forked from TrueCloudLab/frostfs-aio
[#52] Support TLS for s3-gw
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
fcc4b84805
commit
6e4817101d
8 changed files with 107 additions and 7 deletions
|
@ -49,6 +49,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
|
||||||
COPY ./s3-gw/regions.json /config/regions.json
|
COPY ./s3-gw/regions.json /config/regions.json
|
||||||
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
|
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
|
||||||
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
|
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
|
||||||
|
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
|
||||||
|
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
|
||||||
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
|
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
|
||||||
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
|
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
|
||||||
COPY ./sn/wallet.json /config/wallet-sn.json
|
COPY ./sn/wallet.json /config/wallet-sn.json
|
||||||
|
|
|
@ -49,6 +49,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
|
||||||
COPY ./s3-gw/regions.json /config/regions.json
|
COPY ./s3-gw/regions.json /config/regions.json
|
||||||
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
|
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
|
||||||
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
|
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
|
||||||
|
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
|
||||||
|
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
|
||||||
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
|
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
|
||||||
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
|
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
|
||||||
COPY ./sn/wallet.json /config/wallet-sn.json
|
COPY ./sn/wallet.json /config/wallet-sn.json
|
||||||
|
|
|
@ -34,6 +34,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
|
||||||
COPY ./s3-gw/regions.json /config/regions.json
|
COPY ./s3-gw/regions.json /config/regions.json
|
||||||
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
|
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
|
||||||
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
|
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
|
||||||
|
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
|
||||||
|
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
|
||||||
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
|
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
|
||||||
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
|
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
|
