgZQD5dUeTowq8fzDlJYXV5TSqIBBNQu
TNz9AoIBAELhsEeQucMagn0hFKY5WgxIYF27UjYZVzpt78SKyKjwka0CqDFrCwM+
KF80TiAfqMBLD27UpYM9ylwv56e2ZLMWZb/Z0y25jlRC3ctSyRPFyLC6dRgZ1IVA
pDsh06uxJhBcZyJC1KKMShdfgV37TQC4qlpqAnDyN39TQH0rr7g9EOzUrOk1tclU
mnuUD5wTL5vx7h0mpTSJxf8r6D17i5loWYfi+tp4V7wibVrr7QNh7KWZ5Ww24Rmc
LZBtCAKI6Eoac9SOmtpDHW8l8istyNNCqrvU+xtwAnguRbo71rE18j+y11PPhqxn
4y2gRqQJl4QzugozyY0+9DKux/FDFfM=
-----END PRIVATE KEY-----