From f1c1503b1c6c41160d52c8f4d0405e51c3e9e0fe Mon Sep 17 00:00:00 2001 From: amandilaras Date: Thu, 25 Apr 2024 17:59:42 +0300 Subject: [PATCH 1/4] Finalize deployment for keycloak, rabbitmq, and gotenberg --- deployment/.env | 2 +- deployment/docker-compose.override.yml | 204 ++++++++++++------------ deployment/docker-compose.yml | 60 ++++--- deployment/elk/elasticsearch/Dockerfile | 17 +- deployment/elk/kibana/Dockerfile | 13 +- deployment/keycloak/keycloak.env | 11 +- deployment/postgres/Dockerfile | 1 - deployment/postgres/opendmp_init.sql | 15 +- deployment/postgres/postgres.env | 3 +- deployment/postgres/user_init.sql | 8 +- deployment/proxy/ProxyNginx.conf | 159 +++++++++--------- deployment/rabbitmq/rabbitmq.conf | 2 + deployment/rabbitmq/rabbitmq.env | 2 +- 13 files changed, 259 insertions(+), 238 deletions(-) create mode 100644 deployment/rabbitmq/rabbitmq.conf diff --git a/deployment/.env b/deployment/.env index 9ecdb5e95..83003feae 100644 --- a/deployment/.env +++ b/deployment/.env @@ -11,7 +11,7 @@ DOCX_APP_TAG=0.0.8 JSON_APP_TAG=0.0.6 ZENODO_APP_TAG=2.0.4 POSTGRES_TAG=16-alpine -ELK_VERSION=8.13.12 +ELK_VERSION=8.13.0 KEYCLOAK_TAG=24.0.2 RABBITMQ_TAG=3.13-management GOTENBERG_TAG=8.4.0 diff --git a/deployment/docker-compose.override.yml b/deployment/docker-compose.override.yml index ea6163e6b..1662d7aa9 100644 --- a/deployment/docker-compose.override.yml +++ b/deployment/docker-compose.override.yml @@ -1,23 +1,24 @@ services: ############################## PROXY ######################################## - # opendmp.proxy: - # user: ${DEPLOY_USER}:${DEPLOY_GROUP} - # restart: unless-stopped - # cpus: 1 - # mem_limit: 256m - # ports: - # - "${PROXY_APP_PORT}:8081" - # - "${PROXY_MS_PORT}:8082" - # env_file: - # - proxy/proxy.env - # volumes: - # - proxy/nginx.conf:/etc/nginx/nginx.conf - # - proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf - # - proxy/nginx-selfsigned.crt:/certifcates/cert.crt - # - proxy/nginx-selfsigned.key:/certifcates/key.key - # - logs/proxy:/tmp/logs - # networks: - # - opendmp-proxy-network + opendmp.proxy: + user: ${DEPLOY_USER}:${DEPLOY_GROUP} + restart: unless-stopped + cpus: 1 + mem_limit: 256m + ports: + - "${PROXY_APP_PORT}:8081" + - "${PROXY_MS_PORT}:8082" + env_file: + - ./proxy/proxy.env + volumes: + # - ./proxy/template-variables:/etc/nginx/templates/10-variables.conf.template:ro + - ./proxy/nginx.conf:/etc/nginx/nginx.conf + - ./proxy/ProxyNginx.conf:/etc/nginx/conf.d/default.conf + - ./proxy/nginx-selfsigned.crt:/certifcates/cert.crt + - ./proxy/nginx-selfsigned.key:/certifcates/key.key + - ./logs/proxy:/tmp/logs + networks: + - opendmp-proxy-network ############################## OPENDMP APP ################################# # opendmp.backend: @@ -171,67 +172,73 @@ services: # - "127.0.0.1:${POSTGRES_PORT}:5432" # If you want to make it accessible locally only - "${POSTGRES_PORT}:5432" env_file: - - postgres/postgres.env + - ./postgres/postgres.env volumes: - ./storage/postgres/data:/var/lib/postgresql/data networks: - opendmp-postgres-shared-network + healthcheck: + test: ["CMD-SHELL", "sh -c 'pg_isready -U opendmp-psql -d opendmp'"] + interval: 15s + timeout: 60s + retries: 5 + ################################# ELK ################################################# -# opendmp.elasticsearch: -# user: ${DEPLOY_USER}:${DEPLOY_GROUP} -# group_add: -# - 0 -# restart: unless-stopped -# cpus: 2 -# mem_limit: 1024m -# env_file: -# - elk/config-elk/elasticsearch/elastic.env -# environment: -# - "ES_JAVA_OPTS=-Xmx512m -Xms512m" -# ulimits: -# nproc: 65535 -# memlock: -# soft: -1 -# hard: -1 -# volumes: -# - elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates -# - elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro -# - elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro -# - elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data -# - elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs -# expose: -# - "9200" -# - "9300" -# networks: -# - opendmp-elastic-network -# - opendmp-elastic-shared-network -# healthcheck: -# test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi -# interval: 30s -# timeout: 10s -# retries: 5 + # opendmp.elasticsearch: + # user: ${DEPLOY_USER}:${DEPLOY_GROUP} + # group_add: + # - 0 + # restart: unless-stopped + # cpus: 2 + # mem_limit: 1024m + # env_file: + # - elk/config-elk/elasticsearch/elastic.env + # environment: + # - ES_JAVA_OPTS=-Xmx512m -Xms512m + # ulimits: + # nproc: 65535 + # memlock: + # soft: -1 + # hard: -1 + # volumes: + # - ./elk/config-elk/elasticsearch/certificates:/usr/share/elasticsearch/config/certificates + # - ./elk/config-elk/elasticsearch/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro + # - ./elk/config-elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro + # - ./elk/data-elk/elasticsearch-data:/usr/share/elasticsearch/data + # - ./elk/data-elk/elasticsearch-log:/usr/share/elasticsearch/logs + # expose: + # - "9200" + # - "9300" + # networks: + # - opendmp-elastic-network + # - opendmp-elastic-shared-network + # healthcheck: + # test: curl --cacert /usr/share/elasticsearch/config/certificates/ca/ca.crt -s https://localhost:9200 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi + # interval: 30s + # timeout: 10s + # retries: 5 # # opendmp.logstash: # # volumes: # # - /elk/data-elk/logstash-log:/usr/share/logstash/logs -# opendmp.kibana: -# user: ${DEPLOY_USER}:${DEPLOY_GROUP} -# restart: unless-stopped -# cpus: 2 -# mem_limit: 1024m -# environment: -# - xpack.license.self_generated.type=basic -# - xpack.security.enabled=true -# volumes: -# - elk/config-elk/kibana/certificates:/usr/share/kibana/certificates -# - elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities -# - elk/config-elk/kibana/config:/usr/share/kibana/config:ro -# expose: -# - "5601" -# networks: -# - opendmp-elastic-network + # opendmp.kibana: + # user: ${DEPLOY_USER}:${DEPLOY_GROUP} + # restart: unless-stopped + # cpus: 2 + # mem_limit: 1024m + # environment: + # - xpack.license.self_generated.type=basic + # - xpack.security.enabled=true + # volumes: + # - ./elk/config-elk/kibana/certificates:/usr/share/kibana/certificates + # - ./elk/config-elk/kibana/certificates/ca:/usr/share/kibana/certificate_authorities + # - ./elk/config-elk/kibana/config:/usr/share/kibana/config:ro + # expose: + # - "5601" + # networks: + # - opendmp-elastic-network # # opendmp.filebeat: @@ -240,6 +247,7 @@ services: opendmp.keycloak: restart: unless-stopped command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log", "--import-realm"] + # command: ["start", "--log=console,file", "--log-file=/tmp/logs/keycloak.log"] cpus: 1 mem_limit: 1024M security_opt: @@ -249,10 +257,10 @@ services: environment: - JAVA_OPTS_APPEND="-Djava.net.preferIPv4Stack=true" volumes: - - logs/keycloak:/tmp/logs - - keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json - - keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro - - keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro + - ./logs/keycloak:/tmp/logs + - ./keycloak/imports/opendmp-realm.json:/opt/keycloak/data/import/opendmp-realm.json + - ./keycloak/certs/keycloak-selfsigned.crt:/tmp/keycloak-selfsigned.crt:ro + - ./keycloak/certs/keycloak-selfsigned.key:/tmp/keycloak-selfsigned.key:ro expose: - "8443" networks: @@ -261,34 +269,34 @@ services: - opendmp-keycloak-shared-network # ############################## RABBITMQ ############################################### -# opendmp.rabbitmq: -# labels: -# NAME: "rabbitmq" -# cpus: 1 -# mem_limit: 512m -# restart: unless-stopped -# expose: -# - "15672" -# - "5672" -# env_file: -# - rabbitmq/rabbitmq.env -# # volumes: -# # - /rabbitmq/rabbitmq.config:/etc/rabbitmq/rabbitmq.config:ro -# networks: -# - opendmp-proxy-network -# - opendmp-rabbitmq-shared-network + opendmp.rabbitmq: + labels: + NAME: "rabbitmq" + cpus: 1 + mem_limit: 512m + restart: unless-stopped + ports: + - "0.0.0.0:15672:15672" + - "0.0.0.0:5672:5672" + env_file: + - rabbitmq/rabbitmq.env + volumes: + - /rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro + networks: + - opendmp-proxy-network + - opendmp-rabbitmq-shared-network # ############################## GOTENBERG ############################################## -# opendmp.gotenberg: -# mem_limit: 2048m -# restart: unless-stopped -# expose: -# - "3000" -# hostname: gotenberg -# env_file: -# - gotenberg/gotenberg.env -# networks: -# - opendmp-gotenberg-shared-network + opendmp.gotenberg: + mem_limit: 2048m + restart: unless-stopped + expose: + - "3000" + hostname: gotenberg + env_file: + - gotenberg/gotenberg.env + networks: + - opendmp-gotenberg-shared-network networks: opendmp-elastic-network: diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index 0341ada59..85cb30908 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -1,8 +1,11 @@ services: ############################## PROXY ######################################## -# opendmp.proxy: -# container_name: opendmp.proxy -# image: nginx:${PROXY_TAG} + opendmp.proxy: + container_name: opendmp.proxy + image: nginx:${PROXY_TAG} + depends_on: + - opendmp.keycloak + # - opendmp.kibana # ############################## OPENDMP APP ################################# @@ -63,13 +66,15 @@ services: POSTGRES_TAG: $POSTGRES_TAG ################################# ELK ################################################# -# opendmp.elasticsearch: -# container_name: opendmp.elasticsearch -# image: elasticsearch -# build: -# context: /elk/elasticsearch/ -# args: -# ELK_VERSION: $ELK_VERSION + # opendmp.elasticsearch: + # container_name: opendmp.elasticsearch + # image: elasticsearch + # build: + # context: ./elk/elasticsearch/ + # args: + # ELK_VERSION: $ELK_VERSION + # DEPLOY_USER : $DEPLOY_USER + # DEPLOY_GROUP : $DEPLOY_GROUP # # opendmp.logstash: # # container_name: opendmp.logstash @@ -81,15 +86,17 @@ services: # # depends_on: # # - opendmp.elasticsearch -# opendmp.kibana: -# container_name: opendmp.kibana -# image: kibana -# build: -# context: /elk/kibana/ -# args: -# ELK_VERSION: $ELK_VERSION -# depends_on: -# - opendmp.elasticsearch + # opendmp.kibana: + # container_name: opendmp.kibana + # image: kibana + # build: + # context: ./elk/kibana/ + # args: + # ELK_VERSION: $ELK_VERSION + # DEPLOY_USER : $DEPLOY_USER + # DEPLOY_GROUP : $DEPLOY_GROUP + # depends_on: + # - opendmp.elasticsearch # # opendmp.filebeat: # # container_name: opendmp.filebeat @@ -105,13 +112,16 @@ services: opendmp.keycloak: container_name: opendmp.keycloak image: quay.io/keycloak/keycloak:${KEYCLOAK_TAG} + depends_on: + opendmp.postgres: + condition: service_healthy # ############################## RABBITMQ ############################################### -# opendmp.rabbitmq: -# container_name: opendmp.rabbitmq -# image: rabbitmq:${RABBITMQ_TAG} + opendmp.rabbitmq: + container_name: opendmp.rabbitmq + image: rabbitmq:${RABBITMQ_TAG} # ############################## GOTENBERG ############################################## -# opendmp.gotenberg: -# image: gotenberg/gotenberg:${GOTENBERG_TAG} -# container_name: opendmp.gotenberg + opendmp.gotenberg: + image: gotenberg/gotenberg:${GOTENBERG_TAG} + container_name: opendmp.gotenberg diff --git a/deployment/elk/elasticsearch/Dockerfile b/deployment/elk/elasticsearch/Dockerfile index 75a663384..73bfa249d 100644 --- a/deployment/elk/elasticsearch/Dockerfile +++ b/deployment/elk/elasticsearch/Dockerfile @@ -1,18 +1,23 @@ ARG ELK_VERSION ARG DEPLOY_USER - +ARG DEPLOY_GROUP # https://github.com/elastic/elasticsearch-docker FROM docker.elastic.co/elasticsearch/elasticsearch:${ELK_VERSION} +ARG DEPLOY_USER +ARG DEPLOY_GROUP +ENV DEPLOY_USER $DEPLOY_USER +ENV DEPLOY_GROUP $DEPLOY_GROUP + RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-icu && \ /usr/share/elasticsearch/bin/elasticsearch-plugin install analysis-phonetic USER root -RUN groupmod -g ${DEPLOY_USER} elasticsearch -RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_USER} elasticsearch +RUN groupmod -g ${DEPLOY_GROUP} elasticsearch +RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} elasticsearch RUN chown -R elasticsearch /usr/share/elasticsearch -RUN sed -i -e 's/--userspec=1000/--userspec=${DEPLOY_USER}/g' \ - -e 's/UID 1000/UID ${DEPLOY_USER}/' \ - -e 's/chown -R 1000/chown -R ${DEPLOY_USER}/' /usr/local/bin/docker-entrypoint.sh +RUN sed -i -e 's/--userspec=1000/--userspec=1000/g' \ + -e 's/UID 1000/UID 1000/' \ + -e 's/chown -R 1000/chown -R 1000/' /usr/local/bin/docker-entrypoint.sh RUN chown elasticsearch /usr/local/bin/docker-entrypoint.sh ENV JAVA_HOME /usr/share/elasticsearch/jdk \ No newline at end of file diff --git a/deployment/elk/kibana/Dockerfile b/deployment/elk/kibana/Dockerfile index e1148d762..38a0b95dd 100644 --- a/deployment/elk/kibana/Dockerfile +++ b/deployment/elk/kibana/Dockerfile @@ -1,14 +1,21 @@ ARG ELK_VERSION +ARG DEPLOY_USER +ARG DEPLOY_GROUP # https://github.com/elastic/kibana-docker FROM docker.elastic.co/kibana/kibana:${ELK_VERSION} +ARG DEPLOY_USER +ARG DEPLOY_GROUP +ENV DEPLOY_USER $DEPLOY_USER +ENV DEPLOY_GROUP $DEPLOY_GROUP + USER root -RUN groupmod -g 1008 kibana -RUN usermod -u 1008 -g 1008 kibana +RUN groupmod -g ${DEPLOY_GROUP} kibana +RUN usermod -u ${DEPLOY_USER} -g ${DEPLOY_GROUP} kibana RUN chown -R kibana /usr/share/kibana -USER 1008:1008 +USER ${DEPLOY_USER}:${DEPLOY_GROUP} # Add your kibana plugins setup here # Example: RUN kibana-plugin install diff --git a/deployment/keycloak/keycloak.env b/deployment/keycloak/keycloak.env index 583ff5025..b63bdb2e0 100644 --- a/deployment/keycloak/keycloak.env +++ b/deployment/keycloak/keycloak.env @@ -5,14 +5,15 @@ KC_DB_URL_HOST=opendmp.postgres KC_DB_SCHEMA=public KC_DB_URL_DATABASE=keycloak KC_DB_PORT=5432 -KC_DB_USERNAME=keycloak-admin -KC_DB_PASSWORD=admin +KC_DB_USERNAME=keycloak-psql +KC_DB_PASSWORD=keycloak-admin #Keycloak related configuration -KEYCLOAK_ADMIN=opendmp-admin +KEYCLOAK_ADMIN=keycloak-admin KEYCLOAK_ADMIN_PASSWORD=admin -KC_HOSTNAME_URL=https://localhost:8082 -KC_HOSTNAME_ADMIN_URL=https://localhost:8082 +KC_HOSTNAME_URL=https://localhost:8082/keycloak +KC_HOSTNAME_ADMIN_URL=https://localhost:8082/keycloak +KC_HTTP_RELATIVE_PATH=/keycloak KC_PROXY_HEADERS=xforwarded KC_HOSTNAME_STRICT_HTTPS=true KC_HOSTNAME_STRICT_BACKCHANNEL=true diff --git a/deployment/postgres/Dockerfile b/deployment/postgres/Dockerfile index 9798ad94a..2ca78b7f4 100644 --- a/deployment/postgres/Dockerfile +++ b/deployment/postgres/Dockerfile @@ -3,7 +3,6 @@ ARG DEPLOY_USER ARG DEPLOY_GROUP FROM postgres:${POSTGRES_TAG} COPY ./opendmp_init.sql /docker-entrypoint-initdb.d/ -COPY ./keycloak_init.sql /docker-entrypoint-initdb.d/ COPY ./user_init.sql /docker-entrypoint-initdb.d/ ENTRYPOINT ["docker-entrypoint.sh"] EXPOSE 5432 diff --git a/deployment/postgres/opendmp_init.sql b/deployment/postgres/opendmp_init.sql index 360abc878..0e2b2ad72 100644 --- a/deployment/postgres/opendmp_init.sql +++ b/deployment/postgres/opendmp_init.sql @@ -1,12 +1,3 @@ --- --- PostgreSQL database dump --- - --- Dumped from database version 16.2 --- Dumped by pg_dump version 16.2 - --- Started on 2024-04-25 13:31:48 - SET statement_timeout = 0; SET lock_timeout = 0; SET idle_in_transaction_session_timeout = 0; @@ -20,13 +11,13 @@ SET row_security = off; -- -- TOC entry 4132 (class 1262 OID 49907) --- Name: opendmp-test; Type: DATABASE; Schema: -; Owner: - +-- Name: opendmp; Type: DATABASE; Schema: -; Owner: - -- -CREATE DATABASE "opendmp-test" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8'; +CREATE DATABASE "opendmp" WITH TEMPLATE = template0 ENCODING = 'UTF8' LOCALE_PROVIDER = libc LOCALE = 'en_US.utf8'; -\connect -reuse-previous=on "dbname='opendmp-test'" +\connect -reuse-previous=on "dbname='opendmp'" SET statement_timeout = 0; SET lock_timeout = 0; diff --git a/deployment/postgres/postgres.env b/deployment/postgres/postgres.env index abc761088..4d6d638c8 100644 --- a/deployment/postgres/postgres.env +++ b/deployment/postgres/postgres.env @@ -1,4 +1,3 @@ #################### POSTGRES ######################## POSTGRES_USER=postgres -POSTGRES_PASSWORD=changeme -PGDATA=/var/lib/postgresql/data/ \ No newline at end of file +POSTGRES_PASSWORD=postgres-admin \ No newline at end of file diff --git a/deployment/postgres/user_init.sql b/deployment/postgres/user_init.sql index fc5ed4714..e3c85011d 100644 --- a/deployment/postgres/user_init.sql +++ b/deployment/postgres/user_init.sql @@ -1,4 +1,4 @@ -CREATE USER keycloak_psql WITH PASSWORD 'keycloak-admin'; -ALTER DATABASE keycloak OWNER TO keycloak_psql; -CREATE USER opendmp_psql WITH PASSWORD 'opendmp-admin'; -ALTER DATABASE "opendmp-test" OWNER TO opendmp_psql; \ No newline at end of file +CREATE USER "keycloak-psql" WITH PASSWORD 'keycloak-admin'; +CREATE DATABASE keycloak WITH OWNER "keycloak-psql"; +CREATE USER "opendmp-psql" WITH PASSWORD 'opendmp-admin'; +ALTER DATABASE "opendmp" OWNER TO "opendmp-psql"; \ No newline at end of file diff --git a/deployment/proxy/ProxyNginx.conf b/deployment/proxy/ProxyNginx.conf index c91551e24..d95f428be 100644 --- a/deployment/proxy/ProxyNginx.conf +++ b/deployment/proxy/ProxyNginx.conf @@ -6,6 +6,8 @@ server { } server { + set $app_host $APP_HOST; + set $app_port $APP_PORT; listen 8080; server_name ${APP_HOST}${APP_PORT}; location / { @@ -13,74 +15,88 @@ server { } } +# server { +# set $app_host $APP_HOST; +# set $app_port $APP_PORT; +# listen 8081 ssl; +# ssl_certificate /certifcates/cert.crt; +# ssl_certificate_key /certifcates/key.key; +# server_name ${APP_HOST}${APP_PORT}; +# proxy_pass_header Server; + +# add_header X-XSS-Protection "1; mode=block" always; +# add_header X-Content-Type-Options nosniff; +# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; +# add_header Referrer-Policy 'strict-origin' always; +# add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always; +# add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always; + +# location / { + +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; + +# # Fix the “It appears that your reverse proxy set up is broken" error. +# proxy_pass http://opendmp.frontend:8080; +# proxy_read_timeout 90; +# proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT}; +# } + +# location /api/ { + +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; + +# # Fix the “It appears that your reverse proxy set up is broken" error. +# proxy_pass http://opendmp.backend:8080; +# proxy_read_timeout 90; +# proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api; +# } + +# location /api/notification/ { + +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; + +# # Fix the “It appears that your reverse proxy set up is broken" error. +# proxy_pass http://opendmp.notification:8080; +# proxy_read_timeout 