Docker SSL support

Volodymyr Babak
1 parent 43c174cd
Showing 6 changed files with 41 additions and 29 deletions
application/src/main/resources/thingsboard.yml
dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java
docker/docker-compose.yml
docker/thingsboard.env
docker/thingsboard/build_and_deploy.sh
transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
--- a/application/src/main/resources/thingsboard.yml
View file @8c50c63
+++ b/application/src/main/resources/thingsboard.yml
View file @8c50c63
@@ -19,12 +19,18 @@ server:
   address: "${HTTP_BIND_ADDRESS:0.0.0.0}"
   # Server bind port
   port: "${HTTP_BIND_PORT:8080}"
-# Uncomment the following section to enable ssl
-#  ssl:
-#    key-store: classpath:keystore/keystore.p12
-#    key-store-password: thingsboard
-#    keyStoreType: PKCS12
-#    keyAlias: tomcat
+  # Server SSL configuration
+  ssl:
+    # Enable/disable SSL support
+    enabled: "${SSL_ENABLED:false}"
+    # Path to the key store that holds the SSL certificate
+    key-store: "${SSL_KEY_STORE:classpath:keystore/keystore.p12}"
+    # Password used to access the key store
+    key-store-password: "${SSL_KEY_STORE_PASSWORD:thingsboard}"
+    # Type of the key store
+    key-store-type: "${SSL_KEY_STORE_TYPE:PKCS12}"
+    # Alias that identifies the key in the key store
+    key-alias: "${SSL_KEY_ALIAS:tomcat}"
 
 # Zookeeper connection parameters. Used for service discovery.
 zk:
@@ -60,10 +66,10 @@ plugins:
 
 # JWT Token parameters
 security.jwt:
-  tokenExpirationTime: "${JWT_TOKEN_EXPIRATION_TIME:900}" # Number of seconds (15 mins)
-  refreshTokenExpTime: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:3600}" # Seconds (1 hour)
-  tokenIssuer: "${JWT_TOKEN_ISSUER:thingsboard.io}"
-  tokenSigningKey: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}"
+  token-expiration-time: "${JWT_TOKEN_EXPIRATION_TIME:900}" # Number of seconds (15 mins)
+  refresh-token-exp-time: "${JWT_REFRESH_TOKEN_EXPIRATION_TIME:3600}" # Seconds (1 hour)
+  token-issuer: "${JWT_TOKEN_ISSUER:thingsboard.io}"
+  token-signing-key: "${JWT_TOKEN_SIGNING_KEY:thingsboardDefaultSigningKey}"
 
 # Device communication protocol parameters
 http:
@@ -72,19 +78,25 @@ http:
 # MQTT server parameters
 mqtt:
   bind_address: "${MQTT_BIND_ADDRESS:0.0.0.0}"
-  bind_port: "${MQTT_BIND_PORT:1883}"
+  bind_port: "${MQTT_BIND_PORT:1884}"
   adaptor: "${MQTT_ADAPTOR_NAME:JsonMqttAdaptor}"
   timeout: "${MQTT_TIMEOUT:10000}"
   netty:
     leak_detector_level: "${NETTY_LEASK_DETECTOR_LVL:DISABLED}"
     boss_group_thread_count: "${NETTY_BOSS_GROUP_THREADS:1}"
     worker_group_thread_count: "${NETTY_WORKER_GROUP_THREADS:12}"
-# Uncomment the following lines to enable ssl for MQTT
-#  ssl:
-#    key_store: mqttserver.jks
-#    key_store_password: server_ks_password
-#    key_password: server_key_password
-#    key_store_type: JKS
+  # MQTT SSL configuration
+  ssl:
+    # Enable/disable SSL support
+    enabled: "${MQTT_SSL_ENABLED:false}"
+    # Path to the key store that holds the SSL certificate
+    key_store: "${MQTT_SSL_KEY_STORE:mqttserver.jks}"
+    # Password used to access the key store
+    key_store_password: "${MQTT_SSL_KEY_STORE_PASSWORD:server_ks_password}"
+    # Password used to access the key
+    key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}"
+    # Type of the key store
+    key_store_type: "${MQTT_SSL_KEY_STORE_TYPE:JKS}"
 
 # CoAP server parameters
 coap:
--- a/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java
View file @8c50c63
+++ b/dao/src/main/java/org/thingsboard/server/dao/cache/ServiceCacheConfiguration.java
View file @8c50c63
@@ -45,7 +45,6 @@ public class ServiceCacheConfiguration {
     @Value("${cache.device_credentials.time_to_live}")
     private Integer cacheDeviceCredentialsTTL;
 
-
     @Value("${zk.enabled}")
     private boolean zkEnabled;
     @Value("${zk.url}")
--- a/docker/docker-compose.yml
View file @8c50c63
+++ b/docker/docker-compose.yml
View file @8c50c63
@@ -18,13 +18,15 @@ version: '2'
 
 services:
   thingsboard:
-    image: "thingsboard/application:1.2.2"
+    image: "thingsboard/application:1.2.3-test"
     ports:
-      - "8080:8080"
-      - "1883:1883"
+      - "8443:8443"
+      - "1884:1883"
       - "5683:5683/udp"
     env_file:
       - thingsboard.env
+    volumes:
+      - "~/keystore.p12:/root/keystore.p12"
     entrypoint: ./run_thingsboard.sh
   thingsboard-db-schema:
     image: "thingsboard/thingsboard-db-schema:1.2.2"
--- a/docker/thingsboard.env
View file @8c50c63
+++ b/docker/thingsboard.env
View file @8c50c63
@@ -5,4 +5,8 @@ ZOOKEEPER_URL=zk:2181
 MQTT_BIND_ADDRESS=0.0.0.0
 MQTT_BIND_PORT=1883
 COAP_BIND_ADDRESS=0.0.0.0
-COAP_BIND_PORT=5683
\ No newline at end of file
+COAP_BIND_PORT=5683
+
+SSL_ENABLED=true
+SSL_KEY_STORE=/root/keystore.p12
+HTTP_BIND_PORT=8443
\ No newline at end of file
--- a/docker/thingsboard/build_and_deploy.sh
View file @8c50c63
+++ b/docker/thingsboard/build_and_deploy.sh
View file @8c50c63
@@ -18,9 +18,4 @@
 
 cp ../../application/target/thingsboard.deb thingsboard.deb
 
-docker build -t thingsboard/application:1.2.2 -t thingsboard/application:latest .
-
-docker login
-
-docker push thingsboard/application:1.2.2
-docker push thingsboard/application:latest
\ No newline at end of file
+docker build -t thingsboard/application:1.2.3-test .
\ No newline at end of file
--- a/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
View file @8c50c63
+++ b/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java
View file @8c50c63
@@ -41,7 +41,7 @@ import java.security.cert.X509Certificate;
  */
 @Slf4j
 @Component("MqttSslHandlerProvider")
-@ConditionalOnProperty(prefix = "mqtt.ssl", value = "key-store", havingValue = "", matchIfMissing = false)
+@ConditionalOnProperty(prefix = "mqtt.ssl", value = "enabled", havingValue = "true", matchIfMissing = false)
 public class MqttSslHandlerProvider {
 
     public static final String TLS = "TLS";