[#90] Enabled tls for s04

Signed-off-by: Denis Kirillov <denis@nspcc.ru>

services/storage/.storage.env

@@ -21,6 +21,10 @@ NEOFS_METRICS_ADDRESS=:9090
 
 # GRPC Transport Section
 NEOFS_GRPC_NUM=1
+## 0 server
+### TLS config
+NEOFS_GRPC_0_TLS_CERTIFICATE=/tls.crt
+NEOFS_GRPC_0_TLS_KEY=/tls.key
 
 # Morph section
 ## Endpoints of sidechain RPC nodes (comma-separated)

services/storage/artifacts.mk

@@ -0,0 +1,15 @@
+# Create new tls certs
+
+STORAGE_DIR=$(patsubst %/,%,$(dir $(abspath $(lastword $(MAKEFILE_LIST)))))
+SSL_CONFIG := $(shell mktemp)
+
+get.storage:
+	@echo "⇒ Creating tls certs to NeoFS node"
+	@(echo "[req]"; \
+      echo "distinguished_name=req"; \
+      echo "req_extensions=san"; \
+      echo "[san]"; \
+      echo "subjectAltName=DNS:s04.${LOCAL_DOMAIN}") > ${SSL_CONFIG}
+	@openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes \
+		-subj "/C=RU/ST=SPB/L=St.Petersburg/O=NSPCC/OU=NSPCC/CN=s04.${LOCAL_DOMAIN}" \
+		-keyout ${STORAGE_DIR}/s04tls.key -out ${STORAGE_DIR}/s04tls.crt -extensions san -config ${SSL_CONFIG}

services/storage/docker-compose.yml

@@ -114,6 +114,8 @@ services:
       - storage_s04:/storage
       - ./../../vendor/neofs-cli:/neofs-cli
       - ./healthcheck.sh:/healthcheck.sh
+      - ./s04tls.crt:/tls.crt
+      - ./s04tls.key:/tls.key
     stop_signal: SIGKILL
     env_file: [ ".env", ".storage.env" ]
     environment:
@@ -121,6 +123,7 @@ services:
       - NEOFS_NODE_ADDRESSES=s04.${LOCAL_DOMAIN}:8080
       - NEOFS_GRPC_0_ENDPOINT=s04.${LOCAL_DOMAIN}:8080
       - NEOFS_CONTROL_GRPC_ENDPOINT=s04.${LOCAL_DOMAIN}:8081
+      - NEOFS_GRPC_0_TLS_ENABLED=true
       - NEOFS_NODE_ATTRIBUTE_0=UN-LOCODE:FI HEL
       - NEOFS_NODE_ATTRIBUTE_1=Price:44
     healthcheck:

services/storage/prepare.mk

@@ -0,0 +1,3 @@
+prepare.storage:
+	@echo "Adding self-signed tls certs to trusted store"
+	@./bin/addCert.sh