From 8c50c63ca970ae36d2bd1b86b3ea998e39efad7e Mon Sep 17 00:00:00 2001 From: Volodymyr Babak Date: Tue, 23 May 2017 09:25:31 +0300 Subject: [PATCH 1/2] Docker SSL support --- .../src/main/resources/thingsboard.yml | 46 ++++++++++++------- .../dao/cache/ServiceCacheConfiguration.java | 1 - docker/docker-compose.yml | 8 ++-- docker/thingsboard.env | 6 ++- docker/thingsboard/build_and_deploy.sh | 7 +-- .../mqtt/MqttSslHandlerProvider.java | 2 +- 6 files changed, 41 insertions(+), 29 deletions(-) diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml index e64e9cd95c..f015aa156e 100644 --- a/application/src/main/resources/thingsboard.yml +++ b/application/src/main/resources/thingsboard.yml @@ -19,12 +19,18 @@ server: address: "${HTTP_BIND_ADDRESS:0.0.0.0}" # Server bind port port: "${HTTP_BIND_PORT:8080}" -# Uncomment the following section to enable ssl -# ssl: -# key-store: classpath:keystore/keystore.p12 -# key-store-password: thingsboard -# keyStoreType: PKCS12 -# keyAlias: tomcat + # Server SSL configuration + ssl: + # Enable/disable SSL support + enabled: "${SSL_ENABLED:false}" + # Path to the key store that holds the SSL certificate + key-store: "${SSL_KEY_STORE:classpath:keystore/keystore.p12}" + # Password used to access the key store + key-store-password: "${SSL_KEY_STORE_PASSWORD:thingsboard}" + # Type of the key store + key-store-type: "${SSL_KEY_STORE_TYPE:PKCS12}" + # Alias that identifies the key in the key store + key-alias: "${SSL_KEY_ALIAS:tomcat}" # Zookeeper connection parameters. Used for service discovery. zk: @@ -60,10 +66,10 @@ plugins: # JWT Token parameters security.jwt: - tokenExpirationTime: "${JWT_TOKEN_EXPIRATION_TIME:900}" # Number of seconds (15 mins) - refreshTokenExpTime: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:3600}" # Seconds (1 hour) - tokenIssuer: "${JWT_TOKEN_ISSUER:thingsboard.io}" - tokenSigningKey: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}" + token-expiration-time: "${JWT_TOKEN_EXPIRATION_TIME:900}" # Number of seconds (15 mins) + refresh-token-exp-time: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:3600}" # Seconds (1 hour) + token-issuer: "${JWT_TOKEN_ISSUER:thingsboard.io}" + token-signing-key: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}" # Device communication protocol parameters http: @@ -72,19 +78,25 @@ http: # MQTT server parameters mqtt: bind_address: "${MQTT_BIND_ADDRESS:0.0.0.0}" - bind_port: "${MQTT_BIND_PORT:1883}" + bind_port: "${MQTT_BIND_PORT:1884}" adaptor: "${MQTT_ADAPTOR_NAME:JsonMqttAdaptor}" timeout: "${MQTT_TIMEOUT:10000}" netty: leak_detector_level: "${NETTY_LEASK_DETECTOR_LVL:DISABLED}" boss_group_thread_count: "${NETTY_BOSS_GROUP_THREADS:1}" worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}" -# Uncomment the following lines to enable ssl for MQTT -# ssl: -# key_store: mqttserver.jks -# key_store_password: server_ks_password -# key_password: server_key_password -# key_store_type: JKS + # MQTT SSL configuration + ssl: + # Enable/disable SSL support + enabled: "${MQTT_SSL_ENABLED:false}" + # Path to the key store that holds the SSL certificate + key_store: "${MQTT_SSL_KEY_STORE:mqttserver.jks}" + # Password used to access the key store + key_store_password: "${MQTT_SSL_KEY_STORE_PASSWORD:server_ks_password}" + # Password used to access the key + key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}" + # Type of the key store + key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}" # CoAP server parameters coap: diff --git a/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java b/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java index b4fbc65507..7c435bf779 