update dhp function based on risk-involved bank account scenario

1. nhp agent exposes http service to support external access.
2. nhp agent supports to register trusted applicatiiotn and exposes functions with http endpoint.
3. support remote attestation of hygon CSV
4. NHP server as light-weight storage supports to download and upload file
5. dhp quick start

Co-authored-by: wenhulove333@163.com <Zhang Wenhu>

Author: wenhulove333

Makefile

@@ -84,7 +84,8 @@ agentd:
 	@echo "$(COLOUR_BLUE)[OpenNHP] Building nhp-agent... $(END_COLOUR)"
 	cd endpoints && \
 	go build -trimpath -ldflags ${LD_FLAGS} -v -o ../release/nhp-agent/nhp-agentd ./agent/main/main.go && \
-	cp ./agent/main/etc/*.toml ../release/nhp-agent/etc/
+	cp ./agent/main/etc/*.toml ../release/nhp-agent/etc/ && \
+	cp -rf ./agent/main/etc/certs ../release/nhp-agent/etc/
 
 acd:
 	@echo "$(COLOUR_BLUE)[OpenNHP] Building nhp-ac... $(END_COLOUR)"

docker/Dockerfile.ac

@@ -4,12 +4,12 @@ WORKDIR /nhp-server
 COPY . .
 
 RUN echo "Building for architecture: ${TARGETARCH}"
-## 
+##
 ENV GOPROXY=https://goproxy.cn,direct
 
 RUN cd /nhp-server &&  make init acd test
 
-FROM ubuntu:20.04  AS runtime
+FROM ubuntu:22.04  AS runtime
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && \
     apt-get install -y  wget \
@@ -21,7 +21,7 @@ RUN apt-get update && \
     git \
     curl \
     telnet \
-    && rm -rf /var/lib/apt/lists/* 
+    && rm -rf /var/lib/apt/lists/*
 
 # Traefik version
 ARG TRAEFIK_VERSION=v2.10.4
@@ -35,8 +35,8 @@ RUN tar -zxvf traefik.tar.gz && \
     mv traefik /opt/traefik/ && \
     chmod +x /opt/traefik/traefik && \
     rm -rf /tmp/*
-    
-COPY --from=builder /nhp-server/release/nhp-ac /nhp-ac 
+
+COPY --from=builder /nhp-server/release/nhp-ac /nhp-ac
 COPY --from=builder /nhp-server/docker/iptables_defaults_ubuntu.sh /iptables_defaults_ubuntu.sh
 COPY --from=builder /nhp-server/docker/iptables_defaults_x86.sh /iptables_defaults_x86.sh
 RUN if [ "$(uname -m)" = "x86_64" ]; then \

docker/Dockerfile.agent

@@ -5,7 +5,7 @@ WORKDIR /workdir
 COPY . .
 
 RUN echo "Building for architecture: ${TARGETARCH}"
-## 
+##
 ENV GOPROXY=https://goproxy.cn,direct
 
 RUN cd /workdir && cat Makefile && make init agentd test
@@ -23,7 +23,7 @@ RUN apt-get update && \
     curl \
     inetutils-ping \
     telnet \
-    && rm -rf /var/lib/apt/lists/* 
+    && rm -rf /var/lib/apt/lists/*
 RUN groupadd -r nginx && \
     useradd -r -g nginx -s /bin/bash -d /home/nginx -m nginx
 

docker/Dockerfile.app

@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM ubuntu:20.04 AS builder
+FROM --platform=$BUILDPLATFORM ubuntu:22.04 AS builder
 
 # Get target platform architecture
 ARG TARGETARCH
@@ -57,13 +57,13 @@ WORKDIR /app
 
 # Copy the source code
 COPY ./web-app .
-## 
+##
 ENV GOPROXY=https://goproxy.cn,direct
 # Build the application
 RUN CGO_ENABLED=0 GOOS=linux go mod tidy && go build -o app
 
 # Stage 2: Create a minimal runtime image
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
     build-essential \

docker/Dockerfile.base

@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM ubuntu:20.04 AS builder
+FROM --platform=$BUILDPLATFORM ubuntu:22.04 AS builder
 
 # Get target platform architecture
 ARG TARGETARCH
@@ -15,6 +15,7 @@ RUN apt-get update && \
     tcpdump \
     ipset \
     git \
+    vim \
     && rm -rf /var/lib/apt/lists/*
 
 # Set Go version

docker/Dockerfile.db

@@ -0,0 +1,24 @@
+FROM opennhp-base:latest  AS builder
+
+WORKDIR /workdir
+
+COPY . .
+
+RUN echo "Building for architecture: ${TARGETARCH}"
+##
+ENV GOPROXY=https://goproxy.cn,direct
+
+RUN cd /workdir && cat Makefile && make init db test
+
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+    apt-get install -y  wget \
+    ca-certificates \
+    tcpdump \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN mv /workdir/release/nhp-db /nhp-db
+USER root
+
+CMD ["tail", "-f", "/dev/null"]

docker/Dockerfile.server

@@ -5,12 +5,12 @@ WORKDIR /nhp-server
 COPY . .
 
