Skip to content
This repository was archived by the owner on Dec 14, 2022. It is now read-only.

Commit 8116dbc

Browse files
author
Chris Wiechmann
committed
APM-Server is now using an SSL-Endpoint
1 parent 81e3746 commit 8116dbc

File tree

9 files changed

+89
-6
lines changed

9 files changed

+89
-6
lines changed

DEVELOPMENT.MD

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,14 @@ instances:
8080
- "*.ec2.internal"
8181
- "*.compute-1.amazonaws.com"
8282
- "*.cloudapp.azure.com"
83+
- name: "apm-server"
84+
dns:
85+
- "apm-server"
86+
- "localhost"
87+
- "api-env"
88+
- "*.ec2.internal"
89+
- "*.compute-1.amazonaws.com"
90+
- "*.cloudapp.azure.com"
8391
```
8492
8593
Run elasticsearch-certutil:

apibuilder4elastic/app.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,12 @@
11
const APIBuilder = require('@axway/api-builder-runtime');
22

33
if(process.env.APM_ENABLED) {
4-
console.log(`Application performance monitoring enabled. Using APM-Server: ${process.env.APM_SERVER || 'http://apm-server:8200'}`);
4+
console.log(`Application performance monitoring enabled. Using APM-Server: ${process.env.APM_SERVER || 'https://apm-server:8200'}`);
55
require('elastic-apm-node').start({
66
serviceName: 'APIBuilder4Elastic',
7-
serverUrl: process.env.APM_SERVER || 'http://apm-server:8200'
7+
serverUrl: process.env.APM_SERVER || 'https://apm-server:8200',
8+
verifyServerCert: ("false" == process.env.APM_VALIDATE_SERVER_CERT) ? false : true,
9+
serverCaCertFile: process.env.APM_SERVER_CA || 'config/certificates/ca.crt'
810
});
911
}
1012

apm/apm-server.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,12 @@
11
apm-server:
2-
host: "localhost:8200"
2+
host: "apm-server:8200"
33
rum:
44
enabled: true
5+
ssl:
6+
enabled: true
7+
certificate: "${APM_SERVER_CRT}"
8+
key: "${APM_SERVER_KEY}"
9+
key_passphrase: "${APM_SERVER_KEY_PASSPHRASE}"
510

611
output:
712
elasticsearch:

apm/docker-compose.apm-server.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ services:
1313
- APM_USERNAME=${APM_USERNAME:-""}
1414
- APM_PASSWORD=${APM_PASSWORD:-""}
1515
- ELASTICSEARCH_CA=${ELASTICSEARCH_CA}
16+
- APM_SERVER_KEY=${APM_SERVER_KEY}
17+
- APM_SERVER_CRT=${APM_SERVER_CRT}
18+
- APM_SERVER_KEY_PASSPHRASE=${APM_SERVER_KEY_PASSPHRASE:-""}
1619
- ELASTICSEARCH_ANONYMOUS_ENABLED=${ELASTICSEARCH_ANONYMOUS_ENABLED}
1720
- ELASTICSEARCH_CLUSTER_UUID=${ELASTICSEARCH_CLUSTER_UUID}
1821
ports:

config/certificates/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
# Sample certificates for testing only
22

33
The sample certificates in this folder will be automatically made available to the Docker-Containers by a mount and are pre-configured in the .env file.
4-
:point_right: It's stringly recommended that you use your own certificates and keys as the __certificates & keys are public on GitHub__.
4+