||||||
COPY ./sn/wallet.json /config/wallet-sn.json
|
COPY ./sn/wallet.json /config/wallet-sn.json
|
||||||
|
|
|
@ -16,12 +16,12 @@ Entrypoint script starts blockchain, inner ring, storage, s3, and http gateway
|
||||||
services and configures it in the initial start.
|
services and configures it in the initial start.
|
||||||
|
|
||||||
| Service | Port |
|
| Service | Port |
|
||||||
|-----------------------------|-------|
|
|-----------------------------|------------------|
|
||||||
| neo-go RPC | 30333 |
|
| neo-go RPC | 30333 |
|
||||||
| FrostFS Storage gRPC API | 8080 |
|
| FrostFS Storage gRPC API | 8080 |
|
||||||
| FrostFS Storage Control API | 16513 |
|
| FrostFS Storage Control API | 16513 |
|
||||||
| FrostFS HTTP Gateway | 8081 |
|
| FrostFS HTTP Gateway | 8081 |
|
||||||
| FrostFS S3 Gateway | 8084 |
|
| FrostFS S3 Gateway | 8084, 8184 (TLS) |
|
||||||
|
|
||||||
# Limitations
|
# Limitations
|
||||||
|
|
||||||
|
|
|
@ -25,6 +25,7 @@ services:
|
||||||
- "30333:30333" # RPC
|
- "30333:30333" # RPC
|
||||||
- "8080:8080" # FrostFS API RPC
|
- "8080:8080" # FrostFS API RPC
|
||||||
- "8084:8084" # S3 Gateway
|
- "8084:8084" # S3 Gateway
|
||||||
|
- "8184:8184" # S3 Gateway with TLS
|
||||||
- "16513:16513" # Control service
|
- "16513:16513" # Control service
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
|
|
|
@ -11,6 +11,11 @@ peers:
|
||||||
|
|
||||||
server:
|
server:
|
||||||
- address: 0.0.0.0:8084
|
- address: 0.0.0.0:8084
|
||||||
|
- address: 0.0.0.0:8184
|
||||||
|
tls:
|
||||||
|
enabled: true
|
||||||
|
cert_file: /config/s3-gw-tls.crt
|
||||||
|
key_file: /config/s3-gw-tls.key
|
||||||
|
|
||||||
logger:
|
logger:
|
||||||
level: debug
|
level: debug
|
||||||
|
|
36
s3-gw/s3-gw-tls.crt
Normal file
36
s3-gw/s3-gw-tls.crt
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGOzCCBCOgAwIBAgIUYWyZ9RMzV7CIRScF85cb8kmjUK4wDQYJKoZIhvcNAQEL
|
||||||
|
BQAwgawxCzAJBgNVBAYTAlJVMRkwFwYDVQQIDBBTYWludCBQZXRlcnNidXJnMRcw
|
||||||
|
FQYDVQQHDA5TdC4gUGV0ZXJzYnVyZzEXMBUGA1UECgwOVHJ1ZSBDbG91ZCBMYWIx
|
||||||
|
FzAVBgNVBAsMDlRydWUgQ2xvdWQgTGFiMRUwEwYDVQQDDAxmcm9zdGZzLmluZm8x
|
||||||
|
IDAeBgkqhkiG9w0BCQEWEWluZm9AZnJvc3Rmcy5pbmZvMB4XDTI0MTEwODA5MzQ0
|
||||||
|
MFoXDTM0MTEwNjA5MzQ0MFowgawxCzAJBgNVBAYTAlJVMRkwFwYDVQQIDBBTYWlu
|
||||||
|
dCBQZXRlcnNidXJnMRcwFQYDVQQHDA5TdC4gUGV0ZXJzYnVyZzEXMBUGA1UECgwO
|
||||||
|
VHJ1ZSBDbG91ZCBMYWIxFzAVBgNVBAsMDlRydWUgQ2xvdWQgTGFiMRUwEwYDVQQD
|
||||||
|
DAxmcm9zdGZzLmluZm8xIDAeBgkqhkiG9w0BCQEWEWluZm9AZnJvc3Rmcy5pbmZv
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz6tgNXMCc6MGrI/2r/Il
|
||||||
|
sF4Nr6/RkX1kti+hH/3azbheaTD7rYqrP37F/qFoeRY6jXYzW1Bwhq5jqrUeqnDD
|
||||||
|
NsY6Gpedn2HJjD1A1zq96Sv3SU8gT0WsSArDaCQW9joYfIlKTjOBS1WBJbWfNEqX
|
||||||
|
