From 0accb265d7bf72a5c6bd1b39d06c71cce4cc551e Mon Sep 17 00:00:00 2001 From: Piotr Biernat Date: Thu, 5 Dec 2024 16:55:03 +0100 Subject: [PATCH] Update --- .app.config | 16 + Dockerfile | 34 +- api-registry/entrypoint.sh | 24 +- api-registry/etc/addons/api-gateway.hcl | 21 ++ .../etc/addons/pricing-intentions.hcl | 13 + api-registry/etc/addons/proxy-defaults.hcl | 6 + api-registry/etc/addons/routes.hcl | 87 +++++ api-registry/etc/addons/service-catalog.hcl | 20 ++ api-registry/etc/addons/service-defaults.hcl | 4 + api-registry/etc/addons/service-router.hcl | 88 +++++ api-registry/etc/consul/defaults.hcl | 18 + api-registry/etc/consul/gateway.hcl | 70 ++++ api-registry/etc/consul/server-ca.json | 19 + api-registry/etc/consul/server.hcl | 327 ++++++++++++++---- api-registry/opt/tpl/ca.crt.tpl | 2 +- api-registry/opt/tpl/catalog.crt.tpl | 2 +- api-registry/opt/tpl/catalog.key.tpl | 2 +- api-registry/spawn-process.sh | 8 + api-registry/start-envoy.sh | 18 + deploy/image-build.sh | 2 +- deploy/image-push.sh | 7 +- example.hcl | 15 + secrets | 7 + var/certs/VaultCA.pem | 19 + var/certs/catalog-svc.cert.pem | 21 ++ var/certs/pki_int.cert.pem | 51 +++ var/certs/pki_int.csr | 16 + var/certs/test.key | 27 ++ var/certs/test.pem | 39 +++ 29 files changed, 890 insertions(+), 93 deletions(-) create mode 100644 .app.config create mode 100644 api-registry/etc/addons/api-gateway.hcl create mode 100644 api-registry/etc/addons/pricing-intentions.hcl create mode 100644 api-registry/etc/addons/proxy-defaults.hcl create mode 100644 api-registry/etc/addons/routes.hcl create mode 100644 api-registry/etc/addons/service-catalog.hcl create mode 100644 api-registry/etc/addons/service-defaults.hcl create mode 100644 api-registry/etc/addons/service-router.hcl create mode 100644 api-registry/etc/consul/defaults.hcl create mode 100644 api-registry/etc/consul/gateway.hcl create mode 100644 api-registry/etc/consul/server-ca.json create mode 100755 api-registry/spawn-process.sh create mode 100644 api-registry/start-envoy.sh create mode 100644 example.hcl create mode 100644 secrets create mode 100644 var/certs/VaultCA.pem create mode 100644 var/certs/catalog-svc.cert.pem create mode 100644 var/certs/pki_int.cert.pem create mode 100644 var/certs/pki_int.csr create mode 100644 var/certs/test.key create mode 100644 var/certs/test.pem diff --git a/.app.config b/.app.config new file mode 100644 index 0000000..0a8c685 --- /dev/null +++ b/.app.config @@ -0,0 +1,16 @@ +{ + "ID": "gateway-__IP__", + "Name": "gateway", + "Address": "__IP__", + "Tags": ["api-gateway", "gateway", "https", "infra"], + "Port": 8443, + "Connect": { + "Native": true + }, + "Check": { + "TCP": "__IP__:8443", + "Interval": "5s", + "Timeout": "1s", + "DeregisterCriticalServiceAfter": "10s" + } +} \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index a290059..4501cd1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,37 @@ -FROM hashicorp/consul:1.15 + +FROM envoyproxy/envoy:distroless-v1.29-latest AS envoy +FROM ubuntu:latest AS base +FROM hashicorp/consul:1.19.2-ubi + +USER root LABEL dev.egommerce.image.author="Piotr Biernat" LABEL dev.egommerce.image.vendor="Egommerce" LABEL dev.egommerce.image.service="api-registry" LABEL dev.egommerce.image.version="1.0" -COPY ./api-registry/etc /consul/config +ENV CGO_ENABLED=0 -EXPOSE 8500 8600 8600/udp -# USER consul +COPY ./api-registry/etc/consul /consul/config +# COPY ./api-registry/etc/addons/* /consul/config +COPY ./api-registry/etc/consul-template /consul/template +COPY ./api-registry/opt /opt/consul +COPY ./api-registry/entrypoint.sh / -ENTRYPOINT ["consul", "agent", "-config-dir=/consul/config"] +# Fix for running Go apps in container @https://stackoverflow.com/a/35613430 +#RUN rm /lib64/ld-linux-x86-64.so.2 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 +# RUN apt update && \ +# apt install -y curl +# RUN microdnf --enablerepo=rhel-7-server-rpms \ +# install curl --nodocs + +COPY --from=base /usr/bin/hostname /usr/bin/hostname +# COPY --from=base /usr/bin/ps /usr/bin/ps +COPY --from=envoy /usr/local/bin/envoy /bin/envoy +# COPY ./.app.config / +COPY ./api-registry/spawn-process.sh / + +EXPOSE 53 53/udp 8443 8501 + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["consul", "agent", "-config-dir=/consul/config"] diff --git a/api-registry/entrypoint.sh b/api-registry/entrypoint.sh index b872c77..1b63017 100755 --- a/api-registry/entrypoint.sh +++ b/api-registry/entrypoint.sh @@ -2,16 +2,16 @@ set -e -apk add zip +# apk add zip + +update-ca-trust -# exec register-service -update-ca-certificates echo -e "nameserver 127.0.0.1\n$(cat /etc/resolv.conf)" > /etc/resolv.conf # Install consul-template -cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \ -unzip consul-template_0.19.5_linux_amd64.zip && \ -rm consul-template_0.19.5_linux_amd64.zip && cd - +# cd ~/ && curl -O https://releases.hashicorp.com/consul-template/0.19.5/consul-template_0.19.5_linux_amd64.zip && \ +# unzip consul-template_0.19.5_linux_amd64.zip && \ +# rm consul-template_0.19.5_linux_amd64.zip && cd - # Install glibc # apk add gcompat @@ -21,4 +21,14 @@ rm consul-template_0.19.5_linux_amd64.zip && cd - # func-e use $ENVOY_VERSION_STRING # cp ~/.func-e/versions/$ENVOY_VERSION_STRING/bin/envoy /usr/local/bin/ -exec "$@" +if [ $APP_NAME == "api-gateway" ] +then + # register-service + + IP=$(hostname -i) COMMAND="consul connect envoy -gateway api -register -service gateway -address ${IP}:8443 -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -ca-file /usr/share/pki/ca-trust-source/anchors/internalCA.crt -client-cert /etc/certs/catalog.crt -client-key /etc/certs/catalog.key -enable-config-gen-logging -- --log-level trace --log-path /var/log/api-gateway.log" ./spawn-process.sh 2>&1 & + COMMAND="consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-catalog.log" ./spawn-process.sh 2>&1 & + COMMAND="consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -enable-config-gen-logging -- --log-level trace --log-path /var/log/sidecar-basket.log" ./spawn-process.sh 2>&1 & +fi + + +exec "$@" \ No newline at end of file diff --git a/api-registry/etc/addons/api-gateway.hcl b/api-registry/etc/addons/api-gateway.hcl new file mode 100644 index 0000000..a38df62 --- /dev/null +++ b/api-registry/etc/addons/api-gateway.hcl @@ -0,0 +1,21 @@ +config_entries { + bootstrap = [ + { + Kind = "api-gateway" + Name = "gw" + + Listeners = [ + { + Name = "gw" + Port = 443 + Protocol = "http" + #Services = [ + # { + # Name = "catalog" + # } + #] + } + ] + } + ] +} diff --git a/api-registry/etc/addons/pricing-intentions.hcl b/api-registry/etc/addons/pricing-intentions.hcl new file mode 100644 index 0000000..8c5aeae --- /dev/null +++ b/api-registry/etc/addons/pricing-intentions.hcl @@ -0,0 +1,13 @@ +#Kind = "service-intentions" +#Name = "pricing" + +#Sources = [ + #{ + # Name = "basket" + # Action = "deny" + #} + #{ + # Name = "api" + # Action = "allow" + #} +#] \ No newline at end of file diff --git a/api-registry/etc/addons/proxy-defaults.hcl b/api-registry/etc/addons/proxy-defaults.hcl new file mode 100644 index 0000000..08f5469 --- /dev/null +++ b/api-registry/etc/addons/proxy-defaults.hcl @@ -0,0 +1,6 @@ +Kind = "proxy-defaults" +Name = "global" + +Config { + Protocol = "http" +} \ No newline at end of file diff --git a/api-registry/etc/addons/routes.hcl b/api-registry/etc/addons/routes.hcl new file mode 100644 index 0000000..3d0102e --- /dev/null +++ b/api-registry/etc/addons/routes.hcl @@ -0,0 +1,87 @@ +config_entries { + bootstrap = [ + { + Kind = "http-route" + Name = "catalog-routes" + + Meta = { + "name" = "catalog-routes" + } + #Hostnames = [""] + + Parents = [ + { + Kind = "api-gateway" + Name = "gw" + #SectionName = "" + } + ] + + Rules = [ + { + Filters = { + URLRewrite = { + Path = "/catalog" + } + #JWT = { + # Providers = [ + # Name = "" + # VerifyClaim = { + # Path = [""] + # Value = "" + # } + # ] + #} + } + #Matches = [ + #{ + # Headers = [ + # { + # Match = "" + # Name = "" + # Value = "" + # } + # ] + # Method = "" + # Path = { + # Match = "" + # Value = "" + # } + # Query = [ + # { + # Match = "" + # Name = "" + # Value = "" + # } + # ] + #} + #] + Services = [ + { + Name = "catalog" + Weight = 90 + Filters = { + # Headers = [ + # { + # Add = { + # "" = "" + # } + # Remove = [ + # "" + # ] + # Set = { + # "" = "" + # } + # } + # ] + URLRewrite = { + Path = "/" + } + } + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/api-registry/etc/addons/service-catalog.hcl b/api-registry/etc/addons/service-catalog.hcl new file mode 100644 index 0000000..f33b62c --- /dev/null +++ b/api-registry/etc/addons/service-catalog.hcl @@ -0,0 +1,20 @@ +services = [ + { + name = "catalog" + port = 443 + } + checks = { + Interval = "10s" + Name = "Connect Sidecar Listening" + TCP = "127.0.0.1:20000" + } + kind = "connect-proxy" + name = "web-sidecar-proxy" + port = 20000 + proxy = { + destination_service_id = "catalog" + destination_service_name = "catalog" + local_service_address = "127.0.0.1" + local_service_port = 443 + } +] diff --git a/api-registry/etc/addons/service-defaults.hcl b/api-registry/etc/addons/service-defaults.hcl new file mode 100644 index 0000000..f14f014 --- /dev/null +++ b/api-registry/etc/addons/service-defaults.hcl @@ -0,0 +1,4 @@ +Kind = "service-defaults" +Name = "service-globals" + +Protocol = "http" \ No newline at end of file diff --git a/api-registry/etc/addons/service-router.hcl b/api-registry/etc/addons/service-router.hcl new file mode 100644 index 0000000..258a409 --- /dev/null +++ b/api-registry/etc/addons/service-router.hcl @@ -0,0 +1,88 @@ +Kind = "service-router" +Name = "service-router" + +Routes = [ + { + Match { + HTTP { + PathPrefix = "/identity" + } + }, + Destination { + Service = "identity" + } + }, + { + Match { + HTTP { + PathPrefix = "/basket" + } + }, + Destination { + Service = "basket" + } + }, + { + Match { + HTTP { + PathPrefix = "/catalog" + } + }, + Destination { + Service = "catalog" + } + }, + { + Match { + HTTP { + PathPrefix = "/order" + } + }, + Destination { + Service = "order" + } + }, + { + Match { + HTTP { + PathPrefix = "/pricing" + } + }, + Destination { + Service = "pricing" + } + }, + { + Match { + HTTP { + PathPrefix = "/service" + } + #HTTP { + # Methods = ["GET", "POST", "PUT"] + #}, + }, + Destination { + Service = "service" + #ServiceSubset = "" + #Namespace = "" + #Partition = "" + #PrefixRewrite = "" ## required specifying either Routes.Match.HTTP.PathPrefix or Routes.Match.HTTP.PathExact + #RequestTimeout = 0 + #IdleTimeout = 0 + #NumRetries = 1 + #RetryOnConnectFailure = false + #RetryOn = ["reset", "unavailable"] + #RetryOnStatusCodes = [500, 502, 503] + #RequestHeaders = { + #Set = { + # "X-Web-Version" : "" + #} + #} + } + #ResponseHeaders = { + #Set = { + # "X-Web-Version" : "" + #} + #} + } +] \ No newline at end of file diff --git a/api-registry/etc/consul/defaults.hcl b/api-registry/etc/consul/defaults.hcl new file mode 100644 index 0000000..3f1013d --- /dev/null +++ b/api-registry/etc/consul/defaults.hcl @@ -0,0 +1,18 @@ +config_entries { + bootstrap = [ + { + Kind = "proxy-defaults" + Name = "defaults" + + Config { + Protocol = "http" + } + }, + { + Kind = "service-defaults" + Name = "defaults" + + Protocol = "http" + } + ] +} diff --git a/api-registry/etc/consul/gateway.hcl b/api-registry/etc/consul/gateway.hcl new file mode 100644 index 0000000..a086187 --- /dev/null +++ b/api-registry/etc/consul/gateway.hcl @@ -0,0 +1,70 @@ +# Datacenter configuration +datacenter = "dc" +domain = "ego.io" + +data_dir = "/consul/data" +log_level = "DEBUG" +enable_local_script_checks = true + +server = false + +ui_config { + enabled = true + content_path = "/registry" +} + +bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}" +client_addr = "0.0.0.0" + +ports { + dns = -1 + https = 8501 + http = -1 + grpc_tls = 8503 +} + +dns_config { + service_ttl { + "*" = "20s" + } + node_ttl = "0s" +} + +# Connect settings +connect { + enabled = true +} + +# TLS Encryption configuration +tls { + defaults { + ca_file = "/usr/share/pki/ca-trust-source/anchors/internalCA.crt" + cert_file = "/etc/certs/gateway.crt" + key_file = "/etc/certs/gateway.key" + + #verify_server_hostname = true + #verify_incoming = true + #verify_outgoing = true + verify_incoming = false + verify_outgoing = false + } +} + +#auto_encrypt { +# allow_tls = true +#} + +# ACL configuration +# After startup, bootstrap the ACL system with `consul acl bootstrap` command +acl = { + enabled = true + default_policy = "deny" + enable_token_persistence = true + tokens { + default = "784746ec-0d5d-fb12-1a79-95f912dcaabd" + initial_management = "784746ec-0d5d-fb12-1a79-95f912dcaabd" + } +} + +# Gossip Encryption +encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA=" diff --git a/api-registry/etc/consul/server-ca.json b/api-registry/etc/consul/server-ca.json new file mode 100644 index 0000000..c1fd505 --- /dev/null +++ b/api-registry/etc/consul/server-ca.json @@ -0,0 +1,19 @@ +{ + "Provider": "consul", + "Config": { + "LeafCertTTL": "72h", + "PrivateKey": "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDHQTuRb+EPGlTX\naRNf8cFrjz5hZiXkHX4OxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjC\nUAU7erx4XM/q6bLAOQ3w85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJq\nQWYNH2UP6dJa5c5YUxXWh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtp\nvBO0PAZrG9QFbB3nL/V3gZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv\n+6A7CpjMYav0/7+Kje6ys1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWt\nTTdGrTcXhqS0gJRihRlp7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQa\nnutqUWucgl/8QTZA4krAfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zE\nIt6KCwDlDGJfqKTKqSDX1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNptt\nkvFPXuM6mvhv+r1umylgbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuB\nt6Kjn4pb0xQ1e9EowQhZ4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiylju\nd+VIZ86B3U3Ch0JUPvITK7Q2buE9qwIDAQABAoICAFwSFX9nrhw3c5qx8AT2hgS4\nhP+mnr2grx4ONiVFcir069cjjezCVnf4XXhJ0skNXH7xrXH8QycijKelKDXKygno\nAR8wa6uM8Zc0SUf4JQl7oMFrDA8ZJdxkP9ZFYANhjS9PWjYtEAtT/2F/5LMNnbpT\ntiLQa5++jKm701OdtjaVs5TO1lRmDgsE5Z675e1c3iR8tPEkb72qAi5ifMxcrC6U\nBk2XHt4z9/4HvVkPYUXhg+/wErWApoPvzTm7pZnqQNOVqv/ULNkn8bY1lF2T0PUn\n8Lhd8NkKKpEidV9VmqKk01rtJKOnqCzPKsL2s5FJQfEOT5oTViwPUq7IrlEXOwvw\nJzsvd7fDP+OFAlbPUuecJ/F5kmIaroTUSqx/WWCy3hDoD+jgAGKtenlGyk8mJLY3\nS75dhH11ArMwnmkQA7vkp4K688yYaXu5LZU4AydRjM3p3bOTJSjSgNbenAYgJlRG\nCsVwL/u9mFA3DcEgrHup7T6F78eb5uUdr4UdlLFRQnxO5N6wizlplrC0b6kfF5xt\nLtOQDI5/P4oSW29UxJCnb3xnsu/ult/7x/DkmRrtyB6D3t31g12ZAJlsn58A0JLG\n+tBA2m7sOSFL5PYeJQq04d/jFs8e64k3mcyopbJtbAP8SkLFcBe3mbl455B9i9US\nwa5BFKTSuyxJUcm6d6BJAoIBAQDlujfzADHmrUCW6BgLyYK1dXFesATdDJ4GuUfQ\nSc5bMMLNRBTTKetgepbTiYLX0la9thwB90QsOqTiRrEudo1hNX3bpluglpUkA7IO\nUlEveufJqf9FWvsz6WxT6Qjx+J1q9Y+TaVD33J05WJPHC3FQVhgxkOk0KVX2cvmV\naSM+2a529UXrnO15/nNiqLGegjmm0yj9HmmfmLmbpuM7Cdomss8BEU7r/xg3k+xw\nyiFAOQRY5i21E7m3gWlYIayeaQd5Zw4i2ikxA0EjWtyfeaIHfPEFiIdESDDvYgqM\nnZXN2ZedmnWR+UWZ4Nk/YOBO8ljs+J3c4LRcNnN0HMpBrYaVAoIBAQDeCtxk14Mo\n8ilHsU7stRxgYjDvQDyJEPF13X9yp/3v31EXu4+CtUC7XzzkWXFS5j1KCUK6qUQQ\nTbuZLzzOzsStz9ku0IvD7M/2rDibbfj9jpkMFsH7pSk8EL42Hnj9RFSctSM9wVjU\nFh3AGeRsh05osfaP2eIGpPaHN0V7DBZj+yx+orjSGlevDYJMe1MXa1i2TjQJ7+HC\nGw8+4faqEg+pJp1vBdY2aUTzFotorn5MkA4ddDG3c2Aau3+j5JXI0w1/AJ9ZWQ/S\nXPv23a4anbY44amwgjaaJPTaW5K1UsH/2U5PYdFf8M4FFN74AfBm3fJkKm1Z/RQR\nkNk9Whu4u+M/AoIBAQCglOoVJ7a6C7NRiU19t89xbnXf/WR47B/ujUdAtsbTgaM5\n/vQbo3rQBwE1PzNCD9roY8ryKNjznc6yCT5DP0WWhODEUGZOO9Rmx1qInkv3x48M\nrZMt9OoRoIJDqWrCUcogASTqozyg9grFEkDCayI7SONCiowpFRfs3PPP2B12Co3k\nw5CroRdzJkWb2lXGejs4fPRy8vZcRFLCFgdStpFSab0/fszPNJLGDtXBBdn2XaTH\nS6b5o583QfPUUj2qwboix8He5ObURvUadKIxq8FyQIjuGECNn3TtcHf1URZtPUO5\nPEYg0sEvTjguEFbbeJZml2cqBbytlLZhnNpYzKZ9AoIBAAzfBk2WLJU4DGqKfa+9\nA+sWZg3IZHnxkH2rnFKyKEc6Y8IDbls+VIVIDQiTor0SeaUMCmE1pKtpRiGoGldG\npyIINWfAUQnHdXqwGwvvgQp5tKd9vjrvJQfFVLFgbNUJm/oFighvZ83Lhmf3WEVu\nRn5NKqTGFZMbButpqc5rMfUTv02L8zjCrCiKmO4EDBoEb/0JZXzZ+fU9ilGz2Y+c\nQmokweWIqhU3XvbUbLphuxKHGzpb3PHsbzq9ebWvb3tXuKWPDK2qOv+Pwk9aJFiI\noeKEOkjwE2g2EjeCLWvzYymImECDxBZSqC6lOhOYUS41WXKy/unDgOFPyzgCPC8m\nPRMCggEAYpVEGldItHA/UNq0/z5a4uqu70LB24lIdbwCOykqtwH2op0ZFZ80ZVv4\noBLlDlXzcuKPCXw4UfyGfx7P8ePw85+b7VC9Usp6vBRWTkat3r3XiLZ5b5+W/XPs\nj3oD7FhYxnmb0luQz//5XR/5yb3Tw7h6IZ7mGdVmi/JgkhWHyG/fxlYlAMPOInPe\nSf0POl+s6IRm4kp/FHw0c4ha5Il7iDA3sISDqXkmh3V2BWX2u3tgmaVU+h1CH6Ra\nGqjSz2Fw9FCzWQdItx8Avov0mFaGezslsF0cLZy38mxePimgA1QW2IRMU6TLVVij\nW8GDkpznvE6iIwlcMxTJvwk7JkkSAQ==\n-----END PRIVATE KEY-----\n", + "RootCert": "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIUWcgQmuod9ZoO/PdOvL485tiTV10wDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCUEwxDjAMBgNVBAgMBVNsYXNrMRAwDgYDVQQHDAdHbGl3\naWNlMRgwFgYDVQQKDA9FZ29tbWVyY2UuaW8gQ0ExFTATBgNVBAMMDGVnb21tZXJj\nZS5pbzAeFw0yNDA3MjAxMjUzNDVaFw0zNDA3MTgxMjUzNDVaMGAxCzAJBgNVBAYT\nAlBMMQ4wDAYDVQQIDAVTbGFzazEQMA4GA1UEBwwHR2xpd2ljZTEYMBYGA1UECgwP\nRWdvbW1lcmNlLmlvIENBMRUwEwYDVQQDDAxlZ29tbWVyY2UuaW8wggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHQTuRb+EPGlTXaRNf8cFrjz5hZiXkHX4O\nxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjCUAU7erx4XM/q6bLAOQ3w\n85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJqQWYNH2UP6dJa5c5YUxXW\nh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtpvBO0PAZrG9QFbB3nL/V3\ngZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv+6A7CpjMYav0/7+Kje6y\ns1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWtTTdGrTcXhqS0gJRihRlp\n7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQanutqUWucgl/8QTZA4krA\nfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zEIt6KCwDlDGJfqKTKqSDX\n1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNpttkvFPXuM6mvhv+r1umylg\nbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuBt6Kjn4pb0xQ1e9EowQhZ\n4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiyljud+VIZ86B3U3Ch0JUPvIT\nK7Q2buE9qwIDAQABo1MwUTAdBgNVHQ4EFgQUCfODB1LPdNYVDc61nNZ9HrpFOAsw\nHwYDVR0jBBgwFoAUCfODB1LPdNYVDc61nNZ9HrpFOAswDwYDVR0TAQH/BAUwAwEB\n/zANBgkqhkiG9w0BAQsFAAOCAgEAtbv6F7EKV4SShPV54A62vY+t5W7USK1mRSuE\n+R/eO6LsNTkw7Xz4EyNb1KtZRlXjI0+B1vPc2t8qJIe6Kkx5+YPDM47HfipHZvsZ\nD3IWEHNiVo/xvEQnfFKu4kHMoi6glw/2/FeOYcklhzf2HGBqP8ZJZX9852vvD6ai\n7Q79DvvQAF95c6HVAbK+9hZ2KZbrUA/G8hFH8oC9/Au1bUEL9DMFj7IieKO10PNW\n8ZEaVWpg+cx3B913hfnmjRrchioGpsS9au3cZjKLbKa+zedOd2pK1TiVUAVgHUcr\nc893OpUg7nEONHrjzlroMmNHDaqA//Kg2lKMc2xHU06pEIIcCGGD4fAV2nXwn/9g\nl4XK5iBaQt5HIDNl7o+5AbxFQBptv91yLEzxtF3l51CUyh7/yOeJAoL9aKxlWAFh\nTO315Ouy2syTSBAs1Mj3U7KsvrWkRk5QJ3RaSEWf/l1LOgnthd4j6FEOVlB+Qe0U\nlvEIkHMftRKyp54hKABchJGjjsQmxY2Qyegw75mYdqaN0V1mz0dzAW8Bg/6U+i/L\n9bdsTC6WHiFV2InAogpXQRaDBvZXhGDujKR49+oBkLId/jmOpIU/crvdD767W7Fx\nqXz/PGpXoKtPK4tNVhjoBfYhKXTFI47AoplrqhkqbC/gfEEi0ny0DsTOx6r+aTRf\nFFw/JXM=\n-----END