90; +# proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification; +# } + +# location /api/annotation/ { + +# proxy_set_header Host $host; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header X-Forwarded-Proto $scheme; + +# # Fix the “It appears that your reverse proxy set up is broken" error. +# proxy_pass http://opendmp.annotation:8080; +# proxy_read_timeout 90; +# proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation; +# } +# } + server { - listen 8081 ssl; - ssl_certificate /certifcates/cert.crt; - ssl_certificate_key /certifcates/key.key; - server_name ${APP_HOST}${APP_PORT}; - proxy_pass_header Server; - - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header Referrer-Policy 'strict-origin' always; - add_header Feature-Policy "usb 'none'; xr-spatial-tracking 'none'" always; - add_header Permissions-Policy "geolocation=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=()" always; - + set $ms_host $MS_HOST; + set $ms_port $MS_PORT; + listen 8080; + server_name ${MS_HOST}${MS_PORT}; location / { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass http://opendmp.frontend:8080; - proxy_read_timeout 90; - proxy_redirect http://opendmp.frontend:8080 https://${APP_HOST}${APP_PORT}; - } - - location /api/ { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass http://opendmp.backend:8080; - proxy_read_timeout 90; - proxy_redirect http://opendmp.backend:8080 https://${APP_HOST}${APP_PORT}/api; - } - - location /api/notification/ { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass http://opendmp.notification:8080; - proxy_read_timeout 90; - proxy_redirect http://opendmp.notification:8080 https://${APP_HOST}${APP_PORT}/api/notification; - } - - location /api/annotation/ { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass http://opendmp.annotation:8080; - proxy_read_timeout 90; - proxy_redirect http://opendmp.annotation:8080 https://${APP_HOST}${APP_PORT}/api/annotation; - } + return 301 https://$host$request_uri; + } } server { + set $ms_host $MS_HOST; + set $ms_port $MS_PORT; listen 8082 ssl; ssl_certificate /certifcates/cert.crt; ssl_certificate_key /certifcates/key.key; @@ -111,23 +127,6 @@ server { proxy_redirect http://opendmp.keycloak:8443 https://${MS_HOST}${MS_PORT}/keycloak; } - location /rabbitmq/ { - - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - - # Fix the “It appears that your reverse proxy set up is broken" error. - proxy_pass https://opendmp.rabbitmq:15672; - proxy_read_timeout 90; - - proxy_redirect http://opendmp.rabbitmq:15672 https://${MS_HOST}${MS_PORT}/rabbitmq; - } - location /elastic/ { proxy_set_header Host $host; diff --git a/deployment/rabbitmq/rabbitmq.conf b/deployment/rabbitmq/rabbitmq.conf new file mode 100644 index 000000000..0f307857c --- /dev/null +++ b/deployment/rabbitmq/rabbitmq.conf @@ -0,0 +1,2 @@ +deprecated_features.permit.management_metrics_collection = false +proxy_protocol = true \ No newline at end of file diff --git a/deployment/rabbitmq/rabbitmq.env b/deployment/rabbitmq/rabbitmq.env index dd5d91e94..a2c76acca 100644 --- a/deployment/rabbitmq/rabbitmq.env +++ b/deployment/rabbitmq/rabbitmq.env @@ -1,3 +1,3 @@ RABBITMQ_DEFAULT_USER=guest RABBITMQ_DEFAULT_PASS=guest -RABBITMQ_DEFAULT_VHOST=/rabbitmq/ \ No newline at end of file +RABBITMQ_DEFAULT_VHOST=/ \ No newline at end of file From de03e4776bcf1aa8f62c18bc938a7fba896b21a8 Mon Sep 17 00:00:00 2001 From: Diamantis Tziotzios Date: Fri, 26 Apr 2024 10:17:57 +0300 Subject: [PATCH 2/4] single autocomplete fix --- .../multiple-auto-complete.component.ts | 1 - .../single/single-auto-complete.component.html | 4 ++-- .../single/single-auto-complete.component.ts | 18 ++++++++++-------- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/dmp-frontend/src/app/library/auto-complete/multiple/multiple-auto-complete.component.ts b/dmp-frontend/src/app/library/auto-complete/multiple/multiple-auto-complete.component.ts index a47d338c0..8974c1ba8 100644 --- a/dmp-frontend/src/app/library/auto-complete/multiple/multiple-auto-complete.component.ts +++ b/dmp-frontend/src/app/library/auto-complete/multiple/multiple-auto-complete.component.ts @@ -307,7 +307,6 @@ export class MultipleAutoCompleteComponent extends _CustomComponentMixinBase imp startWith(null), debounceTime(this.requestDelay), distinctUntilChanged(), - distinctUntilChanged(), mergeMap(query => this.filter(query)), catchError(error => { this._items = null; diff --git a/dmp-frontend/src/app/library/auto-complete/single/single-auto-complete.component.html b/dmp-frontend/src/app/library/auto-complete/single/single-auto-complete.component.html index 40f4f6ace..9f231ecb1 100644 --- a/dmp-frontend/src/app/library/auto-complete/single/single-auto-complete.component.html +++ b/dmp-frontend/src/app/library/auto-complete/single/single-auto-complete.component.html @@ -37,7 +37,7 @@ - No results found! + No results found! @@ -45,4 +45,4 @@ - + \ No newline at end of file diff --git a/dmp-frontend/src/app/library/auto-complete/single/single-auto-complete.component.ts b/dmp-frontend/src/app/library/auto-complete/single/single-auto-complete.component.ts index 101bfaf98..8a34d8dd0 100644 --- a/dmp-frontend/src/app/library/auto-complete/single/single-auto-complete.component.ts +++ b/dmp-frontend/src/app/library/auto-complete/single/single-auto-complete.component.ts @@ -8,8 +8,8 @@ import { MatFormFieldControl } from '@angular/material/form-field'; import { AutoCompleteGroup } from '@app/library/auto-complete/auto-complete-group'; import { SingleAutoCompleteConfiguration } from '@app/library/auto-complete/single/single-auto-complete-configuration'; import { BaseComponent } from '@common/base/base.component'; -import { Observable, Subject, of as observableOf } from 'rxjs'; -import { debounceTime, distinctUntilChanged, map, startWith, switchMap, takeUntil, tap } from 'rxjs/operators'; +import { Observable, Subject, of as observableOf, of } from 'rxjs'; +import { catchError, debounceTime, distinctUntilChanged, map, mergeMap, startWith, switchMap, takeUntil, tap } from 'rxjs/operators'; export class CustomComponentBase extends BaseComponent { @@ -64,8 +64,6 @@ export class SingleAutoCompleteComponent extends _CustomComponentMixinBase imple _groupedItems: Observable; _selectedItems: Map = new Map(); - queryValue: string = ""; - get empty() { return (this.value == null) && (!this.inputValue || this.inputValue.length === 0); } get shouldLabelFloat() { return this.focused || !this.empty; } @@ -220,7 +218,7 @@ export class SingleAutoCompleteComponent extends _CustomComponentMixinBase imple // prevent filtering results if arrow were pressed if (event.keyCode !== ENTER && (event.keyCode < 37 || event.keyCode > 40)) { if (this.inputValue.length === 0 && this.value != null) { - this.optionSelectedInternal(null); + this._onInputFocus(); } this._inputSubject.next(this.inputValue); } @@ -237,9 +235,13 @@ export class SingleAutoCompleteComponent extends _CustomComponentMixinBase imple startWith(null), debounceTime(this.requestDelay), distinctUntilChanged(), - tap(query => this.queryValue = query), - switchMap(query => this.filter(query))); - + mergeMap(query => this.filter(query)), + catchError(error => { + this._items = null; + console.error(error); + return of(null) + }) + ); if (this.configuration.groupingFn) { this._groupedItems = this._items.pipe(map(items => this.configuration.groupingFn(items))); } } } From db80cb1c3422eea33939b83a38806de4da3ebad6 Mon Sep 17 00:00:00 2001 From: Thomas Georgios Giannos Date: Fri, 26 Apr 2024 11:04:17 +0300 Subject: [PATCH 3/4] Fixes and preparing for field types and prefilling docs --- .../documentation/administration/blueprints/field-types.md | 7 ++++++- docs/docs/documentation/administration/blueprints/index.md | 2 +- .../administration/blueprints/prefilling-configurations.md | 1 + .../documentation/administration/blueprints/semantics.md | 7 ++++++- .../documentation/administration/commons/_category_.json | 1 + .../administration/commons/_markdown-field-types.md | 1 + .../administration/commons/_markdown-semantics.md | 1 + docs/docs/documentation/administration/index.md | 4 ++-- docs/docs/documentation/administration/introduction.md | 5 ++++- .../administration/templates/conditional-questions.md | 1 + .../documentation/administration/templates/field-types.md | 7 ++++++- .../documentation/administration/templates/semantics.md | 7 ++++++- .../documentation/administration/tenant-configuration.md | 6 ++++++ 13 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 docs/docs/documentation/administration/commons/_category_.json create mode 100644 docs/docs/documentation/administration/commons/_markdown-field-types.md create mode 100644 docs/docs/documentation/administration/commons/_markdown-semantics.md create mode 100644 docs/docs/documentation/administration/tenant-configuration.md diff --git a/docs/docs/documentation/administration/blueprints/field-types.md b/docs/docs/documentation/administration/blueprints/field-types.md index 2d0a1dc7d..4424c7fa9 100644 --- a/docs/docs/documentation/administration/blueprints/field-types.md +++ b/docs/docs/documentation/administration/blueprints/field-types.md @@ -1,5 +1,10 @@ --- sidebar_position: 1 +description: View details about the field types --- -# Field Types \ No newline at end of file +# Field Types + +import FieldTypes from '../commons/_markdown-field-types.md'; + + \ No newline at