R2ld6/L/x5DoyNJ5+DkdnT+lj1sCCy4uKIDgrM92v6O5MHCjZk6Tp9t5t64EboXH
|
||||||
|
Wz3gJHCdK76VstSWCJ6Huw6rHcqKTbolZy0CiM9G5m6XeBD7G/28iM9k17KkwZ2T
|
||||||
|
8w6IKRyrfknl/vPjLKWC3Nj5eJTQuucpLBIs/wK+jgABQYIYzejguj5HPqnSUQ6d
|
||||||
|
u7UbOWBgOppzkyKJyXY5qJbgZlsMp/lkcDyoyLwGL6+ucz6f5vW72aDHrX3+p5/7
|
||||||
|
HLbI7phK48OchcMMn9MG0dOZ/vhhvTQ2nNBza905ZZQRQt/AucC1nyCfyTlG5bjb
|
||||||
|
16EdDbDu0o2PFZqHI0rx/Ytw2FFg6J4PCImxxetimOr1TomcdcvdxdJNqPTTrB9J
|
||||||
|
fRoh7w1HIxBwXToJ2eUz3kfvI920Jxad8VxcAWVctO2MfDQ1uSUnvqouEswUGPdx
|
||||||
|
ifpOHcj24b7uDn8g015d/p3yDSEZzxVC6Uw6xZ9dt9CZDtQBDLrno8aAc1xYMmci
|
||||||
|
J9Q94FepyhV4tg8IwnyIljECAwEAAaNTMFEwHQYDVR0OBBYEFHSkza/3e5y8v9T+
|
||||||
|
BjBej6ZgqtoHMB8GA1UdIwQYMBaAFHSkza/3e5y8v9T+BjBej6ZgqtoHMA8GA1Ud
|
||||||
|
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAIYOmcqr+gwbY0zIREcoovBw
|
||||||
|
z4K5uR1OYY1+HzhzvJHCuFpssCMEjCFQjs5lD726ASFhEYaPaLuDiXtdn2u5QpQd
|
||||||
|
KwO98HDpC5jVb77Z8Bthf0eKrqzjbr+m7WFa22CPgyav8vGlQ+sv1+4HjHclkeW8
|
||||||
|
CEtf4k6YjM3//C03JN93Yvsu4zmGbFLkSUVujwLOx/LzF+PbWv6d6tbP8QNufaBx
|
||||||
|
vk74xc8icHBkyNnYhUddBXimpJEKAbGiF13Hf6M0Lbx/m8QIQ9P4VVR8FYdygYh3
|
||||||
|
n7O7Ivusae3M+fapSYODwtp3OVC6lz07wC0+m+G08h7YBwcC7z+BofFawtilZuRg
|
||||||
|
bbtoy5PhQTSpLzYOUtJOA5ihM3EqXR4k4/oeitNF78ZZI27p8z2g6YJY9Mjk+AfL
|
||||||
|
f6jaBCSqJnnPB8NQtLN6VI2C3Q9/glhUkHLZkHs8DMxZsf+PpqjssU5kZGf0Viha
|
||||||
|
BCeClyHpK/sOWOYTKfprRtfcVEYmW7favXkhdfG3QaWc8bkpvfw7ZEVmfkUJ2iUB
|
||||||
|
xJ279uDAdnPcqA43Nw6BtRhxV5AVNfAOSzpsH9MIjRes5RS2FcAs/qt9p7ciCh3Z
|
||||||
|
QsrnZHUvbgpaWMJimS9bxcXAvWwGhjve/OUmpeXMrjrJfsRtjuK/w4sT9wXZUrbj
|
||||||
|
zp1TkSmKv3w1aF3xTsOv
|
||||||
|
-----END CERTIFICATE-----
|
52
s3-gw/s3-gw-tls.key
Normal file
52
s3-gw/s3-gw-tls.key
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDPq2A1cwJzowas
|
||||||
|
j/av8iWwXg2vr9GRfWS2L6Ef/drNuF5pMPutiqs/fsX+oWh5FjqNdjNbUHCGrmOq
|
||||||
|
tR6qcMM2xjoal52fYcmMPUDXOr3pK/dJTyBPRaxICsNoJBb2Ohh8iUpOM4FLVYEl
|
||||||
|
tZ80SpdHaV3r8v/HkOjI0nn4OR2dP6WPWwILLi4ogOCsz3a/o7kwcKNmTpOn23m3
|
||||||
|
rgRuhcdbPeAkcJ0rvpWy1JYInoe7DqsdyopNuiVnLQKIz0bmbpd4EPsb/byIz2TX
|
||||||
|
sqTBnZPzDogpHKt+SeX+8+MspYLc2Pl4lNC65yksEiz/Ar6OAAFBghjN6OC6Pkc+
|
||||||
|
qdJRDp27tRs5YGA6mnOTIonJdjmoluBmWwyn+WRwPKjIvAYvr65zPp/m9bvZoMet
|
||||||
|
ff6nn/sctsjumErjw5yFwwyf0wbR05n++GG9NDac0HNr3TlllBFC38C5wLWfIJ/J
|
||||||
|
OUbluNvXoR0NsO7SjY8VmocjSvH9i3DYUWDong8IibHF62KY6vVOiZx1y93F0k2o
|
||||||
|
9NOsH0l9GiHvDUcjEHBdOgnZ5TPeR+8j3bQnFp3xXFwBZVy07Yx8NDW5JSe+qi4S
|
||||||
|
zBQY93GJ+k4dyPbhvu4OfyDTXl3+nfINIRnPFULpTDrFn1230JkO1AEMuuejxoBz
|
||||||
|
XFgyZyIn1D3gV6nKFXi2DwjCfIiWMQIDAQABAoICAQC5u3ailygcMDRp5aAmIJYg
|
||||||
|
tR3cgY0XaGTIpLSgnjQxRbH6trqBrcIXWdTPNaDwmzbnCk5IXxsk+ZdeN/sjSRLv
|
||||||
|
TD7vRabNw3G1IZt6Y6kygAX85O3quE+rZyT5YT3AHpmD2G5CnsIGlISbK2MmK4g9
|
||||||