CERTIFICATE-----\n", + "IntermediateCertTTL": "8760h" + } +} + +{ + "Provider": "vault", + "Config": { + "Address": "https://api-vault:8200", + "Token": "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE", + "RootPKIPath": "pki/", + "IntermediatePKIPath": "pki_int/" + } +} \ No newline at end of file diff --git a/api-registry/etc/consul/server.hcl b/api-registry/etc/consul/server.hcl index c66f077..85e7c5f 100644 --- a/api-registry/etc/consul/server.hcl +++ b/api-registry/etc/consul/server.hcl @@ -1,7 +1,6 @@ # Datacenter configuration -datacenter = "ego" +datacenter = "dc" domain = "ego.io" -node_name = "registry" data_dir = "/consul/data" log_level = "DEBUG" @@ -11,62 +10,65 @@ enable_local_script_checks = true server = true bootstrap = true bootstrap_expect = 1 -acl_master_token = "784746ec-0d5d-fb12-1a79-95f912dcaabd" -acl_token = "784746ec-0d5d-fb12-1a79-95f912dcaabd" ui_config { enabled = true + content_path = "/registry" + dashboard_url_templates { + service = "https://grafana.example.com/d/lDlaj-NGz/service-overview?orgId=1&var-service={{Service.Name}}&var-namespace={{Service.Namespace}}&var-partition={{Service.Partition}}&var-dc={{Datacenter}}" + } } -bind_addr = "127.0.0.1" +bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}" client_addr = "0.0.0.0" ports { - dns = 53 - server = 8300 - https = 8501 - grpc_tls = 8503 + dns = 53 + #server = 8300 + http = -1 + https = 8501 + grpc_tls = 8503 } dns_config { service_ttl { - "*" = "10s" + "*" = "20s" } node_ttl = "0s" } -#enable_central_service_config = true - # Connect settings -#connect { - #enabled = true - #ca_provider = "vault" +connect { + enabled = true + + #ca_provider = "consul" #ca_config { - # address = "https://api-vault:8200" - # token = "hvs.CAESIA9jPKArVgpCNzvze9ehIiX2gKMnVgu0rtSUw54Wj9HQGh4KHGh2cy5LdmJVRnYzVkQ1UXhDU2FKaEFQMW5UTm0" - # root_pki_path = "pki/" - # intermediate_pki_path = "pki_int/" - # ca_file = "/usr/local/share/ca-certificates/internalCA.crt" + # leaf_cert_ttl = "72h" + # private_key = "-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDHQTuRb+EPGlTX\naRNf8cFrjz5hZiXkHX4OxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjC\nUAU7erx4XM/q6bLAOQ3w85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJq\nQWYNH2UP6dJa5c5YUxXWh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtp\nvBO0PAZrG9QFbB3nL/V3gZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv\n+6A7CpjMYav0/7+Kje6ys1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWt\nTTdGrTcXhqS0gJRihRlp7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQa\nnutqUWucgl/8QTZA4krAfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zE\nIt6KCwDlDGJfqKTKqSDX1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNptt\nkvFPXuM6mvhv+r1umylgbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuB\nt6Kjn4pb0xQ1e9EowQhZ4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiylju\nd+VIZ86B3U3Ch0JUPvITK7Q2buE9qwIDAQABAoICAFwSFX9nrhw3c5qx8AT2hgS4\nhP+mnr2grx4ONiVFcir069cjjezCVnf4XXhJ0skNXH7xrXH8QycijKelKDXKygno\nAR8wa6uM8Zc0SUf4JQl7oMFrDA8ZJdxkP9ZFYANhjS9PWjYtEAtT/2F/5LMNnbpT\ntiLQa5++jKm701OdtjaVs5TO1lRmDgsE5Z675e1c3iR8tPEkb72qAi5ifMxcrC6U\nBk2XHt4z9/4HvVkPYUXhg+/wErWApoPvzTm7pZnqQNOVqv/ULNkn8bY1lF2T0PUn\n8Lhd8NkKKpEidV9VmqKk01rtJKOnqCzPKsL2s5FJQfEOT5oTViwPUq7IrlEXOwvw\nJzsvd7fDP+OFAlbPUuecJ/F5kmIaroTUSqx/WWCy3hDoD+jgAGKtenlGyk8mJLY3\nS75dhH11ArMwnmkQA7vkp4K688yYaXu5LZU4AydRjM3p3bOTJSjSgNbenAYgJlRG\nCsVwL/u9mFA3DcEgrHup7T6F78eb5uUdr4UdlLFRQnxO5N6wizlplrC0b6kfF5xt\nLtOQDI5/P4oSW29UxJCnb3xnsu/ult/7x/DkmRrtyB6D3t31g12ZAJlsn58A0JLG\n+tBA2m7sOSFL5PYeJQq04d/jFs8e64k3mcyopbJtbAP8SkLFcBe3mbl455B9i9US\nwa5BFKTSuyxJUcm6d6BJAoIBAQDlujfzADHmrUCW6BgLyYK1dXFesATdDJ4GuUfQ\nSc5bMMLNRBTTKetgepbTiYLX0la9thwB90QsOqTiRrEudo1hNX3bpluglpUkA7IO\nUlEveufJqf9FWvsz6WxT6Qjx+J1q9Y+TaVD33J05WJPHC3FQVhgxkOk0KVX2cvmV\naSM+2a529UXrnO15/nNiqLGegjmm0yj9HmmfmLmbpuM7Cdomss8BEU7r/xg3k+xw\nyiFAOQRY5i21E7m3gWlYIayeaQd5Zw4i2ikxA0EjWtyfeaIHfPEFiIdESDDvYgqM\nnZXN2ZedmnWR+UWZ4Nk/YOBO8ljs+J3c4LRcNnN0HMpBrYaVAoIBAQDeCtxk14Mo\n8ilHsU7stRxgYjDvQDyJEPF13X9yp/3v31EXu4+CtUC7XzzkWXFS5j1KCUK6qUQQ\nTbuZLzzOzsStz9ku0IvD7M/2rDibbfj9jpkMFsH7pSk8EL42Hnj9RFSctSM9wVjU\nFh3AGeRsh05osfaP2eIGpPaHN0V7DBZj+yx+orjSGlevDYJMe1MXa1i2TjQJ7+HC\nGw8+4faqEg+pJp1vBdY2aUTzFotorn5MkA4ddDG3c2Aau3+j5JXI0w1/AJ9ZWQ/S\nXPv23a4anbY44amwgjaaJPTaW5K1UsH/2U5PYdFf8M4FFN74AfBm3fJkKm1Z/RQR\nkNk9Whu4u+M/AoIBAQCglOoVJ7a6C7NRiU19t89xbnXf/WR47B/ujUdAtsbTgaM5\n/vQbo3rQBwE1PzNCD9roY8ryKNjznc6yCT5DP0WWhODEUGZOO9Rmx1qInkv3x48M\nrZMt9OoRoIJDqWrCUcogASTqozyg9grFEkDCayI7SONCiowpFRfs3PPP2B12Co3k\nw5CroRdzJkWb2lXGejs4fPRy8vZcRFLCFgdStpFSab0/fszPNJLGDtXBBdn2XaTH\nS6b5o583QfPUUj2qwboix8He5ObURvUadKIxq8FyQIjuGECNn3TtcHf1URZtPUO5\nPEYg0sEvTjguEFbbeJZml2cqBbytlLZhnNpYzKZ9AoIBAAzfBk2WLJU4DGqKfa+9\nA+sWZg3IZHnxkH2rnFKyKEc6Y8IDbls+VIVIDQiTor0SeaUMCmE1pKtpRiGoGldG\npyIINWfAUQnHdXqwGwvvgQp5tKd9vjrvJQfFVLFgbNUJm/oFighvZ83Lhmf3WEVu\nRn5NKqTGFZMbButpqc5rMfUTv02L8zjCrCiKmO4EDBoEb/0JZXzZ+fU9ilGz2Y+c\nQmokweWIqhU3XvbUbLphuxKHGzpb3PHsbzq9ebWvb3tXuKWPDK2qOv+Pwk9aJFiI\noeKEOkjwE2g2EjeCLWvzYymImECDxBZSqC6lOhOYUS41WXKy/unDgOFPyzgCPC8m\nPRMCggEAYpVEGldItHA/UNq0/z5a4uqu70LB24lIdbwCOykqtwH2op0ZFZ80ZVv4\noBLlDlXzcuKPCXw4UfyGfx7P8ePw85+b7VC9Usp6vBRWTkat3r3XiLZ5b5+W/XPs\nj3oD7FhYxnmb0luQz//5XR/5yb3Tw7h6IZ7mGdVmi/JgkhWHyG/fxlYlAMPOInPe\nSf0POl+s6IRm4kp/FHw0c4ha5Il7iDA3sISDqXkmh3V2BWX2u3tgmaVU+h1CH6Ra\nGqjSz2Fw9FCzWQdItx8Avov0mFaGezslsF0cLZy38mxePimgA1QW2IRMU6TLVVij\nW8GDkpznvE6iIwlcMxTJvwk7JkkSAQ==\n-----END