[#52] Support TLS for s3-gw

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-11-08 12:07:19 +03:00
parent fcc4b84805
commit be23b14564
7 changed files with 61 additions and 0 deletions

View file

@ -49,6 +49,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json COPY ./sn/wallet.json /config/wallet-sn.json

View file

@ -49,6 +49,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json COPY ./sn/wallet.json /config/wallet-sn.json

View file

@ -34,6 +34,8 @@ COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json COPY ./sn/wallet.json /config/wallet-sn.json

View file

@ -25,6 +25,7 @@ services:
- "30333:30333" # RPC - "30333:30333" # RPC
- "8080:8080" # FrostFS API RPC - "8080:8080" # FrostFS API RPC
- "8084:8084" # S3 Gateway - "8084:8084" # S3 Gateway
- "8184:8184" # S3 Gateway with TLS
- "16513:16513" # Control service - "16513:16513" # Control service
volumes: volumes:

View file

@ -11,6 +11,11 @@ peers:
server: server:
- address: 0.0.0.0:8084 - address: 0.0.0.0:8084
- address: 0.0.0.0:8184
tls:
enabled: true
cert_file: /config/s3-gw-tls.crt
key_file: /config/s3-gw-tls.key
logger: logger:
level: debug level: debug

22
s3-gw/s3-gw-tls.crt Normal file
View file

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDpDCCAowCCQDXZEH0aQRqFzANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMC
UlUxFjAUBgNVBAgMDVN0LlBldGVyc2J1cmcxGTAXBgNVBAcMEFNhaW50IFBldGVy
c2J1cmcxDjAMBgNVBAoMBU5TUENDMREwDwYDVQQLDAhOZW8gU1BDQzERMA8GA1UE
AwwIbnNwY2MucnUxGzAZBgkqhkiG9w0BCQEWDG9wc0Buc3BjYy5ydTAeFw0yMDA3
MTMxNTQyMzZaFw0zMDA3MTExNTQyMzZaMIGTMQswCQYDVQQGEwJSVTEWMBQGA1UE
CAwNU3QuUGV0ZXJzYnVyZzEZMBcGA1UEBwwQU2FpbnQgUGV0ZXJzYnVyZzEOMAwG
A1UECgwFTlNQQ0MxETAPBgNVBAsMCE5lbyBTUENDMREwDwYDVQQDDAhuc3BjYy5y
dTEbMBkGCSqGSIb3DQEJARYMb3BzQG5zcGNjLnJ1MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwqo2l4fS0U6wZCLh7VjQn1LXN8pZlVaA62C+g1SwoWV2
Q5qM8FDihWj3UBO3F+6vUVJl8N5S0JroxxU6L48Wmshei145SLSl/F28tsk7Bbuz
NOchonlelW77Xr6l7cDJBWUWGkDoq6a/S6w6jjCGhZq+X0gyS5nZ4HTouVNv2oFK
eeJGtueLsS4zoVovrHdLSYdZH9/yC+E1WVCzQB+vdUF/vJLTuULgqncLV0sELmRl
+xsnnAV/REJswtCmKgrmAv9pMebBw5EEgROTGazdToWdD5X44xTlHjUb1bMuF9tL
YtUMdLxXceXZFhYhiTBO7ev9awKaNYslbxh+goJo1wIDAQABMA0GCSqGSIb3DQEB
CwUAA4IBAQBDEGhAyOtfsNwbZ0oZIw06e0JXCmri+8jsn5Ly/yHU0+ecHgMA5AAQ
AG2QRpZZtZCtD/Cj4i6nSTWbRhS0FgqY998p5Lnh/AXTZHBx0t3LKJupN59CIjCK
1eMEfQChoAZg66oO/obAFkq72gj8gpagMY9vFNVcszmse3FWrvlKmO1TwTEh+CzM
7wbmiL/ujm0lIf44pp0U4qYFcSimSDqbwOfeDPif9lMinzylDxMfaAKBHBHPj5Vt
fX8dgf6MIqyz51u/2G0gHfXMDxXec8huYKt2EtPyavh6kFxxGvcA15m6seJTcu+h
6WzeQFa2NBg7Z3ai4DiPXirNtcHWeqxK
-----END CERTIFICATE-----