|
cDl2K7Ej1bC827IGlV6tIx15p1WelkDmLM3FARAdudqJPlSFzcU1nY+w/cws5S01
|
||||||
|
p5NuQ+HuG9hbRtKhBtgyLp5QWLN1bQTC0Hixz2CD+2kxE07i6/7RBVwVpkrAd6S4
|
||||||
|
/8g7rM6cdo9jhNErPyRZTR1iAQbmApTKO79OnC+9ZLe61RZGIv/K0qR5oPzfTgk3
|
||||||
|
Gb1lOo36jdBFRNr9wwON726W4pyrMIRURe2zDqfa3SMeSK++6MSxQiam1KXh8C2y
|
||||||
|
3qa6uWHGrrVrQJQUwXEpE1jonJ43GWNmds1cYD0Mhu/vzicwuOiw9VAtiskYm848
|
||||||
|
XgIgq5fQoO0lWe2mVfqXfmX4ANwQ3Cw5GaZI8ZbbEJtgSv1NOt6MzIEgNrMjtXGT
|
||||||
|
B3AG1gwUxf7i6fYCwR6YVDw5F9ze+3BheFiaANVzZ1MGw6RCbDGV0a74ncRAYdGc
|
||||||
|
N2QFoRY8W0eCYWkqVsDzhITJ2g3/bG5cN/9jD+r3R9ACHf7z7xFCQYEZC5p3+mT0
|
||||||
|
+MvV1F0p94tHetokAMD6mQKCAQEA7z0olJxdVEbnLFabz1VBYFYpNE/FriQCl1in
|
||||||
|
Cgdvfd3QOER0UdcpUct7j51dBO4LnGCzCVf8R4CVnUuHqA+CDlezDF1aBZVDdVoH
|
||||||
|
ICpdeKwiUDsdijAnVvXqjo9aWaS+Elscz+hnbsTq0KTJOGasJLcPmG84oBEInofT
|
||||||
|
0hLpctS7ZksZc7KcX2dpD3E/x7uWnlgH4fO663K/IybUY/c62CcvOy3L0+w7D8/2
|
||||||
|
rKqD0tdK1QGTjStdx9MRnP5e96KN3OmvK4wbzqoyYc5Yqoc0EN53O7vedGy/IULM
|
||||||
|
2cnoqT+bFtdILNYIXr9+04Sf0HDnABq3ADY4NUEgyZfv+jANxwKCAQEA3jgBwRpd
|
||||||
|
BHBs3y6HTyIse4lPwrbHa2hhF57vfjfWOpx/261kyLjof3KsgV8WbjlZaTDfSfTr
|
||||||
|
+PfqJX7BDfu6tB7pKjCogXjPXcpV6HUQLaY+hY0BSVtZCAk6MG5qrCaC10Y7NRJ9
|
||||||
|
STwQJoq6j+gR2VdsyCAbamGpalLXRh1TG0MnNI3Qw+iRHNCwLY6K4J6/kG8S938R
|
||||||
|
7/PbP7ylIBi0XtLlGD+FDoNt851Rg2fPr9uk+mwWFAHJEjP3UZotK+LN/TGSYV9b
|
||||||
|
3IY40zTrt78pWwgdXXvyhZw0U0G3u7BpVXTavk2DHsCDYWFCd1LK6umLiopdN/T/
|
||||||
|
H3H20NHiFrUcRwKCAQBrFA+WvInVT8rmgHlKilkxmj7lCBNthvaV8PsKtRtE1cP9
|
||||||
|
ez4o50m6L35FYGSi8TzHKEzaEMR86GOOvKCiKxbF/qDIFvxU5WMFIl9wGSYu/bR5
|
||||||
|
/ouRL05cUMNEPYtt9huQsbEqqVWqMX78FdVuZh4EbN8RFi7dDeKyug6nxwkv+WFL
|
||||||
|
Pq/MphPxa6KNY93tMtwOUU5t5p4yBfDg9d84Qw7WcmtkbHH/j4s735QD4moQM4Zt
|
||||||
|
4j+9fryB1MncX8n3wo0GZJ2fux0zGeBlAGuVH+DA8CGj3cmKiKXfaDux+vokzrBG
|
||||||
|
v+KxFrc2WTWVzJWPQQlTdaGU+a+cvmLDeDrT2zA/AoIBAQC/U2VfRz2TFuEF/1+M
|
||||||
|
qJW3/29m7EwilAoUdkkpWRXf/OKw10eQ8nNrV+ZitOXxHPt4cBWv7WpGP92fTtUV
|
||||||
|
HwmPD5YdNyu93bBcxlrU/AVj6GCoR9E1waqUGq25CTha5AV/J/7OIQ8xwL7/EC60
|
||||||
|
vFCx2m3UmKBCJbfhzVWADruBG35j5z45jsFyF9O4RaQY5VV2G8wuv39II6M/60IY
|
||||||
|
smyJv/ZzvCzpZAuE1oxaIUVV2jzfR7RyoV7nh0qHPcFqqapFNysbHylOY1oFrujM
|
||||||
|
mZAXypLN7GvQ0b7TeB+jP65RX3z+oGomTgZQD5dUeTowq8fzDlJYXV5TSqIBBNQu
|
||||||
|
TNz9AoIBAELhsEeQucMagn0hFKY5WgxIYF27UjYZVzpt78SKyKjwka0CqDFrCwM+
|
||||||
|
KF80TiAfqMBLD27UpYM9ylwv56e2ZLMWZb/Z0y25jlRC3ctSyRPFyLC6dRgZ1IVA
|
||||||
|
pDsh06uxJhBcZyJC1KKMShdfgV37TQC4qlpqAnDyN39TQH0rr7g9EOzUrOk1tclU
|
||||||
|
mnuUD5wTL5vx7h0mpTSJxf8r6D17i5loWYfi+tp4V7wibVrr7QNh7KWZ5Ww24Rmc
|
||||||
|
LZBtCAKI6Eoac9SOmtpDHW8l8istyNNCqrvU+xtwAnguRbo71rE18j+y11PPhqxn
|
||||||
|
4y2gRqQJl4QzugozyY0+9DKux/FDFfM=
|
||||||
|
-----END PRIVATE KEY-----
|
Loading…
Reference in a new issue