PRIVATE KEY-----\n" + # root_cert = "-----BEGIN CERTIFICATE-----\nMIIFoTCCA4mgAwIBAgIUWcgQmuod9ZoO/PdOvL485tiTV10wDQYJKoZIhvcNAQEL\nBQAwYDELMAkGA1UEBhMCUEwxDjAMBgNVBAgMBVNsYXNrMRAwDgYDVQQHDAdHbGl3\naWNlMRgwFgYDVQQKDA9FZ29tbWVyY2UuaW8gQ0ExFTATBgNVBAMMDGVnb21tZXJj\nZS5pbzAeFw0yNDA3MjAxMjUzNDVaFw0zNDA3MTgxMjUzNDVaMGAxCzAJBgNVBAYT\nAlBMMQ4wDAYDVQQIDAVTbGFzazEQMA4GA1UEBwwHR2xpd2ljZTEYMBYGA1UECgwP\nRWdvbW1lcmNlLmlvIENBMRUwEwYDVQQDDAxlZ29tbWVyY2UuaW8wggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQDHQTuRb+EPGlTXaRNf8cFrjz5hZiXkHX4O\nxW1CHK/N4SJdRZLVQJ8DvC460GgsKawgRvrIAmkSsDjCUAU7erx4XM/q6bLAOQ3w\n85pJ4SclOg2EhnVWR3Dgej2l4MqwioIkTeMnAdYXJXJqQWYNH2UP6dJa5c5YUxXW\nh+RVy7i4y3II5Y7vbP7vey7A8MwuhLNC5oHygLjHhPtpvBO0PAZrG9QFbB3nL/V3\ngZAZIVXXBg9HivUD5EW664KHJXxstj+ryh8sLg+VL+nv+6A7CpjMYav0/7+Kje6y\ns1sI8ZYcydIpnN6bS39fyDPjpGJu+AE8o8S6CZ9NgbWtTTdGrTcXhqS0gJRihRlp\n7Ybt+ubHC8MJtozqJDma+TdNQEWqnb7Pu/0a9sETJxQanutqUWucgl/8QTZA4krA\nfgtI8fD2HuiXtM8Jg1pE9fnQFOL4GyIqkl/lvQEFb2zEIt6KCwDlDGJfqKTKqSDX\n1GC+b/8Ge5cLoRWyOtGNtxh6vTA+NYQ2f317KhtpNpttkvFPXuM6mvhv+r1umylg\nbx5+ch0vV7maWdFvA8dYRw+UKkVDgZ5gJGpmOU0+1YuBt6Kjn4pb0xQ1e9EowQhZ\n4xjiISRLW+y5XziWVmwRE/JIRwW/g1yZUme9WhHiyljud+VIZ86B3U3Ch0JUPvIT\nK7Q2buE9qwIDAQABo1MwUTAdBgNVHQ4EFgQUCfODB1LPdNYVDc61nNZ9HrpFOAsw\nHwYDVR0jBBgwFoAUCfODB1LPdNYVDc61nNZ9HrpFOAswDwYDVR0TAQH/BAUwAwEB\n/zANBgkqhkiG9w0BAQsFAAOCAgEAtbv6F7EKV4SShPV54A62vY+t5W7USK1mRSuE\n+R/eO6LsNTkw7Xz4EyNb1KtZRlXjI0+B1vPc2t8qJIe6Kkx5+YPDM47HfipHZvsZ\nD3IWEHNiVo/xvEQnfFKu4kHMoi6glw/2/FeOYcklhzf2HGBqP8ZJZX9852vvD6ai\n7Q79DvvQAF95c6HVAbK+9hZ2KZbrUA/G8hFH8oC9/Au1bUEL9DMFj7IieKO10PNW\n8ZEaVWpg+cx3B913hfnmjRrchioGpsS9au3cZjKLbKa+zedOd2pK1TiVUAVgHUcr\nc893OpUg7nEONHrjzlroMmNHDaqA//Kg2lKMc2xHU06pEIIcCGGD4fAV2nXwn/9g\nl4XK5iBaQt5HIDNl7o+5AbxFQBptv91yLEzxtF3l51CUyh7/yOeJAoL9aKxlWAFh\nTO315Ouy2syTSBAs1Mj3U7KsvrWkRk5QJ3RaSEWf/l1LOgnthd4j6FEOVlB+Qe0U\nlvEIkHMftRKyp54hKABchJGjjsQmxY2Qyegw75mYdqaN0V1mz0dzAW8Bg/6U+i/L\n9bdsTC6WHiFV2InAogpXQRaDBvZXhGDujKR49+oBkLId/jmOpIU/crvdD767W7Fx\nqXz/PGpXoKtPK4tNVhjoBfYhKXTFI47AoplrqhkqbC/gfEEi0ny0DsTOx6r+aTRf\nFFw/JXM=\n-----END CERTIFICATE-----\n" #} -#} + ca_provider = "vault" + ca_config { + address = "https://api-vault:8200" + token = "hvs.CAESICxuTO_JieCbpMoZ4_qOPIohxSKim_4V8t11JLg93RtKGh4KHGh2cy5VUUFqUm5CdTQ3V3hMQ3BHSDB4dThNZHE" + root_pki_path = "pki/" + intermediate_pki_path = "pki_int/" + } +} # TLS Encryption configuration tls { defaults { - ca_file = "/usr/local/share/ca-certificates/internalCA.crt" + ca_file = "/usr/share/pki/ca-trust-source/anchors/internalCA.crt" cert_file = "/etc/certs/registry.crt" key_file = "/etc/certs/registry.key" - verify_incoming = false - verify_outgoing = false - #verify_incoming = true - #verify_outgoing = true - } - internal_rpc { - verify_server_hostname = false - verify_incoming = false #verify_server_hostname = true #verify_incoming = true + #verify_outgoing = true + verify_server_hostname = false + verify_incoming = false + verify_outgoing = false } } @@ -78,53 +80,228 @@ auto_encrypt { # After startup, bootstrap the ACL system with `consul acl bootstrap` command acl = { enabled = true - default_policy = "allow" + default_policy = "deny" enable_token_persistence = true + tokens { + default = "784746ec-0d5d-fb12-1a79-95f912dcaabd" + initial_management = "784746ec-0d5d-fb12-1a79-95f912dcaabd" + } } # Gossip Encryption -#encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA=" +encrypt = "tRgXSb6ClvzV1myhc75rWIdwx8tTmUI8UxySKecxiQA=" -# If running Consul 1.8.x or below, enable central service configuration -#enable_central_service_config = true - -recursors = ["127.0.0.11", "8.8.8.8", "8.8.4.4"] - -#config_entries { - #bootstrap = [ - #{ - # Kind = "api-gateway" - # Name = "gw" - - # Listeners = [ - # { - # Name = "http" - # Port = 443 - # Protocol = "http" - # } - # ] - #} - #{ - # Kind = "service-defaults" - # Name = "defaults" - # Protocol = "http" - #}, - #{ - # Kind = "service-router" - # Name = "service-router" - # #Hostnames = ["catalog", "catalog-svc", "catalog.service.ego.io"] - # Routes = [ - # { - # Match = { - # HTTP { - # PathPrefix = "/catalog" - # } - # } - # Destination { - # Service = "catalog" - # } - # } - # ] - #} - #] -#} \ No newline at end of file +# ADDITIONAL CONFIGS +config_entries { + bootstrap = [ + { + Kind = "proxy-defaults" + Name = "global" + Config { + Protocol = "http" + } + AccessLogs { + Enabled = true + }, + MeshGateway { + Mode = "local" + } + }, + { + Kind = "service-defaults" + Name = "global" + Protocol = "http" + MeshGateway { + Mode = "local" + } + }, + #{ + # Kind = "mesh" + # Peering { + # PeerThroughMeshGateways = true + # } + #}, + { + Kind = "file-system-certificate" + Name = "gateway-certificate" + Certificate = "/etc/certs/gateway.crt" + PrivateKey = "/etc/certs/gateway.key" + }, + #{ + # Kind = "file-system-certificate" + # Name = "catalog-certificate" + # Certificate = "/etc/certs/catalog.crt" + # PrivateKey = "/etc/certs/catalog.key" + #}, + { + Kind = "api-gateway" + Name = "gateway" + Listeners = [ + { + Name = "gw-listener" + Port = 8443 + Protocol = "http" + TLS = { + Certificates = [ + { + Kind = "file-system-certificate" + Name = "gateway-certificate" + } + ] + } + } + ] + }, + { + Kind = "http-route" + Name = "basket-routes" + Hostnames = ["basket.service.ego.io"] + Parents = [ + { + Kind = "api-gateway" + Name = "gateway" + SectionName = "gw-listener" + } + ] + Rules = [ + { + Matches = [ + { + Path = { + Match = "prefix" + Value = "/basket" + } + } + ] + #Filters = { + # URLRewrite = { + # Path = "/basket" + # } + #} + Services = [ + { + Name = "basket" + Weight = 90 + #Filters = { + # URLRewrite = { + # Path = "/" + # } + #} + } + ] + } + ] + }, + { + Kind = "http-route" + Name = "catalog-routes" + Hostnames = ["catalog.service.ego.io"] + Parents = [ + { + Kind = "api-gateway" + Name = "gateway" + SectionName = "gw-listener" + } + ] + Rules = [ + { + Matches = [ + { + Path = { + Match = "prefix" + Value = "/catalog" + } + } + ] + #Filters = { + # URLRewrite = { + # Path = "/catalog" + # } + #} + Services = [ + { + Name = "catalog" + Weight = 90 + #Filters = { + # URLRewrite = { + # Path = "/" + # } + #} + } + ] + } + ] + }, + { + Kind = "service-router" + Name = "gateway" + Routes = [ + { + Match { + HTTP { + PathPrefix = "/identity" + } + }, + Destination { + Service = "identity" + RetryOnConnectFailure = true + RequestTimeout = "120s" + PrefixRewrite = "/" + } + }, + { + Match { + HTTP { + PathPrefix = "/basket" + } + }, + Destination { + Service = "basket" + RetryOnConnectFailure = true + RequestTimeout = "120s" + PrefixRewrite = "/" + } + }, + { + Match { + HTTP { + PathPrefix = "/catalog" + } + }, + Destination { + Service = "catalog" + RetryOnConnectFailure = true + RequestTimeout = "120s" + PrefixRewrite = "/" + } + }, + { + Match { + HTTP { + PathPrefix = "/order" + } + }, + Destination { + Service = "order" + RetryOnConnectFailure = true + RequestTimeout = "120s" + PrefixRewrite = "/" + } + }, + { + Match { + HTTP { + PathPrefix = "/pricing" + } + }, + Destination { + Service = "pricing" + RetryOnConnectFailure = true + RequestTimeout = "120s" + PrefixRewrite = "/" + } + } + ] + } + ] +} \ No newline at end of file diff --git a/api-registry/opt/tpl/ca.crt.tpl b/api-registry/opt/tpl/ca.crt.tpl index b199ab6..9a5ec19 100644 --- a/api-registry/opt/tpl/ca.crt.tpl +++ b/api-registry/opt/tpl/ca.crt.tpl @@ -1,3 +1,3 @@ -{{ with secret "pki_int/issue/ego-io" "common_name=server.me.registry" "ttl=72h"}} +{{ with secret "pki_int/issue/ego.io" "common_name=ego.io" "ttl=72h"}} {{ .Data.issuing_ca }} {{ end }} diff --git a/api-registry/opt/tpl/catalog.crt.tpl b/api-registry/opt/tpl/catalog.crt.tpl index a1755b9..68e2f66 100644 --- a/api-registry/opt/tpl/catalog.crt.tpl +++ b/api-registry/opt/tpl/catalog.crt.tpl @@ -1,3 +1,3 @@ -{{ with secret "pki_int/issue/ego-io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}} +{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}} {{ .Data.certificate }} {{ end }} \ No newline at end of file diff --git a/api-registry/opt/tpl/catalog.key.tpl b/api-registry/opt/tpl/catalog.key.tpl index 7e45e1e..4fb22ba 100644 --- a/api-registry/opt/tpl/catalog.key.tpl +++ b/api-registry/opt/tpl/catalog.key.tpl @@ -1,3 +1,3 @@ -{{ with secret "pki_int/issue/ego-io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}} +{{ with secret "pki_int/issue/ego.io" "common_name=catalog.service.ego.io" "ttl=72h" "alt_names=catalog.service.ego.io" "ip_sans=127.0.0.1"}} {{ .Data.private_key }} {{ end }} diff --git a/api-registry/spawn-process.sh b/api-registry/spawn-process.sh new file mode 100755 index 0000000..e5eb7f3 --- /dev/null +++ b/api-registry/spawn-process.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +sleep 10 + +until ${COMMAND}; do + echo "Envoy crashed with exit code $?. Respawning.." >&2 + sleep 1 +done diff --git a/api-registry/start-envoy.sh b/api-registry/start-envoy.sh new file mode 100644 index 0000000..d6acd97 --- /dev/null +++ b/api-registry/start-envoy.sh @@ -0,0 +1,18 @@ +#!/bin/sh + +# consul connect envoy -gateway api -register \ +# -service gw-mesh -token=${CONSUL_HTTP_TOKEN} \ +# -address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443" \ +# -wan-address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443" \ +# -bind-address gw-listener=0.0.0.0:8443 \ +# -enable-config-gen-logging + +consul connect envoy -gateway api -register -service gateway -admin-bind 0.0.0.0:19000 -bind-address gw-listener=0.0.0.0:8443 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/api-gateway.log 2>&1 & +# -address "{{ GetPrivateInterfaces | include \"network\" \"10.0.2.0/24\" | attr \"address\" }}:8443" +# -bind-address gw-listener=0.0.0.0:80 + +# catalog sidecar +consul connect envoy -sidecar-for catalog -admin-bind 0.0.0.0:20000 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-catalog.log 2>&1 & + +#basket sidecar +consul connect envoy -sidecar-for basket -admin-bind 0.0.0.0:20001 -token=${CONSUL_HTTP_TOKEN} -enable-config-gen-logging -- --log-level trace --log-file /var/log/sidecar-basket.log 2>&1 & diff --git a/deploy/image-build.sh b/deploy/image-build.sh index 54a4d58..507046c 100755 --- a/deploy/image-build.sh +++ b/deploy/image-build.sh @@ -1,7 +1,7 @@ #!/bin/sh # RUN IN REPO ROOT DIR !! -export IMAGE_NAME="git.pbiernat.dev/egommerce/api-registry" +export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry" TARGET=${1:-latest} diff --git a/deploy/image-push.sh b/deploy/image-push.sh index a684fbd..ea40153 100755 --- a/deploy/image-push.sh +++ b/deploy/image-push.sh @@ -1,9 +1,12 @@ #!/bin/sh # RUN IN REPO ROOT DIR !! -export IMAGE_NAME="git.pbiernat.dev/egommerce/api-registry" +export IMAGE_NAME="git.pbiernat.io/egommerce/api-registry" TARGET=${1:-latest} -echo $DOCKER_PASSWORD | docker login git.pbiernat.dev -u $DOCKER_USERNAME --password-stdin +echo $DOCKER_PASSWORD | docker login git.pbiernat.io -u $DOCKER_USERNAME --password-stdin docker push "$IMAGE_NAME:$TARGET" + +# Restart container +curl -X POST http://127.0.0.1:9001/api/webhooks/603d2077-4018-4983-bbff-875154ec9e83 diff --git a/example.hcl b/example.hcl new file mode 100644 index 0000000..db7d1c3 --- /dev/null +++ b/example.hcl @@ -0,0 +1,15 @@ +service { + id = "registry" + name = "registry" + tags = ["api-registry", "registry", "https", "grpc", "tcp", "consul", "catalog"] + address = "" + port = 8500 + check { + id = "registry" + name = "Registry Service" + tcp ="localhost:53" + interval = "10s" + timeout = "1s" + } +} + diff --git a/secrets b/secrets new file mode 100644 index 0000000..3a69662 --- /dev/null +++ b/secrets @@ -0,0 +1,7 @@ +AccessorID: d0dfcac2-5459-f7d8-c42f-2ee906a34279 +SecretID: 784746ec-0d5d-fb12-1a79-95f912dcaabd +Description: Bootstrap Token (Global Management) +Local: false +Create Time: 2023-07-29 22:37:20.267488642 +0000 UTC +Policies: + 00000000-0000-0000-0000-000000000001 - global-management diff --git a/var/certs/VaultCA.pem b/var/certs/VaultCA.pem new file mode 100644 index 0000000..d9d1e7c --- /dev/null +++ b/var/certs/VaultCA.