LoginSignup
0
0

More than 5 years have passed since last update.

@tsujimitsu(Toshimitsu Tsuji)

plantuml-server を HTTPS + Basic認証で使う方法

Last updated at Posted at 2019-01-27

plantuml docker/nginx SSL

  • plantuml-server を docker で起動する
  • nginx + SSL で HTTPS 通信にする
    • 本手順では証明書は適当に作っているので、ちゃんと使いたい人はちゃんとしたのを入れる
  • nginx + Basic 認証の設定を入れる
  • nginx の ORIGIN は bitbucket にしていますが、適宜変える

Install docker to Amazon AMI

  • Amazon Linux 2 AMI (HVM), SSD Volume Type 
    • t2.micro
    • port 18080, 22(close after setup)
    • Elastic IPは振った方がいいでしょう
ssh -i XXX.pem -l ec2-user <IP Address>

sudo yum update -y
sudo yum install -y docker
sudo service docker start
sudo systemctl enable docker
sudo usermod -a -G docker ec2-user

Create docker image

mkdir plantuml-server
cd plantuml-server

mkdir -p etc/nginx
mkdir key

touch Dockerfile
touch etc/nginx/plantuml.conf

Dockerfile

FROM nginx
MAINTAINER tsujimitsu <tsujimitsu@gmail.com>

# set nginx config
COPY etc/nginx/* /etc/nginx/conf.d/
COPY key/* /etc/nginx/

plantuml.conf

upstream plantuml-server {
    least_conn;
    server plantuml-server:8080 weight=5 max_fails=3 fail_timeout=30s;
}

server {
    listen      8080 ssl;

    ssl_certificate /etc/nginx/server.crt;
    ssl_certificate_key /etc/nginx/server.key;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;

        add_header Access-Control-Allow-Origin https://bitbucket.org always;
        add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
        add_header Access-Control-Allow-Headers "Authorization,Content-Type,Origin,Accept,X-Requested-With" always;
        add_header Access-Control-Allow-Credentials "true" always;

        if ($request_method = OPTIONS ) {
            add_header Content-Length 0;
            add_header Content-Type "text/html charset=UTF-8";
            return 204;
        }

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host      $http_host;
        proxy_pass                 http://plantuml-server;

    }
}

Create SSL certification

cd key
openssl genrsa 2048 > server.key
openssl req -new -key server.key > server.csr
  JP
openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt

Create .htpasswd

cd key
printf "foo:$(openssl passwd -crypt bar)\n" >> .htpasswd

Run plantuml-server

cd ..
docker build -t tsujimitsu/nginx .

docker run --restart=always --name plantuml-server -p 8080 -d plantuml/plantuml-server:jetty
docker run --restart=always --name nginx --link plantuml-server:plantuml-server -p 18080:8080 -d tsujimitsu/nginx

Create Basic Auth token

echo -n "foo:bar" | openssl base64

plantuml-server URL

https://<IP Address>:<Port>/img/

or

https://<IP Address>:<Port>/plantuml/img/

Reference

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0