Docker SSL support

2017-05-23 09:25:31 +03:00 · 2017-05-23 09:25:31 +03:00 · 8c50c63ca9
commit 8c50c63ca9
parent 43c174cdbd
6 changed files with 41 additions and 29 deletions
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@ -19,12 +19,18 @@ server:
  address: "${HTTP_BIND_ADDRESS:0.0.0.0}"
  # Server bind port
  port: "${HTTP_BIND_PORT:8080}"
-# Uncomment the following section to enable ssl
-#  ssl:
-#    key-store: classpath:keystore/keystore.p12
-#    key-store-password: thingsboard
-#    keyStoreType: PKCS12
-#    keyAlias: tomcat
+  # Server SSL configuration
+  ssl:
+    # Enable/disable SSL support
+    enabled: "${SSL_ENABLED:false}"
+    # Path to the key store that holds the SSL certificate
+    key-store: "${SSL_KEY_STORE:classpath:keystore/keystore.p12}"
+    # Password used to access the key store
+    key-store-password: "${SSL_KEY_STORE_PASSWORD:thingsboard}"
+    # Type of the key store
+    key-store-type: "${SSL_KEY_STORE_TYPE:PKCS12}"
+    # Alias that identifies the key in the key store
+    key-alias: "${SSL_KEY_ALIAS:tomcat}"

 # Zookeeper connection parameters. Used for service discovery.
 zk:
@ -60,10 +66,10 @@ plugins:

 # JWT Token parameters
 security.jwt:
-  tokenExpirationTime: "${JWT_TOKEN_EXPIRATION_TIME:900}" # Number of seconds (15 mins)
-  refreshTokenExpTime: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:3600}" # Seconds (1 hour)
-  tokenIssuer: "${JWT_TOKEN_ISSUER:thingsboard.io}"
-  tokenSigningKey: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}"
+  token-expiration-time: "${JWT_TOKEN_EXPIRATION_TIME:900}" # Number of seconds (15 mins)
+  refresh-token-exp-time: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:3600}" # Seconds (1 hour)
+  token-issuer: "${JWT_TOKEN_ISSUER:thingsboard.io}"
+  token-signing-key: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}"

 # Device communication protocol parameters
 http:
@ -72,19 +78,25 @@ http:
 # MQTT server parameters
 mqtt:
  bind_address: "${MQTT_BIND_ADDRESS:0.0.0.0}"
-  bind_port: "${MQTT_BIND_PORT:1883}"
+  bind_port: "${MQTT_BIND_PORT:1884}"
  adaptor: "${MQTT_ADAPTOR_NAME:JsonMqttAdaptor}"
  timeout: "${MQTT_TIMEOUT:10000}"
  netty:
    leak_detector_level: "${NETTY_LEASK_DETECTOR_LVL:DISABLED}"
    boss_group_thread_count: "${NETTY_BOSS_GROUP_THREADS:1}"
    worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}"
-# Uncomment the following lines to enable ssl for MQTT
-#  ssl:
-#    key_store: mqttserver.jks
-#    key_store_password: server_ks_password
-#    key_password: server_key_password
-#    key_store_type: JKS
+  # MQTT SSL configuration
+  ssl:
+    # Enable/disable SSL support
+    enabled: "${MQTT_SSL_ENABLED:false}"
+    # Path to the key store that holds the SSL certificate
+    key_store: "${MQTT_SSL_KEY_STORE:mqttserver.jks}"
+    # Password used to access the key store
+    key_store_password: "${MQTT_SSL_KEY_STORE_PASSWORD:server_ks_password}"
+    # Password used to access the key
+    key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}"
+    # Type of the key store
+    key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}"

 # CoAP server parameters
 coap:
--- a/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java
@ -45,7 +45,6 @@ public class ServiceCacheConfiguration {
    @Value("${cache.device_credentials.time_to_live}")
    private Integer cacheDeviceCredentialsTTL;

-
    @Value("${zk.enabled}")
    private boolean zkEnabled;
    @Value("${zk.url}")
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -18,13 +18,15 @@ version: '2'

 services:
  thingsboard:
-    image: "thingsboard/application:1.2.2"
+    image: "thingsboard/application:1.2.3-test"
    ports:
-      - "8080:8080"
-      - "1883:1883"
+      - "8443:8443"
+      - "1884:1883"
      - "5683:5683/udp"
    env_file:
      - thingsboard.env
+    volumes:
+      - "~/keystore.p12:/root/keystore.p12"
    entrypoint: ./run_thingsboard.sh
  thingsboard-db-schema:
    image: "thingsboard/thingsboard-db-schema:1.2.2"
--- a/docker/thingsboard.env
+++ b/docker/thingsboard.env
@ -6,3 +6,7 @@ MQTT_BIND_ADDRESS=0.0.0.0
 MQTT_BIND_PORT=1883
 COAP_BIND_ADDRESS=0.0.0.0
 COAP_BIND_PORT=5683
+
+SSL_ENABLED=true
+SSL_KEY_STORE=/root/keystore.p12
+HTTP_BIND_PORT=8443
--- a/docker/thingsboard/build_and_deploy.sh
+++ b/docker/thingsboard/build_and_deploy.sh
@ -18,9 +18,4 @@

 cp ../../application/target/thingsboard.deb thingsboard.deb

-docker build -t thingsboard/application:1.2.2 -t thingsboard/application:latest .
-
-docker login
-
-docker push thingsboard/application:1.2.2
-docker push thingsboard/application:latest
+docker build -t thingsboard/application:1.2.3-test .
--- a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
+++ b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
@ -41,7 +41,7 @@ import java.security.cert.X509Certificate;
 */
@Slf4j
@Component("MqttSslHandlerProvider")
-@ConditionalOnProperty(prefix = "mqtt.ssl", value = "key-store", havingValue = "", matchIfMissing = false)
+@ConditionalOnProperty(prefix = "mqtt.ssl", value = "enabled", havingValue = "true", matchIfMissing = false)
 public class MqttSslHandlerProvider {

    public static final String TLS = "TLS";