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDJjCCAg6gAwIBAgIUIG28xUQKS1B35XXFoBsEWgRO2QYwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAxMGZWdvLmlvMB4XDTIzMDcwNjE5MjkxM1oXDTMzMDcwMzE5 +Mjk0M1owETEPMA0GA1UEAxMGZWdvLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAl5hxyVJz9cF1kU0foFVyJZ/C0ZbiQm0hVn3sHqyqKIdujkIywoCQ +pzCISMhvrDkuJUoD8zmum2UQyHnIrIFEuEKkqpvr3ICEuiXVV0aCl8cuPcqT2nH3 +T96fHFUf5cWncoaWIsBuSpATWHurAQvrl24m6vbqvJo5160AELXuNqGstvBuElqw +rMlVmQDvY0LFUpG8M9UdUIZBhEVMxTm3tKLk3N3DwMWFKYhyscwgSKKJ7znkFI4E +jE5nkgSDX1kpHvNna0zx4vAvMAkUpLZkZyyFAyZnCoLH5rfmWS2ZFMHHzeUnPXfH +MpnjXCWLrRkahMIEwMFH+U9miy+u/MckdwIDAQABo3YwdDAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQULjtN11JiV+C3FsbBpG5AQATh +LQ0wHwYDVR0jBBgwFoAULjtN11JiV+C3FsbBpG5AQAThLQ0wEQYDVR0RBAowCIIG +ZWdvLmlvMA0GCSqGSIb3DQEBCwUAA4IBAQB2UXObm3XaDVv8EuLH49qpsIn24lm3 +es3xKO/+Rrx9x8Y7BBpwmiFhkZjQEOM66vhoIzQbe0gPWO5wvTrWYbqyGubuPb2A +bAlf4JUiozcKaN/zZDWK2d7lj2tVh390Jp0Lf67D1g+kX4M6ByfZ2GVT7ghZMBsp +P0IeNiao8fZKpaZjmF/UTe2wDxyVB0+pY9XrhqVa8I79thd2dk8eiqqSDKR4fY3Y +Oo+/2c2++haMuQ/N5XvRqOmSgkP1gioopPhqTBvXd8lh1ZBX1ij6ccS503Neft9f +3UyycHDYH8SUYtcsDe8I+Yh7NfQj6ur5MEPUAPzoBgbVDa4hN97Ql8FV +-----END CERTIFICATE----- \ No newline at end of file diff --git a/var/certs/catalog-svc.cert.pem b/var/certs/catalog-svc.cert.pem new file mode 100644 index 0000000..6de78d4 --- /dev/null +++ b/var/certs/catalog-svc.cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIUO/w0+2BFYwPxELanA9ebAcPeUtEwDQYJKoZIhvcNAQEL +BQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkwHhcN +MjMwNzA2MTk0MDI4WhcNMjMwNzA5MTk0MDU4WjAhMR8wHQYDVQQDExZjYXRhbG9n +LnNlcnZpY2UuZWdvLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +qSk3xlIFDZeF+dTWFJ096GXtsEhAPgCbbjnbLIg5nQRJ+IsQUeuA0G+L/vFRReYl +OMlmnRGh6J7KmjGK58O/HEH3eWpdKjJzmTRuQtNcH3URpZ2YS3wMeqxrvWYhJT+a +eoTXkFvz8btt4SM+2UxadSeuHxUQDF6jY1Gffc7CoazjvgdNbvmxuztt32VM4S2z +qI8hJUhmXM+NQRc/SDHXyB82WzNX5eJh6bQZWKrOPgjCRaJzbE0N3GX6mvPve13I +4Rt9YKuUe5avfztrK5+5EdWVZuv7sBCQOfKJPdRgcwauOp4vTKCBHb9lSTJkO7RK +/oWg3g+cDIUaO753u0oipwIDAQABo4GVMIGSMA4GA1UdDwEB/wQEAwIDqDAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFNCJrK2q2UBe8y1E +fjJWL+ayOg2pMB8GA1UdIwQYMBaAFHpA4xTT9dhKKrmO7epCSCiJ5BR7MCEGA1Ud +EQQaMBiCFmNhdGFsb2cuc2VydmljZS5lZ28uaW8wDQYJKoZIhvcNAQELBQADggEB +AEUWY1ci0RDExQRQ4SFiJOPhvysapjS/mz1mLRaYxo9tjAP5nWzKrfVvKCXD46R7 +lSbSdFnTGHaiJulMMHseRxFwbhNV4FUBETe+jZev5irSKJwevJH9Rg6RPwsz1DhO +h41ImgQ4G6regnykrgTbIQNgOQlfNoR1oIO8k8eVYEuatLBZv+Gn40E8hfDeS556 +H2UkOcIC9DUpRJkobP0e0ji8S6nhBMoot38/WufceptyNhVR2u03H4lmTUdvFMXN +nwEmCqTPaAqDT8RyRuS7CZqCU/zbOiYtV831VJuENLOVwvG/2GPs228xCRPqnAI3 +YF1lou3ZmxbJY0xsrpaaYh8= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/var/certs/pki_int.cert.pem b/var/certs/pki_int.cert.pem new file mode 100644 index 0000000..8e345cd --- /dev/null +++ b/var/certs/pki_int.cert.pem @@ -0,0 +1,51 @@ +-----BEGIN CERTIFICATE----- +MIIEYDCCA0igAwIBAgIUKhWLESfOHLk4Q/kLhXUcmyd2OeMwDQYJKoZIhvcNAQEL +BQAwgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazERMA8GA1UEBwwIS2F0 +b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJlZ2lzdHJhdG9yMQsw +CQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZhdGUgUmVnaXN0cmF0 +b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMB4XDTIzMDcwODEyNTYxMVoX +DTIzMDgwOTEyNTY0MVowKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU1W53eQDU +CxemQ6l0GagJUPxgG2Aw+koXb57KGFtcF1WX6knObdHq6Hf2R3hOB8Qb6eMEJ2Pw +zVpB/0lSmsarqKNuDvuS/BY+fGOVONkFUtGXZu417ztgvBlctD1QXNrX86Jpgv20 +BNtm0ua7+YRlYe/hOEPMGh1HfM6Bye06hEqJtfC55G6taXddVJwAg9pYfOQjsh1I +URl9NSjw3Rm/akUZAclqHT1fJcucJkR0Z0eKOw5b7H7IIuQ68FHeLjVXeWLJruB9 +wQVN66P+5jU+b9ZkLhlPpdYB0Ve85Z8J5kCheIMYixq0QCa9zUI9JBRg529GB9Ul +r4NDPUylg9bzAgMBAAGjgf8wgfwwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFCqH8BvWkDloDkW4KoWRuW8Gi8CcMB8GA1UdIwQYMBaA +FF6s4PHElvxu9QF+fqF7bDNroznXMGYGCCsGAQUFBwEBBFowWDApBggrBgEFBQcw +AYYdaHR0cDovL2xvY2FsaG9zdDo4MjAwL3YxL29jc3AwKwYIKwYBBQUHMAKGH2h0 +dHA6Ly9sb2NhbGhvc3Q6ODIwMC92MS9wa2kvY2EwMQYDVR0fBCowKDAmoCSgIoYg +aHR0cDovL2xvY2FsaG9zdDo4MjAwL3YxL3BraS9jcmwwDQYJKoZIhvcNAQELBQAD +ggEBAMQZrU+ulLBAIPNhexdYGbjIE//LfNkuV8PHb+dDXgjdLh0rqotC6mtDPHPV +LhcKK5qkt3Kc+SD+TK5tdr+vTdGkPmZhUBim1ZqhMLDVfHCZYBgaaO/sIG4tfSQ4 +PA/FRSR2zZH/eAs/WtLLcLmr8mNtMXleduUbABfzp2KUw3HCyZxsOlCAfg296xvJ +g0e8WPkn3rPo9D28QRISfSH82w/L8Rgr4XkEXhTzmuupK7bJtuEz+AVKUxviLXxu +zfV0SBIA8eZNRiuEuzV4KxaJL+669kMlcpX12SxyhR/zYU6YdhugtHVuPu84resy +2QfBmZbCsGZY2urZ2UIWefA/T70= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENTCCAx2gAwIBAgIUbXooBpS7/8FWBYC1F7fbJQj53hswDQYJKoZIhvcNAQEL +BQAwgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazERMA8GA1UEBwwIS2F0 +b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJlZ2lzdHJhdG9yMQsw +CQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZhdGUgUmVnaXN0cmF0 +b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMB4XDTIzMDYyODE1MjcxMVoX +DTI4MDYyNjE1MjcxMVowgakxCzAJBgNVBAYTAlBMMQ4wDAYDVQQIDAVTbGFzazER +MA8GA1UEBwwIS2F0b3dpY2UxJjAkBgNVBAoMHUVnb21tZXJjZSBQcml2YXRlIFJl +Z2lzdHJhdG9yMQswCQYDVQQLDAJJVDEmMCQGA1UEAwwdRWdvbW1lcmNlIFByaXZh +dGUgUmVnaXN0cmF0b3IxGjAYBgkqhkiG9w0BCQEWC3Jvb3RAZWdvLmlvMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGwbsRS7UoiUTAsdnGG2Yfh+XraS +oSimr/jkJImKgQ+GMZJ/uTzunzkw31ujYSKBCoFVjPOJ135/EzZKJIHqzFCP9Tvd +Y6K8K8BwYPZ1HJPlbjPJ9nmJdW6mC1Qri3WCH2Ppt9+jb5fDUF0sPMxO4C3ZYCj/ +zg9TzzKXahbIQsUxlSseEuBvTfsbv2miMPHCPTsQNE7q1m2iUGM4h2YrS7GuXVHE +/J/Q1fHKOir1tud46FmWF16fzKafSFxnyX3yDIFTDTHQx+7ei9weksMZJHyFsWGk +KjhaaaqfNRlCygf/cpAl99os1ILm4cM3yeqOhnYeqNzLQGszHiFJ8klP8wIDAQAB +o1MwUTAdBgNVHQ4EFgQUXqzg8cSW/G71AX5+oXtsM2ujOdcwHwYDVR0jBBgwFoAU +Xqzg8cSW/G71AX5+oXtsM2ujOdcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAQEAASzDfVqN9VZwfEYgvoFhhuPiX6DO8y9209kvxmgR25cHLypXcWSm +k5XSO7ifYOEgz5zFVUe2CiJD7D/9dxVnNgAsFwqYK4Sm46sh/s73nxQYebAtjsee +8vIojINEdBjvMXAJZnzahF+C4Ldoj+Q+Mys4NGOHC0rC7axL7ncL7ydKO8SKNN7C +1vsNN6xlPTaTwfaQ1fGTqeCFXJ0KuDQlXpZUZuo/bX/wcFTWlvdP1/xyL3XRVpao +MrZyj2bNd43q8LppRkR5Bv8vOPnsS/XaPO31eY/3aOba52a8YJdkRbCQ5IyV3ejH +VshgEBQHvhPynHhpaejlTamPlJ5ntV9OYw== +-----END CERTIFICATE----- \ No newline at end of file diff --git a/var/certs/pki_int.csr b/var/certs/pki_int.csr new file mode 100644 index 0000000..431da72 --- /dev/null +++ b/var/certs/pki_int.