From 5c65ae96383e358a141be986c35c403cca719604 Mon Sep 17 00:00:00 2001 From: PierreDelpy Date: Wed, 26 Oct 2022 14:33:38 +0000 Subject: [PATCH 1/4] add port quick solution for ssl cert verification with portnumber; genereate persistent connector password --- ccp/nngm-compose.yml | 2 ++ ccp/nngm-setup.sh | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml index c212fed..478af29 100644 --- a/ccp/nngm-compose.yml +++ b/ccp/nngm-compose.yml @@ -11,6 +11,8 @@ services: NNGM_CTS_APIKEY: ${NNGM_CTS_APIKEY} NNGM_CRYPTKEY: ${NNGM_CRYPTKEY} restart: always + ports: + - "8080:8080" labels: - "traefik.enable=true" - "traefik.http.routers.connector.rule=PathPrefix(`/ccp-connector`)" diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh index 08a6d43..bd1b6aa 100644 --- a/ccp/nngm-setup.sh +++ b/ccp/nngm-setup.sh @@ -7,4 +7,5 @@ function nngmSetup() { fi } -CONNECTOR_POSTGRES_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +#CONNECTOR_POSTGRES_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" +CONNECTOR_POSTGRES_PASSWORD="$(echo -n /etc/bridgehead/pki/mannheim.priv.pem | sha256sum | head -c 20)" From 3a668a1ccef395e8fada932bef6693edc23d8bf6 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 10:26:17 +0200 Subject: [PATCH 2/4] Generate consistent nNGM Connector password --- ccp/nngm-setup.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh index bd1b6aa..0a90813 100644 --- a/ccp/nngm-setup.sh +++ b/ccp/nngm-setup.sh @@ -5,7 +5,5 @@ function nngmSetup() { log INFO "nNGM setup detected -- will start nNGM Connector." OVERRIDE+="-f ./$PROJECT/nngm-compose.yml" fi + CONNECTOR_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -encrypt -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" } - -#CONNECTOR_POSTGRES_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)" -CONNECTOR_POSTGRES_PASSWORD="$(echo -n /etc/bridgehead/pki/mannheim.priv.pem | sha256sum | head -c 20)" From 0cba5d315ad4303df8f8393551d4c9afaa026c13 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Fri, 28 Oct 2022 10:37:51 +0200 Subject: [PATCH 3/4] Sign, not encrypt, to avoid openssl salt --- ccp/nngm-setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh index 0a90813..501d8ce 100644 --- a/ccp/nngm-setup.sh +++ b/ccp/nngm-setup.sh @@ -5,5 +5,5 @@ function nngmSetup() { log INFO "nNGM setup detected -- will start nNGM Connector." OVERRIDE+="-f ./$PROJECT/nngm-compose.yml" fi - CONNECTOR_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -encrypt -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" + CONNECTOR_POSTGRES_PASSWORD="$(echo \"This is a salt string to generate one consistent password. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)" } From b232fdb926236ba0e8ca817ea6e2ebca59a66f1e Mon Sep 17 00:00:00 2001 From: "p.delpy@dkfz-heidelberg.de" Date: Wed, 2 Nov 2022 09:30:57 +0100 Subject: [PATCH 4/4] remove http ports --- ccp/nngm-compose.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml index 478af29..c212fed 100644 --- a/ccp/nngm-compose.yml +++ b/ccp/nngm-compose.yml @@ -11,8 +11,6 @@ services: NNGM_CTS_APIKEY: ${NNGM_CTS_APIKEY} NNGM_CRYPTKEY: ${NNGM_CRYPTKEY} restart: always - ports: - - "8080:8080" labels: - "traefik.enable=true" - "traefik.http.routers.connector.rule=PathPrefix(`/ccp-connector`)"