100644 --- a/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java +++ b/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java @@ -45,7 +45,6 @@ public class ServiceCacheConfiguration { @Value("${cache.device_credentials.time_to_live}") private Integer cacheDeviceCredentialsTTL; - @Value("${zk.enabled}") private boolean zkEnabled; @Value("${zk.url}") diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index d19332b8de..b3b182364c 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -18,13 +18,15 @@ version: '2' services: thingsboard: - image: "thingsboard/application:1.2.2" + image: "thingsboard/application:1.2.3-test" ports: - - "8080:8080" - - "1883:1883" + - "8443:8443" + - "1884:1883" - "5683:5683/udp" env_file: - thingsboard.env + volumes: + - "~/keystore.p12:/root/keystore.p12" entrypoint: ./run_thingsboard.sh thingsboard-db-schema: image: "thingsboard/thingsboard-db-schema:1.2.2" diff --git a/docker/thingsboard.env b/docker/thingsboard.env index 2325790cd6..5d9ca6ddf3 100644 --- a/docker/thingsboard.env +++ b/docker/thingsboard.env @@ -5,4 +5,8 @@ ZOOKEEPER_URL=zk:2181 MQTT_BIND_ADDRESS=0.0.0.0 MQTT_BIND_PORT=1883 COAP_BIND_ADDRESS=0.0.0.0 -COAP_BIND_PORT=5683 \ No newline at end of file +COAP_BIND_PORT=5683 + +SSL_ENABLED=true +SSL_KEY_STORE=/root/keystore.p12 +HTTP_BIND_PORT=8443 \ No newline at end of file diff --git a/docker/thingsboard/build_and_deploy.sh b/docker/thingsboard/build_and_deploy.sh index 7c02de571c..58d7cd65e3 100755 --- a/docker/thingsboard/build_and_deploy.sh +++ b/docker/thingsboard/build_and_deploy.sh @@ -18,9 +18,4 @@ cp ../../application/target/thingsboard.deb thingsboard.deb -docker build -t thingsboard/application:1.2.2 -t thingsboard/application:latest . - -docker login - -docker push thingsboard/application:1.2.2 -docker push thingsboard/application:latest \ No newline at end of file +docker build -t thingsboard/application:1.2.3-test . \ No newline at end of file diff --git a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java index 80e4e011fa..aed9a0c4d4 100644 --- a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java +++ b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java @@ -41,7 +41,7 @@ import java.security.cert.X509Certificate; */ @Slf4j @Component("MqttSslHandlerProvider") -@ConditionalOnProperty(prefix = "mqtt.ssl", value = "key-store", havingValue = "", matchIfMissing = false) +@ConditionalOnProperty(prefix = "mqtt.ssl", value = "enabled", havingValue = "true", matchIfMissing = false) public class MqttSslHandlerProvider { public static final String TLS = "TLS"; From 5da5a1a1347540c0a2091f4ea37353d4814aaddc Mon Sep 17 00:00:00 2001 From: Volodymyr Babak Date: Wed, 24 May 2017 15:24:48 +0300 Subject: [PATCH 2/2] removed unnecessary config options --- docker/docker-compose.yml | 2 -- docker/thingsboard.env | 6 +----- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index e5015f789f..2617133206 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -25,8 +25,6 @@ services: - "5683:5683/udp" env_file: - thingsboard.env - volumes: - - "~/keystore.p12:/root/keystore.p12" entrypoint: ./run_thingsboard.sh thingsboard-db-schema: image: "thingsboard/thingsboard-db-schema:1.2.3" diff --git a/docker/thingsboard.env b/docker/thingsboard.env index 5d9ca6ddf3..2325790cd6 100644 --- a/docker/thingsboard.env +++ b/docker/thingsboard.env @@ -5,8 +5,4 @@ ZOOKEEPER_URL=zk:2181 MQTT_BIND_ADDRESS=0.0.0.0 MQTT_BIND_PORT=1883 COAP_BIND_ADDRESS=0.0.0.0 -COAP_BIND_PORT=5683 - -SSL_ENABLED=true -SSL_KEY_STORE=/root/keystore.p12 -HTTP_BIND_PORT=8443 \ No newline at end of file +COAP_BIND_PORT=5683 \ No newline at end of file