 RUN echo "Building for architecture: ${TARGETARCH}"
-## 
+##
 ENV GOPROXY=https://goproxy.cn,direct
 
 RUN cd /nhp-server &&  make init serverd plugins test
 
-FROM ubuntu:20.04  AS runtime
+FROM ubuntu:22.04  AS runtime
 
 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && \
@@ -23,9 +23,10 @@ RUN apt-get update && \
     git \
     curl \
     telnet \
-    && rm -rf /var/lib/apt/lists/* 
+    vim \
+    && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /nhp-server/release/nhp-server /nhp-server 
+COPY --from=builder /nhp-server/release/nhp-server /nhp-server
 
 ENTRYPOINT ["/bin/sh", "-c"]
 CMD ["nginx & /nhp-server/nhp-serverd run"]

docker/docker-compose.dhp.yaml

@@ -0,0 +1,65 @@
+networks:
+  network_default:
+    ipam:
+      driver: default
+      config:
+        - subnet: '177.7.0.0/16'
+
+volumes:
+  postgres_data:
+
+services:
+  nhp-server:
+    image: opennhp-server
+    build:
+      context: ..
+      dockerfile: ./docker/Dockerfile.server
+    container_name: nhp-server
+    restart: always
+    networks:
+      network_default:
+        ipv4_address: 177.7.0.9
+    volumes:
+      - ./nhp-server/etc/:/nhp-server/etc/:rw
+      - ./nhp-server/logs/:/nhp-server/logs/:rw
+      - ./nhp-server/templates/:/nhp-server/templates/:rw
+      - ./nhp-server/plugins/example/etc/:/nhp-server/plugins/example/etc/:rw
+
+  nhp-db:
+    image: opennhp-db
+    container_name: nhp-db
+    build:
+      context: ..
+      dockerfile: ./docker/Dockerfile.db
+    volumes:
+      - ./nhp-db/etc/:/nhp-db/etc/
+      - ./nhp-db/logs/:/nhp-db/logs/
+      - ./nhp-db/demo/:/nhp-db/demo/
+    restart: always
+    cap_add:
+      - NET_ADMIN
+    depends_on:
+      - nhp-server
+    networks:
+      network_default:
+        ipv4_address: 177.7.0.12
+
+  nhp-agent:
+    image: opennhp-agent:latest
+    build:
+      context: ..
+      dockerfile: ./docker/Dockerfile.agent
+    container_name: nhp-agent
+    restart: always
+    #command: []
+    ports:
+      - "8443:443"
+    networks:
+      network_default:
+        ipv4_address: 177.7.0.8
+    depends_on:
+      - nhp-server
+      - nhp-db
+    volumes:
+      - ./nhp-agent/etc:/nhp-agent/etc:rw
+      - ./nhp-agent/logs:/nhp-agent/logs:rw

docker/nhp-ac/etc/config.toml

@@ -12,7 +12,6 @@ DefaultCipherScheme = 0
 UserId = "agent-0"
 OrganizationId = "opennhp.cn"
 LogLevel = 4
-DHPExeCMD = "..\\nhp-de\\nhp-de.exe"
 # UserData: a customized user entry for flexibility.
 # Its key-value pairs will be send to server along with knock message.
 [UserData]

docker/nhp-agent/etc/certs/server.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKzCCAhMCFCl+W8SPu1590nfwXgANK1STySQ0MA0GCSqGSIb3DQEBCwUAMFIx
+CzAJBgNVBAYTAkNOMRMwEQYDVQQIDApaaGFuZ0ppYW5nMQswCQYDVQQHDAJIWjEL
+MAkGA1UECgwCWFMxFDASBgNVBAMMC3Rlc3RAeHMuY29tMB4XDTI1MDcxNTA4MDEx
+NVoXDTI2MDcxNTA4MDExNVowUjELMAkGA1UEBhMCQ04xEzARBgNVBAgMClpoYW5n
+SmlhbmcxCzAJBgNVBAcMAkhaMQswCQYDVQQKDAJYUzEUMBIGA1UEAwwLdGVzdEB4
+cy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4O/9vxs1dGFKJ
+L+IjwrRIOJDHuoEzTtJQ7fsyAoow9siv+qvIXDJ42+ReJiehDcvtpPosyyScD6rx
+ihWH2I+9su29iz7qyE2aeEwDWOkrNcMGfInhCDmT9BvfveKIgh2CJeh5MwJ5zqnL
+QAs8t+2OHlBwxCfTzPe4CGsGX0Ry0324ysqkybHVG3k7BCEpk4oebvbWw1Wemq5d
+1yHFbwJFcAuPSaM/Jqi1QO1breQu7azFBHq3PexReKxeshgOqrYR3vFE2XpYLR5/
+d45S5eK5Vk1fT0F/UoFCM9P8HrOhir1Di0pKNbhp1etTz3wHsWBo62wliP+2D/Cy
+7ux3TC3pAgMBAAEwDQYJKoZIhvcNAQELBQADggEBALWM3eqlFuQzkzF1NIwnCxQ0
+RZmXhTtsDnqCwgdTzUT7NyXMiLcDQTQusJAi87L+yc5DMaRqPcr+gCHes8YJQ9Cc
+FtqAi15TUiyIdKqt82A6vS5Mr5yHcI3EO4WtAArTj9UUdX4X5unig9KHLb1AyQFk
+PJoalnmWy+vnxMBhGemo8ousLZrDOWpPRylW/wnafjvGMxNAF03b32MvtggKKT9m
+S0XgmHi7eo/FGYCwKSrgsfAWfitZ/izv4KVw9T4g8m7rSoleTo/0lWKbt1K2U2YR
+FoeYltvDOVfgmf1MPlGvyn5llwW4Z1PyR3/mReELJEh79O01KwLc+nJ1oAsbJ8g=
+-----END CERTIFICATE-----