end of file diff --git a/docs/docs/documentation/administration/blueprints/index.md b/docs/docs/documentation/administration/blueprints/index.md index f25bd3a8c..fcab26347 100644 --- a/docs/docs/documentation/administration/blueprints/index.md +++ b/docs/docs/documentation/administration/blueprints/index.md @@ -90,7 +90,7 @@ Every section must have a `System` field of the following types: `Title`, `Descr ::: -### Desctiption Templates form +### Description Templates form Each section can have one or more **description templates** attached to it. When you 'attach' a [description template](/docs/documentation/administration/templates/) to a blueprint, every [plan](/docs/category/plans) that inherits from that blueprint must have a [description](/docs/category/descriptions) that inherits from that template. More details will follow. You can add a description template by clicking on the `Add Description Template` button. For every template you add, a new form part appears where you can specify everything about the template attachment. You can also delete one template clicking on the `delete` icon on the right end of its form. diff --git a/docs/docs/documentation/administration/blueprints/prefilling-configurations.md b/docs/docs/documentation/administration/blueprints/prefilling-configurations.md index ce0a19688..63df7bc13 100644 --- a/docs/docs/documentation/administration/blueprints/prefilling-configurations.md +++ b/docs/docs/documentation/administration/blueprints/prefilling-configurations.md @@ -1,5 +1,6 @@ --- sidebar_position: 3 +description: View details about the prefilling sources --- # Prefilling Configurations \ No newline at end of file diff --git a/docs/docs/documentation/administration/blueprints/semantics.md b/docs/docs/documentation/administration/blueprints/semantics.md index 0225bae16..d0322e3bb 100644 --- a/docs/docs/documentation/administration/blueprints/semantics.md +++ b/docs/docs/documentation/administration/blueprints/semantics.md @@ -1,5 +1,10 @@ --- sidebar_position: 2 +description: View details about the semantics --- -# Semantics \ No newline at end of file +# Semantics + +import Semantics from '../commons/_markdown-semantics.md'; + + \ No newline at end of file diff --git a/docs/docs/documentation/administration/commons/_category_.json b/docs/docs/documentation/administration/commons/_category_.json new file mode 100644 index 000000000..9e26dfeeb --- /dev/null +++ b/docs/docs/documentation/administration/commons/_category_.json @@ -0,0 +1 @@ +{} \ No newline at end of file diff --git a/docs/docs/documentation/administration/commons/_markdown-field-types.md b/docs/docs/documentation/administration/commons/_markdown-field-types.md new file mode 100644 index 000000000..8647d59b7 --- /dev/null +++ b/docs/docs/documentation/administration/commons/_markdown-field-types.md @@ -0,0 +1 @@ +TODO: Add info about field types \ No newline at end of file diff --git a/docs/docs/documentation/administration/commons/_markdown-semantics.md b/docs/docs/documentation/administration/commons/_markdown-semantics.md new file mode 100644 index 000000000..0b0a9e858 --- /dev/null +++ b/docs/docs/documentation/administration/commons/_markdown-semantics.md @@ -0,0 +1 @@ +TODO: Add info about semantics \ No newline at end of file diff --git a/docs/docs/documentation/administration/index.md b/docs/docs/documentation/administration/index.md index 201b509b7..75bef9f87 100644 --- a/docs/docs/documentation/administration/index.md +++ b/docs/docs/documentation/administration/index.md @@ -1,8 +1,8 @@ # Administration -There are a lot of tools developed that can help administrators better manage a lot of aspects of the application or get a better idea about the usage of the platform. +There are a lot of views developed that can help administrators better manage and configure a lot of aspects of the application or get a better idea about the usage of the platform. -These tools will be described in this section. +These views will be described in this section. import DocCardList from '@theme/DocCardList'; diff --git a/docs/docs/documentation/administration/introduction.md b/docs/docs/documentation/administration/introduction.md index 42500b30c..4a82c2ee2 100644 --- a/docs/docs/documentation/administration/introduction.md +++ b/docs/docs/documentation/administration/introduction.md @@ -10,4 +10,7 @@ There are a lot of views in the application available only for users that are gi - **Users**: Being able to control the users of the platform. - **Tenants**: Being able to control the tenants of the platform. Think of tenants as different organisations that can use the application independently at the same time without