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICbTCCAVUCAQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRo +b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDU1W53eQDUCxem +Q6l0GagJUPxgG2Aw+koXb57KGFtcF1WX6knObdHq6Hf2R3hOB8Qb6eMEJ2PwzVpB +/0lSmsarqKNuDvuS/BY+fGOVONkFUtGXZu417ztgvBlctD1QXNrX86Jpgv20BNtm +0ua7+YRlYe/hOEPMGh1HfM6Bye06hEqJtfC55G6taXddVJwAg9pYfOQjsh1IURl9 +NSjw3Rm/akUZAclqHT1fJcucJkR0Z0eKOw5b7H7IIuQ68FHeLjVXeWLJruB9wQVN +66P+5jU+b9ZkLhlPpdYB0Ve85Z8J5kCheIMYixq0QCa9zUI9JBRg529GB9Ulr4ND +PUylg9bzAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAomZzHZVQ+MlgQbc/VxE+ +heC40azU0jfLG6lUHw4zP7Orx6mOtHh6JRWfGCHUc0AwH0AnXVk9D8JNa5EY/7bR +N5PFXKRbVSpxJD8/rDn64ZMEYj4ahUTgfRIbU4cnOCYgmZaTnS7f3dGoEMUuzuYm +04SN5aptY/H+YoP/LEkhQj0ePIA1W2OXtOTU9NrQqSSaA39/+8Yto+j5cFztgF4m +S3jLFwkz0Wt6gR+s5xD4k9sdoSSIVAuoXk/B2wyuiU2DcvHGV9+YUo+MkcZ2HvwW +Rl//dNgy1Tjlkf7ebeYtrf/rwyjyHFbb9vqCLI3Z28GgyXF1LTyuFMRCcZ5mdkdc +kw== +-----END CERTIFICATE REQUEST----- \ No newline at end of file diff --git a/var/certs/test.key b/var/certs/test.key new file mode 100644 index 0000000..6db6183 --- /dev/null +++ b/var/certs/test.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA9mjBUJ6u5Onmo5W8Hl/ES7EE7lCDIcFMN39sl0MapbYeHMom +hIvL5909ifflpwcPLxvWT9aZ6bEqG86Kp/bFXnkCtfDvQKC5l5R90NDVJwhGJwon +WWlOZvkzPTt6o2Xk/NX3KuNilrfZZNxoLaEXldbbAhhSLOJ7gK0oYxXsKFf+Aovx +fb1bs9+1gR2Tg0kEPqZdJMyil5xvGDkWxXjcblTTxL+MpYEi5Es7lSWT6wBQ5u4l +zZddcYzWve6f1P9OSWzkxxcvhUCMjvWodJqnfHvk7K44EswR/8cEmtS11XKBp10Z +yF7WGH2X9o/hKUGhUOOHJisN3NJBzQBoxjTccwIDAQABAoIBAQDUCGxgvUtt+7/V +gCFyWaIGJ/tAPtO4FidJkkKVHs8tTTs4NtNSNyFtEbnEoSZixfZQ6TlPVjD3INZF +O0OhKP3JP4QPn5WhHSzWvJZPO4RPpBUJvvkBPVaT0VhAFpB/TkzvLAcWRrgtTWKq +IecbbIVpEItAkEEWEoWHwnkAWnrucqkEc42tseMI3YJ6Q91G63ErGLz9XvRQu41q +x9FXbswic13ulc4PJm15IQRVCh+ht63g/vYNduIldh1H6YFqJ4ZS8NVSWz9ToIJ5 +fd/21/ajlsv3kenJHCW1yNHJQd/zNYo7gCfytHX3Ny5K20yjKnPWwL884J1YIHFJ +qL061CNRAoGBAPkxTPOq12qtROW1uP6DqkfChkN3pG18n5NpQoHxQoR4rzbOXwTH +B+Z2IoVkR2bW5P2CUOWlGM6usQRWUnnzgQQ7BcINT1taHGBRcvmQE2cHCQkn0T04 +gCMoB3Kg3aGioYvyvYb9YGgdwcJ7eENBYh28iA/zAJO7Sj4bH+JYuCvPAoGBAP0j +/UJUANbWrvOs97olaZ+zubmvEFu/OiGpp81wloc8uoCLoKu6B0F2SqRsTk652L4K +bc7lXoULizcgdqejn/haN1e7gxfgJlCjTWtVLj5rBPyWfQJIpJE9IYHTFyrowJMj +sZ2oFVU0UQWeDqh9Xyjt9IA+hj8T8zsTfn7NpTodAoGBAJ/v25L9ELvAL9s7cluw +iAb8vA3raVZ4STdktLIP9gBuMQ79D5FSaSiqo+d3gDhqLpjjHib2euCU0LqW6OKq +viDH/R8aSde5E0Nio2e36CwVIOCGdM5VSDDITVduFjHa3tKi3rAYSdspViYL9xk7 +iszJJ48NCU7IQ5Nu91zgUnyTAoGAWj+reitCxVVyuFNxWn8eIh7MV0PvvBX4HqpC +tf6u2/Yts8iT9sVy8sa+o9ItNOoTOOW08m9Z/Gr6LiQ3yVqPnNZlJrUmbquuXU9r +OZn7y6sR8w+f7+GAMnut54AfoV+r0ImIOGIFgQQO4sbQCQfxlkEHy3T/HZv6OpSf +o4ujnY0CgYASqd3uhGLv2Ts12MwgsqzCk4tqayALM5bO8n2ojS35SlbCf/JmLiBW +3hjuGyVwhGGc7vFKKbZ3YSexDzeSwLFtcT6YE+DyPtFPMayfYeakQSfqDnNxduZ4 +kYNSmYnScRFGbHlPIealr+VT4X1SAMtkCCzSEJOKjQ3U6hGhi7c++Q== +-----END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/var/certs/test.pem b/var/certs/test.pem new file mode 100644 index 0000000..71d9278 --- /dev/null +++ b/var/certs/test.pem @@ -0,0 +1,39 @@ +-----BEGIN CERTIFICATE----- +MIICwDCCAaigAwIBAgIUX4qxPtBep6ezik4G+8t/xD8aNg0wDQYJKoZIhvcNAQEL +BQAwKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkwHhcN +MjMwNzI2MjAzNjQ0WhcNMjMwNzI5MjAzNzE0WjAAMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAEjTk0C0SGG/OXOgwmNmueWaF83abHr97hDgpy5Nco5ADZR5uYS3bM +svRLJCkeOCQHD5+9txfhAA6g4Q3YD8jdB6OB1DCB0TAOBgNVHQ8BAf8EBAMCA6gw +HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBR4tshTRYWT +VIPl+gJPP7tdadyXHTAfBgNVHSMEGDAWgBTDqnUl3TUVDhMKIE0EMTfeQvkMrDBg +BgNVHREBAf8EVjBUhlJzcGlmZmU6Ly84MjU0MWFhYi0zNmRiLWEyNDgtOTE5YS01 +ZDE0OTM4YTFhMjIuY29uc3VsL25zL2RlZmF1bHQvZGMvZWdvL3N2Yy9jYXRhbG9n +MA0GCSqGSIb3DQEBCwUAA4IBAQA/ZykZEZhkx8xHejRAqpfWMg8TcWQVY95UjA23 +rPj8fIMBNJwwNvBrqjcPquKAsH7gC0U16ssd4QabYbPBwr2/NmQ7zp4Udnt8cGmF +E3Q7GLaDQmERxZop6gZpEC0cKejtnWwNhhM5viR0UkRX5cIuAv2W7H1v7qi/dMa7 +KIsD7N2iNED8Madi45bHtSwawX3HF5Mmo5bxw2FOUutGNXZ+06QiUqxuu6pa2ljk +iLEFHrG27DfBhdgw1TdosvYY61LMPL97dAZ9ORQU9Ik5sOy5d5KiyIskfm4gatJq +/wkfCv1RzAd7YPEp03q8QlDlNr6Mc/KTNwt2WGei8CYUlFHA +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDnTCCAoWgAwIBAgIUKQa1Qce2n8KjLnFNfxBiNg/qp+UwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAxMGZWdvLmlvMB4XDTIzMDcyMjIyMzU1NFoXDTI4MDcyMDIy +MzYyNFowKDEmMCQGA1UEAxMdZWdvLmlvIEludGVybWVkaWF0ZSBBdXRob3JpdHkw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6OXVd52eZK9L+mweVxsoy +gPEu5yHQbP9dKOB6iWA5e8jLMQKwRvb+il+6IfP5CA0QK/iXdl+H5hb2IL6TcUWp +2BdlxMOKhioS2F2UqacujnKbAi1dfqkCOp2JuZzlivm4Ku8EzDyKyHEXv7++41+o +SJ8aERC9kK9Ak9zVCsdpY8NXv5gaysXPW8UdDNldi1LoZ+vrsqLWYezhmqZIZ8lR +HfvpmwaOGoCGCacQnXXuH9axTKeyhXL7EwEWeTOvpKYE44qbt8O67XjOe7GCyf0n ++SmweXCTjOQQVkdCO7tTJG0KLf8/1i39KaIVBju7RJxizR2fomqI8cc+ja5WokQ7 +AgMBAAGjgdUwgdIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFMOqdSXdNRUOEwogTQQxN95C+QysMB8GA1UdIwQYMBaAFFQuletuUtZb +XabnbhYcoe15G7EzMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDov +LzEyNy4wLjAuMTo4MjAwL3YxL3BraS9jYTAyBgNVHR8EKzApMCegJaAjhiFodHRw +Oi8vMTI3LjAuMC4xOjgyMDAvL3YxL3BraS9jcmwwDQYJKoZIhvcNAQELBQADggEB +AFDDSktJ6qUDkRo7A9hssYiiGzjdaFgzNMAXnoUl4TX7npAyfmczJdaHFE4tKb4S +tOih6sC7XfyDuuTZ0+zvGpCN6kSFqrH1tFe37pauhxTUjopdbFwteOHBcY49o1Mx +gZCL9UvrGDmzY9htDExjm3bqB07SKOA1kR2iSHVzYN3oFWpDyn/Di4nFRudbJvN6 +nPaIyTDPyYUF8JMyd5CONut+v1tdEYOfOEAeNDUG87IVvAYrzotkCRncjZLfewD2 +/q4wWKjbAT9sh5mLAgctU/hrRuuZ7AF7uYgl5GvbJyHG5grv5WhU6oKzVsonxHo5 +si/KhGzpLBv2MnvAhEwdpfA= +-----END CERTIFICATE----- \ No newline at end of file