27
s3-gw/s3-gw-tls.key Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwqo2l4fS0U6wZCLh7VjQn1LXN8pZlVaA62C+g1SwoWV2Q5qM
8FDihWj3UBO3F+6vUVJl8N5S0JroxxU6L48Wmshei145SLSl/F28tsk7BbuzNOch
onlelW77Xr6l7cDJBWUWGkDoq6a/S6w6jjCGhZq+X0gyS5nZ4HTouVNv2oFKeeJG
tueLsS4zoVovrHdLSYdZH9/yC+E1WVCzQB+vdUF/vJLTuULgqncLV0sELmRl+xsn
nAV/REJswtCmKgrmAv9pMebBw5EEgROTGazdToWdD5X44xTlHjUb1bMuF9tLYtUM
dLxXceXZFhYhiTBO7ev9awKaNYslbxh+goJo1wIDAQABAoIBAEIp3mJEjPgNOdDf
NlEYpdfxLStOQIKMo0bdXAOBToOc28SAjDTGGSflFGIIQWwF+Vq3meRzfExgyouY
AG3XwYQcZF4USX4XwG71YUXzQXdiY7ewc3Mos2gxD4kVXYpgwzJtOET2GN72zwAm
asSXY7GXdesmu8mMYkxzEAKlhFgMj+bGE/4QQUBKG9ylGIdo07zmU6rAsVhnwQTb
LE3cf+AxCeTVA7OsJCUUR4S9qsgXUN1WeaV8LNg0lYx8UTu1xlbrpSjx7B4eYy6J
FGJWuT9b3X+cBLcGk3BzheUAfqBG2UFDxUCt0grqmmTBkB850MtCDhffhPjxxrD7
KrwAcpECgYEA6HApn2VtWI/tDYCbNix6yxeqq73fO3ng6yFry1u7EYvl8hJXBgR4
b6kAVc3y/9pZO/5D23dHl1PQtnU5401/j6dQrb8A2TMqZ1vA8XIdIMjOiVjZtYMF
nXzmf78PEbw9jWlDVARJdAwkJeuDI4/HVvgiDAh3zxx5F8uDVP16/r8CgYEA1mXS
9owfLIPtPSxyMJoGU0jP7OP+HVwlKkXpvg7uBtINKSDW4UU4rnpIGW5MohR3ACWO
ReFliOnGA5FXBp9GzkbJ+wIYovPIsGuBdxSsBlPY1S0yPlo30hr7E6cK3B3EuxDg
SkbJcWp2EwXYEIyEcopbVUTTlBO3wmBFgm/Ps+kCgYA/+Kar9OlMR4hRgAS3uzQs
cx4I2F/46YlKjU8yj9ODd8JYhk2nHVHcQWITO3RWkEyg41DftQtiDbJSlR7SfUDP
U5gzyW69WISiH7GRgfucS0f0qxx4BVBlULvLitTl5631HnRmSivBIZpNSW01O1v8
hpwwPaBjww1czCkgGgdg1wKBgQCkaSdTW/bX+z9lpvzWWnc5TN/uSJRpTW1Osphh
4C8WWeQvwvglfiDOZAWAQv5PWKQ9H4+v9P4Y9TSdLcpv0JrKuqxPabcc1xfyei6o
89hLbecc6vDZsfOWkowx8Oo6DDX+Qh3Nt+TorXxocBXV8vvqnkEV7ZbWuhwz2gHT
2gyMaQKBgEE7rNzm8Q03IqQ08eYaRw8gWz8EpLeVebrGqtoH9AR5cd4OeTeZAEqc
iPehXctke2pUgS47XgG98G7Yg3E9UuOYM+H2nzQCoT7jrM0dZrVGZ0ty7z1a8QGe
UrjaAC/cyIGdszhf0Rf3qA7450nit9Txh+ilLiumgnUezl+eJXyI
-----END RSA PRIVATE KEY-----