:point_right: It's strongly recommended that you use your own certificates and keys as the __certificates & keys are public on GitHub__.
55

66
Place you own certificates and keys in this directory and adjust the .env file accordingly. It's important that you are using different filenames, as the original files will be
77
replaced with the next version.

config/certificates/apm-server.crt

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDkjCCAnqgAwIBAgIUPIozXlFhTuj4e7B7sR6uWfCDdRYwDQYJKoZIhvcNAQEL
3+
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
4+
cmF0ZWQgQ0EwHhcNMjExMjA2MTUxNzA1WhcNMjQxMjA1MTUxNzA1WjAVMRMwEQYD
5+
VQQDEwphcG0tc2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
6+
jZLBnI2d65STtMFlw3CUvleuw8VoJf5JtqwgQ5o49O/sHH84J3YxzsFJsnQAmQWD
7+
mmT8IstFNSqn+mPzw8krwAjZnJGo3chlhRPiW7Xm58ngpnTbC9H8eEGWRgPgkI3p
8+
9gUKlM2LgBAM/wmJ/XSz9tYzyOmOPVkBrD+y8JFXeLvTNlu6/XG/fswlTahDo+M4
9+
AA4cwWFSpNtc4dbwqgbO7AZMKJPyJPExkMCnTJ0ZDW6L/ZBnZlBT4G1wfN+D75AP
10+
0vtV+/2i4dfTVxqILAdvL6u0aJ7Zr8GE9GOGaC6SvL1JEVKYkQnY8znZi3+oDokK
11+
R96Y1DMFf6sUfPQkl+7u2wIDAQABo4G6MIG3MB0GA1UdDgQWBBTiz+JktSXcH4qO
12+
JveRIUnDpOq2ozAfBgNVHSMEGDAWgBTzt0vFY8RrVFAhz65+u0JCekAs1jBqBgNV
13+
HREEYzBhghQqLmNsb3VkYXBwLmF6dXJlLmNvbYIJbG9jYWxob3N0ggdhcGktZW52
14+
ggphcG0tc2VydmVygg4qLmVjMi5pbnRlcm5hbIIZKi5jb21wdXRlLTEuYW1hem9u
15+
YXdzLmNvbTAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBRx5U7XmDiap/+
16+
3MOUIVqqJ9Z28KReC7jlSzMjMdHTqzUEEkhP7reRktGw3XgRg8lTHQ2MdEpf4DVg
17+
h2xUka4PlWhvUZJL20lwiWbs+RnozN878yD2fVm/gbcM9jIAORZznPoiyKxptpcw
18+
0JHAvKIvksJm0i0FllfNwNdzngn8H8xJe3cjMhqSKjldS5JFuDZaiTj+bra1Vlz2
19+
pvhaE3g4te9HJgSzEQHPzezXJToRlNvsgPF3i303NZfQz+QSOOOIJX6xIN+QwtJj
20+
g9EhR6ic0eM7Ph9a9EM6Xw6nx0LWoYXzxwEotA2vXR1CLdsO7YVs4TNUfDcXf7eo
21+
QlWF4kBc
22+
-----END CERTIFICATE-----

config/certificates/apm-server.key

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
-----BEGIN RSA PRIVATE KEY-----
2+
MIIEowIBAAKCAQEAjZLBnI2d65STtMFlw3CUvleuw8VoJf5JtqwgQ5o49O/sHH84
3+
J3YxzsFJsnQAmQWDmmT8IstFNSqn+mPzw8krwAjZnJGo3chlhRPiW7Xm58ngpnTb
4+
C9H8eEGWRgPgkI3p9gUKlM2LgBAM/wmJ/XSz9tYzyOmOPVkBrD+y8JFXeLvTNlu6
5+
/XG/fswlTahDo+M4AA4cwWFSpNtc4dbwqgbO7AZMKJPyJPExkMCnTJ0ZDW6L/ZBn
6+
ZlBT4G1wfN+D75AP0vtV+/2i4dfTVxqILAdvL6u0aJ7Zr8GE9GOGaC6SvL1JEVKY
7+
kQnY8znZi3+oDokKR96Y1DMFf6sUfPQkl+7u2wIDAQABAoIBAAvB7zgHP63iLjPK
8+
BzkoaNIEcJk44Qg2vclHMxUqNVmL2DoaceY+sXt2uTe+3PkLm8n/LqMQUQ3nUWgN
9+
up+9KosAsShVpVNpLzU48rwKUV2/efUyqamqDAoYuFg8PjKcw2kRMuqRkrWIbIV9
10+
AoUwMG039B9wqV8WI0ag5UWH0vhN0V9NVO0ejh8WurTaNL3PoZ7GUIpm3g83FUc9
11+
k5Fb8iknR8UpQKXlj2A+u3+WNIYDZ+OFh5JOZ1Ld6gvzWYdbUBSMTSTi6rN9nRPm
12+
npnClcKlFYswoOrtre43b8uhDr12FL/L2WeleqhAkaLbpPP8Erd+psYfO4uzRwRy
13+
EF6PvmECgYEAyAuCb4SUal3TIi1zpVXPpHmWqDW1UQdzZt+RNSKj+M3PacT/1BBb
14+
piXPMmw8Lp8VI8TXo02n68Tsze89TUDfHLtKqZsr1SWMmsanQBVihKm8V9UJHe/r
15+
zTy2TWROd6+A9uwsWAWN+Vr7NMt/KsG3uYamkJ69nrIGRj0W/S2lcwMCgYEAtSxN
16+
