Skip to content

Commit

Permalink
dev-environment: listen-tls
Browse files Browse the repository at this point in the history
  • Loading branch information
eguzki committed Oct 21, 2023
1 parent cff87c9 commit 9661d47
Show file tree
Hide file tree
Showing 5 changed files with 135 additions and 0 deletions.
18 changes: 18 additions & 0 deletions dev-environments/listen-tls/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec
.DEFAULT_GOAL := gateway
MKFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST)))
WORKDIR := $(patsubst %/,%,$(dir $(MKFILE_PATH)))
DOCKER ?= $(shell which docker 2> /dev/null || echo "docker")

gateway: ## run gateway configured to access upstream powered with TLS
$(DOCKER) compose -f docker-compose.yml run --service-ports gateway

clean:
$(DOCKER) compose down --volumes --remove-orphans
$(DOCKER) compose -f docker-compose.yml down --volumes --remove-orphans

certs:
$(MAKE) clean -C $(WORKDIR)/cert -f $(WORKDIR)/cert/Makefile
$(MAKE) ca -C $(WORKDIR)/cert -f $(WORKDIR)/cert/Makefile
$(MAKE) clientcerts -C $(WORKDIR)/cert -f $(WORKDIR)/cert/Makefile DOMAIN=example.com
33 changes: 33 additions & 0 deletions dev-environments/listen-tls/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Making APIcast listen on HTTPS

## Create the SSL Certificates

```sh
make certs
```

## Run the gateway

Running local `apicast-test` docker image

```sh
make gateway
```

Running custom apicast image

```sh
make gateway IMAGE_NAME=quay.io/3scale/apicast:latest
```

## Testing

```sh
curl --resolve example.com:8443:127.0.0.1 -v --cacert cert/rootCA.pem "https://example.com:8443/?user_key=123"
```

## Clean env

```sh
make clean
```
31 changes: 31 additions & 0 deletions dev-environments/listen-tls/apicast-config.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{
"services": [
{
"id": "1",
"backend_version": "1",
"proxy": {
"hosts": ["example.com"],
"api_backend": "http://one.upstream/get",
"backend": {
"endpoint": "http://127.0.0.1:8081",
"host": "backend"
},
"policy_chain": [
{
"name": "apicast.policy.apicast"
}
],
"proxy_rules": [
{
"http_method": "GET",
"pattern": "/",
"metric_system_name": "hits",
"delta": 1,
"parameters": [],
"querystring_parameters": {}
}
]
}
}
]
}
15 changes: 15 additions & 0 deletions dev-environments/listen-tls/cert/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
clean:
- rm *.crt *.key *.pem *.csr

ca:
openssl genrsa -out rootCA.key 2048
openssl req -batch -new -x509 -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

clientcerts:
openssl req -subj '/CN=$(DOMAIN)' -newkey rsa:4096 -nodes \
-sha256 \
-days 3650 \
-keyout $(DOMAIN).key \
-out $(DOMAIN).csr
chmod +r $(DOMAIN).key
openssl x509 -req -in $(DOMAIN).csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out $(DOMAIN).crt -days 500 -sha256
38 changes: 38 additions & 0 deletions dev-environments/listen-tls/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
version: '3.8'
services:
gateway:
image: ${IMAGE_NAME:-apicast-test}
depends_on:
- one.upstream
- two.upstream
environment:
APICAST_HTTPS_PORT: 8443
APICAST_HTTPS_CERTIFICATE: /var/run/secrets/apicast/example.com.crt
APICAST_HTTPS_CERTIFICATE_KEY: /var/run/secrets/apicast/example.com.key
THREESCALE_CONFIG_FILE: /tmp/config.json
THREESCALE_DEPLOYMENT_ENV: staging
APICAST_CONFIGURATION_LOADER: lazy
APICAST_WORKERS: 1
APICAST_LOG_LEVEL: debug
APICAST_CONFIGURATION_CACHE: "0"
expose:
- "8443"
- "8090"
ports:
- "8443:8443"
- "8090:8090"
volumes:
- ./apicast-config.json:/tmp/config.json
- ./cert:/var/run/secrets/apicast
one.upstream:
image: alpine/socat:1.7.4.4
container_name: one.upstream
command: "-d -v -d TCP-LISTEN:80,reuseaddr,fork TCP:two.upstream:80"
expose:
- "80"
restart: unless-stopped
two.upstream:
image: kennethreitz/httpbin
expose:
- "80"

0 comments on commit 9661d47

Please sign in to comment.