add internal tomcat and whitelistips

conf/tsi-comm-server.yml

@@ -1,12 +1,16 @@
 spring:
   profiles:
     active: dev
+  #main:
+  #  web-application-type: servlet
 
 application:
   process-id: tsi-comm-server
   cvim-server:
     server-id: 0
     check-packet: false
+    white-list-ips:
+      -
 
 logging:
   file:

pom.xml

@@ -36,16 +36,22 @@
 
     <dependencies>
 <!--        <dependency>-->
-<!--            <groupId>com.tsi</groupId>-->
-<!--            <artifactId>tsi-common</artifactId>-->
-<!--            <version>1.0</version>-->
-<!--            <scope>system</scope>-->
-<!--            <systemPath>${webapp.lib}/tsi-common.jar</systemPath>-->
+<!--            <groupId>com.fasterxml.jackson.module</groupId>-->
+<!--            <artifactId>jackson-module-kotlin</artifactId>-->
 <!--        </dependency>-->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-tomcat</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-jdbc</artifactId>
+        </dependency>
 
         <dependency>
-            <groupId>com.fasterxml.jackson.module</groupId>
-            <artifactId>jackson-module-kotlin</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
 
         <dependency>
@@ -53,11 +59,13 @@
             <artifactId>mybatis-spring-boot-starter</artifactId>
             <version>2.2.0</version>
         </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-configuration-processor</artifactId>
             <optional>true</optional>
         </dependency>
+
         <dependency>
             <groupId>org.springframework.kafka</groupId>
             <artifactId>spring-kafka</artifactId>
@@ -78,6 +86,17 @@
 <!--            <artifactId>mongo-java-driver</artifactId>-->
 <!--            <version>3.12.7</version>-->
 <!--        </dependency>-->
+        <!-- Spring Boot Actuator -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+            <version>2.4.13</version>
+        </dependency>
+        <!-- Micrometer Prometheus Registry -->
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+        </dependency>
 
         <dependency>
             <groupId>org.mariadb.jdbc</groupId>
@@ -88,7 +107,9 @@
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
             <optional>true</optional>
+            <scope>compile</scope>
         </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>

src/main/java/com/tsi/comm/server/config/TsiCvimServerConfig.java

@@ -8,6 +8,7 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
 import javax.annotation.PostConstruct;
+import java.util.*;
 
 @Slf4j
 @Getter
@@ -21,6 +22,8 @@ public class TsiCvimServerConfig extends NettyServerConfig {
     private int loggingWorkers = 0;
     private int dbmsWorkers = 0;
     private boolean checkPacket = true;
+    private List<String> whiteListIps = new ArrayList<>();
+    private Set<String> whiteListIpSet = new HashSet<>();
     private boolean startup = false;
 
     @PostConstruct
@@ -44,13 +47,28 @@ public class TsiCvimServerConfig extends NettyServerConfig {
             setReaderIdleTimeSeconds(5);
         }
 
+        this.whiteListIpSet = getWhitelistIpSet();
+
         log.info("[{}] -------------------------", this.getClass().getSimpleName());
         log.info("[{}]              serverId: {}", this.getClass().getSimpleName(), this.serverId);
         log.info("[{}]         packetWorkers: {}", this.getClass().getSimpleName(), this.packetWorkers);
         log.info("[{}]        loggingWorkers: {}", this.getClass().getSimpleName(), this.loggingWorkers);
         log.info("[{}]           dbmsWorkers: {}", this.getClass().getSimpleName(), this.dbmsWorkers);
         log.info("[{}]           checkPacket: {}", this.getClass().getSimpleName(), this.checkPacket);
+        log.info("[{}]        whiteListIpSet: {}", this.getClass().getSimpleName(), this.whiteListIpSet);
         log.info("{}", super.toString());
     }
 
+    public Set<String> getWhitelistIpSet() {
+        if (this.whiteListIps == null) {
+            return Collections.emptySet();
+        } else {
+            return new HashSet<>(this.whiteListIps);
+        }
+    }
+
+    public boolean isInWhitelistIps(String ip) {
+        return this.whiteListIpSet.contains(ip);
+    }
+
 }

src/main/java/com/tsi/comm/server/tcp/codec/CvimServerByteBufMessageDecoder.java

@@ -45,8 +45,8 @@ public class CvimServerByteBufMessageDecoder extends MessageToMessageDecoder<Byt
     @Override
     protected void decode(ChannelHandlerContext ctx, ByteBuf byteBuf, List<Object> list) {
         try {
-            long msec = TimeUtils.currentTimeSeconds();
-            long nsec = System.nanoTime();
+            final long msec = TimeUtils.currentTimeSeconds();
+            final long nsec = System.nanoTime();
 
             if (byteBuf == null) {
                 log.error("Receive: Packet frame packet error. length field data error");

src/main/java/com/tsi/comm/server/tcp/initializer/CvimServerInitializer.java

@@ -1,6 +1,7 @@
 package com.tsi.comm.server.tcp.initializer;
 
 import com.tsi.app.common.app.AppUtils;
+import com.tsi.app.common.xnet.NettyUtils;
 import com.tsi.comm.server.config.TsiCvimServerConfig;
 import com.tsi.comm.server.tcp.codec.CvimServerByteBufMessageDecoder;
 import com.tsi.comm.server.tcp.codec.CvimServerEncoder;
@@ -30,6 +31,15 @@ public class CvimServerInitializer extends ChannelInitializer<Channel> {
         if (this.config.getReaderIdleTimeSeconds() < 5) {
             this.config.setReaderIdleTimeSeconds(5);
         }
+
+        final String remoteIpAddress = NettyUtils.getRemoteIpAddress(channel);
+        if (this.config.isInWhitelistIps(remoteIpAddress)) {
+            // FOR L4, whitelist ips
+            channel.disconnect();
+            channel.close();
+            return;
+        }
+
         IdleStateHandler idleStateHandler = new IdleStateHandler(this.config.getReaderIdleTimeSeconds(), 0, 0);
         ChannelPipeline pipeline = channel.pipeline();
         pipeline.addLast("idleStateHandler", idleStateHandler);

src/main/resources/application.yml

@@ -1,4 +1,6 @@
 spring:
+  profiles:
+    active: prod
   config:
     import:
       - optional:file:${user.dir}/conf/tsi-comm-server.yml
@@ -24,6 +26,36 @@ spring:
       password: 44Klctest$$
       database: ssip
 
+management:
+  endpoints:
+    prometheus:
+      enabled: true
+    web:
+      exposure:
+        include: "*"
+    health:
+      show-details: "always"
+  security:
+    enabled: false
+
+server:
+  port: 9871
+  shutdown: graceful
+  tomcat:
+    connection-timeout: 5000         # 연결 대기 시간 5초
+    keep-alive-timeout: 0            # 응답 후 바로 연결 종료
+    max-keep-alive-requests: 1       # 한 연결당 1회 요청만 허용
+    threads:
+      max: 5        # 톰캣 최대 스레드 수 설정
+      min-spare: 2  # 초기 여유 스레드 수
+    accesslog:
+      enabled: false            # 액세스 로그 활성화 여부
+  error:
+    whitelabel:
+      enabled: true
+    include-exception: false
+    include-stacktrace: never
+
 logging:
   file:
     path: ${user.home}/logs/tsi-comm-server/
@@ -53,7 +85,8 @@ application:
     packet-workers: 0
     logging-workers: 0
     dbms-workers: 1
-
+    white-list-ips:
+      -
   kafka:
     producer:
       consumer-group-id: tsi-comm-server