Tx6ewXnFjBKZDAbKxk21VB1M0v2CimDieGUJOtVRdmVC6DgANzdU6ym1x6JML4K5
17+
ou9rR3F632KAyX3BIxytOeCxw6akop828Nl/+C492BhnDRo54TnJDD6XR1pL0Edm
18+
bRUHKCdN0BFPwtWtf58eykGOO5AVcrIM+mIPYUkCgYEAlKLwpNm2yR2zvgZVkjij
19+
UwtA5PUbJvzJQ1vEcd2uRjTt8yH8EF6jKl2XiVigkueC9pPQwbb2mRk19oHXY6pa
20+
3OdQv5rbQ8Flqq8GIHiDPh08I2rYHlVhOJruvaxVHVrbER1EiZZ++hMe6gh2EZfk
21+
YkZpRrWcIOkX/mJvzWh4MW8CgYAk+tr42FYtRa7F7ZHhu40uNvRZK/XfZzF7D1WK
22+
n4znvlz3XqnufmfE3X1u1r+s9Pq6A+PiVx49ofMjn5aMCigfA550HuIJ/nzCWN89
23+
ABg3zzB+aFS4fu7rgwD/h9MXFF4/MCO/BjjEwGkInE/8g+L7Fr6RKBphHALUu3Uc
24+
smFTSQKBgHPLFqLzbqfHOzv6iWP4koONTf3zVMrOoSMYtvBPDPbn3sm3oi3oPvm+
25+
uJSrbGUoNiXet6d4+xHgMlMDP7tjAyBlLCc5Fx07612ZSILPLuOsANSwgVY+YPNT
26+
HDY/li9CGvxq92bOcENZnXhKH24XClmL6pABLRDp1+CDzPWGqIlt
27+
-----END RSA PRIVATE KEY-----

docker-compose.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@ services:
8282
- LOG_LEVEL=${API_BUILDER_LOG_LEVEL}
8383
- APM_ENABLED=${APM_ENABLED}
8484
- APM_SERVER=${APM_SERVER}
85+
- APM_SERVER_CA=${APM_SERVER_CA}
8586
ports:
8687
- 8443:8443
8788
networks:

env-sample

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -507,9 +507,20 @@ ELASTIC_VERSION=7.15.2
507507

508508
# ----------------------------------------------------------------------------------------------
509509
# This is used by the API-Builder process for the APM-Server connection. It defaults to
510-
# http://apm-server:8200 if not configured, which is the service-name when using docker-compose.
510+
# https://apm-server:8200 if not configured, which is the service-name when using docker-compose.
511511
# Used-By: API-Builder4Elastic
512-
# APM_SERVER=http://my-apm-server:8200
512+
# APM_SERVER=https://my-apm-server:8200
513+
514+
# ----------------------------------------------------------------------------------------------
515+
# Parameter used by API-Builder if the APM-Server certificate should be validated.
516+
# Used-By: API-Builder4Elastic
517+
# APM_VALIDATE_SERVER_CERT=false
518+
519+
# ----------------------------------------------------------------------------------------------
520+
# Certificate authory used by API-Builder4Elastic to validate the server certificate.
521+
# Used-By: API-Builder4Elastic
522+
# Defaults to the CA used by all components.
523+
# APM_SERVER_CA=config/certificates/ca.crt
513524

514525
# ----------------------------------------------------------------------------------------------
515526
# Account used by the APM-Server for the Elasticsearch communication. For the initial setup it
@@ -557,3 +568,7 @@ ELASTICSEARCH_CRT=config/certificates/elasticsearch1.crt
557568
KIBANA_KEY=config/certificates/kibana.key
558569
KIBANA_CRT=config/certificates/kibana.crt
559570
KIBANA_KEYPASSPHRASE=
571+
572+
APM_SERVER_KEY=config/certificates/apm-server.key
573+
APM_SERVER_CRT=config/certificates/apm-server.crt
574+
APM_SERVER_KEY_PASSPHRASE=

0 commit comments

Comments
 (0)