the need of different deployments. - **Notification Templates**: Being able to modify the structure of notifications sent to users based on different events. -- **Languages**: Being able to add support for more languages or modify existing ones. \ No newline at end of file +- **Languages**: Being able to add support for more languages or modify existing ones. +- **Reference Types**: Being able to configure static or external data sources that are made available as autocomplete fields on the forms of the platform. +- **Plan Blueprints**: Being able to control the blueprints available for [plans](/docs/category/plans). +- **Description Templates**: Being able to control the templates available for [descriptions](/docs/category/descriptions) \ No newline at end of file diff --git a/docs/docs/documentation/administration/templates/conditional-questions.md b/docs/docs/documentation/administration/templates/conditional-questions.md index b5c231dbe..7bc1e6c44 100644 --- a/docs/docs/documentation/administration/templates/conditional-questions.md +++ b/docs/docs/documentation/administration/templates/conditional-questions.md @@ -1,5 +1,6 @@ --- sidebar_position: 2 +description: View details about the conditional questions --- # Conditional Questions \ No newline at end of file diff --git a/docs/docs/documentation/administration/templates/field-types.md b/docs/docs/documentation/administration/templates/field-types.md index 2d0a1dc7d..4424c7fa9 100644 --- a/docs/docs/documentation/administration/templates/field-types.md +++ b/docs/docs/documentation/administration/templates/field-types.md @@ -1,5 +1,10 @@ --- sidebar_position: 1 +description: View details about the field types --- -# Field Types \ No newline at end of file +# Field Types + +import FieldTypes from '../commons/_markdown-field-types.md'; + + \ No newline at end of file diff --git a/docs/docs/documentation/administration/templates/semantics.md b/docs/docs/documentation/administration/templates/semantics.md index 56598644b..9517637ba 100644 --- a/docs/docs/documentation/administration/templates/semantics.md +++ b/docs/docs/documentation/administration/templates/semantics.md @@ -1,5 +1,10 @@ --- sidebar_position: 3 +description: View details about the semantics --- -# Semantics \ No newline at end of file +# Semantics + +import Semantics from '../commons/_markdown-semantics.md'; + + \ No newline at end of file diff --git a/docs/docs/documentation/administration/tenant-configuration.md b/docs/docs/documentation/administration/tenant-configuration.md new file mode 100644 index 000000000..10e0d03ee --- /dev/null +++ b/docs/docs/documentation/administration/tenant-configuration.md @@ -0,0 +1,6 @@ +--- +sidebar_position: 11 +description: Configure the tenant you are logged in with +--- + +# Tenant configuration \ No newline at end of file From d30613b0615e8b86b876fbbbc46b34d04bbc1ca4 Mon Sep 17 00:00:00 2001 From: amentis Date: Fri, 26 Apr 2024 12:14:46 +0300 Subject: [PATCH 4/4] reference type routing fix --- .../reference-type/reference-type.routing.ts | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/dmp-frontend/src/app/ui/admin/reference-type/reference-type.routing.ts b/dmp-frontend/src/app/ui/admin/reference-type/reference-type.routing.ts index 40aebbf05..c467a3596 100644 --- a/dmp-frontend/src/app/ui/admin/reference-type/reference-type.routing.ts +++ b/dmp-frontend/src/app/ui/admin/reference-type/reference-type.routing.ts @@ -11,25 +11,26 @@ import { ReferenceTypeEditorResolver } from './editor/reference-type-editor.reso const routes: Routes = [ - { + { path: '', component: ReferenceTypeListingComponent, canActivate: [AuthGuard] }, { - path: 'new', - component: ReferenceTypeEditorComponent, - canActivate: [AdminAuthGuard], - data: { - authContext: { - permissions: [AppPermission.EditReferenceType] - }, - ...BreadcrumbService.generateRouteDataConfiguration({ - title: 'BREADCRUMBS.NEW-REFERENCE-TYPE' - }) - } - }, - { + path: 'new', + component: ReferenceTypeEditorComponent, + canActivate: [AuthGuard], + canDeactivate: [PendingChangesGuard], + data: { + authContext: { + permissions: [AppPermission.EditReferenceType] + }, + ...BreadcrumbService.generateRouteDataConfiguration({ + title: 'BREADCRUMBS.NEW-REFERENCE-TYPE' + }) + } + }, + { path: ':id', canActivate: [AuthGuard], component: ReferenceTypeEditorComponent, @@ -47,7 +48,7 @@ const routes: Routes = [ } }, - { path: '**', loadChildren: () => import('@common/modules/page-not-found/page-not-found.module').then(m => m.PageNotFoundModule) }, + { path: '**', loadChildren: () => import('@common/modules/page-not-found/page-not-found.module').then(m => m.PageNotFoundModule) }, ]; @NgModule({